Commit Graph

11843 Commits

Author SHA1 Message Date
Daniel Stenberg
5372ee37d3
mqtt: extend the error message for no topic
... and mention that it needs URL encoding.

Reported-by: Peter Körner
Fixes #7316
Closes #7317
2021-06-30 15:02:24 +02:00
Daniel Stenberg
e6caaa41b0
formdata: correct typecast in curl_mime_data call
Coverity pointed out it the mismatch. CID 1486590

Closes #7327
2021-06-30 15:00:00 +02:00
Daniel Stenberg
81cc2e48da
url: (void)-prefix a curl_url_get() call
Coverity (CID 1486645) pointed out a use of curl_url_get() in the
parse_proxy function where the return code wasn't checked. A
(void)-prefix makes the intention obvious.

Closes #7320
2021-06-30 14:58:47 +02:00
Daniel Stenberg
97fa671a73
vtls: use free() not curl_free()
curl_free() is provided for users of the API to free returned data,
there's no need to use it internally.

Closes #7318
2021-06-30 13:50:18 +02:00
Jay Satiro
ca8893468f http: fix crash in rate-limited upload
- Don't set the size of the piece of data to send to the rate limit if
  that limit is larger than the buffer size that will hold the piece.

Prior to this change if CURLOPT_MAX_SEND_SPEED_LARGE
(curl tool: --limit-rate) was set then it was possible that a temporary
buffer used for uploading could be written to out of bounds. A likely
scenario for this would be a non-trivial amount of post data combined
with a rate limit larger than CURLOPT_UPLOAD_BUFFERSIZE (default 64k).

The bug was introduced in 24e469f which is in releases since 7.76.0.

perl -e "print '0' x 200000" > tmp
curl --limit-rate 128k -d @tmp httpbin.org/post

Reported-by: Richard Marion

Fixes https://github.com/curl/curl/issues/7308
Closes https://github.com/curl/curl/pull/7315
2021-06-29 15:18:08 -04:00
Daniel Stenberg
4aed7a1923
openssl: avoid static variable for seed flag
Avoid the race condition risk by instead storing the "seeded" flag in
the multi handle. Modern OpenSSL versions handle the seeding itself so
doing the seeding once per multi-handle instead of once per process is
less of an issue.

Reported-by: Gerrit Renker
Fixes #7296
Closes #7306
2021-06-29 14:18:15 +02:00
Andrei Rybak
278b46751e misc: fix typos in comments which repeat a word
Fix typos in code comments which repeat various words.  In trivial
cases, just delete the repeated word.  Reword the affected sentence in
"lib/url.c" for it to make sense.

Closes #7303
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
2021-06-28 12:41:56 +02:00
Richard Whitehouse
0842175fa4
multi: alter transfer timeout ordering
- Check whether a connection has succeded before checking whether it's
  timed out.

  This means if we've connected quickly, but subsequently been
  descheduled, we allow the connection to succeed. Note, if we timeout,
  but between checking the timeout, and connecting to the server the
  connection succeeds, we will allow it to go ahead. This is viewed as
  an acceptable trade off.

- Add additional failf logging around failed connection attempts to
  propogate the cause up to the caller.

Co-Authored-by: Martin Howarth
Closes #7178
2021-06-24 15:51:39 +02:00
Daniel Stenberg
9accc48850
multi: do not switch off connect_only flag when closing
... as it made protocol specific disconnect commands wrongly get used.

Bug: https://curl.se/mail/lib-2021-06/0024.html
Reported-by: Aleksander Mazur
Closes #7288
2021-06-24 09:07:34 +02:00
Daniel Stenberg
a629506d42
http: make the haproxy support work with unix domain sockets
... it should then pass on "PROXY UNKNOWN" since it doesn't know the
involved IP addresses.

Reported-by: Valentín Gutiérrez
Fixes #7290
Closes #7291
2021-06-24 09:01:49 +02:00
Bachue Zhou
a8472bb8ea
quiche: use send() instead of sendto() to avoid macOS issue
sendto() always returns "Socket is already connected" error on macos

Closes #7260
2021-06-21 14:54:51 +02:00
Li Xinwei
30e491e5c9
cmake: fix support for UnixSockets feature on Win32
Move the definition of sockaddr_un struct from config-win32.h to
curl_setup.h, so that it could be shared by all build systems.

Add ADDRESS_FAMILY typedef for old mingw, now old mingw can also use
unix sockets.

Also fix the build of tests/server/sws.c on Win32 when USE_UNIX_SOCKETS
is defined.

Closes #7034
2021-06-21 14:52:27 +02:00
Gregory Muchka
62be096085
hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies
From Apples documentation on SCDynamicStoreCopyProxies, "Return Value: A
dictionary of key-value pairs that represent the current internet proxy
settings, or NULL if no proxy settings have been defined or if an error
occurred. You must release the returned value."

Failure to release the returned value of SCDynamicStoreCopyProxies can
result in a memory leak.

Source: https://developer.apple.com/documentation/systemconfiguration/1517088-scdynamicstorecopyproxies

Closes #7265
2021-06-21 14:05:49 +02:00
Jay Satiro
b31d9ccfc2 vtls: fix warning due to function prototype mismatch
b09c8ee changed the function prototype. Caught by Visual Studio.
2021-06-21 01:59:05 -04:00
Jay Satiro
765e060796 curl_multibyte: Remove local encoding fallbacks
- If the UTF-8 to UTF-16 conversion fails in Windows Unicode builds then
  no longer fall back to assuming the string is in a local encoding.

Background:

Some functions in Windows Unicode builds must convert UTF-8 to UTF-16 to
pass to the Windows CRT API wide-character functions since in Windows
UTF-8 is not a valid locale (or at least 99% of the time right now).

Prior to this change if the Unicode encoding conversion failed then
libcurl would assume, for backwards compatibility with applications that
may have written their code for non-Unicode builds, attempt to convert
the string from local encoding to UTF-16.

That type of "best effort" could theoretically cause some type of
security or other problem if a string that was locally encoded was also
valid UTF-8, and therefore an unexpected UTF-8 to UTF-16 conversion
could occur.

Ref: https://github.com/curl/curl/pull/7246

Closes https://github.com/curl/curl/pull/7257
2021-06-21 01:57:16 -04:00
Daniel Stenberg
4331c6dceb
curl_endian: remove the unused Curl_write64_le function
The last usage was removed in cca455a36

Closes #7280
2021-06-20 23:38:32 +02:00
Daniel Stenberg
a6da296867
vtls: only store TIMER_APPCONNECT for non-proxy connect
Introducing a 'isproxy' argument to the connect function so that it
knows wether to store the time stamp or not.

Reported-by: Yongkang Huang
Fixes #7274
Closes #7274
2021-06-19 23:02:16 +02:00
Daniel Stenberg
bfa0309175
gnutls: set the preferred TLS versions in correct order
Regression since 781864bedb (curl 7.77.0)

Reported-by: civodul on github
Assisted-by: Nikos Mavrogiannopoulos
Fixes #7277
Closes #7278
2021-06-18 23:22:21 +02:00
Gergely Nagy
6f5ff0ee04
configure/cmake: remove checks for unused gethostbyaddr and gethostbyaddr_r
Closes #7276
2021-06-18 13:52:21 +02:00
Gergely Nagy
f471efa78c
configure/cmake: remove checks for unused inet_ntoa and inet_ntoa_r
Closes #7276
2021-06-18 13:52:18 +02:00
Gergely Nagy
e92603289a
configure/cmake: remove unused define HAVE_PERROR
Closes #7276
2021-06-18 13:52:16 +02:00
Gergely Nagy
343e6beda3
configure/cmake: remove unused define HAVE_FREEIFADDRS
Closes #7276
2021-06-18 13:52:10 +02:00
Gergely Nagy
9bf0e7b2ef
configure/cmake: remove unused define HAVE_FORK
Closes #7276
2021-06-18 13:52:08 +02:00
Gergely Nagy
4e03d45bf9
configure/cmake: remove unused define HAVE_FDOPEN
Closes #7276
2021-06-18 13:52:05 +02:00
Gergely Nagy
a407a82d0b
configure/cmake: remove checks for unused sgtty.h
Closes #7276
2021-06-18 13:52:02 +02:00
Gergely Nagy
8c24cf5238
configure/cmake: remove remaining checks for rsa.h
Closes #7276
2021-06-18 13:51:59 +02:00
Gergely Nagy
baae00f66b
configure/cmake: remove remaining checks for err.h
Closes #7276
2021-06-18 13:51:57 +02:00
Gergely Nagy
376d2380d2
configure/cmake: remove remaining checks for crypto.h
Closes #7276
2021-06-18 13:51:54 +02:00
Gergely Nagy
67af0f7eae
configure/cmake: remove checks for unused getservbyport_r
Closes #7276
2021-06-18 13:51:45 +02:00
Daniel Stenberg
fa34353d07
libssh2: limit time a disconnect can take to 1 second
Closes #7271
2021-06-17 17:06:31 +02:00
Daniel Stenberg
720b4a1a43
TLS: prevent shutdown loops to get stuck
... by making sure the loops are only allowed to read the shutdown
traffic a limited number of times.

Reported-by: Harry Sintonen
Closes #7271
2021-06-17 17:06:21 +02:00
Daniel Stenberg
80e1054fe5
hyper: propagate errors back up from read callbacks
Makes test 513 work with hyper

Closes #7266
2021-06-17 08:19:31 +02:00
Viktor Szakats
2026124691
idn: fix libidn2 with windows unicode builds
Unicode Windows builds use UTF-8 strings internally in libcurl,
so make sure to call the UTF-8 flavour of the libidn2 API. Also
document that Windows builds with libidn2 and UNICODE do expect
CURLOPT_URL as an UTF-8 string.

Reported-by: dEajL3kA on github
Assisted-by: Jay Satiro
Reviewed-by: Marcel Raad
Closes #7246
Fixes #7228
2021-06-15 12:10:48 +00:00
Daniel Stenberg
b67d3ba73e
curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE
They were never officially allowed and slipped in only due to sloppy
parsing. Spaces (ascii 32) should be correctly encoded (to %20) before
being part of a URL.

The new flag bit CURLU_ALLOW_SPACE when a full URL is set, makes libcurl
allow spaces.

Updated test 1560 to verify.

Closes #7073
2021-06-15 10:49:49 +02:00
Jay Satiro
c6cac5a96c http2: Clarify 'Using HTTP2' verbose message
- Change phrasing from multi-use to multiplexing since the former may
  not be as well understood.

Before: * Using HTTP2, server supports multi-use

After: * Using HTTP2, server supports multiplexing

Bug: https://github.com/curl/curl/discussions/7255
Reported-by: David Hu

Closes https://github.com/curl/curl/pull/7258
2021-06-15 03:18:45 -04:00
Jacob Hoffman-Andrews
8fa0a298c6
rustls: remove native_roots fallback
For the commandline tool, we expect to be passed
SSL_CONN_CONFIG(CAfile); for library use, the use should pass a set of
trusted roots (like in other TLS backends).

This also removes a dependency on Security.framework when building on
macOS.

Closes #7250
2021-06-14 11:01:41 +02:00
Daniel Stenberg
bbbc5de93f
netrc: skip 'macdef' definitions
Add test 494 to verify

Reported-by: Harry Sintonen
Fixes #7238
Closes #7244
2021-06-13 23:44:41 +02:00
Daniel Stenberg
77bc35901f
multi: add scan-build-6 work-around in curl_multi_fdset
scan-build-6 otherwise warns, saying: warning: The left operand of '>='
is a garbage value otherwise, which is false.

Later scan-builds don't claim this on the same code.

Closes #7248
2021-06-13 23:43:01 +02:00
Daniel Stenberg
c4b8ec495d
asyn-ares: remove check for 'data' in Curl_resolver_cancel
It implied it would survive a NULL in there which it won't. Instead do
an assert.

Pointed out by scan-build.

Closes #7248
2021-06-13 23:42:57 +02:00
Daniel Stenberg
73f52ad763
url.c: remove two variable assigns that are never read
Pointed out by scan-build

Closes #7248
2021-06-13 23:42:46 +02:00
Gealber Morales
791937b881
mqtt: add support for username and password
Minor-edits-by: Daniel Stenberg
Added test 2200 to 2205

Closes #7243
2021-06-12 23:50:13 +02:00
Daniel Stenberg
a5adf8cb14
openssl: don't remove session id entry in disassociate
When a connection is disassociated from a transfer, the Session ID entry
should remain.

Regression since 7f4a9a9 (shipped in libcurl 7.77.0)
Reported-by: Gergely Nagy
Reported-by: Paul Groke

Fixes #7222
Closes #7230
2021-06-11 12:52:55 +02:00
Daniel Stenberg
14a2ca85ec
conn_shutdown: if closed during CONNECT cleanup properly
Reported-by: Alex Xu
Reported-by: Phil E. Taylor

Fixes #7236
Closes #7237
2021-06-11 12:43:53 +02:00
Mark Swaanenburg
d293bf4a78
lib: don't compare fd to FD_SETSIZE when using poll
FD_SETSIZE is irrelevant when using poll. So ensuring that the file
descriptor is smaller than FD_SETSIZE in VALID_SOCK, can cause
multi_wait to ignore perfectly valid file descriptors and simply wait
for 1s to avoid hammering the CPU in a busy loop.

Fixes #7240
Closes #7241
2021-06-11 10:33:32 +02:00
zhangxiuhua
23eef2394c
doh: fix wrong DEBUGASSERT for doh private_data
Closes #7227
2021-06-10 16:13:13 +02:00
Daniel Stenberg
71da3f8307
configure: disable RTSP when hyper is selected
Makes test 1013 work

Closes #7209
2021-06-10 08:42:46 +02:00
Daniel Stenberg
c214a6a17b
c-hyper: abort CONNECT response reading early on non 2xx responses
Fixes test 493

Closes #7209
2021-06-10 08:42:27 +02:00
Daniel Stenberg
372361f6ca
c-hyper: fix the uploaded field in progress callbacks
Makes test 578 work

Closes #7209
2021-06-10 08:42:15 +02:00
Jun-ya Kato
a3a298da5e
ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS
The latest GnuTLS-3.7.2 implements disable switch for TLSv1.3 compatible
mode for middle box but it is enabled by default, which is unnecessary
for QUIC.

Fixes #6896
Closes #7202
2021-06-08 16:10:39 +02:00
Daniel Gustafsson
1bd4b3f4e2 cookies: track expiration in jar to optimize removals
Removing expired cookies needs to be a fast operation since we want to
be able to perform it often and speculatively. By tracking the timestamp
of the next known expiration we can exit early in case the timestamp is
in the future.

Closes: #7172
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2021-06-08 09:31:19 +02:00