aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2018-09-10cookies: fix leak when writing cookies to fileDaniel Gustafsson
If the formatting fails, we error out on a fatal error and clean up on the way out. The array was however freed within the wrong scope and was thus never freed in case the cookies were written to a file instead of STDOUT. Closes #2957
2018-09-10cookies: Remove redundant expired checkDaniel Gustafsson
Expired cookies have already been purged at a later expiration time before this check, so remove the redundant check. closes #2962
2018-09-09ntlm_wb: bail out if the response gets overly largeDaniel Stenberg
Exit the realloc() loop if the response turns out ridiculously large to avoid worse problems. Reported-by: Harry Sintonen Closes #2959
2018-09-08url.c: fix comment typo and indentationDaniel Gustafsson
Closes #2960
2018-09-08urlapi: avoid derefencing a possible NULL pointerDaniel Stenberg
Coverity CID 1439134
2018-09-08URL-APIDaniel Stenberg
See header file and man pages for API. All documented API details work and are tested in the 1560 test case. Closes #2842
2018-09-07curl_easy_upkeep: removed 'conn' from the nameDaniel Stenberg
... including the associated option. Fixes #2951 Closes #2952
2018-09-07upkeep: add a connection upkeep API: curl_easy_conn_upkeep()Max Dymond
Add functionality so that protocols can do custom keepalive on their connections, when an external API function is called. Add docs for the new options in 7.62.0 Closes #1641
2018-09-07configure: add option to disable automatic OpenSSL config loadingPhilipp Waehnert
Sometimes it may be considered a security risk to load an external OpenSSL configuration automatically inside curl_global_init(). The configuration option --disable-ssl-auto-load-config disables this automatism. The Windows build scripts winbuild/Makefile.vs provide a corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean value. Setting neither of these options corresponds to the previous behavior loading the external OpenSSL configuration automatically. Fixes #2724 Closes #2791
2018-09-07doh: minor edits to please CoverityDaniel Stenberg
The gcc typecheck macros and coverity combined made it warn on the 2nd argument for ERROR_CHECK_SETOPT(). Here's minor rearrange to please it. Coverity CID 1439115 and CID 1439114.
2018-09-07schannel: avoid switch-cases that go to default anywayDaniel Stenberg
SEC_E_APPLICATION_PROTOCOL_MISMATCH isn't defined in some versions of mingw and would require an ifdef otherwise. Reported-by: Thomas Glanzmann Approved-by: Marc Hörsken Bug: https://curl.haxx.se/mail/lib-2018-09/0020.html Closes #2950
2018-09-06imap: change from "FETCH" to "UID FETCH"Nicklas Avén
... and add "MAILINDEX". As described in #2789, this is a suggested solution. Changing UID=xx to actually get mail with UID xx and add "MAILINDEX" to get a mail with a special index in the mail box (old behavior). So MAILINDEX=1 gives the first non deleted mail in the mail box. Fixes #2789 Closes #2815
2018-09-06CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer sizeDaniel Stenberg
This is step 3 of #2888. Fixes #2888 Closes #2896
2018-09-06DOH: add test case 1650 and 2100Daniel Stenberg
2018-09-06setopt: add CURLOPT_DOH_URLDaniel Stenberg
Closes #2668
2018-09-06ssl: deprecate CURLE_SSL_CACERT in favour of a unified error codeHan Han
Long live CURLE_PEER_FAILED_VERIFICATION
2018-09-06x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse certHan Han
CURLE_PEER_FAILED_VERIFICATION makes more sense because Curl_parseX509 does not allocate memory internally as its first argument is a pointer to the certificate structure. The same error code is also returned by Curl_verifyhost when its call to Curl_parseX509 fails so the change makes error handling more consistent.
2018-09-06openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuerHan Han
Failure to extract the issuer name from the server certificate should return a more specific error code like on other TLS backends.
2018-09-06schannel: unified error code handlingHan Han
Closes #2901
2018-09-06darwinssl: more specific and unified error codesHan Han
Closes #2901
2018-09-06CURLOPT_DNS_USE_GLOBAL_CACHE: deprecatedDaniel Stenberg
Disable the CURLOPT_DNS_USE_GLOBAL_CACHE option and mark it for deprecation and complete removal in six months. Bug: https://curl.haxx.se/mail/lib-2018-09/0010.html Closes #2942
2018-09-05url: default to CURL_HTTP_VERSION_2TLS if built h2-enabledDaniel Stenberg
Closes #2709
2018-09-05multiplex: enable by defaultDaniel Stenberg
Starting 7.62.0, multiplexing is enabled by default in multi handles.
2018-09-05tests: add unit tests for url.cJim Fuller
Approved-by: Daniel Gustafsson Closes #2937
2018-09-05pipelining: deprecatedDaniel Stenberg
Transparently. The related curl_multi_setopt() options all still returns OK when pipelining is selected. To re-enable the support, the single line change in lib/multi.c needs to be reverted. See docs/DEPRECATE.md Closes #2705
2018-09-04Curl_getoff_all_pipelines: ignore unused return valuesDaniel Stenberg
Since scan-build would warn on the dead "Dead store/Dead increment"
2018-09-04sftp: fix indentationViktor Szakats
2018-09-04sftp: don't send post-qoute sequence when retrying a connectionPrzemysław Tomaszewski
Fixes #2939 Closes #2940
2018-09-03url, vtls: make CURLOPT{,_PROXY}_TLS13_CIPHERS workKamil Dudka
This is a follow-up to PR #2607 and PR #2926. Closes #2936
2018-09-03openssl: Fix setting TLS 1.3 cipher suitesJay Satiro
The flag indicating TLS 1.3 cipher support in the OpenSSL backend was missing. Bug: https://github.com/curl/curl/pull/2607#issuecomment-417283187 Reported-by: Kamil Dudka Closes #2926
2018-09-03Curl_ntlm_core_mk_nt_hash: return error on too long passwordDaniel Stenberg
... since it would cause an integer overflow if longer than (max size_t / 2). This is CVE-2018-14618 Bug: https://curl.haxx.se/docs/CVE-2018-14618.html Closes #2756 Reported-by: Zhaoyang Wu
2018-09-02http2: Use correct format identifier for stream_idRikard Falkeborn
Closes #2928
2018-09-01all: s/int/size_t cleanupDaniel Stenberg
Assisted-by: Rikard Falkeborn Closes #2922
2018-09-01ssh-libssh: use FALLTHROUGH to silence gcc8Daniel Stenberg
2018-08-31cookies: support creation-time attribute for cookiesDaniel Gustafsson
According to RFC6265 section 5.4, cookies with equal path lengths SHOULD be sorted by creation-time (earlier first). This adds a creation-time record to the cookie struct in order to make cookie sorting more deterministic. The creation-time is defined as the order of the cookies in the jar, the first cookie read fro the jar being the oldest. The creation-time is thus not serialized into the jar. Also remove the strcmp() matching in the sorting as there is no lexicographic ordering in RFC6265. Existing tests are updated to match. Closes #2524
2018-08-24curl_threads: silence bad-function-cast warningMarcel Raad
As uintptr_t and HANDLE are always the same size, this warning is harmless. Just silence it using an intermediate uintptr_t variable. Closes https://github.com/curl/curl/pull/2908
2018-08-24schannel: client certificate store opening fixIhor Karpenko
1) Using CERT_STORE_OPEN_EXISTING_FLAG ( or CERT_STORE_READONLY_FLAG ) while opening certificate store would be sufficient in this scenario and less-demanding in sense of required user credentials ( for example, IIS_IUSRS will get "Access Denied" 0x05 error for existing CertOpenStore call without any of flags mentioned above ), 2) as 'cert_store_name' is a DWORD, attempt to format its value like a string ( in "Failed to open cert store" error message ) will throw null pointer exception 3) adding GetLastError(), in my opinion, will make error message more useful. Bug: https://curl.haxx.se/mail/lib-2018-08/0198.html Closes #2909
2018-08-24gopher: Do not translate `?' to `%09'Leonardo Taccari
Since GOPHER support was added in curl `?' character was automatically translated to `%09' (`\t'). However, this behaviour does not seems documented in RFC 4266 and for search selectors it is documented to directly use `%09' in the URL. Apart that several gopher servers in the current gopherspace have CGI support where `?' is used as part of the selector and translating it to `%09' often leads to surprising results. Closes #2910
2018-08-22http2: abort the send_callback if not setup yetDaniel Stenberg
When Curl_http2_done() gets called before the http2 data is setup all the way, we cannot send anything and this should just return an error. Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012
2018-08-21http2: remove four unused nghttp2 callbacksDaniel Stenberg
Closes #2903
2018-08-21x509asn1: use FALLTHROUGHDaniel Stenberg
... as no other comments are accepted since 014ed7c22f51463
2018-08-21curl-compilers: enable -Wimplicit-fallthrough=4 for GCCMarcel Raad
This enables level 4 instead of the default level 3, which of the currently used comments only allows /* FALLTHROUGH */ to silence the warning. Closes https://github.com/curl/curl/pull/2747
2018-08-21Remove unused definitionsMarcel Raad
Closes https://github.com/curl/curl/pull/2747
2018-08-21x509asn1: make several functions staticDaniel Stenberg
and remove the private SIZE_T_MAX define and use the generic one. Closes #2902
2018-08-21http2: avoid set_stream_user_data() before stream is assignedDaniel Stenberg
... before the stream is started, we have it set to -1. Fixes #2894 Closes #2898
2018-08-18upload: change default UPLOAD_BUFSIZE to 64KBDaniel Stenberg
To make uploads significantly faster in some circumstances. Part 2 of #2888 Closes #2892
2018-08-18upload: allocate upload buffer on-demandDaniel Stenberg
Saves 16KB on the easy handle for operations that don't need that buffer. Part 1 of #2888
2018-08-18vtls: reinstantiate engine on duplicated handlesLaurent Bonnans
Handles created with curl_easy_duphandle do not use the SSL engine set up in the original handle. This fixes the issue by storing the engine name in the internal url state and setting the engine from its name inside curl_easy_duphandle. Reported-by: Anton Gerasimov Signed-of-by: Laurent Bonnans Fixes #2829 Closes #2833
2018-08-17http2: make sure to send after RST_STREAMDaniel Stenberg
If this is the last stream on this connection, the RST_STREAM might not get pushed to the wire otherwise. Fixes #2882 Closes #2887 Researched-by: Michael Kaufmann
2018-08-16urldata: remove unused pipe_broke struct fieldDaniel Stenberg
This struct field is never set TRUE in any existing code path. This change removes the field completely. Closes #2871