Граф коммитов

9175 Коммитов

Автор SHA1 Сообщение Дата
Daniel Stenberg 6733acc903 openssl: unbreak the build after 6448f98c18
Verified with OpenSSL 1.1.0e and OpenSSL master (1.1.1)
2017-03-08 23:38:26 +01:00
Jozef Kralik 6448f98c18 vtls: add options to specify range of enabled TLS versions
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as
the --tls-max option of the curl tool.

Closes https://github.com/curl/curl/pull/1166
2017-03-08 15:54:07 +01:00
Tatsuhiro Tsujikawa 475c2583d5 http2: Fix assertion error on redirect with CL=0
This fixes assertion error which occurs when redirect is done with 0
length body via HTTP/2, and the easy handle is reused, but new
connection is established due to hostname change:

    curl: http2.c:1572: ssize_t http2_recv(struct connectdata *,
      int, char *, size_t, CURLcode *):
    Assertion `httpc->drain_total >= data->state.drain' failed.

To fix this bug, ensure that http2_handle_stream is called.

Fixes #1286
Closes #1302
2017-03-07 23:12:41 +01:00
Daniel Stenberg 958e176688 ares: Curl_resolver_wait_resolv: clear *entry first in function 2017-03-07 08:08:55 +01:00
Daniel Stenberg bfaab3180c ares: better error return on timeouts
Assisted-by: Ray Satiro

Bug: https://curl.haxx.se/mail/lib-2017-03/0009.html
2017-03-07 07:38:29 +01:00
Daniel Stenberg aadb7c7b62 URL: return error on malformed URLs with junk after port number
... because it causes confusion with users. Example URLs:

"http://[127.0.0.1]:11211:80" which a lot of languages' URL parsers will
parse and claim uses port number 80, while libcurl would use port number
11211.

"http://user@example.com:80@localhost" which by the WHATWG URL spec will
be treated to contain user name 'user@example.com' but according to
RFC3986 is user name 'user' for the host 'example.com' and then port 80
is followed by "@localhost"

Both these formats are now rejected, and verified so in test 1260.

Reported-by: Orange Tsai
2017-03-06 16:08:21 +01:00
Daniel Stenberg 29be83ee74 ares: return error at once if timed out before name resolve starts
Pointed-out-by: Ray Satiro
Bug: https://curl.haxx.se/mail/lib-2017-03/0004.html
2017-03-06 09:21:01 +01:00
Michael Maltese eb19e89f2e CMake: Add DarwinSSL support
Assisted-by: Simon Warta <simon@kullo.net>
Ref: https://github.com/curl/curl/pull/1228
2017-03-05 14:42:53 +01:00
Andrew Krieger 7b1430c0b4 fix potential use of uninitialized variables
MSVC with LTCG detects this at warning level 4.

Closes #1304
2017-03-04 21:37:03 +01:00
Jay Satiro 9f20333443 url: split off proxy init and parsing from create_conn
Move the proxy parse/init into helper create_conn_helper_init_proxy to
mitigate the chances some non-proxy code will be mistakenly added to it.

Ref: https://github.com/curl/curl/issues/1274#issuecomment-281556510
Ref: https://github.com/curl/curl/pull/1293

Closes https://github.com/curl/curl/pull/1298
2017-03-03 03:14:25 -05:00
Alexis La Goutte cbff751e95 build: fix gcc7 implicit fallthrough warnings
Mark intended fallthroughs with /* FALLTHROUGH */ so that gcc will know
it's expected and won't warn on [-Wimplicit-fallthrough=].

Closes https://github.com/curl/curl/pull/1297
2017-03-03 03:09:46 -05:00
JDepooter 0966ab5bd4 darwinssl: Warn that disabling host verify also disables SNI
In DarwinSSL the SSLSetPeerDomainName function is used to enable both
sending SNI and verifying the host. When host verification is disabled
the function cannot be called, therefore SNI is disabled as well.

Closes https://github.com/curl/curl/pull/1240
2017-03-02 02:42:15 -05:00
Marcel Raad a162d8b21b
warnless: suppress compiler warning
If size_t is 32 bits, MSVC warns:
warning C4310: cast truncates constant value
The warning is harmless as CURL_MASK_SCOFFT gets
truncated to the maximum value of size_t.
2017-02-28 09:10:18 +01:00
Marcel Raad 727917555d
digest_sspi: fix compilation warning
MSVC complains:
warning C4701: potentially uninitialized local variable 'output_token_len' used
2017-02-27 13:05:22 +01:00
Jay Satiro a21cae5f97 cyassl: get library version string at runtime
wolfSSL >= 3.6.0 supports getting its library version string at runtime.
2017-02-26 18:49:39 -05:00
Isaac Boukris 1f8023ceb5 url: fix unix-socket support for proxy-disabled builds
Prior to this change if curl was built with Unix Socket support
(--enable-unix-sockets) and without Proxy support (--disable-proxy) then
unix socket options would erroneously be ignored.

Regression introduced in:
0b8d682f81

Bug: https://github.com/curl/curl/issues/1274
Reported-by: mccormickt12@users.noreply.github.com

Closes https://github.com/curl/curl/pull/1289
2017-02-25 18:21:15 -05:00
Dan Fandrich f7285cc02b gopher: fixed detection of an error condition from Curl_urldecode 2017-02-26 00:10:30 +01:00
Dan Fandrich 516e60aa8e ftp: fixed a NULL pointer dereference on OOM 2017-02-25 22:55:46 +01:00
Dan Fandrich 79221d8d50 ftp: removed an erroneous free in an OOM path 2017-02-25 21:47:27 +01:00
Dan Fandrich ce9ba3ba10 proxy: fixed a memory leak on OOM 2017-02-25 21:36:39 +01:00
Jay Satiro 93cce2489d url: Default the CA proxy bundle location to CURL_CA_BUNDLE
If the compile-time CURL_CA_BUNDLE location is defined use it as the
default value for the proxy CA bundle location, which is the same as
what we already do for the regular CA bundle location.

Ref: https://github.com/curl/curl/pull/1257
2017-02-23 17:06:11 -05:00
Sergii Pylypenko 53ab183c1a rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header
Closes #1285
2017-02-23 22:44:16 +01:00
Daniel Stenberg 86f566078b formdata: check for EOF when reading from stdin
Reported-by: shachaf@users.noreply.github.com

Fixes #1281
2017-02-23 10:47:44 +01:00
Viktor Szakats f4739f639f urldata: include curl_sspi.h when Windows SSPI is enabled
f77dabe broke builds in Windows using Windows SSPI but not Windows SSL.

Bug: https://github.com/curl/curl/issues/1276
Reported-by: jveazey@users.noreply.github.com
2017-02-21 23:06:43 -05:00
Jay Satiro b259646ea1 url: Improve CURLOPT_PROXY_CAPATH error handling
- Change CURLOPT_PROXY_CAPATH to return CURLE_NOT_BUILT_IN if the option
  is not supported, which is the same as what we already do for
  CURLOPT_CAPATH.

- Change the curl tool to handle CURLOPT_PROXY_CAPATH error
  CURLE_NOT_BUILT_IN as a warning instead of as an error, which is the
  same as what we already do for CURLOPT_CAPATH.

- Fix CAPATH docs to show that CURLE_NOT_BUILT_IN is returned when the
  respective CAPATH option is not supported by the SSL library.

Ref: https://github.com/curl/curl/pull/1257
2017-02-21 22:24:40 -05:00
Jay Satiro 0e8d3e838e cyassl: fix typo 2017-02-21 22:24:39 -05:00
Daniel Stenberg 588960be2c cookie: fix declaration of 'dup' shadows a global declaration 2017-02-21 17:44:02 +01:00
Daniel Stenberg ca6ea6d9be TLS: make SSL_VERIFYSTATUS work again
The CURLOPT_SSL_VERIFYSTATUS option was not properly handled by libcurl
and thus even if the status couldn't be verified, the connection would
be allowed and the user would not be told about the failed verification.

Regression since cb4e2be7c6

CVE-2017-2629
Bug: https://curl.haxx.se/docs/adv_20170222.html

Reported-by: Marcus Hoffmann
2017-02-21 08:33:18 +01:00
Jay Satiro af5fbb14bb digest_sspi: Handle 'stale=TRUE' directive in HTTP digest
- If the server has provided another challenge use it as the replacement
  input token if stale=TRUE. Otherwise previous credentials have failed
  so return CURLE_LOGIN_DENIED.

Prior to this change the stale directive was ignored and if another
challenge was received it would cause error CURLE_BAD_CONTENT_ENCODING.

Ref: https://tools.ietf.org/html/rfc2617#page-10

Bug: https://github.com/curl/curl/issues/928
Reported-by: tarek112@users.noreply.github.com
2017-02-21 01:04:59 -05:00
Daniel Stenberg de1c1a8d85 smb: use getpid replacement for windows UWP builds
Source: 7676b8780d/ports/curl/0002_fix_uwp.patch
2017-02-20 10:27:51 +01:00
Jean Gressmann af30f1152d sftp: improved checks for create dir failures
Since negative values are errors and not only -1. This makes SFTP upload
with --create-dirs work (again).

Closes #1269
2017-02-20 08:01:53 +01:00
Max Khon f77dabefd8 digest_sspi: Fix nonce-count generation in HTTP digest
- on the first invocation: keep security context returned by
  InitializeSecurityContext()

- on subsequent invocations: use MakeSignature() instead of
  InitializeSecurityContext() to generate HTTP digest response

Bug: https://github.com/curl/curl/issues/870
Reported-by: Andreas Roth

Closes https://github.com/curl/curl/pull/1251
2017-02-20 00:53:01 -05:00
Michael Kaufmann ddedc1b3f3 string formatting: fix 4 printf-style format strings 2017-02-19 14:13:42 +01:00
Michael Kaufmann a5e8fcbc17 speed caps: update the timeouts if the speed is too low/high
Follow-up to 4b86113

Fixes https://github.com/curl/curl/issues/793
Fixes https://github.com/curl/curl/issues/942
2017-02-18 18:09:17 +01:00
Michael Kaufmann 2f8d0df085 proxy: fix hostname resolution and IDN conversion
Properly resolve, convert and log the proxy host names.
Support the "--connect-to" feature for SOCKS proxies and for passive FTP
data transfers.

Follow-up to cb4e2be

Reported-by: Jay Satiro
Fixes https://github.com/curl/curl/issues/1248
2017-02-18 15:04:43 +01:00
Isaac Boukris 13e3a18b34 http: fix missing 'Content-Length: 0' while negotiating auth
- While negotiating auth during PUT/POST if a user-specified
  Content-Length header is set send 'Content-Length: 0'.

This is what we do already in HTTPREQ_POST_FORM and what we did in the
HTTPREQ_POST case (regression since afd288b).

Prior to this change no Content-Length header would be sent in such a
case.

Bug: https://curl.haxx.se/mail/lib-2017-02/0006.html
Reported-by: Dominik Hölzl

Closes https://github.com/curl/curl/pull/1242
2017-02-17 02:32:16 -05:00
Daniel Stenberg a08db49642 axtls: adapt to API changes
Builds with axTLS 2.1.2. This then also breaks compatibility with axTLS
< 2.1.0 (the older API)

... and fix the session_id mixup brought in 04b4ee549

Fixes #1220
2017-02-15 08:27:35 +01:00
Daniel Stenberg 97c7591a57 smb: code indent 2017-02-14 15:10:31 +01:00
Daniel Stenberg bde1e2e09b http2: fix memory-leak when denying push streams
Reported-by: zelinchen@users.noreply.github.com
Fixes #1229
2017-02-13 10:35:18 +01:00
Daniel Stenberg c5c4e816b4 URL: only accept ";options" in SMTP/POP3/IMAP URL schemes
Fixes #1252
2017-02-10 14:51:53 +01:00
Kamil Dudka 8fa5409800 nss: make FTPS work with --proxytunnel
If the NSS code was in the middle of a non-blocking handshake and it
was asked to finish the handshake in blocking mode, it unexpectedly
continued in the non-blocking mode, which caused a FTPS connection
over CONNECT to fail with "(81) Socket not ready for send/recv".

Bug: https://bugzilla.redhat.com/1420327
2017-02-09 17:34:14 +01:00
Daniel Stenberg e2e182227a http_proxy: avoid freeing static memory
Follow up to 7fe81ec298e0: make sure 'host' is either NULL or malloced.
2017-02-09 10:13:28 +01:00
Cameron MacMinn 7fe81ec298 http_proxy: Fix tiny memory leak upon edge case connecting to proxy
Fixes #1255
2017-02-09 09:51:42 +01:00
Michael Kaufmann a7e4348cf8 polarssl, mbedtls: Fix detection of pending data
Reported-by: Dan Fandrich
Bug: https://curl.haxx.se/mail/lib-2017-02/0032.html
2017-02-08 22:24:21 +01:00
Daniel Stenberg d83612376c http2: reset push header counter fixes crash
When removing an easy handler from a multi before it completed its
transfer, and it had pushed streams, it would segfault due to the pushed
counted not being cleared.

Fixed-by: zelinchen@users.noreply.github.com
Fixes #1249
2017-02-07 09:20:08 +01:00
Markus Westerlind 6ffe0f5d96 transfer: only retry nobody-requests for HTTP
Using sftp to delete a file with CURLOPT_NOBODY set with a reused
connection would fail as curl expected to get some data. Thus it would
retry the command again which fails as the file has already been
deleted.

Fixes #1243
2017-02-07 08:57:33 +01:00
Daniel Gustafsson 3c5bfe4893 telnet: Fix typos
Ref: https://github.com/curl/curl/pull/1245
2017-02-07 02:39:16 -05:00
Daniel Gustafsson 3509aa8023 darwinssl: Avoid parsing certificates when not in verbose mode
The information extracted from the server certificates in step 3 is only
used when in verbose mode, and there is no error handling or validation
performed as that has already been done. Only run the certificate
information extraction when in verbose mode and libcurl was built with
verbose strings.

Closes https://github.com/curl/curl/pull/1246
2017-02-07 02:39:14 -05:00
JDepooter 18495ecacc schannel: Remove incorrect SNI disabled message
- Remove the SNI disabled when host verification disabled message
  since that is incorrect.

- Show a message for legacy versions of Windows <= XP that connections
  may fail since those versions of WinSSL lack SNI, algorithms, etc.

Bug: https://github.com/curl/curl/pull/1240
2017-02-07 02:39:13 -05:00
Viktor Szakats 88bdd7cf6f use *.sourceforge.io and misc URL updates
Ref: https://sourceforge.net/blog/introducing-https-for-project-websites/
Closes: https://github.com/curl/curl/pull/1247
2017-02-06 19:21:05 +00:00