1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-25 01:28:51 -05:00
Commit Graph

902 Commits

Author SHA1 Message Date
Daniel Stenberg
e7ae6f013d
test599: adjusted to work in hyper mode
Closes #7209
2021-06-10 08:42:19 +02:00
Daniel Stenberg
cd5ca9bb38
test566: adjust to work with hyper mode
Closes #7209
2021-06-10 08:42:13 +02:00
Daniel Stenberg
3ac9b80525
test644: remove as duplicate of test 587
Closes #7208
2021-06-08 16:07:56 +02:00
Daniel Stenberg
48b0cca65e
test500: adjust to work with hyper mode 2021-06-07 23:54:54 +02:00
Daniel Stenberg
265b14d6b3
metalink: remove
Warning: this will make existing curl command lines that use metalink to
stop working.

Reasons for removal:

1. We've found several security problems and issues involving the
   metalink support in curl. The issues are not detailed here. When
   working on those, it become apparent to the team that several of the
   problems are due to the system design, metalink library API and what
   the metalink RFC says. They are very hard to fix on the curl side
   only.

2. The metalink usage with curl was only very briefly documented and was
   not following the "normal" curl usage pattern in several ways, making
   it surprising and non-intuitive which could lead to further security
   issues.

3. The metalink library was last updated 6 years ago and wasn't so
   active the years before that either. An unmaintained library means
   there's a security problem waiting to happen. This is probably reason
   enough.

4. Metalink requires an XML parsing library, which is complex code (even
   the smaller alternatives) and to this day often gets security
   updates.

5. Metalink is not a widely used curl feature. In the 2020 curl user
   survey, only 1.4% of the responders said that they'd are using it. In
   2021 that number was 1.2%. Searching the web also show very few
   traces of it being used, even with other tools.

6. The torrent format and associated technology clearly won for
   downloading large files from multiple sources in parallel.

Cloes #7176
2021-06-07 08:14:25 +02:00
Daniel Stenberg
82d334001f
copyright: update copyright year ranges to 2021 2021-05-26 08:18:11 +02:00
Jay Satiro
5a1ec19fda test678: Fix for Windows multibyte builds
Follow-up to 77fc385 from yesterday.

Bug: https://github.com/curl/curl/pull/6662#issuecomment-832966557
Reported-by: Marc Hörsken
2021-05-05 16:25:45 -04:00
Gilles Vollant
77fc3859b2 SSL: support in-memory CA certs for some backends
- New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to
  specify in-memory PEM certificates for OpenSSL, Schannel (Windows)
  and Secure Transport (Apple) SSL backends.

Prior to this change PEM certificates could only be imported from a file
and not from memory.

Co-authored-by: moparisthebest@users.noreply.github.com

Ref: https://github.com/curl/curl/pull/4679
Ref: https://github.com/curl/curl/pull/5677
Ref: https://github.com/curl/curl/pull/6109

Closes https://github.com/curl/curl/pull/6662
2021-05-05 02:29:16 -04:00
Daniel Stenberg
91d9fead66
libtest: remove lib530.c
Follow up from e50a877df when test 530 was removed. Since then this
source file has not been used/needed.

Closes #6999
2021-05-04 14:45:52 +02:00
Daniel Stenberg
063d3f3b96
tidy-up: make conditional checks more consistent
... remove '== NULL' and '!= 0'

Closes #6912
2021-04-22 09:10:17 +02:00
Marc Hoersken
2df64390b3
lib1564.c: enable last wakeup test part on Windows
Suggested-by: Gergely Nagy
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad

Closes #6245
2021-04-21 20:32:33 +02:00
Daniel Stenberg
3057c6cd73
Revert "cmake: make libcurl library output name configurable"
This reverts commit 1cba36d216.

CMake provides properties that can be set on a target to rename the
output artifact without changing the name of a target.

Ref: #6899
2021-04-21 15:03:26 +02:00
Ralph Langendam
1cba36d216
cmake: make libcurl library output name configurable
Closes #6899
2021-04-21 10:03:07 +02:00
Daniel Stenberg
04488851e2
urlapi: make sure no +/- signs are accepted in IPv4 numericals
Follow-up to 56a037cc0a. Extends test 1560 to verify.

Reported-by: Tuomas Siipola
Fixes #6916
Closes #6917
2021-04-21 09:17:55 +02:00
Daniel Stenberg
56a037cc0a
urlapi: "normalize" numerical IPv4 host names
When the host name in a URL is given as an IPv4 numerical address, the
address can be specified with dotted numericals in four different ways:
a32, a.b24, a.b.c16 or a.b.c.d and each part can be specified in
decimal, octal (0-prefixed) or hexadecimal (0x-prefixed).

Instead of passing on the name as-is and leaving the handling to the
underlying name functions, which made them not work with c-ares but work
with getaddrinfo, this change now makes the curl URL API itself detect
and "normalize" host names specified as IPv4 numericals.

The WHATWG URL Spec says this is an okay way to specify a host name in a
URL. RFC 3896 does not allow them, but curl didn't prevent them before
and it seems other RFC 3896-using tools have not either. Host names used
like this are widely supported by other tools as well due to the
handling being done by getaddrinfo and friends.

I decided to add the functionality into the URL API itself so that all
users of these functions get the benefits, when for example wanting to
compare two URLs. Also, it makes curl built to use c-ares now support
them as well and make curl builds more consistent.

The normalization makes HTTPS and virtual hosted HTTP work fine even
when curl gets the address specified using one of the "obscure" formats.

Test 1560 is extended to verify.

Fixes #6863
Closes #6871
2021-04-19 08:34:55 +02:00
Daniel Stenberg
520bd5225c
cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies
Add test 676 to verify that setting CURLOPT_COOKIEFILE to NULL again clears
the cookiejar from memory.

Reported-by: Stefan Karpinski
Fixes #6889
Closes #6891
2021-04-14 23:09:36 +02:00
Daniel Stenberg
85e6975643
copyright: update copyright year ranges to 2021
Reviewed-by: Emil Engler
Closes #6802
2021-03-27 23:00:14 +01:00
Daniel Stenberg
6d176bee59
http: make 416 not fail with resume + CURLOPT_FAILONERRROR
When asked to resume a download, libcurl will convert that to HTTP logic
and if then the entire file is already transferred it will result in a
416 response from the HTTP server. With CURLOPT_FAILONERRROR set in that
scenario, it should *not* lead to an error return.

Updated test 1156, added test 1273

Reported-by: Jonathan Watt
Fixes #6740
Closes #6753
2021-03-17 08:26:46 +01:00
Daniel Stenberg
dcccd8dd25
configure: provide Largefile feature for curl-config
... as cmake now does it correctly, and make test1014 check for it

Closes #6702
2021-03-11 10:12:30 +01:00
kokke
4088b25b33
lib1536: check ptr against NULL before dereferencing it
Closes #6710
2021-03-10 14:03:57 +01:00
kokke
b2d906754c
lib1537: check ptr against NULL before dereferencing it
Fixes #6707
Closes #6708
2021-03-10 14:01:55 +01:00
Marcel Raad
4c02d003ff
tests: reduce variable scopes
Closes https://github.com/curl/curl/pull/6576
2021-02-10 16:47:09 +01:00
Daniel Stenberg
115c9e27f5
ftp: add 'prefer_ascii' to the transfer state struct
... and make sure the code never updates 'set.prefer_ascii' as it breaks
handle reuse which should use the setting as the user specified it.

Added test 1569 to verify: it first makes an FTP transfer with ';type=A'
and then another without type on the same handle and the second should
then use binary. Previously, curl failed this.

Closes #6578
2021-02-09 14:06:28 +01:00
Fabian Keil
124198631b
tests: fixup several tests
missing CRs and modified %hostip

lib556/test556: use a real HTTP version to make test reuse more convenient

make sure the weekday in Date headers matches the date

test61: replace stray "^M" (5e 4d) at the end of a cookie with a '^M' (0d)

Gets the test working with external proxies like Privoxy again.

Closes #6463
2021-02-09 00:28:19 +01:00
Daniel Stenberg
2605a6fabb
copyright: fix year ranges in need of updates 2021-02-03 08:02:36 +01:00
Dmitry Wagin
796ce293de
http: improve AWS HTTP v4 Signature auth
- Add support services without region and service prefixes in
the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc)
by providing region and service parameters via aws-sigv4 option.
- Add [:region[:service]] suffix to aws-sigv4 option;
- Fix memory allocation errors.
- Refactor memory management.
- Use Curl_http_method instead() STRING_CUSTOMREQUEST.
- Refactor canonical headers generating.
- Remove repeated sha256_to_hex() usage.
- Add some docs fixes.
- Add some codestyle fixes.
- Add overloaded strndup() for debug - curl_dbg_strndup().
- Update tests.

Closes #6524
2021-01-30 23:48:22 +01:00
Daniel Stenberg
30e7641d7d
test1918: verify curl_easy_option_by_name() and curl_easy_option_by_id()
... and as a practical side-effect, make sure that the
Curl_easyopts_check() function is asserted in debug builds, which we
want to detect mismatches between the options list in easyoptions.c and
the options in curl.h

Found-by: Gisle Vanem
Bug: 08e8455ddd (commitcomment-45991815)

Closes #6461
2021-01-15 17:03:29 +01:00
Daniel Stenberg
1123a0eb24
mime: make sure setting MIMEPOST to NULL resets properly
... so that a function can first use MIMEPOST and then set it to NULL to
reset it back to a blank POST.

Added test 584 to verify the fix.

Reported-by: Christoph M. Becker

Fixes #6455
Closes #6456
2021-01-15 08:33:27 +01:00
Daniel Stenberg
75f7ab28d2
lib/unit tests: add missing curl_global_cleanup() calls 2021-01-06 15:13:45 +01:00
Daniel Stenberg
648712eec1
httpauth: make multi-request auth work with custom port
When doing HTTP authentication and a port number set with CURLOPT_PORT,
the code would previously have the URL's port number override as if it
had been a redirect to an absolute URL.

Added test 1568 to verify.

Reported-by: UrsusArctos on github
Fixes #6397
Closes #6400
2021-01-02 23:40:47 +01:00
Emil Engler
725ec470e2
language: s/behaviour/behavior/g
We currently use both spellings the british "behaviour" and the american
"behavior". However "behavior" is more used in the project so I think
it's worth dropping the british name.

Closes #6395
2021-01-02 23:35:59 +01:00
Olaf Hering
f2ed79d8ee
docs/examples: adjust prototypes for CURLOPT_READFUNCTION
The type of the buffer in curl_read_callback is 'char *', not 'void *'.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Closes #6392
2020-12-30 22:20:24 +01:00
Daniel Stenberg
a93c647de8
examples/libtest: add .checksrc to dist
... so that (auto)builds from tarballs also get the correct instructions.

Fixes #6176
Closes #6353
2020-12-21 17:06:06 +01:00
Matthias Gatto
ebdb5f23cc
tests: add very simple AWS HTTP v4 Signature test
Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
2020-12-21 16:28:03 +01:00
Daniel Stenberg
debf23eead
mqtt: handle POST/PUBLISH without a set POSTFIELDSIZE
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28735

Added test 1916 and 1917 to verify.

Closes #6338
2020-12-18 12:54:05 +01:00
Daniel Stenberg
ff4d2c2a05
test1522: add debug tracing
I used this to track down some issues and I figured I could just as well
keep this extra logging in here for future needs.

Closes #6331
2020-12-17 16:55:56 +01:00
Daniel Stenberg
6cd066f64b
lib1564/5: verify that curl_multi_wakeup returns OK 2020-12-11 17:42:17 +01:00
Rikard Falkeborn
920f49a20b
infof/failf calls: fix format specifiers
Update a few format specifiers to match what is being printed.

Closes #6241
2020-11-24 13:18:41 +01:00
Daniel Stenberg
ac0a88fd25
copyright: fix year ranges
Follow-up from 4d2f800677
2020-11-05 08:22:10 +01:00
Daniel Stenberg
4d2f800677
curl.se: new home
Closes #6172
2020-11-04 23:59:47 +01:00
Harry Sintonen
77a7b93c25
rtsp: fixed the RTST Session ID mismatch in test 570
Closes #6161
2020-11-04 08:14:16 +01:00
Daniel Stenberg
2cfc4ed983
hsts: add read/write callbacks
- read/write callback options
- man pages for the 4 new setopts
- test 1915 verifies the callbacks

Closes #5896
2020-11-03 16:08:48 +01:00
Daniel Stenberg
95d30409be
tests: add missing global_init/cleanup calls
Without the cleanup call in these test files, the mbedTLS backend leaks
memory.

Closes #6156
2020-11-02 09:14:18 +01:00
Daniel Stenberg
b7ea3d2c22
urlapi: URL encode a '+' in the query part
... when asked to with CURLU_URLENCODE.

Extended test 1560 to verify.
Reported-by: Dietmar Hauser
Fixes #6086
Closes #6087
2020-10-15 23:21:53 +02:00
Daniel Stenberg
26a7d51c21
checksrc: warn on space after exclamation mark
Closes #6034
2020-10-02 16:35:53 +02:00
Daniel Stenberg
3d64031fa7
symbian: drop support
The OS is deprecated. I see no traces of anyone having actually built
curl for Symbian after 2012.

The public headers are unmodified.

Closes #5989
2020-09-22 15:14:12 +02:00
Daniel Stenberg
7ea2e1d0c5
ftp: a 550 response to SIZE returns CURLE_REMOTE_FILE_NOT_FOUND
This is primarily interesting for cases where CURLOPT_NOBODY is set as
previously curl would not return an error for this case.

MDTM getting 550 now also returns this error (it returned
CURLE_FTP_COULDNT_RETR_FILE before) in order to unify return codes for
missing files across protocols and specific FTP commands.

libcurl already returns error on a 550 as a MDTM response (when
CURLOPT_FILETIME is set). If CURLOPT_NOBODY is not set, an error would
happen subsequently anyway since the RETR command would fail.

Add test 1913 and 1914 to verify. Updated several tests accordingly due
to the updated SIZE behavior.

Reported-by: Tomas Berger
Fixes #5953
Closes #5957
2020-09-14 12:53:12 +02:00
Daniel Stenberg
47dd957daf
curl: use curlx_dynbuf for realloc when loading config files
... fixes an integer overflow at the same time.

Reported-by: ihsinme on github
Assisted-by: Jay Satiro

Closes #5946
2020-09-14 08:32:45 +02:00
Daniel Stenberg
558dffe306
lib583: fix enum mixup
grrr the previous follow-up to 17fcdf6a31 was wrong
2020-09-08 22:48:16 +02:00
Daniel Stenberg
ab213d60ed
libtest: fix build errors
Follow-up from 17fcdf6a31
2020-09-08 17:37:25 +02:00