Commit 709ae2454f added a fake hostname to avoid leaking the local
hostname, but omitted copying it to the host buffer. Fix by copying
and adjust the test fallout.
Closes: #8895Fixes: #8893
Reported-by: Patrick Monnerat <patrick@monnerat.net>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Allow curl to send larger UDP datagram if Path MTU Discovery finds the
availability of larger path MTU. To make it work and not to send
fragmented packet, we need to set DF bit. That makes send(2) fail with
EMSGSIZE if UDP datagram is too large. In that case, just let it be
lost. This patch enables DF bit for Linux only.
Closes#8883
The NTLM protocol includes providing the local host name, but apparently
other implementations already provide a fixed fake name instead to avoid
leaking the real local name.
The exact name used is 'WORKSTATION', because Firefox uses that.
The change is written to allow someone to "back-pedal" fairly easy in
case of need.
Reported-by: Carlo Alberto
Fixes#8859Closes#8889
- -DOPENSSL_NO_KRB5: No longer used by OpenSSL 1.1.x, 3.x, or
LibreSSL 3.5.x, yet it collides with the latter, which defines
it unconditionally, resulting in this warning:
../../libressl/include/openssl/opensslfeatures.h:14:9: warning: 'OPENSSL_NO_KRB5' macro redefined [-Wmacro-redefined]
It was originally added to curl in 2004.
- -DHAVE_OPENSSL_PKCS12_H: No longer used by OpenSSL 1.1.x, 3.x, or
LibreSSL back to at least 2.5.5. Originally added in the same
commit as the above, in 2004.
Closes#8884
Usage:
curl -x "socks5h://localhost/run/tor/socks" "https://example.com"
Updated runtests.pl to run a socksd server listening on unix socket
Added tests test1467 test1468
Added documentation for proxy command line option and socks proxy
options
Closes#8668
Lookup tables for toupper() and tolower() make Curl_strcasecompare()
about 1.5 times faster. Reorganising Curl_strcasecompare() to fully exit
early then also allows simplifying the check at the end, for another
15%. In total, the changes make Curl_strcasecompare() around 1.6 to 1.7
times faster.
Note that these optimisation assume ASCII. The original
Curl_raw_toupper() and raw_tolower() look like they already made that
assumption.
Closes#8875
This change removes adding an include `$prefix/wolfssl` or similar to
allow for openssl include aliasing. Include paths of `wolfssl/openssl/`
are used to explicitly use wolfSSL includes. This fixes cmake builds as
well as avoiding potentially using openSSL headers since include path
order is not guaranteed.
Closes#8864
These two options were only ever used for the OpenSSL backend for
versions before 1.1.0. They were never used for other backends and they
are not used with recent OpenSSL versions. They were never used much by
applications.
The defines RANDOM_FILE and EGD_SOCKET can still be set at build-time
for ancient EOL OpenSSL versions.
Closes#8670
Earlier if CURLOPT_LOCALPORT + CURLOPT_LOCALPORTRANGE would go past port
65535 the code would fall back to random port rather than giving up.
Closes#8862
Commit 0ef54abf52 accidentally used the conn variable before the
assertion for it being NULL. Fix by moving the assignment which use
conn to after the assertion.
Closes: #8857
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Add Curl_quic_idle which is called when no HTTP level read or write is
performed. It is a good place to handle timer expiry for QUIC transport
(.e.g, retransmission).
Closes#8698
SecTrustEvaluateAsync() is defined in the macOS 10.7 SDK, but it
requires Grand Central Dispatch to be supported by the compiler, and
some third-party macOS compilers do not support Grand Central Dispatch.
SecTrustCopyPublicKey() is not present in macOS 10.6, so this shouldn't
adversely affect anything.
Fixes#8846
Reported-by: Egor Pugin
Closes#8854
Accessing local variables outside of the scope is forbidden and
depending on the compiler can result in the value being
overwritten. Fixed by moving the pwbuf to be in scope.
Closes#8850
Explicitly initialize gss_buffer_desc strings such that a call to
freeing resources will succeed even if no data has been allocated
to it.
Reported-by: Jay Satiro <raysatiro@yahoo.com>
In case gss_display_status() returns an error, avoid trying to add
it to the buffer as the message may well be a NULL pointer.
Originally this fix comes from a discussion in issue #8816.
Closes: #8832
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
We need to check if the strchr() call returns NULL (due to missing
char) before we use the returned value in arithmetic. There is no
live bug here, but fixing it before it can become for hygiene.
Closes: #8814
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
We have lots of unchecked msnprintf calls, and this particular msnprintf
call isn't more interesting than the others, but this one yields a Coverity
warning so let's implicitly silence it. Going over the other invocations
is probably a worthwhile project, but for now let's keep the static
analyzers happy.
Closes: #8831
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
The check for a dot in the domain must not consider a single trailing
dot to be fine, as then TLD + trailing dot is fine and curl will accept
setting cookies for it.
CVE-2022-27779
Reported-by: Axel Chong
Bug: https://curl.se/docs/CVE-2022-27779.htmlCloses#8820
