Commit Graph

9901 Commits

Author SHA1 Message Date
Vladimir Kotal
9ff67f7b00
mk-ca-bundle.pl: leave certificate name untouched in decode()
Closes #2640
2018-06-08 09:37:56 +02:00
Viktor Szakats
4bd91bc474 spelling fixes
Detected using the `codespell` tool (version 1.13.0).

Also secure and fix an URL.
2018-06-03 12:14:45 +00:00
Daniel Stenberg
71c39f2965
axtls: follow-up spell fix of comment 2018-06-02 13:40:41 +02:00
Daniel Stenberg
9f89cd5ae4
axTLS: not considered fit for use
URL: https://curl.haxx.se/mail/lib-2018-06/0000.html

This is step one. It adds #error statements that require source edits to
make curl build again if asked to use axTLS. At a later stage we might
remove the axTLS specific code completely.

Closes #2628
2018-06-02 11:27:39 +02:00
Daniel Stenberg
aca1aba0bd
build: remove the Borland specific makefiles
According to the user survey 2018, not even one out of 670 users use
them. Nobody on the mailing list spoke up for them either.

Closes #2629
2018-06-02 11:23:40 +02:00
Daniel Stenberg
5712806785
curl_addrinfo: use same #ifdef conditions in source as header
... for curl_dofreeaddrinfo
2018-06-01 14:40:35 +02:00
Daniel Stenberg
923ce4a590
multi: remove a DEBUGF()
... it might call infof() with a NULL first argument that isn't harmful
but makes it not do anything. The infof() line is not very useful
anymore, it has served it purpose. Good riddance!

Fixes #2627
2018-06-01 12:55:41 +02:00
Alibek.Jorajev
f66d97b677
CURLOPT_RESOLVE: always purge old entry first
If there's an existing entry using the selected name.

Closes #2622
2018-06-01 12:47:52 +02:00
Daniel Stenberg
a115c6bbe7
fnmatch: use the system one if available
If configure detects fnmatch to be available, use that instead of our
custom one for FTP wildcard pattern matching. For standard compliance,
to reduce our footprint and to use already well tested and well
exercised code.

A POSIX fnmatch behaves slightly different than the internal function
for a few test patterns currently and the macOS one yet slightly
different. Test case 1307 is adjusted for these differences.

Closes #2626
2018-06-01 12:29:21 +02:00
Bernhard Walle
9c33813d83
configure: check for declaration of getpwuid_r
On our x86 Android toolchain, getpwuid_r is implemented but the header
is missing:

 netrc.c:81:7: error: implicit declaration of function 'getpwuid_r' [-Werror=implicit-function-declaration]

Unfortunately, the function is used in curl_ntlm_wb.c, too, so I moved
the prototype to curl_setup.h.

Signed-off-by: Bernhard Walle <bernhard@bwalle.de>
Closes #2609
2018-05-31 12:51:15 +02:00
Rikard Falkeborn
8ea5d41fe0
strictness: correct {infof, failf} format specifiers
Closes #2623
2018-05-31 11:34:32 +02:00
Björn Stenberg
946ce5b61f
option: disallow username in URL
Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes
libcurl reject URLs with a username in them.

Closes #2340
2018-05-31 11:27:16 +02:00
Daniel Stenberg
050c93c46f
setopt: add TLS 1.3 ciphersuites
Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS.

curl: added --tls13-ciphers and --proxy-tls13-ciphers

Fixes #2435
Reported-by: zzq1015 on github
Closes #2607
2018-05-29 16:12:52 +02:00
Daniel Stenberg
6482773d30
fnmatch: insist on escaped bracket to match
A non-escaped bracket ([) is for a character group - as documented. It
will *not* match an individual bracket anymore. Test case 1307 updated
accordingly to match.

Problem detected by OSS-Fuzz, although this fix is probably not a final
fix for the notorious timeout issues.

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8525
Closes #2614
2018-05-28 23:57:31 +02:00
Patrick Monnerat
8541d02c96 psl: use latest psl and refresh it periodically
The latest psl is cached in the multi or share handle. It is refreshed
before use after 72 hours.
New share lock CURL_LOCK_DATA_PSL controls the psl cache sharing.
If the latest psl is not available, the builtin psl is used.

Reported-by: Yaakov Selkowitz
Fixes #2553
Closes #2601
2018-05-28 20:37:14 +02:00
Bernhard Walle
645948dffb
cmake: check for getpwuid_r
The autotools-based build system does it, so we do it also in CMake.

Bug: #2609
Signed-off-by: Bernhard Walle <bernhard@bwalle.de>
2018-05-28 15:23:18 +02:00
ralcock
45eefbd0dd
schannel: add failf calls for client certificate failures
Closes #2604
2018-05-27 23:30:23 +02:00
Alejandro R. Sedeño
d0f1d6c8fa
content_encoding: handle zlib versions too old for Z_BLOCK
Fallback on Z_SYNC_FLUSH when Z_BLOCK is not available.

Fixes #2606
Closes #2608
2018-05-25 10:04:08 +02:00
Daniel Stenberg
3e0dee065f
multi: provide a socket to wait for in Curl_protocol_getsock
... even when there's no protocol specific handler setup.

Bug: https://curl.haxx.se/mail/lib-2018-05/0062.html
Reported-by: Sean Miller
Closes #2600
2018-05-24 20:49:32 +02:00
Linus Lewandowski
239a7061f8
httpauth: add support for Bearer tokens
Closes #2102
2018-05-24 20:39:49 +02:00
Sergei Nikulov
2c0225e042 cmake: set -d postfix for debug builds if not specified
using -DCMAKE_DEBUG_POSTFIX explicitly

       fixes #2121, obsoletes #2384
2018-05-24 17:25:41 +03:00
Patrick Monnerat
09d16af49a http resume: skip body if http code 416 (range error) is ignored.
This avoids appending error data to already existing good data.

Test 92 is updated to match this change.
New test 1156 checks all combinations of --range/--resume, --fail,
Content-Range header and http status code 200/416.

Fixes #1163
Reported-By: Ithubg on github
Closes #2578
2018-05-22 13:23:02 +02:00
Daniel Stenberg
2e65a92052
tftp: make sure error is zero terminated before printfing it 2018-05-22 10:10:39 +02:00
Johannes Schindelin
aa0f41a5fc schannel: make CAinfo parsing resilient to CR/LF
OpenSSL has supported --cacert for ages, always accepting LF-only line
endings ("Unix line endings") as well as CR/LF line endings ("Windows
line endings").

When we introduced support for --cacert also with Secure Channel (or in
cURL speak: "WinSSL"), we did not take care to support CR/LF line
endings, too, even if we are much more likely to receive input in that
form when using Windows.

Let's fix that.

Happily, CryptQueryObject(), the function we use to parse the ca-bundle,
accepts CR/LF input already, and the trailing LF before the END
CERTIFICATE marker catches naturally any CR/LF line ending, too. So all
we need to care about is the BEGIN CERTIFICATE marker. We do not
actually need to verify here that the line ending is CR/LF. Just
checking for a CR or an LF is really plenty enough.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes https://github.com/curl/curl/pull/2592
2018-05-22 02:29:55 -04:00
Daniel Stenberg
cb529b713f
checksrc: make sure sizeof() is used *with* parentheses
... and unify the source code to adhere.

Closes #2563
2018-05-21 23:21:47 +02:00
Daniel Stenberg
404c8850da
curl_fnmatch: only allow two asterisks for matching
The previous limit of 5 can still end up in situation that takes a very
long time and consumes a lot of CPU.

If there is still a rare use case for this, a user can provide their own
fnmatch callback for a version that allows a larger set of wildcards.

This commit was triggered by yet another OSS-Fuzz timeout due to this.
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8369

Closes #2587
2018-05-18 23:33:44 +02:00
Aleks
e05ad5dd99
docs: mention HAproxy protocol "version 1"
...as there's also a version 2.

Closes #2579
2018-05-18 17:48:40 +02:00
Philip Prindeville
ce2140a8c1
getinfo: add microsecond precise timers for various intervals
Provide a set of new timers that return the time intervals using integer
number of microseconds instead of floats.

The new info names are as following:

CURLINFO_APPCONNECT_TIME_T
CURLINFO_CONNECT_TIME_T
CURLINFO_NAMELOOKUP_TIME_T
CURLINFO_PRETRANSFER_TIME_T
CURLINFO_REDIRECT_TIME_T
CURLINFO_STARTTRANSFER_TIME_T
CURLINFO_TOTAL_TIME_T

Closes #2495
2018-05-17 13:41:04 +02:00
Daniel Stenberg
c5fe86804c
openssl: acknowledge --tls-max for default version too
... previously it only used the max setting if a TLS version was also
explicitly asked for.

Reported-by: byte_bucket
Fixes #2571
Closes #2572
2018-05-17 13:34:47 +02:00
Daniel Stenberg
f0c466dced
schannel_verify: fix build for non-schannel 2018-05-16 10:12:57 +02:00
Jay Satiro
4f9bbd3ac7 rand: fix typo 2018-05-16 02:21:06 -04:00
Jay Satiro
4584cc4499 schannel: disable manual verify if APIs not available
.. because original MinGW and old compilers do not have the Windows API
definitions needed to support manual verification.
2018-05-16 02:21:05 -04:00
Archangel_SDY
1592ea9792 schannel: disable client cert option if APIs not available
Original MinGW targets Windows 2000 by default, which lacks some APIs and
definitions for this feature. Disable it if these APIs are not available.

Closes https://github.com/curl/curl/pull/2522
2018-05-16 02:21:04 -04:00
steini2000
0055545705
http2: remove unused variable
Closes #2570
2018-05-14 23:14:04 +02:00
steini2000
d6dd322d7a
http2: use easy handle of stream for logging 2018-05-14 23:13:44 +02:00
Daniel Stenberg
c0f704dbae
gcc: disable picky gcc-8 function pointer warnings in two places
Reported-by: Rikard Falkeborn
Bug: #2560
Closes #2569
2018-05-14 23:09:51 +02:00
Daniel Stenberg
a5aa2bdf34
http2: use the correct function pointer typedef
Fixes gcc-8 picky compiler warnings
Reported-by: Rikard Falkeborn
Bug: #2560
Closes #2568
2018-05-14 12:44:20 +02:00
Rikard Falkeborn
b9446d18e7
ntlm: Fix format specifiers 2018-05-14 09:42:27 +02:00
Rikard Falkeborn
eb49683e55
lib: Fix format specifiers 2018-05-14 09:42:27 +02:00
Daniel Stenberg
7d6e01441a
http2: getsock fix for uploads
When there's an upload in progress, make sure to wait for the socket to
become writable.

Detected-by: steini2000 on github
Bug: #2520
Closes #2567
2018-05-14 08:22:46 +02:00
Daniel Stenberg
583b42cb3b
pingpong: fix response cache memcpy overflow
Response data for a handle with a large buffer might be cached and then
used with the "closure" handle when it has a smaller buffer and then the
larger cache will be copied and overflow the new smaller heap based
buffer.

Reported-by: Dario Weisser
CVE: CVE-2018-1000300
Bug: https://curl.haxx.se/docs/adv_2018-82c2.html
2018-05-14 07:40:31 +02:00
Daniel Stenberg
8c7b3737d2
http: restore buffer pointer when bad response-line is parsed
... leaving the k->str could lead to buffer over-reads later on.

CVE: CVE-2018-1000301
Assisted-by: Max Dymond

Detected by OSS-Fuzz.
Bug: https://curl.haxx.se/docs/adv_2018-b138.html
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105
2018-05-14 07:40:31 +02:00
Patrick Monnerat
1b55d270ad cookies: do not take cookie name as a parameter
RFC 6265 section 4.2.1 does not set restrictions on cookie names.
This is a follow-up to commit 7f7fcd0.
Also explicitly check proper syntax of cookie name/value pair.

New test 1155 checks that cookie names are not reserved words.

Reported-By: anshnd at github
Fixes #2564
Closes #2566
2018-05-13 01:23:10 +02:00
Daniel Stenberg
9cacc24630 smb: reject negative file sizes
Assisted-by: Max Dymond

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245
2018-05-12 22:24:25 +02:00
Daniel Stenberg
fe6b78b42d
setup_transfer: deal with both sockets being -1
Detected by Coverity; CID 1435559.  Follow-up to f8d608f38d. It would
index the array with -1 if neither index was a socket.
2018-05-11 23:56:37 +02:00
Sunny Purushe
18cbbb702c openssl: change FILE ops to BIO ops
To make builds with VS2015 work. Recent changes in VS2015 _IOB_ENTRIES
handling is causing problems. This fix changes the OpenSSL backend code
to use BIO functions instead of FILE I/O functions to circumvent those
problems.

Closes #2512
2018-05-10 16:30:32 +02:00
Daniel Stenberg
babd55e25f
vtls: fix missing commas
follow-up to e66cca046c
2018-05-04 23:02:57 +02:00
Daniel Stenberg
e66cca046c
vtls: use unified "supports" bitfield member in backends
... instead of previous separate struct fields, to make it easier to
extend and change individual backends without having to modify them all.

closes #2547
2018-05-04 22:31:19 +02:00
Daniel Stenberg
f8d608f38d
transfer: don't unset writesockfd on setup of multiplexed conns
Curl_setup_transfer() can be called to setup a new individual transfer
over a multiplexed connection so it shouldn't unset writesockfd.

Bug: #2520
Closes #2549
2018-05-04 22:30:32 +02:00
Daniel Stenberg
e9d9d1af8a
http: don't set the "rewind" flag when not uploading anything
It triggers an assert.

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8144
Closes #2546
2018-05-04 13:51:25 +02:00