aboutsummaryrefslogtreecommitdiff
path: root/lib/url.c
AgeCommit message (Collapse)Author
2016-05-30URL parser: allow URLs to use one, two or three slashesDaniel Stenberg
Mostly in order to support broken web sites that redirect to broken URLs that are accepted by browsers. Browsers are typically even more leniant than this as the WHATWG URL spec they should allow an _infinite_ amount. I tested 8000 slashes with Firefox and it just worked. Added test case 1141, 1142 and 1143 to verify the new parser. Closes #791
2016-05-15ftp wildcard: segfault due to init only in multi_performDaniel Stenberg
The proper FTP wildcard init is now more properly done in Curl_pretransfer() and the corresponding cleanup in Curl_close(). The previous place of init/cleanup code made the internal pointer to be NULL when this feature was used with the multi_socket() API, as it was made within the curl_multi_perform() function. Reported-by: Jonathan Cardoso Machado Fixes #800
2016-05-13ConnectionExists: follow-up fix for proxy re-useMichael Kaufmann
Follow-up commit to 5823179 Closes #648
2016-05-09TLS: move the ALPN/NPN enable bits to the connectionDaniel Stenberg
Only protocols that actually have a protocol registered for ALPN and NPN should try to get that negotiated in the TLS handshake. That is only HTTPS (well, http/1.1 and http/2) right now. Previously ALPN and NPN would wrongly be used in all handshakes if libcurl was built with it enabled. Reported-by: Jay Satiro Fixes #789
2016-05-03connections: non-HTTP proxies on different ports aren't reused eitherDaniel Stenberg
Reported-by: Oleg Pudeyev and fuchaoqun Fixes #648
2016-05-01tls: make setting pinnedkey option fail if not supportedDaniel Stenberg
to make it obvious to users trying to use the feature with TLS backends not supporting it. Discussed in #781 Reported-by: Travis Burtrum
2016-04-29lib: include curl_printf.h as one of the last headersDaniel Stenberg
curl_printf.h defines printf to curl_mprintf, etc. This can cause problems with external headers which may use __attribute__((format(printf, ...))) markers etc. To avoid that they cause problems with system includes, we include curl_printf.h after any system headers. That makes the three last headers to always be, and we keep them in this order: curl_printf.h curl_memory.h memdebug.h None of them include system headers, they all do funny #defines. Reported-by: David Benjamin Fixes #743
2016-04-25url.c: fixed DEBUGASSERT() for WinSock workaroundKarlson2k
If buffer is allocated, but nothing is received during prereceive stage, than number of processed bytes must be zero. Closes #778
2016-04-20url.c: Prefer we don't use explicit NULLs in conditionsSteve Holme
Fixed commit fa5fa65a30 to not use NULLs in if condition.
2016-04-20NTLM: check for NULL pointer before deferencingIsaac Boukris
At ConnectionExists, both check->proxyuser and check->proxypasswd could be NULL, so make sure to check first. Fixes #765
2016-04-20sendf.c: added ability to call recv() before send() as workaroundKarlson2k
WinSock destroys recv() buffer if send() is failed. As result - server response may be lost if server sent it while curl is still sending request. This behavior noticeable on HTTP server short replies if libcurl use several send() for request (usually for POST request). To workaround this problem, libcurl use recv() before every send() and keeps received data in intermediate buffer for further processing. Fixes: #657 Closes: #668
2016-04-18connect: implement TCP Fast Open for LinuxAlessandro Ghedini
Closes #660
2016-04-18url: add CURLOPT_TCP_FASTOPEN optionAlessandro Ghedini
2016-04-17news: CURLOPT_CONNECT_TO and --connect-toMichael Kaufmann
Makes curl connect to the given host+port instead of the host+port found in the URL.
2016-04-09CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAMESteve Holme
As these two options provide identical functionality, the former for SOCK5 proxies and the latter for HTTP proxies, merged the two options together. As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of 7.49.0.
2016-04-09url: Ternary operator code style changesSteve Holme
2016-04-09sasl: Fixed compilation errors from commit 9d89a0387Steve Holme
...when GSS-API or Windows SSPI are not used.
2016-04-09url: Corrected comments following 9d89a0387Steve Holme
2016-04-08http_negotiate: Calculate service name and proxy service name locallySteve Holme
Calculate the service name and proxy service names locally, rather than in url.c which will allow for us to support overriding the service name for other protocols such as FTP, IMAP, POP3 and SMTP.
2016-04-03code: style updatesDaniel Stenberg
2016-04-01url: Corrected get protocol family for FTP and LDAPSteve Holme
Fixed copy/paste error from commit a5aec58726.
2016-03-30multi: turn Curl_done into file local multi_doneDaniel Stenberg
... as it now is used by multi.c only.
2016-03-30multi: move Curl_do and Curl_do_done to multi.c and make staticDaniel Stenberg
... called multi_do and multi_do_done as they're file local now.
2016-03-27http_ntlm: Renamed from curl_ntlm.[c|h]Steve Holme
Renamed the header and source files for this module as they are HTTP specific and as such, they should use the naming convention as other HTTP authentication source files do - this revert commit 260ee6b7bf. Note: We could also rename curl_ntlm_wb.[c|h], however, the Winbind code needs separating from the HTTP protocol and migrating into the vauth directory, thus adding support for Winbind to the SASL based protocols such as IMAP, POP3 and SMTP.
2016-03-26url: don't use bad offset in tld_check_name to show errorJay Satiro
libidn's tld_check_lz returns an error offset of the first character that it failed to process, however that offset is not a byte offset and may not even be in the locale encoding therefore we can't use it to show the user the character that failed to process. Bug: https://github.com/curl/curl/issues/731 Reported-by: Karlson2k
2016-03-11url: Corrected indentation when calling idna_to_ascii_lz()Steve Holme
2016-03-11idn_win32: Use boolean based success codesSteve Holme
Rather than use 0 and 1 integer base result codes use a FALSE / TRUE based success code.
2016-03-10url.c: fix clang warning: no newline at end of fileDaniel Stenberg
2016-03-08imap/pop3/smtp: Fixed connections upgraded with TLS are not reusedSteve Holme
Regression since commit 710f14edba. Bug: https://github.com/curl/curl/issues/422 Reported-by: Justin Ehlert
2016-03-08pipeline: Sanity check pipeline pointer before accessing it.Anders Bakken
I got a crash with this stack: curl/lib/url.c:2873 (Curl_removeHandleFromPipeline) curl/lib/url.c:2919 (Curl_getoff_all_pipelines) curl/lib/multi.c:561 (curl_multi_remove_handle) curl/lib/url.c:415 (Curl_close) curl/lib/easy.c:859 (curl_easy_cleanup) Closes #704
2016-03-01url: if Curl_done is premature then pipeline not in useAnders Bakken
Prevent a crash if 2 (or more) requests are made to the same host and pipelining is enabled and the connection does not complete. Bug: https://github.com/curl/curl/pull/690
2016-02-23TFTP: add option to suppress TFTP option requests (Part 1)Michael Koenig
Some TFTP server implementations ignore the "TFTP Option extension" (RFC 1782-1784, 2347-2349), or implement it in a flawed way, causing problems with libcurl. Another switch for curl_easy_setopt "CURLOPT_TFTP_NO_OPTIONS" is introduced which prevents libcurl from sending TFTP option requests to a server, avoiding many problems caused by faulty implementations. Bug: https://github.com/curl/curl/issues/481
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2016-01-26NTLM: Fix ConnectionExists to compare Proxy credentialsIsaac Boukris
Proxy NTLM authentication should compare credentials when re-using a connection similar to host authentication, as it authenticate the connection. Example: curl -v -x http://proxy:port http://host/ -U good_user:good_pwd --proxy-ntlm --next -x http://proxy:port http://host/ [-U fake_user:fake_pwd --proxy-ntlm] CVE-2016-0755 Bug: http://curl.haxx.se/docs/adv_20160127A.html
2016-01-11ConnectionExists: only do pipelining/multiplexing when askedDaniel Stenberg
When an HTTP/2 upgrade request fails (no protocol switch), it would previously detect that as still possible to pipeline on (which is acorrect) and do that when PIPEWAIT was enabled even if pipelining was not explictily enabled. It should only pipelined if explicitly asked to. Closes #584
2016-01-11lib: Prefix URLs with lower-case protocol names/schemesMohammad AlSaleh
Before this patch, if a URL does not start with the protocol name/scheme, effective URLs would be prefixed with upper-case protocol names/schemes. This behavior might not be expected by library users or end users. For example, if `CURLOPT_DEFAULT_PROTOCOL` is set to "https". And the URL is "hostname/path". The effective URL would be "HTTPS://hostname/path" instead of "https://hostname/path". After this patch, effective URLs would be prefixed with a lower-case protocol name/scheme. Closes #597 Signed-off-by: Mohammad AlSaleh <CE.Mohammad.AlSaleh@gmail.com>
2016-01-11IDN host names: Remove the port number before converting to ACEMichael Kaufmann
Closes #596
2016-01-09url: Fix compile error with --enable-werrorTatsuhiro Tsujikawa
2016-01-08Revert "multiplex: allow only once HTTP/2 is actually used"Daniel Stenberg
This reverts commit 46cb70e9fa81c9a56de484cdd7c5d9d0d9fbec36. Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html
2016-01-08connection reuse: IDN host names fixedMichael Kaufmann
Use the ACE form of IDN hostnames as key in the connection cache. Add new tests. Closes #592
2016-01-06ConnectionExists: add missing newline in infof() callDaniel Stenberg
Mistake from commit a464f33843ee1
2016-01-06multiplex: allow only once HTTP/2 is actually usedDaniel Stenberg
To make sure curl doesn't allow multiplexing before a connection is upgraded to HTTP/2 (like when Upgrade: h2c fails), we must make sure the connection uses HTTP/2 as well and not only check what's wanted. Closes #584 Patch-by: c0ff
2015-12-23ConnectionExists: with *PIPEWAIT, wait for connectionsAnders Bakken
Try harder to prevent libcurl from opening up an additional socket when CURLOPT_PIPEWAIT is set. Accomplished by letting ongoing TCP and TLS handshakes complete first before the decision is made. Closes #575
2015-12-14setstropt: const-correctnessAnders Bakken
Closes #565
2015-12-13http: add libcurl option to allow HTTP/2 for HTTPS onlyDaniel Stenberg
... and stick to 1.1 for HTTP. This is in line with what browsers do and should have very little risk.
2015-11-24done: make sure the final progress update is madeDaniel Stenberg
It would previously be skipped if an existing error was returned, but would lead to a previous value being left there and later used. CURLINFO_TOTAL_TIME for example. Still it avoids that final progress update if we reached DONE as the result of a callback abort to avoid another callback to be called after an abort-by-callback. Reported-by: Lukas Ruzicka Closes #538
2015-11-24Revert "cleanup: general removal of TODO (and similar) comments"Daniel Stenberg
This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a. Feedback-by: Dan Fandrich URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
2015-11-13cleanup: general removal of TODO (and similar) commentsDaniel Stenberg
They tend to never get updated anyway so they're frequently inaccurate and we never go back to revisit them anyway. We document issues to work on properly in KNOWN_BUGS and TODO instead.
2015-11-09oauth2: Don't use XOAUTH2 in OAuth 2.0 variablesSteve Holme
2015-11-09oauth2: Use OAuth 2.0 rather than XOAUTH2 in commentsSteve Holme
When referring to OAuth 2.0 we should use the official name rather the SASL mechanism name.