aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-07-25easy: resize receive buffer on easy handle resetJay Satiro
- In curl_easy_reset attempt to resize the receive buffer to its default size. If realloc fails then continue using the previous size. Prior to this change curl_easy_reset did not properly handle resetting the receive buffer (data->state.buffer). It reset the variable holding its size (data->set.buffer_size) to the default size (READBUFFER_SIZE) but then did not actually resize the buffer. If a user resized the buffer by using CURLOPT_BUFFERSIZE to set the size smaller than the default, later called curl_easy_reset and attempted to reuse the handle then a heap overflow would very likely occur during that handle's next transfer. Reported-by: Felix Hädicke Fixes https://github.com/curl/curl/issues/4143 Closes https://github.com/curl/curl/pull/4145
2019-07-25examples: Avoid reserved names in hiperfifo examplesBrad Spencer
- Trade in __attribute__((unused)) for the classic (void)x to silence unused symbols. Because the classic way is not gcc specific. Also because the prior method mapped to symbol _Unused, which starts with _ and a capital letter which is reserved. Assisted-by: The Infinnovation team Bug: https://github.com/curl/curl/issues/4120#issuecomment-512542108 Closes https://github.com/curl/curl/pull/4153
2019-07-25RELEASE-NOTES: syncedDaniel Stenberg
2019-07-25ssh-libssh: do not specify O_APPEND when not in append modeFelix Hädicke
Specifying O_APPEND in conjunction with O_TRUNC and O_CREAT does not make much sense. And this combination of flags is not accepted by all SFTP servers (at least not Apache SSHD). Fixes #4147 Closes #4148
2019-07-25multi: call detach_connection before Curl_disconnectGergely Nagy
Curl_disconnect bails out if conn->easyq is not empty, detach_connection needs to be called first to remove the current easy from the queue. Fixes #4144 Closes #4151
2019-07-23tool_operate: fix implicit call to easysrc_cleanupJay Satiro
easysrc_cleanup is only defined when CURL_DISABLE_LIBCURL_OPTION is not defined, and prior to this change would be called regardless. Bug: https://github.com/curl/curl/pull/3804#issuecomment-513922637 Reported-by: Marcel Raad Closes https://github.com/curl/curl/pull/4142
2019-07-22curl:create_transfers check return code from curl_easy_setoptDaniel Stenberg
From commit b8894085 Pointed out by Coverity CID 1451703 Closes #4134
2019-07-21HTTP3: initial (experimental) supportDaniel Stenberg
USe configure --with-ngtcp2 or --with-quiche Using either option will enable a HTTP3 build. Co-authored-by: Alessandro Ghedini <alessandro@ghedini.me> Closes #3500
2019-07-21curl: remove dead codeDaniel Stenberg
The loop never loops (since b889408500), pointed out by Coverity (CID 1451702) Closes #4133
2019-07-20docs/PARALLEL-TRANSFERS: correct the version numberDaniel Stenberg
2019-07-20docs/PARALLEL-TRANSFERS: addedDaniel Stenberg
2019-07-20curl: support parallel transfersDaniel Stenberg
This is done by making sure each individual transfer is first added to a linked list as then they can be performed serially, or at will, in parallel. Closes #3804
2019-07-20docs/MANUAL.md: converted to markdown from plain textDaniel Stenberg
... will make it render as a nicer web page. Closes #4131
2019-07-20curl_version_info: provide nghttp2 detailsDaniel Stenberg
Introducing CURLVERSION_SIXTH with nghttp2 info. Closes #4121
2019-07-19bump: start working on 7.66.0Daniel Stenberg
2019-07-19source: remove names from source commentsDaniel Stenberg
Several reasons: - we can't add everyone who's helping out so its unfair to just a few selected ones. - we already list all helpers in THANKS and in RELEASE-NOTES for each release - we don't want to give the impression that some parts of the code is "owned" or "controlled" by specific persons Assisted-by: Daniel Gustafsson Closes #4129
2019-07-19RELEASE-NOTES: 7.65.3Daniel Stenberg
2019-07-19THANKS: 7.65.3 statusDaniel Stenberg
2019-07-19progress: make the progress meter appear againDaniel Stenberg
Fix regression caused by 21080e1 Reported-by: Chih-Hsuan Yen Fixes #4122 Closes #4124
2019-07-19version: bump to 7.65.3Daniel Stenberg
2019-07-17RELEASE-NOTES: Contributors or now 1990Daniel Stenberg
2019-07-17RELEASE-NOTES: 7.65.2Daniel Stenberg
2019-07-17THANKS: add contributors from 7.65.2Daniel Stenberg
2019-07-17cmake: Fix finding Brotli on case-sensitive file systemsaasivov
- Find package "Brotli" instead of "BROTLI" since the former is the casing used for CMake/FindBrotli.cmake, and otherwise find_package may fail on a case-sensitive file system. Fixes https://github.com/curl/curl/issues/4117
2019-07-17CURLOPT_RANGE.3: Caution against using it for HTTP PUTJay Satiro
AFAICT CURLOPT_RANGE does not support ranged HTTP PUT uploads so I've cautioned against using it for that purpose and included a workaround. Bug: https://curl.haxx.se/mail/lib-2019-04/0075.html Reported-by: Christopher Head Closes https://github.com/curl/curl/issues/3814
2019-07-17CURLOPT_SEEKDATA.3: fix variable nameStefano Simonelli
Closes https://github.com/curl/curl/pull/4118
2019-07-17CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCHgeorgeok
If the SSL backend is Schannel and the user specifies an Schannel CALG_ that is not supported by the protocol or the server then curl returns CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH. Fixes https://github.com/curl/curl/issues/3389 Closes https://github.com/curl/curl/pull/4106
2019-07-17nss: inspect returnvalue of token checkDaniel Gustafsson
PK11_IsPresent() checks for the token for the given slot is available, and sets needlogin flags for the PK11_Authenticate() call. Should it return false, we should however treat it as an error and bail out. Closes https://github.com/curl/curl/pull/4110
2019-07-17docs: Explain behavior change in --tlsv1. options since 7.54Jay Satiro
Since 7.54 --tlsv1. options use the specified version or later, however older versions of curl documented it as using just the specified version which may or may not have happened depending on the TLS library. Document this discrepancy to allay confusion for users familiar with the old documentation that expect just the specified version. Fixes https://github.com/curl/curl/issues/4097 Closes https://github.com/curl/curl/pull/4119
2019-07-17libcurl: Restrict redirect schemes (follow-up)Jay Satiro
- Allow FTPS on redirect. - Update default allowed redirect protocols in documentation. Follow-up to 6080ea0. Ref: https://github.com/curl/curl/pull/4094 Closes https://github.com/curl/curl/pull/4115
2019-07-16test1173: make it also check all libcurl option man pagesDaniel Stenberg
... and adjust those that cause errors Closes #4116
2019-07-16curl: only accept COLUMNS less than 10000Daniel Stenberg
... as larger values would rather indicate something silly (and could potentially cause buffer problems). Reported-by: pendrek at hackerone Closes #4114
2019-07-15dist: add manpage-syntax.plDaniel Stenberg
follow-up to 7fb66c403
2019-07-15test1173: detect some basic man page format mistakesDaniel Stenberg
Triggered by PR #4111 Closes #4113
2019-07-15docs: Fix missing lines caused by undefined macrosBjarni Ingi Gislason
- Escape apostrophes at line start. Some lines begin with a "'" (apostrophe, single quote), which is then interpreted as a control character in *roff. Such lines are interpreted as being a call to a macro, and if undefined, the lines are removed from the output. Bug: https://bugs.debian.org/926352 Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is> Submitted-by: Alessandro Ghedini Closes https://github.com/curl/curl/pull/4111
2019-07-14libcurl-security.3: update to new CURLOPT_REDIR_PROTOCOLS defaultsDaniel Stenberg
follow-up to 6080ea098
2019-07-14libcurl: Add testcase for gopher redirectsLinos Giannopoulos
The testcase ensures that redirects to CURLPROTO_GOPHER won't be allowed, by default, in the future. Also, curl is being used for convenience while keeping the testcases DRY. The expected error code is CURLE_UNSUPPORTED_PROTOCOL when the client is redirected to CURLPROTO_GOPHER Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr>
2019-07-14libcurl: Restrict redirect schemesLinos Giannopoulos
All protocols except for CURLPROTO_FILE/CURLPROTO_SMB and their TLS counterpart were allowed for redirect. This vastly broadens the exploitation surface in case of a vulnerability such as SSRF [1], where libcurl-based clients are forced to make requests to arbitrary hosts. For instance, CURLPROTO_GOPHER can be used to smuggle any TCP-based protocol by URL-encoding a payload in the URI. Gopher will open a TCP connection and send the payload. Only HTTP/HTTPS and FTP are allowed. All other protocols have to be explicitly enabled for redirects through CURLOPT_REDIR_PROTOCOLS. [1]: https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/ Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr> Closes #4094
2019-07-14openssl: define HAVE_SSL_GET_SHUTDOWN based on version numberZenju
Closes #4100
2019-07-14http: allow overriding timecond with custom headerPeter Simonyi
With CURLOPT_TIMECONDITION set, a header is automatically added (e.g. If-Modified-Since). Allow this to be replaced or suppressed with CURLOPT_HTTPHEADER. Fixes #4103 Closes #4109
2019-07-11smb: Use the correct error code for access denied on file openJuergen Hoetzel
- Return CURLE_REMOTE_ACCESS_DENIED for SMB access denied on file open. Prior to this change CURLE_REMOTE_FILE_NOT_FOUND was returned instead. Closes https://github.com/curl/curl/pull/4095
2019-07-11DEPRECATE: fixup versions and spellingDaniel Gustafsson
Correctly set the July 17 version to 7.65.2, and update spelling to be consistent. Also fix a typo. Closes https://github.com/curl/curl/pull/4107
2019-07-11system_win32: fix clang warningGisle Vanem
- Declare variable in header as extern. Bug: https://github.com/curl/curl/commit/48b9ea4#commitcomment-34084597
2019-07-10headers: Remove no longer exported functionsDaniel Gustafsson
There were a leftover few prototypes of Curl_ functions that we used to export but no longer do, this removes those prototypes and cleans up any comments still referring to them. Curl_write32_le(), Curl_strcpy_url(), Curl_strlen_url(), Curl_up_free() Curl_concat_url(), Curl_detach_connnection(), Curl_http_setup_conn() were made static in 05b100aee247bb9bec8e9a1b0166496aa4248d1c. Curl_http_perhapsrewind() made static in 574aecee208f79d391f10d57520b3. For the remainder, I didn't trawl the Git logs hard enough to capture their exact time of deletion, but they were all gone: Curl_splayprint(), Curl_http2_send_request(), Curl_global_host_cache_dtor(), Curl_scan_cache_used(), Curl_hostcache_destroy(), Curl_second_connect(), Curl_http_auth_stage() and Curl_close_connections(). Closes #4096 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-07-09CMake: fix typos and spellingDaniel Gustafsson
2019-07-09CMake: Convert errant elseif() to else()Kyle Edwards
CMake interprets an elseif() with no arguments as elseif(FALSE), resulting in the elseif() block not being executed. That is not what was intended here. Change the empty elseif() to an else() as it was intended. Closes #4101 Reported-by: Artalus <artalus-mail@yandex.ru> Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
2019-07-09buildconf: fix header filenameDaniel Gustafsson
The header file inclusion had a typo, it should be .h and not .hd. Fix by renaming. Fixes #4102 Reported-by: AceCrow on Github
2019-07-09configure: fix --disable-code-coverageJan Chren
This fixes the case when --disable-code-coverage supplied to ./configure would result in coverage="yes" being set. Closes #4099 Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
2019-07-08cleanup: fix typo in commentDaniel Gustafsson
2019-07-08RELEASE-NOTES: syncedDaniel Gustafsson