1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Commit Graph

9429 Commits

Author SHA1 Message Date
Daniel Stenberg
befaa7b14f
imap: support PREAUTH
It is a defined possible greeting at server startup that means the
connection is already authenticated. See
https://tools.ietf.org/html/rfc3501#section-7.1.4

Test 846 added to verify.

Fixes #1818
Closes #1820
2017-08-23 23:58:49 +02:00
Jay Satiro
00da16ca5b config-tpf: define SIZEOF_LONG
Recent changes that replaced CURL_SIZEOF_LONG in the source with
SIZEOF_LONG broke builds that use the premade configuration files and
don't have SIZEOF_LONG defined.

Bug: https://github.com/curl/curl/issues/1816
2017-08-23 03:17:10 -04:00
Gisle Vanem
beda1dbe11
config-dos: add missing defines, SIZEOF_* and two others
Bug: #1816
2017-08-22 23:34:47 +02:00
Viktor Szakats
43fb867a58 makefile.m32: add support for libidn2
libidn was replaced with libidn2 last year in configure.
Caveat: libidn2 may depend on a list of further libs.
These can be manually specified via CURL_LDFLAG_EXTRAS.

Closes https://github.com/curl/curl/pull/1815
2017-08-22 07:13:20 +00:00
Viktor Szakats
ebf46317ee config-win32: define SIZEOF_LONG
Recent changes that replaced CURL_SIZEOF_LONG in the source with
SIZEOF_LONG broke builds that use the premade configuration files and
don't have SIZEOF_LONG defined.

Closes https://github.com/curl/curl/pull/1814
2017-08-22 02:24:09 -04:00
Even Rouault
16c71fafb9
tftp: fix memory leak on too long filename
Fixes

$ valgrind --leak-check=full ~/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz

==9752== Memcheck, a memory error detector
==9752== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==9752== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==9752== Command: /home/even/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz
==9752==
curl: (71) TFTP file name too long

==9752==
==9752== HEAP SUMMARY:
==9752== 505 bytes in 1 blocks are definitely lost in loss record 11 of 11
==9752==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9752==    by 0x4E61CED: Curl_urldecode (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E75868: tftp_state_machine (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E761B6: tftp_do (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E711B6: multi_runsingle (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E71D00: curl_multi_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E6950D: curl_easy_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x40E0B7: operate_do (in /home/even/install-curl-git/bin/curl)
==9752==    by 0x40E849: operate (in /home/even/install-curl-git/bin/curl)
==9752==    by 0x402693: main (in /home/even/install-curl-git/bin/curl)

Fixes https://oss-fuzz.com/v2/testcase-detail/5232311106797568
Credit to OSS Fuzz

Closes #1808
2017-08-19 23:26:30 +02:00
Daniel Stenberg
9e82d125e6
http2_recv: return error better on fatal h2 errors
Ref #1012
Figured-out-by: Tatsuhiro Tsujikawa
2017-08-18 16:30:36 +02:00
Jan Alexander Steffens (heftig)
74dac344b2
http: Don't wait on CONNECT when there is no proxy
Since curl 7.55.0, NetworkManager almost always failed its connectivity
check by timeout. I bisected this to 5113ad04 (http-proxy: do the HTTP
CONNECT process entirely non-blocking).

This patch replaces !Curl_connect_complete with Curl_connect_ongoing,
which returns false if the CONNECT state was left uninitialized and lets
the connection continue.

Closes #1803
Fixes #1804

Also-fixed-by: Gergely Nagy
2017-08-18 15:25:22 +02:00
Daniel Stenberg
6b9bc5a4fe
CURL_SIZEOF_LONG: removed, use only SIZEOF_LONG 2017-08-17 10:27:00 +02:00
Daniel Stenberg
ae41dd85ed
config-win32: define SIZEOF_CURL_OFF_T 2017-08-17 10:26:59 +02:00
Daniel Stenberg
1286b7c09e
cmake: sizeof curl_off_t, remove unused detections 2017-08-17 10:26:59 +02:00
Daniel Stenberg
80d9e35598
system.h: remove all CURL_SIZEOF_* defines
... as they're not used externally and internally we check for the sizes
already in configure etc.

Closes #1767
2017-08-17 10:26:53 +02:00
Daniel Stenberg
c95eff4a11
ftp: fix CWD when doing multicwd then nocwd on same connection
Fixes #1782
Closes #1787
Reported-by: Peter Lamare
2017-08-17 10:08:11 +02:00
Viktor Szakats
b7b4dc0d49 ssh: add the ability to enable compression (for SCP/SFTP)
The required low-level logic was already available as part of
`libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1]
option.)

This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION`
(boolean) and the new `curl` command-line option `--compressed-ssh`
to request this `libssh2` feature. To have compression enabled, it
is required that the SSH server supports a (zlib) compatible
compression method and that `libssh2` was built with `zlib` support
enabled.

[1] https://www.libssh2.org/libssh2_session_flag.html

Ref: https://github.com/curl/curl/issues/1732
Closes https://github.com/curl/curl/pull/1735
2017-08-17 03:32:00 -04:00
Maksim Stsepanenka
801d8765ca http_proxy: fix build error for CURL_DOES_CONVERSIONS
Closes https://github.com/curl/curl/pull/1793
2017-08-16 14:41:31 -04:00
Nick Zitzmann
870d849d48 configure: check for __builtin_available() availability (#1788)
This change does two things:
1. It un-breaks the build in Xcode 9.0. (Xcode 9.0 is currently
   failing trying to compile connectx() in lib/connect.c.)
2. It finally weak-links the connectx() function, and falls back on
   connect() when run on older operating systems.
2017-08-16 12:24:39 -05:00
Daniel Stenberg
75536e529a
darwinssi: fix error: variable length array used 2017-08-16 07:58:44 +02:00
Benbuck Nason
774d49af52
cmake: remove dead code for DISABLED_THREADSAFE
Closes #1786
2017-08-15 23:40:54 +02:00
Ryan Winograd
43d036e724
progress: Track total times following redirects
Update the progress timers `t_nslookup`, `t_connect`, `t_appconnect`,
`t_pretransfer`, and `t_starttransfer` to track the total times for
these activities when a redirect is followed. Previously, only the times
for the most recent request would be tracked.

Related changes:

  - Rename `Curl_pgrsResetTimesSizes` to `Curl_pgrsResetTransferSizes`
    now that the function only resets transfer sizes and no longer
    modifies any of the progress timers.

  - Add a bool to the `Progress` struct that is used to prevent
    double-counting `t_starttransfer` times.

Added test case 1399.

Fixes #522 and Known Bug 1.8
Closes #1602
Reported-by: joshhe on github
2017-08-15 18:58:31 +02:00
Benbuck Nason
0969901eb9
cmake: remove dead code for CURL_DISABLE_RTMP
Closes #1785
2017-08-15 18:50:21 +02:00
Daniel Stenberg
ff50fe0348
strtoofft: reduce integer overflow risks globally
... make sure we bail out on overflows.

Reported-by: Brian Carpenter
Closes #1758
2017-08-14 23:33:41 +02:00
Daniel Stenberg
b748d7af7e
ipv6_scope: support unique local addresses
Fixes #1764
Closes #1773
Reported-by: James Slaughter
2017-08-13 17:52:15 +02:00
Salah-Eddin Shaban
d6ecb2c851
redirect: skip URL encoding for host names
This fixes redirects to IDN URLs

Fixes #1441
Closes #1762
Reported by: David Lord
2017-08-13 00:03:54 +02:00
Daniel Stenberg
7973baacea
bagder/Curl_tvdiff_us: fix the math
Regression since adef394ac5 (released in 7.55.0)

Reported-by: Han Qiao
Fixes #1769
Closes #1771
2017-08-12 17:25:50 +02:00
Even Rouault
6e0e152ce5
parse_proxy(): fix memory leak in case of invalid proxy server name
Fixes the below leak:

$ valgrind --leak-check=full ~/install-curl-git/bin/curl --proxy "http://a:b@/x" http://127.0.0.1
curl: (5) Couldn't resolve proxy name
==5048==
==5048== HEAP SUMMARY:
==5048==     in use at exit: 532 bytes in 12 blocks
==5048==   total heap usage: 5,288 allocs, 5,276 frees, 445,271 bytes allocated
==5048==
==5048== 2 bytes in 1 blocks are definitely lost in loss record 1 of 12
==5048==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5048==    by 0x4E6CB79: parse_login_details (url.c:5614)
==5048==    by 0x4E6BA82: parse_proxy (url.c:5091)
==5048==    by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346)
==5048==    by 0x4E6EA18: create_conn (url.c:6498)
==5048==    by 0x4E6F9B4: Curl_connect (url.c:6967)
==5048==    by 0x4E86D05: multi_runsingle (multi.c:1436)
==5048==    by 0x4E88432: curl_multi_perform (multi.c:2160)
==5048==    by 0x4E7C515: easy_transfer (easy.c:708)
==5048==    by 0x4E7C74A: easy_perform (easy.c:794)
==5048==    by 0x4E7C7B1: curl_easy_perform (easy.c:813)
==5048==    by 0x414025: operate_do (tool_operate.c:1563)
==5048==
==5048== 2 bytes in 1 blocks are definitely lost in loss record 2 of 12
==5048==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5048==    by 0x4E6CBB6: parse_login_details (url.c:5621)
==5048==    by 0x4E6BA82: parse_proxy (url.c:5091)
==5048==    by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346)
==5048==    by 0x4E6EA18: create_conn (url.c:6498)
==5048==    by 0x4E6F9B4: Curl_connect (url.c:6967)
==5048==    by 0x4E86D05: multi_runsingle (multi.c:1436)
==5048==    by 0x4E88432: curl_multi_perform (multi.c:2160)
==5048==    by 0x4E7C515: easy_transfer (easy.c:708)
==5048==    by 0x4E7C74A: easy_perform (easy.c:794)
==5048==    by 0x4E7C7B1: curl_easy_perform (easy.c:813)
==5048==    by 0x414025: operate_do (tool_operate.c:1563)

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2984
Credit to OSS Fuzz for discovery

Closes #1761
2017-08-11 11:52:56 +02:00
Daniel Stenberg
fd07ca1e20
openssl: fix "error: this statement may fall through"
A gcc7 warning.
2017-08-11 08:16:17 +02:00
David Benjamin
f26f6d258f
openssl: remove CONST_ASN1_BIT_STRING.
Just making the pointer as const works for the pre-1.1.0 path too.

Closes #1759
2017-08-11 08:15:58 +02:00
Jay Satiro
0b5665c98a digest_sspi: Don't reuse context if the user/passwd has changed
Bug: https://github.com/curl/curl/issues/1685
Reported-by: paulharris@users.noreply.github.com

Assisted-by: Isaac Boukris

Closes https://github.com/curl/curl/pull/1742
2017-08-10 01:40:05 -04:00
Viktor Szakats
13ef623a81
docs/comments: Update to secure URL versions
Closes #1741
2017-08-08 21:41:07 +02:00
Daniel Stenberg
358b2b131a tftp: reject file name lengths that don't fit
... and thereby avoid telling send() to send off more bytes than the
size of the buffer!

CVE-2017-1000100

Bug: https://curl.haxx.se/docs/adv_20170809B.html
Reported-by: Even Rouault

Credit to OSS-Fuzz for the discovery
2017-08-07 09:24:30 +02:00
Even Rouault
c9332fa5e8 file: output the correct buffer to the user
Regression brought by 7c312f84ea (April 2017)

CVE-2017-1000099

Bug: https://curl.haxx.se/docs/adv_20170809C.html

Credit to OSS-Fuzz for the discovery
2017-08-07 09:24:30 +02:00
Daniel Stenberg
fa48987356
easy_events: make event data static
First: this function is only used in debug-builds and not in
release/real builds. It is used to drive tests using the event-based
API.

A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the
CURLMOPT_TIMERFUNCTION calback can in fact be called even after this
funtion returns, namely when curl_multi_remove_handle() is called.

Reported-by: Brian Carpenter
2017-08-06 23:42:50 +02:00
Isaac Boukris
0b11660234
gssapi: fix memory leak of output token in multi round context
When multiple rounds are needed to establish a security context
(usually ntlm), we overwrite old token with a new one without free.
Found by proposed gss tests using stub a gss implementation (by
valgrind error), though I have confirmed the leak with a real
gssapi implementation as well.

Closes https://github.com/curl/curl/pull/1733
2017-08-05 00:23:24 +02:00
Marcel Raad
61046e7bd5
darwinssl: fix compiler warning
clang complains:
vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive
[-Werror,-Wextra-tokens]

This breaks the darwinssl build on Travis. Fix it by making this token
a comment.

Closes https://github.com/curl/curl/pull/1734
2017-08-05 00:11:01 +02:00
Daniel Stenberg
2ccd65af3b FTP: skip unnecessary CWD when in nocwd mode
... when reusing a connection. If it didn't do any CWD previously.

Fixes #1718
2017-08-04 10:01:23 +02:00
Daniel Stenberg
af271ce9b9 darwin: silence compiler warnings
With a clang pragma and three type fixes

Fixes #1722
2017-08-04 00:07:02 +02:00
Daniel Stenberg
fa2f134cbd darwinssl: fix curlssl_sha256sum() compiler warnings on first argument 2017-08-03 10:24:06 +02:00
Gisle Vanem
a8e1c2e466 netrc: skip lines starting with '#'
Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html
2017-08-03 10:04:16 +02:00
Marcel Raad
866e02935d
CMake: set MSVC warning level to 4
The MSVC warning level defaults to 3 in CMake. Change it to 4, which is
consistent with the Visual Studio and NMake builds. Disable level 4
warning C4127 for the library and additionally C4306 for the test
servers to get a clean CURL_WERROR build as that warning is raised in
some macros in older Visual Studio versions.

Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794
Closes https://github.com/curl/curl/pull/1711
2017-08-03 08:39:23 +02:00
Marcel Raad
0139545607
curl_threads: fix MSVC compiler warning
Use LongToHandle to convert from long to HANDLE in the Win32
implementation.
This should fix the following warning when compiling with
MSVC 11 (2012) in 64-bit mode:
lib\curl_threads.c(113): warning C4306:
'type cast' : conversion from 'long' to 'HANDLE' of greater size

Closes https://github.com/curl/curl/pull/1717
2017-08-01 17:22:30 +02:00
Brad Spencer
164a09368d multi: fix request timer management
There are some bugs in how timers are managed for a single easy handle
that causes the wrong "next timeout" value to be reported to the
application when a new minimum needs to be recomputed and that new
minimum should be an existing timer that isn't currently set for the
easy handle.  When the application drives a set of easy handles via the
`curl_multi_socket_action()` API (for example), it gets told to wait the
wrong amount of time before the next call, which causes requests to
linger for a long time (or, it is my guess, possibly forever).

Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html
2017-08-01 13:39:38 +02:00
Jay Satiro
53d137d94a curl_setup: Define CURL_NO_OLDIES for building libcurl
.. to catch accidental use of deprecated error codes.

Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237
2017-08-01 02:56:48 -04:00
Daniel Stenberg
909283ae5a http: fix response code parser to avoid integer overflow
test 1429 and 1433 were updated to work with the stricter HTTP status line
parser.

Closes #1714
Reported-by: Brian Carpenter
2017-07-31 18:37:43 +02:00
Dwarakanath Yadavalli
512f8c774a libcurl: Stop using error codes defined under CURL_NO_OLDIES
Fixes https://github.com/curl/curl/issues/1688
Closes https://github.com/curl/curl/pull/1712
2017-07-31 02:59:05 -04:00
Jay Satiro
f8614af527 splay: fix signed/unsigned mismatch warning
Follow-up to 4dee50b.

Ref: https://github.com/curl/curl/pull/1693
2017-07-29 01:13:42 -04:00
Johannes Schindelin
1cfa4cd427 curl_rtmp: fix a compiler warning
The headers of librtmp declare the socket as `int`, and on Windows, that
disagrees with curl_socket_t.

Bug: #1652

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-07-28 16:41:29 +02:00
Daniel Stenberg
4dee50b9c8 timeval: struct curltime is a struct timeval replacement
... to make all libcurl internals able to use the same data types for
the struct members. The timeval struct differs subtly on several
platforms so it makes it cumbersome to use everywhere.

Ref: #1652
Closes #1693
2017-07-28 15:51:25 +02:00
Daniel Stenberg
7551e55d66 darwinssl: fix variable type mistake (regression)
... which made --tlsv1.2 not work because it would blank the max tls
version variable.

Reported-by: Nick Miyake
Bug: #1703
2017-07-27 18:30:11 +02:00
Daniel Stenberg
02c7a2ccab multi: mention integer overflow risk if using > 500 million sockets
Reported-by: ovidiu-benea@users.noreply.github.com

Closes #1675
Closes #1683
2017-07-27 01:13:47 +02:00
Daniel Stenberg
60cf84f7f2 checksrc: escape open brace in regex
... to silence warning.
2017-07-27 01:13:19 +02:00