summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* pause: when changing pause state, update socket stateDaniel Stenberg2018-03-163-1/+12
| | | | | | | | | | | | Especially unpausing a transfer might have to move the socket back to the "currently used sockets" hash to get monitored. Otherwise it would never get any more data and get stuck. Easily triggered with pausing using the multi_socket API. Reported-by: Philip Prindeville Bug: https://curl.haxx.se/mail/lib-2018-03/0048.html Fixes #2393 Closes #2391
* rate-limit: use three second window to better handle high speedsDaniel Stenberg2018-03-163-44/+62
| | | | | | | | | | | | | | | Due to very frequent updates of the rate limit "window", it could attempt to rate limit within the same milliseconds and that then made the calculations wrong, leading to it not behaving correctly on very fast transfers. This new logic updates the rate limit "window" to be no shorter than the last three seconds and only updating the timestamps for this when switching between the states TOOFAST/PERFORM. Reported-by: 刘佩东 Fixes #2386 Closes #2388
* cleanup: misc typos in strings and commentsluz.paz2018-03-165-5/+5
| | | | | | Found via `codespell` Closes #2389
* http2: fixes typoKobi Gurkan2018-03-151-1/+1
| | | | Closes #2387
* transfer: make HTTP without headers count correct body sizeDaniel Stenberg2018-03-151-1/+1
| | | | | | | | This is what "HTTP/0.9" basically looks like. Reported on IRC Closes #2382
* FTP: fix typo in recursive callback detection for seekingdasimx2018-03-141-1/+1
| | | | Fixes #2380
* Revert "hostip: fix compiler warning: 'variable set but not used'"Daniel Stenberg2018-03-121-1/+1
| | | | | | | This reverts commit a577059f92fc65bd6b81717f0737f897a5b34248. The assignment really needs to be there or we risk working with an uninitialized pointer.
* limit-rate: fix compiler warningMichael Kaufmann2018-03-121-1/+1
| | | | follow-up to 72a0f62
* checksrc.pl: add -i and -m optionsViktor Szakats2018-03-121-6/+18
| | | | | To sync it with changes made for the libssh2 project. Also cleanup some whitespace.
* http2: mark the connection for close on GOAWAYDaniel Stenberg2018-03-123-21/+26
| | | | | | | | | ... don't consider it an error! Assisted-by: Jay Satiro Reported-by: Łukasz Domeradzki Fixes #2365 Closes #2375
* openldap: white space changes, fixed up the copyright yearsDaniel Stenberg2018-03-121-18/+19
|
* openldap: check ldap_get_attribute_ber() results for NULL before usingDaniel Stenberg2018-03-121-4/+4
| | | | | | CVE-2018-1000121 Reported-by: Dario Weisser Bug: https://curl.haxx.se/docs/adv_2018-97a2.html
* FTP: reject path components with control codesDaniel Stenberg2018-03-121-4/+4
| | | | | | | | | | | | | | | Refuse to operate when given path components featuring byte values lower than 32. Previously, inserting a %00 sequence early in the directory part when using the 'singlecwd' ftp method could make curl write a zero byte outside of the allocated buffer. Test case 340 verifies. CVE-2018-1000120 Reported-by: Duy Phan Thanh Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
* readwrite: make sure excess reads don't go beyond buffer endDaniel Stenberg2018-03-121-2/+7
| | | | | | | CVE-2018-1000122 Bug: https://curl.haxx.se/docs/adv_2018-b047.html Detected by OSS-fuzz
* limit-rate: kick in even before "limit" data has been receivedDaniel Stenberg2018-03-112-23/+29
| | | | | | | | ... and make sure to avoid integer overflows with really large values. Reported-by: 刘佩东 Fixes #2371 Closes #2373
* Curl_range: fix FTP-only and FILE-only buildsMichael Kaufmann2018-03-111-1/+1
| | | | follow-up to e04417d
* hostip: fix compiler warning: 'variable set but not used'Michael Kaufmann2018-03-111-1/+1
|
* HTTP: allow "header;" to replace an internal header with a blank oneDaniel Stenberg2018-03-115-85/+93
| | | | | | Reported-by: Michael Kaufmann Fixes #2357 Closes #2362
* http2: verbose output new MAX_CONCURRENT_STREAMS valuesDaniel Stenberg2018-03-101-1/+2
| | | | ... as it is interesting for many users.
* WolfSSL: adding TLSv1.3sergii.kavunenko2018-03-051-1/+11
| | | | Closes #2349
* krb5: use nondeprecated functionsMarcel Raad2018-03-041-3/+3
| | | | | | | | | | | | | | | gss_seal/gss_unseal have been deprecated in favor of gss_wrap/gss_unwrap with GSS-API v2 from January 1997 [1]. The first version of "The Kerberos Version 5 GSS-API Mechanism" [2] from June 1996 already says "GSS_Wrap() (formerly GSS_Seal())" and "GSS_Unwrap() (formerly GSS_Unseal())". Use the nondeprecated functions to avoid deprecation warnings. [1] https://tools.ietf.org/html/rfc2078 [2] https://tools.ietf.org/html/rfc1964 Closes https://github.com/curl/curl/pull/2356
* NO_PROXY: fix for IPv6 numericals in the URLDaniel Stenberg2018-03-041-1/+9
| | | | | | | | Added test 1265 that verifies. Reported-by: steelman on github Fixes #2353 Closes #2355
* curl_ctype: fix macro redefinition warningsMarcel Raad2018-03-031-0/+8
| | | | | | | | | On MinGW and Cygwin, GCC and clang have been complaining about macro redefinitions since 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2. Fix this by undefining the macros before redefining them as suggested in https://github.com/curl/curl/pull/2269. Suggested-by: Daniel Stenberg
* unit1309: fix warning on Windows x64Marcel Raad2018-02-282-12/+8
| | | | | | | | | | When targeting x64, MinGW-w64 complains about conversions between 32-bit long and 64-bit pointers. Fix this by reusing the GNUTLS_POINTER_TO_SOCKET_CAST / GNUTLS_SOCKET_TO_POINTER_CAST logic from gtls.c, moving it to warnless.h as CURLX_POINTER_TO_INTEGER_CAST / CURLX_INTEGER_TO_POINTER_CAST. Closes https://github.com/curl/curl/pull/2341
* spelling fixesViktor Szakats2018-02-2312-17/+18
| | | | | | | | Detected using the `codespell` tool. Also contains one URL protocol upgrade. Closes https://github.com/curl/curl/pull/2334
* url: Add option CURLOPT_RESOLVER_START_FUNCTIONFrancisco Sedano2018-02-213-0/+31
| | | | | | | | | | | | - Add new option CURLOPT_RESOLVER_START_FUNCTION to set a callback that will be called every time before a new resolve request is started (ie before a host is resolved) with a pointer to backend-specific resolver data. Currently this is only useful for ares. - Add new option CURLOPT_RESOLVER_START_DATA to set a user pointer to pass to the resolver start callback. Closes https://github.com/curl/curl/pull/2311
* lib: CURLOPT_HAPPY_EYEBALLS_TIMEOUT => CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MSJay Satiro2018-02-211-1/+1
| | | | | | | | | | | | | | | | - In keeping with the naming of our other connect timeout options rename CURLOPT_HAPPY_EYEBALLS_TIMEOUT to CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS. This change adds the _MS suffix since the option expects milliseconds. This is more intuitive for our users since other connect timeout options that expect milliseconds use _MS such as CURLOPT_TIMEOUT_MS, CURLOPT_CONNECTTIMEOUT_MS, CURLOPT_ACCEPTTIMEOUT_MS. The tool option already uses an -ms suffix, --happy-eyeballs-timeout-ms. Follow-up to 2427d94 which added the lib and tool option yesterday. Ref: https://github.com/curl/curl/pull/2260
* sasl: prefer PLAIN mechanism over LOGINPatrick Monnerat2018-02-211-10/+10
| | | | | SASL PLAIN is a standard, LOGIN only a draft. The LOGIN draft says PLAIN should be used instead if available.
* url: Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUTAnders Bakken2018-02-205-4/+12
| | | | | | | | | | | | | | - Add new option CURLOPT_HAPPY_EYEBALLS_TIMEOUT to set libcurl's happy eyeball timeout value. - Add new optval macro CURL_HET_DEFAULT to represent the default happy eyeballs timeout value (currently 200 ms). - Add new tool option --happy-eyeballs-timeout-ms to expose CURLOPT_HAPPY_EYEBALLS_TIMEOUT. The -ms suffix is used because the other -timeout options in the tool expect seconds not milliseconds. Closes https://github.com/curl/curl/pull/2260
* hostip: fix 'potentially uninitialized variable' warningJay Satiro2018-02-201-2/+2
| | | | | | Follow-up to 50d1b33. Caught by AppVeyor.
* CURLOPT_RESOLVE: Add support for multiple IP addresses per entryAnders Bakken2018-02-203-35/+102
| | | | | | | This enables users to preresolve but still take advantage of happy eyeballs and trying multiple addresses if some are not connecting. Ref: https://github.com/curl/curl/pull/2260
* header callback: don't chop headers into smaller piecesDaniel Stenberg2018-02-163-33/+33
| | | | | | Reported-by: Guido Berhoerster Fixes #2314 Closes #2316
* http: fix the max header length detection logicDaniel Stenberg2018-02-161-11/+10
| | | | | | | | | | | Previously, it would only check for max length if the existing alloc buffer was to small to fit it, which often would make the header still get used. Reported-by: Guido Berhoerster Bug: https://curl.haxx.se/mail/lib-2018-02/0056.html Closes #2315
* ssh: add two missing state namesDaniel Stenberg2018-02-161-0/+5
| | | | | | | | | | | | | | | The list of state names (used in debug builds) was out of sync in relation to the list of states (used in all builds). I now added an assert to make sure the sizes of the two lists match, to aid in detecting this mistake better in the future. Regression since c92d2e14cf, shipped in 7.58.0. Reported-by: Somnath Kundu Fixes #2312 Closes #2313
* non-ascii: fix implicit declaration warningJay Satiro2018-02-151-0/+1
| | | | | | Follow-up to b46cfbc. Caught by Travis CI.
* nss: use PK11_CreateManagedGenericObject() if availableKamil Dudka2018-02-151-1/+11
| | | | | | | | | ... so that the memory allocated by applications using libcurl does not grow per each TLS connection. Bug: https://bugzilla.redhat.com/1510247 Closes #2297
* TODO fixed: Detect when called from within callbacksBjörn Stenberg2018-02-1518-18/+165
| | | | Closes #2302
* curl_gssapi: make sure this file too uses our *printf()Daniel Stenberg2018-02-131-1/+6
|
* smtp: fix processing of initial dot in dataPatrick Monnerat2018-02-121-0/+5
| | | | | | | | | | | RFC 5321 4.1.1.4 specifies the CRLF terminating the DATA command should be taken into account when chasing the <CRLF>.<CRLF> end marker. Thus a leading dot character in data is also subject to escaping. Tests 911 and test server are adapted to this situation. New tests 951 and 952 check proper handling of initial dot in data. Closes #2304
* sha256: avoid redefineDaniel Stenberg2018-02-121-6/+2
|
* sha256: build with OpenSSL < 0.9.8 tooDouglas Mencken2018-02-121-0/+12
| | | | | | support for SHA-2 was introduced in OpenSSL 0.9.8 Closes #2305
* http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING onPatrick Monnerat2018-02-121-7/+7
| | | | | Bug: #2303 Reported-By: Henry Roeland
* get_posix_time: only check for overflows if they can happen!Daniel Stenberg2018-02-091-0/+2
|
* schannel: fix "no previous prototype" compiler warningMichael Kaufmann2018-02-091-8/+8
|
* content_encoding: Add "none" alias to "identity"Mohammad AlSaleh2018-02-091-1/+1
| | | | | | | | | | | | Some servers return a "content-encoding" header with a non-standard "none" value. Add "none" as an alias to "identity" as a work-around, to avoid unrecognised content encoding type errors. Signed-off-by: Mohammad AlSaleh <CE.Mohammad.AlSaleh@gmail.com> Closes https://github.com/curl/curl/pull/2298
* schannel: fix compiler warningsMichael Kaufmann2018-02-081-10/+13
| | | | Closes #2296
* curl_addrinfo.c: Allow Unix Domain Sockets to compile under WindowsSteve Holme2018-02-072-2/+11
| | | | | | | | | Windows 10.0.17061 SDK introduces support for Unix Domain Sockets. Added the necessary include file to curl_addrinfo.c. Note: The SDK (which is considered beta) has to be installed, VS 2017 project file has to be re-targeted for Windows 10.0.17061 and #define enabled in config-win32.h.
* fnmatch: optimize processing of consecutive *s and ?s pattern charactersPatrick Monnerat2018-02-071-13/+18
| | | | | | Reported-By: Daniel Stenberg Fixes #2291 Closes #2293
* openssl: Don't add verify locations when verifypeer==0Patrick Schlangen2018-02-061-16/+15
| | | | | | | | When peer verification is disabled, calling SSL_CTX_load_verify_locations is not necessary. Only call it when verification is enabled to save resources and increase performance. Closes #2290
* formdata: use the mime-content type functionDaniel Stenberg2018-02-053-65/+17
| | | | | | | | | | Reduce code duplication by making Curl_mime_contenttype available and used by the formdata function. This also makes the formdata function recognize a set of more file extensions by default. PR #2280 brought this to my attention. Closes #2282
View Lorry Controller Status