summaryrefslogtreecommitdiff
path: root/lib/url.c
Commit message (Collapse)AuthorAgeFilesLines
* cleanup: fix typos and wording in docs and commentsPedro Monreal2020-02-021-1/+1
| | | | | Closes #4869 Reviewed-by: Emil Engler and Daniel Gustafsson
* ntlm: Move the winbind data into the NTLM data structureSteve Holme2020-02-021-1/+2
| | | | | To assist with adding winbind support to the SASL NTLM authentication, move the winbind specific data out of conndata into ntlmdata.
* multi_done: if multiplexed, make conn->data point to another transferDaniel Stenberg2020-01-281-0/+2
| | | | | | | | | | ... since the current transfer is being killed. Setting to NULL is wrong, leaving it pointing to 'data' is wrong since that handle might be about to get freed. Fixes #4845 Closes #4858 Reported-by: dmitrmax on github
* conn: do not reuse connection if SOCKS proxy credentials differPeter Piekarski2020-01-241-2/+31
| | | | Closes #4835
* http: move "oauth_bearer" from connectdata to Curl_easynao2020-01-211-9/+0
| | | | | | | Fixes the bug where oauth_bearer gets deallocated when we re-use a connection. Closes #4824
* ConnectionExists: respect the max_concurrent_streams limitsDaniel Stenberg2020-01-131-3/+10
| | | | | | | | | | | | | | | A regression made the code use 'multiplexed' as a boolean instead of the counter it is intended to be. This made curl try to "over-populate" connections with new streams. This regression came with 41fcdf71a1, shipped in curl 7.65.0. Also, respect the CURLMOPT_MAX_CONCURRENT_STREAMS value in the same check. Reported-by: Kunal Ekawde Fixes #4779 Closes #4784
* wolfSSH: new SSH backendDaniel Stenberg2020-01-121-2/+2
| | | | | | Adds support for SFTP (not SCP) using WolfSSH. Closes #4231
* create_conn: prefer multiplexing to using new connectionsDaniel Stenberg2019-12-191-18/+0
| | | | | | | | | | | ... as it would previously prefer new connections rather than multiplexing in most conditions! The (now removed) code was a leftover from the Pipelining code that was translated wrongly into a multiplex-only world. Reported-by: Kunal Ekawde Bug: https://curl.haxx.se/mail/lib-2019-12/0060.html Closes #4732
* conncache: fix multi-thread use of shared connection cacheDaniel Stenberg2019-12-091-13/+8
| | | | | | | | | It could accidentally let the connection get used by more than one thread, leading to double-free and more. Reported-by: Christopher Reid Fixes #4544 Closes #4557
* build: Disable Visual Studio warning "conditional expression is constant"Jay Satiro2019-12-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Disable warning C4127 "conditional expression is constant" globally in curl_setup.h for when building with Microsoft's compiler. This mainly affects building with the Visual Studio project files found in the projects dir. Prior to this change the cmake and winbuild build systems already disabled 4127 globally for when building with Microsoft's compiler. Also, 4127 was already disabled for all build systems in the limited circumstance of the WHILE_FALSE macro which disabled the warning specifically for while(0). This commit removes the WHILE_FALSE macro and all other cruft in favor of disabling globally in curl_setup. Background: We have various macros that cause 0 or 1 to be evaluated, which would cause warning C4127 in Visual Studio. For example this causes it: #define Curl_resolver_asynch() 1 Full behavior is not clearly defined and inconsistent across versions. However it is documented that since VS 2015 Update 3 Microsoft has addressed this somewhat but not entirely, not warning on while(true) for example. Prior to this change some C4127 warnings occurred when I built with Visual Studio using the generated projects in the projects dir. Closes https://github.com/curl/curl/pull/4658
* lib: Move lib/ssh.h -> lib/vssh/ssh.hJay Satiro2019-11-171-1/+1
| | | | | | Follow-up to 5b2d703 which moved ssh source files to vssh. Closes https://github.com/curl/curl/pull/4609
* build: fix for CURL_DISABLE_DOHWyatt O'Day2019-11-061-0/+5
| | | | | Fixes https://github.com/curl/curl/issues/4565 Closes https://github.com/curl/curl/pull/4566
* url: make Curl_close() NULLify the pointer tooDaniel Stenberg2019-10-301-6/+8
| | | | | | | This is the common pattern used in the code and by a unified approach we avoid mistakes. Closes #4534
* url: Curl_free_request_state() should also free doh handlesDaniel Stenberg2019-10-291-3/+4
| | | | | | | | ... or risk DoH memory leaks. Reported-by: Paul Dreik Fixes #4463 Closes #4527
* conn-reuse: requests wanting NTLM can reuse non-NTLM connectionsDaniel Stenberg2019-10-231-1/+7
| | | | | | | | Added test case 338 to verify. Reported-by: Daniel Silverstone Fixes #4499 Closes #4514
* url: normalize CURLINFO_EFFECTIVE_URLDaniel Stenberg2019-10-161-0/+10
| | | | | | | | | | | | | | | | The URL extracted with CURLINFO_EFFECTIVE_URL was returned as given as input in most cases, which made it not get a scheme prefixed like before if the URL was given without one, and it didn't remove dotdot sequences etc. Added test case 1907 to verify that this now works as intended and as before 7.62.0. Regression introduced in 7.62.0 Reported-by: Christophe Dervieux Fixes #4491 Closes #4493
* cookies: change argument type for Curl_flush_cookiesDaniel Stenberg2019-10-031-1/+1
| | | | | | | The second argument is really a 'bool' so use that and pass in TRUE/FALSE to make it clear. Closes #4455
* http2: move state-init from creation to pre-transferDaniel Stenberg2019-10-031-2/+0
| | | | | | | | | | | To make sure that the HTTP/2 state is initialized correctly for duplicated handles. It would otherwise easily generate "spurious" PRIORITY frames to get sent over HTTP/2 connections when duplicated easy handles were used. Reported-by: Daniel Silverstone Fixes #4303 Closes #4442
* url: don't set appconnect time for non-ssl/non-ssh connectionsJay Satiro2019-09-261-1/+3
| | | | | | | | | | | | | | | | Prior to this change non-ssl/non-ssh connections that were reused set TIMER_APPCONNECT [1]. Arguably that was incorrect since no SSL/SSH handshake took place. [1]: TIMER_APPCONNECT is publicly known as CURLINFO_APPCONNECT_TIME in libcurl and %{time_appconnect} in the curl tool. It is documented as "the time until the SSL/SSH handshake is completed". Reported-by: Marcel Hernandez Ref: https://github.com/curl/curl/issues/3760 Closes https://github.com/curl/curl/pull/3773
* url: fix the NULL hostname compiler warning caseJay Satiro2019-09-251-6/+2
| | | | Closes #4403
* url: remove dead codeDaniel Stenberg2019-09-201-7/+0
| | | | | Fixes warning detected by PVS-Studio Fixes #4374
* url: part of expression is always true: (bundle->multiuse == 0)Daniel Stenberg2019-09-201-1/+1
| | | | | Fixes warning detected by PVS-Studio Fixes #4374
* url: only reuse TLS connections with matching pinningDaniel Stenberg2019-09-191-0/+4
| | | | | | | | | | If the requests have different CURLOPT_PINNEDPUBLICKEY strings set, the connection should not be reused. Bug: https://curl.haxx.se/mail/lib-2019-09/0061.html Reported-by: Sebastian Haglund Closes #4347
* url: cleanup dangling DOH request headers tooDaniel Stenberg2019-09-181-0/+1
| | | | | | | | | Follow-up to 9bc44ff64d9081 Credit to OSS-Fuzz Bug: https://crbug.com/oss-fuzz/17269 Closes #4372
* doh: clean up dangling DOH handles and memory on easy closeDaniel Stenberg2019-09-161-0/+6
| | | | | | | | | If you set the same URL for target as for DoH (and it isn't a DoH server), like "https://example.com" in both, the easy handles used for the DoH requests could be left "dangling" and end up not getting freed. Reported-by: Paul Dreik Closes #4366
* cleanup: move functions out of url.c and make them staticDaniel Stenberg2019-09-031-203/+0
| | | | Closes #4289
* cleanup: remove DOT_CHAR completelyDaniel Stenberg2019-08-201-2/+1
| | | | | | | | | | | | Follow-up to f9c7ba9096ec The use of DOT_CHAR for ".ssh" was probably a mistake and is removed now. Pointed-out-by: Gisle Vanem Bug: https://github.com/curl/curl/pull/4230#issuecomment-522960638 Closes #4247
* alt-svc: add protocol version selection maskingDaniel Stenberg2019-08-081-16/+25
| | | | | | | | | | | So that users can mask in/out specific HTTP versions when Alt-Svc is used. - Removed "h2c" and updated test case accordingly - Changed how the altsvc struct is laid out - Added ifdefs to make the unittest run even in a quiche-tree Closes #4201
* http3: fix the HTTP/3 in the request, make alt-svc set right versionsDaniel Stenberg2019-08-081-3/+3
| | | | Closes #4200
* alt-svc: send Alt-Used: in redirected requestsDaniel Stenberg2019-08-081-0/+1
| | | | | | | | | | | | | | | RFC 7838 section 5: When using an alternative service, clients SHOULD include an Alt-Used header field in all requests. Removed CURLALTSVC_ALTUSED again (feature is still EXPERIMENTAL thus this is deemed ok). You can disable sending this header just like you disable any other HTTP header in libcurl. Closes #4199
* curl.h: add CURL_HTTP_VERSION_3 to the version enumDaniel Stenberg2019-08-071-1/+1
| | | | | It can't be set for CURLOPT_HTTP_VERSION, but it can be extracted with CURLINFO_HTTP_VERSION.
* sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZIDSteve Holme2019-08-061-0/+9
| | | | | | | | | | | | | | | | | Added the ability for the calling program to specify the authorisation identity (authzid), the identity to act as, in addition to the authentication identity (authcid) and password when using SASL PLAIN authentication. Fixes #3653 Closes #3790 NOTE: This commit was cherry-picked and is part of a series of commits that added the authzid feature for upcoming 7.66.0. The series was temporarily reverted in db8ec1f so that it would not ship in a 7.65.x patch release. Closes https://github.com/curl/curl/pull/4186
* http09: disable HTTP/0.9 by default in both tool and libraryDaniel Stenberg2019-08-061-1/+1
| | | | | | | | As the plan has been laid out in DEPRECATED. Update docs accordingly and verify in test 1174. Now requires the option to be set to allow HTTP/0.9 responses. Closes #4191
* url: make use of new HTTP version if alt-svc has oneDaniel Stenberg2019-08-031-2/+31
|
* url: set conn->transport to default TCP at init timeDaniel Stenberg2019-08-031-1/+1
|
* timediff: make it 64 bit (if possible) even with 32 bit time_tDaniel Stenberg2019-08-011-1/+2
| | | | | | | ... to make it hold microseconds too. Fixes #4165 Closes #4168
* cleanup: remove the 'numsocks' argument used in many placesDaniel Stenberg2019-07-301-6/+4
| | | | | | | | | It was used (intended) to pass in the size of the 'socks' array that is also passed to these functions, but was rarely actually checked/used and the array is defined to a fixed size of MAX_SOCKSPEREASYHANDLE entries that should be used instead. Closes #4169
* HTTP3: initial (experimental) supportDaniel Stenberg2019-07-211-1/+1
| | | | | | | | | USe configure --with-ngtcp2 or --with-quiche Using either option will enable a HTTP3 build. Co-authored-by: Alessandro Ghedini <alessandro@ghedini.me> Closes #3500
* libcurl: Restrict redirect schemes (follow-up)Jay Satiro2019-07-171-1/+2
| | | | | | | | | | | | - Allow FTPS on redirect. - Update default allowed redirect protocols in documentation. Follow-up to 6080ea0. Ref: https://github.com/curl/curl/pull/4094 Closes https://github.com/curl/curl/pull/4115
* libcurl: Restrict redirect schemesLinos Giannopoulos2019-07-141-3/+1
| | | | | | | | | | | | | | | | | | | | All protocols except for CURLPROTO_FILE/CURLPROTO_SMB and their TLS counterpart were allowed for redirect. This vastly broadens the exploitation surface in case of a vulnerability such as SSRF [1], where libcurl-based clients are forced to make requests to arbitrary hosts. For instance, CURLPROTO_GOPHER can be used to smuggle any TCP-based protocol by URL-encoding a payload in the URI. Gopher will open a TCP connection and send the payload. Only HTTP/HTTPS and FTP are allowed. All other protocols have to be explicitly enabled for redirects through CURLOPT_REDIR_PROTOCOLS. [1]: https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/ Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr> Closes #4094
* conn_maxage: move the check to prune_dead_connections()Daniel Stenberg2019-06-171-27/+25
| | | | | | | | ... and avoid the locking issue. Reported-by: Kunal Ekawde Fixes #4029 Closes #4032
* url: Fix CURLOPT_MAXAGE_CONN time comparisonCliff Crosland2019-06-121-1/+1
| | | | | | | | | Old connections are meant to expire from the connection cache after CURLOPT_MAXAGE_CONN seconds. However, they actually expire after 1000x that value. This occurs because a time value measured in milliseconds is accidentally divided by 1M instead of by 1,000. Closes https://github.com/curl/curl/pull/4013
* multi: make sure 'data' can present in several sockhash entriesDaniel Stenberg2019-06-101-8/+1
| | | | | | | | | | | | | | | | | | | Since more than one socket can be used by each transfer at a given time, each sockhash entry how has its own hash table with transfers using that socket. In addition, the sockhash entry can now be marked 'blocked = TRUE'" which then makes the delete function just set 'removed = TRUE' instead of removing it "for real", as a way to not rip out the carpet under the feet of a parent function that iterates over the transfers of that same sockhash entry. Reported-by: Tom van der Woerdt Fixes #3961 Fixes #3986 Fixes #3995 Fixes #4004 Closes #3997
* url: Load if_nametoindex() dynamically from iphlpapi.dll on WindowsSteve Holme2019-05-291-2/+13
| | | | | | | | | | This fixes the static dependency on iphlpapi.lib and allows curl to build for targets prior to Windows Vista. This partially reverts 170bd047. Fixes #3960 Closes #3958
* parse_proxy: make sure portptr is initializedDaniel Stenberg2019-05-281-1/+1
| | | | | | Reported-by: Benbuck Nason fixes #3959
* url: default conn->port to the same as conn->remote_portDaniel Stenberg2019-05-281-1/+1
| | | | | | | | | | | | | | ... so that it has a sensible value when ConnectionExists() is called which needs it set to differentiate host "bundles" correctly on port number! Also, make conncache:hashkey() use correct port for bundles that are proxy vs host connections. Probably a regression from 7.62.0 Reported-by: Tom van der Woerdt Fixes #3956 Closes #3957
* conncache: make "bundles" per host name when doing proxy tunnelsDaniel Stenberg2019-05-281-8/+9
| | | | | | | | | Only HTTP proxy use where multiple host names can be used over the same connection should use the proxy host name for bundles. Reported-by: Tom van der Woerdt Fixes #3951 Closes #3955
* Revert all SASL authzid (new feature) commitsJay Satiro2019-05-251-9/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Revert all commits related to the SASL authzid feature since the next release will be a patch release, 7.65.1. Prior to this change CURLOPT_SASL_AUTHZID / --sasl-authzid was destined for the next release, assuming it would be a feature release 7.66.0. However instead the next release will be a patch release, 7.65.1 and will not contain any new features. After the patch release after the reverted commits can be restored by using cherry-pick: git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690 Details for all reverted commits: Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()." This reverts commit 0edf6907ae37e2020722e6f61229d8ec64095b0a. Revert "tests: Fix the line endings for the SASL alt-auth tests" This reverts commit c2a8d52a1356a722ff9f4aeb983cd4eaf80ef221. Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples" This reverts commit 8c1cc369d0c7163c6dcc91fd38edfea1f509ae75. Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool" This reverts commit a9499ff136d89987af885e2d7dff0a066a3e5817. Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID" This reverts commit a14d72ca2fec5d4eb5a043936e4f7ce08015c177.
* Fix typo.Gisle Vanem2019-05-241-1/+1
|
* config-win32: add support for if_nametoindex and getsocknameZenju2019-05-231-1/+3
| | | | Closes https://github.com/curl/curl/pull/3923
View Lorry Controller Status