aboutsummaryrefslogtreecommitdiff
path: root/lib/url.c
AgeCommit message (Collapse)Author
2019-02-14connection_check: restore original conn->data after the checkJay Satiro
- Save the original conn->data before it's changed to the specified data transfer for the connection check and then restore it afterwards. This is a follow-up to 38d8e1b 2019-02-11. History: It was discovered a month ago that before checking whether to extract a dead connection that that connection should be associated with a "live" transfer for the check (ie original conn->data ignored and set to the passed in data). A fix was landed in 54b201b which did that and also cleared conn->data after the check. The original conn->data was not restored, so presumably it was thought that a valid conn->data was no longer needed. Several days later it was discovered that a valid conn->data was needed after the check and follow-up fix was landed in bbae24c which partially reverted the original fix and attempted to limit the scope of when conn->data was changed to only when pruning dead connections. In that case conn->data was not cleared and the original conn->data not restored. A month later it was discovered that the original fix was somewhat correct; a "live" transfer is needed for the check in all cases because original conn->data could be null which could cause a bad deref at arbitrary points in the check. A fix was landed in 38d8e1b which expanded the scope to all cases. conn->data was not cleared and the original conn->data not restored. A day later it was discovered that not restoring the original conn->data may lead to busy loops in applications that use the event interface, and given this observation it's a pretty safe assumption that there is some code path that still needs the original conn->data. This commit is the follow-up fix for that, it restores the original conn->data after the connection check. Assisted-by: tholin@users.noreply.github.com Reported-by: tholin@users.noreply.github.com Fixes https://github.com/curl/curl/issues/3542 Closes #3559
2019-02-11connection_check: set ->data to the transfer doing the checkDaniel Stenberg
The http2 code for connection checking needs a transfer to use. Make sure a working one is set before handler->connection_check() is called. Reported-by: jnbr on github Fixes #3541 Closes #3547
2019-02-10cleanup: make local functions staticDaniel Stenberg
urlapi: turn three local-only functions into statics conncache: make conncache_find_first_connection static multi: make detach_connnection static connect: make getaddressinfo static curl_ntlm_core: make hmac_md5 static http2: make two functions static http: make http_setup_conn static connect: make tcpnodelay static tests: make UNITTEST a thing to mark functions with, so they can be static for normal builds and non-static for unit test builds ... and mark Curl_shuffle_addr accordingly. url: make up_free static setopt: make vsetopt static curl_endian: make write32_le static rtsp: make rtsp_connisdead static warnless: remove unused functions memdebug: remove one unused function, made another static
2019-02-09url/idnconvert: remove scan for <= 32 ascii valuesDaniel Stenberg
The check was added back in fa939220df before the URL parser would catch these problems and therefore these will never trigger now. Closes #3539
2019-02-06url: close TLS before removing conn from cacheChris Araman
- Fix potential crashes in schannel shutdown. Ensure any TLS shutdown messages are sent before removing the association between the connection and the easy handle. Reverts @bagder's previous partial fix for #3412. Fixes https://github.com/curl/curl/issues/3412 Fixes https://github.com/curl/curl/issues/3505 Closes https://github.com/curl/curl/pull/3531
2019-02-01schannel: stop calling it "winssl"Daniel Stenberg
Stick to "Schannel" everywhere. The configure option --with-winssl is kept to allow existing builds to work but --with-schannel is added as an alias. Closes #3504
2019-01-15extract_if_dead: follow-up to 54b201b48c90aDaniel Stenberg
extract_if_dead() dead is called from two functions, and only one of them should get conn->data updated and now neither call path clears it. scan-build found a case where conn->data would be NULL dereferenced in ConnectionExists() otherwise. Closes #3473
2019-01-13extract_if_dead: use a known working transfer when checking connectionsDaniel Stenberg
Make sure that this function sets a proper "live" transfer for the connection before calling the protocol-specific connection check function, and then clear it again afterward as a non-used connection has no current transfer. Reported-by: Jeroen Ooms Reviewed-by: Marcel Raad Reviewed-by: Daniel Gustafsson Fixes #3463 Closes #3464
2019-01-11urldata: rename easy_conn to just connDaniel Stenberg
We use "conn" everywhere to be a pointer to the connection. Introduces two functions that "attaches" and "detaches" the connection to and from the transfer. Going forward, we should favour using "data->conn" (since a transfer always only has a single connection or none at all) to "conn->data" (since a connection can have none, one or many transfers associated with it and updating conn->data to be correct is error prone and a frequent reason for internal issues). Closes #3442
2019-01-04printf: fix format specifiersRikard Falkeborn
Closes #3426
2018-12-27url: fix incorrect indentationDaniel Gustafsson
2018-12-23disconnect: set conn->data for protocol disconnectDaniel Stenberg
Follow-up to fb445a1e18d: Set conn->data explicitly to point out the current transfer when invoking the protocol-specific disconnect function so that it can work correctly. Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12173
2018-12-22conncache_unlock: avoid indirection by changing input argument typeDaniel Stenberg
2018-12-22disconnect: separate connections and easy handles betterDaniel Stenberg
Do not assume/store assocation between a given easy handle and the connection if it can be avoided. Long-term, the 'conn->data' pointer should probably be removed as it is a little too error-prone. Still used very widely though. Reported-by: masbug on github Fixes #3391 Closes #3400
2018-12-21http: added options for allowing HTTP/0.9 responsesDaniel Stenberg
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose. For now, both the tool and library allow HTTP/0.9 by default. docs/DEPRECATE.md lays out the plan for when to reverse that default: 6 months after the 7.64.0 release. The options are added already now so that applications/scripts can start using them already now. Fixes #2873 Closes #3383
2018-11-23snprintf: renamed and we now only use msnprintf()Daniel Stenberg
The function does not return the same value as snprintf() normally does, so readers may be mislead into thinking the code works differently than it actually does. A different function name makes this easier to detect. Reported-by: Tomas Hoger Assisted-by: Daniel Gustafsson Fixes #3296 Closes #3297
2018-11-22host names: allow trailing dot in name resolve, then strip itTobias Hintze
Delays stripping of trailing dots to after resolving the hostname. Fixes #3022 Closes #3222
2018-11-20ares: remove fd from multi fd set when ares is about to close the fdRomain Fliedel
When using c-ares for asyn dns, the dns socket fd was silently closed by c-ares without curl being aware. curl would then 'realize' the fd has been removed at next call of Curl_resolver_getsock, and only then notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with CURL_POLL_REMOVE. At this point the fd is already closed. By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this patch allows curl to be notified that the fd is not longer needed for neither for write nor read. At this point by calling Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE before the fd is actually closed by ares. In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore since it does not allow passing a different sock_state_cb_data Closes #3238
2018-11-09setopt: add CURLOPT_CURLUJim Fuller
Allows an application to pass in a pre-parsed URL via a URL handle. Closes #3227
2018-11-06url: a short host name + port is not a schemeDaniel Stenberg
The function identifying a leading "scheme" part of the URL considered a few letters ending with a colon to be a scheme, making something like "short:80" to become an unknown scheme instead of a short host name and a port number. Extended test 1560 to verify. Also fixed test203 to use file_pwd to make it get the correct path on windows. Removed test 2070 since it was a duplicate of 203. Assisted-by: Marcel Raad Reported-by: Hagai Auro Fixes #3220 Fixes #3233 Closes #3223 Closes #3235
2018-11-05netrc: don't ignore the login name specified with "--user"Michael Kaufmann
- for "--netrc", don't ignore the login/password specified with "--user", only ignore the login/password in the URL. This restores the netrc behaviour of curl 7.61.1 and earlier. - fix the documentation of CURL_NETRC_REQUIRED - improve the detection of login/password changes when reading .netrc - don't read .netrc if both login and password are already set Fixes #3213 Closes #3224
2018-10-29Curl_close: clear data->multi_easy on free to avoid use-after-freeDaniel Stenberg
Regression from b46cfbc068 (7.59.0) CVE-2018-16840 Reported-by: Brian Carpenter (Geeknik Labs) Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
2018-10-23Curl_follow: return better errors on URL problemsDaniel Stenberg
... by making the converter function global and accessible. Closes #3153
2018-10-08spelling fixes [ci skip]Viktor Szakats
as detected by codespell 1.14.0 Closes https://github.com/curl/curl/pull/3114 Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-10-08FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER outputDaniel Stenberg
Now FILE transfers send headers to the header callback like HTTP and other protocols. Also made curl_easy_getinfo(...CURLINFO_PROTOCOL...) work for FILE in the callbacks. Makes "curl -i file://.." and "curl -I file://.." work like before again. Applied the bold header logic to them too. Regression from c1c2762 (7.61.0) Reported-by: Shaun Jackman Fixes #3083 Closes #3101
2018-10-03comment: Fix multiple typos in function parametersDaniel Gustafsson
Ensure that the parameters in the comment match the actual names in the prototype. Closes #3079 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-09-22url: use the URL API internally as wellDaniel Stenberg
... to make it a truly unified URL parser. Closes #3017
2018-09-08url.c: fix comment typo and indentationDaniel Gustafsson
Closes #2960
2018-09-08URL-APIDaniel Stenberg
See header file and man pages for API. All documented API details work and are tested in the 1560 test case. Closes #2842
2018-09-07curl_easy_upkeep: removed 'conn' from the nameDaniel Stenberg
... including the associated option. Fixes #2951 Closes #2952
2018-09-07upkeep: add a connection upkeep API: curl_easy_conn_upkeep()Max Dymond
Add functionality so that protocols can do custom keepalive on their connections, when an external API function is called. Add docs for the new options in 7.62.0 Closes #1641
2018-09-06CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer sizeDaniel Stenberg
This is step 3 of #2888. Fixes #2888 Closes #2896
2018-09-05url: default to CURL_HTTP_VERSION_2TLS if built h2-enabledDaniel Stenberg
Closes #2709
2018-09-04Curl_getoff_all_pipelines: ignore unused return valuesDaniel Stenberg
Since scan-build would warn on the dead "Dead store/Dead increment"
2018-09-03url, vtls: make CURLOPT{,_PROXY}_TLS13_CIPHERS workKamil Dudka
This is a follow-up to PR #2607 and PR #2926. Closes #2936
2018-08-18upload: allocate upload buffer on-demandDaniel Stenberg
Saves 16KB on the easy handle for operations that don't need that buffer. Part 1 of #2888
2018-08-01general: fix printf specifiersRikard Falkeborn
Closes #2818
2018-07-28conn_free: updated comment to clarifyDaniel Stenberg
Let's call it disassociate instead of disconnect since the latter term is used so much for (TCP) connections already.
2018-07-26reuse_conn(): free old_conn->optionsEven Rouault
This fixes a memory leak when CURLOPT_LOGIN_OPTIONS is used, together with connection reuse. I found this with oss-fuzz on GDAL and curl master: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9582 I couldn't reproduce with the oss-fuzz original test case, but looking at curl source code pointed to this well reproducable leak. Closes #2790
2018-07-22vtls: set conn->data when closing TLSDaniel Stenberg
Follow-up to 1b76c38904f0. The VTLS backends that close down the TLS layer for a connection still needs a Curl_easy handle for the session_id cache etc. Fixes #2764 Closes #2771
2018-07-20http2: several cleanupsDaniel Stenberg
- separate easy handle from connections better - added asserts on a number of places - added sanity check of pipelines for debug builds Closes #2751
2018-07-11Curl_getoff_all_pipelines: improved for multiplexedDaniel Stenberg
On multiplexed connections, transfers can be removed from anywhere not just at the head as for pipelines.
2018-07-11conn: remove the boolean 'inuse' fieldDaniel Stenberg
... as the usage needs to be counted.
2018-06-25url: check Curl_conncache_add_conn return codeDaniel Stenberg
... it was previously unchecked in two places and thus errors could remain undetected and cause trouble. Closes #2681
2018-06-22ConnectionExists: make sure conn->data is set when "taking" a connectionDaniel Stenberg
Follow-up to 2c15693. Bug #2674 Closes #2675
2018-06-21url: fix dangling conn->data pointerDaniel Stenberg
By masking sure to use the *current* easy handle with extracted connections from the cache, and make sure to NULLify the ->data pointer when the connection is put into the cache to make this mistake easier to detect in the future. Reported-by: Will Dietz Fixes #2669 Closes #2672
2018-06-13Curl_init_do: handle NULL connection pointer passed inLyman Epp
Closes #2653
2018-06-11cppcheck: fix warningsMarian Klymov
- Get rid of variable that was generating false positive warning (unitialized) - Fix issues in tests - Reduce scope of several variables all over etc Closes #2631
2018-05-31strictness: correct {infof, failf} format specifiersRikard Falkeborn
Closes #2623
2018-05-31option: disallow username in URLBjörn Stenberg
Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes libcurl reject URLs with a username in them. Closes #2340