1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-25 01:28:51 -05:00
Commit Graph

10037 Commits

Author SHA1 Message Date
Daniel Gustafsson
60ed8d7276 ntlm_wb: Fix memory leaks in ntlm_wb_response
When erroring out on a request being too large, the existing buffer was
leaked. Fix by explicitly freeing on the way out.

Closes #2966
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-09-13 10:06:05 +02:00
Yiming Jing
57348eb97d
vtls: add a MesaLink vtls backend
Closes #2984
2018-09-13 08:26:37 +02:00
Yiming Jing
31ba404a9c
configure.ac: add a MesaLink vtls backend 2018-09-13 08:26:23 +02:00
Viktor Szakats
539a8059ef lib: fix gcc8 warning on Windows
Closes https://github.com/curl/curl/pull/2979
2018-09-12 08:52:40 +00:00
Jay Satiro
357161accd openssl: fix gcc8 warning
- Use memcpy instead of strncpy to copy a string without termination,
  since gcc8 warns about using strncpy to copy as many bytes from a
  string as its length.

Suggested-by: Viktor Szakats

Closes https://github.com/curl/curl/issues/2980
2018-09-12 03:14:20 -04:00
Daniel Gustafsson
2099dde2c8
cookies: Move failure case label to end of function
Rather than jumping backwards to where failure cleanup happens
to be performed, move the failure case to end of the function
where it is expected per existing coding convention.

Closes #2965
2018-09-10 08:33:08 +02:00
Daniel Gustafsson
1870fd2832
misc: fix typos in comments
Closes #2963
2018-09-10 08:32:07 +02:00
Daniel Gustafsson
6e054623b4
cookies: fix leak when writing cookies to file
If the formatting fails, we error out on a fatal error and
clean up on the way out. The array was however freed within
the wrong scope and was thus never freed in case the cookies
were written to a file instead of STDOUT.

Closes #2957
2018-09-10 08:31:11 +02:00
Daniel Gustafsson
c3654df166
cookies: Remove redundant expired check
Expired cookies have already been purged at a later expiration time
before this check, so remove the redundant check.

closes #2962
2018-09-10 08:30:24 +02:00
Daniel Stenberg
37da149670
ntlm_wb: bail out if the response gets overly large
Exit the realloc() loop if the response turns out ridiculously large to
avoid worse problems.

Reported-by: Harry Sintonen
Closes #2959
2018-09-09 10:44:02 +02:00
Daniel Gustafsson
6e4b8c5073
url.c: fix comment typo and indentation
Closes #2960
2018-09-08 23:28:04 +02:00
Daniel Stenberg
01dedc99fc
urlapi: avoid derefencing a possible NULL pointer
Coverity CID 1439134
2018-09-08 22:57:36 +02:00
Daniel Stenberg
fb30ac5a2d
URL-API
See header file and man pages for API. All documented API details work
and are tested in the 1560 test case.

Closes #2842
2018-09-08 15:36:11 +02:00
Daniel Stenberg
17ca0ccff4
curl_easy_upkeep: removed 'conn' from the name
... including the associated option.

Fixes #2951
Closes #2952
2018-09-07 13:43:26 +02:00
Max Dymond
7b655fcbad
upkeep: add a connection upkeep API: curl_easy_conn_upkeep()
Add functionality so that protocols can do custom keepalive on their
connections, when an external API function is called.

Add docs for the new options in 7.62.0

Closes #1641
2018-09-07 09:45:29 +02:00
Philipp Waehnert
6684653b68
configure: add option to disable automatic OpenSSL config loading
Sometimes it may be considered a security risk to load an external
OpenSSL configuration automatically inside curl_global_init(). The
configuration option --disable-ssl-auto-load-config disables this
automatism. The Windows build scripts winbuild/Makefile.vs provide a
corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean
value.

Setting neither of these options corresponds to the previous behavior
loading the external OpenSSL configuration automatically.

Fixes #2724
Closes #2791
2018-09-07 09:38:33 +02:00
Daniel Stenberg
c515294cec
doh: minor edits to please Coverity
The gcc typecheck macros and coverity combined made it warn on the 2nd
argument for ERROR_CHECK_SETOPT(). Here's minor rearrange to please it.

Coverity CID 1439115 and CID 1439114.
2018-09-07 09:26:08 +02:00
Daniel Stenberg
10009222fe
schannel: avoid switch-cases that go to default anyway
SEC_E_APPLICATION_PROTOCOL_MISMATCH isn't defined in some versions of
mingw and would require an ifdef otherwise.

Reported-by: Thomas Glanzmann
Approved-by: Marc Hörsken
Bug: https://curl.haxx.se/mail/lib-2018-09/0020.html
Closes #2950
2018-09-07 08:23:00 +02:00
Nicklas Avén
6987fcef65
imap: change from "FETCH" to "UID FETCH"
... and add "MAILINDEX".

As described in #2789, this is a suggested solution.  Changing UID=xx to
actually get mail with UID xx and add "MAILINDEX" to get a mail with a
special index in the mail box (old behavior).  So MAILINDEX=1 gives the
first non deleted mail in the mail box.

Fixes #2789
Closes #2815
2018-09-06 10:57:48 +02:00
Daniel Stenberg
2825f46d95
CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
This is step 3 of #2888.

Fixes #2888
Closes #2896
2018-09-06 10:53:39 +02:00
Daniel Stenberg
f2b1a18975
DOH: add test case 1650 and 2100 2018-09-06 09:17:25 +02:00
Daniel Stenberg
abff183387
setopt: add CURLOPT_DOH_URL
Closes #2668
2018-09-06 09:17:17 +02:00
Han Han
3f3b26d6fe
ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
Long live CURLE_PEER_FAILED_VERIFICATION
2018-09-06 08:27:15 +02:00
Han Han
0029aabc56
x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
CURLE_PEER_FAILED_VERIFICATION makes more sense because Curl_parseX509
does not allocate memory internally as its first argument is a pointer
to the certificate structure. The same error code is also returned by
Curl_verifyhost when its call to Curl_parseX509 fails so the change
makes error handling more consistent.
2018-09-06 08:27:15 +02:00
Han Han
59dc83379a
openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
Failure to extract the issuer name from the server certificate should
return a more specific error code like on other TLS backends.
2018-09-06 08:27:15 +02:00
Han Han
5a3efb1dba
schannel: unified error code handling
Closes #2901
2018-09-06 08:27:15 +02:00
Han Han
84a23a0997
darwinssl: more specific and unified error codes
Closes #2901
2018-09-06 08:27:15 +02:00
Daniel Stenberg
7c5837e792
CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
Disable the CURLOPT_DNS_USE_GLOBAL_CACHE option and mark it for
deprecation and complete removal in six months.

Bug: https://curl.haxx.se/mail/lib-2018-09/0010.html
Closes #2942
2018-09-06 08:24:54 +02:00
Daniel Stenberg
25fd1057c9
url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
Closes #2709
2018-09-05 14:36:19 +02:00
Daniel Stenberg
d7c4213bd0
multiplex: enable by default
Starting 7.62.0, multiplexing is enabled by default in multi handles.
2018-09-05 14:35:57 +02:00
Jim Fuller
b004a174ea
tests: add unit tests for url.c
Approved-by: Daniel Gustafsson
Closes #2937
2018-09-05 14:30:48 +02:00
Daniel Stenberg
f7208df7d9
pipelining: deprecated
Transparently. The related curl_multi_setopt() options all still returns
OK when pipelining is selected.

To re-enable the support, the single line change in lib/multi.c needs to
be reverted.

See docs/DEPRECATE.md

Closes #2705
2018-09-05 11:34:03 +02:00
Daniel Stenberg
53dab550b4
Curl_getoff_all_pipelines: ignore unused return values
Since scan-build would warn on the dead "Dead store/Dead increment"
2018-09-04 19:22:06 +02:00
Viktor Szakats
908286b57e sftp: fix indentation 2018-09-04 14:44:47 +00:00
Przemysław Tomaszewski
daa3c450d0
sftp: don't send post-qoute sequence when retrying a connection
Fixes #2939
Closes #2940
2018-09-04 11:00:17 +02:00
Kamil Dudka
52c13d6328 url, vtls: make CURLOPT{,_PROXY}_TLS13_CIPHERS work
This is a follow-up to PR #2607 and PR #2926.

Closes #2936
2018-09-03 18:11:24 +02:00
Jay Satiro
978574b502
openssl: Fix setting TLS 1.3 cipher suites
The flag indicating TLS 1.3 cipher support in the OpenSSL backend was
missing.

Bug: https://github.com/curl/curl/pull/2607#issuecomment-417283187
Reported-by: Kamil Dudka

Closes #2926
2018-09-03 13:14:45 +02:00
Daniel Stenberg
57d299a499
Curl_ntlm_core_mk_nt_hash: return error on too long password
... since it would cause an integer overflow if longer than (max size_t
/ 2).

This is CVE-2018-14618

Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
Closes #2756
Reported-by: Zhaoyang Wu
2018-09-03 07:42:37 +02:00
Rikard Falkeborn
19ebc28217
http2: Use correct format identifier for stream_id
Closes #2928
2018-09-02 23:45:01 +02:00
Daniel Stenberg
1a890997a4
all: s/int/size_t cleanup
Assisted-by: Rikard Falkeborn

Closes #2922
2018-09-01 10:40:42 +02:00
Daniel Stenberg
9dda13bbac
ssh-libssh: use FALLTHROUGH to silence gcc8 2018-09-01 10:40:42 +02:00
Daniel Gustafsson
e2ef8d6fa1
cookies: support creation-time attribute for cookies
According to RFC6265 section 5.4, cookies with equal path lengths
SHOULD be sorted by creation-time (earlier first). This adds a
creation-time record to the cookie struct in order to make cookie
sorting more deterministic. The creation-time is defined as the
order of the cookies in the jar, the first cookie read fro the
jar being the oldest. The creation-time is thus not serialized
into the jar. Also remove the strcmp() matching in the sorting as
there is no lexicographic ordering in RFC6265. Existing tests are
updated to match.

Closes #2524
2018-08-31 14:11:37 +02:00
Marcel Raad
edfaf5a25b
curl_threads: silence bad-function-cast warning
As uintptr_t and HANDLE are always the same size, this warning is
harmless. Just silence it using an intermediate uintptr_t variable.

Closes https://github.com/curl/curl/pull/2908
2018-08-24 19:20:16 +02:00
Ihor Karpenko
6b6c2b8d57
schannel: client certificate store opening fix
1) Using CERT_STORE_OPEN_EXISTING_FLAG ( or CERT_STORE_READONLY_FLAG )
while opening certificate store would be sufficient in this scenario and
less-demanding in sense of required user credentials ( for example,
IIS_IUSRS will get "Access Denied" 0x05 error for existing CertOpenStore
call without any of flags mentioned above ),

2) as 'cert_store_name' is a DWORD, attempt to format its value like a
string ( in "Failed to open cert store" error message ) will throw null
pointer exception

3) adding GetLastError(), in my opinion, will make error message more
useful.

Bug: https://curl.haxx.se/mail/lib-2018-08/0198.html

Closes #2909
2018-08-24 09:03:28 +02:00
Leonardo Taccari
8f3c3cd08a
gopher: Do not translate ?' to %09'
Since GOPHER support was added in curl `?' character was automatically
translated to `%09' (`\t').

However, this behaviour does not seems documented in RFC 4266 and for
search selectors it is documented to directly use `%09' in the URL.
Apart that several gopher servers in the current gopherspace have CGI
support where `?' is used as part of the selector and translating it to
`%09' often leads to surprising results.

Closes #2910
2018-08-24 08:57:49 +02:00
Daniel Stenberg
78d5302b5c
http2: abort the send_callback if not setup yet
When Curl_http2_done() gets called before the http2 data is setup all
the way, we cannot send anything and this should just return an error.

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012
2018-08-22 09:47:22 +02:00
Daniel Stenberg
396fc0843e
http2: remove four unused nghttp2 callbacks
Closes #2903
2018-08-21 23:24:30 +02:00
Daniel Stenberg
205f5b5972
x509asn1: use FALLTHROUGH
... as no other comments are accepted since 014ed7c22f
2018-08-21 22:26:36 +02:00
Marcel Raad
15ed9f87e3
curl-compilers: enable -Wimplicit-fallthrough=4 for GCC
This enables level 4 instead of the default level 3, which of the
currently used comments only allows /* FALLTHROUGH */ to silence the
warning.

Closes https://github.com/curl/curl/pull/2747
2018-08-21 18:53:45 +02:00
Marcel Raad
a829c4b25e
Remove unused definitions
Closes https://github.com/curl/curl/pull/2747
2018-08-21 18:53:43 +02:00