1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-15 14:05:03 -05:00
Commit Graph

11615 Commits

Author SHA1 Message Date
Jean-Philippe Menil
5930cb1c46
openssl: ensure to check SSL_CTX_set_alpn_protos return values
SSL_CTX_set_alpn_protos() return 0 on success, and non-0 on failure

Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com>

Closes #6794
2021-03-25 22:57:20 +01:00
Daniel Stenberg
7b6bfd2d78
multi: close the connection when h2=>h1 downgrading
Otherwise libcurl is likely to reuse the connection again in the next
attempt since the connection reuse logic doesn't take downgrades into
account.

Reported-by: Anthony Ramine
Fixes #6788
Closes #6793
2021-03-25 16:18:13 +01:00
Daniel Stenberg
db4e0bd85f
openssl: set the transfer pointer for logging early
Otherwise, the transfer will be NULL in the trace function when the
early handshake details arrive and then curl won't show them.

Regresssion in 7.75.0

Reported-by: David Hu
Fixes #6783
Closes #6792
2021-03-25 16:16:55 +01:00
Daniel Stenberg
a5eee22e59
openldap: disconnect better
Instead of clearing the callback argument in disconnect, set it to the
(new) transfer to make sure the correct data is passed to the callbacks.

Follow-up to e467ea3bd9
Assisted-by: Patrick Monnerat
Closes #6787
2021-03-24 23:02:33 +01:00
Daniel Stenberg
1803be5746
libssh2: kdb_callback: get the right struct pointer
After the recent conn/data refactor in this source file, this function
was mistakenly still getting the old struct pointer which would lead to
crash on servers with keyboard-interactive auth enabled.

Follow-up to a304051620 (shipped in 7.75.0)

Reported-by: Christian Schmitz
Fixes #6691
Closes #6782
2021-03-23 13:42:22 +01:00
Daniel Stenberg
2258899e97
tftp: remove unused struct fields
Follow-up to d3d90ad9c0

Closes #6781
2021-03-23 13:37:10 +01:00
Daniel Stenberg
e467ea3bd9
openldap: avoid NULL pointer dereferences
Follow-up to a59c33ceff
Reported-by: Patrick Monnerat
Fixes #6676
Closes #6780
2021-03-23 13:34:50 +01:00
Daniel Stenberg
3bbf62b5a4
http: strip default port from URL sent to proxy
To make sure the Host: header and the URL provide the same authority
portion when sent to the proxy, strip the default port number from the
URL if one was provided.

Reported-by: Michael Brown
Fixes #6769
Closes #6778
2021-03-23 13:33:49 +01:00
Daniel Stenberg
d3d90ad9c0
tftp: remove the 3600 second default timeout
... it was never meant to be there.

Reported-by: Tomas Berger
Fixes #6774
Closes #6776
2021-03-22 23:00:23 +01:00
Daniel Stenberg
c915662485
ngtcp2: sync with recent API updates
Closes #6770
2021-03-22 10:45:00 +01:00
Daniel Stenberg
012c19c33a
libssh2:ssh_connect: clear session pointer after free
If libssh2_knownhost_init() returns NULL, like in an OOM situation, the
ssh session was freed but the pointer wasn't cleared which made libcurl
later call libssh2 to cleanup using the stale pointer.

Fixes #6764
Closes #6766
2021-03-21 11:22:08 +01:00
Jacob Hoffman-Andrews
7488ef2960
rustls: Handle close_notify.
If we get a close_notify, treat that as EOF. If we get an EOF from the
TCP stream, treat that as an error (because we should have ended the
connection earlier, when we got a close_notify).

Closes #6763
2021-03-21 00:16:27 +01:00
Jay Satiro
8a4ef73c8f docs: Explain DOH transfers inherit some SSL settings
- Document in DOH that some SSL settings are inherited but DOH hostname
  and peer verification are not and are controlled separately.

- Document that CURLOPT_SSL_CTX_FUNCTION is inherited by DOH handles but
  we're considering changing behavior to no longer inherit it. Request
  feedback.

Closes https://github.com/curl/curl/pull/6688
2021-03-17 18:12:45 -04:00
Daniel Stenberg
6d176bee59
http: make 416 not fail with resume + CURLOPT_FAILONERRROR
When asked to resume a download, libcurl will convert that to HTTP logic
and if then the entire file is already transferred it will result in a
416 response from the HTTP server. With CURLOPT_FAILONERRROR set in that
scenario, it should *not* lead to an error return.

Updated test 1156, added test 1273

Reported-by: Jonathan Watt
Fixes #6740
Closes #6753
2021-03-17 08:26:46 +01:00
Daniel Stenberg
e8e7ef3612
Curl_timeleft: check both timeouts during connect
The duration of a connect and the total transfer are calculated from two
different time-stamps. It can end up with the total timeout triggering
before the connect timeout expires and we should make sure to
acknowledge whichever timeout that is reached first.

This is especially notable when a transfer first sits in PENDING, as
that time is counted in the total time but the connect timeout is based
on the time since the handle changed to the CONNECT state.

The CONNECTTIMEOUT is per connect attempt. The TIMEOUT is for the entire
operation.

Fixes #6744
Closes #6745
Reported-by: Andrei Bica
Assisted-by: Jay Satiro
2021-03-17 00:28:44 +01:00
Jacob Hoffman-Andrews
3780717db0
rustls: allocate a buffer for TLS data.
Previously, rustls was using an on-stack array for TLS data. However,
crustls has an (unusual) requirement that buffers it deals with are
initialized before writing to them. By using calloc, we can ensure the
buffer is initialized once and then reuse it across calls.

Closes #6742
2021-03-16 10:11:04 +01:00
Robert Ronto
068661bb02
http2: don't set KEEP_SEND when there's no more data to be sent
this should fix an issue where curl sometimes doesn't send out a request
with authorization info after a 401 is received over http2

Closes #6747
2021-03-15 23:29:35 +01:00
Marc Hoersken
cc615f48e7
config: fix building SMB with configure using Win32 Crypto
Align conditions for NTLM features between CMake and configure
builds by differentiating between USE_NTLM and USE_CURL_NTLM_CORE,
just like curl_setup.h does internally to detect support of:

- USE_NTLM: required for NTLM crypto authentication feature
- USE_CURL_NTLM_CORE: required for SMB protocol

Implement USE_WIN32_CRYPTO detection by checking for Crypt functions
in wincrypt.h which are not available in the Windows App environment.

Link advapi32 and crypt32 for Crypto API and Schannel SSL backend.
Fix condition of Schannel SSL backend in CMake build accordingly.

Reviewed-by: Marcel Raad

Closes #6277
2021-03-15 17:01:30 +01:00
Marc Hoersken
7152957421
config: fix detection of restricted Windows App environment
Move the detection of the restricted Windows App environment
in curl_setup.h before the definition of USE_WIN32_CRYPTO
via included config-win32.h in case no build system is used.

Reviewed-by: Marcel Raad

Part of #6277
2021-03-15 17:01:18 +01:00
Daniel Gustafsson
419f0f5534 hsts: remove unused defines
MAX_HSTS_SUBLEN and MAX_HSTS_SUBLENSTR were unused from the initial commit,
and mostly likely leftovers from early development.  Remove as they're not
used for anything.

Closes #6741
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2021-03-14 23:18:27 +01:00
Daniel Stenberg
8ed71fc4f7
ftp: fix memory leak in ftp_done
If after a transfer is complete Curl_GetFTPResponse() returns an error,
curl would not free the ftp->pathalloc block.

Found by torture-testing test 576

Closes #6737
2021-03-12 19:53:05 +01:00
oxalica
d1f40078c1
http2: fail if connection terminated without END_STREAM
Closes #6736
2021-03-12 17:54:39 +01:00
Jacob Hoffman-Andrews
43a56e34e1
rustls: support CURLOPT_SSL_VERIFYPEER
This requires the latest main branch of crustls, which provides
rustls_client_config_builder_dangerous_set_certificate_verifier and
rustls_client_config_builder_set_enable_sni.

This refactors the session setup into its own function, and adds a new
function cr_hostname_is_ip. Because crustls doesn't support verification
of IP addresses, special handling is needed: We disable SNI and set a
placeholder hostname (which never actually gets sent on the wire).

Closes #6719
2021-03-12 13:15:00 +01:00
Daniel Gustafsson
f7aeff58a3 cookies: Fix potential NULL pointer deref with PSL
Curl_cookie_init can be called with data being NULL, and this can in turn
be passed to Curl_cookie_add, meaning that both functions must be careful
to only use data where it's checked for being a NULL pointer.  The libpsl
support code does however dereference data without checking, so if we are
indeed having an unset data pointer we cannot PSL check the cookiedomain.

This is currently not a reachable dereference, as the only caller with a
NULL data isn't passing a file to initialize cookies from, but since the
API has this contract let's ensure we hold it.

Closes #6731
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2021-03-12 02:34:03 +01:00
Daniel Stenberg
7098f9fe3a
c-hyper: support automatic content-encoding
Closes #6727
2021-03-11 22:45:26 +01:00
Daniel Stenberg
4c0206f90b
http: remove superfluous NULL assign
Closes #6727
2021-03-11 22:45:23 +01:00
Daniel Stenberg
32a71333d4
setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper
Not supported.

Closes #6727
2021-03-11 22:45:12 +01:00
Daniel Stenberg
7b2f0676c2
FTP: allow SIZE to fail when doing (resumed) upload
Added test 362 to verify.

Reported-by: Jordan Brown
Regression since 7ea2e1d0c5 (7.73.0)
Fixes #6715
Closes #6725
2021-03-11 16:13:11 +01:00
Daniel Stenberg
78f642ffab
config: remove CURL_SIZEOF_CURL_OFF_T use only SIZEOF_CURL_OFF_T
Make the code consistently use a single name for the size of the
"curl_off_t" type.

Closes #6702
2021-03-11 10:11:56 +01:00
Jun-ya Kato
6043dfa4f9 ngtcp2: Fix build error due to change in ngtcp2_addr_init
ngtcp2/ngtcp2@b8d90a9 changed the function prototype.

Closes https://github.com/curl/curl/pull/6716
2021-03-10 16:52:09 -05:00
ejanchivdorj
a2bbc3ac8c
multi: update pending list when removing handle
when removing a handle, most of the lists are updated but pending list
is not updated. Updating now.

Closes #6713
2021-03-10 14:05:02 +01:00
Daniel Stenberg
b7e01382d6
openssl: adapt to v3's new const for a few API calls
Closes #6703
2021-03-09 08:15:36 +01:00
Daniel Stenberg
ec549aa625
quiche: fix crash when failing to connect
Reported-by: ウさん
Fixes #6664
Closes #6701
2021-03-08 17:14:13 +01:00
Daniel Stenberg
6221bc1a2f
dynbuf: bump the max HTTP request to 1MB
Raised from 128KB to allow longer request headers.

Reported-by: Carl Zogheib
Fixes #6681
Closes #6685
2021-03-06 22:48:35 +01:00
Jay Satiro
7a33c4dff9 schannel: Evaluate CURLOPT_SSL_OPTIONS via SSL_SET_OPTION macro
- Change use of those options from CURLOPT_SSL_OPTIONS that are not
  already evaluated via SSL_SET_OPTION in schannel and secure transport
  to use that instead of data->set.ssl.optname.

Example:

Evaluate SSL_SET_OPTION(no_revoke) instead of data->set.ssl.no_revoke.

This change is because options set via CURLOPT_SSL_OPTIONS
(data->set.ssl.optname) are separate from those set for HTTPS proxy via
CURLOPT_PROXY_SSL_OPTIONS (data->set.proxy_ssl.optname). The
SSL_SET_OPTION macro determines whether the connection is for HTTPS
proxy and based on that which option to evaluate.

Since neither Schannel nor Secure Transport backends currently support
HTTPS proxy in libcurl, this change is for posterity and has no other
effect.

Closes https://github.com/curl/curl/pull/6690
2021-03-06 02:01:35 -05:00
kokke
86338ca698 c-hyper: Remove superfluous pointer check
`n` pointer is never NULL once set. Found by static analysis.

Ref: https://github.com/curl/curl/issues/6696

Closes https://github.com/curl/curl/pull/6697
2021-03-05 17:09:10 -05:00
Jay Satiro
1ba0d4bdb3 doh: Inherit CURLOPT_STDERR from user's easy handle
Prior to this change if the user set their easy handle's error stream
to something other than stderr it was not inherited by the doh handles,
which meant that they would still write to the default standard error
stream (stderr) for verbose output.

Bug: https://github.com/curl/curl/issues/6605
Reported-by: arvids-kokins-bidstack@users.noreply.github.com

Closes https://github.com/curl/curl/pull/6661
2021-03-02 16:59:28 -05:00
Daniel Gustafsson
24f850f4a4 ldap: use correct memory free function
unescaped is coming from Curl_urldecode and not a unicode conversion
function, so reclaiming its memory should be performed with a normal
call to free rather than curlx_unicodefree.  In reality, this is the
same thing as curlx_unicodefree is implemented as a call to free but
that's not guaranteed to always hold.  Using the curlx macro present
issues with memory debugging as well.

Closes #6671
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2021-03-01 09:31:33 +01:00
Daniel Gustafsson
313faa1bcb url: fix typo in comment
Correct a small typo which snuck in with a304051620.
2021-02-28 21:13:26 +01:00
Jean-Philippe Menil
8779bfe77b openssl: remove get_ssl_version_txt in favor of SSL_get_version
openssl: use SSL_get_version to get connection protocol

Replace our bespoke get_ssl_version_txt in favor of SSL_get_version.
We can get rid of few lines of code, since SSL_get_version achieve
the exact same thing

Closes #6665
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com>
2021-02-26 04:15:04 +01:00
Daniel Gustafsson
09a5bff1c9 gnutls: Fix nettle discovery
Commit e06fa7462a removed support for libgcrypt leaving only
support for nettle which has been the default crypto library in
GnuTLS for a long time. There were however a few conditionals on
USE_GNUTLS_NETTLE which cause compilation errors in the metalink
code (as it used the gcrypt fallback instead as a result). See the
below autobuild for an example of the error:

  https://curl.se/dev/log.cgi?id=20210225123226-30704#prob1

This removes all uses of USE_GNUTLS_NETTLE and also removes the
gcrypt support from the metalink code while at it.

Closes #6656
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2021-02-25 18:20:33 +01:00
Daniel Stenberg
1b2098c3c9
build: remove all traces of USE_BLOCKING_SOCKETS
libcurl doesn't behave properly with the define set

Closes #6655
2021-02-25 16:41:35 +01:00
Daniel Gustafsson
4e76905b04 cookies: Use named parameters in header prototypes
Align header with project style of using named parameters in the
function prototypes to aid readability and self-documentation.

Closes #6653
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2021-02-23 22:00:02 +01:00
Daniel Stenberg
0c7d111f4e
urldata: make 'actions[]' use unsigned char instead of int
... as it only needs a few bits per index anyway.

Reviewed-by: Daniel Gustafsson
Closes #6648
2021-02-24 14:16:11 +01:00
Gregor Jasny
811acd1a08
cmake: use CMAKE_INSTALL_INCLUDEDIR indirection
Reviewed-by: Sergei Nikulov
Closes #6440
2021-02-24 08:17:53 +01:00
Viktor Szakats
fb98a436a7
mingw: enable using strcasecmp()
This makes the 'Features:' list sorted case-insensitively,
bringing output in-line with *nix builds.

Reviewed-by: Jay Satiro
Closes #6644
2021-02-23 12:06:55 +00:00
Viktor Szakats
95014b0a4d
build: delete unused feature guards
- `HAVE_STRNCASECMP`
- `HAVE_TCGETATTR`
- `HAVE_TCSETATTR`

Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg
Closes #6645
2021-02-23 12:04:29 +00:00
Daniel Stenberg
bf601472a0
multi: do once-per-transfer inits in before_perform in DID state
... since the state machine might go to RATELIMITING and then back to
PERFORMING doing once-per-transfer inits in that function is wrong and
it caused problems with receiving chunked HTTP and it set the
PRETRANSFER time much too often...

Regression from b68dc34af3 (shipped in 7.75.0)

Reported-by: Amaury Denoyelle
Fixes #6640
Closes #6641
2021-02-22 15:54:46 +01:00
Viktor Szakats
6b0f217c65
time: enable 64-bit time_t in supported mingw environments
(Unless 32-bit `time_t` is selected manually via the `_USE_32BIT_TIME_T`
mingw macro.)

Previously, 64-bit `time_t` was enabled on VS2005 and newer only, and
32-bit `time_t` was used on all other Windows builds.

Assisted-by: Jay Satiro
Closes #6636
2021-02-21 02:00:36 +00:00
Jay Satiro
eb36c03e83 memdebug: close debug logfile explicitly on exit
- Use atexit to register a dbg cleanup function that closes the logfile.

LeakSantizier (LSAN) calls _exit() instead of exit() when a leak is
detected on exit so the logfile must be closed explicitly or data could
be lost. Though _exit() does not call atexit handlers such as this,
LSAN's call to _exit() comes after the atexit handlers are called.

Prior to this change the logfile was not explicitly closed so it was
possible that if LSAN detected a leak and called _exit (which does
not flush or close files like exit) then the logfile could be missing
data. That could then cause curl's memanalyze to report false leaks
(eg a malloc was recorded to the logfile but the corresponding free was
discarded from the buffer instead of written to the logfile, then
memanalyze reports that as a leak).

Ref: https://github.com/google/sanitizers/issues/1374

Bug: https://github.com/curl/curl/pull/6591#issuecomment-780396541

Closes https://github.com/curl/curl/pull/6620
2021-02-20 14:40:24 -05:00