aboutsummaryrefslogtreecommitdiff
path: root/lib/ftp.c
AgeCommit message (Collapse)Author
2017-03-26spelling fixesklemens
Closes #1356
2017-03-13Improve code readbilitySylvestre Ledru
... by removing the else branch after a return, break or continue. Closes #1310
2017-03-03build: fix gcc7 implicit fallthrough warningsAlexis La Goutte
Mark intended fallthroughs with /* FALLTHROUGH */ so that gcc will know it's expected and won't warn on [-Wimplicit-fallthrough=]. Closes https://github.com/curl/curl/pull/1297
2017-02-25ftp: fixed a NULL pointer dereference on OOMDan Fandrich
2017-02-25ftp: removed an erroneous free in an OOM pathDan Fandrich
2017-01-19CURLOPT_BUFFERSIZE: support enlarging receive bufferRichy Kim
Replace use of fixed macro BUFSIZE to define the size of the receive buffer. Reappropriate CURLOPT_BUFFERSIZE to include enlarging receive buffer size. Upon setting, resize buffer if larger than the current default size up to a MAX_BUFSIZE (512KB). This can benefit protocols like SFTP. Closes #1222
2016-12-25ftp: failure to resolve proxy should return that error codeDaniel Stenberg
2016-12-19http_proxy: Fix proxy CONNECT hang on pending dataJay Satiro
- Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-14checksrc: warn for assignments within if() expressionsDaniel Stenberg
... they're already frowned upon in our source code style guide, this now enforces the rule harder.
2016-12-13checksrc: stricter no-space-before-paren enforcementDaniel Stenberg
In order to make the code style more uniform everywhere
2016-11-24proxy: Support HTTPS proxy and SOCKS+HTTP(s)Alex Rousskov
* HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-18lib: fix compiler warnings after de4de4e3c7cMarcel Raad
Visual C++ now complains about implicitly casting time_t (64-bit) to long (32-bit). Fix this by changing some variables from long to time_t, or explicitly casting to long where the public interface would be affected. Closes #1131
2016-11-02ftp_done: don't clobber the passed in error codeDaniel Stenberg
Coverity CID 1374359 pointed out the unused result value.
2016-11-02ftp: remove dead code in ftp_doneDaniel Stenberg
Coverity CID 1374358
2016-10-31strcasecompare: all case insensitive string compares ignore locale nowDaniel Stenberg
We had some confusions on when each function was used. We should not act differently on different locales anyway.
2016-10-31strcasecompare: is the new name for strequal()Daniel Stenberg
... to make it less likely that we forget that the function actually does case insentive compares. Also replaced several invokes of the function with a plain strcmp when case sensitivity is not an issue (like comparing with "-").
2016-10-31ftp: check for previous patch must be case sensitive!Daniel Stenberg
... otherwise example.com/PATH and example.com/path would be assumed to be the same and they usually aren't!
2016-10-31escape: avoid using curl_easy_unescape() internallyDaniel Stenberg
Since the internal Curl_urldecode() function has a better API.
2016-10-18select: switch to macros in uppercaseDaniel Stenberg
Curl_select_ready() was the former API that was replaced with Curl_select_check() a while back and the former arg setup was provided with a define (in order to leave existing code unmodified). Now we instead offer SOCKET_READABLE and SOCKET_WRITABLE for the most common shortcuts where only one socket is checked. They're also more visibly macros.
2016-10-08ftp: fix Curl_ftpsendf()Daniel Stenberg
... it no longer takes printf() arguments since it was only really taken advantage by one user and it was not written and used in a safe way. Thus the 'f' is removed from the function name and the proto is changed. Although the current code wouldn't end up in badness, it was a risk that future changes could end up springf()ing too large data or passing in a format string inadvertently.
2016-09-07errors: new alias CURLE_WEIRD_SERVER_REPLY (8)Jay Satiro
Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as more of a generic "failed to parse" introduce an alias without FTP in the name. Closes https://github.com/curl/curl/pull/975
2016-08-26ftp_done: remove dead codeDaniel Stenberg
2016-08-23ftp: fix wrong poll on the secondary socketAles Novak
When we're uploading using FTP and the server issues a tiny pause between opening the connection to the client's secondary socket, the client's initial poll() times out, which leads to second poll() which does not wait for POLLIN on the secondary socket. So that poll() also has to time out, creating a long (200ms) pause. This patch adds the correct flag to the secondary socket, making the second poll() correctly wait for the connection there too. Signed-off-by: Ales Novak <alnovak@suse.cz> Closes #978
2016-06-22internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg
2016-04-29lib: include curl_printf.h as one of the last headersDaniel Stenberg
curl_printf.h defines printf to curl_mprintf, etc. This can cause problems with external headers which may use __attribute__((format(printf, ...))) markers etc. To avoid that they cause problems with system includes, we include curl_printf.h after any system headers. That makes the three last headers to always be, and we keep them in this order: curl_printf.h curl_memory.h memdebug.h None of them include system headers, they all do funny #defines. Reported-by: David Benjamin Fixes #743
2016-04-03code: style updatesDaniel Stenberg
2016-03-30multi: turn Curl_done into file local multi_doneDaniel Stenberg
... as it now is used by multi.c only.
2016-03-19ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabledSteve Holme
warning C4706: assignment within conditional expression
2016-03-10ftp: remove a check for NULL(!)Daniel Stenberg
... as it implies we need to check for that on all the other variable references as well (as Coverity otherwise warns us for missing NULL checks), and we're alredy making sure that the pointer is never NULL.
2016-03-08ftp_done: clear tunnel_state when secondary socket closesDaniel Stenberg
Introducing a function for closing the secondary connection to make this bug less likely to happen again. Reported-by: daboul Closes #701
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2015-11-24Revert "cleanup: general removal of TODO (and similar) comments"Daniel Stenberg
This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a. Feedback-by: Dan Fandrich URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
2015-11-13cleanup: general removal of TODO (and similar) commentsDaniel Stenberg
They tend to never get updated anyway so they're frequently inaccurate and we never go back to revisit them anyway. We document issues to work on properly in KNOWN_BUGS and TODO instead.
2015-10-23ftp: allow CURLOPT_IGNORE_CONTENT_LENGTH to ignore sizeKurt Fankhauser
This allows FTP transfers with growing (or shrinking) files without causing a transfer error. Closes #480
2015-10-15fread_func: move callback pointer from set to state structDaniel Stenberg
... and assign it from the set.fread_func_set pointer in the Curl_init_CONNECT function. This A) avoids that we have code that assigns fields in the 'set' struct (which we always knew was bad) and more importantly B) it makes it impossibly to accidentally leave the wrong value for when the handle is re-used etc. Introducing a state-init functionality in multi.c, so that we can set a specific function to get called when we enter a state. The Curl_init_CONNECT is thus called when switching to the CONNECT state. Bug: https://github.com/bagder/curl/issues/346 Closes #346
2015-09-08FTP: do_more: add check for wait_data_conn in upload caseDaniel Stenberg
In some timing-dependnt cases when a 4xx response immediately followed after a 150 when a STOR was issued, this function would wrongly return 'complete == true' while 'wait_data_conn' was still set. Closes #405 Reported-by: Patricia Muscalu
2015-08-21ftp: clear the do_more bit when the server has connectedDaniel Stenberg
The multi state machine would otherwise go into the DO_MORE state after DO, even for the case when the FTP state machine had already performed those duties, which caused libcurl to get stuck in that state and fail miserably. This occured for for active ftp uploads. Reported-by: Patricia Muscalu
2015-06-17FTP: do the HTTP CONNECT for data connection blockingDaniel Stenberg
** WORK-AROUND ** The introduced non-blocking general behaviour for Curl_proxyCONNECT() didn't work for the data connection establishment unless it was very fast. The newly introduced function argument makes it operate in a more blocking manner, more like it used to work in the past. This blocking approach is only used when the FTP data connecting through HTTP proxy. Blocking like this is bad. A better fix would make it work more asynchronously. Bug: https://github.com/bagder/curl/issues/278
2015-05-20read_callback: move to SessionHandle from connectdataDaniel Stenberg
With many easy handles using the same connection for multiplexing, it is important we store and keep the transfer-oriented stuff in the SessionHandle so that callbacks and callback data work fine even when many easy handles share the same physical connection.
2015-05-08FTP: fix dangling conn->ip_addr dereference on verbose EPSV.Patrick Monnerat
2015-05-08FTP: Make EPSV use the control IP address rather than the original host.Patrick Monnerat
This ensures an alternate address is not used. Does not apply to proxy tunnel.
2015-03-17checksrc: use space after commaDaniel Stenberg
2015-03-17checksrc: use space before paren in "return (expr);"Daniel Stenberg
2015-03-16free: instead of Curl_safefree()Daniel Stenberg
Since we just started make use of free(NULL) in order to simplify code, this change takes it a step further and: - converts lots of Curl_safefree() calls to good old free() - makes Curl_safefree() not check the pointer before free() The (new) rule of thumb is: if you really want a function call that frees a pointer and then assigns it to NULL, then use Curl_safefree(). But we will prefer just using free() from now on.
2015-03-16Bug #149: Deletion of unnecessary checks before calls of the function "free"Markus Elfring
The function "free" is documented in the way that no action shall occur for a passed null pointer. It is therefore not needed that a function caller repeats a corresponding check. http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first This issue was fixed by using the software Coccinelle 1.0.0-rc24. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-03mprintf.h: remove #ifdef CURLDEBUGDaniel Stenberg
... and as a consequence, introduce curl_printf.h with that re-define magic instead and make all libcurl code use that instead.
2015-02-11ftp: accept all 2xx responses to the PORT commandPatrick Monnerat
2015-01-08FTP: if EPSV fails on IPV6 connections, bail outDaniel Stenberg
... instead of trying PASV, since PASV can't work with IPv6. Reported-by: Vojtěch Král
2015-01-08FTP: fix IPv6 host using link-local addressDaniel Stenberg
... and make sure we can connect the data connection to a host name that is longer than 48 bytes. Also simplifies the code somewhat by re-using the original host name more, as it is likely still in the DNS cache. Original-Patch-by: Vojtěch Král Bug: http://curl.haxx.se/bug/view.cgi?id=1468
2014-12-27code/docs: Use correct case for IPv4 and IPv6Steve Holme
For consistency, as we seem to have a bit of a mixed bag, changed all instances of ipv4 and ipv6 in comments and documentations to use the correct case.