Age | Commit message (Collapse) | Author |
|
Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for
early failures.
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10669
Closes #3046
|
|
... so that they can clear the original pointer on failure, which makes
the error-paths and their cleanups easier.
Closes #2992
|
|
|
|
Closes #2963
|
|
Add functionality so that protocols can do custom keepalive on their
connections, when an external API function is called.
Add docs for the new options in 7.62.0
Closes #1641
|
|
Closes #2928
|
|
When Curl_http2_done() gets called before the http2 data is setup all
the way, we cannot send anything and this should just return an error.
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012
|
|
Closes #2903
|
|
... before the stream is started, we have it set to -1.
Fixes #2894
Closes #2898
|
|
If this is the last stream on this connection, the RST_STREAM might not
get pushed to the wire otherwise.
Fixes #2882
Closes #2887
Researched-by: Michael Kaufmann
|
|
Might help bug #2688 debugging
Closes #2880
|
|
Deal with tiny "HTTP/0.9" (header-less) responses by checking the
status-line early, even before a full "HTTP/" is received to allow
detecting 0.9 properly.
Test 1266 and 1267 added to verify.
Fixes #2420
Closes #2872
|
|
Reported-by: Andrei Virtosu
Fixes #2800
Closes #2809
|
|
- separate easy handle from connections better
- added asserts on a number of places
- added sanity check of pipelines for debug builds
Closes #2751
|
|
Closes #2623
|
|
... and unify the source code to adhere.
Closes #2563
|
|
Closes #2570
|
|
|
|
Fixes gcc-8 picky compiler warnings
Reported-by: Rikard Falkeborn
Bug: #2560
Closes #2568
|
|
When there's an upload in progress, make sure to wait for the socket to
become writable.
Detected-by: steini2000 on github
Bug: #2520
Closes #2567
|
|
This function can get called on a connection that isn't setup enough to
have the 'recv_underlying' function pointer initialized so it would try
to call the NULL pointer.
Reported-by: Dario Weisser
Follow-up to db1b2c7fe9b093f8 (never shipped in a release)
Closes #2536
|
|
Follow-up to 1514c44655e12e: replace another strstr() call done on a
buffer that might not be zero terminated - with a memchr() call, even if
we know the substring will be found.
Assisted-by: Max Dymond
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021
Closes #2534
|
|
Fuzzing has proven we can reach code in on_frame_recv with status_code
not having been set, so let's detect that in run-time (instead of with
assert) and error error accordingly.
(This should no longer happen with the latest nghttp2)
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7903
Closes #2514
|
|
When receiving REFUSED_STREAM, mark the connection for close and retry
streams accordingly on another/fresh connection.
Reported-by: Terry Wu
Fixes #2416
Fixes #1618
Closes #2510
|
|
This fixes the notorious "httpc->drain_total >= data->state.drain"
assert.
Reported-by: Anders Bakken
Fixes #1680
Closes #2509
|
|
It's not strictly clear if the API contract allows us to call strstr()
on a string that isn't zero terminated even when we know it will find
the substring, and clang's ASAN check dislikes us for it.
Also added a check of the return code in case it fails, even if I can't
think of a situation how that can trigger.
Detected by OSS-Fuzz
Closes #2513
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760
|
|
This triggered an assert if called more than once in debug mode (and a
memory leak if not debug build). With the right sequence of HTTP/2
headers incoming it can happen.
Detected by OSS-Fuzz
Closes #2507
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764
|
|
If a connection has received a GOAWAY frame while not being used, the
function now reads frames off the connection before trying to reuse it
to avoid reusing connections the server has told us not to use.
Reported-by: Alex Baines
Fixes #1967
Closes #2402
|
|
Closes #2387
|
|
... don't consider it an error!
Assisted-by: Jay Satiro
Reported-by: Łukasz Domeradzki
Fixes #2365
Closes #2375
|
|
... as it is interesting for many users.
|
|
Closes #2302
|
|
... instead of doing it unconditionally in debug builds. It cluttered up
the output a little too much.
|
|
Prior to this change the stored byte count of each trailer was
miscalculated and 1 less than required. It appears any trailer
after the first that was passed to Curl_client_write would be truncated
or corrupted as well as the size. Potentially the size of some
subsequent trailer could be erroneously extracted from the contents of
that trailer, and since that size is used by client write an
out-of-bounds read could occur and cause a crash or be otherwise
processed by client write.
The bug appears to have been born in 0761a51 (precedes 7.49.0).
Closes https://github.com/curl/curl/pull/2231
|
|
|
|
|
|
This caused the torture tests on test 1800 to fail.
|
|
|
|
|
|
|
|
Available in HTTP, SMTP and IMAP.
Deprecates the FORM API.
See CURLOPT_MIMEPOST.
Lib code and associated documentation.
|
|
Ref #1012
Figured-out-by: Tatsuhiro Tsujikawa
|
|
Add a connection check function to HTTP2 based off RTSP. This causes
PINGs to be handled the next time the connection is reused.
Closes #1521
|
|
Add a new type of callback to Curl_handler which performs checks on
the connection. Alter RTSP so that it uses this callback to do its
own check on connection health.
|
|
torture mode with test 1021 found it
|
|
mk-lib1521.pl generates a test program (lib1521.c) that calls
curl_easy_setopt() for every known option with a few typical values to
make sure they work (ignoring the return codes).
Some small changes were necessary to avoid asserts and NULL accesses
when doing this.
The perl script needs to be manually rerun when we add new options.
Closes #1543
|
|
... as it does extra checks to actually work.
Reported-by: jonrumsey at github
Fixes #1504
|
|
... since the total amount is low this is faster, easier and reduces
memory overhead.
Also, Curl_expire_done() can now mark an expire timeout as done so that
it never times out.
Closes #1472
|
|
A) reduces the timeout lists drastically
B) prevents a lot of superfluous loops for timers that expires "in vain"
when it has actually already been extended to fire later on
|
|
|