1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-14 21:45:13 -05:00
Commit Graph

332 Commits

Author SHA1 Message Date
Daniel Stenberg
a9bc819c89
sasl: use 'unsigned short' to store mechanism
... saves a few bytes of struct size in memory and it only uses
10 bits anyway.

Closes #7045
2021-05-12 00:16:52 +02:00
Daniel Stenberg
1763aceb0c
http: limit the initial send amount to used upload buffer size
Previously this logic would cap the send to CURL_MAX_WRITE_SIZE bytes,
but for the situations where a larger upload buffer has been set, this
function can benefit from sending more bytes. With default size used,
this does the same as before.

Also changed the storage of the size to an 'unsigned int' as it is not
allowed to be set larger than 2M.

Also added cautions to the man pages about changing buffer sizes in
run-time.

Closes #7022
2021-05-07 08:51:39 +02:00
Daniel Stenberg
5f08a5acd5
pingpong: rename the curl_pp_transfer enum to use PP prefix
Using an FTP prefix for PP provided functionality was misleading.
2021-02-04 23:06:03 +01:00
Daniel Stenberg
7173fe98ba
pingpong: remove the 'conn' struct member
... as it's superfluous now when Curl_easy is passed in and we can
derive the connection from that instead and avoid the duplicate copy.

Closes #6525
2021-01-26 10:12:59 +01:00
Daniel Stenberg
560fc170ec
url: reduce conn->data references
... there are a few left but let's keep them to last

Closes #6512
2021-01-26 10:00:59 +01:00
Patrick Monnerat
ecb13416e3
lib: remove conn->data uses
Closes #6499
2021-01-24 18:15:03 +01:00
Daniel Stenberg
a304051620
lib: more conn->data cleanups
Closes #6479
2021-01-19 09:14:51 +01:00
Patrick Monnerat
bbe3aa9f88
vtls: reduce conn->data use
Closes #6474
2021-01-19 09:14:40 +01:00
Daniel Stenberg
215db086e0
lib: pass in 'struct Curl_easy *' to most functions
... in most cases instead of 'struct connectdata *' but in some cases in
addition to.

- We mostly operate on transfers and not connections.

- We need the transfer handle to log, store data and more. Everything in
  libcurl is driven by a transfer (the CURL * in the public API).

- This work clarifies and separates the transfers from the connections
  better.

- We should avoid "conn->data". Since individual connections can be used
  by many transfers when multiplexing, making sure that conn->data
  points to the current and correct transfer at all times is difficult
  and has been notoriously error-prone over the years. The goal is to
  ultimately remove the conn->data pointer for this reason.

Closes #6425
2021-01-17 23:56:09 +01:00
Daniel Stenberg
a95a6ce6b8
urldata: remove 'void *protop' and create the union 'p'
... to avoid the use of 'void *' for the protocol specific structs done
per transfer.

Closes #6238
2020-11-23 16:16:16 +01:00
Daniel Stenberg
4d2f800677
curl.se: new home
Closes #6172
2020-11-04 23:59:47 +01:00
Daniel Stenberg
675eeb1c94
pingpong: use a dynbuf for the *_pp_sendf() function
... reuses the same dynamic buffer instead of doing repeated malloc/free
cycles.

Test case 100 (FTP dir list PASV) does 7 fewer memory allocation calls
after this change in my test setup (132 => 125), curl 7.72.0 needed 140
calls for this.

Test case 103 makes 9 less allocations now (130). Down from 149 in
7.72.0.

Closes #6004
2020-09-23 15:14:09 +02:00
Daniel Stenberg
6434a73984
Curl_handler: add 'family' to each protocol
Makes get_protocol_family() faster and it moves the knowledge about the
"families" to each protocol handler, where it belongs.

Closes #5986
2020-09-21 23:30:16 +02:00
Daniel Stenberg
265717d271
smtp_parse_address: handle blank input string properly
Closes #5792
2020-08-07 11:49:36 +02:00
Daniel Stenberg
31e53584db
escape: make the URL decode able to reject only %00 bytes
... or all "control codes" or nothing.

Assisted-by: Nicolas Sterchele
2020-06-25 09:57:18 +02:00
Daniel Stenberg
7414fb25a2
urldata: connect related booleans live in struct ConnectBits
And remove a few unused booleans!

Closes #5461
2020-05-27 08:02:47 +02:00
Daniel Stenberg
446fb0518b
smtp: set auth correctly
Regression since 7.69.0 and 68fb25fa3f.

The code wrongly assigned 'from' instead of 'auth' which probably was a
copy and paste mistake from other code, leading to that auth could
remain NULL and later cause an error to be returned.

Assisted-by: Eric Sauvageau
Fixes #5294
Closes #5295
2020-04-25 14:14:43 +02:00
Daniel Gustafsson
10822c652c lib: fix typos in comments and errormessages
This fixes a few randomly spotted typos in recently merged code, most
notably one in a userfacing errormessage the schannel code.
2020-04-20 10:12:22 +02:00
Daniel Stenberg
aeb292301a
smtp: overwriting 'from' leaks memory
Detected by Coverity. CID 1418139.

Also, make sure to return error if the new 'from' allocation fails.

Closes #4997
2020-02-28 16:52:33 +01:00
Daniel Stenberg
81ade13c37
smtp: fix memory leak on exit path
Detected by Coverity. CID 1418139. "leaked_storage: Variable 'from'
going out of scope leaks the storage it points to"

Closes #4990
2020-02-27 17:08:30 +01:00
Daniel Stenberg
1d1e9e8ad7
Curl_is_ASCII_name: handle a NULL argument
Make the function tolerate a NULL pointer input to avoid dereferencing
that pointer.

Follow-up to efce3ea5a8
Detected by OSS-Fuzz
Reviewed-By: Steve Holme
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20907
Fixes #4985
Closes #4986
2020-02-27 13:55:29 +01:00
Steve Holme
8220ec8219
smtp: Tidy up, following recent changes, to maintain the coding style
Closes #4892
2020-02-26 14:54:51 +00:00
Steve Holme
34a1ffb05f
smtp: Support the SMTPUTF8 extension for the EXPN command
Simply notify the server we support the SMTPUTF8 extension if it does.
2020-02-26 14:54:51 +00:00
Steve Holme
efce3ea5a8
smtp: Support the SMTPUTF8 extension in the VRFY command 2020-02-26 14:54:51 +00:00
Steve Holme
483edeb8dd
smtp: Support the SMTPUTF8 extension in the RCPT TO command
Note: The RCPT TO command isn't required to advertise to the server that
it contains UTF-8 characters, instead the server is told that a mail may
contain UTF-8 in any envelope command via the MAIL command.
2020-02-26 14:54:51 +00:00
Steve Holme
aba1bf630f
smtp: Support the SMTPUTF8 extension in the MAIL command
Support the SMTPUTF8 extension when sending mailbox information in the
MAIL command (FROM and AUTH parameters). Non-ASCII domain names will
be ACE encoded, if IDN is supported, whilst non-ASCII characters in
the local address part are passed to the server.

Reported-by: ygthien on github
Fixes #4828
2020-02-26 14:49:40 +00:00
Steve Holme
4754c55cd7
smtp: Detect server support for the UTF-8 extension as defined in RFC-6531 2020-02-26 14:04:37 +00:00
Steve Holme
2aa6c1735a
smtp: Support UTF-8 based host names in the VRFY command 2020-02-26 11:02:38 +00:00
Steve Holme
e7959c280c
smtp: Support UTF-8 based host names in the RCPT TO command 2020-02-26 11:02:38 +00:00
Steve Holme
68fb25fa3f
smtp: Support UTF-8 based host names in the MAIL command
Non-ASCII host names will be ACE encoded if IDN is supported.
2020-02-26 11:02:38 +00:00
Steve Holme
0b8651d48b
smtp: Simplify the MAIL command and avoid a duplication of send strings
This avoids the duplication of strings when the optional AUTH and SIZE
parameters are required. It also assists with the modifications that
are part of #4892.

Closes #4903
2020-02-09 23:08:47 +00:00
Pavel Volgarev
4a4609bf3c
smtp: Allow RCPT TO command to fail for some recipients
Introduces CURLOPT_MAIL_RCPT_ALLLOWFAILS.

Verified with the new tests 3002-3007

Closes #4816
2020-01-21 10:40:19 +01:00
Daniel Stenberg
4d0306c698
smtp: check for and bail out on too short EHLO response
Otherwise, a three byte response would make the smtp_state_ehlo_resp()
function misbehave.

Credit to OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/16918

Assisted-by: Max Dymond

Closes #4287
2019-09-03 08:25:23 +02:00
Daniel Stenberg
a55faf33d4
cleanup: remove the 'numsocks' argument used in many places
It was used (intended) to pass in the size of the 'socks' array that is
also passed to these functions, but was rarely actually checked/used and
the array is defined to a fixed size of MAX_SOCKSPEREASYHANDLE entries
that should be used instead.

Closes #4169
2019-07-30 23:16:44 +02:00
Marcel Raad
e23c52b329
build: fix Codacy warnings
Reduce variable scopes and remove redundant variable stores.

Closes https://github.com/curl/curl/pull/3975
2019-06-05 20:38:06 +02:00
Daniel Stenberg
8ece8177f1
cleanup: remove FIXME and TODO comments
They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing
or rephrasing them.

Ref: #3876
Closes #3883
2019-05-16 09:16:56 +02:00
Steve Holme
166ace8be0 emailL Added reference to RFC8314 for implicit TLS 2019-04-11 01:19:15 +01:00
Rikard Falkeborn
f5a77473c5 smtp: fix compiler warning
- Fix clang string-plus-int warning.

Clang 8 warns about adding a string to an int does not append to the
string. Indeed it doesn't, but that was not the intention either. Use
array indexing as suggested to silence the warning. There should be no
functional changes.

(In other words clang warns about "foo"+2 but not &"foo"[2] so use the
latter.)

smtp.c:1221:29: warning: adding 'int' to a string does not append to the
string [-Wstring-plus-int]
      eob = strdup(SMTP_EOB + 2);
            ~~~~~~~~~~~~~~~~^~~~

Closes https://github.com/curl/curl/pull/3729
2019-04-04 21:11:42 -04:00
Daniel Stenberg
65eb65fde6
urldata: simplify bytecounters
- no need to have them protocol specific

- no need to set pointers to them with the Curl_setup_transfer() call

- make Curl_setup_transfer() operate on a transfer pointer, not
  connection

- switch some counters from long to the more proper curl_off_t type

Closes #3627
2019-03-01 17:30:34 +01:00
Daniel Gustafsson
39df4073e5
smtp: avoid risk of buffer overflow in strtol
If the incoming len 5, but the buffer does not have a termination
after 5 bytes, the strtol() call may keep reading through the line
buffer until is exceeds its boundary. Fix by ensuring that we are
using a bounded read with a temporary buffer on the stack.

Bug: https://curl.haxx.se/docs/CVE-2019-3823.html
Reported-by: Brian Carpenter (Geeknik Labs)
CVE-2019-3823
2019-02-04 08:22:32 +01:00
Daniel Stenberg
154a17b6ee
pingpong: ignore regular timeout in disconnect phase
The timeout set with CURLOPT_TIMEOUT is no longer used when
disconnecting from one of the pingpong protocols (FTP, IMAP, SMTP,
POP3).

Reported-by: jasal82 on github

Fixes #3264
Closes #3374
2018-12-17 12:33:00 +01:00
Daniel Stenberg
46e164069d
url: use the URL API internally as well
... to make it a truly unified URL parser.

Closes #3017
2018-09-22 11:58:10 +02:00
Daniel Stenberg
2825f46d95
CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
This is step 3 of #2888.

Fixes #2888
Closes #2896
2018-09-06 10:53:39 +02:00
Daniel Stenberg
ba1dbd78e5
smtp: use the upload buffer size for scratch buffer malloc
... not the read buffer size, as that can be set smaller and thus cause
a buffer overflow! CVE-2018-0500

Reported-by: Peter Wu
Bug: https://curl.haxx.se/docs/adv_2018-70a2.html
2018-07-09 08:15:48 +02:00
Marian Klymov
c45360d463
cppcheck: fix warnings
- Get rid of variable that was generating false positive warning
(unitialized)

- Fix issues in tests

- Reduce scope of several variables all over

etc

Closes #2631
2018-06-11 11:14:48 +02:00
Patrick Monnerat
62cf2d180e smtp: fix processing of initial dot in data
RFC 5321 4.1.1.4 specifies the CRLF terminating the DATA command
should be taken into account when chasing the <CRLF>.<CRLF> end marker.
Thus a leading dot character in data is also subject to escaping.

Tests 911 and test server are adapted to this situation.
New tests 951 and 952 check proper handling of initial dot in data.

Closes #2304
2018-02-12 16:43:15 +01:00
Daniel Stenberg
8dd4edeb90
smtp/pop3/imap_get_message: decrease the data length too...
Follow-up commit to 615edc1f73 which was incomplete.

Assisted-by: Max Dymond
Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5206
2018-01-15 21:40:52 +01:00
Daniel Stenberg
615edc1f73
sasl_getmesssage: make sure we have a long enough string to pass
For pop3/imap/smtp, added test 891 to somewhat verify the pop3
case.

For this, I enhanced the pingpong test server to be able to send back
responses with LF-only instead of always using CRLF.

Closes #2150
2017-12-05 17:05:44 +01:00
Daniel Stenberg
5d543fe906 time: rename Curl_tvnow to Curl_now
... since the 'tv' stood for timeval and this function does not return a
timeval struct anymore.

Also, cleaned up the Curl_timediff*() functions to avoid typecasts and
clean up the descriptive comments.

Closes #2011
2017-10-25 18:48:05 +02:00
Daniel Stenberg
38ab7b4ccb
smtp_done: free data before returning (on send failure)
... as otherwise it could leak that memory.

Detected by OSS-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600

Assisted-by: Max Dymond
Closes #1977
2017-10-10 22:56:50 +02:00