aboutsummaryrefslogtreecommitdiff
path: root/lib/url.c
AgeCommit message (Collapse)Author
2012-11-06URL parser: cut off '#' fragments from URLs (better)Daniel Stenberg
The existing logic only cut off the fragment from the separate 'path' buffer which is used when sending HTTP to hosts. The buffer that held the full URL used for proxies were not dealt with. It is now. Test case 5 was updated to use a fragment on a URL over a proxy. Bug: http://curl.haxx.se/bug/view.cgi?id=3579813
2012-11-06CURLOPT_SSL_VERIFYHOST: stop supporting the 1 valueDaniel Stenberg
After a research team wrote a document[1] that found several live source codes out there in the wild that misused the CURLOPT_SSL_VERIFYHOST option thinking it was a boolean, this change now bans 1 as a value and will make libcurl return error for it. 1 was never a sensible value to use in production but was introduced back in the days to help debugging. It was always documented clearly this way. 1 was never supported by all SSL backends in libcurl, so this cleanup makes the treatment of it unified. The report's list of mistakes for this option were all PHP code and while there's a binding layer between libcurl and PHP, the PHP team has decided that they have an as thin layer as possible on top of libcurl so they will not alter or specifically filter a 'TRUE' value for this particular option. I sympathize with that position. [1] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/
2012-10-23tlsauthtype: deal with the string case insensitivelyDaniel Stenberg
When given a string as 'srp' it didn't work, but required 'SRP'. Starting now, the check disregards casing. Bug: http://curl.haxx.se/bug/view.cgi?id=3578418 Reported by: Jeff Connelly
2012-09-13parse_proxy: treat "socks://x" as a socks4 proxyDaniel Stenberg
Selected socks proxy in Google's Chrome browser. Resulting in the following environment variables: NO_PROXY=localhost,127.0.0.0/8 ALL_PROXY=socks://localhost:1080/ all_proxy=socks://localhost:1080/ no_proxy=localhost,127.0.0.0/8 ... and libcurl didn't treat 'socks://' as socks but instead picked HTTP proxy. Reported by: Scott Bailey Bug: http://curl.haxx.se/bug/view.cgi?id=3566860
2012-08-31NTLM: re-use existing connection betterJoe Mason
If we need an NTLM connection and one already exists, always choose that one.
2012-08-08verbose messages: fixed output of hostnames in re-used connectionsDaniel Stenberg
I suspect this is a regression introduced in commit 207cf150, included since 7.24.0. Avoid showing '(nil)' as hostname in verbose output by making sure the hostname fixup function is called early enough to set the pointers that are used for this. The name data is set again for each request even for re-used connections to handle multiple hostnames over the same connection (like with proxy) or that the casing etc of the host name is changed between requests (which has proven to be important at least once in the past). Test1011 was modified to use a redirect with a re-used a connection since it then showed the bug and now lo longer does. There's currently no easy way to have the test suite detect 'nil' texts in verbose ouputs so no tests will detect if this problem gets reintroduced. Bug: http://curl.haxx.se/mail/lib-2012-07/0111.html Reported by: Gisle Vanem
2012-08-07Avoid leak of local device string when reusing connectionMike Crowe
Ensure that the copy of the CURLOPT_INTERFACE string is freed if we decide we can reuse an existing connection.
2012-07-13parse_proxy: remove dead assignmentDaniel Stenberg
Spotted by clang-analyzer
2012-06-10Curl_pgrsDone: return int and acknowledge return codeDaniel Stenberg
Since Curl_pgrsDone() itself calls Curl_pgrsUpdate() which may return an abort instruction or similar we need to return that info back and subsequently properly handle return codes from Curl_pgrsDone() where used. (Spotted by a Coverity scan)
2012-04-23URL parse: reject numerical IPv6 addresses outside bracketsDaniel Stenberg
Roman Mamedov spotted (in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126) that curl would not complain when given a URL with an IPv6 numerical address without brackets. It would simply cut off the last ":[hex]" part and thus not work correctly. That's a URL using an illegal syntax and now libcurl will instead return a clear error code and error message detailing the error. The above mentioned bug report claims this to be a regression but libcurl does not guarantee functionality when given URLs that aren't following the URL spec (RFC3986 mostly). I consider the fact that it used to handle this differently a mere coincidence.
2012-04-19url.c: CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH fixesYang Tse
Fail with CURLE_NOT_BUILT_IN when none of requested auth methods is supported. Reject CURLAUTH_ONLY bit when given alone or with CURLAUTH_NONE.
2012-04-18Take in account that CURLAUTH_* bitmasks are now 'unsigned long'Yang Tse
Data type of internal vars holding CURLAUTH_* bitmasks changed from 'long' to 'unsigned long' for proper handling and operating.
2012-04-12url.c: fix compiler warningYang Tse
2012-04-05CURLOPT_POSTREDIR: also allow 303 to do POST on the redirected URLAndrei Cipu
As it turns out, some people do want that after all.
2012-03-22CONNECT: fix multi interface regressionDaniel Stenberg
The refactoring of HTTP CONNECT handling in commit 41b0237834232 that made it protocol independent broke it for the multi interface. This fix now introduce a better state handling and moved some logic to the http_proxy.c source file. Reported by: Yang Tse Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-03-16fix some compiler warningsYang Tse
2012-03-08CONNECT: made generically not per-protocolDaniel Stenberg
Curl_protocol_connect() now does the tunneling through the HTTP proxy if requested instead of letting each protocol specific connection function do it.
2012-02-14smtp_mail: Added support to MAIL FROM for the optional AUTH parameterSteve Holme
Added a new CURLOPT_MAIL_AUTH option that allows the calling program to set the optional AUTH parameter in the MAIL FROM command. When this option is specified and an authentication mechanism is used to communicate with the mail server then the AUTH parameter will be included in the MAIL FROM command. This is particularly useful when the calling program is acting as a relay in a trusted environment and performing server to server communication, as it allows the relaying server to specify the address of the mailbox that was used to authenticate and send the original email.
2012-02-10parse_proxy: simply memory handlingDaniel Stenberg
... by making sure that the string is always freed after the invoke as parse_proxy will always copy the data and this way there's a single free() instead of multiple ones.
2012-02-10parse_proxy: bail out on zero-length proxy names!Daniel Stenberg
The proxy parser function strips off trailing slashes off the proxy name which could lead to a mistaken zero length proxy name which would be treated as no proxy at all by subsequent functions! This is now detected and an error is returned. Verified by the new test 1329. Reported by: Chandrakant Bagul Bug: http://curl.haxx.se/mail/lib-2012-02/0000.html
2012-02-09CURLOPT_SSL_OPTIONS: addedDaniel Stenberg
Allow an appliction to set libcurl specific SSL options. The first and only options supported right now is CURLSSLOPT_ALLOW_BEAST. It will make libcurl to disable any work-arounds the underlying SSL library may have to address a known security flaw in the SSL3 and TLS1.0 protocol versions. This is a reaction to us unconditionally removing that behavior after this security advisory: http://curl.haxx.se/docs/adv_20120124B.html ... it did however cause a lot of programs to fail because of old servers not liking this work-around. Now programs can opt to decrease the security in order to interoperate with old servers better.
2012-02-09add library support for tuning TCP_KEEPALIVEDave Reisner
This adds three new options to control the behavior of TCP keepalives: - CURLOPT_TCP_KEEPALIVE: enable/disable probes - CURLOPT_TCP_KEEPIDLE: idle time before sending first probe - CURLOPT_TCP_KEEPINTVL: delay between successive probes While not all operating systems support the TCP_KEEPIDLE and TCP_KEEPINTVL knobs, the library will still allow these options to be set by clients, silently ignoring the values.
2012-02-07curl_easy_reset: reset the referer stringDaniel Stenberg
When CURLOPT_REFERER has been used, curl_easy_reset() did not properly clear it. Verified with the new test 598 Bug: http://curl.haxx.se/bug/view.cgi?id=3481551 Reported by: Michael Day
2012-01-20URL parse: user name with ipv6 numerical addressDaniel Stenberg
Using a URL with embedded user name and password didn't work if the host was given as a numerical IPv6 string, like ftp://user:password@[::1]/ Reported by: Brandon Wang Bug: http://curl.haxx.se/mail/archive-2012-01/0047.html
2012-01-18ssl session caching: fix compiler warningsYang Tse
2012-01-16add LF termination to infof() trace stringYang Tse
2011-12-31changed case: use new host name for subsequent HTTP requestsDaniel Stenberg
When a HTTP connection is re-used for a subsequent request without proxy, it would always re-use the Host: header of the first request. As host names are case insensitive it would make curl send another host name case that what the particular request used. Now it will instead always use the most recent host name to always use the desired casing. Added test case 1318 to verify. Bug: http://curl.haxx.se/mail/lib-2011-12/0314.html Reported by: Alex Vinnik
2011-12-24Curl_do_more: fix typo logicDaniel Stenberg
In the recent do_more fix the new logic was mistakenly checking the pointer instead of what it points to. Reported by: Gokhan Sengun Bug: http://curl.haxx.se/mail/lib-2011-12/0250.html
2011-12-23resolve: don't leak pre-populated dns entriesDaniel Stenberg
CURLOPT_RESOLVE populates the DNS cache with entries that are marked as eternally in use. Those entries need to be taken care of when the cache is killed off. Bug: http://curl.haxx.se/bug/view.cgi?id=3463121 Reported by: "tw84452852"
2011-12-20non-blocking active FTP: cleanup multi state usageDaniel Stenberg
Backpedaled out the funny double-change of state in the multi state machine by adding a new argument to the do_more() function to signal completion. This way it can remain in the DO_MORE state properly until done. Long term, the entire DO_MORE logic should be moved into the FTP code and be hidden from the multi code as the logic is only used for FTP.
2011-12-20FTP: perform active connections non-blockingGokhan Sengun
1- Two new error codes are introduced. CURLE_FTP_ACCEPT_FAILED to be set whenever ACCEPTing fails because of FTP server connected. CURLE_FTP_ACCEPT_TIMEOUT to be set whenever ACCEPTing timeouts. Neither of these errors are considered fatal and control connection remains OK because it could just be a firewall blocking server to connect to the client. 2- One new setopt option was introduced. CURLOPT_ACCEPTTIMEOUT_MS It sets the maximum amount of time FTP client is going to wait for a server to connect. Internal default accept timeout is 60 seconds.
2011-12-20timer: restore PRETRANSFER timingDaniel Stenberg
Regression introduced in 7.23.0 with commit 9dd85bce. The function in which the PRETRANSFER time stamp was recorded was moved in time causing it be stored very quickly after the start timestamp. On most systems shorter than 1 millisecond and thus it wouldn't even show with -w "%{time_pretransfer}" using the command line tool. Bug: http://curl.haxx.se/mail/archive-2011-12/0022.html Reported by: Toni Moreno
2011-12-12ConnectionExists: Fix reuse for TLS upgraded connectionsSteve Holme
Fixed the connection reuse detection in ConnectionExists() when comparing a new connection that is non-SSL based against that of a SSL based connection that has become so by being upgraded via TLS.
2011-12-09create_conn: don't switch to HTTP protocol if tunneling is enabledDaniel Stenberg
This is a regression since who knows when. When spotting that a HTTP proxy is used we must not uncondititionally enable the HTTP protocol since if we do tunneling through the proxy we're still using the target protocol. Reported by: Naveen Chandran
2011-11-24query-part: ignore the URI part for given protocolsJonas Schnelli
By setting PROTOPT_NOURLQUERY in the protocol handler struct, the protocol will get the "query part" of the URL cut off before the data is handled by the protocol-specific code. This makes libcurl adhere to RFC3986 section 2.2. Test 1220 is added to verify a file:// URL with query-part.
2011-11-21protocol_connect: show verbose connect and set connect timeDaniel Stenberg
Regression: commit b998d95b (shipped first in release 7.22.0) made the condition always equal false that should reset the TIMER_CONNECT timer and call the Curl_verboseconnect() function. Reported by: "Captain Basil" Bug: http://curl.haxx.se/mail/archive-2011-11/0035.html
2011-11-17CURLOPT_DNS_SERVERS: set name servers if possibleJason Glasgow
2011-11-03url.c and file.c: fix OOM triggered segfaultYang Tse
2011-11-03rename ftp_ssl: the struct field is used for many protocolsDaniel Stenberg
Now called 'use_ssl' instead, which better matches the current CURLOPT name and since the option is used for all pingpong protocols (at least) it makes sense to not use 'ftp' in the name.
2011-11-02url.c and transfer.c: nullify connection pointer when free()'edYang Tse
2011-10-21curl_multi_fdset: correct fdset with FTP PORT useDaniel Stenberg
After a PORT has been issued, and the multi handle would switch to the CURLM_STATE_DO_MORE state (which is unique for FTP), libcurl would return the wrong fdset to wait for when curl_multi_fdset() is called. The code would blindly assume that it was waiting for a connect of the second connection, while that isn't true immediately after the PORT command. Also, the function multi.c:domore_getsock() was highly FTP-centric and therefore ugly to keep in protocol-agnostic code. I solved this problem by introducing a new function pointer in the Curl_handler struct called domore_getsock() which is only called during the DOMORE state for protocols that set that pointer. The new ftp.c:ftp_domore_getsock() function now returns fdset info about the control connection's command/response handling while such a state is in use, and goes over to waiting for a writable second connection first once the commands are done. The original problem could be seen by running test 525 and checking the time stamps in the FTP server log. I can verify that this fix at least fixes this problem. Bug: http://curl.haxx.se/mail/lib-2011-10/0250.html Reported by: Gokhan Sengun
2011-10-20Fixed compilation when HTTP or cookies are disabledDan Fandrich
2011-10-14url.c: fix endless loop upon transport connection timeoutYang Tse
Jerry Wu detected and provided detailed info about this issue.
2011-10-13url.c: make line shorter than 80 charsYang Tse
2011-10-12OOM handling/cleanup slight adjustmentsYang Tse
2011-10-11OOM handling/cleanup slight adjustmentsYang Tse
2011-10-07libcurl: some OOM handling fixesYang Tse
2011-10-02multi: progress function abort must close connectionDaniel Stenberg
When the progress function returns to cancel the request, we must mark the connection to get closed and it must do to the DONE state. do_init() must be called as early as possible so that state variables for new connections are reset early. We could otherwise see that the old values were still there when a connection was to be disconnected very early and it would make it behave wrongly. Bug: http://curl.haxx.se/mail/lib-2011-10/0006.html Reported by: Vladimir Grishchenko
2011-09-28SSL session sharing support addedAlejandro Alvarez
With locking, plus test, plus documentation
2011-09-22NTLM_WB: fix disabling of NTLM_WB when NTLM is disabledYang Tse