]> granicus.if.org Git - curl/log
curl
9 years agobuild-openssl.bat: Show syntax if required args are missing
Jay Satiro [Sat, 25 Jul 2015 23:03:20 +0000 (19:03 -0400)]
build-openssl.bat: Show syntax if required args are missing

9 years agoTODO: improve how curl works in a windows console window
Daniel Stenberg [Sat, 25 Jul 2015 22:48:55 +0000 (00:48 +0200)]
TODO: improve how curl works in a windows console window

Closes #322 for now

9 years ago1.11 minimize dependencies with dynamicly loaded modules
Daniel Stenberg [Sat, 25 Jul 2015 22:45:22 +0000 (00:45 +0200)]
1.11 minimize dependencies with dynamicly loaded modules

Closes #349 for now

9 years agotool_operate: Fix CURLOPT_SSL_OPTIONS for builds without HTTPS
Jay Satiro [Sat, 25 Jul 2015 20:32:15 +0000 (16:32 -0400)]
tool_operate: Fix CURLOPT_SSL_OPTIONS for builds without HTTPS

- Set CURLOPT_SSL_OPTIONS only if the tool enabled an SSL option.

Broken by me several days ago in 172b2be.
https://github.com/bagder/curl/commit/172b2be#diff-70b44ee478e58d4e1ddcf9c9a73d257b

Bug: http://curl.haxx.se/mail/lib-2015-07/0119.html
Reported-by: Dan Fandrich
9 years agoconfigure: check if OpenSSL linking wants -ldl
Daniel Stenberg [Sat, 25 Jul 2015 08:52:49 +0000 (10:52 +0200)]
configure: check if OpenSSL linking wants -ldl

To make it easier to link with static versions of OpenSSL, the configure
script now checks if -ldl is needed for linking.

Help-by: TJ Saunders
9 years agoHTTP: ignore "Content-Encoding: compress"
Michael Kaufmann [Fri, 24 Jul 2015 22:46:01 +0000 (00:46 +0200)]
HTTP: ignore "Content-Encoding: compress"

Currently, libcurl rejects responses with "Content-Encoding: compress"
when CURLOPT_ACCEPT_ENCODING is set to "". I think that libcurl should
treat the Content-Encoding "compress" the same as other
Content-Encodings that it does not support, e.g. "bzip2". That means
just ignoring it.

9 years agoopenssl: work around MSVC warning
Marcel Raad [Thu, 16 Jul 2015 07:09:02 +0000 (09:09 +0200)]
openssl: work around MSVC warning

MSVC 12 complains:

lib\vtls\openssl.c(1554): warning C4701: potentially uninitialized local
variable 'verstr' used It's a false positive, but as it's normally not,
I have enabled warning-as-error for that warning.

9 years agoconfigure: add --disable-rt option
Michał Fita [Thu, 23 Jul 2015 09:38:49 +0000 (10:38 +0100)]
configure: add --disable-rt option

This option disables any attempts in configure to create dependency on
stuff requiring linking to librt.so and libpthread.so, in this case this
means clock_gettime(CLOCK_MONOTONIC, &mt).

We were in need to build curl which doesn't link libpthread.so to avoid
the following bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=16628.

9 years agohttp2: verify success of strchr() in http2_send()
Kamil Dudka [Thu, 23 Jul 2015 09:51:53 +0000 (11:51 +0200)]
http2: verify success of strchr() in http2_send()

Detected by Coverity.

Error: NULL_RETURNS:
lib/http2.c:1301: returned_null: "strchr" returns null (checked 103 out of 109 times).
lib/http2.c:1301: var_assigned: Assigning: "hdbuf" = null return value from "strchr".
lib/http2.c:1302: dereference: Incrementing a pointer which might be null: "hdbuf".
1300|
1301|     hdbuf = strchr(hdbuf, 0x0a);
1302|->   ++hdbuf;
1303|
1304|     authority_idx = 0;

9 years agoWindows: Fix VerifyVersionInfo calls
Jay Satiro [Wed, 22 Jul 2015 05:52:17 +0000 (01:52 -0400)]
Windows: Fix VerifyVersionInfo calls

- Fix the VerifyVersionInfo calls, which we use to test for the OS major
version, to also test for the minor version as well as the service pack
major and minor versions.

MSDN: "If you are testing the major version, you must also test the
minor version and the service pack major and minor versions."

https://msdn.microsoft.com/en-us/library/windows/desktop/ms725492.aspx

Bug: https://github.com/bagder/curl/pull/353#issuecomment-123493098
Reported-by: Marcel Raad <MarcelRaad@users.noreply.github.com>
9 years agoschannel: Replace deprecated GetVersion with VerifyVersionInfo
Marcel Raad [Tue, 21 Jul 2015 21:23:07 +0000 (17:23 -0400)]
schannel: Replace deprecated GetVersion with VerifyVersionInfo

9 years agomakefile: Added support for VC14
Steve Holme [Tue, 21 Jul 2015 17:52:43 +0000 (18:52 +0100)]
makefile: Added support for VC14

9 years agoos400: ebcdic wrappers for new functions. Upgrade ILE/RPG bindings.
Patrick Monnerat [Tue, 21 Jul 2015 14:36:34 +0000 (16:36 +0200)]
os400: ebcdic wrappers for new functions. Upgrade ILE/RPG bindings.

9 years agolibcurl: VERSIONINFO update
Patrick Monnerat [Tue, 21 Jul 2015 12:01:19 +0000 (14:01 +0200)]
libcurl: VERSIONINFO update
Addition of new procedures curl_pushheader_bynum and curl_pushheader_byname
requires VERSIONINFO updating.

9 years agohttp2: satisfy external references even if http2 is not compiled in.
Patrick Monnerat [Tue, 21 Jul 2015 11:55:39 +0000 (13:55 +0200)]
http2: satisfy external references even if http2 is not compiled in.

9 years agohttp2: add stream != NULL checks for reliability
Daniel Stenberg [Mon, 20 Jul 2015 19:35:15 +0000 (21:35 +0200)]
http2: add stream != NULL checks for reliability

They should not trigger, but in case of internal problems we at least
avoid crashes this way.

9 years agosymbols-in-versions: Add new CURLSSLOPT_NO_REVOKE symbol
Jay Satiro [Sat, 18 Jul 2015 19:27:48 +0000 (15:27 -0400)]
symbols-in-versions: Add new CURLSSLOPT_NO_REVOKE symbol

9 years agoSSL: Add an option to disable certificate revocation checks
Jay Satiro [Fri, 17 Jul 2015 06:40:16 +0000 (02:40 -0400)]
SSL: Add an option to disable certificate revocation checks

New tool option --ssl-no-revoke.
New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS.

Currently this option applies only to WinSSL where we have automatic
certificate revocation checking by default. According to the
ssl-compared chart there are other backends that have automatic checking
(NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at
some later point.

Bug: https://github.com/bagder/curl/issues/264
Reported-by: zenden2k <zenden2k@gmail.com>
9 years agoruntests: Allow for spaces in curl custom path
Jay Satiro [Fri, 17 Jul 2015 02:19:43 +0000 (22:19 -0400)]
runtests: Allow for spaces in curl custom path

.. also fix some typos in test's FILEFORMAT spec.

9 years agontlm_wb: Fix theoretical memory leak
David Woodhouse [Thu, 16 Jul 2015 18:17:33 +0000 (14:17 -0400)]
ntlm_wb: Fix theoretical memory leak

Static analysis indicated that my commit 9008f3d564 ("ntlm_wb: Fix
hard-coded limit on NTLM auth packet size") introduced a potential
memory leak on an error path, because we forget to free the buffer
before returning an error.

Fix this.

Although actually, it never happens in practice because we never *get*
here with state == NTLMSTATE_TYPE1. The state is always zero. That
might want cleaning up in a separate patch.

Reported-by: Terri Oda
9 years agostrerror: Add CRYPT_E_REVOKED to SSPI error strings
Jay Satiro [Thu, 16 Jul 2015 02:19:20 +0000 (22:19 -0400)]
strerror: Add CRYPT_E_REVOKED to SSPI error strings

9 years agolibtest: call PR_Cleanup() on exit if NSPR is used
Kamil Dudka [Tue, 14 Jul 2015 15:08:44 +0000 (17:08 +0200)]
libtest: call PR_Cleanup() on exit if NSPR is used

This prevents valgrind from reporting possibly lost memory that NSPR
uses for file descriptor cache and other globally allocated internal
data structures.

Reported-by: Štefan Kremeň
9 years agoopenssl: VMS support for SHA256
John Malmberg [Thu, 2 Jul 2015 01:54:09 +0000 (20:54 -0500)]
openssl: VMS support for SHA256

setup-vms.h: More symbols for SHA256, hacks for older VAX

openssl.h: Use OpenSSL OPENSSL_NO_SHA256 macro to allow building on VAX.

openssl.c: Use OpenSSL version checks and OPENSSL_NO_SHA256 macro to
allow building on VAX and 64 bit VMS.

9 years agoexamples: Fix typo in multi-single.c
Jay Satiro [Sat, 11 Jul 2015 06:32:53 +0000 (02:32 -0400)]
examples: Fix typo in multi-single.c

9 years agohttp2: Fix memory leak in push header array
Tatsuhiro Tsujikawa [Mon, 6 Jul 2015 13:16:27 +0000 (22:16 +0900)]
http2: Fix memory leak in push header array

9 years agotest2041: fixed line endings in protocol part
Dan Fandrich [Thu, 2 Jul 2015 06:32:18 +0000 (08:32 +0200)]
test2041: fixed line endings in protocol part

9 years agocyassl: fixed mismatched sha256sum function prototype
Dan Fandrich [Thu, 2 Jul 2015 06:29:22 +0000 (08:29 +0200)]
cyassl: fixed mismatched sha256sum function prototype

9 years agoSSL: Pinned public key hash support
moparisthebest [Wed, 1 Jul 2015 00:23:54 +0000 (20:23 -0400)]
SSL: Pinned public key hash support

9 years agoexamples: provide <DESC> sections
Daniel Stenberg [Wed, 1 Jul 2015 09:43:12 +0000 (11:43 +0200)]
examples: provide <DESC> sections

9 years agoOpenVMS: VMS Software, Inc now the supplier.
John Malmberg [Tue, 30 Jun 2015 23:02:59 +0000 (18:02 -0500)]
OpenVMS: VMS Software, Inc now the supplier.

setup-vms.h: Symbol case fixups submitted by Michael Steve

build_gnv_curl_pcsi_desc.com: VSI aka as VMS Software, is now the
supplier of new versions of VMS.  The install kit needs to accept
VSI as a producer.

9 years agomulti: Move http2 push function declarations to header end
Jay Satiro [Tue, 30 Jun 2015 21:19:21 +0000 (17:19 -0400)]
multi: Move http2 push function declarations to header end

This change necessary for binary compatibility.

Prior to this change test 1135 failed due to the order of functions.

9 years agosymbols-in-versions: Add new http2 push symbols
Jay Satiro [Tue, 30 Jun 2015 21:02:27 +0000 (17:02 -0400)]
symbols-in-versions: Add new http2 push symbols

Prior to this change test 1119 failed due to the missing symbols.

9 years agoRELEASE-NOTES: synced with e6749055d653
Daniel Stenberg [Mon, 29 Jun 2015 22:45:14 +0000 (00:45 +0200)]
RELEASE-NOTES: synced with e6749055d653

9 years agoconfigure: disable libidn by default
Daniel Stenberg [Mon, 29 Jun 2015 14:03:45 +0000 (16:03 +0200)]
configure: disable libidn by default

For security reasons, until there is a fix.

Bug: http://curl.haxx.se/mail/lib-2015-06/0143.html
Reported-by: Gustavo Grieco, Feist Josselin
9 years agoSSL-PROBLEMS: mention WinSSL problems in WinXP
Daniel Stenberg [Mon, 29 Jun 2015 13:03:56 +0000 (15:03 +0200)]
SSL-PROBLEMS: mention WinSSL problems in WinXP

9 years agoCODE_OF_CONDUCT.md: added
Daniel Stenberg [Mon, 29 Jun 2015 09:35:13 +0000 (11:35 +0200)]
CODE_OF_CONDUCT.md: added

Just to underscore how we treat each other in this project. Nothing new
really, but could be useful for newcomers and outsiders to see our
values.

9 years agotool_header_cb: fflush the header stream
Daniel Stenberg [Tue, 23 Jun 2015 23:53:02 +0000 (16:53 -0700)]
tool_header_cb: fflush the header stream

Flush the header stream when -D is used so that they are sent off
earlier.

Bug: https://github.com/bagder/curl/issues/324
Reported-by: Cédric Connes
9 years agotests: Distribute CMakeLists.txt files in subdirectories
Roger Leigh [Thu, 25 Jun 2015 14:04:41 +0000 (15:04 +0100)]
tests: Distribute CMakeLists.txt files in subdirectories

9 years agoCURLOPT_FAILONERROR.3: mention that it closes the connection
Daniel Stenberg [Wed, 24 Jun 2015 22:26:15 +0000 (15:26 -0700)]
CURLOPT_FAILONERROR.3: mention that it closes the connection

Reported-by: bemoody
Bug: https://github.com/bagder/curl/issues/325

9 years agocurl_multi_setopt.3: alpha sort the options
Daniel Stenberg [Wed, 24 Jun 2015 21:55:12 +0000 (14:55 -0700)]
curl_multi_setopt.3: alpha sort the options

9 years agocurl_multi_setopt.3: add the new push options
Daniel Stenberg [Wed, 24 Jun 2015 21:52:58 +0000 (14:52 -0700)]
curl_multi_setopt.3: add the new push options

9 years agohttp2: Use nghttp2 library error code for error return value
Tatsuhiro Tsujikawa [Sat, 6 Jun 2015 09:10:30 +0000 (18:10 +0900)]
http2: Use nghttp2 library error code for error return value

9 years agohttp2: Harden header validation for curl_pushheader_byname
Tatsuhiro Tsujikawa [Sat, 6 Jun 2015 09:07:00 +0000 (18:07 +0900)]
http2: Harden header validation for curl_pushheader_byname

Since we do prefix match using given header by application code
against header name pair in format "NAME:VALUE", and VALUE part can
contain ":", we have to careful about existence of ":" in header
parameter.  ":" should be allowed to match HTTP/2 pseudo-header field,
and other use of ":" in header must be treated as error, and
curl_pushheader_byname should return NULL.  This commit implements
this behaviour.

9 years agoCURLMOPT_PUSHFUNCTION.3: Remove unused variable
Tatsuhiro Tsujikawa [Sat, 6 Jun 2015 09:06:15 +0000 (18:06 +0900)]
CURLMOPT_PUSHFUNCTION.3: Remove unused variable

9 years agoCURLMOPT_PUSHFUNCTION.3: added example
Daniel Stenberg [Tue, 2 Jun 2015 09:58:39 +0000 (11:58 +0200)]
CURLMOPT_PUSHFUNCTION.3: added example

9 years agohttp2: curl_pushheader_byname now takes a const char *
Daniel Stenberg [Tue, 2 Jun 2015 09:50:00 +0000 (11:50 +0200)]
http2: curl_pushheader_byname now takes a const char *

9 years agohttp2-serverpush.c: example code
Daniel Stenberg [Tue, 2 Jun 2015 09:04:00 +0000 (11:04 +0200)]
http2-serverpush.c: example code

9 years agohttp2: free all header memory after the push callback
Daniel Stenberg [Tue, 2 Jun 2015 09:01:30 +0000 (11:01 +0200)]
http2: free all header memory after the push callback

9 years agohttp2: init the pushed transfer properly
Daniel Stenberg [Tue, 2 Jun 2015 08:34:27 +0000 (10:34 +0200)]
http2: init the pushed transfer properly

9 years agohttp2: fixed the header accessor functions for the push callback
Daniel Stenberg [Mon, 1 Jun 2015 13:52:46 +0000 (15:52 +0200)]
http2: fixed the header accessor functions for the push callback

9 years agohttp2: setup the new pushed stream properly
Daniel Stenberg [Mon, 1 Jun 2015 12:20:57 +0000 (14:20 +0200)]
http2: setup the new pushed stream properly

9 years agohttp2: initial implementation of the push callback
Daniel Stenberg [Mon, 1 Jun 2015 09:45:52 +0000 (11:45 +0200)]
http2: initial implementation of the push callback

9 years agohttp2: initial HTTP/2 server push types/docs
Daniel Stenberg [Mon, 1 Jun 2015 08:22:41 +0000 (10:22 +0200)]
http2: initial HTTP/2 server push types/docs

9 years agotest1531: verify POSTFIELDSIZE set after add_handle
Daniel Stenberg [Wed, 24 Jun 2015 00:51:03 +0000 (17:51 -0700)]
test1531: verify POSTFIELDSIZE set after add_handle

Following the fix made in 903b6e05565bf.

9 years agopretransfer: init state.infilesize here, not in add_handle
Daniel Stenberg [Wed, 24 Jun 2015 00:48:37 +0000 (17:48 -0700)]
pretransfer: init state.infilesize here, not in add_handle

... to properly support that options are set to the handle after it is
added to the multi handle.

Bug: http://curl.haxx.se/mail/lib-2015-06/0122.html
Reported-by: Stefan Bühler
9 years agotool_help: fix --tlsv1 help text to use >= for TLSv1
Lior Kaplan [Sun, 21 Jun 2015 10:41:07 +0000 (13:41 +0300)]
tool_help: fix --tlsv1 help text to use >= for TLSv1

9 years agoINSTALL: Advise use of non-native SSL for Windows <= XP
Jay Satiro [Sat, 20 Jun 2015 22:45:25 +0000 (18:45 -0400)]
INSTALL: Advise use of non-native SSL for Windows <= XP

Advise that WinSSL in versions <= XP will not be able to connect to
servers that no longer support the legacy handshakes and algorithms used
by those versions, and to use an alternate backend like OpenSSL instead.

Bug: https://github.com/bagder/curl/issues/253
Reported-by: zenden2k <zenden2k@gmail.com>
9 years agocurl_easy_setopt.3: restore contents removed by mistake
Kamil Dudka [Fri, 19 Jun 2015 14:07:32 +0000 (10:07 -0400)]
curl_easy_setopt.3: restore contents removed by mistake

... in commit curl-7_43_0-18-g570076e

9 years agocurl_easy_setopt.3: mention CURLOPT_PIPEWAIT
Daniel Stenberg [Fri, 19 Jun 2015 13:47:06 +0000 (15:47 +0200)]
curl_easy_setopt.3: mention CURLOPT_PIPEWAIT

9 years agocookie: Fix bug in export if any-domain cookie is present
Jay Satiro [Thu, 18 Jun 2015 23:35:04 +0000 (19:35 -0400)]
cookie: Fix bug in export if any-domain cookie is present

In 3013bb6 I had changed cookie export to ignore any-domain cookies,
however the logic I used to do so was incorrect, and would lead to a
busy loop in the case of exporting a cookie list that contained
any-domain cookies. The result of that is worse though, because in that
case the other cookies would not be written resulting in an empty file
once the application is terminated to stop the busy loop.

9 years agoFTP: fixed compiling with --disable-proxy, broken in b88f980a
Dan Fandrich [Thu, 18 Jun 2015 21:20:10 +0000 (23:20 +0200)]
FTP: fixed compiling with --disable-proxy, broken in b88f980a

9 years agotool: always provide negotiate/kerberos options
Daniel Stenberg [Thu, 18 Jun 2015 14:57:38 +0000 (16:57 +0200)]
tool: always provide negotiate/kerberos options

libcurl can still be built with it, even if the tool is not. Maintain
independence!

9 years agoTODO: Support IDNA2008
Daniel Stenberg [Thu, 18 Jun 2015 14:32:47 +0000 (16:32 +0200)]
TODO: Support IDNA2008

9 years agoMakefile.m32: add support for CURL_LDFLAG_EXTRAS
Viktor Szakats [Thu, 18 Jun 2015 12:28:39 +0000 (14:28 +0200)]
Makefile.m32: add support for CURL_LDFLAG_EXTRAS

It is similar to existing CURL_CFLAG_EXTRAS, but for
extra linker option.

9 years agoRTSP: removed another piece of dead code
Daniel Stenberg [Thu, 18 Jun 2015 12:29:57 +0000 (14:29 +0200)]
RTSP: removed another piece of dead code

Coverity CID 1306668

9 years agoopenssl: fix use of uninitialized buffer
Daniel Stenberg [Thu, 18 Jun 2015 12:20:31 +0000 (14:20 +0200)]
openssl: fix use of uninitialized buffer

Make sure that the error buffer is always initialized and simplify the
use of it to make the logic easier.

Bug: https://github.com/bagder/curl/issues/318
Reported-by: sneis
9 years agoexamples: more descriptions
Daniel Stenberg [Thu, 18 Jun 2015 09:38:54 +0000 (11:38 +0200)]
examples: more descriptions

9 years agoexamples: add descriptions with <DESC>
Daniel Stenberg [Thu, 18 Jun 2015 08:17:02 +0000 (10:17 +0200)]
examples: add descriptions with <DESC>

Using this fixed format for example descriptions, we can generate a
better list on the web site.

9 years agolibcurl-errors.3: fix typo
Daniel Stenberg [Wed, 17 Jun 2015 22:17:47 +0000 (00:17 +0200)]
libcurl-errors.3: fix typo

9 years agocurl_easy_setopt.3: option order doesn't matter
Daniel Stenberg [Wed, 17 Jun 2015 22:09:46 +0000 (00:09 +0200)]
curl_easy_setopt.3: option order doesn't matter

9 years agoopenssl: fix build with BoringSSL
Daniel Stenberg [Wed, 17 Jun 2015 22:06:46 +0000 (00:06 +0200)]
openssl: fix build with BoringSSL

OPENSSL_load_builtin_modules does not exist in BoringSSL. Regression
from cae43a1

9 years agoopenssl: Fix build with openssl < ~ 0.9.8f
Paul Howarth [Wed, 17 Jun 2015 14:53:34 +0000 (16:53 +0200)]
openssl: Fix build with openssl < ~ 0.9.8f

The symbol SSL3_MT_NEWSESSION_TICKET appears to have been introduced at
around openssl 0.9.8f, and the use of it in lib/vtls/openssl.c breaks
builds with older openssls (certainly with 0.9.8b, which is the latest
older version I have to try with).

9 years agoFTP: do the HTTP CONNECT for data connection blocking
Daniel Stenberg [Tue, 16 Jun 2015 22:30:06 +0000 (00:30 +0200)]
FTP: do the HTTP CONNECT for data connection blocking

** WORK-AROUND **

The introduced non-blocking general behaviour for Curl_proxyCONNECT()
didn't work for the data connection establishment unless it was very
fast. The newly introduced function argument makes it operate in a more
blocking manner, more like it used to work in the past. This blocking
approach is only used when the FTP data connecting through HTTP proxy.

Blocking like this is bad. A better fix would make it work more
asynchronously.

Bug: https://github.com/bagder/curl/issues/278

9 years agobump: start the journey toward 7.44.0
Daniel Stenberg [Wed, 17 Jun 2015 11:59:33 +0000 (13:59 +0200)]
bump: start the journey toward 7.44.0

9 years agoCURLOPT_ERRORBUFFER.3: Fix example, escape backslashes
Jay Satiro [Wed, 17 Jun 2015 06:49:14 +0000 (02:49 -0400)]
CURLOPT_ERRORBUFFER.3: Fix example, escape backslashes

9 years agoCURLOPT_ERRORBUFFER.3: Improve example
Jay Satiro [Wed, 17 Jun 2015 06:25:51 +0000 (02:25 -0400)]
CURLOPT_ERRORBUFFER.3: Improve example

9 years agoRELEASE-NOTES: 7.43.0 release curl-7_43_0
Daniel Stenberg [Tue, 16 Jun 2015 07:36:46 +0000 (09:36 +0200)]
RELEASE-NOTES: 7.43.0 release

9 years agoTHANKS: updated with 7.43.0 names
Daniel Stenberg [Tue, 16 Jun 2015 07:51:31 +0000 (09:51 +0200)]
THANKS: updated with 7.43.0 names

9 years agohttp: do not leak basic auth credentials on re-used connections
Kamil Dudka [Thu, 28 May 2015 18:04:35 +0000 (20:04 +0200)]
http: do not leak basic auth credentials on re-used connections

CVE-2015-3236

This partially reverts commit curl-7_39_0-237-g87c4abb

Reported-by: Tomas Tomecek, Kamil Dudka
Bug: http://curl.haxx.se/docs/adv_20150617A.html

9 years agotest2040: verify basic auth on re-used connections
Kamil Dudka [Tue, 26 May 2015 16:59:39 +0000 (18:59 +0200)]
test2040: verify basic auth on re-used connections

9 years agoSMB: rangecheck values read off incoming packet
Daniel Stenberg [Fri, 22 May 2015 08:28:21 +0000 (10:28 +0200)]
SMB: rangecheck values read off incoming packet

CVE-2015-3237

Detected by Coverity. CID 1299430.

Bug: http://curl.haxx.se/docs/adv_20150617B.html

9 years agoschannel: schannel_recv overhaul
Jay Satiro [Wed, 17 Jun 2015 04:17:03 +0000 (00:17 -0400)]
schannel: schannel_recv overhaul

This commit is several drafts squashed together. The changes from each
draft are noted below. If any changes are similar and possibly
contradictory the change in the latest draft takes precedence.

Bug: https://github.com/bagder/curl/issues/244
Reported-by: Chris Araman
%%
%% Draft 1
%%
- return 0 if len == 0. that will have to be documented.
- continue on and process the caches regardless of raw recv
- if decrypted data will be returned then set the error code to CURLE_OK
and return its count
- if decrypted data will not be returned and the connection has closed
(eg nread == 0) then return 0 and CURLE_OK
- if decrypted data will not be returned and the connection *hasn't*
closed then set the error code to CURLE_AGAIN --only if an error code
isn't already set-- and return -1
- narrow the Win2k workaround to only Win2k

%%
%% Draft 2
%%
- Trying out a change in flow to handle corner cases.

%%
%% Draft 3
%%
- Back out the lazier decryption change made in draft2.

%%
%% Draft 4
%%
- Some formatting and branching changes
- Decrypt all encrypted cached data when len == 0
- Save connection closed state
- Change special Win2k check to use connection closed state

%%
%% Draft 5
%%
- Default to CURLE_AGAIN in cleanup if an error code wasn't set and the
connection isn't closed.

%%
%% Draft 6
%%
- Save the last error only if it is an unrecoverable error.

Prior to this I saved the last error state in all cases; unfortunately
the logic to cover that in all cases would lead to some muddle and I'm
concerned that could then lead to a bug in the future so I've replaced
it by only recording an unrecoverable error and that state will persist.

- Do not recurse on renegotiation.

Instead we'll continue on to process any trailing encrypted data
received during the renegotiation only.

- Move the err checks in cleanup after the check for decrypted data.

In either case decrypted data is always returned but I think it's easier
to understand when those err checks come after the decrypted data check.

%%
%% Draft 7
%%
- Regardless of len value go directly to cleanup if there is an
unrecoverable error or a close_notify was already received. Prior to
this change we only acknowledged those two states if len != 0.

- Fix a bug in connection closed behavior: Set the error state in the
cleanup, because we don't know for sure it's an error until that time.

- (Related to above) In the case the connection is closed go "greedy"
with the decryption to make sure all remaining encrypted data has been
decrypted even if it is not needed at that time by the caller. This is
necessary because we can only tell if the connection closed gracefully
(close_notify) once all encrypted data has been decrypted.

- Do not renegotiate when an unrecoverable error is pending.

%%
%% Draft 8
%%
- Don't show 'server closed the connection' info message twice.

- Show an info message if server closed abruptly (missing close_notify).

9 years agoFix typo in docs
Paul Oliver [Tue, 16 Jun 2015 10:11:36 +0000 (12:11 +0200)]
Fix typo in docs

s/curret/current/

9 years agodocs: update URLs
Viktor Szakats [Mon, 15 Jun 2015 22:47:26 +0000 (00:47 +0200)]
docs: update URLs

9 years agoRELEASE-NOTES: synced with f29f2cbd00dbe5f
Daniel Stenberg [Tue, 16 Jun 2015 07:07:37 +0000 (09:07 +0200)]
RELEASE-NOTES: synced with f29f2cbd00dbe5f

9 years agoREADME: use secure protocol for Git repository
Viktor Szakats [Mon, 15 Jun 2015 19:11:09 +0000 (21:11 +0200)]
README: use secure protocol for Git repository

9 years agoHTTP2.md: use SSL/TLS IETF URLs
Viktor Szakats [Mon, 15 Jun 2015 09:34:14 +0000 (11:34 +0200)]
HTTP2.md: use SSL/TLS IETF URLs

9 years agoLICENSE-MIXING: update URLs
Viktor Szakats [Mon, 15 Jun 2015 09:32:39 +0000 (11:32 +0200)]
LICENSE-MIXING: update URLs

* use SSL/TLS where available
* follow permanent redirects

9 years agoLICENSE-MIXING: refreshed
Daniel Stenberg [Mon, 15 Jun 2015 08:57:43 +0000 (10:57 +0200)]
LICENSE-MIXING: refreshed

9 years agocurl_easy_duphandle: see also *reset
Daniel Stenberg [Mon, 15 Jun 2015 08:37:38 +0000 (10:37 +0200)]
curl_easy_duphandle: see also *reset

9 years agortsp_do: fix DEAD CODE
Daniel Stenberg [Mon, 15 Jun 2015 07:05:07 +0000 (09:05 +0200)]
rtsp_do: fix DEAD CODE

"At condition p_request, the value of p_request cannot be NULL."

Coverity CID 1306668.

9 years agosecurity:choose_mech fix DEAD CODE warning
Daniel Stenberg [Mon, 15 Jun 2015 06:57:31 +0000 (08:57 +0200)]
security:choose_mech fix DEAD CODE warning

... by removing the "do {} while (0)" block.

Coverity CID 1306669

9 years agocurl.1: netrc is in man section 5
Daniel Stenberg [Mon, 15 Jun 2015 06:28:42 +0000 (08:28 +0200)]
curl.1: netrc is in man section 5

9 years agocurl.1: small format fix
Daniel Stenberg [Mon, 15 Jun 2015 06:26:37 +0000 (08:26 +0200)]
curl.1: small format fix

use \fI-style instead of .BR for references

9 years agourldata: store POST size in state.infilesize too
Daniel Stenberg [Sun, 7 Jun 2015 21:52:34 +0000 (23:52 +0200)]
urldata: store POST size in state.infilesize too

... to simplify checking when PUT _or_ POST have completed.

Reported-by: Frank Meier
Bug: http://curl.haxx.se/mail/lib-2015-06/0019.html

9 years agotest1530: added http to required features
Dan Fandrich [Sun, 14 Jun 2015 20:38:39 +0000 (22:38 +0200)]
test1530: added http to required features

9 years agobuild: Fix typo from OpenSSL 1.0.2 version detection fix
Drake Arconis [Sun, 14 Jun 2015 19:52:42 +0000 (15:52 -0400)]
build: Fix typo from OpenSSL 1.0.2 version detection fix

9 years agobuild: Properly detect OpenSSL 1.0.2 when using configure
Drake Arconis [Sun, 14 Jun 2015 17:51:06 +0000 (13:51 -0400)]
build: Properly detect OpenSSL 1.0.2 when using configure

9 years agocurl_multi_info_read.3: fix example formatting
Jay Satiro [Sun, 14 Jun 2015 03:25:07 +0000 (23:25 -0400)]
curl_multi_info_read.3: fix example formatting

9 years agoBINDINGS: there's a new R binding in town!
Daniel Stenberg [Sat, 13 Jun 2015 21:10:23 +0000 (23:10 +0200)]
BINDINGS: there's a new R binding in town!