1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 00:28:48 -05:00
Commit Graph

8333 Commits

Author SHA1 Message Date
Daniel Stenberg
193251794a IsPipeliningPossible: fixed for http2 2015-05-18 09:33:47 +02:00
Daniel Stenberg
8b38fcf2f6 http2: bump the h2 buffer size to 32K for speed 2015-05-18 09:33:47 +02:00
Daniel Stenberg
5871affc7a http2: remove the stream from the hash in stream_close callback
... and suddenly things work much better!
2015-05-18 09:33:47 +02:00
Daniel Stenberg
3e8a5d88a5 http2: if there is paused data, do not clear the drain field 2015-05-18 09:33:47 +02:00
Daniel Stenberg
522ca8c035 http2: rename s/data/pausedata 2015-05-18 09:33:47 +02:00
Daniel Stenberg
a66ed407d2 http2: "stream %x" in all outputs to make it easier to search for 2015-05-18 09:33:47 +02:00
Daniel Stenberg
61a94d6f77 http2: Curl_expire() all handles with incoming traffic
... so that they'll get handled next in the multi loop.
2015-05-18 09:33:47 +02:00
Daniel Stenberg
56c362b1a7 http2: don't signal settings change for same values 2015-05-18 09:33:47 +02:00
Daniel Stenberg
72105ebf05 http2: set default concurrency, fix ConnectionExists for multiplex 2015-05-18 09:33:47 +02:00
Daniel Stenberg
38bd6bf0bb bundles: store no/default/pipeline/multiplex
to allow code to act differently on the situation.

Also added some more info message for the connection re-use function to
make it clearer when connections are not re-used.
2015-05-18 09:33:36 +02:00
Daniel Stenberg
be4c8fd1ef http2: lazy init header_recvbuf
It makes us use less memory when not doing HTTP/2 and subsequently also
makes us not have to cleanup HTTP/2 related data when not using HTTP/2!
2015-05-18 08:57:18 +02:00
Daniel Stenberg
783b3c7b42 http2: separate multiplex/pipelining + cleanup memory leaks 2015-05-18 08:57:18 +02:00
Daniel Stenberg
02ec1ced9b CURLMOPT_PIPELINE: bit 1 is for multiplexing 2015-05-18 08:57:18 +02:00
Tatsuhiro Tsujikawa
2ce2f03007 http2: Fix bug that data to be drained are overwritten by pending "paused" data 2015-05-18 08:57:18 +02:00
Tatsuhiro Tsujikawa
d722138f29 http2: Don't call nghttp2_session_mem_recv while it is paused by a stream 2015-05-18 08:57:18 +02:00
Tatsuhiro Tsujikawa
0dc0de0351 http2: Read data left in connection buffer after pause
Previously when we do pause because of out of buffer, we just throw
away unread data in connection buffer.  This just broke protocol
framing, and I saw occasional FRAME_SIZE_ERROR.  This commit fix this
issue by remembering how much data read, and in the next iteration, we
process remaining data.
2015-05-18 08:57:18 +02:00
Tatsuhiro Tsujikawa
d261652d42 http2: Fix streams get stuck
This commit fixes the bug that streams get stuck if stream gets some
DATA, and stream->closed becomes true at the same time.  Previously,
in this condition, after we processed DATA, we are going to try to
read data from underlying transport, but there is no data, and gets
EAGAIN.  There was no code path to evaludate stream->closed.
2015-05-18 08:57:18 +02:00
Daniel Stenberg
74a4bd5ecd http2: store incoming h2 SETTINGS 2015-05-18 08:57:18 +02:00
Daniel Stenberg
591a6933da pipeline: move function to pipeline.c and make static
... as it was only used from there.
2015-05-18 08:57:18 +02:00
Daniel Stenberg
e91aedd840 IsPipeliningPossible: http2 can always "pipeline" (multiplex) 2015-05-18 08:57:18 +02:00
Daniel Stenberg
ee3ad233a2 http2: remove debug logging from on_frame_recv 2015-05-18 08:57:18 +02:00
Daniel Stenberg
70b5b698b0 http2: remove the closed check in http2_recv
With the "drained" functionality we can get here slightly asynchronously
so the stream have have been closed but there is pending data left to
read.
2015-05-18 08:57:18 +02:00
Daniel Stenberg
a28734be09 http2: bump the h2 buffer to 8K 2015-05-18 08:57:18 +02:00
Daniel Stenberg
5252f13dfa http2: Curl_read should not use the single buffer
... as it does for pipelining when we're multiplexing, as we need the
different buffers to store incoming data correctly for all streams.
2015-05-18 08:57:18 +02:00
Daniel Stenberg
153f940198 http2: more debug outputs 2015-05-18 08:57:18 +02:00
Daniel Stenberg
f4b8b39881 http2: leave WAITPERFORM when conn is multiplexed
No need to wait for our "spot" like for pipelining
2015-05-18 08:57:18 +02:00
Daniel Stenberg
01e1bdb10c http2: force "drainage" of streams
... which is necessary since the socket won't be readable but there is
data waiting in the buffer.
2015-05-18 08:57:17 +02:00
Daniel Stenberg
7bbac214f5 http2: move the mem+len pair to the stream struct 2015-05-18 08:57:17 +02:00
Daniel Stenberg
84c6b6561f http2: more stream-oriented data, stream ID 0 is for connections 2015-05-18 08:57:17 +02:00
Daniel Stenberg
2c238ea1fc http2: move lots of state data to the 'stream' struct
... from the connection struct. The stream one being the 'struct HTTP'
which is kept in the SessionHandle struct (easy handle).

lookup streams for incoming frames in the stream hash, hashing is based
on the stream id and we get the SessionHandle for the incoming stream
that way.
2015-05-18 08:57:17 +02:00
Daniel Stenberg
5fe71975e4 HTTP: partial start at fixing up hash-lookups on http2 frame receival 2015-05-18 08:57:17 +02:00
Daniel Stenberg
77f1029ecd http: a stream hash for h2 multiplexing 2015-05-18 08:57:17 +02:00
Daniel Stenberg
7957d2eb92 http: a stream hash for h2 multiplexing 2015-05-18 08:57:17 +02:00
Daniel Stenberg
47caff7bdf http2: debug log when receiving unexpected stream_id 2015-05-18 08:54:54 +02:00
Daniel Stenberg
d6440d7366 http2: move stream_id to the HTTP struct (per-stream) 2015-05-18 08:54:54 +02:00
Daniel Stenberg
f858624052 Curl_http2_setup: only do it once and enable multiplex on the server
Once we know we are HTTP/2 enabled we know the server can multiplex.
2015-05-18 08:54:54 +02:00
Daniel Stenberg
6e6b02f398 http: switch on "pipelining" (multiplexing) for HTTP/2 servers
... and do not blacklist any.
2015-05-18 08:54:54 +02:00
Daniel Stenberg
5fa82ca56f README.pipelining: removed
All the details mentioned here are better documented in man pages
2015-05-15 22:34:12 +02:00
Dan Fandrich
1c01cee601 build: removed bundles.c from make files
This file was removed in commit fd137786
2015-05-14 14:55:48 +02:00
Daniel Stenberg
750d678c0e Curl_conncache_add_conn: fix memory leak on OOM 2015-05-14 14:06:44 +02:00
Daniel Stenberg
2a746f6c28 conncache: keep bundles on host+port bases, not only host names
Previously we counted all connections to a specific host name and that
would be used for the CURLMOPT_MAX_HOST_CONNECTIONS check for example,
while servers on different port numbers are normally considered
different "origins" on the web and should thus be considered different
hosts.
2015-05-12 23:40:10 +02:00
Daniel Stenberg
fd137786e5 bundles: merged into conncache.c
All the existing Curl_bundle* functions were only ever used from within
the conncache.c file, so I moved them over and made them static (and
removed the Curl_ prefix).
2015-05-12 23:21:33 +02:00
Daniel Stenberg
b419e7ae0c hostcache: made all host caches use structs, not pointers
This avoids unnecessary dynamic allocs and as this also removed the last
users of *hash_alloc() and *hash_destroy(), those two functions are now
removed.
2015-05-12 09:46:53 +02:00
Daniel Stenberg
d37e0160c2 multi: converted socket hash into non-allocated struct
avoids extra dynamic allocation
2015-05-12 09:28:37 +02:00
Daniel Stenberg
640296c95d connection cache: avoid Curl_hash_alloc()
... by using plain structs instead of pointers for the connection cache,
we can avoid several dynamic allocations that weren't necessary.
2015-05-12 09:15:02 +02:00
Daniel Stenberg
c4d6f9163a proxy: add newline to info message 2015-05-08 15:56:25 +02:00
Patrick Monnerat
c720cd6356 FTP: fix dangling conn->ip_addr dereference on verbose EPSV. 2015-05-08 15:28:48 +02:00
Patrick Monnerat
3377e692ee FTP: Make EPSV use the control IP address rather than the original host.
This ensures an alternate address is not used.
Does not apply to proxy tunnel.
2015-05-08 15:28:48 +02:00
Orgad Shaneh
33058a1dc3 netrc: Read in text mode when cygwin
Use text mode when cygwin to eliminate trailing carriage returns.

Bug: https://github.com/bagder/curl/pull/258
2015-05-06 02:34:31 -04:00
Alessandro Ghedini
a5e09e9eea gtls: properly retrieve certificate status
Also print the revocation reason if appropriate.
2015-05-04 13:42:45 +02:00
Daniel Stenberg
86bc654532 OpenSSL: conditional check for SSL3_RT_HEADER
The symbol is fairly new.

Reported-by: Kamil Dudka
2015-05-04 13:29:34 +02:00
Daniel Stenberg
690317aae2 openssl: skip trace outputs for ssl_ver == 0
The OpenSSL trace callback is wonderfully undocumented but given a
journey in the source code, it seems the cases were ssl_ver is zero
doesn't follow the same pattern and thus turned out confusing and
misleading. For now, we skip doing any CURLINFO_TEXT logging on those
but keep sending them as CURLINFO_SSL_DATA_OUT/IN.

Also, I added direction to the text info and I edited some functions
slightly.

Bug: https://github.com/bagder/curl/issues/219
Reported-by: Jay Satiro, Ashish Shukla
2015-05-04 12:27:59 +02:00
Marc Hoersken
3c104448d6 schannel.c: Small changes 2015-05-02 22:21:25 +02:00
Marc Hoersken
ae8387b91c schannel.c: Improve code path and readability 2015-05-02 20:14:53 +02:00
Marc Hoersken
d93619ca5d schannel.c: Improve error and return code handling upon aa99a63f03 2015-05-02 20:05:22 +02:00
Chris Araman
aa99a63f03 schannel: fix regression in schannel_recv
https://github.com/bagder/curl/issues/244

Commit 145c263 changed the behavior when Curl_read_plain returns
CURLE_AGAIN. We now handle CURLE_AGAIN and SEC_I_CONTEXT_EXPIRED
correctly.
2015-05-02 18:54:13 +02:00
Marc Hoersken
4bb8bad964 Bug born in changes made several days ago 9a91e80.
Commit: https://github.com/bagder/curl/commit/926cb9f
Reported-by: Ray Satiro
2015-05-01 09:39:34 +02:00
Dan Fandrich
32606e4f0b http_negotiate_sspi: added missing data variable 2015-04-30 12:13:49 +02:00
Viktor Szakats
6a61285909 build: update depedency versions, urls, example makefiles
- update default versions of dependencies (except for rare/old platforms)
- update urls
- sync examples makefiles with main ones
- remove line ending space
2015-04-30 08:29:00 +02:00
Anders Bakken
b23fda76c1 curl_multi_add_handle: next is already NULL 2015-04-30 08:21:34 +02:00
Jay Satiro
926cb9ff65 schannel: Fix out of bounds array
Bug born in changes made several days ago 9a91e80.

Bug: http://curl.haxx.se/mail/lib-2015-04/0199.html
Reported-by: Brian Chrisman
2015-04-30 01:44:45 -04:00
Viktor Szakats
790d1a4816 lib/makefile.m32: add arch -m32/-m64 to LDFLAGS
This fixes using a multi-target mingw distro to build curl .dll for the
non-default target.
(mirroring the same patch present in src/makefile.m32)
2015-04-29 13:18:17 -04:00
Daniel Stenberg
6ba2e88a64 CURLOPT_HEADEROPT: default to separate
Make the HTTP headers separated by default for improved security and
reduced risk for information leakage.

Bug: http://curl.haxx.se/docs/adv_20150429.html
Reported-by: Yehezkel Horowitz, Oren Souroujon
2015-04-28 21:02:37 +02:00
Daniel Stenberg
b2ea1bfcd6 hash: simplify Curl_str_key_compare() 2015-04-28 13:10:53 +02:00
Linus Nielsen
97c272e5d1 Negotiate: custom service names for SPNEGO.
* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME.
* Add new curl options, --proxy-service-name and --service-name.
2015-04-28 08:29:56 +02:00
Daniel Stenberg
54c394699d http2: unify http_conn variable names to 'c' 2015-04-27 22:54:34 +02:00
Daniel Stenberg
09a31fabe4 ConnectionExists: call it multi-use instead of pipelining
So that it fits HTTP/2 as well
2015-04-27 22:54:34 +02:00
Paul Howarth
d4f62f6c5d nss: fix compilation failure with old versions of NSS
Bug: http://curl.haxx.se/mail/lib-2015-04/0095.html
2015-04-27 15:37:16 +02:00
Marc Hoersken
92e754de78 schannel.c: Fix typo introduced with 3447c973d0 2015-04-26 19:57:05 +02:00
Marc Hoersken
9a91e8059b schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
Reported-by: Brian Chrisman
2015-04-26 17:59:01 +02:00
Daniel Stenberg
3447c973d0 schannel: re-indented file to follow curl style better
white space changes only
2015-04-26 17:40:40 +02:00
Daniel Stenberg
cae43a10cb Curl_ossl_init: load builtin modules
To have engine modules work, we must tell openssl to load builtin
modules first.

Bug: https://github.com/bagder/curl/pull/206
2015-04-26 17:26:31 +02:00
Daniel Stenberg
aff153f83a openssl: fix serial number output
The code extracting the cert serial number was broken and didn't display
it properly.

Bug: https://github.com/bagder/curl/issues/235
Reported-by: dkjjr89
2015-04-26 16:36:19 +02:00
Grant Pannell
59f3f92ba6 sasl_sspi: Populate domain from the realm in the challenge
Without this, SSPI based digest auth was broken.

Bug: https://github.com/bagder/curl/pull/141.patch
2015-04-26 16:12:23 +02:00
Viktor Szakats
48be87e5f0 netrc: support 'default' token
The 'default' token has no argument and means to match _any_ domain.
It must be placed last if there are 'machine <name>' tokens in the same file.

See full description here:
https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-File.html
2015-04-24 23:57:37 +02:00
Jay Satiro
0675abbc75 cyassl: Implement public key pinning
Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.
2015-04-22 17:07:19 -04:00
Daniel Stenberg
85c45d153b connectionexists: follow-up to fd9d3a1ef1
PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not
enabled.

Mistake-caught-by: Kamil Dudka
2015-04-22 13:59:04 +02:00
Daniel Stenberg
fd9d3a1ef1 connectionexists: fix build without NTLM
Do not access NTLM-specific struct fields when built without NTLM
enabled!

bug: http://curl.haxx.se/?i=231
Reported-by: Patrick Rapin
2015-04-22 13:32:45 +02:00
Kamil Dudka
b47c17d67c nss: implement public key pinning for NSS backend
Bug: https://bugzilla.redhat.com/1195771
2015-04-22 13:21:31 +02:00
Daniel Stenberg
1fd33e3ec8 dist: include {src,lib}/checksrc.whitelist 2015-04-22 13:16:04 +02:00
Daniel Stenberg
79b9d5f1a4 http_done: close Negotiate connections when done
When doing HTTP requests Negotiate authenticated, the entire connnection
may become authenticated and not just the specific HTTP request which is
otherwise how HTTP works, as Negotiate can basically use NTLM under the
hood. curl was not adhering to this fact but would assume that such
requests would also be authenticated per request.

CVE-2015-3148

Bug: http://curl.haxx.se/docs/adv_20150422B.html
Reported-by: Isaac Boukris
2015-04-21 23:20:37 +02:00
Daniel Stenberg
0583e87ada fix_hostname: zero length host name caused -1 index offset
If a URL is given with a zero-length host name, like in "http://:80" or
just ":80", `fix_hostname()` will index the host name pointer with a -1
offset (as it blindly assumes a non-zero length) and both read and
assign that address.

CVE-2015-3144

Bug: http://curl.haxx.se/docs/adv_20150422D.html
Reported-by: Hanno Böck
2015-04-21 23:20:36 +02:00
Daniel Stenberg
b5f947b8ac cookie: cookie parser out of boundary memory access
The internal libcurl function called sanitize_cookie_path() that cleans
up the path element as given to it from a remote site or when read from
a file, did not properly validate the input. If given a path that
consisted of a single double-quote, libcurl would index a newly
allocated memory area with index -1 and assign a zero to it, thus
destroying heap memory it wasn't supposed to.

CVE-2015-3145

Bug: http://curl.haxx.se/docs/adv_20150422C.html
Reported-by: Hanno Böck
2015-04-21 23:20:36 +02:00
Daniel Stenberg
31be461c6b ConnectionExists: for NTLM re-use, require credentials to match
CVE-2015-3143

Bug: http://curl.haxx.se/docs/adv_20150422A.html
Reported-by: Paras Sethia
2015-04-21 23:20:36 +02:00
byronhe
6088fbce06 openssl: add OPENSSL_NO_SSL3_METHOD check 2015-04-21 15:25:21 -04:00
Viktor Szakáts
3a87bdebd1 vtls/openssl: use https in URLs and a comment typo fixed 2015-04-19 19:52:37 +02:00
Daniel Stenberg
2eb02480ef Revert "HTTP: don't abort connections with pending Negotiate authentication"
This reverts commit 5dc68dd609.

Bug: https://github.com/bagder/curl/issues/223
Reported-by: Michael Osipov
2015-04-17 23:23:42 +02:00
Jay Satiro
f70112522f cyassl: Fix include order
Prior to this change CyaSSL's build options could redefine some generic
build symbols.

http://curl.haxx.se/mail/lib-2015-04/0069.html
2015-04-17 15:24:04 -04:00
Jay Satiro
9430dd583e cyassl: Add support for TLS extension SNI 2015-04-14 02:05:25 -04:00
Matthew Hall
a471a9f3b6 vtls_openssl: improve PKCS#12 load failure error message 2015-04-13 22:25:04 +02:00
Matthew Hall
27ac643455 vtls_openssl: fix minor typo in PKCS#12 load routine 2015-04-13 22:25:04 +02:00
Matthew Hall
b3175a767d vtls_openssl: improve client certificate load failure error messages 2015-04-13 22:25:04 +02:00
Matthew Hall
58b0a8b059 vtls_openssl: remove ambiguous SSL_CLIENT_CERT_ERR constant 2015-04-13 22:25:04 +02:00
Daniel Stenberg
7fe172d3b2 firefox-db2pem: fix wildcard to find Firefox default profile
At some point, Firefox has changed and generates different directory
names for the default profile that made this script fail to find them.

Bug: https://github.com/bagder/curl/issues/207
Reported-by: sneakyimp
2015-04-13 15:31:26 +02:00
Jay Satiro
72bea7cc65 cyassl: Include the CyaSSL build config
CyaSSL >= 2.6.0 may have an options.h that was generated during
its build by configure.
2015-04-11 23:58:42 -04:00
Viktor Szakats
e44155156a lib/makefile.m32: add missing libs to build libcurl.dll
Add 'gdi32' and 'crypt32' Windows implibs to avoid failure
while building libcurl.dll using the mingw compiler.
The same logic is used in 'src/makefile.m32' when
building curl.exe.
2015-04-09 21:34:14 +02:00
Da-Yoon Chung
a9e46749b2 lib/transfer.c: Remove factor of 8 from sleep time calculation
The factor of 8 is a bytes-to-bits conversion factor, but pkt_size and
rate_bps are both in bytes. When using the rate limiting option, curl
waits 8 times too long, and then transfers very quickly until the
average rate reaches the limit. The average rate follows the limit over
time, but the actual traffic is bursty.

Thanks-to: Benjamin Gilbert
2015-04-07 21:55:23 +02:00
Jay Satiro
c3101ae287 x509asn1: Silence x64 loss-of-data warning on RSA key length assignment
The key length in bits will always fit in an unsigned long so the
loss-of-data warning assigning the result of x64 pointer arithmetic to
an unsigned long is unnecessary.
2015-04-06 17:55:48 +02:00
Jay Satiro
d363c07912 cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size
Also fix it so that all ERR_error_string calls use an error buffer.
CyaSSL's implementation of ERR_error_string only writes the error when
an error buffer is passed.

http://www.yassl.com/forums/topic599-openssl-compatibility-and-errerrorstring.html
2015-04-06 17:54:14 +02:00
Jay Satiro
a30be951d6 cyassl: Remove 'Connecting to' message from cyassl_connect_step2
Prior to this change libcurl could show multiple 'CyaSSL: Connecting to'
messages since cyassl_connect_step2 is called multiple times, typically.
The message is superfluous even once since libcurl already informs the
user elsewhere in code that it is connecting.
2015-04-05 18:18:11 +02:00