summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* all: Refactor malloc+memset to use callocDaniel Gustafsson2018-04-158-33/+12
| | | | | | | | | | When a zeroed out allocation is required, use calloc() rather than malloc() followed by an explicit memset(). The result will be the same, but using calloc() everywhere increases consistency in the codebase and avoids the risk of subtle bugs when code is injected between malloc and memset by accident. Closes https://github.com/curl/curl/pull/2497
* duphandle: make sure CURLOPT_RESOLVE is duplicated fine tooDaniel Stenberg2018-04-121-0/+3
| | | | | | | | Verified in test 1502 now Fixes #2485 Closes #2486 Reported-by: Ernst Sjöstrand
* proxy: show getenv proxy use in verbose outputDaniel Stenberg2018-04-111-7/+19
| | | | | | | | | ... to aid debugging etc as it sometimes isn't immediately obvious why curl uses or doesn't use a proxy. Inspired by #2477 Closes #2480
* lib: silence null-dereference warningsMarcel Raad2018-04-092-4/+0
| | | | | | | | | | In debug mode, MingGW-w64's GCC 7.3 issues null-dereference warnings when dereferencing pointers after DEBUGASSERT-ing that they are not NULL. Fix this by removing the DEBUGASSERTs. Suggested-by: Daniel Stenberg Ref: https://github.com/curl/curl/pull/2463
* build: cleanup to fix clang warnings/errorsDaniel Stenberg2018-04-082-10/+7
| | | | | | | | | | unit1309 and vtls/gtls: error: arithmetic on a null pointer treated as a cast from integer to pointer is a GNU extension Reported-by: Rikard Falkeborn Fixes #2466 Closes #2468
* curl_setup: provide a CURL_SA_FAMILY_T type if none existsDaniel Stenberg2018-04-073-4/+9
| | | | | | | ... and use this type instead of 'sa_family_t' in the code since several platforms don't have it. Closes #2463
* build: add picky compiler warning flags for gcc 6 and 7Eric Gallager2018-04-074-5/+8
|
* hash: calculate sizes with size_t instead of longsDaniel Stenberg2018-04-062-5/+5
| | | | | | ... since they return size_t anyway! closes #2462
* FTP: allow PASV on IPv6 connections when a proxy is being usedLaurie Clark-Michalek2018-04-061-1/+1
| | | | | | | | | | | | In the situation of a client connecting to an FTP server using an IPv6 tunnel proxy, the connection info will indicate that the connection is IPv6. However, because the server behing the proxy is IPv4, it is permissable to attempt PSV mode. In the case of the FTP server being IPv4 only, EPSV will always fail, and with the current logic curl will be unable to connect to the server, as the IPv6 fwdproxy causes curl to think that EPSV is impossible. Closes #2432
* file: restore old behavior for file:////foo/bar URLsJon DeVree2018-04-061-28/+0
| | | | | | | | | | | | | | | | | | | | | curl 7.57.0 and up interpret this according to Appendix E.3.2 of RFC 8089 but then returns an error saying this is unimplemented. This is actually a regression in behavior on both Windows and Unix. Before curl 7.57.0 this URL was treated as a path of "//foo/bar" and then passed to the relevant OS API. This means that the behavior of this case is actually OS dependent. The Unix path resolution rules say that the OS must handle swallowing the extra "/" and so this path is the same as "/foo/bar" The Windows path resolution rules say that this is a UNC path and automatically handles the SMB access for the program. So curl on Windows was already doing Appendix E.3.2 without any special code in curl. Regression Closes #2438
* Revert "openssl: Don't add verify locations when verifypeer==0"Gaurav Malhotra2018-04-061-15/+16
| | | | | | | | | | | | | This reverts commit dc85437736e1fc90e689bb1f6c51c8f1aa9430eb. libcurl (with the OpenSSL backend) performs server certificate verification even if verifypeer == 0 and the verification result is available using CURLINFO_SSL_VERIFYRESULT. The commit that is being reverted caused the CURLINFO_SSL_VERIFYRESULT to not have useful information for the verifypeer == 0 use case (it would always have X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY). Closes #2451
* tls: fix mbedTLS 2.7.0 build + handle sha256 failuresWyatt O'Day2018-04-0610-10/+29
| | | | | | (mbedtls 2.70 compiled with MBEDTLS_DEPRECATED_REMOVED) Closes #2453
* cookie: case-insensitive hashing for the domainsLauri Kasanen2018-04-061-2/+17
| | | | closes #2458
* cookie: fix and optimize 2nd top level domain name extractionPatrick Monnerat2018-04-041-10/+7
| | | | | | | | | | | This fixes a segfault occurring when a name of the (invalid) form "domain..tld" is processed. test46 updated to cover this case. Follow-up to commit c990ead. Ref: https://github.com/curl/curl/pull/2440
* openssl: provide defines for argument typecasts to build warning-freeDaniel Stenberg2018-04-041-1/+9
| | | | ... as OpenSSL >= 1.1.0 and libressl >= 2.7.0 use different argument types.
* openssl: fix build with LibreSSL 2.7Bernard Spil2018-04-041-6/+9
| | | | | | | | | | - LibreSSL 2.7 implements (most of) OpenSSL 1.1 API Fixes #2319 Closes #2447 Closes #2448 Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
* cookie: store cookies per top-level-domain-specific hash tableLauri Kasanen2018-04-022-87/+157
| | | | | | This makes libcurl handle thousands of cookies much better and speedier. Closes #2440
* cookies: when reading from a file, only remove_expired onceLauri Kasanen2018-04-024-6/+12
| | | | | | This drops the cookie load time for 8k cookies from 178ms to 15ms. Closes #2441
* threaded resolver: track resolver time and set suitable timeout valuesDaniel Stenberg2018-03-241-28/+39
| | | | | | | | | | In order to make curl_multi_timeout() return suitable "sleep" times even when there's no socket to wait for while the name is being resolved in a helper thread. It will increases the timeouts as time passes. Closes #2419
* openldap: fix for NULL return from ldap_get_attribute_ber()Howard Chu2018-03-231-1/+22
| | | | Closes #2399
* timeval: remove compilation warning by casting (#2417)Sergei Nikulov2018-03-221-1/+1
| | | This is fixes #2358
* http2: read pending frames (including GOAWAY) in connection-checkDaniel Stenberg2018-03-221-13/+41
| | | | | | | | | | If a connection has received a GOAWAY frame while not being used, the function now reads frames off the connection before trying to reuse it to avoid reusing connections the server has told us not to use. Reported-by: Alex Baines Fixes #1967 Closes #2402
* vauth/cleartext: fix integer overflow checkDaniel Stenberg2018-03-203-20/+14
| | | | | | | | Make the integer overflow check not rely on the undefined behavior that a size_t wraps around on overflow. Detected by lgtm.com Closes #2408
* lib/curl_path.h: add #ifdef header guardDaniel Stenberg2018-03-201-1/+4
| | | | Detected by lgtm.com
* vauth/ntlm.h: fix the #ifdef header guardDaniel Stenberg2018-03-201-4/+4
| | | | Detected by lgtm.com
* parsedate: support UT timezoneNikos Tsipinakis2018-03-191-0/+1
| | | | | | | RFC822 section 5.2 mentions Universal Time, 'UT', to be synonymous with GMT. Closes #2401
* cmake: add support for brotliDon2018-03-191-0/+3
| | | | | | | | Currently CMake cannot detect Brotli support. This adds detection of the libraries and associated header files. It also adds this to the generated config. Closes #2392
* darwinssl: fix iOS buildChris Araman2018-03-181-0/+2
|
* resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSESRick Deist2018-03-174-2/+90
| | | | | | | | | | | This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request shuffling of IP addresses returned for a hostname when there is more than one. This is useful when the application knows that a round robin approach is appropriate and is willing to accept the consequences of potentially discarding some preference order returned by the system's implementation. Closes #1694
* add_handle/easy_perform: clear errorbuffer on start if setDaniel Stenberg2018-03-172-0/+6
| | | | | | | | | | To offer applications a more defined behavior, we clear the buffer as early as possible. Assisted-by: Jay Satiro Fixes #2190 Closes #2377
* CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocolLawrence Matthews2018-03-173-0/+59
| | | | | | Add --haproxy-protocol for the command line tool Closes #2162
* multi: improved pending transfers handling => improved performanceDaniel Stenberg2018-03-162-27/+21
| | | | | | | | | | | | | | | | When a transfer is requested to get done and it is put in the pending queue when limited by number of connections, total or per-host, libcurl would previously very aggressively retry *ALL* pending transfers to get them transferring. That was very time consuming. By reducing the aggressiveness in how pending are being retried, we waste MUCH less time on putting transfers back into pending again. Some test cases got a factor 30(!) speed improvement with this change. Reported-by: Cyril B Fixes #2369 Closes #2383
* pause: when changing pause state, update socket stateDaniel Stenberg2018-03-163-1/+12
| | | | | | | | | | | | Especially unpausing a transfer might have to move the socket back to the "currently used sockets" hash to get monitored. Otherwise it would never get any more data and get stuck. Easily triggered with pausing using the multi_socket API. Reported-by: Philip Prindeville Bug: https://curl.haxx.se/mail/lib-2018-03/0048.html Fixes #2393 Closes #2391
* rate-limit: use three second window to better handle high speedsDaniel Stenberg2018-03-163-44/+62
| | | | | | | | | | | | | | | Due to very frequent updates of the rate limit "window", it could attempt to rate limit within the same milliseconds and that then made the calculations wrong, leading to it not behaving correctly on very fast transfers. This new logic updates the rate limit "window" to be no shorter than the last three seconds and only updating the timestamps for this when switching between the states TOOFAST/PERFORM. Reported-by: 刘佩东 Fixes #2386 Closes #2388
* cleanup: misc typos in strings and commentsluz.paz2018-03-165-5/+5
| | | | | | Found via `codespell` Closes #2389
* http2: fixes typoKobi Gurkan2018-03-151-1/+1
| | | | Closes #2387
* transfer: make HTTP without headers count correct body sizeDaniel Stenberg2018-03-151-1/+1
| | | | | | | | This is what "HTTP/0.9" basically looks like. Reported on IRC Closes #2382
* FTP: fix typo in recursive callback detection for seekingdasimx2018-03-141-1/+1
| | | | Fixes #2380
* Revert "hostip: fix compiler warning: 'variable set but not used'"Daniel Stenberg2018-03-121-1/+1
| | | | | | | This reverts commit a577059f92fc65bd6b81717f0737f897a5b34248. The assignment really needs to be there or we risk working with an uninitialized pointer.
* limit-rate: fix compiler warningMichael Kaufmann2018-03-121-1/+1
| | | | follow-up to 72a0f62
* checksrc.pl: add -i and -m optionsViktor Szakats2018-03-121-6/+18
| | | | | To sync it with changes made for the libssh2 project. Also cleanup some whitespace.
* http2: mark the connection for close on GOAWAYDaniel Stenberg2018-03-123-21/+26
| | | | | | | | | ... don't consider it an error! Assisted-by: Jay Satiro Reported-by: Łukasz Domeradzki Fixes #2365 Closes #2375
* openldap: white space changes, fixed up the copyright yearsDaniel Stenberg2018-03-121-18/+19
|
* openldap: check ldap_get_attribute_ber() results for NULL before usingDaniel Stenberg2018-03-121-4/+4
| | | | | | CVE-2018-1000121 Reported-by: Dario Weisser Bug: https://curl.haxx.se/docs/adv_2018-97a2.html
* FTP: reject path components with control codesDaniel Stenberg2018-03-121-4/+4
| | | | | | | | | | | | | | | Refuse to operate when given path components featuring byte values lower than 32. Previously, inserting a %00 sequence early in the directory part when using the 'singlecwd' ftp method could make curl write a zero byte outside of the allocated buffer. Test case 340 verifies. CVE-2018-1000120 Reported-by: Duy Phan Thanh Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
* readwrite: make sure excess reads don't go beyond buffer endDaniel Stenberg2018-03-121-2/+7
| | | | | | | CVE-2018-1000122 Bug: https://curl.haxx.se/docs/adv_2018-b047.html Detected by OSS-fuzz
* limit-rate: kick in even before "limit" data has been receivedDaniel Stenberg2018-03-112-23/+29
| | | | | | | | ... and make sure to avoid integer overflows with really large values. Reported-by: 刘佩东 Fixes #2371 Closes #2373
* Curl_range: fix FTP-only and FILE-only buildsMichael Kaufmann2018-03-111-1/+1
| | | | follow-up to e04417d
* hostip: fix compiler warning: 'variable set but not used'Michael Kaufmann2018-03-111-1/+1
|
* HTTP: allow "header;" to replace an internal header with a blank oneDaniel Stenberg2018-03-115-85/+93
| | | | | | Reported-by: Michael Kaufmann Fixes #2357 Closes #2362
View Lorry Controller Status