Commit Graph

23129 Commits

Author SHA1 Message Date
Daniel Stenberg
27d7e511d5
CURLINFO_COOKIELIST.3: made the example not leak memory
Reported-by: Muz Dima
2018-03-20 23:18:23 +01:00
Daniel Stenberg
c1366571b6
vauth/cleartext: fix integer overflow check
Make the integer overflow check not rely on the undefined behavior that
a size_t wraps around on overflow.

Detected by lgtm.com
Closes #2408
2018-03-20 19:25:50 +01:00
Daniel Stenberg
f623ad65e8
lib/curl_path.h: add #ifdef header guard
Detected by lgtm.com
2018-03-20 15:00:09 +01:00
Daniel Stenberg
d7f0d2b823
vauth/ntlm.h: fix the #ifdef header guard
Detected by lgtm.com
2018-03-20 15:00:09 +01:00
Jay Satiro
712c916d94 examples/hiperfifo: checksrc compliance 2018-03-20 03:12:35 -04:00
Nikos Tsipinakis
ea233e5b4b
parsedate: support UT timezone
RFC822 section 5.2 mentions Universal Time, 'UT', to be synonymous with
GMT.

Closes #2401
2018-03-19 19:22:42 +01:00
Daniel Stenberg
bb790ca3a5
RELEASE-NOTES: synced 2018-03-19 09:21:18 +01:00
Don
d22e5e02a2
cmake: add support for brotli
Currently CMake cannot detect Brotli support. This adds detection of the
libraries and associated header files. It also adds this to the
generated config.

Closes #2392
2018-03-19 08:28:32 +01:00
Chris Araman
b7b2809a21 darwinssl: fix iOS build 2018-03-18 10:57:04 +01:00
Patrick Monnerat
f982e49f0c ILE/RPG binding: Add CURLOPT_HAPROXYPROTOCOL/Fix CURLOPT_DNS_SHUFFLE_ADDRESSES 2018-03-18 01:47:05 +01:00
Rick Deist
d95f3dc0b1
resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSES
This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request
shuffling of IP addresses returned for a hostname when there is more
than one. This is useful when the application knows that a round robin
approach is appropriate and is willing to accept the consequences of
potentially discarding some preference order returned by the system's
implementation.

Closes #1694
2018-03-17 20:44:14 +01:00
Daniel Stenberg
fb4f568b1e
add_handle/easy_perform: clear errorbuffer on start if set
To offer applications a more defined behavior, we clear the buffer as
early as possible.

Assisted-by: Jay Satiro

Fixes #2190
Closes #2377
2018-03-17 12:07:37 +01:00
Lawrence Matthews
6baeb6df35
CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocol
Add --haproxy-protocol for the command line tool

Closes #2162
2018-03-17 11:50:06 +01:00
Daniel Stenberg
9572831b04
curl_version_info.3: fix ssl_version description
Reported-by: Vincas Razma
Fixes #2364
2018-03-17 11:18:00 +01:00
Daniel Stenberg
7f9ce0851a
multi: improved pending transfers handling => improved performance
When a transfer is requested to get done and it is put in the pending
queue when limited by number of connections, total or per-host, libcurl
would previously very aggressively retry *ALL* pending transfers to get
them transferring. That was very time consuming.

By reducing the aggressiveness in how pending are being retried, we
waste MUCH less time on putting transfers back into pending again.

Some test cases got a factor 30(!) speed improvement with this change.

Reported-by: Cyril B
Fixes #2369
Closes #2383
2018-03-16 23:45:59 +01:00
Daniel Stenberg
2404aa080e
pause: when changing pause state, update socket state
Especially unpausing a transfer might have to move the socket back to the
"currently used sockets" hash to get monitored. Otherwise it would never get
any more data and get stuck. Easily triggered with pausing using the
multi_socket API.

Reported-by: Philip Prindeville
Bug: https://curl.haxx.se/mail/lib-2018-03/0048.html
Fixes #2393
Closes #2391
2018-03-16 23:41:55 +01:00
Philip Prindeville
9434194be8
examples/hiperfifo.c: improved
* use member struct event’s instead of pointers to alloc’d struct
   events

 * simplify the cases for the mcode_or_die() function via macros;

 * make multi_timer_cb() actually do what the block comment says it
   should;

 * accept a “stop” command on the FIFO to shut down the service;

 * use cleaner notation for unused variables than the (void) hack;

 * allow following redirections (304’s);
2018-03-16 16:01:01 +01:00
Daniel Stenberg
f5700ea88b
rate-limit: use three second window to better handle high speeds
Due to very frequent updates of the rate limit "window", it could
attempt to rate limit within the same milliseconds and that then made
the calculations wrong, leading to it not behaving correctly on very
fast transfers.

This new logic updates the rate limit "window" to be no shorter than the
last three seconds and only updating the timestamps for this when
switching between the states TOOFAST/PERFORM.

Reported-by: 刘佩东
Fixes #2386
Closes #2388
2018-03-16 11:10:06 +01:00
luz.paz
236402fc2d
cleanup: misc typos in strings and comments
Found via `codespell`

Closes #2389
2018-03-16 11:08:31 +01:00
Daniel Stenberg
39dc0bca5b
RELEASE-NOTES: toward 7.60.0 2018-03-16 08:28:20 +01:00
Kobi Gurkan
7750b14be1
http2: fixes typo
Closes #2387
2018-03-15 23:57:02 +01:00
Daniel Stenberg
2b083dcc40
user-agent.d:: mention --proxy-header as well
Bug: https://github.com/curl/curl/issues/2381
2018-03-15 23:52:43 +01:00
Daniel Stenberg
a9a7b606c2
transfer: make HTTP without headers count correct body size
This is what "HTTP/0.9" basically looks like.

Reported on IRC

Closes #2382
2018-03-15 10:56:27 +01:00
Daniel Stenberg
634f72fed4
test1208: marked flaky
It fails somewhere between every 3rd to 10th travis-CI run
2018-03-15 08:21:26 +01:00
Daniel Stenberg
a857057536
SECURITY-PROCESS: mention how we write/add advisories 2018-03-14 14:20:24 +01:00
dasimx
920f73a690
FTP: fix typo in recursive callback detection for seeking
Fixes #2380
2018-03-14 11:42:19 +01:00
Daniel Stenberg
4d6bd91ab3
release: 7.59.0 2018-03-13 23:06:58 +01:00
Kamil Dudka
4a9f14d921 tests/.../spnego.py: fix identifier typo
Detected by Coverity Analysis:

Error: IDENTIFIER_TYPO:
curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: identifier_typo: Using "SuportedMech" appears to be a typo:
* Identifier "SuportedMech" is only known to be referenced here, or in copies of this code.
* Identifier "SupportedMech" is referenced elsewhere at least 4 times.
curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2651: identifier_use: Example 1: Using identifier "SupportedMech".
curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2308: identifier_use: Example 2: Using identifier "SupportedMech".
curl-7.58.0/tests/python_dependencies/impacket/spnego.py:252: identifier_use: Example 3: Using identifier "SupportedMech" (2 total uses in this function).
curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: remediation: Should identifier "SuportedMech" be replaced by "SupportedMech"?

Closes #2379
2018-03-13 14:10:16 +01:00
Daniel Stenberg
d974b39a9e
CURLOPT_COOKIEFILE.3: "-" as file name means stdin
Reported-by: Aron Bergman
Bug: https://curl.haxx.se/mail/lib-2018-03/0049.html

[ci skip]
2018-03-13 13:04:12 +01:00
Daniel Stenberg
98eee3396d
Revert "hostip: fix compiler warning: 'variable set but not used'"
This reverts commit a577059f92.

The assignment really needs to be there or we risk working with an
uninitialized pointer.
2018-03-12 23:52:59 +01:00
Michael Kaufmann
981e8f9b88 limit-rate: fix compiler warning
follow-up to 72a0f62
2018-03-12 21:26:33 +01:00
Viktor Szakats
cd3903127f checksrc.pl: add -i and -m options
To sync it with changes made for the libssh2 project.
Also cleanup some whitespace.
2018-03-12 18:20:29 +00:00
Viktor Szakats
05826081eb curl-openssl.m4: fix spelling [ci skip] 2018-03-12 18:18:39 +00:00
Viktor Szakats
62a71af6d3 FAQ: fix a broken URL [ci skip] 2018-03-12 18:17:05 +00:00
Daniel Stenberg
8b498a875c
http2: mark the connection for close on GOAWAY
... don't consider it an error!

Assisted-by: Jay Satiro
Reported-by: Łukasz Domeradzki
Fixes #2365
Closes #2375
2018-03-12 08:07:42 +01:00
Daniel Stenberg
7fe68c39b3
credits: Viktor prefers without accent 2018-03-12 07:55:58 +01:00
Daniel Stenberg
1f8e813919
openldap: white space changes, fixed up the copyright years 2018-03-12 07:47:07 +01:00
Daniel Stenberg
9889db0433
openldap: check ldap_get_attribute_ber() results for NULL before using
CVE-2018-1000121
Reported-by: Dario Weisser
Bug: https://curl.haxx.se/docs/adv_2018-97a2.html
2018-03-12 07:47:07 +01:00
Daniel Stenberg
535432c0ad
FTP: reject path components with control codes
Refuse to operate when given path components featuring byte values lower
than 32.

Previously, inserting a %00 sequence early in the directory part when
using the 'singlecwd' ftp method could make curl write a zero byte
outside of the allocated buffer.

Test case 340 verifies.

CVE-2018-1000120
Reported-by: Duy Phan Thanh
Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
2018-03-12 07:47:07 +01:00
Daniel Stenberg
d52dc4760f
readwrite: make sure excess reads don't go beyond buffer end
CVE-2018-1000122
Bug: https://curl.haxx.se/docs/adv_2018-b047.html

Detected by OSS-fuzz
2018-03-12 07:47:07 +01:00
Daniel Stenberg
ddb879c6ae
BUGS: updated link to security process 2018-03-12 00:34:33 +01:00
Daniel Stenberg
72a0f6251a
limit-rate: kick in even before "limit" data has been received
... and make sure to avoid integer overflows with really large values.

Reported-by: 刘佩东
Fixes #2371
Closes #2373
2018-03-11 23:54:25 +01:00
Daniel Stenberg
029ae11034
docs/SECURITY.md -> docs/SECURITY-PROCESS.md 2018-03-11 23:41:50 +01:00
Daniel Stenberg
9c05701bed
SECURITY.md: call it the security process 2018-03-11 23:40:24 +01:00
Michael Kaufmann
7294e70480 Curl_range: fix FTP-only and FILE-only builds
follow-up to e04417d
2018-03-11 20:33:04 +01:00
Michael Kaufmann
a577059f92 hostip: fix compiler warning: 'variable set but not used' 2018-03-11 20:27:38 +01:00
Daniel Stenberg
8123560d44
HTTP: allow "header;" to replace an internal header with a blank one
Reported-by: Michael Kaufmann
Fixes #2357
Closes #2362
2018-03-11 11:46:10 +01:00
Daniel Stenberg
019aa722aa
http2: verbose output new MAX_CONCURRENT_STREAMS values
... as it is interesting for many users.
2018-03-10 23:56:21 +01:00
Daniel Stenberg
8b754c430b SECURITY: distros' max embargo time is 14 days now 2018-03-09 21:42:36 +01:00
Patrick Monnerat
82f0508099 curl tool: accept --compressed also if Brotli is enabled and zlib is not. 2018-03-08 01:39:29 +01:00