1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 16:18:48 -05:00
Commit Graph

22513 Commits

Author SHA1 Message Date
Patrick Monnerat
eb04636d68 ftpserver: properly reset $ftptargetdir. 2017-10-08 19:29:44 +01:00
Patrick Monnerat
70c3ed48ac test643: verify curl_mime_subparts() rejects cyclic additions. 2017-10-08 19:05:59 +01:00
Patrick Monnerat
ebcbed3821 mime: refuse to add subparts to one of their own descendants.
Reported-by: Alexey Melnichuk
Fixes #1962
2017-10-08 18:49:52 +01:00
Patrick Monnerat
112ea5adb6 mime: avoid resetting a part's encoder when part's contents change. 2017-10-08 18:43:13 +01:00
Patrick Monnerat
b557182db1 mime: improve unbinding top multipart from easy handle.
Also avoid dangling pointers in referencing parts.
2017-10-08 18:38:34 +01:00
Daniel Stenberg
dd97fd3bb3
RELEASE-NOTES: synced with a4c1c75da3 2017-10-08 17:29:37 +02:00
Daniel Stenberg
a4c1c75da3
curlver.h: next expected release is 7.57.0 2017-10-08 17:28:07 +02:00
Patrick Monnerat
93e62adde8 mime: be tolerant about setting twice the same header list in a part. 2017-10-08 16:20:13 +01:00
Patrick Monnerat
14d6e207d3 docs: clarify form/mime usage of non-regular data files. 2017-10-08 16:15:23 +01:00
Daniel Stenberg
b2df2d47e5
Revert "multi_done: wait for name resolve to finish if still ongoing"
This reverts commit f3e03f6c0a.

Caused memory leaks in the fuzzer, needs to be done differently.

Disable test 1553 for now too, as it causes memory leaks without this
commit!
2017-10-08 00:55:10 +02:00
Daniel Stenberg
1e552535e1
remove_handle: call multi_done() first, then clear dns cache pointer
Closes #1960
2017-10-07 23:54:33 +02:00
Daniel Stenberg
f3e03f6c0a
multi_done: wait for name resolve to finish if still ongoing
... as we must clean up memory.
2017-10-07 17:54:41 +02:00
Daniel Stenberg
5b54df06d2
pingpong: return error when trying to send without connection
When imap_done() got called before a connection is setup, it would try
to "finish up" and dereffed a NULL pointer.

Test case 1553 managed to reproduce. I had to actually use a host name
to try to resolve to slow it down, as using the normal local server IP
will make libcurl get a connection in the first curl_multi_perform()
loop and then the bug doesn't trigger.

Fixes #1953
Assisted-by: Max Dymond
2017-10-07 00:20:31 +02:00
Dan Fandrich
0af5ac27c3 tests: added flaky keyword to tests 587 and 644
These are around 5% flaky in my Linux x86 autobuilds.
2017-10-06 23:04:40 +02:00
Marcel Raad
202189ff2c
vtls: fix warnings with --disable-crypto-auth
When CURL_DISABLE_CRYPTO_AUTH is defined, Curl_none_md5sum's parameters
are not used.
2017-10-06 19:01:19 +02:00
Daniel Stenberg
7f1140c8bf
multi_cleanup: call DONE on handles that never got that
... fixes a memory leak with at least IMAP when remove_handle is never
called and the transfer is abruptly just abandoned early.

Test 1552 added to verify

Detected by OSS-fuzz
Assisted-by: Max Dymond
Closes #1954
2017-10-06 16:48:39 +02:00
Benbuck Nason
454dae0092
strtoofft: Remove extraneous null check
Fixes #1950: curlx_strtoofft() doesn't fully protect against null 'str'
argument.

Closes #1952
2017-10-06 14:49:28 +02:00
Daniel Stenberg
2dcc378381
openssl: fix build without HAVE_OPAQUE_EVP_PKEY
Reported-by: Javier Sixto
Fixes #1955
Closes #1956
2017-10-06 14:42:40 +02:00
Viktor Szakats
24bba40456 lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSS
The source code is now prepared to handle the case when both
Win32 Crypto and OpenSSL/NSS crypto backends are enabled
at the same time, making it now possible to enable `USE_WIN32_CRYPTO`
whenever the targeted Windows version supports it. Since this
matches the minimum Windows version supported by curl
(Windows 2000), enable it unconditionally for the Win32 platform.

This in turn enables SMB (and SMBS) protocol support whenever
Win32 Crypto is available, regardless of what other crypto backends
are enabled.

Ref: https://github.com/curl/curl/pull/1840#issuecomment-325682052

Closes https://github.com/curl/curl/pull/1943
2017-10-06 07:37:42 +00:00
Daniel Stenberg
7bc5308db3
build: fix --disable-crypto-auth
Reported-by: Wyatt O'Day
Fixes #1945
Closes #1947
2017-10-05 14:06:23 +02:00
Nick Zitzmann
3e492e03b3 darwinssl: add support for TLSv1.3
Closes https://github.com/curl/curl/pull/1794
2017-10-05 00:51:38 -04:00
Felix Kaiser
2592241d63
docs: fix typo in curl_mime_data_cb man page
Closes #1946
2017-10-04 23:56:22 +02:00
Viktor Szakats
aaa16f8025 lib/Makefile.m32: allow customizing dll suffixes
- New `CURL_DLL_SUFFIX` envvar will add a suffix to the generated
  libcurl dll name. Useful to add `-x64` to 64-bit builds so that
  it can live in the same directory as the 32-bit one. By default
  this is empty.

- New `CURL_DLL_A_SUFFIX` envvar to customize the suffix of the
  generated import library (implib) for libcurl .dll. It defaults
  to `dll`, and it's useful to modify that to `.dll` to have the
  standard naming scheme for mingw-built .dlls, i.e. `libcurl.dll.a`.

Closes https://github.com/curl/curl/pull/1942
2017-10-04 15:57:19 +00:00
Max Dymond
4f38db1d28
fuzzer: move to using external curl-fuzzer
Use the external curl-fuzzer repository for fuzzing.

Closes #1923
2017-10-04 15:33:36 +02:00
Daniel Stenberg
120d963a64
failf: skip the sprintf() if there are no consumers
Closes #1936
2017-10-04 14:48:06 +02:00
Daniel Stenberg
a69a4d222d
ftp: UBsan fixup 'pointer index expression overflowed'
Closes #1939
2017-10-04 14:47:09 +02:00
Daniel Stenberg
031c367531
RELEASE-PROCEDURE: update the release schedule 2017-10-04 09:03:04 +02:00
Daniel Stenberg
3ea7679057
RELEASE-NOTES: curl 7.56.0 2017-10-04 07:52:15 +02:00
Daniel Stenberg
6119ce0802
THANKS: added new 7.56.0 contributors 2017-10-04 07:52:15 +02:00
Jay Satiro
e702df7a84 build-openssl.bat: Warn OpenSSL 1.1.0 not yet supported
Ref: https://github.com/curl/curl/issues/1002
2017-10-04 01:04:43 -04:00
Michael Kaufmann
5f1fa5827d idn: fix source code comment 2017-10-03 18:46:50 +02:00
Michael Kaufmann
9d3dde37a8 vtls: compare and clone ssl configs properly
Compare these settings in Curl_ssl_config_matches():
- verifystatus (CURLOPT_SSL_VERIFYSTATUS)
- random_file (CURLOPT_RANDOM_FILE)
- egdsocket (CURLOPT_EGDSOCKET)

Also copy the setting "verifystatus" in Curl_clone_primary_ssl_config(),
and copy the setting "sessionid" unconditionally.

This means that reusing connections that are secured with a client
certificate is now possible, and the statement "TLS session resumption
is disabled when a client certificate is used" in the old advisory at
https://curl.haxx.se/docs/adv_20170419.html is obsolete.

Reviewed-by: Daniel Stenberg

Closes #1917
2017-10-03 18:08:50 +02:00
Michael Kaufmann
c4ebd8b46d proxy: read the "no_proxy" variable only if necessary
Reviewed-by: Daniel Stenberg

Closes #1919
2017-10-03 18:04:42 +02:00
Patrick Monnerat
ff6774ea6a libcurl-tutorial: add casts in example to avoid compilation warnings. 2017-10-03 11:03:46 +01:00
Daniel Stenberg
c3e58d93de
examples: bring back curl_formadd-using examples
... now with a -formadd suffix. While the new mime API is introduced in
7.56.0 we must acknowledge that lots of users can't upgrade their curl
versions immediately.
2017-10-03 07:59:55 +02:00
Daniel Stenberg
2322891330
test1153: verify quoted double-qoutes in PWD response 2017-10-02 07:50:18 +02:00
Daniel Stenberg
5ff2c5ff25
FTP: zero terminate the entry path even on bad input
... a single double quote could leave the entry path buffer without a zero
terminating byte. CVE-2017-1000254

Test 1152 added to verify.

Reported-by: Max Dymond
Bug: https://curl.haxx.se/docs/adv_20171004.html
2017-10-02 07:50:17 +02:00
Sergei Nikulov
440dbcb06e cmake: disable tests and man generation if perl/nroff not found
Fixes https://github.com/curl/curl/issues/1500
Reported-by: Jay Satiro

Fixes https://github.com/curl/curl/pull/1662
Assisted-by: Tom Seddon
Assisted-by: dpull@users.noreply.github.com
Assisted-by: elelel@users.noreply.github.com

Closes https://github.com/curl/curl/pull/1924
2017-10-02 01:32:36 -04:00
Patrick Monnerat
753a5da906 libcurl-tutorial: fix two typos. 2017-10-02 00:12:55 +01:00
Patrick Monnerat
3ac14ab39a TODO: remove deprecated form API items. 2017-10-01 18:42:52 +01:00
Patrick Monnerat
525251398f libcurl-tutorial: describe MIME API and deprecate form API.
Include a guide to form/mime API conversion.
2017-10-01 18:31:52 +01:00
Daniel Stenberg
8392a0cf61
cookie: fix memory leak if path was set twice in header
... this will let the second occurance override the first.

Added test 1161 to verify.

Reported-by: Max Dymond
Fixes #1932
Closes #1933
2017-09-30 23:40:50 +02:00
Dan Fandrich
cecffff561 test650: Use variable replacement to set the host address and port
Otherwise, the test fails when the -b test option is used to set a
different test port range.
2017-09-30 02:10:54 +02:00
Dan Fandrich
df7839b68c Set and use more necessary options when some protocols are disabled
When curl and libcurl are built with some protocols disabled, they stop
setting and receiving some options that don't make sense with those
protocols.  In particular, when HTTP is disabled many options aren't set
that are used only by HTTP.  However, some options that appear to be
HTTP-only are actually used by other protocols as well (some despite
having HTTP in the name) and should be set, but weren't. This change now
causes some of these options to be set and used for more (or for all)
protocols. In particular, this fixes tests 646 through 649 in an
HTTP-disabled build, which use the MIME API in the mail protocols.
2017-09-30 02:10:54 +02:00
Daniel Stenberg
a352e21c0b
test1160: verifies cookie leak for large cookies
The fix done in 20ea22ff73
2017-09-29 12:06:57 +02:00
Daniel Stenberg
20ea22ff73
cookie: fix memory leak on oversized rejection
Regression brought by 2bc230de63

Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3513
Assisted-by: Max Dymond

Closes #1930
2017-09-29 12:06:34 +02:00
Anders Bakken
49d75a4c15
connect: fix race condition with happy eyeballs timeout
The timer should be started after conn->connecttime is set. Otherwise
the timer could expire without this condition being true:

    /* should we try another protocol family? */
    if(i == 0 && conn->tempaddr[1] == NULL &&
      curlx_tvdiff(now, conn->connecttime) >= HAPPY_EYEBALLS_TIMEOUT) {

Ref: #1928
2017-09-29 08:51:59 +02:00
Michael Kaufmann
c66d94d6da docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS
Closes #1922
2017-09-28 21:32:20 +02:00
Michael Kaufmann
46d63bbbe8 docs: clarify the use of environment variables for proxy
Closes #1921
2017-09-28 21:29:39 +02:00
Michael Kaufmann
eac324f284 http: add custom empty headers to repeated requests
Closes #1920
2017-09-28 21:25:22 +02:00