1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-11 03:55:03 -05:00
Commit Graph

8341 Commits

Author SHA1 Message Date
Kamil Dudka
24a8359b25 http: do not leak basic auth credentials on re-used connections
CVE-2015-3236

This partially reverts commit curl-7_39_0-237-g87c4abb

Reported-by: Tomas Tomecek, Kamil Dudka
Bug: http://curl.haxx.se/docs/adv_20150617A.html
2015-06-17 07:43:13 +02:00
Daniel Stenberg
50c7f17e50 SMB: rangecheck values read off incoming packet
CVE-2015-3237

Detected by Coverity. CID 1299430.

Bug: http://curl.haxx.se/docs/adv_20150617B.html
2015-06-17 07:43:13 +02:00
Jay Satiro
3e7ec1e849 schannel: schannel_recv overhaul
This commit is several drafts squashed together. The changes from each
draft are noted below. If any changes are similar and possibly
contradictory the change in the latest draft takes precedence.

Bug: https://github.com/bagder/curl/issues/244
Reported-by: Chris Araman

%%
%% Draft 1
%%
- return 0 if len == 0. that will have to be documented.
- continue on and process the caches regardless of raw recv
- if decrypted data will be returned then set the error code to CURLE_OK
and return its count
- if decrypted data will not be returned and the connection has closed
(eg nread == 0) then return 0 and CURLE_OK
- if decrypted data will not be returned and the connection *hasn't*
closed then set the error code to CURLE_AGAIN --only if an error code
isn't already set-- and return -1
- narrow the Win2k workaround to only Win2k

%%
%% Draft 2
%%
- Trying out a change in flow to handle corner cases.

%%
%% Draft 3
%%
- Back out the lazier decryption change made in draft2.

%%
%% Draft 4
%%
- Some formatting and branching changes
- Decrypt all encrypted cached data when len == 0
- Save connection closed state
- Change special Win2k check to use connection closed state

%%
%% Draft 5
%%
- Default to CURLE_AGAIN in cleanup if an error code wasn't set and the
connection isn't closed.

%%
%% Draft 6
%%
- Save the last error only if it is an unrecoverable error.

Prior to this I saved the last error state in all cases; unfortunately
the logic to cover that in all cases would lead to some muddle and I'm
concerned that could then lead to a bug in the future so I've replaced
it by only recording an unrecoverable error and that state will persist.

- Do not recurse on renegotiation.

Instead we'll continue on to process any trailing encrypted data
received during the renegotiation only.

- Move the err checks in cleanup after the check for decrypted data.

In either case decrypted data is always returned but I think it's easier
to understand when those err checks come after the decrypted data check.

%%
%% Draft 7
%%
- Regardless of len value go directly to cleanup if there is an
unrecoverable error or a close_notify was already received. Prior to
this change we only acknowledged those two states if len != 0.

- Fix a bug in connection closed behavior: Set the error state in the
cleanup, because we don't know for sure it's an error until that time.

- (Related to above) In the case the connection is closed go "greedy"
with the decryption to make sure all remaining encrypted data has been
decrypted even if it is not needed at that time by the caller. This is
necessary because we can only tell if the connection closed gracefully
(close_notify) once all encrypted data has been decrypted.

- Do not renegotiate when an unrecoverable error is pending.

%%
%% Draft 8
%%
- Don't show 'server closed the connection' info message twice.

- Show an info message if server closed abruptly (missing close_notify).
2015-06-17 00:17:03 -04:00
Daniel Stenberg
b430cb2a58 rtsp_do: fix DEAD CODE
"At condition p_request, the value of p_request cannot be NULL."

Coverity CID 1306668.
2015-06-15 09:05:07 +02:00
Daniel Stenberg
99eafc49bb security:choose_mech fix DEAD CODE warning
... by removing the "do {} while (0)" block.

Coverity CID 1306669
2015-06-15 09:02:46 +02:00
Daniel Stenberg
ff7097f72c urldata: store POST size in state.infilesize too
... to simplify checking when PUT _or_ POST have completed.

Reported-by: Frank Meier
Bug: http://curl.haxx.se/mail/lib-2015-06/0019.html
2015-06-14 23:31:01 +02:00
Joel Depooter
a3e5a4371b schannel: Add support for optional client certificates
Some servers will request a client certificate, but not require one.
This change allows libcurl to connect to such servers when using
schannel as its ssl/tls backend. When a server requests a client
certificate, libcurl will now continue the handshake without one,
rather than terminating the handshake. The server can then decide
if that is acceptable or not. Prior to this change, libcurl would
terminate the handshake, reporting a SEC_I_INCOMPLETE_CREDENTIALS
error.
2015-06-11 15:53:01 -04:00
Daniel Stenberg
8d0d688296 debug: remove http2 debug leftovers 2015-06-10 23:16:37 +02:00
Daniel Stenberg
55f3eb588d INTERNALS: cat lib/README* >> INTERNALS
and a conversion to markdown. Removed the lib/README.* files. The idea
being to move toward having INTERNALS as the one and only "book" of
internals documentation.

Added a TOC to top of the document.
2015-06-09 23:57:22 +02:00
Jay Satiro
cbf2920d02 openssl: LibreSSL and BoringSSL do not use TLS_client_method
Although OpenSSL 1.1.0+ deprecated SSLv23_client_method in favor of
TLS_client_method LibreSSL and BoringSSL didn't and still use
SSLv23_client_method.

Bug: https://github.com/bagder/curl/commit/49a6642#commitcomment-11578009
Reported-by: asavah@users.noreply.github.com
2015-06-08 23:45:26 -04:00
Daniel Stenberg
20ac345806 CURLOPT_OPENSOCKETFUNCTION: return error at once
When CURL_SOCKET_BAD is returned in the callback, it should be treated
as an error (CURLE_COULDNT_CONNECT) if no other socket is subsequently
created when trying to connect to a server.

Bug: http://curl.haxx.se/mail/lib-2015-06/0047.html
2015-06-09 00:22:02 +02:00
Jay Satiro
b8673bb9f0 openssl: Fix verification of server-sent legacy intermediates
- Try building a chain using issuers in the trusted store first to avoid
problems with server-sent legacy intermediates.

Prior to this change server-sent legacy intermediates with missing
legacy issuers would cause verification to fail even if the client's CA
bundle contained a valid replacement for the intermediate and an
alternate chain could be constructed that would verify successfully.

https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
2015-06-07 23:33:32 -04:00
Daniel Stenberg
1ce14037c0 openssl: removed error string #ifdef
ERR_error_string_n() was introduced in 0.9.6, no need to #ifdef anymore
2015-06-05 00:12:56 +02:00
Daniel Stenberg
30bd59ba6e openssl: removed USERDATA_IN_PWD_CALLBACK kludge
Code for OpenSSL 0.9.4 serves no purpose anymore!
2015-06-05 00:11:32 +02:00
Daniel Stenberg
ccfdd5986c openssl: remove SSL_get_session()-using code
It was present for OpenSSL 0.9.5 code but we only support 0.9.7 or
later.
2015-06-05 00:09:25 +02:00
Daniel Stenberg
fc16d9cec8 openssl: remove dummy callback use from SSL_CTX_set_verify()
The existing callback served no purpose.
2015-06-05 00:02:17 +02:00
Jay Satiro
3013bb6b1c cookie: Stop exporting any-domain cookies
Prior to this change any-domain cookies (cookies without a domain that
are sent to any domain) were exported with domain name "unknown".

Bug: https://github.com/bagder/curl/issues/292
2015-06-03 21:48:47 -04:00
Jay Satiro
59432503c0 curl_setup: Change fopen text macros to use 't' for MSDOS
Bug: https://github.com/bagder/curl/pull/258#issuecomment-107915198
Reported-by: Gisle Vanem
2015-06-02 14:04:00 -04:00
Daniel Stenberg
33ee411848 checksrc: detect fopen() for text without the FOPEN_* macros
Follow-up to e8423f9ce1 with discussionis in
https://github.com/bagder/curl/pull/258

This check scans for fopen() with a mode string without 'b' present, as
it may indicate that an FOPEN_* define should rather be used.
2015-06-02 08:28:10 +02:00
Jay Satiro
e8423f9ce1 curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT
- Change fopen calls to use FOPEN_READTEXT instead of "r" or "rt"
- Change fopen calls to use FOPEN_WRITETEXT instead of "w" or "wt"

This change is to explicitly specify when we need to read/write text.
Unfortunately 't' is not part of POSIX fopen so we can't specify it
directly. Instead we now have FOPEN_READTEXT, FOPEN_WRITETEXT.

Prior to this change we had an issue on Windows if an application that
uses libcurl overrides the default file mode to binary. The default file
mode in Windows is normally text mode (translation mode) and that's what
libcurl expects.

Bug: https://github.com/bagder/curl/pull/258#issuecomment-107093055
Reported-by: Orgad Shaneh
2015-06-01 03:21:23 -04:00
Isaac Boukris
4bb815a32e HTTP-NTLM: fail auth on connection close instead of looping
Bug: https://github.com/bagder/curl/issues/256
2015-05-31 23:21:15 +02:00
Daniel Stenberg
9a0a16a61c README.pingpong: removed 2015-05-31 00:20:22 +02:00
Daniel Stenberg
a8904b39f3 HTTP2: moved docs into docs/ and make it markdown 2015-05-30 11:55:33 +02:00
Daniel Stenberg
8a7c1c76b3 README.http2: refreshed and added multiplexing info 2015-05-30 11:53:24 +02:00
Daniel Melani
c005790ff1 openssl: typo in comment 2015-05-27 11:31:48 +02:00
Jay Satiro
49a6642f01 openssl: Use TLS_client_method for OpenSSL 1.1.0+
SSLv23_client_method is deprecated starting in OpenSSL 1.1.0. The
equivalent is TLS_client_method.

https://github.com/openssl/openssl/commit/13c9bb3#diff-708d3ae0f2c2973b272b811315381557
2015-05-27 01:30:30 -04:00
Tatsuhiro Tsujikawa
02dfc930b5 http2: Copy data passed in Curl_http2_switched into HTTP/2 connection buffer
Previously, after seeing upgrade to HTTP/2, we feed data followed by
upgrade response headers directly to nghttp2_session_mem_recv() in
Curl_http2_switched().  But it turns out that passed buffer, mem, is
part of stream->mem, and callbacks called by
nghttp2_session_mem_recv() will write stream specific data into
stream->mem, overwriting input data.  This will corrupt input, and
most likely frame length error is detected by nghttp2 library.  The
fix is first copy the passed data to HTTP/2 connection buffer,
httpc->inbuf, and call nghttp2_session_mem_recv().
2015-05-25 23:07:49 +02:00
Dan Fandrich
b6e3da5f08 conncache: fixed memory leak on OOM (torture tests) 2015-05-24 11:19:07 +02:00
Daniel Stenberg
e582cd16ff security: fix "Unchecked return value" from sscanf()
By (void) prefixing it and adding a comment. Did some minor related
cleanups.

Coverity CID 1299423.
2015-05-22 16:52:41 +02:00
Daniel Stenberg
1514977bcd security: simplify choose_mech
Coverity CID 1299424 identified dead code because of checks that could
never equal true (if the mechanism's name was NULL).

Simplified the function by removing a level of pointers and removing the
loop and array that weren't used.
2015-05-22 16:46:01 +02:00
Daniel Stenberg
fda0e74c22 RTSP: catch attempted unsupported requests better
Replace use of assert with code that properly catches bad input at
run-time even in non-debug builds.

This flaw was sort of detected by Coverity CID 1299425 which claimed the
"case RTSPREQ_NONE" was dead code.
2015-05-22 16:32:42 +02:00
Daniel Stenberg
03e2a9b023 share_init: fix OOM crash
A failed calloc() would lead to NULL pointer use.

Coverity CID 1299427.
2015-05-22 16:26:14 +02:00
Daniel Stenberg
817323ed82 parse_proxy: switch off tunneling if non-HTTP proxy
non-HTTP proxy implies not using CURLOPT_HTTPPROXYTUNNEL

Bug: http://curl.haxx.se/mail/lib-2015-05/0056.html
Reported-by: Sean Boudreau
2015-05-22 16:19:53 +02:00
Daniel Stenberg
84d811f6af http2: on_frame_recv: return early on stream 0
Coverity CID 1299426 warned about possible NULL dereference otherwise,
but that would only ever happen if we get invalid HTTP/2 data with
frames for stream 0. Avoid this risk by returning early when stream 0 is
used.
2015-05-22 15:17:16 +02:00
Daniel Stenberg
d04bab8873 http: removed self assignment
Follow-up fix from b0143a2a33

Detected by coverity. CID 1299429
2015-05-22 09:57:16 +02:00
Tatsuhiro Tsujikawa
640f283bbb http2: Make HTTP Upgrade work
This commit just add implicitly opened stream 1 to streams hash.
2015-05-22 09:31:19 +02:00
Jay Satiro
995c6006fe strerror: Change SEC_E_ILLEGAL_MESSAGE description
Prior to this change the description for SEC_E_ILLEGAL_MESSAGE was OS
and language specific, and invariably translated to something not very
helpful like: "The message received was unexpected or badly formatted."

Bug: https://github.com/bagder/curl/issues/267
Reported-by: Michael Osipov
2015-05-22 02:30:38 -04:00
Jay Satiro
78ac944dc2 telnet: Fix read-callback change for Windows builds
Refer to b0143a2 for more information on the read-callback change.
2015-05-21 23:26:32 -04:00
Daniel Stenberg
b0143a2a33 read_callback: move to SessionHandle from connectdata
With many easy handles using the same connection for multiplexing, it is
important we store and keep the transfer-oriented stuff in the
SessionHandle so that callbacks and callback data work fine even when
many easy handles share the same physical connection.
2015-05-20 23:06:45 +02:00
Daniel Stenberg
6a688976f0 http2: show stream IDs in decimal
It makes them easier to match output from the nghttpd test server.
2015-05-20 23:06:29 +02:00
Tatsuhiro Tsujikawa
c175d184a2 http2: Faster http2 upload
Previously, when we send all given buffer in data_source_callback, we
return NGHTTP2_ERR_DEFERRED, and nghttp2 library removes this stream
temporarily for writing.  This itself is good.  If this is the sole
stream in the session, nghttp2_session_want_write() returns zero,
which means that libcurl does not check writeability of the underlying
socket.  This leads to very slow upload, because it seems curl only
upload 16k something per 1 second.  To fix this, if we still have data
to send, call nghttp2_session_resume_data after nghttp2_session_send.
This makes nghttp2_session_want_write() returns nonzero (if connection
window still opens), and as a result, socket writeability is checked,
and upload speed becomes normal.
2015-05-20 22:43:37 +02:00
Dmitry Eremin-Solenikov
d5aab55b33 gtls: don't fail on non-fatal alerts during handshake
Stop curl from failing when non-fatal alert is received during
handshake.  This e.g. fixes lots of problems when working with https
sites through proxies.
2015-05-20 22:41:30 +02:00
Brian Prodoehl
a393d64456 openssl: Use SSL_CTX_set_msg_callback and SSL_CTX_set_msg_callback_arg
BoringSSL removed support for direct callers of SSL_CTX_callback_ctrl
and SSL_CTX_ctrl, so move to a way that should work on BoringSSL and
OpenSSL.

re #275
2015-05-19 22:54:42 +02:00
Daniel Stenberg
301ba7772c transfer: remove erroneous and misleading comment 2015-05-19 14:00:19 +02:00
Kamil Dudka
00a770b3f5 http: silence compile-time warnings without USE_NGHTTP2
Error: CLANG_WARNING:
lib/http.c:173:16: warning: Value stored to 'http' during its initialization is never read

Error: COMPILER_WARNING:
lib/http.c: scope_hint: In function ‘http_disconnect’
lib/http.c:173:16: warning: unused variable ‘http’ [-Wunused-variable]
2015-05-19 12:53:30 +02:00
Jay Satiro
dd23c49546 transfer: Replace __func__ instances with function name
.. also make __func__ replacement in multi.

Prior to this change debug builds would fail to build if the compiler
was building pre-c99 and didn't support __func__.
2015-05-19 02:23:55 -04:00
Viktor Szakats
3d38a38012 build: bump version in default nghttp2 paths 2015-05-19 07:42:16 +02:00
Jay Satiro
7da064fdd2 http: Add some include guards for the new HTTP/2 stuff 2015-05-18 20:53:58 -04:00
Daniel Stenberg
897a7b3a13 http2: store upload state per stream
Use a curl_off_t for upload left
2015-05-18 15:41:43 +02:00
Daniel Stenberg
155b1f5df9 http2: fix build when NOT h2-enabled 2015-05-18 14:09:32 +02:00