1
0
mirror of https://github.com/moparisthebest/curl synced 2025-01-11 14:08:07 -05:00
Commit Graph

26286 Commits

Author SHA1 Message Date
Daniel Stenberg
2cf5f93680
RELEASE-NOTES: synced 2020-09-18 08:34:46 +02:00
Daniel Stenberg
3d8731c8f5
ftp: avoid risk of reading uninitialized integers
If the received PASV response doesn't match the expected pattern, we
could end up reading uninitialized integers for IP address and port
number.

Issue pointed out by muse.dev
Closes #5972
2020-09-18 08:26:49 +02:00
Quentin Balland
7921b41ce1
easy_reset: clear retry counter
Closes #5975
Fixes #5974
2020-09-18 07:59:24 +02:00
Daniel Stenberg
cc372af1e9
ftp: get rid of the PPSENDF macro
The use of such a macro hides some of what's actually going on to the
reader and is generally disapproved of in the project.

Closes #5971
2020-09-18 07:56:16 +02:00
Daniel Stenberg
83cc966708
man pages: switch to https://example.com URLs
Since HTTPS is "the new normal", this update changes a lot of man page
examples to use https://example.com instead of the previous "http://..."

Closes #5969
2020-09-17 16:28:18 +02:00
Daniel Stenberg
cd048aaa28
github: remove the duplicate "Security vulnerability" entry
... since github adds an entry automatically by itself.

Closes #5970
2020-09-17 15:22:11 +02:00
Emil Engler
48fb543d7f
github: use new issue template feature
This helps us to avoid getting feature requests as well as security
bugs reported into the issue tracker.

Closes #5936
2020-09-17 13:58:18 +02:00
Emil Engler
c0f0e400e0
urlapi: use more Curl_safefree
Closes #5968
2020-09-17 09:44:36 +02:00
Marc Hoersken
1060955a61
multi: align WinSock mask variables in Curl_multi_wait
Also skip pre-checking sockets to set timeout_ms to 0
after the first socket has been detected to be ready.

Reviewed-by: rcombs on github
Reviewed-by: Daniel Stenberg

Follow up to #5886
2020-09-17 07:41:14 +02:00
Marc Hoersken
40d67da7ca
multi: reuse WinSock events variable in Curl_multi_wait
Since the struct is quite large (1 long and 10 ints) we
declare it once at the beginning of the function instead
of multiple times inside loops to avoid stack movements.

Reviewed-by: Viktor Szakats
Reviewed-by: Daniel Stenberg

Closes #5886
2020-09-17 07:40:49 +02:00
Daniel Stenberg
af09599958
TODO: dynamically decide to use socketpair
Suggested-by: Anders Bakken

Closes #4829
2020-09-16 23:35:39 +02:00
Daniel Stenberg
15f5d59891
TODO: add PR reference for native IDN support on macOS
As there was work started on this that never got completed.

Closes #5371
2020-09-16 23:27:07 +02:00
Daniel Stenberg
ec6363be18
tool_help.h: update copyright year range
Follow-up from aa8777f63f
2020-09-16 23:08:20 +02:00
Daniel Stenberg
1556b99f1a
CI/azure: disable test 571 in the msys2 builds
It's just too flaky there

Reviewed-by: Marc Hoersken
Closes #5954
2020-09-16 10:07:24 +02:00
Daniel Stenberg
0b4c4145aa
tool_writeout: protect fputs() from NULL
When the code was changed to do fputs() instead of fprintf() it got
sensitive for NULL pointers; add checks for that.

Follow-up from 0c1e767e83

Closes #5963
2020-09-15 22:52:51 +02:00
Daniel Stenberg
2cc6857247
test3015: verify stdout "as text"
Follow-up from 0c1e767e83 to please win32 tests

Closes #5962
2020-09-15 22:51:08 +02:00
Daniel Stenberg
9fe7b66203
travis: use libressl v3.1.4 instead of master
... as their git master seems too fragile to use (and 3.2.1 which is the
latest has a build failure).

Closes #5964
2020-09-15 22:49:37 +02:00
Daniel Stenberg
304aeace1b
tests/FILEFORMAT: document type=shell for <command> 2020-09-15 15:42:56 +02:00
Daniel Stenberg
8854b9284b
tests/FILEFORMAT: document nonewline support for <file>
The one in <client>, that creates files.

Follow-up from b83947c8df
2020-09-15 14:45:08 +02:00
anio
0c1e767e83
tool_writeout: add new writeout variable, %{num_headers}
This variable gives the number of headers.

Closes #5947
2020-09-15 00:37:08 +02:00
Daniel Stenberg
4e66207c58
tool_urlglob: fix compiler warning "unreachable code"
(On Windows builds.)

Follow-up to 70a3b003d9
2020-09-15 00:31:18 +02:00
Gergely Nagy
182ff2d63c
vtls: deduplicate client certificates in ssl_config_data
Closes #5629
2020-09-14 12:56:47 +02:00
Daniel Stenberg
7ea2e1d0c5
ftp: a 550 response to SIZE returns CURLE_REMOTE_FILE_NOT_FOUND
This is primarily interesting for cases where CURLOPT_NOBODY is set as
previously curl would not return an error for this case.

MDTM getting 550 now also returns this error (it returned
CURLE_FTP_COULDNT_RETR_FILE before) in order to unify return codes for
missing files across protocols and specific FTP commands.

libcurl already returns error on a 550 as a MDTM response (when
CURLOPT_FILETIME is set). If CURLOPT_NOBODY is not set, an error would
happen subsequently anyway since the RETR command would fail.

Add test 1913 and 1914 to verify. Updated several tests accordingly due
to the updated SIZE behavior.

Reported-by: Tomas Berger
Fixes #5953
Closes #5957
2020-09-14 12:53:12 +02:00
Daniel Stenberg
a167949848
curl: make checkpasswd use dynbuf
Closes #5952
2020-09-14 12:33:53 +02:00
Daniel Stenberg
70a3b003d9
curl: make glob_match_url use dynbuf
Closes #5952
2020-09-14 12:33:52 +02:00
Daniel Stenberg
893bbd7458
curl: make file2memory use dynbuf
Closes #5952
2020-09-14 12:33:51 +02:00
Daniel Stenberg
0938f828bf
curl: make file2string use dynbuf
Closes #5952
2020-09-14 12:33:48 +02:00
Antarpreet Singh
da5ae38db0
imap: set cselect_bits to CURL_CSELECT_IN initially
... when continuing a transfer from a FETCH response.

When the size of the file was small enough that the entirety of the
transfer happens in a single go and schannel buffers holds the entire
data. However, it wasn't completely read in Curl_pp_readresp since a
line break was found before that could happen. So, by the time we are in
imap_state_fetch_resp - there's data in buffers that needs to be read
via Curl_read but nothing to read from the socket. After we setup a
transfer (Curl_setup_transfer), curl just waits on the socket state to
change - which doesn't happen since no new data ever comes.

Closes #5961
2020-09-14 12:29:44 +02:00
Daniel Stenberg
51e8f2938b
RELEASE-NOTES: synced 2020-09-14 09:47:20 +02:00
Daniel Stenberg
5c2d2d2ace
test434: test -K use in a single line without newline
Closes #5946
2020-09-14 08:32:49 +02:00
Daniel Stenberg
b83947c8df
runtests: allow creating files without newlines
Closes #5946
2020-09-14 08:32:45 +02:00
Daniel Stenberg
47dd957daf
curl: use curlx_dynbuf for realloc when loading config files
... fixes an integer overflow at the same time.

Reported-by: ihsinme on github
Assisted-by: Jay Satiro

Closes #5946
2020-09-14 08:32:45 +02:00
Daniel Stenberg
c4ea71ae32
dynbuf: provide curlx_ names for reuse by the curl tool
Closes #5946
2020-09-14 08:32:35 +02:00
Daniel Stenberg
9fffe925d2
dynbuf: make sure Curl_dyn_tail() zero terminates
Closes #5959
2020-09-14 08:29:46 +02:00
Daniel Stenberg
5fbc3ee520
tests: add test1912 to the dist
Follow-up to 70984ce1be
2020-09-12 18:09:49 +02:00
Daniel Stenberg
33bca7c9f6
docs/LICENSE-MIXING: remove
This document is not maintained and I feel that it doesn't provide much
value to users anymore (if it ever did).

Closes #5955
2020-09-11 23:36:27 +02:00
Laramie Leavitt
25a25f45ae
http: consolidate nghttp2_session_mem_recv() call paths
Previously there were several locations that called
nghttp2_session_mem_recv and handled responses slightly differently.
Those have been converted to call the existing
h2_process_pending_input() function.

Moved the end-of-session check to h2_process_pending_input() since the
only place the end-of-session state can change is after nghttp2
processes additional input frames.

This will likely fix the fuzzing error. While I don't have a root cause
the out-of-bounds read seems like a use after free, so moving the
nghttp2_session_check_request_allowed() call to a location with a
guaranteed nghttp2 session seems reasonable.

Also updated a few nghttp2 callsites to include error messages and added
a few additional error checks.

Closes #5648
2020-09-10 17:43:47 +02:00
Daniel Stenberg
4ba275a46a
HISTORY: mention alt-svc added in 2019
... and make 1996 the first year subtitle
2020-09-10 17:39:15 +02:00
Daniel Stenberg
11ab0ad60f
base64: also build for pop3 and imap
Follow-up to the fix in 20417a13fb

Reported-by: Michael Olbrich
Fixes #5937
Closes #5948
2020-09-10 08:50:04 +02:00
Daniel Stenberg
20417a13fb
base64: enable in build with SMTP
The oauth2 support is used with SMTP and it uses base64 functions.

Reported-by: Michael Olbrich
Fixes #5937
Closes #5938
2020-09-09 09:23:06 +02:00
Daniel Stenberg
36f60494ae
curl_mime_headers.3: fix the example's use of curl_slist_append
Reported-by: sofaboss on github
Fixes #5942
Closes #5943
2020-09-08 22:51:16 +02:00
Daniel Stenberg
558dffe306
lib583: fix enum mixup
grrr the previous follow-up to 17fcdf6a31 was wrong
2020-09-08 22:48:16 +02:00
Daniel Stenberg
ab213d60ed
libtest: fix build errors
Follow-up from 17fcdf6a31
2020-09-08 17:37:25 +02:00
Daniel Stenberg
17fcdf6a31
lib: fix -Wassign-enum warnings
configure --enable-debug now enables -Wassign-enum with clang,
identifying several enum "abuses" also fixed.

Reported-by: Gisle Vanem
Bug: 879007f811 (commitcomment-42087553)

Closes #5929
2020-09-08 13:53:02 +02:00
Daniel Stenberg
ad425d3e3e
RELEASE-NOTES: synced 2020-09-08 08:16:12 +02:00
Diven Qi
3532262edd
url: use blank credentials when using proxy w/o username and password
Fixes proxy regression brought in commit ad829b21ae (7.71.0)

Fixed #5911
Closes #5914
2020-09-08 00:48:09 +02:00
Daniel Stenberg
6f42e3b169
travis: add a build using libressl (from git master)
The v3.2.1 tag (latest release atm) results in a broken build.

Closes #5932
2020-09-07 22:50:15 +02:00
Daniel Stenberg
8684bb70d3
configure: let --enable-debug set -Wenum-conversion with gcc >= 10
Unfortunately, this option is not detecting the same issues as clang's
-Wassign-enum flag, but should still be useful to detect future
mistakes.

Closes #5930
2020-09-07 22:47:39 +02:00
Daniel Stenberg
6d946ad9fe
openssl: consider ALERT_CERTIFICATE_EXPIRED a failed verification
If the error reason from the lib is
SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED, libcurl will return
CURLE_PEER_FAILED_VERIFICATION and not CURLE_SSL_CONNECT_ERROR.

This unifies the libcurl return code and makes libressl run test 313
(CRL testing) fine.

Closes #5934
2020-09-07 17:26:27 +02:00
Daniel Stenberg
d63b3908da
FAQ: refreshed some very old language 2020-09-07 17:08:07 +02:00