1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-16 14:35:03 -05:00
Commit Graph

1771 Commits

Author SHA1 Message Date
Lauri Kasanen
c990eadd12
cookie: store cookies per top-level-domain-specific hash table
This makes libcurl handle thousands of cookies much better and speedier.

Closes #2440
2018-04-02 10:48:53 +02:00
Daniel Stenberg
28faaacee2
test1148: set a fixed locale for the test
...as otherwise it might use a different decimal sign.

Bug: #2436
Reported-by: Oumph on github
2018-04-02 10:32:19 +02:00
Rick Deist
d95f3dc0b1
resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSES
This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request
shuffling of IP addresses returned for a hostname when there is more
than one. This is useful when the application knows that a round robin
approach is appropriate and is willing to accept the consequences of
potentially discarding some preference order returned by the system's
implementation.

Closes #1694
2018-03-17 20:44:14 +01:00
Lawrence Matthews
6baeb6df35
CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocol
Add --haproxy-protocol for the command line tool

Closes #2162
2018-03-17 11:50:06 +01:00
luz.paz
236402fc2d
cleanup: misc typos in strings and comments
Found via `codespell`

Closes #2389
2018-03-16 11:08:31 +01:00
Daniel Stenberg
a9a7b606c2
transfer: make HTTP without headers count correct body size
This is what "HTTP/0.9" basically looks like.

Reported on IRC

Closes #2382
2018-03-15 10:56:27 +01:00
Daniel Stenberg
634f72fed4
test1208: marked flaky
It fails somewhere between every 3rd to 10th travis-CI run
2018-03-15 08:21:26 +01:00
Daniel Stenberg
535432c0ad
FTP: reject path components with control codes
Refuse to operate when given path components featuring byte values lower
than 32.

Previously, inserting a %00 sequence early in the directory part when
using the 'singlecwd' ftp method could make curl write a zero byte
outside of the allocated buffer.

Test case 340 verifies.

CVE-2018-1000120
Reported-by: Duy Phan Thanh
Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
2018-03-12 07:47:07 +01:00
Daniel Stenberg
8123560d44
HTTP: allow "header;" to replace an internal header with a blank one
Reported-by: Michael Kaufmann
Fixes #2357
Closes #2362
2018-03-11 11:46:10 +01:00
Daniel Stenberg
b7f90470be
NO_PROXY: fix for IPv6 numericals in the URL
Added test 1265 that verifies.

Reported-by: steelman on github
Fixes #2353
Closes #2355
2018-03-04 19:50:48 +01:00
Francisco Sedano
23713645d4 url: Add option CURLOPT_RESOLVER_START_FUNCTION
- Add new option CURLOPT_RESOLVER_START_FUNCTION to set a callback that
  will be called every time before a new resolve request is started
  (ie before a host is resolved) with a pointer to backend-specific
  resolver data. Currently this is only useful for ares.

- Add new option CURLOPT_RESOLVER_START_DATA to set a user pointer to
  pass to the resolver start callback.

Closes https://github.com/curl/curl/pull/2311
2018-02-21 21:29:10 -05:00
Anders Bakken
50d1b3379a CURLOPT_RESOLVE: Add support for multiple IP addresses per entry
This enables users to preresolve but still take advantage of happy
eyeballs and trying multiple addresses if some are not connecting.

Ref: https://github.com/curl/curl/pull/2260
2018-02-20 04:24:28 -05:00
Daniel Stenberg
70cbb92134
test1556: verify >16KB headers to the header callback 2018-02-16 22:54:50 +01:00
Daniel Stenberg
5e17a5f6cf
test1154: verify that long HTTP headers get rejected 2018-02-16 22:51:59 +01:00
Björn Stenberg
b46cfbc068
TODO fixed: Detect when called from within callbacks
Closes #2302
2018-02-15 09:36:03 +01:00
Patrick Monnerat
e551910f8a tests: new tests for http raw mode
Test 319 checks proper raw mode data with non-chunked gzip
transfer-encoded server data.
Test 326 checks raw mode with chunked server data.

Bug: #2303
Closes #2308
2018-02-13 01:44:57 +01:00
Patrick Monnerat
62cf2d180e smtp: fix processing of initial dot in data
RFC 5321 4.1.1.4 specifies the CRLF terminating the DATA command
should be taken into account when chasing the <CRLF>.<CRLF> end marker.
Thus a leading dot character in data is also subject to escaping.

Tests 911 and test server are adapted to this situation.
New tests 951 and 952 check proper handling of initial dot in data.

Closes #2304
2018-02-12 16:43:15 +01:00
Patrick Monnerat
bd5b9e50ce lib555: drop text conversion and encode data as ascii codes
If CURL_DOES_CONVERSION is enabled, uploaded LFs are mapped to CRLFs,
giving a result that is different from what is expected.
This commit avoids using CURLOPT_TRANSFERTEXT and directly encodes data
to upload in ascii.

Bug: https://github.com/curl/curl/pull/1872
2018-01-26 17:45:20 +01:00
Daniel Stenberg
1c39128d97
parsedate: fix date parsing for systems with 32 bit long
Make curl_getdate() handle dates before 1970 as well (returning negative
values).

Make test 517 test dates for 64 bit time_t.

This fixes bug (3) mentioned in #2238

Closes #2250
2018-01-25 22:20:52 +01:00
Daniel Stenberg
65ceb20dfd
test1454: --connect-to with IPv6 address w/o IPv6 support! 2018-01-23 08:01:29 +01:00
Daniel Stenberg
af32cd3859
http: prevent custom Authorization headers in redirects
... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how
curl already handles Authorization headers created internally.

Note: this changes behavior slightly, for the sake of reducing mistakes.

Added test 317 and 318 to verify.

Reported-by: Craig de Stigter
Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
2018-01-22 10:00:00 +01:00
Daniel Stenberg
87ddeee59b
test558: fix for multissl builds
vtls.c:multissl_init() might do a curl_free() call so strip that out to
make this work with more builds. We just want to verify that
memorytracking works so skipping one line is no harm.
2018-01-18 22:21:33 +01:00
Patrick Monnerat
e44ddfd477 mime: clone mime tree upon easy handle duplication.
A mime tree attached to an easy handle using CURLOPT_MIMEPOST is
strongly bound to the handle: there is a pointer to the easy handle in
each item of the mime tree and following the parent pointer list
of mime items ends in a dummy part stored within the handle.

Because of this binding, a mime tree cannot be shared between different
easy handles, thus it needs to be cloned upon easy handle duplication.

There is no way for the caller to get the duplicated mime tree
handle: it is then set to be automatically destroyed upon freeing the
new easy handle.

New test 654 checks proper mime structure duplication/release.

Add a warning note in curl_mime_data_cb() documentation about sharing
user data between duplicated handles.

Closes #2235
2018-01-14 19:43:12 +01:00
Daniel Stenberg
a06311be27
test395: HTTP with overflow Content-Length value 2018-01-13 22:49:31 +01:00
Daniel Stenberg
67595e7d23
test394: verify abort of rubbish in Content-Length: value 2018-01-13 22:49:31 +01:00
Daniel Stenberg
ac17d79473
test393: verify --max-filesize with excessive Content-Length 2018-01-13 22:49:31 +01:00
Daniel Stenberg
f68e672715
HTTP: bail out on negative Content-Length: values
... and make the max filesize check trigger if the value is too big.

Updates test 178.

Reported-by: Brad Spencer
Fixes #2212
Closes #2223
2018-01-13 22:49:04 +01:00
Mikalai Ananenka
58d7cd28a0 brotli: data at the end of content can be lost
Decoding loop implementation did not concern the case when all
received data is consumed by Brotli decoder and the size of decoded
data internally hold by Brotli decoder is greater than CURL_MAX_WRITE_SIZE.
For content with unencoded length greater than CURL_MAX_WRITE_SIZE this
can result in the loss of data at the end of content.

Closes #2194
2017-12-27 13:00:54 +01:00
Patrick Monnerat
f009bbe1f6 curl_easy_reset: release mime-related data.
Move curl_mime_initpart() and curl_mime_cleanpart() calls to lower-level
functions dealing with UserDefined structure contents.
This avoids memory leakages on curl-generated part mime headers.
New test 2073 checks this using the cli tool --next option: it
triggers a valgrind error if bug is present.

Bug: https://curl.haxx.se/mail/lib-2017-12/0060.html
Reported-by: Martin Galvan
2017-12-20 19:33:50 +01:00
Patrick Monnerat
4acc9d3d1a content_encoding: rework zlib_inflate
- When zlib version is < 1.2.0.4, process gzip trailer before considering
extra data as an error.
- Inflate with Z_BLOCK instead of Z_SYNC_FLUSH to maximize correct data
and minimize corrupt data output.
- Do not try to restart deflate decompression in raw mode if output has
started or if the leading data is not available anymore.
- New test 232 checks inflating raw-deflated content.

Closes #2068
2017-12-20 16:02:42 +01:00
Daniel Stenberg
671f0b506c
Revert "curl: don't set CURLOPT_INTERLEAVEDATA"
This reverts commit 9ffad8eb13.

It was actually added rather recently in 8e8afa82cb due to a crash
that would otherwise happen in the RTSP code. As I don't think we've
fixed that behavior yet, we better keep this work-around until we have
fixed it better.
2017-12-11 00:00:17 +01:00
Michael Kaufmann
4b6f3cff7c tests: mark data files as non-executable in git 2017-12-10 22:36:42 +01:00
Daniel Stenberg
e959f16c5f
multi_done: prune DNS cache
Prune the DNS cache immediately after the dns entry is unlocked in
multi_done. Timed out entries will then get discarded in a more orderly
fashion.

Test506 is updated

Reported-by: Oleg Pudeyev

Fixes #2169
Closes #2170
2017-12-10 14:51:47 +01:00
Daniel Stenberg
9ffad8eb13
curl: don't set CURLOPT_INTERLEAVEDATA
That data is only ever used by the CURLOPT_INTERLEAVEFUNCTION callback
and that option isn't set or used by the curl tool!

Updates the 9 tests that verify --libcurl

Closes #2167
2017-12-08 23:40:54 +01:00
Daniel Stenberg
07cb27c98e
conncache: fix several lock issues
If the lock is released before the dealings with the bundle is over, it may
have changed by another thread in the mean time.

Fixes #2132
Fixes #2151
Closes #2139
2017-12-05 23:21:02 +01:00
Daniel Stenberg
615edc1f73
sasl_getmesssage: make sure we have a long enough string to pass
For pop3/imap/smtp, added test 891 to somewhat verify the pop3
case.

For this, I enhanced the pingpong test server to be able to send back
responses with LF-only instead of always using CRLF.

Closes #2150
2017-12-05 17:05:44 +01:00
Nikos Mavrogiannopoulos
38aef6dc45
libssh2: return CURLE_UPLOAD_FAILED on failure to upload
This brings its in sync with the error code returned by the
libssh backend.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-12-01 17:35:15 +01:00
Nikos Mavrogiannopoulos
75427291e5
libssh2: send the correct CURLE error code on scp file not found
That also updates tests to expect the right error code

libssh2 back-end returns CURLE_SSH error if the remote file
is not found. Expect instead CURLE_REMOTE_FILE_NOT_FOUND
which is sent by the libssh backend.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2017-12-01 17:35:15 +01:00
Daniel Stenberg
0b664ba968
wildcardmatch: fix heap buffer overflow in setcharset
The code would previous read beyond the end of the pattern string if the
match pattern ends with an open bracket when the default pattern
matching function is used.

Detected by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161

CVE-2017-8817

Bug: https://curl.haxx.se/docs/adv_2017-ae72.html
2017-11-27 08:19:34 +01:00
Matthew Kerwin
3da4ebad30
test: add test for bad UNC/SMB path in file: URL 2017-11-24 23:13:16 +01:00
Matthew Kerwin
d7c103746c
test: add tests to ensure basic file: URLs 2017-11-24 23:13:16 +01:00
Michael Kaufmann
914f4ed279
test1264: verify URL with space in host name being rejected 2017-11-22 11:14:44 +01:00
Daniel Stenberg
fa939220df
url: reject ASCII control characters and space in host names
Host names like "127.0.0.1 moo" would otherwise be accepted by some
getaddrinfo() implementations.

Updated test 1034 and 1035 accordingly.

Fixes #2073
Closes #2092
2017-11-22 11:14:06 +01:00
Daniel Stenberg
715f1f53e0
resolve: allow IP address within [] brackets
... so that IPv6 addresses can be passed like they can for connect-to
and how they're used in URLs.

Added test 1324 to verify
Reported-by: Alex Malinovich

Fixes #2087
Closes #2091
2017-11-17 15:26:08 +01:00
Michael Kaufmann
ae7369b6d0 URL: return error on malformed URLs with junk after IPv6 bracket
Follow-up to aadb7c7. Verified by new test 1263.

Closes #2072
2017-11-14 18:20:56 +01:00
Daniel Stenberg
edd1f45c9f
test1554: verify connection cache sharing 2017-11-09 11:07:44 +01:00
Patrick Monnerat
11bf1796cd HTTP: implement Brotli content encoding
This uses the brotli external library (https://github.com/google/brotli).
Brotli becomes a feature: additional curl_version_info() bit and
structure fields are provided for it and CURLVERSION_NOW bumped.

Tests 314 and 315 check Brotli content unencoding with correct and
erroneous data.

Some tests are updated to accomodate with the now configuration dependent
parameters of the Accept-Encoding header.
2017-11-05 15:28:16 +01:00
Patrick Monnerat
dbcced8e32 HTTP: support multiple Content-Encodings
This is implemented as an output streaming stack of unencoders, the last
calling the client write procedure.

New test 230 checks this feature.

Bug: https://github.com/curl/curl/pull/2002
Reported-By: Daniel Bankhead
2017-11-05 15:09:48 +01:00
Daniel Stenberg
ee8016b3de curl: speed up handling of many URLs
By properly keeping track of the last entry in the list of URLs/uploads
to handle, curl now avoids many meaningless traverses of the list which
speeds up many-URL handling *MASSIVELY* (several magnitudes on 100K
URLs).

Added test 1291, to verify that it doesn't take ages - but we don't have
any detection of "too slow" command in the test suite.

Reported-by: arainchik on github
Fixes #1959
Closes #2052
2017-11-04 20:56:26 +01:00
Daniel Stenberg
90abb74ff0 curl: pass through [] in URLs instead of calling globbing error
Assisted-by: Per Lundberg
Fixes #2044
Closes #2046
Closes #2048
2017-11-04 10:23:27 +01:00
Patrick Monnerat
f82f952d2f cli tool: in -F option arg, comma is a delimiter for files only
Also upgrade test 1133 to cover this case and clarify man page about
form data quoting.

Bug: https://github.com/curl/curl/issues/2022
Reported-By: omau on github
2017-10-29 16:23:06 +01:00
Florin
f20cbac970
auth: Added test cases for RFC7616
Updated docs to include support for RFC7616

Signed-off-by: Florin <petriuc.florin@gmail.com>

Closes #1934
2017-10-28 16:33:09 +02:00
Daniel Stenberg
f0364f7e31
curl_fnmatch: return error on illegal wildcard pattern
... instead of doing an infinite loop!

Added test 1162 to verify.

Reported-by: Max Dymond
Fixes #2015
Closes #2017
2017-10-26 13:37:45 +02:00
Daniel Stenberg
769647e714
ftp: reject illegal IP/port in PASV 227 response
... by using range checks. Among other things, this avoids an undefined
behavior for a left shift that could happen on negative or very large
values.

Closes #1997

Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694
2017-10-20 15:06:25 +02:00
Patrick Monnerat
8351ab4510 test653: check reuse of easy handle after mime data change
See issue #1999
2017-10-20 14:01:14 +01:00
Patrick Monnerat
aeaa22de8e test308: disable if MultiSSL feature enabled
Even if OpenSSL is enabled, it might not be the default backend when
multi-ssl is enabled, causing the test to fail.
2017-10-19 20:16:05 +01:00
Patrick Monnerat
34def509ef test652: curl_mime_data + base64 encoder with large contents 2017-10-19 18:37:19 +01:00
Patrick Monnerat
a8742efe42 mime: limit bas64-encoded lines length to 76 characters 2017-10-19 18:33:27 +01:00
Daniel Stenberg
10a659dbf6
test651: curl_formadd with huge COPYCONTENTS 2017-10-13 07:55:47 +02:00
Patrick Monnerat
0401734dfd mime: keep "text/plain" content type if user-specified.
Include test cases in 554, 587, 650.

Fixes https://github.com/curl/curl/issues/1986
2017-10-12 19:36:16 +01:00
Patrick Monnerat
665b3e48bc cli tool: reimplement stdin buffering in -F option.
If stdin is not a regular file, its content is memory-buffered to enable
a possible data "rewind".
In all cases, stdin data size is determined before real use to avoid
having an unknown part's size.

--libcurl generated code is left as an unbuffered stdin fread/fseek callback
part with unknown data size.

Buffering is not supported in deprecated curl_formadd() API.
2017-10-12 14:25:59 +01:00
Daniel Stenberg
06bba26e37
test950; verify SMTP with custom request 2017-10-10 23:00:53 +02:00
Daniel Stenberg
ecf21c551f
FTP: URL decode path for dir listing in nocwd mode
Reported-by: Zenju on github

Test 244 added to verify
Fixes #1974
Closes #1976
2017-10-10 15:02:38 +02:00
Daniel Stenberg
00fb811e2b
test298: verify --ftp-method nowcwd with URL encoded path
Ref: #1974
2017-10-09 22:50:40 +02:00
Kristiyan Tsaklev
c95c92da75
curl: don't pass semicolons when parsing Content-Disposition
Test 1422 updated to verify.

Closes #1964
2017-10-09 10:37:27 +02:00
Daniel Stenberg
232dffcf24
RTSP: avoid integer overflow on funny RTSP response
... like a very large non-existing RTSP version number.

Added test 577 to verify.

Detected by OSS-fuzz.
Closes #1969
2017-10-09 00:41:48 +02:00
Daniel Stenberg
b2df2d47e5
Revert "multi_done: wait for name resolve to finish if still ongoing"
This reverts commit f3e03f6c0a.

Caused memory leaks in the fuzzer, needs to be done differently.

Disable test 1553 for now too, as it causes memory leaks without this
commit!
2017-10-08 00:55:10 +02:00
Daniel Stenberg
5b54df06d2
pingpong: return error when trying to send without connection
When imap_done() got called before a connection is setup, it would try
to "finish up" and dereffed a NULL pointer.

Test case 1553 managed to reproduce. I had to actually use a host name
to try to resolve to slow it down, as using the normal local server IP
will make libcurl get a connection in the first curl_multi_perform()
loop and then the bug doesn't trigger.

Fixes #1953
Assisted-by: Max Dymond
2017-10-07 00:20:31 +02:00
Dan Fandrich
0af5ac27c3 tests: added flaky keyword to tests 587 and 644
These are around 5% flaky in my Linux x86 autobuilds.
2017-10-06 23:04:40 +02:00
Daniel Stenberg
7f1140c8bf
multi_cleanup: call DONE on handles that never got that
... fixes a memory leak with at least IMAP when remove_handle is never
called and the transfer is abruptly just abandoned early.

Test 1552 added to verify

Detected by OSS-fuzz
Assisted-by: Max Dymond
Closes #1954
2017-10-06 16:48:39 +02:00
Daniel Stenberg
2322891330
test1153: verify quoted double-qoutes in PWD response 2017-10-02 07:50:18 +02:00
Daniel Stenberg
5ff2c5ff25
FTP: zero terminate the entry path even on bad input
... a single double quote could leave the entry path buffer without a zero
terminating byte. CVE-2017-1000254

Test 1152 added to verify.

Reported-by: Max Dymond
Bug: https://curl.haxx.se/docs/adv_20171004.html
2017-10-02 07:50:17 +02:00
Daniel Stenberg
8392a0cf61
cookie: fix memory leak if path was set twice in header
... this will let the second occurance override the first.

Added test 1161 to verify.

Reported-by: Max Dymond
Fixes #1932
Closes #1933
2017-09-30 23:40:50 +02:00
Dan Fandrich
cecffff561 test650: Use variable replacement to set the host address and port
Otherwise, the test fails when the -b test option is used to set a
different test port range.
2017-09-30 02:10:54 +02:00
Dan Fandrich
df7839b68c Set and use more necessary options when some protocols are disabled
When curl and libcurl are built with some protocols disabled, they stop
setting and receiving some options that don't make sense with those
protocols.  In particular, when HTTP is disabled many options aren't set
that are used only by HTTP.  However, some options that appear to be
HTTP-only are actually used by other protocols as well (some despite
having HTTP in the name) and should be set, but weren't. This change now
causes some of these options to be set and used for more (or for all)
protocols. In particular, this fixes tests 646 through 649 in an
HTTP-disabled build, which use the MIME API in the mail protocols.
2017-09-30 02:10:54 +02:00
Daniel Stenberg
a352e21c0b
test1160: verifies cookie leak for large cookies
The fix done in 20ea22ff73
2017-09-29 12:06:57 +02:00
Michael Kaufmann
eac324f284 http: add custom empty headers to repeated requests
Closes #1920
2017-09-28 21:25:22 +02:00
Daniel Stenberg
3b05f79ef8
imap: quote atoms properly when escaping characters
Updates test 800 to verify

Fixes #1902
Closes #1903
2017-09-22 14:43:37 +02:00
Daniel Stenberg
a4db3f7046
tests: make the imap server not verify user+password
... as the test cases themselves do that and it makes it easier to add
crazy test cases.

Test 800 updated to use user name + password that need quoting.

Test 856 updated to trigger an auth fail differently.

Ref: #1902
2017-09-22 14:43:33 +02:00
Patrick Monnerat
ee56fdb691 form/mime: field names are not allowed to contain zero-valued bytes.
Also suppress length argument of curl_mime_name() (names are always
zero-terminated).
2017-09-22 01:08:29 +01:00
Pavel P
5fe85587cc
cookies: use lock when using CURLINFO_COOKIELIST
Closes #1896
2017-09-19 23:48:48 +02:00
Daniel Stenberg
2bc230de63
cookies: reject oversized cookies
... instead of truncating them.

There's no fixed limit for acceptable cookie names in RFC 6265, but the
entire cookie is said to be less than 4096 bytes (section 6.1). This is
also what browsers seem to implement.

We now allow max 5000 bytes cookie header. Max 4095 bytes length per
cookie name and value. Name + value together may not exceed 4096 bytes.

Added test 1151 to verify

Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html
Reported-by: Kevin Smith

Closes #1894
2017-09-18 22:55:50 +02:00
Isaac Boukris
56d949d31a
tests: add initial gssapi test using stub implementation
The stub implementation is pre-loaded using LD_PRELOAD
and emulates common gssapi uses (only builds if curl is
initially built with gssapi support).

The initial tests are currently disabled for debug builds
as LD_PRELOAD is not used then.

Ref: https://github.com/curl/curl/pull/1687
2017-09-15 14:09:08 +02:00
Daniel Stenberg
65872efea7
test1150: verify same host fetch using different ports over proxy
Closes #1889
2017-09-15 08:13:37 +02:00
Patrick Monnerat
3620e569b3 form API: add new test 650.
Now that the form API is deprecated and not used anymore in curl tool,
a lot of its features left untested. Test 650 attempts to check all these
features not tested elsewhere.
2017-09-07 19:11:02 +01:00
Patrick Monnerat
63ef436ea1 mime: implement encoders.
curl_mime_encoder() is operational and documented.
curl tool -F option is extended with ";encoder=".
curl tool --libcurl option generates calls to curl_mime_encoder().
New encoder tests 648 & 649.
Test 1404 extended with an encoder specification.
2017-09-05 17:55:51 +01:00
Daniel Stenberg
328ce03d53 fixup data/test1135 2017-09-05 17:33:16 +01:00
Daniel Stenberg
3130414ce7
http-proxy: treat all 2xx as CONNECT success
Added test 1904 to verify.

Reported-by: Lawrence Wagerfield
Fixes #1859
Closes #1860
2017-09-05 09:47:46 +02:00
Daniel Stenberg
4ed618c023
test1135: fixed after bd8070085f 2017-09-04 11:44:42 +02:00
Patrick Monnerat
1ab9e9b50a lib: bump version info (soname). Adapt and reenable test 1135. 2017-09-04 00:35:53 +01:00
Patrick Monnerat
7e36b30da8 mime: fix signed/unsigned conversions.
Use and generate CURL_ZERO_TERMINATED in curl tool and tests.
2017-09-03 17:51:18 +01:00
Patrick Monnerat
1a3f4c1991 mime: remove support "-" stdin pseudo-file name in curl_mime_filedata().
This feature is badly supported in Windows: as a replacement, a caller has
to use curl_mime_data_cb() with fread, fseek and possibly fclose
callbacks to process opened files.

The cli tool and documentation are updated accordingly.

The feature is however kept internally for form API compatibility, with
the known caveats it always had.

As a side effect, stdin size is not determined by the cli tool even if
possible and this results in a chunked transfer encoding. Test 173 is
updated accordingly.
2017-09-03 14:45:43 +01:00
Patrick Monnerat
3baf36edf6 mime: tests and examples.
Additional mime-specific tests.
Existing tests updated to reflect small differences (Expect: 100-continue,
data size change due to empty lines, etc).
Option -F headers= keyword added to tests.
test1135 disabled until the entry point order change is resolved.
New example smtp-mime.
Examples postit2 and multi-post converted from form API to mime API.
2017-09-02 19:08:45 +01:00
Patrick Monnerat
5bae72734b test564: Add a warning comment about shell profile output.
Shell profile output makes the SSH server failing and this problem reason
is not easy to find when no hint is given.
2017-09-02 13:01:15 +01:00
Johannes Schindelin
1328f69d53
vtls: introduce curl_global_sslset()
Let's add a compile time safe API to select an SSL backend. This
function needs to be called *before* curl_global_init(), and can be
called only once.

Side note: we do not explicitly test that it is called before
curl_global_init(), but we do verify that it is not called multiple times
(even implicitly).

If SSL is used before the function was called, it will use whatever the
CURL_SSL_BACKEND environment variable says (or default to the first
available SSL backend), and if a subsequent call to
curl_global_sslset() disagrees with the previous choice, it will fail
with CURLSSLSET_TOO_LATE.

The function also accepts an "avail" parameter to point to a (read-only)
NULL-terminated list of available backends. This comes in real handy if
an application wants to let the user choose between whatever SSL backends
the currently available libcurl has to offer: simply call

	curl_global_sslset(-1, NULL, &avail);

which will return CURLSSLSET_UNKNOWN_BACKEND and populate the avail
variable to point to the relevant information to present to the user.

Just like with the HTTP/2 push functions, we have to add the function
declaration of curl_global_sslset() function to the header file
*multi.h* because VMS and OS/400 require a stable order of functions
declared in include/curl/*.h (where the header files are sorted
alphabetically). This looks a bit funny, but it cannot be helped.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-08-28 14:56:59 +02:00
Daniel Stenberg
befaa7b14f
imap: support PREAUTH
It is a defined possible greeting at server startup that means the
connection is already authenticated. See
https://tools.ietf.org/html/rfc3501#section-7.1.4

Test 846 added to verify.

Fixes #1818
Closes #1820
2017-08-23 23:58:49 +02:00
Dan Fandrich
78a6d917c5 test1453: Fixed <features> 2017-08-23 09:03:13 +02:00
Even Rouault
16c71fafb9
tftp: fix memory leak on too long filename
Fixes

$ valgrind --leak-check=full ~/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz

==9752== Memcheck, a memory error detector
==9752== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==9752== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==9752== Command: /home/even/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz
==9752==
curl: (71) TFTP file name too long

==9752==
==9752== HEAP SUMMARY:
==9752== 505 bytes in 1 blocks are definitely lost in loss record 11 of 11
==9752==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9752==    by 0x4E61CED: Curl_urldecode (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E75868: tftp_state_machine (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E761B6: tftp_do (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E711B6: multi_runsingle (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E71D00: curl_multi_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E6950D: curl_easy_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x40E0B7: operate_do (in /home/even/install-curl-git/bin/curl)
==9752==    by 0x40E849: operate (in /home/even/install-curl-git/bin/curl)
==9752==    by 0x402693: main (in /home/even/install-curl-git/bin/curl)

Fixes https://oss-fuzz.com/v2/testcase-detail/5232311106797568
Credit to OSS Fuzz

Closes #1808
2017-08-19 23:26:30 +02:00
Daniel Stenberg
c95eff4a11
ftp: fix CWD when doing multicwd then nocwd on same connection
Fixes #1782
Closes #1787
Reported-by: Peter Lamare
2017-08-17 10:08:11 +02:00
Viktor Szakats
b7b4dc0d49 ssh: add the ability to enable compression (for SCP/SFTP)
The required low-level logic was already available as part of
`libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1]
option.)

This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION`
(boolean) and the new `curl` command-line option `--compressed-ssh`
to request this `libssh2` feature. To have compression enabled, it
is required that the SSH server supports a (zlib) compatible
compression method and that `libssh2` was built with `zlib` support
enabled.

[1] https://www.libssh2.org/libssh2_session_flag.html

Ref: https://github.com/curl/curl/issues/1732
Closes https://github.com/curl/curl/pull/1735
2017-08-17 03:32:00 -04:00