Commit Graph

21019 Commits

Author SHA1 Message Date
Daniel Stenberg
d93215621f openssl: fix per-thread memory leak usiong 1.0.1 or 1.0.2
OpenSSL 1.0.1 and 1.0.2 build an error queue that is stored per-thread
so we need to clean it when easy handles are freed, in case the thread
will be killed in which the easy handle was used. All OpenSSL code in
libcurl should extract the error in association with the error already
so clearing this queue here should be harmless at worst.

Fixes #964
2016-09-14 14:35:44 +02:00
Daniel Stenberg
4ba1569ad1 RELEASE-NOTES: reset and go toward 7.51.0 (again) 2016-09-14 09:00:00 +02:00
Daniel Stenberg
8986c86e1e THANKS: updated with curl 7.50.3 contributors 2016-09-14 07:56:18 +02:00
Daniel Stenberg
0b4a85352b RELEASE-NOTES: curl 7.50.3 2016-09-14 07:56:11 +02:00
Daniel Stenberg
8dcc074f36 test1605: verify negative input lengths to (un)escape functions 2016-09-14 07:49:43 +02:00
Daniel Stenberg
01cf1308ee curl_easy_unescape: deny negative string lengths as input
CVE-2016-7167

Bug: https://curl.haxx.se/docs/adv_20160914.html
2016-09-14 07:49:43 +02:00
Daniel Stenberg
826a9ced2b curl_easy_escape: deny negative string lengths as input
CVE-2016-7167

Bug: https://curl.haxx.se/docs/adv_20160914.html
2016-09-14 07:49:43 +02:00
Daniel Stenberg
ffa0709a88 curl: make --create-dirs on windows grok both forward and backward slashes
Reported-by: Ryan Scott

Fixes #1007
2016-09-14 07:48:43 +02:00
Daniel Stenberg
4a35bbbe8e RELEASE-NOTES: synced with 665694979b 2016-09-13 15:09:29 +02:00
Tony Kelman
665694979b mbedtls: switch off NTLM in build if md4 isn't available
NTLM support with mbedTLS was added in 497e7c9 but requires that mbedTLS
is built with the MD4 functions available, which it isn't in default
builds. This now adapts if the funtion isn't there and builds libcurl
without NTLM support if so.

Fixes #1004
2016-09-12 23:08:10 +02:00
Jay Satiro
511838f1d8 CODE_STYLE: fix long-line guideline
- Change maximum allowed line length from 80 to 79.
2016-09-12 01:51:37 -04:00
Jay Satiro
27c2131b02 CODE_STYLE: add column alignment section
Note that since the added examples are for column alignment I had to
encapsulate with ~~~c markdown to preserve their alignment.
2016-09-11 19:12:14 -04:00
Peter Wu
2f3feda273 cmake: fix curl-config --static-libs
The `curl-config --static-libs` command should not output paths like
-l/usr/lib/libssl.so, instead print the absolute path without `-l`.

This also removes the confusing message "Static linking is broken" which
was printed because curl-config --static-libs was disfunctional even
though the static libcurl.a library works properly.

Fixes https://github.com/curl/curl/issues/841
2016-09-11 13:13:19 +02:00
Daniel Stenberg
a8e751a51a http: refuse to pass on response body with NO_NODY was set
... like when a HTTP/0.9 response comes back without any headers at all
and just a body this now prevents that body from being sent to the
callback etc.

Adapted test 1144 to verify.

Fixes #973

Assisted-by: Ray Satiro
2016-09-11 12:02:07 +02:00
Daniel Stenberg
d58682f28b RELEASE-NOTES: synced with 257bf3ac67 2016-09-11 00:06:17 +02:00
Jakub Zakrzewski
257bf3ac67 CMake: Don't build unit tests if private symbols are hidden
This only excludes building unit tests from default build ( 'all' Make
target or "Build Solution" in VisualStudio). The projects and Make
targets will still be generated and shown in supporting IDEs.

Fixes https://github.com/curl/curl/issues/981
Reported-by: Randy Armstrong

Closes https://github.com/curl/curl/pull/990
2016-09-10 00:35:38 +02:00
Jakub Zakrzewski
6140dfcf3e CMake: Try to (un-)hide private library symbols
Detect support for compiler symbol visibility flags and apply those
according to CURL_HIDDEN_SYMBOLS option.
It should work true to the autotools build except it tries to unhide
symbols on Windows when requested and prints warning if it fails.

Ref: https://github.com/curl/curl/issues/981#issuecomment-242665951
Reported-by: Daniel Stenberg
2016-09-10 00:35:38 +02:00
Daniel Stenberg
83ef21e5e9 openssl: fix bad memory free (regression)
... by partially reverting f975f06033. The allocation could be made by
OpenSSL so the free must be made with OPENSSL_free() to avoid problems.

Reported-by: Harold Stuart
Fixes #1005
2016-09-09 23:35:10 +02:00
Daniel Stenberg
85033bcfcc http2: support > 64bit sized uploads
... by making sure we don't count down the "upload left" counter when the
uploaded size is unknown and then it can be allowed to continue forever.

Fixes #996
2016-09-09 15:41:39 +02:00
Jay Satiro
af2d679e14 errors: new alias CURLE_WEIRD_SERVER_REPLY (8)
Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as
more of a generic "failed to parse" introduce an alias without FTP in
the name.

Closes https://github.com/curl/curl/pull/975
2016-09-07 21:24:27 -04:00
Daniel Stenberg
add8ee7d57 bump: toward 7.51.0 2016-09-07 15:45:24 +02:00
Daniel Stenberg
ebd620d691 HISTORY: remove ascii logo to render nicer on web 2016-09-07 14:29:19 +02:00
Daniel Stenberg
b965090963 curl: whitelist use of strtok() in non-threaded context 2016-09-07 10:43:40 +02:00
Daniel Stenberg
5871dfcc16 checksrc: detect strtok() use
... as that function slipped through once before.
2016-09-07 10:41:57 +02:00
Viktor Szakats
8fa20da8e1 mk-ca-bundle.pl: use SHA256 instead of SHA1
This hash is used to verify the original downloaded certificate bundle
and also included in the generated bundle's comment header. Also
rename related internal symbols to algorithm-agnostic names.
2016-09-07 10:41:11 +02:00
Daniel Stenberg
9ce6d0d528 RELEASE-NOTES: curl 7.50.2 release 2016-09-07 07:45:43 +02:00
Daniel Stenberg
e79de9e326 THANKS: updated for 7.50.2 2016-09-07 07:45:40 +02:00
Gaurav Malhotra
8e176a7c79 openssl: fix CURLINFO_SSL_VERIFYRESULT
CURLINFO_SSL_VERIFYRESULT does not get the certificate verification
result when SSL_connect fails because of a certificate verification
error.

This fix saves the result of SSL_get_verify_result so that it is
returned by CURLINFO_SSL_VERIFYRESULT.

Closes https://github.com/curl/curl/pull/995
2016-09-06 16:17:37 -04:00
Daniel Gustafsson
022dbdb8ac darwinssl: test for errSecSuccess in PKCS12 import rather than noErr (#993)
While noErr and errSecSuccess are defined as the same value, the API
documentation states that SecPKCS12Import() returns errSecSuccess if
there were no errors in importing. Ensure that a future change of the
defined value doesn't break (however unlikely) and be consistent with
the API docs.
2016-09-06 10:37:31 +02:00
Daniel Gustafsson
8331b08d22 docs: Fix link to CONTRIBUTE in Github contribution guidelines (#994) 2016-09-06 10:35:00 +02:00
Marcel Raad
4af389353a openssl: Fix compilation with OPENSSL_API_COMPAT=0x10100000L
With OPENSSL_API_COMPAT=0x10100000L (OpenSSL 1.1 API), the cleanup
functions are unavailable (they're no-ops anyway in OpenSSL 1.1). The
replacements for SSL_load_error_strings, SSLeay_add_ssl_algorithms, and
OpenSSL_add_all_algorithms are called automatically [1][2]. SSLeay() is
now called OpenSSL_version_num().

[1]: https://www.openssl.org/docs/man1.1.0/ssl/OPENSSL_init_ssl.html
[2]: https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_init_crypto.html

Closes #992
2016-09-05 22:51:12 +02:00
Daniel Stenberg
72abf4f59e RELEASE-NOTES: synced with 3d4c0c8b9b 2016-09-05 14:55:01 +02:00
Daniel Stenberg
3d4c0c8b9b http2: return EOF when done uploading without known size
Fixes #982
2016-09-05 14:32:32 +02:00
Daniel Stenberg
03bb481598 http2: skip the content-length parsing, detect unknown size 2016-09-05 13:55:24 +02:00
Daniel Stenberg
cd5c03aa6d http2: minor white space edit 2016-09-05 11:08:50 +02:00
Daniel Stenberg
71e2acaad6 http2: use named define instead of magic constant in read callback 2016-09-05 11:08:17 +02:00
Craig Davison
46398941e4 configure: make the cpp -P detection not clobber CPPFLAGS
CPPPFLAGS is now CPPPFLAG. Fixes CURL_CHECK_DEF.

Fixes #958
2016-09-05 08:49:56 +02:00
Olivier Brunel
4b86113f5e speed caps: not based on average speeds anymore
Speed limits (from CURLOPT_MAX_RECV_SPEED_LARGE &
CURLOPT_MAX_SEND_SPEED_LARGE) were applied simply by comparing limits
with the cumulative average speed of the entire transfer; While this
might work at times with good/constant connections, in other cases it
can result to the limits simply being "ignored" for more than "short
bursts" (as told in man page).

Consider a download that goes on much slower than the limit for some
time (because bandwidth is used elsewhere, server is slow, whatever the
reason), then once things get better, curl would simply ignore the limit
up until the average speed (since the beginning of the transfer) reached
the limit.  This could prove the limit useless to effectively avoid
using the entire bandwidth (at least for quite some time).

So instead, we now use a "moving starting point" as reference, and every
time at least as much as the limit as been transferred, we can reset
this starting point to the current position. This gets a good limiting
effect that applies to the "current speed" with instant reactivity (in
case of sudden speed burst).

Closes #971
2016-09-04 13:11:23 +02:00
Daniel Stenberg
85e5ebe75f HISTORY.md: the multi socket was put in the wrong year! 2016-09-03 23:14:18 +02:00
Mark Hamilton
9a84dc31de tool_helpers.c: fix comment typo (#989) 2016-09-03 23:14:07 +02:00
Mark Hamilton
5d563a10b3 libtest/test.h: fix typo (#988) 2016-09-03 23:12:22 +02:00
Daniel Stenberg
4c44155cfe CURLMOPT_PIPELINING.3: language 2016-09-01 14:09:21 +02:00
Daniel Stenberg
a409b4b466 CURLMOPT_PIPELINING.3: extended and clarified
Especially in regards to the multiplexing part.
2016-09-01 14:08:01 +02:00
Steve Holme
ef5d3facd5 curl_sspi.c: Updated function description comments
* Added description to Curl_sspi_free_identity()
* Added parameter and return explanations to Curl_sspi_global_init()
* Added parameter explaination to Curl_sspi_global_cleanup()
2016-08-31 11:57:28 +01:00
Steve Holme
dafef391f7 README: Corrected the supported Visual Studio versions
Missed from commit 8356022d17.
2016-08-31 11:34:50 +01:00
Steve Holme
7c6c2194b8 KNOWN_BUGS: Move the Visual Studio project shortcomings from local README 2016-08-31 11:33:22 +01:00
Steve Holme
088ffcba3e KNOWN_BUGS: Expand 6.4 to include Kerberos V5
...and discuss a possible solution.
2016-08-31 11:22:12 +01:00
Daniel Stenberg
c69cafe7e2 connect: fix #ifdefs for debug versions of conn/streamclose() macros
CURLDEBUG is for the memory debugging

DEBUGBUILD is for the extra debug stuff

Pointed-out-by: Steve Holme
2016-08-30 23:38:06 +02:00
Daniel Stenberg
b73b423ba0 KNOWN_BUGS: mention some cmake "support gaps" 2016-08-29 23:02:14 +02:00
Nick Zitzmann
e171968ba3 darwinssl: add documentation stating that the --cainfo option is intended for backward compatibility only
In other news, I changed one other reference to "Mac OS X" in the documentation (that I previously wrote) to say "macOS" instead.
2016-08-28 16:46:59 -05:00