summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* openssl: when creating a new context, there cannot be an old oneDaniel Stenberg2021-08-181-2/+1
| | | | | | | | Remove the previous handling that would call SSL_CTX_free(), and instead add an assert that halts a debug build if there ever is a context already set at this point. Closes #7585
* sectransp: support CURLINFO_CERTINFOSergey Markelov2021-08-173-48/+85
| | | | | Fixes #4130 Closes #7372
* ngtcp2: remove the acked_crypto_offset struct field initDaniel Stenberg2021-08-161-1/+0
| | | | | | ... as it is gone from the API upstream. Closes #7578
* misc: update incorrect copyright year rangesDaniel Stenberg2021-08-163-3/+3
| | | | Closes #7577
* http2: revert call the handle-closed function correctly on closed streamArtur Sinila2021-08-161-4/+0
| | | | | | | | Reverts 252790c5335a221 Assisted-by: Gergely Nagy Fixes #7400 Closes #7525
* auth: do not append zero-terminator to authorisation id in kerberosPatrick Monnerat2021-08-162-14/+8
| | | | | | | | | RFC4752 Section 3.1 states "The authorization identity is not terminated with a zero-valued (%x00) octet". Although a comment in code said it may be needed anyway, nothing confirms it. In addition, servers may consider it as part of the identity, causing a failure. Closes #7008
* auth: use sasl authzid option in kerberosPatrick Monnerat2021-08-164-70/+38
| | | | | ... instead of deriving it from active ticket. Closes #7008
* auth: we do not support a security layer after kerberos authenticationPatrick Monnerat2021-08-162-0/+2
| | | | Closes #7008
* auth: properly handle byte order in kerberos security messagePatrick Monnerat2021-08-162-25/+30
| | | | Closes #7008
* x509asn1: fix heap over-read when parsing x509 certificatesz2_2021-08-161-9/+10
| | | | | Assisted-by: Patrick Monnerat Closes #7536
* build: fix compiler warningsMAntoniak2021-08-143-8/+10
| | | | | | | | | | | | | | | | For when CURL_DISABLE_VERBOSE_STRINGS and DEBUGBUILD flags are both active. - socks.c : warning C4100: 'lineno': unreferenced formal parameter (co-authored by Daniel Stenberg) - mbedtls.c: warning C4189: 'port': local variable is initialized but not referenced - schannel.c: warning C4189: 'hostname': local variable is initialized but not referenced Cloes #7528
* c-hyper: initial step for 100-continue supportDaniel Stenberg2021-08-132-3/+57
| | | | | | Enabled test 154 Closes #7568
* vtls: fix typo in schannel_verify.cIkko Ashimine2021-08-131-1/+1
| | | | | | occurence -> occurrence Closes #7566
* c-hyper: fix header value passed to debug callbackDaniel Stenberg2021-08-131-1/+1
| | | | Closes #7567
* cleanup: URL updatesViktor Szakats2021-08-122-2/+3
| | | | | | | | | | - replace broken URL with the one it was most probably pointing to when added (lib/tftp.c) - replace broken URL with archive.org link (lib/curl_ntlm_wb.c) - delete unnecessary protocol designator from archive.org URL (docs/BINDINGS.md) Closes #7562
* asyn-ares.c: move all version number checks to the topDaniel Stenberg2021-08-111-10/+29
| | | | ... and use #ifdef [feature] in the code as per our guidelines.
* ares: use ares_getaddrinfo()Daniel Stenberg2021-08-111-2/+115
| | | | | | | | | | | | | ares_getaddrinfo() is the getaddrinfo() cloned provided by c-ares, introduced in version 1.16.0. With older c-ares versions, curl invokes ares_gethostbyname() twice - once for IPv4 and once for IPv6 to resolve both addresses, and then combines the returned results. Reported-by: jjandesmet Fixes #7364 Closes #7552
* ngtcp2: utilize crypto API functions to simplifyTatsuhiro Tsujikawa2021-08-101-57/+11
| | | | Closes #7551
* ngtcp2: reset the oustanding send buffer again when drainedmegatronking2021-08-101-0/+6
| | | | Closes #7538
* progress: fix a compile warning on some systemsMichael Kaufmann2021-08-101-1/+1
| | | | | | | lib/progress.c:380:40: warning: conversion to 'long double' from 'curl_off_t {aka long long int}' may alter its value [-Wconversion] Closes #7549
* http: consider cookies over localhost to be secureDaniel Stenberg2021-08-101-17/+22
| | | | | | | | | Updated test31. Added test 392 to verify secure cookies used for http://localhost Reviewed-by: Daniel Gustafsson Fixes #6733 Closes #7263
* hostip: Make Curl_ipv6works function independent of getaddrinfoJay Satiro2021-08-103-32/+36
| | | | | | | | | | | | | | | | | | | | | - Do not assume IPv6 is not working when getaddrinfo is not present. The check to see if IPv6 actually works is now independent of whether there is any resolver that can potentially resolve a hostname to IPv6. Prior to this change if getaddrinfo() was not found at compile time then Curl_ipv6works() would be defined as a macro that returns FALSE. When getaddrinfo is not found then libcurl is built with CURLRES_IPV4 defined instead of CURLRES_IPV6, meaning that it cannot do IPv6 lookups in the traditional way. With this commit if libcurl is built with IPv6 support (ENABLE_IPV6) but without getaddrinfo (CURLRES_IPV6), and the IPv6 stack is actually working, then it is possible for libcurl to resolve IPv6 addresses by using DoH. Ref: https://github.com/curl/curl/issues/7483#issuecomment-890765378 Closes https://github.com/curl/curl/pull/7529
* ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_readTatsuhiro Tsujikawa2021-08-091-2/+2
| | | | Closes #7546
* ngtcp2: rework the return value handling of ngtcp2_conn_writev_streamTatsuhiro Tsujikawa2021-08-091-6/+14
| | | | | | | Rework the return value handling of ngtcp2_conn_writev_stream and treat NGTCP2_ERR_STREAM_SHUT_WR separately. Closes #7546
* easy: use a custom implementation of wcsdup on WindowsJeff Mears2021-08-093-1/+30
| | | | | | | ... so that malloc/free overrides from curl_global_init are used for wcsdup correctly. Closes #7540
* mbedTLS: initial 3.0.0 supportBenau2021-08-094-13/+77
| | | | Closes #7428
* mbedtls_threadlock: fix unused variable warningmodbw2021-08-081-18/+7
| | | | Closes #7393
* ngtcp2: compile with the latest ngtcp2 and nghttp3Tatsuhiro Tsujikawa2021-08-081-6/+22
| | | | Closes #7541
* connect: remove superfluous conditionalDaniel Gustafsson2021-07-301-6/+4
| | | | | | | | | | Commit dbd16c3e2 cleaned up the logic for traversing the addrinfos, but the move left a conditional on ai which no longer is needed as the while loop reevaluation will cover it. Closes #7511 Reviewed-by: Carlo Marcelo Arenas Belón Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* bearssl: support CURLOPT_CAINFO_BLOBAleksandr Krotov2021-07-281-16/+66
| | | | Closes #7468
* c-hyper: remove the hyper_executor_poll() loop from Curl_httpDaniel Stenberg2021-07-271-25/+4
| | | | | | | | | 1. it's superfluous 2. it didn't work identically to the Curl_hyper_stream one which could cause problems like #7486 Pointed-out-by: David Cook Closes #7499
* http_proxy: clear 'sending' when the outgoing request is sentDaniel Stenberg2021-07-251-0/+1
| | | | | | | | | | | | | ... so that Curl_connect_getsock() will know how to wait for the socket to become readable and not writable after the entire CONNECT request has been issued. Regression added in 7.77.0 Reported-by: zloi-user on github Assisted-by: Jay Satiro Fixes #7155 Closes #7484
* openssl: fix grammarJosh Soref2021-07-251-36/+36
| | | | Closes https://github.com/curl/curl/pull/7480
* Get rid of the unused HAVE_SIG_ATOMIC_T et. al.Dan Fandrich2021-07-2312-60/+0
| | | | It was added in 2006 but I see no evidence it was ever used.
* vtls: fix connection reuse checks for issuer cert and case sensitivityDaniel Stenberg2021-07-206-27/+45
| | | | | | | CVE-2021-22924 Reported-by: Harry Sintonen Bug: https://curl.se/docs/CVE-2021-22924.html
* sectransp: check for client certs by name first, then fileDaniel Stenberg2021-07-201-14/+19
| | | | | | | | | CVE-2021-22926 Bug: https://curl.se/docs/CVE-2021-22926.html Assisted-by: Daniel Gustafsson Reported-by: Harry Sintonen
* telnet: fix option parser to not send uninitialized contentsDaniel Stenberg2021-07-201-6/+11
| | | | | | | CVS-2021-22925 Reported-by: Red Hat Product Security Bug: https://curl.se/docs/CVE-2021-22925.html
* connect: fix wrong format specifier in connect error stringJay Satiro2021-07-201-1/+2
| | | | | | | | | | | | | | | | | | | 0842175 (not in any release) used the wrong format specifier (long int) for timediff_t. On an OS such as Windows libcurl's timediff_t (usually 64-bit) is bigger than long int (32-bit). In 32-bit Windows builds the upper 32-bits of the timediff_t were erroneously then used by the next format specifier. Usually since the timeout isn't larger than 32-bits this would result in null as a pointer to the string with the reason for the connection failing. On other OSes or maybe other compilers it could probably result in garbage values (ie crash on deref). Before: Failed to connect to localhost port 12345 after 1201 ms: (nil) After: Failed to connect to localhost port 12345 after 1203 ms: Connection refused Closes https://github.com/curl/curl/pull/7449
* misc: copyright year range updatesDaniel Stenberg2021-07-191-1/+1
|
* lib: fix compiler warnings with CURL_DISABLE_NETRCMAntoniak2021-07-183-0/+10
| | | | | | | | | | warning C4189: 'netrc_user_changed': local variable is initialized but not referenced warning C4189: 'netrc_passwd_changed': local variable is initialized but not referenced Closes #7423
* easy: during upkeep, attach Curl_easy to connections in the cacheJosie Huddleston2021-07-171-1/+8
| | | | | | | | | | | | | | During the protocol-specific parts of connection upkeep, some code assumes that the data->conn pointer already is set correctly. However, there's currently no guarantee of that in the code. This fix temporarily attaches each connection to the Curl_easy object before performing the protocol-specific connection check on it, in a similar manner to the connection checking in extract_if_dead(). Fixes #7386 Closes #7387 Reported-by: Josie Huddleston
* cleanup: spell DoH with a lowercase oJosh Soref2021-07-165-28/+28
| | | | | | Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> Closes #7413
* mbedtls: Remove unnecessary includeMAntoniak2021-07-162-5/+0
| | | | | | | | | | - curl_setup.h: all references to mbedtls_md4* functions and structures are in the md4.c. This file already includes the <mbedtls/md4.h> file along with the file existence control (defined (MBEDTLS_MD4_C)) - curl_ntlm_core.c: unnecessary include - repeated below Closes #7419
* multi: fix crash in curl_multi_wait / curl_multi_pollUser Sg2021-07-161-2/+2
| | | | | | | | | | | | Appears to have been caused by 51c0ebc (precedes 7.77.0) which added a VALID_SOCK check to one of the loops through the sockets but not the other. Reported-by: sylgal@users.noreply.github.com Authored-by: sylgal@users.noreply.github.com Fixes https://github.com/curl/curl/issues/7379 Closes https://github.com/curl/curl/pull/7389
* build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGSSergey Markelov2021-07-164-0/+13
| | | | | | | fix compiler warnings about unused variables and parameters when built with --disable-verbose. Closes https://github.com/curl/curl/pull/7377
* [SChannel] Use '_tcsncmp()' insteadGisle Vanem2021-07-161-18/+8
| | | | | Revert previous change for PellesC. Instead replace all use of `_tcsnccmp()` with `_tcsncmp()`.
* [PellesC] missing '_tcsnccmp'Gisle Vanem2021-07-161-0/+10
| | | PellesC compiler does not have this macro in it's `<tchar.h>`
* Revert "ftp: Expression 'ftpc->wait_data_conn' is always false"Jonathan Wernberg2021-07-081-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The reverted commit introduced a logic error in code that was correct. The client using libcurl would notice the error since FTP file uploads in active transfer mode would somtimes complete with success despite no transfer having been performed and the "uploaded" file thus not being on the remote server afterwards. The FTP server would notice the error because it receives a RST on the data connection it has established with the client before any data was transferred at all. The logic error happens if the STOR response from the server have arrived by the time ftp_multi_statemach() in the affected code path is called, but the incoming data connection have not arrived yet. In that case, the processing of the STOR response will cause 'ftpc->wait_data_conn' to be set to TRUE, contradicting the comment in the code. Since 'complete' will also be set, later logic would believe the transfer was done. In most cases, the STOR response will not have arrived yet when the affected code path is executed, or the incoming connection will also have arrived, and thus the error would not express itself. But if the speed difference of the device using libcurl and the FTP server is exactly right, the error may happen as often as in one out of hundred file transfers. This reverts commit 49f3117a238b6eac0e22a32f50699a9eddcb66ab. Bug: https://curl.se/mail/lib-2021-07/0025.html Closes #7362
* msnprintf: return number of printed characters excluding null byteDaniel Stenberg2021-07-082-5/+5
| | | | | | | | ... even when the output is "capped" by the maximum length argument. Clarified in the docs. Closes #7361
* infof: remove newline from format strings, always append itDaniel Stenberg2021-07-0768-933/+918
| | | | | | | | | | | | | | | | - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
View Lorry Controller Status