aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2017-11-09imap: deal with commands case insensitivelyDaniel Stenberg
As documented in RFC 3501 section 9: https://tools.ietf.org/html/rfc3501#section-9 Closes #2061
2017-11-09connect: store IPv6 connection status after valid connectionDaniel Stenberg
... previously it would store it already in the happy eyeballs stage which could lead to the IPv6 bit being set for an IPv4 connection, leading to curl not wanting to do EPSV=>PASV for FTP transfers. Closes #2053
2017-11-09content_encoding: fix inflate_stream for no bytes availableJay Satiro
- Don't call zlib's inflate() when avail_in stream bytes is 0. This is a follow up to the parent commit 19e66e5. Prior to that change libcurl's inflate_stream could call zlib's inflate even when no bytes were available, causing inflate to return Z_BUF_ERROR, and then inflate_stream would treat that as a hard error and return CURLE_BAD_CONTENT_ENCODING. According to the zlib FAQ, Z_BUF_ERROR is not fatal. This bug would happen randomly since packet sizes are arbitrary. A test of 10,000 transfers had 55 fail (ie 0.55%). Ref: https://zlib.net/zlib_faq.html#faq05 Closes https://github.com/curl/curl/pull/2060
2017-11-07content_encoding: do not write 0 length dataPatrick Monnerat
2017-11-06fnmatch: remove dead codeDaniel Stenberg
There was a duplicate check for backslashes in the setcharset() function. Coverity CID 1420611
2017-11-06url: remove unncessary NULL-checkDaniel Stenberg
Since 'conn' won't be NULL in there and we also access the pointer in there without the check. Coverity CID 1420610
2017-11-05Makefile.m32: allow to customize brotli libsViktor Szakats
It adds the ability to link against static brotli libs. Also fix brotli include path.
2017-11-05Makefile.m32: add brotli supportViktor Szakats
2017-11-05HTTP: implement Brotli content encodingPatrick Monnerat
This uses the brotli external library (https://github.com/google/brotli). Brotli becomes a feature: additional curl_version_info() bit and structure fields are provided for it and CURLVERSION_NOW bumped. Tests 314 and 315 check Brotli content unencoding with correct and erroneous data. Some tests are updated to accomodate with the now configuration dependent parameters of the Accept-Encoding header.
2017-11-05HTTP: support multiple Content-EncodingsPatrick Monnerat
This is implemented as an output streaming stack of unencoders, the last calling the client write procedure. New test 230 checks this feature. Bug: https://github.com/curl/curl/pull/2002 Reported-By: Daniel Bankhead
2017-11-04url: remove arg value check from CURLOPT_SSH_AUTH_TYPESJay Satiro
Since CURLSSH_AUTH_ANY (aka CURLSSH_AUTH_DEFAULT) is ~0 an arg value check on this option is incorrect; we have to accept any value. Prior to this change since f121575 (7.56.1+) CURLOPT_SSH_AUTH_TYPES erroneously rejected CURLSSH_AUTH_ANY with CURLE_BAD_FUNCTION_ARGUMENT. Bug: https://github.com/curl/curl/commit/f121575#commitcomment-25347120
2017-11-04ntlm: avoid malloc(0) for zero length passwordsDaniel Stenberg
It triggers an assert() when built with memdebug since malloc(0) may return NULL *or* a valid pointer. Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4054 Assisted-by: Max Dymond Closes #2054
2017-11-03CURLOPT_INFILESIZE: accept -1Daniel Stenberg
Regression since f121575 Reported-by: Petr Voytsik Fixes #2047
2017-11-02url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1Jay Satiro
Prior to this change since f121575 (7.56.1+) CURLOPT_DNS_CACHE_TIMEOUT erroneously rejected -1 with CURLE_BAD_FUNCTION_ARGUMENT.
2017-11-01http2: Fixed OOM handling in upgrade requestDan Fandrich
This caused the torture tests on test 1800 to fail.
2017-11-01CURLOPT_MAXREDIRS: allow -1 as a valueDaniel Stenberg
... which is valid according to documentation. Regression since f121575c0b5f. Verified now in test 501. Reported-by: cbartl on github Fixes #2038 Closes #2039
2017-11-01include: remove conncache.h inclusion from where its not neededDaniel Stenberg
2017-11-01url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1Jay Satiro
.. also add same arg value check to CURLOPT_POSTFIELDSIZE_LARGE. Prior to this change since f121575 (7.56.1+) CURLOPT_POSTFIELDSIZE erroneously rejected -1 value with CURLE_BAD_FUNCTION_ARGUMENT. Bug: https://curl.haxx.se/mail/lib-2017-11/0000.html Reported-by: Andrew Lambert
2017-10-31cookie: avoid NULL dereferenceDaniel Stenberg
... when expiring old cookies. Reported-by: Pavel Gushchin Fixes #2032 Closes #2035
2017-10-30memdebug: use send/recv signature for curl_dosend/curl_dorecvMarcel Raad
This avoids build errors and warnings caused by implicit casts. Closes https://github.com/curl/curl/pull/2031
2017-10-30curlx: the timeval functions are no longer provided as curlx_*Daniel Stenberg
Pointed-out-by: Dmitri Tikhonov Bug: #2034
2017-10-30select: update commentsDaniel Stenberg
s/curlx_tvnow/Curl_now
2017-10-30timeval: use mach time on MacOSDmitri Tikhonov
If clock_gettime() is not supported, use mach_absolute_time() on MacOS. closes #2033
2017-10-29timeleft: made two more users of Curl_timeleft use timediff_tDaniel Stenberg
2017-10-28cmake: Export libcurl and curl targets to use by other cmake projectsJakub Zakrzewski
The config files define curl and libcurl targets as imported targets CURL::curl and CURL::libcurl. For backward compatibility with CMake- provided find-module the CURL_INCLUDE_DIRS and CURL_LIBRARIES are also set. Closes #1879
2017-10-28auth: add support for RFC7616 - HTTP Digest access authenticationFlorin
Signed-off-by: Florin <petriuc.florin@gmail.com>
2017-10-28Curl_timeleft: change return type to timediff_tDaniel Stenberg
returning 'time_t' is problematic when that type is unsigned and we return values less than zero to signal "already expired", used in several places in the code. Closes #2021
2017-10-27setopt: fix CURLOPT_SSH_AUTH_TYPES option readDaniel Stenberg
Regression since f121575c0b5f Reported-by: Rob Cotrone
2017-10-27resolvers: only include anything if neededMarcel Raad
This avoids warnings about unused stuff. Closes https://github.com/curl/curl/pull/2023
2017-10-27curl_setup.h: oops, shorten the too long lineDaniel Stenberg
2017-10-27curl_setup: Improve detection of CURL_WINDOWS_APPMartin Storsjo
If WINAPI_FAMILY is defined, it should be safe to try to include winapifamily.h to check what the define evaluates to. This should fix detection of CURL_WINDOWS_APP if building with _WIN32_WINNT set to 0x0600. Closes #2025
2017-10-26transfer: Fix chunked-encoding upload bugJay Satiro
- When uploading via chunked-encoding don't compare file size to bytes sent to determine whether the upload has finished. Chunked-encoding adds its own overhead which why the bytes sent is not equal to the file size. Prior to this change if a file was uploaded in chunked-encoding and its size was known it was possible that the upload could end prematurely without sending the final few chunks. That would result in a server hang waiting for the remaining data, likely followed by a disconnect. The scope of this bug is limited to some arbitrary file sizes which have not been determined. One size that triggers the bug is 475020. Bug: https://github.com/curl/curl/issues/2001 Reported-by: moohoorama@users.noreply.github.com Closes https://github.com/curl/curl/pull/2010
2017-10-26timeval: make timediff_t also work on 32bit windowsDaniel Stenberg
... by using curl_off_t for the typedef if time_t is larger than 4 bytes. Reported-by: Gisle Vanem Bug: https://github.com/curl/curl/commit/b9d25f9a6b3ca791385b80a6a3c3fa5ae113e1e0#co mmitcomment-25205058 Closes #2019
2017-10-26curl_fnmatch: return error on illegal wildcard patternDaniel Stenberg
... instead of doing an infinite loop! Added test 1162 to verify. Reported-by: Max Dymond Fixes #2015 Closes #2017
2017-10-26wildcards: don't use with non-supported protocolsMax Dymond
Fixes timeouts in the fuzzing tests for non-FTP protocols. Closes #2016
2017-10-25multi: allow table handle sizes to be overriddenMax Dymond
Allow users to specify their own hash define for CURL_CONNECTION_HASH_SIZE so that both values can be overridden. Closes #1982
2017-10-25time: rename Curl_tvnow to Curl_nowDaniel Stenberg
... since the 'tv' stood for timeval and this function does not return a timeval struct anymore. Also, cleaned up the Curl_timediff*() functions to avoid typecasts and clean up the descriptive comments. Closes #2011
2017-10-25ftplistparser: follow-up cleanup to remove PL_ERROR()Daniel Stenberg
2017-10-25ftplistparser: free off temporary memory alwaysMax Dymond
When using the FTP list parser, ensure that the memory that's allocated is always freed. Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3682 Closes #2013
2017-10-25timediff: return timediff_t from the time diff functionsDaniel Stenberg
... to cater for systems with unsigned time_t variables. - Renamed the functions to curlx_timediff and Curl_timediff_us. - Added overflow protection for both of them in either direction for both 32 bit and 64 bit time_ts - Reprefixed the curlx_time functions to use Curl_* Reported-by: Peter Piekarski Fixes #2004 Closes #2005
2017-10-22mk-ca-bundle: Remove URL for auroraJon DeVree
Aurora is no longer used by Mozilla https://hacks.mozilla.org/2017/04/simplifying-firefox-release-channels/
2017-10-22mk-ca-bundle: Fix URL for NSSJon DeVree
The 'tip' is the most recent branch committed to, this should be 'default' like the URLs for the browser are. Closes #1998
2017-10-22imap: if a FETCH response has no size, don't call write callbackDaniel Stenberg
CVE-2017-1000257 Reported-by: Brian Carpenter and 0xd34db347 Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586
2017-10-20ftp: reject illegal IP/port in PASV 227 responseDaniel Stenberg
... by using range checks. Among other things, this avoids an undefined behavior for a left shift that could happen on negative or very large values. Closes #1997 Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694
2017-10-20mime: do not reuse previously computed multipart sizePatrick Monnerat
The contents might have changed: size must be recomputed. Reported-by: moteus on github Fixes #1999
2017-10-19vtls: change struct Curl_ssl `close' field name to `close_one'.Patrick Monnerat
On OS/400, `close' is an ASCII system macro that corrupts the code if not used in a context not targetting the close() system API.
2017-10-19os400: add missing symbols in config file.Patrick Monnerat
Also adjust makefile to renamed files and warn about installation dirs mix-up.
2017-10-19mime: limit bas64-encoded lines length to 76 charactersPatrick Monnerat
2017-10-16setopt: range check most long optionsDaniel Stenberg
... filter early instead of risking "funny values" having to be dealt with elsewhere.
2017-10-16setopt: avoid integer overflows when setting millsecond valuesDaniel Stenberg
... that are multiplied by 1000 when stored. For 32 bit long systems, the max value accepted (2147483 seconds) is > 596 hours which is unlikely to ever be set by a legitimate application - and previously it didn't work either, it just caused undefined behavior. Also updated the man pages for these timeout options to mention the return code. Closes #1938