Age | Commit message (Collapse) | Author |
|
RFC 4616 specifies the authzid is optional in the client authentication
message and that the server will derive the authorisation identity
(authzid) from the authentication identity (authcid) when not specified
by the client.
|
|
Follow-up to 76b6348 which renamed logfile as curl_dbg_logfile.
Ref: https://github.com/curl/curl/commit/76b6348#r33259088
|
|
Follow up to 762a292f.
|
|
... and disconnect too old ones instead of trying to reuse.
Default max age is set to 118 seconds.
Ref: #3722
Closes #3782
|
|
ALTSVC requires Curl_get_line which is defined in lib/cookie.c inside a #if
check of HTTP and COOKIES. That makes Curl_get_line undefined if COOKIES is
disabled. Fix by splitting out the function into a separate file which can
be included where needed.
Closes #3717
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
|
|
Since the connection has been used by the "outside" we don't know the
state of it anymore and curl should not use it anymore.
Bug: https://curl.haxx.se/mail/lib-2019-04/0052.html
Closes #3795
|
|
The list of names must be in sync with the defined states in the header
file!
|
|
|
|
|
|
Following 28f826b3 to return CURLE_OK instead of numeric 0.
|
|
The indentation from 211d5329 and 57d6d253 was a little strange as
parts didn't align correctly, uses 4 spaces rather than 2. Checked
the indentation of the original source so it aligns, albeit, using
curl style.
|
|
|
|
|
|
To aid debugging better.
|
|
Commit 9081014 fixed most of the confusing issues between scope id and
scope however 844896d added bad limits checking assuming that the scope
is being set and not the scope id.
I have fixed the documentation so it all refers to scope ids.
In addition Curl_if2ip refered to the scope id as remote_scope_id which
is incorrect, so I renamed it to local_scope_id.
Adjusted-by: Daniel Stenberg
Closes #3655
Closes #3765
Fixes #3713
|
|
Only allow well formed decimal numbers in the input.
Document that the number MUST be between 1 and 65535.
Add tests to test 1560 to verify the above.
Ref: https://github.com/curl/curl/issues/3753
Closes #3762
|
|
Without this, detecting and avoid reusing a closed TLS connection
(without a previous GOAWAY) when doing HTTP/2 is tricky.
Reported-by: Tom van der Woerdt
Fixes #3750
Closes #3763
|
|
Functionally this doesn't change anything as we still use the username
for both the authorisation identity and the authentication identity.
Closes #3757
|
|
Since a few code paths actually update that data.
Fixes #3753
Closes #3761
Reported-by: Poul T Lomholt
|
|
Remove the code too. The functionality has been disabled in code since
7.62.0. Setting this option will from now on simply be ignored and have
no function.
Closes #3654
|
|
- remove unused variables
- declare conditionally used variables conditionally
- suppress unused variable warnings in the CMake tests
- remove dead variable stores
- consistently use WIN32 macro to detect Windows
Closes https://github.com/curl/curl/pull/3739
|
|
Make functions no-ops if neither both USE_THREADS_POSIX and
HAVE_PTHREAD_H nor both USE_THREADS_WIN32 and HAVE_PROCESS_H are
defined. Previously, if only one of them was defined, there was either
code compiled that did nothing useful or the wrong header included for
the functions used.
Also, move POLARSSL_MUTEX_T define to implementation file as it's not
used externally.
Closes https://github.com/curl/curl/pull/3739
|
|
|
|
|
|
bytes... since the protocol needs to store the length in a single byte field.
Reported-by: XmiliaH on github
Fixes #3737
Closes #3740
|
|
fixes #3741
Closes #3742
|
|
Fixes #3745
Closes #3746
The following snippet
```
int main()
{
CURL* hCurlHandle = curl_easy_init();
curl_easy_setopt(hCurlHandle, CURLOPT_URL, "http://example.com");
curl_easy_setopt(hCurlHandle, CURLOPT_PROXY, "1");
curl_easy_perform(hCurlHandle);
curl_easy_cleanup(hCurlHandle);
return 0;
}
```
triggers the following Valgrind warning
```
==4125== Invalid read of size 8
==4125== at 0x4E7D1EE: Curl_llist_remove (llist.c:97)
==4125== by 0x4E7EF5C: detach_connnection (multi.c:798)
==4125== by 0x4E80545: multi_runsingle (multi.c:1451)
==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072)
==4125== by 0x4E766A0: easy_transfer (easy.c:625)
==4125== by 0x4E76915: easy_perform (easy.c:719)
==4125== by 0x4E7697C: curl_easy_perform (easy.c:738)
==4125== by 0x4008BE: main (in /home/even/curl/test)
==4125== Address 0x9b3d1d0 is 1,120 bytes inside a block of size 1,600 free'd
==4125== at 0x4C2ECF0: free (vg_replace_malloc.c:530)
==4125== by 0x4E62C36: conn_free (url.c:756)
==4125== by 0x4E62D34: Curl_disconnect (url.c:818)
==4125== by 0x4E48DF9: Curl_once_resolved (hostip.c:1097)
==4125== by 0x4E8052D: multi_runsingle (multi.c:1446)
==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072)
==4125== by 0x4E766A0: easy_transfer (easy.c:625)
==4125== by 0x4E76915: easy_perform (easy.c:719)
==4125== by 0x4E7697C: curl_easy_perform (easy.c:738)
==4125== by 0x4008BE: main (in /home/even/curl/test)
==4125== Block was alloc'd at
==4125== at 0x4C2F988: calloc (vg_replace_malloc.c:711)
==4125== by 0x4E6438E: allocate_conn (url.c:1654)
==4125== by 0x4E685B4: create_conn (url.c:3496)
==4125== by 0x4E6968F: Curl_connect (url.c:4023)
==4125== by 0x4E802E7: multi_runsingle (multi.c:1368)
==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072)
==4125== by 0x4E766A0: easy_transfer (easy.c:625)
==4125== by 0x4E76915: easy_perform (easy.c:719)
==4125== by 0x4E7697C: curl_easy_perform (easy.c:738)
==4125== by 0x4008BE: main (in /home/even/curl/test)
```
This has been bisected to commit 2f44e94
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14109
Credit to OSS Fuzz
|
|
As previously planned and documented in DEPRECATE.md, all pipelining
code is removed.
Closes #3651
|
|
Removing the block is consistent with line 954/957.
Closes https://github.com/curl/curl/pull/3732
|
|
Just remove the redundant condition, which also makes it clear that
k->buf is always 0-terminated if this break is not hit.
Closes https://github.com/curl/curl/pull/3732
|
|
- Fix clang string-plus-int warning.
Clang 8 warns about adding a string to an int does not append to the
string. Indeed it doesn't, but that was not the intention either. Use
array indexing as suggested to silence the warning. There should be no
functional changes.
(In other words clang warns about "foo"+2 but not &"foo"[2] so use the
latter.)
smtp.c:1221:29: warning: adding 'int' to a string does not append to the
string [-Wstring-plus-int]
eob = strdup(SMTP_EOB + 2);
~~~~~~~~~~~~~~~~^~~~
Closes https://github.com/curl/curl/pull/3729
|
|
Closes #3724
Reviewed-by: Jakub Zakrzewski
Reviewed-by: Daniel Gustafsson
|
|
OAUTHBEARER tokens were incorrectly generated in a format similar to
XOAUTH2 tokens. These changes make OAUTHBEARER tokens conform to the
RFC7628.
Fixes: #2487
Reported-by: Paolo Mossino
Closes https://github.com/curl/curl/pull/3377
|
|
Closes #3699
|
|
Make sure to downgrade to 1.1 even when we get this HTTP/2 stream error
on first flight.
Reported-by: niner on github
Fixes #3696
Closes #3707
|
|
This reverts commit 9130ead9fcabdb6b8fbdb37c0b38be2d326adb00.
Fixes #3708
|
|
Closes #3704
|
|
Follow-up to 520f0b4 which added Alt-Svc support and enabled it by
default for OS400. Since the feature is experimental, it should be
disabled by default.
Ref: https://github.com/curl/curl/commit/520f0b4#commitcomment-32792332
Ref: https://curl.haxx.se/mail/lib-2019-02/0008.html
Closes https://github.com/curl/curl/pull/3688
|
|
|
|
Fixes #3692
Closes #3692
|
|
Reported-by: nianxuejie on github
Assisted-by: Nick Zitzmann
Assisted-by: Jay Satiro
Fixes #3689
Closes #3690
|
|
Although experimental, enable it in the platform config file.
Upgrade ILE/RPG binding.
|
|
- make sure an already "owned" connection isn't returned unless
multiplexed.
- clear ->data when returning the connection to the cache again
Regression since 7.62.0 (probably in commit 1b76c38904f0)
Bug: https://curl.haxx.se/mail/lib-2019-03/0064.html
Closes #3686
|
|
AmiSSL is an Amiga native library which provides a wrapper over OpenSSL.
It also requires all programs using it to use bsdsocket.library
directly, rather than accessing socket functions through clib, which
libcurl was not necessarily doing previously. Configure will now check
for the headers and ensure they are included if found.
Closes #3677
|
|
... in the SSL structure as AmiSSL is using macros for the socket API
functions.
|
|
... to match the style already used for compiling, linking
etc. Acknowledges 'make V=1' to enable verbose.
Closes #3681
|
|
* Adjusted unit tests 2056, 2057
* do not generally close connections with CURLAUTH_NEGOTIATE after every request
* moved negotiatedata from UrlState to connectdata
* Added stream rewind logic for CURLAUTH_NEGOTIATE
* introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC
* Consider authproblem state for CURLAUTH_NEGOTIATE
* Consider reuse_forbid for CURLAUTH_NEGOTIATE
* moved and adjusted negotiate authentication state handling from
output_auth_headers into Curl_output_negotiate
* Curl_output_negotiate: ensure auth done is always set
* Curl_output_negotiate: Set auth done also if result code is
GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may
also indicate the last challenge request (only works with disabled
Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1)
* Consider "Persistent-Auth" header, detect if not present;
Reset/Cleanup negotiate after authentication if no persistent
authentication
* apply changes introduced with #2546 for negotiate rewind logic
Fixes #1261
Closes #1975
|
|
The check that prevents payload from sending in case of authentication
doesn't check properly if the authentication is done or not.
They're cases where the proxy respond "200 OK" before sending
authentication challenge. This change takes care of that.
Fixes #2431
Closes #3669
|
|
Pointed out by codacy
Closes #3672
|
|
Coverity warned for two potentional "Use after free" cases. Both are false
positives because the memory wasn't used, it was only the actual pointer
value that was logged.
The fix still changes the order of execution to avoid the warnings.
Coverity CID 1443033 and 1443034
Closes #3671
|