aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2019-11-02copyrights: update all copyright notices to 2019 on files changed this yearVilhelm Prytz
Closes #4547
2019-11-02mbedtls: add error message for cert validity starting in the futureBastien Bouclet
Closes #4552
2019-11-01schannel_verify: Fix concurrent openings of CA fileJay Satiro
- Open the CA file using FILE_SHARE_READ mode so that others can read from it as well. Prior to this change our schannel code opened the CA file without sharing which meant concurrent openings (eg an attempt from another thread or process) would fail during the time it was open without sharing, which in curl's case would cause error: "schannel: failed to open CA file". Bug: https://curl.haxx.se/mail/lib-2019-10/0104.html Reported-by: Richard Alcock
2019-10-31gtls: make gnutls_bye() not wait for response on shutdownDaniel Stenberg
... as it can make it wait there for a long time for no good purpose. Patched-by: Jay Satiro Reported-by: Bylon2 on github Adviced-by: Nikos Mavrogiannopoulos Fixes #4487 Closes #4541
2019-10-30url: make Curl_close() NULLify the pointer tooDaniel Stenberg
This is the common pattern used in the code and by a unified approach we avoid mistakes. Closes #4534
2019-10-29url: Curl_free_request_state() should also free doh handlesDaniel Stenberg
... or risk DoH memory leaks. Reported-by: Paul Dreik Fixes #4463 Closes #4527
2019-10-28HTTP3: fix invalid use of sendto for connected UDP socketJavier Blazquez
On macOS/BSD, trying to call sendto on a connected UDP socket fails with a EISCONN error. Because the singleipconnect has already called connect on the socket when we're trying to use it for QUIC transfers we need to use plain send instead. Fixes #4529 Closes https://github.com/curl/curl/pull/4533
2019-10-28HTTP3: fix Windows buildJavier Blazquez
The ngtcp2 QUIC backend was using the MSG_DONTWAIT flag for send/recv in order to perform nonblocking operations. On Windows this flag does not exist. Instead, the socket must be set to nonblocking mode via ioctlsocket. This change sets the nonblocking flag on UDP sockets used for QUIC on all platforms so the use of MSG_DONTWAIT is not needed. Fixes #4531 Closes #4532
2019-10-24schannel: reverse the order of certinfo insertionsFrancois Rivard
Fixes #4518 Closes #4519
2019-10-23conn-reuse: requests wanting NTLM can reuse non-NTLM connectionsDaniel Stenberg
Added test case 338 to verify. Reported-by: Daniel Silverstone Fixes #4499 Closes #4514
2019-10-18http2_recv: a closed stream trumps pause stateDaniel Stenberg
... and thus should return 0, not EAGAIN. Reported-by: Tom van der Woerdt Fixes #4496 Closes #4505
2019-10-18http2: expire a timeout at end of streamDaniel Stenberg
To make sure that transfer is being dealt with. Streams without Content-Length need a final read to notice the end-of-stream state. Reported-by: Tom van der Woerdt Fixes #4496
2019-10-16url: normalize CURLINFO_EFFECTIVE_URLDaniel Stenberg
The URL extracted with CURLINFO_EFFECTIVE_URL was returned as given as input in most cases, which made it not get a scheme prefixed like before if the URL was given without one, and it didn't remove dotdot sequences etc. Added test case 1907 to verify that this now works as intended and as before 7.62.0. Regression introduced in 7.62.0 Reported-by: Christophe Dervieux Fixes #4491 Closes #4493
2019-10-13security: silence conversion warningMarcel Raad
With MinGW-w64, `curl_socket_t` is is a 32 or 64 bit unsigned integer, while `read` expects a 32 bit signed integer. Use `sread` instead of `read` to use the correct parameter type. Closes https://github.com/curl/curl/pull/4483
2019-10-13connect: silence sign-compare warningMarcel Raad
With MinGW-w64 using WinSock, `curl_socklen_t` is signed, while the result of `sizeof` is unsigned. Closes https://github.com/curl/curl/pull/4483
2019-10-10socketpair: fix include and define for older TCP header systemsHarry Sintonen
fixed build for systems that need netinet/in.h for IPPROTO_TCP and are missing INADDR_LOOPBACK Closes #4480
2019-10-10socketpair: fix double-close in error caseDaniel Stenberg
Follow-up to bc2dbef0afc08
2019-10-10gskit: use the generic Curl_socketpairDaniel Stenberg
2019-10-10asyn-thread: make use of Curl_socketpair() where availableDaniel Stenberg
2019-10-10socketpair: an implemention for Windows and moreDaniel Stenberg
Curl_socketpair() is designed to be used and work everywhere if there's no native version or the native version isn't good enough. Closes #4466
2019-10-09connect: return CURLE_OPERATION_TIMEDOUT for errno == ETIMEDOUTDaniel Stenberg
Previosly all connect() failures would return CURLE_COULDNT_CONNECT, no matter what errno said. This makes for example --retry work on these transfer failures. Reported-by: Nathaniel J. Smith Fixes #4461 Clsoes #4462
2019-10-05ldap: fix OOM error on missing query stringNicolas
- Allow missing queries, don't return NO_MEMORY error in such a case. It is acceptable for there to be no specified query string, for example: curl ldap://ldap.forumsys.com A regression bug in 1b443a7 caused this issue. This is a partial fix for #4261. Bug: https://github.com/curl/curl/issues/4261#issuecomment-525543077 Reported-by: Jojojov@users.noreply.github.com Analyzed-by: Samuel Surtees Closes https://github.com/curl/curl/pull/4467
2019-10-05build: Remove unused HAVE_LIBSSL and HAVE_LIBCRYPTO definesPaul B. Omta
Closes https://github.com/curl/curl/pull/4460
2019-10-04ngtcp2: adapt to API changeDaniel Stenberg
Closes #4457
2019-10-03cookies: change argument type for Curl_flush_cookiesDaniel Stenberg
The second argument is really a 'bool' so use that and pass in TRUE/FALSE to make it clear. Closes #4455
2019-10-03http2: move state-init from creation to pre-transferDaniel Stenberg
To make sure that the HTTP/2 state is initialized correctly for duplicated handles. It would otherwise easily generate "spurious" PRIORITY frames to get sent over HTTP/2 connections when duplicated easy handles were used. Reported-by: Daniel Silverstone Fixes #4303 Closes #4442
2019-10-03urlapi: fix use-after-free bugDaniel Stenberg
Follow-up from 2c20109a9b5d04 Added test 663 to verify. Reported by OSS-Fuzz Bug: https://crbug.com/oss-fuzz/17954 Closes #4453
2019-10-03cookie: avoid harmless use after freePaul Dreik
This fix removes a use after free which can be triggered by the internal cookie fuzzer, but otherwise is probably impossible to trigger from an ordinary application. The following program reproduces it: curl_global_init(CURL_GLOBAL_DEFAULT); CURL* handle=curl_easy_init(); CookieInfo* info=Curl_cookie_init(handle,NULL,NULL,false); curl_easy_setopt(handle, CURLOPT_COOKIEJAR, "/dev/null"); Curl_flush_cookies(handle, true); Curl_cookie_cleanup(info); curl_easy_cleanup(handle); curl_global_cleanup(); This was found through fuzzing. Closes #4454
2019-10-02ESNI: initial build/setupNiall
Closes #4011
2019-10-02redirect: when following redirects to an absolute URL, URL encode itDaniel Stenberg
... to make it handle for example (RFC violating) embeded spaces. Reported-by: momala454 on github Fixes #4445 Closes #4447
2019-10-02urlapi: fix URL encoding when setting a full URLDaniel Stenberg
2019-10-02CURLMOPT_MAX_CONCURRENT_STREAMS: new setoptKunal Ekawde
Closes #4410
2019-10-02chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING errorDaniel Stenberg
Unknown content-encoding would get returned as CURLE_WRITE_ERROR if the response is chunked-encoded. Reported-by: Ilya Kosarev Fixes #4310 Closes #4449
2019-10-01checksrc: fix uninitialized variable warningMarcel Raad
The loop doesn't need to be executed without a file argument. Closes https://github.com/curl/curl/pull/4444
2019-10-01urlapi: fix unused variable warningMarcel Raad
`dest` is only used with `ENABLE_IPV6`. Closes https://github.com/curl/curl/pull/4444
2019-10-01lib: silence conversion warningsMarcel Raad
Closes https://github.com/curl/curl/pull/4444
2019-09-30altsvc: accept quoted ma and persist valuesDaniel Stenberg
As mandated by the spec. Test 1654 is extended to verify. Closes #4443
2019-09-29quiche: update HTTP/3 config creation to new APIlucas
2019-09-28cookies: using a share with cookies shouldn't enable the cookie engineDaniel Stenberg
The 'share object' only sets the storage area for cookies. The "cookie engine" still needs to be enabled or activated using the normal cookie options. This caused the curl command line tool to accidentally use cookies without having been told to, since curl switched to using shared cookies in 7.66.0. Test 1166 verifies Updated test 506 Fixes #4429 Closes #4434
2019-09-27setopt: handle ALTSVC set to NULLDaniel Stenberg
2019-09-27FTP: url-decode path before evaluationZenju
Closes #4428
2019-09-27vtls: Fix comment typo about macosx-version-min compiler flagjulian
Closes https://github.com/curl/curl/pull/4425
2019-09-26quiche: don't close connection at end of stream!Daniel Stenberg
2019-09-26quiche: set 'drain' when returning without having drained the queuesDaniel Stenberg
2019-09-26Revert "FTP: url-decode path before evaluation"Daniel Stenberg
This reverts commit 2f036a72d543e96128bd75cb0fedd88815fd42e2.
2019-09-26FTP: url-decode path before evaluationZenju
Closes #4423
2019-09-26openssl: use strerror on SSL_ERROR_SYSCALLDaniel Stenberg
Instead of showing the somewhat nonsensical errno number, use strerror() to provide a more relatable error message. Closes #4411
2019-09-26url: don't set appconnect time for non-ssl/non-ssh connectionsJay Satiro
Prior to this change non-ssl/non-ssh connections that were reused set TIMER_APPCONNECT [1]. Arguably that was incorrect since no SSL/SSH handshake took place. [1]: TIMER_APPCONNECT is publicly known as CURLINFO_APPCONNECT_TIME in libcurl and %{time_appconnect} in the curl tool. It is documented as "the time until the SSL/SSH handshake is completed". Reported-by: Marcel Hernandez Ref: https://github.com/curl/curl/issues/3760 Closes https://github.com/curl/curl/pull/3773
2019-09-25ngtcp2: remove fprintf() callsDaniel Stenberg
- convert some of them to H3BUF() calls to infof() - remove some of them completely - made DEBUG_HTTP3 defined only if CURLDEBUG is set for now Closes #4421
2019-09-25url: fix the NULL hostname compiler warning caseJay Satiro
Closes #4403