1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-15 14:05:03 -05:00
Commit Graph

9511 Commits

Author SHA1 Message Date
Ryan Winograd
43d036e724
progress: Track total times following redirects
Update the progress timers `t_nslookup`, `t_connect`, `t_appconnect`,
`t_pretransfer`, and `t_starttransfer` to track the total times for
these activities when a redirect is followed. Previously, only the times
for the most recent request would be tracked.

Related changes:

  - Rename `Curl_pgrsResetTimesSizes` to `Curl_pgrsResetTransferSizes`
    now that the function only resets transfer sizes and no longer
    modifies any of the progress timers.

  - Add a bool to the `Progress` struct that is used to prevent
    double-counting `t_starttransfer` times.

Added test case 1399.

Fixes #522 and Known Bug 1.8
Closes #1602
Reported-by: joshhe on github
2017-08-15 18:58:31 +02:00
Benbuck Nason
0969901eb9
cmake: remove dead code for CURL_DISABLE_RTMP
Closes #1785
2017-08-15 18:50:21 +02:00
Daniel Stenberg
ff50fe0348
strtoofft: reduce integer overflow risks globally
... make sure we bail out on overflows.

Reported-by: Brian Carpenter
Closes #1758
2017-08-14 23:33:41 +02:00
Daniel Stenberg
b748d7af7e
ipv6_scope: support unique local addresses
Fixes #1764
Closes #1773
Reported-by: James Slaughter
2017-08-13 17:52:15 +02:00
Salah-Eddin Shaban
d6ecb2c851
redirect: skip URL encoding for host names
This fixes redirects to IDN URLs

Fixes #1441
Closes #1762
Reported by: David Lord
2017-08-13 00:03:54 +02:00
Daniel Stenberg
7973baacea
bagder/Curl_tvdiff_us: fix the math
Regression since adef394ac5 (released in 7.55.0)

Reported-by: Han Qiao
Fixes #1769
Closes #1771
2017-08-12 17:25:50 +02:00
Even Rouault
6e0e152ce5
parse_proxy(): fix memory leak in case of invalid proxy server name
Fixes the below leak:

$ valgrind --leak-check=full ~/install-curl-git/bin/curl --proxy "http://a:b@/x" http://127.0.0.1
curl: (5) Couldn't resolve proxy name
==5048==
==5048== HEAP SUMMARY:
==5048==     in use at exit: 532 bytes in 12 blocks
==5048==   total heap usage: 5,288 allocs, 5,276 frees, 445,271 bytes allocated
==5048==
==5048== 2 bytes in 1 blocks are definitely lost in loss record 1 of 12
==5048==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5048==    by 0x4E6CB79: parse_login_details (url.c:5614)
==5048==    by 0x4E6BA82: parse_proxy (url.c:5091)
==5048==    by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346)
==5048==    by 0x4E6EA18: create_conn (url.c:6498)
==5048==    by 0x4E6F9B4: Curl_connect (url.c:6967)
==5048==    by 0x4E86D05: multi_runsingle (multi.c:1436)
==5048==    by 0x4E88432: curl_multi_perform (multi.c:2160)
==5048==    by 0x4E7C515: easy_transfer (easy.c:708)
==5048==    by 0x4E7C74A: easy_perform (easy.c:794)
==5048==    by 0x4E7C7B1: curl_easy_perform (easy.c:813)
==5048==    by 0x414025: operate_do (tool_operate.c:1563)
==5048==
==5048== 2 bytes in 1 blocks are definitely lost in loss record 2 of 12
==5048==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5048==    by 0x4E6CBB6: parse_login_details (url.c:5621)
==5048==    by 0x4E6BA82: parse_proxy (url.c:5091)
==5048==    by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346)
==5048==    by 0x4E6EA18: create_conn (url.c:6498)
==5048==    by 0x4E6F9B4: Curl_connect (url.c:6967)
==5048==    by 0x4E86D05: multi_runsingle (multi.c:1436)
==5048==    by 0x4E88432: curl_multi_perform (multi.c:2160)
==5048==    by 0x4E7C515: easy_transfer (easy.c:708)
==5048==    by 0x4E7C74A: easy_perform (easy.c:794)
==5048==    by 0x4E7C7B1: curl_easy_perform (easy.c:813)
==5048==    by 0x414025: operate_do (tool_operate.c:1563)

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2984
Credit to OSS Fuzz for discovery

Closes #1761
2017-08-11 11:52:56 +02:00
Daniel Stenberg
fd07ca1e20
openssl: fix "error: this statement may fall through"
A gcc7 warning.
2017-08-11 08:16:17 +02:00
David Benjamin
f26f6d258f
openssl: remove CONST_ASN1_BIT_STRING.
Just making the pointer as const works for the pre-1.1.0 path too.

Closes #1759
2017-08-11 08:15:58 +02:00
Jay Satiro
0b5665c98a digest_sspi: Don't reuse context if the user/passwd has changed
Bug: https://github.com/curl/curl/issues/1685
Reported-by: paulharris@users.noreply.github.com

Assisted-by: Isaac Boukris

Closes https://github.com/curl/curl/pull/1742
2017-08-10 01:40:05 -04:00
Viktor Szakats
13ef623a81
docs/comments: Update to secure URL versions
Closes #1741
2017-08-08 21:41:07 +02:00
Daniel Stenberg
358b2b131a tftp: reject file name lengths that don't fit
... and thereby avoid telling send() to send off more bytes than the
size of the buffer!

CVE-2017-1000100

Bug: https://curl.haxx.se/docs/adv_20170809B.html
Reported-by: Even Rouault

Credit to OSS-Fuzz for the discovery
2017-08-07 09:24:30 +02:00
Even Rouault
c9332fa5e8 file: output the correct buffer to the user
Regression brought by 7c312f84ea (April 2017)

CVE-2017-1000099

Bug: https://curl.haxx.se/docs/adv_20170809C.html

Credit to OSS-Fuzz for the discovery
2017-08-07 09:24:30 +02:00
Daniel Stenberg
fa48987356
easy_events: make event data static
First: this function is only used in debug-builds and not in
release/real builds. It is used to drive tests using the event-based
API.

A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the
CURLMOPT_TIMERFUNCTION calback can in fact be called even after this
funtion returns, namely when curl_multi_remove_handle() is called.

Reported-by: Brian Carpenter
2017-08-06 23:42:50 +02:00
Isaac Boukris
0b11660234
gssapi: fix memory leak of output token in multi round context
When multiple rounds are needed to establish a security context
(usually ntlm), we overwrite old token with a new one without free.
Found by proposed gss tests using stub a gss implementation (by
valgrind error), though I have confirmed the leak with a real
gssapi implementation as well.

Closes https://github.com/curl/curl/pull/1733
2017-08-05 00:23:24 +02:00
Marcel Raad
61046e7bd5
darwinssl: fix compiler warning
clang complains:
vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive
[-Werror,-Wextra-tokens]

This breaks the darwinssl build on Travis. Fix it by making this token
a comment.

Closes https://github.com/curl/curl/pull/1734
2017-08-05 00:11:01 +02:00
Daniel Stenberg
2ccd65af3b FTP: skip unnecessary CWD when in nocwd mode
... when reusing a connection. If it didn't do any CWD previously.

Fixes #1718
2017-08-04 10:01:23 +02:00
Daniel Stenberg
af271ce9b9 darwin: silence compiler warnings
With a clang pragma and three type fixes

Fixes #1722
2017-08-04 00:07:02 +02:00
Daniel Stenberg
fa2f134cbd darwinssl: fix curlssl_sha256sum() compiler warnings on first argument 2017-08-03 10:24:06 +02:00
Gisle Vanem
a8e1c2e466 netrc: skip lines starting with '#'
Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html
2017-08-03 10:04:16 +02:00
Marcel Raad
866e02935d
CMake: set MSVC warning level to 4
The MSVC warning level defaults to 3 in CMake. Change it to 4, which is
consistent with the Visual Studio and NMake builds. Disable level 4
warning C4127 for the library and additionally C4306 for the test
servers to get a clean CURL_WERROR build as that warning is raised in
some macros in older Visual Studio versions.

Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794
Closes https://github.com/curl/curl/pull/1711
2017-08-03 08:39:23 +02:00
Marcel Raad
0139545607
curl_threads: fix MSVC compiler warning
Use LongToHandle to convert from long to HANDLE in the Win32
implementation.
This should fix the following warning when compiling with
MSVC 11 (2012) in 64-bit mode:
lib\curl_threads.c(113): warning C4306:
'type cast' : conversion from 'long' to 'HANDLE' of greater size

Closes https://github.com/curl/curl/pull/1717
2017-08-01 17:22:30 +02:00
Brad Spencer
164a09368d multi: fix request timer management
There are some bugs in how timers are managed for a single easy handle
that causes the wrong "next timeout" value to be reported to the
application when a new minimum needs to be recomputed and that new
minimum should be an existing timer that isn't currently set for the
easy handle.  When the application drives a set of easy handles via the
`curl_multi_socket_action()` API (for example), it gets told to wait the
wrong amount of time before the next call, which causes requests to
linger for a long time (or, it is my guess, possibly forever).

Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html
2017-08-01 13:39:38 +02:00
Jay Satiro
53d137d94a curl_setup: Define CURL_NO_OLDIES for building libcurl
.. to catch accidental use of deprecated error codes.

Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237
2017-08-01 02:56:48 -04:00
Daniel Stenberg
909283ae5a http: fix response code parser to avoid integer overflow
test 1429 and 1433 were updated to work with the stricter HTTP status line
parser.

Closes #1714
Reported-by: Brian Carpenter
2017-07-31 18:37:43 +02:00
Dwarakanath Yadavalli
512f8c774a libcurl: Stop using error codes defined under CURL_NO_OLDIES
Fixes https://github.com/curl/curl/issues/1688
Closes https://github.com/curl/curl/pull/1712
2017-07-31 02:59:05 -04:00
Jay Satiro
f8614af527 splay: fix signed/unsigned mismatch warning
Follow-up to 4dee50b.

Ref: https://github.com/curl/curl/pull/1693
2017-07-29 01:13:42 -04:00
Johannes Schindelin
1cfa4cd427 curl_rtmp: fix a compiler warning
The headers of librtmp declare the socket as `int`, and on Windows, that
disagrees with curl_socket_t.

Bug: #1652

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-07-28 16:41:29 +02:00
Daniel Stenberg
4dee50b9c8 timeval: struct curltime is a struct timeval replacement
... to make all libcurl internals able to use the same data types for
the struct members. The timeval struct differs subtly on several
platforms so it makes it cumbersome to use everywhere.

Ref: #1652
Closes #1693
2017-07-28 15:51:25 +02:00
Daniel Stenberg
7551e55d66 darwinssl: fix variable type mistake (regression)
... which made --tlsv1.2 not work because it would blank the max tls
version variable.

Reported-by: Nick Miyake
Bug: #1703
2017-07-27 18:30:11 +02:00
Daniel Stenberg
02c7a2ccab multi: mention integer overflow risk if using > 500 million sockets
Reported-by: ovidiu-benea@users.noreply.github.com

Closes #1675
Closes #1683
2017-07-27 01:13:47 +02:00
Daniel Stenberg
60cf84f7f2 checksrc: escape open brace in regex
... to silence warning.
2017-07-27 01:13:19 +02:00
Kamil Dudka
42a4cd4c78 nss: fix a possible use-after-free in SelectClientCert()
... causing a SIGSEGV in showit() in case the handle used to initiate
the connection has already been freed.

This commit fixes a bug introduced in curl-7_19_5-204-g5f0cae803.

Reported-by: Rob Sanders
Bug: https://bugzilla.redhat.com/1436158
2017-07-20 08:09:01 +02:00
Kamil Dudka
c89eb6d0f8 nss: unify the coding style of nss_send() and nss_recv()
No changes in behavior intended by this commit.
2017-07-20 08:08:47 +02:00
Jay Satiro
798ad5d924 darwinssl: fix pinnedpubkey build error
- s/SessionHandle/Curl_easy/

Bug: https://github.com/curl/curl/commit/eb16305#commitcomment-23035670
Reported-by: Gisle Vanem
2017-07-17 02:46:07 -04:00
Marcel Raad
ef5cac3d8c
build: remove WIN32_LEAN_AND_MEAN from individual build systems
It's defined for all build systems in curl_setup.h since commit
beb08481d0. This caused macro
redefinition warnings in the configure builds.

Closes https://github.com/curl/curl/pull/1677
2017-07-11 18:16:23 +02:00
Marcel Raad
beb08481d0
curl_setup: always define WIN32_LEAN_AND_MEAN on Windows
Make sure to always define WIN32_LEAN_AND_MEAN before including any
Windows headers to avoid pulling in unnecessary headers. This avoids
unnecessary macro clashes and compiler warnings.

Ref: https://github.com/curl/curl/issues/1562
Closes https://github.com/curl/curl/pull/1672
2017-07-11 11:57:00 +02:00
Jay Satiro
c5e87fdb7a strerror: Preserve Windows error code in some functions
This is a follow-up to af02162 which removed (SET_)ERRNO macros. That
commit was an earlier draft that I committed by mistake, which was then
remedied by a5834e5 and e909de6, and now this commit. With this commit
there is now no difference between the current code and the changes that
were approved in the final draft.

Thanks-to: Max Dymond, Marcel Raad, Daniel Stenberg, Gisle Vanem
Ref: https://github.com/curl/curl/pull/1589
2017-07-11 01:53:23 -04:00
Daniel Stenberg
a5834e525d errno: fix non-windows builds after af0216251b 2017-07-10 13:59:05 +02:00
Marcel Raad
b54e0babd7
ldap: fix MinGW compiler warning
ldap_bind_s is marked as deprecated in w32api's winldap.h shipping with
the latest original MinGW, resulting in compiler warnings since commit
f0fe66f13c. Fix this for the non-SSPI
case by using ldap_simple_bind_s again instead of ldap_bind_s with
LDAP_AUTH_SIMPLE.

Closes https://github.com/curl/curl/pull/1664
2017-07-10 10:22:34 +02:00
Jay Satiro
af0216251b curl_setup_once: Remove ERRNO/SET_ERRNO macros
Prior to this change (SET_)ERRNO mapped to GetLastError/SetLastError
for Win32 and regular errno otherwise.

I reviewed the code and found no justifiable reason for conflating errno
on WIN32 with GetLastError/SetLastError. All Win32 CRTs support errno,
and any Win32 multithreaded CRT supports thread-local errno.

Fixes https://github.com/curl/curl/issues/895
Closes https://github.com/curl/curl/pull/1589
2017-07-10 02:09:27 -04:00
Marcel Raad
59a0fb2439
smb: rename variable to fix shadowing warning
GCC 4.6.3 on travis complains:
smb.c: In function ‘get_posix_time’:
smb.c:725:13: error: declaration of ‘time’ shadows a global declaration
[-Werror=shadow]

Fix this by renaming the variable.
2017-07-09 14:42:13 +02:00
Paul Harris
45f39945ec cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC
Removes BUILD_RELEASE_DEBUG_DIRS since it wasn't used anywhere.

Closes #1649
2017-07-07 14:29:26 +02:00
Gisle Vanem
0cec0f4615 memdebug: don't setbuf() if the file open failed
Bug: https://github.com/curl/curl/issues/828#issuecomment-313475151
2017-07-06 23:15:00 +02:00
Daniel Stenberg
6b0aa00abb asyn-thread.c: fix unused variable warnings on macOS 2017-07-06 11:49:50 +02:00
Daniel Stenberg
b22f93dbb8 http: s/TINY_INITIAL_POST_SIZE/EXPECT_100_THRESHOLD
Make the name reflect its use better, and add a short comment describing
what it's for.
2017-07-06 11:20:57 +02:00
Daniel Stenberg
7e21e5fd0c select.h: avoid macro redefinition harder
... by checking the POLLIN define, as the header file checks don't work
on Windows.
2017-07-05 13:28:28 +02:00
Daniel Stenberg
21e0705734 inet_pton: fix include on windows to get prototype
inet_pton() exists on Windows and gets used by our cmake builds. Make
sure the correct header file is included to avoid compiler warnings.

Closes #1639
2017-07-05 13:28:19 +02:00
Gisle Vanem
596cfb6c0a smb: add support for CURLOPT_FILETIME
Bug: https://curl.haxx.se/mail/lib-2017-07/0005.html

Closes #1643
2017-07-04 23:12:57 +02:00
Gisle Vanem
f8dba473a8 smb: fix build for djgpp/MSDOS
bug: https://curl.haxx.se/mail/lib-2017-07/0005.html
2017-07-04 15:42:55 +02:00
Daniel Stenberg
909a5bee81 configure: remove checks for 5 functions never used
fork, getprotobyname, inet_addr, perror, uname

closes #1638
2017-07-04 11:32:25 +02:00
Martin Kepplinger
f50124f566 timeval.c: Use long long constant type for timeval assignment
On a 64 bit host, sparse says:

timeval.c:148:15: warning: constant 0x7fffffffffffffff is so big it is long
timeval.c:149:12: warning: constant 0x7fffffffffffffff is so big it is long

so let's use long long constant types in order to prevent undesired overflow
failures.

Bug: https://curl.haxx.se/mail/lib-2017-07/0003.html

Closes #1636

Signed-off-by: Martin Kepplinger <martink@posteo.de>
2017-07-04 07:59:21 +02:00
Daniel Stenberg
b3786f61dc url: make the original string get used on subsequent transfers
... since CURLOPT_URL should follow the same rules as other options:
they remain set until changed or cleared.

Added test 1551 to verify.

Fixes #1631
Closes #1632
Reported-by: Pavel Rochnyak
2017-07-03 23:52:10 +02:00
Johannes Schindelin
c0cdc68c7e gtls: fix build when sizeof(long) < sizeof(void *)
- Change gnutls pointer/int macros to pointer/curl_socket_t.
  Prior to this change they used long type as well.

The size of the `long` data type can be shorter than that of pointer
types. This is the case most notably on Windows.

If C99 were acceptable, we could simply use `intptr_t` here. But we
want to retain C89 compatibility.

Simply use the trick of performing pointer arithmetic with the NULL
pointer: to convert an integer `i` to a pointer, simply take the
address of the `i`th element of a hypothetical character array
starting at address NULL. To convert back, simply cast the pointer
difference.

Thanks to Jay Satiro for the initial modification to use curl_socket_t
instead of int/long.

Closes #1617

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-07-03 15:45:25 +02:00
Max Dymond
c98e97e9c3 http2: handle PING frames
Add a connection check function to HTTP2 based off RTSP. This causes
PINGs to be handled the next time the connection is reused.

Closes #1521
2017-06-30 10:27:41 +02:00
Max Dymond
c75f63d7c4 handler: refactor connection checking
Add a new type of callback to Curl_handler which performs checks on
the connection. Alter RTSP so that it uses this callback to do its
own check on connection health.
2017-06-30 10:17:27 +02:00
dmitrykos
192877058e openssl: improve fallback seed of PRNG with a time based hash
Fixes #1620
2017-06-30 09:21:03 +02:00
Ryan Winograd
f8f040e659 progress: prevent resetting t_starttransfer
Prevent `Curl_pgrsTime` from modifying `t_starttransfer` when invoked
with `TIMER_STARTTRANSFER` more than once during a single request.

When a redirect occurs, this is considered a new request and
`t_starttransfer` can be updated to reflect the `t_starttransfer` time
of the redirect request.

Closes #1616

Bug: https://github.com/curl/curl/pull/1602#issuecomment-310267370
2017-06-30 09:05:53 +02:00
Kamil Dudka
8924f58c37 CURLOPT_SOCKS5_AUTH: allowed methods for SOCKS5 proxy auth
If libcurl was built with GSS-API support, it unconditionally advertised
GSS-API authentication while connecting to a SOCKS5 proxy.  This caused
problems in environments with improperly configured Kerberos: a stock
libcurl failed to connect, despite libcurl built without GSS-API
connected fine using username and password.

This commit introduces the CURLOPT_SOCKS5_AUTH option to control the
allowed methods for SOCKS5 authentication at run time.

Note that a new option was preferred over reusing CURLOPT_PROXYAUTH
for compatibility reasons because the set of authentication methods
allowed by default was different for HTTP and SOCKS5 proxies.

Bug: https://curl.haxx.se/mail/lib-2017-01/0005.html
Closes https://github.com/curl/curl/pull/1454
2017-06-28 08:02:58 +02:00
Kamil Dudka
cd1c9f0807 socks: deduplicate the code for auth request 2017-06-28 07:48:34 +02:00
Kamil Dudka
641072b919 socks: use proxy_user instead of proxy_name
... to make it obvious what the data is used for
2017-06-28 07:48:34 +02:00
Daniel Stenberg
cfe3c08f69 progress: progress.timespent needs to be us
follow-up to 64ed44a815 to fix test 500 failures
2017-06-24 21:14:50 +02:00
Daniel Stenberg
64ed44a815 progress: fix "time spent", broke in adef394ac 2017-06-24 01:18:21 +02:00
Daniel Stenberg
9b167fd090 --request-target: instead of --strip-path-slash
... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH.

This option instead provides the full "alternative" target to use in the
request, instead of extracting the path from the URL.

Test 1298 and 1299 updated accordingly.

Idea-by: Evert Pot
Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373

Closes #1593
2017-06-21 23:39:10 +02:00
Gisle Vanem
60c655ac07 lib: fix the djgpp build
Bug: 73a2fcea0b (commitcomment-22655993)
2017-06-21 07:46:21 +02:00
Marcel Raad
651e04c4c8
if2ip: fix compiler warning in ISO C90 mode
remote_scope_id is only used when both HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
and ENABLE_IPV6 are defined instead of only one of them.
2017-06-20 22:33:56 +02:00
Daniel Stenberg
b778ae4c5e http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASH
... to enable sending "OPTIONS *" which wasn't possible previously.

This option currently only works for HTTP.

Added test cases 1298 + 1299 to verify

Fixes #1280
Closes #1462
2017-06-19 16:39:22 +02:00
Daniel Stenberg
3b80d3ca46 getinfo: return sizes as curl_off_t
This change introduces new alternatives for the existing six
curl_easy_getinfo() options that return sizes or speeds as doubles. The
new versions are named like the old ones but with an appended '_T':

CURLINFO_CONTENT_LENGTH_DOWNLOAD_T
CURLINFO_CONTENT_LENGTH_UPLOAD_T
CURLINFO_SIZE_DOWNLOAD_T
CURLINFO_SIZE_UPLOAD_T
CURLINFO_SPEED_DOWNLOAD_T
CURLINFO_SPEED_UPLOAD_T

Closes #1511
2017-06-19 09:27:42 +02:00
Daniel Stenberg
6208547002 PIPELINING_SERVER_BL: cleanup the internal list use
The list was freed incorrectly since the llist refactor of
cbae73e1dd. Added test 1550 to verify that it works and avoid future
regressions.

Reported-by: Pascal Terjan

Fixes #1584
Closes #1585
2017-06-19 09:14:49 +02:00
Daniel Stenberg
65ca030513 http2: fix OOM crash
torture mode with test 1021 found it
2017-06-18 23:57:45 +02:00
Marcel Raad
edafd52be1
http_proxy: fix build with http and proxy
After deff7de0eb, the build without
CURL_DISABLE_PROXY and CURL_DISABLE_HTTP was failing because of missing
includes.
2017-06-18 15:18:15 +02:00
Marcel Raad
deff7de0eb
http_proxy: fix compiler warning
With CURL_DISABLE_PROXY or CURL_DISABLE_HTTP, GCC complained about a
missing prototype for Curl_connect_free.
2017-06-18 12:53:54 +02:00
Marcel Raad
ce2cc568f8
Makefile.m32: enable -W for MinGW32 build
The configure-based build also has this in addition to -Wall.

Closes https://github.com/curl/curl/pull/1578
2017-06-16 22:32:22 +02:00
Daniel Stenberg
01811b6740 http-proxy: fix chunked-encoded CONNECT responses
Regression since 5113ad0424.

... and remove 'flaky' from test 1061 again

Closes #1579
2017-06-16 21:56:56 +02:00
Daniel Stenberg
12ccaed2a5 http-proxy: deal with EAGAIN
... the previous code would reset the header length wrongly (since
5113ad0424). This makes test 1060 reliable again.

Also: make sws send even smaller chunks of data to increase the
likeliness of this happening.
2017-06-16 17:22:32 +02:00
Jay Satiro
17c5d05285 HTTPS-Proxy: don't offer h2 for https proxy connections
Bug: https://github.com/curl/curl/issues/1254

Closes #1546
2017-06-16 12:16:41 +02:00
Jay Satiro
2a733d6418 url: refactor the check for Windows drive letter in path
- Move the logic to detect a Windows drive letter prefix
  (eg c: in c:foo) into a function-like macro.

Closes https://github.com/curl/curl/pull/1571
2017-06-16 03:03:25 -04:00
Jay Satiro
ec92afc3f4 mk-ca-bundle.pl: Check curl's exit code after certdata download
- No longer allow partial downloads of certdata.

Prior to this change partial downloads were (erroneously?) allowed since
only the server code was checked to be 200.

Bug: https://github.com/curl/curl/pull/1577
Reported-by: Matteo B.
2017-06-16 01:58:23 -04:00
Daniel Stenberg
0d39e5cc95 http-proxy: fix build with --disable-proxy or --disable-http
Reported-by: Dan Fandrich
2017-06-16 00:02:57 +02:00
Daniel Stenberg
efc83d6d54 http-proxy: only attempt FTP over HTTP proxy
... all other non-HTTP protocol schemes are now defaulting to "tunnel
trough" mode if a HTTP proxy is specified. In reality there are no HTTP
proxies out there that allow those other schemes.

Assisted-by: Ray Satiro, Michael Kaufmann

Closes #1505
2017-06-15 13:46:48 +02:00
Daniel Stenberg
7d7346519d curl_setup.h: error out on CURL_WANTS_CA_BUNDLE_ENV use
... to make it really apparent if there's any user using this on purpose.

Suggested-by: Jay Satiro

Closes #1542
2017-06-15 11:11:39 +02:00
Daniel Stenberg
c2aeb1b3ba lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV
When this define was set, libcurl would check the environment variable
named CURL_CA_BUNDLE at run-time and use that CA cert bundle. This
feature was only defined by the watcom and m32 makefiles and caused
inconsistent behaviours among libcurls built on different platforms.

The curl tool does already feature its own similar logic and the library
does not really need it, and it isn't documented libcurl behavior. So
this change removes it.

Ref: #1538
2017-06-15 11:11:15 +02:00
Daniel Stenberg
5113ad0424 http-proxy: do the HTTP CONNECT process entirely non-blocking
Mentioned as a problem since 2007 (8f87c15bda) and of course it
existed even before that.

Closes #1547
2017-06-14 23:43:52 +02:00
Daniel Stenberg
1213baba27 progress: let "current speed" be UL + DL speeds combined
Bug #1556
Reported-by: Paul Harris
Closes #1559
2017-06-14 23:30:54 +02:00
Daniel Stenberg
adef394ac5 timers: store internal time stamps as time_t instead of doubles
This gives us accurate precision and it allows us to avoid storing "no
time" for systems with too low timer resolution as we then bump the time
up to 1 microsecond. Should fix test 573 on windows.

Remove the now unused curlx_tvdiff_secs() function.

Maintains the external getinfo() API with using doubles.

Fixes #1531
2017-06-14 15:46:39 +01:00
Daniel Stenberg
73a2fcea0b includes: remove curl/curlbuild.h and curl/curlrules.h
Rely entirely on curl/system.h now.

Introduced in Aug 2008 with commit 14240e9e10. Now gone.

Fixes #1456
2017-06-14 11:07:33 +02:00
Stuart Henderson
9f54ad8f15 libressl: OCSP and intermediate certs workaround no longer needed
lib/vtls/openssl.c has a workaround for a bug with OCSP responses signed
by intermediate certs, this was fixed in LibreSSL in
912c64f68f

Bug: https://curl.haxx.se/mail/lib-2017-06/0038.html
2017-06-13 12:28:22 +02:00
Daniel Stenberg
5d7952f52e url: fix buffer overwrite with file protocol (CVE-2017-9502)
Bug: https://github.com/curl/curl/issues/1540
Advisory: https://curl.haxx.se/docs/adv_20170614.html

Assisted-by: Ray Satiro
Reported-by: Marcel Raad
2017-06-13 09:34:20 +02:00
Daniel Stenberg
844896d064 setopt: check CURLOPT_ADDRESS_SCOPE option range
... and return error instead of triggering an assert() when being way
out of range.
2017-06-09 01:01:55 +02:00
Daniel Stenberg
6c59074528 asyn-ares: s/Curl_expire_latest/Curl_expire 2017-06-08 11:06:19 +02:00
Daniel Stenberg
7fffe97b78 expire: remove Curl_expire_latest()
With the introduction of expire IDs and the fact that existing timers
can be removed now and thus never expire, the concept with adding a
"latest" timer is not working anymore as it risks to not expire at all.

So, to be certain the timers actually are in line and will expire, the
plain Curl_expire() needs to be used. The _latest() function was added
as a sort of shortcut in the past that's quite simply not necessary
anymore.

Follow-up to 31b39c40cf

Reported-by: Paul Harris

Closes #1555
2017-06-08 10:50:47 +02:00
Daniel Stenberg
68c6dcb2cb file: make speedcheck use current time for checks
... as it would previously just get the "now" timestamp before the
transfer starts and then not update it again.

Closes #1550
2017-06-07 23:01:09 +02:00
Daniel Stenberg
cccac4fb2b test1521: test *all* curl_easy_setopt options
mk-lib1521.pl generates a test program (lib1521.c) that calls
curl_easy_setopt() for every known option with a few typical values to
make sure they work (ignoring the return codes).

Some small changes were necessary to avoid asserts and NULL accesses
when doing this.

The perl script needs to be manually rerun when we add new options.

Closes #1543
2017-06-05 14:25:18 +02:00
Marcel Raad
7960442730
curl_ntlm_core: use Curl_raw_toupper instead of toupper
This was the only remaining use of toupper in the entire source code.

Suggested-by: Daniel Stenberg
2017-06-05 00:27:29 +02:00
Marcel Raad
892c5e4cb3
curl_ntlm_core: pass unsigned char to toupper
Otherwise, clang on Cygwin64 warns:
curl_ntlm_core.c:525:35: error: array subscript is of type 'char'
[-Werror,-Wchar-subscripts]
    dest[2 * i] = (unsigned char)(toupper(src[i]));
                                  ^~~~~~~~~~~~~~~
/usr/include/ctype.h:152:25: note: expanded from macro 'toupper'
      (void) __CTYPE_PTR[__x]; (toupper) (__x);})
                        ^~~~
2017-06-04 16:46:03 +02:00
Marcel Raad
15136a5268
x509asn1: fix implicit-fallthrough warning with GCC 7 2017-06-03 20:10:52 +02:00
Marcel Raad
f8518059ce
curl_sasl: fix unused-variable warning
This fixes the following warning with CURL_DISABLE_CRYPTO_AUTH,
as seen in the autobuilds:

curl_sasl.c:417:9: warning: unused variable 'serverdata'
[-Wunused-variable]
2017-06-03 11:59:38 +02:00
Marcel Raad
7207affe28
cyassl: define build macros before including ssl.h
cyassl/ssl.h needs the macros from cyassl/options.h, so define them
before including cyassl/ssl.h the first time, which happens in
urldata.h.
This broke the build on Ubuntu Xenial, which comes with WolfSSL 3.4.8
and therefore redefines the symbols from cyassl/options.h instead of
including the header.

Closes https://github.com/curl/curl/pull/1536
2017-06-03 00:39:46 +02:00
Daniel Stenberg
cfd3e8f399 dedotdot: fixed output for ".." and "." only input
Found when updating test 1395, which I did to increase test coverage of
this source file...

Closes #1535
2017-06-03 00:11:51 +02:00
Marcel Raad
10e02bc36a
mbedtls: make TU-local variable static
mbedtls_x509_crt_profile_fr is only used locally.
This fixes a missing-variable-declarations warning with clang.
2017-06-02 22:05:01 +02:00
Marcel Raad
769890c7e2
MD(4|5): silence cast-align clang warning
Unaligned access is on purpose here and the warning is harmless on
affected architectures. GCC knows that, while clang warns on all
architectures.
2017-06-02 21:58:48 +02:00
Daniel Stenberg
4ba20a5119 curl_endian: remove unused functions
Closes #1529
2017-06-02 13:30:41 +02:00
Daniel Stenberg
f6e0f4556e build: provide easy code coverage measuring
Closes #1528
2017-06-02 13:15:06 +02:00
Daniel Stenberg
e54db1b053 transfer: init the infilesize from the postfields...
... with a strlen() if no size was set, and do this in the pretransfer
function so that the info is set early. Otherwise, the default strlen()
done on the POSTFIELDS data never sets state.infilesize.

Reported-by: Vincas Razma
Bug: #1294
2017-05-30 11:39:42 +02:00
Jay Satiro
35e9281ef8 mbedtls: fix variable shadow warning
vtls/mbedtls.c:804:69: warning: declaration of 'entropy' shadows a global declaration [-Wshadow]
 CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy,
                                                                     ^~~~~~~
2017-05-29 17:38:33 -04:00
Daniel Stenberg
59cc0234e5 ssh: fix 'left' may be used uninitialized
follow-up to f31760e63b

Reported-by: Michael Kaufmann
Bug: https://github.com/curl/curl/pull/1495#issuecomment-303982793
2017-05-25 13:02:29 +02:00
Michael Kaufmann
8ab22a7453 time: fix type conversions and compiler warnings
Fix bugs and compiler warnings on systems with 32-bit long and
64-bit time_t.

Reviewed-by: Daniel Stenberg

Closes #1499
2017-05-24 22:56:22 +02:00
Daniel Stenberg
bba59073c5 redirect: store the "would redirect to" URL when max redirs is reached
Test 1261 added to verify.

Reported-by: Lloyd Fournier

Fixes #1489
Closes #1497
2017-05-23 23:27:58 +02:00
Sergei Nikulov
48f2a96a60 LDAP: fixed checksrc issue 2017-05-24 00:14:13 +03:00
Sergei Nikulov
f0fe66f13c LDAP: using ldap_bind_s on Windows with methods (#878)
* LDAP: using ldap_bind_s on Windows with methods(BASIC/DIGEST/NTLM/AUTONEG)

* ldap: updated per build options handling

* ldap: fixed logic for auth selection
2017-05-23 22:45:39 +03:00
Akhil Kedia
b4d6b99445 cmake: fix build on Ubuntu 14.04
Fixed a syntax error with setting cache variables (The type and
docstring were missing), resulting in build errors.  Quoted the
CURL_CA_PATH and CURL_CA_BUNDLE otherwise the path was written without
quotes in C code, resulting in build errors.

Closes #1503

Signed-off-by: Akhil <akhil.kedia@samsung.com>
2017-05-23 10:07:08 +02:00
Daniel Stenberg
a1b3a95c96 url: fix declaration of 'pipe' shadows a global declaration
follow-up to 4cdb1be824
2017-05-23 07:41:52 +02:00
Kamil Dudka
945919db5b memdebug: fix compilation failure
.... caused by a typo in the last commit (fixing issue #1504):

memdebug.c: In function ‘curl_fclose’:
memdebug.c:444:3: error: implicit declaration of function
‘DEBUGDEBUGASSERT’ [-Werror=implicit-function-declaration]
2017-05-22 19:03:16 +02:00
Daniel Stenberg
8589e1fe30 assert: avoid, use DEBUGASSERT instead!
... as it does extra checks to actually work.

Reported-by: jonrumsey at github
Fixes #1504
2017-05-22 13:59:29 +02:00
Simon Warta
5606fcc657 cmake: Add CURL_CA_FALLBACK to curl_config.h.cmake
This is for symmetry with the autoconf generated curl_config.h.in
2017-05-21 23:19:05 +02:00
Daniel Stenberg
f31760e63b ssh: ignore timeouts during disconnect
... as otherwise it risks not cleaning up the libssh2 handle properly
which leads to memory leak!

Assisted-by: Joel Depooter

Closes #1495
Closes #1479

Bug: https://curl.haxx.se/mail/lib-2017-04/0024.html
2017-05-20 11:22:20 +02:00
Nick Zitzmann
c58063b4f8 darwinssl: Fix exception when processing a client-side certificate file
if no error was raised by the API but the SecIdentityRef was null

Fixes #1450
2017-05-16 19:21:12 -05:00
Daniel Stenberg
32c27f9e98 curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM
Reported-by: wyattoday at github
Fixes #1487
2017-05-16 16:13:03 +02:00
eb16305e6a SecureTransport/DarwinSSL: Implement public key pinning
Closes #1400
2017-05-15 22:54:33 +02:00
Dan Fandrich
d836c9fee4 url.c: add a compile-time check that CURL_MAX_WRITE_SIZE is large enough
Some code (e.g. Curl_fillreadbuffer) assumes that this buffer is not
exceedingly tiny and will break if it is. This same check is already
done at run time in the CURLOPT_BUFFERSIZE option.
2017-05-13 23:21:27 +02:00
Daniel Stenberg
d6c74ff663 multi: remove leftover debug infof() calls from e9fd794a6 2017-05-12 17:19:30 +02:00
Daniel Stenberg
4cdb1be824 pipeline: fix mistakenly trying to pipeline POSTs
The function IsPipeliningPossible() would return TRUE if either
pipelining OR HTTP/2 were possible on a connection, which would lead to
it returning TRUE even for POSTs on HTTP/1 connections.

It now returns a bitmask so that the caller can differentiate which kind
the connection allows.

Fixes #1481
Closes #1483
Reported-by: stootill at github
2017-05-12 17:01:02 +02:00
Ron Eldor
bc3866e3eb mbedtls: Support server renegotiation request
Tested with servers: IIS 7.5; OpenSSL 1.0.2.

Closes https://github.com/curl/curl/pull/1475
2017-05-12 01:39:10 -04:00
Marcel Raad
b875250e32
formdata: fix -Wcomma warning
clang 5.0 complains:
possible misuse of comma operator here [-Wcomma]

Change the comma to a semicolon to fix that.
2017-05-11 10:04:01 +02:00
Daniel Stenberg
31b39c40cf multi: use a fixed array of timers instead of malloc
... since the total amount is low this is faster, easier and reduces
memory overhead.

Also, Curl_expire_done() can now mark an expire timeout as done so that
it never times out.

Closes #1472
2017-05-10 12:55:36 +02:00
Daniel Stenberg
e9fd794a61 multi: assign IDs to all timers and make each timer singleton
A) reduces the timeout lists drastically

 B) prevents a lot of superfluous loops for timers that expires "in vain"
    when it has actually already been extended to fire later on
2017-05-10 11:02:47 +02:00
Daniel Stenberg
158d701641 formboundary: convert assert into run-time check
... to really make sure the boundary fits in the target buffer.

Fixes unused parameter 'buflen' warning.

Reported-by: Michael Kaufmann
Bug: https://github.com/curl/curl/pull/1468#issuecomment-300078754
2017-05-09 09:08:25 +02:00
Jay Satiro
1cafede9f2 rand: treat fake entropy the same regardless of endianness
When the random seed is purposely made predictable for testing purposes
by using the CURL_ENTROPY environment variable, process that data in an
endian agnostic way so the the initial random seed is the same
regardless of endianness.

- Change Curl_rand to write to a char array instead of int array.

- Add Curl_rand_hex to write random hex characters to a buffer.

Fixes #1315
Closes #1468

Co-authored-by: Daniel Stenberg
Reported-by: Michael Kaufmann
2017-05-08 23:24:29 +02:00
Marcel Raad
ea1b864786
asyn-thread: fix unused macro warnings
Don't do anything in this file if CURLRES_THREADED is not defined.
2017-05-07 19:02:34 +02:00
Marcel Raad
3661c8aeb0
tftp: silence bad-function-cast warning
The cases this warns about are handled elsewhere, so just use an
intermediate variable to silence the warning.
2017-05-07 16:26:19 +02:00
Dan Fandrich
07fd7871b3 schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT 2017-05-04 18:19:33 +02:00
Marcel Raad
a51ca050fc
curl_setup_once: use SEND_QUAL_ARG2 for swrite
SEND_QUAL_ARG2 had to be set, but was never used. Use it in swrite to
avoid warnings about casting away low-level const.

Closes https://github.com/curl/curl/pull/1464
2017-05-04 09:23:00 +02:00
Marcel Raad
cee39aa3be
lib: fix compiler warnings
Fix the following warnings when building the tests by using the correct
types:
cast from 'const char *' to 'void *' drops const qualifier
[-Wcast-qual]
implicit conversion changes signedness [-Wsign-conversion]
2017-05-03 20:11:13 +02:00
Richard Hsu
862b02f894 Telnet: Write full buffer instead of byte-by-byte
Previous TODO wanting to write in chunks. We should support writing more
at once since some TELNET servers may respond immediately upon first
byte written such as WHOIS servers.

Closes #1389
2017-05-02 23:23:39 +02:00
Dan Fandrich
6943085b50 gtls: fixed a lingering BUFSIZE reference 2017-05-02 09:14:26 +02:00
Daniel Stenberg
eab6732fde ssh: fix compiler warning from e40e9d7f0d 2017-05-02 08:32:04 +02:00
Daniel Stenberg
4858c451ee url: let CURLOPT_BUFFERSIZE realloc to smaller sizes too
Closes #1449
2017-05-02 00:04:52 +02:00
Daniel Stenberg
e3ed5cb380 BUFSIZE: rename to READBUFFER_*, make separate MASTERBUF_SIZE 2017-05-01 22:55:29 +02:00
Daniel Stenberg
799c7048dc openssl: use local stack for temp storage 2017-05-01 22:55:29 +02:00
Daniel Stenberg
7ee52c25f3 sendf: remove use of BUFSIZE from debug data conversions
The buffer can have other sizes.
2017-05-01 22:55:29 +02:00
Daniel Stenberg
e40e9d7f0d buffer: use data->set.buffer_size instead of BUFSIZE
... to properly use the dynamically set buffer size!
2017-05-01 22:55:29 +02:00
Daniel Stenberg
c79f4908d4 krb5: use private buffer for temp string, not receive buffer 2017-05-01 22:55:29 +02:00
Daniel Stenberg
89cf6f38d2 upload: UPLOAD_BUFSIZE is now for the upload buffer 2017-05-01 22:55:29 +02:00
Daniel Stenberg
0cab3a394a http-proxy: use a dedicated CONNECT response buffer
To make it suitably independent of the receive buffer and its flexible
size.
2017-05-01 22:55:29 +02:00
Daniel Stenberg
40a074f255 transfer: fix minor buffer_size mistake 2017-05-01 22:55:29 +02:00
Daniel Stenberg
f2fadf490f failf: use private buffer, don't clobber receive buffer 2017-05-01 22:55:29 +02:00
Daniel Stenberg
b8191e975f pingpong: use the set buffer size 2017-05-01 22:55:29 +02:00
Daniel Stenberg
504eafff86 http2: use the correct set buffer size 2017-05-01 22:55:29 +02:00
Daniel Stenberg
87eb8d5b30 http: don't clobber the receive buffer for timecond 2017-05-01 22:55:29 +02:00
Daniel Stenberg
f535f4f5fc buffer_size: make sure it always has the correct size
Removes the need for CURL_BUFSIZE
2017-05-01 22:55:29 +02:00