Граф коммитов

23144 Коммитов

Автор SHA1 Сообщение Дата
Daniel Stenberg d5a2df5f1d
docs: clarify CURLOPT_HTTPGET somewhat
Reported-by: bsammon on github
Fixes #2590
2018-05-21 10:29:28 +02:00
Daniel Stenberg 404c8850da
curl_fnmatch: only allow two asterisks for matching
The previous limit of 5 can still end up in situation that takes a very
long time and consumes a lot of CPU.

If there is still a rare use case for this, a user can provide their own
fnmatch callback for a version that allows a larger set of wildcards.

This commit was triggered by yet another OSS-Fuzz timeout due to this.
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8369

Closes #2587
2018-05-18 23:33:44 +02:00
Daniel Stenberg 27aebcc1d1
checksrc: fix too long line
follow-up to e05ad5d
2018-05-18 17:56:18 +02:00
Aleks e05ad5dd99
docs: mention HAproxy protocol "version 1"
...as there's also a version 2.

Closes #2579
2018-05-18 17:48:40 +02:00
Daniel Stenberg ccf85d4c2b
examples/progressfunc: make it build on older libcurls
This example was changed in ce2140a8c1 to use the new microsecond based
getinfo option. This change makes it conditionally keep using the older
option so that the example still builds with older libcurl versions.

Closes #2584
2018-05-18 13:42:18 +02:00
Daniel Stenberg a1c02ac817
stub_gssapi: fix numerous 'unused parameter' warnings
follow-up to d9e92fd9fd
2018-05-18 00:07:36 +02:00
Philip Prindeville ce2140a8c1
getinfo: add microsecond precise timers for various intervals
Provide a set of new timers that return the time intervals using integer
number of microseconds instead of floats.

The new info names are as following:

CURLINFO_APPCONNECT_TIME_T
CURLINFO_CONNECT_TIME_T
CURLINFO_NAMELOOKUP_TIME_T
CURLINFO_PRETRANSFER_TIME_T
CURLINFO_REDIRECT_TIME_T
CURLINFO_STARTTRANSFER_TIME_T
CURLINFO_TOTAL_TIME_T

Closes #2495
2018-05-17 13:41:04 +02:00
Daniel Stenberg c5fe86804c
openssl: acknowledge --tls-max for default version too
... previously it only used the max setting if a TLS version was also
explicitly asked for.

Reported-by: byte_bucket
Fixes #2571
Closes #2572
2018-05-17 13:34:47 +02:00
Daniel Stenberg 3b6802cb97
bump: start working on the pending 7.61.0 2018-05-17 09:42:44 +02:00
Dagobert Michelsen d9e92fd9fd
tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
The warning flag leads e.g. Sun Studio compiler to bail out.

Closes #2576
2018-05-16 10:12:57 +02:00
Daniel Stenberg f0c466dced
schannel_verify: fix build for non-schannel 2018-05-16 10:12:57 +02:00
Jay Satiro 4f9bbd3ac7 rand: fix typo 2018-05-16 02:21:06 -04:00
Jay Satiro 4584cc4499 schannel: disable manual verify if APIs not available
.. because original MinGW and old compilers do not have the Windows API
definitions needed to support manual verification.
2018-05-16 02:21:05 -04:00
Archangel_SDY 1592ea9792 schannel: disable client cert option if APIs not available
Original MinGW targets Windows 2000 by default, which lacks some APIs and
definitions for this feature. Disable it if these APIs are not available.

Closes https://github.com/curl/curl/pull/2522
2018-05-16 02:21:04 -04:00
Daniel Stenberg cb01383038
RELEASE-NOTES: 7.60.0 release 2018-05-15 16:43:56 +02:00
Daniel Stenberg a1269b5961
THANKS: added people from the curl 7.60.0 release 2018-05-15 16:43:56 +02:00
Daniel Stenberg f38220259c
docs/libcurl/index.html: removed
The HTML files are long gone from the dist, now remove the last HTML
file pointing to those missing files.

d
2018-05-15 16:41:55 +02:00
steini2000 0055545705
http2: remove unused variable
Closes #2570
2018-05-14 23:14:04 +02:00
steini2000 d6dd322d7a
http2: use easy handle of stream for logging 2018-05-14 23:13:44 +02:00
Daniel Stenberg c0f704dbae
gcc: disable picky gcc-8 function pointer warnings in two places
Reported-by: Rikard Falkeborn
Bug: #2560
Closes #2569
2018-05-14 23:09:51 +02:00
Daniel Stenberg a5aa2bdf34
http2: use the correct function pointer typedef
Fixes gcc-8 picky compiler warnings
Reported-by: Rikard Falkeborn
Bug: #2560
Closes #2568
2018-05-14 12:44:20 +02:00
Daniel Stenberg 07b9826541
CODE_STYLE: mention return w/o parens, but sizeof with
... and remove the github markdown syntax so that it renders better on
the web site. Also, don't use back-ticks inlined to allow the CSS to
highlight source code better.
2018-05-14 10:47:59 +02:00
Rikard Falkeborn 13505dcb55
examples: Fix format specifiers
Closes #2561
2018-05-14 09:43:15 +02:00
Rikard Falkeborn 4c735b57f7
tool: Fix format specifiers 2018-05-14 09:42:27 +02:00
Rikard Falkeborn b9446d18e7
ntlm: Fix format specifiers 2018-05-14 09:42:27 +02:00
Rikard Falkeborn df3647c9c8
tests: Fix format specifiers 2018-05-14 09:42:27 +02:00
Rikard Falkeborn eb49683e55
lib: Fix format specifiers 2018-05-14 09:42:27 +02:00
Daniel Stenberg 4062bc4d3e
contributors.sh: use "on github", not at 2018-05-14 08:53:22 +02:00
Daniel Stenberg 7d6e01441a
http2: getsock fix for uploads
When there's an upload in progress, make sure to wait for the socket to
become writable.

Detected-by: steini2000 on github
Bug: #2520
Closes #2567
2018-05-14 08:22:46 +02:00
Daniel Stenberg 583b42cb3b
pingpong: fix response cache memcpy overflow
Response data for a handle with a large buffer might be cached and then
used with the "closure" handle when it has a smaller buffer and then the
larger cache will be copied and overflow the new smaller heap based
buffer.

Reported-by: Dario Weisser
CVE: CVE-2018-1000300
Bug: https://curl.haxx.se/docs/adv_2018-82c2.html
2018-05-14 07:40:31 +02:00
Daniel Stenberg 8c7b3737d2
http: restore buffer pointer when bad response-line is parsed
... leaving the k->str could lead to buffer over-reads later on.

CVE: CVE-2018-1000301
Assisted-by: Max Dymond

Detected by OSS-Fuzz.
Bug: https://curl.haxx.se/docs/adv_2018-b138.html
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105
2018-05-14 07:40:31 +02:00
Patrick Monnerat 1b55d270ad cookies: do not take cookie name as a parameter
RFC 6265 section 4.2.1 does not set restrictions on cookie names.
This is a follow-up to commit 7f7fcd0.
Also explicitly check proper syntax of cookie name/value pair.

New test 1155 checks that cookie names are not reserved words.

Reported-By: anshnd at github
Fixes #2564
Closes #2566
2018-05-13 01:23:10 +02:00
Daniel Stenberg 9cacc24630 smb: reject negative file sizes
Assisted-by: Max Dymond

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245
2018-05-12 22:24:25 +02:00
Daniel Stenberg fe6b78b42d
setup_transfer: deal with both sockets being -1
Detected by Coverity; CID 1435559.  Follow-up to f8d608f38d. It would
index the array with -1 if neither index was a socket.
2018-05-11 23:56:37 +02:00
Daniel Stenberg c3d7db4ecb travis: add build using NSS
Closes #2558
2018-05-10 17:18:02 +02:00
Sunny Purushe 18cbbb702c openssl: change FILE ops to BIO ops
To make builds with VS2015 work. Recent changes in VS2015 _IOB_ENTRIES
handling is causing problems. This fix changes the OpenSSL backend code
to use BIO functions instead of FILE I/O functions to circumvent those
problems.

Closes #2512
2018-05-10 16:30:32 +02:00
Daniel Stenberg 3c42fb8d46 travis: add a build using WolfSSL
Assisted-by: Dan Fandrich

Closes #2528
2018-05-09 21:40:19 +02:00
Daniel Stenberg d63bada579
RELEASE-NOTES: typo 2018-05-07 14:30:18 +02:00
Daniel Stenberg b692d6650a
RELEASE-NOTES: synced 2018-05-07 10:32:42 +02:00
Daniel Gustafsson e953475de5
URLs: fix one more http url
This file wasn't included in commit 4af40b3646 which updated all
haxx.se http urls to https. The file was committed prior to that update,
but may have been merged after it and hence didn't get updated.

Closes #2550
2018-05-05 23:02:40 +02:00
Daniel Stenberg 3ed3db5c04 github/lock: auto-lock closed issues after 90 days of inactivity 2018-05-05 14:05:57 +02:00
Daniel Stenberg babd55e25f
vtls: fix missing commas
follow-up to e66cca046c
2018-05-04 23:02:57 +02:00
Daniel Stenberg e66cca046c
vtls: use unified "supports" bitfield member in backends
... instead of previous separate struct fields, to make it easier to
extend and change individual backends without having to modify them all.

closes #2547
2018-05-04 22:31:19 +02:00
Daniel Stenberg f8d608f38d
transfer: don't unset writesockfd on setup of multiplexed conns
Curl_setup_transfer() can be called to setup a new individual transfer
over a multiplexed connection so it shouldn't unset writesockfd.

Bug: #2520
Closes #2549
2018-05-04 22:30:32 +02:00
Frank Gevaerts 7663a7c284
configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
They are removed from the compiler flags.

This ensures that make dependency tracking will force a rebuild whenever
configure --enable-debug or --enable-curldebug changes.

Closes #2548
2018-05-04 22:30:28 +02:00
Daniel Stenberg e9d9d1af8a
http: don't set the "rewind" flag when not uploading anything
It triggers an assert.

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8144
Closes #2546
2018-05-04 13:51:25 +02:00
Daniel Stenberg 277d3cdc0f
travis: add an mbedtls build
Closes #2531
2018-05-04 08:36:51 +02:00
Daniel Stenberg 082bb41311
configure: only check for CA bundle for file-using SSL backends
When only building with SSL backends that don't use the CA bundle file
(by default), skip the check.

Fixes #2543
Fixes #2180
Closes #2545
2018-05-03 22:51:38 +02:00
Daniel Stenberg 1156fdd01d
ssh-libssh.c: fix left shift compiler warning
ssh-libssh.c:2429:21: warning: result of '1 << 31' requires 33 bits to
represent, but 'int' only has 32 bits [-Wshift-overflow=]

'len' will never be that big anyway so I converted the run-time check to
a regular assert.
2018-05-03 22:16:57 +02:00
Stephan Mühlstrasser 7f41432c19
URL: fix ASCII dependency in strcpy_url and strlen_url
Commit 3c630f9b0a partially reverted the
changes from commit dd7521bcc1 because of
the problem that strcpy_url() was modified unilaterally without also
modifying strlen_url(). As a consequence strcpy_url() was again
depending on ASCII encoding.

This change fixes strlen_url() and strcpy_url() in parallel to use a
common host-encoding independent criterion for deciding whether an URL
character must be %-escaped.

Closes #2535
2018-05-03 15:19:20 +02:00