Age | Commit message (Collapse) | Author |
|
The URL extracted with CURLINFO_EFFECTIVE_URL was returned as given as
input in most cases, which made it not get a scheme prefixed like before
if the URL was given without one, and it didn't remove dotdot sequences
etc.
Added test case 1907 to verify that this now works as intended and as
before 7.62.0.
Regression introduced in 7.62.0
Reported-by: Christophe Dervieux
Fixes #4491
Closes #4493
|
|
With MinGW-w64, `curl_socket_t` is is a 32 or 64 bit unsigned integer,
while `read` expects a 32 bit signed integer.
Use `sread` instead of `read` to use the correct parameter type.
Closes https://github.com/curl/curl/pull/4483
|
|
With MinGW-w64 using WinSock, `curl_socklen_t` is signed, while the
result of `sizeof` is unsigned.
Closes https://github.com/curl/curl/pull/4483
|
|
fixed build for systems that need netinet/in.h for IPPROTO_TCP and are
missing INADDR_LOOPBACK
Closes #4480
|
|
Follow-up to bc2dbef0afc08
|
|
|
|
|
|
Curl_socketpair() is designed to be used and work everywhere if there's
no native version or the native version isn't good enough.
Closes #4466
|
|
Previosly all connect() failures would return CURLE_COULDNT_CONNECT, no
matter what errno said.
This makes for example --retry work on these transfer failures.
Reported-by: Nathaniel J. Smith
Fixes #4461
Clsoes #4462
|
|
- Allow missing queries, don't return NO_MEMORY error in such a case.
It is acceptable for there to be no specified query string, for example:
curl ldap://ldap.forumsys.com
A regression bug in 1b443a7 caused this issue.
This is a partial fix for #4261.
Bug: https://github.com/curl/curl/issues/4261#issuecomment-525543077
Reported-by: Jojojov@users.noreply.github.com
Analyzed-by: Samuel Surtees
Closes https://github.com/curl/curl/pull/4467
|
|
Closes https://github.com/curl/curl/pull/4460
|
|
Closes #4457
|
|
The second argument is really a 'bool' so use that and pass in TRUE/FALSE
to make it clear.
Closes #4455
|
|
To make sure that the HTTP/2 state is initialized correctly for
duplicated handles. It would otherwise easily generate "spurious"
PRIORITY frames to get sent over HTTP/2 connections when duplicated easy
handles were used.
Reported-by: Daniel Silverstone
Fixes #4303
Closes #4442
|
|
Follow-up from 2c20109a9b5d04
Added test 663 to verify.
Reported by OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/17954
Closes #4453
|
|
This fix removes a use after free which can be triggered by
the internal cookie fuzzer, but otherwise is probably
impossible to trigger from an ordinary application.
The following program reproduces it:
curl_global_init(CURL_GLOBAL_DEFAULT);
CURL* handle=curl_easy_init();
CookieInfo* info=Curl_cookie_init(handle,NULL,NULL,false);
curl_easy_setopt(handle, CURLOPT_COOKIEJAR, "/dev/null");
Curl_flush_cookies(handle, true);
Curl_cookie_cleanup(info);
curl_easy_cleanup(handle);
curl_global_cleanup();
This was found through fuzzing.
Closes #4454
|
|
Closes #4011
|
|
... to make it handle for example (RFC violating) embeded spaces.
Reported-by: momala454 on github
Fixes #4445
Closes #4447
|
|
|
|
Closes #4410
|
|
Unknown content-encoding would get returned as CURLE_WRITE_ERROR if the
response is chunked-encoded.
Reported-by: Ilya Kosarev
Fixes #4310
Closes #4449
|
|
The loop doesn't need to be executed without a file argument.
Closes https://github.com/curl/curl/pull/4444
|
|
`dest` is only used with `ENABLE_IPV6`.
Closes https://github.com/curl/curl/pull/4444
|
|
Closes https://github.com/curl/curl/pull/4444
|
|
As mandated by the spec. Test 1654 is extended to verify.
Closes #4443
|
|
|
|
The 'share object' only sets the storage area for cookies. The "cookie
engine" still needs to be enabled or activated using the normal cookie
options.
This caused the curl command line tool to accidentally use cookies
without having been told to, since curl switched to using shared cookies
in 7.66.0.
Test 1166 verifies
Updated test 506
Fixes #4429
Closes #4434
|
|
|
|
Closes #4428
|
|
Closes https://github.com/curl/curl/pull/4425
|
|
|
|
|
|
This reverts commit 2f036a72d543e96128bd75cb0fedd88815fd42e2.
|
|
Closes #4423
|
|
Instead of showing the somewhat nonsensical errno number, use strerror()
to provide a more relatable error message.
Closes #4411
|
|
Prior to this change non-ssl/non-ssh connections that were reused set
TIMER_APPCONNECT [1]. Arguably that was incorrect since no SSL/SSH
handshake took place.
[1]: TIMER_APPCONNECT is publicly known as CURLINFO_APPCONNECT_TIME in
libcurl and %{time_appconnect} in the curl tool. It is documented as
"the time until the SSL/SSH handshake is completed".
Reported-by: Marcel Hernandez
Ref: https://github.com/curl/curl/issues/3760
Closes https://github.com/curl/curl/pull/3773
|
|
- convert some of them to H3BUF() calls to infof()
- remove some of them completely
- made DEBUG_HTTP3 defined only if CURLDEBUG is set for now
Closes #4421
|
|
Closes #4403
|
|
|
|
Follow-up to d176a2c7e5
|
|
The parser would check for a query part before fragment, which caused it
to do wrong when the fragment contains a question mark.
Extended test 1560 to verify.
Reported-by: Alex Konev
Fixes #4412
Closes #4413
|
|
As libcurl now uses these 2 system functions, wrappers are needed on os400
to convert returned AF_UNIX sockaddrs to ascii.
This is a follow-up to commit 7fb54ef.
See also #4037.
Closes #4214
|
|
Casing mistake in Curl_raw_tolower 'X' wasn't lowercased as 'x' prior to
this change.
Follow-up to 0023fce which added the function several days ago.
Ref: https://github.com/curl/curl/pull/4401#discussion_r327396546
Closes https://github.com/curl/curl/pull/4408
|
|
PVS-Studio warning
Fixes #4402
|
|
PVS-Studio warning
Fixes #4402
|
|
PVS-Studio warning
Fixed #4402
|
|
PVS-Studio warning
Fixes #4402
|
|
PVS-Studio warning
Fixes #4402
|
|
PVS-Studio warning
Fixes #4402
|
|
PVS-Studio warning
Fixes #4402
|