| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If supported, defer port selection until connect() time
if --interface is given and source port is 0.
Reproducer:
* start fast webserver on port 80
* starve system of ephemeral ports
$ sysctl net.ipv4.ip_local_port_range="60990 60999"
* start a curl/libcurl "crawler"
$curl --keepalive --parallel --parallel-immediate --head --interface
127.0.0.2 "http://127.0.0.[1-254]/file[001-002].txt"
current result:
(possible some successful data)
curl: (45) bind failed with errno 98: Address already in use
result after patch:
(complete success or few connections failing, higlhy depending on load)
Fail only when all the possible 4-tuple combinations are exhausted,
which is impossible to do when port is selected at bind() time becuse
the kernel does not know if socket will be listen()'ed on or connect'ed
yet.
Closes #6295
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Valgrind will complain that ssrem buffer usage if not explicit
initialized, hence initialize it to zero.
This completes the change intially started in commit 2c0d7212151 ('ftp:
retry getpeername for FTP with TCP_FASTOPEN') where the ssloc buffer has
a similar memset to zero.
Signed-off-by: Hans-Christian Noren Egtvedt <hegtvedt@cisco.com>
Closes #6289
|
| |
|
|
|
|
|
| |
This comment was originally on the `use` field, but was separated from
its field in 62a2534.
Closes https://github.com/curl/curl/pull/6287
|
| |
|
|
|
|
|
|
| |
CVE-2020-8286
Reported by anonymous
Bug: https://curl.se/docs/CVE-2020-8286.html
|
| |
|
|
|
|
|
|
| |
CVE-2020-8285
Fixes #6255
Bug: https://curl.se/docs/CVE-2020-8285.html
Reported-by: xnynx on github
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The command line tool also independently sets --ftp-skip-pasv-ip by
default.
Ten test cases updated to adapt the modified --libcurl output.
Bug: https://curl.se/docs/CVE-2020-8284.html
CVE-2020-8284
Reported-by: Varnavas Papaioannou
|
| |
|
|
|
|
|
|
|
|
| |
... as it makes the URL parser accept "very-long-hostname://" as a valid
host name and we don't want that. The parser now only accepts a blank
(no digits) after the colon if the URL starts with a scheme.
Reported-by: d4d on hackerone
Closes #6283
|
| |
|
|
|
|
|
|
|
|
|
| |
This reverts commit d2a7d7c185f98df8f3e585e5620cbc0482e45fac.
This commit also reverts the subsequent follow-ups to that commit, which
were all done within windows #ifdefs that are removed in this
change. Marc helped me verify this.
Fixes #6146
Closes #6281
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In the case of TFO, the remote host name is not resolved at the
connetion time.
For FTP that has lead to missing hostname for the secondary connection.
Therefore the name resolution is done at the time, when FTP requires it.
Fixes #6252
Closes #6265
Closes #6282
|
| |
|
|
|
|
|
| |
Reported-by: Kovalkov Dmitrii and Per Nilsson
Fixes #6254
Fixes #6256
Closes #6260
|
| |
|
|
|
|
| |
Reported-by: Junho Choi
Fixes #6213
Closes #6217
|
| |
|
|
|
|
|
|
|
|
| |
- NGTCP2_CRYPTO_LEVEL_APP -> NGTCP2_CRYPTO_LEVEL_APPLICATION
ngtcp2/ngtcp2@76232e9 changed the name.
ngtcp2 master is required to build curl with http3 support.
Closes https://github.com/curl/curl/pull/6271
|
| |
|
|
|
|
| |
The HAVE_LINUX_TCP_H define was not set by cmake.
Closes #6252
|
| |
|
|
|
|
|
| |
... and remove the old unused proto for the old Curl_splayremove
version.
Closes #6269
|
| |
|
|
|
|
| |
To fix a memory-leak.
Closes #6267
|
| |
|
|
|
|
| |
Follow-up to 4c9768565ec3a9 (from Sep 2008)
Closes #6268
|
| |
|
|
|
|
|
|
| |
... and simplify the too-long checks somewhat.
Detected by OSS-Fuzz
Closes #6264
|
| |
|
|
| |
Closes #6250
|
| |
|
|
| |
Closes #6250
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This field needs to be wide enough to hold sockaddr_in6 when
connecting via IPv6. Otherwise, ngtcp2_conn_read_pkt will drop the
packets because of the address mismatch:
I00000022 [...] con ignore packet from unknown path
We can safely assume that struct sockaddr_storage is available, as it
is used in the public interface of ngtcp2.
Closes #6250
|
| |
|
|
|
|
|
|
|
|
| |
The resolve call is done with the right port number, but the subsequent
check used the wrong one, which then could find a previous resolve which
would return and leave the fresh resolve "incomplete" and leaking
memory.
Fixes #6247
Closes #6253
|
| |
|
|
| |
... so don't define it when instructed to use c-ares!
|
| |
|
|
|
|
|
|
|
| |
file_disconnect() is identical with file_do() except the function header
but as the arguments are unused anyway so why not just return file_do()
directly!
Reviewed-by: Daniel Stenberg
Closes #6249
|
| |
|
|
|
|
| |
Update a few format specifiers to match what is being printed.
Closes #6241
|
| |
|
|
|
|
|
|
|
| |
The function has been removed from common usage. Also removed comment in
gopher.c that still referenced it.
Reported-by: Rikard Falkeborn
Fixes #6242
Closes #6243
|
| |
|
|
|
|
|
|
|
|
| |
To reduce use of types that can't be checked at compile time. Also
removes several typecasts.
... and rename the struct field from 'os_specific' to 'tdata'.
Closes #6239
Reviewed-by: Jay Satiro
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It requires the linker to support the `-municode` option.
This is available in more recent mingw-w64 releases.
Ref: https://gcc.gnu.org/onlinedocs/gcc/x86-Windows-Options.html
Ref: https://stackoverflow.com/questions/3571250/wwinmain-unicode-and-mingw/11706847#11706847
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad
Closes #6228
|
| |
|
|
|
|
|
| |
... to avoid the use of 'void *' for the protocol specific structs done
per transfer.
Closes #6238
|
| |
|
|
|
|
|
| |
Changes are mainly reordering and adding of includes required
to compile with a more recent version of GCC.
Closes #6220
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
EVP_MD_CTX_create will allocate memory for the context and returns
NULL in case the allocation fails. Make sure to catch any allocation
failures and exit early if so.
In passing, also move to EVP_DigestInit rather than EVP_DigestInit_ex
as the latter is intended for ENGINE selection which we don't do.
Closes #6224
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Emil Engler <me@emilengler.com>
|
| |
|
|
|
| |
Reviewed-by: Marcel Raad
Closes #6215
|
| |
|
|
|
|
| |
For thread-safety
Closes #6223
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
curl CMake was setting the the EXE flags for static libraries which made
the /manifest:no flag ended up when linking the static library, which is
not a valid flag for lib.exe or llvm-lib.exe and caused llvm-lib to exit
with an error.
The better way to handle this is to make sure that we pass the correct
linker flags to CMAKE_STATIC_LINKER_FLAGS instead.
Reviewed-by: Jakub Zakrzewski
Closes #6195
|
| |
|
|
|
|
|
|
|
| |
To make the code clearer, change the 'keepon' from an int to an enum
with better state names.
Reported-by: Niranjan Hasabnis
Bug: https://curl.se/mail/lib-2020-11/0026.html
Closes #6193
|
| |
|
|
|
|
|
|
|
| |
... instead of the limiting it to just the max input size. As every
input byte can be expanded to 3 output bytes, this could limit the input
string to 2.66 MB instead of the intended 8 MB.
Reported-by: Marc Schlatter
Closes #6192
|
| |
|
|
|
|
|
|
|
|
| |
By setting the speed limit time stamps unconditionally at transfer
start, we can start off a transfer without speed limits and yet allow
them to get set during transfer and have an effect.
Reported-by: Kael1117 on github
Fixes #6162
Closes #6184
|
| |
|
|
|
|
| |
'reset_stream' was added to the nghttp3_conn_callbacks struct
Closes #6185
|
| |
|
|
| |
Closes #6182
|
| |
|
|
| |
Closes #6175
|
| |
|
|
| |
Closes #6175
|
| |
|
|
|
|
|
|
| |
The line variable will always be NULL in the error path, so remove
the free call since it's pointless.
Closes #6170
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
| |
|
|
| |
Follow-up from 4d2f8006777
|
| |
|
|
| |
Closes #6172
|
| | |
|
| |
|
|
| |
Closes #6161
|
| |
|
|
|
|
|
|
| |
- read/write callback options
- man pages for the 4 new setopts
- test 1915 verifies the callbacks
Closes #5896
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- enable in the build (configure)
- header parsing
- host name lookup
- unit tests for the above
- CI build
- CURL_VERSION_HSTS bit
- curl_version_info support
- curl -V output
- curl-config --features
- CURLOPT_HSTS_CTRL
- man page for CURLOPT_HSTS_CTRL
- curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl)
- man page for --hsts
- save cache to disk
- load cache from disk
- CURLOPT_HSTS
- man page for CURLOPT_HSTS
- added docs/HSTS.md
- fixed --version docs
- adjusted curl_easy_duphandle
Closes #5896
|
| |
|
|
|
|
| |
Saves us from having the same check done everywhere.
Closes #6159
|
| |
|
|
| |
Closes #6153
|
| |
|
|
|
|
|
|
|
|
|
| |
... when the chunked framing was added, the size of the "body part" of
the data was calculated wrongly so the debug callback would get told a
header chunk a few bytes too big that would also contain the first few
bytes of the request body.
Reported-by: Dirk Wetter
Ref: #6144
Closes #6147
|
