moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity
24,786 Commits 10 Branches 144 Tags 113 MiB
Commit Graph

24786 Commits

Author SHA1 Message Date
Daniel Stenberg fe514ad9ae
http: fix warning on conversion from int to bit 
Follow-up from 03ebe66d70
 2019-09-21 23:09:59 +02:00
Daniel Stenberg 03ebe66d70
urldata: use 'bool' for the bit type on MSVC compilers 
Closes #4387
Fixes #4379
 2019-09-21 23:05:41 +02:00
Daniel Stenberg 0b7d7abe20
appveyor: upgrade VS2017 to VS2019 
Closes #4383
 2019-09-21 23:04:48 +02:00
Zenju 36ff5e37b9
FTP: FTPFILE_NOCWD: avoid redundant CWDs 
Closes #4382
 2019-09-21 16:23:03 +02:00
Daniel Stenberg 0801343e27
cookie: pass in the correct cookie amount to qsort() 
As the loop discards cookies without domain set. This bug would lead to
qsort() trying to sort uninitialized pointers. We have however not found
it a security problem.

Reported-by: Paul Dreik
Closes #4386
 2019-09-21 16:07:52 +02:00
Paul Dreik 47066036a0
urlapi: avoid index underflow for short ipv6 hostnames 
If the input hostname is "[", hlen will underflow to max of size_t when
it is subtracted with 2.

hostname[hlen] will then cause a warning by ubsanitizer:

runtime error: addition of unsigned offset to 0x<snip> overflowed to
0x<snip>

I think that in practice, the generated code will work, and the output
of hostname[hlen] will be the first character "[".

This can be demonstrated by the following program (tested in both clang
and gcc, with -O3)

int main() {
  char* hostname=strdup("[");
  size_t hlen = strlen(hostname);

  hlen-=2;
  hostname++;
  printf("character is %d\n",+hostname[hlen]);
  free(hostname-1);
}

I found this through fuzzing, and even if it seems harmless, the proper
thing is to return early with an error.

Closes #4389
 2019-09-21 15:57:17 +02:00
Tatsuhiro Tsujikawa 63a8d2b172
ngtcp2: compile with latest ngtcp2 + nghttp3 draft-23 
Closes #4392
 2019-09-21 15:44:17 +02:00
Daniel Stenberg 698149e42c
THANKS-filter: deal with my typos 'Jat' => 'Jay' 2019-09-20 13:53:23 +02:00
Daniel Stenberg 52db0b89d0
travis: use go master 
... as the boringssl builds needs a very recent version

Co-authored-by: Jat Satiro
Closes #4361
 2019-09-20 13:50:35 +02:00
Daniel Stenberg a89aeb5451
tool_operate: removed unused variable 'done' 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:08:02 +02:00
Daniel Stenberg 2d5f76f22f
tool_operate: Expression 'config->resume_from' is always true 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:58 +02:00
Daniel Stenberg b5a69b7a35
tool_getparam: remove duplicate switch case 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:55 +02:00
Daniel Stenberg 7d5524500d
libssh2: part of conditional expression is always true: !result 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:52 +02:00
Daniel Stenberg 36fbb10071
urlapi: Expression 'storep' is always true 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:48 +02:00
Daniel Stenberg a6451487d4
urlapi: 'scheme' is always true 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:46 +02:00
Daniel Stenberg b10464399b
urlapi: part of conditional expression is always true: (relurl[0] == '/') 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:42 +02:00
Daniel Stenberg 8f593f6d3b
setopt: store CURLOPT_RTSP_SERVER_CSEQ correctly 
Fixes bug detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:35 +02:00
Daniel Stenberg 2ba62322a7
mime: make Curl_mime_duppart() assert if called without valid dst 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:31 +02:00
Daniel Stenberg cc95dbd64f
http_proxy: part of conditional expression is always true: !error 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:28 +02:00
Daniel Stenberg d0390a538a
imap: merged two case-branches performing the same action 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:25 +02:00
Daniel Stenberg 07c1af9226
multi: value '2L' is assigned to a boolean 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:21 +02:00
Daniel Stenberg 2e68e5a023
easy: part of conditional expression is always true: !result 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:20 +02:00
Daniel Stenberg 0b90ec9bbf
netrc: part of conditional expression is always true: !done 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:18 +02:00
Daniel Stenberg 317c97bd81
version: Expression 'left > 1' is always true 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:17 +02:00
Daniel Stenberg 389426e3d0
url: remove dead code 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:13 +02:00
Daniel Stenberg 3ab45650e2
url: part of expression is always true: (bundle->multiuse == 0) 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:11 +02:00
Daniel Stenberg e3c41ebd7c
ftp: the conditional expression is always true 
... both !result and (ftp->transfer != FTPTRANSFER_BODY)!

Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:06 +02:00
Daniel Stenberg 49f3117a23
ftp: Expression 'ftpc->wait_data_conn' is always false 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:03 +02:00
Daniel Stenberg a50c3d7fa0
ftp: Expression 'ftpc->wait_data_conn' is always true 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:07:00 +02:00
Daniel Stenberg 97c17e9fcb
ftp: part of conditional expression is always true: !result 
Fixes warning detected by PVS-Studio
Fixes #4374
 2019-09-20 08:06:58 +02:00
Daniel Stenberg 69ea985d4c
http: fix Expression 'http->postdata' is always false 
Fixes warning detected by PVS-Studio
Fixes #4374
Reported-by: Valerii Zapodovnikov
 2019-09-20 08:06:47 +02:00
Niall O'Reilly 0d59addff6
doh: avoid truncating DNS QTYPE to lower octet 
Closes #4381
 2019-09-19 22:50:38 +02:00
Jens Finkhaeuser 0a4ecbdf1c
urlapi: CURLU_NO_AUTHORITY allows empty authority/host part 
CURLU_NO_AUTHORITY is intended for use with unknown schemes (i.e. not
"file:///") to override cURL's default demand that an authority exists.

Closes #4349
 2019-09-19 15:57:28 +02:00
Daniel Stenberg 346188f6e4
version: next release will be 7.67.0 2019-09-19 15:57:28 +02:00
Daniel Stenberg 2d55460ec5
RELEASE-NOTES: synced 2019-09-19 15:30:16 +02:00
Daniel Stenberg 3c5f9ba899
url: only reuse TLS connections with matching pinning 
If the requests have different CURLOPT_PINNEDPUBLICKEY strings set, the
connection should not be reused.

Bug: https://curl.haxx.se/mail/lib-2019-09/0061.html
Reported-by: Sebastian Haglund

Closes #4347
 2019-09-19 14:58:24 +02:00
Daniel Stenberg fafad1496b
README: add OSS-Fuzz badge [skip ci] 
Closes #4380
 2019-09-19 14:02:10 +02:00
Michael Kaufmann 2a2404153b http: merge two "case" statements 2019-09-18 13:45:41 +02:00
Zenju 1c02a4e874
FTP: remove trailing slash from path for LIST/MLSD 
Closes #4348
 2019-09-18 09:27:21 +02:00
Daniel Stenberg ac58c51b29
mime: when disabled, avoid C99 macro 
Closes #4368
 2019-09-18 08:08:41 +02:00
Daniel Stenberg beb4350917
url: cleanup dangling DOH request headers too 
Follow-up to 9bc44ff64d

Credit to OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/17269

Closes #4372
 2019-09-18 07:48:49 +02:00
Christoph M. Becker 7c596f5dea
http2: relax verification of :authority in push promise requests 
If the :authority pseudo header field doesn't contain an explicit port,
we assume it is valid for the default port, instead of rejecting the
request for all ports.

Ref: https://curl.haxx.se/mail/lib-2019-09/0041.html

Closes #4365
 2019-09-16 23:36:22 +02:00
Daniel Stenberg 9bc44ff64d
doh: clean up dangling DOH handles and memory on easy close 
If you set the same URL for target as for DoH (and it isn't a DoH
server), like "https://example.com" in both, the easy handles used for
the DoH requests could be left "dangling" and end up not getting freed.

Reported-by: Paul Dreik
Closes #4366
 2019-09-16 17:31:56 +02:00
Daniel Stenberg 3ad883aeda
unit1655: make it C90 compliant 
Unclear why this was not detected in the CI.

Follow-up to b766602729
 2019-09-16 14:30:44 +02:00
Daniel Stenberg 6de1053692
smb: check for full size message before reading message details 
To avoid reading of uninitialized data.

Assisted-by: Max Dymond
Bug: https://crbug.com/oss-fuzz/16907
Closes #4363
 2019-09-16 14:16:06 +02:00
Daniel Stenberg 00da834156
quiche: persist connection details 
... like we do for other protocols at connect time. This makes "curl -I"
and other things work.

Reported-by: George Liu
Fixes #4358
Closes #4360
 2019-09-16 13:37:26 +02:00
Daniel Stenberg a0f8fccb1e
openssl: fix warning with boringssl and SSL_CTX_set_min_proto_version 
Follow-up to ffe34b7b59
Closes #4359
 2019-09-16 08:49:51 +02:00
Paul Dreik dda418266c
doh: fix undefined behaviour and open up for gcc and clang optimization 
The undefined behaviour is annoying when running fuzzing with
sanitizers. The codegen is the same, but the meaning is now not up for
dispute. See https://cppinsights.io/s/516a2ff4

By incrementing the pointer first, both gcc and clang recognize this as
a bswap and optimizes it to a single instruction.  See
https://godbolt.org/z/994Zpx

Closes #4350
 2019-09-15 23:27:45 +02:00
Paul Dreik b766602729
doh: fix (harmless) buffer overrun 
Added unit test case 1655 to verify.
Close #4352

the code correctly finds the flaws in the old code,
if one temporarily restores doh.c to the old version.
 2019-09-15 23:25:24 +02:00
Alessandro Ghedini 5eb75d4186 docs: remove trailing ':' from section names in CURLOPT_TRAILER* man 2019-09-15 12:25:02 +01:00