1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-17 15:05:02 -05:00
Commit Graph

11501 Commits

Author SHA1 Message Date
Daniel Stenberg
aba01da639
failf: remove newline from formatting strings
... as failf adds one itself.

Also: add an assert() to failf() that triggers on a newline in the
format string!

Closes #6365
2020-12-25 23:42:16 +01:00
Daniel Stenberg
ac9a7245fc
speedcheck: exclude paused transfers
Paused transfers should not be stopped due to slow speed even when
CURLOPT_LOW_SPEED_LIMIT is set. Additionally, the slow speed timer is
now reset when the transfer is unpaused - as otherwise it would easily
just trigger immediately after unpausing.

Reported-by: Harry Sintonen
Fixes #6358
Closes #6359
2020-12-22 13:51:07 +01:00
Daniel Stenberg
c7f95fa0cc
h2: do not wait for RECV on paused transfers
... as the socket might be readable all the time when paused and thus
causing a busy-loop.

Reported-by: Harry Sintonen
Reviewed-by: Jay Satiro
Fixes #6356
Closes #6357
2020-12-22 12:44:18 +01:00
Matthias Gatto
eb69797766
http: Make the call to v4 signature
This patch allow to call the v4 signature introduce in previous commit

Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
2020-12-21 16:28:03 +01:00
Matthias Gatto
08e8455ddd
http: introduce AWS HTTP v4 Signature
It is a security process for HTTP.

It doesn't seems to be standard, but it is used by some cloud providers.

Aws:
https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
Outscale:
https://wiki.outscale.net/display/EN/Creating+a+Canonical+Request
GCP (I didn't test that this code work with GCP though):
https://cloud.google.com/storage/docs/access-control/signing-urls-manually

most of the code is in lib/http_v4_signature.c

Information require by the algorithm:
- The URL
- Current time
-  some prefix that are append to some of the signature parameters.

The data extracted from the URL are: the URI, the region,
the host and the API type

example:
https://api.eu-west-2.outscale.com/api/latest/ReadNets
        ~~~ ~~~~~~~~               ~~~~~~~~~~~~~~~~~~~
        ^       ^                          ^
       /         \                        URI
   API type     region

Small description of the algorithm:
- make canonical header using content type, the host, and the date
- hash the post data
- make canonical_request using custom request, the URI,
  the get data, the canonical header, the signed header
  and post data hash
- hash canonical_request
- make str_to_sign using one of the prefix pass in parameter,
  the date, the credential scope and the canonical_request hash
- compute hmac from date, using secret key as key.
- compute hmac from region, using above hmac as key
- compute hmac from api_type, using above hmac as key
- compute hmac from request_type, using above hmac as key
- compute hmac from str_to_sign using above hmac as key
- create Authorization header using above hmac, prefix pass in parameter,
  the date, and above hash

Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>

Closes #5703
2020-12-21 16:27:50 +01:00
Matthias Gatto
d52564bacb
http: add hmac support for sha256
It seems current hmac implementation use md5 for the hash,
V4 signature require sha256, so I've added the needed struct in
this commit.

I've added the functions that do the hmac in v4 signature file
as a static function ,in the next patch of the serie,
because it's used only by this file.

Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
2020-12-21 15:26:41 +01:00
Cristian Rodríguez
d13179db3e
connect: on linux, enable reporting of all ICMP errors on UDP sockets
The linux kernel does not report all ICMP errors back to userspace due
to historical reasons.

IP*_RECVERR sockopt must be turned on to have the correct behaviour
which is to pass all ICMP errors to userspace.

See https://bugzilla.kernel.org/show_bug.cgi?id=202355

Closes #6341
2020-12-21 15:24:08 +01:00
Daniel Stenberg
e1a4647a42
c-hyper: fix compiler warnings
Identified by clang on windows.

Reported-by: Gisle Vanem
Bug: 58974d25d8

Closes #6351
2020-12-20 23:06:46 +01:00
Daniel Stenberg
abb68c192a
build: repair http disabled but mqtt enabled build
... as the mqtt code reuses the "method" originally used for HTTP.

Closes #6344
2020-12-18 16:09:13 +01:00
Jon Wilkes
e2075f2337
cookie: avoid the C1001 internal compiler error with MSVC 14
Fixes #6112
Closes #6135
2020-12-18 14:02:27 +01:00
Daniel Stenberg
debf23eead
mqtt: handle POST/PUBLISH without a set POSTFIELDSIZE
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28735

Added test 1916 and 1917 to verify.

Closes #6338
2020-12-18 12:54:05 +01:00
Daniel Stenberg
58974d25d8
lib: introduce c-hyper for using Hyper
... as an alternative HTTP backend within libcurl.
2020-12-18 09:58:04 +01:00
Daniel Stenberg
edc89839be
setopt: adjust to Hyper and disabled HTTP builds 2020-12-18 09:58:04 +01:00
Daniel Stenberg
4daba06762
rtsp: disable if Hyper is used 2020-12-18 09:58:04 +01:00
Daniel Stenberg
34021b804d
getinfo: build with disabled HTTP support 2020-12-18 09:58:03 +01:00
Daniel Stenberg
9211cb2034
version: include hyper version 2020-12-18 09:58:03 +01:00
Daniel Stenberg
a5bc272223
http: show the request as headers even when split-sending
When the initial request isn't possible to send in its entirety, the
remainder of request would be delivered to the debug callback as data
and would wrongly be counted internally as body-bytes sent.

Extended test 1295 to verify.

Closes #6328
2020-12-17 14:00:27 +01:00
Daniel Stenberg
3e17c8ab72
multi: when erroring in TOOFAST state, act as for PERFORM
When failing in TOOFAST, the multi_done() wasn't called so the same
cleanup and handling wasn't done like when it fails in PERFORM, which in
the case of FTP could mean that the control connection wouldn't be
marked as "dead" for the CURLE_ABORTED_BY_CALLBACK case. Which caused
ftp_disconnect() to use it to send "QUIT", which could end up waiting
for a response a long time before giving up!

Reported-by: Tomas Berger
Fixes #6333
Closes #6337
2020-12-17 13:57:27 +01:00
parazyd
a1f06f32b8
gopher: Implement secure gopher protocol.
This commit introduces a "gophers" handler inside the gopher protocol if
USE_SSL is defined. This protocol is no different than the usual gopher
prococol, with the added TLS encapsulation upon connecting. The protocol
has been adopted in the gopher community, and many people have enabled
TLS in their gopher daemons like geomyidae(8), and clients, like clic(1)
and hurl(1).

I have not implemented test units for this protocol because my knowledge
of Perl is sub-par. However, for someone more knowledgeable it might be
fairly trivial, because the same test that tests the plain gopher
protocol can be used for "gophers" just by adding a TLS listener.

Signed-off-by: parazyd <parazyd@dyne.org>

Closes #6208
2020-12-15 12:58:12 +01:00
Daniel Stenberg
a259eee99f
mqtt: deal with 0 byte reads correctly
OSS-Fuzz found it
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28676

Closes #6327
2020-12-15 11:38:29 +01:00
Daniel Stenberg
796c068895
quiche: remove fprintf() leftover 2020-12-14 11:19:48 +01:00
Jay Satiro
c54565915f digest_sspi: Show InitializeSecurityContext errors in verbose mode
The error is shown with infof rather than failf so that the user will
see the extended error message information only in verbose mode, and
will still see the standard CURLE_AUTH_ERROR message. For example:

---

* schannel: InitializeSecurityContext failed: SEC_E_QOP_NOT_SUPPORTED
(0x8009030A) - The per-message Quality of Protection is not supported by
the security package
* multi_done
* Connection #1 to host 127.0.0.1 left intact
curl: (94) An authentication function returned an error

---

Ref: https://github.com/curl/curl/issues/6302

Closes https://github.com/curl/curl/pull/6315
2020-12-14 00:25:10 -05:00
Daniel Stenberg
769a4687df
tests/server/disabled: add "wakeup"
To allow the test suite to know if wakeup support is disabled in the
build.
2020-12-11 17:42:17 +01:00
Daniel Stenberg
32793b2c4f
ngtcp2: make it build it current master again
Closes #6296
2020-12-10 08:57:07 +01:00
Cristian Rodríguez
25b4e158e9
connect: defer port selection until connect() time
If supported, defer port selection until connect() time
if --interface is given and source port is 0.

Reproducer:

* start fast webserver on port 80
* starve system of ephemeral ports
$  sysctl net.ipv4.ip_local_port_range="60990 60999"

* start a curl/libcurl "crawler"
$curl --keepalive --parallel --parallel-immediate --head --interface
127.0.0.2 "http://127.0.0.[1-254]/file[001-002].txt"

current result:
(possible some successful data)
curl: (45) bind failed with errno 98: Address already in use

result after patch:
(complete success or few connections failing, higlhy depending on load)

Fail only when all the possible 4-tuple combinations are exhausted,
which is impossible to do when port is selected at bind() time becuse
the kernel does not know if socket will be listen()'ed on or connect'ed
yet.

Closes #6295
2020-12-10 08:55:42 +01:00
Hans-Christian Noren Egtvedt
8a10abaf85
connect: zero variable on stack to silence valgrind complaint
Valgrind will complain that ssrem buffer usage if not explicit
initialized, hence initialize it to zero.

This completes the change intially started in commit 2c0d721215 ('ftp:
retry getpeername for FTP with TCP_FASTOPEN') where the ssloc buffer has
a similar memset to zero.

Signed-off-by: Hans-Christian Noren Egtvedt <hegtvedt@cisco.com>
Closes #6289
2020-12-09 23:36:15 +01:00
Jacob Hoffman-Andrews
6d338a87d6 urldata: restore comment on ssl_connect_data.use
This comment was originally on the `use` field, but was separated from
its field in 62a2534.

Closes https://github.com/curl/curl/pull/6287
2020-12-07 18:45:47 -05:00
Daniel Stenberg
d9d0167278
openssl: make the OCSP verification verify the certificate id
CVE-2020-8286

Reported by anonymous

Bug: https://curl.se/docs/CVE-2020-8286.html
2020-12-07 09:27:10 +01:00
Daniel Stenberg
69a358f218
ftp: make wc_statemach loop instead of recurse
CVE-2020-8285

Fixes #6255
Bug: https://curl.se/docs/CVE-2020-8285.html
Reported-by: xnynx on github
2020-12-07 09:25:48 +01:00
Daniel Stenberg
ec9cc725d5
ftp: CURLOPT_FTP_SKIP_PASV_IP by default
The command line tool also independently sets --ftp-skip-pasv-ip by
default.

Ten test cases updated to adapt the modified --libcurl output.

Bug: https://curl.se/docs/CVE-2020-8284.html
CVE-2020-8284

Reported-by: Varnavas Papaioannou
2020-12-07 08:38:05 +01:00
Daniel Stenberg
abd846c374
urlapi: don't accept blank port number field without scheme
... as it makes the URL parser accept "very-long-hostname://" as a valid
host name and we don't want that. The parser now only accepts a blank
(no digits) after the colon if the URL starts with a scheme.

Reported-by: d4d on hackerone

Closes #6283
2020-12-07 00:50:49 +01:00
Daniel Stenberg
2260e0ebe6
Revert "multi: implement wait using winsock events"
This reverts commit d2a7d7c185.

This commit also reverts the subsequent follow-ups to that commit, which
were all done within windows #ifdefs that are removed in this
change. Marc helped me verify this.

Fixes #6146
Closes #6281
2020-12-06 22:40:38 +01:00
Klaus Crusius
2c0d721215
ftp: retry getpeername for FTP with TCP_FASTOPEN
In the case of TFO, the remote host name is not resolved at the
connetion time.

For FTP that has lead to missing hostname for the secondary connection.
Therefore the name resolution is done at the time, when FTP requires it.

Fixes #6252
Closes #6265
Closes #6282
2020-12-06 11:18:28 +01:00
Daniel Stenberg
1835cb916e
openssl: use OPENSSL_init_ssl() with >= 1.1.0
Reported-by: Kovalkov Dmitrii and Per Nilsson
Fixes #6254
Fixes #6256
Closes #6260
2020-12-03 22:30:38 +01:00
Daniel Stenberg
26f682bcc4
quiche: close the connection
Reported-by: Junho Choi
Fixes #6213
Closes #6217
2020-12-02 22:50:39 +01:00
Jay Satiro
2d1df660bc ngtcp2: Fix build error due to symbol name change
- NGTCP2_CRYPTO_LEVEL_APP -> NGTCP2_CRYPTO_LEVEL_APPLICATION

ngtcp2/ngtcp2@76232e9 changed the name.

ngtcp2 master is required to build curl with http3 support.

Closes https://github.com/curl/curl/pull/6271
2020-12-02 16:06:57 -05:00
Klaus Crusius
d6bfbfadd3
cmake: check for linux/tcp.h
The HAVE_LINUX_TCP_H define was not set by cmake.

Closes #6252
2020-12-01 12:32:55 +01:00
Daniel Stenberg
b6b535994e
splay: rename Curl_splayremovebyaddr to Curl_splayremove
... and remove the old unused proto for the old Curl_splayremove
version.

Closes #6269
2020-12-01 08:09:51 +01:00
Daniel Stenberg
2d4d012a49
openssl: free mem_buf in error path
To fix a memory-leak.

Closes #6267
2020-12-01 08:03:47 +01:00
Daniel Stenberg
0d75bf9ae9
openssl: remove #if 0 leftover
Follow-up to 4c9768565e (from Sep 2008)

Closes #6268
2020-11-30 19:59:12 +01:00
Daniel Stenberg
65d2f563fd
ntlm: avoid malloc(0) on zero length user and domain
... and simplify the too-long checks somewhat.

Detected by OSS-Fuzz

Closes #6264
2020-11-29 11:24:54 +01:00
Daiki Ueno
c7b02c5d68
ngtcp2: use the minimal version of QUIC supported by ngtcp2
Closes #6250
2020-11-26 23:31:56 +01:00
Daiki Ueno
ddd3eb99f8
ngtcp2: advertise h3 ALPN unconditionally
Closes #6250
2020-11-26 23:31:53 +01:00
Daiki Ueno
0cbd5d5c4f
vquic/ngtcp2.h: define local_addr as sockaddr_storage
This field needs to be wide enough to hold sockaddr_in6 when
connecting via IPv6.  Otherwise, ngtcp2_conn_read_pkt will drop the
packets because of the address mismatch:
  I00000022 [...] con ignore packet from unknown path

We can safely assume that struct sockaddr_storage is available, as it
is used in the public interface of ngtcp2.

Closes #6250
2020-11-26 23:31:42 +01:00
Daniel Stenberg
0b60d3685e
socks: check for DNS entries with the right port number
The resolve call is done with the right port number, but the subsequent
check used the wrong one, which then could find a previous resolve which
would return and leave the fresh resolve "incomplete" and leaking
memory.

Fixes #6247
Closes #6253
2020-11-26 22:29:34 +01:00
Daniel Stenberg
d6ced230fe curl_setup: USE_RESOLVE_ON_IPS is for Apple native resolver use
... so don't define it when instructed to use c-ares!
2020-11-26 17:26:59 +01:00
Emil Engler
12cb7a1fe0
file: avoid duplicated code sequence
file_disconnect() is identical with file_do() except the function header
but as the arguments are unused anyway so why not just return file_do()
directly!

Reviewed-by: Daniel Stenberg
Closes #6249
2020-11-25 23:39:28 +01:00
Rikard Falkeborn
920f49a20b
infof/failf calls: fix format specifiers
Update a few format specifiers to match what is being printed.

Closes #6241
2020-11-24 13:18:41 +01:00
Daniel Stenberg
020aa0131b
docs/INTERNALS: remove reference to Curl_sendf()
The function has been removed from common usage. Also removed comment in
gopher.c that still referenced it.

Reported-by: Rikard Falkeborn
Fixes #6242
Closes #6243
2020-11-24 13:17:25 +01:00
Daniel Stenberg
37cdc2a05c
asyn: use 'struct thread_data *' instead of 'void *'
To reduce use of types that can't be checked at compile time. Also
removes several typecasts.

... and rename the struct field from 'os_specific' to 'tdata'.

Closes #6239
Reviewed-by: Jay Satiro
2020-11-23 22:54:18 +01:00
Viktor Szakats
3e092adf67
Makefile.m32: add support for UNICODE builds
It requires the linker to support the `-municode` option.
This is available in more recent mingw-w64 releases.

Ref: https://gcc.gnu.org/onlinedocs/gcc/x86-Windows-Options.html
Ref: https://stackoverflow.com/questions/3571250/wwinmain-unicode-and-mingw/11706847#11706847

Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad

Closes #6228
2020-11-23 16:56:27 +00:00
Daniel Stenberg
a95a6ce6b8
urldata: remove 'void *protop' and create the union 'p'
... to avoid the use of 'void *' for the protocol specific structs done
per transfer.

Closes #6238
2020-11-23 16:16:16 +01:00
Oliver Urbann
0d16a49c16
curl: add compatibility for Amiga and GCC 6.5
Changes are mainly reordering and adding of includes required
to compile with a more recent version of GCC.

Closes #6220
2020-11-20 23:36:51 +01:00
Daniel Gustafsson
3a8cdc82dc openssl: guard against OOM on context creation
EVP_MD_CTX_create will allocate memory for the context and returns
NULL in case the allocation fails. Make sure to catch any allocation
failures and exit early if so.

In passing, also move to EVP_DigestInit rather than EVP_DigestInit_ex
as the latter is intended for ENGINE selection which we don't do.

Closes #6224
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Emil Engler <me@emilengler.com>
2020-11-19 01:40:24 +01:00
Vincent Torri
ee38a725b9
cmake: use libcurl.rc in all Windows builds
Reviewed-by: Marcel Raad
Closes #6215
2020-11-19 14:43:31 +01:00
Daniel Stenberg
73b63876b1
quiche: remove 'static' from local buffer
For thread-safety

Closes #6223
2020-11-19 13:34:44 +01:00
Tobias Hieta
760e854348
cmake: correctly handle linker flags for static libs
curl CMake was setting the the EXE flags for static libraries which made
the /manifest:no flag ended up when linking the static library, which is
not a valid flag for lib.exe or llvm-lib.exe and caused llvm-lib to exit
with an error.

The better way to handle this is to make sure that we pass the correct
linker flags to CMAKE_STATIC_LINKER_FLAGS instead.

Reviewed-by: Jakub Zakrzewski
Closes #6195
2020-11-10 23:41:29 +01:00
Daniel Stenberg
c49d205ae0
http_proxy: use enum with state names for 'keepon'
To make the code clearer, change the 'keepon' from an int to an enum
with better state names.

Reported-by: Niranjan Hasabnis
Bug: https://curl.se/mail/lib-2020-11/0026.html
Closes #6193
2020-11-10 01:01:56 +01:00
Daniel Stenberg
7ae59838f0
curl_easy_escape: limit output string length to 3 * max input
... instead of the limiting it to just the max input size. As every
input byte can be expanded to 3 output bytes, this could limit the input
string to 2.66 MB instead of the intended 8 MB.

Reported-by: Marc Schlatter
Closes #6192
2020-11-09 23:01:06 +01:00
Daniel Stenberg
a570f7cd09
Curl_pgrsStartNow: init speed limit time stamps at start
By setting the speed limit time stamps unconditionally at transfer
start, we can start off a transfer without speed limits and yet allow
them to get set during transfer and have an effect.

Reported-by: Kael1117 on github
Fixes #6162
Closes #6184
2020-11-09 08:19:09 +01:00
Daniel Stenberg
5d57a79929
ngtcp2: adapt to recent nghttp3 updates
'reset_stream' was added to the nghttp3_conn_callbacks struct

Closes #6185
2020-11-09 08:17:38 +01:00
Daniel Stenberg
5d903ce3a3
altsvc: minimize variable scope and avoid "DEAD_STORE"
Closes #6182
2020-11-07 18:10:21 +01:00
Daniel Stenberg
20558ff269
url: make sure an HSTS upgrade updates URL and scheme correctly
Closes #6175
2020-11-06 08:22:31 +01:00
Daniel Stenberg
6ee57c8bdd
hsts: remove debug code leftovers
Closes #6175
2020-11-06 08:22:14 +01:00
Daniel Gustafsson
085f91036c hsts: Remove pointless call to free in errorpath
The line variable will always be NULL in the error path, so remove
the free call since it's pointless.

Closes #6170
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2020-11-05 09:42:38 +01:00
Daniel Stenberg
ac0a88fd25
copyright: fix year ranges
Follow-up from 4d2f800677
2020-11-05 08:22:10 +01:00
Daniel Stenberg
4d2f800677
curl.se: new home
Closes #6172
2020-11-04 23:59:47 +01:00
Harry Sintonen
8bdee98187
rtsp: error out on empty Session ID, unified the code 2020-11-04 08:14:36 +01:00
Harry Sintonen
adb0fcfab2
rtsp: fixed Session ID comparison to refuse prefix
Closes #6161
2020-11-04 08:14:01 +01:00
Daniel Stenberg
2cfc4ed983
hsts: add read/write callbacks
- read/write callback options
- man pages for the 4 new setopts
- test 1915 verifies the callbacks

Closes #5896
2020-11-03 16:08:48 +01:00
Daniel Stenberg
7385610d0c
hsts: add support for Strict-Transport-Security
- enable in the build (configure)
- header parsing
- host name lookup
- unit tests for the above
- CI build
- CURL_VERSION_HSTS bit
- curl_version_info support
- curl -V output
- curl-config --features
- CURLOPT_HSTS_CTRL
- man page for CURLOPT_HSTS_CTRL
- curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl)
- man page for --hsts
- save cache to disk
- load cache from disk
- CURLOPT_HSTS
- man page for CURLOPT_HSTS
- added docs/HSTS.md
- fixed --version docs
- adjusted curl_easy_duphandle

Closes #5896
2020-11-03 16:08:42 +01:00
Daniel Stenberg
d70a5b5a0f
sendf: move the verbose-check into Curl_debug
Saves us from having the same check done everywhere.

Closes #6159
2020-11-02 22:49:36 +01:00
Harry Sintonen
8bcb23593e
gnutls: fix memory leaks (certfields memory wasn't released)
Closes #6153
2020-11-02 09:59:48 +01:00
Daniel Stenberg
584ccb5ef2
http: pass correct header size to debug callback for chunked post
... when the chunked framing was added, the size of the "body part" of
the data was calculated wrongly so the debug callback would get told a
header chunk a few bytes too big that would also contain the first few
bytes of the request body.

Reported-by: Dirk Wetter
Ref: #6144
Closes #6147
2020-10-31 23:46:27 +01:00
Daniel Stenberg
9a844625c4
libssh2: fix transport over HTTPS proxy
The fix in #6021 was not enough. This fix makes sure SCP/SFTP content
can also be transfered over a HTTPS proxy.

Fixes #6113
Closes #6128
2020-10-29 09:31:31 +01:00
Baruch Siach
ddcc110bfc
libssh2: fix build with disabled proxy support
Build breaks because the http_proxy field is missing:

vssh/libssh2.c:3119:10: error: 'struct connectdata' has no member named 'http_proxy'

Regression from #6021, shipped in curl 7.73.0

Closes #6125
2020-10-26 09:18:35 +01:00
Daniel Stenberg
96450a1a33
alt-svc: enable by default
Remove CURLALTSVC_IMMEDIATELY, which was never implemented/supported.

alt-svc support in curl is no longer considered experimental

Closes #5868
2020-10-25 23:08:54 +01:00
Daniel Stenberg
4bfca0a807
libssh2: require version 1.0 or later
... and simplify the code accordingly. libssh2 version 1.0 was released
in April 2009.

Closes #6116
2020-10-22 16:45:40 +02:00
Daniel Stenberg
6dc563cdaa
CMake: store IDN2 information in curl_config.h
This allows the build to enable IDN properly and it makes test 1014
happier.

Ref: #6074
Closes #6108
2020-10-20 14:51:33 +02:00
Daniel Stenberg
a3d5b199f9
openssl: acknowledge SRP disabling in configure properly
Follow-up to 68a5132474

Use a new separate define that is the combination of both
HAVE_OPENSSL_SRP and USE_TLS_SRP: USE_OPENSSL_SRP

Bug: https://curl.haxx.se/mail/lib-2020-10/0037.html

Closes #6094
2020-10-16 14:29:02 +02:00
Viktor Szakats
e34959c0b9
http3: fix two build errors, silence warnings
* fix two build errors due to mismatch between function
  declarations and their definitions
* silence two mismatched signs warnings via casts

Approved-by: Daniel Stenberg
Closes #6093
2020-10-16 07:15:48 +00:00
Viktor Szakats
769c9a4eec
Makefile.m32: add support for HTTP/3 via ngtcp2+nghttp3
Approved-by: Daniel Stenberg
Closes #6092
2020-10-16 07:15:19 +00:00
Daniel Stenberg
475c1aba68
checksrc: warn on empty line before open brace
... and fix a few occurances

Closes #6088
2020-10-15 23:32:26 +02:00
Daniel Stenberg
b7ea3d2c22
urlapi: URL encode a '+' in the query part
... when asked to with CURLU_URLENCODE.

Extended test 1560 to verify.
Reported-by: Dietmar Hauser
Fixes #6086
Closes #6087
2020-10-15 23:21:53 +02:00
Philipp Klaus Krause
5168e5ad1d
strerror: use 'const' as the string should never be modified
Closes #6068
2020-10-15 15:43:32 +02:00
Jay Satiro
8b1a10cdf7
connect: repair build without ipv6 availability
Assisted-by: Daniel Stenberg
Reported-by: Tom G. Christensen

Fixes https://github.com/curl/curl/issues/6069
Closes https://github.com/curl/curl/pull/6071
2020-10-15 12:56:57 +02:00
Daniel Stenberg
15997f6db5
test122[12]: remove these two tests
... and remove the objnames scripts they tested. They're not used for
anything anymore so testing them serves no purpose!

Reported-by: Marc Hörsken
Fixes #6080
Closes #6081
2020-10-15 07:56:19 +02:00
Jay Satiro
a326877981
strerror: Revert to local codepage for Windows error string
- Change get_winapi_error() to return the error string in the local
  codepage instead of UTF-8 encoding.

Two weeks ago bed5f84 fixed get_winapi_error() to work on xbox, but it
also changed the error string's encoding from local codepage to UTF-8.

We return the local codepage version of the error string because if it
is output to the user's terminal it will likely be with functions which
expect the local codepage (eg fprintf, failf, infof).

This is essentially a partial revert of bed5f84. The support for xbox
remains but the error string is reverted back to local codepage.

Ref: https://github.com/curl/curl/pull/6005

Reviewed-by: Marcel Raad
Closes #6065
2020-10-13 14:17:27 +02:00
Viktor Szakats
d707a9fa64
windows: fix comparison of mismatched types warning
clang 10, mingw-w64:
```
vtls/openssl.c:2917:33: warning: comparison of integers of different signs: 'DWORD' (aka 'unsigned long') and 'HRESULT' (aka 'long')
      [-Wsign-compare]
              if(GetLastError() != CRYPT_E_NOT_FOUND)
                 ~~~~~~~~~~~~~~ ^  ~~~~~~~~~~~~~~~~~
```

Approved-by: Daniel Stenberg
Closes #6062
2020-10-12 10:18:53 +00:00
Daniel Stenberg
7d8c89d47b
checksrc: detect // comments on column 0
Spotted while working on #6045

Closes #6048
2020-10-07 10:14:50 +02:00
Frederik Wedel-Heinen
bc5455fa74
mbedtls: add missing header when defining MBEDTLS_DEBUG
Closes #6045
2020-10-07 09:15:39 +02:00
Daniel Stenberg
6497ed45bd
ldap: reduce the amount of #ifdefs needed
Closes #6035
2020-10-03 22:49:39 +02:00
Daniel Stenberg
26a7d51c21
checksrc: warn on space after exclamation mark
Closes #6034
2020-10-02 16:35:53 +02:00
Jay Satiro
9a13f7c2a7 strerror: fix null deref on winapi out-of-memory
Follow-up to bed5f84 from several days ago.

Ref: https://github.com/curl/curl/pull/6005
2020-10-01 13:34:59 -04:00
Kamil Dudka
7920be9473
vtls: deduplicate some DISABLE_PROXY ifdefs
... in the code of gtls, nss, and openssl

Closes #5735
2020-10-01 16:36:24 +02:00
Daniel Stenberg
c8204ed6a2
configure: don't say HTTPS-proxy is enabled when disabled!
Reported-by: Kamil Dudka
Reviewed-by: Kamil Dudka
Bug: https://github.com/curl/curl/pull/5735#issuecomment-701376388
Closes #6029
2020-09-30 22:43:43 +02:00
Daniel Gustafsson
2aac895fb6 src: Consistently spell whitespace without whitespace
Whitespace is spelled without a space between white and space, so
make sure to consistently spell it that way across the codebase.

Closes #6023
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Emil Engler <me@emilengler.com>
2020-09-30 21:10:14 +02:00
Daniel Stenberg
b312e3238f
sectransp: make it build with --disable-proxy
Follow-up from #5466 and f3d501dc67
Reported-by: Javier Navarro
Fixes #6025
Closes #6026
2020-09-30 10:32:17 +02:00
Daniel Stenberg
edfb6168e9
libssh2: handle the SSH protocols done over HTTPS proxy
Reported-by: Robin Douine
Fixes #4295
Closes #6021
2020-09-29 07:50:07 +02:00
Emil Engler
82d66f1582
memdebug: remove 9 year old unused debug function
There used to be a way to have memdebug fill allocated memory. 9 years
later this has no value there (valgrind and ASAN etc are way better). If
people need to know about it they can have a look at VCS logs.

Closes #5973
2020-09-28 22:15:21 +02:00
Daniel Stenberg
a87cca7b1c
sendf: move Curl_sendf to dict.c and make it static
... as the only remaining user of that function. Also fix gopher.c to
instead use Curl_write()

Closes #6020
2020-09-28 17:05:53 +02:00
Daniel Stenberg
abeeffb11c
schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root
This matches what is returned in other TLS backends in the same
situation.

Reviewed-by: Jay Satiro
Reviewed-by: Emil Engler
Follow-up to 5a3efb1
Reported-by: iammrtau on github
Fixes #6003
Closes #6018
2020-09-28 10:41:51 +02:00
Daniel Stenberg
4a4c724599
ftp: make a 552 response return CURLE_REMOTE_DISK_FULL
Added test 348 to verify. Added a 'STOR' command to the test FTP
server to enable test 348. Documented the command in FILEFORMAT.md

Reported-by: Duncan Wilcox
Fixes #6016
Closes #6017
2020-09-26 13:37:15 +02:00
Daniel Stenberg
7772344e17
pause: only trigger a reread if the unpause sticks
As an unpause might itself get paused again and then triggering another
reread doesn't help.

Follow-up from e040146f22 (shipped since 7.69.1)

Bug: https://curl.haxx.se/mail/lib-2020-09/0081.html
Patch-by: Kunal Chandarana
Fixes #5988
Closes #6013
2020-09-25 15:18:10 +02:00
Daniel Stenberg
3d60a22390
ngtcp2: adapt to new NGTCP2_PROTO_VER_MAX define
Closes #6012
2020-09-25 08:59:43 +02:00
Javier Blazquez
bed5f8454a
strerror: honor Unicode API choice on Windows
Closes #6005
2020-09-25 08:55:35 +02:00
Daniel Stenberg
c4693adc62
imap: make imap_send use dynbuf for the send buffer management
Reuses the buffer and thereby reduces number of mallocs over a transfer.

Closes #6010
2020-09-25 08:35:01 +02:00
Daniel Stenberg
92a9b88ebf
Curl_send: return error when pre_receive_plain can't malloc
... will probably trigger some false DEAD CODE positives on non-windows
code analyzers for the conditional code.

Closes #6011
2020-09-25 08:31:52 +02:00
Daniel Stenberg
1397a7de6e
ftp: separate FTPS from FTP over "HTTPS proxy"
When using HTTPS proxy, SSL is used but not in the view of the FTP
protocol handler itself so separate the connection's use of SSL from the
FTP control connection's sue.

Reported-by: Mingtao Yang
Fixes #5523
Closes #6006
2020-09-24 14:09:20 +02:00
Daniel Stenberg
675eeb1c94
pingpong: use a dynbuf for the *_pp_sendf() function
... reuses the same dynamic buffer instead of doing repeated malloc/free
cycles.

Test case 100 (FTP dir list PASV) does 7 fewer memory allocation calls
after this change in my test setup (132 => 125), curl 7.72.0 needed 140
calls for this.

Test case 103 makes 9 less allocations now (130). Down from 149 in
7.72.0.

Closes #6004
2020-09-23 15:14:09 +02:00
Daniel Stenberg
f74afa40f8
dynbuf: add Curl_dyn_vaddf
Closes #6004
2020-09-23 15:13:46 +02:00
Daniel Stenberg
7e8561e030
dynbuf: make *addf() not require extra mallocs
... by introducing a printf() function that appends directly into a
dynbuf: Curl_dyn_vprintf(). This avoids the mandatory extra malloc so if
the buffer is already big enough it can just printf directly into it.

Since this less-malloc version requires tthe use of a library internal
printf function, we only provide this version when building libcurl and
not for the dynbuf code that is used when building the curl tool.

Closes #5998
2020-09-23 08:54:42 +02:00
Daniel Stenberg
0548ecaf6a
pingpong: remove a malloc per Curl_pp_vsendf call
This typically makes 7-9 fewer mallocs per FTP transfer.

Closes #5997
2020-09-22 23:13:26 +02:00
Daniel Stenberg
3d64031fa7
symbian: drop support
The OS is deprecated. I see no traces of anyone having actually built
curl for Symbian after 2012.

The public headers are unmodified.

Closes #5989
2020-09-22 15:14:12 +02:00
Daniel Stenberg
1ee289f7b5
curl_krb5.h: rename from krb5.h
Follow-up from f4873ebd0b

Turns out some older openssl installations go bananas otherwise.
Reported-by: Tom van der Woerdt
Fixes #5995
Closes #5996
2020-09-22 13:46:22 +02:00
Daniel Stenberg
e5803089a9
http_proxy: do not count proxy headers in the header bytecount
... as that counter is subsequently used to detect if nothing was
returned from the peer. This made curl return CURLE_OK when it should
have returned CURLE_GOT_NOTHING.

Fixes #5992
Reported-by: Tom van der Woerdt
Closes #5994
2020-09-22 10:54:34 +02:00
Daniel Stenberg
a8e08a87df
setopt: return CURLE_BAD_FUNCTION_ARGUMENT on bad argument
Fixed two return code mixups. CURLE_UNKNOWN_OPTION is saved for when the
option is, yeah, not known. Clarified this in the setopt man page too.

Closes #5993
2020-09-22 09:04:13 +02:00
Daniel Stenberg
f4873ebd0b
krb5: merged security.c and krb specific FTP functions in here
These two files were always tightly connected and it was hard to
understand what went into which. This also allows us to make the
ftpsend() function static (moved from ftp.c).

Removed security.c
Renamed curl_sec.h to krb5.h

Closes #5987
2020-09-21 23:31:39 +02:00
Daniel Stenberg
6434a73984
Curl_handler: add 'family' to each protocol
Makes get_protocol_family() faster and it moves the knowledge about the
"families" to each protocol handler, where it belongs.

Closes #5986
2020-09-21 23:30:16 +02:00
Daniel Stenberg
2e645e21de
parsedate: tune the date to epoch conversion
By avoiding an unnecessary error check and the temp use of the tm
struct, the time2epoch conversion function gets a little bit faster.
When repeating test 517, the updated version is perhaps 1% faster (on
one particular build on one particular architecture).

Closes #5985
2020-09-21 16:46:41 +02:00
Daniel Stenberg
3d8731c8f5
ftp: avoid risk of reading uninitialized integers
If the received PASV response doesn't match the expected pattern, we
could end up reading uninitialized integers for IP address and port
number.

Issue pointed out by muse.dev
Closes #5972
2020-09-18 08:26:49 +02:00
Quentin Balland
7921b41ce1
easy_reset: clear retry counter
Closes #5975
Fixes #5974
2020-09-18 07:59:24 +02:00
Daniel Stenberg
cc372af1e9
ftp: get rid of the PPSENDF macro
The use of such a macro hides some of what's actually going on to the
reader and is generally disapproved of in the project.

Closes #5971
2020-09-18 07:56:16 +02:00
Emil Engler
c0f0e400e0
urlapi: use more Curl_safefree
Closes #5968
2020-09-17 09:44:36 +02:00
Marc Hoersken
1060955a61
multi: align WinSock mask variables in Curl_multi_wait
Also skip pre-checking sockets to set timeout_ms to 0
after the first socket has been detected to be ready.

Reviewed-by: rcombs on github
Reviewed-by: Daniel Stenberg

Follow up to #5886
2020-09-17 07:41:14 +02:00
Marc Hoersken
40d67da7ca
multi: reuse WinSock events variable in Curl_multi_wait
Since the struct is quite large (1 long and 10 ints) we
declare it once at the beginning of the function instead
of multiple times inside loops to avoid stack movements.

Reviewed-by: Viktor Szakats
Reviewed-by: Daniel Stenberg

Closes #5886
2020-09-17 07:40:49 +02:00
Gergely Nagy
182ff2d63c
vtls: deduplicate client certificates in ssl_config_data
Closes #5629
2020-09-14 12:56:47 +02:00
Daniel Stenberg
7ea2e1d0c5
ftp: a 550 response to SIZE returns CURLE_REMOTE_FILE_NOT_FOUND
This is primarily interesting for cases where CURLOPT_NOBODY is set as
previously curl would not return an error for this case.

MDTM getting 550 now also returns this error (it returned
CURLE_FTP_COULDNT_RETR_FILE before) in order to unify return codes for
missing files across protocols and specific FTP commands.

libcurl already returns error on a 550 as a MDTM response (when
CURLOPT_FILETIME is set). If CURLOPT_NOBODY is not set, an error would
happen subsequently anyway since the RETR command would fail.

Add test 1913 and 1914 to verify. Updated several tests accordingly due
to the updated SIZE behavior.

Reported-by: Tomas Berger
Fixes #5953
Closes #5957
2020-09-14 12:53:12 +02:00
Antarpreet Singh
da5ae38db0
imap: set cselect_bits to CURL_CSELECT_IN initially
... when continuing a transfer from a FETCH response.

When the size of the file was small enough that the entirety of the
transfer happens in a single go and schannel buffers holds the entire
data. However, it wasn't completely read in Curl_pp_readresp since a
line break was found before that could happen. So, by the time we are in
imap_state_fetch_resp - there's data in buffers that needs to be read
via Curl_read but nothing to read from the socket. After we setup a
transfer (Curl_setup_transfer), curl just waits on the socket state to
change - which doesn't happen since no new data ever comes.

Closes #5961
2020-09-14 12:29:44 +02:00
Daniel Stenberg
c4ea71ae32
dynbuf: provide curlx_ names for reuse by the curl tool
Closes #5946
2020-09-14 08:32:35 +02:00
Daniel Stenberg
9fffe925d2
dynbuf: make sure Curl_dyn_tail() zero terminates
Closes #5959
2020-09-14 08:29:46 +02:00
Laramie Leavitt
25a25f45ae
http: consolidate nghttp2_session_mem_recv() call paths
Previously there were several locations that called
nghttp2_session_mem_recv and handled responses slightly differently.
Those have been converted to call the existing
h2_process_pending_input() function.

Moved the end-of-session check to h2_process_pending_input() since the
only place the end-of-session state can change is after nghttp2
processes additional input frames.

This will likely fix the fuzzing error. While I don't have a root cause
the out-of-bounds read seems like a use after free, so moving the
nghttp2_session_check_request_allowed() call to a location with a
guaranteed nghttp2 session seems reasonable.

Also updated a few nghttp2 callsites to include error messages and added
a few additional error checks.

Closes #5648
2020-09-10 17:43:47 +02:00
Daniel Stenberg
11ab0ad60f
base64: also build for pop3 and imap
Follow-up to the fix in 20417a13fb

Reported-by: Michael Olbrich
Fixes #5937
Closes #5948
2020-09-10 08:50:04 +02:00
Daniel Stenberg
20417a13fb
base64: enable in build with SMTP
The oauth2 support is used with SMTP and it uses base64 functions.

Reported-by: Michael Olbrich
Fixes #5937
Closes #5938
2020-09-09 09:23:06 +02:00
Daniel Stenberg
17fcdf6a31
lib: fix -Wassign-enum warnings
configure --enable-debug now enables -Wassign-enum with clang,
identifying several enum "abuses" also fixed.

Reported-by: Gisle Vanem
Bug: 879007f811 (commitcomment-42087553)

Closes #5929
2020-09-08 13:53:02 +02:00
Diven Qi
3532262edd
url: use blank credentials when using proxy w/o username and password
Fixes proxy regression brought in commit ad829b21ae (7.71.0)

Fixed #5911
Closes #5914
2020-09-08 00:48:09 +02:00
Daniel Stenberg
6d946ad9fe
openssl: consider ALERT_CERTIFICATE_EXPIRED a failed verification
If the error reason from the lib is
SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED, libcurl will return
CURLE_PEER_FAILED_VERIFICATION and not CURLE_SSL_CONNECT_ERROR.

This unifies the libcurl return code and makes libressl run test 313
(CRL testing) fine.

Closes #5934
2020-09-07 17:26:27 +02:00
Daniel Stenberg
f93455eb04
altsvc: clone setting in curl_easy_duphandle
The cache content is not duplicated, like other caches, but the setting
and specified file name are.

Test 1908 is extended to verify this somewhat. Since the duplicated
handle gets the same file name, the test unfortunately overwrites the
same file twice (with different contents) which makes it hard to check
automatically.

Closes #5923
2020-09-06 09:54:54 +02:00
Daniel Stenberg
bbf8cae44d
build: drop support for building with Watcom
These files are not maintained, they seem to have no users, Watcom
compilers look like not having users nor releases anymore.

Closes #5918
2020-09-05 21:51:37 +02:00
Daniel Stenberg
879007f811
easygetopt: pass a valid enum to avoid compiler warning
"integer constant not in range of enumerated type 'CURLoption'"

Reported-by: Gisle Vanem
Bug: 6ebe63fac2 (commitcomment-42042843)

Closes #5915
2020-09-05 14:44:11 +02:00
ihsinme
d1d3105317
connect.c: remove superfluous 'else' in Curl_getconnectinfo
Closes #5912
2020-09-04 13:31:51 +02:00
cbe
a27af8b510
libssh2: pass on the error from ssh_force_knownhost_key_type
Closes #5909
2020-09-03 18:02:27 +02:00
Martin Bašti
3eff1c5092
http_proxy: do not crash with HTTPS_PROXY and NO_PROXY set
... in case NO_PROXY takes an effect

Without this patch, the following command crashes:

    $ GIT_CURL_VERBOSE=1 NO_PROXY=github.com HTTPS_PROXY=https://example.com \
        git clone https://github.com/curl/curl.git

Minimal libcurl-based reproducer:

    #include <curl/curl.h>

    int main() {
      CURL *curl = curl_easy_init();
      if(curl) {
        CURLcode ret;
        curl_easy_setopt(curl, CURLOPT_URL, "https://github.com/");
        curl_easy_setopt(curl, CURLOPT_PROXY, "example.com");
        /* set the proxy type */
        curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_HTTPS);
        curl_easy_setopt(curl, CURLOPT_NOPROXY, "github.com");
        curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
        ret = curl_easy_perform(curl);
        curl_easy_cleanup(curl);
        return ret;
      }
      return -1;
    }

Assisted-by: Kamil Dudka
Bug: https://bugzilla.redhat.com/1873327
Closes #5902
2020-09-03 08:01:56 +02:00
Daniel Stenberg
b3fbb2fb9d
openssl: avoid error conditions when importing native CA
The code section that is OpenSSL 3+ specific now uses the same logic as
is used in the version < 3 section. It caused a compiler error without
it.

Closes #5907
2020-09-02 22:47:52 +02:00
Daniel Stenberg
dd51f04b11
setopt: avoid curl_ on local variable
Closes #5906
2020-09-02 22:41:59 +02:00
Daniel Stenberg
5507a6ae41
mqtt.c: avoid curl_ prefix on local variable
Closes #5906
2020-09-02 22:41:59 +02:00
Daniel Stenberg
c26446ff5e
wildcard: strip "curl_" prefix from private symbols
Closes #5906
2020-09-02 22:41:59 +02:00
Daniel Stenberg
3acb2abdf5
vtls: make it 'struct Curl_ssl_session'
Use uppercase C for internal symbols.

Closes #5906
2020-09-02 22:41:59 +02:00
Daniel Stenberg
221a584df9
curl_threads: make it 'struct Curl_actual_call'
Internal names should not be prefixed "curl_"

Closes #5906
2020-09-02 22:41:59 +02:00
Daniel Stenberg
add7022666
schannel: make it 'struct Curl_schannel*'
As internal global names should use captical C.

Closes #5906
2020-09-02 22:41:59 +02:00