summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* mime: fix signed/unsigned conversions.Patrick Monnerat2017-09-031-5/+14
| | | | Use and generate CURL_ZERO_TERMINATED in curl tool and tests.
* tool_formparse: fix some trivial warningsJay Satiro2017-09-031-4/+2
|
* mime: use size_t instead of ssize_t in public API interface.Patrick Monnerat2017-09-031-8/+10
| | | | | | | | | To support telling a string is nul-terminated, symbol CURL_ZERO_TERMINATED has been introduced. Documentation updated accordingly. symbols in versions updated. Added form API symbols deprecation info.
* mime: remove support "-" stdin pseudo-file name in curl_mime_filedata().Patrick Monnerat2017-09-032-7/+24
| | | | | | | | | | | | | | | This feature is badly supported in Windows: as a replacement, a caller has to use curl_mime_data_cb() with fread, fseek and possibly fclose callbacks to process opened files. The cli tool and documentation are updated accordingly. The feature is however kept internally for form API compatibility, with the known caveats it always had. As a side effect, stdin size is not determined by the cli tool even if possible and this results in a chunked transfer encoding. Test 173 is updated accordingly.
* mime: fix some implicit curl_off_t --> size_t conversion warnings.Patrick Monnerat2017-09-031-4/+8
|
* mime: use in curl cli tool instead of form API.Patrick Monnerat2017-09-0215-447/+707
| | | | | | Extended -F option syntax to support multipart mail messages. -F keyword headers= added to include custom headers in parts. Documentation upgraded.
* makefile.m32: add multissl supportViktor Szakats2017-08-301-8/+8
| | | | Closes https://github.com/curl/curl/pull/1840
* version: add the CURL_VERSION_MULTI_SSL feature flagJohannes Schindelin2017-08-281-1/+2
| | | | | | | This new feature flag reports When cURL was built with multiple SSL backends. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* metalink: allow compiling with multiple SSL backendsJohannes Schindelin2017-08-281-2/+4
| | | | | | | | | | | | Previously, the code assumed that at most one of the SSL backends would be compiled in, emulating OpenSSL's functions if the configured backend was not OpenSSL itself. However, now we allow building with multiple SSL backends and choosing one at runtime. Therefore, metalink needs to be adjusted to handle this scenario, too. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* curl: shorten and clean up CA cert verification error messageDaniel Stenberg2017-08-221-21/+7
| | | | | | | | | | The previous message was just too long for ordinary people and it was encouraging users to use `--insecure` a little too easy. Based-on-work-by: Frank Denis Closes #1810 Closes #1817
* tool_main: turn off MinGW CRT's globbingMarcel Raad2017-08-221-0/+9
| | | | | | | | | By default, the MinGW CRT globs command-line arguments. This prevents getting a single asterisk into an argument as test 1299 does. Turn off globbing by setting the global variable _CRT_glob to 0 for MinGW. Fixes https://github.com/curl/curl/issues/1751 Closes https://github.com/curl/curl/pull/1813
* makefile.m32: add support for libidn2Viktor Szakats2017-08-221-8/+8
| | | | | | | | libidn was replaced with libidn2 last year in configure. Caveat: libidn2 may depend on a list of further libs. These can be manually specified via CURL_LDFLAG_EXTRAS. Closes https://github.com/curl/curl/pull/1815
* metalink: adjust source code styleJohannes Schindelin2017-08-181-1/+1
| | | | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* CURL_SIZEOF_LONG: removed, use only SIZEOF_LONGDaniel Stenberg2017-08-171-7/+7
|
* system.h: remove all CURL_SIZEOF_* definesDaniel Stenberg2017-08-171-1/+1
| | | | | | | ... as they're not used externally and internally we check for the sizes already in configure etc. Closes #1767
* ssh: add the ability to enable compression (for SCP/SFTP)Viktor Szakats2017-08-174-0/+11
| | | | | | | | | | | | | | | | | | The required low-level logic was already available as part of `libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1] option.) This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION` (boolean) and the new `curl` command-line option `--compressed-ssh` to request this `libssh2` feature. To have compression enabled, it is required that the SSH server supports a (zlib) compatible compression method and that `libssh2` was built with `zlib` support enabled. [1] https://www.libssh2.org/libssh2_session_flag.html Ref: https://github.com/curl/curl/issues/1732 Closes https://github.com/curl/curl/pull/1735
* zsh.pl: produce a working completion script againKamil Dudka2017-08-151-1/+1
| | | | | | | | | | | Commit curl-7_54_0-118-g8b2f22e changed the output format of curl --help to use <file> and <dir> instead of FILE and DIR, which caused zsh.pl to produce a broken completion script: % curl --<TAB> _curl:10: no such file or directory: seconds Closes #1779
* strtoofft: reduce integer overflow risks globallyDaniel Stenberg2017-08-142-5/+16
| | | | | | | ... make sure we bail out on overflows. Reported-by: Brian Carpenter Closes #1758
* mkhelp.pl: allow executing this script directlyJay Satiro2017-08-101-1/+1
| | | | | | | | - Enable execute permission (chmod +x) - Change interpreter to /usr/bin/env perl Ref: https://github.com/curl/curl/issues/1743
* metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ insteadDaniel Stenberg2017-08-101-1/+1
|
* curl: do bounds check using a double comparisonAdam Sampson2017-08-091-1/+1
| | | | | | | | | | | | | The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't complete: if the parsed number in num is larger than will fit in a long, the conversion is undefined behaviour (causing test1427 to fail for me on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting rid of the cast means the comparison will be done using doubles. It might make more sense for the max argument to also be a double... Fixes #1750 Closes #1749
* docs/comments: Update to secure URL versionsViktor Szakats2017-08-082-2/+2
| | | | Closes #1741
* curl: detect and bail out early on parameter integer overflowsDaniel Stenberg2017-08-075-14/+36
| | | | | | | | | Make the number parser aware of the maximum limit curl accepts for a value and return an error immediately if larger, instead of running an integer overflow later. Fixes #1730 Closes #1736
* glob: do not continue parsing after a strtoul() overflow rangeDaniel Stenberg2017-08-071-1/+4
| | | | | | | | | Added test 1289 to verify. CVE-2017-1000101 Bug: https://curl.haxx.se/docs/adv_20170809A.html Reported-by: Brian Carpenter
* getparameter: avoid returning uninitialized 'usedarg'Daniel Stenberg2017-08-052-3/+3
| | | | Fixes #1728
* tool_help: clarify --include is only for response headersJay Satiro2017-07-291-1/+1
| | | | | | Follow-up to 171f8de. Ref: https://github.com/curl/curl/issues/1704
* make: fix docs build on OpenBSDRyan Winograd2017-07-101-0/+3
| | | | Ref: #1591
* curl_setup_once: Remove ERRNO/SET_ERRNO macrosJay Satiro2017-07-102-3/+3
| | | | | | | | | | | | Prior to this change (SET_)ERRNO mapped to GetLastError/SetLastError for Win32 and regular errno otherwise. I reviewed the code and found no justifiable reason for conflating errno on WIN32 with GetLastError/SetLastError. All Win32 CRTs support errno, and any Win32 multithreaded CRT supports thread-local errno. Fixes https://github.com/curl/curl/issues/895 Closes https://github.com/curl/curl/pull/1589
* tool_getparam: fix potentially uninitialized errJay Satiro2017-07-091-1/+2
|
* tool_cb_wrt: fix variable shadowing warningMarcel Raad2017-07-091-3/+3
| | | | | | | | | | | GCC 4.4 complains: tool_cb_wrt.c:81: error: declaration of ‘isatty’ shadows a global declaration /usr/include/unistd.h:782: error: shadowed declaration is here Fix this by renaming the variable. Closes https://github.com/curl/curl/pull/1661
* tool_sleep: typecast to avoid macos compiler warningDaniel Stenberg2017-07-041-2/+2
| | | | | | tool_sleep.c:54:24: error: implicit conversion loses integer precision: 'long' to '__darwin_suseconds_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
* make: build the docs subdir only from within srcDaniel Stenberg2017-06-301-4/+2
| | | | | | | | ... and don't build at all in include Prompted-by-work-by: Simon Warta Ref: #1590 Closes #1591
* curl --socks5-{basic,gssapi}: control socks5 authKamil Dudka2017-06-286-0/+30
| | | | Closes https://github.com/curl/curl/pull/1454
* tool_getparam: fix memory leak on test 1147 OOM (torture tests)Jay Satiro2017-06-261-1/+3
| | | | | Bug: https://github.com/curl/curl/pull/1486#issuecomment-310926872 Reported-by: Dan Fandrich
* --request-target: instead of --strip-path-slashDaniel Stenberg2017-06-215-14/+13
| | | | | | | | | | | | | | ... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH. This option instead provides the full "alternative" target to use in the request, instead of extracting the path from the URL. Test 1298 and 1299 updated accordingly. Idea-by: Evert Pot Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373 Closes #1593
* http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASHDaniel Stenberg2017-06-194-1/+11
| | | | | | | | | | | ... to enable sending "OPTIONS *" which wasn't possible previously. This option currently only works for HTTP. Added test cases 1298 + 1299 to verify Fixes #1280 Closes #1462
* automake: use $(MKHELP) variable instead if constant mkhelp.plSimon Warta2017-06-191-1/+1
| | | | this improves symmetry with the rule above
* mkhelp.pl: fix script name in usage textSimon Warta2017-06-191-1/+1
|
* tool_wrte_cb: remove check for config == NULLDaniel Stenberg2017-06-171-3/+0
| | | | | | | | | | ... as it really cannot have reached this far with config being NULL, thus this is unnecesary and misleading. Bug: https://news.ycombinator.com/item?id=14577585 and https://daniel.haxx.se/blog/2017/06/17/curl-doesnt-spew-binary-anymore/comment-page-1/#comment-18356 Forwarded-to-us-by: Jakub Wilk
* curl: prevent binary output spewed to terminalDaniel Stenberg2017-06-166-10/+46
| | | | | | | | | ... unless "--output -" is used. Binary detection is done by simply checking for a binary zero in early data. Added test 1425 1426 to verify. Closes #1512
* Makefile.m32: enable -W for MinGW32 buildMarcel Raad2017-06-161-1/+1
| | | | | | The configure-based build also has this in addition to -Wall. Closes https://github.com/curl/curl/pull/1578
* curl: allow --header and --proxy-header read from fileDaniel Stenberg2017-06-151-6/+36
| | | | | | | | So many headers can be provided as @filename. Suggested-by: Timothe Litt Closes #1486
* includes: remove curl/curlbuild.h and curl/curlrules.hDaniel Stenberg2017-06-142-6/+2
| | | | | | | | Rely entirely on curl/system.h now. Introduced in Aug 2008 with commit 14240e9e109f. Now gone. Fixes #1456
* urlglob: fix division by zeroDaniel Stenberg2017-06-131-1/+5
| | | | | | | | The multiply() function that is used to avoid integer overflows, was itself reason for a possible division by zero error when passed a specially formatted glob. Reported-by: GwanYeong Kim
* FindWin32CACert: Use a temporary buffer on the stackMichael Kaufmann2017-06-111-8/+2
| | | | | | | | | | | | Don't malloc() the temporary buffer, and use the correct type: SearchPath() works with TCHAR, but SearchPathA() works with char. Set the buffer size to MAX_PATH, because the terminating null byte is already included in MAX_PATH. Reviewed-by: Daniel Stenberg Reviewed-by: Marcel Raad Closes #1548
* metalink: remove unused printf() argumentDaniel Stenberg2017-06-071-2/+2
|
* tool_util: remove unused tvdiff_secs and remove tool_ prefixDaniel Stenberg2017-06-032-39/+9
| | | | Closes #1532
* build: provide easy code coverage measuringDaniel Stenberg2017-06-021-0/+4
| | | | Closes #1528
* time: fix type conversions and compiler warningsMichael Kaufmann2017-05-242-11/+2
| | | | | | | | | Fix bugs and compiler warnings on systems with 32-bit long and 64-bit time_t. Reviewed-by: Daniel Stenberg Closes #1499
* mkhelp.pl: do not add current time into curl binaryBernhard M. Wiedemann2017-05-171-1/+1
| | | | | | | | ... as part of hugehelpgz rodata to make build reproducible. See https://reproducible-builds.org/ for why this is good Closes #1490