summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* digest_sspi: Don't reuse context if the user/passwd has changedJay Satiro2017-08-102-0/+45
| | | | | | | | | Bug: https://github.com/curl/curl/issues/1685 Reported-by: paulharris@users.noreply.github.com Assisted-by: Isaac Boukris Closes https://github.com/curl/curl/pull/1742
* docs/comments: Update to secure URL versionsViktor Szakats2017-08-081-1/+1
| | | | Closes #1741
* tftp: reject file name lengths that don't fitDaniel Stenberg2017-08-071-1/+6
| | | | | | | | | | | | ... and thereby avoid telling send() to send off more bytes than the size of the buffer! CVE-2017-1000100 Bug: https://curl.haxx.se/docs/adv_20170809B.html Reported-by: Even Rouault Credit to OSS-Fuzz for the discovery
* file: output the correct buffer to the userEven Rouault2017-08-071-1/+1
| | | | | | | | | | Regression brought by 7c312f84ea930d8 (April 2017) CVE-2017-1000099 Bug: https://curl.haxx.se/docs/adv_20170809C.html Credit to OSS-Fuzz for the discovery
* easy_events: make event data staticDaniel Stenberg2017-08-061-1/+3
| | | | | | | | | | | | First: this function is only used in debug-builds and not in release/real builds. It is used to drive tests using the event-based API. A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the CURLMOPT_TIMERFUNCTION calback can in fact be called even after this funtion returns, namely when curl_multi_remove_handle() is called. Reported-by: Brian Carpenter
* gssapi: fix memory leak of output token in multi round contextIsaac Boukris2017-08-051-0/+4
| | | | | | | | | | When multiple rounds are needed to establish a security context (usually ntlm), we overwrite old token with a new one without free. Found by proposed gss tests using stub a gss implementation (by valgrind error), though I have confirmed the leak with a real gssapi implementation as well. Closes https://github.com/curl/curl/pull/1733
* darwinssl: fix compiler warningMarcel Raad2017-08-051-1/+1
| | | | | | | | | | | clang complains: vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive [-Werror,-Wextra-tokens] This breaks the darwinssl build on Travis. Fix it by making this token a comment. Closes https://github.com/curl/curl/pull/1734
* FTP: skip unnecessary CWD when in nocwd modeDaniel Stenberg2017-08-042-11/+15
| | | | | | ... when reusing a connection. If it didn't do any CWD previously. Fixes #1718
* darwin: silence compiler warningsDaniel Stenberg2017-08-041-2/+12
| | | | | | With a clang pragma and three type fixes Fixes #1722
* darwinssl: fix curlssl_sha256sum() compiler warnings on first argumentDaniel Stenberg2017-08-032-7/+8
|
* netrc: skip lines starting with '#'Gisle Vanem2017-08-031-1/+4
| | | | Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html
* CMake: set MSVC warning level to 4Marcel Raad2017-08-031-0/+1
| | | | | | | | | | | The MSVC warning level defaults to 3 in CMake. Change it to 4, which is consistent with the Visual Studio and NMake builds. Disable level 4 warning C4127 for the library and additionally C4306 for the test servers to get a clean CURL_WERROR build as that warning is raised in some macros in older Visual Studio versions. Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794 Closes https://github.com/curl/curl/pull/1711
* curl_threads: fix MSVC compiler warningMarcel Raad2017-08-011-1/+1
| | | | | | | | | | | Use LongToHandle to convert from long to HANDLE in the Win32 implementation. This should fix the following warning when compiling with MSVC 11 (2012) in 64-bit mode: lib\curl_threads.c(113): warning C4306: 'type cast' : conversion from 'long' to 'HANDLE' of greater size Closes https://github.com/curl/curl/pull/1717
* multi: fix request timer managementBrad Spencer2017-08-011-14/+13
| | | | | | | | | | | | | There are some bugs in how timers are managed for a single easy handle that causes the wrong "next timeout" value to be reported to the application when a new minimum needs to be recomputed and that new minimum should be an existing timer that isn't currently set for the easy handle. When the application drives a set of easy handles via the `curl_multi_socket_action()` API (for example), it gets told to wait the wrong amount of time before the next call, which causes requests to linger for a long time (or, it is my guess, possibly forever). Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html
* curl_setup: Define CURL_NO_OLDIES for building libcurlJay Satiro2017-08-011-0/+4
| | | | | | .. to catch accidental use of deprecated error codes. Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237
* http: fix response code parser to avoid integer overflowDaniel Stenberg2017-07-311-4/+11
| | | | | | | | test 1429 and 1433 were updated to work with the stricter HTTP status line parser. Closes #1714 Reported-by: Brian Carpenter
* libcurl: Stop using error codes defined under CURL_NO_OLDIESDwarakanath Yadavalli2017-07-312-2/+2
| | | | | Fixes https://github.com/curl/curl/issues/1688 Closes https://github.com/curl/curl/pull/1712
* splay: fix signed/unsigned mismatch warningJay Satiro2017-07-291-2/+2
| | | | | | Follow-up to 4dee50b. Ref: https://github.com/curl/curl/pull/1693
* curl_rtmp: fix a compiler warningJohannes Schindelin2017-07-281-1/+1
| | | | | | | | | The headers of librtmp declare the socket as `int`, and on Windows, that disagrees with curl_socket_t. Bug: #1652 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* timeval: struct curltime is a struct timeval replacementDaniel Stenberg2017-07-2824-115/+136
| | | | | | | | | ... to make all libcurl internals able to use the same data types for the struct members. The timeval struct differs subtly on several platforms so it makes it cumbersome to use everywhere. Ref: #1652 Closes #1693
* darwinssl: fix variable type mistake (regression)Daniel Stenberg2017-07-271-1/+2
| | | | | | | | ... which made --tlsv1.2 not work because it would blank the max tls version variable. Reported-by: Nick Miyake Bug: #1703
* multi: mention integer overflow risk if using > 500 million socketsDaniel Stenberg2017-07-271-0/+4
| | | | | | | Reported-by: ovidiu-benea@users.noreply.github.com Closes #1675 Closes #1683
* checksrc: escape open brace in regexDaniel Stenberg2017-07-271-2/+2
| | | | ... to silence warning.
* nss: fix a possible use-after-free in SelectClientCert()Kamil Dudka2017-07-201-0/+8
| | | | | | | | | | ... causing a SIGSEGV in showit() in case the handle used to initiate the connection has already been freed. This commit fixes a bug introduced in curl-7_19_5-204-g5f0cae803. Reported-by: Rob Sanders Bug: https://bugzilla.redhat.com/1436158
* nss: unify the coding style of nss_send() and nss_recv()Kamil Dudka2017-07-201-6/+11
| | | | No changes in behavior intended by this commit.
* darwinssl: fix pinnedpubkey build errorJay Satiro2017-07-171-1/+1
| | | | | | | - s/SessionHandle/Curl_easy/ Bug: https://github.com/curl/curl/commit/eb16305#commitcomment-23035670 Reported-by: Gisle Vanem
* build: remove WIN32_LEAN_AND_MEAN from individual build systemsMarcel Raad2017-07-111-3/+0
| | | | | | | | It's defined for all build systems in curl_setup.h since commit beb08481d01a07a8b10938b1078a5e298b1c2912. This caused macro redefinition warnings in the configure builds. Closes https://github.com/curl/curl/pull/1677
* curl_setup: always define WIN32_LEAN_AND_MEAN on WindowsMarcel Raad2017-07-111-3/+11
| | | | | | | | | Make sure to always define WIN32_LEAN_AND_MEAN before including any Windows headers to avoid pulling in unnecessary headers. This avoids unnecessary macro clashes and compiler warnings. Ref: https://github.com/curl/curl/issues/1562 Closes https://github.com/curl/curl/pull/1672
* strerror: Preserve Windows error code in some functionsJay Satiro2017-07-111-25/+42
| | | | | | | | | | | This is a follow-up to af02162 which removed (SET_)ERRNO macros. That commit was an earlier draft that I committed by mistake, which was then remedied by a5834e5 and e909de6, and now this commit. With this commit there is now no difference between the current code and the changes that were approved in the final draft. Thanks-to: Max Dymond, Marcel Raad, Daniel Stenberg, Gisle Vanem Ref: https://github.com/curl/curl/pull/1589
* errno: fix non-windows builds after af0216251b94e7Daniel Stenberg2017-07-102-6/+8
|
* ldap: fix MinGW compiler warningMarcel Raad2017-07-101-2/+1
| | | | | | | | | | ldap_bind_s is marked as deprecated in w32api's winldap.h shipping with the latest original MinGW, resulting in compiler warnings since commit f0fe66f13c93d3d0af45d9fb1231c9164e0f9dc8. Fix this for the non-SSPI case by using ldap_simple_bind_s again instead of ldap_bind_s with LDAP_AUTH_SIMPLE. Closes https://github.com/curl/curl/pull/1664
* curl_setup_once: Remove ERRNO/SET_ERRNO macrosJay Satiro2017-07-1012-90/+73
| | | | | | | | | | | | Prior to this change (SET_)ERRNO mapped to GetLastError/SetLastError for Win32 and regular errno otherwise. I reviewed the code and found no justifiable reason for conflating errno on WIN32 with GetLastError/SetLastError. All Win32 CRTs support errno, and any Win32 multithreaded CRT supports thread-local errno. Fixes https://github.com/curl/curl/issues/895 Closes https://github.com/curl/curl/pull/1589
* smb: rename variable to fix shadowing warningMarcel Raad2017-07-091-5/+5
| | | | | | | | | GCC 4.6.3 on travis complains: smb.c: In function ‘get_posix_time’: smb.c:725:13: error: declaration of ‘time’ shadows a global declaration [-Werror=shadow] Fix this by renaming the variable.
* cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVCPaul Harris2017-07-071-0/+7
| | | | | | Removes BUILD_RELEASE_DEBUG_DIRS since it wasn't used anywhere. Closes #1649
* memdebug: don't setbuf() if the file open failedGisle Vanem2017-07-061-1/+2
| | | | Bug: https://github.com/curl/curl/issues/828#issuecomment-313475151
* asyn-thread.c: fix unused variable warnings on macOSDaniel Stenberg2017-07-061-13/+14
|
* http: s/TINY_INITIAL_POST_SIZE/EXPECT_100_THRESHOLDDaniel Stenberg2017-07-062-4/+9
| | | | | Make the name reflect its use better, and add a short comment describing what it's for.
* select.h: avoid macro redefinition harderDaniel Stenberg2017-07-051-2/+3
| | | | | ... by checking the POLLIN define, as the header file checks don't work on Windows.
* inet_pton: fix include on windows to get prototypeDaniel Stenberg2017-07-051-1/+4
| | | | | | | inet_pton() exists on Windows and gets used by our cmake builds. Make sure the correct header file is included to avoid compiler warnings. Closes #1639
* smb: add support for CURLOPT_FILETIMEGisle Vanem2017-07-041-3/+24
| | | | | | Bug: https://curl.haxx.se/mail/lib-2017-07/0005.html Closes #1643
* smb: fix build for djgpp/MSDOSGisle Vanem2017-07-041-1/+1
| | | | bug: https://curl.haxx.se/mail/lib-2017-07/0005.html
* configure: remove checks for 5 functions never usedDaniel Stenberg2017-07-041-13/+0
| | | | | | fork, getprotobyname, inet_addr, perror, uname closes #1638
* timeval.c: Use long long constant type for timeval assignmentMartin Kepplinger2017-07-041-2/+2
| | | | | | | | | | | | | | | | On a 64 bit host, sparse says: timeval.c:148:15: warning: constant 0x7fffffffffffffff is so big it is long timeval.c:149:12: warning: constant 0x7fffffffffffffff is so big it is long so let's use long long constant types in order to prevent undesired overflow failures. Bug: https://curl.haxx.se/mail/lib-2017-07/0003.html Closes #1636 Signed-off-by: Martin Kepplinger <martink@posteo.de>
* url: make the original string get used on subsequent transfersDaniel Stenberg2017-07-031-0/+7
| | | | | | | | | | | ... since CURLOPT_URL should follow the same rules as other options: they remain set until changed or cleared. Added test 1551 to verify. Fixes #1631 Closes #1632 Reported-by: Pavel Rochnyak
* gtls: fix build when sizeof(long) < sizeof(void *)Johannes Schindelin2017-07-031-11/+9
| | | | | | | | | | | | | | | | | | | | | | | | - Change gnutls pointer/int macros to pointer/curl_socket_t. Prior to this change they used long type as well. The size of the `long` data type can be shorter than that of pointer types. This is the case most notably on Windows. If C99 were acceptable, we could simply use `intptr_t` here. But we want to retain C89 compatibility. Simply use the trick of performing pointer arithmetic with the NULL pointer: to convert an integer `i` to a pointer, simply take the address of the `i`th element of a hypothetical character array starting at address NULL. To convert back, simply cast the pointer difference. Thanks to Jay Satiro for the initial modification to use curl_socket_t instead of int/long. Closes #1617 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* http2: handle PING framesMax Dymond2017-06-301-2/+46
| | | | | | | Add a connection check function to HTTP2 based off RTSP. This causes PINGs to be handled the next time the connection is reused. Closes #1521
* handler: refactor connection checkingMax Dymond2017-06-3020-7/+78
| | | | | | Add a new type of callback to Curl_handler which performs checks on the connection. Alter RTSP so that it uses this callback to do its own check on connection health.
* openssl: improve fallback seed of PRNG with a time based hashdmitrykos2017-06-301-17/+26
| | | | Fixes #1620
* progress: prevent resetting t_starttransferRyan Winograd2017-06-301-1/+15
| | | | | | | | | | | | | Prevent `Curl_pgrsTime` from modifying `t_starttransfer` when invoked with `TIMER_STARTTRANSFER` more than once during a single request. When a redirect occurs, this is considered a new request and `t_starttransfer` can be updated to reflect the `t_starttransfer` time of the redirect request. Closes #1616 Bug: https://github.com/curl/curl/pull/1602#issuecomment-310267370
* CURLOPT_SOCKS5_AUTH: allowed methods for SOCKS5 proxy authKamil Dudka2017-06-283-9/+27
| | | | | | | | | | | | | | | | | | If libcurl was built with GSS-API support, it unconditionally advertised GSS-API authentication while connecting to a SOCKS5 proxy. This caused problems in environments with improperly configured Kerberos: a stock libcurl failed to connect, despite libcurl built without GSS-API connected fine using username and password. This commit introduces the CURLOPT_SOCKS5_AUTH option to control the allowed methods for SOCKS5 authentication at run time. Note that a new option was preferred over reusing CURLOPT_PROXYAUTH for compatibility reasons because the set of authentication methods allowed by default was different for HTTP and SOCKS5 proxies. Bug: https://curl.haxx.se/mail/lib-2017-01/0005.html Closes https://github.com/curl/curl/pull/1454
View Lorry Controller Status