1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-14 13:35:03 -05:00
Commit Graph

25330 Commits

Author SHA1 Message Date
Daniel Stenberg
e858ae9428
bump: work towards 7.69.0 is started 2020-01-09 22:42:18 +01:00
Jay Satiro
4027bd72d9 tool_dirhie: Allow directory traversal during creation
- When creating a directory hierarchy do not error when mkdir fails due
  to error EACCESS (13) "access denied".

Some file systems allow for directory traversal; in this case that it
should be possible to create child directories when permission to the
parent directory is restricted.

This is a regression caused by me in f16bed0 (precedes curl-7_61_1).
Basically I had assumed that if a directory already existed it would
fail only with error EEXIST, and not error EACCES. The latter may
happen if the directory exists but has certain restricted permissions.

Reported-by: mbeifuss@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/4796
Closes https://github.com/curl/curl/pull/4797
2020-01-09 14:24:53 -05:00
Daniel Stenberg
446665606c
KNOWN_BUGS: AUTH PLAIN for SMTP is not working on all servers
Closes #4080
2020-01-09 16:19:34 +01:00
Daniel Stenberg
3b75084ce6
docs/RELEASE-PROCEDURE.md: pushed some release dates
Ref: https://curl.haxx.se/mail/lib-2020-01/0031.html
2020-01-09 09:31:52 +01:00
Daniel Stenberg
a7d4693a48
runtests: make random seed fixed for a month
When using randomized features of runtests (-R and --shallow) it is
useful to have a fixed random seed to make sure for example extra
commits in a branch or a rebase won't change the seed that would make
repeated runs work differently.

As it is also useful to change seed sometimes, the default seed is now
determined based on the current month (and first line curl -V
output). When the month changes, so will the random seed.

The specific seed is also shown in the standard test suite top header
and it can be set explictly with the new --seed=[num] option so that the
exact order of a previous run can be achieved.

Closes #4734
2020-01-09 09:12:05 +01:00
Daniel Stenberg
5059f5552f
RELEASE-PROCEDURE.md: fix next release date (Feb 26)
[skip ci]
2020-01-08 09:47:37 +01:00
Daniel Stenberg
2cfac302fb
RELEASE-NOTES: 7.68.0 2020-01-08 07:31:10 +01:00
Daniel Stenberg
72e304c779
THANKS: updated with names from the 7.68.0 release 2020-01-07 15:17:33 +01:00
Daniel Stenberg
f147c69472
RELEASE-PROCEDURE: add four future release dates
and remove four past release dates

[skip ci]
2020-01-07 15:17:17 +01:00
Marcel Raad
8cf875ed3b
TrackMemory tests: always remove CR before LF
It was removed for output containing ' =' via `s/ =.*//`. With classic
MinGW, this made lines with `free()` end with CRLF, but lines with e.g.
`malloc()` end with only LF. The tests expect LF only.

Closes https://github.com/curl/curl/pull/4788
2020-01-06 20:56:27 +01:00
Daniel Stenberg
9275c2be8c
multi.h: move INITIAL_MAX_CONCURRENT_STREAMS from public header
... to the private multihhandle.h. It is not for public use and it
wasn't prefixed correctly anyway!

Closes #4790
2020-01-06 19:53:38 +01:00
Daniel Stenberg
50e35ccfbb
file: fix copyright year range
Follow-up to 1b71bc532b
2020-01-06 10:12:02 +01:00
Daniel Stenberg
4c34af4c99
curl -w: handle a blank input file correctly
Previously it would end up with an uninitialized memory buffer that
would lead to a crash or junk getting output.

Added test 1271 to verify.

Reported-by: Brian Carpenter
Closes #4786
2020-01-06 10:10:48 +01:00
Daniel Stenberg
1b71bc532b
file: on Windows, refuse paths that start with \\
... as that might cause an unexpected SMB connection to a given host
name.

Reported-by: Fernando Muñoz
CVE-2019-15601
Bug: https://curl.haxx.se/docs/CVE-2019-15601.html
2020-01-06 10:05:37 +01:00
Jay Satiro
aeb32d059b CURLOPT_READFUNCTION.3: fix fopen params in example 2020-01-06 03:09:53 -05:00
Jay Satiro
e9dd17b754 CURLOPT_READFUNCTION.3: fix variable name in example
Reported-by: Paul Joyce

Fixes https://github.com/curl/curl/issues/4787
2020-01-06 03:01:33 -05:00
Daniel Stenberg
459d0db45b
curl:getparameter return error for --http3 if libcurl doesn't support
Closes #4785
2020-01-05 21:24:17 +01:00
Daniel Stenberg
2150c4b5d3
docs: mention CURL_MAX_INPUT_LENGTH restrictions
... for curl_easy_setopt() and curl_url_set().

[skip ci]

Closes #4783
2020-01-05 17:06:47 +01:00
Daniel Stenberg
392bff4abf
curl: properly free mimepost data
... as it could otherwise leak memory when a transfer failed.

Added test 1293 to verify.

Reported-by: Brian Carpenter
Fixes #4781
Closes #4782
2020-01-04 23:06:44 +01:00
Daniel Stenberg
271ec6b9b6
curl: cleanup multi handle on failure
... to fix memory leak in error path.

Fixes #4772
Closes #4780
Reported-by: Brian Carpenter
2020-01-04 23:05:21 +01:00
Marcel Raad
291ed52122
lib: fix compiler warnings with CURL_DISABLE_VERBOSE_STRINGS
Closes https://github.com/curl/curl/pull/4775
2020-01-03 17:02:30 +01:00
Daniel Stenberg
e24ea706fb
COPYING: it's 2020!
[skip ci]
2020-01-03 15:12:46 +01:00
Marc Aldorasi
be83fe11bf tests: Fix bounce requests with truncated writes
Prior to this change the swsbounce check in service_connection could
fail because prevtestno and prevpartno were not set, which would cause
the wrong response data to be sent to some tests and cause them to fail.

Ref: https://github.com/curl/curl/pull/4717#issuecomment-570240785
2020-01-03 01:45:04 -05:00
Marcel Raad
a8d13336b5
tool: make a few char pointers point to const char instead
These are read-only.

Closes https://github.com/curl/curl/pull/4771
2019-12-31 22:18:56 +01:00
Jay Satiro
9603c8299f tests: Change NTLM tests to require SSL
Prior to this change tests that required NTLM feature did not require
SSL feature.

There are pending changes to cmake builds that will allow enabling NTLM
in non-SSL builds in Windows. In that case the NTLM auth strings created
are different from what is expected by the NTLM tests and they fail:

"The issue with NTLM is that previous non-SSL builds would not enable
NTLM and so the NTLM tests would be skipped."

Assisted-by: marc-groundctl@users.noreply.github.com

Ref: https://github.com/curl/curl/pull/4717#issuecomment-566218729

Closes https://github.com/curl/curl/pull/4768
2019-12-31 02:47:53 -05:00
Michael Forney
9024b01387 bearssl: Improve I/O handling
Factor out common I/O loop as bearssl_run_until, which reads/writes TLS
records until the desired engine state is reached. This is now used for
the handshake, read, write, and close.

Match OpenSSL SSL_write behavior, and don't return the number of bytes
written until the corresponding records have been completely flushed
across the socket. This involves keeping track of the length of data
buffered into the TLS engine, and assumes that when CURLE_AGAIN is
returned, the write function will be called again with the same data
and length arguments. This is the same requirement of SSL_write.

Handle TLS close notify as EOF when reading by returning 0.

Closes https://github.com/curl/curl/pull/4748
2019-12-31 02:43:47 -05:00
Jay Satiro
9434864770 travis: Fix error detection
- Stop using inline shell scripts for before_script and script sections.

Prior to this change Travis could ignore errors from commands in inline
scripts. I don't understand how or why it happens. This is a workaround.

Assisted-by: Simon Warta

Ref: https://github.com/travis-ci/travis-ci/issues/1066

Fixes https://github.com/curl/curl/issues/3730
Closes https://github.com/curl/curl/pull/3755
2019-12-31 02:38:18 -05:00
Jay Satiro
249f7b37e6 tool_operate: fix mem leak when failed config parse
Found by fuzzing the config file.

Reported-by: Geeknik Labs

Fixes https://github.com/curl/curl/issues/4767
2019-12-29 14:18:48 -05:00
Xiang Xiao
060fb84a5a lib: remove erroneous +x file permission on some c files
Modified by commit eb9a604 accidentally.

Closes https://github.com/curl/curl/pull/4756
2019-12-27 22:55:52 -05:00
Xiang Xiao
4b463992e5 lib: fix warnings found when porting to NuttX
- Undefine DEBUGASSERT in curl_setup_once.h in case it was already
  defined as a system macro.

- Don't compile write32_le in curl_endian unless
  CURL_SIZEOF_CURL_OFF_T > 4, since it's only used by Curl_write64_le.

- Include <arpa/inet.h> in socketpair.c.

Closes https://github.com/curl/curl/pull/4756
2019-12-27 22:52:31 -05:00
Jay Satiro
779b415a2a os400: Add missing CURLE error constants
Bug: https://github.com/curl/curl/pull/4754#issuecomment-569126922
Reported-by: Emil Engler
2019-12-26 16:20:11 -05:00
Jay Satiro
97934a2f71 CURLOPT_HEADERFUNCTION.3: Document that size is always 1
For compatibility with `fwrite`, the `CURLOPT_HEADERFUNCTION` callback
is passed two `size_t` parameters which, when multiplied, designate the
number of bytes of data passed in. In practice, CURL always sets the
first parameter (`size`) to 1.

This practice is also enshrined in documentation and cannot be changed
in future. The documentation states that the default callback is
`fwrite`, which means `fwrite` must be a suitable function for this
purpose. However, the documentation also states that the callback must
return the number of *bytes* it successfully handled, whereas ISO C
`fwrite` returns the number of items (each of size `size`) which it
wrote. The only way these numbers can be equal is if `size` is 1.

Since `size` is 1 and can never be changed in future anyway, document
that fact explicitly and let users rely on it.

Reported-by: Frank Gevaerts
Commit-message-by: Christopher Head

Ref: https://github.com/curl/curl/pull/2787

Fixes https://github.com/curl/curl/issues/4758
2019-12-26 02:26:08 -05:00
Jay Satiro
68da0b8b86 examples/postinmemory.c: Call curl_global_cleanup always
Prior to this change curl_global_cleanup was not called if
curl_easy_init failed.

Reported-by: kouzhudong@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/4751
2019-12-24 01:06:47 -05:00
Daniel Stenberg
4c2f5d52ba
url2file.c: fix copyright year
Follow-up to 5257872695
2019-12-21 18:18:12 +01:00
Rickard Hallerbäck
5257872695
examples/url2file.c: corrected a comment
The comment was confusing and suggested that setting CURLOPT_NOPROGRESS
to 0L would both enable and disable debug output at the same time, like
a Schrödinger's cat of CURLOPTs.

Closes #4745
2019-12-20 11:05:38 +01:00
Daniel Stenberg
a90d763548
HISTORY: OSS-Fuzz started fuzzing libcurl in 2017 2019-12-20 11:04:34 +01:00
Daniel Stenberg
2eb7dc0566
RELEASE-NOTES: synced 2019-12-20 09:02:58 +01:00
Jay Satiro
10121a417d ngtcp2: Support the latest update key callback type
- Remove our cb_update_key in favor of ngtcp2's new
  ngtcp2_crypto_update_key_cb which does the same thing.

Several days ago the ngtcp2_update_key callback function prototype was
changed in ngtcp2/ngtcp2@42ce09c. Though it would be possible to
fix up our cb_update_key for that change they also added
ngtcp2_crypto_update_key_cb which does the same thing so we'll use that
instead.

Ref: https://github.com/ngtcp2/ngtcp2/commit/42ce09c

Closes https://github.com/curl/curl/pull/4735
2019-12-20 00:34:58 -05:00
Daniel Stenberg
25b69c482f
sws: search for "Testno:" header uncondtionally if no testno
Even if the initial request line wasn't found. With the fix to 1455, the
test number is now detected correctly.

(Problem found when running tests in random order.)

Closes #4744
2019-12-19 23:03:33 +01:00
Daniel Stenberg
b4c9982382
tests: set LC_ALL in more tests
Follow-up to 23208e330a

Closes #4743
2019-12-19 23:01:14 +01:00
Daniel Stenberg
23208e330a
test165: set LC_ALL=en_US.UTF-8 too
On my current Debian Unstable with libidn2 2.2.0, I get an error if
LC_ALL is set to blank. Then curl errors out with:

curl: (3) Failed to convert www.åäö.se to ACE; could not convert string to UTF-8

Closes #4738
2019-12-19 14:26:26 +01:00
Daniel Stenberg
e9685cd75d
curl.h: add two defines for the "pre ISO C" case
Without this fix, this caused a compilation failure on AIX with IBM xlc
13.1.3 compiler.

Reported-by: Ram Krushna Mishra
Fixes #4739
Closes #4740
2019-12-19 13:48:47 +01:00
Daniel Stenberg
8c0807aa16
create_conn: prefer multiplexing to using new connections
... as it would previously prefer new connections rather than
multiplexing in most conditions! The (now removed) code was a leftover
from the Pipelining code that was translated wrongly into a
multiplex-only world.

Reported-by: Kunal Ekawde
Bug: https://curl.haxx.se/mail/lib-2019-12/0060.html
Closes #4732
2019-12-19 09:00:56 +01:00
Daniel Stenberg
fba8301338
test1456: remove the use of a fixed local port
Fixup the test to instead not compare the port number. It sometimes
caused problems like this:

"curl: (45) bind failed with errno 98: Address already in use"

Closes #4733
2019-12-19 08:59:10 +01:00
Jay Satiro
c1592cc92b CURLOPT_QUOTE.3: fix typos
Prior to this change the EXAMPLE in the QUOTE/PREQUOTE/POSTQUOTE man
pages would not compile because a variable name was incorrect.

Reported-by: Bylon2@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/4736
2019-12-18 15:21:58 -05:00
Gisle Vanem
ac7b1fb10c strerror: Fix compiler warning "empty expression"
- Remove the final semi-colon in the SEC2TXT() macro definition.

Before:  #define SEC2TXT(sec) case sec: txt = #sec; break;

After:   #define SEC2TXT(sec) case sec: txt = #sec; break

Prior to this change SEC2TXT(foo); would generate break;; which caused
the empty expression warning.

Ref: https://github.com/curl/curl/commit/5b22e1a#r36458547
2019-12-18 14:10:23 -05:00
Daniel Stenberg
23e4d98e7e
curl/parseconfig: use curl_free() to free memory allocated by libcurl
Reported-by: bxac on github
Fixes #4730
Closes #4731
2019-12-18 14:48:41 +01:00
Daniel Stenberg
f098c9e6f6
curl/parseconfig: fix mem-leak
When looping, first trying '.curlrc' and then '_curlrc', the function
would not free the first string.

Closes #4731
2019-12-18 14:48:32 +01:00
Daniel Stenberg
14f8b6e69e
CURLOPT_URL.3: "curl supports SMB version 1 (only)"
[skip ci]
2019-12-18 10:14:18 +01:00
Daniel Stenberg
9973dabeb6
test1270: a basic -w redirect_url test
Closes #4728
2019-12-18 08:26:03 +01:00