]> granicus.if.org Git - curl/log
curl
5 years agongtcp2: adapt to API change
Daniel Stenberg [Thu, 3 Oct 2019 21:08:45 +0000 (23:08 +0200)]
ngtcp2: adapt to API change

Closes #4457

5 years agocookies: change argument type for Curl_flush_cookies
Daniel Stenberg [Thu, 3 Oct 2019 12:29:57 +0000 (14:29 +0200)]
cookies: change argument type for Curl_flush_cookies

The second argument is really a 'bool' so use that and pass in TRUE/FALSE
to make it clear.

Closes #4455

5 years agohttp2: move state-init from creation to pre-transfer
Daniel Stenberg [Mon, 30 Sep 2019 07:30:58 +0000 (09:30 +0200)]
http2: move state-init from creation to pre-transfer

To make sure that the HTTP/2 state is initialized correctly for
duplicated handles. It would otherwise easily generate "spurious"
PRIORITY frames to get sent over HTTP/2 connections when duplicated easy
handles were used.

Reported-by: Daniel Silverstone
Fixes #4303
Closes #4442

5 years agourlapi: fix use-after-free bug
Daniel Stenberg [Thu, 3 Oct 2019 11:24:43 +0000 (13:24 +0200)]
urlapi: fix use-after-free bug

Follow-up from 2c20109a9b5d04

Added test 663 to verify.

Reported by OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/17954

Closes #4453

5 years agocookie: avoid harmless use after free
Paul Dreik [Thu, 3 Oct 2019 08:57:09 +0000 (10:57 +0200)]
cookie: avoid harmless use after free

This fix removes a use after free which can be triggered by
the internal cookie fuzzer, but otherwise is probably
impossible to trigger from an ordinary application.

The following program reproduces it:

        curl_global_init(CURL_GLOBAL_DEFAULT);
        CURL*  handle=curl_easy_init();
        CookieInfo* info=Curl_cookie_init(handle,NULL,NULL,false);
        curl_easy_setopt(handle, CURLOPT_COOKIEJAR, "/dev/null");
        Curl_flush_cookies(handle, true);
        Curl_cookie_cleanup(info);
        curl_easy_cleanup(handle);
        curl_global_cleanup();

This was found through fuzzing.

Closes #4454

5 years agodocs: add note on failed handles not being counted by curl_multi_perform
Denis Chaplygin [Tue, 1 Oct 2019 07:55:08 +0000 (10:55 +0300)]
docs: add note on failed handles not being counted by curl_multi_perform

Closes #4446

5 years agoCURLMOPT_MAX_CONCURRENT_STREAMS.3: fix SEE ALSO typo
Daniel Stenberg [Thu, 3 Oct 2019 12:16:10 +0000 (14:16 +0200)]
CURLMOPT_MAX_CONCURRENT_STREAMS.3: fix SEE ALSO typo

5 years agoESNI: initial build/setup
Niall [Tue, 4 Jun 2019 14:53:02 +0000 (15:53 +0100)]
ESNI: initial build/setup

Closes #4011

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Wed, 2 Oct 2019 06:04:07 +0000 (08:04 +0200)]
RELEASE-NOTES: synced

5 years agoredirect: when following redirects to an absolute URL, URL encode it
Daniel Stenberg [Tue, 1 Oct 2019 07:54:21 +0000 (09:54 +0200)]
redirect: when following redirects to an absolute URL, URL encode it

... to make it handle for example (RFC violating) embeded spaces.

Reported-by: momala454 on github
Fixes #4445
Closes #4447

5 years agourlapi: fix URL encoding when setting a full URL
Daniel Stenberg [Tue, 1 Oct 2019 07:53:28 +0000 (09:53 +0200)]
urlapi: fix URL encoding when setting a full URL

5 years agotool_operate: rename functions to make more sense
Daniel Stenberg [Mon, 30 Sep 2019 21:24:49 +0000 (23:24 +0200)]
tool_operate: rename functions to make more sense

5 years agocurl: create easy handles on-demand and not ahead of time
Daniel Stenberg [Mon, 23 Sep 2019 15:11:22 +0000 (17:11 +0200)]
curl: create easy handles on-demand and not ahead of time

This should again enable crazy-large download ranges of the style
[1-10000000] that otherwise easily ran out of memory starting in 7.66.0
when this new handle allocating scheme was introduced.

Reported-by: Peter Sumatra
Fixes #4393
Closes #4438

5 years agoCURLMOPT_MAX_CONCURRENT_STREAMS: new setopt
Kunal Ekawde [Tue, 24 Sep 2019 12:56:11 +0000 (08:56 -0400)]
CURLMOPT_MAX_CONCURRENT_STREAMS: new setopt

Closes #4410

5 years agochunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING error
Daniel Stenberg [Tue, 1 Oct 2019 13:40:05 +0000 (15:40 +0200)]
chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING error

Unknown content-encoding would get returned as CURLE_WRITE_ERROR if the
response is chunked-encoded.

Reported-by: Ilya Kosarev
Fixes #4310
Closes #4449

5 years agochecksrc: fix uninitialized variable warning
Marcel Raad [Mon, 30 Sep 2019 22:32:26 +0000 (00:32 +0200)]
checksrc: fix uninitialized variable warning

The loop doesn't need to be executed without a file argument.

Closes https://github.com/curl/curl/pull/4444

5 years agourlapi: fix unused variable warning
Marcel Raad [Mon, 30 Sep 2019 22:26:03 +0000 (00:26 +0200)]
urlapi: fix unused variable warning

`dest` is only used with `ENABLE_IPV6`.

Closes https://github.com/curl/curl/pull/4444

5 years agolib: silence conversion warnings
Marcel Raad [Mon, 30 Sep 2019 22:24:50 +0000 (00:24 +0200)]
lib: silence conversion warnings

Closes https://github.com/curl/curl/pull/4444

5 years agoAppVeyor: add 32-bit MinGW-w64 build
Marcel Raad [Tue, 24 Sep 2019 17:26:51 +0000 (19:26 +0200)]
AppVeyor: add 32-bit MinGW-w64 build

With WinSSL and testing enabled so that it would have detected most of
the warnings fixed in [0] and [1].

[0] https://github.com/curl/curl/pull/4398
[1] https://github.com/curl/curl/pull/4415

Closes https://github.com/curl/curl/pull/4433

5 years agoAppVeyor: remove MSYS2_ARG_CONV_EXCL for winbuild
Marcel Raad [Tue, 24 Sep 2019 17:15:10 +0000 (19:15 +0200)]
AppVeyor: remove MSYS2_ARG_CONV_EXCL for winbuild

It's only used for MSYS2 with MinGW.

Closes

5 years agogit: add tests/server/disabled to .gitignore
Emil Engler [Mon, 30 Sep 2019 15:00:45 +0000 (17:00 +0200)]
git: add tests/server/disabled to .gitignore

Closes #4441

5 years agoaltsvc: accept quoted ma and persist values
Daniel Stenberg [Mon, 30 Sep 2019 08:29:46 +0000 (10:29 +0200)]
altsvc: accept quoted ma and persist values

As mandated by the spec. Test 1654 is extended to verify.

Closes #4443

5 years agomailmap: a Lucas fix
Daniel Stenberg [Mon, 30 Sep 2019 09:42:32 +0000 (11:42 +0200)]
mailmap: a Lucas fix

5 years agoquiche: update HTTP/3 config creation to new API
lucas [Fri, 27 Sep 2019 11:31:13 +0000 (12:31 +0100)]
quiche: update HTTP/3 config creation to new API

5 years agoBINDINGS: PureBasic, Net::Curl for perl and Nim
Daniel Stenberg [Sun, 29 Sep 2019 10:34:07 +0000 (12:34 +0200)]
BINDINGS: PureBasic, Net::Curl for perl and Nim

5 years agoBINDINGS: Kapito is an Erlang library, basically a binding
Daniel Stenberg [Sun, 29 Sep 2019 09:57:24 +0000 (11:57 +0200)]
BINDINGS: Kapito is an Erlang library, basically a binding

5 years agoBINDINGS: added clj-curl
Daniel Stenberg [Sun, 29 Sep 2019 09:37:37 +0000 (11:37 +0200)]
BINDINGS: added clj-curl

Reported-by: Lucas Severo
5 years agodocs: disambiguate CURLUPART_HOST is for host name (ie no port)
Jay Satiro [Wed, 25 Sep 2019 23:12:27 +0000 (19:12 -0400)]
docs: disambiguate CURLUPART_HOST is for host name (ie no port)

Closes #4424

5 years agocookies: using a share with cookies shouldn't enable the cookie engine
Daniel Stenberg [Fri, 27 Sep 2019 07:41:43 +0000 (09:41 +0200)]
cookies: using a share with cookies shouldn't enable the cookie engine

The 'share object' only sets the storage area for cookies. The "cookie
engine" still needs to be enabled or activated using the normal cookie
options.

This caused the curl command line tool to accidentally use cookies
without having been told to, since curl switched to using shared cookies
in 7.66.0.

Test 1166 verifies

Updated test 506

Fixes #4429
Closes #4434

5 years agosetopt: handle ALTSVC set to NULL
Daniel Stenberg [Fri, 27 Sep 2019 13:10:49 +0000 (15:10 +0200)]
setopt: handle ALTSVC set to NULL

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Fri, 27 Sep 2019 11:56:08 +0000 (13:56 +0200)]
RELEASE-NOTES: synced

5 years agoINSTALL: add vcpkg installation instructions
grdowns [Fri, 27 Sep 2019 09:37:29 +0000 (02:37 -0700)]
INSTALL: add vcpkg installation instructions

Closes #4435

5 years agoFTP: add test for FTPFILE_NOCWD: Avoid redundant CWDs
Zenju [Tue, 24 Sep 2019 17:58:35 +0000 (19:58 +0200)]
FTP: add test for FTPFILE_NOCWD: Avoid redundant CWDs

Add libtest 661

Closes #4417

5 years agoFTP: url-decode path before evaluation
Zenju [Wed, 25 Sep 2019 15:48:53 +0000 (17:48 +0200)]
FTP: url-decode path before evaluation

Closes #4428

5 years agotests: fix narrowing conversion warnings
Marcel Raad [Tue, 24 Sep 2019 16:58:23 +0000 (18:58 +0200)]
tests: fix narrowing conversion warnings

`timediff_t` is 64 bits wide also on 32-bit systems since
commit b1616dad8f0.

Closes https://github.com/curl/curl/pull/4415

5 years agovtls: Fix comment typo about macosx-version-min compiler flag
julian [Thu, 26 Sep 2019 01:24:01 +0000 (18:24 -0700)]
vtls: Fix comment typo about macosx-version-min compiler flag

Closes https://github.com/curl/curl/pull/4425

5 years agoREADME: minor grammar fix
Yechiel Kalmenson [Thu, 26 Sep 2019 19:37:24 +0000 (15:37 -0400)]
README: minor grammar fix

Closes #4431

5 years agoHTTP3: fix prefix parameter for ngtcp2 build
Spezifant [Thu, 26 Sep 2019 18:45:14 +0000 (20:45 +0200)]
HTTP3: fix prefix parameter for ngtcp2 build

Closes #4430

5 years agoquiche: don't close connection at end of stream!
Daniel Stenberg [Thu, 26 Sep 2019 14:06:11 +0000 (16:06 +0200)]
quiche: don't close connection at end of stream!

5 years agoquiche: set 'drain' when returning without having drained the queues
Daniel Stenberg [Thu, 26 Sep 2019 13:45:58 +0000 (15:45 +0200)]
quiche: set 'drain' when returning without having drained the queues

5 years agoRevert "FTP: url-decode path before evaluation"
Daniel Stenberg [Thu, 26 Sep 2019 12:52:30 +0000 (14:52 +0200)]
Revert "FTP: url-decode path before evaluation"

This reverts commit 2f036a72d543e96128bd75cb0fedd88815fd42e2.

5 years agoHTTP3: merged and simplified the two 'running' sections
Daniel Stenberg [Thu, 26 Sep 2019 12:17:09 +0000 (14:17 +0200)]
HTTP3: merged and simplified the two 'running' sections

5 years agoHTTP3: show an --alt-svc using example too
Daniel Stenberg [Thu, 26 Sep 2019 12:12:16 +0000 (14:12 +0200)]
HTTP3: show an --alt-svc using example too

5 years agoFTP: url-decode path before evaluation
Zenju [Wed, 25 Sep 2019 15:48:53 +0000 (17:48 +0200)]
FTP: url-decode path before evaluation

Closes #4423

5 years agoopenssl: use strerror on SSL_ERROR_SYSCALL
Daniel Stenberg [Tue, 24 Sep 2019 12:03:23 +0000 (14:03 +0200)]
openssl: use strerror on SSL_ERROR_SYSCALL

Instead of showing the somewhat nonsensical errno number, use strerror()
to provide a more relatable error message.

Closes #4411

5 years agoHTTP3: update quic.aiortc.org + add link to server list
Daniel Stenberg [Thu, 26 Sep 2019 11:18:17 +0000 (13:18 +0200)]
HTTP3: update quic.aiortc.org + add link to server list

Reported-by: Jeremy Lainé
5 years agourl: don't set appconnect time for non-ssl/non-ssh connections
Jay Satiro [Fri, 12 Apr 2019 22:57:53 +0000 (18:57 -0400)]
url: don't set appconnect time for non-ssl/non-ssh connections

Prior to this change non-ssl/non-ssh connections that were reused set
TIMER_APPCONNECT [1]. Arguably that was incorrect since no SSL/SSH
handshake took place.

[1]: TIMER_APPCONNECT is publicly known as CURLINFO_APPCONNECT_TIME in
libcurl and %{time_appconnect} in the curl tool. It is documented as
"the time until the SSL/SSH handshake is completed".

Reported-by: Marcel Hernandez
Ref: https://github.com/curl/curl/issues/3760

Closes https://github.com/curl/curl/pull/3773

5 years agongtcp2: remove fprintf() calls
Daniel Stenberg [Wed, 25 Sep 2019 10:27:26 +0000 (12:27 +0200)]
ngtcp2: remove fprintf() calls

- convert some of them to H3BUF() calls to infof()
- remove some of them completely
- made DEBUG_HTTP3 defined only if CURLDEBUG is set for now

Closes #4421

5 years agourl: fix the NULL hostname compiler warning case
Jay Satiro [Wed, 25 Sep 2019 12:35:02 +0000 (14:35 +0200)]
url: fix the NULL hostname compiler warning case

Closes #4403

5 years agotravis: move the go install to linux-only
Jay Satiro [Wed, 25 Sep 2019 12:34:31 +0000 (14:34 +0200)]
travis: move the go install to linux-only

... to repair the build again
Closes #4403

5 years agoaltsvc: correct the #ifdef for the ngtcp2 backend
Daniel Stenberg [Wed, 25 Sep 2019 10:13:43 +0000 (12:13 +0200)]
altsvc: correct the #ifdef for the ngtcp2 backend

5 years agoaltsvc: save h3 as h3-23
Daniel Stenberg [Wed, 25 Sep 2019 10:06:20 +0000 (12:06 +0200)]
altsvc: save h3 as h3-23

Follow-up to d176a2c7e5

5 years agourlapi: question mark within fragment is still fragment
Daniel Stenberg [Tue, 24 Sep 2019 12:45:27 +0000 (14:45 +0200)]
urlapi: question mark within fragment is still fragment

The parser would check for a query part before fragment, which caused it
to do wrong when the fragment contains a question mark.

Extended test 1560 to verify.

Reported-by: Alex Konev
Fixes #4412
Closes #4413

5 years agoHTTP3.md: move -p for mkdir, remove -j for make
Alex Samorukov [Mon, 23 Sep 2019 18:56:48 +0000 (20:56 +0200)]
HTTP3.md: move -p for mkdir, remove -j for make

- mkdir on OSX/Darwin requires `-p` argument before dir

- portabbly figuring out number of cores is an exercise for somewhere
  else

Closes #4407

5 years agoos400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr,
Patrick Monnerat [Sun, 11 Aug 2019 15:22:45 +0000 (17:22 +0200)]
os400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr,

As libcurl now uses these 2 system functions, wrappers are needed on os400
to convert returned AF_UNIX sockaddrs to ascii.

This is a follow-up to commit 7fb54ef.
See also #4037.
Closes #4214

5 years agostrcase: fix raw lowercasing the letter X
Lucas Pardue [Tue, 24 Sep 2019 05:27:33 +0000 (01:27 -0400)]
strcase: fix raw lowercasing the letter X

Casing mistake in Curl_raw_tolower 'X' wasn't lowercased as 'x' prior to
this change.

Follow-up to 0023fce which added the function several days ago.

Ref: https://github.com/curl/curl/pull/4401#discussion_r327396546

Closes https://github.com/curl/curl/pull/4408

5 years agohttp2: Expression 'stream->stream_id != - 1' is always true
Daniel Stenberg [Mon, 23 Sep 2019 09:05:37 +0000 (11:05 +0200)]
http2: Expression 'stream->stream_id != - 1' is always true

PVS-Studio warning
Fixes #4402

5 years agohttp2: A value is being subtracted from the unsigned variable
Daniel Stenberg [Mon, 23 Sep 2019 09:04:13 +0000 (11:04 +0200)]
http2: A value is being subtracted from the unsigned variable

PVS-Studio warning
Fixes #4402

5 years agolibssh: part of conditional expression is always true: !result
Daniel Stenberg [Mon, 23 Sep 2019 08:55:43 +0000 (10:55 +0200)]
libssh: part of conditional expression is always true: !result

PVS-Studio warning
Fixed #4402

5 years agolibssh: part of conditional expression is always true
Daniel Stenberg [Mon, 23 Sep 2019 08:55:05 +0000 (10:55 +0200)]
libssh: part of conditional expression is always true

PVS-Studio warning
Fixes #4402

5 years agolibssh: The expression is excessive or contains a misprint
Daniel Stenberg [Mon, 23 Sep 2019 08:54:03 +0000 (10:54 +0200)]
libssh: The expression is excessive or contains a misprint

PVS-Studio warning
Fixes #4402

5 years agoquiche: The expression must be surrounded by parentheses
Daniel Stenberg [Mon, 23 Sep 2019 08:51:00 +0000 (10:51 +0200)]
quiche: The expression must be surrounded by parentheses

PVS-Studio warning
Fixes #4402

5 years agovauth: The parameter 'status' must be surrounded by parentheses
Daniel Stenberg [Mon, 23 Sep 2019 08:48:06 +0000 (10:48 +0200)]
vauth: The parameter 'status' must be surrounded by parentheses

PVS-Studio warning
Fixes #4402

5 years agodoh: allow only http and https in debug mode
Paul Dreik [Mon, 23 Sep 2019 11:11:49 +0000 (13:11 +0200)]
doh: allow only http and https in debug mode

Otherwise curl may be told to use for instance pop3 to
communicate with the doh server, which most likely
is not what you want.

Found through fuzzing.

Closes #4406

5 years agodoh: return early if there is no time left
Paul Dreik [Mon, 23 Sep 2019 11:10:12 +0000 (13:10 +0200)]
doh: return early if there is no time left

Closes #4406

5 years agohttp: lowercase headernames for HTTP/2 and HTTP/3
Barry Pollard [Sun, 22 Sep 2019 20:17:12 +0000 (21:17 +0100)]
http: lowercase headernames for HTTP/2 and HTTP/3

Closes #4401
Fixes #4400

5 years agovtls: fix narrowing conversion warnings
Marcel Raad [Sun, 22 Sep 2019 17:04:18 +0000 (19:04 +0200)]
vtls: fix narrowing conversion warnings

Curl_timeleft returns `timediff_t`, which is 64 bits wide also on
32-bit systems since commit b1616dad8f0.

Closes https://github.com/curl/curl/pull/4398

5 years agowinbuild: Add manifest to curl.exe for proper OS version detection
Joel Depooter [Sun, 22 Sep 2019 20:03:18 +0000 (13:03 -0700)]
winbuild: Add manifest to curl.exe for proper OS version detection

This is a small fix to commit ebd213270a017a6830928ee2e1f4a9cabc799898
in pull request #1221. That commit added the CURL_EMBED_MANIFEST flag to
CURL_RC_FLAGS. However, later in the file CURL_RC_FLAGS is
overwritten. The fix is to append values to CURL_RC_FLAGS instead of
overwriting

Closes #4399

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Sun, 22 Sep 2019 20:50:12 +0000 (22:50 +0200)]
RELEASE-NOTES: synced

5 years agoopenssl: fix compiler warning with LibreSSL
Marcel Raad [Sun, 22 Sep 2019 15:45:27 +0000 (17:45 +0200)]
openssl: fix compiler warning with LibreSSL

It was already fixed for BoringSSL in commit a0f8fccb1e0.
LibreSSL has had the second argument to SSL_CTX_set_min_proto_version
as uint16_t ever since the function was added in [0].

[0] https://github.com/libressl-portable/openbsd/commit/56f107201baefb5533486d665a58d8f57fd3aeda

Closes https://github.com/curl/curl/pull/4397

5 years agocurl: exit the create_transfers loop on errors
Daniel Stenberg [Sat, 21 Sep 2019 21:46:41 +0000 (23:46 +0200)]
curl: exit the create_transfers loop on errors

When looping around the ranges and given URLs to create transfers, all
errors should exit the loop and return. Previously it would keep
looping.

Reported-by: SumatraPeter on github
Bug: #4393
Closes #4396

5 years agosocks: Fix destination host shown on SOCKS5 error
Jay Satiro [Sat, 21 Sep 2019 07:39:21 +0000 (03:39 -0400)]
socks: Fix destination host shown on SOCKS5 error

Prior to this change when a server returned a socks5 connect error then
curl would parse the destination address:port from that data and show it
to the user as the destination:

curld -v --socks5 10.0.3.1:1080 http://google.com:99
* SOCKS5 communication to google.com:99
* SOCKS5 connect to IPv4 172.217.12.206 (locally resolved)
* Can't complete SOCKS5 connection to 253.127.0.0:26673. (1)
curl: (7) Can't complete SOCKS5 connection to 253.127.0.0:26673. (1)

That's incorrect because the address:port included in the connect error
is actually a bind address:port (typically unused) and not the
destination address:port. This fix changes curl to show the destination
information that curl sent to the server instead:

curld -v --socks5 10.0.3.1:1080 http://google.com:99
* SOCKS5 communication to google.com:99
* SOCKS5 connect to IPv4 172.217.7.14:99 (locally resolved)
* Can't complete SOCKS5 connection to 172.217.7.14:99. (1)
curl: (7) Can't complete SOCKS5 connection to 172.217.7.14:99. (1)

curld -v --socks5-hostname 10.0.3.1:1080 http://google.com:99
* SOCKS5 communication to google.com:99
* SOCKS5 connect to google.com:99 (remotely resolved)
* Can't complete SOCKS5 connection to google.com:99. (1)
curl: (7) Can't complete SOCKS5 connection to google.com:99. (1)

Ref: https://tools.ietf.org/html/rfc1928#section-6

Closes https://github.com/curl/curl/pull/4394

5 years agotravis: enable ngtcp2 h3-23 builds
Daniel Stenberg [Sat, 21 Sep 2019 13:47:07 +0000 (15:47 +0200)]
travis: enable ngtcp2 h3-23 builds

5 years agoaltsvc: both backends run h3-23 now
Daniel Stenberg [Sat, 21 Sep 2019 13:46:30 +0000 (15:46 +0200)]
altsvc: both backends run h3-23 now

Closes #4395

5 years agohttp: fix warning on conversion from int to bit
Daniel Stenberg [Sat, 21 Sep 2019 21:09:59 +0000 (23:09 +0200)]
http: fix warning on conversion from int to bit

Follow-up from 03ebe66d70

5 years agourldata: use 'bool' for the bit type on MSVC compilers
Daniel Stenberg [Fri, 20 Sep 2019 07:59:55 +0000 (09:59 +0200)]
urldata: use 'bool' for the bit type on MSVC compilers

Closes #4387
Fixes #4379

5 years agoappveyor: upgrade VS2017 to VS2019
Daniel Stenberg [Thu, 19 Sep 2019 14:34:06 +0000 (16:34 +0200)]
appveyor: upgrade VS2017 to VS2019

Closes #4383

5 years agoFTP: FTPFILE_NOCWD: avoid redundant CWDs
Zenju [Thu, 19 Sep 2019 12:59:13 +0000 (14:59 +0200)]
FTP: FTPFILE_NOCWD: avoid redundant CWDs

Closes #4382

5 years agocookie: pass in the correct cookie amount to qsort()
Daniel Stenberg [Wed, 18 Sep 2019 12:29:35 +0000 (14:29 +0200)]
cookie: pass in the correct cookie amount to qsort()

As the loop discards cookies without domain set. This bug would lead to
qsort() trying to sort uninitialized pointers. We have however not found
it a security problem.

Reported-by: Paul Dreik
Closes #4386

5 years agourlapi: avoid index underflow for short ipv6 hostnames
Paul Dreik [Fri, 20 Sep 2019 11:25:20 +0000 (13:25 +0200)]
urlapi: avoid index underflow for short ipv6 hostnames

If the input hostname is "[", hlen will underflow to max of size_t when
it is subtracted with 2.

hostname[hlen] will then cause a warning by ubsanitizer:

runtime error: addition of unsigned offset to 0x<snip> overflowed to
0x<snip>

I think that in practice, the generated code will work, and the output
of hostname[hlen] will be the first character "[".

This can be demonstrated by the following program (tested in both clang
and gcc, with -O3)

int main() {
  char* hostname=strdup("[");
  size_t hlen = strlen(hostname);

  hlen-=2;
  hostname++;
  printf("character is %d\n",+hostname[hlen]);
  free(hostname-1);
}

I found this through fuzzing, and even if it seems harmless, the proper
thing is to return early with an error.

Closes #4389

5 years agongtcp2: compile with latest ngtcp2 + nghttp3 draft-23
Tatsuhiro Tsujikawa [Sat, 21 Sep 2019 02:24:38 +0000 (11:24 +0900)]
ngtcp2: compile with latest ngtcp2 + nghttp3 draft-23

Closes #4392

5 years agoTHANKS-filter: deal with my typos 'Jat' => 'Jay'
Daniel Stenberg [Fri, 20 Sep 2019 11:53:23 +0000 (13:53 +0200)]
THANKS-filter: deal with my typos 'Jat' => 'Jay'

5 years agotravis: use go master
Daniel Stenberg [Mon, 16 Sep 2019 07:02:03 +0000 (09:02 +0200)]
travis: use go master

... as the boringssl builds needs a very recent version

Co-authored-by: Jat Satiro
Closes #4361

5 years agotool_operate: removed unused variable 'done'
Daniel Stenberg [Thu, 19 Sep 2019 08:35:25 +0000 (10:35 +0200)]
tool_operate: removed unused variable 'done'

Fixes warning detected by PVS-Studio
Fixes #4374

5 years agotool_operate: Expression 'config->resume_from' is always true
Daniel Stenberg [Thu, 19 Sep 2019 08:33:56 +0000 (10:33 +0200)]
tool_operate: Expression 'config->resume_from' is always true

Fixes warning detected by PVS-Studio
Fixes #4374

5 years agotool_getparam: remove duplicate switch case
Daniel Stenberg [Thu, 19 Sep 2019 08:28:05 +0000 (10:28 +0200)]
tool_getparam: remove duplicate switch case

Fixes warning detected by PVS-Studio
Fixes #4374

5 years agolibssh2: part of conditional expression is always true: !result
Daniel Stenberg [Thu, 19 Sep 2019 08:25:15 +0000 (10:25 +0200)]
libssh2: part of conditional expression is always true: !result

Fixes warning detected by PVS-Studio
Fixes #4374

5 years agourlapi: Expression 'storep' is always true
Daniel Stenberg [Thu, 19 Sep 2019 08:20:35 +0000 (10:20 +0200)]
urlapi: Expression 'storep' is always true

Fixes warning detected by PVS-Studio
Fixes #4374

5 years agourlapi: 'scheme' is always true
Daniel Stenberg [Thu, 19 Sep 2019 08:19:21 +0000 (10:19 +0200)]
urlapi: 'scheme' is always true

Fixes warning detected by PVS-Studio
Fixes #4374

5 years agourlapi: part of conditional expression is always true: (relurl[0] == '/')
Daniel Stenberg [Thu, 19 Sep 2019 08:18:28 +0000 (10:18 +0200)]
urlapi: part of conditional expression is always true: (relurl[0] == '/')

Fixes warning detected by PVS-Studio
Fixes #4374

5 years agosetopt: store CURLOPT_RTSP_SERVER_CSEQ correctly
Daniel Stenberg [Thu, 19 Sep 2019 08:09:21 +0000 (10:09 +0200)]
setopt: store CURLOPT_RTSP_SERVER_CSEQ correctly

Fixes bug detected by PVS-Studio
Fixes #4374

5 years agomime: make Curl_mime_duppart() assert if called without valid dst
Daniel Stenberg [Thu, 19 Sep 2019 08:06:01 +0000 (10:06 +0200)]
mime: make Curl_mime_duppart() assert if called without valid dst

Fixes warning detected by PVS-Studio
Fixes #4374

5 years agohttp_proxy: part of conditional expression is always true: !error
Daniel Stenberg [Thu, 19 Sep 2019 07:54:12 +0000 (09:54 +0200)]
http_proxy: part of conditional expression is always true: !error

Fixes warning detected by PVS-Studio
Fixes #4374

5 years agoimap: merged two case-branches performing the same action
Daniel Stenberg [Thu, 19 Sep 2019 07:52:01 +0000 (09:52 +0200)]
imap: merged two case-branches performing the same action

Fixes warning detected by PVS-Studio
Fixes #4374

5 years agomulti: value '2L' is assigned to a boolean
Daniel Stenberg [Thu, 19 Sep 2019 07:47:37 +0000 (09:47 +0200)]
multi: value '2L' is assigned to a boolean

Fixes warning detected by PVS-Studio
Fixes #4374

5 years agoeasy: part of conditional expression is always true: !result
Daniel Stenberg [Thu, 19 Sep 2019 07:37:06 +0000 (09:37 +0200)]
easy: part of conditional expression is always true: !result

Fixes warning detected by PVS-Studio
Fixes #4374

5 years agonetrc: part of conditional expression is always true: !done
Daniel Stenberg [Thu, 19 Sep 2019 07:34:30 +0000 (09:34 +0200)]
netrc: part of conditional expression is always true: !done

Fixes warning detected by PVS-Studio
Fixes #4374

5 years agoversion: Expression 'left > 1' is always true
Daniel Stenberg [Thu, 19 Sep 2019 07:32:03 +0000 (09:32 +0200)]
version: Expression 'left > 1' is always true

Fixes warning detected by PVS-Studio
Fixes #4374

5 years agourl: remove dead code
Daniel Stenberg [Thu, 19 Sep 2019 07:29:02 +0000 (09:29 +0200)]
url: remove dead code

Fixes warning detected by PVS-Studio
Fixes #4374

5 years agourl: part of expression is always true: (bundle->multiuse == 0)
Daniel Stenberg [Thu, 19 Sep 2019 07:25:29 +0000 (09:25 +0200)]
url: part of expression is always true: (bundle->multiuse == 0)

Fixes warning detected by PVS-Studio
Fixes #4374