aboutsummaryrefslogtreecommitdiff
path: root/lib/http.c
AgeCommit message (Collapse)Author
2015-06-24http2: setup the new pushed stream properlyDaniel Stenberg
2015-06-17http: do not leak basic auth credentials on re-used connectionsKamil Dudka
CVE-2015-3236 This partially reverts commit curl-7_39_0-237-g87c4abb Reported-by: Tomas Tomecek, Kamil Dudka Bug: http://curl.haxx.se/docs/adv_20150617A.html
2015-06-14urldata: store POST size in state.infilesize tooDaniel Stenberg
... to simplify checking when PUT _or_ POST have completed. Reported-by: Frank Meier Bug: http://curl.haxx.se/mail/lib-2015-06/0019.html
2015-05-31HTTP-NTLM: fail auth on connection close instead of loopingIsaac Boukris
Bug: https://github.com/bagder/curl/issues/256
2015-05-22http: removed self assignmentDaniel Stenberg
Follow-up fix from b0143a2a33f0 Detected by coverity. CID 1299429
2015-05-20read_callback: move to SessionHandle from connectdataDaniel Stenberg
With many easy handles using the same connection for multiplexing, it is important we store and keep the transfer-oriented stuff in the SessionHandle so that callbacks and callback data work fine even when many easy handles share the same physical connection.
2015-05-19http: silence compile-time warnings without USE_NGHTTP2Kamil Dudka
Error: CLANG_WARNING: lib/http.c:173:16: warning: Value stored to 'http' during its initialization is never read Error: COMPILER_WARNING: lib/http.c: scope_hint: In function ‘http_disconnect’ lib/http.c:173:16: warning: unused variable ‘http’ [-Wunused-variable]
2015-05-18http: Add some include guards for the new HTTP/2 stuffJay Satiro
2015-05-18http2: fix build when NOT h2-enabledDaniel Stenberg
2015-05-18pipeline: switch some code over to functionsDaniel Stenberg
... to "compartmentalize" a bit and make it easier to change behavior when multiplexing is used instead of good old pipelining.
2015-05-18Curl_http_readwrite_headers: minor code simplificationDaniel Stenberg
2015-05-18http2: rename s/data/pausedataDaniel Stenberg
2015-05-18http2: set default concurrency, fix ConnectionExists for multiplexDaniel Stenberg
2015-05-18bundles: store no/default/pipeline/multiplexDaniel Stenberg
to allow code to act differently on the situation. Also added some more info message for the connection re-use function to make it clearer when connections are not re-used.
2015-05-18http2: lazy init header_recvbufDaniel Stenberg
It makes us use less memory when not doing HTTP/2 and subsequently also makes us not have to cleanup HTTP/2 related data when not using HTTP/2!
2015-05-18http2: separate multiplex/pipelining + cleanup memory leaksDaniel Stenberg
2015-05-18http2: force "drainage" of streamsDaniel Stenberg
... which is necessary since the socket won't be readable but there is data waiting in the buffer.
2015-05-18http2: move the mem+len pair to the stream structDaniel Stenberg
2015-05-18http2: more stream-oriented data, stream ID 0 is for connectionsDaniel Stenberg
2015-05-18http2: move lots of state data to the 'stream' structDaniel Stenberg
... from the connection struct. The stream one being the 'struct HTTP' which is kept in the SessionHandle struct (easy handle). lookup streams for incoming frames in the stream hash, hashing is based on the stream id and we get the SessionHandle for the incoming stream that way.
2015-05-18http: switch on "pipelining" (multiplexing) for HTTP/2 serversDaniel Stenberg
... and do not blacklist any.
2015-05-12bundles: merged into conncache.cDaniel Stenberg
All the existing Curl_bundle* functions were only ever used from within the conncache.c file, so I moved them over and made them static (and removed the Curl_ prefix).
2015-04-21http_done: close Negotiate connections when doneDaniel Stenberg
When doing HTTP requests Negotiate authenticated, the entire connnection may become authenticated and not just the specific HTTP request which is otherwise how HTTP works, as Negotiate can basically use NTLM under the hood. curl was not adhering to this fact but would assume that such requests would also be authenticated per request. CVE-2015-3148 Bug: http://curl.haxx.se/docs/adv_20150422B.html Reported-by: Isaac Boukris
2015-04-17Revert "HTTP: don't abort connections with pending Negotiate authentication"Daniel Stenberg
This reverts commit 5dc68dd6092a789bb5e0a67a1c1356ba87fdcbc6. Bug: https://github.com/bagder/curl/issues/223 Reported-by: Michael Osipov
2015-03-24curl_memory: make curl_memory.h the second-last header file loadedDan Fandrich
This header file must be included after all header files except memdebug.h, as it does similar memory function redefinitions and can be similarly affected by conflicting definitions in system or dependent library headers.
2015-03-17HTTP: don't use Expect: headers when on HTTP/2Daniel Stenberg
Reported-by: Stefan Eissing Bug: https://github.com/bagder/curl/issues/169
2015-03-17checksrc: detect and remove space before trailing semicolonsDaniel Stenberg
2015-03-16free: instead of Curl_safefree()Daniel Stenberg
Since we just started make use of free(NULL) in order to simplify code, this change takes it a step further and: - converts lots of Curl_safefree() calls to good old free() - makes Curl_safefree() not check the pointer before free() The (new) rule of thumb is: if you really want a function call that frees a pointer and then assigns it to NULL, then use Curl_safefree(). But we will prefer just using free() from now on.
2015-03-16Bug #149: Deletion of unnecessary checks before calls of the function "free"Markus Elfring
The function "free" is documented in the way that no action shall occur for a passed null pointer. It is therefore not needed that a function caller repeats a corresponding check. http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first This issue was fixed by using the software Coccinelle 1.0.0-rc24. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-12http: always send Host: header as first headerDaniel Stenberg
...after the method line: "Since the Host field-value is critical information for handling a request, a user agent SHOULD generate Host as the first header field following the request-line." / RFC 7230 section 5.4 Additionally, this will also make libcurl ignore multiple specified custom Host: headers and only use the first one. Test 1121 has been updated accordingly Bug: http://curl.haxx.se/bug/view.cgi?id=1491 Reported-by: Rainer Canavan
2015-03-07http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*Daniel Stenberg
Since they already exist and will make comparing easier
2015-03-05openssl: remove all uses of USE_SSLEAYDaniel Stenberg
SSLeay was the name of the library that was subsequently turned into OpenSSL many moons ago (1999). curl does not work with the old SSLeay library since years. This is now reflected by only using USE_OPENSSL in code that depends on OpenSSL.
2015-03-03mprintf.h: remove #ifdef CURLDEBUGDaniel Stenberg
... and as a consequence, introduce curl_printf.h with that re-define magic instead and make all libcurl code use that instead.
2015-01-17http_negotiate: Return CURLcode in Curl_input_negotiate() instead of intSteve Holme
2014-12-04http_perhapsrewind: don't abort CONNECT requestsStefan Bühler
...they never have a body
2014-12-04HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a requestStefan Bühler
Sending NTLM/Negotiate header again after successful authentication breaks the connection with certain Proxies and request types (POST to MS Forefront).
2014-12-04HTTP: don't abort connections with pending Negotiate authenticationStefan Bühler
... similarly to how NTLM works as Negotiate is in fact often NTLM with another name.
2014-11-27http.c: Fixed compilation warnings from features being disabledSteve Holme
warning: unused variable 'data' warning: variable 'addcookies' set but not used ...and some very minor coding style policing.
2014-11-20http.c: log if it notices HTTP 1.1 after a upgrade to http2Daniel Stenberg
2014-11-20http: Disable pipelining for HTTP/2 and upgraded connectionsTatsuhiro Tsujikawa
This commit disables pipelining for HTTP/2 or upgraded connections. For HTTP/2, we do not support multiplexing. In general, requests cannot be pipelined in an upgraded connection, since it is now different protocol.
2014-11-15http2: Don't send Upgrade headers when we already do HTTP/2Tatsuhiro Tsujikawa
2014-11-13http2: Deal with HTTP/2 data inside response header bufferTatsuhiro Tsujikawa
Previously if HTTP/2 traffic is appended to HTTP Upgrade response header (thus they are in the same buffer), the trailing HTTP/2 traffic is not processed and lost. The appended data is most likely SETTINGS frame. If it is lost, nghttp2 library complains server does not obey the HTTP/2 protocol and issues GOAWAY frame and curl eventually drops connection. This commit fixes this problem and now trailing data is processed.
2014-11-05http_digest: Use CURLcode instead of CURLdigestSteve Holme
To provide consistent behaviour between the various HTTP authentication functions use CURLcode based error codes for Curl_input_digest() especially as the calling code doesn't use the specific error code just that it failed.
2014-10-27HTTP: return larger than 3 digit response codes tooDaniel Stenberg
HTTP 1.1 is clearly specified to only allow three digit response codes, and libcurl used sscanf("%3d") for that purpose. This made libcurl support smaller numbers but not larger. It does now, but we will not make any specific promises nor document this further since it is going outside of what HTTP is. Bug: http://curl.haxx.se/bug/view.cgi?id=1441 Reported-by: Balaji
2014-10-25ntlm: Only define ntlm data structure when USE_NTLM is definedSteve Holme
2014-10-24code cleanup: we prefer 'CURLcode result'Daniel Stenberg
... for the local variable name in functions holding the return code. Using the same name universally makes code easier to read and follow. Also, unify code for checking for CURLcode errors with: if(result) or if(!result) instead of if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
2014-10-24Curl_add_timecondition: skip superfluous varible assignmentDaniel Stenberg
Detected by cppcheck.
2014-09-07Ensure progress.size_dl/progress.size_ul are always >= 0Brandon Casey
Historically the default "unknown" value for progress.size_dl and progress.size_ul has been zero, since these values are initialized implicitly by the calloc that allocates the curl handle that these variables are a part of. Users of curl that install progress callbacks may expect these values to always be >= 0. Currently it is possible for progress.size_dl and progress.size_ul to by set to a value of -1, if Curl_pgrsSetDownloadSize() or Curl_pgrsSetUploadSize() are passed a "size" of -1 (which a few places currently do, and a following patch will add more). So lets update Curl_pgrsSetDownloadSize() and Curl_pgrsSetUploadSize() so they make sure that these variables always contain a value that is >= 0. Updates test579 and test599. Signed-off-by: Brandon Casey <drafnel@gmail.com>
2014-08-15http: fix the Content-Range: parserDaniel Stenberg
... to handle "*/[total]". Also, removed the strange hack that made CURLOPT_FAILONERROR on a 416 response after a *RESUME_FROM return CURLE_OK. Reported-by: Dimitrios Siganos Bug: http://curl.haxx.se/mail/lib-2014-06/0221.html
2014-08-02HTTP2: Support expect: 100-continueTatsuhiro Tsujikawa
"Expect: 100-continue", which was once deprecated in HTTP/2, is now resurrected in HTTP/2 draft 14. This change adds its support to HTTP/2 code. This change also includes stricter header field checking.