1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-26 10:08:48 -05:00
Commit Graph

11780 Commits

Author SHA1 Message Date
Daniel Stenberg
3e70c3430a
Revert "socketpair: fix potential hangs"
This reverts commit c769d1eab4.

See #7144 for details
2021-06-03 12:12:16 +02:00
Paul Groke
c769d1eab4
socketpair: fix potential hangs
Fixes potential hang in accept by using select + non-blocking accept.

Fixes potential hang in peer check by replacing the send/recv check with
a getsockname/getpeername check.

Adds length check for returned sockaddr data.

Closes #7144
2021-06-03 10:03:31 +02:00
Daniel Stenberg
6793332eba
CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax
For options that pass in lists or strings that are subsequently parsed
and must be correct. This broadens the scope for the option previously
known as CURLE_TELNET_OPTION_SYNTAX but the old name is of course still
provided as a #define for existing applications.

Closes #7175
2021-06-02 23:03:55 +02:00
Harry Sintonen
8ccf75532b
mqtt: detect illegal and too large file size
Add test 3017 and 3018 to verify.
Closes #7166
2021-06-02 13:34:17 +02:00
theawless
ee8c4f766c
define: re-add CURL_DISABLE_NTLM and corresponding ifdefs
This flag will be further exposed by adding build options.

Reverts #6809
Closes #7028
2021-06-02 08:55:00 +02:00
Daniel Stenberg
e1fcaf571f
hostip: fix 3 coverity complaints
Follow-up to 1a0ebf6632

- Check the return code to Curl_inet_pton() in two instances, even
  though we know the input is valid so the functions won't fail.

- Clear the 'struct sockaddr_in' struct before use so that the
  'sin_zero' field isn't left uninitialized.

Detected by Coverity.
Assisted-by: Harry Sintonen
Closes #7163
2021-06-01 23:24:07 +02:00
Daniel Stenberg
83036d86af
c-hyper: fix NTLM on closed connection tested with test159
Closes #7154
2021-06-01 18:03:37 +02:00
Daniel Stenberg
dddad339e8
conncache: lowercase the hash key for better match
As host names are case insensitive, the use of case sensitive hashing
caused unnecesary cache misses and therefore lost performance. This
lowercases the hash key.

Reported-by: Harry Sintonen
Fixes #7159
Closes #7161
2021-06-01 17:55:35 +02:00
Daniel Stenberg
a2b1bbeef0
mbedtls: make mbedtls_strerror always work
If the function doesn't exist, provide a macro that just clears the
error message. Removes #ifdef uses from the code.

Closes #7162
2021-06-01 17:53:44 +02:00
Daniel Stenberg
c7b93a76ea
vtls: exit addsessionid if no cache is inited
Follow-up to b249592d29

Avoids NULL pointer derefs.

Closes #7165
2021-06-01 13:40:30 +02:00
Harry Sintonen
f1cd5004b0
Curl_ntlm_core_mk_nt_hash: fix OOM in error path
Closes #7164
2021-06-01 13:38:01 +02:00
Michael Kaufmann
b249592d29 ssl: read pending close notify alert before closing the connection
This avoids a TCP reset (RST) if the server initiates a connection
shutdown by sending an SSL close notify alert and then closes the TCP
connection.

For SSL connections, usually the server announces that it will close the
connection with an SSL close notify alert. curl should read this alert.
If curl does not read this alert and just closes the connection, some
operating systems close the TCP connection with an RST flag.

See RFC 1122, section 4.2.2.13

If curl reads the close notify alert, the TCP connection is closed
normally with a FIN flag.

The new code is similar to existing code in the "SSL shutdown" function:
try to read an alert (non-blocking), and ignore any read errors.

Closes #7095
2021-06-01 09:40:40 +02:00
Laurent Dufresne
8cc1fee5b9
setopt: fix incorrect comments
Closes #7157
2021-06-01 09:35:34 +02:00
Laurent Dufresne
05e0453050
mbedtls: add support for cert and key blob options
CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB weren't usable with
mbedtls backend, so the support was added.

Closes #7157
2021-06-01 09:35:17 +02:00
Daniel Stenberg
ef1a917a11
http2: init recvbuf struct for pushed streams
Debug builds would warn that these structs were not initialized properly
for pushed streams.

Ref: #7148
Closes #7153
2021-05-31 20:41:51 +02:00
Daniel Stenberg
894c74738f
Curl_ssl_getsessionid: fail if no session cache exists
This function might get called for an easy handle for which the session
cache hasn't been setup. It now just returns a "miss" in that case.

Reported-by: Christoph M. Becker
Fixes #7148
Closes #7153
2021-05-31 20:41:40 +02:00
Daniel Stenberg
1a0ebf6632
hostip: make 'localhost' return fixed values
Resolving the case insensitive host name 'localhost' now returns the
addresses 127.0.0.1 and (if IPv6 is enabled) ::1 without using any
resolver.

This removes the risk that users accidentally resolves 'localhost' to
something else. By making sure 'localhost' is always local, we can
assume a "secure context" for such transfers (for cookies etc).

Closes #7039
2021-05-31 15:37:37 +02:00
Daniel Stenberg
1c1d9f1aff
hsts: ignore numberical IP address hosts
Also, use a single function library-wide for detecting if a given hostname is
a numerical IP address.

Reported-by: Harry Sintonen
Fixes #7146
Closes #7149
2021-05-30 19:49:40 +02:00
Daniel Stenberg
f2619b1767
c-hyper: handle NULL from hyper_buf_copy()
Closes #7143
2021-05-28 15:08:11 +02:00
Daniel Stenberg
11796231af
c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL
Makes test 129 work (HTTP/1.2 response).

Closes #7141
2021-05-27 18:14:00 +02:00
Daniel Stenberg
d3e0f20fea
http_proxy: deal with non-200 CONNECT response with Hyper
Makes test 94 and 95 work

Closes #7141
2021-05-27 18:13:45 +02:00
Daniel Stenberg
23b99fc94c
c-hyper: clear NTLM auth buffer when request is issued
To prevent previous ones to get reused on subsequent requests. Matches
how the built-in HTTP code works. Makes test 90 to 93 work.

Add test 90 to 93 in travis.

Closes #7139
2021-05-27 16:50:59 +02:00
Joel Depooter
ee97f17697
schannel: set ALPN length correctly for HTTP/2
In a3268eca79 this code was changed to use the ALPN_H2 constant
instead of the NGHTTP2_PROTO_ALPN constant. However, these constants are
not the same. The nghttp2 constant included the length of the string,
like this: "\x2h2". The ALPN_H2 constant is just "h2". Therefore we need
to re-add the length of the string to the ALPN buffer.

Closes #7138
2021-05-27 08:27:35 +02:00
Daniel Stenberg
2ee761c19b
Revert "c-hyper: handle body on HYPER_TASK_EMPTY"
This reverts commit c3eefa95c3.

Reported-by: Kevin Burke
Fixes #7122
Closes #7136
2021-05-27 07:54:32 +02:00
Michael Forney
7f9c5af8b3
bearssl: explicitly initialize all fields of Curl_ssl
Also, add comments like the other vtls backends.

Closes #7133
2021-05-26 14:43:45 +02:00
Michael Forney
a03ea62239
bearssl: remove incorrect const on variable that is modified
hostname may be set to NULL later on in this function if it is an
IP address.

Closes #7133
2021-05-26 14:43:40 +02:00
Daniel Stenberg
82d334001f
copyright: update copyright year ranges to 2021 2021-05-26 08:18:11 +02:00
Radek Zajic
1a5e41d97c
hostip: fix broken macOS/CMake/GCC builds
Follow-up to 31f631a142

Fixes #7128
Closes #7129
2021-05-26 00:24:09 +02:00
Orgad Shaneh
2864b00b01
setopt: streamline ssl option code
Make it use the same style as the code next to it

Closes #7123
2021-05-25 12:48:04 +02:00
Radek Zajic
31f631a142
lib/hostip6.c: make NAT64 address synthesis on macOS work
Closes #7121
2021-05-25 12:45:56 +02:00
ejanchivdorj
a63dae5d07
sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer
When the SecCertificateCopyCommonName function fails, it leaves
common_name in a invalid state so CFStringCompare uses the invalid
result, causing EXC_BAD_ACCESS.

The fix is to check the return value of the function before using the
name.

Closes #7126
2021-05-25 11:22:09 +02:00
Alessandro Ghedini
424aa64d54
quiche: update for network path aware API
Latest version of quiche requires the application to pass the peer
address of received packets, and it provides the address for outgoing
packets back.

Closes #7120
2021-05-24 17:26:46 +02:00
Jacob Hoffman-Andrews
a62e6435f4
rustls: switch read_tls and write_tls to callbacks
And update to 0.6.0, including a rename from session to connection for
many fields.

Closes #7071
2021-05-24 16:40:59 +02:00
Koichi Shiraishi
98770344b2
sectransp: fix 7f4a9a9b2a commit about missing comma
Follow-up to 7f4a9a9b2a

Closes #7119
2021-05-24 14:50:11 +02:00
Harry Sintonen
7f4a9a9b2a
openssl: associate/detach the transfer from connection
CVE-2021-22901

Bug: https://curl.se/docs/CVE-2021-22901.html
2021-05-24 13:15:10 +02:00
Harry Sintonen
39ce47f219
telnet: check sscanf() for correct number of matches
CVE-2021-22898

Bug: https://curl.se/docs/CVE-2021-22898.html
2021-05-24 07:56:05 +02:00
Daniel Stenberg
bbb71507b7
schannel: don't use static to store selected ciphers
CVE-2021-22897

Bug: https://curl.se/docs/CVE-2021-22897.html
2021-05-24 07:56:05 +02:00
Sergey Markelov
96adbf5cdb
NSS: make colons, commas and spaces valid separators in cipher list
Fixes #7110
Closes #7115
2021-05-23 00:11:30 +02:00
Peng-Yu Chen
07d20f5dfa
cmake: detect CURL_SA_FAMILY_T
Fixes #7049
Closes #7065
2021-05-21 08:39:39 +02:00
Lucas Clemente Vella
84d2839740
CURLOPT_IPRESOLVE: preventing wrong IP version from being used
In some situations, it was possible that a transfer was setup to
use an specific IP version, but due do DNS caching or connection
reuse, it ended up using a different IP version from requested.

This commit changes the effect of CURLOPT_IPRESOLVE from simply
restricting address resolution to preventing the wrong connection
type being used, when choosing a connection from the pool, and
to restricting what addresses could be used when establishing
a new connection.

It is important that all addresses versions are resolved, even if
not used in that transfer in particular, because the result is
cached, and could be useful for a different transfer with a
different CURLOPT_IPRESOLVE setting.

Closes #6853
2021-05-20 16:58:31 +02:00
Oliver Urbann
ac54b10933
AmigaOS: add functions definitions for SHA256
AmiSSL replaces many functions with macros. Curl requires pointer
to some of these functions. Thus, we have to encapsulate these macros:
SHA256_Init, SHA256_Update, SHA256_Final, X509_INFO_free.

Bug: https://github.com/jens-maus/amissl/issues/15
Co-authored-by: Daniel Stenberg <daniel@haxx.se>

Closes #7099
2021-05-20 16:47:42 +02:00
Marc Aldorasi
f6b325a509
config: remove now-unused macros
Closes #7094
2021-05-19 00:36:01 +02:00
Marc Aldorasi
6c347d4f36
hostip.h: remove declaration of unimplemented function
Closes #7094
2021-05-19 00:35:55 +02:00
Daniel Stenberg
b1dded68e3
h3: add 'attach' callback to protocol handlers
Follow-up to 0c55fbab45

Reviewed-by: Emil Engler
Closes #7090
2021-05-19 00:29:09 +02:00
Daniel Stenberg
7b6d771a19
wolfssl: remove SSLv3 support leftovers
Closes #7088
2021-05-18 16:23:17 +02:00
Joel Depooter
77444b84f3
data_pending: check only SECONDARY socket for FTP(S) transfers
Check the FIRST for all other protocols.

This fixes a timeout in an ftps download. The server sends a TLS
close_notify message in the same packet as the file data. The
close_notify seems to not be handled in the schannel_recv function, so
libcurl is not aware that the server has closed the connection. Thus
libcurl ends up waiting for action on the socket until a timeout is
reached. With the secondary socket check added to the data_pending
function, the close_notify is properly handled, and the ftps transfer
terminates as expected.

Fixes #7068
Closes #7069
2021-05-18 13:20:52 +02:00
Daniel Stenberg
0c55fbab45
conn: add 'attach' to protocol handler, make libssh2 use it
The libssh2 backend has SSH session associated with the connection but
the callback context is the easy handle, so when a connection gets
attached to a transfer, the protocol handler now allows for a custom
function to get used to set things up correctly.

Reported-by: Michael O'Farrell
Fixes #6898
Closes #7078
2021-05-17 17:57:50 +02:00
Daniel Stenberg
904b27d18d
http2: make sure pause is done on HTTP
Since the function is called for any protocol, we can't assume that the
HTTP struct is there without first making sure it is HTTP.

Reported-by: Denis Goleshchikhin
Fixes #7079
Closes #7080
2021-05-17 14:44:13 +02:00
Jacob Hoffman-Andrews
c3eefa95c3
c-hyper: handle body on HYPER_TASK_EMPTY
Some of the time, we get a HYPER_TASK_EMPTY response before the status
line, headers, and body have been read. Previously, that would cause us
to poll again, leading to a 1 second timeout.

The HYPER_TASK_EMPTY docs say:

   The value of this task is null (does not imply an error).

So, if we receive a HYPER_TASK_EMPTY, continue on with processing the
response.

Reported-by: Kevin Burke
Fixes #7064
Closes #7070
2021-05-16 00:48:14 +02:00
Daniel Stenberg
acf91ff75e
version: free the openldap info correctly
... to avoid memory leaks.

Follow-up to: bf0feae776
Closes #7061
2021-05-15 17:47:35 +02:00