aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-09-29connect: fix race condition with happy eyeballs timeoutAnders Bakken
The timer should be started after conn->connecttime is set. Otherwise the timer could expire without this condition being true: /* should we try another protocol family? */ if(i == 0 && conn->tempaddr[1] == NULL && curlx_tvdiff(now, conn->connecttime) >= HAPPY_EYEBALLS_TIMEOUT) { Ref: #1928
2017-09-28docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MSMichael Kaufmann
Closes #1922
2017-09-28docs: clarify the use of environment variables for proxyMichael Kaufmann
Closes #1921
2017-09-28http: add custom empty headers to repeated requestsMichael Kaufmann
Closes #1920
2017-09-28reuse_conn: don't copy flags that are known to be equalMichael Kaufmann
A connection can only be reused if the flags "conn_to_host" and "conn_to_port" match. Therefore it is not necessary to copy these flags in reuse_conn(). Closes #1918
2017-09-27curl.h: include <sys/select.h> on cygwin tooDaniel Stenberg
When building with -std=c++14 on cygwin, this header won't be automatically included as it otherwise is. The <sys/select.h> include decision should ideally be reversed and be avoided where that header file doesn't exist. Reported-by: Ian Fette Fixes #1925
2017-09-25RELEASE-NOTES: synced with d8ab5dc50Daniel Stenberg
2017-09-24tests: adjust .gitignore for new testsMichael Kaufmann
2017-09-23ntlm: move NTLM_NEEDS_NSS_INIT define into core NTLM headerJay Satiro
.. and include the core NTLM header in all NTLM-related source files. Follow up to 6f86022. Since then http_ntlm checks NTLM_NEEDS_NSS_INIT but did not include vtls.h where it was defined. Closes https://github.com/curl/curl/pull/1911
2017-09-23file_range: avoid integer overflow when figuring out byte rangeDaniel Stenberg
When trying to bump the value with one and the value is already at max, it causes an integer overflow. Closes #1908 Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3465 Assisted-by: Max Dymond
2017-09-23tests: fix a compiler warning in test 643Michael Kaufmann
2017-09-23symbols-in-versions: fix CURLSSLSET_NO_BACKENDS entryJay Satiro
- Use spaces instead of tabs as the delimiter. Follow up to 7c52b12 which added the entry. The entry had used tabs but the symbol-scan parser doesn't recognize tabs and would fail the symbol.
2017-09-22metalink: fix NSS issue in MultiSSL buildsViktor Szakats
In MultiSSL mode (i.e. when more than one SSL backend is compiled in), we cannot use the compile time flag `USE_NSS` as indicator that the NSS backend is in use. As far as Metalink is concerned, the SSL backend is only used for MD5, SHA-1 and SHA-256 calculations, therefore one of the available SSL backends is selected at compile time, in a strict order of preference. Let's introduce a new `HAVE_NSS_CONTEXT` constant that can be used to determine whether the SSL backend used for Metalink is the NSS backend, and use that to guard the code that wants to de-initialize the NSS-specific data structure. Ref: https://github.com/curl/curl/pull/1848
2017-09-22ntlm: use strict order for SSL backend #if branchesViktor Szakats
With the recently introduced MultiSSL support multiple SSL backends can be compiled into cURL That means that now the order of the SSL One option would be to use the same SSL backend as was configured via `curl_global_sslset()`, however, NTLMv2 support would appear to be available only with some SSL backends. For example, when eb88d778e (ntlm: Use Windows Crypt API, 2014-12-02) introduced support for NTLMv1 using Windows' Crypt API, it specifically did *not* introduce NTLMv2 support using Crypt API at the same time. So let's select one specific SSL backend for NTLM support when compiled with multiple SSL backends, using a priority order such that we support NTLMv2 even if only one compiled-in SSL backend can be used for that. Ref: https://github.com/curl/curl/pull/1848
2017-09-22symbols-in-versions: add CURLSSLSET_NO_BACKENDSDaniel Stenberg
...fixup from b8e0fe19ec
2017-09-22imap: quote atoms properly when escaping charactersDaniel Stenberg
Updates test 800 to verify Fixes #1902 Closes #1903
2017-09-22tests: make the imap server not verify user+passwordDaniel Stenberg
... as the test cases themselves do that and it makes it easier to add crazy test cases. Test 800 updated to use user name + password that need quoting. Test 856 updated to trigger an auth fail differently. Ref: #1902
2017-09-22vtls: provide curl_global_sslset() even in non-SSL buildsDaniel Stenberg
... it just returns error: Bug: https://github.com/curl/curl/commit/1328f69d53f2f2e937696ea954c480412b018451#commitcomment-24470367 Reported-by: Marcel Raad Closes #1906
2017-09-22form/mime: field names are not allowed to contain zero-valued bytes.Patrick Monnerat
Also suppress length argument of curl_mime_name() (names are always zero-terminated).
2017-09-21openssl: only verify RSA private key if supportedDirk Feytons
In some cases the RSA key does not support verifying it because it's located on a smart card, an engine wants to hide it, ... Check the flags on the key before trying to verify it. OpenSSL does the same thing internally; see ssl/ssl_rsa.c Closes #1904
2017-09-21examples/post-callback: use long for CURLOPT_POSTFIELDSIZEMarcel Raad
Otherwise, typecheck-gcc.h warns on MinGW-w64.
2017-09-20mime: rephrase the multipart output state machine (#1898) ...Patrick Monnerat
... in hope coverity will like it much.
2017-09-20mime: fix an explicit null dereference (#1899)Patrick Monnerat
2017-09-20curl: check fseek() return code and bail on errorDaniel Stenberg
Detected by coverity. CID 1418137.
2017-09-20smtp: fix memory leak in OOMDaniel Stenberg
Regression since ce0881edee Coverity CID 1418139 and CID 1418136 found it, but it was also seen in torture testing.
2017-09-20RELEASE-NOTES: synced with 5fe85587cDaniel Stenberg
2017-09-19cookies: use lock when using CURLINFO_COOKIELISTPavel P
Closes #1896
2017-09-18ossfuzz: changes before merging the generated corporaMax Dymond
Before merging in the oss-fuzz corpora from Google, there are some changes to the fuzzer. - Add a read corpus script, to display corpus files nicely. - Change the behaviour of the fuzzer so that TLV parse failures all now go down the same execution paths, which should reduce the size of the corpora. - Make unknown TLVs a failure to parse, which should decrease the size of the corpora as well. Closes #1881
2017-09-18mime:escape_string minor clarification changeDaniel Stenberg
... as it also removes a warning with old gcc versions. Bug: https://curl.haxx.se/mail/lib-2017-09/0049.html Reported-by: Ben Greear
2017-09-18ossfuzz: don't write out to stdoutMax Dymond
Don't make the fuzzer write out to stdout - instead write some of the contents to a memory block so we exercise the data output code but quietly. Closes #1885
2017-09-18cookies: reject oversized cookiesDaniel Stenberg
... instead of truncating them. There's no fixed limit for acceptable cookie names in RFC 6265, but the entire cookie is said to be less than 4096 bytes (section 6.1). This is also what browsers seem to implement. We now allow max 5000 bytes cookie header. Max 4095 bytes length per cookie name and value. Name + value together may not exceed 4096 bytes. Added test 1151 to verify Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html Reported-by: Kevin Smith Closes #1894
2017-09-18travis: on mac, don't install openssl or libidnDaniel Stenberg
- openssl is already installed and causes warnings when trying to install again - libidn isn't used these days, and homebrew doesn't seem to have a libidn2 package to replace with easily Closes #1895
2017-09-18curl: make str2udouble not return values on errorDaniel Stenberg
... previously it would store a return value even when it returned error, which could make the value get used anyway! Reported-by: Brian Carpenter Closes #1893
2017-09-18socks: fix incorrect port number in SOCKS4 error messageJay Satiro
Prior to this change it appears the SOCKS5 port parsing was erroneously used for the SOCKS4 error message, and as a result an incorrect port would be shown in the error message. Bug: https://github.com/curl/curl/issues/1892 Reported-by: Jackarain@users.noreply.github.com
2017-09-16schannel: Support partial send for when data is too largeMarc Aldorasi
Schannel can only encrypt a certain amount of data at once. Instead of failing when too much data is to be sent at once, send as much data as we can and let the caller send the remaining data by calling send again. Bug: https://curl.haxx.se/mail/lib-2014-07/0033.html Closes https://github.com/curl/curl/pull/1890
2017-09-16openssl: add missing includesDavid Benjamin
lib/vtls/openssl.c uses OpenSSL APIs from BUF_MEM and BIO APIs. Include their headers directly rather than relying on other OpenSSL headers including things. Closes https://github.com/curl/curl/pull/1891
2017-09-15conversions: fix several compiler warningsDaniel Stenberg
2017-09-15server/getpart: provide dummy function to build conversion enabledDaniel Stenberg
2017-09-15non-ascii: use iconv() with 'char **' argumentDaniel Stenberg
Bug: https://curl.haxx.se/mail/lib-2017-09/0031.html
2017-09-15escape.c: error: pointer targets differ in signednessDaniel Stenberg
2017-09-15docs: clarify the CURLOPT_INTERLEAVE* options behaviorDaniel Stenberg
2017-09-15rtsp: Segfault in rtsp.c when using WRITEDATAMax Dymond
If the INTERLEAVEFUNCTION is defined, then use that plus the INTERLEAVEDATA information when writing RTP. Otherwise, use WRITEFUNCTION and WRITEDATA. Fixes #1880 Closes #1884
2017-09-15tests: enable gssapi in travis-ci linux buildIsaac Boukris
Closes https://github.com/curl/curl/pull/1687
2017-09-15tests: add initial gssapi test using stub implementationIsaac Boukris
The stub implementation is pre-loaded using LD_PRELOAD and emulates common gssapi uses (only builds if curl is initially built with gssapi support). The initial tests are currently disabled for debug builds as LD_PRELOAD is not used then. Ref: https://github.com/curl/curl/pull/1687
2017-09-15test1150: verify same host fetch using different ports over proxyDaniel Stenberg
Closes #1889
2017-09-14URL: on connection re-use, still pick the new remote portDaniel Stenberg
... as when a proxy connection is being re-used, it can still get a different remote port. Fixes #1887 Reported-by: Oli Kingshott
2017-09-12RELEASE-NOTES: synced with 87501e57fDaniel Stenberg
2017-09-12code style: remove wrong uses of multiple spacesDaniel Stenberg
Closes #1878
2017-09-12checksrc: detect and warn for multiple spacesDaniel Stenberg
2017-09-12code style: use space after semicolonDaniel Stenberg