aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2017-08-18http2_recv: return error better on fatal h2 errorsDaniel Stenberg
Ref #1012 Figured-out-by: Tatsuhiro Tsujikawa
2017-08-18http: Don't wait on CONNECT when there is no proxyJan Alexander Steffens (heftig)
Since curl 7.55.0, NetworkManager almost always failed its connectivity check by timeout. I bisected this to 5113ad04 (http-proxy: do the HTTP CONNECT process entirely non-blocking). This patch replaces !Curl_connect_complete with Curl_connect_ongoing, which returns false if the CONNECT state was left uninitialized and lets the connection continue. Closes #1803 Fixes #1804 Also-fixed-by: Gergely Nagy
2017-08-17CURL_SIZEOF_LONG: removed, use only SIZEOF_LONGDaniel Stenberg
2017-08-17config-win32: define SIZEOF_CURL_OFF_TDaniel Stenberg
2017-08-17cmake: sizeof curl_off_t, remove unused detectionsDaniel Stenberg
2017-08-17system.h: remove all CURL_SIZEOF_* definesDaniel Stenberg
... as they're not used externally and internally we check for the sizes already in configure etc. Closes #1767
2017-08-17ftp: fix CWD when doing multicwd then nocwd on same connectionDaniel Stenberg
Fixes #1782 Closes #1787 Reported-by: Peter Lamare
2017-08-17ssh: add the ability to enable compression (for SCP/SFTP)Viktor Szakats
The required low-level logic was already available as part of `libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1] option.) This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION` (boolean) and the new `curl` command-line option `--compressed-ssh` to request this `libssh2` feature. To have compression enabled, it is required that the SSH server supports a (zlib) compatible compression method and that `libssh2` was built with `zlib` support enabled. [1] https://www.libssh2.org/libssh2_session_flag.html Ref: https://github.com/curl/curl/issues/1732 Closes https://github.com/curl/curl/pull/1735
2017-08-16http_proxy: fix build error for CURL_DOES_CONVERSIONSMaksim Stsepanenka
Closes https://github.com/curl/curl/pull/1793
2017-08-16configure: check for __builtin_available() availability (#1788)Nick Zitzmann
This change does two things: 1. It un-breaks the build in Xcode 9.0. (Xcode 9.0 is currently failing trying to compile connectx() in lib/connect.c.) 2. It finally weak-links the connectx() function, and falls back on connect() when run on older operating systems.
2017-08-16darwinssi: fix error: variable length array usedDaniel Stenberg
2017-08-15cmake: remove dead code for DISABLED_THREADSAFEBenbuck Nason
Closes #1786
2017-08-15progress: Track total times following redirectsRyan Winograd
Update the progress timers `t_nslookup`, `t_connect`, `t_appconnect`, `t_pretransfer`, and `t_starttransfer` to track the total times for these activities when a redirect is followed. Previously, only the times for the most recent request would be tracked. Related changes: - Rename `Curl_pgrsResetTimesSizes` to `Curl_pgrsResetTransferSizes` now that the function only resets transfer sizes and no longer modifies any of the progress timers. - Add a bool to the `Progress` struct that is used to prevent double-counting `t_starttransfer` times. Added test case 1399. Fixes #522 and Known Bug 1.8 Closes #1602 Reported-by: joshhe on github
2017-08-15cmake: remove dead code for CURL_DISABLE_RTMPBenbuck Nason
Closes #1785
2017-08-14strtoofft: reduce integer overflow risks globallyDaniel Stenberg
... make sure we bail out on overflows. Reported-by: Brian Carpenter Closes #1758
2017-08-13ipv6_scope: support unique local addressesDaniel Stenberg
Fixes #1764 Closes #1773 Reported-by: James Slaughter
2017-08-13redirect: skip URL encoding for host namesSalah-Eddin Shaban
This fixes redirects to IDN URLs Fixes #1441 Closes #1762 Reported by: David Lord
2017-08-12bagder/Curl_tvdiff_us: fix the mathDaniel Stenberg
Regression since adef394ac5 (released in 7.55.0) Reported-by: Han Qiao Fixes #1769 Closes #1771
2017-08-11parse_proxy(): fix memory leak in case of invalid proxy server nameEven Rouault
Fixes the below leak: $ valgrind --leak-check=full ~/install-curl-git/bin/curl --proxy "http://a:b@/x" http://127.0.0.1 curl: (5) Couldn't resolve proxy name ==5048== ==5048== HEAP SUMMARY: ==5048== in use at exit: 532 bytes in 12 blocks ==5048== total heap usage: 5,288 allocs, 5,276 frees, 445,271 bytes allocated ==5048== ==5048== 2 bytes in 1 blocks are definitely lost in loss record 1 of 12 ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==5048== by 0x4E6CB79: parse_login_details (url.c:5614) ==5048== by 0x4E6BA82: parse_proxy (url.c:5091) ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346) ==5048== by 0x4E6EA18: create_conn (url.c:6498) ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967) ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436) ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160) ==5048== by 0x4E7C515: easy_transfer (easy.c:708) ==5048== by 0x4E7C74A: easy_perform (easy.c:794) ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813) ==5048== by 0x414025: operate_do (tool_operate.c:1563) ==5048== ==5048== 2 bytes in 1 blocks are definitely lost in loss record 2 of 12 ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==5048== by 0x4E6CBB6: parse_login_details (url.c:5621) ==5048== by 0x4E6BA82: parse_proxy (url.c:5091) ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346) ==5048== by 0x4E6EA18: create_conn (url.c:6498) ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967) ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436) ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160) ==5048== by 0x4E7C515: easy_transfer (easy.c:708) ==5048== by 0x4E7C74A: easy_perform (easy.c:794) ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813) ==5048== by 0x414025: operate_do (tool_operate.c:1563) Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2984 Credit to OSS Fuzz for discovery Closes #1761
2017-08-11openssl: fix "error: this statement may fall through"Daniel Stenberg
A gcc7 warning.
2017-08-11openssl: remove CONST_ASN1_BIT_STRING.David Benjamin
Just making the pointer as const works for the pre-1.1.0 path too. Closes #1759
2017-08-10digest_sspi: Don't reuse context if the user/passwd has changedJay Satiro
Bug: https://github.com/curl/curl/issues/1685 Reported-by: paulharris@users.noreply.github.com Assisted-by: Isaac Boukris Closes https://github.com/curl/curl/pull/1742
2017-08-08docs/comments: Update to secure URL versionsViktor Szakats
Closes #1741
2017-08-07tftp: reject file name lengths that don't fitDaniel Stenberg
... and thereby avoid telling send() to send off more bytes than the size of the buffer! CVE-2017-1000100 Bug: https://curl.haxx.se/docs/adv_20170809B.html Reported-by: Even Rouault Credit to OSS-Fuzz for the discovery
2017-08-07file: output the correct buffer to the userEven Rouault
Regression brought by 7c312f84ea930d8 (April 2017) CVE-2017-1000099 Bug: https://curl.haxx.se/docs/adv_20170809C.html Credit to OSS-Fuzz for the discovery
2017-08-06easy_events: make event data staticDaniel Stenberg
First: this function is only used in debug-builds and not in release/real builds. It is used to drive tests using the event-based API. A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the CURLMOPT_TIMERFUNCTION calback can in fact be called even after this funtion returns, namely when curl_multi_remove_handle() is called. Reported-by: Brian Carpenter
2017-08-05gssapi: fix memory leak of output token in multi round contextIsaac Boukris
When multiple rounds are needed to establish a security context (usually ntlm), we overwrite old token with a new one without free. Found by proposed gss tests using stub a gss implementation (by valgrind error), though I have confirmed the leak with a real gssapi implementation as well. Closes https://github.com/curl/curl/pull/1733
2017-08-05darwinssl: fix compiler warningMarcel Raad
clang complains: vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive [-Werror,-Wextra-tokens] This breaks the darwinssl build on Travis. Fix it by making this token a comment. Closes https://github.com/curl/curl/pull/1734
2017-08-04FTP: skip unnecessary CWD when in nocwd modeDaniel Stenberg
... when reusing a connection. If it didn't do any CWD previously. Fixes #1718
2017-08-04darwin: silence compiler warningsDaniel Stenberg
With a clang pragma and three type fixes Fixes #1722
2017-08-03darwinssl: fix curlssl_sha256sum() compiler warnings on first argumentDaniel Stenberg
2017-08-03netrc: skip lines starting with '#'Gisle Vanem
Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html
2017-08-03CMake: set MSVC warning level to 4Marcel Raad
The MSVC warning level defaults to 3 in CMake. Change it to 4, which is consistent with the Visual Studio and NMake builds. Disable level 4 warning C4127 for the library and additionally C4306 for the test servers to get a clean CURL_WERROR build as that warning is raised in some macros in older Visual Studio versions. Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794 Closes https://github.com/curl/curl/pull/1711
2017-08-01curl_threads: fix MSVC compiler warningMarcel Raad
Use LongToHandle to convert from long to HANDLE in the Win32 implementation. This should fix the following warning when compiling with MSVC 11 (2012) in 64-bit mode: lib\curl_threads.c(113): warning C4306: 'type cast' : conversion from 'long' to 'HANDLE' of greater size Closes https://github.com/curl/curl/pull/1717
2017-08-01multi: fix request timer managementBrad Spencer
There are some bugs in how timers are managed for a single easy handle that causes the wrong "next timeout" value to be reported to the application when a new minimum needs to be recomputed and that new minimum should be an existing timer that isn't currently set for the easy handle. When the application drives a set of easy handles via the `curl_multi_socket_action()` API (for example), it gets told to wait the wrong amount of time before the next call, which causes requests to linger for a long time (or, it is my guess, possibly forever). Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html
2017-08-01curl_setup: Define CURL_NO_OLDIES for building libcurlJay Satiro
.. to catch accidental use of deprecated error codes. Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237
2017-07-31http: fix response code parser to avoid integer overflowDaniel Stenberg
test 1429 and 1433 were updated to work with the stricter HTTP status line parser. Closes #1714 Reported-by: Brian Carpenter
2017-07-31libcurl: Stop using error codes defined under CURL_NO_OLDIESDwarakanath Yadavalli
Fixes https://github.com/curl/curl/issues/1688 Closes https://github.com/curl/curl/pull/1712
2017-07-29splay: fix signed/unsigned mismatch warningJay Satiro
Follow-up to 4dee50b. Ref: https://github.com/curl/curl/pull/1693
2017-07-28curl_rtmp: fix a compiler warningJohannes Schindelin
The headers of librtmp declare the socket as `int`, and on Windows, that disagrees with curl_socket_t. Bug: #1652 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-07-28timeval: struct curltime is a struct timeval replacementDaniel Stenberg
... to make all libcurl internals able to use the same data types for the struct members. The timeval struct differs subtly on several platforms so it makes it cumbersome to use everywhere. Ref: #1652 Closes #1693
2017-07-27darwinssl: fix variable type mistake (regression)Daniel Stenberg
... which made --tlsv1.2 not work because it would blank the max tls version variable. Reported-by: Nick Miyake Bug: #1703
2017-07-27multi: mention integer overflow risk if using > 500 million socketsDaniel Stenberg
Reported-by: ovidiu-benea@users.noreply.github.com Closes #1675 Closes #1683
2017-07-27checksrc: escape open brace in regexDaniel Stenberg
... to silence warning.
2017-07-20nss: fix a possible use-after-free in SelectClientCert()Kamil Dudka
... causing a SIGSEGV in showit() in case the handle used to initiate the connection has already been freed. This commit fixes a bug introduced in curl-7_19_5-204-g5f0cae803. Reported-by: Rob Sanders Bug: https://bugzilla.redhat.com/1436158
2017-07-20nss: unify the coding style of nss_send() and nss_recv()Kamil Dudka
No changes in behavior intended by this commit.
2017-07-17darwinssl: fix pinnedpubkey build errorJay Satiro
- s/SessionHandle/Curl_easy/ Bug: https://github.com/curl/curl/commit/eb16305#commitcomment-23035670 Reported-by: Gisle Vanem
2017-07-11build: remove WIN32_LEAN_AND_MEAN from individual build systemsMarcel Raad
It's defined for all build systems in curl_setup.h since commit beb08481d01a07a8b10938b1078a5e298b1c2912. This caused macro redefinition warnings in the configure builds. Closes https://github.com/curl/curl/pull/1677
2017-07-11curl_setup: always define WIN32_LEAN_AND_MEAN on WindowsMarcel Raad
Make sure to always define WIN32_LEAN_AND_MEAN before including any Windows headers to avoid pulling in unnecessary headers. This avoids unnecessary macro clashes and compiler warnings. Ref: https://github.com/curl/curl/issues/1562 Closes https://github.com/curl/curl/pull/1672
2017-07-11strerror: Preserve Windows error code in some functionsJay Satiro
This is a follow-up to af02162 which removed (SET_)ERRNO macros. That commit was an earlier draft that I committed by mistake, which was then remedied by a5834e5 and e909de6, and now this commit. With this commit there is now no difference between the current code and the changes that were approved in the final draft. Thanks-to: Max Dymond, Marcel Raad, Daniel Stenberg, Gisle Vanem Ref: https://github.com/curl/curl/pull/1589