summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* vtls: Only call add/getsession if session id is enabledJay Satiro2016-06-229-243/+283
| | | | | | | | | | | Prior to this change we called Curl_ssl_getsessionid and Curl_ssl_addsessionid regardless of whether session ID reusing was enabled. According to comments that is in case session ID reuse was disabled but then later enabled. The old way was not intuitive and probably not something users expected. When a user disables session ID caching I'd guess they don't expect the session ID to be cached anyway in case the caching is later enabled.
* cleanup: fix method names in code commentsMichael Kaufmann2016-06-212-4/+4
| | | | Closes #887
* openssl: use more 'const' to fix build warnings with 1.1.0 branchDaniel Stenberg2016-06-191-18/+21
|
* openssl: fix cert check with non-DNS name fields presentDaniel Stenberg2016-06-161-7/+20
| | | | | | | Regression introduced in 5f5b62635 (released in 7.48.0) Reported-by: Fabian Ruff Fixes #875
* axtls: Use Curl_wait_ms instead of the less-portable usleepDan Fandrich2016-06-161-1/+1
|
* axtls: Fixed compile after compile 31c521b0Dan Fandrich2016-06-161-2/+2
|
* resolve: enable protocol family logic for synthesized IPv6Luo Jinghua2016-06-071-2/+3
| | | | | | | | | | | | | | - Enable protocol family logic for IPv6 resolves even when support for synthesized addresses is enabled. This is a follow up to the parent commit that added support for synthesized IPv6 addresses from IPv4 on iOS/OS X. The protocol family logic needed for IPv6 was inadvertently excluded if support for synthesized addresses was enabled. Bug: https://github.com/curl/curl/issues/863 Ref: https://github.com/curl/curl/pull/866 Ref: https://github.com/curl/curl/pull/867
* resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOSLuo Jinghua2016-06-075-2/+69
| | | | | | | | | Use getaddrinfo() to resolve the IPv4 address literal on iOS/Mac OS X. If the current network interface doesn’t support IPv4, but supports IPv6, NAT64, and DNS64. Closes #866 Fixes #863
* schannel: Disable ALPN on Windows < 8.1Steve Holme2016-06-061-4/+13
| | | | | | | | | | Calling QueryContextAttributes with SECPKG_ATTR_APPLICATION_PROTOCOL fails on Windows < 8.1 so we need to disable ALPN on these OS versions. Inspiration provide by: Daniel Seither Closes #848 Fixes #840
* checksrc: Add LoadLibrary to the banned functions listJay Satiro2016-06-052-2/+11
| | | | | LoadLibrary was supplanted by Curl_load_library for security reasons in 6df916d.
* http: Fix HTTP/2 connection reuseJay Satiro2016-06-051-0/+7
| | | | | | | | | | - Change the parser to not require a minor version for HTTP/2. HTTP/2 connection reuse broke when we changed from HTTP/2.0 to HTTP/2 in 8243a95 because the parser still expected a minor version. Bug: https://github.com/curl/curl/issues/855 Reported-by: Andrew Robbins, Frank Gevaerts
* connect.c: Fixed compilation warning from commit 332e8d6164Steve Holme2016-06-041-1/+2
| | | | connect.c:952:5: warning: suggest explicit braces to avoid ambiguous 'else'
* win32: Used centralised verify windows version functionSteve Holme2016-06-043-108/+10
| | | | Closes #845
* win32: Added verify windows version functionalitySteve Holme2016-06-041-5/+130
|
* win32: Introduced centralised verify windows version functionSteve Holme2016-06-042-3/+61
|
* makefile.m32: add crypt32 for winssl buildsViktor Szakats2016-06-011-0/+4
| | | | | | Dependency added by 6cabd78 Closes #849
* vtls: fix ssl session cache race conditionIvan Avdeev2016-06-0111-53/+117
| | | | | | | | | | | | | | | | | | | | | | Sessionid cache management is inseparable from managing individual session lifetimes. E.g. for reference-counted sessions (like those in SChannel and OpenSSL engines) every session addition and removal should be accompanied with refcount increment and decrement respectively. Failing to do so synchronously leads to a race condition that causes symptoms like use-after-free and memory corruption. This commit: - makes existing session cache locking explicit, thus allowing individual engines to manage lock's scope. - fixes OpenSSL and SChannel engines by putting refcount management inside this lock's scope in relevant places. - adds these explicit locking calls to other engines that use sessionid cache to accommodate for this change. Note, however, that it is unknown whether any of these engines could also have this race. Bug: https://github.com/curl/curl/issues/815 Fixes #815 Closes #847
* schannel: add CURLOPT_CERTINFO supportAndrew Kurushin2016-06-014-5/+34
| | | | Closes #822
* openssl: rename the private SSL_strerrorDaniel Stenberg2016-05-311-6/+6
| | | | ... to make it not look like an OpenSSL function
* openssl: Use correct buffer sizes for error messagesMichael Kaufmann2016-05-311-8/+8
| | | | Closes #844
* URL parser: allow URLs to use one, two or three slashesDaniel Stenberg2016-05-301-5/+25
| | | | | | | | | | | | | Mostly in order to support broken web sites that redirect to broken URLs that are accepted by browsers. Browsers are typically even more leniant than this as the WHATWG URL spec they should allow an _infinite_ amount. I tested 8000 slashes with Firefox and it just worked. Added test case 1141, 1142 and 1143 to verify the new parser. Closes #791
* cmake: Added missing mbedTLS supportRenaud Lehoux2016-05-301-0/+3
| | | | Closes #837
* mbedtls: removed unused variablesRenaud Lehoux2016-05-301-8/+0
| | | | Closes #838
* http: add CURLINFO_HTTP_VERSION and %{http_version}Frank Gevaerts2016-05-301-0/+16
| | | | | | | Adds access to the effectively used http version to both libcurl and curl. Closes #799
* openssl: fix build with OPENSSL_NO_COMPMarcel Raad2016-05-301-2/+7
| | | | | | | With OPENSSL_NO_COMP defined, there is no function SSL_COMP_free_compression_methods Closes #836
* memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNCGisle Vanem2016-05-301-1/+1
| | | | Fixes #828
* loadlibrary: Only load system DLLs from the system directorySteve Holme2016-05-306-7/+179
| | | | | | | | Inspiration provided by: Daniel Stenberg and Ray Satiro Bug: https://curl.haxx.se/docs/adv_20160530.html Ref: Windows DLL hijacking with curl, CVE-2016-4802
* ssh: fix version number check typoDaniel Stenberg2016-05-301-1/+1
|
* ssh: fix build for libssh2 before 1.2.6Daniel Stenberg2016-05-291-1/+9
| | | | | | | The statvfs functionality was added to libssh2 in that version, so we switch off that functionality when built with older libraries. Fixes #831
* mbedtls: fix includes so snprintf() worksDaniel Stenberg2016-05-241-3/+2
| | | | | | | | Regression from the previous *printf() rearrangements, this file missed to include the correct header to make sure snprintf() works universally. Reported-by: Moti Avrahami Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html
* checksrc.pl: Added variants of strcat() & strncat() to banned function listSteve Holme2016-05-231-1/+1
| | | | | Added support for checking the tchar, unicode and mbcs variants of strcat() and strncat() in the banned function list.
* smtp: minor ident (white space) fixesDaniel Stenberg2016-05-231-8/+8
|
* openssl: cleanup must free compression methodsJay Satiro2016-05-201-0/+5
| | | | | | | - Free compression methods if OpenSSL 1.0.2 to avoid a memory leak. Bug: https://github.com/curl/curl/issues/817 Reported-by: jveazey@users.noreply.github.com
* curl_multibyte: fix compiler errorGisle Vanem2016-05-201-0/+2
| | | | | | | | | | | While compiling lib/curl_multibyte.c with '-DUSE_WIN32_IDN' etc. I was getting: f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2054: expected '(' to follow 'CURL_EXTERN' f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2085: 'curl_domalloc': not in formal parameter list
* openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0Daniel Stenberg2016-05-191-4/+4
| | | | See OpenSSL commit 21e001747d4a
* http2: use HTTP/2 in the HTTP/1.1-alike headerDaniel Stenberg2016-05-191-1/+1
| | | | | ... when generating them, not "2.0" as the protocol is called just HTTP/2 and nothing else.
* schannel: fix compile break with MSVC XP toolsetMarcel Raad2016-05-181-1/+1
| | | | | | | For the Windows XP toolset of Visual C++ 2013/2015, the old Windows SDK 7.1 is used. In this case, _USING_V110_SDK71_ is defined. Closes #812
* mbedtls/polarssl: set "hostname" unconditionallyDaniel Stenberg2016-05-172-14/+12
| | | | | | | | | | | ...as otherwise the TLS libs will skip the CN/SAN check and just allow connection to any server. curl previously skipped this function when SNI wasn't used or when connecting to an IP address specified host. CVE-2016-3739 Bug: https://curl.haxx.se/docs/adv_20160518A.html Reported-by: Moti Avrahami
* openssl: get_cert_chain: fix NULL dereferenceDaniel Stenberg2016-05-171-3/+5
| | | | CID 1361815: Explicit null dereferenced (FORWARD_NULL)
* openssl: get_cert_chain: avoid NULL dereferenceDaniel Stenberg2016-05-171-3/+5
| | | | CID 1361811: Explicit null dereferenced (FORWARD_NULL)
* dprintf_formatf: fix (false?) Coverity warningDaniel Stenberg2016-05-171-55/+58
| | | | | | | | | | CID 1024412: Memory - illegal accesses (OVERRUN). Claimed to happen when we run over 'workend' but the condition says <= workend and for all I can see it should be safe. Compensating for the warning by adding a byte margin in the buffer. Also, removed the extra brace level indentation in the code and made it so that 'workend' is only assigned once within the function.
* ftp: fix incorrect out-of-memory code in Curl_pretransferJay Satiro2016-05-151-1/+1
| | | | | | | | - Return value type must match function type. s/CURLM_OUT_OF_MEMORY/CURLE_OUT_OF_MEMORY/ Caught by Travis CI
* ftp wildcard: segfault due to init only in multi_performDaniel Stenberg2016-05-153-15/+16
| | | | | | | | | | | | The proper FTP wildcard init is now more properly done in Curl_pretransfer() and the corresponding cleanup in Curl_close(). The previous place of init/cleanup code made the internal pointer to be NULL when this feature was used with the multi_socket() API, as it was made within the curl_multi_perform() function. Reported-by: Jonathan Cardoso Machado Fixes #800
* darwinssl.c: fix OS X codename typo in commentViktor Szakats2016-05-131-1/+1
|
* mprintf: Fix processing of width and prec argsJay Satiro2016-05-131-20/+40
| | | | | | | | | | | | | | | | | Prior to this change a width arg could be erroneously output, and also width and precision args could not be used together without crashing. "%0*d%s", 2, 9, "foo" Before: "092" After: "09foo" "%*.*s", 5, 2, "foo" Before: crash After: " fo" Test 557 is updated to verify this and more
* ConnectionExists: follow-up fix for proxy re-useMichael Kaufmann2016-05-131-17/+17
| | | | | | Follow-up commit to 5823179 Closes #648
* darwinssl: fix certificate verification disable on OS X 10.8Per Malmberg2016-05-121-4/+11
| | | | | | | | | The new way of disabling certificate verification doesn't work on Mountain Lion (OS X 10.8) so we need to use the old way in that version too. I've tested this solution on versions 10.7.5, 10.8, 10.9, 10.10.2 and 10.11. Closes #802
* http2: Add space between colon and header valueCory Benfield2016-05-121-2/+2
| | | | | | | | | | | | | | | | | | | | curl's representation of HTTP/2 responses involves transforming the response to a format that is similar to HTTP/1.1. Prior to this change, curl would do this by separating header names and values with only a colon, without introducing a space after the colon. While this is technically a valid way to represent a HTTP/1.1 header block, it is much more common to see a space following the colon. This change introduces that space, to ensure that incautious tools are safely able to parse the header block. This also ensures that the difference between the HTTP/1.1 and HTTP/2 response layout is as minimal as possible. Bug: https://github.com/curl/curl/issues/797 Closes #798 Fixes #797
* openssl: fix compile-time warning in Curl_ossl_check_cxn()Kamil Dudka2016-05-121-1/+1
| | | | | | | | | ... introduced in curl-7_48_0-293-g2968c83: Error: COMPILER_WARNING: lib/vtls/openssl.c: scope_hint: In function ‘Curl_ossl_check_cxn’ lib/vtls/openssl.c:767:15: warning: conversion to ‘int’ from ‘ssize_t’ may alter its value [-Wconversion]
* openssl: stricter connection check functionJay Satiro2016-05-111-7/+36
| | | | | | | | | | - In the case of recv error, limit returning 'connection still in place' to EINPROGRESS, EAGAIN and EWOULDBLOCK. This is an improvement on the parent commit which changed the openssl connection check to use recv MSG_PEEK instead of SSL_peek. Ref: https://github.com/curl/curl/commit/856baf5#comments