1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-25 17:48:48 -05:00
Commit Graph

10738 Commits

Author SHA1 Message Date
Bastien Bouclet
9910d6b9a4
mbedtls: add error message for cert validity starting in the future
Closes #4552
2019-11-02 22:59:13 +01:00
Jay Satiro
9c49824902 schannel_verify: Fix concurrent openings of CA file
- Open the CA file using FILE_SHARE_READ mode so that others can read
  from it as well.

Prior to this change our schannel code opened the CA file without
sharing which meant concurrent openings (eg an attempt from another
thread or process) would fail during the time it was open without
sharing, which in curl's case would cause error:
"schannel: failed to open CA file".

Bug: https://curl.haxx.se/mail/lib-2019-10/0104.html
Reported-by: Richard Alcock
2019-11-01 18:02:59 -04:00
Daniel Stenberg
c2b01cce5c
gtls: make gnutls_bye() not wait for response on shutdown
... as it can make it wait there for a long time for no good purpose.

Patched-by: Jay Satiro
Reported-by: Bylon2 on github
Adviced-by: Nikos Mavrogiannopoulos

Fixes #4487
Closes #4541
2019-10-31 09:10:50 +01:00
Daniel Stenberg
dcd7e37c3a
url: make Curl_close() NULLify the pointer too
This is the common pattern used in the code and by a unified approach we
avoid mistakes.

Closes #4534
2019-10-30 09:36:21 +01:00
Daniel Stenberg
0cbd6f8df7
url: Curl_free_request_state() should also free doh handles
... or risk DoH memory leaks.

Reported-by: Paul Dreik
Fixes #4463
Closes #4527
2019-10-29 22:48:19 +01:00
Javier Blazquez
9f5b26d23f HTTP3: fix invalid use of sendto for connected UDP socket
On macOS/BSD, trying to call sendto on a connected UDP socket fails
with a EISCONN error. Because the singleipconnect has already called
connect on the socket when we're trying to use it for QUIC transfers
we need to use plain send instead.

Fixes #4529
Closes https://github.com/curl/curl/pull/4533
2019-10-28 15:00:33 -04:00
Javier Blazquez
e0ee3d9f9b
HTTP3: fix Windows build
The ngtcp2 QUIC backend was using the MSG_DONTWAIT flag for send/recv
in order to perform nonblocking operations. On Windows this flag does
not exist. Instead, the socket must be set to nonblocking mode via
ioctlsocket.

This change sets the nonblocking flag on UDP sockets used for QUIC on
all platforms so the use of MSG_DONTWAIT is not needed.

Fixes #4531
Closes #4532
2019-10-28 09:21:43 +01:00
Francois Rivard
8986df802d
schannel: reverse the order of certinfo insertions
Fixes #4518
Closes #4519
2019-10-24 16:30:40 +02:00
Daniel Stenberg
807c056c08
conn-reuse: requests wanting NTLM can reuse non-NTLM connections
Added test case 338 to verify.

Reported-by: Daniel Silverstone
Fixes #4499
Closes #4514
2019-10-23 10:15:39 +02:00
Daniel Stenberg
95a4cfd888
http2_recv: a closed stream trumps pause state
... and thus should return 0, not EAGAIN.

Reported-by: Tom van der Woerdt
Fixes #4496
Closes #4505
2019-10-18 23:23:48 +02:00
Daniel Stenberg
59041f052a
http2: expire a timeout at end of stream
To make sure that transfer is being dealt with. Streams without
Content-Length need a final read to notice the end-of-stream state.

Reported-by: Tom van der Woerdt
Fixes #4496
2019-10-18 23:23:43 +02:00
Daniel Stenberg
e062043433
url: normalize CURLINFO_EFFECTIVE_URL
The URL extracted with CURLINFO_EFFECTIVE_URL was returned as given as
input in most cases, which made it not get a scheme prefixed like before
if the URL was given without one, and it didn't remove dotdot sequences
etc.

Added test case 1907 to verify that this now works as intended and as
before 7.62.0.

Regression introduced in 7.62.0

Reported-by: Christophe Dervieux
Fixes #4491
Closes #4493
2019-10-16 14:10:55 +02:00
Marcel Raad
a626fa128c
security: silence conversion warning
With MinGW-w64, `curl_socket_t` is is a 32 or 64 bit unsigned integer,
while `read` expects a 32 bit signed integer.
Use `sread` instead of `read` to use the correct parameter type.

Closes https://github.com/curl/curl/pull/4483
2019-10-13 22:10:12 +02:00
Marcel Raad
be16d8d994
connect: silence sign-compare warning
With MinGW-w64 using WinSock, `curl_socklen_t` is signed, while the
result of `sizeof` is unsigned.

Closes https://github.com/curl/curl/pull/4483
2019-10-13 22:09:59 +02:00
Harry Sintonen
0dc14b8381
socketpair: fix include and define for older TCP header systems
fixed build for systems that need netinet/in.h for IPPROTO_TCP and are
missing INADDR_LOOPBACK

Closes #4480
2019-10-10 23:20:15 +02:00
Daniel Stenberg
622cf7db6b
socketpair: fix double-close in error case
Follow-up to bc2dbef0af
2019-10-10 11:18:21 +02:00
Daniel Stenberg
1b843bb5ed
gskit: use the generic Curl_socketpair 2019-10-10 11:04:38 +02:00
Daniel Stenberg
9c76f694de
asyn-thread: make use of Curl_socketpair() where available 2019-10-10 11:04:38 +02:00
Daniel Stenberg
bc2dbef0af
socketpair: an implemention for Windows and more
Curl_socketpair() is designed to be used and work everywhere if there's
no native version or the native version isn't good enough.

Closes #4466
2019-10-10 11:04:38 +02:00
Daniel Stenberg
490effc193
connect: return CURLE_OPERATION_TIMEDOUT for errno == ETIMEDOUT
Previosly all connect() failures would return CURLE_COULDNT_CONNECT, no
matter what errno said.

This makes for example --retry work on these transfer failures.

Reported-by: Nathaniel J. Smith
Fixes #4461
Clsoes #4462
2019-10-09 14:16:28 +02:00
Nicolas
8bb3a95ce1 ldap: fix OOM error on missing query string
- Allow missing queries, don't return NO_MEMORY error in such a case.

It is acceptable for there to be no specified query string, for example:

curl ldap://ldap.forumsys.com

A regression bug in 1b443a7 caused this issue.

This is a partial fix for #4261.

Bug: https://github.com/curl/curl/issues/4261#issuecomment-525543077
Reported-by: Jojojov@users.noreply.github.com
Analyzed-by: Samuel Surtees

Closes https://github.com/curl/curl/pull/4467
2019-10-05 19:47:31 -04:00
Paul B. Omta
df85b86a92 build: Remove unused HAVE_LIBSSL and HAVE_LIBCRYPTO defines
Closes https://github.com/curl/curl/pull/4460
2019-10-05 19:18:30 -04:00
Daniel Stenberg
b902b0632d
ngtcp2: adapt to API change
Closes #4457
2019-10-04 10:31:36 +02:00
Daniel Stenberg
249541f12f
cookies: change argument type for Curl_flush_cookies
The second argument is really a 'bool' so use that and pass in TRUE/FALSE
to make it clear.

Closes #4455
2019-10-03 22:56:28 +02:00
Daniel Stenberg
8a00560de2
http2: move state-init from creation to pre-transfer
To make sure that the HTTP/2 state is initialized correctly for
duplicated handles. It would otherwise easily generate "spurious"
PRIORITY frames to get sent over HTTP/2 connections when duplicated easy
handles were used.

Reported-by: Daniel Silverstone
Fixes #4303
Closes #4442
2019-10-03 22:55:42 +02:00
Daniel Stenberg
02c6b984cb
urlapi: fix use-after-free bug
Follow-up from 2c20109a9b

Added test 663 to verify.

Reported by OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/17954

Closes #4453
2019-10-03 22:54:26 +02:00
Paul Dreik
13ecc0725f
cookie: avoid harmless use after free
This fix removes a use after free which can be triggered by
the internal cookie fuzzer, but otherwise is probably
impossible to trigger from an ordinary application.

The following program reproduces it:

        curl_global_init(CURL_GLOBAL_DEFAULT);
        CURL*  handle=curl_easy_init();
        CookieInfo* info=Curl_cookie_init(handle,NULL,NULL,false);
        curl_easy_setopt(handle, CURLOPT_COOKIEJAR, "/dev/null");
        Curl_flush_cookies(handle, true);
        Curl_cookie_cleanup(info);
        curl_easy_cleanup(handle);
        curl_global_cleanup();

This was found through fuzzing.

Closes #4454
2019-10-03 15:43:50 +02:00
Niall
0f48055c40
ESNI: initial build/setup
Closes #4011
2019-10-02 12:33:08 +02:00
Daniel Stenberg
c6f250c4d6
redirect: when following redirects to an absolute URL, URL encode it
... to make it handle for example (RFC violating) embeded spaces.

Reported-by: momala454 on github
Fixes #4445
Closes #4447
2019-10-02 07:53:32 +02:00
Daniel Stenberg
2c20109a9b
urlapi: fix URL encoding when setting a full URL 2019-10-02 07:53:17 +02:00
Kunal Ekawde
c124e6b3c0
CURLMOPT_MAX_CONCURRENT_STREAMS: new setopt
Closes #4410
2019-10-02 07:47:48 +02:00
Daniel Stenberg
f0f053fed0
chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING error
Unknown content-encoding would get returned as CURLE_WRITE_ERROR if the
response is chunked-encoded.

Reported-by: Ilya Kosarev
Fixes #4310
Closes #4449
2019-10-02 07:46:05 +02:00
Marcel Raad
ac830139da
checksrc: fix uninitialized variable warning
The loop doesn't need to be executed without a file argument.

Closes https://github.com/curl/curl/pull/4444
2019-10-01 10:47:45 +02:00
Marcel Raad
0f62c9af8b
urlapi: fix unused variable warning
`dest` is only used with `ENABLE_IPV6`.

Closes https://github.com/curl/curl/pull/4444
2019-10-01 10:47:41 +02:00
Marcel Raad
69d95b6d4c
lib: silence conversion warnings
Closes https://github.com/curl/curl/pull/4444
2019-10-01 10:47:37 +02:00
Daniel Stenberg
c24cf6c64c
altsvc: accept quoted ma and persist values
As mandated by the spec. Test 1654 is extended to verify.

Closes #4443
2019-09-30 16:35:12 +02:00
lucas
19338e9721 quiche: update HTTP/3 config creation to new API 2019-09-29 22:40:58 +01:00
Daniel Stenberg
d0a7ee3f61
cookies: using a share with cookies shouldn't enable the cookie engine
The 'share object' only sets the storage area for cookies. The "cookie
engine" still needs to be enabled or activated using the normal cookie
options.

This caused the curl command line tool to accidentally use cookies
without having been told to, since curl switched to using shared cookies
in 7.66.0.

Test 1166 verifies

Updated test 506

Fixes #4429
Closes #4434
2019-09-28 18:10:43 +02:00
Daniel Stenberg
ed73509157
setopt: handle ALTSVC set to NULL 2019-09-27 16:26:50 +02:00
Zenju
500fb0e4cb
FTP: url-decode path before evaluation
Closes #4428
2019-09-27 08:29:54 +02:00
julian
c7e6b71e5a vtls: Fix comment typo about macosx-version-min compiler flag
Closes https://github.com/curl/curl/pull/4425
2019-09-27 01:46:49 -04:00
Daniel Stenberg
b6532b809f
quiche: don't close connection at end of stream! 2019-09-26 16:06:11 +02:00
Daniel Stenberg
2377465901
quiche: set 'drain' when returning without having drained the queues 2019-09-26 15:45:58 +02:00
Daniel Stenberg
ea7744a07e
Revert "FTP: url-decode path before evaluation"
This reverts commit 2f036a72d5.
2019-09-26 14:53:19 +02:00
Zenju
2f036a72d5
FTP: url-decode path before evaluation
Closes #4423
2019-09-26 13:57:44 +02:00
Daniel Stenberg
0ab38f5fd6
openssl: use strerror on SSL_ERROR_SYSCALL
Instead of showing the somewhat nonsensical errno number, use strerror()
to provide a more relatable error message.

Closes #4411
2019-09-26 13:55:18 +02:00
Jay Satiro
cded993700 url: don't set appconnect time for non-ssl/non-ssh connections
Prior to this change non-ssl/non-ssh connections that were reused set
TIMER_APPCONNECT [1]. Arguably that was incorrect since no SSL/SSH
handshake took place.

[1]: TIMER_APPCONNECT is publicly known as CURLINFO_APPCONNECT_TIME in
libcurl and %{time_appconnect} in the curl tool. It is documented as
"the time until the SSL/SSH handshake is completed".

Reported-by: Marcel Hernandez

Ref: https://github.com/curl/curl/issues/3760

Closes https://github.com/curl/curl/pull/3773
2019-09-26 03:04:26 -04:00
Daniel Stenberg
217812fa9e
ngtcp2: remove fprintf() calls
- convert some of them to H3BUF() calls to infof()
- remove some of them completely
- made DEBUG_HTTP3 defined only if CURLDEBUG is set for now

Closes #4421
2019-09-25 23:28:58 +02:00
Jay Satiro
af3ced3b9c
url: fix the NULL hostname compiler warning case
Closes #4403
2019-09-25 14:35:02 +02:00
Daniel Stenberg
218a62a6ce
altsvc: correct the #ifdef for the ngtcp2 backend 2019-09-25 12:13:43 +02:00