1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-26 01:58:49 -05:00
Commit Graph

26165 Commits

Author SHA1 Message Date
xquery
b950120b2d
socks: remove unreachable breaks in socks.c and mime.c
Closes #5537
2020-06-08 11:04:44 +02:00
Daniel Stenberg
a3e972313b
tool_cfgable: free login_options at exit
Memory leak
Reported-by: Geeknik Labs
Fixes #5535
Closes #5536
2020-06-08 08:41:11 +02:00
Daniel Stenberg
7370b4e39f
libssh2: keep sftp errors as 'unsigned long'
Remove weird work-around for storing the SFTP errors as int instead of
the "unsigned long" that libssh2 actually returns for SFTP errors.

Closes #5534
2020-06-08 08:38:48 +02:00
Marc Hoersken
3186f50054
timeouts: move ms timeouts to timediff_t from int and long
Now that all functions in select.[ch] take timediff_t instead
of the limited int or long, we can remove type conversions
and related preprocessor checks to silence compiler warnings.

Avoiding conversions from time_t was already done in 842f73de.

Based upon #5262
Supersedes #5214, #5220 and #5221
Follow up to #5343 and #5479
Closes #5490
2020-06-06 20:05:58 +02:00
François Rigault
e2de2d5397
openssl: set FLAG_TRUSTED_FIRST unconditionally
On some systems, openssl 1.0.x is still the default, but it has been
patched to contain all the recent security fixes. As a result of this
patching, it is possible for macro X509_V_FLAG_NO_ALT_CHAINS to be
defined, while the previous behavior of openssl to not look at trusted
chains first, remains.

Fix it: ensure X509_V_FLAG_TRUSTED_FIRST is always set, do not try to
probe for the behavior of openssl based on the existence ofmacros.

Closes #5530
2020-06-06 18:01:24 +02:00
Daniel Stenberg
2705830f2f
server/util: fix logmsg format using curl_off_t argument
... this caused segfaults on armv7.

Regression added in dd0365d560 (7.70.0)

Reviewed-by: Jay Satiro
Closes #5529
2020-06-06 13:25:56 +02:00
Daniel Stenberg
47d8730d3f
RELEASE-NOTES: synced 2020-06-05 23:25:43 +02:00
Cherish98
e980cbb8e7
socks: fix expected length of SOCKS5 reply
Commit 4a4b63d forgot to set the expected SOCKS5 reply length when the
reply ATYP is X'01'. This resulted in erroneously expecting more bytes
when the request length is greater than the reply length (e.g., when
remotely resolving the hostname).

Closes #5527
2020-06-05 23:20:10 +02:00
Marc Hoersken
bba83ed285
.gitignore: add directory containing the stats repo
Since the new curl/stats repository is designed to be
checked out into the curl repository working tree as stats/
it should be on the ignore list to aid in commit staging.
2020-06-05 19:54:34 +02:00
Adnan Khan
3bde2e3f78
HTTP3.md: clarify cargo build directory
Cargo needs to be called from within the 'quiche' directory.

Closes #5522
2020-06-05 18:00:36 +02:00
Daniel Stenberg
95a6580409
user-agent.d: spell out what happens given a blank argument
Closes #5525
2020-06-05 17:59:19 +02:00
Daniel Stenberg
d957ed4941
trailers: switch h1-trailer logic to use dynbuf
In the continued effort to remove "manual" realloc schemes.

Closes #5524
2020-06-05 17:57:24 +02:00
Daniel Stenberg
a00668d296
CURLINFO_ACTIVESOCKET.3: clarify the description
Reported-by: Jay Satiro
Fixes #5299
Closes #5520
2020-06-05 08:50:48 +02:00
Daniel Stenberg
42ed22fea6
mailmap: Don J Olmstead 2020-06-04 23:53:44 +02:00
Daniel Stenberg
4190f49688
configure: only strip first -L from LDFLAGS
In the logic that works out if a given OpenSSL path works, it stripped
off a possibly leading -L flag using an incorrect sed pattern which
would remove all instances of -L in the string, including if the path
itself contained that two-letter sequence!

The same pattern was used and is now updated in multiple places. Now it
only removes -L if it starts the strings.

Reported-by: Mohamed Osama
Fixes #5519
Closes #5521
2020-06-04 23:15:28 +02:00
Peter Wu
ceab0febd0 quiche: advertise draft 28 support
Fix the verbose message while at it, quiche currently supports draft
27 and draft 28 simultaneously.

Closes #5518
2020-06-04 22:07:56 +02:00
Daniel Stenberg
c048dd0b7c
KNOWN_BUGS: RTSP authentication breaks without redirect support
Closes #4750
2020-06-04 10:40:32 +02:00
Jay Satiro
7e7db5d2f9 projects: Add crypt32.lib to dependencies for all OpenSSL configs
Windows project configurations that use OpenSSL with USE_WIN32_CRYPTO
need crypt32.

Follow-up to 148534d which added CURLSSLOPT_NATIVE_CA for 7.71.0.

The changes that are in this commit were made by script.

Ref: https://gist.github.com/jay/a1861b50ecce2b32931237180f856e28

Closes https://github.com/curl/curl/pull/5516
2020-06-04 03:37:55 -04:00
Marc Hoersken
0900b03ecf
CI/macos: fix 'is already installed' errors by using bundle
Avoid failing CI builds due to nghttp2 being already installed.

Closes #5513
2020-06-03 20:18:36 +02:00
Daniel Stenberg
74368dc6ae
altsvc: fix 'dsthost' may be used uninitialized in this function 2020-06-03 16:28:56 +02:00
Daniel Stenberg
2bf7d1b1d2
RELEASE-NOTES: synced 2020-06-02 17:00:54 +02:00
Daniel Stenberg
9c845be279
urldata: let the HTTP method be in the set.* struct
When the method is updated inside libcurl we must still not change the
method as set by the user as then repeated transfers with that same
handle might not execute the same operation anymore!

This fixes the libcurl part of #5462

Test 1633 added to verify.

Closes #5499
2020-06-02 16:30:36 +02:00
Daniel Stenberg
cba70628ae
hostip: fix the memory-leak introduced in 67d2802
Fixes #5503
Closes #5504
2020-06-02 12:43:50 +02:00
Daniel Stenberg
c06ffdb6f1
test970: make it require proxy support
This test verifies the -w %json output and the test case includes a full
generated "blob". If there's no proxy support built into libcurl, it
will return an error for proxy related info variables and they will not
be included in the json, thus causing a mismatch and this test fails.

Reported-by: Marc Hörsken
Fixes #5501
Closes #5502
2020-06-02 10:39:15 +02:00
Radoslav Georgiev
abfd154efd
examples/http2-down/upload: add error checks
If `index.html` does not exist in the directory from which the example
is invoked, the fopen(upload, "rb") invocation in `setup` would fail,
returning NULL.  This value is subsequently passed as the FILE* argument
of the `fread` invocation in the `read_callback` function, which is the
actual cause of the crash (apparently `fread` assumes that argument to
be non-null).

In addition, mitigate some possible crashes of similar origin.

Closes #5463
2020-06-02 00:14:08 +02:00
kotoriのねこ
066b303231
examples/ephiperfifo: turn off interval when setting timerfd
Reported-by: therealhirudo on github
Fixes #5485
Closes #5497
2020-06-02 00:11:38 +02:00
Saleem Abdulrasool
21ed48e8d9
vtls: repair the build with CURL_DISABLE_PROXY
`http_proxy` will not be available in `conndata` if `CURL_DISABLE_PROXY`
is enabled.  Repair the build with that configuration.

Follow-up to f3d501dc67

Closes #5498
2020-06-01 23:03:31 +02:00
Daniel Stenberg
b77a2528f8
transfer: remove k->str NULL check
"Null-checking k->str suggests that it may be null, but it has already
been dereferenced on all paths leading to the check" - and it can't
legally be NULL at this point. Remove check.

Detected by Coverity CID 1463884

Closes #5495
2020-06-01 15:22:36 +02:00
Marc Hoersken
5325b92a0a
select: always use Sleep in Curl_wait_ms on Win32
Since Win32 almost always will also have USE_WINSOCK,
we can reduce complexity and always use Sleep there.

Assisted-by: Jay Satiro
Reviewed-by: Daniel Stenberg

Follow up to #5343
Closes #5489
2020-06-01 08:32:21 +02:00
Daniel Stenberg
8346c90b78
conncache: download buffer needs +1 size for trailing zero
Follow-up to c4e6968127
Detected by OSS-Fuzz: https://oss-fuzz.com/testcase-detail/5727799779524608
2020-05-31 17:45:57 +02:00
Marc Hoersken
4bd09877e3
azure: use matrix strategy to avoid configuration redundancy
This also includes the following changes:

- Use the same timeout for all jobs on Linux (60 minutes)
  and Windows (90 minutes)
- Use CLI stable apt-get install -y instead of apt install
  which warns about that and run apt-get update first
- Enable MQTT for Windows msys2 builds instead of
  legacy msys1 builds
- Add ./configure --prefix parameter to the msys2 builds
- The MSYSTEM environment variable is now preset inside
  the container images for the msys2 builds

Note: on Azure Pipelines the matrix strategy is basically
just a simple list of job copies and not really a matrix.

Closes #5468
2020-05-31 12:36:52 +02:00
Daniel Stenberg
f3d501dc67
build: disable more code/data when built without proxy support
Added build to travis to verify

Closes #5466
2020-05-30 23:18:16 +02:00
Daniel Stenberg
c4e6968127
url: alloc the download buffer at transfer start
... and free it as soon as the transfer is done. It removes the extra
alloc when a new size is set with setopt() and reduces memory for unused
easy handles.

In addition: the closure_handle now doesn't use an allocated buffer at
all but the smallest supported size as a stack based one.

Closes #5472
2020-05-30 23:14:33 +02:00
Daniel Stenberg
842f73de58
timeouts: change millisecond timeouts to timediff_t from time_t
For millisecond timers we like timediff_t better. Also, time_t can be
unsigned so returning a negative value doesn't work then.

Closes #5479
2020-05-30 23:10:57 +02:00
Marc Hoersken
fc55c723c4
select: add overflow checks for timeval conversions
Using time_t and suseconds_t if suseconds_t is available,
long on Windows (maybe others in the future) and int elsewhere.

Also handle case of ULONG_MAX being greater or equal to INFINITE.

Assisted-by: Jay Satiro
Reviewed-by: Daniel Stenberg

Part of #5343
2020-05-30 10:21:23 +02:00
Marc Hoersken
4a8f459837
select: use timediff_t instead of time_t and int for timeout_ms
Make all functions in select.[ch] take timeout_ms as timediff_t
which should always be large enough and signed on all platforms
to take all possible timeout values and avoid type conversions.

Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg

Replaces #5107 and partially #5262
Related to #5240 and #5286
Closes #5343
2020-05-30 10:20:40 +02:00
Marc Hoersken
62314d6b71
unit1604.c: fix implicit conv from 'SANITIZEcode' to 'CURLcode'
GCC 10 warns about this with warning: implicit conversion
  from 'SANITIZEcode' to 'CURLcode' [-Wenum-conversion]

Since 'expected_result' is not really of type 'CURLcode' and
it is not exposed in any way, we can just use 'SANITIZEcode'.

Reviewed-by: Daniel Stenberg
Reviewed-by: Marcel Raad

Closes #5476
2020-05-30 10:07:26 +02:00
Marc Hoersken
c0d4faf8e5
tests/libtest: fix undefined reference to 'curlx_win32_fopen'
Since curl_setup.h now makes use of curlx_win32_fopen for Win32
builds with USE_WIN32_LARGE_FILES or USE_WIN32_SMALL_FILES defined,
we need to include the relevant files for tests using fopen,
because the libtest sources are also including curl_setup.h

Reviewed-by: Marcel Raad
Reviewed-by: Daniel Stenberg

Follow up to #3784 (ffdddb45d9)
Closes #5475
2020-05-30 10:03:00 +02:00
Marc Hoersken
bbaef1a042
appveyor: add non-debug plain autotools-based build
This should enable us to catch linking issues with the
testsuite early, like the one described/fixed in #5475.

Reviewed-by: Daniel Stenberg
Reviewed-by: Marcel Raad

Closes #5477
2020-05-30 09:46:04 +02:00
Daniel Stenberg
5ec3226e06
RELEASE-NOTES: synced 2020-05-29 23:59:44 +02:00
Daniel Stenberg
d618986a1c
Revert "buildconf: use find -execdir"
This partially reverts commit c712009838.

Keep the ares_ files removed but bring back the older way to run find,
to make it work with busybox's find, as apparently that's being used.

Reported-by: Max Peal
Fixes #5483
Closes #5484
2020-05-29 17:37:24 +02:00
Daniel Stenberg
6531d089e5
server/sws: fix asan warning on use of uninitialized variable 2020-05-29 13:05:09 +02:00
Daniel Stenberg
733a39a907
libssh2: improved error output for wrong quote syntax
Reported-by: Werner Stolz

Closes #5474
2020-05-29 09:35:52 +02:00
Daniel Stenberg
32d4d6b969
mk-lib1521: generate code for testing BLOB options as well
Follow-up to cac5374298

Closes #5478
2020-05-29 09:22:50 +02:00
Daniel Stenberg
2110b996a6
configure: repair the check if argv can be written to
Due to bad escaping of the test code, the test wouldn't build and thus
result in a negative test result, which would lead to the unconditional
assumption that overwriting the arguments doesn't work and thus curl
would never hide credentials given in the command line, even when it
would otherwise be possible.

Regression from commit 2d4c2152c (7.60.0)

Reported-by: huzunhao on github
Fixes #5470
Closes #5471
2020-05-28 23:33:56 +02:00
Peter Wu
3a2ca60d6a CMake: rebuild Makefile.inc.cmake when Makefile.inc changes
Otherwise the build might fail due to missing source files, as
demonstrated by the recent keylog.c addition on an existing build dir.

Closes #5469
2020-05-28 10:46:07 +02:00
Daniel Stenberg
155551c446
urldata: fix comments: Curl_done() is called multi_done() now
... since 575e885db
2020-05-28 10:13:39 +02:00
Peter Wu
697f984ec9 ngtcp2: use common key log routine for better thread-safety
Tested with ngtcp2 built against the OpenSSL library. Additionally
tested with MultiSSL (NSS for TLS and ngtcp2+OpenSSL for QUIC).

The TLS backend (independent of QUIC) may or may not already have opened
the keylog file before. Therefore Curl_tls_keylog_open is always called
to ensure the file is open.
2020-05-27 21:19:51 +02:00
Peter Wu
7be7c56be9 wolfssl: add SSLKEYLOGFILE support
Tested following the same curl and tshark commands as in commit
"vtls: Extract and simplify key log file handling from OpenSSL" using
WolfSSL v4.4.0-stable-128-g5179503e8 from git master built with
`./configure --enable-all --enable-debug CFLAGS=-DHAVE_SECRET_CALLBACK`.

Full support for this feature requires certain wolfSSL build options,
see "Availability note" in lib/vtls/wolfssl.c for details.

Closes #5327
2020-05-27 21:19:51 +02:00
Peter Wu
6011a986ca vtls: Extract and simplify key log file handling from OpenSSL
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:

 - Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
 - Do not perform dynamic memory allocation when preparing a log entry.
   Unless the TLS specifications change we can suffice with a reasonable
   fixed-size buffer.
 - Simplify state tracking when SSL_CTX_set_keylog_callback is
   unavailable. My original sslkeylog.c code included this tracking in
   order to handle multiple calls to SSL_connect and detect new keys
   after renegotiation (via SSL_read/SSL_write). For curl however we can
   be sure that a single master secret eventually becomes available
   after SSL_connect, so a simple flag is sufficient. An alternative to
   the flag is examining SSL_state(), but this seems more complex and is
   not pursued. Capturing keys after server renegotiation was already
   unsupported in curl and remains unsupported.

Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:

    # Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
    openssl s_server -www -tls1
    # Likewise, but fail the server handshake.
    openssl s_server -www -tls1 -Verify 2
    # TLS 1.3 test. No need to test the failing server handshake.
    openssl s_server -www -tls1_3

Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.

    tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
        -eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
        -dtls.port==4433,http -ohttp.desegment_body:FALSE \
        -Y 'tls.handshake.verify_data or http'

A single connection can easily be identified via the `tcp.stream` field.
2020-05-27 21:19:51 +02:00