1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-17 06:55:02 -05:00
Commit Graph

8752 Commits

Author SHA1 Message Date
Jay Satiro
723f901195 http2: Improve header parsing
- Error if a header line is larger than supported.

- Warn if cumulative header line length may be larger than supported.

- Allow spaces when parsing the path component.

- Make sure each header line ends in \r\n. This fixes an out of bounds.

- Disallow header continuation lines until we decide what to do.

Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663
2016-04-11 22:06:15 -04:00
Jay Satiro
b71bc694c8 http2: Add Curl_http2_strerror for HTTP/2 error codes
Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663
2016-04-11 21:43:31 -04:00
Tatsuhiro Tsujikawa
a89a211ed8 http2: Don't increment drain when one header field is received
Sicne we write header field in temporary location, not in the memory
that upper layer provides, incrementing drain should not happen.

Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663
2016-04-11 21:43:29 -04:00
Tatsuhiro Tsujikawa
86c633a893 http2: Ensure that http2_handle_stream_close is called
This commit ensures that streams which was closed in on_stream_close
callback gets passed to http2_handle_stream_close.  Previously, this
might not happen.  To achieve this, we increment drain property to
forcibly call recv function for that stream.

To more accurately check that we have no pending event before shutting
down HTTP/2 session, we sum up drain property into
http_conn.drain_total.  We only shutdown session if that value is 0.

With this commit, when stream was closed before reading response
header fields, error code CURLE_HTTP2_STREAM is returned even if
HTTP/2 level error is NO_ERROR.  This signals the upper layer that
stream was closed by error just like TCP connection close in HTTP/1.

Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663
2016-04-11 21:43:28 -04:00
Tatsuhiro Tsujikawa
b5f82148f5 http2: Process paused data first before tear down http2 session
This commit ensures that data from network are processed before HTTP/2
session is terminated.  This is achieved by pausing nghttp2 whenever
different stream than current easy handle receives data.

This commit also fixes the bug that sometimes processing hangs when
multiple HTTP/2 streams are multiplexed.

Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663
2016-04-11 21:43:27 -04:00
Tatsuhiro Tsujikawa
4ec9eeb0c9 http2: Check session closure early in http2_recv
Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663
2016-04-11 21:43:26 -04:00
Tatsuhiro Tsujikawa
92c2a4c053 http2: Add handling stream level error
Previously, when a stream was closed with other than NGHTTP2_NO_ERROR
by RST_STREAM, underlying TCP connection was dropped.  This is
undesirable since there may be other streams multiplexed and they are
very much fine.  This change introduce new error code
CURLE_HTTP2_STREAM, which indicates stream error that only affects the
relevant stream, and connection should be kept open.  The existing
CURLE_HTTP2 means connection error in general.

Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663
2016-04-11 21:43:24 -04:00
Daniel Stenberg
b2a0376350 http2: drain the socket better...
... but ignore EAGAIN if the stream has ended so that we don't end up in
a loop. This is a follow-up to c8ab613 in order to avoid the problem
d261652 was made to fix.

Reported-by: Jay Satiro
Clues-provided-by: Tatsuhiro Tsujikawa

Discussed in #750
2016-04-11 16:01:58 +02:00
Steve Holme
ccf7a82605 CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME
As these two options provide identical functionality, the former for
SOCK5 proxies and the latter for HTTP proxies, merged the two options
together.

As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of
7.49.0.
2016-04-09 20:47:05 +01:00
Steve Holme
830a4e55a2 urldata: Use bool for socks5_gssapi_nec as it is a flag
This value is set to TRUE or FALSE so should be a bool and not a long.
2016-04-09 17:19:21 +01:00
Steve Holme
5ee484c597 url: Ternary operator code style changes 2016-04-09 17:17:37 +01:00
Steve Holme
f044cbe6fc sasl: Fixed compilation errors from commit 9d89a0387
...when GSS-API or Windows SSPI are not used.
2016-04-09 05:57:10 +01:00
Steve Holme
43116218c0 url: Corrected comments following 9d89a0387 2016-04-09 05:33:03 +01:00
Steve Holme
2568453b05 Makefile: Fixed echo of checksrc check 2016-04-08 20:36:29 +01:00
Steve Holme
d6b4de083f checksrc: Fix issue with the autobuilds not picking up the whitelist 2016-04-08 20:32:40 +01:00
Steve Holme
52cfc957cf checksrc: Added missing vauth and vtls directories 2016-04-08 20:22:14 +01:00
Steve Holme
9d89a03872 ftp/imap/pop3/smtp: Allow the service name to be overridden
Allow the service name to be overridden for DIGIST-MD5 and Kerberos 5
authentication in FTP, IMAP, POP3 and SMTP.
2016-04-08 18:59:33 +01:00
Steve Holme
39d68b47e1 http_negotiate: Calculate service name and proxy service name locally
Calculate the service name and proxy service names locally, rather than
in url.c which will allow for us to support overriding the service name
for other protocols such as FTP, IMAP, POP3 and SMTP.
2016-04-08 18:41:41 +01:00
Damien Vielpeau
83b39a4f4d mbedtls: fix MBEDTLS_DEBUG builds 2016-04-07 16:12:50 +02:00
Daniel Stenberg
c111178bd4 mbedtls: implement and provide *_data_pending()
... as otherwise we might get stuck thinking there's no more data to
handle.

Reported-by: Damien Vielpeau

Fixes #737
2016-04-07 16:10:10 +02:00
Daniel Stenberg
ef802c9b85 mbedtls: follow-up for the previous commit 2016-04-07 15:32:18 +02:00
Daniel Stenberg
464bbfd6f5 mbedtls.c: name space pollution fix, Use 'Curl_' 2016-04-07 15:19:35 +02:00
Daniel Stenberg
5446549719 mbedtls.c: changed private prefix to mbed_
mbedtls_ is the prefix used by the mbedTLS library itself so we should
avoid using that for our private functions.
2016-04-07 15:16:01 +02:00
Daniel Stenberg
fdae85f68b mbedtls.h: fix compiler warnings 2016-04-07 15:11:05 +02:00
Michael Kaufmann
3a8e38de2e HTTP2: Add a space character after the status code
The space character after the status code is mandatory, even if the
reason phrase is empty (see RFC 7230 section 3.1.2)

Closes #755
2016-04-06 14:35:08 +02:00
Viktor Szakats
a24f71aac4 URLs: change http to https in many places
Closes #754
2016-04-06 11:58:34 +02:00
Steve Holme
cbc52ff341 vauth: Corrected a number of typos in comments
Reported-by: Michael Osipov
2016-04-06 00:21:07 +01:00
Daniel Stenberg
c8ab61312c http2: fix connection reuse when PING comes after last DATA
It turns out the google GFE HTTP/2 servers send a PING frame immediately
after a stream ends and its last DATA has been received by curl. So if
we don't drain that from the socket, it makes the socket readable in
subsequent checks and libcurl then (wrongly) assumes the connection is
dead when trying to reuse the connection.

Reported-by: Joonas Kuorilehto

Discussed in #750
2016-04-05 20:27:38 +02:00
Daniel Stenberg
e230044adf multi: remove trailing space in debug output 2016-04-05 16:36:45 +02:00
Daniel Stenberg
a8b51a179a lib/src: fix the checksrc invoke
... now works correctly when invoke from the root makefile
2016-04-03 23:07:30 +02:00
Daniel Stenberg
1571da69b5 nw: please the stricter checksrc 2016-04-03 23:07:30 +02:00
Daniel Stenberg
a71012c03e code: style updates 2016-04-03 22:38:36 +02:00
Daniel Stenberg
9d194a1143 checksrc: check for more malplaced spaces 2016-04-03 22:38:36 +02:00
Daniel Stenberg
19fafa1f5a checksrc: remove debug crap 2016-04-03 22:38:36 +02:00
Daniel Stenberg
21e8e5d990 checksrc: allow ignore of specific warnings within a file (section) 2016-04-03 22:38:36 +02:00
Daniel Stenberg
dc3ff47dc7 checksrc: add warning names, explain on help output 2016-04-03 22:38:36 +02:00
Steve Holme
9feb2676a4 vauth: Removed the need for a separate GSS-API based SPN function 2016-04-03 20:26:03 +01:00
Steve Holme
e655ae0c80 curl_sasl: Fixed potential null pointer utilisation
Although this should never happen due to the relationship between the
'mech' and 'resp' variables, and the way they are allocated together,
it does cause problems for code analysis tools:

V595 The 'mech' pointer was utilized before it was verified against
     nullptr. Check lines: 376, 381. curl_sasl.c 376

Bug: https://github.com/curl/curl/issues/745
Reported-by: Alexis La Goutte
2016-04-03 17:55:17 +01:00
Steve Holme
7a7cdf264d spnego: Small code tidy up
* Prefer dereference of string pointer rather than strlen()
* Free challenge pointer in one place
* Additional comments
2016-04-03 17:32:10 +01:00
Steve Holme
1d451bdd99 krb5: Small code tidy up
* Prefer dereference of string pointer rather than strlen()
* Free challenge pointer in one place
* Additional comments
2016-04-03 17:30:51 +01:00
Steve Holme
156b8287a7 krb5_gssapi: Only process challenge when present
This wouldn't cause a problem because of the way the function is called,
but prior to this change, we were processing the challenge message when
the credentials were NULL rather than when the challenge message was
populated.

This also brings this part of the Kerberos 5 code in line with the
Negotiate code.
2016-04-03 17:17:20 +01:00
Steve Holme
73f1096335 krb5: Fixed missing client response when mutual authentication enabled
Although mutual authentication is currently turned off and can only be
enabled by changing libcurl source code, authentication using Kerberos
5 has been broken since commit 79543caf90 in this use case.
2016-04-03 17:02:44 +01:00
Steve Holme
61152e7d94 krb5_sspi: Only process challenge when present
This wouldn't cause a problem because of the way the function is called,
but prior to this change, we were processing the challenge message when
the credentials were NULL rather than when the challenge message was
populated.

This also brings this part of the Kerberos 5 code in line with the
Negotiate code.
2016-04-03 11:45:02 +01:00
Steve Holme
228cd71c6f krb5_sspi: Only generate the output token when its not allocated
Prior to this change, we were generating the output token when the
credentials were NULL rather than when the output token was NULL.

This also brings this part of the Kerberos 5 code in line with the
Negotiate code.
2016-04-03 11:25:12 +01:00
Steve Holme
2d2c67e3ed krb5: Only generate a SPN when its not known
Prior to this change, we were generating the SPN in the SSPI code when
the credentials were NULL and in the GSS-API code when the context was
empty. It is better to decouple the SPN generation from these checks
and only generate it when the SPN itself is NULL.

This also brings this part of the Kerberos 5 code in line with the
Negotiate code.
2016-04-03 11:15:03 +01:00
Daniel Stenberg
c7e4266a2e checksrc.whitelist: remove fopen() uses 2016-04-03 11:57:21 +02:00
Daniel Stenberg
36b5dff030 formdata: use appropriate fopen() macros 2016-04-03 11:57:04 +02:00
Daniel Stenberg
5ea3d2ff06 checksrc: improve the fopen() parser somewhat
The quote scanner was too fragile, now look for a comma instead to find
the mode argument.
2016-04-03 11:29:14 +02:00
Daniel Stenberg
eca93542d6 http2: make use of the nghttp2 error callback
It offers extra info from nghttp2 in certain error cases. Like for
example when trying prior-knowledge http2 on a server that doesn't speak
http2 at all. The error message is passed on as a verbose message to
libcurl.

Discussed in #722

The error callback was added in nghttp2 1.9.0
2016-04-02 16:27:30 +02:00
Steve Holme
2aaa63b555 spnego: Renamed the context's SPN variable
To be consistent with the Kerberos 5 context and other authentication
code.
2016-04-02 06:41:29 +01:00