1
0
mirror of https://github.com/moparisthebest/curl synced 2025-01-06 03:18:04 -05:00
Commit Graph

22407 Commits

Author SHA1 Message Date
Daniel Stenberg
821a0854f6 BUGS: clarify how to report security related bugs 2017-08-01 14:39:13 +02:00
Brad Spencer
164a09368d multi: fix request timer management
There are some bugs in how timers are managed for a single easy handle
that causes the wrong "next timeout" value to be reported to the
application when a new minimum needs to be recomputed and that new
minimum should be an existing timer that isn't currently set for the
easy handle.  When the application drives a set of easy handles via the
`curl_multi_socket_action()` API (for example), it gets told to wait the
wrong amount of time before the next call, which causes requests to
linger for a long time (or, it is my guess, possibly forever).

Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html
2017-08-01 13:39:38 +02:00
Jay Satiro
53d137d94a curl_setup: Define CURL_NO_OLDIES for building libcurl
.. to catch accidental use of deprecated error codes.

Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237
2017-08-01 02:56:48 -04:00
Jeremy Tan
f262b3586c configure: fix the check for IdnToUnicode
Fixes #1669
Closes #1713
2017-08-01 01:04:45 +02:00
Daniel Stenberg
909283ae5a http: fix response code parser to avoid integer overflow
test 1429 and 1433 were updated to work with the stricter HTTP status line
parser.

Closes #1714
Reported-by: Brian Carpenter
2017-07-31 18:37:43 +02:00
Dwarakanath Yadavalli
512f8c774a libcurl: Stop using error codes defined under CURL_NO_OLDIES
Fixes https://github.com/curl/curl/issues/1688
Closes https://github.com/curl/curl/pull/1712
2017-07-31 02:59:05 -04:00
Jay Satiro
436cd490fc include.d: clarify --include is only for response headers
Follow-up to 171f8de and de6de94.

Bug: https://github.com/curl/curl/commit/de6de94#commitcomment-23370851
Reported-by: Daniel Stenberg
2017-07-30 02:29:36 -04:00
jasjuang
27e2a4733c cmake: support make uninstall
Closes #1674
2017-07-30 01:56:14 +02:00
Daniel Stenberg
e88f133298 RELEASE-NOTES: synced with 001701c47 2017-07-30 01:25:57 +02:00
Marcel Raad
001701c47e
AppVeyor: now really use CURL_WERROR
It was misspelled as CURL_ERROR in commit
2d86e8d128.

Closes https://github.com/curl/curl/pull/1686
2017-07-29 18:47:18 +02:00
Jay Satiro
de6de94c9a tool_help: clarify --include is only for response headers
Follow-up to 171f8de.

Ref: https://github.com/curl/curl/issues/1704
2017-07-29 01:33:25 -04:00
Jay Satiro
f8614af527 splay: fix signed/unsigned mismatch warning
Follow-up to 4dee50b.

Ref: https://github.com/curl/curl/pull/1693
2017-07-29 01:13:42 -04:00
Daniel Stenberg
171f8ded26 include.d: clarify that it concerns the response headers
Reported-by: olesteban at github
Fixes #1704
2017-07-28 18:22:50 +02:00
Johannes Schindelin
1cfa4cd427 curl_rtmp: fix a compiler warning
The headers of librtmp declare the socket as `int`, and on Windows, that
disagrees with curl_socket_t.

Bug: #1652

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-07-28 16:41:29 +02:00
Daniel Stenberg
0018221532 test1323: verify curlx_tvdiff 2017-07-28 15:51:36 +02:00
Daniel Stenberg
4dee50b9c8 timeval: struct curltime is a struct timeval replacement
... to make all libcurl internals able to use the same data types for
the struct members. The timeval struct differs subtly on several
platforms so it makes it cumbersome to use everywhere.

Ref: #1652
Closes #1693
2017-07-28 15:51:25 +02:00
Daniel Stenberg
7551e55d66 darwinssl: fix variable type mistake (regression)
... which made --tlsv1.2 not work because it would blank the max tls
version variable.

Reported-by: Nick Miyake
Bug: #1703
2017-07-27 18:30:11 +02:00
Daniel Stenberg
02c7a2ccab multi: mention integer overflow risk if using > 500 million sockets
Reported-by: ovidiu-benea@users.noreply.github.com

Closes #1675
Closes #1683
2017-07-27 01:13:47 +02:00
Daniel Stenberg
60cf84f7f2 checksrc: escape open brace in regex
... to silence warning.
2017-07-27 01:13:19 +02:00
Kamil Dudka
42a4cd4c78 nss: fix a possible use-after-free in SelectClientCert()
... causing a SIGSEGV in showit() in case the handle used to initiate
the connection has already been freed.

This commit fixes a bug introduced in curl-7_19_5-204-g5f0cae803.

Reported-by: Rob Sanders
Bug: https://bugzilla.redhat.com/1436158
2017-07-20 08:09:01 +02:00
Kamil Dudka
c89eb6d0f8 nss: unify the coding style of nss_send() and nss_recv()
No changes in behavior intended by this commit.
2017-07-20 08:08:47 +02:00
Marcel Raad
da6aa3f763
tests/server/resolve.c: fix deprecation warning
MSVC warns that gethostbyname is deprecated. Always use getaddrinfo
instead to fix this when IPv6 is enabled, also for IPv4 resolves. This
is also consistent with what libcurl does.

Closes https://github.com/curl/curl/pull/1682
2017-07-18 10:23:47 +02:00
Jay Satiro
798ad5d924 darwinssl: fix pinnedpubkey build error
- s/SessionHandle/Curl_easy/

Bug: https://github.com/curl/curl/commit/eb16305#commitcomment-23035670
Reported-by: Gisle Vanem
2017-07-17 02:46:07 -04:00
Marcel Raad
38faf041cf
rtspd: fix GCC warning after MSVC warning fix
Older GCC warns:
/tests/server/rtspd.c:1194:10: warning: missing braces around
initializer [-Wmissing-braces]

Fix this by using memset instead of an initializer.
2017-07-16 15:16:46 +02:00
Marcel Raad
fb3b0f25ef
libtest: fix MSVC warning C4706
With warning level 4, MSVC warns about assignments within conditional
expressions. Change the while loop to a do-while loop to fix this. This
change is also consistent with CODE_STYLE.md.
2017-07-16 14:02:59 +02:00
Marcel Raad
0bdb811250
sockfilt: suppress conversion warning with explicit cast
MSVC warns when implicitly casting -1 to unsigned long.
2017-07-16 13:28:45 +02:00
Marcel Raad
70cbefeb5f
rtspd: fix MSVC level 4 warning
warning C4701: potentially uninitialized local variable 'req' used
2017-07-16 13:26:21 +02:00
Marcel Raad
a4bef6a91b
winbuild: re-enable warning C4127 for curl tool
Disabled in cda19a345f. It only needs to
be disabled for libcurl.
2017-07-14 08:52:14 +02:00
Marcel Raad
cda19a345f
winbuild: build with warning level 4
This is consistent with 7bc64561a2, which
changed the warning level from 3 to 4 for the Visual Studio project
files. But disable the level 4 warning C4127 "conditional expression is
constant", as that one is issued by older versions of the Windows SDK
as well as curl itself under some circumstances.

Closes https://github.com/curl/curl/pull/1667
2017-07-13 22:30:33 +02:00
Max Dymond
ffd3162c60 travis: install libidn2
Install libidn2 to increase test coverage (IDN tests)

Closes https://github.com/curl/curl/pull/1673
2017-07-12 22:34:33 -04:00
Marcel Raad
7333b497a0
travis: enable warnings also in release mode
... to get warnings also on Linux/GCC and OSX/clang.

Closes https://github.com/curl/curl/pull/1666
2017-07-12 22:51:10 +02:00
Max Dymond
51ccc4850a travis: install libssh2
Install libssh2 to increase test coverage (SFTP, SCP)
2017-07-12 21:43:33 +02:00
Marcel Raad
b22ec39640
system.h: include winsock2.h before windows.h
... to avoid compiler warnings if the user doesn't want
WIN32_LEAN_AND_MEAN.
2017-07-12 07:55:18 +02:00
Marcel Raad
ef5cac3d8c
build: remove WIN32_LEAN_AND_MEAN from individual build systems
It's defined for all build systems in curl_setup.h since commit
beb08481d0. This caused macro
redefinition warnings in the configure builds.

Closes https://github.com/curl/curl/pull/1677
2017-07-11 18:16:23 +02:00
Jay Satiro
274983b774 ISSUE_TEMPLATE: Add a comment not to file security issues on github 2017-07-11 11:48:37 -04:00
Marcel Raad
beb08481d0
curl_setup: always define WIN32_LEAN_AND_MEAN on Windows
Make sure to always define WIN32_LEAN_AND_MEAN before including any
Windows headers to avoid pulling in unnecessary headers. This avoids
unnecessary macro clashes and compiler warnings.

Ref: https://github.com/curl/curl/issues/1562
Closes https://github.com/curl/curl/pull/1672
2017-07-11 11:57:00 +02:00
Jay Satiro
c5e87fdb7a strerror: Preserve Windows error code in some functions
This is a follow-up to af02162 which removed (SET_)ERRNO macros. That
commit was an earlier draft that I committed by mistake, which was then
remedied by a5834e5 and e909de6, and now this commit. With this commit
there is now no difference between the current code and the changes that
were approved in the final draft.

Thanks-to: Max Dymond, Marcel Raad, Daniel Stenberg, Gisle Vanem
Ref: https://github.com/curl/curl/pull/1589
2017-07-11 01:53:23 -04:00
Max Dymond
e909de65b9
tests: Fix up issues with errno in test files
Closes https://github.com/curl/curl/pull/1671
2017-07-10 16:19:23 +02:00
Daniel Stenberg
a5834e525d errno: fix non-windows builds after af0216251b 2017-07-10 13:59:05 +02:00
Ryan Winograd
793e831bbf make: fix docs build on OpenBSD
Ref: #1591
2017-07-10 13:54:02 +02:00
Marcel Raad
b54e0babd7
ldap: fix MinGW compiler warning
ldap_bind_s is marked as deprecated in w32api's winldap.h shipping with
the latest original MinGW, resulting in compiler warnings since commit
f0fe66f13c. Fix this for the non-SSPI
case by using ldap_simple_bind_s again instead of ldap_bind_s with
LDAP_AUTH_SIMPLE.

Closes https://github.com/curl/curl/pull/1664
2017-07-10 10:22:34 +02:00
Marcel Raad
deadb2348f
curl-compilers.m4: disable warning spam with Cygwin's clang
When building with Cygwin or MinGW, libtool uses a wrapper executable
instead of a wrapper script [1], which is written in C and throws
missing-variable-declarations warnings. Don't enable these warnings on
Cygwin and MinGW in order to avoid warnings for every executable built,
which spams the test suite output when using Cygwin's clang.

[1] https://www.gnu.org/software/libtool/manual/html_node/Wrapper-executables.html

Closes https://github.com/curl/curl/pull/1665
2017-07-10 10:16:29 +02:00
Jay Satiro
af0216251b curl_setup_once: Remove ERRNO/SET_ERRNO macros
Prior to this change (SET_)ERRNO mapped to GetLastError/SetLastError
for Win32 and regular errno otherwise.

I reviewed the code and found no justifiable reason for conflating errno
on WIN32 with GetLastError/SetLastError. All Win32 CRTs support errno,
and any Win32 multithreaded CRT supports thread-local errno.

Fixes https://github.com/curl/curl/issues/895
Closes https://github.com/curl/curl/pull/1589
2017-07-10 02:09:27 -04:00
Jay Satiro
17da675002 tool_getparam: fix potentially uninitialized err 2017-07-09 12:04:42 -04:00
Marcel Raad
59a0fb2439
smb: rename variable to fix shadowing warning
GCC 4.6.3 on travis complains:
smb.c: In function ‘get_posix_time’:
smb.c:725:13: error: declaration of ‘time’ shadows a global declaration
[-Werror=shadow]

Fix this by renaming the variable.
2017-07-09 14:42:13 +02:00
Marcel Raad
f601f42787
tool_cb_wrt: fix variable shadowing warning
GCC 4.4 complains:
tool_cb_wrt.c:81: error: declaration of ‘isatty’ shadows a global
declaration
/usr/include/unistd.h:782: error: shadowed declaration is here

Fix this by renaming the variable.

Closes https://github.com/curl/curl/pull/1661
2017-07-09 14:38:10 +02:00
Daniel Stenberg
a548183546 RELEASE-NOTES: synced with be2c999b8 2017-07-08 00:15:17 +02:00
Daniel Stenberg
ca3545d17f travis: install stunnel 2017-07-07 17:25:43 +02:00
Daniel Stenberg
be2c999b80 valgrind.supp: supress OpenSSL false positive seen on travis 2017-07-07 16:58:08 +02:00
Daniel Stenberg
8b78f7c23d travis: detect and use valgrind for normal builds
Closes #1653
2017-07-07 16:58:08 +02:00