1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-24 00:58:48 -05:00
Commit Graph

27080 Commits

Author SHA1 Message Date
Daniel Stenberg
2e23f3b8d5
libcurl-security.3: be careful of setuid
Reported-by: Harry Sintonen
Closes #6970
2021-04-27 07:51:42 +02:00
Kevin Burke
76f33fd373
c-hyper: don't write to set.writeheader if null
Previously if a caller set CURLOPT_WRITEFUNCTION but did not set a
CURLOPT_HEADERDATA buffer, Hyper would still attempt to write headers to
the data->set.writeheader header buffer, even though it is null.  This
led to NPE segfaults attempting to use libcurl+Hyper with Git, for
example.

Instead, process the client write for the status line using the same
logic we use to process the client write for the later HTTP headers,
which contains the appropriate guard logic. As a side benefit,
data->set.writeheader is now only read in one file instead of two.

Fixes #6619
Fixes abetterinternet/crustls#49
Fixes hyperium/hyper#2438
Closes #6971
2021-04-27 07:49:05 +02:00
Daniel Stenberg
9fc284427c
wolfssl: handle SSL_write() returns 0 for error
Reported-by: Timo Lange

Closes #6967
2021-04-26 14:27:45 +02:00
Daniel Stenberg
f154ae9de3
easy: ignore sigpipe in curl_easy_send
Closes #6965
2021-04-26 13:22:20 +02:00
Daniel Stenberg
9ec1ef7f41
sigpipe: ignore SIGPIPE when using wolfSSL as well
Closes #6966
2021-04-26 12:59:42 +02:00
Daniel Stenberg
7fdf01f32e
libcurl-security.3: don't try to filter IPv4 hosts based on the URL
Closes #6942
2021-04-26 10:25:03 +02:00
Harry Sintonen
f2e1163bc8
nss_set_blocking: avoid static for sock_opt
Reviewed-by: Kamil Dudka
Closes #6945
2021-04-26 08:45:54 +02:00
Daniel Stenberg
56e2319611
RELEASE-NOTES: synced 2021-04-26 08:30:44 +02:00
Yusuke Nakamura
c1311dba6e
docs/HTTP3.md: fix nghttp2's HTTP/3 server port
Port 8443 does not work now.
Correct origin is in the quicwg's wiki.
https://github.com/quicwg/base-drafts/wiki/Implementations#ngtcp2

Closes #6964
2021-04-26 08:07:37 +02:00
Daniel Stenberg
994af2a1e9
krb5: don't use 'static' to store PBSZ size response
... because it makes the knowledge and usage cross-transfer in funny and
unexpected ways.

Reported-by: Harry Sintonen
Closes #6963
2021-04-26 08:04:52 +02:00
Kevin Burke
9f71cc293f
m4: add security frameworks on Mac when compiling rustls
Previously compiling rustls on Mac would only complete if you also
compiled the SecureTransport TLS backend, which curl would prefer to
the Rust backend.

Appending these flags to LDFLAGS makes it possible to compile the
Rustls backend on Mac without the SecureTransport backend, which means
this patch will make it possible for Mac users to use the Rustls
backend for TLS.

Reviewed-by: Jacob Hoffman-Andrews

Fixes #6955
Cloes #6956
2021-04-25 23:30:08 +02:00
Daniel Stenberg
7843fe0a1b
krb5: remove the unused 'overhead' function
Closes #6947
2021-04-25 14:51:34 +02:00
Johann150
68f6c56396
curl_url_set.3: add memory management information
wording taken from man page for CURLOPT_URL.3

As far as I can see, the URL part is either malloc'ed before due to
encoding or it is strdup'ed.

Closes #6953
2021-04-25 14:13:29 +02:00
Jacob Hoffman-Andrews
5e7fc49c19
c-hpyer: fix handling of zero-byte chunk from hyper
Closes #6951
2021-04-25 14:11:21 +02:00
Daniel Stenberg
f014eeceb2
CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data
Ref: https://curl.se/mail/lib-2021-04/0085.html
Closes #6943
2021-04-23 23:20:31 +02:00
Ralph Langendam
a60b111980
cmake: make libcurl output filename configurable
Reviewed-by: Jakub Zakrzewski
Closes #6933
2021-04-23 18:42:31 +02:00
Patrick Monnerat
a4554b2c5e
vtls: reset ssl use flag upon negotiation failure
Fixes the segfault in ldaps disconnect.

Reported-by: Illarion Taev
Fixes #6934
Closes #6937
2021-04-23 14:41:39 +02:00
Daniel Stenberg
47e169e7a4
configure: fix typo in TLS error message
Reported-by: Pontus Lundkvist
2021-04-23 09:21:02 +02:00
Daniel Stenberg
25db8fa0d4
README: link to the commercial support option 2021-04-23 08:59:08 +02:00
Martin Halle
e540b32562 version: add gsasl_version to curl_version_info_data
- Add gsasl_version string and bump to CURLVERSION_TENTH.

Ref: https://curl.se/mail/lib-2021-04/0003.html

Closes https://github.com/curl/curl/pull/6843
2021-04-22 18:28:28 -04:00
Morten Minde Neergaard
67d3afa73f schannel: Support strong crypto option
- Support enabling strong crypto via optional user cipher list when
  USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list.

MSDN says SCH_USE_STRONG_CRYPTO "Instructs Schannel to disable known
weak cryptographic algorithms, cipher suites, and SSL/TLS protocol
versions that may be otherwise enabled for better interoperability."

Ref: https://curl.se/mail/lib-2021-02/0066.html
Ref: https://curl.se/docs/manpage.html#--ciphers
Ref: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
Ref: https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred

Closes https://github.com/curl/curl/pull/6734
2021-04-22 17:40:19 -04:00
Daniel Stenberg
99383194de
RELEASE-NOTES: synced 2021-04-22 23:37:12 +02:00
Daniel Stenberg
e052bbcd57
ci: adapt to configure requiring an explicit TLS choice 2021-04-22 23:19:47 +02:00
Daniel Stenberg
ee36e86ce8
configure: split out each TLS library detector into its own function
... and put those functions in separate m4 files per TLS library.
2021-04-22 23:19:47 +02:00
Daniel Stenberg
68d89f242c
configure: make the TLS library choice(s) explicit
configure no longer tries to find a TLS library by default, but all
libraries are now equal: the user needs to explicitly ask what TLS
library or libraries to use.

If no TLS library is selected, configure will error out unless
--without-ssl is explicitly used to request a built without TLS (as that
is very rare these days).

Removes: --with-winssl, --with-darwinssl and all --without-* options for
TLS libraries.

Closes #6897
2021-04-22 23:19:47 +02:00
Daniel Stenberg
4708f29f1c
tests/disable-scan.pl: also scan all m4 files
Fixes test 1165 when functions are moved from configure.ac to files in
m4/
2021-04-22 23:19:47 +02:00
Jay Satiro
54e7475016 schannel: Disable auto credentials; add an option to enable it
- Disable auto credentials by default. This is a breaking change
  for clients that are using it, wittingly or not.

- New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl
  to automatically locate and use a client certificate for
  authentication, when requested by the server.

- New curl tool options --ssl-auto-client-cert and
  --proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT.

This option is only supported for Schannel (the native Windows SSL
library). Prior to this change Schannel would, with no notification to
the client, attempt to locate a client certificate and send it to the
server, when requested by the server. Since the server can request any
certificate that supports client authentication in the OS certificate
store it could be a privacy violation and unexpected.

Fixes https://github.com/curl/curl/issues/2262
Reported-by: Jeroen Ooms
Assisted-by: Wes Hinsley
Assisted-by: Rich FitzJohn

Ref: https://curl.se/mail/lib-2021-02/0066.html
Reported-by: Morten Minde Neergaard

Closes https://github.com/curl/curl/pull/6673
2021-04-22 16:53:37 -04:00
Michał Antoniak
e4ba999646
vtls: deduplicate some DISABLE_PROXY ifdefs
continue from #5735

- using SSL_HOST_NAME, SSL_HOST_DISPNAME, SSL_PINNED_PUB_KEY for other
  tls backend

- create SSL_HOST_PORT

Closes #6660
2021-04-22 22:50:56 +02:00
Jay Satiro
7f2d7ed142 OS400: fix typo
CURLVERSION_HEIGHTH -> CURLVERSION_EIGHTH
2021-04-22 16:18:01 -04:00
Daniel Stenberg
52fab72397
checksrc: complain on == NULL or != 0 checks in conditions
... to make them all consistenly use if(!var) and if(var)

Also added a few missing warnings to the documentation.

Closes #6912
2021-04-22 09:10:17 +02:00
Daniel Stenberg
063d3f3b96
tidy-up: make conditional checks more consistent
... remove '== NULL' and '!= 0'

Closes #6912
2021-04-22 09:10:17 +02:00
Patrick Monnerat
19ea52da4d
vauth: factor base64 conversions out of authentication procedures
Input challenges and returned messages are now in binary.
Conversions from/to base64 are performed by callers (currently curl_sasl.c
and http_ntlm.c).

Closes #6654
2021-04-22 09:06:07 +02:00
Patrick Monnerat
34cf40321c
bufref: buffer reference support
A struct bufref holds a buffer pointer, a data size and a destructor.
When freed or its contents are changed, the previous buffer is implicitly
released by the associated destructor. The data size, although not used
internally, allows binary data support.

A unit test checks its handling methods: test 1661

Closes #6654
2021-04-22 09:05:53 +02:00
Patrick Monnerat
a2a8f9d730
os400: additional support for options metadata
New functions curl_easy_option_by_name_ccsid() and
curl_easy_option_get_name_ccsid() allows accessing metadata in alternate
character encoding.

This commit also updates curl_version_info_ccsid() to handle info version 9
and adds recent definitions to the ILE/RPG include file.

Documentation updated accordingly.

Reviewed-by: Jon Rumsey
Closes #6574
2021-04-22 08:35:17 +02:00
Patrick Monnerat
3fb6e5a010
test server: take care of siginterrupt() deprecation
Closes #6529
2021-04-22 08:32:43 +02:00
Marc Hoersken
2df64390b3
lib1564.c: enable last wakeup test part on Windows
Suggested-by: Gergely Nagy
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad

Closes #6245
2021-04-21 20:32:33 +02:00
Marc Hoersken
b36442b243
multi: fix slow write/upload performance on Windows
Reset FD_WRITE by sending zero bytes which is permissible
and will be treated by implementations as successful send.

Without this we won't be notified in case a socket is still
writable if we already received such a notification and did
not send any data afterwards on the socket. This would lead
to waiting forever on a writable socket being writable again.

Assisted-by: Tommy Odom
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad
Tested-by: tmkk on github

Bug: #6146
Closes #6245
2021-04-21 20:32:24 +02:00
Marc Hoersken
e92998a312
multi: reduce Win32 API calls to improve performance
1. Consolidate pre-checks into a single Curl_poll call:

This is an attempt to restructure the code in Curl_multi_wait
in such a way that less syscalls are made by removing individual
calls to Curl_socket_check via SOCKET_READABLE/SOCKET_WRITABLE.

2. Avoid resetting the WinSock event multiple times:

We finally call WSAResetEvent anyway, so specifying it as
an optional parameter to WSAEnumNetworkEvents is redundant.

3. Wakeup directly in case no sockets are being monitoring:

Fix the WinSock based implementation to skip extra waiting by
not sleeping in case no sockets are to be waited on and just
the WinSock event is being monitored for wakeup functionality.

Assisted-by: Tommy Odom
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad

Bug: #6146
Closes #6245
2021-04-21 20:32:14 +02:00
Marc Hoersken
bcca174cfa
Revert "Revert 'multi: implement wait using winsock events'"
This reverts commit 2260e0ebe6,
also restoring previous follow up changes which were reverted.

Authored-by: rcombs on github
Authored-by: Marc Hörsken
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad

Restores #5634
Reverts #6281
Part of #6245
2021-04-21 20:29:36 +02:00
Daniel Stenberg
3057c6cd73
Revert "cmake: make libcurl library output name configurable"
This reverts commit 1cba36d216.

CMake provides properties that can be set on a target to rename the
output artifact without changing the name of a target.

Ref: #6899
2021-04-21 15:03:26 +02:00
Michael Kolechkin
dd2bb48552
sectransp: allow cipher name to be specified
Add parser for CURLOPT_SSL_CIPHER_LIST option for Secure Transport (ST)
back-end. Similar to NSS and GSKit back-ends, new code parses string
value and configures ST library to use those ciphers for communication.
Create cipher spec data structure and initialize the array of specs with
cipher number, name, alias, and 'weak' flag.

Mark triple-DES ciphers as 'weak', and exclude them from the default
ciphers list.

Closes #6464
2021-04-21 12:00:22 +02:00
Michael Kolechkin
df44138b1f
NSS: add ciphers to map
Add cipher names to the `cipherlist` map, based on the list of ciphers
implemented by the NSS in the source code file
https://github.com/nss-dev/nss/blob/master/lib/ssl/sslenum.c

Closes #6670
2021-04-21 11:50:20 +02:00
Daniel Stenberg
d8c4cdecb7
http2: remove DEBUG_HTTP2
Accidentally committed in 605e84235
2021-04-21 11:34:10 +02:00
Ralph Langendam
1cba36d216
cmake: make libcurl library output name configurable
Closes #6899
2021-04-21 10:03:07 +02:00
Daniel Stenberg
415d6fa7da
sws: #ifdef S_IFSOCK use
SCO OpenServer 5.0.7 does not define S_IFSOCK.

Reported-by: Kevin R. Bulgrien
Bug: https://curl.se/mail/lib-2021-04/0074.html
Closes #6926
2021-04-21 09:35:31 +02:00
Daniel Stenberg
0594c00621
curl_setup: provide the shutdown flags wider
By using #ifdef on the symbol names to work on anything that don't
provide them. SCO OpenServer 5.0.7, sys/socket.h does not define either
SHUT_RDWR, SHUT_RD, and SHUT_WR.

Reported-by: Kevin R. Bulgrien
Bug: https://curl.se/mail/lib-2021-04/0073.html
Closes #6925
2021-04-21 09:24:46 +02:00
Daniel Stenberg
355aae5b7f
connect: use CURL_SA_FAMILY_T for portability
Reported-by: Kevin R. Bulgrien
Bug: https://curl.se/mail/lib-2021-04/0071.html

Closes #6918
2021-04-21 09:22:37 +02:00
Daniel Stenberg
04488851e2
urlapi: make sure no +/- signs are accepted in IPv4 numericals
Follow-up to 56a037cc0a. Extends test 1560 to verify.

Reported-by: Tuomas Siipola
Fixes #6916
Closes #6917
2021-04-21 09:17:55 +02:00
Daniel Stenberg
9cb48457c6
ConnectionExists: respect requests for h1 connections better
... for situations when multiplexing isn't enabled on the h2 connection
and h1 is explicitly requested for the transfer.

Assisted-by: Gergely Nagy
2021-04-21 08:20:24 +02:00
Daniel Stenberg
9c18c0b4dd
multi: don't close connection HTTP_1_1_REQUIRED
The ConnectionExists() function will note that the new transfer wants
less then h2 and that it can't multiplex it and therefor opt to open a
new connection instead.
2021-04-21 08:20:24 +02:00