1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-15 22:15:13 -05:00
Commit Graph

8123 Commits

Author SHA1 Message Date
Markus Elfring
29c655c0a6 Bug #149: Deletion of unnecessary checks before calls of the function "free"
The function "free" is documented in the way that no action shall occur for
a passed null pointer. It is therefore not needed that a function caller
repeats a corresponding check.
http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first

This issue was fixed by using the software Coccinelle 1.0.0-rc24.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-16 12:13:56 +01:00
Jay Satiro
059b3a5770 connect: Fix happy eyeballs logic for IPv4-only builds
Bug: https://github.com/bagder/curl/pull/168

(trynextip)
- Don't try the "other" protocol family unless IPv6 is available. In an
IPv4-only build the other family can only be IPv6 which is unavailable.

This change essentially stops IPv4-only builds from attempting the
"happy eyeballs" secondary parallel connection that is supposed to be
used by the "other" address family.

Prior to this change in IPv4-only builds that secondary parallel
connection attempt could be erroneously used by the same family (IPv4)
which caused a bug where every address after the first for a host could
be tried twice, often in parallel. This change fixes that bug. An
example of the bug is shown below.

Assume MTEST resolves to 3 addresses 127.0.0.2, 127.0.0.3 and 127.0.0.4:

* STATE: INIT => CONNECT handle 0x64f4b0; line 1046 (connection #-5000)
* Rebuilt URL to: http://MTEST/
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => WAITRESOLVE handle 0x64f4b0; line 1083
(connection #0)
*   Trying 127.0.0.2...
* STATE: WAITRESOLVE => WAITCONNECT handle 0x64f4b0; line 1163
(connection #0)
*   Trying 127.0.0.3...
* connect to 127.0.0.2 port 80 failed: Connection refused
*   Trying 127.0.0.3...
* connect to 127.0.0.3 port 80 failed: Connection refused
*   Trying 127.0.0.4...
* connect to 127.0.0.3 port 80 failed: Connection refused
*   Trying 127.0.0.4...
* connect to 127.0.0.4 port 80 failed: Connection refused
* connect to 127.0.0.4 port 80 failed: Connection refused
* Failed to connect to MTEST port 80: Connection refused
* Closing connection 0
* The cache now contains 0 members
* Expire cleared
curl: (7) Failed to connect to MTEST port 80: Connection refused

The bug was born in commit bagder/curl@2d435c7.
2015-03-16 12:07:59 +01:00
Frank Meier
9063a7f853 closesocket: call multi socket cb on close even with custom close
In function Curl_closesocket() in connect.c the call to
Curl_multi_closed() was wrongly omitted if a socket close function
(CURLOPT_CLOSESOCKETFUNCTION) is registered.

That would lead to not removing the socket from the internal hash table
and not calling the multi socket callback appropriately.

Bug: http://curl.haxx.se/bug/view.cgi?id=1493
2015-03-15 13:26:03 +01:00
Tobias Stoeckmann
851c29269b hostip: Fix signal race in Curl_resolv_timeout.
A signal handler for SIGALRM is installed in Curl_resolv_timeout. It is
configured to interrupt system calls and uses siglongjmp to return into
the function if alarm() goes off.

The signal handler is installed before curl_jmpenv is initialized.
This means that an already installed alarm timer could trigger the
newly installed signal handler, leading to undefined behavior when it
accesses the uninitialized curl_jmpenv.

Even if there is no previously installed alarm available, the code in
Curl_resolv_timeout itself installs an alarm before the environment is
fully set up. If the process is sent into suspend right after that, the
signal handler could be called too early as in previous scenario.

To fix this, the signal handler should only be installed and the alarm
timer only be set after sigsetjmp has been called.
2015-03-14 18:24:11 +01:00
Daniel Stenberg
0cf649d9cc http2: detect prematures close without data transfered
... by using the regular Curl_http_done() method which checks for
that. This makes test 1801 fail consistently with error 56 (which seems
fine) to that test is also updated here.

Reported-by: Ben Darnell
Bug: https://github.com/bagder/curl/issues/166
2015-03-14 18:19:51 +01:00
Daniel Stenberg
186e46d88d openssl: use colons properly in the ciphers list
While the previous string worked, this is the documented format.

Reported-by: Richard Moore
2015-03-12 23:29:46 +01:00
Daniel Stenberg
0d1060f21e openssl: sort the ciphers on strength
This makes curl pick better (stronger) ciphers by default. The strongest
available ciphers are fine according to the HTTP/2 spec so an OpenSSL
built curl is no longer rejected by string HTTP/2 servers.

Bug: http://curl.haxx.se/bug/view.cgi?id=1487
2015-03-12 23:16:28 +01:00
Daniel Stenberg
1d3f1a80d0 openssl: show the cipher selection to use 2015-03-12 15:53:45 +01:00
Daniel Stenberg
a5d994941c http: always send Host: header as first header
...after the method line:

 "Since the Host field-value is critical information for handling a
 request, a user agent SHOULD generate Host as the first header field
 following the request-line." / RFC 7230 section 5.4

Additionally, this will also make libcurl ignore multiple specified
custom Host: headers and only use the first one. Test 1121 has been
updated accordingly

Bug: http://curl.haxx.se/bug/view.cgi?id=1491
Reported-by: Rainer Canavan
2015-03-12 12:15:24 +01:00
Alexander Pepper
143acd6222 mk-ca-bundle bugfix: Don't report SHA1 numbers with "-q".
Also unified printing to STDERR by creating the helper method "report".
2015-03-11 14:47:41 +01:00
Daniel Stenberg
852d35b6ea proxy: re-use proxy connections (regression)
When checking for a connection to re-use, a proxy-using request must
check for and use a proxy connection and not one based on the host
name!

Added test 1421 to verify

Bug: http://curl.haxx.se/bug/view.cgi?id=1492
2015-03-11 11:54:22 +01:00
Alessandro Ghedini
fa895f2aa2 gtls: correctly align certificate status verification messages 2015-03-10 15:48:34 +01:00
Alessandro Ghedini
a6a264ef2c gtls: don't print double newline after certificate dates 2015-03-10 15:20:03 +01:00
Alessandro Ghedini
3a757fddbb gtls: print negotiated TLS version and full cipher suite name
Instead of priting cipher and MAC algorithms names separately, print the
whole cipher suite string which also includes the key exchange algorithm,
along with the negotiated TLS version.
2015-03-10 15:18:14 +01:00
Daniel Stenberg
d9973eaeb8 gtls: fix compiler warnings 2015-03-10 15:16:59 +01:00
Alessandro Ghedini
5a1614cecd gtls: add support for CURLOPT_CAPATH 2015-03-10 15:03:54 +01:00
Daniel Stenberg
c19349951d multi: fix *getsock() with CONNECT
The code used some happy eyeballs logic even _after_ CONNECT has been
sent to a proxy, while the happy eyeball phase is already (should be)
over by then.

This is solved by splitting the multi state into two separate states
introducing the new SENDPROTOCONNECT state.

Bug: http://curl.haxx.se/mail/lib-2015-01/0170.html
Reported-by: Peter Laser
2015-03-07 19:19:22 +01:00
Daniel Stenberg
9da14a96ab conncontrol: only log changes to the connection bit 2015-03-07 19:18:49 +01:00
Daniel Stenberg
00ea0e7db0 http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*
Since they already exist and will make comparing easier
2015-03-07 11:10:30 +01:00
Daniel Stenberg
df28af8f39 http2: make the info-message about receiving HTTP2 headers debug-only 2015-03-07 10:55:37 +01:00
Alessandro Ghedini
44ffe27056 urldata: remove unused asked_for_h2 field 2015-03-07 10:36:10 +01:00
Alessandro Ghedini
adb4e41a1a polarssl: make it possible to enable ALPN/NPN without HTTP2 2015-03-07 10:36:10 +01:00
Alessandro Ghedini
42bc45be8e nss: make it possible to enable ALPN/NPN without HTTP2 2015-03-07 10:36:10 +01:00
Alessandro Ghedini
870a67e01f gtls: make it possible to enable ALPN/NPN without HTTP2 2015-03-07 10:36:10 +01:00
Alessandro Ghedini
2e9494b15d openssl: make it possible to enable ALPN/NPN without HTTP2 2015-03-07 10:36:10 +01:00
Daniel Stenberg
042526c19f urldata: fix gnutls build 2015-03-06 10:13:40 +01:00
Daniel Stenberg
492dfca65d multi: fix memory-leak on timeout (regression)
Since 1342a96ecf, a timeout detected in the multi state machine didn't
necesarily clear everything up, like formpost data.

Bug: https://github.com/bagder/curl/issues/147
Reported-by: Michel Promonet
Patched-by: Michel Promonet
2015-03-05 15:43:38 +01:00
Daniel Stenberg
709cf76f6b openssl: remove all uses of USE_SSLEAY
SSLeay was the name of the library that was subsequently turned into
OpenSSL many moons ago (1999). curl does not work with the old SSLeay
library since years. This is now reflected by only using USE_OPENSSL in
code that depends on OpenSSL.
2015-03-05 10:57:52 +01:00
Daniel Stenberg
8aabbf5f8c vtls: use curl_printf.h all over
No need to use _MPRINTF_REPLACE internally.
2015-03-03 23:17:43 +01:00
Daniel Stenberg
df5578a7a3 mprintf.h: remove #ifdef CURLDEBUG
... and as a consequence, introduce curl_printf.h with that re-define
magic instead and make all libcurl code use that instead.
2015-03-03 12:36:18 +01:00
Tatsuhiro Tsujikawa
48b5374e65 http2: Return error if stream was closed with other than NO_ERROR
Previously, we just ignored error code passed to
on_stream_close_callback and just return 0 (success) after stream
closure even if stream was reset with error.  This patch records error
code in on_stream_close_callback, and return -1 and use CURLE_HTTP2
error code on abnormal stream closure.
2015-02-27 21:17:27 +00:00
Daniel Stenberg
bc3a44aebc http2: return recv error on unexpected EOF
Pointed-out-by: Tatsuhiro Tsujikawa
Bug: http://curl.haxx.se/bug/view.cgi?id=1487
2015-02-25 13:51:21 +01:00
Daniel Stenberg
b9c190ba77 http2: move lots of verbose output to be debug-only 2015-02-25 11:45:46 +01:00
Kamil Dudka
4909f7c795 nss: do not skip Curl_nss_seed() if data is NULL
In that case, we only skip writing the error message for failed NSS
initialization (while still returning the correct error code).
2015-02-25 10:23:07 +01:00
Kamil Dudka
7a1538d9cc nss: improve error handling in Curl_nss_random()
The vtls layer now checks the return value, so it is no longer necessary
to abort if a random number cannot be provided by NSS.  This also fixes
the following Coverity report:

Error: FORWARD_NULL (CWE-476):
lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null.
lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it.
lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data".
2015-02-25 10:23:06 +01:00
Marc Hoersken
ffc2aeec6e Revert "telnet.c: fix handling of 0 being returned from custom read function"
This reverts commit 03fa576833.
2015-02-25 00:16:10 +01:00
Marc Hoersken
b3bcdaf01a telnet.c: fix invalid use of custom read function if not being set
obj_count can be 1 if the custom read function is set or the stdin
handle is a reference to a pipe. Since the pipe should be handled
using the PeekNamedPipe-check below, the custom read function should
only be used if it is actually enabled.
2015-02-25 00:01:14 +01:00
Marc Hoersken
03fa576833 telnet.c: fix handling of 0 being returned from custom read function
According to [1]: "Returning 0 will signal end-of-file to the library
and cause it to stop the current transfer."
This change makes the Windows telnet code handle this case accordingly.

 [1] http://curl.haxx.se/libcurl/c/CURLOPT_READFUNCTION.html
2015-02-24 23:59:06 +01:00
Kamil Dudka
e08a12dab1 connect: wait for IPv4 connection attempts
... even if the last IPv6 connection attempt has failed.

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c4
2015-02-23 13:32:28 +01:00
Kamil Dudka
92835ca5d8 connect: avoid skipping an IPv4 address
... in case the protocol versions are mixed in a DNS response
(IPv6 -> IPv4 -> IPv6).

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c3
2015-02-23 13:31:01 +01:00
Julian Ospald
90314100e0 configure: allow both --with-ca-bundle and --with-ca-path
SSL_CTX_load_verify_locations by default (and if given non-Null
parameters) searches the CAfile first and falls back to CApath.  This
allows for CAfile to be a basis (e.g. installed by the package manager)
and CApath to be a user configured directory.

This wasn't reflected by the previous configure constraint which this
patch fixes.

Bug: https://github.com/bagder/curl/pull/139
2015-02-20 16:30:04 +01:00
Ben Boeckel
20112ed846 cmake: install the dll file to the correct directory 2015-02-20 14:17:32 +01:00
Alessandro Ghedini
63b4b8c7bd nss: fix NPN/ALPN protocol negotiation
Correctly check for memcmp() return value (it returns 0 if the strings match).

This is not really important, since curl is going to use http/1.1 anyway, but
it's still a bug I guess.
2015-02-19 23:09:12 +01:00
Alessandro Ghedini
633b3895d7 polarssl: fix ALPN protocol negotiation
Correctly check for strncmp() return value (it returns 0 if the strings
match).
2015-02-19 23:07:40 +01:00
Alessandro Ghedini
676ac46ff5 gtls: fix build with HTTP2 2015-02-19 19:00:51 +01:00
Steve Holme
31c8f8ac11 Makefile.vc6: Corrected typos in rename of darwinssl.obj 2015-02-16 00:35:16 +00:00
Nick Zitzmann
b1c7fc050b By request, change the name of "curl_darwinssl.[ch]" to "darwinssl.[ch]" 2015-02-15 17:11:01 -06:00
Kamil Dudka
aba2c4dca2 openssl: fix a compile-time warning
lib/vtls/openssl.c:1450:7: warning: extra tokens at end of #endif directive
2015-02-12 08:39:19 +01:00
Steve Holme
c1878e8f52 openssl: Use OPENSSL_IS_BORINGSSL for BoringSSL detection
For consistency with other conditionally compiled code in openssl.c,
use OPENSSL_IS_BORINGSSL rather than HAVE_BORINGSSL and try to use
HAVE_BORINGSSL outside of openssl.c when the OpenSSL header files are
not included.
2015-02-11 21:03:23 +00:00
Patrick Monnerat
ab85ac5eda ftp: accept all 2xx responses to the PORT command 2015-02-11 19:51:57 +01:00