1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-24 17:18:48 -05:00
Commit Graph

24927 Commits

Author SHA1 Message Date
Zenju
500fb0e4cb
FTP: url-decode path before evaluation
Closes #4428
2019-09-27 08:29:54 +02:00
Marcel Raad
73089bf7f3
tests: fix narrowing conversion warnings
`timediff_t` is 64 bits wide also on 32-bit systems since
commit b1616dad8f.

Closes https://github.com/curl/curl/pull/4415
2019-09-27 08:28:10 +02:00
julian
c7e6b71e5a vtls: Fix comment typo about macosx-version-min compiler flag
Closes https://github.com/curl/curl/pull/4425
2019-09-27 01:46:49 -04:00
Yechiel Kalmenson
e32488f578
README: minor grammar fix
Closes #4431
2019-09-26 23:28:10 +02:00
Spezifant
5f0b55ef22
HTTP3: fix prefix parameter for ngtcp2 build
Closes #4430
2019-09-26 23:26:25 +02:00
Daniel Stenberg
b6532b809f
quiche: don't close connection at end of stream! 2019-09-26 16:06:11 +02:00
Daniel Stenberg
2377465901
quiche: set 'drain' when returning without having drained the queues 2019-09-26 15:45:58 +02:00
Daniel Stenberg
ea7744a07e
Revert "FTP: url-decode path before evaluation"
This reverts commit 2f036a72d5.
2019-09-26 14:53:19 +02:00
Daniel Stenberg
0ccdec339d
HTTP3: merged and simplified the two 'running' sections 2019-09-26 14:17:09 +02:00
Daniel Stenberg
8bdff35287
HTTP3: show an --alt-svc using example too 2019-09-26 14:12:16 +02:00
Zenju
2f036a72d5
FTP: url-decode path before evaluation
Closes #4423
2019-09-26 13:57:44 +02:00
Daniel Stenberg
0ab38f5fd6
openssl: use strerror on SSL_ERROR_SYSCALL
Instead of showing the somewhat nonsensical errno number, use strerror()
to provide a more relatable error message.

Closes #4411
2019-09-26 13:55:18 +02:00
Daniel Stenberg
2078e7701b
HTTP3: update quic.aiortc.org + add link to server list
Reported-by: Jeremy Lainé
2019-09-26 13:18:17 +02:00
Jay Satiro
cded993700 url: don't set appconnect time for non-ssl/non-ssh connections
Prior to this change non-ssl/non-ssh connections that were reused set
TIMER_APPCONNECT [1]. Arguably that was incorrect since no SSL/SSH
handshake took place.

[1]: TIMER_APPCONNECT is publicly known as CURLINFO_APPCONNECT_TIME in
libcurl and %{time_appconnect} in the curl tool. It is documented as
"the time until the SSL/SSH handshake is completed".

Reported-by: Marcel Hernandez

Ref: https://github.com/curl/curl/issues/3760

Closes https://github.com/curl/curl/pull/3773
2019-09-26 03:04:26 -04:00
Daniel Stenberg
217812fa9e
ngtcp2: remove fprintf() calls
- convert some of them to H3BUF() calls to infof()
- remove some of them completely
- made DEBUG_HTTP3 defined only if CURLDEBUG is set for now

Closes #4421
2019-09-25 23:28:58 +02:00
Jay Satiro
af3ced3b9c
url: fix the NULL hostname compiler warning case
Closes #4403
2019-09-25 14:35:02 +02:00
Jay Satiro
7c7dac4dbb
travis: move the go install to linux-only
... to repair the build again
Closes #4403
2019-09-25 14:34:31 +02:00
Daniel Stenberg
218a62a6ce
altsvc: correct the #ifdef for the ngtcp2 backend 2019-09-25 12:13:43 +02:00
Daniel Stenberg
a4c6520991
altsvc: save h3 as h3-23
Follow-up to d176a2c7e5
2019-09-25 12:06:55 +02:00
Daniel Stenberg
6e7733f788
urlapi: question mark within fragment is still fragment
The parser would check for a query part before fragment, which caused it
to do wrong when the fragment contains a question mark.

Extended test 1560 to verify.

Reported-by: Alex Konev
Fixes #4412
Closes #4413
2019-09-24 23:30:43 +02:00
Alex Samorukov
9e78e739a5
HTTP3.md: move -p for mkdir, remove -j for make
- mkdir on OSX/Darwin requires `-p` argument before dir

- portabbly figuring out number of cores is an exercise for somewhere
  else

Closes #4407
2019-09-24 14:17:04 +02:00
Patrick Monnerat
3e0a8e539c os400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr,
As libcurl now uses these 2 system functions, wrappers are needed on os400
to convert returned AF_UNIX sockaddrs to ascii.

This is a follow-up to commit 7fb54ef.
See also #4037.
Closes #4214
2019-09-24 13:39:22 +02:00
Lucas Pardue
4a778f75c5 strcase: fix raw lowercasing the letter X
Casing mistake in Curl_raw_tolower 'X' wasn't lowercased as 'x' prior to
this change.

Follow-up to 0023fce which added the function several days ago.

Ref: https://github.com/curl/curl/pull/4401#discussion_r327396546

Closes https://github.com/curl/curl/pull/4408
2019-09-24 01:31:37 -04:00
Daniel Stenberg
b259baabfe
http2: Expression 'stream->stream_id != - 1' is always true
PVS-Studio warning
Fixes #4402
2019-09-23 22:44:02 +02:00
Daniel Stenberg
f91b82e688
http2: A value is being subtracted from the unsigned variable
PVS-Studio warning
Fixes #4402
2019-09-23 22:44:02 +02:00
Daniel Stenberg
9aed993da0
libssh: part of conditional expression is always true: !result
PVS-Studio warning
Fixed #4402
2019-09-23 22:44:02 +02:00
Daniel Stenberg
b7e872ac17
libssh: part of conditional expression is always true
PVS-Studio warning
Fixes #4402
2019-09-23 22:44:01 +02:00
Daniel Stenberg
9221896768
libssh: The expression is excessive or contains a misprint
PVS-Studio warning
Fixes #4402
2019-09-23 22:44:01 +02:00
Daniel Stenberg
32fa043202
quiche: The expression must be surrounded by parentheses
PVS-Studio warning
Fixes #4402
2019-09-23 22:44:01 +02:00
Daniel Stenberg
89d972f24c
vauth: The parameter 'status' must be surrounded by parentheses
PVS-Studio warning
Fixes #4402
2019-09-23 22:44:01 +02:00
Paul Dreik
a5bf6a36c5
doh: allow only http and https in debug mode
Otherwise curl may be told to use for instance pop3 to
communicate with the doh server, which most likely
is not what you want.

Found through fuzzing.

Closes #4406
2019-09-23 22:38:23 +02:00
Paul Dreik
bb74201804
doh: return early if there is no time left
Closes #4406
2019-09-23 22:38:15 +02:00
Barry Pollard
0023fce38d
http: lowercase headernames for HTTP/2 and HTTP/3
Closes #4401
Fixes #4400
2019-09-23 22:33:31 +02:00
Marcel Raad
527461285f
vtls: fix narrowing conversion warnings
Curl_timeleft returns `timediff_t`, which is 64 bits wide also on
32-bit systems since commit b1616dad8f.

Closes https://github.com/curl/curl/pull/4398
2019-09-23 09:44:35 +02:00
Joel Depooter
96a3ab7bc8
winbuild: Add manifest to curl.exe for proper OS version detection
This is a small fix to commit ebd213270a
in pull request #1221. That commit added the CURL_EMBED_MANIFEST flag to
CURL_RC_FLAGS. However, later in the file CURL_RC_FLAGS is
overwritten. The fix is to append values to CURL_RC_FLAGS instead of
overwriting

Closes #4399
2019-09-23 09:15:00 +02:00
Daniel Stenberg
41db01a39f
RELEASE-NOTES: synced 2019-09-22 22:50:12 +02:00
Marcel Raad
367e4b3c4d
openssl: fix compiler warning with LibreSSL
It was already fixed for BoringSSL in commit a0f8fccb1e.
LibreSSL has had the second argument to SSL_CTX_set_min_proto_version
as uint16_t ever since the function was added in [0].

[0] 56f107201b

Closes https://github.com/curl/curl/pull/4397
2019-09-22 20:55:54 +02:00
Daniel Stenberg
f8a2058533
curl: exit the create_transfers loop on errors
When looping around the ranges and given URLs to create transfers, all
errors should exit the loop and return. Previously it would keep
looping.

Reported-by: SumatraPeter on github
Bug: #4393
Closes #4396
2019-09-22 12:27:58 +02:00
Jay Satiro
5ee88eee68 socks: Fix destination host shown on SOCKS5 error
Prior to this change when a server returned a socks5 connect error then
curl would parse the destination address:port from that data and show it
to the user as the destination:

curld -v --socks5 10.0.3.1:1080 http://google.com:99
* SOCKS5 communication to google.com:99
* SOCKS5 connect to IPv4 172.217.12.206 (locally resolved)
* Can't complete SOCKS5 connection to 253.127.0.0:26673. (1)
curl: (7) Can't complete SOCKS5 connection to 253.127.0.0:26673. (1)

That's incorrect because the address:port included in the connect error
is actually a bind address:port (typically unused) and not the
destination address:port. This fix changes curl to show the destination
information that curl sent to the server instead:

curld -v --socks5 10.0.3.1:1080 http://google.com:99
* SOCKS5 communication to google.com:99
* SOCKS5 connect to IPv4 172.217.7.14:99 (locally resolved)
* Can't complete SOCKS5 connection to 172.217.7.14:99. (1)
curl: (7) Can't complete SOCKS5 connection to 172.217.7.14:99. (1)

curld -v --socks5-hostname 10.0.3.1:1080 http://google.com:99
* SOCKS5 communication to google.com:99
* SOCKS5 connect to google.com:99 (remotely resolved)
* Can't complete SOCKS5 connection to google.com:99. (1)
curl: (7) Can't complete SOCKS5 connection to google.com:99. (1)

Ref: https://tools.ietf.org/html/rfc1928#section-6

Closes https://github.com/curl/curl/pull/4394
2019-09-21 23:45:02 -04:00
Daniel Stenberg
e09749dd43
travis: enable ngtcp2 h3-23 builds 2019-09-21 23:11:35 +02:00
Daniel Stenberg
d176a2c7e5
altsvc: both backends run h3-23 now
Closes #4395
2019-09-21 23:11:29 +02:00
Daniel Stenberg
fe514ad9ae
http: fix warning on conversion from int to bit
Follow-up from 03ebe66d70
2019-09-21 23:09:59 +02:00
Daniel Stenberg
03ebe66d70
urldata: use 'bool' for the bit type on MSVC compilers
Closes #4387
Fixes #4379
2019-09-21 23:05:41 +02:00
Daniel Stenberg
0b7d7abe20
appveyor: upgrade VS2017 to VS2019
Closes #4383
2019-09-21 23:04:48 +02:00
Zenju
36ff5e37b9
FTP: FTPFILE_NOCWD: avoid redundant CWDs
Closes #4382
2019-09-21 16:23:03 +02:00
Daniel Stenberg
0801343e27
cookie: pass in the correct cookie amount to qsort()
As the loop discards cookies without domain set. This bug would lead to
qsort() trying to sort uninitialized pointers. We have however not found
it a security problem.

Reported-by: Paul Dreik
Closes #4386
2019-09-21 16:07:52 +02:00
Paul Dreik
47066036a0
urlapi: avoid index underflow for short ipv6 hostnames
If the input hostname is "[", hlen will underflow to max of size_t when
it is subtracted with 2.

hostname[hlen] will then cause a warning by ubsanitizer:

runtime error: addition of unsigned offset to 0x<snip> overflowed to
0x<snip>

I think that in practice, the generated code will work, and the output
of hostname[hlen] will be the first character "[".

This can be demonstrated by the following program (tested in both clang
and gcc, with -O3)

int main() {
  char* hostname=strdup("[");
  size_t hlen = strlen(hostname);

  hlen-=2;
  hostname++;
  printf("character is %d\n",+hostname[hlen]);
  free(hostname-1);
}

I found this through fuzzing, and even if it seems harmless, the proper
thing is to return early with an error.

Closes #4389
2019-09-21 15:57:17 +02:00
Tatsuhiro Tsujikawa
63a8d2b172
ngtcp2: compile with latest ngtcp2 + nghttp3 draft-23
Closes #4392
2019-09-21 15:44:17 +02:00
Daniel Stenberg
698149e42c
THANKS-filter: deal with my typos 'Jat' => 'Jay' 2019-09-20 13:53:23 +02:00
Daniel Stenberg
52db0b89d0
travis: use go master
... as the boringssl builds needs a very recent version

Co-authored-by: Jat Satiro
Closes #4361
2019-09-20 13:50:35 +02:00