Age | Commit message (Collapse) | Author |
|
unit1309 and vtls/gtls: error: arithmetic on a null pointer treated as a
cast from integer to pointer is a GNU extension
Reported-by: Rikard Falkeborn
Fixes #2466
Closes #2468
|
|
... and use this type instead of 'sa_family_t' in the code since several
platforms don't have it.
Closes #2463
|
|
|
|
... since they return size_t anyway!
closes #2462
|
|
In the situation of a client connecting to an FTP server using an IPv6
tunnel proxy, the connection info will indicate that the connection is
IPv6. However, because the server behing the proxy is IPv4, it is
permissable to attempt PSV mode. In the case of the FTP server being
IPv4 only, EPSV will always fail, and with the current logic curl will
be unable to connect to the server, as the IPv6 fwdproxy causes curl to
think that EPSV is impossible.
Closes #2432
|
|
curl 7.57.0 and up interpret this according to Appendix E.3.2 of RFC
8089 but then returns an error saying this is unimplemented. This is
actually a regression in behavior on both Windows and Unix.
Before curl 7.57.0 this URL was treated as a path of "//foo/bar" and
then passed to the relevant OS API. This means that the behavior of this
case is actually OS dependent.
The Unix path resolution rules say that the OS must handle swallowing
the extra "/" and so this path is the same as "/foo/bar"
The Windows path resolution rules say that this is a UNC path and
automatically handles the SMB access for the program. So curl on Windows
was already doing Appendix E.3.2 without any special code in curl.
Regression
Closes #2438
|
|
This reverts commit dc85437736e1fc90e689bb1f6c51c8f1aa9430eb.
libcurl (with the OpenSSL backend) performs server certificate verification
even if verifypeer == 0 and the verification result is available using
CURLINFO_SSL_VERIFYRESULT. The commit that is being reverted caused the
CURLINFO_SSL_VERIFYRESULT to not have useful information for the
verifypeer == 0 use case (it would always have
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY).
Closes #2451
|
|
(mbedtls 2.70 compiled with MBEDTLS_DEPRECATED_REMOVED)
Closes #2453
|
|
closes #2458
|
|
This fixes a segfault occurring when a name of the (invalid) form "domain..tld"
is processed.
test46 updated to cover this case.
Follow-up to commit c990ead.
Ref: https://github.com/curl/curl/pull/2440
|
|
... as OpenSSL >= 1.1.0 and libressl >= 2.7.0 use different argument types.
|
|
- LibreSSL 2.7 implements (most of) OpenSSL 1.1 API
Fixes #2319
Closes #2447
Closes #2448
Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
|
|
This makes libcurl handle thousands of cookies much better and speedier.
Closes #2440
|
|
This drops the cookie load time for 8k cookies from 178ms to 15ms.
Closes #2441
|
|
In order to make curl_multi_timeout() return suitable "sleep" times even
when there's no socket to wait for while the name is being resolved in a
helper thread.
It will increases the timeouts as time passes.
Closes #2419
|
|
Closes #2399
|
|
This is fixes #2358
|
|
If a connection has received a GOAWAY frame while not being used, the
function now reads frames off the connection before trying to reuse it
to avoid reusing connections the server has told us not to use.
Reported-by: Alex Baines
Fixes #1967
Closes #2402
|
|
Make the integer overflow check not rely on the undefined behavior that
a size_t wraps around on overflow.
Detected by lgtm.com
Closes #2408
|
|
Detected by lgtm.com
|
|
Detected by lgtm.com
|
|
RFC822 section 5.2 mentions Universal Time, 'UT', to be synonymous with
GMT.
Closes #2401
|
|
Currently CMake cannot detect Brotli support. This adds detection of the
libraries and associated header files. It also adds this to the
generated config.
Closes #2392
|
|
|
|
This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request
shuffling of IP addresses returned for a hostname when there is more
than one. This is useful when the application knows that a round robin
approach is appropriate and is willing to accept the consequences of
potentially discarding some preference order returned by the system's
implementation.
Closes #1694
|
|
To offer applications a more defined behavior, we clear the buffer as
early as possible.
Assisted-by: Jay Satiro
Fixes #2190
Closes #2377
|
|
Add --haproxy-protocol for the command line tool
Closes #2162
|
|
When a transfer is requested to get done and it is put in the pending
queue when limited by number of connections, total or per-host, libcurl
would previously very aggressively retry *ALL* pending transfers to get
them transferring. That was very time consuming.
By reducing the aggressiveness in how pending are being retried, we
waste MUCH less time on putting transfers back into pending again.
Some test cases got a factor 30(!) speed improvement with this change.
Reported-by: Cyril B
Fixes #2369
Closes #2383
|
|
Especially unpausing a transfer might have to move the socket back to the
"currently used sockets" hash to get monitored. Otherwise it would never get
any more data and get stuck. Easily triggered with pausing using the
multi_socket API.
Reported-by: Philip Prindeville
Bug: https://curl.haxx.se/mail/lib-2018-03/0048.html
Fixes #2393
Closes #2391
|
|
Due to very frequent updates of the rate limit "window", it could
attempt to rate limit within the same milliseconds and that then made
the calculations wrong, leading to it not behaving correctly on very
fast transfers.
This new logic updates the rate limit "window" to be no shorter than the
last three seconds and only updating the timestamps for this when
switching between the states TOOFAST/PERFORM.
Reported-by: 刘佩东
Fixes #2386
Closes #2388
|
|
Found via `codespell`
Closes #2389
|
|
Closes #2387
|
|
This is what "HTTP/0.9" basically looks like.
Reported on IRC
Closes #2382
|
|
Fixes #2380
|
|
This reverts commit a577059f92fc65bd6b81717f0737f897a5b34248.
The assignment really needs to be there or we risk working with an
uninitialized pointer.
|
|
follow-up to 72a0f62
|
|
To sync it with changes made for the libssh2 project.
Also cleanup some whitespace.
|
|
... don't consider it an error!
Assisted-by: Jay Satiro
Reported-by: Łukasz Domeradzki
Fixes #2365
Closes #2375
|
|
|
|
CVE-2018-1000121
Reported-by: Dario Weisser
Bug: https://curl.haxx.se/docs/adv_2018-97a2.html
|
|
Refuse to operate when given path components featuring byte values lower
than 32.
Previously, inserting a %00 sequence early in the directory part when
using the 'singlecwd' ftp method could make curl write a zero byte
outside of the allocated buffer.
Test case 340 verifies.
CVE-2018-1000120
Reported-by: Duy Phan Thanh
Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
|
|
CVE-2018-1000122
Bug: https://curl.haxx.se/docs/adv_2018-b047.html
Detected by OSS-fuzz
|
|
... and make sure to avoid integer overflows with really large values.
Reported-by: 刘佩东
Fixes #2371
Closes #2373
|
|
follow-up to e04417d
|
|
|
|
Reported-by: Michael Kaufmann
Fixes #2357
Closes #2362
|
|
... as it is interesting for many users.
|
|
Closes #2349
|
|
gss_seal/gss_unseal have been deprecated in favor of
gss_wrap/gss_unwrap with GSS-API v2 from January 1997 [1]. The first
version of "The Kerberos Version 5 GSS-API Mechanism" [2] from June
1996 already says "GSS_Wrap() (formerly GSS_Seal())" and
"GSS_Unwrap() (formerly GSS_Unseal())".
Use the nondeprecated functions to avoid deprecation warnings.
[1] https://tools.ietf.org/html/rfc2078
[2] https://tools.ietf.org/html/rfc1964
Closes https://github.com/curl/curl/pull/2356
|
|
Added test 1265 that verifies.
Reported-by: steelman on github
Fixes #2353
Closes #2355
|