1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-13 21:15:08 -05:00
Commit Graph

23431 Commits

Author SHA1 Message Date
Daniel Stenberg
09e401e01b
smb: fix memory leak on early failure
... by making sure connection related data (->share) is stored in the
connection and not in the easy handle.

Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369
Fixes #2769
Closes #2810
2018-07-30 17:59:36 +02:00
Daniel Stenberg
fe60cbfbbf
travis: run a 'make checksrc' too
... to make sure the examples are all checked.

Closes #2811
2018-07-30 17:56:01 +02:00
Jay Satiro
0898331474 examples/ephiperfifo: checksrc compliance 2018-07-29 15:06:00 -04:00
Michael Kaufmann
3db628360c sws: handle EINTR when calling select()
Closes https://github.com/curl/curl/pull/2808
2018-07-29 14:52:02 -04:00
Daniel Stenberg
ea6f57696c
test1157: follow-up to 35ecffb9
Ignore the user-agent line.
Pointed-out-by: Marcel Raad
2018-07-29 12:31:09 +02:00
Michael Kaufmann
4f223593cc tests/http_pipe.py: Use /usr/bin/env to find python 2018-07-29 12:23:04 +02:00
Daniel Stenberg
1fb8048abb
TODO: Support Authority Information Access certificate extension (AIA)
Closes #2793
2018-07-28 23:26:42 +02:00
Daniel Stenberg
10061f475e
conn_free: updated comment to clarify
Let's call it disassociate instead of disconnect since the latter term
is used so much for (TCP) connections already.
2018-07-28 23:18:32 +02:00
Daniel Stenberg
35ecffb9be
test1157: test -H from empty file
Verifies bugfix #2797
2018-07-28 22:49:00 +02:00
Tobias Blomberg
3e9b3a3798
curl: Fix segfault when -H @headerfile is empty
The curl binary would crash if the -H command line option was given a
filename to read using the @filename syntax but that file was empty.

Closes #2797
2018-07-28 22:48:31 +02:00
Daniel Stenberg
d390541944
mime: check Curl_rand_hex's return code
Bug: https://curl.haxx.se/mail/archive-2018-07/0015.html
Reported-by: Jeffrey Walton
Closes #2795
2018-07-28 22:36:15 +02:00
Josh Bialkowski
7f5e570616
docs/examples: add hiperfifo example using linux epoll/timerfd
Closes #2804
2018-07-28 22:34:54 +02:00
Darío Hereñú
7212c4cd60
docs/INSTALL.md: minor formatting fixes
Closes #2794
2018-07-26 16:37:36 +02:00
Christopher Head
812d05daff
docs/CURLOPT_URL: fix indentation
The statement, “The application does not have to keep the string around
after setting this option,” appears to be indented under the RTMP
paragraph. It actually applies to all protocols, not just RTMP.
Eliminate the extra indentation.

Closes #2788
2018-07-26 16:26:49 +02:00
Christopher Head
9526cbe6bc
docs/CURLOPT_WRITEFUNCTION: size is always 1
For compatibility with `fwrite`, the `CURLOPT_WRITEFUNCTION` callback is
passed two `size_t` parameters which, when multiplied, designate the
number of bytes of data passed in. In practice, CURL always sets the
first parameter (`size`) to 1.

This practice is also enshrined in documentation and cannot be changed
in future. The documentation states that the default callback is
`fwrite`, which means `fwrite` must be a suitable function for this
purpose. However, the documentation also states that the callback must
return the number of *bytes* it successfully handled, whereas ISO C
`fwrite` returns the number of items (each of size `size`) which it
wrote. The only way these numbers can be equal is if `size` is 1.

Since `size` is 1 and can never be changed in future anyway, document
that fact explicitly and let users rely on it.

Closes #2787
2018-07-26 16:24:43 +02:00
Carie Pointer
10d8f3f134
wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
RNG structure must be freed by call to FreeRng after its use in
Curl_cyassl_random. This call fixes Valgrind failures when running the
test suite with wolfSSL.

Closes #2784
2018-07-26 16:21:59 +02:00
Even Rouault
a7091ba75d
reuse_conn(): free old_conn->options
This fixes a memory leak when CURLOPT_LOGIN_OPTIONS is used, together with
connection reuse.

I found this with oss-fuzz on GDAL and curl master:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9582
I couldn't reproduce with the oss-fuzz original test case, but looking
at curl source code pointed to this well reproducable leak.

Closes #2790
2018-07-26 16:20:15 +02:00
djelinski
d0d48b4276
system_win32: fix version checking
In the current version, VERSION_GREATER_THAN_EQUAL 6.3 will return false
when run on windows 10.0. This patch addresses that error.

Closes https://github.com/curl/curl/pull/2792
2018-07-25 22:15:01 +02:00
Johannes Schindelin
6f5ef24f06
auth: pick Bearer authentication whenever a token is available
So far, the code tries to pick an authentication method only if
user/password credentials are available, which is not the case for
Bearer authentictation...

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes #2754
2018-07-24 10:11:49 +02:00
Johannes Schindelin
df57b439f4
auth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token
The Bearer authentication was added to cURL 7.61.0, but there is a
problem: if CURLAUTH_ANY is selected, and the server supports multiple
authentication methods including the Bearer method, we strongly prefer
that latter method (only CURLAUTH_NEGOTIATE beats it), and if the Bearer
authentication fails, we will never even try to attempt any other
method.

This is particularly unfortunate when we already know that we do not
have any Bearer token to work with.

Such a scenario happens e.g. when using Git to push to Visual Studio
Team Services (which supports Basic and Bearer authentication among
other methods) and specifying the Personal Access Token directly in the
URL (this aproach is frequently taken by automated builds).

Let's make sure that we have a Bearer token to work with before we
select the Bearer authentication among the available authentication
methods.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes #2754
2018-07-24 10:11:25 +02:00
Marcel Raad
26e35844e7
test320: treat curl320.out file as binary
Otherwise, LF line endings are converted to CRLF on Windows,
but no conversion is done for the reply, so the test case fails.

Closes https://github.com/curl/curl/pull/2776
2018-07-22 23:17:06 +02:00
Daniel Stenberg
81377cace6
vtls: set conn->data when closing TLS
Follow-up to 1b76c38904. The VTLS backends that close down the TLS
layer for a connection still needs a Curl_easy handle for the session_id
cache etc.

Fixes #2764
Closes #2771
2018-07-22 21:17:27 +02:00
Marcel Raad
6d13432bfa
tests: fixes for Windows line endlings
Set mode="text" when line endings depend on the system representation.

Closes https://github.com/curl/curl/pull/2772
2018-07-21 20:47:42 +02:00
Marcel Raad
1550e844b1
test214: disable MSYS2's POSIX path conversion for URL
By default, the MSYS2 bash converts all backslashes to forward slashes
in URLs. Disable this with MSYS2_ARG_CONV_EXCL for the test to pass.

Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces
2018-07-21 11:31:03 +02:00
Daniel Stenberg
7b9bc96c77
http2: several cleanups
- separate easy handle from connections better
- added asserts on a number of places
- added sanity check of pipelines for debug builds

Closes #2751
2018-07-20 22:58:42 +02:00
Daniel Stenberg
73af7bcd61
smb_getsock: always wait for write socket too
... the protocol is doing read/write a lot, so it needs to write often
even when downloading. A more proper fix could check for eactly when it
wants to write and only ask for it then.

Without this fix, an SMB download could easily get stuck when the event-driven
API was used.

Closes #2768
2018-07-20 22:53:06 +02:00
Marcel Raad
7bc1180437
test1143: disable MSYS2's POSIX path conversion
By default, the MSYS2 bash interprets http:/%HOSTIP:%HTTPPORT/want/1143
as a POSIX file list and converts it to a Windows file list.
Disable this with MSYS2_ARG_CONV_EXCL for the test to pass.

Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces
Closes https://github.com/curl/curl/pull/2765
2018-07-20 16:08:58 +02:00
Daniel Stenberg
db2ac90eaf
RELEASE-NOTES: sync
... and work toward 7.61.1
2018-07-18 01:21:07 +02:00
Ruslan Baratov
d1207c07d0
CMake: Update scripts to use consistent style
Closes #2727
Reviewed-by: Sergei Nikulov
2018-07-17 11:54:07 +02:00
Daniel Stenberg
a82372e0fb
header output: switch off all styles, not just unbold
... the "unbold" sequence doesn't work on the mac Terminal.

Reported-by: Zero King
Fixes #2736
Closes #2738
2018-07-17 00:31:39 +02:00
Rodger Combs
092f6815c8 darwinssl: add support for ALPN negotiation 2018-07-14 18:32:47 -05:00
Marcel Raad
8c00412428
test1422: add required file feature
curl configured with --enable-debug --disable-file currently complains
on test1422:
Info: Protocol "file" not supported or disabled in libcurl

Make test1422 dependend on enabled FILE protocol to fix this.

Fixes https://github.com/curl/curl/issues/2741
Closes https://github.com/curl/curl/pull/2742
2018-07-14 12:56:43 +02:00
Patrick Monnerat
f8be737d8f content_encoding: accept up to 4 unknown trailer bytes after raw deflate data
Some servers issue raw deflate data that may be followed by an undocumented
trailer. This commit makes curl tolerate such a trailer of up to 4 bytes
before considering the data is in error.

Reported-by: clbr on github
Fixes #2719
2018-07-12 22:46:15 +02:00
Daniel Stenberg
5b511b0958
smb: fix memory-leak in URL parse error path
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369
Closes #2740
2018-07-12 14:47:11 +02:00
Marcel Raad
2c33105dbf
schannel: enable CALG_TLS1PRF for w32api >= 5.1
The definition of CALG_TLS1PRF has been fixed in the 5.1 branch:
73aedcc0f2
2018-07-12 14:38:55 +02:00
Daniel Stenberg
29b78a537f
docs/SECURITY-PROCESS: mention bounty, drop pre-notify
+ The hackerone bounty and its process

- We don't and can't handle pre-notification
2018-07-12 12:32:54 +02:00
Daniel Stenberg
acefdd0cd1
multi: always do the COMPLETED procedure/state
It was previously erroneously skipped in some situations.

libtest/libntlmconnect.c wrongly depended on wrong behavior (that it
would get a zero timeout) when no handles are "running" in a multi
handle. That behavior is no longer present with this fix. Now libcurl
will always return a -1 timeout when all handles are completed.

Closes #2733
2018-07-11 23:41:24 +02:00
Daniel Stenberg
151d3c56dc
Curl_getoff_all_pipelines: improved for multiplexed
On multiplexed connections, transfers can be removed from anywhere not
just at the head as for pipelines.
2018-07-11 23:41:24 +02:00
Daniel Stenberg
c8373e3dfc
ares: check for NULL in completed-callback 2018-07-11 23:41:24 +02:00
Daniel Stenberg
1b76c38904
conn: remove the boolean 'inuse' field
... as the usage needs to be counted.
2018-07-11 23:41:24 +02:00
Paul Howarth
d6417f6c2d
openssl: assume engine support in 1.0.0 or later
Commit 38203f1585 changed engine detection to be version-based,
with a baseline of openssl 1.0.1. This does in fact break builds
with openssl 1.0.0, which has engine support - the configure script
detects that ENGINE_cleanup() is available - but <openssl/engine.h>
doesn't get included to declare it.

According to upstream documentation, engine support was added to
mainstream openssl builds as of version 0.9.7:
https://github.com/openssl/openssl/blob/master/README.ENGINE

This commit drops the version test down to 1.0.0 as version 1.0.0d
is the oldest version I have to test with.

Closes #2732
2018-07-11 23:40:10 +02:00
Marcel Raad
48cf45c5aa
schannel: fix MinGW compile break
Original MinGW's w32api has a sytax error in its definition of
CALG_TLS1PRF [0]. Don't use original MinGW w32api's CALG_TLS1PRF
until this bug [1] is fixed.

[0] d1d4a17e51/w32api/include/wincrypt.h
[1] https://osdn.net/projects/mingw/ticket/38391

Fixes https://github.com/curl/curl/pull/2721#issuecomment-403636043
Closes https://github.com/curl/curl/pull/2728
2018-07-11 13:04:15 +02:00
Daniel Stenberg
1f6e38e6af
examples/crawler.c: move #ifdef to column 0
Apparently the C => HTML converter on the web site doesn't quite like it
otherwise.

Reported-by: Jeroen Ooms
2018-07-11 11:47:21 +02:00
Daniel Stenberg
eb8138405a
release: 7.61.0 2018-07-11 07:57:42 +02:00
Daniel Stenberg
d3bd7cb388
TODO: Configurable loading of OpenSSL configuration file
Closes #2724
2018-07-10 10:57:20 +02:00
Daniel Stenberg
522236f55e
post303.d: clarify that this is an RFC violation
... and not the other way around, which this previously said.

Reported-by: Vasiliy Faronov
Fixes #2723
Closes #2726
2018-07-10 10:08:07 +02:00
Ruslan Baratov
e0a4bba730
CMake: remove redundant and old end-of-block syntax
Reviewed-by: Jakub Zakrzewski
Closes #2715
2018-07-09 23:32:57 +02:00
Jay Satiro
685dc3c082 lib/curl_setup.h: remove unicode character
Follow-up to 82ce416.

Ref: https://github.com/curl/curl/commit/8272ec5#commitcomment-29646818
2018-07-09 16:04:50 -04:00
Daniel Stenberg
82ce416227
lib/curl_setup.h: remove unicode bom from 8272ec50f0 2018-07-09 21:26:32 +02:00
Marcel Raad
424f1cfefb
schannel: fix -Wsign-compare warning
MinGW warns:
/lib/vtls/schannel.c:219:64: warning: signed and unsigned type in
conditional expression [-Wsign-compare]

Fix this by casting the ptrdiff_t to size_t as we know it's positive.

Closes https://github.com/curl/curl/pull/2721
2018-07-09 18:09:05 +02:00