Commit Graph

22784 Commits

Author SHA1 Message Date
rouzier 945df74101
Closes #2239
2018-01-15 23:06:58 +01:00
Daniel Stenberg 8dd4edeb90
smtp/pop3/imap_get_message: decrease the data length too...
Follow-up commit to 615edc1f73 which was incomplete.

Assisted-by: Max Dymond
Detected by OSS-fuzz
2018-01-15 21:40:52 +01:00
Daniel Stenberg 84fcaa2e73
openssl: enable SSLKEYLOGFILE support by default
Fixes #2210
Closes #2236
2018-01-15 10:33:08 +01:00
Patrick Monnerat e44ddfd477 mime: clone mime tree upon easy handle duplication.
A mime tree attached to an easy handle using CURLOPT_MIMEPOST is
strongly bound to the handle: there is a pointer to the easy handle in
each item of the mime tree and following the parent pointer list
of mime items ends in a dummy part stored within the handle.

Because of this binding, a mime tree cannot be shared between different
easy handles, thus it needs to be cloned upon easy handle duplication.

There is no way for the caller to get the duplicated mime tree
handle: it is then set to be automatically destroyed upon freeing the
new easy handle.

New test 654 checks proper mime structure duplication/release.

Add a warning note in curl_mime_data_cb() documentation about sharing
user data between duplicated handles.

Closes #2235
2018-01-14 19:43:12 +01:00
Patrick Monnerat 2c821bba85 docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata 2018-01-14 16:08:43 +01:00
Daniel Stenberg a06311be27
test395: HTTP with overflow Content-Length value 2018-01-13 22:49:31 +01:00
Daniel Stenberg 67595e7d23
test394: verify abort of rubbish in Content-Length: value 2018-01-13 22:49:31 +01:00
Daniel Stenberg ac17d79473
test393: verify --max-filesize with excessive Content-Length 2018-01-13 22:49:31 +01:00
Daniel Stenberg f68e672715
HTTP: bail out on negative Content-Length: values
... and make the max filesize check trigger if the value is too big.

Updates test 178.

Reported-by: Brad Spencer
Fixes #2212
Closes #2223
2018-01-13 22:49:04 +01:00
Dan Johnson 0616dfa1e0 append extra linker flags instead of prepending them.
Link order should list libraries after the libraries that use them,
so when we're guessing that we might also need to add -ldl in order
to use -lssl, we should add -ldl after -lssl.

2018-01-13 10:46:57 +01:00
Daniel Stenberg 650b9c1d65
RELEASE-NOTES: synced with 6fa10c8fa 2018-01-13 10:30:25 +01:00
Jay Satiro 6fa10c8fa2 setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
Broken since f121575 (precedes 7.56.1).


2018-01-13 02:57:30 -05:00
Patrick Monnerat 3b548ffde9 setopt: reintroduce non-static Curl_vsetopt() for OS400 support
This also upgrades ILE/RPG bindings with latest setopt options.

Reported-By: jonrumsey on github
Fixes #2230
Closes #2233
2018-01-13 01:28:19 +01:00
Zhouyihai Ding fa3dbb9a14 http2: fix incorrect trailer buffer size
Prior to this change the stored byte count of each trailer was
miscalculated and 1 less than required. It appears any trailer
after the first that was passed to Curl_client_write would be truncated
or corrupted as well as the size. Potentially the size of some
subsequent trailer could be erroneously extracted from the contents of
that trailer, and since that size is used by client write an
out-of-bounds read could occur and cause a crash or be otherwise
processed by client write.

The bug appears to have been born in 0761a51 (precedes 7.49.0).

2018-01-11 02:33:24 -05:00
Basuke Suzuki 2a6dbb8155 easy: fix connection ownership in curl_easy_pause
Before calling Curl_client_chop_write(), change the owner of connection
to the current Curl_easy handle. This will fix the issue #2217.

2018-01-09 02:50:18 -05:00
Dimitrios Apostolou 89f6804734 system.h: Additionally check __LONG_MAX__ for defining curl_off_t
__SIZEOF_LONG__ was introduced in GCC 4.4, __LONG_MAX__ was introduced
in GCC 3.3.

Closes #2216
2018-01-09 17:46:49 +13:00
Daniel Stenberg 14d07be37b COPYING: it's 2018! 2018-01-09 17:08:14 +13:00
Daniel Stenberg a8ce5efba9 progress: calculate transfer speed on milliseconds if possible
to increase accuracy for quick transfers

Fixes #2200
Closes #2206
2018-01-08 23:45:09 +13:00
Jay Satiro d4e40f0690 scripts: allow all perl scripts to be run directly
- Enable execute permission (chmod +x)

- Change interpreter to /usr/bin/env perl

2018-01-07 15:42:11 -05:00
Jay Satiro e4f86025d6 mail-rcpt.d: fix short-text description 2018-01-07 01:04:36 -05:00
Jay Satiro 908a9a6742 build: remove HAVE_LIMITS_H check
.. because limits.h presence isn't optional, it's required by C89.


2018-01-05 23:34:30 -05:00
Jay Satiro 129390a518 openssl: fix memory leak of SSLKEYLOGFILE filename
- Free the copy of SSLKEYLOGFILE env returned by curl_getenv during ossl

Caught by ASAN.
2018-01-03 15:22:41 -05:00
Jay Satiro 272613df02 Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX"
This reverts commit c97648b550.

SIZEOF_LONG should not be checked in system.h since that macro is only
defined when building libcurl.

2018-01-02 15:54:33 -05:00
Michael Kaufmann 481539e902 test1554: improve the error handling 2017-12-30 16:52:51 +01:00
Michael Kaufmann 593dcc553a test1554: add global initialization and cleanup 2017-12-30 16:43:50 +01:00
Daniel Stenberg dc831260b2 curl_version_info.3: call the argument 'age'
Reported-by: Pete Lomax
2017-12-29 22:15:12 +13:00
Mikalai Ananenka 58d7cd28a0 brotli: data at the end of content can be lost
Decoding loop implementation did not concern the case when all
received data is consumed by Brotli decoder and the size of decoded
data internally hold by Brotli decoder is greater than CURL_MAX_WRITE_SIZE.
For content with unencoded length greater than CURL_MAX_WRITE_SIZE this
can result in the loss of data at the end of content.

Closes #2194
2017-12-27 13:00:54 +01:00
Jay Satiro a0f3eaf25d examples/cacertinmem: ignore cert-already-exists error
- Ignore X509_R_CERT_ALREADY_IN_HASH_TABLE errors in the CTX callback
  since it's possible the cert may have already been loaded by libcurl.

- Remove the EXAMPLE code in the CURLOPT_SSL_CTX_FUNCTION.3 doc.
  Instead have it direct the reader to this cacertinmem.c example.

- Fix the CA certificate to use the right CA for, Digicert.

Reported-by: Thomas van Hesteren

2017-12-26 02:08:35 -05:00
Gisle Vanem 859ac36021 tool_getparam: Support size modifiers for --max-filesize
- Move the size modifier detection code from limit-rate to its own
  function so that it can also be used with max-filesize.

Size modifiers are the suffixes such as G (gigabyte), M (megabyte) etc.

For example --max-filesize 1G


2017-12-26 02:01:48 -05:00
Steve Holme b399b04902 build: Fixed incorrect script termination from commit ad1dc10e61 2017-12-22 20:21:40 +00:00
Steve Holme a9b774a773 Added our standard copyright header 2017-12-22 18:49:37 +00:00
Steve Holme 22fddb85ac winbuild: Added support for VC15 2017-12-22 18:44:35 +00:00
Steve Holme ad1dc10e61 build: Added Visual Studio 2017 project files 2017-12-22 17:58:41 +00:00
Steve Holme d409640d66 build-wolfssl.bat: Added support for VC15 2017-12-22 16:08:54 +00:00
Steve Holme a4e88317dd build-openssl.bat: Added support for VC15 2017-12-22 15:44:19 +00:00
Dimitrios Apostolou c97648b550 curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX
2017-12-22 03:04:36 -05:00
Mattias Fornander b437557896 examples/rtsp: fix error handling macros
2017-12-22 02:59:08 -05:00
Patrick Monnerat f009bbe1f6 curl_easy_reset: release mime-related data.
Move curl_mime_initpart() and curl_mime_cleanpart() calls to lower-level
functions dealing with UserDefined structure contents.
This avoids memory leakages on curl-generated part mime headers.
New test 2073 checks this using the cli tool --next option: it
triggers a valgrind error if bug is present.

Reported-by: Martin Galvan
2017-12-20 19:33:50 +01:00
Patrick Monnerat 4acc9d3d1a content_encoding: rework zlib_inflate
- When zlib version is <, process gzip trailer before considering
extra data as an error.
- Inflate with Z_BLOCK instead of Z_SYNC_FLUSH to maximize correct data
and minimize corrupt data output.
- Do not try to restart deflate decompression in raw mode if output has
started or if the leading data is not available anymore.
- New test 232 checks inflating raw-deflated content.

Closes #2068
2017-12-20 16:02:42 +01:00
Patrick Monnerat e639d4ca4d brotli: allow compiling with version 0.6.0.
Some error codes were not yet defined in brotli 0.6.0: do not issue code
for them in this case.
2017-12-20 15:30:35 +01:00
Daniel Stenberg 9c6a6be882
CURLOPT_READFUNCTION.3: refer to argument with correct name
Bug: #2175

[ci skip]
2017-12-13 08:18:10 +01:00
Daniel Stenberg 02f207a76b
rand: add a clang-analyzer work-around
scan-build would warn on a potential access of an uninitialized
buffer. I deem it a false positive and had to add this somewhat ugly
work-around to silence it.
2017-12-13 00:45:42 +01:00
Daniel Stenberg 13ce373a5b
krb5: fix a potential access of uninitialized memory
A scan-build warning.
2017-12-13 00:36:39 +01:00
Daniel Stenberg 41982b6ac9
conncache: fix a return code [regression]
This broke in 07cb27c98e. Make sure to return 'result' properly. Pointed
out by scan-build!
2017-12-12 23:54:35 +01:00
Daniel Stenberg 5d0ba70e17
curl: support >256 bytes warning messsages
Bug: #2174
2017-12-12 19:59:29 +01:00
Michael Kaufmann 188a43a8fd libssh: fix a syntax error in
Follow-up to c92d2e1

Closes #2172
2017-12-12 17:46:24 +01:00
Daniel Stenberg 7ef0c2d861
examples/smtp-mail.c: use separate defines for options and mail
... to make it clearer that the options want address-only, while the
headers in an email can also have the real name.

Assisted-by: Sean MacLennan
2017-12-12 15:28:05 +01:00
Daniel Stenberg 621b24505f
THANKS: added missing names
... as I reran the contrithanks script after the mailmap name fixups.
2017-12-12 08:46:29 +01:00
Daniel Stenberg cc0cca1baf
mailmap: added/clarified several names 2017-12-12 08:37:13 +01:00
Daniel Stenberg 9d7a59c8fa
setopt: less *or equal* than INT_MAX/1000 should be fine

Reported-by: Dominik Hölzl

Closes #2173
2017-12-12 08:02:17 +01:00