1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-25 01:28:51 -05:00
Commit Graph

10222 Commits

Author SHA1 Message Date
Samuel Surtees
1b443a7c00
ldap: fix LDAP URL parsing regressions
- Match URL scheme with LDAP and LDAPS
- Retrieve attributes, scope and filter from URL query instead

Regression brought in 46e164069d (7.62.0)

Closes #3362
2018-12-11 13:20:12 +01:00
Stefan Kanthak
e1360a1c91
(lib)curl.rc: fixup for minor bugs
All resources defined in lib/libcurl.rc and curl.rc are language
neutral.

winbuild/MakefileBuild.vc ALWAYS defines the macro DEBUGBUILD, so the
ifdef's in line 33 of lib/libcurl.rc and src/curl.rc are wrong.

Replace the hard-coded constants in both *.rc files with #define'd
values.

Thumbs-uped-by: Rod Widdowson, Johannes Schindelin
URL: https://curl.haxx.se/mail/lib-2018-11/0000.html
Closes #3348
2018-12-10 00:10:04 +01:00
Daniel Stenberg
1e9abfedfa
cookies: expire "Max-Age=0" immediately
Reported-by: Jeroen Ooms
Fixes #3351
Closes #3352
2018-12-09 18:34:55 +01:00
Johannes Schindelin
d997aa0e96
Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
This is a companion patch to cbea2fd2c (NTLM: force the connection to
HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1
preemptively. However, with other (Negotiate) authentication it is not
clear to this developer whether there is a way to make it work with
HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the
error HTTP_1_1_REQUIRED.

Note: we will still keep the NTLM workaround, as it avoids an extra
round trip.

Daniel Stenberg helped a lot with this patch, in particular by
suggesting to introduce the Curl_h2_http_1_1_error() function.

Closes #3349

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2018-12-08 10:59:23 +01:00
Ben Greear
07e61abdac
openssl: fix unused variable compiler warning with old openssl
URL: https://curl.haxx.se/mail/lib-2018-11/0055.html

Closes #3347
2018-12-07 17:03:17 +01:00
Johannes Schindelin
cbea2fd2c7
NTLM: force the connection to HTTP/1.1
Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces
the capability. However, NTLM authentication only works with HTTP/1.1,
and will likely remain in that boat (for details, see
https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported).

When we just found out that we want to use NTLM, and when the current
connection runs in HTTP/2 mode, let's force the connection to be closed
and to be re-opened using HTTP/1.1.

Fixes https://github.com/curl/curl/issues/3341.
Closes #3345

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2018-12-07 13:03:21 +01:00
Johannes Schindelin
2456152069
curl_global_sslset(): id == -1 is not necessarily an error
It is allowed to call that function with id set to -1, specifying the
backend by the name instead. We should imitate what is done further down
in that function to allow for that.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes #3346
2018-12-07 11:38:22 +01:00
Daniel Stenberg
d506df860f
doh: fix memory leak in OOM situation
Reviewed-by: Daniel Gustafsson
Closes #3342
2018-12-06 09:52:38 +01:00
Daniel Stenberg
027d66e5f1
doh: make it work for h2-disabled builds too
Reported-by: dtmsecurity at github
Fixes #3325
Closes #3336
2018-12-05 23:44:26 +01:00
Gergely Nagy
08efa19e6a
openssl: do not use file BIOs if not requested
Moves the file handling BIO calls to the branch of the code where they
are actually used.

Closes #3339
2018-12-05 15:26:18 +01:00
Paul Howarth
8ad9e5915a
nss: Fix compatibility with nss versions 3.14 to 3.15 2018-12-05 15:24:32 +01:00
Paul Howarth
71a1442eb2
nss: Improve info message when falling back SSL protocol
Use descriptive text strings rather than decimal numbers.
2018-12-05 15:24:32 +01:00
Paul Howarth
6848ea585b
nss: Fall back to latest supported SSL version
NSS may be built without support for the latest SSL/TLS versions,
leading to "SSL version range is not valid" errors when the library
code supports a recent version (e.g. TLS v1.3) but it has explicitly
been disabled.

This change adjusts the maximum SSL version requested by libcurl to
be the maximum supported version at runtime, as long as that version
is at least as high as the minimum version required by libcurl.

Fixes #3261
2018-12-05 15:24:32 +01:00
Daniel Gustafsson
6381708970 checksrc: add COPYRIGHTYEAR check
Forgetting to bump the year in the copyright clause when hacking has
been quite common among curl developers, but a traditional checksrc
check isn't a good fit as it would penalize anyone hacking on January
1st (among other things). This adds a more selective COPYRIGHTYEAR
check which intends to only cover the currently hacked on changeset.

The check for updated copyright year is currently not enforced on all
files but only on files edited and/or committed locally. This is due to
the amount of files which aren't updated with their correct copyright
year at the time of their respective commit.

To further avoid running this expensive check for every developer, it
adds a new local override mode for checksrc where a .checksrc file can
be used to turn on extended warnings locally.

Closes #3303
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-03 23:13:40 +01:00
Sevan Janiyan
b466560124 connect: fix building for recent versions of Minix
EBADIOCTL doesn't exist on more recent Minix.
There have also been substantial changes to the network stack.
Fixes build on Minix 3.4rc

Closes https://github.com/curl/curl/pull/3323
2018-11-29 02:05:23 -05:00
Daniel Gustafsson
fd1049554f doh: fix typo in infof call
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-26 11:40:26 +01:00
Daniel Stenberg
34fe0e1622
curl_easy_perform: fix timeout handling
curl_multi_wait() was erroneously used from within
curl_easy_perform(). It could lead to it believing there was no socket
to wait for and then instead sleep for a while instead of monitoring the
socket and then miss acting on that activity as swiftly as it should
(causing an up to 1000 ms delay).

Reported-by: Antoni Villalonga
Fixes #3305
Closes #3306
Closes #3308
2018-11-25 11:25:43 +01:00
Daniel Stenberg
a52e46f390
cookies: create the cookiejar even if no cookies to save
Important for when the file is going to be read again and thus must not
contain old contents!

Adds test 327 to verify.

Reported-by: daboul on github
Fixes #3299
Closes #3300
2018-11-23 14:50:51 +01:00
Daniel Stenberg
2e49610853
checksrc: ban snprintf use, add command line flag to override warns 2018-11-23 08:26:51 +01:00
Daniel Stenberg
dcd6f81025
snprintf: renamed and we now only use msnprintf()
The function does not return the same value as snprintf() normally does,
so readers may be mislead into thinking the code works differently than
it actually does. A different function name makes this easier to detect.

Reported-by: Tomas Hoger
Assisted-by: Daniel Gustafsson
Fixes #3296
Closes #3297
2018-11-23 08:26:51 +01:00
Tobias Hintze
5b4cce2e36
host names: allow trailing dot in name resolve, then strip it
Delays stripping of trailing dots to after resolving the hostname.

Fixes #3022
Closes #3222
2018-11-22 13:40:51 +01:00
Michael Kaufmann
549310e907 openssl: support session resume with TLS 1.3
Session resumption information is not available immediately after a TLS 1.3
handshake. The client must wait until the server has sent a session ticket.

Use OpenSSL's "new session" callback to get the session information and put it
into curl's session cache. For TLS 1.3 sessions, this callback will be invoked
after the server has sent a session ticket.

The "new session" callback is invoked only if OpenSSL's session cache is
enabled, so enable it and use the "external storage" mode which lets curl manage
the contents of the session cache.

A pointer to the connection data and the sockindex are now saved as "SSL extra
data" to make them available to the callback.

This approach also works for old SSL/TLS versions and old OpenSSL versions.

Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Fixes #3202
Closes #3271
2018-11-21 11:18:25 +01:00
Michael Kaufmann
30a65381f9 ssl: fix compilation with OpenSSL 0.9.7
- ENGINE_cleanup() was used without including "openssl/engine.h"
- enable engine support for OpenSSL 0.9.7

Closes #3266
2018-11-21 11:14:26 +01:00
Daniel Stenberg
59311bd3df
openssl: disable TLS renegotiation with BoringSSL
Since we're close to feature freeze, this change disables this feature
with an #ifdef. Define ALLOW_RENEG at build-time to enable.

This could be converted to a bit for CURLOPT_SSL_OPTIONS to let
applications opt-in this.

Concern-raised-by: David Benjamin
Fixes #3283
Closes #3293
2018-11-21 08:30:18 +01:00
Romain Fliedel
6765e6d9e6
ares: remove fd from multi fd set when ares is about to close the fd
When using c-ares for asyn dns, the dns socket fd was silently closed
by c-ares without curl being aware. curl would then 'realize' the fd
has been removed at next call of Curl_resolver_getsock, and only then
notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with
CURL_POLL_REMOVE. At this point the fd is already closed.

By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this
patch allows curl to be notified that the fd is not longer needed
for neither for write nor read. At this point by calling
Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE
before the fd is actually closed by ares.

In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore
since it does not allow passing a different sock_state_cb_data

Closes #3238
2018-11-20 19:58:45 +01:00
pkubaj
7c96f6a14b ntlm: Remove redundant ifdef USE_OPENSSL
lib/curl_ntlm.c had code that read as follows:

  #ifdef USE_OPENSSL
  # ifdef USE_OPENSSL
  # else
  # ..
  # endif
  #endif

Remove the redundant USE_OPENSSL along with #else (it's not possible to
reach it anyway). The removed construction is a leftover from when the
SSLeay support was removed.

Closes #3269
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-20 14:59:12 +01:00
Han Han
78ff4e0de3
ssl: replace all internal uses of CURLE_SSL_CACERT
Closes #3291
2018-11-20 14:57:00 +01:00
Daniel Gustafsson
1cccf2f945 openssl: Remove SSLEAY leftovers
Commit 709cf76f6b deprecated USE_SSLEAY, as curl since long isn't
compatible with the SSLeay library. This removes the few leftovers that
were omitted in the less frequently used platform targets.

Closes #3270
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-17 21:36:10 +01:00
Elia Tufarolo
07ebaf8378
http_negotiate: do not close connection until negotiation is completed
Fix HTTP POST using CURLAUTH_NEGOTIATE.

Closes #3275
2018-11-16 23:38:47 +01:00
Daniel Stenberg
6d0e487f9f
pop3: only do APOP with a valid timestamp
Brought-by: bobmitchell1956 on github
Fixes #3278
Closes #3279
2018-11-16 23:36:53 +01:00
Peter Wu
27e4ac24cd openssl: do not log excess "TLS app data" lines for TLS 1.3
The SSL_CTX_set_msg_callback callback is not just called for the
Handshake or Alert protocols, but also for the raw record header
(SSL3_RT_HEADER) and the decrypted inner record type
(SSL3_RT_INNER_CONTENT_TYPE). Be sure to ignore the latter to avoid
excess debug spam when using `curl -v` against a TLSv1.3-enabled server:

    * TLSv1.3 (IN), TLS app data, [no content] (0):

(Following this message, another callback for the decrypted
handshake/alert messages will be be present anyway.)

Closes https://github.com/curl/curl/pull/3281
2018-11-16 16:03:31 -05:00
Kamil Dudka
3d988c5563
nss: remove version selecting dead code
Closes #3262
2018-11-13 23:55:22 +01:00
Daniel Stenberg
0c448093dd
nss: set default max-tls to 1.3/1.2
Fixes #3261
2018-11-13 23:54:13 +01:00
Daniel Stenberg
42fd235040
nss: fix fallthrough comment to fix picky compiler warning 2018-11-12 15:23:17 +01:00
Tim Rühsen
c05d77ee7d
ftp: avoid two unsigned int overflows in FTP listing parser
Curl_ftp_parselist: avoid unsigned integer overflows

The overflow has no real world impact, just avoid it for "best
practice".

Closes #3225
2018-11-09 23:08:46 +01:00
Jérémy Rocher
27cb384679
openssl: support BoringSSL TLS renegotiation
As per BoringSSL porting documentation [1], BoringSSL rejects peer
renegotiations by default.

curl fails when trying to authenticate to server through client
certificate if it is requested by server after the initial TLS
handshake.

Enable renegotiation by default with BoringSSL to get same behavior as
with OpenSSL. This is done by calling SSL_set_renegotiate_mode [2]
which was introduced in commit 1d5ef3bb1eb9 [3].

1 - https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md#tls-renegotiation
2 - https://boringssl.googlesource.com/boringssl/+/master/include/openssl/ssl.h#3482
3 - https://boringssl.googlesource.com/boringssl/+/1d5ef3bb1eb97848617db5e7d633d735a401df86

Signed-off-by: Jérémy Rocher <rocher.jeremy@gmail.com>
Fixes #3258
Closes #3259
2018-11-09 22:32:47 +01:00
Jim Fuller
5c4fe0d826
setopt: add CURLOPT_CURLU
Allows an application to pass in a pre-parsed URL via a URL handle.

Closes #3227
2018-11-09 15:47:28 +01:00
Daniel Gustafsson
8a49b291cb winssl: be consistent in Schannel capitalization
The productname from Microsoft is "Schannel", but in infof/failf
reporting we use "schannel". This removes different versions.

Closes #3243
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-07 10:11:13 +01:00
Daniel Stenberg
9aa8ff2895
urlapi: only skip encoding the first '=' with APPENDQUERY set
APPENDQUERY + URLENCODE would skip all equals signs but now it only skip
encoding the first to better allow "name=content" for any content.

Reported-by: Alexey Melnichuk
Fixes #3231
Closes #3231
2018-11-07 08:28:48 +01:00
Daniel Stenberg
9df8dc101b
url: a short host name + port is not a scheme
The function identifying a leading "scheme" part of the URL considered a
few letters ending with a colon to be a scheme, making something like
"short:80" to become an unknown scheme instead of a short host name and
a port number.

Extended test 1560 to verify.

Also fixed test203 to use file_pwd to make it get the correct path on
windows. Removed test 2070 since it was a duplicate of 203.

Assisted-by: Marcel Raad
Reported-by: Hagai Auro
Fixes #3220
Fixes #3233
Closes #3223
Closes #3235
2018-11-06 19:11:58 +01:00
Sangamkar
74f4782319
libcurl: stop reading from paused transfers
In the transfer loop it would previously not acknwledge the pause bit
and continue until drained or loop ended.

Closes #3240
2018-11-06 19:07:17 +01:00
Jay Satiro
28429fb175 curl_multibyte: fix a malloc overcalculation
Prior to this change twice as many bytes as necessary were malloc'd when
converting wchar to UTF8. To allay confusion in the future I also
changed the variable name for the amount of bytes from len to bytes.

Closes https://github.com/curl/curl/pull/3209
2018-11-06 03:11:05 -05:00
Michael Kaufmann
53db15ba55 netrc: don't ignore the login name specified with "--user"
- for "--netrc", don't ignore the login/password specified with "--user",
  only ignore the login/password in the URL.
  This restores the netrc behaviour of curl 7.61.1 and earlier.
- fix the documentation of CURL_NETRC_REQUIRED
- improve the detection of login/password changes when reading .netrc
- don't read .netrc if both login and password are already set

Fixes #3213
Closes #3224
2018-11-05 20:34:01 +01:00
Daniel Stenberg
d9abebc7ee
Revert "url: a short host name + port is not a scheme"
This reverts commit 226cfa8264.

This commit caused test failures on appveyor/windows. Work on fixing them is
in #3235.
2018-11-05 09:24:59 +01:00
Daniel Gustafsson
c37b66aaae infof: clearly indicate truncation
The internal buffer in infof() is limited to 2048 bytes of payload plus
an additional byte for NULL termination. Servers with very long error
messages can however cause truncation of the string, which currently
isn't very clear, and leads to badly formatted output.

This appends a "...\n" (or just "..." in case the format didn't with a
newline char) marker to the end of the string to clearly show
that it has been truncated.

Also include a unittest covering infof() to try and catch any bugs
introduced in this quite important function.

Closes #3216
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-11-03 20:54:18 +01:00
Daniel Stenberg
226cfa8264
url: a short host name + port is not a scheme
The function identifying a leading "scheme" part of the URL considered a few
letters ending with a colon to be a scheme, making something like "short:80"
to become an unknown scheme instead of a short host name and a port number.

Extended test 1560 to verify.

Reported-by: Hagai Auro
Fixes #3220
Closes #3223
2018-11-03 15:01:27 +01:00
Daniel Stenberg
b28094833a
URL: fix IPv6 numeral address parser
Regression from 46e164069d. Extended test 1560 to verify.

Reported-by: tpaukrt on github
Fixes #3218
Closes #3219
2018-11-03 00:14:04 +01:00
Tim Rühsen
e4f2a5bc1b
mprintf: avoid unsigned integer overflow warning
The overflow has no real world impact.
Just avoid it for "best practice".

Code change suggested by "The Infinnovation Team" and Daniel Stenberg.
Closes #3184
2018-11-02 11:07:04 +01:00
Daniel Stenberg
2c5ec339ea
Curl_follow: accept non-supported schemes for "fake" redirects
When not actually following the redirect and the target URL is only
stored for later retrieval, curl always accepted "non-supported"
schemes. This was a regression from 46e164069d.

Reported-by: Brad King
Fixes #3210
Closes #3215
2018-11-02 09:50:44 +01:00
Daniel Stenberg
302d125b42
axtls: removed
As has been outlined in the DEPRECATE.md document, the axTLS code has
been disabled for 6 months and is hereby removed.

Use a better supported TLS library!

Assisted-by: Daniel Gustafsson
Closes #3194
2018-11-01 10:29:53 +01:00
marcosdiazr
7f4c358541
schannel: make CURLOPT_CERTINFO support using Issuer chain
Closes #3197
2018-11-01 10:21:51 +01:00
Daniel Stenberg
832661b3a7
schannel: use Curl_ prefix for global private symbols
Curl_verify_certificate() must use the Curl_ prefix since it is globally
available in the lib and otherwise steps outside of our namespace!

Closes #3201
2018-11-01 09:39:45 +01:00
Daniel Gustafsson
1460e89e01 vtls: add MesaLink to curl_sslbackend enum
MesaLink support was added in commit 57348eb97d but the
backend was never added to the curl_sslbackend enum in curl/curl.h.
This adds the new backend to the enum and updates the relevant docs.

Closes #3195
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-30 16:56:51 +01:00
Daniel Stenberg
f3a24d7916
Curl_auth_create_plain_message: fix too-large-input-check
CVE-2018-16839
Reported-by: Harry Sintonen
Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
2018-10-29 08:05:23 +01:00
Daniel Stenberg
81d135d671
Curl_close: clear data->multi_easy on free to avoid use-after-free
Regression from b46cfbc068 (7.59.0)
CVE-2018-16840
Reported-by: Brian Carpenter (Geeknik Labs)

Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
2018-10-29 08:05:23 +01:00
Daniel Stenberg
75b94d77e8
rand: add comment to skip a clang-tidy false positive 2018-10-27 15:59:44 +02:00
Daniel Stenberg
feea1259e4
x509asn1: always check return code from getASN1Element() 2018-10-27 15:59:43 +02:00
Daniel Stenberg
be20814191
Makefile: add 'tidy' target that runs clang-tidy
Available in the root, src and lib dirs.

Closes #3163
2018-10-27 15:59:38 +02:00
Patrick Monnerat
c335b7f1f7 x509asn1: suppress left shift on signed value
Use an unsigned variable: as the signed operation behavior is undefined,
this change silents clang-tidy about it.

Ref: https://github.com/curl/curl/pull/3163
Reported-By: Daniel Stenberg
2018-10-27 15:04:50 +02:00
Michael Kaufmann
3793761a37 multi: Fix error handling in the SENDPROTOCONNECT state
If Curl_protocol_connect() returns an error code,
handle the error instead of switching to the next state.

Closes #3170
2018-10-27 13:03:50 +02:00
Daniel Stenberg
44a9e9f80f
openssl: output the correct cipher list on TLS 1.3 error
When failing to set the 1.3 cipher suite, the wrong string pointer would
be used in the error message. Most often saying "(nil)".

Reported-by: Ricky-Tigg on github
Fixes #3178
Closes #3180
2018-10-27 10:46:38 +02:00
Daniel Gustafsson
5c8c310edb ssh: free the session on init failures
Ensure to clear the session object in case the libssh2 initialization
fails.

It could be argued that the libssh2 error function should be called to
get a proper error message in this case. But since the only error path
in libssh2_knownhost_init() is memory a allocation failure it's safest
to avoid since the libssh2 error handling allocates memory.

Closes #3179
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-26 15:39:15 +02:00
Daniel Gustafsson
68348461dc
openssl: make 'done' a proper boolean
Closes #3176
2018-10-26 13:51:25 +02:00
Daniel Stenberg
ebfe02f73c
gtls: Values stored to but never read
Detected by clang-tidy

Closes #3176
2018-10-26 13:51:07 +02:00
Gisle Vanem
639d052e44
rtmp: fix for compiling with lwIP
Compiling on _WIN32 and with USE_LWIPSOCK, causes this error:
  curl_rtmp.c(223,3):  error: use of undeclared identifier 'setsockopt'
    setsockopt(r->m_sb.sb_socket, SOL_SOCKET, SO_RCVTIMEO,
    ^
  curl_rtmp.c(41,32):  note: expanded from macro 'setsockopt'
  #define setsockopt(a,b,c,d,e) (setsockopt)(a,b,c,(const char *)d,(int)e)
                                 ^
Closes #3155
2018-10-26 00:04:02 +02:00
Michael Kaufmann
daabc91581 urldata: Fix comment in header
The "connecting" function is used by multiple protocols, not only FTP
2018-10-25 13:04:03 +02:00
Michael Kaufmann
d48e6b7f95 netrc: free temporary strings if memory allocation fails
- Change the inout parameters after all needed memory has been
  allocated. Do not change them if something goes wrong.
- Free the allocated temporary strings if strdup() fails.

Closes #3122
2018-10-25 12:54:55 +02:00
Ruslan Baratov
4f2541f975
config: Remove unused SIZEOF_VOIDP
Closes #3162
2018-10-24 11:20:57 +02:00
Gisle Vanem
eda0998894
Fix for compiling with lwIP (3)
lwIP on Windows does not have a WSAIoctl() function. 
But it do have a SO_SNDBUF option to lwip_setsockopt(). But it currently does nothing.
2018-10-23 12:55:07 +02:00
Daniel Stenberg
6535b9303d
Curl_follow: return better errors on URL problems
... by making the converter function global and accessible.

Closes #3153
2018-10-23 11:43:41 +02:00
Daniel Stenberg
ca10fae6fc
Curl_follow: remove remaining free(newurl)
Follow-up to 05564e750e. This function no longer frees the passed-in
URL.

Reported-by: Michael Kaufmann
Bug: 05564e750e (commitcomm)
ent-30985666
2018-10-23 11:43:41 +02:00
Daniel Gustafsson
06d8f16b87 headers: end all headers with guard comment
Most headerfiles end with a /* <headerguard> */ comment, but it was
missing from some. The comment isn't the most important part of our
code documentation but consistency has an intrinsic value in itself.
This adds header guard comments to the files that were lacking it.

Closes #3158
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-23 10:02:24 +02:00
Daniel Stenberg
05564e750e
multi: avoid double-free
Curl_follow() no longer frees the string. Make sure it happens in the
caller function, like we normally handle allocations.

This bug was introduced with the use of the URL API internally, it has
never been in a release version

Reported-by: Dario Weißer
Closes #3149
2018-10-19 15:29:31 +02:00
Daniel Stenberg
8a49f91d32
multi: make the closure handle "inherit" CURLOPT_NOSIGNAL
Otherwise, closing that handle can still cause surprises!

Reported-by: Martin Ankerl
Fixes #3138
Closes #3147
2018-10-19 11:03:17 +02:00
Marcel Raad
abebb2b893
config_win32: enable LDAPS
As done in the autotools and CMake builds by default.

Closes https://github.com/curl/curl/pull/3137
2018-10-19 09:23:14 +02:00
Daniel Stenberg
ad547fcf7b
travis: add build for "configure --disable-verbose"
Closes #3144
2018-10-18 14:51:49 +02:00
Matthew Whitehead
df54b14fb7 x509asn1: Fix SAN IP address verification
For IP addresses in the subject alternative name field, the length
of the IP address (and hence the number of bytes to perform a
memcmp on) is incorrectly calculated to be zero. The code previously
subtracted q from name.end. where in a successful case q = name.end
and therefore addrlen equalled 0. The change modifies the code to
subtract name.beg from name.end to calculate the length correctly.

The issue only affects libcurl with GSKit SSL, not other SSL backends.
The issue is not a security issue as IP verification would always fail.

Fixes #3102
Closes #3141
2018-10-16 03:52:47 -04:00
Marcel Raad
6c413648ec
nonblock: fix unused parameter warning
If USE_BLOCKING_SOCKETS is defined, curlx_nonblock's arguments are not
used.
2018-10-14 21:07:45 +02:00
Michael Kaufmann
6afe70a00b Curl_follow: Always free the passed new URL
Closes #3124
2018-10-13 13:18:51 +02:00
Daniel Gustafsson
12d833fa1e transfer: fix typo in comment 2018-10-10 23:50:13 +02:00
Viktor Szakats
e13f023777 ldap: show precise LDAP call in error message on Windows
Also add a unique but common text ('bind via') to make it
easy to grep this specific failure regardless of platform.

Ref: https://github.com/curl/curl/pull/878/files#diff-7a636f08047c4edb53a240f540b4ecf6R468
Closes https://github.com/curl/curl/pull/3118
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-10-09 15:05:35 +00:00
Marcel Raad
673795f814
curl_setup: define NOGDI on Windows
This avoids an ERROR macro clash between <wingdi.h> and <arpa/tftp.h>
on MinGW.

Closes https://github.com/curl/curl/pull/3113
2018-10-09 08:33:53 +02:00
Marcel Raad
940e1c1e74
Windows: fixes for MinGW targeting Windows Vista
Classic MinGW has neither InitializeCriticalSectionEx nor
GetTickCount64, independent of the target Windows version.

Closes https://github.com/curl/curl/pull/3113
2018-10-09 08:33:45 +02:00
Viktor Szakats
ff9d7f4447 spelling fixes [ci skip]
as detected by codespell 1.14.0

Closes https://github.com/curl/curl/pull/3114
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-10-08 19:37:40 +00:00
Daniel Stenberg
2ece5e3001
curl_ntlm_wb: check aprintf() return codes
... when they return NULL we're out of memory and MUST return failure.

closes #3111
2018-10-08 12:06:33 +02:00
Rick Deist
3349a633b8
hostip: fix check on Curl_shuffle_addr return value
Closes #3110
2018-10-08 08:39:24 +02:00
Daniel Stenberg
e50a2002bd
FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
Now FILE transfers send headers to the header callback like HTTP and
other protocols. Also made curl_easy_getinfo(...CURLINFO_PROTOCOL...)
work for FILE in the callbacks.

Makes "curl -i file://.." and "curl -I file://.." work like before
again. Applied the bold header logic to them too.

Regression from c1c2762 (7.61.0)

Reported-by: Shaun Jackman
Fixes #3083
Closes #3101
2018-10-08 08:35:40 +02:00
Daniel Gustafsson
b55e85d4ec gskit: make sure to terminate version string
In case a very small buffer was passed to the version function, it could
result in the buffer not being NULL-terminated since strncpy() doesn't
guarantee a terminator on an overflowed buffer. Rather than adding code
to terminate (and handle zero-sized buffers), move to using snprintf()
instead like all the other vtls backends.

Closes #3105
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Viktor Szakats <commit@vszakats.net>
2018-10-07 22:36:25 +02:00
dmitrykos
0b19ef13b4
timeval: fix use of weak symbol clock_gettime() on Apple platforms
Closes #3048
2018-10-05 22:29:21 +02:00
Daniel Stenberg
7f00146d00
doh: keep the IPv4 address in (original) network byte order
Ideally this will fix the reversed order shown in SPARC tests:

  resp 8: Expected 127.0.0.1 got 1.0.0.127

Closes #3091
2018-10-05 22:15:34 +02:00
Daniel Gustafsson
4301d14b90 checksrc: handle zero scoped ignore commands
If a !checksrc! disable command specified to ignore zero errors, it was
still added to the ignore block even though nothing was ignored. While
there were no blocks ignored that shouldn't be ignored, the processing
ended with with a warning:

<filename>:<line>:<col>: warning: Unused ignore: LONGLINE (UNUSEDIGNORE)
 /* !checksrc! disable LONGLINE 0 */
                    ^
Fix by instead treating a zero ignore as a a badcommand and throw a
warning for that one.

Closes #3096
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-05 13:33:21 +02:00
Daniel Gustafsson
b5d182d037 checksrc: enable strict mode and warnings
Enable strict and warnings mode for checksrc to ensure we aren't missing
anything due to bugs in the checking code. This uncovered a few things
which are all fixed in this commit:

* several variables were used uninitialized
* several variables were not defined in the correct scope
* the whitelist filehandle was read even if the file didn't exist
* the enable_warn() call when a disable counter had expired was passing
  incorrect variables, but since the checkwarn() call is unlikely to hit
  (the counter is only decremented to zero on actual ignores) it didn't
  manifest a problem.

Closes #3090
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-10-05 13:29:37 +02:00
dmitrykos
667b5721c7 cmake: test and set missed defines during configuration
Added configuration checks for HAVE_BUILTIN_AVAILABLE and HAVE_CLOCK_GETTIME_MONOTONIC.

Closes #3097
2018-10-05 13:10:41 +03:00
Daniel Stenberg
8f2bb0e377
doh: make sure TTL isn't re-inited by second (discarded?) response
Closes #3092
2018-10-04 23:22:28 +02:00
Daniel Gustafsson
2873971d62 memory: ensure to check allocation results
The result of a memory allocation should always be checked, as we may
run under memory pressure where even a small allocation can fail. This
adds checking and error handling to a few cases where the allocation
wasn't checked for success. In the ftp case, the freeing of the path
variable is moved ahead of the allocation since there is little point
in keeping it around across the strdup, and the separation makes for
more readable code. In nwlib, the lock is aslo freed in the error path.

Also bumps the copyright years on affected files.

Closes #3084
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-03 23:45:38 +02:00
Daniel Gustafsson
e182fc1613 comment: Fix multiple typos in function parameters
Ensure that the parameters in the comment match the actual names in the
prototype.

Closes #3079
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-03 10:27:27 +02:00
Jay Satiro
dd6b62acc3 nss: fix nssckbi module loading on Windows
- Use .DLL extension instead of .so to load modules on Windows.

Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html
Reported-by: Maxime Legros

Ref: https://github.com/curl/curl/pull/3016/#issuecomment-423069442

Closes https://github.com/curl/curl/pull/3086
2018-10-03 02:28:09 -04:00
Daniel Stenberg
d9a2dc9aad
urlapi: starting with a drive letter on win32 is not an abs url
... and libcurl doesn't support any single-letter URL schemes (if there
even exist any) so it should be fairly risk-free.

Reported-by: Marcel Raad

Fixes #3070
Closes #3071
2018-10-02 11:48:01 +02:00
Marcel Raad
c1c092c0b4
doh: fix curl_easy_setopt argument type
CURLOPT_POSTFIELDSIZE is long. Fixes a compiler warning on 64-bit
MinGW.
2018-10-02 11:15:29 +02:00
Ruslan Baratov
69328490fc CMake: Improve config installation
Use 'GNUInstallDirs' standard module to set destinations of installed
files.

Use uppercase "CURL" names instead of lowercase "curl" to match standard
'FindCURL.cmake' CMake module:
* https://cmake.org/cmake/help/latest/module/FindCURL.html

Meaning:
* Install 'CURLConfig.cmake' instead of 'curl-config.cmake'
* User should call 'find_package(CURL)' instead of 'find_package(curl)'

Use 'configure_package_config_file' function to generate
'CURLConfig.cmake' file. This will make 'curl-config.cmake.in' template
file smaller and handle components better.  E.g.  current configuration
report no error if user specified unknown components (note: new
configuration expects no components, report error if user will try to
specify any).

Closes https://github.com/curl/curl/pull/2849
2018-10-01 16:16:29 -04:00