1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-10 11:35:07 -05:00
Commit Graph

7496 Commits

Author SHA1 Message Date
Dan Fandrich
1cef8f0bc3 url.c: Fixed memory leak on OOM
This showed itself on some systems with torture failures
in tests 1060 and 1061
2014-07-09 23:55:12 +02:00
Dan Fandrich
3ae2b6cd7f Update instances of some obsolete CURLOPTs to their new names 2014-07-05 22:47:13 +02:00
Marcel Raad
8ffe6f5b57 compiler warnings: potentially uninitialized variables
... pointed out by MSVC2013

Bug: http://curl.haxx.se/bug/view.cgi?id=1391
2014-07-05 01:42:10 +02:00
Kamil Dudka
ca2aa61b66 nss: make the list of CRL items global
Otherwise NSS could use an already freed item for another connection.
2014-07-04 13:15:03 +02:00
Kamil Dudka
52cd5ac21c nss: fix a memory leak when CURLOPT_CRLFILE is used 2014-07-04 08:25:05 +02:00
Kamil Dudka
caa4db8a51 nss: make crl_der allocated on heap
... and spell it as crl_der instead of crlDER
2014-07-04 00:37:40 +02:00
Kamil Dudka
2968f957aa nss: let nss_{cache,load}_crl return CURLcode 2014-07-04 00:20:59 +02:00
Ray Satiro
907520c4b9 progress callback: skip last callback update on errors
When an error has been detected, skip the final forced call to the
progress callback by making sure to pass the current return code
variable in the Curl_done() call in the CURLM_STATE_DONE state.

This avoids the "extra" callback that could occur even if you returned
error from the progress callback.

Bug: http://curl.haxx.se/mail/lib-2014-06/0062.html
Reported by: Jonathan Cardoso Machado
2014-07-02 23:53:25 +02:00
Kamil Dudka
7581dee10a nss: make the fallback to SSLv3 work again
This feature was unintentionally disabled by commit ff92fcfb.
2014-07-02 18:11:05 +02:00
Kamil Dudka
7c21558503 nss: do not abort on connection failure
... due to calling SSL_VersionRangeGet() with NULL file descriptor

reported-by: upstream tests 305 and 404
2014-07-02 17:59:03 +02:00
Colin Hogben
0ab9e0c9d9 lib: documentation updates in README.hostip
c-ares now does support IPv6;
avoid implying threaded resolver is Windows-only;
two referenced source files were renamed in 7de2f92
2014-06-21 19:49:48 +02:00
Dan Fandrich
34d02aff71 sasl: Added back qop argument mistakenly removed in e95ca7ce
This caused segfaults on tests 823 869 907.
2014-06-15 14:11:35 +02:00
Dan Fandrich
740ebcd86e https: Fix build when http2 is disabled 2014-06-15 12:24:47 +02:00
Daniel Stenberg
c06e76f6fe http2: better return code error checking 2014-06-14 00:11:01 +02:00
Lindley French
964e43c5e2 conncache: move the connection counter to the cache struct
The static connection counter caused a race condition. Moving the
connection id counter into conncache solves it, as well as simplifying
the related logic.
2014-06-13 15:05:24 +02:00
Daniel Stenberg
d5d98c1297 http2: avoid segfault when usint the plain-text http2
This regression was introduced when *init was split into *init and
*setup...
2014-06-12 23:38:09 +02:00
Daniel Stenberg
3aa1329e0a curl_sasl: revert the goto for error bailout
They were added because of an older code path that used allocations and
should not have been left in the code. With this change the logic goes
back to how it was.
2014-06-11 23:32:10 +02:00
Daniel Stenberg
e95ca7cec9 NTLM: set a fake entropy for debug builds with CURL_ENTROPY set
Curl_rand() will return a dummy and repatable random value for this
case. Makes it possible to write test cases that verify output.

Also, fake timestamp with CURL_FORCETIME set.

Only when built debug enabled of course.

Curl_ssl_random() was not used anymore so it has been
removed. Curl_rand() is enough.

create_digest_md5_message: generate base64 instead of hex string

curl_sasl: also fix memory leaks in some OOM situations
2014-06-11 23:15:48 +02:00
Steve Holme
51bb067a42 Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set 2014-06-11 21:13:40 +01:00
Marcel Raad
bde0d89c3d getinfo: HTTP CONNECT code not reset between transfers
httpproxycode is not reset in Curl_initinfo, so a 407 is not reset even
if curl_easy_reset is called between transfers.

Bug: http://curl.haxx.se/bug/view.cgi?id=1380
2014-06-10 22:44:51 +02:00
Alessandro Ghedini
e9344390ee transfer: fix info messages when switching method on 301 and 302
The method change is forbidden by the obsolete RFC2616, but libcurl did
it anyway for compatibility reasons. The new RFC7231 allows this
behaviour so there's no need for the scary "Violate RFC 2616/10.3.x"
notice. Also update the comments accordingly.
2014-06-09 08:29:37 +02:00
Steve Holme
65467cf9cb config-win32.h: Updated for VC12
Bug: http://curl.haxx.se/bug/view.cgi?id=1378
Reported and Patched-by: Marcel Raad
2014-06-05 22:44:46 +01:00
Daniel Stenberg
c50ce85918 Curl_ossl_init: call OPENSSL_config for initing engines
Bug: http://curl.haxx.se/mail/lib-2014-06/0003.html
Reported-by: Дмитрий Фалько
2014-06-03 22:15:38 +02:00
Daniel Stenberg
bbd3dc611e random: use Curl_rand() for proper random data
The SASL/Digest previously used the current time's seconds +
microseconds to add randomness but it is much better to instead get more
data from Curl_rand().

It will also allow us to easier "fake" that for debug builds on demand
in a future.
2014-06-03 18:25:48 +02:00
Steve Holme
62a26ec696 curl_sasl: Fixed copy/paste error of now.tv_sec in commit eefeb73af4 2014-06-02 23:15:15 +01:00
Steve Holme
1eb308275a curl_sasl: Fixed compilation warning under DEBUGBUILD 2014-06-01 12:29:16 +01:00
Steve Holme
eefeb73af4 curl_sasl: Extended native DIGEST-MD5 cnonce to be a 32-byte hex string
Rather than use a short 8-byte hex string, extended the cnonce to be
32-bytes long, like Windows SSPI does.

Used a combination of random data as well as the current date and
time for the generation.
2014-06-01 11:18:12 +01:00
Steve Holme
aa6be2ef13 curl_sasl_sspi: Fixed corrupt hostname in DIGEST-MD5 SPN generation 2014-06-01 10:35:52 +01:00
Daniel Stenberg
b99f8e8b4e gnutls: allow building with nghttp2 but without ALPN support
It might not be the most useful combo, but...
2014-05-28 00:30:23 +02:00
Alessandro Ghedini
345bfab518 gnutls: don't use deprecated type names anymore 2014-05-28 00:27:33 +02:00
Brad Spencer
fb4937a311 select: with winsock, avoid passing unsupported arguments to select()
"Any two of the parameters, readfds, writefds, or exceptfds, can be
given as null. At least one must be non-null, and any non-null
descriptor set must contain at least one handle to a socket."

http://msdn.microsoft.com/en-ca/library/windows/desktop/ms740141(v=vs.85).aspx

When using select(), cURL doesn't adhere to this (WinSock-specific)
rule, and can ask to monitor empty fd_sets, which leads to select()
returning WSAEINVAL (i.e. EINVAL) and connections failing in mysterious
ways as a result (at least when using the curl_multi_socket_action()
interface).

Bug: http://curl.haxx.se/mail/lib-2014-05/0278.html
2014-05-27 23:58:28 +02:00
Daniel Stenberg
1b89456509 url-parser: only use if_nametoindex if detected by configure
The previous #ifdef detection wasn't good enough.

Bug: http://curl.haxx.se/mail/lib-2014-05/0260.html
Reported-by: Chris Young
2014-05-26 22:10:15 +02:00
Fabian Frank
1439dfb576 polarssl: add ALPN support
PolarSSL added ALPN support in their 1.3.6 release.

See:
https://polarssl.org/tech-updates/releases/polarssl-1.3.6-released
2014-05-25 23:11:24 +02:00
Daniel Stenberg
ac6da721a3 curl_easy_reset: reset the URL
Make sure that the URL is reset and cleared.

Bug: http://curl.haxx.se/mail/lib-2014-05/0235.html
Reported-by: Jonathan Cardoso Machado
2014-05-24 19:06:11 +02:00
Tatsuhiro Tsujikawa
c7638d93b0 openssl: Fix uninitialized variable use in NPN callback
OpenSSL passes out and outlen variable uninitialized to
select_next_proto_cb callback function.  If the callback function
returns SSL_TLSEXT_ERR_OK, the caller assumes the callback filled
values in out and outlen and processes as such.  Previously, if there
is no overlap in protocol lists, curl code does not fill any values in
these variables and returns SSL_TLSEXT_ERR_OK, which means we are
triggering undefined behavior.  valgrind warns this.

This patch fixes this issue by fallback to HTTP/1.1 if there is no
overlap.
2014-05-23 17:00:07 +02:00
Steve Holme
a7999da39e tool_getparam.c: Fixed compilation warnings
There is an implicit conversion from "unsigned long" to "long"
2014-05-22 21:01:51 +01:00
Dan Fandrich
f634355868 http: Fix a compiler warning when http2 support is disabled 2014-05-22 08:38:26 +02:00
Nick Zitzmann
32e9275edb darwinssl: fix lint & build warnings in the previous commit 2014-05-21 19:21:15 -05:00
Vilmos Nebehaj
cd2cedf002 Add support for --cacert in DarwinSSL.
Security Framework on OS X makes it possible to supply extra anchor (CA)
certificates via the Certificate, Key, and Trust Services API. This
commit makes the '--cacert' option work using this API.

More information:

https://developer.apple.com/library/mac/documentation/security/Reference/certifkeytrustservices/Reference/reference.html

The HTTPS tests now pass on OS X except 314, which requires the '--crl'
option to work.
2014-05-21 18:48:14 -05:00
Steve Holme
c6d5f80d8b http.c: Fixed compilation warning
warning: suggest braces around empty body in an 'else' statement
2014-05-22 00:40:07 +01:00
Steve Holme
691985ceb0 bits.close: Fixed compilation warning
warning: implicit declaration of function 'connclose'
2014-05-22 00:29:21 +01:00
Daniel Stenberg
df13f8e8c2 bits.close: introduce connection close tracking
Make all code use connclose() and connkeep() when changing the "close
state" for a connection. These two macros take a string argument with an
explanation, and debug builds of curl will include that in the debug
output. Helps tracking connection re-use/close issues.
2014-05-22 00:34:10 +02:00
Daniel Stenberg
99114faf82 http2: make connection re-use work
Http2 connections would wrongly get closed after each individual
request.

Co-authored-by: Tatsuhiro Tsujikawa
Bug: http://curl.haxx.se/bug/view.cgi?id=1374
2014-05-20 16:50:24 +02:00
Fabian Frank
316f79cef2 ALPN: fix typo in http/1.1 identifier
According to https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-05
it is "http/1.1" and not "http/1.0".
2014-05-20 12:57:56 +02:00
Steve Holme
6f6646d6e9 build: Slight rename of new LIB_* makefile file variables
In order to try and be consistent between curl and libcurl renamed the
recently introduced LIB_* makefile file variables.
2014-05-18 22:16:54 +01:00
Dan Fandrich
5a067c4b39 axtls: Fixed too long source line 2014-05-17 11:54:48 +02:00
Dan Fandrich
c9ea1d341a axtls: Add a TODO to a potential blocking call with no timeout 2014-05-16 23:27:07 +02:00
Daniel Stenberg
68f0166a92 HTTP: CREDSPERREQUEST is for HTTP too
Commit 517b06d657 (in 7.36.0) that brought the CREDSPERREQUEST flag
only set it for HTTPS, making HTTP less good at doing connection re-use
than it should be. Now set it for HTTP as well.

Simple test case

"curl -v -u foo:bar localhost --next -u bar:foo localhos"

Bug: http://curl.haxx.se/mail/lib-2014-05/0127.html
Reported-by: Kamil Dudka
2014-05-15 23:28:31 +02:00
Daniel Stenberg
53a5b95c21 CURLINFO_SSL_VERIFYRESULT: assign at first connect call
The variable wasn't assigned at all until step3 which would lead to a
failed connect never assigning the variable and thus returning a bad
value.

Reported-by: Larry Lin
Bug: http://curl.haxx.se/mail/lib-2014-04/0203.html
2014-05-15 22:02:00 +02:00
Daniel Stenberg
84bd19ffd4 timers: fix timer regression involving redirects / reconnects
In commit 0b3750b5c2 (released in 7.36.0) we fixed a timeout issue
but instead broke the timings.

To fix this, I introduce a new timestamp to use for the timeouts and
restored the previous timestamp and timestamp position so that the old
timer functionality is restored.

In addition to that, that change also broke connection timeouts for when
more than one connect was used (as it would then count the total time
from the first connect and not for the most recent one). Now
Curl_timeleft() has been modified so that it checks against different
start times depending on which timeout it checks.

Test 1303 is updated accordingly.

Bug: http://curl.haxx.se/mail/lib-2014-05/0147.html
Reported-by: Ryan Braud
2014-05-15 21:28:19 +02:00
Steve Holme
678239df54 darwinssl: Updated copyright following recent changes 2014-05-15 18:38:42 +01:00
Nick Zitzmann
69cdc95932 darwinssl: fix potential crash when attempting to copy an identity
from a P12 file

This could've happened if SecPKCS12Import() returned noErr _and_ no
identity.
2014-05-14 17:48:14 -05:00
Daniel Stenberg
52d16c84d2 openssl: unbreak PKCS12 support
Regression introduced in ce362e8eb9 (7.31.0)

Bug: http://curl.haxx.se/bug/view.cgi?id=1371
Reported-by: Dmitry
2014-05-12 13:06:50 +02:00
Steve Holme
b4c81b6cee Makefile.inc: Added resource file to assist Visual Studio project generation 2014-05-11 20:52:56 +01:00
Steve Holme
8342b6e1dc sasl: Fixed missing qop in the client's challenge-response message
Whilst the qop directive isn't required to be present in a client's
response, as servers should assume a qop of "auth" if it isn't
specified, some may return authentication failure if it is missing.
2014-05-11 14:48:28 +01:00
Steve Holme
fdb2d32144 Makefile.inc: Separated the lib and lib/vtls source file variables
To cater for the automatic generation of the new Visual Studio project
files, moved the lib file list into a separated variable so that lib
and lib/vtls can be referenced independently.
2014-05-09 23:07:32 +01:00
Steve Holme
0ab2c444b5 Makefile.b32: Fixed for vtls changes
Follow up fix to commits a47c142a88, 11e8066ef9 and 92b9ae5c5d.

Bug: http://curl.haxx.se/mail/lib-2014-05/0025.html
Reported and assisted by: Jon Torrey
2014-05-09 21:09:51 +01:00
Steve Holme
65bb4a0d38 getinfo.c: Fixed compilation warning
The indicated statement is not reachable.
2014-05-09 13:18:55 +01:00
Kamil Dudka
ec5fde24de http: avoid auth failure on a duplicated header
... 'WWW-Authenticate: Negotiate' received from server

Reported by: David Woodhouse
Bug: https://bugzilla.redhat.com/1093348
2014-05-09 13:44:04 +02:00
Patrick Watson
94898303d2 mk-ca-bundle: added -p
-p takes a list of Mozilla trust purposes and levels for certificates to
include in output.  Takes the form of a comma separated list of
purposes, a colon, and a comma separated list of levels.
2014-05-08 11:37:45 +02:00
Tatsuhiro Tsujikawa
6404896d8c http2: Compile with latest nghttp2
Now nghttp2_submit_request returns assigned stream ID, we don't have
to check stream ID using before_stream_send_callback.  The
adjust_priority_callback was removed.
2014-05-07 20:51:51 +01:00
Steve Holme
6f8085ca77 url.c: Fixed compilation warning/error
Depending on compiler line 3505 could generate the following warning or
error:

* warning: ISO C90 forbids mixed declarations and code
* A declaration cannot appear after an executable statement in a block
* error C2275: 'size_t' : illegal use of this type as an expression
2014-05-07 10:55:19 +01:00
Daniel Stenberg
5de8d84098 fix_hostname: strip off a single trailing dot from host name
Primarily for SNI, we need the host name without a trailing dot.
"https://www.example.com." resolves fine but fails on SNI unless the dot
is removed.

Reported-by: Leon Winter
Bug: http://curl.haxx.se/mail/lib-2014-04/0161.html
2014-05-06 08:44:11 +02:00
Jeff King
37f484276d curl_multi_cleanup: ignore SIGPIPE better
When looping and closing each individual connection left open, the
SIGPIPE ignoring was not done and could thus lead to death by signal 13.

Bug: http://thread.gmane.org/gmane.comp.version-control.git/238242
2014-05-05 12:47:46 +02:00
Daniel Stenberg
a18a2ba0bb schannel: don't use the connect-timeout during send
As there's a default connection timeout and this wrongly used the
connection timeout during a transfer after the connection is completed,
this function would trigger timeouts during transfers erroneously.

Bug: http://curl.haxx.se/bug/view.cgi?id=1352
Figured-out-by: Radu Simionescu
2014-05-05 00:10:37 +02:00
Daniel Stenberg
812da4190f mprintf: allow %.s with data not being zero terminated
If the precision is indeed shorter than the string, don't strlen() to
find the end because that's not how the precision operator works.

I also added a unit test for curl_msnprintf to make sure this works and
that the fix doesn't a few other basic use cases. I found a POSIX
compliance problem that I marked TODO in the unit test, and I figure we
need to add more tests in the future.

Reported-by: Török Edwin
2014-05-04 23:39:52 +02:00
Steve Holme
4febbedc5a curl_ntlm_core: Fixed use of long long for VC6 and VC7
Commit 07b66cbfa4 unfortunately broke native NTLM message support in
compilers, such as VC6, VC7 and others, that don't support long long
type declarations. This commit fixes VC6 and VC7 as they support the
__int64 extension, however, we should consider an additional fix for
other compilers that don't support this.
2014-05-04 19:07:17 +01:00
Steve Holme
6ebc0d3bd8 config-win32.h: Fixed HAVE_LONGLONG for Visual Studio .NET 2003 and up
Fixed the HAVE_LONGLONG declaration as long long is supported in Visual
Studio .NET 2003 (VC7.1) onwards.
2014-05-04 19:05:06 +01:00
Daniel Stenberg
21aafd09f6 openssl: biomem->data is not zero terminated
So printf(%s) on it or reading before bounds checking is wrong, fixing
it. Could previously lead to reading out of boundary.

Reported-by: Török Edwin
2014-05-04 00:50:10 +02:00
Daniel Stenberg
947bb79c08 easy_perform: spelling mistake in error message 2014-05-03 23:09:26 +02:00
Steve Holme
78ca3c6830 copyright: Updated following recent edits 2014-04-28 23:20:52 +01:00
Dan Fandrich
ef1322df67 Added a few more const where possible 2014-04-29 00:05:19 +02:00
Tatsuhiro Tsujikawa
b8a220d255 http2: Compile with latest nghttp2
commit 6d5f40238028f2d8c (Apr 27) or later nghttp2 is now required
2014-04-27 19:15:08 +02:00
Daniel Stenberg
d5ec44ca4c INFILESIZE: fields in UserDefined must not be changed run-time
set.infilesize in this case was modified in several places, which could
lead to repeated requests using the same handle to get unintendent/wrong
consequences based on what the previous request did!
2014-04-26 18:17:10 +02:00
Kamil Dudka
9c941e92c4 nss: propagate blocking direction from NSPR I/O
... during the non-blocking SSL handshake
2014-04-25 15:08:12 +02:00
Daniel Stenberg
710f14edba handler: make 'protocol' always specified as a single bit
This makes the findprotocol() function work as intended so that libcurl
can properly be restricted to not support HTTP while still supporting
HTTPS - since the HTTPS handler previously set both the HTTP and HTTPS
bits in the protocol field.

This fixes --proto and --proto-redir for most SSL protocols.

This is done by adding a few new convenience defines that groups HTTP
and HTTPS, FTP and FTPS etc that should then be used when the code wants
to check for both protocols at once. PROTO_FAMILY_[protocol] style.

Bug: https://github.com/bagder/curl/pull/97
Reported-by: drizzt
2014-04-23 22:36:01 +02:00
Dan Fandrich
0204e17bc6 cyassl: Use error-ssl.h when available
Versions since at least 2.9.4 renamed error.h to error-ssl.h, so use
whichever one is available.
2014-04-23 11:01:30 +02:00
Daniel Stenberg
386ed2d590 gtls: fix NULL pointer dereference
gnutls_x509_crt_import() must not be called with a NULL certificate

Bug: http://curl.haxx.se/mail/lib-2014-04/0145.html
Reported-by: Damian Dixon
2014-04-22 23:24:31 +02:00
Daniel Stenberg
5b463e97fa curl_global_init_mem: bump initialized even if already initialized
As this makes curl_global_init_mem() behave the same way as
curl_global_init() already does in that aspect - the same number of
curl_global_cleanup() calls is then required to again decrease the
counter and then eventually do the cleanup.

Bug: http://curl.haxx.se/bug/view.cgi?id=1362
Reported-by: Tristan
2014-04-22 23:08:14 +02:00
Kamil Dudka
8868a226cd nss: implement non-blocking SSL handshake 2014-04-22 22:56:14 +02:00
Kamil Dudka
a43bba3a34 nss: split Curl_nss_connect() into 4 functions 2014-04-22 22:56:14 +02:00
Marc Hoersken
ee6791128f multi.c: fix possible invalid memory access in case nfds overflows
ufds might not be allocated in case nfds overflows to zero while
extra_nfds is still non-zero. udfs is then accessed within the
extra_nfds-based for loop.
2014-04-19 16:02:14 +02:00
Marc Hoersken
549b4a659a netrc.c: fix multiple possible dereferences of null pointers 2014-04-19 16:00:43 +02:00
Marc Hoersken
9146f37973 parsedate.c: check sscanf result before passing it to strlen 2014-04-19 15:47:07 +02:00
Marc Hoersken
662fc62517 telnet.c: check sscanf results before passing them to snprintf 2014-04-19 15:23:04 +02:00
Marc Hoersken
f9ffbfce90 telnet.c: fix possible use of uninitialized variable 2014-04-19 15:18:19 +02:00
Marc Hoersken
aa0fbe3537 telnet.c: fix possible use of non-null-terminated strings 2014-04-19 14:26:02 +02:00
Marc Hoersken
c48b996cf2 url.c: fix possible use of non-null-terminated string with strlen
Follow up on b0e742544b
2014-04-19 14:25:32 +02:00
Marc Hoersken
b0e742544b url.c: fix possible use of non-null-terminated string with strlen 2014-04-19 00:17:21 +02:00
Marc Hoersken
7296fc9e7e connect.c: fix multiple possible dereferences of null pointers
In case the first address in the tempaddr array is NULL,
the code would previously dereference an unchecked null pointer.
2014-04-18 23:56:54 +02:00
Marc Hoersken
3f74e149f8 tftp.c: fix possible dereference of null pointer 2014-04-18 23:53:48 +02:00
Marc Hoersken
e81bdab13e socks_sspi.c: added pointer guards to FreeContextBuffer calls
The FreeContextBuffer SAL declaration does not declare the pointer
as optional, therefore it must not be NULL.
2014-04-18 23:24:41 +02:00
Marc Hoersken
54df616729 md5.c: fix use of uninitialized variable 2014-04-18 22:59:25 +02:00
Marc Hoersken
6f72c2fe31 curl_schannel.c: added explicit cast of structure pointers 2014-04-18 22:38:42 +02:00
Marc Hoersken
a703914e60 curl_schannel.c: fix possible dereference of null pointer 2014-04-18 22:36:12 +02:00
Steve Holme
d7ed8da43e imap: Extended FETCH support to include PARTIAL URL specifier 2014-04-18 20:14:09 +01:00
Steve Holme
e2c14bde22 url.c: Fixed typo in comment 2014-04-18 17:51:26 +01:00
Steve Holme
84c0aabe65 imap: Expanded mailbox SEARCH support to use URL query strings 2014-04-18 16:51:48 +01:00
Steve Holme
ca63d4feba imap: Added support for parsing URL query strings
Added support for parsing query strings from the URL as defined by
RFC-5092.
2014-04-18 16:43:57 +01:00
Steve Holme
f804378d16 imap: Introduced the SEARCH state 2014-04-18 15:32:13 +01:00