1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-15 14:05:03 -05:00
Commit Graph

1570 Commits

Author SHA1 Message Date
Steve Holme
9352a40779
url: Make the IDN conversion functions available to others 2020-02-26 11:01:47 +00:00
Daniel Stenberg
14916a82e2
altsvc: make saving the cache an atomic operation
... by writing the file to temp name then rename to the final when done.

Assisted-by: Jay Satiro
Fixes #4936
Closes #4942
2020-02-18 07:49:21 +01:00
Steve Holme
f8f4a94465
url: Include the failure reason when curl_win32_idn_to_ascii() fails
Provide the failure reason in the failf() info just as we do for the
libidn2 version of code.

Closes #4899
2020-02-09 11:38:54 +00:00
Pedro Monreal
4b6fd29f1a cleanup: fix typos and wording in docs and comments
Closes #4869
Reviewed-by: Emil Engler and Daniel Gustafsson
2020-02-02 18:43:01 +01:00
Steve Holme
6ef123522a ntlm: Move the winbind data into the NTLM data structure
To assist with adding winbind support to the SASL NTLM authentication,
move the winbind specific data out of conndata into ntlmdata.
2020-02-02 12:23:48 +01:00
Daniel Stenberg
db9af34634
multi_done: if multiplexed, make conn->data point to another transfer
... since the current transfer is being killed. Setting to NULL is
wrong, leaving it pointing to 'data' is wrong since that handle might be
about to get freed.

Fixes #4845
Closes #4858
Reported-by: dmitrmax on github
2020-01-28 13:00:41 +01:00
Peter Piekarski
34e6bc42b0
conn: do not reuse connection if SOCKS proxy credentials differ
Closes #4835
2020-01-24 17:00:58 +01:00
nao
dea17b519d
http: move "oauth_bearer" from connectdata to Curl_easy
Fixes the bug where oauth_bearer gets deallocated when we re-use a
connection.

Closes #4824
2020-01-21 10:32:43 +01:00
Daniel Stenberg
9607532873
ConnectionExists: respect the max_concurrent_streams limits
A regression made the code use 'multiplexed' as a boolean instead of the
counter it is intended to be. This made curl try to "over-populate"
connections with new streams.

This regression came with 41fcdf71a1, shipped in curl 7.65.0.

Also, respect the CURLMOPT_MAX_CONCURRENT_STREAMS value in the same
check.

Reported-by: Kunal Ekawde
Fixes #4779
Closes #4784
2020-01-13 15:44:58 +01:00
Daniel Stenberg
6773c7ca65
wolfSSH: new SSH backend
Adds support for SFTP (not SCP) using WolfSSH.

Closes #4231
2020-01-12 17:19:12 +01:00
Daniel Stenberg
8c0807aa16
create_conn: prefer multiplexing to using new connections
... as it would previously prefer new connections rather than
multiplexing in most conditions! The (now removed) code was a leftover
from the Pipelining code that was translated wrongly into a
multiplex-only world.

Reported-by: Kunal Ekawde
Bug: https://curl.haxx.se/mail/lib-2019-12/0060.html
Closes #4732
2019-12-19 09:00:56 +01:00
Daniel Stenberg
ee263de7a3
conncache: fix multi-thread use of shared connection cache
It could accidentally let the connection get used by more than one
thread, leading to double-free and more.

Reported-by: Christopher Reid
Fixes #4544
Closes #4557
2019-12-09 15:30:09 +01:00
Jay Satiro
9c1806ae46 build: Disable Visual Studio warning "conditional expression is constant"
- Disable warning C4127 "conditional expression is constant" globally
  in curl_setup.h for when building with Microsoft's compiler.

This mainly affects building with the Visual Studio project files found
in the projects dir.

Prior to this change the cmake and winbuild build systems already
disabled 4127 globally for when building with Microsoft's compiler.
Also, 4127 was already disabled for all build systems in the limited
circumstance of the WHILE_FALSE macro which disabled the warning
specifically for while(0). This commit removes the WHILE_FALSE macro and
all other cruft in favor of disabling globally in curl_setup.

Background:

We have various macros that cause 0 or 1 to be evaluated, which would
cause warning C4127 in Visual Studio. For example this causes it:

    #define Curl_resolver_asynch() 1

Full behavior is not clearly defined and inconsistent across versions.
However it is documented that since VS 2015 Update 3 Microsoft has
addressed this somewhat but not entirely, not warning on while(true) for
example.

Prior to this change some C4127 warnings occurred when I built with
Visual Studio using the generated projects in the projects dir.

Closes https://github.com/curl/curl/pull/4658
2019-12-01 19:01:02 -05:00
Jay Satiro
1f6a18685e lib: Move lib/ssh.h -> lib/vssh/ssh.h
Follow-up to 5b2d703 which moved ssh source files to vssh.

Closes https://github.com/curl/curl/pull/4609
2019-11-17 23:27:39 -05:00
Wyatt O'Day
93738efe16 build: fix for CURL_DISABLE_DOH
Fixes https://github.com/curl/curl/issues/4565
Closes https://github.com/curl/curl/pull/4566
2019-11-06 23:48:10 -05:00
Daniel Stenberg
dcd7e37c3a
url: make Curl_close() NULLify the pointer too
This is the common pattern used in the code and by a unified approach we
avoid mistakes.

Closes #4534
2019-10-30 09:36:21 +01:00
Daniel Stenberg
0cbd6f8df7
url: Curl_free_request_state() should also free doh handles
... or risk DoH memory leaks.

Reported-by: Paul Dreik
Fixes #4463
Closes #4527
2019-10-29 22:48:19 +01:00
Daniel Stenberg
807c056c08
conn-reuse: requests wanting NTLM can reuse non-NTLM connections
Added test case 338 to verify.

Reported-by: Daniel Silverstone
Fixes #4499
Closes #4514
2019-10-23 10:15:39 +02:00
Daniel Stenberg
e062043433
url: normalize CURLINFO_EFFECTIVE_URL
The URL extracted with CURLINFO_EFFECTIVE_URL was returned as given as
input in most cases, which made it not get a scheme prefixed like before
if the URL was given without one, and it didn't remove dotdot sequences
etc.

Added test case 1907 to verify that this now works as intended and as
before 7.62.0.

Regression introduced in 7.62.0

Reported-by: Christophe Dervieux
Fixes #4491
Closes #4493
2019-10-16 14:10:55 +02:00
Daniel Stenberg
249541f12f
cookies: change argument type for Curl_flush_cookies
The second argument is really a 'bool' so use that and pass in TRUE/FALSE
to make it clear.

Closes #4455
2019-10-03 22:56:28 +02:00
Daniel Stenberg
8a00560de2
http2: move state-init from creation to pre-transfer
To make sure that the HTTP/2 state is initialized correctly for
duplicated handles. It would otherwise easily generate "spurious"
PRIORITY frames to get sent over HTTP/2 connections when duplicated easy
handles were used.

Reported-by: Daniel Silverstone
Fixes #4303
Closes #4442
2019-10-03 22:55:42 +02:00
Jay Satiro
cded993700 url: don't set appconnect time for non-ssl/non-ssh connections
Prior to this change non-ssl/non-ssh connections that were reused set
TIMER_APPCONNECT [1]. Arguably that was incorrect since no SSL/SSH
handshake took place.

[1]: TIMER_APPCONNECT is publicly known as CURLINFO_APPCONNECT_TIME in
libcurl and %{time_appconnect} in the curl tool. It is documented as
"the time until the SSL/SSH handshake is completed".

Reported-by: Marcel Hernandez

Ref: https://github.com/curl/curl/issues/3760

Closes https://github.com/curl/curl/pull/3773
2019-09-26 03:04:26 -04:00
Jay Satiro
af3ced3b9c
url: fix the NULL hostname compiler warning case
Closes #4403
2019-09-25 14:35:02 +02:00
Daniel Stenberg
389426e3d0
url: remove dead code
Fixes warning detected by PVS-Studio
Fixes #4374
2019-09-20 08:07:13 +02:00
Daniel Stenberg
3ab45650e2
url: part of expression is always true: (bundle->multiuse == 0)
Fixes warning detected by PVS-Studio
Fixes #4374
2019-09-20 08:07:11 +02:00
Daniel Stenberg
3c5f9ba899
url: only reuse TLS connections with matching pinning
If the requests have different CURLOPT_PINNEDPUBLICKEY strings set, the
connection should not be reused.

Bug: https://curl.haxx.se/mail/lib-2019-09/0061.html
Reported-by: Sebastian Haglund

Closes #4347
2019-09-19 14:58:24 +02:00
Daniel Stenberg
beb4350917
url: cleanup dangling DOH request headers too
Follow-up to 9bc44ff64d

Credit to OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/17269

Closes #4372
2019-09-18 07:48:49 +02:00
Daniel Stenberg
9bc44ff64d
doh: clean up dangling DOH handles and memory on easy close
If you set the same URL for target as for DoH (and it isn't a DoH
server), like "https://example.com" in both, the easy handles used for
the DoH requests could be left "dangling" and end up not getting freed.

Reported-by: Paul Dreik
Closes #4366
2019-09-16 17:31:56 +02:00
Daniel Stenberg
5050edb124
cleanup: move functions out of url.c and make them static
Closes #4289
2019-09-03 13:11:12 +02:00
Daniel Stenberg
e59540139a
cleanup: remove DOT_CHAR completely
Follow-up to f9c7ba9096

The use of DOT_CHAR for ".ssh" was probably a mistake and is removed
now.

Pointed-out-by: Gisle Vanem
Bug: https://github.com/curl/curl/pull/4230#issuecomment-522960638

Closes #4247
2019-08-20 23:07:59 +02:00
Daniel Stenberg
69b3ff5118
alt-svc: add protocol version selection masking
So that users can mask in/out specific HTTP versions when Alt-Svc is
used.

 - Removed "h2c" and updated test case accordingly
 - Changed how the altsvc struct is laid out
 - Added ifdefs to make the unittest run even in a quiche-tree

Closes #4201
2019-08-08 09:10:29 +02:00
Daniel Stenberg
a93b43cde8
http3: fix the HTTP/3 in the request, make alt-svc set right versions
Closes #4200
2019-08-08 08:28:43 +02:00
Daniel Stenberg
98c3f14871
alt-svc: send Alt-Used: in redirected requests
RFC 7838 section 5:

   When using an alternative service, clients SHOULD include an Alt-Used
   header field in all requests.

Removed CURLALTSVC_ALTUSED again (feature is still EXPERIMENTAL thus
this is deemed ok).

You can disable sending this header just like you disable any other HTTP
header in libcurl.

Closes #4199
2019-08-08 08:24:37 +02:00
Daniel Stenberg
fd00e14adb
curl.h: add CURL_HTTP_VERSION_3 to the version enum
It can't be set for CURLOPT_HTTP_VERSION, but it can be extracted with
CURLINFO_HTTP_VERSION.
2019-08-07 12:51:52 +02:00
Steve Holme
7c469fa537 sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in addition to the
authentication identity (authcid) and password when using SASL PLAIN
authentication.

Fixes #3653
Closes #3790

NOTE: This commit was cherry-picked and is part of a series of commits
that added the authzid feature for upcoming 7.66.0. The series was
temporarily reverted in db8ec1f so that it would not ship in a 7.65.x
patch release.

Closes https://github.com/curl/curl/pull/4186
2019-08-06 11:38:20 -04:00
Daniel Stenberg
a42b0957ab
http09: disable HTTP/0.9 by default in both tool and library
As the plan has been laid out in DEPRECATED. Update docs accordingly and
verify in test 1174. Now requires the option to be set to allow HTTP/0.9
responses.

Closes #4191
2019-08-06 00:08:14 +02:00
Daniel Stenberg
cc28a502bc
url: make use of new HTTP version if alt-svc has one 2019-08-03 21:55:51 +02:00
Daniel Stenberg
a9a2b26830
url: set conn->transport to default TCP at init time 2019-08-03 21:55:51 +02:00
Daniel Stenberg
b1616dad8f
timediff: make it 64 bit (if possible) even with 32 bit time_t
... to make it hold microseconds too.

Fixes #4165
Closes #4168
2019-08-01 07:43:24 +02:00
Daniel Stenberg
a55faf33d4
cleanup: remove the 'numsocks' argument used in many places
It was used (intended) to pass in the size of the 'socks' array that is
also passed to these functions, but was rarely actually checked/used and
the array is defined to a fixed size of MAX_SOCKSPEREASYHANDLE entries
that should be used instead.

Closes #4169
2019-07-30 23:16:44 +02:00
Daniel Stenberg
3af0e76d1e
HTTP3: initial (experimental) support
USe configure --with-ngtcp2 or --with-quiche

Using either option will enable a HTTP3 build.
Co-authored-by: Alessandro Ghedini <alessandro@ghedini.me>

Closes #3500
2019-07-21 23:49:03 +02:00
Jay Satiro
e8442e4ffc libcurl: Restrict redirect schemes (follow-up)
- Allow FTPS on redirect.

- Update default allowed redirect protocols in documentation.

Follow-up to 6080ea0.

Ref: https://github.com/curl/curl/pull/4094

Closes https://github.com/curl/curl/pull/4115
2019-07-17 00:48:40 -04:00
Linos Giannopoulos
6080ea098d
libcurl: Restrict redirect schemes
All protocols except for CURLPROTO_FILE/CURLPROTO_SMB and their TLS
counterpart were allowed for redirect. This vastly broadens the
exploitation surface in case of a vulnerability such as SSRF [1], where
libcurl-based clients are forced to make requests to arbitrary hosts.

For instance, CURLPROTO_GOPHER can be used to smuggle any TCP-based
protocol by URL-encoding a payload in the URI. Gopher will open a TCP
connection and send the payload.

Only HTTP/HTTPS and FTP are allowed. All other protocols have to be
explicitly enabled for redirects through CURLOPT_REDIR_PROTOCOLS.

[1]: https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/

Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr>

Closes #4094
2019-07-14 16:29:55 +02:00
Daniel Stenberg
755083d00d
conn_maxage: move the check to prune_dead_connections()
... and avoid the locking issue.

Reported-by: Kunal Ekawde
Fixes #4029
Closes #4032
2019-06-17 23:51:26 +02:00
Cliff Crosland
f67009dd98 url: Fix CURLOPT_MAXAGE_CONN time comparison
Old connections are meant to expire from the connection cache after
CURLOPT_MAXAGE_CONN seconds. However, they actually expire after 1000x
that value. This occurs because a time value measured in milliseconds is
accidentally divided by 1M instead of by 1,000.

Closes https://github.com/curl/curl/pull/4013
2019-06-12 01:10:22 -04:00
Daniel Stenberg
094b5f3540
multi: make sure 'data' can present in several sockhash entries
Since more than one socket can be used by each transfer at a given time,
each sockhash entry how has its own hash table with transfers using that
socket.

In addition, the sockhash entry can now be marked 'blocked = TRUE'"
which then makes the delete function just set 'removed = TRUE' instead
of removing it "for real", as a way to not rip out the carpet under the
feet of a parent function that iterates over the transfers of that same
sockhash entry.

Reported-by: Tom van der Woerdt
Fixes #3961
Fixes #3986
Fixes #3995
Fixes #4004
Closes #3997
2019-06-10 00:47:48 +02:00
Steve Holme
09eef8af18
url: Load if_nametoindex() dynamically from iphlpapi.dll on Windows
This fixes the static dependency on iphlpapi.lib and allows curl to
build for targets prior to Windows Vista.

This partially reverts 170bd047.

Fixes #3960
Closes #3958
2019-05-29 07:19:20 +01:00
Daniel Stenberg
6961322f70
parse_proxy: make sure portptr is initialized
Reported-by: Benbuck Nason

fixes #3959
2019-05-28 23:50:49 +02:00
Daniel Stenberg
a6183ab23a
url: default conn->port to the same as conn->remote_port
... so that it has a sensible value when ConnectionExists() is called which
needs it set to differentiate host "bundles" correctly on port number!

Also, make conncache:hashkey() use correct port for bundles that are proxy vs
host connections.

Probably a regression from 7.62.0

Reported-by: Tom van der Woerdt
Fixes #3956
Closes #3957
2019-05-28 23:00:42 +02:00
Daniel Stenberg
2f11fbf208
conncache: make "bundles" per host name when doing proxy tunnels
Only HTTP proxy use where multiple host names can be used over the same
connection should use the proxy host name for bundles.

Reported-by: Tom van der Woerdt
Fixes #3951
Closes #3955
2019-05-28 16:23:59 +02:00
Jay Satiro
db8ec1fa38
Revert all SASL authzid (new feature) commits
- Revert all commits related to the SASL authzid feature since the next
  release will be a patch release, 7.65.1.

Prior to this change CURLOPT_SASL_AUTHZID  / --sasl-authzid was destined
for the next release, assuming it would be a feature release 7.66.0.
However instead the next release will be a patch release, 7.65.1 and
will not contain any new features.

After the patch release after the reverted commits can be restored by
using cherry-pick:

git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690

Details for all reverted commits:

Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()."

This reverts commit 0edf6907ae.

Revert "tests: Fix the line endings for the SASL alt-auth tests"

This reverts commit c2a8d52a13.

Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples"

This reverts commit 8c1cc369d0.

Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool"

This reverts commit a9499ff136.

Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID"

This reverts commit a14d72ca2f.
2019-05-25 23:36:11 +02:00
Gisle Vanem
9d55e09cfe
Fix typo. 2019-05-24 09:05:28 +02:00
Zenju
170bd047f5
config-win32: add support for if_nametoindex and getsockname
Closes https://github.com/curl/curl/pull/3923
2019-05-23 11:10:28 +02:00
Daniel Stenberg
dc0a671213
url: fix bad #ifdef
Regression since e91e481612.

Reported-by: Tom Greenslade
Fixes #3924
Closes #3925
2019-05-23 09:06:48 +02:00
Steve Holme
a14d72ca2f
sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in addition to the
authentication identity (authcid) and password when using SASL PLAIN
authentication.

Fixed #3653
Closes #3790
2019-05-22 22:55:05 +01:00
Daniel Stenberg
12e564ca20
parse_proxy: use the IPv6 zone id if given
If the proxy string is given as an IPv6 numerical address with a zone
id, make sure to use that for the connect to the proxy.

Reported-by: Edmond Yu

Fixes #3482
Closes #3918
2019-05-22 09:45:43 +02:00
Daniel Stenberg
8fba2d6a6b
url: convert the zone id from a IPv6 URL to correct scope id
Reported-by: GitYuanQu on github
Fixes #3902
Closes #3914
2019-05-21 18:58:45 +02:00
Daniel Stenberg
e91e481612
libcurl: #ifdef away more code for disabled features/protocols 2019-05-17 23:24:34 +02:00
Daniel Stenberg
ee68bbe29c
parse_proxy: use the URL parser API
As we treat a given proxy as a URL we should use the unified URL parser
to extract the parts out of it.

Closes #3878
2019-05-15 12:02:05 +02:00
Steve Holme
85bef18ca1
http_ntlm: Move the NTLM state out of the ntlmdata structure
Given that this member variable is not used by the SASL based protocols
there is no need to have it here.
2019-05-15 00:31:45 +01:00
Steve Holme
be9fd703e0
url: Remove duplicate clean up of the winbind variables in conn_shutdown()
Given that Curl_disconnect() calls Curl_http_auth_cleanup_ntlm() prior
to calling conn_shutdown() and it in turn performs this, there is no
need to perform the same action in conn_shutdown().

Closes #3881
2019-05-14 14:35:11 +01:00
Steve Holme
b5d1de8e21
url: Remove unnecessary initialisation from allocate_conn()
No need to set variables to zero as calloc() does this for us.

Closes #3879
2019-05-14 09:48:16 +01:00
Daniel Stenberg
6d32b72822
proxy: acknowledge DISABLE_PROXY more 2019-05-13 08:17:10 +02:00
Steve Holme
52dfab65d6
auth: Rename the various authentication clean up functions
For consistency and to a avoid confusion.

Closes #3869
2019-05-12 18:37:00 +01:00
Steve Holme
5c2aebe308
http_digest: Don't expose functions when HTTP and Crypto Auth are disabled
Closes #3861
2019-05-11 17:23:32 +01:00
Daniel Stenberg
d37b0936d1
ssh: define USE_SSH if SSH is enabled (any backend)
Closes #3846
2019-05-06 10:14:17 +02:00
Daniel Stenberg
41fcdf71a1
ConnectionExists: improve non-multiplexing use case
- better log output

- make sure multiplex is enabled for it to be used
2019-05-01 22:51:23 +02:00
Daniel Stenberg
e649432e72
CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse
... and disconnect too old ones instead of trying to reuse.

Default max age is set to 118 seconds.

Ref: #3722
Closes #3782
2019-04-21 23:06:23 +02:00
Daniel Stenberg
e06b8bdae6
Curl_disconnect: treat all CONNECT_ONLY connections as "dead"
Since the connection has been used by the "outside" we don't know the
state of it anymore and curl should not use it anymore.

Bug: https://curl.haxx.se/mail/lib-2019-04/0052.html

Closes #3795
2019-04-20 12:40:45 +02:00
Daniel Stenberg
9a4ad1b056
url: always clone the CUROPT_CURLU handle
Since a few code paths actually update that data.

Fixes #3753
Closes #3761

Reported-by: Poul T Lomholt
2019-04-11 22:45:01 +02:00
Daniel Stenberg
2f44e94efb
pipelining: removed
As previously planned and documented in DEPRECATE.md, all pipelining
code is removed.

Closes #3651
2019-04-06 22:49:50 +02:00
Daniel Stenberg
e3a53e3efb
conncache: use conn->data to know if a transfer owns it
- make sure an already "owned" connection isn't returned unless
  multiplexed.

- clear ->data when returning the connection to the cache again

Regression since 7.62.0 (probably in commit 1b76c38904)

Bug: https://curl.haxx.se/mail/lib-2019-03/0064.html

Closes #3686
2019-03-17 18:07:20 +01:00
Dominik Hölzl
6c60355323
Negotiate: fix for HTTP POST with Negotiate
* Adjusted unit tests 2056, 2057
* do not generally close connections with CURLAUTH_NEGOTIATE after every request
* moved negotiatedata from UrlState to connectdata
* Added stream rewind logic for CURLAUTH_NEGOTIATE
* introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC
* Consider authproblem state for CURLAUTH_NEGOTIATE
* Consider reuse_forbid for CURLAUTH_NEGOTIATE
* moved and adjusted negotiate authentication state handling from
  output_auth_headers into Curl_output_negotiate
* Curl_output_negotiate: ensure auth done is always set
* Curl_output_negotiate: Set auth done also if result code is
  GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may
  also indicate the last challenge request (only works with disabled
  Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1)
* Consider "Persistent-Auth" header, detect if not present;
  Reset/Cleanup negotiate after authentication if no persistent
  authentication
* apply changes introduced with #2546 for negotiate rewind logic

Fixes #1261
Closes #1975
2019-03-14 09:26:03 +01:00
Daniel Stenberg
15401fa886
CURLU: fix NULL dereference when used over proxy
Test 659 verifies

Also fixed the test 658 name

Closes #3641
2019-03-04 16:24:08 +01:00
Daniel Stenberg
e1be825453
alt-svc: the libcurl bits 2019-03-03 11:17:52 +01:00
Daniel Stenberg
65eb65fde6
urldata: simplify bytecounters
- no need to have them protocol specific

- no need to set pointers to them with the Curl_setup_transfer() call

- make Curl_setup_transfer() operate on a transfer pointer, not
  connection

- switch some counters from long to the more proper curl_off_t type

Closes #3627
2019-03-01 17:30:34 +01:00
Jay Satiro
7466d1a308 url: change conn shutdown order to unlink data as last step
- Split off connection shutdown procedure from Curl_disconnect into new
  function conn_shutdown.

- Change the shutdown procedure to close the sockets before
  disassociating the transfer.

Prior to this change the sockets were closed after disassociating the
transfer so SOCKETFUNCTION wasn't called since the transfer was already
disassociated. That likely came about from recent work started in
Jan 2019 (#3442) to separate transfers from connections.

Bug: https://curl.haxx.se/mail/lib-2019-02/0101.html
Reported-by: Pavel Löbl

Closes https://github.com/curl/curl/issues/3597
Closes https://github.com/curl/curl/pull/3598
2019-02-22 15:19:42 -05:00
Daniel Stenberg
b08898fb29
connection: never reuse CONNECT_ONLY conections
and make CONNECT_ONLY conections never reuse any existing ones either.

Reported-by: Pavel Löbl
Bug: https://curl.haxx.se/mail/lib-2019-02/0064.html
Closes #3586
2019-02-19 22:50:02 +01:00
Daniel Stenberg
354aa32820
strip_trailing_dot: make sure NULL is never used for strlen
scan-build warning: Null pointer passed as an argument to a 'nonnull'
parameter
2019-02-14 23:30:43 +01:00
Jay Satiro
4015fae044
connection_check: restore original conn->data after the check
- Save the original conn->data before it's changed to the specified
  data transfer for the connection check and then restore it afterwards.

This is a follow-up to 38d8e1b 2019-02-11.

History:

It was discovered a month ago that before checking whether to extract a
dead connection that that connection should be associated with a "live"
transfer for the check (ie original conn->data ignored and set to the
passed in data). A fix was landed in 54b201b which did that and also
cleared conn->data after the check. The original conn->data was not
restored, so presumably it was thought that a valid conn->data was no
longer needed.

Several days later it was discovered that a valid conn->data was needed
after the check and follow-up fix was landed in bbae24c which partially
reverted the original fix and attempted to limit the scope of when
conn->data was changed to only when pruning dead connections. In that
case conn->data was not cleared and the original conn->data not
restored.

A month later it was discovered that the original fix was somewhat
correct; a "live" transfer is needed for the check in all cases
because original conn->data could be null which could cause a bad deref
at arbitrary points in the check. A fix was landed in 38d8e1b which
expanded the scope to all cases. conn->data was not cleared and the
original conn->data not restored.

A day later it was discovered that not restoring the original conn->data
may lead to busy loops in applications that use the event interface, and
given this observation it's a pretty safe assumption that there is some
code path that still needs the original conn->data. This commit is the
follow-up fix for that, it restores the original conn->data after the
connection check.

Assisted-by: tholin@users.noreply.github.com
Reported-by: tholin@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/3542
Closes #3559
2019-02-14 17:42:43 +01:00
Daniel Stenberg
38d8e1bd4e
connection_check: set ->data to the transfer doing the check
The http2 code for connection checking needs a transfer to use. Make
sure a working one is set before handler->connection_check() is called.

Reported-by: jnbr on github
Fixes #3541
Closes #3547
2019-02-11 10:34:34 +01:00
Daniel Stenberg
05b100aee2
cleanup: make local functions static
urlapi: turn three local-only functions into statics

conncache: make conncache_find_first_connection static

multi: make detach_connnection static

connect: make getaddressinfo static

curl_ntlm_core: make hmac_md5 static

http2: make two functions static

http: make http_setup_conn static

connect: make tcpnodelay static

tests: make UNITTEST a thing to mark functions with, so they can be static for
normal builds and non-static for unit test builds

... and mark Curl_shuffle_addr accordingly.

url: make up_free static

setopt: make vsetopt static

curl_endian: make write32_le static

rtsp: make rtsp_connisdead static

warnless: remove unused functions

memdebug: remove one unused function, made another static
2019-02-10 18:38:57 +01:00
Daniel Stenberg
9cb126792c
url/idnconvert: remove scan for <= 32 ascii values
The check was added back in fa939220df before the URL parser would catch
these problems and therefore these will never trigger now.

Closes #3539
2019-02-09 23:39:58 +01:00
Chris Araman
927a5bd1b4 url: close TLS before removing conn from cache
- Fix potential crashes in schannel shutdown.

Ensure any TLS shutdown messages are sent before removing the
association between the connection and the easy handle. Reverts
@bagder's previous partial fix for #3412.

Fixes https://github.com/curl/curl/issues/3412
Fixes https://github.com/curl/curl/issues/3505
Closes https://github.com/curl/curl/pull/3531
2019-02-06 13:33:21 -05:00
Daniel Stenberg
180501cb02
schannel: stop calling it "winssl"
Stick to "Schannel" everywhere. The configure option --with-winssl is
kept to allow existing builds to work but --with-schannel is added as an
alias.

Closes #3504
2019-02-01 08:20:38 +01:00
Daniel Stenberg
bbae24c3ae
extract_if_dead: follow-up to 54b201b48c
extract_if_dead() dead is called from two functions, and only one of
them should get conn->data updated and now neither call path clears it.

scan-build found a case where conn->data would be NULL dereferenced in
ConnectionExists() otherwise.

Closes #3473
2019-01-15 08:49:16 +01:00
Daniel Stenberg
54b201b48c
extract_if_dead: use a known working transfer when checking connections
Make sure that this function sets a proper "live" transfer for the
connection before calling the protocol-specific connection check
function, and then clear it again afterward as a non-used connection has
no current transfer.

Reported-by: Jeroen Ooms
Reviewed-by: Marcel Raad
Reviewed-by: Daniel Gustafsson
Fixes #3463
Closes #3464
2019-01-13 17:09:14 +01:00
Daniel Stenberg
ba243235ec
urldata: rename easy_conn to just conn
We use "conn" everywhere to be a pointer to the connection.

Introduces two functions that "attaches" and "detaches" the connection
to and from the transfer.

Going forward, we should favour using "data->conn" (since a transfer
always only has a single connection or none at all) to "conn->data"
(since a connection can have none, one or many transfers associated with
it and updating conn->data to be correct is error prone and a frequent
reason for internal issues).

Closes #3442
2019-01-11 15:35:13 +01:00
Rikard Falkeborn
fa2d6ba84d
printf: fix format specifiers
Closes #3426
2019-01-04 23:50:48 +01:00
Daniel Gustafsson
ba266b3ed7 url: fix incorrect indentation 2018-12-27 00:05:12 +01:00
Daniel Stenberg
f3ce38739f
disconnect: set conn->data for protocol disconnect
Follow-up to fb445a1e18: Set conn->data explicitly to point out the
current transfer when invoking the protocol-specific disconnect function
so that it can work correctly.

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12173
2018-12-23 23:12:40 +01:00
Daniel Stenberg
85f9aa08d9
conncache_unlock: avoid indirection by changing input argument type 2018-12-22 18:14:56 +01:00
Daniel Stenberg
fb445a1e18
disconnect: separate connections and easy handles better
Do not assume/store assocation between a given easy handle and the
connection if it can be avoided.

Long-term, the 'conn->data' pointer should probably be removed as it is a
little too error-prone. Still used very widely though.

Reported-by: masbug on github
Fixes #3391
Closes #3400
2018-12-22 18:14:50 +01:00
Daniel Stenberg
006ff62d8c
http: added options for allowing HTTP/0.9 responses
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.

For now, both the tool and library allow HTTP/0.9 by default.
docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
months after the 7.64.0 release. The options are added already now so
that applications/scripts can start using them already now.

Fixes #2873
Closes #3383
2018-12-21 10:49:30 +01:00
Daniel Stenberg
dcd6f81025
snprintf: renamed and we now only use msnprintf()
The function does not return the same value as snprintf() normally does,
so readers may be mislead into thinking the code works differently than
it actually does. A different function name makes this easier to detect.

Reported-by: Tomas Hoger
Assisted-by: Daniel Gustafsson
Fixes #3296
Closes #3297
2018-11-23 08:26:51 +01:00
Tobias Hintze
5b4cce2e36
host names: allow trailing dot in name resolve, then strip it
Delays stripping of trailing dots to after resolving the hostname.

Fixes #3022
Closes #3222
2018-11-22 13:40:51 +01:00
Romain Fliedel
6765e6d9e6
ares: remove fd from multi fd set when ares is about to close the fd
When using c-ares for asyn dns, the dns socket fd was silently closed
by c-ares without curl being aware. curl would then 'realize' the fd
has been removed at next call of Curl_resolver_getsock, and only then
notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with
CURL_POLL_REMOVE. At this point the fd is already closed.

By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this
patch allows curl to be notified that the fd is not longer needed
for neither for write nor read. At this point by calling
Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE
before the fd is actually closed by ares.

In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore
since it does not allow passing a different sock_state_cb_data

Closes #3238
2018-11-20 19:58:45 +01:00
Jim Fuller
5c4fe0d826
setopt: add CURLOPT_CURLU
Allows an application to pass in a pre-parsed URL via a URL handle.

Closes #3227
2018-11-09 15:47:28 +01:00
Daniel Stenberg
9df8dc101b
url: a short host name + port is not a scheme
The function identifying a leading "scheme" part of the URL considered a
few letters ending with a colon to be a scheme, making something like
"short:80" to become an unknown scheme instead of a short host name and
a port number.

Extended test 1560 to verify.

Also fixed test203 to use file_pwd to make it get the correct path on
windows. Removed test 2070 since it was a duplicate of 203.

Assisted-by: Marcel Raad
Reported-by: Hagai Auro
Fixes #3220
Fixes #3233
Closes #3223
Closes #3235
2018-11-06 19:11:58 +01:00
Michael Kaufmann
53db15ba55 netrc: don't ignore the login name specified with "--user"
- for "--netrc", don't ignore the login/password specified with "--user",
  only ignore the login/password in the URL.
  This restores the netrc behaviour of curl 7.61.1 and earlier.
- fix the documentation of CURL_NETRC_REQUIRED
- improve the detection of login/password changes when reading .netrc
- don't read .netrc if both login and password are already set

Fixes #3213
Closes #3224
2018-11-05 20:34:01 +01:00