Commit Graph

23694 Commits

Author SHA1 Message Date
Daniel Stenberg
66dc1570db
symbols-in-versions: add missing CURLU_ symbols
...and fix symbol-scan.pl to also scan urlapi.h

Reported-by: Alexey Melnichuk
Fixes #3226
Closes #3230
2018-11-04 23:15:12 +01:00
Daniel Gustafsson
c37b66aaae infof: clearly indicate truncation
The internal buffer in infof() is limited to 2048 bytes of payload plus
an additional byte for NULL termination. Servers with very long error
messages can however cause truncation of the string, which currently
isn't very clear, and leads to badly formatted output.

This appends a "...\n" (or just "..." in case the format didn't with a
newline char) marker to the end of the string to clearly show
that it has been truncated.

Also include a unittest covering infof() to try and catch any bugs
introduced in this quite important function.

Closes #3216
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-11-03 20:54:18 +01:00
Michael Kaufmann
d82a17ad85 tool_getparam: fix some comments 2018-11-03 17:25:10 +01:00
Daniel Stenberg
226cfa8264
url: a short host name + port is not a scheme
The function identifying a leading "scheme" part of the URL considered a few
letters ending with a colon to be a scheme, making something like "short:80"
to become an unknown scheme instead of a short host name and a port number.

Extended test 1560 to verify.

Reported-by: Hagai Auro
Fixes #3220
Closes #3223
2018-11-03 15:01:27 +01:00
Daniel Stenberg
b28094833a
URL: fix IPv6 numeral address parser
Regression from 46e164069d. Extended test 1560 to verify.

Reported-by: tpaukrt on github
Fixes #3218
Closes #3219
2018-11-03 00:14:04 +01:00
Daniel Stenberg
6987e3730e
travis: remove curl before a normal build
on Linux. To make sure the test suite runs with its newly build tool and
doesn't require an external one present.

Bug: #3198
Closes #3200
2018-11-02 15:59:39 +01:00
Tim Rühsen
e4f2a5bc1b
mprintf: avoid unsigned integer overflow warning
The overflow has no real world impact.
Just avoid it for "best practice".

Code change suggested by "The Infinnovation Team" and Daniel Stenberg.
Closes #3184
2018-11-02 11:07:04 +01:00
Daniel Stenberg
2c5ec339ea
Curl_follow: accept non-supported schemes for "fake" redirects
When not actually following the redirect and the target URL is only
stored for later retrieval, curl always accepted "non-supported"
schemes. This was a regression from 46e164069d.

Reported-by: Brad King
Fixes #3210
Closes #3215
2018-11-02 09:50:44 +01:00
Daniel Gustafsson
a4653a7fa2 openvms: fix example name
Commit efc696a2e0 renamed persistant.c to persistent.c to
fix the typo in the name, but missed to update the OpenVMS package
files which still looked for the old name.

Closes #3217
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Viktor Szakats <commit@vszakats.net>
2018-11-02 08:59:01 +01:00
Daniel Stenberg
2dac26063a
configure: show CFLAGS, LDFLAGS etc in summary
To make it easier to understand other people's and remote builds etc.

Closes #3207
2018-11-01 11:58:06 +01:00
Daniel Stenberg
29db6bbf90
version: bump for next cycle 2018-11-01 11:02:49 +01:00
Daniel Stenberg
302d125b42
axtls: removed
As has been outlined in the DEPRECATE.md document, the axTLS code has
been disabled for 6 months and is hereby removed.

Use a better supported TLS library!

Assisted-by: Daniel Gustafsson
Closes #3194
2018-11-01 10:29:53 +01:00
marcosdiazr
7f4c358541
schannel: make CURLOPT_CERTINFO support using Issuer chain
Closes #3197
2018-11-01 10:21:51 +01:00
Daniel Stenberg
58d04252e1
travis: build with sanitize=address,undefined,signed-integer-overflow
... using clang

Closes #3190
2018-11-01 09:44:59 +01:00
Daniel Stenberg
832661b3a7
schannel: use Curl_ prefix for global private symbols
Curl_verify_certificate() must use the Curl_ prefix since it is globally
available in the lib and otherwise steps outside of our namespace!

Closes #3201
2018-11-01 09:39:45 +01:00
Kamil Dudka
fc2c9a9614 tests: drop http_pipe.py script no longer used
It is unused since commit f7208df7d9.

Closes #3204
2018-11-01 09:13:47 +01:00
Daniel Stenberg
8effa8c2b0
runtests: use the local curl for verifying
... revert the mistaken change brought in commit 8440616f53.

Reported-by: Alessandro Ghedini
Bug: https://curl.haxx.se/mail/lib-2018-10/0118.html

Closes #3198
2018-10-31 13:48:56 +01:00
Daniel Stenberg
196677150f
RELEASE-NOTES: 7.62.0 2018-10-30 17:54:00 +01:00
Daniel Stenberg
bbed10da65
THANKS: 7.62.0 status 2018-10-30 17:53:59 +01:00
Daniel Gustafsson
1460e89e01 vtls: add MesaLink to curl_sslbackend enum
MesaLink support was added in commit 57348eb97d but the
backend was never added to the curl_sslbackend enum in curl/curl.h.
This adds the new backend to the enum and updates the relevant docs.

Closes #3195
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-30 16:56:51 +01:00
Ruslan Baratov
98d9a33de4
cmake: Remove unused CURL_CONFIG_HAS_BEEN_RUN_BEFORE variable
Closes #3191
2018-10-30 11:23:00 +01:00
Daniel Stenberg
350306e472
test2080: verify the fix for CVE-2018-16842 2018-10-30 07:47:50 +01:00
Daniel Stenberg
d530e92f59
voutf: fix bad arethmetic when outputting warnings to stderr
CVE-2018-16842
Reported-by: Brian Carpenter
Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
2018-10-30 07:47:25 +01:00
Tuomo Rinne
e97679a360
cmake: uniform ZLIB to use USE_ variable and clean curl-config.cmake.in
Closes #3123
2018-10-29 17:10:31 +01:00
Tuomo Rinne
dd98c1f34b
cmake: add find_dependency call for ZLIB to CMake config file 2018-10-29 17:10:27 +01:00
Tuomo Rinne
fc0672b447
cmake: add support for transitive ZLIB target 2018-10-29 17:10:24 +01:00
Daniel Stenberg
5728229a4f
unit1650: fix "null pointer passed as argument 1 to memcmp"
Detected by UndefinedBehaviorSanitizer

Closes #3187
2018-10-29 16:14:40 +01:00
Daniel Stenberg
0c9b09dff4
travis: add a "make tidy" build that runs clang-tidy
Closes #3182
2018-10-29 08:11:33 +01:00
Daniel Stenberg
0b58ffe0c9
unit1300: fix stack-use-after-scope AddressSanitizer warning
Closes #3186
2018-10-29 08:05:23 +01:00
Daniel Stenberg
f3a24d7916
Curl_auth_create_plain_message: fix too-large-input-check
CVE-2018-16839
Reported-by: Harry Sintonen
Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
2018-10-29 08:05:23 +01:00
Daniel Stenberg
81d135d671
Curl_close: clear data->multi_easy on free to avoid use-after-free
Regression from b46cfbc068 (7.59.0)
CVE-2018-16840
Reported-by: Brian Carpenter (Geeknik Labs)

Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
2018-10-29 08:05:23 +01:00
randomswdev
9d8dad1a9d
system.h: use proper setting with Sun C++ as well
system.h selects the proper Sun settings when __SUNPRO_C is defined. The
Sun compiler does not define it when compiling C++ files.  I'm adding a
check also on __SUNPRO_CC to allow curl to work properly also when used
in a C++ project on Sun Solaris.

Closes #3181
2018-10-27 16:07:24 +02:00
Daniel Stenberg
75b94d77e8
rand: add comment to skip a clang-tidy false positive 2018-10-27 15:59:44 +02:00
Daniel Stenberg
a669e06946
test1651: unit test Curl_extract_certinfo()
The version used for Gskit, NSS, GnuTLS, WolfSSL and schannel.
2018-10-27 15:59:43 +02:00
Daniel Stenberg
feea1259e4
x509asn1: always check return code from getASN1Element() 2018-10-27 15:59:43 +02:00
Daniel Stenberg
be20814191
Makefile: add 'tidy' target that runs clang-tidy
Available in the root, src and lib dirs.

Closes #3163
2018-10-27 15:59:38 +02:00
Daniel Stenberg
803496fa10
RELEASE-PROCEDURE: adjust the release dates
See: https://curl.haxx.se/mail/lib-2018-10/0107.html
2018-10-27 15:14:51 +02:00
Patrick Monnerat
c335b7f1f7 x509asn1: suppress left shift on signed value
Use an unsigned variable: as the signed operation behavior is undefined,
this change silents clang-tidy about it.

Ref: https://github.com/curl/curl/pull/3163
Reported-By: Daniel Stenberg
2018-10-27 15:04:50 +02:00
Michael Kaufmann
3793761a37 multi: Fix error handling in the SENDPROTOCONNECT state
If Curl_protocol_connect() returns an error code,
handle the error instead of switching to the next state.

Closes #3170
2018-10-27 13:03:50 +02:00
Daniel Stenberg
4441d3c548
RELEASE-NOTES: synced 2018-10-27 11:14:13 +02:00
Daniel Stenberg
44a9e9f80f
openssl: output the correct cipher list on TLS 1.3 error
When failing to set the 1.3 cipher suite, the wrong string pointer would
be used in the error message. Most often saying "(nil)".

Reported-by: Ricky-Tigg on github
Fixes #3178
Closes #3180
2018-10-27 10:46:38 +02:00
Daniel Stenberg
067992baa7
docs/CIPHERS: fix the TLS 1.3 cipher names
... picked straight from the OpenSSL man page:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html

Reported-by: Ricky-Tigg on github
Bug: #3178
2018-10-27 10:46:36 +02:00
Marcel Raad
ac85e49d7a
travis: install gnutls-bin package
This is required for gnutls-serv, which enables a few more tests.

Closes https://github.com/curl/curl/pull/2958
2018-10-27 08:41:18 +02:00
Daniel Gustafsson
5c8c310edb ssh: free the session on init failures
Ensure to clear the session object in case the libssh2 initialization
fails.

It could be argued that the libssh2 error function should be called to
get a proper error message in this case. But since the only error path
in libssh2_knownhost_init() is memory a allocation failure it's safest
to avoid since the libssh2 error handling allocates memory.

Closes #3179
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-26 15:39:15 +02:00
Daniel Stenberg
a0c2779d61
docs/RELEASE-PROCEDURE: remove old entries, modify the Dec 2018 date
... I'm moving it up one week due to travels. The rest stays.
2018-10-26 14:12:44 +02:00
Daniel Gustafsson
68348461dc
openssl: make 'done' a proper boolean
Closes #3176
2018-10-26 13:51:25 +02:00
Daniel Stenberg
ebfe02f73c
gtls: Values stored to but never read
Detected by clang-tidy

Closes #3176
2018-10-26 13:51:07 +02:00
Alexey Eremikhin
bbce45fb00
curl.1: --ipv6 mutexes ipv4 (fixed typo)
Fixes #3171
Closes #3172
2018-10-26 08:45:08 +02:00
Daniel Stenberg
ae925ddcc3
tool_main: make TerminalSettings static
Reported-by: Gisle Vanem
Bug: becfe1233f (commitcomment-31008819)
Closes #3161
2018-10-26 00:59:50 +02:00
Daniel Stenberg
abfdf6a0b7
curl-config.in: remove dependency on bc
Reported-by: Dima Pasechnik
Fixes #3143
Closes #3174
2018-10-26 00:06:19 +02:00