summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* schannel: restore some debug output but only for debug buildsJay Satiro2019-02-121-1/+6
| | | | | | | Follow-up to 84c10dc from earlier today which wrapped a lot of the noisy debug output in DEBUGF but omitted a few lines. Ref: https://github.com/curl/curl/commit/84c10dc#r32292900
* mime: put the boundary buffer into the curl_mime structDaniel Stenberg2019-02-122-14/+7
| | | | | | | ... instead of allocating it separately and point to it. It is fixed-size and always used for each part. Closes #3561
* schannel: be quietDaniel Stenberg2019-02-121-63/+77
| | | | | | | | | Convert numerous infof() calls into debug-build only messages since they are annoyingly verbose for regular applications. Removed a few. Bug: https://curl.haxx.se/mail/lib-2019-02/0027.html Reported-by: Volker Schmid Closes #3552
* Curl_resolv: fix a gcc -Werror=maybe-uninitialized warningRomain Geissler2019-02-121-1/+1
| | | | Closes #3562
* http2: multi_connchanged() moved from multi.c, only used for h2Daniel Stenberg2019-02-122-13/+14
| | | | Closes #3557
* pretransfer: don't strlen() POSTFIELDS set for GET requestsDaniel Stenberg2019-02-122-2/+4
| | | | | | | | ... since that data won't be used in the request anyway. Fixes #3548 Reported-by: Renaud Allard Close #3549
* multi: remove verbose "Expire in" ... messagesDaniel Stenberg2019-02-121-3/+0
| | | | | | Reported-by: James Brown Bug: https://curl.haxx.se/mail/archive-2019-02/0013.html Closes #3558
* mbedtls: make it build even if MBEDTLS_VERSION_C isn't setDaniel Stenberg2019-02-121-0/+5
| | | | | | Reported-by: MAntoniak on github Fixes #3553 Closes #3556
* non-ascii.c: fix typos in commentsDaniel Gustafsson2019-02-121-2/+2
| | | | Fix two occurrences of s/convers/converts/ spotted while reading code.
* fnmatch: disable if FTP is disabledDaniel Stenberg2019-02-121-2/+4
| | | | Closes #3551
* curl_path: only enabled for SSH buildsDaniel Stenberg2019-02-121-1/+5
|
* dns: release sharelock as soon as possibleDaniel Gustafsson2019-02-111-4/+4
| | | | | | | | | | There is no benefit to holding the data sharelock when freeing the addrinfo in case it fails, so ensure releaseing it as soon as we can rather than holding on to it. This also aligns the code with other consumers of sharelocks. Closes #3516 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* multi: (void)-prefix when ignoring return valuesDaniel Stenberg2019-02-111-4/+7
| | | | | ... and added braces to two function calls which fixes warnings if they are replace by empty macros at build-time.
* connection_check: set ->data to the transfer doing the checkDaniel Stenberg2019-02-111-0/+1
| | | | | | | | | The http2 code for connection checking needs a transfer to use. Make sure a working one is set before handler->connection_check() is called. Reported-by: jnbr on github Fixes #3541 Closes #3547
* hostip: make create_hostcache_id avoid alloc + freeDaniel Stenberg2019-02-111-69/+24
| | | | Closes #3544
* cleanup: make local functions staticDaniel Stenberg2019-02-1019-153/+85
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | urlapi: turn three local-only functions into statics conncache: make conncache_find_first_connection static multi: make detach_connnection static connect: make getaddressinfo static curl_ntlm_core: make hmac_md5 static http2: make two functions static http: make http_setup_conn static connect: make tcpnodelay static tests: make UNITTEST a thing to mark functions with, so they can be static for normal builds and non-static for unit test builds ... and mark Curl_shuffle_addr accordingly. url: make up_free static setopt: make vsetopt static curl_endian: make write32_le static rtsp: make rtsp_connisdead static warnless: remove unused functions memdebug: remove one unused function, made another static
* url/idnconvert: remove scan for <= 32 ascii valuesDaniel Stenberg2019-02-091-9/+0
| | | | | | | The check was added back in fa939220df before the URL parser would catch these problems and therefore these will never trigger now. Closes #3539
* urlapi: reduce variable scope, remove unreachable 'break'Daniel Stenberg2019-02-091-10/+10
| | | | | | Both nits pointed out by codacy.com Closes #3540
* url: close TLS before removing conn from cacheChris Araman2019-02-062-9/+8
| | | | | | | | | | | | - Fix potential crashes in schannel shutdown. Ensure any TLS shutdown messages are sent before removing the association between the connection and the easy handle. Reverts @bagder's previous partial fix for #3412. Fixes https://github.com/curl/curl/issues/3412 Fixes https://github.com/curl/curl/issues/3505 Closes https://github.com/curl/curl/pull/3531
* smtp: avoid risk of buffer overflow in strtolDaniel Gustafsson2019-02-041-2/+6
| | | | | | | | | | | If the incoming len 5, but the buffer does not have a termination after 5 bytes, the strtol() call may keep reading through the line buffer until is exceeds its boundary. Fix by ensuring that we are using a bounded read with a temporary buffer on the stack. Bug: https://curl.haxx.se/docs/CVE-2019-3823.html Reported-by: Brian Carpenter (Geeknik Labs) CVE-2019-3823
* ntlm: fix *_type3_message size check to avoid buffer overflowDaniel Stenberg2019-02-041-4/+7
| | | | | | Bug: https://curl.haxx.se/docs/CVE-2019-3822.html Reported-by: Wenxiang Qian CVE-2019-3822
* NTLM: fix size check condition for type2 received dataDaniel Stenberg2019-02-041-3/+4
| | | | | | Bug: https://curl.haxx.se/docs/CVE-2018-16890.html Reported-by: Wenxiang Qian CVE-2018-16890
* spnego_sspi: add support for channel bindinggeorgeok2019-02-015-8/+49
| | | | | | | | | | Attempt to add support for Secure Channel binding when negotiate authentication is used. The problem to solve is that by default IIS accepts channel binding and curl doesn't utilise them. The result was a 401 response. Scope affects only the Schannel(winssl)-SSPI combination. Fixes https://github.com/curl/curl/issues/3503 Closes https://github.com/curl/curl/pull/3509
* schannel: stop calling it "winssl"Daniel Stenberg2019-02-012-16/+16
| | | | | | | | Stick to "Schannel" everywhere. The configure option --with-winssl is kept to allow existing builds to work but --with-schannel is added as an alias. Closes #3504
* multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE timeDaniel Stenberg2019-02-012-6/+6
| | | | | | | | | To make sure Curl_timeleft() also thinks the timeout has been reached when one of the EXPIRE_*TIMEOUTs expires. Bug: https://curl.haxx.se/mail/lib-2019-01/0073.html Reported-by: Zhao Yisha Closes #3501
* sigpipe: if mbedTLS is used, ignore SIGPIPEJeremie Rapin2019-01-281-2/+3
| | | | | | | | | | mbedTLS doesn't have a sigpipe management. If a write/read occurs when the remote closes the socket, the signal is raised and kills the application. Use the curl mecanisms fix this behavior. Signed-off-by: Jeremie Rapin <j.rapin@overkiz.com> Closes #3502
* timeval: Disable MSVC Analyzer GetTickCount warningMichael Kujawa2019-01-281-0/+9
| | | | | | | | | | | Compiling with msvc /analyze and a recent Windows SDK warns against using GetTickCount (Suggests to use GetTickCount64 instead.) Since GetTickCount is only being used when GetTickCount64 isn't available, I am disabling that warning. Fixes https://github.com/curl/curl/issues/3437 Closes https://github.com/curl/curl/pull/3440
* configure: rewrite --enable-code-coverageDaniel Stenberg2019-01-261-5/+1
| | | | | | | | | The previously used ax_code_coverage.m4 is not license compatible and must not be used. Reported-by: William A. Rowe Jr Fixes #3497 Closes #3499
* setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libsshFelix Hädicke2019-01-241-2/+1
| | | | | | | | | CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION are supported for libssh as well. So accepting these options only when compiling with libssh2 is wrong here. Fixes #3493 Closes #3494
* libssh: do not let libssh create socketFelix Hädicke2019-01-241-1/+5
| | | | | | | | | | | | | | | | By default, libssh creates a new socket, instead of using the socket created by curl for SSH connections. Pass the socket created by curl to libssh using ssh_options_set() with SSH_OPTIONS_FD directly after ssh_new(). So libssh uses our socket instead of creating a new one. This approach is very similar to what is done in the libssh2 code, where the socket created by curl is passed to libssh2 when libssh2_session_startup() is called. Fixes #3491 Closes #3495
* schannel: preserve original certificate path parameterArchangel_SDY2019-01-211-3/+10
| | | | | Fixes #3480 Closes #3487
* memcmp: avoid doing single char memcmpDaniel Gustafsson2019-01-202-5/+5
| | | | | | | | | | There is no real gain in performing memcmp() comparisons on single characters, so change these to array subscript inspections which saves a call and makes the code clearer. Closes #3486 Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
* ntlm_sspi: add support for channel bindinggeorgeok2019-01-193-8/+51
| | | | | | | | | Windows extended potection (aka ssl channel binding) is required to login to ntlm IIS endpoint, otherwise the server returns 401 responses. Fixes #3280 Closes #3321
* schannel: on connection close there might not be a transferDaniel Stenberg2019-01-181-3/+10
| | | | | | Reported-by: Marcel Raad Fixes #3412 Closes #3483
* ssh: log the libssh2 error message when ssh session startup failsJDepooter2019-01-171-1/+4
| | | | | | | | | | When a ssh session startup fails, it is useful to know why it has failed. This commit changes the message from: "Failure establishing ssh session" to something like this, for example: "Failure establishing ssh session: -5, Unable to exchange encryption keys" Closes #3481
* openssl: fix the SSL_get_tlsext_status_ocsp_resp callDaniel Stenberg2019-01-161-3/+4
| | | | | | | | | .... to not pass in a const in the second argument as that's not how it is supposed to be used and might cause compiler warnings. Reported-by: Pavel Pavlov Fixes #3477 Closes #3478
* extract_if_dead: follow-up to 54b201b48c90aDaniel Stenberg2019-01-151-2/+1
| | | | | | | | | | extract_if_dead() dead is called from two functions, and only one of them should get conn->data updated and now neither call path clears it. scan-build found a case where conn->data would be NULL dereferenced in ConnectionExists() otherwise. Closes #3473
* multi: remove "Dead assignment"Daniel Stenberg2019-01-151-2/+0
| | | | | | Found by scan-build. Follow-up to 4c35574bb785ce. Closes #3471
* tests: move objnames-* from lib into testsDaniel Stenberg2019-01-154-543/+1
| | | | | | | Since they're used purely for testing purposes, I think they should rather be stored there. Closes #3470
* cookie: fix comment typo (url_path_len -> uri_path_len)Frank Gevaerts2019-01-141-1/+1
| | | | Closes #3469
* extract_if_dead: use a known working transfer when checking connectionsDaniel Stenberg2019-01-131-2/+2
| | | | | | | | | | | | | Make sure that this function sets a proper "live" transfer for the connection before calling the protocol-specific connection check function, and then clear it again afterward as a non-used connection has no current transfer. Reported-by: Jeroen Ooms Reviewed-by: Marcel Raad Reviewed-by: Daniel Gustafsson Fixes #3463 Closes #3464
* openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecatedDaniel Stenberg2019-01-131-2/+7
| | | | | | OpenSSL_version() replaces OpenSSL_version_num() Closes #3462
* urldata: rename easy_conn to just connDaniel Stenberg2019-01-1114-200/+195
| | | | | | | | | | | | | | | We use "conn" everywhere to be a pointer to the connection. Introduces two functions that "attaches" and "detaches" the connection to and from the transfer. Going forward, we should favour using "data->conn" (since a transfer always only has a single connection or none at all) to "conn->data" (since a connection can have none, one or many transfers associated with it and updating conn->data to be correct is error prone and a frequent reason for internal issues). Closes #3442
* cookies: allow secure override when done over HTTPSDaniel Stenberg2019-01-101-2/+2
| | | | | | | | Added test 1562 to verify. Reported-by: Jeroen Ooms Fixes #3445 Closes #3450
* multi: multiplexing improvementsDaniel Stenberg2019-01-102-104/+136
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #3436 Closes #3448 Problem 1 After LOTS of scratching my head, I eventually realized that even when doing 10 uploads in parallel, sometimes the socket callback to the application that tells it what to wait for on the socket, looked like it would reflect the status of just the single transfer that just changed state. Digging into the code revealed that this was indeed the truth. When multiple transfers are using the same connection, the application did not correctly get the *combined* flags for all transfers which then could make it switch to READ (only) when in fact most transfers wanted to get told when the socket was WRITEABLE. Problem 1b A separate but related regression had also been introduced by me when I cleared connection/transfer association better a while ago, as now the logic couldn't find the connection and see if that was marked as used by more transfers and then it would also prematurely remove the socket from the socket hash table even in times other transfers were still using it! Fix 1 Make sure that each socket stored in the socket hash has a "combined" action field of what to ask the application to wait for, that is potentially the ORed action of multiple parallel transfers. And remove that socket hash entry only if there are no transfers left using it. Problem 2 The socket hash entry stored an association to a single transfer using that socket - and when curl_multi_socket_action() was called to tell libcurl about activities on that specific socket only that transfer was "handled". This was WRONG, as a single socket/connection can be used by numerous parallel transfers and not necessarily a single one. Fix 2 We now store a list of handles in the socket hashtable entry and when libcurl is told there's traffic for a particular socket, it now iterates over all known transfers using that single socket.
* cookies: skip custom cookies when redirecting cross-siteKatsuhiko YOSHIDA2019-01-091-1/+2
| | | | Closes #3417
* timediff: fix math for unsigned time_tDaniel Stenberg2019-01-091-3/+3
| | | | | | Bug: https://curl.haxx.se/mail/lib-2018-12/0088.html Closes #3449
* curl_multi_remove_handle() don't block terminating c-ares requestsBrad Spencer2019-01-074-17/+61
| | | | | | | | | Added Curl_resolver_kill() for all three resolver modes, which only blocks when necessary, along with test 1592 to confirm curl_multi_remove_handle() doesn't block unless it must. Closes #3428 Fixes #3371
* Revert "http_negotiate: do not close connection until negotiation is completed"Daniel Stenberg2019-01-072-10/+3
| | | | | | | | | This reverts commit 07ebaf837843124ee670e5b8c218b80b92e06e47. This also reopens PR #3275 which brought the change now reverted. Fixes #3384 Closes #3439
* schannel: fix compiler warningMarcel Raad2019-01-061-3/+3
| | | | | | | | | When building with Unicode on MSVC, the compiler warns about freeing a pointer to const in Curl_unicodefree. Fix this by declaring it as non-const and casting the argument to Curl_convert_UTF8_to_tchar to non-const too, like we do in all other places. Closes https://github.com/curl/curl/pull/3435