summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* share: don't set the share flag it something failsDaniel Stenberg2020-06-121-3/+5
| | | | | | | | When asking for a specific feature to be shared in the share object, that bit was previously set unconditionally even if the shared feature failed or otherwise wouldn't work. Closes #5554
* wording: avoid blacklist/whitelist stereotypesDaniel Stenberg2020-06-102-12/+11
| | | | | | | | Instead of discussing if there's value or meaning (implied or not) in the colors, let's use words without the same possibly negative associations. Closes #5546
* socks: detect connection close during handshakeDaniel Stenberg2020-06-081-4/+28
| | | | | | | | | The SOCKS4/5 state machines weren't properly terminated when the proxy connection got closed, leading to a busy-loop. Reported-By: zloi-user on github Fixes #5532 Closes #5542
* multi: add defensive check on data->multi->num_alivexquery2020-06-081-1/+3
| | | | Closes #5540
* Curl_addrinfo: use one malloc instead of threeDaniel Stenberg2020-06-082-56/+22
| | | | | | | | To reduce the amount of allocations needed for creating a Curl_addrinfo struct, make a single larger malloc instead of three separate smaller ones. Closes #5533
* quiche: update SSLKEYLOGFILE supportAlessandro Ghedini2020-06-081-1/+7
| | | | | | | | quiche now requires the application to explicitly set the keylog path for each connection, rather than reading the environment variable itself. Closes #5541
* ngtcp2: update with recent API changesDaniel Stenberg2020-06-081-5/+8
| | | | | | | Syncs with ngtcp2 commit 7e9a917d386d98 merged June 7 2020. Assisted-by: Tatsuhiro Tsujikawa Closes #5538
* socks: remove unreachable breaks in socks.c and mime.cxquery2020-06-082-5/+3
| | | | Closes #5537
* libssh2: keep sftp errors as 'unsigned long'Daniel Stenberg2020-06-081-62/+66
| | | | | | | Remove weird work-around for storing the SFTP errors as int instead of the "unsigned long" that libssh2 actually returns for SFTP errors. Closes #5534
* timeouts: move ms timeouts to timediff_t from int and longMarc Hoersken2020-06-065-9/+13
| | | | | | | | | | | | | Now that all functions in select.[ch] take timediff_t instead of the limited int or long, we can remove type conversions and related preprocessor checks to silence compiler warnings. Avoiding conversions from time_t was already done in 842f73de. Based upon #5262 Supersedes #5214, #5220 and #5221 Follow up to #5343 and #5479 Closes #5490
* openssl: set FLAG_TRUSTED_FIRST unconditionallyFrançois Rigault2020-06-061-4/+3
| | | | | | | | | | | | | On some systems, openssl 1.0.x is still the default, but it has been patched to contain all the recent security fixes. As a result of this patching, it is possible for macro X509_V_FLAG_NO_ALT_CHAINS to be defined, while the previous behavior of openssl to not look at trusted chains first, remains. Fix it: ensure X509_V_FLAG_TRUSTED_FIRST is always set, do not try to probe for the behavior of openssl based on the existence ofmacros. Closes #5530
* socks: fix expected length of SOCKS5 replyCherish982020-06-051-0/+7
| | | | | | | | | Commit 4a4b63d forgot to set the expected SOCKS5 reply length when the reply ATYP is X'01'. This resulted in erroneously expecting more bytes when the request length is greater than the reply length (e.g., when remotely resolving the hostname). Closes #5527
* trailers: switch h1-trailer logic to use dynbufDaniel Stenberg2020-06-054-37/+21
| | | | | | In the continued effort to remove "manual" realloc schemes. Closes #5524
* quiche: advertise draft 28 supportPeter Wu2020-06-042-3/+15
| | | | | | | Fix the verbose message while at it, quiche currently supports draft 27 and draft 28 simultaneously. Closes #5518
* altsvc: fix 'dsthost' may be used uninitialized in this functionDaniel Stenberg2020-06-031-1/+1
|
* urldata: let the HTTP method be in the set.* structDaniel Stenberg2020-06-0210-59/+56
| | | | | | | | | | | | When the method is updated inside libcurl we must still not change the method as set by the user as then repeated transfers with that same handle might not execute the same operation anymore! This fixes the libcurl part of #5462 Test 1633 added to verify. Closes #5499
* hostip: fix the memory-leak introduced in 67d2802Daniel Stenberg2020-06-021-6/+15
| | | | | Fixes #5503 Closes #5504
* vtls: repair the build with `CURL_DISABLE_PROXY`Saleem Abdulrasool2020-06-012-0/+16
| | | | | | | | | `http_proxy` will not be available in `conndata` if `CURL_DISABLE_PROXY` is enabled. Repair the build with that configuration. Follow-up to f3d501dc67 Closes #5498
* transfer: remove k->str NULL checkDaniel Stenberg2020-06-011-1/+1
| | | | | | | | | | "Null-checking k->str suggests that it may be null, but it has already been dereferenced on all paths leading to the check" - and it can't legally be NULL at this point. Remove check. Detected by Coverity CID 1463884 Closes #5495
* select: always use Sleep in Curl_wait_ms on Win32Marc Hoersken2020-06-011-16/+4
| | | | | | | | | | | Since Win32 almost always will also have USE_WINSOCK, we can reduce complexity and always use Sleep there. Assisted-by: Jay Satiro Reviewed-by: Daniel Stenberg Follow up to #5343 Closes #5489
* conncache: download buffer needs +1 size for trailing zeroDaniel Stenberg2020-05-311-1/+1
| | | | | Follow-up to c4e6968127e Detected by OSS-Fuzz: https://oss-fuzz.com/testcase-detail/5727799779524608
* build: disable more code/data when built without proxy supportDaniel Stenberg2020-05-3020-150/+408
| | | | | | Added build to travis to verify Closes #5466
* url: alloc the download buffer at transfer startDaniel Stenberg2020-05-308-53/+50
| | | | | | | | | | | ... and free it as soon as the transfer is done. It removes the extra alloc when a new size is set with setopt() and reduces memory for unused easy handles. In addition: the closure_handle now doesn't use an allocated buffer at all but the smallest supported size as a stack based one. Closes #5472
* timeouts: change millisecond timeouts to timediff_t from time_tDaniel Stenberg2020-05-3015-54/+45
| | | | | | | For millisecond timers we like timediff_t better. Also, time_t can be unsigned so returning a negative value doesn't work then. Closes #5479
* select: add overflow checks for timeval conversionsMarc Hoersken2020-05-301-4/+59
| | | | | | | | | | | | Using time_t and suseconds_t if suseconds_t is available, long on Windows (maybe others in the future) and int elsewhere. Also handle case of ULONG_MAX being greater or equal to INFINITE. Assisted-by: Jay Satiro Reviewed-by: Daniel Stenberg Part of #5343
* select: use timediff_t instead of time_t and int for timeout_msMarc Hoersken2020-05-302-52/+39
| | | | | | | | | | | | | Make all functions in select.[ch] take timeout_ms as timediff_t which should always be large enough and signed on all platforms to take all possible timeout values and avoid type conversions. Reviewed-by: Jay Satiro Reviewed-by: Daniel Stenberg Replaces #5107 and partially #5262 Related to #5240 and #5286 Closes #5343
* libssh2: improved error output for wrong quote syntaxDaniel Stenberg2020-05-291-4/+4
| | | | | | Reported-by: Werner Stolz Closes #5474
* urldata: fix comments: Curl_done() is called multi_done() nowDaniel Stenberg2020-05-281-2/+2
| | | | ... since 575e885db
* ngtcp2: use common key log routine for better thread-safetyPeter Wu2020-05-271-42/+12
| | | | | | | | | Tested with ngtcp2 built against the OpenSSL library. Additionally tested with MultiSSL (NSS for TLS and ngtcp2+OpenSSL for QUIC). The TLS backend (independent of QUIC) may or may not already have opened the keylog file before. Therefore Curl_tls_keylog_open is always called to ensure the file is open.
* wolfssl: add SSLKEYLOGFILE supportPeter Wu2020-05-271-0/+144
| | | | | | | | | | | | Tested following the same curl and tshark commands as in commit "vtls: Extract and simplify key log file handling from OpenSSL" using WolfSSL v4.4.0-stable-128-g5179503e8 from git master built with `./configure --enable-all --enable-debug CFLAGS=-DHAVE_SECRET_CALLBACK`. Full support for this feature requires certain wolfSSL build options, see "Availability note" in lib/vtls/wolfssl.c for details. Closes #5327
* vtls: Extract and simplify key log file handling from OpenSSLPeter Wu2020-05-274-125/+246
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Create a set of routines for TLS key log file handling to enable reuse with other TLS backends. Simplify the OpenSSL backend as follows: - Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled. - Do not perform dynamic memory allocation when preparing a log entry. Unless the TLS specifications change we can suffice with a reasonable fixed-size buffer. - Simplify state tracking when SSL_CTX_set_keylog_callback is unavailable. My original sslkeylog.c code included this tracking in order to handle multiple calls to SSL_connect and detect new keys after renegotiation (via SSL_read/SSL_write). For curl however we can be sure that a single master secret eventually becomes available after SSL_connect, so a simple flag is sufficient. An alternative to the flag is examining SSL_state(), but this seems more complex and is not pursued. Capturing keys after server renegotiation was already unsupported in curl and remains unsupported. Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f (`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`) against an OpenSSL 1.1.1f server configured with: # Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2 openssl s_server -www -tls1 # Likewise, but fail the server handshake. openssl s_server -www -tls1 -Verify 2 # TLS 1.3 test. No need to test the failing server handshake. openssl s_server -www -tls1_3 Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly written using Wireshark. For the first and third case, expect four matches per connection (decrypted Server Finished, Client Finished, HTTP Request, HTTP Response). For the second case where the handshake fails, expect a decrypted Server Finished only. tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \ -eframe.number -eframe.time -etcp.stream -e_ws.col.Info \ -dtls.port==4433,http -ohttp.desegment_body:FALSE \ -Y 'tls.handshake.verify_data or http' A single connection can easily be identified via the `tcp.stream` field.
* transfer: close connection after excess data has been readMichael Kaufmann2020-05-271-0/+1
| | | | | | | | For HTTP 1.x, it's a protocol error when the server sends more bytes than announced. If this happens, don't reuse the connection, because the start position of the next response is undefined. Closes #5440
* Revert "ssh: ignore timeouts during disconnect"Estanislau Augé-Pujadas2020-05-271-15/+12
| | | | | | | | This reverts commit f31760e63b4e9ef1eb25f8f211390f8239388515. Shipped in curl 7.54.1. Bug: https://curl.haxx.se/mail/lib-2020-05/0068.html Closes #5465
* urldata: connect related booleans live in struct ConnectBitsDaniel Stenberg2020-05-278-36/+29
| | | | | | And remove a few unused booleans! Closes #5461
* hostip: on macOS avoid DoH when given a numerical IP addressDaniel Stenberg2020-05-263-6/+18
| | | | | | | | | When USE_RESOLVE_ON_IPS is set (defined on macOS), it means that numerical IP addresses still need to get "resolved" - but not with DoH. Reported-by: Viktor Szakats Fixes #5454 Closes #5459
* ngtcp2: cleanup memory when failing to connectDaniel Stenberg2020-05-261-6/+14
| | | | | | Reported-by: Peter Wu Fixes #5447 (the ngtcp2 side of it) Closes #5451
* quiche: clean up memory properly when failing to connectDaniel Stenberg2020-05-261-8/+17
| | | | | | Addresses the quiche side of #5447 Reported-by: Peter Wu Closes #5450
* cleanup: use a single space after equals sign in assignmentsDaniel Stenberg2020-05-267-12/+12
|
* url: accept "any length" credentials for proxy authDaniel Stenberg2020-05-253-30/+14
| | | | | | | | | | | They're only limited to the maximum string input restrictions, not to 256 bytes. Added test 1178 to verify Reported-by: Will Roberts Fixes #5448 Closes #5449
* altsvc: fix parser for lines ending with CRLFDaniel Stenberg2020-05-251-3/+5
| | | | | | | | | | | | | Fixed the alt-svc parser to treat a newline as end of line. The unit tests in test 1654 were done without CRLF and thus didn't quite match the real world. Now they use CRLF as well. Reported-by: Peter Wu Assisted-by: Peter Wu Assisted-by: Jay Satiro Fixes #5445 Closes #5446
* all: fix codespell errorsViktor Szakats2020-05-256-6/+6
| | | | | | Reviewed-by: Jay Satiro Reviewed-by: Daniel Stenberg Closes https://github.com/curl/curl/pull/5452
* ngtcp2: fix build with current ngtcp2 master implementing draft 28Peter Wu2020-05-252-88/+24
| | | | | | | | Based on client.cc changes from ngtcp2. Tested with current git master, ngtcp2 commit c77d5731ce92, nghttp3 commit 65ff479d4380. Fixes #5444 Closes #5443
* copyright: updated year ranges out of syncDaniel Stenberg2020-05-246-7/+6
| | | | ... and whitelisted a few more files in the the copyright.pl script.
* setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherencyGilles Vollant2020-05-232-0/+18
| | | | Closes #5431
* Revert "sendf: make failf() use the mvsnprintf() return code"Daniel Stenberg2020-05-221-1/+2
| | | | | | | | | | This reverts commit 74623551f306990e70c7c5515b88972005604a74. Instead mark the function call with (void). Getting the return code and using it instead triggered Coverity warning CID 1463596 because snprintf() can return a negative value... Closes #5441
* sha256: move assign to the declaration lineDaniel Stenberg2020-05-191-2/+1
| | | | Follow-up to fae30656. Should've been squashed with that commit...
* sha256: fixed potentially uninitialized variableSiva Sivaraman2020-05-191-0/+1
| | | | Closes #5414
* sendf: make failf() use the mvsnprintf() return codeDaniel Stenberg2020-05-191-2/+1
| | | | | | | | ... and avoid a strlen() call. Fixes a MonocleAI warning. Reported-by: MonocleAI Fixes #5413 Closes #5420
* hostip: make Curl_printable_address not return anythingDaniel Stenberg2020-05-195-41/+31
| | | | | | | | | It was not used much anyway and instead we let it store a blank buffer in case of failure. Reported-by: MonocleAI Fixes #5411 Closes #5418
* ftp: mark return-ignoring calls to Curl_GetFTPResponse with (void)Daniel Stenberg2020-05-191-2/+2
| | | | | | | They're done on purpose, make that visible in the code. Reported-by: MonocleAI Fixes #5412 Closes #549
View Lorry Controller Status