summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* libssh2: s/ssherr/sftperr/Daniel Stenberg2020-08-101-1/+1
| | | | | | | | | | | The debug output used ssherr instead of sftperr which not only outputs the wrong error code but also casues a warning on Windows. Follow-up to 7370b4e39f1 Reported-by: Gisle Vanem Bug: https://github.com/curl/curl/commit/7370b4e39f1390e701f5b68d910c619151daf72b#r41334700 Closes #5799
* ftp: don't do ssl_shutdown instead of ssl_closeDaniel Stenberg2020-08-102-3/+4
| | | | | | | | | | | | | The shutdown function is for downgrading a connection from TLS to plain, and this is not requested here. Have ssl_close reset the TLS connection state. This partially reverts commit f002c850d98d Reported-by: Rasmus Melchior Jacobsen Reported-by: Denis Goleshchikhin Fixes #5797
* smtp_parse_address: handle blank input string properlyDaniel Stenberg2020-08-071-2/+4
| | | | Closes #5792
* ngtcp2: adapt to error code renameDaniel Stenberg2020-08-051-1/+1
| | | | Closes #5786
* gtls: survive not being able to get name/issuerDaniel Stenberg2020-08-051-10/+13
| | | | Closes #5778
* h2: repair trailer handlingDaniel Stenberg2020-08-033-10/+31
| | | | | | | | | | | | | The previous h2 trailer fix in 54a2b63 was wrong and caused a regression: it cannot deal with trailers immediately when read since they may be read off the connection by the wrong 'data' owner. This change reverts the logic back to gathering all trailers into a single buffer, like before 54a2b63. Reported-by: Tadej Vengust Fixes #5663 Closes #5769
* windows: disable Unix Sockets for old mingwViktor Szakats2020-08-031-1/+5
| | | | | | | | | | | | | | Classic mingw and 10y+ old versions of mingw-w64 don't ship with Windows headers having the typedef necessary for Unix Sockets support, so try detecting these environments to disable this feature. Ref: https://sourceforge.net/p/mingw-w64/mingw-w64/ci/cf6afc57179a5910621215f8f4037d406892072c/ Reviewed-by: Daniel Stenberg Fixes #5674 Closes #5758
* win32: Add Curl_verify_windows_version() to curlxCameron Cawley2020-08-0210-235/+306
| | | | Closes https://github.com/curl/curl/pull/5754
* multi: Condition 'extrawait' is always trueDaniel Stenberg2020-08-011-1/+1
| | | | | | | Reported by Codacy. Reviewed-by: Marcel Raad Closes #5759
* openssl: fix build with LibreSSL < 2.9.1Marcel Raad2020-08-011-1/+3
| | | | | | | | | `SSL_CTX_add0_chain_cert` and `SSL_CTX_clear_chain_certs` were introduced in LibreSSL 2.9.1 [0]. [0] https://github.com/libressl-portable/openbsd/commit/0db809ee178457c8170abfae3931d7bd13abf3ef Closes https://github.com/curl/curl/pull/5757
* multi_remove_handle: close unused connect-only connectionsMarc Aldorasi2020-08-011-4/+30
| | | | | | | | | Previously any connect-only connections in a multi handle would be kept alive until the multi handle was closed. Since these connections cannot be re-used, they can be marked for closure when the associated easy handle is removed from the multi handle. Closes #5749
* connect: remove redundant message about connect failureMarc Hoersken2020-07-311-2/+2
| | | | | | Reviewed-by: Daniel Stenberg Closes #5708
* url: fix CURLU and location followingJay Satiro2020-07-301-2/+3
| | | | | | | | | | | Prior to this change if the user set a URL handle (CURLOPT_CURLU) it was incorrectly used for the location follow, resulting in infinite requests to the original location. Reported-by: sspiri@users.noreply.github.com Fixes https://github.com/curl/curl/issues/5709 Closes https://github.com/curl/curl/pull/5713
* checksrc: ban gmtime/localtimeDaniel Stenberg2020-07-282-2/+4
| | | | | | | | | They're not thread-safe so they should not be used in libcurl code. Explictly enabled when deemed necessary and in examples and tests Reviewed-by: Nicolas Sterchele Closes #5732
* transfer: fix data_pending for builds with both h2 and h3 enabledDaniel Stenberg2020-07-281-2/+6
| | | | Closes #5734
* curl_multi_setopt: fix compiler warning "result is always false"Daniel Stenberg2020-07-281-3/+1
| | | | | | | | | On systems with 32 bit long the expression is always false. Avoid the warning. Reported-by: Gisle Vanem Bug: https://github.com/curl/curl/commit/61a08508f6a458fe21bbb18cd2a9bac2f039452b#commitcomment-40941232 Closes #5736
* curl: improve the existing file check with -JDaniel Stenberg2020-07-282-1/+14
| | | | | | | | | | Previously a file that isn't user-readable but is user-writable would not be properly avoided and would get overwritten. Reported-by: BrumBrum on hackerone Assisted-by: Jay Satiro Bug: https://hackerone.com/reports/926638 Closes #5731
* multi: update comment to say easyp list is linearJonathan Nieder2020-07-281-1/+1
| | | | | | | | | Since 09b9fc900 (multi: remove 'Curl_one_easy' struct, phase 1, 2013-08-02), the easy handle list is not circular but ends with ->next pointing to NULL. Reported-by: Masaya Suzuki <masayasuzuki@google.com> Closes #5737
* ngtcp2: store address in sockaddr_storageDaniel Stenberg2020-07-271-2/+3
| | | | | Reported-by: Tatsuhiro Tsujikawa Closes #5733
* setopt: unset NOBODY switches to GET if still HEADDaniel Stenberg2020-07-271-0/+2
| | | | | | | | | | | Unsetting CURLOPT_NOBODY with 0L when doing HTTP has no documented action but before 7.71.0 that used to switch back to GET and with this change (assuming the method is still set to HEAD) this behavior is brought back. Reported-by: causal-agent on github Fixes #5725 Closes #5728
* configure: cleanup wolfssl + pkg-config conflicts when cross compiling.Ehren Bendler2020-07-271-1/+1
| | | | | | | Also choose a different wolfSSL function to test for NTLM support. Fixes #5605 Closes #5682
* quiche: handle calling disconnect twiceDaniel Stenberg2020-07-271-2/+8
| | | | | | Reported-by: lilongyan-huawei on github Fixes #5726 Closes #5727
* getinfo: reset retry-after value in initinfoNicolas Sterchele2020-07-271-0/+1
| | | | | | | | | - Avoid re-using retry_after value from preceding request - Add libtest 3010 to verify Reported-by: joey-l-us on github Fixes #5661 Closes #5672
* WIN32: stop forcing narrow-character APIMarcel Raad2020-07-273-5/+15
| | | | | | | | | | Except where the results are only used for character output. getenv is not touched because it's part of the public API, and having it return UTF-8 instead of ANSI would be a breaking change. Fixes https://github.com/curl/curl/issues/5658 Fixes https://github.com/curl/curl/issues/5712 Closes https://github.com/curl/curl/pull/5718
* mprintf: Fix stack overflowsTobias Stoeckmann2020-07-271-1/+5
| | | | | | | | | | | | | | | | | | | | | Stack overflows can occur with precisions for integers and floats. Proof of concepts: - curl_mprintf("%d, %.*1$d", 500, 1); - curl_mprintf("%d, %+0500.*1$f", 500, 1); Ideally, compile with -fsanitize=address which makes this undefined behavior a bit more defined for debug purposes. The format strings are valid. The overflows occur due to invalid arguments. If these arguments are variables with contents controlled by an attacker, the function's stack can be corrupted. Also see CVE-2016-9586 which partially fixed the float aspect. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Closes https://github.com/curl/curl/pull/5722
* mprintf: Fix dollar string handlingTobias Stoeckmann2020-07-271-5/+15
| | | | | | | | | | | | | Verify that specified parameters are in range. If parameters are too large, fail early on and avoid out of boundary accesses. Also do not read behind boundaries of illegal format strings. These are defensive measures since it is expected that format strings are well-formed. Format strings should not be modifiable by user input due to possible generic format string attacks. Closes https://github.com/curl/curl/pull/5722
* ntlm: free target_info before (re-)mallocDaniel Stenberg2020-07-261-0/+1
| | | | | | | | | OSS-Fuzz found a way this could get called again with the pointer still pointing to a malloc'ed memory, leading to a leak. Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379 Closes #5724
* doh: remove redundant castMarcel Raad2020-07-211-2/+2
| | | | Closes https://github.com/curl/curl/pull/5704
* md(4|5): don't use deprecated macOS functionsMarcel Raad2020-07-192-2/+6
| | | | | | | They are marked as deprecated for -mmacosx-version-min >= 10.15, which might result in warnings-as-errors. Closes https://github.com/curl/curl/pull/5695
* strdup: remove the odd strlen checkDaniel Stenberg2020-07-181-9/+4
| | | | | | | It confuses code analyzers with its use of -1 for unsigned value. Also, a check that's not normally used in strdup() code - and not necessary. Closes #5697
* ngtcp2: adjust to recent sockaddr updatesDaniel Stenberg2020-07-162-9/+7
| | | | Closes #5690
* CURL_PUSH_ERROROUT: allow the push callback to fail the parent streamDaniel Stenberg2020-07-161-9/+18
| | | | | | | | | ... by adding support for a new dedicated return code. Suggested-by: Jonathan Cardoso Assisted-by: Erik Johansson URL: https://curl.haxx.se/mail/lib-2020-06/0099.html Closes #5636
* nss: fix build with disabled proxy supportBaruch Siach2020-07-141-9/+35
| | | | | | | Avoid reference to fields that do not exist when CURL_DISABLE_PROXY is defined. Closes #5667
* CURLINFO_EFFECTIVE_METHOD: addedDaniel Stenberg2020-07-143-4/+28
| | | | | | | Provide the HTTP method that was used on the latest request, which might be relevant for users when there was one or more redirects involved. Closes #5511
* windows: add unicode to feature listViktor Szakats2020-07-141-0/+3
| | | | | | | Reviewed-by: Marcel Raad Reviewed-by: Marc Hörsken Closes #5491
* multi: remove two checks always trueDaniel Stenberg2020-07-141-2/+2
| | | | | Detected by Codacy Closes #5676
* socks: use size_t for size variableihsinme2020-07-121-3/+3
| | | | | | | | Use the unsigned type (size_t) in the arithmetic of pointers. In this context, the signed type (ssize_t) is used unnecessarily. Authored-by: ihsinme on github Closes #5654
* content_encoding: add zstd decoding supportGilles Vollant2020-07-124-3/+154
| | | | | | | | | include zstd curl patch for Makefile.m32 from vszakats and include Add CMake support for zstd from Peter Wu Helped-by: Viktor Szakats Helped-by: Peter Wu Closes #5453
* asyn.h: remove the Curl_resolver_getsock defineDaniel Stenberg2020-07-121-1/+0
| | | | | | | | - not used - used the wrong number of arguments - confused the Codeacy code analyzer Closes #5647
* ngtcp2: update to modified qlog callback prototypeDaniel Stenberg2020-07-121-1/+3
| | | | Closes #5675
* transfer: fix memory-leak with CURLOPT_CURLU in a duped handleDaniel Stenberg2020-07-121-1/+2
| | | | | | | | Added test case 674 to reproduce and verify the bug report. Fixes #5665 Reported-by: NobodyXu on github Closes #5673
* bearssl: fix build with disabled proxy supportBaruch Siach2020-07-121-2/+9
| | | | | | | | Avoid reference to fields that do not exist when CURL_DISABLE_PROXY is defined. Reviewed-by: Nicolas Sterchele Closes #5666
* http2: only do the *done() cleanups for HTTPDaniel Stenberg2020-07-041-1/+2
| | | | | | | Follow-up to ef86daf4d3 Closes #5650 Fixes #5646
* gnutls: repair the build with `CURL_DISABLE_PROXY`Alex Kiernan2020-07-041-3/+27
| | | | | | | | | `http_proxy`/`proxy_ssl`/`tunnel_proxy` will not be available in `conn` if `CURL_DISABLE_PROXY` is enabled. Repair the build with that configuration. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Closes #5645
* gnutls: Fetch backend when using proxyAlex Kiernan2020-07-031-0/+1
| | | | | Fixes: 89865c149 ("gnutls: remove the BACKEND define kludge") Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
* http2: close the http2 connection when no more requests may be sentLaramie Leavitt2020-07-031-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Well-behaving HTTP2 servers send two GOAWAY messages. The first message is a warning that indicates that the server is going to stop accepting streams. The second one actually closes the stream. nghttp2 reports this state (and the other state of no more stream identifiers) via the call nghttp2_session_check_request_allowed(). In this state the client should not create more streams on the session (tcp connection), and in curl this means that the server has requested that the connection is closed. It would be also be possible to put the connclose() call into the on_http2_frame_recv() function that triggers on the GOAWAY message. This fixes a bug seen when the client sees the following sequence of frames: // advisory GOAWAY HTTP2 GOAWAY [stream-id = 0, promised-stream-id = -1] ... some additional frames // final GOAWAY HTTP2 GOAWAY [stream-id = 0, promised-stream-id = N ] Before this change, curl will attempt to reuse the connection even after the last stream, will encounter this error: * Found bundle for host localhost: 0x5595f0a694e0 [can multiplex] * Re-using existing connection! (#0) with host localhost * Connected to localhost (::1) port 10443 (#0) * Using Stream ID: 9 (easy handle 0x5595f0a72e30) > GET /index.html?5 HTTP/2 > Host: localhost:10443 > user-agent: curl/7.68.0 > accept: */* > * stopped the pause stream! * Connection #0 to host localhost left intact curl: (16) Error in the HTTP2 framing layer This error may posion the connection cache, causing future requests which resolve to the same curl connection to go through the same error path. Closes #5643
* http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messagesJeremy Maitin-Shepard2020-07-021-2/+2
| | | | | | | | | Confusingly, nghttp2 has two different error code enums: - nghttp2_error, to be used with nghttp2_strerror - nghttp2_error_code, to be used with nghttp2_http2_strerror Closes #5641
* url: silence MSVC warningMarcel Raad2020-07-021-1/+1
| | | | | | | | | | | | | | Since commit f3d501dc678, if proxy support is disabled, MSVC warns: url.c : warning C4701: potentially uninitialized local variable 'hostaddr' used url.c : error C4703: potentially uninitialized local pointer variable 'hostaddr' used That could actually only happen if both `conn->bits.proxy` and `CURL_DISABLE_PROXY` were enabled. Initialize it to NULL to silence the warning. Closes https://github.com/curl/curl/pull/5638
* Revert "multi: implement wait using winsock events"Daniel Stenberg2020-06-302-122/+4
| | | | | | | | | | This reverts commit 8bc25c590e530de87595d1bb3577f699eb1309b9. That commit (from #5397) introduced a regression in 7.71.0. Reported-by: tmkk on github Fixes #5631 Closes #5632
* ngtcp2: sync with current masterDaniel Stenberg2020-06-291-1/+3
| | | | | | | | ngtcp2 added two new callbacks Reported-by: Lucien Zürcher Fixes #5624 Closes #5627
View Lorry Controller Status