summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* socks: fix error messageDaniel Stenberg2019-04-081-1/+1
|
* socks5: user name and passwords must be shorter than 256Daniel Stenberg2019-04-071-2/+14
| | | | | | | | bytes... since the protocol needs to store the length in a single byte field. Reported-by: XmiliaH on github Fixes #3737 Closes #3740
* urlapi: urlencode characters above 0x7f correctlyJakub Zakrzewski2019-04-071-3/+3
| | | | | fixes #3741 Closes #3742
* multi_runsingle(): fix use-after-freeEven Rouault2019-04-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #3745 Closes #3746 The following snippet ``` int main() { CURL* hCurlHandle = curl_easy_init(); curl_easy_setopt(hCurlHandle, CURLOPT_URL, "http://example.com"); curl_easy_setopt(hCurlHandle, CURLOPT_PROXY, "1"); curl_easy_perform(hCurlHandle); curl_easy_cleanup(hCurlHandle); return 0; } ``` triggers the following Valgrind warning ``` ==4125== Invalid read of size 8 ==4125== at 0x4E7D1EE: Curl_llist_remove (llist.c:97) ==4125== by 0x4E7EF5C: detach_connnection (multi.c:798) ==4125== by 0x4E80545: multi_runsingle (multi.c:1451) ==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072) ==4125== by 0x4E766A0: easy_transfer (easy.c:625) ==4125== by 0x4E76915: easy_perform (easy.c:719) ==4125== by 0x4E7697C: curl_easy_perform (easy.c:738) ==4125== by 0x4008BE: main (in /home/even/curl/test) ==4125== Address 0x9b3d1d0 is 1,120 bytes inside a block of size 1,600 free'd ==4125== at 0x4C2ECF0: free (vg_replace_malloc.c:530) ==4125== by 0x4E62C36: conn_free (url.c:756) ==4125== by 0x4E62D34: Curl_disconnect (url.c:818) ==4125== by 0x4E48DF9: Curl_once_resolved (hostip.c:1097) ==4125== by 0x4E8052D: multi_runsingle (multi.c:1446) ==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072) ==4125== by 0x4E766A0: easy_transfer (easy.c:625) ==4125== by 0x4E76915: easy_perform (easy.c:719) ==4125== by 0x4E7697C: curl_easy_perform (easy.c:738) ==4125== by 0x4008BE: main (in /home/even/curl/test) ==4125== Block was alloc'd at ==4125== at 0x4C2F988: calloc (vg_replace_malloc.c:711) ==4125== by 0x4E6438E: allocate_conn (url.c:1654) ==4125== by 0x4E685B4: create_conn (url.c:3496) ==4125== by 0x4E6968F: Curl_connect (url.c:4023) ==4125== by 0x4E802E7: multi_runsingle (multi.c:1368) ==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072) ==4125== by 0x4E766A0: easy_transfer (easy.c:625) ==4125== by 0x4E76915: easy_perform (easy.c:719) ==4125== by 0x4E7697C: curl_easy_perform (easy.c:738) ==4125== by 0x4008BE: main (in /home/even/curl/test) ``` This has been bisected to commit 2f44e94 Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14109 Credit to OSS Fuzz
* pipelining: removedDaniel Stenberg2019-04-0615-1059/+156
| | | | | | | As previously planned and documented in DEPRECATE.md, all pipelining code is removed. Closes #3651
* ftplistparser: fix LGTM alert "Empty block without comment"Marcel Raad2019-04-051-4/+1
| | | | | | Removing the block is consistent with line 954/957. Closes https://github.com/curl/curl/pull/3732
* transfer: fix LGTM alert "Comparison is always true"Marcel Raad2019-04-051-1/+1
| | | | | | | Just remove the redundant condition, which also makes it clear that k->buf is always 0-terminated if this break is not hit. Closes https://github.com/curl/curl/pull/3732
* smtp: fix compiler warningRikard Falkeborn2019-04-041-1/+1
| | | | | | | | | | | | | | | | | | | - Fix clang string-plus-int warning. Clang 8 warns about adding a string to an int does not append to the string. Indeed it doesn't, but that was not the intention either. Use array indexing as suggested to silence the warning. There should be no functional changes. (In other words clang warns about "foo"+2 but not &"foo"[2] so use the latter.) smtp.c:1221:29: warning: adding 'int' to a string does not append to the string [-Wstring-plus-int] eob = strdup(SMTP_EOB + 2); ~~~~~~~~~~~~~~~~^~~~ Closes https://github.com/curl/curl/pull/3729
* documentation: Fix several typosTim Rühsen2019-04-031-1/+1
| | | | | | Closes #3724 Reviewed-by: Jakub Zakrzewski Reviewed-by: Daniel Gustafsson
* vauth/oauth2: Fix OAUTHBEARER token generationMert Yazıcıoğlu2019-04-023-16/+56
| | | | | | | | | | | OAUTHBEARER tokens were incorrectly generated in a format similar to XOAUTH2 tokens. These changes make OAUTHBEARER tokens conform to the RFC7628. Fixes: #2487 Reported-by: Paolo Mossino Closes https://github.com/curl/curl/pull/3377
* resolve: apply Happy Eyeballs philosophy to parallel c-ares queriesBrad Spencer2019-03-272-0/+96
| | | | Closes #3699
* multi: improved HTTP_1_1_REQUIRED handlingDaniel Stenberg2019-03-271-18/+19
| | | | | | | | | Make sure to downgrade to 1.1 even when we get this HTTP/2 stream error on first flight. Reported-by: niner on github Fixes #3696 Closes #3707
* Revert "ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set"Daniel Stenberg2019-03-271-1/+1
| | | | | | This reverts commit 9130ead9fcabdb6b8fbdb37c0b38be2d326adb00. Fixes #3708
* ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION setChristian Schmitz2019-03-261-1/+1
| | | | Closes #3704
* os400: Disable Alt-Svc by default since it's experimentalJay Satiro2019-03-241-2/+2
| | | | | | | | | | | Follow-up to 520f0b4 which added Alt-Svc support and enabled it by default for OS400. Since the feature is experimental, it should be disabled by default. Ref: https://github.com/curl/curl/commit/520f0b4#commitcomment-32792332 Ref: https://curl.haxx.se/mail/lib-2019-02/0008.html Closes https://github.com/curl/curl/pull/3688
* lib: Fix typos in commentsDaniel Gustafsson2019-03-222-2/+2
|
* openssl: if cert type is ENG and no key specified, key is ENG tooDavid Woodhouse2019-03-201-4/+4
| | | | | Fixes #3692 Closes #3692
* sectransp: tvOS 11 is required for ALPN supportDaniel Stenberg2019-03-201-2/+2
| | | | | | | | Reported-by: nianxuejie on github Assisted-by: Nick Zitzmann Assisted-by: Jay Satiro Fixes #3689 Closes #3690
* os400: alt-svc support.Patrick Monnerat2019-03-171-1/+4
| | | | | Although experimental, enable it in the platform config file. Upgrade ILE/RPG binding.
* conncache: use conn->data to know if a transfer owns itDaniel Stenberg2019-03-172-7/+11
| | | | | | | | | | | | | - make sure an already "owned" connection isn't returned unless multiplexed. - clear ->data when returning the connection to the cache again Regression since 7.62.0 (probably in commit 1b76c38904f0) Bug: https://curl.haxx.se/mail/lib-2019-03/0064.html Closes #3686
* configure: add --with-amisslChris Young2019-03-155-17/+49
| | | | | | | | | | AmiSSL is an Amiga native library which provides a wrapper over OpenSSL. It also requires all programs using it to use bsdsocket.library directly, rather than accessing socket functions through clib, which libcurl was not necessarily doing previously. Configure will now check for the headers and ensure they are included if found. Closes #3677
* vtls: rename some of the SSL functionsChris Young2019-03-152-5/+5
| | | | | ... in the SSL structure as AmiSSL is using macros for the socket API functions.
* makefile: make checksrc and hugefile commands "silent"Daniel Stenberg2019-03-141-2/+7
| | | | | | | ... to match the style already used for compiling, linking etc. Acknowledges 'make V=1' to enable verbose. Closes #3681
* Negotiate: fix for HTTP POST with NegotiateDominik Hölzl2019-03-148-73/+196
| | | | | | | | | | | | | | | | | | | | | | | | * Adjusted unit tests 2056, 2057 * do not generally close connections with CURLAUTH_NEGOTIATE after every request * moved negotiatedata from UrlState to connectdata * Added stream rewind logic for CURLAUTH_NEGOTIATE * introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC * Consider authproblem state for CURLAUTH_NEGOTIATE * Consider reuse_forbid for CURLAUTH_NEGOTIATE * moved and adjusted negotiate authentication state handling from output_auth_headers into Curl_output_negotiate * Curl_output_negotiate: ensure auth done is always set * Curl_output_negotiate: Set auth done also if result code is GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may also indicate the last challenge request (only works with disabled Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1) * Consider "Persistent-Auth" header, detect if not present; Reset/Cleanup negotiate after authentication if no persistent authentication * apply changes introduced with #2546 for negotiate rewind logic Fixes #1261 Closes #1975
* http: send payload when (proxy) authentication is doneMarc Schlatter2019-03-131-1/+2
| | | | | | | | | | | The check that prevents payload from sending in case of authentication doesn't check properly if the authentication is done or not. They're cases where the proxy respond "200 OK" before sending authentication challenge. This change takes care of that. Fixes #2431 Closes #3669
* file: fix "Checking if unsigned variable 'readcount' is less than zero."Daniel Stenberg2019-03-121-2/+2
| | | | | | Pointed out by codacy Closes #3672
* memdebug: log pointer before freeing its dataDaniel Stenberg2019-03-122-5/+5
| | | | | | | | | | | | Coverity warned for two potentional "Use after free" cases. Both are false positives because the memory wasn't used, it was only the actual pointer value that was logged. The fix still changes the order of execution to avoid the warnings. Coverity CID 1443033 and 1443034 Closes #3671
* multi: removed unused code for request retriesDaniel Stenberg2019-03-111-72/+0
| | | | | | | | This code was once used for the non multi-interface using code path, but ever since easy_perform was turned into a wrapper around the multi interface, this code path never runs. Closes #3666
* doh: inherit some SSL options from user's easy handleJay Satiro2019-03-111-3/+68
| | | | | | | | | | | | | | | | | | | | | | | | - Inherit SSL options for the doh handle but not SSL client certs, SSL ALPN/NPN, SSL engine, SSL version, SSL issuer cert, SSL pinned public key, SSL ciphers, SSL id cache setting, SSL kerberos or SSL gss-api settings. - Fix inheritance of verbose setting. - Inherit NOSIGNAL. There is no way for the user to set options for the doh (DNS-over-HTTPS) handles and instead we inherit some options from the user's easy handle. My thinking for the SSL options not inherited is they are most likely not intended by the user for the DOH transfer. I did inherit insecure because I think that should still be in control of the user. Prior to this change doh did not work for me because CAINFO was not inherited. Also verbose was set always which AFAICT was a bug (#3660). Fixes https://github.com/curl/curl/issues/3660 Closes https://github.com/curl/curl/pull/3661
* Revert "cookies: extend domain checks to non psl builds"Daniel Stenberg2019-03-091-8/+5
| | | | | | | This reverts commit 3773de378d48b06c09931e44dca4d274d0bfdce0. Regression shipped in 7.64.0 Fixes #3649
* memdebug: make debug-specific functions use curl_dbg_ prefixDaniel Stenberg2019-03-084-145/+140
| | | | | | | To not "collide" or use up the regular curl_ name space. Also makes them easier to detect in helper scripts. Closes #3656
* source: fix two 'nread' may be used uninitialized warningsDaniel Stenberg2019-03-052-4/+4
| | | | | | Both seem to be false positives but we don't like warnings. Closes #3646
* gopher: remove check for path == NULLDaniel Stenberg2019-03-051-1/+4
| | | | | | | | | | | Since it can't be NULL and it makes Coverity believe we lack proper NULL checks. Verified by test 659, landed in commit 15401fa886b. Pointed out by Coverity CID 1442746. Assisted-by: Dan Fandrich Fixes #3617 Closes #3642
* ssh: loop the state machine if not done and not blockingDaniel Stenberg2019-03-051-4/+7
| | | | | | | | | | | | | | If the state machine isn't complete, didn't fail and it didn't return due to blocking it can just as well loop again. This addresses the problem with SFTP directory listings where we would otherwise return back to the parent and as the multi state machine doesn't have any code for using CURLM_CALL_MULTI_PERFORM for as long the doing phase isn't complete, it would return out when in reality there was more data to deal with. Fixes #3506 Closes #3644
* multi: support verbose conncache closure handleJay Satiro2019-03-051-0/+2
| | | | | | | | | | | | | | | | | - Change closure handle to receive verbose setting from the easy handle most recently added via curl_multi_add_handle. The closure handle is a special easy handle used for closing cached connections. It receives limited settings from the easy handle most recently added to the multi handle. Prior to this change that did not include verbose which was a problem because on connection shutdown verbose mode was not acknowledged. Ref: https://github.com/curl/curl/pull/3598 Co-authored-by: Daniel Stenberg Closes https://github.com/curl/curl/pull/3618
* CURLU: fix NULL dereference when used over proxyDaniel Stenberg2019-03-041-2/+3
| | | | | | | | Test 659 verifies Also fixed the test 658 name Closes #3641
* altsvc_out: check the return code from Curl_gmtimeDaniel Stenberg2019-03-031-1/+3
| | | | | | Pointed out by Coverity, CID 1442956. Closes #3640
* alt-svc: add test 355 and 356 to verify with command line curlDaniel Stenberg2019-03-031-1/+8
|
* alt-svc: the libcurl bitsDaniel Stenberg2019-03-0310-4/+736
|
* gnutls: remove call to deprecated gnutls_compression_get_nameDaniel Stenberg2019-03-021-6/+1
| | | | | | | | | | It has been deprecated by GnuTLS since a year ago and now causes build warnings. Ref: https://gitlab.com/gnutls/gnutls/commit/b0041897d2846737f5fb0f Docs: https://www.gnutls.org/manual/html_node/Compatibility-API.html Closes #3636
* system_win32: move win32_init here from easy.cJay Satiro2019-03-023-90/+90
| | | | | | | | | | .. since system_win32 is a more appropriate location for the functions and to extern the globals. Ref: https://github.com/curl/curl/commit/ca597ad#r32446578 Reported-by: Gisle Vanem Closes https://github.com/curl/curl/pull/3625
* urldata: simplify bytecountersDaniel Stenberg2019-03-0122-176/+111
| | | | | | | | | | | | | - no need to have them protocol specific - no need to set pointers to them with the Curl_setup_transfer() call - make Curl_setup_transfer() operate on a transfer pointer, not connection - switch some counters from long to the more proper curl_off_t type Closes #3627
* threaded-resolver: shutdown the resolver thread without error messageDaniel Stenberg2019-03-011-30/+38
| | | | | | | | | | | | When a transfer is done, the resolver thread will be brought down. That could accidentally generate an error message in the error buffer even though this is not an error situationand the transfer would still return OK. An application that still reads the error buffer could find a "Could not resolve host: [host name]" message there and get confused. Reported-by: Michael Schmid Fixes #3629 Closes #3630
* ssh: fix Condition '!status' is always trueDaniel Stenberg2019-03-012-14/+6
| | | | | | | | | in the same sftp_done function in both SSH backends. Simplify them somewhat. Pointed out by Codacy. Closes #3628
* Curl_easy: remove req.maxfd - never used!Daniel Stenberg2019-02-282-3/+0
| | | | | | | Introduced in 8b6314ccfb, but not used anymore in current code. Unclear since when. Closes #3626
* http: set state.infilesize when sending formpostsDaniel Stenberg2019-02-281-1/+1
| | | | | | | | | | | | Without it set, we would unwillingly triger the "HTTP error before end of send, stop sending" condition even if the entire POST body had been sent (since it wouldn't know the expected size) which would unnecessarily log that message and close the connection when it didn't have to. Reported-by: Matt McClure Bug: https://curl.haxx.se/mail/archive-2019-02/0023.html Closes #3624
* Secure Transport: no more "darwinssl"Daniel Stenberg2019-02-287-104/+104
| | | | | | | | Everyone calls it Secure Transport, now we do too. Reviewed-by: Nick Zitzmann Closes #3619
* cookies: only save the cookie file if the engine is enabledDaniel Stenberg2019-02-271-3/+6
| | | | | | | | | | | | | | | | | | | Follow-up to 8eddb8f4259. If the cookieinfo pointer is NULL there really is nothing to save. Without this fix, we got a problem when a handle was using shared object with cookies and is told to "FLUSH" it to file (which worked) and then the share object was removed and when the easy handle was closed just afterwards it has no cookieinfo and no cookies so it decided to save an empty jar (overwriting the file just flushed). Test 1905 now verifies that this works. Assisted-by: Michael Wallner Assisted-by: Marcel Raad Closes #3621
* urldata: convert bools to bitfields and move to endDaniel Stenberg2019-02-275-261/+235
| | | | | | | | | | | | This allows the compiler to pack and align the structs better in memory. For a rather feature-complete build on x86_64 Linux, gcc 8.1.2 makes the Curl_easy struct 4.9% smaller. From 6312 bytes to 6000. Removed an unused struct field. No functionality changes. Closes #3610
* strerror: make the strerror function use local buffersDaniel Stenberg2019-02-2613-108/+142
| | | | | | | | | | | | | | | | Instead of using a fixed 256 byte buffer in the connectdata struct. In my build, this reduces the size of the connectdata struct by 11.8%, from 2160 to 1904 bytes with no functionality or performance loss. This also fixes a bug in schannel's Curl_verify_certificate where it called Curl_sspi_strerror when it should have called Curl_strerror for string from GetLastError. the only effect would have been no text or the wrong text being shown for the error. Co-authored-by: Jay Satiro Closes #3612