1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-11 03:55:03 -05:00
Commit Graph

23122 Commits

Author SHA1 Message Date
Rikard Falkeborn
13505dcb55
examples: Fix format specifiers
Closes #2561
2018-05-14 09:43:15 +02:00
Rikard Falkeborn
4c735b57f7
tool: Fix format specifiers 2018-05-14 09:42:27 +02:00
Rikard Falkeborn
b9446d18e7
ntlm: Fix format specifiers 2018-05-14 09:42:27 +02:00
Rikard Falkeborn
df3647c9c8
tests: Fix format specifiers 2018-05-14 09:42:27 +02:00
Rikard Falkeborn
eb49683e55
lib: Fix format specifiers 2018-05-14 09:42:27 +02:00
Daniel Stenberg
4062bc4d3e
contributors.sh: use "on github", not at 2018-05-14 08:53:22 +02:00
Daniel Stenberg
7d6e01441a
http2: getsock fix for uploads
When there's an upload in progress, make sure to wait for the socket to
become writable.

Detected-by: steini2000 on github
Bug: #2520
Closes #2567
2018-05-14 08:22:46 +02:00
Daniel Stenberg
583b42cb3b
pingpong: fix response cache memcpy overflow
Response data for a handle with a large buffer might be cached and then
used with the "closure" handle when it has a smaller buffer and then the
larger cache will be copied and overflow the new smaller heap based
buffer.

Reported-by: Dario Weisser
CVE: CVE-2018-1000300
Bug: https://curl.haxx.se/docs/adv_2018-82c2.html
2018-05-14 07:40:31 +02:00
Daniel Stenberg
8c7b3737d2
http: restore buffer pointer when bad response-line is parsed
... leaving the k->str could lead to buffer over-reads later on.

CVE: CVE-2018-1000301
Assisted-by: Max Dymond

Detected by OSS-Fuzz.
Bug: https://curl.haxx.se/docs/adv_2018-b138.html
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105
2018-05-14 07:40:31 +02:00
Patrick Monnerat
1b55d270ad cookies: do not take cookie name as a parameter
RFC 6265 section 4.2.1 does not set restrictions on cookie names.
This is a follow-up to commit 7f7fcd0.
Also explicitly check proper syntax of cookie name/value pair.

New test 1155 checks that cookie names are not reserved words.

Reported-By: anshnd at github
Fixes #2564
Closes #2566
2018-05-13 01:23:10 +02:00
Daniel Stenberg
9cacc24630 smb: reject negative file sizes
Assisted-by: Max Dymond

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245
2018-05-12 22:24:25 +02:00
Daniel Stenberg
fe6b78b42d
setup_transfer: deal with both sockets being -1
Detected by Coverity; CID 1435559.  Follow-up to f8d608f38d. It would
index the array with -1 if neither index was a socket.
2018-05-11 23:56:37 +02:00
Daniel Stenberg
c3d7db4ecb travis: add build using NSS
Closes #2558
2018-05-10 17:18:02 +02:00
Sunny Purushe
18cbbb702c openssl: change FILE ops to BIO ops
To make builds with VS2015 work. Recent changes in VS2015 _IOB_ENTRIES
handling is causing problems. This fix changes the OpenSSL backend code
to use BIO functions instead of FILE I/O functions to circumvent those
problems.

Closes #2512
2018-05-10 16:30:32 +02:00
Daniel Stenberg
3c42fb8d46 travis: add a build using WolfSSL
Assisted-by: Dan Fandrich

Closes #2528
2018-05-09 21:40:19 +02:00
Daniel Stenberg
d63bada579
RELEASE-NOTES: typo 2018-05-07 14:30:18 +02:00
Daniel Stenberg
b692d6650a
RELEASE-NOTES: synced 2018-05-07 10:32:42 +02:00
Daniel Gustafsson
e953475de5
URLs: fix one more http url
This file wasn't included in commit 4af40b3646 which updated all
haxx.se http urls to https. The file was committed prior to that update,
but may have been merged after it and hence didn't get updated.

Closes #2550
2018-05-05 23:02:40 +02:00
Daniel Stenberg
3ed3db5c04 github/lock: auto-lock closed issues after 90 days of inactivity 2018-05-05 14:05:57 +02:00
Daniel Stenberg
babd55e25f
vtls: fix missing commas
follow-up to e66cca046c
2018-05-04 23:02:57 +02:00
Daniel Stenberg
e66cca046c
vtls: use unified "supports" bitfield member in backends
... instead of previous separate struct fields, to make it easier to
extend and change individual backends without having to modify them all.

closes #2547
2018-05-04 22:31:19 +02:00
Daniel Stenberg
f8d608f38d
transfer: don't unset writesockfd on setup of multiplexed conns
Curl_setup_transfer() can be called to setup a new individual transfer
over a multiplexed connection so it shouldn't unset writesockfd.

Bug: #2520
Closes #2549
2018-05-04 22:30:32 +02:00
Frank Gevaerts
7663a7c284
configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
They are removed from the compiler flags.

This ensures that make dependency tracking will force a rebuild whenever
configure --enable-debug or --enable-curldebug changes.

Closes #2548
2018-05-04 22:30:28 +02:00
Daniel Stenberg
e9d9d1af8a
http: don't set the "rewind" flag when not uploading anything
It triggers an assert.

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8144
Closes #2546
2018-05-04 13:51:25 +02:00
Daniel Stenberg
277d3cdc0f
travis: add an mbedtls build
Closes #2531
2018-05-04 08:36:51 +02:00
Daniel Stenberg
082bb41311
configure: only check for CA bundle for file-using SSL backends
When only building with SSL backends that don't use the CA bundle file
(by default), skip the check.

Fixes #2543
Fixes #2180
Closes #2545
2018-05-03 22:51:38 +02:00
Daniel Stenberg
1156fdd01d
ssh-libssh.c: fix left shift compiler warning
ssh-libssh.c:2429:21: warning: result of '1 << 31' requires 33 bits to
represent, but 'int' only has 32 bits [-Wshift-overflow=]

'len' will never be that big anyway so I converted the run-time check to
a regular assert.
2018-05-03 22:16:57 +02:00
Stephan Mühlstrasser
7f41432c19
URL: fix ASCII dependency in strcpy_url and strlen_url
Commit 3c630f9b0a partially reverted the
changes from commit dd7521bcc1 because of
the problem that strcpy_url() was modified unilaterally without also
modifying strlen_url(). As a consequence strcpy_url() was again
depending on ASCII encoding.

This change fixes strlen_url() and strcpy_url() in parallel to use a
common host-encoding independent criterion for deciding whether an URL
character must be %-escaped.

Closes #2535
2018-05-03 15:19:20 +02:00
Denis Ollier
0be4679ba9
docs: remove extraneous commas in man pages
Closes #2544
2018-05-03 15:17:33 +02:00
Daniel Stenberg
03319b9903
RELEASE-NOTES: synced 2018-05-03 15:14:03 +02:00
Daniel Stenberg
d29c455d8c
Revert "TODO: remove configure --disable-pthreads"
This reverts commit d5d683a97f.

--disable-pthreads can be used to disable pthreads and get the threaded
resolver to use the windows threading when building with mingw.
2018-05-03 15:05:48 +02:00
Daniel Stenberg
1621aed9be
vtls: don't define MD5_DIGEST_LENGTH for wolfssl
... as it defines it (too)
2018-05-02 11:21:48 +02:00
Daniel Stenberg
d5d683a97f
TODO: remove configure --disable-pthreads 2018-05-02 11:21:04 +02:00
David Garske
b2e59a886b wolfssl: Fix non-blocking connect
Closes https://github.com/curl/curl/pull/2542
2018-05-02 03:01:54 -04:00
Daniel Stenberg
97f63f512d
CURLOPT_URL.3: add ENCODING section [ci skip]
Feedback-by: Michael Kilburn
2018-04-30 14:31:04 +02:00
Daniel Stenberg
f022c91df6
KNOWN_BUGS: Client cert with Issuer DN differs between backends
Closes #1411
2018-04-30 10:26:26 +02:00
Daniel Stenberg
72be6abb50
KNOWN_BUGS: Passive transfer tries only one IP address
Closes #1508
2018-04-30 10:22:17 +02:00
Daniel Stenberg
44936865d5
KNOWN_BUGS: --upload-file . hang if delay in STDIN
Closes #2051
2018-04-30 10:19:45 +02:00
Daniel Stenberg
822ef4c454
KNOWN_BUGS: Connection information when using TCP Fast Open
Closes #1332
2018-04-30 10:17:10 +02:00
Daniel Stenberg
223506fd53
travis: enable libssh2 on both macos and Linux
It seems to not be detected by default anymore (which is a bug I
believe)

Closes #2541
2018-04-30 07:59:31 +02:00
Daniel Stenberg
e085ea95ef
TODO: Support the clienthello extension
Closes #2299
2018-04-30 00:42:34 +02:00
Daniel Stenberg
0cbfff9895
TODO: CLOEXEC
Closes #2252
2018-04-30 00:10:45 +02:00
Daniel Stenberg
c39ed80526
tests: provide 'manual' as a feature to optionally require
... and make test 1026 rely on that feature so that --disable-manual
builds don't cause test failures.

Reported-by: Max Dymond and Anders Roxell
Fixes #2533
Closes #2540
2018-04-29 12:49:38 +02:00
Daniel Stenberg
f84139fd08
CURLINFO_PROTOCOL.3: mention the existing defined names 2018-04-27 11:50:16 +02:00
Daniel Gustafsson
85437697da cookies: remove unused macro
Commit 2bc230de63 made the macro MAX_COOKIE_LINE_TXT become unused,
so remove as it's not part of the published API.

Closes https://github.com/curl/curl/pull/2537
2018-04-27 02:54:15 -04:00
Daniel Gustafsson
2f13e3d23d
checksrc: force indentation of lines after an else
This extends the INDENTATION case to also handle 'else' statements
and require proper indentation on the following line. Also fixes the
offending cases found in the codebase.

Closes #2532
2018-04-27 00:51:35 +02:00
Daniel Stenberg
1d71ce845a
http2: fix null pointer dereference in http2_connisdead
This function can get called on a connection that isn't setup enough to
have the 'recv_underlying' function pointer initialized so it would try
to call the NULL pointer.

Reported-by: Dario Weisser

Follow-up to db1b2c7fe9 (never shipped in a release)
Closes #2536
2018-04-26 23:23:02 +02:00
Daniel Stenberg
2ef1662e4b
http2: get rid of another strstr()
Follow-up to 1514c44655: replace another strstr() call done on a
buffer that might not be zero terminated - with a memchr() call, even if
we know the substring will be found.

Assisted-by: Max Dymond

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021

Closes #2534
2018-04-26 14:55:26 +02:00
Daniel Stenberg
3b41839e2e
cyassl: adapt to libraries without TLS 1.0 support built-in
WolfSSL doesn't enable it by default anymore
2018-04-26 07:57:19 +02:00
Daniel Stenberg
521dbfc6e6
configure: provide --with-wolfssl as an alias for --with-cyassl 2018-04-26 07:57:19 +02:00