summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* ESNI: initial build/setupNiall2019-10-021-0/+3
| | | | Closes #4011
* redirect: when following redirects to an absolute URL, URL encode itDaniel Stenberg2019-10-021-1/+2
| | | | | | | | ... to make it handle for example (RFC violating) embeded spaces. Reported-by: momala454 on github Fixes #4445 Closes #4447
* urlapi: fix URL encoding when setting a full URLDaniel Stenberg2019-10-021-1/+16
|
* CURLMOPT_MAX_CONCURRENT_STREAMS: new setoptKunal Ekawde2019-10-024-1/+24
| | | | Closes #4410
* chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING errorDaniel Stenberg2019-10-025-24/+39
| | | | | | | | | Unknown content-encoding would get returned as CURLE_WRITE_ERROR if the response is chunked-encoded. Reported-by: Ilya Kosarev Fixes #4310 Closes #4449
* checksrc: fix uninitialized variable warningMarcel Raad2019-10-011-1/+1
| | | | | | The loop doesn't need to be executed without a file argument. Closes https://github.com/curl/curl/pull/4444
* urlapi: fix unused variable warningMarcel Raad2019-10-011-0/+2
| | | | | | `dest` is only used with `ENABLE_IPV6`. Closes https://github.com/curl/curl/pull/4444
* lib: silence conversion warningsMarcel Raad2019-10-012-2/+2
| | | | Closes https://github.com/curl/curl/pull/4444
* altsvc: accept quoted ma and persist valuesDaniel Stenberg2019-09-301-1/+11
| | | | | | As mandated by the spec. Test 1654 is extended to verify. Closes #4443
* quiche: update HTTP/3 config creation to new APIlucas2019-09-291-1/+1
|
* cookies: using a share with cookies shouldn't enable the cookie engineDaniel Stenberg2019-09-283-2/+7
| | | | | | | | | | | | | | | | | The 'share object' only sets the storage area for cookies. The "cookie engine" still needs to be enabled or activated using the normal cookie options. This caused the curl command line tool to accidentally use cookies without having been told to, since curl switched to using shared cookies in 7.66.0. Test 1166 verifies Updated test 506 Fixes #4429 Closes #4434
* setopt: handle ALTSVC set to NULLDaniel Stenberg2019-09-271-1/+2
|
* FTP: url-decode path before evaluationZenju2019-09-272-170/+124
| | | | Closes #4428
* vtls: Fix comment typo about macosx-version-min compiler flagjulian2019-09-271-1/+1
| | | | Closes https://github.com/curl/curl/pull/4425
* quiche: don't close connection at end of stream!Daniel Stenberg2019-09-261-3/+1
|
* quiche: set 'drain' when returning without having drained the queuesDaniel Stenberg2019-09-261-4/+7
|
* Revert "FTP: url-decode path before evaluation"Daniel Stenberg2019-09-262-124/+172
| | | | This reverts commit 2f036a72d543e96128bd75cb0fedd88815fd42e2.
* FTP: url-decode path before evaluationZenju2019-09-262-172/+124
| | | | Closes #4423
* openssl: use strerror on SSL_ERROR_SYSCALLDaniel Stenberg2019-09-261-2/+8
| | | | | | | Instead of showing the somewhat nonsensical errno number, use strerror() to provide a more relatable error message. Closes #4411
* url: don't set appconnect time for non-ssl/non-ssh connectionsJay Satiro2019-09-262-1/+4
| | | | | | | | | | | | | | | | Prior to this change non-ssl/non-ssh connections that were reused set TIMER_APPCONNECT [1]. Arguably that was incorrect since no SSL/SSH handshake took place. [1]: TIMER_APPCONNECT is publicly known as CURLINFO_APPCONNECT_TIME in libcurl and %{time_appconnect} in the curl tool. It is documented as "the time until the SSL/SSH handshake is completed". Reported-by: Marcel Hernandez Ref: https://github.com/curl/curl/issues/3760 Closes https://github.com/curl/curl/pull/3773
* ngtcp2: remove fprintf() callsDaniel Stenberg2019-09-251-23/+17
| | | | | | | | - convert some of them to H3BUF() calls to infof() - remove some of them completely - made DEBUG_HTTP3 defined only if CURLDEBUG is set for now Closes #4421
* url: fix the NULL hostname compiler warning caseJay Satiro2019-09-251-6/+2
| | | | Closes #4403
* altsvc: correct the #ifdef for the ngtcp2 backendDaniel Stenberg2019-09-251-2/+2
|
* altsvc: save h3 as h3-23Daniel Stenberg2019-09-251-1/+1
| | | | Follow-up to d176a2c7e5
* urlapi: question mark within fragment is still fragmentDaniel Stenberg2019-09-241-4/+4
| | | | | | | | | | | The parser would check for a query part before fragment, which caused it to do wrong when the fragment contains a question mark. Extended test 1560 to verify. Reported-by: Alex Konev Fixes #4412 Closes #4413
* os400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr,Patrick Monnerat2019-09-241-1/+5
| | | | | | | | | As libcurl now uses these 2 system functions, wrappers are needed on os400 to convert returned AF_UNIX sockaddrs to ascii. This is a follow-up to commit 7fb54ef. See also #4037. Closes #4214
* strcase: fix raw lowercasing the letter XLucas Pardue2019-09-241-1/+1
| | | | | | | | | | | Casing mistake in Curl_raw_tolower 'X' wasn't lowercased as 'x' prior to this change. Follow-up to 0023fce which added the function several days ago. Ref: https://github.com/curl/curl/pull/4401#discussion_r327396546 Closes https://github.com/curl/curl/pull/4408
* http2: Expression 'stream->stream_id != - 1' is always trueDaniel Stenberg2019-09-231-11/+8
| | | | | PVS-Studio warning Fixes #4402
* http2: A value is being subtracted from the unsigned variableDaniel Stenberg2019-09-231-1/+2
| | | | | PVS-Studio warning Fixes #4402
* libssh: part of conditional expression is always true: !resultDaniel Stenberg2019-09-231-1/+1
| | | | | PVS-Studio warning Fixed #4402
* libssh: part of conditional expression is always trueDaniel Stenberg2019-09-231-1/+1
| | | | | PVS-Studio warning Fixes #4402
* libssh: The expression is excessive or contains a misprintDaniel Stenberg2019-09-231-1/+1
| | | | | PVS-Studio warning Fixes #4402
* quiche: The expression must be surrounded by parenthesesDaniel Stenberg2019-09-231-1/+1
| | | | | PVS-Studio warning Fixes #4402
* vauth: The parameter 'status' must be surrounded by parenthesesDaniel Stenberg2019-09-231-1/+1
| | | | | PVS-Studio warning Fixes #4402
* doh: allow only http and https in debug modePaul Dreik2019-09-231-0/+3
| | | | | | | | | | Otherwise curl may be told to use for instance pop3 to communicate with the doh server, which most likely is not what you want. Found through fuzzing. Closes #4406
* doh: return early if there is no time leftPaul Dreik2019-09-231-1/+4
| | | | Closes #4406
* http: lowercase headernames for HTTP/2 and HTTP/3Barry Pollard2019-09-235-3/+95
| | | | | Closes #4401 Fixes #4400
* vtls: fix narrowing conversion warningsMarcel Raad2019-09-239-19/+20
| | | | | | | Curl_timeleft returns `timediff_t`, which is 64 bits wide also on 32-bit systems since commit b1616dad8f0. Closes https://github.com/curl/curl/pull/4398
* openssl: fix compiler warning with LibreSSLMarcel Raad2019-09-221-1/+1
| | | | | | | | | | It was already fixed for BoringSSL in commit a0f8fccb1e0. LibreSSL has had the second argument to SSL_CTX_set_min_proto_version as uint16_t ever since the function was added in [0]. [0] https://github.com/libressl-portable/openbsd/commit/56f107201baefb5533486d665a58d8f57fd3aeda Closes https://github.com/curl/curl/pull/4397
* socks: Fix destination host shown on SOCKS5 errorJay Satiro2019-09-211-44/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this change when a server returned a socks5 connect error then curl would parse the destination address:port from that data and show it to the user as the destination: curld -v --socks5 10.0.3.1:1080 http://google.com:99 * SOCKS5 communication to google.com:99 * SOCKS5 connect to IPv4 172.217.12.206 (locally resolved) * Can't complete SOCKS5 connection to 253.127.0.0:26673. (1) curl: (7) Can't complete SOCKS5 connection to 253.127.0.0:26673. (1) That's incorrect because the address:port included in the connect error is actually a bind address:port (typically unused) and not the destination address:port. This fix changes curl to show the destination information that curl sent to the server instead: curld -v --socks5 10.0.3.1:1080 http://google.com:99 * SOCKS5 communication to google.com:99 * SOCKS5 connect to IPv4 172.217.7.14:99 (locally resolved) * Can't complete SOCKS5 connection to 172.217.7.14:99. (1) curl: (7) Can't complete SOCKS5 connection to 172.217.7.14:99. (1) curld -v --socks5-hostname 10.0.3.1:1080 http://google.com:99 * SOCKS5 communication to google.com:99 * SOCKS5 connect to google.com:99 (remotely resolved) * Can't complete SOCKS5 connection to google.com:99. (1) curl: (7) Can't complete SOCKS5 connection to google.com:99. (1) Ref: https://tools.ietf.org/html/rfc1928#section-6 Closes https://github.com/curl/curl/pull/4394
* altsvc: both backends run h3-23 nowDaniel Stenberg2019-09-211-1/+1
| | | | Closes #4395
* http: fix warning on conversion from int to bitDaniel Stenberg2019-09-211-3/+4
| | | | Follow-up from 03ebe66d70
* urldata: use 'bool' for the bit type on MSVC compilersDaniel Stenberg2019-09-211-193/+197
| | | | | Closes #4387 Fixes #4379
* FTP: FTPFILE_NOCWD: avoid redundant CWDsZenju2019-09-212-59/+62
| | | | Closes #4382
* cookie: pass in the correct cookie amount to qsort()Daniel Stenberg2019-09-211-6/+6
| | | | | | | | | As the loop discards cookies without domain set. This bug would lead to qsort() trying to sort uninitialized pointers. We have however not found it a security problem. Reported-by: Paul Dreik Closes #4386
* urlapi: avoid index underflow for short ipv6 hostnamesPaul Dreik2019-09-211-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the input hostname is "[", hlen will underflow to max of size_t when it is subtracted with 2. hostname[hlen] will then cause a warning by ubsanitizer: runtime error: addition of unsigned offset to 0x<snip> overflowed to 0x<snip> I think that in practice, the generated code will work, and the output of hostname[hlen] will be the first character "[". This can be demonstrated by the following program (tested in both clang and gcc, with -O3) int main() { char* hostname=strdup("["); size_t hlen = strlen(hostname); hlen-=2; hostname++; printf("character is %d\n",+hostname[hlen]); free(hostname-1); } I found this through fuzzing, and even if it seems harmless, the proper thing is to return early with an error. Closes #4389
* ngtcp2: compile with latest ngtcp2 + nghttp3 draft-23Tatsuhiro Tsujikawa2019-09-211-14/+13
| | | | Closes #4392
* libssh2: part of conditional expression is always true: !resultDaniel Stenberg2019-09-201-1/+1
| | | | | Fixes warning detected by PVS-Studio Fixes #4374
* urlapi: Expression 'storep' is always trueDaniel Stenberg2019-09-201-1/+2
| | | | | Fixes warning detected by PVS-Studio Fixes #4374
* urlapi: 'scheme' is always trueDaniel Stenberg2019-09-201-16/+15
| | | | | Fixes warning detected by PVS-Studio Fixes #4374
View Lorry Controller Status