Commit Graph

25117 Commits

Author SHA1 Message Date
Daniel Stenberg
1b71bc532b
file: on Windows, refuse paths that start with \\
... as that might cause an unexpected SMB connection to a given host
name.

Reported-by: Fernando Muñoz
CVE-2019-15601
Bug: https://curl.haxx.se/docs/CVE-2019-15601.html
2020-01-06 10:05:37 +01:00
Jay Satiro
aeb32d059b CURLOPT_READFUNCTION.3: fix fopen params in example 2020-01-06 03:09:53 -05:00
Jay Satiro
e9dd17b754 CURLOPT_READFUNCTION.3: fix variable name in example
Reported-by: Paul Joyce

Fixes https://github.com/curl/curl/issues/4787
2020-01-06 03:01:33 -05:00
Daniel Stenberg
459d0db45b
curl:getparameter return error for --http3 if libcurl doesn't support
Closes #4785
2020-01-05 21:24:17 +01:00
Daniel Stenberg
2150c4b5d3
docs: mention CURL_MAX_INPUT_LENGTH restrictions
... for curl_easy_setopt() and curl_url_set().

[skip ci]

Closes #4783
2020-01-05 17:06:47 +01:00
Daniel Stenberg
392bff4abf
curl: properly free mimepost data
... as it could otherwise leak memory when a transfer failed.

Added test 1293 to verify.

Reported-by: Brian Carpenter
Fixes #4781
Closes #4782
2020-01-04 23:06:44 +01:00
Daniel Stenberg
271ec6b9b6
curl: cleanup multi handle on failure
... to fix memory leak in error path.

Fixes #4772
Closes #4780
Reported-by: Brian Carpenter
2020-01-04 23:05:21 +01:00
Marcel Raad
291ed52122
lib: fix compiler warnings with CURL_DISABLE_VERBOSE_STRINGS
Closes https://github.com/curl/curl/pull/4775
2020-01-03 17:02:30 +01:00
Daniel Stenberg
e24ea706fb
COPYING: it's 2020!
[skip ci]
2020-01-03 15:12:46 +01:00
Marc Aldorasi
be83fe11bf tests: Fix bounce requests with truncated writes
Prior to this change the swsbounce check in service_connection could
fail because prevtestno and prevpartno were not set, which would cause
the wrong response data to be sent to some tests and cause them to fail.

Ref: https://github.com/curl/curl/pull/4717#issuecomment-570240785
2020-01-03 01:45:04 -05:00
Marcel Raad
a8d13336b5
tool: make a few char pointers point to const char instead
These are read-only.

Closes https://github.com/curl/curl/pull/4771
2019-12-31 22:18:56 +01:00
Jay Satiro
9603c8299f tests: Change NTLM tests to require SSL
Prior to this change tests that required NTLM feature did not require
SSL feature.

There are pending changes to cmake builds that will allow enabling NTLM
in non-SSL builds in Windows. In that case the NTLM auth strings created
are different from what is expected by the NTLM tests and they fail:

"The issue with NTLM is that previous non-SSL builds would not enable
NTLM and so the NTLM tests would be skipped."

Assisted-by: marc-groundctl@users.noreply.github.com

Ref: https://github.com/curl/curl/pull/4717#issuecomment-566218729

Closes https://github.com/curl/curl/pull/4768
2019-12-31 02:47:53 -05:00
Michael Forney
9024b01387 bearssl: Improve I/O handling
Factor out common I/O loop as bearssl_run_until, which reads/writes TLS
records until the desired engine state is reached. This is now used for
the handshake, read, write, and close.

Match OpenSSL SSL_write behavior, and don't return the number of bytes
written until the corresponding records have been completely flushed
across the socket. This involves keeping track of the length of data
buffered into the TLS engine, and assumes that when CURLE_AGAIN is
returned, the write function will be called again with the same data
and length arguments. This is the same requirement of SSL_write.

Handle TLS close notify as EOF when reading by returning 0.

Closes https://github.com/curl/curl/pull/4748
2019-12-31 02:43:47 -05:00
Jay Satiro
9434864770 travis: Fix error detection
- Stop using inline shell scripts for before_script and script sections.

Prior to this change Travis could ignore errors from commands in inline
scripts. I don't understand how or why it happens. This is a workaround.

Assisted-by: Simon Warta

Ref: https://github.com/travis-ci/travis-ci/issues/1066

Fixes https://github.com/curl/curl/issues/3730
Closes https://github.com/curl/curl/pull/3755
2019-12-31 02:38:18 -05:00
Jay Satiro
249f7b37e6 tool_operate: fix mem leak when failed config parse
Found by fuzzing the config file.

Reported-by: Geeknik Labs

Fixes https://github.com/curl/curl/issues/4767
2019-12-29 14:18:48 -05:00
Xiang Xiao
060fb84a5a lib: remove erroneous +x file permission on some c files
Modified by commit eb9a604 accidentally.

Closes https://github.com/curl/curl/pull/4756
2019-12-27 22:55:52 -05:00
Xiang Xiao
4b463992e5 lib: fix warnings found when porting to NuttX
- Undefine DEBUGASSERT in curl_setup_once.h in case it was already
  defined as a system macro.

- Don't compile write32_le in curl_endian unless
  CURL_SIZEOF_CURL_OFF_T > 4, since it's only used by Curl_write64_le.

- Include <arpa/inet.h> in socketpair.c.

Closes https://github.com/curl/curl/pull/4756
2019-12-27 22:52:31 -05:00
Jay Satiro
779b415a2a os400: Add missing CURLE error constants
Bug: https://github.com/curl/curl/pull/4754#issuecomment-569126922
Reported-by: Emil Engler
2019-12-26 16:20:11 -05:00
Jay Satiro
97934a2f71 CURLOPT_HEADERFUNCTION.3: Document that size is always 1
For compatibility with `fwrite`, the `CURLOPT_HEADERFUNCTION` callback
is passed two `size_t` parameters which, when multiplied, designate the
number of bytes of data passed in. In practice, CURL always sets the
first parameter (`size`) to 1.

This practice is also enshrined in documentation and cannot be changed
in future. The documentation states that the default callback is
`fwrite`, which means `fwrite` must be a suitable function for this
purpose. However, the documentation also states that the callback must
return the number of *bytes* it successfully handled, whereas ISO C
`fwrite` returns the number of items (each of size `size`) which it
wrote. The only way these numbers can be equal is if `size` is 1.

Since `size` is 1 and can never be changed in future anyway, document
that fact explicitly and let users rely on it.

Reported-by: Frank Gevaerts
Commit-message-by: Christopher Head

Ref: https://github.com/curl/curl/pull/2787

Fixes https://github.com/curl/curl/issues/4758
2019-12-26 02:26:08 -05:00
Jay Satiro
68da0b8b86 examples/postinmemory.c: Call curl_global_cleanup always
Prior to this change curl_global_cleanup was not called if
curl_easy_init failed.

Reported-by: kouzhudong@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/4751
2019-12-24 01:06:47 -05:00
Daniel Stenberg
4c2f5d52ba
url2file.c: fix copyright year
Follow-up to 5257872695
2019-12-21 18:18:12 +01:00
Rickard Hallerbäck
5257872695
examples/url2file.c: corrected a comment
The comment was confusing and suggested that setting CURLOPT_NOPROGRESS
to 0L would both enable and disable debug output at the same time, like
a Schrödinger's cat of CURLOPTs.

Closes #4745
2019-12-20 11:05:38 +01:00
Daniel Stenberg
a90d763548
HISTORY: OSS-Fuzz started fuzzing libcurl in 2017 2019-12-20 11:04:34 +01:00
Daniel Stenberg
2eb7dc0566
RELEASE-NOTES: synced 2019-12-20 09:02:58 +01:00
Jay Satiro
10121a417d ngtcp2: Support the latest update key callback type
- Remove our cb_update_key in favor of ngtcp2's new
  ngtcp2_crypto_update_key_cb which does the same thing.

Several days ago the ngtcp2_update_key callback function prototype was
changed in ngtcp2/ngtcp2@42ce09c. Though it would be possible to
fix up our cb_update_key for that change they also added
ngtcp2_crypto_update_key_cb which does the same thing so we'll use that
instead.

Ref: https://github.com/ngtcp2/ngtcp2/commit/42ce09c

Closes https://github.com/curl/curl/pull/4735
2019-12-20 00:34:58 -05:00
Daniel Stenberg
25b69c482f
sws: search for "Testno:" header uncondtionally if no testno
Even if the initial request line wasn't found. With the fix to 1455, the
test number is now detected correctly.

(Problem found when running tests in random order.)

Closes #4744
2019-12-19 23:03:33 +01:00
Daniel Stenberg
b4c9982382
tests: set LC_ALL in more tests
Follow-up to 23208e330a

Closes #4743
2019-12-19 23:01:14 +01:00
Daniel Stenberg
23208e330a
test165: set LC_ALL=en_US.UTF-8 too
On my current Debian Unstable with libidn2 2.2.0, I get an error if
LC_ALL is set to blank. Then curl errors out with:

curl: (3) Failed to convert www.åäö.se to ACE; could not convert string to UTF-8

Closes #4738
2019-12-19 14:26:26 +01:00
Daniel Stenberg
e9685cd75d
curl.h: add two defines for the "pre ISO C" case
Without this fix, this caused a compilation failure on AIX with IBM xlc
13.1.3 compiler.

Reported-by: Ram Krushna Mishra
Fixes #4739
Closes #4740
2019-12-19 13:48:47 +01:00
Daniel Stenberg
8c0807aa16
create_conn: prefer multiplexing to using new connections
... as it would previously prefer new connections rather than
multiplexing in most conditions! The (now removed) code was a leftover
from the Pipelining code that was translated wrongly into a
multiplex-only world.

Reported-by: Kunal Ekawde
Bug: https://curl.haxx.se/mail/lib-2019-12/0060.html
Closes #4732
2019-12-19 09:00:56 +01:00
Daniel Stenberg
fba8301338
test1456: remove the use of a fixed local port
Fixup the test to instead not compare the port number. It sometimes
caused problems like this:

"curl: (45) bind failed with errno 98: Address already in use"

Closes #4733
2019-12-19 08:59:10 +01:00
Jay Satiro
c1592cc92b CURLOPT_QUOTE.3: fix typos
Prior to this change the EXAMPLE in the QUOTE/PREQUOTE/POSTQUOTE man
pages would not compile because a variable name was incorrect.

Reported-by: Bylon2@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/4736
2019-12-18 15:21:58 -05:00
Gisle Vanem
ac7b1fb10c strerror: Fix compiler warning "empty expression"
- Remove the final semi-colon in the SEC2TXT() macro definition.

Before:  #define SEC2TXT(sec) case sec: txt = #sec; break;

After:   #define SEC2TXT(sec) case sec: txt = #sec; break

Prior to this change SEC2TXT(foo); would generate break;; which caused
the empty expression warning.

Ref: https://github.com/curl/curl/commit/5b22e1a#r36458547
2019-12-18 14:10:23 -05:00
Daniel Stenberg
23e4d98e7e
curl/parseconfig: use curl_free() to free memory allocated by libcurl
Reported-by: bxac on github
Fixes #4730
Closes #4731
2019-12-18 14:48:41 +01:00
Daniel Stenberg
f098c9e6f6
curl/parseconfig: fix mem-leak
When looping, first trying '.curlrc' and then '_curlrc', the function
would not free the first string.

Closes #4731
2019-12-18 14:48:32 +01:00
Daniel Stenberg
14f8b6e69e
CURLOPT_URL.3: "curl supports SMB version 1 (only)"
[skip ci]
2019-12-18 10:14:18 +01:00
Daniel Stenberg
9973dabeb6
test1270: a basic -w redirect_url test
Closes #4728
2019-12-18 08:26:03 +01:00
Daniel Stenberg
4ec4787a10
HISTORY: the SMB(S) support landed in 2014 2019-12-18 08:25:51 +01:00
Daniel Stenberg
0caf1423e5
define: remove HAVE_ENGINE_LOAD_BUILTIN_ENGINES, not used anymore
It is covered by USE_OPENSSL_ENGINE now.

Reported-by: Gisle Vanem
Bug: 87b9337c8f (commitcomment-36447951)

Closes #4725
2019-12-17 07:58:46 +01:00
Daniel Stenberg
bdb5b6dd5b
lib: remove ASSIGNWITHINCONDITION exceptions, use our code style
... even for macros

Reviewed-by: Daniel Gustafsson
Reviewed-by: Jay Satiro
Reported-by: Jay Satiro
Fixes #4683
Closes #4722
2019-12-17 07:36:11 +01:00
Daniel Stenberg
7282093458
tests: make sure checksrc runs on header files too 2019-12-16 22:46:48 +01:00
Daniel Stenberg
31e637d224
Revert "checksrc: fix regexp for ASSIGNWITHINCONDITION"
This reverts commit ba82673dac.

Bug: #4683
2019-12-16 22:46:35 +01:00
Daniel Stenberg
3ab45a9876
KNOWN_BUGS: TLS session cache doesn't work with TFO
[skip ci]
Closes #4301
2019-12-16 16:20:16 +01:00
Daniel Stenberg
8a9d6eeb32
KNOWN_BUGS: Connection information when using TCP Fast Open
Also point to #4296 for more details
Closes #4296
2019-12-16 16:17:16 +01:00
Daniel Stenberg
73ca946753
KNOWN_BUGS: LDAP on Windows doesn't work
Closes #4261
2019-12-16 16:15:39 +01:00
Daniel Stenberg
4147d58aee
docs: TLS SRP doesn't work with TLS 1.3
Reported-by: sayrer on github
Closes #4262
[skip ci]
2019-12-16 16:03:22 +01:00
Dan Fandrich
35f908072c cirrus: Switch to the FreeBSD 12.1 point release & enable more tests.
A few tests are now passing on FreeBSD, so no longer skip them.
[skip ci]
2019-12-16 13:30:53 +01:00
Daniel Stenberg
5eda54c0f0
azure: the macos cmake doesn't need to install cmake
Error: cmake 3.15.5 is already installed
 To upgrade to 3.16.1, run `brew upgrade cmake`.

Closes #4723
2019-12-16 10:11:49 +01:00
Jay Satiro
b0a9e3c28c winbuild: Document CURL_STATICLIB requirement for static libcurl
A static libcurl (ie winbuild mode=static) requires that the user define
CURL_STATICLIB when using it in their application. This is already
covered in the FAQ and INSTALL.md, but is a pretty important point so
now it's noted in the BUILD.WINDOWS.txt as well.

Assisted-by: Michael Vittiglio

Closes https://github.com/curl/curl/pull/4721
2019-12-15 17:31:23 -05:00
Santino Keupp
1d2d3feb21
libssh2: add support for ECDSA and ed25519 knownhost keys
... if a new enough libssh2 version is present.

Source: https://curl.haxx.se/mail/archive-2019-12/0023.html
Co-Authored-by: Daniel Stenberg
Closes #4714
2019-12-15 23:03:39 +01:00