summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* URL: fix ASCII dependency in strcpy_url and strlen_urlStephan Mühlstrasser2018-05-033-2/+22
| | | | | | | | | | | | | | Commit 3c630f9b0af097663a64e5c875c580aa9808a92b partially reverted the changes from commit dd7521bcc1b7a6fcb53c31f9bd1192fcc884bd56 because of the problem that strcpy_url() was modified unilaterally without also modifying strlen_url(). As a consequence strcpy_url() was again depending on ASCII encoding. This change fixes strlen_url() and strcpy_url() in parallel to use a common host-encoding independent criterion for deciding whether an URL character must be %-escaped. Closes #2535
* vtls: don't define MD5_DIGEST_LENGTH for wolfsslDaniel Stenberg2018-05-021-1/+3
| | | | ... as it defines it (too)
* wolfssl: Fix non-blocking connectDavid Garske2018-05-021-1/+1
| | | | Closes https://github.com/curl/curl/pull/2542
* cookies: remove unused macroDaniel Gustafsson2018-04-271-1/+0
| | | | | | | Commit 2bc230de63 made the macro MAX_COOKIE_LINE_TXT become unused, so remove as it's not part of the published API. Closes https://github.com/curl/curl/pull/2537
* checksrc: force indentation of lines after an elseDaniel Gustafsson2018-04-275-12/+8
| | | | | | | | This extends the INDENTATION case to also handle 'else' statements and require proper indentation on the following line. Also fixes the offending cases found in the codebase. Closes #2532
* http2: fix null pointer dereference in http2_connisdeadDaniel Stenberg2018-04-261-2/+5
| | | | | | | | | | | This function can get called on a connection that isn't setup enough to have the 'recv_underlying' function pointer initialized so it would try to call the NULL pointer. Reported-by: Dario Weisser Follow-up to db1b2c7fe9b093f8 (never shipped in a release) Closes #2536
* http2: get rid of another strstr()Daniel Stenberg2018-04-261-2/+4
| | | | | | | | | | | | | Follow-up to 1514c44655e12e: replace another strstr() call done on a buffer that might not be zero terminated - with a memchr() call, even if we know the substring will be found. Assisted-by: Max Dymond Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021 Closes #2534
* cyassl: adapt to libraries without TLS 1.0 support built-inDaniel Stenberg2018-04-261-1/+6
| | | | WolfSSL doesn't enable it by default anymore
* cookies: ensure that we have cookies before writing jarDaniel Gustafsson2018-04-251-0/+4
| | | | | | | The jar should be written iff there are cookies, so ensure that we still have cookies after expiration to avoid creating an empty file. Closes #2529
* strcpy_url: only %-encode values >= 0x80Daniel Stenberg2018-04-251-1/+1
| | | | | | | | OSS-Fuzz detected https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8000 Broke in dd7521bcc1b7
* mime: avoid NULL pointer dereference riskDaniel Stenberg2018-04-241-1/+1
| | | | | | Coverity detected, CID 1435120 Closes #2527
* ctype: restore character classification for non-ASCII platformsStephan Mühlstrasser2018-04-244-2/+49
| | | | | | | | | | | With commit 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2 curl-speficic character classification macros and functions were introduced in curl_ctype.[ch] to avoid dependencies on the locale. This broke curl on non-ASCII, e.g. EBCDIC platforms. This change restores the previous set of character classification macros when CURL_DOES_CONVERSIONS is defined. Closes #2494
* ftplistparser: keep state between invokesDaniel Stenberg2018-04-245-33/+43
| | | | | | | | | | Fixes FTP wildcard parsing when done over a number of read buffers. Regression from f786d1f14 Reported-by: wncboy on github Fixes #2445 Closes #2526
* Revert "ftplistparser: keep state between invokes"Daniel Stenberg2018-04-245-43/+32
| | | | | | This reverts commit abbc8457d85aca74b7cfda1d394b0844932b2934. Caused fuzzer problems on travis not seen when this was a PR!
* Curl_memchr: zero length input can't matchDaniel Stenberg2018-04-241-9/+10
| | | | | | Avoids undefined behavior. Reported-by: Geeknik Labs
* ftplistparser: keep state between invokesDaniel Stenberg2018-04-235-32/+43
| | | | | | | | | | Fixes FTP wildcard parsing when doing over a number of read buffers. Regression from f786d1f14 Reported-by: wncboy on github Fixes #2445 Closes #2519
* ftplistparser: renamed some members and variablesDaniel Stenberg2018-04-235-47/+47
| | | | ... to make them better spell out what they're for.
* curl_global_sslset: always provide available backendsChristian Schmitz2018-04-231-2/+3
| | | | Closes #2499
* http2: convert an assert to run-time checkDaniel Stenberg2018-04-231-2/+4
| | | | | | | | | | | | Fuzzing has proven we can reach code in on_frame_recv with status_code not having been set, so let's detect that in run-time (instead of with assert) and error error accordingly. (This should no longer happen with the latest nghttp2) Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7903 Closes #2514
* schannel: fix build error on targets <= XPArchangel_SDY2018-04-231-1/+1
| | | | | | | | | - Use CRYPT_STRING_HEX instead of CRYPT_STRING_HEXRAW since XP doesn't support the latter. Ref: https://github.com/curl/curl/pull/2376#issuecomment-382153668 Closes https://github.com/curl/curl/pull/2504
* Revert "ftplistparser: keep state between invokes"Daniel Stenberg2018-04-231-2/+1
| | | | | | | This reverts commit 8fb78f9ddc6d858d630600059b8ad84a80892fd9. Unfortunately this fix introduces memory leaks I've not been able to fix in several days. Reverting this for now to get the leaks fixed.
* http2: handle GOAWAY properlyDaniel Stenberg2018-04-204-9/+31
| | | | | | | | | | When receiving REFUSED_STREAM, mark the connection for close and retry streams accordingly on another/fresh connection. Reported-by: Terry Wu Fixes #2416 Fixes #1618 Closes #2510
* http2: clear the "drain counter" when a stream is closedDaniel Stenberg2018-04-201-0/+1
| | | | | | | | | | This fixes the notorious "httpc->drain_total >= data->state.drain" assert. Reported-by: Anders Bakken Fixes #1680 Closes #2509
* http2: avoid strstr() on data not zero terminatedDaniel Stenberg2018-04-201-2/+5
| | | | | | | | | | | | | It's not strictly clear if the API contract allows us to call strstr() on a string that isn't zero terminated even when we know it will find the substring, and clang's ASAN check dislikes us for it. Also added a check of the return code in case it fails, even if I can't think of a situation how that can trigger. Detected by OSS-Fuzz Closes #2513 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760
* openssl: fix subjectAltName check on non-ASCII platformsStephan Mühlstrasser2018-04-201-4/+46
| | | | | | | | Curl_cert_hostcheck operates with the host character set, therefore the ASCII subjectAltName string retrieved with OpenSSL must be converted to the host encoding before comparison. Closes #2493
* openssl: Add support for OpenSSL 1.1.1 verbose-mode trace messagesJay Satiro2018-04-201-8/+47
| | | | | | | | | | | - Support handling verbose-mode trace messages of type SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS, SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO, SSL3_MT_MESSAGE_HASH Reported-by: iz8mbw@users.noreply.github.com Fixes https://github.com/curl/curl/issues/2403
* ftplistparser: keep state between invokesDaniel Stenberg2018-04-191-1/+2
| | | | | | | | Regression from f786d1f14 Reported-by: wncboy on github Fixes #2445 Closes #2508
* detect_proxy: only show proxy use if it had contentsDaniel Stenberg2018-04-191-1/+2
|
* http2: handle on_begin_headers() called more than onceDaniel Stenberg2018-04-191-8/+4
| | | | | | | | | | | This triggered an assert if called more than once in debug mode (and a memory leak if not debug build). With the right sequence of HTTP/2 headers incoming it can happen. Detected by OSS-Fuzz Closes #2507 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764
* schannel: add support for CURLOPT_CAINFODan McNulty2018-04-186-214/+650
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Move verify_certificate functionality in schannel.c into a new file called schannel_verify.c. Additionally, some structure defintions from schannel.c have been moved to schannel.h to allow them to be used in schannel_verify.c. - Make verify_certificate functionality for Schannel available on all versions of Windows instead of just Windows CE. verify_certificate will be invoked on Windows CE or when the user specifies CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER. - In verify_certificate, create a custom certificate chain engine that exclusively trusts the certificate store backed by the CURLOPT_CAINFO file. - doc updates of --cacert/CAINFO support for schannel - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString when available. This implements a TODO in schannel.c to improve handling of multiple SANs in a certificate. In particular, all SANs will now be searched instead of just the first name. - Update tool_operate.c to not search for the curl-ca-bundle.crt file when using Schannel to maintain backward compatibility. Previously, any curl-ca-bundle.crt file found in that search would have been ignored by Schannel. But, with CAINFO support, the file found by that search would have been used as the certificate store and could cause issues for any users that have curl-ca-bundle.crt in the search path. - Update url.c to not set the build time CURL_CA_BUNDLE if the selected SSL backend is Schannel. We allow setting CA location for schannel only when explicitly specified by the user via CURLOPT_CAINFO / --cacert. - Add new test cases 3000 and 3001. These test cases check that the first and last SAN, respectively, matches the connection hostname. New test certificates have been added for these cases. For 3000, the certificate prefix is Server-localhost-firstSAN and for 3001, the certificate prefix is Server-localhost-secondSAN. - Remove TODO 15.2 (Add support for custom server certificate validation), this commit addresses it. Closes https://github.com/curl/curl/pull/1325
* schannel: fix warningJay Satiro2018-04-171-1/+2
| | | | | | | | | | - Fix warning 'integer from pointer without a cast' on 3rd arg in CertOpenStore. The arg type HCRYPTPROV may be a pointer or integer type of the same size. Follow-up to e35b025. Caught by Marc's CI builds.
* schannel: add client certificate authenticationArchangel_SDY2018-04-171-1/+120
| | | | | | | Users can now specify a client certificate in system certificates store explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"` Closes #2376
* ntlm_sspi: fix authentication using Credential Managertoughengineer2018-04-166-10/+41
| | | | | | | | | | | | | If you pass empty user/pass asking curl to use Windows Credential Storage (as stated in the docs) and it has valid credentials for the domain, e.g. curl -v -u : --ntlm example.com currently authentication fails. This change fixes it by providing proper SPN string to the SSPI API calls. Fixes https://github.com/curl/curl/issues/1622 Closes https://github.com/curl/curl/pull/1660
* urldata: make service names unconditionalMarcel Raad2018-04-162-10/+1
| | | | | | | | | | | The ifdefs have become quite long. Also, the condition for the definition of CURLOPT_SERVICE_NAME and for setting it from CURLOPT_SERVICE_NAME have diverged. We will soon also need the two options for NTLM, at least when using SSPI, for https://github.com/curl/curl/pull/1660. Just make the definitions unconditional to make that easier. Closes https://github.com/curl/curl/pull/2479
* ssh: show libSSH2 error code when closing failsChristian Schmitz2018-04-161-22/+57
| | | | Closes #2500
* vauth: Fix typoDaniel Gustafsson2018-04-153-5/+5
| | | | | | Address various spellings of "credentials". Closes https://github.com/curl/curl/pull/2496
* checksrc: Fix typoDaniel Gustafsson2018-04-151-4/+4
| | | | | | Fix typo in "semicolon" spelling and remove stray tab character. Closes https://github.com/curl/curl/pull/2498
* all: Refactor malloc+memset to use callocDaniel Gustafsson2018-04-158-33/+12
| | | | | | | | | | When a zeroed out allocation is required, use calloc() rather than malloc() followed by an explicit memset(). The result will be the same, but using calloc() everywhere increases consistency in the codebase and avoids the risk of subtle bugs when code is injected between malloc and memset by accident. Closes https://github.com/curl/curl/pull/2497
* duphandle: make sure CURLOPT_RESOLVE is duplicated fine tooDaniel Stenberg2018-04-121-0/+3
| | | | | | | | Verified in test 1502 now Fixes #2485 Closes #2486 Reported-by: Ernst Sjöstrand
* proxy: show getenv proxy use in verbose outputDaniel Stenberg2018-04-111-7/+19
| | | | | | | | | ... to aid debugging etc as it sometimes isn't immediately obvious why curl uses or doesn't use a proxy. Inspired by #2477 Closes #2480
* lib: silence null-dereference warningsMarcel Raad2018-04-092-4/+0
| | | | | | | | | | In debug mode, MingGW-w64's GCC 7.3 issues null-dereference warnings when dereferencing pointers after DEBUGASSERT-ing that they are not NULL. Fix this by removing the DEBUGASSERTs. Suggested-by: Daniel Stenberg Ref: https://github.com/curl/curl/pull/2463
* build: cleanup to fix clang warnings/errorsDaniel Stenberg2018-04-082-10/+7
| | | | | | | | | | unit1309 and vtls/gtls: error: arithmetic on a null pointer treated as a cast from integer to pointer is a GNU extension Reported-by: Rikard Falkeborn Fixes #2466 Closes #2468
* curl_setup: provide a CURL_SA_FAMILY_T type if none existsDaniel Stenberg2018-04-073-4/+9
| | | | | | | ... and use this type instead of 'sa_family_t' in the code since several platforms don't have it. Closes #2463
* build: add picky compiler warning flags for gcc 6 and 7Eric Gallager2018-04-074-5/+8
|
* hash: calculate sizes with size_t instead of longsDaniel Stenberg2018-04-062-5/+5
| | | | | | ... since they return size_t anyway! closes #2462
* FTP: allow PASV on IPv6 connections when a proxy is being usedLaurie Clark-Michalek2018-04-061-1/+1
| | | | | | | | | | | | In the situation of a client connecting to an FTP server using an IPv6 tunnel proxy, the connection info will indicate that the connection is IPv6. However, because the server behing the proxy is IPv4, it is permissable to attempt PSV mode. In the case of the FTP server being IPv4 only, EPSV will always fail, and with the current logic curl will be unable to connect to the server, as the IPv6 fwdproxy causes curl to think that EPSV is impossible. Closes #2432
* file: restore old behavior for file:////foo/bar URLsJon DeVree2018-04-061-28/+0
| | | | | | | | | | | | | | | | | | | | | curl 7.57.0 and up interpret this according to Appendix E.3.2 of RFC 8089 but then returns an error saying this is unimplemented. This is actually a regression in behavior on both Windows and Unix. Before curl 7.57.0 this URL was treated as a path of "//foo/bar" and then passed to the relevant OS API. This means that the behavior of this case is actually OS dependent. The Unix path resolution rules say that the OS must handle swallowing the extra "/" and so this path is the same as "/foo/bar" The Windows path resolution rules say that this is a UNC path and automatically handles the SMB access for the program. So curl on Windows was already doing Appendix E.3.2 without any special code in curl. Regression Closes #2438
* Revert "openssl: Don't add verify locations when verifypeer==0"Gaurav Malhotra2018-04-061-15/+16
| | | | | | | | | | | | | This reverts commit dc85437736e1fc90e689bb1f6c51c8f1aa9430eb. libcurl (with the OpenSSL backend) performs server certificate verification even if verifypeer == 0 and the verification result is available using CURLINFO_SSL_VERIFYRESULT. The commit that is being reverted caused the CURLINFO_SSL_VERIFYRESULT to not have useful information for the verifypeer == 0 use case (it would always have X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY). Closes #2451
* tls: fix mbedTLS 2.7.0 build + handle sha256 failuresWyatt O'Day2018-04-0610-10/+29
| | | | | | (mbedtls 2.70 compiled with MBEDTLS_DEPRECATED_REMOVED) Closes #2453
* cookie: case-insensitive hashing for the domainsLauri Kasanen2018-04-061-2/+17
| | | | closes #2458
View Lorry Controller Status