Daniel Stenberg
02c6b984cb
urlapi: fix use-after-free bug
...
Follow-up from 2c20109a9b
Added test 663 to verify.
Reported by OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/17954
Closes #4453
2019-10-03 22:54:26 +02:00
Paul Dreik
13ecc0725f
cookie: avoid harmless use after free
...
This fix removes a use after free which can be triggered by
the internal cookie fuzzer, but otherwise is probably
impossible to trigger from an ordinary application.
The following program reproduces it:
curl_global_init(CURL_GLOBAL_DEFAULT);
CURL* handle=curl_easy_init();
CookieInfo* info=Curl_cookie_init(handle,NULL,NULL,false);
curl_easy_setopt(handle, CURLOPT_COOKIEJAR, "/dev/null");
Curl_flush_cookies(handle, true);
Curl_cookie_cleanup(info);
curl_easy_cleanup(handle);
curl_global_cleanup();
This was found through fuzzing.
Closes #4454
2019-10-03 15:43:50 +02:00
Denis Chaplygin
0b386392d6
docs: add note on failed handles not being counted by curl_multi_perform
...
Closes #4446
2019-10-03 14:36:03 +02:00
Daniel Stenberg
683102e0a0
CURLMOPT_MAX_CONCURRENT_STREAMS.3: fix SEE ALSO typo
2019-10-03 14:16:10 +02:00
Niall
0f48055c40
ESNI: initial build/setup
...
Closes #4011
2019-10-02 12:33:08 +02:00
Daniel Stenberg
475324b272
RELEASE-NOTES: synced
2019-10-02 08:04:07 +02:00
Daniel Stenberg
c6f250c4d6
redirect: when following redirects to an absolute URL, URL encode it
...
... to make it handle for example (RFC violating) embeded spaces.
Reported-by: momala454 on github
Fixes #4445
Closes #4447
2019-10-02 07:53:32 +02:00
Daniel Stenberg
2c20109a9b
urlapi: fix URL encoding when setting a full URL
2019-10-02 07:53:17 +02:00
Daniel Stenberg
54c622aa8e
tool_operate: rename functions to make more sense
2019-10-02 07:50:38 +02:00
Daniel Stenberg
e59371a493
curl: create easy handles on-demand and not ahead of time
...
This should again enable crazy-large download ranges of the style
[1-10000000] that otherwise easily ran out of memory starting in 7.66.0
when this new handle allocating scheme was introduced.
Reported-by: Peter Sumatra
Fixes #4393
Closes #4438
2019-10-02 07:50:32 +02:00
Kunal Ekawde
c124e6b3c0
CURLMOPT_MAX_CONCURRENT_STREAMS: new setopt
...
Closes #4410
2019-10-02 07:47:48 +02:00
Daniel Stenberg
f0f053fed0
chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING error
...
Unknown content-encoding would get returned as CURLE_WRITE_ERROR if the
response is chunked-encoded.
Reported-by: Ilya Kosarev
Fixes #4310
Closes #4449
2019-10-02 07:46:05 +02:00
Marcel Raad
ac830139da
checksrc: fix uninitialized variable warning
...
The loop doesn't need to be executed without a file argument.
Closes https://github.com/curl/curl/pull/4444
2019-10-01 10:47:45 +02:00
Marcel Raad
0f62c9af8b
urlapi: fix unused variable warning
...
`dest` is only used with `ENABLE_IPV6`.
Closes https://github.com/curl/curl/pull/4444
2019-10-01 10:47:41 +02:00
Marcel Raad
69d95b6d4c
lib: silence conversion warnings
...
Closes https://github.com/curl/curl/pull/4444
2019-10-01 10:47:37 +02:00
Marcel Raad
68b0aac2f8
AppVeyor: add 32-bit MinGW-w64 build
...
With WinSSL and testing enabled so that it would have detected most of
the warnings fixed in [0] and [1].
[0] https://github.com/curl/curl/pull/4398
[1] https://github.com/curl/curl/pull/4415
Closes https://github.com/curl/curl/pull/4433
2019-09-30 22:59:44 +02:00
Marcel Raad
79ea0c765b
AppVeyor: remove MSYS2_ARG_CONV_EXCL for winbuild
...
It's only used for MSYS2 with MinGW.
Closes
2019-09-30 22:57:10 +02:00
Emil Engler
b59c1e6550
git: add tests/server/disabled to .gitignore
...
Closes #4441
2019-09-30 18:01:05 +02:00
Daniel Stenberg
c24cf6c64c
altsvc: accept quoted ma and persist values
...
As mandated by the spec. Test 1654 is extended to verify.
Closes #4443
2019-09-30 16:35:12 +02:00
Daniel Stenberg
666a22675d
mailmap: a Lucas fix
2019-09-30 11:42:32 +02:00
lucas
19338e9721
quiche: update HTTP/3 config creation to new API
2019-09-29 22:40:58 +01:00
Daniel Stenberg
1c134e9cf4
BINDINGS: PureBasic, Net::Curl for perl and Nim
2019-09-29 22:39:31 +02:00
Daniel Stenberg
29a51e1538
BINDINGS: Kapito is an Erlang library, basically a binding
2019-09-29 11:57:24 +02:00
Daniel Stenberg
962ad8c5ba
BINDINGS: added clj-curl
...
Reported-by: Lucas Severo
2019-09-29 11:38:19 +02:00
Jay Satiro
00b65e3779
docs: disambiguate CURLUPART_HOST is for host name (ie no port)
...
Closes #4424
2019-09-28 18:13:33 +02:00
Daniel Stenberg
d0a7ee3f61
cookies: using a share with cookies shouldn't enable the cookie engine
...
The 'share object' only sets the storage area for cookies. The "cookie
engine" still needs to be enabled or activated using the normal cookie
options.
This caused the curl command line tool to accidentally use cookies
without having been told to, since curl switched to using shared cookies
in 7.66.0.
Test 1166 verifies
Updated test 506
Fixes #4429
Closes #4434
2019-09-28 18:10:43 +02:00
Daniel Stenberg
ed73509157
setopt: handle ALTSVC set to NULL
2019-09-27 16:26:50 +02:00
Daniel Stenberg
ee4cfd35a5
RELEASE-NOTES: synced
2019-09-27 13:56:08 +02:00
grdowns
922dcba613
INSTALL: add vcpkg installation instructions
...
Closes #4435
2019-09-27 13:44:40 +02:00
Zenju
a167ab6a1e
FTP: add test for FTPFILE_NOCWD: Avoid redundant CWDs
...
Add libtest 661
Closes #4417
2019-09-27 08:32:32 +02:00
Zenju
500fb0e4cb
FTP: url-decode path before evaluation
...
Closes #4428
2019-09-27 08:29:54 +02:00
Marcel Raad
73089bf7f3
tests: fix narrowing conversion warnings
...
`timediff_t` is 64 bits wide also on 32-bit systems since
commit b1616dad8f
.
Closes https://github.com/curl/curl/pull/4415
2019-09-27 08:28:10 +02:00
julian
c7e6b71e5a
vtls: Fix comment typo about macosx-version-min compiler flag
...
Closes https://github.com/curl/curl/pull/4425
2019-09-27 01:46:49 -04:00
Yechiel Kalmenson
e32488f578
README: minor grammar fix
...
Closes #4431
2019-09-26 23:28:10 +02:00
Spezifant
5f0b55ef22
HTTP3: fix prefix parameter for ngtcp2 build
...
Closes #4430
2019-09-26 23:26:25 +02:00
Daniel Stenberg
b6532b809f
quiche: don't close connection at end of stream!
2019-09-26 16:06:11 +02:00
Daniel Stenberg
2377465901
quiche: set 'drain' when returning without having drained the queues
2019-09-26 15:45:58 +02:00
Daniel Stenberg
ea7744a07e
Revert "FTP: url-decode path before evaluation"
...
This reverts commit 2f036a72d5
.
2019-09-26 14:53:19 +02:00
Daniel Stenberg
0ccdec339d
HTTP3: merged and simplified the two 'running' sections
2019-09-26 14:17:09 +02:00
Daniel Stenberg
8bdff35287
HTTP3: show an --alt-svc using example too
2019-09-26 14:12:16 +02:00
Zenju
2f036a72d5
FTP: url-decode path before evaluation
...
Closes #4423
2019-09-26 13:57:44 +02:00
Daniel Stenberg
0ab38f5fd6
openssl: use strerror on SSL_ERROR_SYSCALL
...
Instead of showing the somewhat nonsensical errno number, use strerror()
to provide a more relatable error message.
Closes #4411
2019-09-26 13:55:18 +02:00
Daniel Stenberg
2078e7701b
HTTP3: update quic.aiortc.org + add link to server list
...
Reported-by: Jeremy Lainé
2019-09-26 13:18:17 +02:00
Jay Satiro
cded993700
url: don't set appconnect time for non-ssl/non-ssh connections
...
Prior to this change non-ssl/non-ssh connections that were reused set
TIMER_APPCONNECT [1]. Arguably that was incorrect since no SSL/SSH
handshake took place.
[1]: TIMER_APPCONNECT is publicly known as CURLINFO_APPCONNECT_TIME in
libcurl and %{time_appconnect} in the curl tool. It is documented as
"the time until the SSL/SSH handshake is completed".
Reported-by: Marcel Hernandez
Ref: https://github.com/curl/curl/issues/3760
Closes https://github.com/curl/curl/pull/3773
2019-09-26 03:04:26 -04:00
Daniel Stenberg
217812fa9e
ngtcp2: remove fprintf() calls
...
- convert some of them to H3BUF() calls to infof()
- remove some of them completely
- made DEBUG_HTTP3 defined only if CURLDEBUG is set for now
Closes #4421
2019-09-25 23:28:58 +02:00
Jay Satiro
af3ced3b9c
url: fix the NULL hostname compiler warning case
...
Closes #4403
2019-09-25 14:35:02 +02:00
Jay Satiro
7c7dac4dbb
travis: move the go install to linux-only
...
... to repair the build again
Closes #4403
2019-09-25 14:34:31 +02:00
Daniel Stenberg
218a62a6ce
altsvc: correct the #ifdef for the ngtcp2 backend
2019-09-25 12:13:43 +02:00
Daniel Stenberg
a4c6520991
altsvc: save h3 as h3-23
...
Follow-up to d176a2c7e5
2019-09-25 12:06:55 +02:00
Daniel Stenberg
6e7733f788
urlapi: question mark within fragment is still fragment
...
The parser would check for a query part before fragment, which caused it
to do wrong when the fragment contains a question mark.
Extended test 1560 to verify.
Reported-by: Alex Konev
Fixes #4412
Closes #4413
2019-09-24 23:30:43 +02:00