aboutsummaryrefslogtreecommitdiff
path: root/lib/http2.c
AgeCommit message (Collapse)Author
2018-10-18travis: add build for "configure --disable-verbose"Daniel Stenberg
Closes #3144
2018-10-03memory: ensure to check allocation resultsDaniel Gustafsson
The result of a memory allocation should always be checked, as we may run under memory pressure where even a small allocation can fail. This adds checking and error handling to a few cases where the allocation wasn't checked for success. In the ftp case, the freeing of the path variable is moved ahead of the allocation since there is little point in keeping it around across the strdup, and the separation makes for more readable code. In nwlib, the lock is aslo freed in the error path. Also bumps the copyright years on affected files. Closes #3084 Reviewed-by: Jay Satiro <raysatiro@yahoo.com> Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-09-25Curl_http2_done: fix memleak in error pathDaniel Stenberg
Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for early failures. Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10669 Closes #3046
2018-09-16http: made Curl_add_buffer functions take a pointer-pointerDaniel Stenberg
... so that they can clear the original pointer on failure, which makes the error-paths and their cleanups easier. Closes #2992
2018-09-16http2: fix memory leaks on error-pathDaniel Stenberg
2018-09-10misc: fix typos in commentsDaniel Gustafsson
Closes #2963
2018-09-07upkeep: add a connection upkeep API: curl_easy_conn_upkeep()Max Dymond
Add functionality so that protocols can do custom keepalive on their connections, when an external API function is called. Add docs for the new options in 7.62.0 Closes #1641
2018-09-02http2: Use correct format identifier for stream_idRikard Falkeborn
Closes #2928
2018-08-22http2: abort the send_callback if not setup yetDaniel Stenberg
When Curl_http2_done() gets called before the http2 data is setup all the way, we cannot send anything and this should just return an error. Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012
2018-08-21http2: remove four unused nghttp2 callbacksDaniel Stenberg
Closes #2903
2018-08-21http2: avoid set_stream_user_data() before stream is assignedDaniel Stenberg
... before the stream is started, we have it set to -1. Fixes #2894 Closes #2898
2018-08-17http2: make sure to send after RST_STREAMDaniel Stenberg
If this is the last stream on this connection, the RST_STREAM might not get pushed to the wire otherwise. Fixes #2882 Closes #2887 Researched-by: Michael Kaufmann
2018-08-15http2: check nghttp2_session_set_stream_user_data return codeDaniel Stenberg
Might help bug #2688 debugging Closes #2880
2018-08-13http: fix for tiny "HTTP/0.9" responseDaniel Stenberg
Deal with tiny "HTTP/0.9" (header-less) responses by checking the status-line early, even before a full "HTTP/" is received to allow detecting 0.9 properly. Test 1266 and 1267 added to verify. Fixes #2420 Closes #2872
2018-07-30http2: clear the drain counter in Curl_http2_doneDaniel Stenberg
Reported-by: Andrei Virtosu Fixes #2800 Closes #2809
2018-07-20http2: several cleanupsDaniel Stenberg
- separate easy handle from connections better - added asserts on a number of places - added sanity check of pipelines for debug builds Closes #2751
2018-05-31strictness: correct {infof, failf} format specifiersRikard Falkeborn
Closes #2623
2018-05-21checksrc: make sure sizeof() is used *with* parenthesesDaniel Stenberg
... and unify the source code to adhere. Closes #2563
2018-05-14http2: remove unused variablesteini2000
Closes #2570
2018-05-14http2: use easy handle of stream for loggingsteini2000
2018-05-14http2: use the correct function pointer typedefDaniel Stenberg
Fixes gcc-8 picky compiler warnings Reported-by: Rikard Falkeborn Bug: #2560 Closes #2568
2018-05-14http2: getsock fix for uploadsDaniel Stenberg
When there's an upload in progress, make sure to wait for the socket to become writable. Detected-by: steini2000 on github Bug: #2520 Closes #2567
2018-04-26http2: fix null pointer dereference in http2_connisdeadDaniel Stenberg
This function can get called on a connection that isn't setup enough to have the 'recv_underlying' function pointer initialized so it would try to call the NULL pointer. Reported-by: Dario Weisser Follow-up to db1b2c7fe9b093f8 (never shipped in a release) Closes #2536
2018-04-26http2: get rid of another strstr()Daniel Stenberg
Follow-up to 1514c44655e12e: replace another strstr() call done on a buffer that might not be zero terminated - with a memchr() call, even if we know the substring will be found. Assisted-by: Max Dymond Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021 Closes #2534
2018-04-23http2: convert an assert to run-time checkDaniel Stenberg
Fuzzing has proven we can reach code in on_frame_recv with status_code not having been set, so let's detect that in run-time (instead of with assert) and error error accordingly. (This should no longer happen with the latest nghttp2) Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7903 Closes #2514
2018-04-20http2: handle GOAWAY properlyDaniel Stenberg
When receiving REFUSED_STREAM, mark the connection for close and retry streams accordingly on another/fresh connection. Reported-by: Terry Wu Fixes #2416 Fixes #1618 Closes #2510
2018-04-20http2: clear the "drain counter" when a stream is closedDaniel Stenberg
This fixes the notorious "httpc->drain_total >= data->state.drain" assert. Reported-by: Anders Bakken Fixes #1680 Closes #2509
2018-04-20http2: avoid strstr() on data not zero terminatedDaniel Stenberg
It's not strictly clear if the API contract allows us to call strstr() on a string that isn't zero terminated even when we know it will find the substring, and clang's ASAN check dislikes us for it. Also added a check of the return code in case it fails, even if I can't think of a situation how that can trigger. Detected by OSS-Fuzz Closes #2513 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760
2018-04-19http2: handle on_begin_headers() called more than onceDaniel Stenberg
This triggered an assert if called more than once in debug mode (and a memory leak if not debug build). With the right sequence of HTTP/2 headers incoming it can happen. Detected by OSS-Fuzz Closes #2507 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764
2018-03-22http2: read pending frames (including GOAWAY) in connection-checkDaniel Stenberg
If a connection has received a GOAWAY frame while not being used, the function now reads frames off the connection before trying to reuse it to avoid reusing connections the server has told us not to use. Reported-by: Alex Baines Fixes #1967 Closes #2402
2018-03-15http2: fixes typoKobi Gurkan
Closes #2387
2018-03-12http2: mark the connection for close on GOAWAYDaniel Stenberg
... don't consider it an error! Assisted-by: Jay Satiro Reported-by: Łukasz Domeradzki Fixes #2365 Closes #2375
2018-03-10http2: verbose output new MAX_CONCURRENT_STREAMS valuesDaniel Stenberg
... as it is interesting for many users.
2018-02-15TODO fixed: Detect when called from within callbacksBjörn Stenberg
Closes #2302
2018-01-30http2: set DEBUG_HTTP2 to enable more HTTP/2 loggingDaniel Stenberg
... instead of doing it unconditionally in debug builds. It cluttered up the output a little too much.
2018-01-11http2: fix incorrect trailer buffer sizeZhouyihai Ding
Prior to this change the stored byte count of each trailer was miscalculated and 1 less than required. It appears any trailer after the first that was passed to Curl_client_write would be truncated or corrupted as well as the size. Potentially the size of some subsequent trailer could be erroneously extracted from the contents of that trailer, and since that size is used by client write an out-of-bounds read could occur and cause a crash or be otherwise processed by client write. The bug appears to have been born in 0761a51 (precedes 7.49.0). Closes https://github.com/curl/curl/pull/2231
2017-11-21http2: fix "Value stored to 'end' is never read" scan-build errorDaniel Stenberg
2017-11-21http2: fix "Value stored to 'hdbuf' is never read" scan-build errorDaniel Stenberg
2017-11-01http2: Fixed OOM handling in upgrade requestDan Fandrich
This caused the torture tests on test 1800 to fail.
2017-11-01include: remove conncache.h inclusion from where its not neededDaniel Stenberg
2017-09-11code style: use spaces around plusesDaniel Stenberg
2017-09-11code style: use spaces around equals signsDaniel Stenberg
2017-09-02mime: new MIME API.Patrick Monnerat
Available in HTTP, SMTP and IMAP. Deprecates the FORM API. See CURLOPT_MIMEPOST. Lib code and associated documentation.
2017-08-18http2_recv: return error better on fatal h2 errorsDaniel Stenberg
Ref #1012 Figured-out-by: Tatsuhiro Tsujikawa
2017-06-30http2: handle PING framesMax Dymond
Add a connection check function to HTTP2 based off RTSP. This causes PINGs to be handled the next time the connection is reused. Closes #1521
2017-06-30handler: refactor connection checkingMax Dymond
Add a new type of callback to Curl_handler which performs checks on the connection. Alter RTSP so that it uses this callback to do its own check on connection health.
2017-06-18http2: fix OOM crashDaniel Stenberg
torture mode with test 1021 found it
2017-06-05test1521: test *all* curl_easy_setopt optionsDaniel Stenberg
mk-lib1521.pl generates a test program (lib1521.c) that calls curl_easy_setopt() for every known option with a few typical values to make sure they work (ignoring the return codes). Some small changes were necessary to avoid asserts and NULL accesses when doing this. The perl script needs to be manually rerun when we add new options. Closes #1543
2017-05-22assert: avoid, use DEBUGASSERT instead!Daniel Stenberg
... as it does extra checks to actually work. Reported-by: jonrumsey at github Fixes #1504
2017-05-10multi: use a fixed array of timers instead of mallocDaniel Stenberg
... since the total amount is low this is faster, easier and reduces memory overhead. Also, Curl_expire_done() can now mark an expire timeout as done so that it never times out. Closes #1472