1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Commit Graph

9640 Commits

Author SHA1 Message Date
Daniel Stenberg
fa939220df
url: reject ASCII control characters and space in host names
Host names like "127.0.0.1 moo" would otherwise be accepted by some
getaddrinfo() implementations.

Updated test 1034 and 1035 accordingly.

Fixes #2073
Closes #2092
2017-11-22 11:14:06 +01:00
Daniel Stenberg
9554c3c6e5
Curl_open: fix OOM return error correctly
Closes #2098
2017-11-21 09:02:50 +01:00
Daniel Stenberg
9474a5fe11
http2: fix "Value stored to 'end' is never read" scan-build error 2017-11-21 09:02:41 +01:00
Daniel Stenberg
786992c801
http2: fix "Value stored to 'hdbuf' is never read" scan-build error 2017-11-21 09:02:41 +01:00
Daniel Stenberg
3d97e37441
openssl: fix "Value stored to 'rc' is never read" scan-build error 2017-11-21 09:02:40 +01:00
Daniel Stenberg
cd79b53191
mime: fix "Value stored to 'sz' is never read" scan-build error 2017-11-21 09:02:40 +01:00
Daniel Stenberg
cec0734b4c
Curl_llist_remove: fix potential NULL pointer deref
Fixes a scan-build warning.
2017-11-21 09:02:40 +01:00
Daniel Stenberg
46e852ce26
ntlm: remove unnecessary NULL-check to please scan-build 2017-11-21 09:02:40 +01:00
Daniel Stenberg
715f1f53e0
resolve: allow IP address within [] brackets
... so that IPv6 addresses can be passed like they can for connect-to
and how they're used in URLs.

Added test 1324 to verify
Reported-by: Alex Malinovich

Fixes #2087
Closes #2091
2017-11-17 15:26:08 +01:00
Pavol Markovic
6ce9845677
macOS: Fix missing connectx function with Xcode version older than 9.0
The previous fix https://github.com/curl/curl/pull/1788 worked just for
Xcode 9. This commit extends the fix to older Xcode versions effectively
by not using connectx function.

Fixes https://github.com/curl/curl/issues/1330
Fixes https://github.com/curl/curl/issues/2080
Closes https://github.com/curl/curl/pull/1336
Closes #2082
2017-11-15 11:10:51 +01:00
Dirk Feytons
d3ab7c5a21
openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY
Fixes #2079
Closes #2081
2017-11-15 11:09:21 +01:00
Michael Kaufmann
ae7369b6d0 URL: return error on malformed URLs with junk after IPv6 bracket
Follow-up to aadb7c7. Verified by new test 1263.

Closes #2072
2017-11-14 18:20:56 +01:00
Patrick Monnerat
def2ca2628 zlib/brotli: only include header files in modules needing them
There is a conflict on symbol 'free_func' between openssl/crypto.h and
zlib.h on AIX. This is an attempt to resolve it.

Bug: https://curl.haxx.se/mail/lib-2017-11/0032.html
Reported-By: Michael Felt
2017-11-13 14:20:41 +01:00
Daniel Stenberg
fa1512b2a0
SMB: fix uninitialized local variable
Reported-by: Brian Carpenter
2017-11-13 08:27:36 +01:00
Orgad Shaneh
9f78b05443
connect.c: remove executable bit on file
Closes #2071
2017-11-12 10:51:46 +01:00
Daniel Stenberg
aa7668b948
setopt: split out curl_easy_setopt() to its own file
... to make url.c smaller.

Closes #1944
2017-11-10 23:08:20 +01:00
Daniel Stenberg
3619ee5feb
curl_share_setopt: va_end was not called if conncache errors
CID 984459, detected by Coverity
2017-11-10 15:02:11 +01:00
Luca Boccassi
32828cc4fb
--interface: add support for Linux VRF
The --interface command (CURLOPT_INTERFACE option) already uses
SO_BINDTODEVICE on Linux, but it tries to parse it as an interface or IP
address first, which fails in case the user passes a VRF.

Try to use the socket option immediately and parse it as a fallback
instead.  Update the documentation to mention this feature, and that it
requires the binary to be ran by root or with CAP_NET_RAW capabilities
for this to work.

Closes #2024
2017-11-09 13:20:11 +01:00
Daniel Stenberg
67c55a26d5
share: add support for sharing the connection cache 2017-11-09 11:07:44 +01:00
Daniel Stenberg
e871ab56ed
imap: deal with commands case insensitively
As documented in RFC 3501 section 9:
https://tools.ietf.org/html/rfc3501#section-9

Closes #2061
2017-11-09 10:36:47 +01:00
Daniel Stenberg
6b12beb25a
connect: store IPv6 connection status after valid connection
... previously it would store it already in the happy eyeballs stage
which could lead to the IPv6 bit being set for an IPv4 connection,
leading to curl not wanting to do EPSV=>PASV for FTP transfers.

Closes #2053
2017-11-09 07:59:04 +01:00
Jay Satiro
fa64b0fc4b content_encoding: fix inflate_stream for no bytes available
- Don't call zlib's inflate() when avail_in stream bytes is 0.

This is a follow up to the parent commit 19e66e5. Prior to that change
libcurl's inflate_stream could call zlib's inflate even when no bytes
were available, causing inflate to return Z_BUF_ERROR, and then
inflate_stream would treat that as a hard error and return
CURLE_BAD_CONTENT_ENCODING.

According to the zlib FAQ, Z_BUF_ERROR is not fatal.

This bug would happen randomly since packet sizes are arbitrary. A test
of 10,000 transfers had 55 fail (ie 0.55%).

Ref: https://zlib.net/zlib_faq.html#faq05

Closes https://github.com/curl/curl/pull/2060
2017-11-09 01:36:50 -05:00
Patrick Monnerat
19e66e5362 content_encoding: do not write 0 length data 2017-11-07 02:38:34 +01:00
Daniel Stenberg
6e6bf60357
fnmatch: remove dead code
There was a duplicate check for backslashes in the setcharset()
function.

Coverity CID 1420611
2017-11-06 09:01:53 +01:00
Daniel Stenberg
cbb22cb76d
url: remove unncessary NULL-check
Since 'conn' won't be NULL in there and we also access the pointer in
there without the check.

Coverity CID 1420610
2017-11-06 08:23:11 +01:00
Viktor Szakats
cc1f443609 Makefile.m32: allow to customize brotli libs
It adds the ability to link against static brotli libs.

Also fix brotli include path.
2017-11-05 23:02:05 +00:00
Viktor Szakats
609aa62f53 Makefile.m32: add brotli support 2017-11-05 15:32:43 +01:00
Patrick Monnerat
11bf1796cd HTTP: implement Brotli content encoding
This uses the brotli external library (https://github.com/google/brotli).
Brotli becomes a feature: additional curl_version_info() bit and
structure fields are provided for it and CURLVERSION_NOW bumped.

Tests 314 and 315 check Brotli content unencoding with correct and
erroneous data.

Some tests are updated to accomodate with the now configuration dependent
parameters of the Accept-Encoding header.
2017-11-05 15:28:16 +01:00
Patrick Monnerat
dbcced8e32 HTTP: support multiple Content-Encodings
This is implemented as an output streaming stack of unencoders, the last
calling the client write procedure.

New test 230 checks this feature.

Bug: https://github.com/curl/curl/pull/2002
Reported-By: Daniel Bankhead
2017-11-05 15:09:48 +01:00
Jay Satiro
462f3cac34 url: remove arg value check from CURLOPT_SSH_AUTH_TYPES
Since CURLSSH_AUTH_ANY (aka CURLSSH_AUTH_DEFAULT) is ~0 an arg value
check on this option is incorrect; we have to accept any value.

Prior to this change since f121575 (7.56.1+) CURLOPT_SSH_AUTH_TYPES
erroneously rejected CURLSSH_AUTH_ANY with CURLE_BAD_FUNCTION_ARGUMENT.

Bug: https://github.com/curl/curl/commit/f121575#commitcomment-25347120
2017-11-04 18:36:07 -04:00
Daniel Stenberg
685ef13057 ntlm: avoid malloc(0) for zero length passwords
It triggers an assert() when built with memdebug since malloc(0) may
return NULL *or* a valid pointer.

Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4054

Assisted-by: Max Dymond
Closes #2054
2017-11-04 22:22:49 +01:00
Daniel Stenberg
921bf1de52 CURLOPT_INFILESIZE: accept -1
Regression since f121575

Reported-by: Petr Voytsik
Fixes #2047
2017-11-03 14:40:19 +01:00
Jay Satiro
b51e0742b9 url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
Prior to this change since f121575 (7.56.1+) CURLOPT_DNS_CACHE_TIMEOUT
erroneously rejected -1 with CURLE_BAD_FUNCTION_ARGUMENT.
2017-11-02 00:30:28 -04:00
Dan Fandrich
544bfdebea http2: Fixed OOM handling in upgrade request
This caused the torture tests on test 1800 to fail.
2017-11-01 14:37:01 +01:00
Daniel Stenberg
25cb41d35d CURLOPT_MAXREDIRS: allow -1 as a value
... which is valid according to documentation. Regression since
f121575c0b.

Verified now in test 501.

Reported-by: cbartl on github
Fixes #2038
Closes #2039
2017-11-01 11:56:19 +01:00
Daniel Stenberg
cda89c8b58 include: remove conncache.h inclusion from where its not needed 2017-11-01 10:06:32 +01:00
Jay Satiro
b8bd6dc110 url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1
.. also add same arg value check to CURLOPT_POSTFIELDSIZE_LARGE.

Prior to this change since f121575 (7.56.1+) CURLOPT_POSTFIELDSIZE
erroneously rejected -1 value with CURLE_BAD_FUNCTION_ARGUMENT.

Bug: https://curl.haxx.se/mail/lib-2017-11/0000.html
Reported-by: Andrew Lambert
2017-11-01 02:11:30 -04:00
Daniel Stenberg
fa394c8c2e cookie: avoid NULL dereference
... when expiring old cookies.

Reported-by: Pavel Gushchin
Fixes #2032
Closes #2035
2017-10-31 09:16:03 +01:00
Marcel Raad
52d9a11c1c
memdebug: use send/recv signature for curl_dosend/curl_dorecv
This avoids build errors and warnings caused by implicit casts.

Closes https://github.com/curl/curl/pull/2031
2017-10-30 21:27:59 +01:00
Daniel Stenberg
a7b99d58a8 curlx: the timeval functions are no longer provided as curlx_*
Pointed-out-by: Dmitri Tikhonov
Bug: #2034
2017-10-30 16:41:44 +01:00
Daniel Stenberg
f2003295a0 select: update comments
s/curlx_tvnow/Curl_now
2017-10-30 16:40:28 +01:00
Dmitri Tikhonov
d531f33ba2 timeval: use mach time on MacOS
If clock_gettime() is not supported, use mach_absolute_time() on MacOS.

closes #2033
2017-10-30 15:27:46 +01:00
Daniel Stenberg
7ee59512f8
timeleft: made two more users of Curl_timeleft use timediff_t 2017-10-29 13:13:23 +01:00
Jakub Zakrzewski
1cb4f5d6e8 cmake: Export libcurl and curl targets to use by other cmake projects
The config files define curl and libcurl targets as imported targets
CURL::curl and CURL::libcurl. For backward compatibility with CMake-
provided find-module the CURL_INCLUDE_DIRS and CURL_LIBRARIES are
also set.

Closes #1879
2017-10-28 17:22:47 +02:00
Florin
2b5b37cb91
auth: add support for RFC7616 - HTTP Digest access authentication
Signed-off-by: Florin <petriuc.florin@gmail.com>
2017-10-28 16:32:43 +02:00
Daniel Stenberg
0d85eed3df
Curl_timeleft: change return type to timediff_t
returning 'time_t' is problematic when that type is unsigned and we
return values less than zero to signal "already expired", used in
several places in the code.

Closes #2021
2017-10-28 10:40:51 +02:00
Daniel Stenberg
961c8667d2
setopt: fix CURLOPT_SSH_AUTH_TYPES option read
Regression since f121575c0b

Reported-by: Rob Cotrone
2017-10-27 22:57:51 +02:00
Marcel Raad
733190413f
resolvers: only include anything if needed
This avoids warnings about unused stuff.

Closes https://github.com/curl/curl/pull/2023
2017-10-27 13:20:13 +02:00
Daniel Stenberg
fe03485e93
curl_setup.h: oops, shorten the too long line 2017-10-27 11:12:45 +02:00
Martin Storsjo
9e76dbe054
curl_setup: Improve detection of CURL_WINDOWS_APP
If WINAPI_FAMILY is defined, it should be safe to try to include
winapifamily.h to check what the define evaluates to.

This should fix detection of CURL_WINDOWS_APP if building with
_WIN32_WINNT set to 0x0600.

Closes #2025
2017-10-27 11:02:42 +02:00