]> granicus.if.org Git - curl/log
curl
7 years agoCurl_open: fix OOM return error correctly
Daniel Stenberg [Mon, 20 Nov 2017 22:16:56 +0000 (23:16 +0100)]
Curl_open: fix OOM return error correctly

Closes #2098

7 years agohttp2: fix "Value stored to 'end' is never read" scan-build error
Daniel Stenberg [Mon, 20 Nov 2017 22:13:03 +0000 (23:13 +0100)]
http2: fix "Value stored to 'end' is never read" scan-build error

7 years agohttp2: fix "Value stored to 'hdbuf' is never read" scan-build error
Daniel Stenberg [Mon, 20 Nov 2017 22:12:19 +0000 (23:12 +0100)]
http2: fix "Value stored to 'hdbuf' is never read" scan-build error

7 years agoopenssl: fix "Value stored to 'rc' is never read" scan-build error
Daniel Stenberg [Mon, 20 Nov 2017 22:10:48 +0000 (23:10 +0100)]
openssl: fix "Value stored to 'rc' is never read" scan-build error

7 years agomime: fix "Value stored to 'sz' is never read" scan-build error
Daniel Stenberg [Mon, 20 Nov 2017 22:08:59 +0000 (23:08 +0100)]
mime: fix "Value stored to 'sz' is never read" scan-build error

7 years agoCurl_llist_remove: fix potential NULL pointer deref
Daniel Stenberg [Mon, 20 Nov 2017 21:59:19 +0000 (22:59 +0100)]
Curl_llist_remove: fix potential NULL pointer deref

Fixes a scan-build warning.

7 years agontlm: remove unnecessary NULL-check to please scan-build
Daniel Stenberg [Mon, 20 Nov 2017 15:14:15 +0000 (16:14 +0100)]
ntlm: remove unnecessary NULL-check to please scan-build

7 years agoBUGS: spellchecked
Daniel Stenberg [Mon, 20 Nov 2017 22:57:57 +0000 (23:57 +0100)]
BUGS: spellchecked

7 years agoexamples/curlx: Fix code style
fmmedeiros [Sat, 18 Nov 2017 18:06:35 +0000 (15:06 -0300)]
examples/curlx: Fix code style

- Add braces around multi-line if statement.

Closes https://github.com/curl/curl/pull/2096

7 years agoresolve: allow IP address within [] brackets
Daniel Stenberg [Fri, 17 Nov 2017 10:21:12 +0000 (11:21 +0100)]
resolve: allow IP address within [] brackets

... so that IPv6 addresses can be passed like they can for connect-to
and how they're used in URLs.

Added test 1324 to verify
Reported-by: Alex Malinovich
Fixes #2087
Closes #2091

7 years agomacOS: Fix missing connectx function with Xcode version older than 9.0
Pavol Markovic [Wed, 15 Nov 2017 02:35:14 +0000 (15:35 +1300)]
macOS: Fix missing connectx function with Xcode version older than 9.0

The previous fix https://github.com/curl/curl/pull/1788 worked just for
Xcode 9. This commit extends the fix to older Xcode versions effectively
by not using connectx function.

Fixes https://github.com/curl/curl/issues/1330
Fixes https://github.com/curl/curl/issues/2080
Closes https://github.com/curl/curl/pull/1336
Closes #2082

7 years agoopenssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY
Dirk Feytons [Tue, 14 Nov 2017 21:22:47 +0000 (22:22 +0100)]
openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY

Fixes #2079
Closes #2081

7 years agoTODO: ignore private IP addresses in PASV response
Daniel Stenberg [Tue, 14 Nov 2017 22:49:06 +0000 (23:49 +0100)]
TODO: ignore private IP addresses in PASV response

Closes #1455

7 years agoRELEASE-NOTES: synced with ae7369b6d
Daniel Stenberg [Tue, 14 Nov 2017 19:40:37 +0000 (20:40 +0100)]
RELEASE-NOTES: synced with ae7369b6d

7 years agoURL: return error on malformed URLs with junk after IPv6 bracket
Michael Kaufmann [Sun, 12 Nov 2017 12:25:09 +0000 (13:25 +0100)]
URL: return error on malformed URLs with junk after IPv6 bracket

Follow-up to aadb7c7. Verified by new test 1263.

Closes #2072

7 years agoINTERNALS: we may use libidn2 now, not libidn
Daniel Stenberg [Tue, 14 Nov 2017 11:47:04 +0000 (12:47 +0100)]
INTERNALS: we may use libidn2 now, not libidn

7 years agozlib/brotli: only include header files in modules needing them
Patrick Monnerat [Mon, 13 Nov 2017 13:20:41 +0000 (14:20 +0100)]
zlib/brotli: only include header files in modules needing them

There is a conflict on symbol 'free_func' between openssl/crypto.h and
zlib.h on AIX. This is an attempt to resolve it.

Bug: https://curl.haxx.se/mail/lib-2017-11/0032.html
Reported-By: Michael Felt
7 years agoSMB: fix uninitialized local variable
Daniel Stenberg [Mon, 13 Nov 2017 07:26:54 +0000 (08:26 +0100)]
SMB: fix uninitialized local variable

Reported-by: Brian Carpenter
7 years agoconnect.c: remove executable bit on file
Orgad Shaneh [Sun, 12 Nov 2017 07:23:17 +0000 (09:23 +0200)]
connect.c: remove executable bit on file

Closes #2071

7 years agoREADME.md: fixed layout
hsiao yi [Sat, 11 Nov 2017 18:16:58 +0000 (13:16 -0500)]
README.md: fixed layout

Closes #2069

7 years agosetopt: split out curl_easy_setopt() to its own file
Daniel Stenberg [Fri, 10 Nov 2017 16:45:54 +0000 (17:45 +0100)]
setopt: split out curl_easy_setopt() to its own file

... to make url.c smaller.

Closes #1944

7 years agocmake: Add missing setmode check
John Starks [Fri, 10 Nov 2017 19:46:41 +0000 (11:46 -0800)]
cmake: Add missing setmode check

Ensure HAVE_SETMODE is set to 1 on OSes that have setmode. Without this,
curl will corrupt binary files when writing them to stdout on Windows.

Closes https://github.com/curl/curl/pull/2067

7 years agocurl_share_setopt: va_end was not called if conncache errors
Daniel Stenberg [Fri, 10 Nov 2017 13:59:19 +0000 (14:59 +0100)]
curl_share_setopt: va_end was not called if conncache errors

CID 984459, detected by Coverity

7 years agocmake: Correctly include curl.rc in Windows builds (#2064)
John Starks [Fri, 10 Nov 2017 10:58:10 +0000 (02:58 -0800)]
cmake: Correctly include curl.rc in Windows builds (#2064)

Update CMakeLists.txt to add curl.rc to the correct list.

7 years agoRELEASE-NOTES: synced with 32828cc4f
Daniel Stenberg [Thu, 9 Nov 2017 22:19:45 +0000 (23:19 +0100)]
RELEASE-NOTES: synced with 32828cc4f

7 years ago--interface: add support for Linux VRF
Luca Boccassi [Thu, 26 Oct 2017 18:42:55 +0000 (19:42 +0100)]
--interface: add support for Linux VRF

The --interface command (CURLOPT_INTERFACE option) already uses
SO_BINDTODEVICE on Linux, but it tries to parse it as an interface or IP
address first, which fails in case the user passes a VRF.

Try to use the socket option immediately and parse it as a fallback
instead.  Update the documentation to mention this feature, and that it
requires the binary to be ran by root or with CAP_NET_RAW capabilities
for this to work.

Closes #2024

7 years agocurl_share_setopt.3: document CURL_LOCK_DATA_CONNECT
Daniel Stenberg [Thu, 9 Nov 2017 10:04:21 +0000 (11:04 +0100)]
curl_share_setopt.3: document CURL_LOCK_DATA_CONNECT

Closes #2043

7 years agoexamples: add shared-connection-cache
Daniel Stenberg [Sat, 4 Nov 2017 16:24:14 +0000 (17:24 +0100)]
examples: add shared-connection-cache

7 years agotest1554: verify connection cache sharing
Daniel Stenberg [Sat, 4 Nov 2017 16:23:32 +0000 (17:23 +0100)]
test1554: verify connection cache sharing

7 years agoshare: add support for sharing the connection cache
Daniel Stenberg [Wed, 1 Nov 2017 22:37:45 +0000 (23:37 +0100)]
share: add support for sharing the connection cache

7 years agoimap: deal with commands case insensitively
Daniel Stenberg [Wed, 8 Nov 2017 23:26:21 +0000 (00:26 +0100)]
imap: deal with commands case insensitively

As documented in RFC 3501 section 9:
https://tools.ietf.org/html/rfc3501#section-9

Closes #2061

7 years agoconnect: store IPv6 connection status after valid connection
Daniel Stenberg [Sat, 4 Nov 2017 12:32:14 +0000 (13:32 +0100)]
connect: store IPv6 connection status after valid connection

... previously it would store it already in the happy eyeballs stage
which could lead to the IPv6 bit being set for an IPv4 connection,
leading to curl not wanting to do EPSV=>PASV for FTP transfers.

Closes #2053

7 years agocurl_multi_fdset.3: emphasize curl_multi_timeout
Daniel Stenberg [Thu, 9 Nov 2017 06:51:11 +0000 (07:51 +0100)]
curl_multi_fdset.3: emphasize curl_multi_timeout

... even when there's no socket to wait for, the timeout can still be
very short.

7 years agocontent_encoding: fix inflate_stream for no bytes available
Jay Satiro [Tue, 7 Nov 2017 05:46:59 +0000 (00:46 -0500)]
content_encoding: fix inflate_stream for no bytes available

- Don't call zlib's inflate() when avail_in stream bytes is 0.

This is a follow up to the parent commit 19e66e5. Prior to that change
libcurl's inflate_stream could call zlib's inflate even when no bytes
were available, causing inflate to return Z_BUF_ERROR, and then
inflate_stream would treat that as a hard error and return
CURLE_BAD_CONTENT_ENCODING.

According to the zlib FAQ, Z_BUF_ERROR is not fatal.

This bug would happen randomly since packet sizes are arbitrary. A test
of 10,000 transfers had 55 fail (ie 0.55%).

Ref: https://zlib.net/zlib_faq.html#faq05

Closes https://github.com/curl/curl/pull/2060

7 years agocontent_encoding: do not write 0 length data
Patrick Monnerat [Tue, 7 Nov 2017 01:38:34 +0000 (02:38 +0100)]
content_encoding: do not write 0 length data

7 years agofnmatch: remove dead code
Daniel Stenberg [Mon, 6 Nov 2017 08:01:53 +0000 (09:01 +0100)]
fnmatch: remove dead code

There was a duplicate check for backslashes in the setcharset()
function.

Coverity CID 1420611

7 years agourl: remove unncessary NULL-check
Daniel Stenberg [Mon, 6 Nov 2017 07:21:30 +0000 (08:21 +0100)]
url: remove unncessary NULL-check

Since 'conn' won't be NULL in there and we also access the pointer in
there without the check.

Coverity CID 1420610

7 years agosrc/Makefile.m32: fix typo in brotli lib customization
Viktor Szakats [Mon, 6 Nov 2017 01:03:49 +0000 (01:03 +0000)]
src/Makefile.m32: fix typo in brotli lib customization

Ref cc1f4436099decb9d1a7034b2bb773a9f8379d31

7 years agoMakefile.m32: allow to customize brotli libs
Viktor Szakats [Sun, 5 Nov 2017 22:56:39 +0000 (22:56 +0000)]
Makefile.m32: allow to customize brotli libs

It adds the ability to link against static brotli libs.

Also fix brotli include path.

7 years agotravis: add a job with brotli enabled
Patrick Monnerat [Sun, 5 Nov 2017 14:38:17 +0000 (15:38 +0100)]
travis: add a job with brotli enabled

7 years agoMakefile.m32: add brotli support
Viktor Szakats [Sun, 5 Nov 2017 14:32:43 +0000 (15:32 +0100)]
Makefile.m32: add brotli support

7 years agoHTTP: implement Brotli content encoding
Patrick Monnerat [Sun, 5 Nov 2017 14:28:16 +0000 (15:28 +0100)]
HTTP: implement Brotli content encoding

This uses the brotli external library (https://github.com/google/brotli).
Brotli becomes a feature: additional curl_version_info() bit and
structure fields are provided for it and CURLVERSION_NOW bumped.

Tests 314 and 315 check Brotli content unencoding with correct and
erroneous data.

Some tests are updated to accomodate with the now configuration dependent
parameters of the Accept-Encoding header.

7 years agoHTTP: support multiple Content-Encodings
Patrick Monnerat [Sun, 5 Nov 2017 14:09:48 +0000 (15:09 +0100)]
HTTP: support multiple Content-Encodings

This is implemented as an output streaming stack of unencoders, the last
calling the client write procedure.

New test 230 checks this feature.

Bug: https://github.com/curl/curl/pull/2002
Reported-By: Daniel Bankhead
7 years agourl: remove arg value check from CURLOPT_SSH_AUTH_TYPES
Jay Satiro [Sat, 4 Nov 2017 22:36:07 +0000 (18:36 -0400)]
url: remove arg value check from CURLOPT_SSH_AUTH_TYPES

Since CURLSSH_AUTH_ANY (aka CURLSSH_AUTH_DEFAULT) is ~0 an arg value
check on this option is incorrect; we have to accept any value.

Prior to this change since f121575 (7.56.1+) CURLOPT_SSH_AUTH_TYPES
erroneously rejected CURLSSH_AUTH_ANY with CURLE_BAD_FUNCTION_ARGUMENT.

Bug: https://github.com/curl/curl/commit/f121575#commitcomment-25347120

7 years agontlm: avoid malloc(0) for zero length passwords
Daniel Stenberg [Sat, 4 Nov 2017 15:42:21 +0000 (16:42 +0100)]
ntlm: avoid malloc(0) for zero length passwords

It triggers an assert() when built with memdebug since malloc(0) may
return NULL *or* a valid pointer.

Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4054

Assisted-by: Max Dymond
Closes #2054

7 years agoRELEASE-NOTES: synced with ee8016b3d
Daniel Stenberg [Sat, 4 Nov 2017 21:03:18 +0000 (22:03 +0100)]
RELEASE-NOTES: synced with ee8016b3d

7 years agocurl: speed up handling of many URLs
Daniel Stenberg [Sat, 4 Nov 2017 11:56:30 +0000 (12:56 +0100)]
curl: speed up handling of many URLs

By properly keeping track of the last entry in the list of URLs/uploads
to handle, curl now avoids many meaningless traverses of the list which
speeds up many-URL handling *MASSIVELY* (several magnitudes on 100K
URLs).

Added test 1291, to verify that it doesn't take ages - but we don't have
any detection of "too slow" command in the test suite.

Reported-by: arainchik on github
Fixes #1959
Closes #2052

7 years agocurl: pass through [] in URLs instead of calling globbing error
Daniel Stenberg [Fri, 3 Nov 2017 13:04:53 +0000 (15:04 +0200)]
curl: pass through [] in URLs instead of calling globbing error

Assisted-by: Per Lundberg
Fixes #2044
Closes #2046
Closes #2048

7 years agoCURLOPT_INFILESIZE: accept -1
Daniel Stenberg [Fri, 3 Nov 2017 13:40:05 +0000 (14:40 +0100)]
CURLOPT_INFILESIZE: accept -1

Regression since f121575

Reported-by: Petr Voytsik
Fixes #2047

7 years agourl: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
Jay Satiro [Thu, 2 Nov 2017 04:30:28 +0000 (00:30 -0400)]
url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1

Prior to this change since f121575 (7.56.1+) CURLOPT_DNS_CACHE_TIMEOUT
erroneously rejected -1 with CURLE_BAD_FUNCTION_ARGUMENT.

7 years agohttp2: Fixed OOM handling in upgrade request
Dan Fandrich [Wed, 1 Nov 2017 13:36:15 +0000 (14:36 +0100)]
http2: Fixed OOM handling in upgrade request

This caused the torture tests on test 1800 to fail.

7 years agotests: Fixed torture tests on tests 556 and 650
Dan Fandrich [Wed, 1 Nov 2017 13:34:15 +0000 (14:34 +0100)]
tests: Fixed torture tests on tests 556 and 650

Test cleanup after OOM wasn't being consistently performed.

7 years agoCURLOPT_MAXREDIRS: allow -1 as a value
Daniel Stenberg [Tue, 31 Oct 2017 14:01:23 +0000 (15:01 +0100)]
CURLOPT_MAXREDIRS: allow -1 as a value

... which is valid according to documentation. Regression since
f121575c0b5f.

Verified now in test 501.

Reported-by: cbartl on github
Fixes #2038
Closes #2039

7 years agoinclude: remove conncache.h inclusion from where its not needed
Daniel Stenberg [Wed, 1 Nov 2017 09:06:32 +0000 (10:06 +0100)]
include: remove conncache.h inclusion from where its not needed

7 years agourl: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1
Jay Satiro [Wed, 1 Nov 2017 06:11:30 +0000 (02:11 -0400)]
url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1

.. also add same arg value check to CURLOPT_POSTFIELDSIZE_LARGE.

Prior to this change since f121575 (7.56.1+) CURLOPT_POSTFIELDSIZE
erroneously rejected -1 value with CURLE_BAD_FUNCTION_ARGUMENT.

Bug: https://curl.haxx.se/mail/lib-2017-11/0000.html
Reported-by: Andrew Lambert
7 years agocookie: avoid NULL dereference
Daniel Stenberg [Mon, 30 Oct 2017 15:42:25 +0000 (16:42 +0100)]
cookie: avoid NULL dereference

... when expiring old cookies.

Reported-by: Pavel Gushchin
Fixes #2032
Closes #2035

7 years agomemdebug: use send/recv signature for curl_dosend/curl_dorecv
Marcel Raad [Fri, 27 Oct 2017 08:10:30 +0000 (10:10 +0200)]
memdebug: use send/recv signature for curl_dosend/curl_dorecv

This avoids build errors and warnings caused by implicit casts.

Closes https://github.com/curl/curl/pull/2031

7 years agomkhelp.pl: support reproducible build
Juro Bystricky [Fri, 27 Oct 2017 15:28:25 +0000 (08:28 -0700)]
mkhelp.pl: support reproducible build

Do not generate line with the current date, such as:

* Generation time: Tue Oct-24 18:01:41 2017

This will improve reproducibility. The generated string is only
part of a comment, so there should be no adverse consequences.

Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
closes #2026

7 years agoruntests.pl: Fixed typo in message
Dan Fandrich [Mon, 30 Oct 2017 15:56:14 +0000 (16:56 +0100)]
runtests.pl: Fixed typo in message

7 years agocurlx: the timeval functions are no longer provided as curlx_*
Daniel Stenberg [Mon, 30 Oct 2017 15:41:02 +0000 (16:41 +0100)]
curlx: the timeval functions are no longer provided as curlx_*

Pointed-out-by: Dmitri Tikhonov
Bug: #2034

7 years agoselect: update comments
Daniel Stenberg [Mon, 30 Oct 2017 15:40:28 +0000 (16:40 +0100)]
select: update comments

s/curlx_tvnow/Curl_now

7 years agoINTERNALS: remove curlx_tv* functions no longer provided
Daniel Stenberg [Mon, 30 Oct 2017 14:30:01 +0000 (15:30 +0100)]
INTERNALS: remove curlx_tv* functions no longer provided

7 years agotimeval: use mach time on MacOS
Dmitri Tikhonov [Mon, 30 Oct 2017 12:12:41 +0000 (08:12 -0400)]
timeval: use mach time on MacOS

If clock_gettime() is not supported, use mach_absolute_time() on MacOS.

closes #2033

7 years agocli tool: improve ";type=" handling in -F option arguments
Patrick Monnerat [Sun, 29 Oct 2017 13:31:03 +0000 (14:31 +0100)]
cli tool: improve ";type=" handling in -F option arguments

7 years agocli tool: in -F option arg, comma is a delimiter for files only
Patrick Monnerat [Sun, 29 Oct 2017 12:57:16 +0000 (13:57 +0100)]
cli tool: in -F option arg, comma is a delimiter for files only

Also upgrade test 1133 to cover this case and clarify man page about
form data quoting.

Bug: https://github.com/curl/curl/issues/2022
Reported-By: omau on github
7 years agotimeleft: made two more users of Curl_timeleft use timediff_t
Daniel Stenberg [Sun, 29 Oct 2017 12:13:23 +0000 (13:13 +0100)]
timeleft: made two more users of Curl_timeleft use timediff_t

7 years agocmake: Export libcurl and curl targets to use by other cmake projects
Jakub Zakrzewski [Sun, 10 Sep 2017 14:56:16 +0000 (16:56 +0200)]
cmake: Export libcurl and curl targets to use by other cmake projects

The config files define curl and libcurl targets as imported targets
CURL::curl and CURL::libcurl. For backward compatibility with CMake-
provided find-module the CURL_INCLUDE_DIRS and CURL_LIBRARIES are
also set.

Closes #1879

7 years agoRELEASE-NOTES: synced with f20cbac97
Daniel Stenberg [Sat, 28 Oct 2017 14:49:27 +0000 (16:49 +0200)]
RELEASE-NOTES: synced with f20cbac97

7 years agoauth: Added test cases for RFC7616
Florin [Sat, 7 Oct 2017 11:30:17 +0000 (13:30 +0200)]
auth: Added test cases for RFC7616

Updated docs to include support for RFC7616

Signed-off-by: Florin <petriuc.florin@gmail.com>
Closes #1934

7 years agoauth: add support for RFC7616 - HTTP Digest access authentication
Florin [Sat, 30 Sep 2017 18:30:55 +0000 (20:30 +0200)]
auth: add support for RFC7616 - HTTP Digest access authentication

Signed-off-by: Florin <petriuc.florin@gmail.com>
7 years agoTODO: support multiple Content-Encodings
Daniel Bankhead [Fri, 20 Oct 2017 17:01:32 +0000 (13:01 -0400)]
TODO: support multiple Content-Encodings

Closes #2002

7 years agoROADMAP: cleanup
Daniel Stenberg [Sat, 28 Oct 2017 08:54:20 +0000 (10:54 +0200)]
ROADMAP: cleanup

Removed done stuff. Removed entries no longer considered for the near
term.

7 years agoROADMAP.md: spelling fixes
Magicansk [Sat, 28 Oct 2017 03:16:32 +0000 (11:16 +0800)]
ROADMAP.md: spelling fixes

Closes #2028

7 years agoCurl_timeleft: change return type to timediff_t
Daniel Stenberg [Thu, 26 Oct 2017 13:24:50 +0000 (15:24 +0200)]
Curl_timeleft: change return type to timediff_t

returning 'time_t' is problematic when that type is unsigned and we
return values less than zero to signal "already expired", used in
several places in the code.

Closes #2021

7 years agoappveyor: add a win32 build
Daniel Stenberg [Fri, 27 Oct 2017 21:40:04 +0000 (23:40 +0200)]
appveyor: add a win32 build

7 years agosetopt: fix CURLOPT_SSH_AUTH_TYPES option read
Daniel Stenberg [Fri, 27 Oct 2017 20:56:33 +0000 (22:56 +0200)]
setopt: fix CURLOPT_SSH_AUTH_TYPES option read

Regression since f121575c0b5f

Reported-by: Rob Cotrone
7 years agoresolvers: only include anything if needed
Marcel Raad [Thu, 26 Oct 2017 18:52:22 +0000 (20:52 +0200)]
resolvers: only include anything if needed

This avoids warnings about unused stuff.

Closes https://github.com/curl/curl/pull/2023

7 years agoHELP-US: rename the subtitle too since the label is changed
Daniel Stenberg [Fri, 27 Oct 2017 09:19:22 +0000 (11:19 +0200)]
HELP-US: rename the subtitle too since the label is changed

"PR-welcome" was the former name.

7 years agocurl_setup.h: oops, shorten the too long line
Daniel Stenberg [Fri, 27 Oct 2017 09:12:45 +0000 (11:12 +0200)]
curl_setup.h: oops, shorten the too long line

7 years agocurl_setup: Improve detection of CURL_WINDOWS_APP
Martin Storsjo [Fri, 27 Oct 2017 08:21:01 +0000 (11:21 +0300)]
curl_setup: Improve detection of CURL_WINDOWS_APP

If WINAPI_FAMILY is defined, it should be safe to try to include
winapifamily.h to check what the define evaluates to.

This should fix detection of CURL_WINDOWS_APP if building with
_WIN32_WINNT set to 0x0600.

Closes #2025

7 years agotransfer: Fix chunked-encoding upload bug
Jay Satiro [Tue, 24 Oct 2017 20:08:26 +0000 (16:08 -0400)]
transfer: Fix chunked-encoding upload bug

- When uploading via chunked-encoding don't compare file size to bytes
  sent to determine whether the upload has finished.

Chunked-encoding adds its own overhead which why the bytes sent is not
equal to the file size. Prior to this change if a file was uploaded in
chunked-encoding and its size was known it was possible that the upload
could end prematurely without sending the final few chunks. That would
result in a server hang waiting for the remaining data, likely followed
by a disconnect.

The scope of this bug is limited to some arbitrary file sizes which have
not been determined. One size that triggers the bug is 475020.

Bug: https://github.com/curl/curl/issues/2001
Reported-by: moohoorama@users.noreply.github.com
Closes https://github.com/curl/curl/pull/2010

7 years agotimeval: make timediff_t also work on 32bit windows
Daniel Stenberg [Thu, 26 Oct 2017 11:02:00 +0000 (13:02 +0200)]
timeval: make timediff_t also work on 32bit windows

... by using curl_off_t for the typedef if time_t is larger than 4
bytes.

Reported-by: Gisle Vanem
Bug: https://github.com/curl/curl/commit/b9d25f9a6b3ca791385b80a6a3c3fa5ae113e1e0#co
mmitcomment-25205058
Closes #2019

7 years agocurl_fnmatch: return error on illegal wildcard pattern
Daniel Stenberg [Wed, 25 Oct 2017 21:53:30 +0000 (23:53 +0200)]
curl_fnmatch: return error on illegal wildcard pattern

... instead of doing an infinite loop!

Added test 1162 to verify.

Reported-by: Max Dymond
Fixes #2015
Closes #2017

7 years agowildcards: don't use with non-supported protocols
Max Dymond [Wed, 25 Oct 2017 21:51:50 +0000 (22:51 +0100)]
wildcards: don't use with non-supported protocols

Fixes timeouts in the fuzzing tests for non-FTP protocols.

Closes #2016

7 years agomulti: allow table handle sizes to be overridden
Max Dymond [Wed, 11 Oct 2017 12:18:46 +0000 (13:18 +0100)]
multi: allow table handle sizes to be overridden

Allow users to specify their own hash define for
CURL_CONNECTION_HASH_SIZE so that both values can be overridden.

Closes #1982

7 years agotime: rename Curl_tvnow to Curl_now
Daniel Stenberg [Wed, 25 Oct 2017 09:59:43 +0000 (11:59 +0200)]
time: rename Curl_tvnow to Curl_now

... since the 'tv' stood for timeval and this function does not return a
timeval struct anymore.

Also, cleaned up the Curl_timediff*() functions to avoid typecasts and
clean up the descriptive comments.

Closes #2011

7 years agoftplistparser: follow-up cleanup to remove PL_ERROR()
Daniel Stenberg [Wed, 25 Oct 2017 16:19:44 +0000 (18:19 +0200)]
ftplistparser: follow-up cleanup to remove PL_ERROR()

7 years agoftplistparser: free off temporary memory always
Max Dymond [Wed, 25 Oct 2017 14:52:43 +0000 (15:52 +0100)]
ftplistparser: free off temporary memory always

When using the FTP list parser, ensure that the memory that's
allocated is always freed.

Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3682
Closes #2013

7 years agotimediff: return timediff_t from the time diff functions
Daniel Stenberg [Mon, 23 Oct 2017 10:05:49 +0000 (12:05 +0200)]
timediff: return timediff_t from the time diff functions

... to cater for systems with unsigned time_t variables.

- Renamed the functions to curlx_timediff and Curl_timediff_us.

- Added overflow protection for both of them in either direction for
  both 32 bit and 64 bit time_ts

- Reprefixed the curlx_time functions to use Curl_*

Reported-by: Peter Piekarski
Fixes #2004
Closes #2005

7 years agolibtest: Add required test libraries for lib1552 and lib1553
Paul Howarth [Mon, 23 Oct 2017 17:51:36 +0000 (18:51 +0100)]
libtest: Add required test libraries for lib1552 and lib1553

They use $(TESTUTIL) and thus should use $(TESTUTIL_LIBS) too.

This fixes build failures on Fedora 13.

Closes #2006

7 years agolibcurl-tutorial.3: fix typo
Alessandro Ghedini [Mon, 23 Oct 2017 22:24:10 +0000 (23:24 +0100)]
libcurl-tutorial.3: fix typo

closes #2008

7 years agocurl_mime_filedata.3: fix typos
Alessandro Ghedini [Mon, 23 Oct 2017 22:23:23 +0000 (23:23 +0100)]
curl_mime_filedata.3: fix typos

7 years agoRELEASE-NOTES: clean slate towards 7.57.0
Daniel Stenberg [Mon, 23 Oct 2017 11:33:04 +0000 (13:33 +0200)]
RELEASE-NOTES: clean slate towards 7.57.0

7 years agotravis: exit if any steps fail
Max Dymond [Mon, 9 Oct 2017 08:10:51 +0000 (09:10 +0100)]
travis: exit if any steps fail

We don't expect any steps to fail in travis. Exit the script if they do.

Closes #1966

7 years agoRELEASE-NOTES: 7.56.1 curl-7_56_1
Daniel Stenberg [Sun, 22 Oct 2017 14:20:04 +0000 (16:20 +0200)]
RELEASE-NOTES: 7.56.1

7 years agoTHANKS: update at 7.56.1 release time
Daniel Stenberg [Sun, 22 Oct 2017 21:32:03 +0000 (23:32 +0200)]
THANKS: update at 7.56.1 release time

7 years agomk-ca-bundle: Remove URL for aurora
Jon DeVree [Thu, 19 Oct 2017 15:54:04 +0000 (11:54 -0400)]
mk-ca-bundle: Remove URL for aurora

Aurora is no longer used by Mozilla
https://hacks.mozilla.org/2017/04/simplifying-firefox-release-channels/

7 years agomk-ca-bundle: Fix URL for NSS
Jon DeVree [Thu, 19 Oct 2017 12:40:54 +0000 (08:40 -0400)]
mk-ca-bundle: Fix URL for NSS

The 'tip' is the most recent branch committed to, this should be
'default' like the URLs for the browser are.

Closes #1998

7 years agoimap: if a FETCH response has no size, don't call write callback
Daniel Stenberg [Fri, 6 Oct 2017 22:11:31 +0000 (00:11 +0200)]
imap: if a FETCH response has no size, don't call write callback

CVE-2017-1000257

Reported-by: Brian Carpenter and 0xd34db347
Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586

7 years agoftp: reject illegal IP/port in PASV 227 response
Daniel Stenberg [Thu, 19 Oct 2017 12:41:14 +0000 (14:41 +0200)]
ftp: reject illegal IP/port in PASV 227 response

... by using range checks. Among other things, this avoids an undefined
behavior for a left shift that could happen on negative or very large
values.

Closes #1997

Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694