Age | Commit message (Collapse) | Author |
|
... to aid debugging openldap library using its built-in debug messages.
Closes #2159
|
|
... as in "file://c:\some\path\curl.out"
Reviewed-by: Matthew Kerwin
Closes #2154
|
|
Needed by HPE NonStop NSE and NSX systems
Fixes #2146
Closes #2155
|
|
Connections that are used for HTTP/1.1 Pipelining or HTTP/2 multiplexing
only get additional transfers added to them if the existing connection
is held by the same multi or easy handle. libcurl does not support doing
HTTP/2 streams in different threads using a shared connection.
Closes #2152
|
|
If the lock is released before the dealings with the bundle is over, it may
have changed by another thread in the mean time.
Fixes #2132
Fixes #2151
Closes #2139
|
|
... by removing a superfluous NULL pointer check that also confuses
Coverity.
Fixes #2143
Closes #2153
|
|
For pop3/imap/smtp, added test 891 to somewhat verify the pop3
case.
For this, I enhanced the pingpong test server to be able to send back
responses with LF-only instead of always using CRLF.
Closes #2150
|
|
Figured out while reviewing code in the libssh backend. The pointer was
checked for NULL after having been dereferenced, so we know it would
always equal true or it would've crashed.
Pointed-out-by: Nikos Mavrogiannopoulos
Bug #2143
Closes #2148
|
|
|
|
The behavior is now equivalent to ssh.c when SSH_SFTP_QUOTE_STATVFS
handling fails.
Fixes #2142
|
|
The previous code was incorrectly following the libssh2 error detection
for libssh2_sftp_statvfs, which is not correct for libssh's sftp_statvfs.
Fixes #2142
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
Fixes #2141
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
- remove superfluous NULL check which otherwise tricks the static code
analyzers to assume NULL pointer dereferences.
- fix fallthrough in switch()
- indent mistake
|
|
Removes another #ifdef for BoringSSL
Pointed-out-by: David Benjamin
Closes #2134
|
|
The SFTP back-end supports asynchronous reading only, limited
to 32-bit file length. Writing is synchronous with no other
limitations.
This also brings keyboard-interactive authentication.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
This brings its in sync with the error code returned by the
libssh backend.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
That also updates tests to expect the right error code
libssh2 back-end returns CURLE_SSH error if the remote file
is not found. Expect instead CURLE_REMOTE_FILE_NOT_FOUND
which is sent by the libssh backend.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
libssh is an alternative library to libssh2.
https://www.libssh.org/
That patch set also introduces support for ECDSA
ed25519 keys, as well as gssapi authentication.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
Absent any 'symbol map' or script to limit what gets exported, static
linking of libraries previously resulted in a libcurl with curl's and
those other symbols being (re-)exported.
This did not happen if 'versioned symbols' were enabled (which is not
the default) because then a version script is employed.
This limits exports to everything starting in 'curl_*'., which is
what "libcurl.vers" exports.
This avoids strange side-effects such as with mixing methods
from system libraries and those erroneously offered by libcurl.
Closes #2127
|
|
Originally, my idea was to allocate the two structures (or more
precisely, the connectdata structure and the four SSL backend-specific
strucutres required for ssl[0..1] and proxy_ssl[0..1]) in one go, so
that they all could be free()d together.
However, getting the alignment right is tricky. Too tricky.
So let's just bite the bullet and allocate the SSL backend-specific
data separately.
As a consequence, we now have to be very careful to release the memory
allocated for the SSL backend-specific data whenever we release any
connectdata.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes #2119
|
|
commit d3ab7c5a21e broke the boringssl build since it doesn't have
RSA_flags(), so we disable that code block for boringssl builds.
Reported-by: W. Mark Kubacki
Fixes #2117
|
|
|
|
This bit is no longer used. It is not clear what it meant for users to
"init the TLS" in a world with different TLS backends and since the
introduction of multissl, libcurl didn't properly work if inited without
this bit set.
Not a single user responded to the call for users of it:
https://curl.haxx.se/mail/lib-2017-11/0072.html
Reported-by: Evgeny Grin
Assisted-by: Jay Satiro
Fixes #2089
Fixes #2083
Closes #2107
|
|
Reported-by: Alex Nichols
Assisted-by: Kamil Dudka and Max Dymond
CVE-2017-8816
Bug: https://curl.haxx.se/docs/adv_2017-11e7.html
|
|
The code would previous read beyond the end of the pattern string if the
match pattern ends with an open bracket when the default pattern
matching function is used.
Detected by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161
CVE-2017-8817
Bug: https://curl.haxx.se/docs/adv_2017-ae72.html
|
|
- Align the array of ssl_backend_data on a max 32 byte boundary.
8 is likely to be ok but I went with 32 for posterity should one of
the ssl_backend_data structs change to contain a larger sized variable
in the future.
Prior to this change (since dev 70f1db3, release 7.56) the connectdata
structure was undersized by 4 bytes in 32-bit builds with ssl enabled
because long long * was mistakenly used for alignment instead of
long long, with the intention being an 8 byte boundary. Also long long
may not be an available type.
The undersized connectdata could lead to oob read/write past the end in
what was expected to be the last 4 bytes of the connection's secondary
socket https proxy ssl_backend_data struct (the secondary socket in a
connection is used by ftp, others?).
Closes https://github.com/curl/curl/issues/2093
CVE-2017-8818
Bug: https://curl.haxx.se/docs/adv_2017-af0a.html
|
|
With this check present, scan-build warns that we might dereference this
point in other places where it isn't first checked for NULL. Thus, if it
*can* be NULL we have a problem on a few places. However, this pointer
should not be possible to be NULL here so I remove the check and thus
also three different scan-build warnings.
Closes #2111
|
|
* LOTS of comment updates
* explicit error for SMB shares (e.g. "file:////share/path/file")
* more strict handling of authority (i.e. "//localhost/")
* now accepts dodgy old "C:|" drive letters
* more precise handling of drive letters in and out of Windows
(especially recognising both "file:c:/" and "file:/c:/")
Closes #2110
|
|
The new API added in Linux 4.11 only requires setting a socket option
before connecting, without the whole sento() machinery.
Notably, this makes it possible to use TFO with SSL connections on Linux
as well, without the need to mess around with OpenSSL (or whatever other
SSL library) internals.
Closes #2056
|
|
eg consider a non-existent interface eth8, curl --interface eth8
Before: curl: (45) Could not resolve host: eth8
After: curl: (45) Couldn't bind to 'eth8'
Bug: https://github.com/curl/curl/issues/2104
Reported-by: Alfonso Martone
|
|
Host names like "127.0.0.1 moo" would otherwise be accepted by some
getaddrinfo() implementations.
Updated test 1034 and 1035 accordingly.
Fixes #2073
Closes #2092
|
|
Closes #2098
|
|
|
|
|
|
|
|
|
|
Fixes a scan-build warning.
|
|
|
|
... so that IPv6 addresses can be passed like they can for connect-to
and how they're used in URLs.
Added test 1324 to verify
Reported-by: Alex Malinovich
Fixes #2087
Closes #2091
|
|
The previous fix https://github.com/curl/curl/pull/1788 worked just for
Xcode 9. This commit extends the fix to older Xcode versions effectively
by not using connectx function.
Fixes https://github.com/curl/curl/issues/1330
Fixes https://github.com/curl/curl/issues/2080
Closes https://github.com/curl/curl/pull/1336
Closes #2082
|
|
Fixes #2079
Closes #2081
|
|
Follow-up to aadb7c7. Verified by new test 1263.
Closes #2072
|
|
There is a conflict on symbol 'free_func' between openssl/crypto.h and
zlib.h on AIX. This is an attempt to resolve it.
Bug: https://curl.haxx.se/mail/lib-2017-11/0032.html
Reported-By: Michael Felt
|
|
Reported-by: Brian Carpenter
|
|
Closes #2071
|
|
... to make url.c smaller.
Closes #1944
|
|
CID 984459, detected by Coverity
|
|
The --interface command (CURLOPT_INTERFACE option) already uses
SO_BINDTODEVICE on Linux, but it tries to parse it as an interface or IP
address first, which fails in case the user passes a VRF.
Try to use the socket option immediately and parse it as a fallback
instead. Update the documentation to mention this feature, and that it
requires the binary to be ran by root or with CAP_NET_RAW capabilities
for this to work.
Closes #2024
|
|
|
|
As documented in RFC 3501 section 9:
https://tools.ietf.org/html/rfc3501#section-9
Closes #2061
|