1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-25 17:48:48 -05:00
Commit Graph

11811 Commits

Author SHA1 Message Date
Daniel Stenberg
11796231af
c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL
Makes test 129 work (HTTP/1.2 response).

Closes #7141
2021-05-27 18:14:00 +02:00
Daniel Stenberg
d3e0f20fea
http_proxy: deal with non-200 CONNECT response with Hyper
Makes test 94 and 95 work

Closes #7141
2021-05-27 18:13:45 +02:00
Daniel Stenberg
23b99fc94c
c-hyper: clear NTLM auth buffer when request is issued
To prevent previous ones to get reused on subsequent requests. Matches
how the built-in HTTP code works. Makes test 90 to 93 work.

Add test 90 to 93 in travis.

Closes #7139
2021-05-27 16:50:59 +02:00
Joel Depooter
ee97f17697
schannel: set ALPN length correctly for HTTP/2
In a3268eca79 this code was changed to use the ALPN_H2 constant
instead of the NGHTTP2_PROTO_ALPN constant. However, these constants are
not the same. The nghttp2 constant included the length of the string,
like this: "\x2h2". The ALPN_H2 constant is just "h2". Therefore we need
to re-add the length of the string to the ALPN buffer.

Closes #7138
2021-05-27 08:27:35 +02:00
Daniel Stenberg
2ee761c19b
Revert "c-hyper: handle body on HYPER_TASK_EMPTY"
This reverts commit c3eefa95c3.

Reported-by: Kevin Burke
Fixes #7122
Closes #7136
2021-05-27 07:54:32 +02:00
Michael Forney
7f9c5af8b3
bearssl: explicitly initialize all fields of Curl_ssl
Also, add comments like the other vtls backends.

Closes #7133
2021-05-26 14:43:45 +02:00
Michael Forney
a03ea62239
bearssl: remove incorrect const on variable that is modified
hostname may be set to NULL later on in this function if it is an
IP address.

Closes #7133
2021-05-26 14:43:40 +02:00
Daniel Stenberg
82d334001f
copyright: update copyright year ranges to 2021 2021-05-26 08:18:11 +02:00
Radek Zajic
1a5e41d97c
hostip: fix broken macOS/CMake/GCC builds
Follow-up to 31f631a142

Fixes #7128
Closes #7129
2021-05-26 00:24:09 +02:00
Orgad Shaneh
2864b00b01
setopt: streamline ssl option code
Make it use the same style as the code next to it

Closes #7123
2021-05-25 12:48:04 +02:00
Radek Zajic
31f631a142
lib/hostip6.c: make NAT64 address synthesis on macOS work
Closes #7121
2021-05-25 12:45:56 +02:00
ejanchivdorj
a63dae5d07
sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer
When the SecCertificateCopyCommonName function fails, it leaves
common_name in a invalid state so CFStringCompare uses the invalid
result, causing EXC_BAD_ACCESS.

The fix is to check the return value of the function before using the
name.

Closes #7126
2021-05-25 11:22:09 +02:00
Alessandro Ghedini
424aa64d54
quiche: update for network path aware API
Latest version of quiche requires the application to pass the peer
address of received packets, and it provides the address for outgoing
packets back.

Closes #7120
2021-05-24 17:26:46 +02:00
Jacob Hoffman-Andrews
a62e6435f4
rustls: switch read_tls and write_tls to callbacks
And update to 0.6.0, including a rename from session to connection for
many fields.

Closes #7071
2021-05-24 16:40:59 +02:00
Koichi Shiraishi
98770344b2
sectransp: fix 7f4a9a9b2a commit about missing comma
Follow-up to 7f4a9a9b2a

Closes #7119
2021-05-24 14:50:11 +02:00
Harry Sintonen
7f4a9a9b2a
openssl: associate/detach the transfer from connection
CVE-2021-22901

Bug: https://curl.se/docs/CVE-2021-22901.html
2021-05-24 13:15:10 +02:00
Harry Sintonen
39ce47f219
telnet: check sscanf() for correct number of matches
CVE-2021-22898

Bug: https://curl.se/docs/CVE-2021-22898.html
2021-05-24 07:56:05 +02:00
Daniel Stenberg
bbb71507b7
schannel: don't use static to store selected ciphers
CVE-2021-22897

Bug: https://curl.se/docs/CVE-2021-22897.html
2021-05-24 07:56:05 +02:00
Sergey Markelov
96adbf5cdb
NSS: make colons, commas and spaces valid separators in cipher list
Fixes #7110
Closes #7115
2021-05-23 00:11:30 +02:00
Peng-Yu Chen
07d20f5dfa
cmake: detect CURL_SA_FAMILY_T
Fixes #7049
Closes #7065
2021-05-21 08:39:39 +02:00
Lucas Clemente Vella
84d2839740
CURLOPT_IPRESOLVE: preventing wrong IP version from being used
In some situations, it was possible that a transfer was setup to
use an specific IP version, but due do DNS caching or connection
reuse, it ended up using a different IP version from requested.

This commit changes the effect of CURLOPT_IPRESOLVE from simply
restricting address resolution to preventing the wrong connection
type being used, when choosing a connection from the pool, and
to restricting what addresses could be used when establishing
a new connection.

It is important that all addresses versions are resolved, even if
not used in that transfer in particular, because the result is
cached, and could be useful for a different transfer with a
different CURLOPT_IPRESOLVE setting.

Closes #6853
2021-05-20 16:58:31 +02:00
Oliver Urbann
ac54b10933
AmigaOS: add functions definitions for SHA256
AmiSSL replaces many functions with macros. Curl requires pointer
to some of these functions. Thus, we have to encapsulate these macros:
SHA256_Init, SHA256_Update, SHA256_Final, X509_INFO_free.

Bug: https://github.com/jens-maus/amissl/issues/15
Co-authored-by: Daniel Stenberg <daniel@haxx.se>

Closes #7099
2021-05-20 16:47:42 +02:00
Marc Aldorasi
f6b325a509
config: remove now-unused macros
Closes #7094
2021-05-19 00:36:01 +02:00
Marc Aldorasi
6c347d4f36
hostip.h: remove declaration of unimplemented function
Closes #7094
2021-05-19 00:35:55 +02:00
Daniel Stenberg
b1dded68e3
h3: add 'attach' callback to protocol handlers
Follow-up to 0c55fbab45

Reviewed-by: Emil Engler
Closes #7090
2021-05-19 00:29:09 +02:00
Daniel Stenberg
7b6d771a19
wolfssl: remove SSLv3 support leftovers
Closes #7088
2021-05-18 16:23:17 +02:00
Joel Depooter
77444b84f3
data_pending: check only SECONDARY socket for FTP(S) transfers
Check the FIRST for all other protocols.

This fixes a timeout in an ftps download. The server sends a TLS
close_notify message in the same packet as the file data. The
close_notify seems to not be handled in the schannel_recv function, so
libcurl is not aware that the server has closed the connection. Thus
libcurl ends up waiting for action on the socket until a timeout is
reached. With the secondary socket check added to the data_pending
function, the close_notify is properly handled, and the ftps transfer
terminates as expected.

Fixes #7068
Closes #7069
2021-05-18 13:20:52 +02:00
Daniel Stenberg
0c55fbab45
conn: add 'attach' to protocol handler, make libssh2 use it
The libssh2 backend has SSH session associated with the connection but
the callback context is the easy handle, so when a connection gets
attached to a transfer, the protocol handler now allows for a custom
function to get used to set things up correctly.

Reported-by: Michael O'Farrell
Fixes #6898
Closes #7078
2021-05-17 17:57:50 +02:00
Daniel Stenberg
904b27d18d
http2: make sure pause is done on HTTP
Since the function is called for any protocol, we can't assume that the
HTTP struct is there without first making sure it is HTTP.

Reported-by: Denis Goleshchikhin
Fixes #7079
Closes #7080
2021-05-17 14:44:13 +02:00
Jacob Hoffman-Andrews
c3eefa95c3
c-hyper: handle body on HYPER_TASK_EMPTY
Some of the time, we get a HYPER_TASK_EMPTY response before the status
line, headers, and body have been read. Previously, that would cause us
to poll again, leading to a 1 second timeout.

The HYPER_TASK_EMPTY docs say:

   The value of this task is null (does not imply an error).

So, if we receive a HYPER_TASK_EMPTY, continue on with processing the
response.

Reported-by: Kevin Burke
Fixes #7064
Closes #7070
2021-05-16 00:48:14 +02:00
Daniel Stenberg
acf91ff75e
version: free the openldap info correctly
... to avoid memory leaks.

Follow-up to: bf0feae776
Closes #7061
2021-05-15 17:47:35 +02:00
Daniel Stenberg
19291f7fb4
dupset: remove totally off comment
Closes #7067
2021-05-15 17:07:06 +02:00
Daniel Stenberg
bf0feae776
version: add OpenLDAP version in the output
Assisted-by: Howard Chu
Closes #7054
2021-05-13 11:51:02 +02:00
Joel Depooter
ba3452cafc schannel: Ensure the security context request flags are always set
As of commit 54e7475, these flags would only be set when using a new
credential handle. When re-using an existing credential handle, the
flags would not be set.

Closes https://github.com/curl/curl/pull/7051
2021-05-13 03:07:21 -04:00
Daniel Stenberg
a9bc819c89
sasl: use 'unsigned short' to store mechanism
... saves a few bytes of struct size in memory and it only uses
10 bits anyway.

Closes #7045
2021-05-12 00:16:52 +02:00
Daniel Stenberg
fa050ffd27
hostip: remove the debug code for LocalHost
The Curl_resolv() had special code (when built in debug mode) for when
resolving the host name "LocalHost" (using that exact casing). It would
then get the host name from the --interface option instead.

This development-only feature was not used by anything (anymore) and we
have the --resolve feature if we want to play similar tricks properly
going forward.

Closes #7044
2021-05-11 16:33:20 +02:00
Daniel Stenberg
1a20689a56
progress: reset limit_size variables at transfer start
Otherwise the old value would linger from a previous use and would mess
up the network speed cap logic.

Reported-by: Ymir1711 on github

Fixes #7042
Closes #7043
2021-05-11 16:32:11 +02:00
Daniel Gustafsson
24c71d62ee
cookies: use CURLcode for cookie_output reporting
Writing the cookie file has multiple error conditions, and was using an
int with magic numbers to report the different error (which in turn were
disregarded anyways). This moves reporting to use a CURLcode value.

Lightly-touched-by: Daniel Stenberg

Closes #7037
Closes #6749
2021-05-11 08:49:00 +02:00
Daniel Gustafsson
98888e6070
cookies: make use of string duplication function
strstore() is defined as a strdup which ensures to free the target
pointer before duping the source char * into it. Make use of it in
two more cases where it can simplify the code.
2021-05-11 08:45:17 +02:00
Daniel Gustafsson
54bd65cabd
cookies: refactor comments
Comments in the cookie code were a bit all over the place in terms of
style and wording. This takes a stab at cleaning them up by keeping to
a single style and overall shape. Some comments are moved a little and
some removed alltogether due to being redundant. No functional changes
have been made,
2021-05-11 08:45:17 +02:00
Peng-Yu Chen
455a63c66f
http2: skip immediate parsing of payload following protocol switch
This is considered not harmful as a following http2_recv shall be
called very soon.

This is considered helpful in the specific situation where some
servers (e.g. nghttpx v1.43.0) may fulfill stream 1 immediately
following the return of HTTP status 101, other than waiting for
the client-side connection preface to arrive.

Fixes #7036
Closes #7040
2021-05-11 08:03:22 +02:00
Peng-Yu Chen
651a75e1e7
http2: use nghttp2_session_upgrade2 instead of nghttp2_session_upgrade
Following the upstream deprecation of nghttp2_session_upgrade.

Also provides further checks for requests with the HEAD method.

Closes #7041
2021-05-11 07:58:14 +02:00
Daniel Stenberg
1e19eceb50
progress/trspeed: use a local convenient pointer to beautify code
The function becomes easier to read and understand with less repetition.
2021-05-09 15:59:45 +02:00
Daniel Stenberg
8a75224a69
trspeed: use long double for transfer speed calculation 2021-05-09 15:59:44 +02:00
Daniel Stenberg
7ab54e8f41
progress: move transfer speed calc into function
This silences two scan-build-11 warnings: "The result of the '/'
expression is undefined"

Bug: https://curl.se/mail/lib-2021-05/0022.html
Closes #7035
2021-05-09 15:59:37 +02:00
Cameron Cawley
3f25c01fce
openssl: remove unneeded cast for CertOpenSystemStore()
Closes #7025
2021-05-09 00:17:16 +02:00
Peng-Yu Chen
dbb88523ab
http: use calculated offsets inst of integer literals for header parsing
Assumed to be a minor coding style improvement with no behavior change.

A modern compiler is expected to have the calculation optimized during
compilation. It may be deemed okay even if that's not the case, since
the added overhead is considered very low.

Closes #7032
2021-05-08 17:00:32 +02:00
Daniel Stenberg
51c0ebcff2
http: deal with partial CONNECT sends
Also added 'CURL_SMALLSENDS' to make Curl_write() send short packets,
which helped verifying this even more.

Add test 363 to verify.

Reported-by: ustcqidi on github
Fixes #6950
Closes #7024
2021-05-08 10:49:16 +02:00
Daniel Stenberg
1763aceb0c
http: limit the initial send amount to used upload buffer size
Previously this logic would cap the send to CURL_MAX_WRITE_SIZE bytes,
but for the situations where a larger upload buffer has been set, this
function can benefit from sending more bytes. With default size used,
this does the same as before.

Also changed the storage of the size to an 'unsigned int' as it is not
allowed to be set larger than 2M.

Also added cautions to the man pages about changing buffer sizes in
run-time.

Closes #7022
2021-05-07 08:51:39 +02:00
Daniel Stenberg
5c53bd980b
ngtcp2: fix the cb_acked_stream_data_offset proto
The 'datalen' value should be 64 bit, not size_t!

Reported-by: Dmitry Karpov
Bug: https://curl.se/mail/lib-2021-05/0019.html
Closes #7027
2021-05-07 08:39:36 +02:00
Daniel Stenberg
68027623e2
progress: when possible, calculate transfer speeds with microseconds
... this improves precision, especially for transfers in the few or even
sub millisecond range.

Reported-by: J. Bromley
Fixes #7017
Closes #7020
2021-05-07 08:29:15 +02:00
Daniel Stenberg
04cc27460e
http: reset the header buffer when sending the request
A reused transfer handle could otherwise reuse the previous leftover
buffer and havoc would ensue.

Reported-by: sergio-nsk on github
Fixes #7018
Closes #7021
2021-05-06 23:28:45 +02:00
Daniel Stenberg
577f19397c
GnuTLS: don't allow TLS 1.3 for versions that don't support it
Follow-up to 781864bedb

... as they don't understand it and will return error at us!

Closes #7014
2021-05-06 16:04:30 +02:00
dmitrykos
79a05e1f08 build: fix compilation for Windows UWP platform
- Include afunix.h which is necessary for sockaddr_un when
  USE_UNIX_SOCKETS is defined on Windows.

Closes https://github.com/curl/curl/pull/7006
2021-05-05 16:03:43 -04:00
Daniel Stenberg
781864bedb
gnutls: make setting only the MAX TLS allowed version work
Previously, settting only the max allowed TLS version, leaving the
minimum one at default, didn't actually set it and left it to default
(TLS 1.3) too!

As a bonus, this change also removes the dead code handling of SSLv3
since that version can't be set anymore (since eff614fb02).

Reported-by: Daniel Carpenter
Fixes #6998
Closes #7000
2021-05-05 12:51:56 +02:00
Daniel Stenberg
8bdde6b14c
openldap: replace ldap_ prefix on private functions
Since openldap itself uses that prefix and with OpenĹDAP 2.5.4 (at
least) there's a symbol collision because of that.

The private functions now use the 'oldap_' prefix where it previously
used 'ldap_'.

Reported-by: 3eka on github
Fixes #7004
Closes #7005
2021-05-05 12:29:46 +02:00
Jay Satiro
ba0d3c28ca http2: fix potentially uninitialized variable
introduced several days ago in 3193170. caught by visual studio linker.
2021-05-05 03:16:06 -04:00
Gilles Vollant
77fc3859b2 SSL: support in-memory CA certs for some backends
- New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to
  specify in-memory PEM certificates for OpenSSL, Schannel (Windows)
  and Secure Transport (Apple) SSL backends.

Prior to this change PEM certificates could only be imported from a file
and not from memory.

Co-authored-by: moparisthebest@users.noreply.github.com

Ref: https://github.com/curl/curl/pull/4679
Ref: https://github.com/curl/curl/pull/5677
Ref: https://github.com/curl/curl/pull/6109

Closes https://github.com/curl/curl/pull/6662
2021-05-05 02:29:16 -04:00
Daniel Stenberg
8419fe4d88
cmake: check for getppid and utimes
... as they're checked for in the configure script and are used by
source code.

Removed checks for perror, setvbuf and strlcat since those defines are
not checked for in source code.

Bonus: removed HAVE_STRLCPY from a few config-*.h files since that
symbol is not used in source code.

Closes #6997
2021-05-04 14:46:55 +02:00
Daniel Stenberg
7645324072
libssh2: ignore timeout during disconnect
... to avoid memory leaks!

libssh2 is tricky as we have to deal with the non-blockiness even in
close and shutdown cases. In the cases when we shutdown after a timeout
already expired, it is crucial that curl doen't let the timeout abort
the shutdown process as that then leaks memory!

Reported-by: Benjamin Riefenstahl
Fixes #6990
2021-05-04 08:20:40 +02:00
ejanchivdorj
94241a9e78
CURLcode: add CURLE_SSL_CLIENTCERT
When a TLS server requests a client certificate during handshake and
none can be provided, libcurl now returns this new error code
CURLE_SSL_CLIENTCERT

Only supported by Secure Transport and OpenSSL for TLS 1.3 so far.

Closes #6721
2021-05-03 17:11:01 +02:00
Harry Sintonen
5af7a48668
krb5/name_to_level: replace checkprefix with curl_strequal
Closes #6993
2021-05-03 16:35:27 +02:00
Harry Sintonen
6201f5c699
Curl_input_digest: require space after Digest
Closes #6993
2021-05-03 16:35:25 +02:00
Harry Sintonen
a60294cf43
Curl_http_header: check for colon when matching Persistent-Auth
Closes #6993
2021-05-03 16:35:22 +02:00
Harry Sintonen
b75620b9a0
Curl_http_input_auth: require valid separator after negotiation type
Closes #6993
2021-05-03 16:35:14 +02:00
Daniel Stenberg
8b9de77cd2
http: fix the check for 'Authorization' with Bearer
The code would wrongly check for it using an additional colon.

Reported-by: Blake Burkhart
Closes #6988
2021-05-02 12:08:20 +02:00
Kamil Dudka
3a6058cb97
http2: fix a resource leak in push_promise()
... detected by Coverity:

Error: RESOURCE_LEAK (CWE-772):
lib/http2.c:532: alloc_fn: Storage is returned from allocation function "duphandle".
lib/http2.c:532: var_assign: Assigning: "newhandle" = storage returned from "duphandle(data)".
lib/http2.c:552: noescape: Resource "newhandle" is not freed or pointed-to in "set_transfer_url".
lib/http2.c:555: leaked_storage: Variable "newhandle" going out of scope leaks the storage it points to.

Closes #6986
2021-05-01 23:40:14 +02:00
Kamil Dudka
3193170470
http2: fix resource leaks in set_transfer_url()
... detected by Coverity:

Error: RESOURCE_LEAK (CWE-772):
lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
lib/http2.c:486: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
lib/http2.c:488: leaked_storage: Variable "u" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK (CWE-772):
lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
lib/http2.c:493: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
lib/http2.c:495: leaked_storage: Variable "u" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK (CWE-772):
lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
lib/http2.c:500: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
lib/http2.c:502: leaked_storage: Variable "u" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK (CWE-772):
lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
lib/http2.c:505: noescape: Resource "u" is not freed or pointed-to in "curl_url_get". [Note: The source code implementation of the function has been overridden by a builtin model.]
lib/http2.c:507: leaked_storage: Variable "u" going out of scope leaks the storage it points to.

Closes #6986
2021-05-01 23:39:18 +02:00
Jacob Hoffman-Andrews
8228002cd1
rustls: use ALPN
Update required rustls to 0.5.0

Closes #6960
2021-04-30 08:27:37 +02:00
MAntoniak
ea17a022b3
gskit: fix CURL_DISABLE_PROXY build
Removed localfd and remotefd from ssl_backend_data (ued only with proxy
connection). Function pipe_ssloverssl return always 0, when proxy is not
used.

Closes #6981
2021-04-30 00:30:43 +02:00
MAntoniak
71bffe73f8
gskit: fix undefined reference to 'conn'
Closes #6980
2021-04-29 23:01:19 +02:00
Jacob Hoffman-Andrews
a3268eca79
tls: add USE_HTTP2 define
This abstracts across the two HTTP/2 backends: nghttp2 and Hyper.

Add our own define for the "h2" ALPN protocol, so TLS backends can use
it without depending on a specific HTTP backend.

Closes #6959
2021-04-29 15:04:39 +02:00
Jacob Hoffman-Andrews
5c932f8fe9
lib: fix 0-length Curl_client_write calls
Closes #6954
2021-04-29 15:02:32 +02:00
Jacob Hoffman-Andrews
f4b85d24b2
lib: remove strlen call from Curl_client_write
At all call sites with an explicit 0 len, pass an appropriate nonzero
len.

Closes #6954
2021-04-29 15:02:16 +02:00
Jay Satiro
1d5d0ae9e5 lib: fix some misuse of curlx_convert_UTF8_to_tchar
curlx_convert_UTF8_to_tchar must be freed by curlx_unicodefree, but
prior to this change some uses mistakenly called free.

I've reviewed all other uses of curlx_convert_UTF8_to_tchar and
curlx_convert_tchar_to_UTF8.

Bug: https://github.com/curl/curl/pull/6602#issuecomment-825236763
Reported-by: sergio-nsk@users.noreply.github.com

Closes https://github.com/curl/curl/pull/6938
2021-04-27 15:09:23 -04:00
Daniel Stenberg
3e820fbf25
ntlm: precaution against super huge type2 offsets
... which otherwise caused an integer overflow and circumvented the if()
conditional size check.

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33720
Assisted-by: Max Dymond
Closes #6975
2021-04-27 16:02:02 +02:00
Daniel Stenberg
826c438c61
c-hyper: fix unused variable ‘wrote’ 2021-04-27 16:00:48 +02:00
Kevin Burke
76f33fd373
c-hyper: don't write to set.writeheader if null
Previously if a caller set CURLOPT_WRITEFUNCTION but did not set a
CURLOPT_HEADERDATA buffer, Hyper would still attempt to write headers to
the data->set.writeheader header buffer, even though it is null.  This
led to NPE segfaults attempting to use libcurl+Hyper with Git, for
example.

Instead, process the client write for the status line using the same
logic we use to process the client write for the later HTTP headers,
which contains the appropriate guard logic. As a side benefit,
data->set.writeheader is now only read in one file instead of two.

Fixes #6619
Fixes abetterinternet/crustls#49
Fixes hyperium/hyper#2438
Closes #6971
2021-04-27 07:49:05 +02:00
Daniel Stenberg
9fc284427c
wolfssl: handle SSL_write() returns 0 for error
Reported-by: Timo Lange

Closes #6967
2021-04-26 14:27:45 +02:00
Daniel Stenberg
f154ae9de3
easy: ignore sigpipe in curl_easy_send
Closes #6965
2021-04-26 13:22:20 +02:00
Daniel Stenberg
9ec1ef7f41
sigpipe: ignore SIGPIPE when using wolfSSL as well
Closes #6966
2021-04-26 12:59:42 +02:00
Harry Sintonen
f2e1163bc8
nss_set_blocking: avoid static for sock_opt
Reviewed-by: Kamil Dudka
Closes #6945
2021-04-26 08:45:54 +02:00
Daniel Stenberg
994af2a1e9
krb5: don't use 'static' to store PBSZ size response
... because it makes the knowledge and usage cross-transfer in funny and
unexpected ways.

Reported-by: Harry Sintonen
Closes #6963
2021-04-26 08:04:52 +02:00
Daniel Stenberg
7843fe0a1b
krb5: remove the unused 'overhead' function
Closes #6947
2021-04-25 14:51:34 +02:00
Jacob Hoffman-Andrews
5e7fc49c19
c-hpyer: fix handling of zero-byte chunk from hyper
Closes #6951
2021-04-25 14:11:21 +02:00
Ralph Langendam
a60b111980
cmake: make libcurl output filename configurable
Reviewed-by: Jakub Zakrzewski
Closes #6933
2021-04-23 18:42:31 +02:00
Patrick Monnerat
a4554b2c5e
vtls: reset ssl use flag upon negotiation failure
Fixes the segfault in ldaps disconnect.

Reported-by: Illarion Taev
Fixes #6934
Closes #6937
2021-04-23 14:41:39 +02:00
Martin Halle
e540b32562 version: add gsasl_version to curl_version_info_data
- Add gsasl_version string and bump to CURLVERSION_TENTH.

Ref: https://curl.se/mail/lib-2021-04/0003.html

Closes https://github.com/curl/curl/pull/6843
2021-04-22 18:28:28 -04:00
Morten Minde Neergaard
67d3afa73f schannel: Support strong crypto option
- Support enabling strong crypto via optional user cipher list when
  USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list.

MSDN says SCH_USE_STRONG_CRYPTO "Instructs Schannel to disable known
weak cryptographic algorithms, cipher suites, and SSL/TLS protocol
versions that may be otherwise enabled for better interoperability."

Ref: https://curl.se/mail/lib-2021-02/0066.html
Ref: https://curl.se/docs/manpage.html#--ciphers
Ref: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
Ref: https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred

Closes https://github.com/curl/curl/pull/6734
2021-04-22 17:40:19 -04:00
Jay Satiro
54e7475016 schannel: Disable auto credentials; add an option to enable it
- Disable auto credentials by default. This is a breaking change
  for clients that are using it, wittingly or not.

- New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl
  to automatically locate and use a client certificate for
  authentication, when requested by the server.

- New curl tool options --ssl-auto-client-cert and
  --proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT.

This option is only supported for Schannel (the native Windows SSL
library). Prior to this change Schannel would, with no notification to
the client, attempt to locate a client certificate and send it to the
server, when requested by the server. Since the server can request any
certificate that supports client authentication in the OS certificate
store it could be a privacy violation and unexpected.

Fixes https://github.com/curl/curl/issues/2262
Reported-by: Jeroen Ooms
Assisted-by: Wes Hinsley
Assisted-by: Rich FitzJohn

Ref: https://curl.se/mail/lib-2021-02/0066.html
Reported-by: Morten Minde Neergaard

Closes https://github.com/curl/curl/pull/6673
2021-04-22 16:53:37 -04:00
Michał Antoniak
e4ba999646
vtls: deduplicate some DISABLE_PROXY ifdefs
continue from #5735

- using SSL_HOST_NAME, SSL_HOST_DISPNAME, SSL_PINNED_PUB_KEY for other
  tls backend

- create SSL_HOST_PORT

Closes #6660
2021-04-22 22:50:56 +02:00
Daniel Stenberg
52fab72397
checksrc: complain on == NULL or != 0 checks in conditions
... to make them all consistenly use if(!var) and if(var)

Also added a few missing warnings to the documentation.

Closes #6912
2021-04-22 09:10:17 +02:00
Daniel Stenberg
063d3f3b96
tidy-up: make conditional checks more consistent
... remove '== NULL' and '!= 0'

Closes #6912
2021-04-22 09:10:17 +02:00
Patrick Monnerat
19ea52da4d
vauth: factor base64 conversions out of authentication procedures
Input challenges and returned messages are now in binary.
Conversions from/to base64 are performed by callers (currently curl_sasl.c
and http_ntlm.c).

Closes #6654
2021-04-22 09:06:07 +02:00
Patrick Monnerat
34cf40321c
bufref: buffer reference support
A struct bufref holds a buffer pointer, a data size and a destructor.
When freed or its contents are changed, the previous buffer is implicitly
released by the associated destructor. The data size, although not used
internally, allows binary data support.

A unit test checks its handling methods: test 1661

Closes #6654
2021-04-22 09:05:53 +02:00
Marc Hoersken
b36442b243
multi: fix slow write/upload performance on Windows
Reset FD_WRITE by sending zero bytes which is permissible
and will be treated by implementations as successful send.

Without this we won't be notified in case a socket is still
writable if we already received such a notification and did
not send any data afterwards on the socket. This would lead
to waiting forever on a writable socket being writable again.

Assisted-by: Tommy Odom
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad
Tested-by: tmkk on github

Bug: #6146
Closes #6245
2021-04-21 20:32:24 +02:00
Marc Hoersken
e92998a312
multi: reduce Win32 API calls to improve performance
1. Consolidate pre-checks into a single Curl_poll call:

This is an attempt to restructure the code in Curl_multi_wait
in such a way that less syscalls are made by removing individual
calls to Curl_socket_check via SOCKET_READABLE/SOCKET_WRITABLE.

2. Avoid resetting the WinSock event multiple times:

We finally call WSAResetEvent anyway, so specifying it as
an optional parameter to WSAEnumNetworkEvents is redundant.

3. Wakeup directly in case no sockets are being monitoring:

Fix the WinSock based implementation to skip extra waiting by
not sleeping in case no sockets are to be waited on and just
the WinSock event is being monitored for wakeup functionality.

Assisted-by: Tommy Odom
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad

Bug: #6146
Closes #6245
2021-04-21 20:32:14 +02:00
Marc Hoersken
bcca174cfa
Revert "Revert 'multi: implement wait using winsock events'"
This reverts commit 2260e0ebe6,
also restoring previous follow up changes which were reverted.

Authored-by: rcombs on github
Authored-by: Marc Hörsken
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad

Restores #5634
Reverts #6281
Part of #6245
2021-04-21 20:29:36 +02:00
Daniel Stenberg
3057c6cd73
Revert "cmake: make libcurl library output name configurable"
This reverts commit 1cba36d216.

CMake provides properties that can be set on a target to rename the
output artifact without changing the name of a target.

Ref: #6899
2021-04-21 15:03:26 +02:00
Michael Kolechkin
dd2bb48552
sectransp: allow cipher name to be specified
Add parser for CURLOPT_SSL_CIPHER_LIST option for Secure Transport (ST)
back-end. Similar to NSS and GSKit back-ends, new code parses string
value and configures ST library to use those ciphers for communication.
Create cipher spec data structure and initialize the array of specs with
cipher number, name, alias, and 'weak' flag.

Mark triple-DES ciphers as 'weak', and exclude them from the default
ciphers list.

Closes #6464
2021-04-21 12:00:22 +02:00