summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* ssh-libssh.c: please checksrcDaniel Stenberg2017-12-041-1/+1
|
* libssh: fixed dereference in statvfs accessNikos Mavrogiannopoulos2017-12-041-1/+1
| | | | | | | The behavior is now equivalent to ssh.c when SSH_SFTP_QUOTE_STATVFS handling fails. Fixes #2142
* libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFSNikos Mavrogiannopoulos2017-12-031-3/+1
| | | | | | | | | The previous code was incorrectly following the libssh2 error detection for libssh2_sftp_statvfs, which is not correct for libssh's sftp_statvfs. Fixes #2142 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libssh: no need to call sftp_get_error as ssh_get_error is sufficientNikos Mavrogiannopoulos2017-12-031-9/+2
| | | | | | Fixes #2141 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libssh: fix minor static code analyzer nitsDaniel Stenberg2017-12-021-7/+10
| | | | | | | | | - remove superfluous NULL check which otherwise tricks the static code analyzers to assume NULL pointer dereferences. - fix fallthrough in switch() - indent mistake
* openssl: pkcs12 is supported by boringsslDaniel Stenberg2017-12-021-10/+0
| | | | | | | | Removes another #ifdef for BoringSSL Pointed-out-by: David Benjamin Closes #2134
* libssh: added SFTP supportNikos Mavrogiannopoulos2017-12-014-19/+1547
| | | | | | | | | | The SFTP back-end supports asynchronous reading only, limited to 32-bit file length. Writing is synchronous with no other limitations. This also brings keyboard-interactive authentication. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libssh2: return CURLE_UPLOAD_FAILED on failure to uploadNikos Mavrogiannopoulos2017-12-011-0/+4
| | | | | | | This brings its in sync with the error code returned by the libssh backend. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libssh2: send the correct CURLE error code on scp file not foundNikos Mavrogiannopoulos2017-12-011-0/+5
| | | | | | | | | | That also updates tests to expect the right error code libssh2 back-end returns CURLE_SSH error if the remote file is not found. Expect instead CURLE_REMOTE_FILE_NOT_FOUND which is sent by the libssh backend. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Added support for libssh SSH SCP back-endNikos Mavrogiannopoulos2017-12-0111-195/+1537
| | | | | | | | | | libssh is an alternative library to libssh2. https://www.libssh.org/ That patch set also introduces support for ECDSA ed25519 keys, as well as gssapi authentication. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib: don't export all symbols, just everything curl_*W. Mark Kubacki2017-12-011-0/+2
| | | | | | | | | | | | | | | | | Absent any 'symbol map' or script to limit what gets exported, static linking of libraries previously resulted in a libcurl with curl's and those other symbols being (re-)exported. This did not happen if 'versioned symbols' were enabled (which is not the default) because then a version script is employed. This limits exports to everything starting in 'curl_*'., which is what "libcurl.vers" exports. This avoids strange side-effects such as with mixing methods from system libraries and those erroneously offered by libcurl. Closes #2127
* SSL: Avoid magic allocation of SSL backend specific dataJohannes Schindelin2017-12-012-25/+27
| | | | | | | | | | | | | | | | | | | | Originally, my idea was to allocate the two structures (or more precisely, the connectdata structure and the four SSL backend-specific strucutres required for ssl[0..1] and proxy_ssl[0..1]) in one go, so that they all could be free()d together. However, getting the alignment right is tricky. Too tricky. So let's just bite the bullet and allocate the SSL backend-specific data separately. As a consequence, we now have to be very careful to release the memory allocated for the SSL backend-specific data whenever we release any connectdata. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes #2119
* openssl: fix boringssl build againDaniel Stenberg2017-11-271-1/+1
| | | | | | | | commit d3ab7c5a21e broke the boringssl build since it doesn't have RSA_flags(), so we disable that code block for boringssl builds. Reported-by: W. Mark Kubacki Fixes #2117
* curl_ntlm_core.c: use the limits.h's SIZE_T_MAX if providedDaniel Stenberg2017-11-271-0/+3
|
* global_init: ignore CURL_GLOBAL_SSL's absenseDaniel Stenberg2017-11-271-9/+5
| | | | | | | | | | | | | | | | | This bit is no longer used. It is not clear what it meant for users to "init the TLS" in a world with different TLS backends and since the introduction of multissl, libcurl didn't properly work if inited without this bit set. Not a single user responded to the call for users of it: https://curl.haxx.se/mail/lib-2017-11/0072.html Reported-by: Evgeny Grin Assisted-by: Jay Satiro Fixes #2089 Fixes #2083 Closes #2107
* ntlm: avoid integer overflow for malloc sizeDaniel Stenberg2017-11-271-2/+18
| | | | | | | | | Reported-by: Alex Nichols Assisted-by: Kamil Dudka and Max Dymond CVE-2017-8816 Bug: https://curl.haxx.se/docs/adv_2017-11e7.html
* wildcardmatch: fix heap buffer overflow in setcharsetDaniel Stenberg2017-11-271-6/+3
| | | | | | | | | | | | | The code would previous read beyond the end of the pattern string if the match pattern ends with an open bracket when the default pattern matching function is used. Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161 CVE-2017-8817 Bug: https://curl.haxx.se/docs/adv_2017-ae72.html
* url: fix alignment of ssl_backend_data structJay Satiro2017-11-272-31/+30
| | | | | | | | | | | | | | | | | | | | | | | | | - Align the array of ssl_backend_data on a max 32 byte boundary. 8 is likely to be ok but I went with 32 for posterity should one of the ssl_backend_data structs change to contain a larger sized variable in the future. Prior to this change (since dev 70f1db3, release 7.56) the connectdata structure was undersized by 4 bytes in 32-bit builds with ssl enabled because long long * was mistakenly used for alignment instead of long long, with the intention being an 8 byte boundary. Also long long may not be an available type. The undersized connectdata could lead to oob read/write past the end in what was expected to be the last 4 bytes of the connection's secondary socket https proxy ssl_backend_data struct (the secondary socket in a connection is used by ftp, others?). Closes https://github.com/curl/curl/issues/2093 CVE-2017-8818 Bug: https://curl.haxx.se/docs/adv_2017-af0a.html
* ssh: remove check for a NULL pointer (!)Daniel Stenberg2017-11-251-2/+2
| | | | | | | | | | With this check present, scan-build warns that we might dereference this point in other places where it isn't first checked for NULL. Thus, if it *can* be NULL we have a problem on a few places. However, this pointer should not be possible to be NULL here so I remove the check and thus also three different scan-build warnings. Closes #2111
* URL: update "file:" URL handlingMatthew Kerwin2017-11-241-43/+78
| | | | | | | | | | | * LOTS of comment updates * explicit error for SMB shares (e.g. "file:////share/path/file") * more strict handling of authority (i.e. "//localhost/") * now accepts dodgy old "C:|" drive letters * more precise handling of drive letters in and out of Windows (especially recognising both "file:c:/" and "file:/c:/") Closes #2110
* connect: add support for new TCP Fast Open API on LinuxAlessandro Ghedini2017-11-243-5/+27
| | | | | | | | | | | The new API added in Linux 4.11 only requires setting a socket option before connecting, without the whole sento() machinery. Notably, this makes it possible to use TFO with SSL connections on Linux as well, without the need to mess around with OpenSSL (or whatever other SSL library) internals. Closes #2056
* connect: improve the bind error messageJay Satiro2017-11-231-0/+4
| | | | | | | | | | eg consider a non-existent interface eth8, curl --interface eth8 Before: curl: (45) Could not resolve host: eth8 After: curl: (45) Couldn't bind to 'eth8' Bug: https://github.com/curl/curl/issues/2104 Reported-by: Alfonso Martone
* url: reject ASCII control characters and space in host namesDaniel Stenberg2017-11-221-12/+37
| | | | | | | | | | Host names like "127.0.0.1 moo" would otherwise be accepted by some getaddrinfo() implementations. Updated test 1034 and 1035 accordingly. Fixes #2073 Closes #2092
* Curl_open: fix OOM return error correctlyDaniel Stenberg2017-11-211-20/+19
| | | | Closes #2098
* http2: fix "Value stored to 'end' is never read" scan-build errorDaniel Stenberg2017-11-211-1/+0
|
* http2: fix "Value stored to 'hdbuf' is never read" scan-build errorDaniel Stenberg2017-11-211-2/+0
|
* openssl: fix "Value stored to 'rc' is never read" scan-build errorDaniel Stenberg2017-11-211-2/+2
|
* mime: fix "Value stored to 'sz' is never read" scan-build errorDaniel Stenberg2017-11-211-2/+0
|
* Curl_llist_remove: fix potential NULL pointer derefDaniel Stenberg2017-11-211-1/+5
| | | | Fixes a scan-build warning.
* ntlm: remove unnecessary NULL-check to please scan-buildDaniel Stenberg2017-11-211-2/+1
|
* resolve: allow IP address within [] bracketsDaniel Stenberg2017-11-171-1/+12
| | | | | | | | | | | ... so that IPv6 addresses can be passed like they can for connect-to and how they're used in URLs. Added test 1324 to verify Reported-by: Alex Malinovich Fixes #2087 Closes #2091
* macOS: Fix missing connectx function with Xcode version older than 9.0Pavol Markovic2017-11-151-5/+8
| | | | | | | | | | | The previous fix https://github.com/curl/curl/pull/1788 worked just for Xcode 9. This commit extends the fix to older Xcode versions effectively by not using connectx function. Fixes https://github.com/curl/curl/issues/1330 Fixes https://github.com/curl/curl/issues/2080 Closes https://github.com/curl/curl/pull/1336 Closes #2082
* openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEYDirk Feytons2017-11-151-2/+8
| | | | | Fixes #2079 Closes #2081
* URL: return error on malformed URLs with junk after IPv6 bracketMichael Kaufmann2017-11-141-1/+7
| | | | | | Follow-up to aadb7c7. Verified by new test 1263. Closes #2072
* zlib/brotli: only include header files in modules needing themPatrick Monnerat2017-11-133-12/+25
| | | | | | | | There is a conflict on symbol 'free_func' between openssl/crypto.h and zlib.h on AIX. This is an attempt to resolve it. Bug: https://curl.haxx.se/mail/lib-2017-11/0032.html Reported-By: Michael Felt
* SMB: fix uninitialized local variableDaniel Stenberg2017-11-131-1/+1
| | | | Reported-by: Brian Carpenter
* connect.c: remove executable bit on fileOrgad Shaneh2017-11-121-0/+0
| | | | Closes #2071
* setopt: split out curl_easy_setopt() to its own fileDaniel Stenberg2017-11-106-2566/+2640
| | | | | | ... to make url.c smaller. Closes #1944
* curl_share_setopt: va_end was not called if conncache errorsDaniel Stenberg2017-11-101-1/+1
| | | | CID 984459, detected by Coverity
* --interface: add support for Linux VRFLuca Boccassi2017-11-091-24/+28
| | | | | | | | | | | | | The --interface command (CURLOPT_INTERFACE option) already uses SO_BINDTODEVICE on Linux, but it tries to parse it as an interface or IP address first, which fails in case the user passes a VRF. Try to use the socket option immediately and parse it as a fallback instead. Update the documentation to mention this feature, and that it requires the binary to be ran by root or with CAP_NET_RAW capabilities for this to work. Closes #2024
* share: add support for sharing the connection cacheDaniel Stenberg2017-11-099-128/+162
|
* imap: deal with commands case insensitivelyDaniel Stenberg2017-11-091-11/+11
| | | | | | | As documented in RFC 3501 section 9: https://tools.ietf.org/html/rfc3501#section-9 Closes #2061
* connect: store IPv6 connection status after valid connectionDaniel Stenberg2017-11-091-4/+3
| | | | | | | | ... previously it would store it already in the happy eyeballs stage which could lead to the IPv6 bit being set for an IPv4 connection, leading to curl not wanting to do EPSV=>PASV for FTP transfers. Closes #2053
* content_encoding: fix inflate_stream for no bytes availableJay Satiro2017-11-091-4/+6
| | | | | | | | | | | | | | | | | | | - Don't call zlib's inflate() when avail_in stream bytes is 0. This is a follow up to the parent commit 19e66e5. Prior to that change libcurl's inflate_stream could call zlib's inflate even when no bytes were available, causing inflate to return Z_BUF_ERROR, and then inflate_stream would treat that as a hard error and return CURLE_BAD_CONTENT_ENCODING. According to the zlib FAQ, Z_BUF_ERROR is not fatal. This bug would happen randomly since packet sizes are arbitrary. A test of 10,000 transfers had 55 fail (ie 0.55%). Ref: https://zlib.net/zlib_faq.html#faq05 Closes https://github.com/curl/curl/pull/2060
* content_encoding: do not write 0 length dataPatrick Monnerat2017-11-071-2/+2
|
* fnmatch: remove dead codeDaniel Stenberg2017-11-061-6/+1
| | | | | | | There was a duplicate check for backslashes in the setcharset() function. Coverity CID 1420611
* url: remove unncessary NULL-checkDaniel Stenberg2017-11-061-3/+2
| | | | | | | Since 'conn' won't be NULL in there and we also access the pointer in there without the check. Coverity CID 1420610
* Makefile.m32: allow to customize brotli libsViktor Szakats2017-11-051-2/+7
| | | | | | It adds the ability to link against static brotli libs. Also fix brotli include path.
* Makefile.m32: add brotli supportViktor Szakats2017-11-051-1/+14
|
* HTTP: implement Brotli content encodingPatrick Monnerat2017-11-053-3/+175
| | | | | | | | | | | | This uses the brotli external library (https://github.com/google/brotli). Brotli becomes a feature: additional curl_version_info() bit and structure fields are provided for it and CURLVERSION_NOW bumped. Tests 314 and 315 check Brotli content unencoding with correct and erroneous data. Some tests are updated to accomodate with the now configuration dependent parameters of the Accept-Encoding header.
View Lorry Controller Status