aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2018-05-14ntlm: Fix format specifiersRikard Falkeborn
2018-05-14lib: Fix format specifiersRikard Falkeborn
2018-05-14http2: getsock fix for uploadsDaniel Stenberg
When there's an upload in progress, make sure to wait for the socket to become writable. Detected-by: steini2000 on github Bug: #2520 Closes #2567
2018-05-14pingpong: fix response cache memcpy overflowDaniel Stenberg
Response data for a handle with a large buffer might be cached and then used with the "closure" handle when it has a smaller buffer and then the larger cache will be copied and overflow the new smaller heap based buffer. Reported-by: Dario Weisser CVE: CVE-2018-1000300 Bug: https://curl.haxx.se/docs/adv_2018-82c2.html
2018-05-14http: restore buffer pointer when bad response-line is parsedDaniel Stenberg
... leaving the k->str could lead to buffer over-reads later on. CVE: CVE-2018-1000301 Assisted-by: Max Dymond Detected by OSS-Fuzz. Bug: https://curl.haxx.se/docs/adv_2018-b138.html Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105
2018-05-13cookies: do not take cookie name as a parameterPatrick Monnerat
RFC 6265 section 4.2.1 does not set restrictions on cookie names. This is a follow-up to commit 7f7fcd0. Also explicitly check proper syntax of cookie name/value pair. New test 1155 checks that cookie names are not reserved words. Reported-By: anshnd at github Fixes #2564 Closes #2566
2018-05-12smb: reject negative file sizesDaniel Stenberg
Assisted-by: Max Dymond Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245
2018-05-11setup_transfer: deal with both sockets being -1Daniel Stenberg
Detected by Coverity; CID 1435559. Follow-up to f8d608f38d00. It would index the array with -1 if neither index was a socket.
2018-05-10openssl: change FILE ops to BIO opsSunny Purushe
To make builds with VS2015 work. Recent changes in VS2015 _IOB_ENTRIES handling is causing problems. This fix changes the OpenSSL backend code to use BIO functions instead of FILE I/O functions to circumvent those problems. Closes #2512
2018-05-04vtls: fix missing commasDaniel Stenberg
follow-up to e66cca046cef
2018-05-04vtls: use unified "supports" bitfield member in backendsDaniel Stenberg
... instead of previous separate struct fields, to make it easier to extend and change individual backends without having to modify them all. closes #2547
2018-05-04transfer: don't unset writesockfd on setup of multiplexed connsDaniel Stenberg
Curl_setup_transfer() can be called to setup a new individual transfer over a multiplexed connection so it shouldn't unset writesockfd. Bug: #2520 Closes #2549
2018-05-04http: don't set the "rewind" flag when not uploading anythingDaniel Stenberg
It triggers an assert. Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8144 Closes #2546
2018-05-03ssh-libssh.c: fix left shift compiler warningDaniel Stenberg
ssh-libssh.c:2429:21: warning: result of '1 << 31' requires 33 bits to represent, but 'int' only has 32 bits [-Wshift-overflow=] 'len' will never be that big anyway so I converted the run-time check to a regular assert.
2018-05-03URL: fix ASCII dependency in strcpy_url and strlen_urlStephan Mühlstrasser
Commit 3c630f9b0af097663a64e5c875c580aa9808a92b partially reverted the changes from commit dd7521bcc1b7a6fcb53c31f9bd1192fcc884bd56 because of the problem that strcpy_url() was modified unilaterally without also modifying strlen_url(). As a consequence strcpy_url() was again depending on ASCII encoding. This change fixes strlen_url() and strcpy_url() in parallel to use a common host-encoding independent criterion for deciding whether an URL character must be %-escaped. Closes #2535
2018-05-02vtls: don't define MD5_DIGEST_LENGTH for wolfsslDaniel Stenberg
... as it defines it (too)
2018-05-02wolfssl: Fix non-blocking connectDavid Garske
Closes https://github.com/curl/curl/pull/2542
2018-04-27cookies: remove unused macroDaniel Gustafsson
Commit 2bc230de63 made the macro MAX_COOKIE_LINE_TXT become unused, so remove as it's not part of the published API. Closes https://github.com/curl/curl/pull/2537
2018-04-27checksrc: force indentation of lines after an elseDaniel Gustafsson
This extends the INDENTATION case to also handle 'else' statements and require proper indentation on the following line. Also fixes the offending cases found in the codebase. Closes #2532
2018-04-26http2: fix null pointer dereference in http2_connisdeadDaniel Stenberg
This function can get called on a connection that isn't setup enough to have the 'recv_underlying' function pointer initialized so it would try to call the NULL pointer. Reported-by: Dario Weisser Follow-up to db1b2c7fe9b093f8 (never shipped in a release) Closes #2536
2018-04-26http2: get rid of another strstr()Daniel Stenberg
Follow-up to 1514c44655e12e: replace another strstr() call done on a buffer that might not be zero terminated - with a memchr() call, even if we know the substring will be found. Assisted-by: Max Dymond Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021 Closes #2534
2018-04-26cyassl: adapt to libraries without TLS 1.0 support built-inDaniel Stenberg
WolfSSL doesn't enable it by default anymore
2018-04-25cookies: ensure that we have cookies before writing jarDaniel Gustafsson
The jar should be written iff there are cookies, so ensure that we still have cookies after expiration to avoid creating an empty file. Closes #2529
2018-04-25strcpy_url: only %-encode values >= 0x80Daniel Stenberg
OSS-Fuzz detected https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8000 Broke in dd7521bcc1b7
2018-04-24mime: avoid NULL pointer dereference riskDaniel Stenberg
Coverity detected, CID 1435120 Closes #2527
2018-04-24ctype: restore character classification for non-ASCII platformsStephan Mühlstrasser
With commit 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2 curl-speficic character classification macros and functions were introduced in curl_ctype.[ch] to avoid dependencies on the locale. This broke curl on non-ASCII, e.g. EBCDIC platforms. This change restores the previous set of character classification macros when CURL_DOES_CONVERSIONS is defined. Closes #2494
2018-04-24ftplistparser: keep state between invokesDaniel Stenberg
Fixes FTP wildcard parsing when done over a number of read buffers. Regression from f786d1f14 Reported-by: wncboy on github Fixes #2445 Closes #2526
2018-04-24Revert "ftplistparser: keep state between invokes"Daniel Stenberg
This reverts commit abbc8457d85aca74b7cfda1d394b0844932b2934. Caused fuzzer problems on travis not seen when this was a PR!
2018-04-24Curl_memchr: zero length input can't matchDaniel Stenberg
Avoids undefined behavior. Reported-by: Geeknik Labs
2018-04-23ftplistparser: keep state between invokesDaniel Stenberg
Fixes FTP wildcard parsing when doing over a number of read buffers. Regression from f786d1f14 Reported-by: wncboy on github Fixes #2445 Closes #2519
2018-04-23ftplistparser: renamed some members and variablesDaniel Stenberg
... to make them better spell out what they're for.
2018-04-23curl_global_sslset: always provide available backendsChristian Schmitz
Closes #2499
2018-04-23http2: convert an assert to run-time checkDaniel Stenberg
Fuzzing has proven we can reach code in on_frame_recv with status_code not having been set, so let's detect that in run-time (instead of with assert) and error error accordingly. (This should no longer happen with the latest nghttp2) Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7903 Closes #2514
2018-04-23schannel: fix build error on targets <= XPArchangel_SDY
- Use CRYPT_STRING_HEX instead of CRYPT_STRING_HEXRAW since XP doesn't support the latter. Ref: https://github.com/curl/curl/pull/2376#issuecomment-382153668 Closes https://github.com/curl/curl/pull/2504
2018-04-23Revert "ftplistparser: keep state between invokes"Daniel Stenberg
This reverts commit 8fb78f9ddc6d858d630600059b8ad84a80892fd9. Unfortunately this fix introduces memory leaks I've not been able to fix in several days. Reverting this for now to get the leaks fixed.
2018-04-20http2: handle GOAWAY properlyDaniel Stenberg
When receiving REFUSED_STREAM, mark the connection for close and retry streams accordingly on another/fresh connection. Reported-by: Terry Wu Fixes #2416 Fixes #1618 Closes #2510
2018-04-20http2: clear the "drain counter" when a stream is closedDaniel Stenberg
This fixes the notorious "httpc->drain_total >= data->state.drain" assert. Reported-by: Anders Bakken Fixes #1680 Closes #2509
2018-04-20http2: avoid strstr() on data not zero terminatedDaniel Stenberg
It's not strictly clear if the API contract allows us to call strstr() on a string that isn't zero terminated even when we know it will find the substring, and clang's ASAN check dislikes us for it. Also added a check of the return code in case it fails, even if I can't think of a situation how that can trigger. Detected by OSS-Fuzz Closes #2513 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760
2018-04-20openssl: fix subjectAltName check on non-ASCII platformsStephan Mühlstrasser
Curl_cert_hostcheck operates with the host character set, therefore the ASCII subjectAltName string retrieved with OpenSSL must be converted to the host encoding before comparison. Closes #2493
2018-04-20openssl: Add support for OpenSSL 1.1.1 verbose-mode trace messagesJay Satiro
- Support handling verbose-mode trace messages of type SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS, SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO, SSL3_MT_MESSAGE_HASH Reported-by: iz8mbw@users.noreply.github.com Fixes https://github.com/curl/curl/issues/2403
2018-04-19ftplistparser: keep state between invokesDaniel Stenberg
Regression from f786d1f14 Reported-by: wncboy on github Fixes #2445 Closes #2508
2018-04-19detect_proxy: only show proxy use if it had contentsDaniel Stenberg
2018-04-19http2: handle on_begin_headers() called more than onceDaniel Stenberg
This triggered an assert if called more than once in debug mode (and a memory leak if not debug build). With the right sequence of HTTP/2 headers incoming it can happen. Detected by OSS-Fuzz Closes #2507 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764
2018-04-18schannel: add support for CURLOPT_CAINFODan McNulty
- Move verify_certificate functionality in schannel.c into a new file called schannel_verify.c. Additionally, some structure defintions from schannel.c have been moved to schannel.h to allow them to be used in schannel_verify.c. - Make verify_certificate functionality for Schannel available on all versions of Windows instead of just Windows CE. verify_certificate will be invoked on Windows CE or when the user specifies CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER. - In verify_certificate, create a custom certificate chain engine that exclusively trusts the certificate store backed by the CURLOPT_CAINFO file. - doc updates of --cacert/CAINFO support for schannel - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString when available. This implements a TODO in schannel.c to improve handling of multiple SANs in a certificate. In particular, all SANs will now be searched instead of just the first name. - Update tool_operate.c to not search for the curl-ca-bundle.crt file when using Schannel to maintain backward compatibility. Previously, any curl-ca-bundle.crt file found in that search would have been ignored by Schannel. But, with CAINFO support, the file found by that search would have been used as the certificate store and could cause issues for any users that have curl-ca-bundle.crt in the search path. - Update url.c to not set the build time CURL_CA_BUNDLE if the selected SSL backend is Schannel. We allow setting CA location for schannel only when explicitly specified by the user via CURLOPT_CAINFO / --cacert. - Add new test cases 3000 and 3001. These test cases check that the first and last SAN, respectively, matches the connection hostname. New test certificates have been added for these cases. For 3000, the certificate prefix is Server-localhost-firstSAN and for 3001, the certificate prefix is Server-localhost-secondSAN. - Remove TODO 15.2 (Add support for custom server certificate validation), this commit addresses it. Closes https://github.com/curl/curl/pull/1325
2018-04-17schannel: fix warningJay Satiro
- Fix warning 'integer from pointer without a cast' on 3rd arg in CertOpenStore. The arg type HCRYPTPROV may be a pointer or integer type of the same size. Follow-up to e35b025. Caught by Marc's CI builds.
2018-04-17schannel: add client certificate authenticationArchangel_SDY
Users can now specify a client certificate in system certificates store explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"` Closes #2376
2018-04-16ntlm_sspi: fix authentication using Credential Managertoughengineer
If you pass empty user/pass asking curl to use Windows Credential Storage (as stated in the docs) and it has valid credentials for the domain, e.g. curl -v -u : --ntlm example.com currently authentication fails. This change fixes it by providing proper SPN string to the SSPI API calls. Fixes https://github.com/curl/curl/issues/1622 Closes https://github.com/curl/curl/pull/1660
2018-04-16urldata: make service names unconditionalMarcel Raad
The ifdefs have become quite long. Also, the condition for the definition of CURLOPT_SERVICE_NAME and for setting it from CURLOPT_SERVICE_NAME have diverged. We will soon also need the two options for NTLM, at least when using SSPI, for https://github.com/curl/curl/pull/1660. Just make the definitions unconditional to make that easier. Closes https://github.com/curl/curl/pull/2479
2018-04-16ssh: show libSSH2 error code when closing failsChristian Schmitz
Closes #2500
2018-04-15vauth: Fix typoDaniel Gustafsson
Address various spellings of "credentials". Closes https://github.com/curl/curl/pull/2496