summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* Curl_timeleft: change return type to timediff_tbagder/timeleft-timediff_tDaniel Stenberg2017-10-279-18/+19
| | | | | | returning 'time_t' was problematic when that type is unsigned and we check values less than zero to detect "already expired" on several places in the code.
* setopt: fix CURLOPT_SSH_AUTH_TYPES option readDaniel Stenberg2017-10-271-1/+1
| | | | | | Regression since f121575c0b5f Reported-by: Rob Cotrone
* resolvers: only include anything if neededMarcel Raad2017-10-275-27/+28
| | | | | | This avoids warnings about unused stuff. Closes https://github.com/curl/curl/pull/2023
* curl_setup.h: oops, shorten the too long lineDaniel Stenberg2017-10-271-2/+3
|
* curl_setup: Improve detection of CURL_WINDOWS_APPMartin Storsjo2017-10-271-1/+1
| | | | | | | | | | If WINAPI_FAMILY is defined, it should be safe to try to include winapifamily.h to check what the define evaluates to. This should fix detection of CURL_WINDOWS_APP if building with _WIN32_WINNT set to 0x0600. Closes #2025
* transfer: Fix chunked-encoding upload bugJay Satiro2017-10-261-2/+5
| | | | | | | | | | | | | | | | | | | | - When uploading via chunked-encoding don't compare file size to bytes sent to determine whether the upload has finished. Chunked-encoding adds its own overhead which why the bytes sent is not equal to the file size. Prior to this change if a file was uploaded in chunked-encoding and its size was known it was possible that the upload could end prematurely without sending the final few chunks. That would result in a server hang waiting for the remaining data, likely followed by a disconnect. The scope of this bug is limited to some arbitrary file sizes which have not been determined. One size that triggers the bug is 475020. Bug: https://github.com/curl/curl/issues/2001 Reported-by: moohoorama@users.noreply.github.com Closes https://github.com/curl/curl/pull/2010
* timeval: make timediff_t also work on 32bit windowsDaniel Stenberg2017-10-261-1/+1
| | | | | | | | | | ... by using curl_off_t for the typedef if time_t is larger than 4 bytes. Reported-by: Gisle Vanem Bug: https://github.com/curl/curl/commit/b9d25f9a6b3ca791385b80a6a3c3fa5ae113e1e0#co mmitcomment-25205058 Closes #2019
* curl_fnmatch: return error on illegal wildcard patternDaniel Stenberg2017-10-261-3/+5
| | | | | | | | | | ... instead of doing an infinite loop! Added test 1162 to verify. Reported-by: Max Dymond Fixes #2015 Closes #2017
* wildcards: don't use with non-supported protocolsMax Dymond2017-10-265-17/+27
| | | | | | Fixes timeouts in the fuzzing tests for non-FTP protocols. Closes #2016
* multi: allow table handle sizes to be overriddenMax Dymond2017-10-251-0/+2
| | | | | | | Allow users to specify their own hash define for CURL_CONNECTION_HASH_SIZE so that both values can be overridden. Closes #1982
* time: rename Curl_tvnow to Curl_nowDaniel Stenberg2017-10-2522-82/+72
| | | | | | | | | | ... since the 'tv' stood for timeval and this function does not return a timeval struct anymore. Also, cleaned up the Curl_timediff*() functions to avoid typecasts and clean up the descriptive comments. Closes #2011
* ftplistparser: follow-up cleanup to remove PL_ERROR()Daniel Stenberg2017-10-251-89/+78
|
* ftplistparser: free off temporary memory alwaysMax Dymond2017-10-251-41/+51
| | | | | | | | When using the FTP list parser, ensure that the memory that's allocated is always freed. Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3682 Closes #2013
* timediff: return timediff_t from the time diff functionsDaniel Stenberg2017-10-2518-101/+105
| | | | | | | | | | | | | | | ... to cater for systems with unsigned time_t variables. - Renamed the functions to curlx_timediff and Curl_timediff_us. - Added overflow protection for both of them in either direction for both 32 bit and 64 bit time_ts - Reprefixed the curlx_time functions to use Curl_* Reported-by: Peter Piekarski Fixes #2004 Closes #2005
* mk-ca-bundle: Remove URL for auroraJon DeVree2017-10-221-2/+0
| | | | | Aurora is no longer used by Mozilla https://hacks.mozilla.org/2017/04/simplifying-firefox-release-channels/
* mk-ca-bundle: Fix URL for NSSJon DeVree2017-10-221-1/+1
| | | | | | | The 'tip' is the most recent branch committed to, this should be 'default' like the URLs for the browser are. Closes #1998
* imap: if a FETCH response has no size, don't call write callbackDaniel Stenberg2017-10-221-0/+5
| | | | | | | CVE-2017-1000257 Reported-by: Brian Carpenter and 0xd34db347 Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586
* ftp: reject illegal IP/port in PASV 227 responseDaniel Stenberg2017-10-201-4/+5
| | | | | | | | | | ... by using range checks. Among other things, this avoids an undefined behavior for a left shift that could happen on negative or very large values. Closes #1997 Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694
* mime: do not reuse previously computed multipart sizePatrick Monnerat2017-10-201-1/+1
| | | | | | | The contents might have changed: size must be recomputed. Reported-by: moteus on github Fixes #1999
* vtls: change struct Curl_ssl `close' field name to `close_one'.Patrick Monnerat2017-10-1912-14/+14
| | | | | On OS/400, `close' is an ASCII system macro that corrupts the code if not used in a context not targetting the close() system API.
* os400: add missing symbols in config file.Patrick Monnerat2017-10-191-2/+8
| | | | Also adjust makefile to renamed files and warn about installation dirs mix-up.
* mime: limit bas64-encoded lines length to 76 charactersPatrick Monnerat2017-10-191-2/+2
|
* setopt: range check most long optionsDaniel Stenberg2017-10-161-39/+154
| | | | | ... filter early instead of risking "funny values" having to be dealt with elsewhere.
* setopt: avoid integer overflows when setting millsecond valuesDaniel Stenberg2017-10-161-3/+15
| | | | | | | | | | | | | ... that are multiplied by 1000 when stored. For 32 bit long systems, the max value accepted (2147483 seconds) is > 596 hours which is unlikely to ever be set by a legitimate application - and previously it didn't work either, it just caused undefined behavior. Also updated the man pages for these timeout options to mention the return code. Closes #1938
* makefile.m32: allow to override gcc, ar and ranlibViktor Szakats2017-10-151-4/+14
| | | | | | | | | | | | | Allow to ovverride certain build tools, making it possible to use LLVM/Clang to build curl. The default behavior is unchanged. To build with clang (as offered by MSYS2), these settings can be used: CURL_CC=clang CURL_AR=llvm-ar CURL_RANLIB=llvm-ranlib Closes https://github.com/curl/curl/pull/1993
* ldap: silence clang warningViktor Szakats2017-10-151-1/+3
| | | | | | | Use memset() to initialize a structure to avoid LLVM/Clang warning: ldap.c:193:39: warning: missing field 'UserLength' initializer [-Wmissing-field-initializers] Closes https://github.com/curl/curl/pull/1992
* memdebug: trace send, recv and socketDaniel Stenberg2017-10-143-4/+43
| | | | | | ... to allow them to be included in torture tests too. closes #1980
* mime: do not call failf() if easy handle is NULL.Patrick Monnerat2017-10-131-1/+2
|
* mime: fix the content reader to handle >16K data properlyDaniel Stenberg2017-10-131-2/+1
| | | | | Reported-by: Jeroen Ooms Closes #1988
* mime: keep "text/plain" content type if user-specified.Patrick Monnerat2017-10-122-9/+12
| | | | | | Include test cases in 554, 587, 650. Fixes https://github.com/curl/curl/issues/1986
* url: Update current connection SSL verify params in setoptArtak Galoyan2017-10-111-0/+30
| | | | | | | | | | | | | | | | Now VERIFYHOST, VERIFYPEER and VERIFYSTATUS options change during active connection updates the current connection's (i.e.'connectdata' structure) appropriate ssl_config (and ssl_proxy_config) structures variables, making these options effective for ongoing connection. This functionality was available before and was broken by the following change: "proxy: Support HTTPS proxy and SOCKS+HTTP(s)" CommitId: cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151. Bug: https://github.com/curl/curl/issues/1941 Closes https://github.com/curl/curl/pull/1951
* openssl: don't use old BORINGSSL_YYYYMM macrosDavid Benjamin2017-10-111-3/+2
| | | | | | | | | | | Those were temporary things we'd add and remove for our own convenience long ago. The last few stayed around for too long as an oversight but have since been removed. These days we have a running BORINGSSL_API_VERSION counter which is bumped when we find it convenient, but 2015-11-19 was quite some time ago, so just check OPENSSL_IS_BORINGSSL. Closes #1979
* smtp_done: free data before returning (on send failure)Daniel Stenberg2017-10-101-3/+3
| | | | | | | | | | ... as otherwise it could leak that memory. Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600 Assisted-by: Max Dymond Closes #1977
* FTP: URL decode path for dir listing in nocwd modeDaniel Stenberg2017-10-101-12/+9
| | | | | | | | Reported-by: Zenju on github Test 244 added to verify Fixes #1974 Closes #1976
* openssl: enable PKCS12 support for !BoringSSLDaniel Stenberg2017-10-091-2/+4
| | | | | | | | | Enable PKCS12 for all non-boringssl builds without relying on configure or cmake checks. Bug: https://curl.haxx.se/mail/lib-2017-10/0007.html Reported-by: Christian Schmitz Closes #1948
* mime: properly unbind mime structure in curl_mime_free().Patrick Monnerat2017-10-091-0/+1
| | | | | | | This allows freeing a mime structure bound to the easy handle before curl_easy_cleanup(). Fixes #1970.
* RTSP: avoid integer overflow on funny RTSP responseDaniel Stenberg2017-10-091-2/+4
| | | | | | | | | ... like a very large non-existing RTSP version number. Added test 577 to verify. Detected by OSS-fuzz. Closes #1969
* mime: refuse to add subparts to one of their own descendants.Patrick Monnerat2017-10-081-0/+15
| | | | | Reported-by: Alexey Melnichuk Fixes #1962
* mime: avoid resetting a part's encoder when part's contents change.Patrick Monnerat2017-10-081-1/+0
|
* mime: improve unbinding top multipart from easy handle.Patrick Monnerat2017-10-083-13/+45
| | | | Also avoid dangling pointers in referencing parts.
* mime: be tolerant about setting twice the same header list in a part.Patrick Monnerat2017-10-081-1/+2
|
* Revert "multi_done: wait for name resolve to finish if still ongoing"Daniel Stenberg2017-10-081-6/+0
| | | | | | | | | This reverts commit f3e03f6c0ac52a1bf396e03f7d7e9b5b3b7165fe. Caused memory leaks in the fuzzer, needs to be done differently. Disable test 1553 for now too, as it causes memory leaks without this commit!
* remove_handle: call multi_done() first, then clear dns cache pointerDaniel Stenberg2017-10-071-6/+7
| | | | Closes #1960
* multi_done: wait for name resolve to finish if still ongoingDaniel Stenberg2017-10-071-0/+6
| | | | ... as we must clean up memory.
* pingpong: return error when trying to send without connectionDaniel Stenberg2017-10-071-2/+9
| | | | | | | | | | | | | When imap_done() got called before a connection is setup, it would try to "finish up" and dereffed a NULL pointer. Test case 1553 managed to reproduce. I had to actually use a host name to try to resolve to slow it down, as using the normal local server IP will make libcurl get a connection in the first curl_multi_perform() loop and then the bug doesn't trigger. Fixes #1953 Assisted-by: Max Dymond
* vtls: fix warnings with --disable-crypto-authMarcel Raad2017-10-061-0/+4
| | | | | When CURL_DISABLE_CRYPTO_AUTH is defined, Curl_none_md5sum's parameters are not used.
* multi_cleanup: call DONE on handles that never got thatDaniel Stenberg2017-10-061-18/+21
| | | | | | | | | | | ... fixes a memory leak with at least IMAP when remove_handle is never called and the transfer is abruptly just abandoned early. Test 1552 added to verify Detected by OSS-fuzz Assisted-by: Max Dymond Closes #1954
* strtoofft: Remove extraneous null checkBenbuck Nason2017-10-061-1/+4
| | | | | | | Fixes #1950: curlx_strtoofft() doesn't fully protect against null 'str' argument. Closes #1952
* openssl: fix build without HAVE_OPAQUE_EVP_PKEYDaniel Stenberg2017-10-061-1/+1
| | | | | | Reported-by: Javier Sixto Fixes #1955 Closes #1956
* lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSSViktor Szakats2017-10-061-2/+0
| | | | | | | | | | | | | | | | | The source code is now prepared to handle the case when both Win32 Crypto and OpenSSL/NSS crypto backends are enabled at the same time, making it now possible to enable `USE_WIN32_CRYPTO` whenever the targeted Windows version supports it. Since this matches the minimum Windows version supported by curl (Windows 2000), enable it unconditionally for the Win32 platform. This in turn enables SMB (and SMBS) protocol support whenever Win32 Crypto is available, regardless of what other crypto backends are enabled. Ref: https://github.com/curl/curl/pull/1840#issuecomment-325682052 Closes https://github.com/curl/curl/pull/1943
View Lorry Controller Status