aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2020-02-28smtp: overwriting 'from' leaks memoryDaniel Stenberg
Detected by Coverity. CID 1418139. Also, make sure to return error if the new 'from' allocation fails. Closes #4997
2020-02-27smtp: fix memory leak on exit pathDaniel Stenberg
Detected by Coverity. CID 1418139. "leaked_storage: Variable 'from' going out of scope leaks the storage it points to" Closes #4990
2020-02-27gtls: Fixed compilation when using GnuTLS < 3.5.0Steve Holme
Reverts the functionality from 41fcb4f when compiling with GnuTLS older than 3.5.0. Reviewed-by: Daniel Stenberg Closes #4984
2020-02-27Curl_is_ASCII_name: handle a NULL argumentDaniel Stenberg
Make the function tolerate a NULL pointer input to avoid dereferencing that pointer. Follow-up to efce3ea5a85126d Detected by OSS-Fuzz Reviewed-By: Steve Holme Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20907 Fixes #4985 Closes #4986
2020-02-27http2: make pausing/unpausing set/clear local stream windowDaniel Stenberg
This reduces the HTTP/2 window size to 32 MB since libcurl might have to buffer up to this amount of data in memory and yet we don't want it set lower to potentially impact tranfer performance on high speed networks. Requires nghttp2 commit b3f85e2daa629 (https://github.com/nghttp2/nghttp2/pull/1444) to work properly, to end up in the next release after 1.40.0. Fixes #4939 Closes #4940
2020-02-27libssh: improve known hosts handlingAnderson Toshiyuki Sasaki
Previously, it was not possible to get a known hosts file entry due to the lack of an API. ssh_session_get_known_hosts_entry(), introduced in libssh-0.9.0, allows libcurl to obtain such information and behave the same as when compiled with libssh2. This also tries to avoid the usage of deprecated functions when the replacements are available. The behaviour will not change if versions older than libssh-0.8.0 are used. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Fixes #4953 Closes #4962
2020-02-26cookie: remove unnecessary check for 'out != 0'Daniel Stenberg
... as it will always be non-NULL at this point. Detected by Coverity: CID 1459009
2020-02-26http: added 417 response treatmentDaniel Stenberg
When doing a request with a body + Expect: 100-continue and the server responds with a 417, the same request will be retried immediately without the Expect: header. Added test 357 to verify. Also added a control instruction to tell the sws test server to not read the request body if Expect: is present, which the new test 357 uses. Reported-by: bramus on github Fixes #4949 Closes #4964
2020-02-26smtp: Tidy up, following recent changes, to maintain the coding styleSteve Holme
Closes #4892
2020-02-26smtp: Support the SMTPUTF8 extension for the EXPN commandSteve Holme
Simply notify the server we support the SMTPUTF8 extension if it does.
2020-02-26smtp: Support the SMTPUTF8 extension in the VRFY commandSteve Holme
2020-02-26smtp: Support the SMTPUTF8 extension in the RCPT TO commandSteve Holme
Note: The RCPT TO command isn't required to advertise to the server that it contains UTF-8 characters, instead the server is told that a mail may contain UTF-8 in any envelope command via the MAIL command.
2020-02-26smtp: Support the SMTPUTF8 extension in the MAIL commandSteve Holme
Support the SMTPUTF8 extension when sending mailbox information in the MAIL command (FROM and AUTH parameters). Non-ASCII domain names will be ACE encoded, if IDN is supported, whilst non-ASCII characters in the local address part are passed to the server. Reported-by: ygthien on github Fixes #4828
2020-02-26smtp: Detect server support for the UTF-8 extension as defined in RFC-6531Steve Holme
2020-02-26smtp: Support UTF-8 based host names in the VRFY commandSteve Holme
2020-02-26smtp: Support UTF-8 based host names in the RCPT TO commandSteve Holme
2020-02-26smtp: Support UTF-8 based host names in the MAIL commandSteve Holme
Non-ASCII host names will be ACE encoded if IDN is supported.
2020-02-26url: Make the IDN conversion functions available to othersSteve Holme
2020-02-24ntlm: Moved the HMAC MD5 function into the HMAC module as a generic functionSteve Holme
2020-02-23md4: Use const for the length input parameterSteve Holme
This keeps the interface the same as md5 and sha256.
2020-02-23ntlm: Removed the dependency on the TLS libaries when using MD5Steve Holme
As we have our own MD5 implementation use the MD5 wrapper to remove the TLS dependency. Closes #4967
2020-02-23md5/sha256: Updated the functions to allow non-string data to be hashedSteve Holme
2020-02-23digest: Corrected the name of the local HTTP digest functionSteve Holme
Follow up to 2b5b37cb. Local static functions do not require the Curl prefix.
2020-02-22tests: Added a unit test for SHA256 digest generationSteve Holme
Follow up to 2b5b37c. Closes #4968
2020-02-22md4: Fixed compilation issues when using GNU TLS gcryptSteve Holme
* Don't include 'struct' in the gcrypt MD4_CTX typedef * The call to gcry_md_read() should use a dereferenced ctx * The call to gcry_md_close() should use a dereferenced ctx Additional minor whitespace issue in the USE_WIN32_CRYPTO code. Closes #4959
2020-02-21http2: now require nghttp2 >= 1.12.0Daniel Stenberg
To simplify our code and since earlier versions lack important function calls libcurl needs to function correctly. nghttp2 1.12.0 was relased on June 26, 2016. Closes #4961
2020-02-21gtls: fix the copyright yearDaniel Stenberg
Follow-up from 41fcb4f609
2020-02-21GnuTLS: Always send client certjethrogb
TLS servers may request a certificate from the client. This request includes a list of 0 or more acceptable issuer DNs. The client may use this list to determine which certificate to send. GnuTLS's default behavior is to not send a client certificate if there is no match. However, OpenSSL's default behavior is to send the configured certificate. The `GNUTLS_FORCE_CLIENT_CERT` flag mimics OpenSSL behavior. Authored-by: jethrogb on github Fixes #1411 Closes #4958
2020-02-21cleanup: comment typosDaniel Stenberg
Spotted by 'codespell' Closes #4957
2020-02-20win32: USE_WIN32_CRYPTO to enable Win32 based MD4, MD5 and SHA256 functionsSteve Holme
Whilst lib\md4.c used this pre-processor, lib\md5.c and src\tool_metalink.c did not and simply relied on the WIN32 pre-processor directive. Reviewed-by: Marcel Raad Closes #4955
2020-02-19connect: remove some spurious infof() callsDaniel Stenberg
As they were added primarily for debugging, they provide little use for users. Closes #4951
2020-02-19nit: Copyright year out of dateDaniel Stenberg
Follow-up to 1fc0617dcc
2020-02-18tool_util: Improve Windows version of tvnow()Jay Satiro
- Change tool_util.c tvnow() for Windows to match more closely to timeval.c Curl_now(). - Create a win32 init function for the tool, since some initialization is required for the tvnow() changes. Prior to this change the monotonic time function used by curl in Windows was determined at build-time and not runtime. That was a problem because when curl was built targeted for compatibility with old versions of Windows (eg _WIN32_WINNT < 0x0600) it would use GetTickCount which wraps every 49.7 days that Windows has been running. This change makes curl behave similar to libcurl's tvnow function, which determines at runtime whether the OS is Vista+ and if so calls QueryPerformanceCounter instead. (Note QueryPerformanceCounter is used because it has higher resolution than the more obvious candidate GetTickCount64). The changes to tvnow are basically a copy and paste but the types in some cases are different. Ref: https://github.com/curl/curl/issues/3309 Closes https://github.com/curl/curl/pull/4847
2020-02-18SOCKS: fix typo in printf formattingDaniel Stenberg
Follow-up to 4a4b63daa Reported-by: Peter Piekarski Bug: https://github.com/curl/curl/commit/4a4b63daaa01ef59b131d91e8e6e6dfe275c0f08#r37351330
2020-02-18altsvc: make saving the cache an atomic operationDaniel Stenberg
... by writing the file to temp name then rename to the final when done. Assisted-by: Jay Satiro Fixes #4936 Closes #4942
2020-02-18rename: a new file for Curl_rename()Daniel Stenberg
And make the cookie save function use it.
2020-02-17cookies: make saving atomic with a renameDaniel Stenberg
Saves the file as "[filename].[8 random hex digits].tmp" and renames away the extension when done. Co-authored-by: Jay Satiro Reported-by: Mike Frysinger Fixes #4914 Closes #4926
2020-02-17socks: make the connect phase non-blockingDaniel Stenberg
Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-16multi: if Curl_readwrite sets 'comeback' use expire, not loopDaniel Stenberg
Otherwise, a very fast single transfer ricks starving out other concurrent transfers. Closes #4927
2020-02-16ftp: convert 'sock_accepted' to a plain booleanDaniel Stenberg
This was an array indexed with sockindex but it was only ever used for the secondary socket. Closes #4929
2020-02-13tool_home: Fix the copyright year being out of dateSteve Holme
Follow up to 9dc350b6.
2020-02-12tool_homedir: Change GetEnv() to use libcurl's curl_getenv()Jay Satiro
- Deduplicate GetEnv() code. - On Windows change ultimate call to use Windows API GetEnvironmentVariable() instead of C runtime getenv(). Prior to this change both libcurl and the tool had their own GetEnv which over time diverged. Now the tool's GetEnv is a wrapper around curl_getenv (libcurl API function which is itself a wrapper around libcurl's GetEnv). Furthermore this change fixes a bug in that Windows API GetEnvironmentVariable() is called instead of C runtime getenv() to get the environment variable since some changes aren't always visible to the latter. Reported-by: Christoph M. Becker Fixes https://github.com/curl/curl/issues/4774 Closes https://github.com/curl/curl/pull/4863
2020-02-12strerror.h: Copyright year out of dateDaniel Stenberg
Follow-up to 1c4fa67e8a8fcf6
2020-02-12strerror: Increase STRERROR_LEN 128 -> 256Jay Satiro
STRERROR_LEN is the constant used throughout the library to set the size of the buffer on the stack that the curl strerror functions write to. Prior to this change some extended length Windows error messages could be truncated. Closes https://github.com/curl/curl/pull/4920
2020-02-12multi: fix outdated commentJay Satiro
- Do not say that conn->data is "cleared" by multi_done(). If the connection is in use then multi_done assigns another easy handle still using the connection to conn->data, therefore in that case it is not cleared. Closes https://github.com/curl/curl/pull/4901
2020-02-12easy: remove dead codeJay Satiro
multi is already assigned to data->multi by curl_multi_add_handle. Closes https://github.com/curl/curl/pull/4900
2020-02-09smtp: Simplify the MAIL command and avoid a duplication of send stringsSteve Holme
This avoids the duplication of strings when the optional AUTH and SIZE parameters are required. It also assists with the modifications that are part of #4892. Closes #4903
2020-02-09altsvc: keep a copy of the file name to survive handle resetDaniel Stenberg
The alt-svc cache survives a call to curl_easy_reset fine, but the file name to use for saving the cache was cleared. Now the alt-svc cache has a copy of the file name to survive handle resets. Added test 1908 to verify. Reported-by: Craig Andrews Fixes #4898 Closes #4902
2020-02-09url: Include the failure reason when curl_win32_idn_to_ascii() failsSteve Holme
Provide the failure reason in the failf() info just as we do for the libidn2 version of code. Closes #4899
2020-02-09asyn-thread: remove dead codeJay Satiro