aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-09-21openssl: only verify RSA private key if supportedDirk Feytons
In some cases the RSA key does not support verifying it because it's located on a smart card, an engine wants to hide it, ... Check the flags on the key before trying to verify it. OpenSSL does the same thing internally; see ssl/ssl_rsa.c Closes #1904
2017-09-21examples/post-callback: use long for CURLOPT_POSTFIELDSIZEMarcel Raad
Otherwise, typecheck-gcc.h warns on MinGW-w64.
2017-09-20mime: rephrase the multipart output state machine (#1898) ...Patrick Monnerat
... in hope coverity will like it much.
2017-09-20mime: fix an explicit null dereference (#1899)Patrick Monnerat
2017-09-20curl: check fseek() return code and bail on errorDaniel Stenberg
Detected by coverity. CID 1418137.
2017-09-20smtp: fix memory leak in OOMDaniel Stenberg
Regression since ce0881edee Coverity CID 1418139 and CID 1418136 found it, but it was also seen in torture testing.
2017-09-20RELEASE-NOTES: synced with 5fe85587cDaniel Stenberg
2017-09-19cookies: use lock when using CURLINFO_COOKIELISTPavel P
Closes #1896
2017-09-18ossfuzz: changes before merging the generated corporaMax Dymond
Before merging in the oss-fuzz corpora from Google, there are some changes to the fuzzer. - Add a read corpus script, to display corpus files nicely. - Change the behaviour of the fuzzer so that TLV parse failures all now go down the same execution paths, which should reduce the size of the corpora. - Make unknown TLVs a failure to parse, which should decrease the size of the corpora as well. Closes #1881
2017-09-18mime:escape_string minor clarification changeDaniel Stenberg
... as it also removes a warning with old gcc versions. Bug: https://curl.haxx.se/mail/lib-2017-09/0049.html Reported-by: Ben Greear
2017-09-18ossfuzz: don't write out to stdoutMax Dymond
Don't make the fuzzer write out to stdout - instead write some of the contents to a memory block so we exercise the data output code but quietly. Closes #1885
2017-09-18cookies: reject oversized cookiesDaniel Stenberg
... instead of truncating them. There's no fixed limit for acceptable cookie names in RFC 6265, but the entire cookie is said to be less than 4096 bytes (section 6.1). This is also what browsers seem to implement. We now allow max 5000 bytes cookie header. Max 4095 bytes length per cookie name and value. Name + value together may not exceed 4096 bytes. Added test 1151 to verify Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html Reported-by: Kevin Smith Closes #1894
2017-09-18travis: on mac, don't install openssl or libidnDaniel Stenberg
- openssl is already installed and causes warnings when trying to install again - libidn isn't used these days, and homebrew doesn't seem to have a libidn2 package to replace with easily Closes #1895
2017-09-18curl: make str2udouble not return values on errorDaniel Stenberg
... previously it would store a return value even when it returned error, which could make the value get used anyway! Reported-by: Brian Carpenter Closes #1893
2017-09-18socks: fix incorrect port number in SOCKS4 error messageJay Satiro
Prior to this change it appears the SOCKS5 port parsing was erroneously used for the SOCKS4 error message, and as a result an incorrect port would be shown in the error message. Bug: https://github.com/curl/curl/issues/1892 Reported-by: Jackarain@users.noreply.github.com
2017-09-16schannel: Support partial send for when data is too largeMarc Aldorasi
Schannel can only encrypt a certain amount of data at once. Instead of failing when too much data is to be sent at once, send as much data as we can and let the caller send the remaining data by calling send again. Bug: https://curl.haxx.se/mail/lib-2014-07/0033.html Closes https://github.com/curl/curl/pull/1890
2017-09-16openssl: add missing includesDavid Benjamin
lib/vtls/openssl.c uses OpenSSL APIs from BUF_MEM and BIO APIs. Include their headers directly rather than relying on other OpenSSL headers including things. Closes https://github.com/curl/curl/pull/1891
2017-09-15conversions: fix several compiler warningsDaniel Stenberg
2017-09-15server/getpart: provide dummy function to build conversion enabledDaniel Stenberg
2017-09-15non-ascii: use iconv() with 'char **' argumentDaniel Stenberg
Bug: https://curl.haxx.se/mail/lib-2017-09/0031.html
2017-09-15escape.c: error: pointer targets differ in signednessDaniel Stenberg
2017-09-15docs: clarify the CURLOPT_INTERLEAVE* options behaviorDaniel Stenberg
2017-09-15rtsp: Segfault in rtsp.c when using WRITEDATAMax Dymond
If the INTERLEAVEFUNCTION is defined, then use that plus the INTERLEAVEDATA information when writing RTP. Otherwise, use WRITEFUNCTION and WRITEDATA. Fixes #1880 Closes #1884
2017-09-15tests: enable gssapi in travis-ci linux buildIsaac Boukris
Closes https://github.com/curl/curl/pull/1687
2017-09-15tests: add initial gssapi test using stub implementationIsaac Boukris
The stub implementation is pre-loaded using LD_PRELOAD and emulates common gssapi uses (only builds if curl is initially built with gssapi support). The initial tests are currently disabled for debug builds as LD_PRELOAD is not used then. Ref: https://github.com/curl/curl/pull/1687
2017-09-15test1150: verify same host fetch using different ports over proxyDaniel Stenberg
Closes #1889
2017-09-14URL: on connection re-use, still pick the new remote portDaniel Stenberg
... as when a proxy connection is being re-used, it can still get a different remote port. Fixes #1887 Reported-by: Oli Kingshott
2017-09-12RELEASE-NOTES: synced with 87501e57fDaniel Stenberg
2017-09-12code style: remove wrong uses of multiple spacesDaniel Stenberg
Closes #1878
2017-09-12checksrc: detect and warn for multiple spacesDaniel Stenberg
2017-09-12code style: use space after semicolonDaniel Stenberg
2017-09-12checksrc: verify space after semicolonsDaniel Stenberg
2017-09-11code style: use spaces around plusesDaniel Stenberg
2017-09-11checksrc: detect and warn for lack of spaces next to plus signsDaniel Stenberg
2017-09-11code style: use spaces around equals signsDaniel Stenberg
2017-09-11checksrc: verify spaces around equals signsDaniel Stenberg
... as the code style mandates.
2017-09-11Curl_checkheaders: make it available for IMAP and SMTP tooDaniel Stenberg
... not only HTTP uses this now. Closes #1875
2017-09-11travis: add build without HTTP/SMTP/IMAPDaniel Stenberg
2017-09-10mbedtls: enable CA path processingJay Satiro
CA path processing was implemented when mbedtls.c was added to libcurl in fe7590f, but it was never enabled. Bug: https://github.com/curl/curl/issues/1877 Reported-by: SBKarr@users.noreply.github.com
2017-09-08rtsp: do not call fwrite() with NULL pointer FILE *Daniel Stenberg
If the default write callback is used and no destination has been set, a NULL pointer would be passed to fwrite()'s 4th argument. OSS-fuzz bug https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3327 (not publicly open yet) Detected by OSS-fuzz Closes #1874
2017-09-08configure: use -Wno-varargs on clang 3.9[.X] debug buildsDaniel Stenberg
... to avoid a clang bug
2017-09-08ossfuzz: add some more handled CURL optionsMax Dymond
Add support for HEADER, COOKIE, RANGE, CUSTOMREQUEST, MAIL_RECIPIENT, MAIL_FROM and uploading data.
2017-09-07configure: check for C++ compiler after C, to make it non-fatalDaniel Stenberg
The tests for object file/executable file extensions are presumably only done for the first of these macros in the configure file. Bug: https://github.com/curl/curl/pull/1851#issuecomment-327597515 Reported-by: Marcel Raad Closes #1873
2017-09-07form API: add new test 650.Patrick Monnerat
Now that the form API is deprecated and not used anymore in curl tool, a lot of its features left untested. Test 650 attempts to check all these features not tested elsewhere.
2017-09-07configure: fix curl_off_t check's include orderJay Satiro
- Prepend srcdir include path instead of append. Prior to this change it was possible that during the check for the size of curl_off_t the include path of a user's already installed curl could come before the include path of the to-be-built curl, resulting in the system.h of the former being incorrectly included for that check. Closes https://github.com/curl/curl/pull/1870
2017-09-07KNOWN_BUGS: Remove CMake symbol hiding issueJakub Zakrzewski
It has already been fixed in 6140dfc
2017-09-07http-proxy: when not doing CONNECT, that phase is done immediatelyDaniel Stenberg
`conn->connect_state` is NULL when doing a regular non-CONNECT request over the proxy and should therefor be considered complete at once. Fixes #1853 Closes #1862 Reported-by: Lawrence Wagerfield
2017-09-07OpenSSL: fix yet another mistake while encapsulating SSL backend dataJohannes Schindelin
Another mistake in my manual fixups of the largely mechanical search-and-replace ("connssl->" -> "BACKEND->"), just like the previous commit concerning HTTPS proxies (and hence not caught during my earlier testing). Fixes #1855 Closes #1871 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-09-07OpenSSL: fix erroneous SSL backend encapsulationJohannes Schindelin
In d65e6cc4f (vtls: prepare the SSL backends for encapsulated private data, 2017-06-21), this developer prepared for a separation of the private data of the SSL backends from the general connection data. This conversion was partially automated (search-and-replace) and partially manual (e.g. proxy_ssl's backend data). Sadly, there was a crucial error in the manual part, where the wrong handle was used: rather than connecting ssl[sockindex]' BIO to the proxy_ssl[sockindex]', we reconnected proxy_ssl[sockindex]. The reason was an incorrect location to paste "BACKEND->"... d'oh. Reported by Jay Satiro in https://github.com/curl/curl/issues/1855. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-09-07vtls: fix memory corruptionJay Satiro
Ever since 70f1db321 (vtls: encapsulate SSL backend-specific data, 2017-07-28), the code handling HTTPS proxies was broken because the pointer to the SSL backend data was not swapped between conn->ssl[sockindex] and conn->proxy_ssl[sockindex] as intended, but instead set to NULL (causing segmentation faults). [jes: provided the commit message, tested and verified the patch] Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>