Граф коммитов

27387 Коммитов

Автор SHA1 Сообщение Дата
Daniel Stenberg 81cc2e48da
url: (void)-prefix a curl_url_get() call
Coverity (CID 1486645) pointed out a use of curl_url_get() in the
parse_proxy function where the return code wasn't checked. A
(void)-prefix makes the intention obvious.

Closes #7320
2021-06-30 14:58:47 +02:00
Daniel Stenberg 8feeafc61a
glob: pass an 'int' as len when using printf's %*s
Detected by Coverity CID 1486629.

Closes #7324
2021-06-30 14:05:56 +02:00
Daniel Stenberg 97fa671a73
vtls: use free() not curl_free()
curl_free() is provided for users of the API to free returned data,
there's no need to use it internally.

Closes #7318
2021-06-30 13:50:18 +02:00
Daniel Stenberg 8ccc066b45
zuul: use the new rustls directory name
Follow-up to 6d972c8b1c which missed updating this directory name.

Also no longer call it crustls in the docs and bump to rusttls-ffi 0.7.1

Closes #7311
2021-06-30 08:19:31 +02:00
Jay Satiro ca8893468f http: fix crash in rate-limited upload
- Don't set the size of the piece of data to send to the rate limit if
  that limit is larger than the buffer size that will hold the piece.

Prior to this change if CURLOPT_MAX_SEND_SPEED_LARGE
(curl tool: --limit-rate) was set then it was possible that a temporary
buffer used for uploading could be written to out of bounds. A likely
scenario for this would be a non-trivial amount of post data combined
with a rate limit larger than CURLOPT_UPLOAD_BUFFERSIZE (default 64k).

The bug was introduced in 24e469f which is in releases since 7.76.0.

perl -e "print '0' x 200000" > tmp
curl --limit-rate 128k -d @tmp httpbin.org/post

Reported-by: Richard Marion

Fixes https://github.com/curl/curl/issues/7308
Closes https://github.com/curl/curl/pull/7315
2021-06-29 15:18:08 -04:00
Daniel Stenberg 2631722319
copyright: add boiler-plate headers to CI config files
And whitelist .zuul.ignore

Closes #7314
2021-06-29 17:44:03 +02:00
Daniel Stenberg b7ca0cfec0
CI: remove travis details
Rename still used leftovers to "zuul" as that's now the CI using them.

Closes #7313
2021-06-29 17:42:57 +02:00
Daniel Stenberg d7112b576e
RELEASE-NOTES: synced 2021-06-29 17:34:00 +02:00
Daniel Stenberg 4aed7a1923
openssl: avoid static variable for seed flag
Avoid the race condition risk by instead storing the "seeded" flag in
the multi handle. Modern OpenSSL versions handle the seeding itself so
doing the seeding once per multi-handle instead of once per process is
less of an issue.

Reported-by: Gerrit Renker
Fixes #7296
Closes #7306
2021-06-29 14:18:15 +02:00
Daniel Stenberg b5a434f7f0
configure: inhibit the implicit-fallthrough warning on gcc-12
... since it no longer acknowledges the comment markup we use for that
purpose.

Reported-by: Younes El-karama
Fixes #7295
Closes #7307
2021-06-29 11:58:25 +02:00
Andrei Rybak 278b46751e misc: fix typos in comments which repeat a word
Fix typos in code comments which repeat various words.  In trivial
cases, just delete the repeated word.  Reword the affected sentence in
"lib/url.c" for it to make sense.

Closes #7303
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
2021-06-28 12:41:56 +02:00
Daniel Stenberg ca60a4398f
lib677: make it survive torture testing
Follow-up to a5ab72d5ed

Closes #7300
2021-06-27 23:20:18 +02:00
Tommy Chiang 68d651f6b6
docs/BINDINGS: fix outdated links
* luacurl page is now not accessible, fix it with wayback machine page
* Scheme one seems not providing https now, change it back to http one

Closes #7301
2021-06-27 23:13:30 +02:00
Jacob Hoffman-Andrews 6d972c8b1c
curstls: bump crustls version and use new URL
crustls moved to https://github.com/rustls/rustls-ffi. This also bumps
the expected version to 0.7.0.

Closes #7297
2021-06-27 00:00:29 +02:00
Daniel Stenberg f090c94b50
RELEASE-NOTES: synced 2021-06-24 16:02:20 +02:00
Daniel Stenberg 42db4ccee2
examples: length-limit two sscanf() uses of %s
Reported-by: Jishan Shaikh
Fixes #7293
Closes #7294
2021-06-24 15:57:09 +02:00
Richard Whitehouse 0842175fa4
multi: alter transfer timeout ordering
- Check whether a connection has succeded before checking whether it's
  timed out.

  This means if we've connected quickly, but subsequently been
  descheduled, we allow the connection to succeed. Note, if we timeout,
  but between checking the timeout, and connecting to the server the
  connection succeeds, we will allow it to go ahead. This is viewed as
  an acceptable trade off.

- Add additional failf logging around failed connection attempts to
  propogate the cause up to the caller.

Co-Authored-by: Martin Howarth
Closes #7178
2021-06-24 15:51:39 +02:00
Daniel Stenberg a5ab72d5ed
test677: IMAP CONNECT_ONLY, custom command and then exit
Adjusted ftpserver.pl to add support for the IMAP IDLE command

Adjusted test 660 to sync with the fix
2021-06-24 09:07:40 +02:00
Daniel Stenberg 9accc48850
multi: do not switch off connect_only flag when closing
... as it made protocol specific disconnect commands wrongly get used.

Bug: https://curl.se/mail/lib-2021-06/0024.html
Reported-by: Aleksander Mazur
Closes #7288
2021-06-24 09:07:34 +02:00
Daniel Stenberg a629506d42
http: make the haproxy support work with unix domain sockets
... it should then pass on "PROXY UNKNOWN" since it doesn't know the
involved IP addresses.

Reported-by: Valentín Gutiérrez
Fixes #7290
Closes #7291
2021-06-24 09:01:49 +02:00
Xiang Xiao cfaa035a0c
curl.h: include sys/select.h for NuttX RTOS
Closes #7287
2021-06-22 14:35:24 +02:00
Bin Meng 2a73b6a3ab
curl.h: remove the execution bit
The execution bit of curl.h file was wrongly added:

  commit 2621025d6f ("curl.h: <sys/select.h> is supported by VxWorks7")

and should be removed.

Follow-up to 2621025d6f ("curl.h: <sys/select.h> is supported by VxWorks7")
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Closes #7286
2021-06-22 12:42:57 +02:00
Bin Lan 2621025d6f
curl.h: <sys/select.h> is supported by VxWorks7
Closes #7285
2021-06-22 08:23:11 +02:00
Bachue Zhou a8472bb8ea
quiche: use send() instead of sendto() to avoid macOS issue
sendto() always returns "Socket is already connected" error on macos

Closes #7260
2021-06-21 14:54:51 +02:00
Li Xinwei 30e491e5c9
cmake: fix support for UnixSockets feature on Win32
Move the definition of sockaddr_un struct from config-win32.h to
curl_setup.h, so that it could be shared by all build systems.

Add ADDRESS_FAMILY typedef for old mingw, now old mingw can also use
unix sockets.

Also fix the build of tests/server/sws.c on Win32 when USE_UNIX_SOCKETS
is defined.

Closes #7034
2021-06-21 14:52:27 +02:00
Gregory Muchka 62be096085
hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies
From Apples documentation on SCDynamicStoreCopyProxies, "Return Value: A
dictionary of key-value pairs that represent the current internet proxy
settings, or NULL if no proxy settings have been defined or if an error
occurred. You must release the returned value."

Failure to release the returned value of SCDynamicStoreCopyProxies can
result in a memory leak.

Source: https://developer.apple.com/documentation/systemconfiguration/1517088-scdynamicstorecopyproxies

Closes #7265
2021-06-21 14:05:49 +02:00
Daniel Stenberg 47386775ed
RELEASE-NOTES: synced 2021-06-21 10:12:00 +02:00
Jay Satiro b31d9ccfc2 vtls: fix warning due to function prototype mismatch
b09c8ee changed the function prototype. Caught by Visual Studio.
2021-06-21 01:59:05 -04:00
Jay Satiro 765e060796 curl_multibyte: Remove local encoding fallbacks
- If the UTF-8 to UTF-16 conversion fails in Windows Unicode builds then
  no longer fall back to assuming the string is in a local encoding.

Background:

Some functions in Windows Unicode builds must convert UTF-8 to UTF-16 to
pass to the Windows CRT API wide-character functions since in Windows
UTF-8 is not a valid locale (or at least 99% of the time right now).

Prior to this change if the Unicode encoding conversion failed then
libcurl would assume, for backwards compatibility with applications that
may have written their code for non-Unicode builds, attempt to convert
the string from local encoding to UTF-16.

That type of "best effort" could theoretically cause some type of
security or other problem if a string that was locally encoded was also
valid UTF-8, and therefore an unexpected UTF-8 to UTF-16 conversion
could occur.

Ref: https://github.com/curl/curl/pull/7246

Closes https://github.com/curl/curl/pull/7257
2021-06-21 01:57:16 -04:00
Daniel Stenberg 4331c6dceb
curl_endian: remove the unused Curl_write64_le function
The last usage was removed in cca455a36

Closes #7280
2021-06-20 23:38:32 +02:00
Daniel Stenberg a6da296867
vtls: only store TIMER_APPCONNECT for non-proxy connect
Introducing a 'isproxy' argument to the connect function so that it
knows wether to store the time stamp or not.

Reported-by: Yongkang Huang
Fixes #7274
Closes #7274
2021-06-19 23:02:16 +02:00
Daniel Stenberg bfa0309175
gnutls: set the preferred TLS versions in correct order
Regression since 781864bedb (curl 7.77.0)

Reported-by: civodul on github
Assisted-by: Nikos Mavrogiannopoulos
Fixes #7277
Closes #7278
2021-06-18 23:22:21 +02:00
Gergely Nagy 6f5ff0ee04
configure/cmake: remove checks for unused gethostbyaddr and gethostbyaddr_r
Closes #7276
2021-06-18 13:52:21 +02:00
Gergely Nagy f471efa78c
configure/cmake: remove checks for unused inet_ntoa and inet_ntoa_r
Closes #7276
2021-06-18 13:52:18 +02:00
Gergely Nagy e92603289a
configure/cmake: remove unused define HAVE_PERROR
Closes #7276
2021-06-18 13:52:16 +02:00
Gergely Nagy 6bf14a72b9
configure: remove unused check for gai_strerror
Closes #7276
2021-06-18 13:52:13 +02:00
Gergely Nagy 343e6beda3
configure/cmake: remove unused define HAVE_FREEIFADDRS
Closes #7276
2021-06-18 13:52:10 +02:00
Gergely Nagy 9bf0e7b2ef
configure/cmake: remove unused define HAVE_FORK
Closes #7276
2021-06-18 13:52:08 +02:00
Gergely Nagy 4e03d45bf9
configure/cmake: remove unused define HAVE_FDOPEN
Closes #7276
2021-06-18 13:52:05 +02:00
Gergely Nagy a407a82d0b
configure/cmake: remove checks for unused sgtty.h
Closes #7276
2021-06-18 13:52:02 +02:00
Gergely Nagy 8c24cf5238
configure/cmake: remove remaining checks for rsa.h
Closes #7276
2021-06-18 13:51:59 +02:00
Gergely Nagy baae00f66b
configure/cmake: remove remaining checks for err.h
Closes #7276
2021-06-18 13:51:57 +02:00
Gergely Nagy 376d2380d2
configure/cmake: remove remaining checks for crypto.h
Closes #7276
2021-06-18 13:51:54 +02:00
Gergely Nagy 67af0f7eae
configure/cmake: remove checks for unused getservbyport_r
Closes #7276
2021-06-18 13:51:45 +02:00
Daniel Stenberg 7020be7d85
--socks4[a]: clarify where the host name is resolved
Closes #7273
2021-06-17 23:07:39 +02:00
Daniel Stenberg 933c61e4fc
libcurl-security.3: mention file descriptors and forks
... and move the security report section last.

Reported-by: Harry Sintonen
Closes #7270
2021-06-17 17:11:40 +02:00
Alex Xu (Hello71) d7cc6e2c66
configure.ac: make non-executable
it needs to be processed by autoconf or autoreconf, and doesn't have a
suitable shebang to be directly executed. other projects normally set
configure.ac -x.

Closes #7272
2021-06-17 17:09:37 +02:00
Daniel Stenberg 6dd35dd3b5
configure: do not strip out debug flags
To allow users to set them when invoking configure without using
--with-debug.

Reported-by: Alex Xu
Fixes #7216
Closes #7267
2021-06-17 17:07:28 +02:00
Daniel Stenberg fa34353d07
libssh2: limit time a disconnect can take to 1 second
Closes #7271
2021-06-17 17:06:31 +02:00
Daniel Stenberg 720b4a1a43
TLS: prevent shutdown loops to get stuck
... by making sure the loops are only allowed to read the shutdown
traffic a limited number of times.

Reported-by: Harry Sintonen
Closes #7271
2021-06-17 17:06:21 +02:00