1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Commit Graph

22779 Commits

Author SHA1 Message Date
Daniel Stenberg
a06311be27
test395: HTTP with overflow Content-Length value 2018-01-13 22:49:31 +01:00
Daniel Stenberg
67595e7d23
test394: verify abort of rubbish in Content-Length: value 2018-01-13 22:49:31 +01:00
Daniel Stenberg
ac17d79473
test393: verify --max-filesize with excessive Content-Length 2018-01-13 22:49:31 +01:00
Daniel Stenberg
f68e672715
HTTP: bail out on negative Content-Length: values
... and make the max filesize check trigger if the value is too big.

Updates test 178.

Reported-by: Brad Spencer
Fixes #2212
Closes #2223
2018-01-13 22:49:04 +01:00
Dan Johnson
0616dfa1e0
configure.ac: append extra linker flags instead of prepending them.
Link order should list libraries after the libraries that use them,
so when we're guessing that we might also need to add -ldl in order
to use -lssl, we should add -ldl after -lssl.

Closes https://github.com/curl/curl/pull/2234
2018-01-13 10:46:57 +01:00
Daniel Stenberg
650b9c1d65
RELEASE-NOTES: synced with 6fa10c8fa 2018-01-13 10:30:25 +01:00
Jay Satiro
6fa10c8fa2 setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
Broken since f121575 (precedes 7.56.1).

Bug: https://github.com/curl/curl/issues/2225
Reported-by: cmfrolick@users.noreply.github.com

Closes https://github.com/curl/curl/pull/2227
2018-01-13 02:57:30 -05:00
Patrick Monnerat
3b548ffde9 setopt: reintroduce non-static Curl_vsetopt() for OS400 support
This also upgrades ILE/RPG bindings with latest setopt options.

Reported-By: jonrumsey on github
Fixes #2230
Closes #2233
2018-01-13 01:28:19 +01:00
Zhouyihai Ding
fa3dbb9a14 http2: fix incorrect trailer buffer size
Prior to this change the stored byte count of each trailer was
miscalculated and 1 less than required. It appears any trailer
after the first that was passed to Curl_client_write would be truncated
or corrupted as well as the size. Potentially the size of some
subsequent trailer could be erroneously extracted from the contents of
that trailer, and since that size is used by client write an
out-of-bounds read could occur and cause a crash or be otherwise
processed by client write.

The bug appears to have been born in 0761a51 (precedes 7.49.0).

Closes https://github.com/curl/curl/pull/2231
2018-01-11 02:33:24 -05:00
Basuke Suzuki
2a6dbb8155 easy: fix connection ownership in curl_easy_pause
Before calling Curl_client_chop_write(), change the owner of connection
to the current Curl_easy handle. This will fix the issue #2217.

Fixes https://github.com/curl/curl/issues/2217
Closes https://github.com/curl/curl/pull/2221
2018-01-09 02:50:18 -05:00
Dimitrios Apostolou
89f6804734 system.h: Additionally check __LONG_MAX__ for defining curl_off_t
__SIZEOF_LONG__ was introduced in GCC 4.4, __LONG_MAX__ was introduced
in GCC 3.3.

Closes #2216
2018-01-09 17:46:49 +13:00
Daniel Stenberg
14d07be37b COPYING: it's 2018! 2018-01-09 17:08:14 +13:00
Daniel Stenberg
a8ce5efba9 progress: calculate transfer speed on milliseconds if possible
to increase accuracy for quick transfers

Fixes #2200
Closes #2206
2018-01-08 23:45:09 +13:00
Jay Satiro
d4e40f0690 scripts: allow all perl scripts to be run directly
- Enable execute permission (chmod +x)

- Change interpreter to /usr/bin/env perl

Closes https://github.com/curl/curl/pull/2222
2018-01-07 15:42:11 -05:00
Jay Satiro
e4f86025d6 mail-rcpt.d: fix short-text description 2018-01-07 01:04:36 -05:00
Jay Satiro
908a9a6742 build: remove HAVE_LIMITS_H check
.. because limits.h presence isn't optional, it's required by C89.

Ref: http://port70.net/~nsz/c/c89/c89-draft.html#2.2.4.2

Closes https://github.com/curl/curl/pull/2215
2018-01-05 23:34:30 -05:00
Jay Satiro
129390a518 openssl: fix memory leak of SSLKEYLOGFILE filename
- Free the copy of SSLKEYLOGFILE env returned by curl_getenv during ossl
  initialization.

Caught by ASAN.
2018-01-03 15:22:41 -05:00
Jay Satiro
272613df02 Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX"
This reverts commit c97648b550.

SIZEOF_LONG should not be checked in system.h since that macro is only
defined when building libcurl.

Ref: https://github.com/curl/curl/pull/2186#issuecomment-354767080
Ref: https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html
2018-01-02 15:54:33 -05:00
Michael Kaufmann
481539e902 test1554: improve the error handling 2017-12-30 16:52:51 +01:00
Michael Kaufmann
593dcc553a test1554: add global initialization and cleanup 2017-12-30 16:43:50 +01:00
Daniel Stenberg
dc831260b2 curl_version_info.3: call the argument 'age'
Reported-by: Pete Lomax
Bug: https://curl.haxx.se/mail/lib-2017-12/0074.html
2017-12-29 22:15:12 +13:00
Mikalai Ananenka
58d7cd28a0 brotli: data at the end of content can be lost
Decoding loop implementation did not concern the case when all
received data is consumed by Brotli decoder and the size of decoded
data internally hold by Brotli decoder is greater than CURL_MAX_WRITE_SIZE.
For content with unencoded length greater than CURL_MAX_WRITE_SIZE this
can result in the loss of data at the end of content.

Closes #2194
2017-12-27 13:00:54 +01:00
Jay Satiro
a0f3eaf25d examples/cacertinmem: ignore cert-already-exists error
- Ignore X509_R_CERT_ALREADY_IN_HASH_TABLE errors in the CTX callback
  since it's possible the cert may have already been loaded by libcurl.

- Remove the EXAMPLE code in the CURLOPT_SSL_CTX_FUNCTION.3 doc.
  Instead have it direct the reader to this cacertinmem.c example.

- Fix the CA certificate to use the right CA for example.com, Digicert.

Bug: https://curl.haxx.se/mail/lib-2017-12/0057.html
Reported-by: Thomas van Hesteren

Closes https://github.com/curl/curl/pull/2182
2017-12-26 02:08:35 -05:00
Gisle Vanem
859ac36021 tool_getparam: Support size modifiers for --max-filesize
- Move the size modifier detection code from limit-rate to its own
  function so that it can also be used with max-filesize.

Size modifiers are the suffixes such as G (gigabyte), M (megabyte) etc.

For example --max-filesize 1G

Ref: https://curl.haxx.se/mail/archive-2017-12/0000.html

Closes https://github.com/curl/curl/pull/2179
2017-12-26 02:01:48 -05:00
Steve Holme
b399b04902 build: Fixed incorrect script termination from commit ad1dc10e61 2017-12-22 20:21:40 +00:00
Steve Holme
a9b774a773 Makefile.vc: Added our standard copyright header 2017-12-22 18:49:37 +00:00
Steve Holme
22fddb85ac winbuild: Added support for VC15 2017-12-22 18:44:35 +00:00
Steve Holme
ad1dc10e61 build: Added Visual Studio 2017 project files 2017-12-22 17:58:41 +00:00
Steve Holme
d409640d66 build-wolfssl.bat: Added support for VC15 2017-12-22 16:08:54 +00:00
Steve Holme
a4e88317dd build-openssl.bat: Added support for VC15 2017-12-22 15:44:19 +00:00
Dimitrios Apostolou
c97648b550 curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX
Closes https://github.com/curl/curl/pull/2186
2017-12-22 03:04:36 -05:00
Mattias Fornander
b437557896 examples/rtsp: fix error handling macros
Closes https://github.com/curl/curl/pull/2185
2017-12-22 02:59:08 -05:00
Patrick Monnerat
f009bbe1f6 curl_easy_reset: release mime-related data.
Move curl_mime_initpart() and curl_mime_cleanpart() calls to lower-level
functions dealing with UserDefined structure contents.
This avoids memory leakages on curl-generated part mime headers.
New test 2073 checks this using the cli tool --next option: it
triggers a valgrind error if bug is present.

Bug: https://curl.haxx.se/mail/lib-2017-12/0060.html
Reported-by: Martin Galvan
2017-12-20 19:33:50 +01:00
Patrick Monnerat
4acc9d3d1a content_encoding: rework zlib_inflate
- When zlib version is < 1.2.0.4, process gzip trailer before considering
extra data as an error.
- Inflate with Z_BLOCK instead of Z_SYNC_FLUSH to maximize correct data
and minimize corrupt data output.
- Do not try to restart deflate decompression in raw mode if output has
started or if the leading data is not available anymore.
- New test 232 checks inflating raw-deflated content.

Closes #2068
2017-12-20 16:02:42 +01:00
Patrick Monnerat
e639d4ca4d brotli: allow compiling with version 0.6.0.
Some error codes were not yet defined in brotli 0.6.0: do not issue code
for them in this case.
2017-12-20 15:30:35 +01:00
Daniel Stenberg
9c6a6be882
CURLOPT_READFUNCTION.3: refer to argument with correct name
Bug: #2175

[ci skip]
2017-12-13 08:18:10 +01:00
Daniel Stenberg
02f207a76b
rand: add a clang-analyzer work-around
scan-build would warn on a potential access of an uninitialized
buffer. I deem it a false positive and had to add this somewhat ugly
work-around to silence it.
2017-12-13 00:45:42 +01:00
Daniel Stenberg
13ce373a5b
krb5: fix a potential access of uninitialized memory
A scan-build warning.
2017-12-13 00:36:39 +01:00
Daniel Stenberg
41982b6ac9
conncache: fix a return code [regression]
This broke in 07cb27c98e. Make sure to return 'result' properly. Pointed
out by scan-build!
2017-12-12 23:54:35 +01:00
Daniel Stenberg
5d0ba70e17
curl: support >256 bytes warning messsages
Bug: #2174
2017-12-12 19:59:29 +01:00
Michael Kaufmann
188a43a8fd libssh: fix a syntax error in configure.ac
Follow-up to c92d2e1

Closes #2172
2017-12-12 17:46:24 +01:00
Daniel Stenberg
7ef0c2d861
examples/smtp-mail.c: use separate defines for options and mail
... to make it clearer that the options want address-only, while the
headers in an email can also have the real name.

Assisted-by: Sean MacLennan
2017-12-12 15:28:05 +01:00
Daniel Stenberg
621b24505f
THANKS: added missing names
... as I reran the contrithanks script after the mailmap name fixups.
2017-12-12 08:46:29 +01:00
Daniel Stenberg
cc0cca1baf
mailmap: added/clarified several names 2017-12-12 08:37:13 +01:00
Daniel Stenberg
9d7a59c8fa
setopt: less *or equal* than INT_MAX/1000 should be fine
... for the CURLOPT_TIMEOUT, CURLOPT_CONNECTTIMEOUT and
CURLOPT_SERVER_RESPONSE_TIMEOUT range checks.

Reported-by: Dominik Hölzl
Bug: https://curl.haxx.se/mail/lib-2017-12/0037.html

Closes #2173
2017-12-12 08:02:17 +01:00
dmitrykos
2437dbbf12
vtls: replaced getenv() with curl_getenv()
Fixed undefined symbol of getenv() which does not exist when compiling
for Windows 10 App (CURL_WINDOWS_APP). Replaced getenv() with
curl_getenv() which is aware of getenv() absence when CURL_WINDOWS_APP
is defined.

Closes #2171
2017-12-12 08:02:07 +01:00
Daniel Stenberg
ef5633d4b3
RELEASE-NOTES: synced with 3b9ea70ee 2017-12-11 13:52:49 +01:00
Daniel Stenberg
3b9ea70ee7
TODO: Expose tried IP addresses that failed
Suggested-by: Rainer Canavan

Closes #2126
2017-12-11 13:41:03 +01:00
Daniel Stenberg
48c184a604
curl.1: mention http:// and https:// as valid proxy prefixes 2017-12-11 13:24:42 +01:00
Daniel Stenberg
76db03dd9a
curl.1: documented two missing valid exit codes 2017-12-11 13:11:47 +01:00