1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-24 17:18:48 -05:00
Commit Graph

216 Commits

Author SHA1 Message Date
Niall
b6a53fff6c
doh: improced both encoding and decoding
Improved estimation of expected_len and updated related comments;
increased strictness of QNAME-encoding, adding error detection for empty
labels and names longer than the overall limit; avoided treating DNAME
as unexpected;

updated unit test 1655 with more thorough set of proofs and tests

Closes #4598
2019-11-16 16:15:03 +01:00
Vilhelm Prytz
d0319adb0c
copyrights: update all copyright notices to 2019 on files changed this year
Closes #4547
2019-11-02 23:15:56 +01:00
Daniel Stenberg
dcd7e37c3a
url: make Curl_close() NULLify the pointer too
This is the common pattern used in the code and by a unified approach we
avoid mistakes.

Closes #4534
2019-10-30 09:36:21 +01:00
Daniel Stenberg
c24cf6c64c
altsvc: accept quoted ma and persist values
As mandated by the spec. Test 1654 is extended to verify.

Closes #4443
2019-09-30 16:35:12 +02:00
Marcel Raad
73089bf7f3
tests: fix narrowing conversion warnings
`timediff_t` is 64 bits wide also on 32-bit systems since
commit b1616dad8f.

Closes https://github.com/curl/curl/pull/4415
2019-09-27 08:28:10 +02:00
Daniel Stenberg
3ad883aeda
unit1655: make it C90 compliant
Unclear why this was not detected in the CI.

Follow-up to b766602729
2019-09-16 14:30:44 +02:00
Paul Dreik
b766602729
doh: fix (harmless) buffer overrun
Added unit test case 1655 to verify.
Close #4352

the code correctly finds the flaws in the old code,
if one temporarily restores doh.c to the old version.
2019-09-15 23:25:24 +02:00
Daniel Stenberg
84ced9389e
Curl_addr2string: take an addrlen argument too
This allows the function to figure out if a unix domain socket has a
file name or not associated with it! When a socket is created with
socketpair(), as done in the fuzzer testing, the path struct member is
uninitialized and must not be accessed.

Bug: https://crbug.com/oss-fuzz/16699

Closes #4283
2019-08-31 11:41:56 +02:00
Daniel Stenberg
db061571ef
http3: make connection reuse work
Closes #4204
2019-08-09 12:26:02 +02:00
Daniel Stenberg
69b3ff5118
alt-svc: add protocol version selection masking
So that users can mask in/out specific HTTP versions when Alt-Svc is
used.

 - Removed "h2c" and updated test case accordingly
 - Changed how the altsvc struct is laid out
 - Added ifdefs to make the unittest run even in a quiche-tree

Closes #4201
2019-08-08 09:10:29 +02:00
Daniel Stenberg
ff3876046e
unit1654: cleanup on memory failure
... to make it handle torture tests properly.

Reported-by: Marcel Raad
Fixes #4021
Closes #4022
2019-06-13 17:22:51 +02:00
Daniel Stenberg
deb9462ff2
wolfssl: refer to it as wolfSSL only
Remove support for, references to and use of "cyaSSL" from the source
and docs. wolfSSL is the current name and there's no point in keeping
references to ancient history.

Assisted-by: Daniel Gustafsson

Closes #3903
2019-06-10 09:18:16 +02:00
Daniel Stenberg
8ece8177f1
cleanup: remove FIXME and TODO comments
They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing
or rephrasing them.

Ref: #3876
Closes #3883
2019-05-16 09:16:56 +02:00
Daniel Stenberg
bdb2dbc103
urlapi: strip off scope id from numerical IPv6 addresses
... to make the host name "usable". Store the scope id and put it back
when extracting a URL out of it.

Also makes curl_url_set() syntax check CURLUPART_HOST.

Fixes #3817
Closes #3822
2019-05-03 12:17:22 +02:00
Daniel Gustafsson
90d9e9460e tests: Run global cleanup at end of tests
Make sure to run curl_global_cleanup() when shutting down the test
suite to release any resources allocated in the SSL setup. This is
clearly visible when running tests with PolarSSL where the thread
lock calloc() memory which isn't released when not running cleanup.
Below is an excerpt from the autobuild logs:

  ==12368== 96 bytes in 1 blocks are possibly lost in loss record 1 of 2
  ==12368== at 0x4837B65: calloc (vg_replace_malloc.c:752)
  ==12368== by 0x11A76E: curl_dbg_calloc (memdebug.c:205)
  ==12368== by 0x145CDF: Curl_polarsslthreadlock_thread_setup
                         (polarssl_threadlock.c:54)
  ==12368== by 0x145B37: Curl_polarssl_init (polarssl.c:865)
  ==12368== by 0x14129D: Curl_ssl_init (vtls.c:171)
  ==12368== by 0x118B4C: global_init (easy.c:158)
  ==12368== by 0x118BF5: curl_global_init (easy.c:221)
  ==12368== by 0x118D0B: curl_easy_init (easy.c:299)
  ==12368== by 0x114E96: test (lib1906.c:32)
  ==12368== by 0x115495: main (first.c:174)

Closes #3783
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-04-15 15:23:58 +02:00
Daniel Stenberg
f73de32d46
CURLOPT_DNS_USE_GLOBAL_CACHE: remove
Remove the code too. The functionality has been disabled in code since
7.62.0. Setting this option will from now on simply be ignored and have
no function.

Closes #3654
2019-04-11 22:22:39 +02:00
Daniel Gustafsson
06ace0ba98 xattr: skip unittest on unsupported platforms
The stripcredentials unittest fails to compile on platforms without
xattr support, for example the Solaris member in the buildfarm which
fails with the following:

  CC unit1621-unit1621.o
  CC ../libtest/unit1621-first.o
  CCLD unit1621
  Undefined first referenced
  symbol in file
  stripcredentials unit1621-unit1621.o
  goto problem 2
  ld: fatal: symbol referencing errors. No output written to .libs/unit1621
  collect2: error: ld returned 1 exit status
  gmake[2]: *** [Makefile:996: unit1621] Error 1

Fix by excluding the test on such platforms by using the reverse
logic from where stripcredentials() is defined.

Closes #3759
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-04-11 09:22:22 +02:00
Daniel Stenberg
5cf5d57ab9
makefile: make checksrc and hugefile commands "silent"
... to match the style already used for compiling, linking
etc. Acknowledges 'make V=1' to enable verbose.

Closes #3681
2019-03-14 20:11:24 +01:00
Daniel Stenberg
a4cc978906
tests: fix multiple may be used uninitialized warnings 2019-03-05 14:38:25 +01:00
Daniel Stenberg
e1be825453
alt-svc: the libcurl bits 2019-03-03 11:17:52 +01:00
Daniel Stenberg
5908e900be
unit1651: survive curl_easy_init() fails 2019-02-19 09:08:28 +01:00
Marcel Raad
208c77713a
unit1307: just fail without FTP support
I missed to check this in with commit
71786c0505, which only disabled the test.
This fixes the actual linker error.

Closes https://github.com/curl/curl/pull/3568
2019-02-15 09:50:52 +01:00
Daniel Stenberg
05b100aee2
cleanup: make local functions static
urlapi: turn three local-only functions into statics

conncache: make conncache_find_first_connection static

multi: make detach_connnection static

connect: make getaddressinfo static

curl_ntlm_core: make hmac_md5 static

http2: make two functions static

http: make http_setup_conn static

connect: make tcpnodelay static

tests: make UNITTEST a thing to mark functions with, so they can be static for
normal builds and non-static for unit test builds

... and mark Curl_shuffle_addr accordingly.

url: make up_free static

setopt: make vsetopt static

curl_endian: make write32_le static

rtsp: make rtsp_connisdead static

warnless: remove unused functions

memdebug: remove one unused function, made another static
2019-02-10 18:38:57 +01:00
Daniel Stenberg
1b8fe0a8ae
unit1653: make it survive torture tests 2019-01-28 08:44:15 +01:00
Daniel Stenberg
ba243235ec
urldata: rename easy_conn to just conn
We use "conn" everywhere to be a pointer to the connection.

Introduces two functions that "attaches" and "detaches" the connection
to and from the transfer.

Going forward, we should favour using "data->conn" (since a transfer
always only has a single connection or none at all) to "conn->data"
(since a connection can have none, one or many transfers associated with
it and updating conn->data to be correct is error prone and a frequent
reason for internal issues).

Closes #3442
2019-01-11 15:35:13 +01:00
Daniel Stenberg
98e6629154
xattr: strip credentials from any URL that is stored
Both user and password are cleared uncondtitionally.

Added unit test 1621 to verify.

Fixes #3423
Closes #3433
2019-01-10 10:49:51 +01:00
Rikard Falkeborn
fa2d6ba84d
printf: fix format specifiers
Closes #3426
2019-01-04 23:50:48 +01:00
Daniel Gustafsson
a4482b21bd urlapi: fix parsing ipv6 with zone index
The previous fix for parsing IPv6 URLs with a zone index was a paddle
short for URLs without an explicit port. This patch fixes that case
and adds a unit test case.

This bug was highlighted by issue #3408, and while it's not the full
fix for the problem there it is an isolated bug that should be fixed
regardless.

Closes #3411
Reported-by: GitYuanQu on github
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-30 20:11:57 +01:00
Daniel Gustafsson
d8607da1a6 urlapi: Fix port parsing of eol colon
A URL with a single colon without a portnumber should use the default
port, discarding the colon. Fix, add a testcase and also do little bit
of comment wordsmithing.

Closes #3365
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-12 11:48:04 +01:00
Daniel Gustafsson
e1be2ecba4 tests: add urlapi unittest
This adds a new unittest intended to cover the internal functions in
the urlapi code, starting with parse_port(). In order to avoid name
collisions in debug builds, parse_port() is renamed Curl_parse_port()
since it will be exported.

Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-12-11 15:02:24 +01:00
Daniel Stenberg
dcd6f81025
snprintf: renamed and we now only use msnprintf()
The function does not return the same value as snprintf() normally does,
so readers may be mislead into thinking the code works differently than
it actually does. A different function name makes this easier to detect.

Reported-by: Tomas Hoger
Assisted-by: Daniel Gustafsson
Fixes #3296
Closes #3297
2018-11-23 08:26:51 +01:00
Michael Kaufmann
53db15ba55 netrc: don't ignore the login name specified with "--user"
- for "--netrc", don't ignore the login/password specified with "--user",
  only ignore the login/password in the URL.
  This restores the netrc behaviour of curl 7.61.1 and earlier.
- fix the documentation of CURL_NETRC_REQUIRED
- improve the detection of login/password changes when reading .netrc
- don't read .netrc if both login and password are already set

Fixes #3213
Closes #3224
2018-11-05 20:34:01 +01:00
Daniel Gustafsson
60e3d1f210 unittest: make 1652 stable across collations
The previous coding used a format string whose output depended on the
current locale of the environment running the test. Since the gist of
the test is to have a format string, with the actual formatting being
less important, switch to a more stable formatstring with decimals.

Reported-by: Marcel Raad
Closes #3234
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-11-05 09:51:33 +01:00
Daniel Gustafsson
c37b66aaae infof: clearly indicate truncation
The internal buffer in infof() is limited to 2048 bytes of payload plus
an additional byte for NULL termination. Servers with very long error
messages can however cause truncation of the string, which currently
isn't very clear, and leads to badly formatted output.

This appends a "...\n" (or just "..." in case the format didn't with a
newline char) marker to the end of the string to clearly show
that it has been truncated.

Also include a unittest covering infof() to try and catch any bugs
introduced in this quite important function.

Closes #3216
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-11-03 20:54:18 +01:00
Daniel Stenberg
302d125b42
axtls: removed
As has been outlined in the DEPRECATE.md document, the axTLS code has
been disabled for 6 months and is hereby removed.

Use a better supported TLS library!

Assisted-by: Daniel Gustafsson
Closes #3194
2018-11-01 10:29:53 +01:00
Daniel Stenberg
5728229a4f
unit1650: fix "null pointer passed as argument 1 to memcmp"
Detected by UndefinedBehaviorSanitizer

Closes #3187
2018-10-29 16:14:40 +01:00
Daniel Stenberg
0b58ffe0c9
unit1300: fix stack-use-after-scope AddressSanitizer warning
Closes #3186
2018-10-29 08:05:23 +01:00
Daniel Stenberg
a669e06946
test1651: unit test Curl_extract_certinfo()
The version used for Gskit, NSS, GnuTLS, WolfSSL and schannel.
2018-10-27 15:59:43 +02:00
Daniel Stenberg
7f00146d00
doh: keep the IPv4 address in (original) network byte order
Ideally this will fix the reversed order shown in SPARC tests:

  resp 8: Expected 127.0.0.1 got 1.0.0.127

Closes #3091
2018-10-05 22:15:34 +02:00
Daniel Stenberg
b8ab30d309
test1650: make it depend on http/2
Follow-up to 570008c99d as it gets link errors.

Reported-by: Michael Kaufmann
Closes #3068
2018-10-01 07:56:49 +02:00
Viktor Szakats
b801b453af whitespace fixes
- replace tabs with spaces where possible
- remove line ending spaces
- remove double/triple newlines at EOF
- fix a non-UTF-8 character
- cleanup a few indentations/line continuations
  in manual examples

Closes https://github.com/curl/curl/pull/3037
2018-09-23 22:24:02 +00:00
Daniel Stenberg
d5cbbe8397
unit1650: fix out of boundary access
Fixes #2987
Closes #3035
2018-09-23 23:07:06 +02:00
Daniel Stenberg
f2b1a18975
DOH: add test case 1650 and 2100 2018-09-06 09:17:25 +02:00
Jim Fuller
b004a174ea
tests: add unit tests for url.c
Approved-by: Daniel Gustafsson
Closes #2937
2018-09-05 14:30:48 +02:00
Anderson Toshiyuki Sasaki
298d2565e2
ssl: set engine implicitly when a PKCS#11 URI is provided
This allows the use of PKCS#11 URI for certificates and keys without
setting the corresponding type as "ENG" and the engine as "pkcs11"
explicitly. If a PKCS#11 URI is provided for certificate, key,
proxy_certificate or proxy_key, the corresponding type is set as "ENG"
if not provided and the engine is set to "pkcs11" if not provided.

Acked-by: Nikos Mavrogiannopoulos
Closes #2333
2018-08-08 09:46:01 +02:00
Ruslan Baratov
d1207c07d0
CMake: Update scripts to use consistent style
Closes #2727
Reviewed-by: Sergei Nikulov
2018-07-17 11:54:07 +02:00
Marian Klymov
c45360d463
cppcheck: fix warnings
- Get rid of variable that was generating false positive warning
(unitialized)

- Fix issues in tests

- Reduce scope of several variables all over

etc

Closes #2631
2018-06-11 11:14:48 +02:00
Alibek.Jorajev
f66d97b677
CURLOPT_RESOLVE: always purge old entry first
If there's an existing entry using the selected name.

Closes #2622
2018-06-01 12:47:52 +02:00
Daniel Stenberg
a115c6bbe7
fnmatch: use the system one if available
If configure detects fnmatch to be available, use that instead of our
custom one for FTP wildcard pattern matching. For standard compliance,
to reduce our footprint and to use already well tested and well
exercised code.

A POSIX fnmatch behaves slightly different than the internal function
for a few test patterns currently and the macOS one yet slightly
different. Test case 1307 is adjusted for these differences.

Closes #2626
2018-06-01 12:29:21 +02:00
Daniel Stenberg
6482773d30
fnmatch: insist on escaped bracket to match
A non-escaped bracket ([) is for a character group - as documented. It
will *not* match an individual bracket anymore. Test case 1307 updated
accordingly to match.

Problem detected by OSS-Fuzz, although this fix is probably not a final
fix for the notorious timeout issues.

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8525
Closes #2614
2018-05-28 23:57:31 +02:00