aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-01-06curl -w: handle a blank input file correctlyDaniel Stenberg
Previously it would end up with an uninitialized memory buffer that would lead to a crash or junk getting output. Added test 1271 to verify. Reported-by: Brian Carpenter Closes #4786
2020-01-06file: on Windows, refuse paths that start with \\Daniel Stenberg
... as that might cause an unexpected SMB connection to a given host name. Reported-by: Fernando Muñoz CVE-2019-15601 Bug: https://curl.haxx.se/docs/CVE-2019-15601.html
2020-01-06CURLOPT_READFUNCTION.3: fix fopen params in exampleJay Satiro
2020-01-06CURLOPT_READFUNCTION.3: fix variable name in exampleJay Satiro
Reported-by: Paul Joyce Fixes https://github.com/curl/curl/issues/4787
2020-01-05curl:getparameter return error for --http3 if libcurl doesn't supportDaniel Stenberg
Closes #4785
2020-01-05docs: mention CURL_MAX_INPUT_LENGTH restrictionsDaniel Stenberg
... for curl_easy_setopt() and curl_url_set(). [skip ci] Closes #4783
2020-01-04curl: properly free mimepost dataDaniel Stenberg
... as it could otherwise leak memory when a transfer failed. Added test 1293 to verify. Reported-by: Brian Carpenter Fixes #4781 Closes #4782
2020-01-04curl: cleanup multi handle on failureDaniel Stenberg
... to fix memory leak in error path. Fixes #4772 Closes #4780 Reported-by: Brian Carpenter
2020-01-03lib: fix compiler warnings with `CURL_DISABLE_VERBOSE_STRINGS`Marcel Raad
Closes https://github.com/curl/curl/pull/4775
2020-01-03COPYING: it's 2020!Daniel Stenberg
[skip ci]
2020-01-03tests: Fix bounce requests with truncated writesMarc Aldorasi
Prior to this change the swsbounce check in service_connection could fail because prevtestno and prevpartno were not set, which would cause the wrong response data to be sent to some tests and cause them to fail. Ref: https://github.com/curl/curl/pull/4717#issuecomment-570240785
2019-12-31tool: make a few char pointers point to const char insteadMarcel Raad
These are read-only. Closes https://github.com/curl/curl/pull/4771
2019-12-31tests: Change NTLM tests to require SSLJay Satiro
Prior to this change tests that required NTLM feature did not require SSL feature. There are pending changes to cmake builds that will allow enabling NTLM in non-SSL builds in Windows. In that case the NTLM auth strings created are different from what is expected by the NTLM tests and they fail: "The issue with NTLM is that previous non-SSL builds would not enable NTLM and so the NTLM tests would be skipped." Assisted-by: marc-groundctl@users.noreply.github.com Ref: https://github.com/curl/curl/pull/4717#issuecomment-566218729 Closes https://github.com/curl/curl/pull/4768
2019-12-31bearssl: Improve I/O handlingMichael Forney
Factor out common I/O loop as bearssl_run_until, which reads/writes TLS records until the desired engine state is reached. This is now used for the handshake, read, write, and close. Match OpenSSL SSL_write behavior, and don't return the number of bytes written until the corresponding records have been completely flushed across the socket. This involves keeping track of the length of data buffered into the TLS engine, and assumes that when CURLE_AGAIN is returned, the write function will be called again with the same data and length arguments. This is the same requirement of SSL_write. Handle TLS close notify as EOF when reading by returning 0. Closes https://github.com/curl/curl/pull/4748
2019-12-31travis: Fix error detectionJay Satiro
- Stop using inline shell scripts for before_script and script sections. Prior to this change Travis could ignore errors from commands in inline scripts. I don't understand how or why it happens. This is a workaround. Assisted-by: Simon Warta Ref: https://github.com/travis-ci/travis-ci/issues/1066 Fixes https://github.com/curl/curl/issues/3730 Closes https://github.com/curl/curl/pull/3755
2019-12-29tool_operate: fix mem leak when failed config parseJay Satiro
Found by fuzzing the config file. Reported-by: Geeknik Labs Fixes https://github.com/curl/curl/issues/4767
2019-12-27lib: remove erroneous +x file permission on some c filesXiang Xiao
Modified by commit eb9a604 accidentally. Closes https://github.com/curl/curl/pull/4756
2019-12-27lib: fix warnings found when porting to NuttXXiang Xiao
- Undefine DEBUGASSERT in curl_setup_once.h in case it was already defined as a system macro. - Don't compile write32_le in curl_endian unless CURL_SIZEOF_CURL_OFF_T > 4, since it's only used by Curl_write64_le. - Include <arpa/inet.h> in socketpair.c. Closes https://github.com/curl/curl/pull/4756
2019-12-26os400: Add missing CURLE error constantsJay Satiro
Bug: https://github.com/curl/curl/pull/4754#issuecomment-569126922 Reported-by: Emil Engler
2019-12-26CURLOPT_HEADERFUNCTION.3: Document that size is always 1Jay Satiro
For compatibility with `fwrite`, the `CURLOPT_HEADERFUNCTION` callback is passed two `size_t` parameters which, when multiplied, designate the number of bytes of data passed in. In practice, CURL always sets the first parameter (`size`) to 1. This practice is also enshrined in documentation and cannot be changed in future. The documentation states that the default callback is `fwrite`, which means `fwrite` must be a suitable function for this purpose. However, the documentation also states that the callback must return the number of *bytes* it successfully handled, whereas ISO C `fwrite` returns the number of items (each of size `size`) which it wrote. The only way these numbers can be equal is if `size` is 1. Since `size` is 1 and can never be changed in future anyway, document that fact explicitly and let users rely on it. Reported-by: Frank Gevaerts Commit-message-by: Christopher Head Ref: https://github.com/curl/curl/pull/2787 Fixes https://github.com/curl/curl/issues/4758
2019-12-24examples/postinmemory.c: Call curl_global_cleanup alwaysJay Satiro
Prior to this change curl_global_cleanup was not called if curl_easy_init failed. Reported-by: kouzhudong@users.noreply.github.com Fixes https://github.com/curl/curl/issues/4751
2019-12-21url2file.c: fix copyright yearDaniel Stenberg
Follow-up to 525787269599b5
2019-12-20examples/url2file.c: corrected a commentRickard Hallerbäck
The comment was confusing and suggested that setting CURLOPT_NOPROGRESS to 0L would both enable and disable debug output at the same time, like a Schrödinger's cat of CURLOPTs. Closes #4745
2019-12-20HISTORY: OSS-Fuzz started fuzzing libcurl in 2017Daniel Stenberg
2019-12-20RELEASE-NOTES: syncedDaniel Stenberg
2019-12-20ngtcp2: Support the latest update key callback typeJay Satiro
- Remove our cb_update_key in favor of ngtcp2's new ngtcp2_crypto_update_key_cb which does the same thing. Several days ago the ngtcp2_update_key callback function prototype was changed in ngtcp2/ngtcp2@42ce09c. Though it would be possible to fix up our cb_update_key for that change they also added ngtcp2_crypto_update_key_cb which does the same thing so we'll use that instead. Ref: https://github.com/ngtcp2/ngtcp2/commit/42ce09c Closes https://github.com/curl/curl/pull/4735
2019-12-19sws: search for "Testno:" header uncondtionally if no testnoDaniel Stenberg
Even if the initial request line wasn't found. With the fix to 1455, the test number is now detected correctly. (Problem found when running tests in random order.) Closes #4744
2019-12-19tests: set LC_ALL in more testsDaniel Stenberg
Follow-up to 23208e330ac0c21 Closes #4743
2019-12-19test165: set LC_ALL=en_US.UTF-8 tooDaniel Stenberg
On my current Debian Unstable with libidn2 2.2.0, I get an error if LC_ALL is set to blank. Then curl errors out with: curl: (3) Failed to convert www.åäö.se to ACE; could not convert string to UTF-8 Closes #4738
2019-12-19curl.h: add two defines for the "pre ISO C" caseDaniel Stenberg
Without this fix, this caused a compilation failure on AIX with IBM xlc 13.1.3 compiler. Reported-by: Ram Krushna Mishra Fixes #4739 Closes #4740
2019-12-19create_conn: prefer multiplexing to using new connectionsDaniel Stenberg
... as it would previously prefer new connections rather than multiplexing in most conditions! The (now removed) code was a leftover from the Pipelining code that was translated wrongly into a multiplex-only world. Reported-by: Kunal Ekawde Bug: https://curl.haxx.se/mail/lib-2019-12/0060.html Closes #4732
2019-12-19test1456: remove the use of a fixed local portDaniel Stenberg
Fixup the test to instead not compare the port number. It sometimes caused problems like this: "curl: (45) bind failed with errno 98: Address already in use" Closes #4733
2019-12-18CURLOPT_QUOTE.3: fix typosJay Satiro
Prior to this change the EXAMPLE in the QUOTE/PREQUOTE/POSTQUOTE man pages would not compile because a variable name was incorrect. Reported-by: Bylon2@users.noreply.github.com Fixes https://github.com/curl/curl/issues/4736
2019-12-18strerror: Fix compiler warning "empty expression"Gisle Vanem
- Remove the final semi-colon in the SEC2TXT() macro definition. Before: #define SEC2TXT(sec) case sec: txt = #sec; break; After: #define SEC2TXT(sec) case sec: txt = #sec; break Prior to this change SEC2TXT(foo); would generate break;; which caused the empty expression warning. Ref: https://github.com/curl/curl/commit/5b22e1a#r36458547
2019-12-18curl/parseconfig: use curl_free() to free memory allocated by libcurlDaniel Stenberg
Reported-by: bxac on github Fixes #4730 Closes #4731
2019-12-18curl/parseconfig: fix mem-leakDaniel Stenberg
When looping, first trying '.curlrc' and then '_curlrc', the function would not free the first string. Closes #4731
2019-12-18CURLOPT_URL.3: "curl supports SMB version 1 (only)"Daniel Stenberg
[skip ci]
2019-12-18test1270: a basic -w redirect_url testDaniel Stenberg
Closes #4728
2019-12-18HISTORY: the SMB(S) support landed in 2014Daniel Stenberg
2019-12-17define: remove HAVE_ENGINE_LOAD_BUILTIN_ENGINES, not used anymoreDaniel Stenberg
It is covered by USE_OPENSSL_ENGINE now. Reported-by: Gisle Vanem Bug: https://github.com/curl/curl/commit/87b9337c8f76c21c57b204e88b68c6ecf3bd1ac0#commitcomment-36447951 Closes #4725
2019-12-17lib: remove ASSIGNWITHINCONDITION exceptions, use our code styleDaniel Stenberg
... even for macros Reviewed-by: Daniel Gustafsson Reviewed-by: Jay Satiro Reported-by: Jay Satiro Fixes #4683 Closes #4722
2019-12-16tests: make sure checksrc runs on header files tooDaniel Stenberg
2019-12-16Revert "checksrc: fix regexp for ASSIGNWITHINCONDITION"Daniel Stenberg
This reverts commit ba82673dac3e8d00a76aa5e3779a0cb80e7442af. Bug: #4683
2019-12-16KNOWN_BUGS: TLS session cache doesn't work with TFODaniel Stenberg
[skip ci] Closes #4301
2019-12-16KNOWN_BUGS: Connection information when using TCP Fast OpenDaniel Stenberg
Also point to #4296 for more details Closes #4296
2019-12-16KNOWN_BUGS: LDAP on Windows doesn't workDaniel Stenberg
Closes #4261
2019-12-16docs: TLS SRP doesn't work with TLS 1.3Daniel Stenberg
Reported-by: sayrer on github Closes #4262 [skip ci]
2019-12-16cirrus: Switch to the FreeBSD 12.1 point release & enable more tests.Dan Fandrich
A few tests are now passing on FreeBSD, so no longer skip them. [skip ci]
2019-12-16azure: the macos cmake doesn't need to install cmakeDaniel Stenberg
Error: cmake 3.15.5 is already installed To upgrade to 3.16.1, run `brew upgrade cmake`. Closes #4723
2019-12-15winbuild: Document CURL_STATICLIB requirement for static libcurlJay Satiro
A static libcurl (ie winbuild mode=static) requires that the user define CURL_STATICLIB when using it in their application. This is already covered in the FAQ and INSTALL.md, but is a pretty important point so now it's noted in the BUILD.WINDOWS.txt as well. Assisted-by: Michael Vittiglio Closes https://github.com/curl/curl/pull/4721