1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-17 23:15:08 -05:00
Commit Graph

9202 Commits

Author SHA1 Message Date
Marcel Raad
a8e523f086
connect: fix unreferenced parameter warning
When CURL_DISABLE_VERBOSE_STRINGS is defined, the reason parameter in
Curl_conncontrol is not used as the infof macro expands to nothing.
2017-03-30 10:14:34 +02:00
Marcel Raad
1b4b2c1a59
select: use correct SIZEOF_ constant
At least under Windows, there is no SIZEOF_LONG, so it evaluates to 0 even
though sizeof(int) == sizeof(long). This should probably have been
CURL_SIZEOF_LONG, but the type of timeout_ms changed from long to time_t
anyway.
This triggered MSVC warning C4668 about implicitly replacing undefined
macros with '0'.

Closes https://github.com/curl/curl/pull/1362
2017-03-30 08:49:30 +02:00
Marcel Raad
9bc92eeb0e
NTLM: check for features with #ifdef instead of #if
Feature defines are normally checked with #ifdef instead of #if in the rest of
the codebase. Additionally, some compilers warn when a macro is implicitly
evaluated to 0 because it is not defined, which was the case here.

Ref: https://github.com/curl/curl/pull/1362#discussion_r108605101
Closes https://github.com/curl/curl/pull/1367
2017-03-29 20:16:09 +02:00
Daniel Stenberg
2066072ff2 conncache: make hashkey avoid malloc
... to make it much faster. Idea developed with primepie on IRC.

Closes #1365
2017-03-29 00:15:46 +02:00
Kamil Dudka
2549831daa http: do not treat FTPS over CONNECT as HTTPS
If we use FTPS over CONNECT, the TLS handshake for the FTPS control
connection needs to be initiated in the SENDPROTOCONNECT state, not
the WAITPROXYCONNECT state.  Otherwise, if the TLS handshake completed
without blocking, the information about the completed TLS handshake
would be saved to a wrong flag.  Consequently, the TLS handshake would
be initiated in the SENDPROTOCONNECT state once again on the same
connection, resulting in a failure of the TLS handshake.  I was able to
observe the failure with the NSS backend if curl ran through valgrind.

Note that this commit partially reverts curl-7_21_6-52-ge34131d.
2017-03-28 17:04:16 +02:00
Daniel Stenberg
452203341d pause: handle mixed types of data when paused
When receiving chunked encoded data with trailers, and the write
callback returns PAUSE, there might be both body and header to store to
resend on unpause. Previously libcurl returned error for that case.

Added test case 1540 to verify.

Reported-by: Stephen Toub
Fixes #1354
Closes #1357
2017-03-28 13:27:49 +02:00
Isaac Boukris
7975d10cf8 http: Fix proxy connection reuse with basic-auth
When using basic-auth, connections and proxy connections
can be re-used with different Authorization headers since
it does not authenticate the connection (like NTLM does).

For instance, the below command should re-use the proxy
connection, but it currently doesn't:
curl -v -U alice:a -x http://localhost:8181 http://localhost/
  --next -U bob:b -x http://localhost:8181 http://localhost/

This is a regression since refactoring of ConnectionExists()
as part of: cb4e2be7c6

Fix the above by removing the username and password compare
when re-using proxy connection at proxy_info_matches().

However, this fix brings back another bug would make curl
to re-print the old proxy-authorization header of previous
proxy basic-auth connection because it wasn't cleared.

For instance, in the below command the second request should
fail if the proxy requires authentication, but would succeed
after the above fix (and before aforementioned commit):
curl -v -U alice:a -x http://localhost:8181 http://localhost/
  --next -x http://localhost:8181 http://localhost/

Fix this by clearing conn->allocptr.proxyuserpwd after use
unconditionally, same as we do for conn->allocptr.userpwd.

Also fix test 540 to not expect digest auth header to be
resent when connection is reused.

Signed-off-by: Isaac Boukris <iboukris@gmail.com>

Closes https://github.com/curl/curl/pull/1350
2017-03-28 03:54:43 -04:00
Jay Satiro
b04e4ebdd8 openssl: exclude DSA code when OPENSSL_NO_DSA is defined
- Fix compile errors that occur in openssl.c when OpenSSL lib was
  built without DSA support.

Bug: https://github.com/curl/curl/issues/1361
Reported-by: neheb@users.noreply.github.com
2017-03-28 03:54:31 -04:00
Marcel Raad
23d48c35cb
schannel: fix variable shadowing warning
No need to redeclare the variable.
2017-03-28 01:16:12 +02:00
Marcel Raad
068cd1ad4c
multi: fix MinGW-w64 compiler warnings
error: conversion to 'long int' from 'time_t {aka long long int}' may alter
its value [-Werror=conversion]
2017-03-27 22:50:59 +02:00
klemens
f7df67cff0 spelling fixes
Closes #1356
2017-03-26 23:56:23 +02:00
Daniel Stenberg
68aac9a831 openssl: fix comparison between signed and unsigned integer expressions 2017-03-23 23:04:38 +01:00
Dan Fandrich
f99fcb0fee openssl: made the error table static const 2017-03-23 22:50:58 +01:00
Jay Satiro
b999d35c71 openssl: fall back on SSL_ERROR_* string when no error detail
- If SSL_get_error is called but no extended error detail is available
  then show that SSL_ERROR_* as a string.

Prior to this change there was some inconsistency in that case: the
SSL_ERROR_* code may or may not have been shown, or may have been shown
as unknown even if it was known.

Ref: https://github.com/curl/curl/issues/1300

Closes https://github.com/curl/curl/pull/1348
2017-03-23 16:48:29 -04:00
Ales Mlakar
a360906de6 mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION
Ref: https://curl.haxx.se/mail/lib-2017-02/0097.html

Closes https://github.com/curl/curl/pull/1272
2017-03-21 23:51:44 -04:00
Daniel Stenberg
6e0f26c8a8 multi: fix streamclose() crash in debug mode
The code would refer to the wrong data pointer. Only debug builds do
this - for verbosity.

Reported-by: zelinchen@users.noreply.github.com
Fixes #1329
2017-03-21 10:09:11 +01:00
Palo Markovic
9873431c6f darwinssl: fix typo in variable name
Broken a week ago in 6448f98.

Closes https://github.com/curl/curl/pull/1337
2017-03-18 12:52:37 -04:00
Sylvestre Ledru
66de563482 Improve code readbility
... by removing the else branch after a return, break or continue.

Closes #1310
2017-03-13 23:11:45 +01:00
Desmond O. Chang
d2bcf1e3e2 url: add option CURLOPT_SUPPRESS_CONNECT_HEADERS
- Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing
  proxy CONNECT response headers from the user callback functions
  CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION.

- Add new tool option --suppress-connect-headers to expose
  CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT
  response headers from --dump-header and --include.

Assisted-by: Jay Satiro
Assisted-by: CarloCannas@users.noreply.github.com
Closes https://github.com/curl/curl/pull/783
2017-03-12 01:32:33 -05:00
Jay Satiro
ec1d0ed1c1 http_proxy: Ignore TE and CL in CONNECT 2xx responses
A client MUST ignore any Content-Length or Transfer-Encoding header
fields received in a successful response to CONNECT.
"Successful" described as: 2xx (Successful). RFC 7231 4.3.6

Prior to this change such a case would cause an error.

In some ways this bug appears to be a regression since c50b878. Prior to
that libcurl may have appeared to function correctly in such cases by
acting on those headers instead of causing an error. But that behavior
was also incorrect.

Bug: https://github.com/curl/curl/issues/1317
Reported-by: mkzero@users.noreply.github.com
2017-03-11 18:22:42 -05:00
Thomas Glanzmann
e08c0cd327 mbedtls: fix typo in variable name
Broken a few days ago in 6448f98.

Bug: https://curl.haxx.se/mail/lib-2017-03/0015.html
2017-03-11 17:19:59 -05:00
Michael Kaufmann
e84a863dc3 proxy: skip SSL initialization for closed connections
This prevents a "Descriptor is not a socket" error for WinSSL.

Reported-by: Antony74@users.noreply.github.com
Reviewed-by: Jay Satiro

Fixes https://github.com/curl/curl/issues/1239
2017-03-11 18:59:01 +01:00
Michael Kaufmann
0afbcfd800 curl_easy_reset: Also reset the authentication state
Follow-up to 5278462
See https://github.com/curl/curl/issues/1095
2017-03-11 18:26:04 +01:00
Isaac Boukris
5278462c32 authneg: clear auth.multi flag at http_done
This flag is meant for the current request based on authentication
state, once the request is done we can clear the flag.

Also change auth.multi to auth.multipass for better readability.

Fixes https://github.com/curl/curl/issues/1095
Closes https://github.com/curl/curl/pull/1326

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reported-by: Michael Kaufmann
2017-03-11 18:12:08 +01:00
Dan Fandrich
381aff0385 url: don't compile detect_proxy if HTTP support is disabled 2017-03-11 18:02:34 +01:00
Daniel Stenberg
12f04142c1 openssl: add two /* FALLTHROUGH */ to satisfy coverity
CID 1402159 and 1402158
2017-03-10 08:46:54 +01:00
Dan Fandrich
7d62502d6c polarssl: fixed compile errors introduced in 6448f98c 2017-03-09 09:07:53 +01:00
Daniel Stenberg
6733acc903 openssl: unbreak the build after 6448f98c18
Verified with OpenSSL 1.1.0e and OpenSSL master (1.1.1)
2017-03-08 23:38:26 +01:00
Jozef Kralik
6448f98c18 vtls: add options to specify range of enabled TLS versions
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as
the --tls-max option of the curl tool.

Closes https://github.com/curl/curl/pull/1166
2017-03-08 15:54:07 +01:00
Tatsuhiro Tsujikawa
475c2583d5 http2: Fix assertion error on redirect with CL=0
This fixes assertion error which occurs when redirect is done with 0
length body via HTTP/2, and the easy handle is reused, but new
connection is established due to hostname change:

    curl: http2.c:1572: ssize_t http2_recv(struct connectdata *,
      int, char *, size_t, CURLcode *):
    Assertion `httpc->drain_total >= data->state.drain' failed.

To fix this bug, ensure that http2_handle_stream is called.

Fixes #1286
Closes #1302
2017-03-07 23:12:41 +01:00
Daniel Stenberg
958e176688 ares: Curl_resolver_wait_resolv: clear *entry first in function 2017-03-07 08:08:55 +01:00
Daniel Stenberg
bfaab3180c ares: better error return on timeouts
Assisted-by: Ray Satiro

Bug: https://curl.haxx.se/mail/lib-2017-03/0009.html
2017-03-07 07:38:29 +01:00
Daniel Stenberg
aadb7c7b62 URL: return error on malformed URLs with junk after port number
... because it causes confusion with users. Example URLs:

"http://[127.0.0.1]:11211:80" which a lot of languages' URL parsers will
parse and claim uses port number 80, while libcurl would use port number
11211.

"http://user@example.com:80@localhost" which by the WHATWG URL spec will
be treated to contain user name 'user@example.com' but according to
RFC3986 is user name 'user' for the host 'example.com' and then port 80
is followed by "@localhost"

Both these formats are now rejected, and verified so in test 1260.

Reported-by: Orange Tsai
2017-03-06 16:08:21 +01:00
Daniel Stenberg
29be83ee74 ares: return error at once if timed out before name resolve starts
Pointed-out-by: Ray Satiro
Bug: https://curl.haxx.se/mail/lib-2017-03/0004.html
2017-03-06 09:21:01 +01:00
Michael Maltese
eb19e89f2e CMake: Add DarwinSSL support
Assisted-by: Simon Warta <simon@kullo.net>
Ref: https://github.com/curl/curl/pull/1228
2017-03-05 14:42:53 +01:00
Andrew Krieger
7b1430c0b4 fix potential use of uninitialized variables
MSVC with LTCG detects this at warning level 4.

Closes #1304
2017-03-04 21:37:03 +01:00
Jay Satiro
9f20333443 url: split off proxy init and parsing from create_conn
Move the proxy parse/init into helper create_conn_helper_init_proxy to
mitigate the chances some non-proxy code will be mistakenly added to it.

Ref: https://github.com/curl/curl/issues/1274#issuecomment-281556510
Ref: https://github.com/curl/curl/pull/1293

Closes https://github.com/curl/curl/pull/1298
2017-03-03 03:14:25 -05:00
Alexis La Goutte
cbff751e95 build: fix gcc7 implicit fallthrough warnings
Mark intended fallthroughs with /* FALLTHROUGH */ so that gcc will know
it's expected and won't warn on [-Wimplicit-fallthrough=].

Closes https://github.com/curl/curl/pull/1297
2017-03-03 03:09:46 -05:00
JDepooter
0966ab5bd4 darwinssl: Warn that disabling host verify also disables SNI
In DarwinSSL the SSLSetPeerDomainName function is used to enable both
sending SNI and verifying the host. When host verification is disabled
the function cannot be called, therefore SNI is disabled as well.

Closes https://github.com/curl/curl/pull/1240
2017-03-02 02:42:15 -05:00
Marcel Raad
a162d8b21b
warnless: suppress compiler warning
If size_t is 32 bits, MSVC warns:
warning C4310: cast truncates constant value
The warning is harmless as CURL_MASK_SCOFFT gets
truncated to the maximum value of size_t.
2017-02-28 09:10:18 +01:00
Marcel Raad
727917555d
digest_sspi: fix compilation warning
MSVC complains:
warning C4701: potentially uninitialized local variable 'output_token_len' used
2017-02-27 13:05:22 +01:00
Jay Satiro
a21cae5f97 cyassl: get library version string at runtime
wolfSSL >= 3.6.0 supports getting its library version string at runtime.
2017-02-26 18:49:39 -05:00
Isaac Boukris
1f8023ceb5 url: fix unix-socket support for proxy-disabled builds
Prior to this change if curl was built with Unix Socket support
(--enable-unix-sockets) and without Proxy support (--disable-proxy) then
unix socket options would erroneously be ignored.

Regression introduced in:
0b8d682f81

Bug: https://github.com/curl/curl/issues/1274
Reported-by: mccormickt12@users.noreply.github.com

Closes https://github.com/curl/curl/pull/1289
2017-02-25 18:21:15 -05:00
Dan Fandrich
f7285cc02b gopher: fixed detection of an error condition from Curl_urldecode 2017-02-26 00:10:30 +01:00
Dan Fandrich
516e60aa8e ftp: fixed a NULL pointer dereference on OOM 2017-02-25 22:55:46 +01:00
Dan Fandrich
79221d8d50 ftp: removed an erroneous free in an OOM path 2017-02-25 21:47:27 +01:00
Dan Fandrich
ce9ba3ba10 proxy: fixed a memory leak on OOM 2017-02-25 21:36:39 +01:00
Jay Satiro
93cce2489d url: Default the CA proxy bundle location to CURL_CA_BUNDLE
If the compile-time CURL_CA_BUNDLE location is defined use it as the
default value for the proxy CA bundle location, which is the same as
what we already do for the regular CA bundle location.

Ref: https://github.com/curl/curl/pull/1257
2017-02-23 17:06:11 -05:00
Sergii Pylypenko
53ab183c1a rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header
Closes #1285
2017-02-23 22:44:16 +01:00
Daniel Stenberg
86f566078b formdata: check for EOF when reading from stdin
Reported-by: shachaf@users.noreply.github.com

Fixes #1281
2017-02-23 10:47:44 +01:00