]> granicus.if.org Git - curl/log
curl
6 years agotransfer: don't unset writesockfd on setup of multiplexed conns
Daniel Stenberg [Fri, 4 May 2018 14:41:03 +0000 (16:41 +0200)]
transfer: don't unset writesockfd on setup of multiplexed conns

Curl_setup_transfer() can be called to setup a new individual transfer
over a multiplexed connection so it shouldn't unset writesockfd.

Bug: #2520
Closes #2549

6 years agoconfigure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
Frank Gevaerts [Fri, 4 May 2018 12:31:16 +0000 (14:31 +0200)]
configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h

They are removed from the compiler flags.

This ensures that make dependency tracking will force a rebuild whenever
configure --enable-debug or --enable-curldebug changes.

Closes #2548

6 years agohttp: don't set the "rewind" flag when not uploading anything
Daniel Stenberg [Fri, 4 May 2018 09:06:26 +0000 (11:06 +0200)]
http: don't set the "rewind" flag when not uploading anything

It triggers an assert.

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8144
Closes #2546

6 years agotravis: add an mbedtls build
Daniel Stenberg [Wed, 25 Apr 2018 07:20:08 +0000 (09:20 +0200)]
travis: add an mbedtls build

Closes #2531

6 years agoconfigure: only check for CA bundle for file-using SSL backends
Daniel Stenberg [Thu, 3 May 2018 12:54:10 +0000 (14:54 +0200)]
configure: only check for CA bundle for file-using SSL backends

When only building with SSL backends that don't use the CA bundle file
(by default), skip the check.

Fixes #2543
Fixes #2180
Closes #2545

6 years agossh-libssh.c: fix left shift compiler warning
Daniel Stenberg [Thu, 3 May 2018 20:16:57 +0000 (22:16 +0200)]
ssh-libssh.c: fix left shift compiler warning

ssh-libssh.c:2429:21: warning: result of '1 << 31' requires 33 bits to
represent, but 'int' only has 32 bits [-Wshift-overflow=]

'len' will never be that big anyway so I converted the run-time check to
a regular assert.

6 years agoURL: fix ASCII dependency in strcpy_url and strlen_url
Stephan Mühlstrasser [Thu, 26 Apr 2018 08:15:26 +0000 (10:15 +0200)]
URL: fix ASCII dependency in strcpy_url and strlen_url

Commit 3c630f9b0af097663a64e5c875c580aa9808a92b partially reverted the
changes from commit dd7521bcc1b7a6fcb53c31f9bd1192fcc884bd56 because of
the problem that strcpy_url() was modified unilaterally without also
modifying strlen_url(). As a consequence strcpy_url() was again
depending on ASCII encoding.

This change fixes strlen_url() and strcpy_url() in parallel to use a
common host-encoding independent criterion for deciding whether an URL
character must be %-escaped.

Closes #2535

6 years agodocs: remove extraneous commas in man pages
Denis Ollier [Wed, 2 May 2018 08:03:46 +0000 (10:03 +0200)]
docs: remove extraneous commas in man pages

Closes #2544

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Thu, 3 May 2018 13:14:03 +0000 (15:14 +0200)]
RELEASE-NOTES: synced

6 years agoRevert "TODO: remove configure --disable-pthreads"
Daniel Stenberg [Thu, 3 May 2018 13:05:05 +0000 (15:05 +0200)]
Revert "TODO: remove configure --disable-pthreads"

This reverts commit d5d683a97f9765bddfd964fe32e137aa6e703ed3.

--disable-pthreads can be used to disable pthreads and get the threaded
resolver to use the windows threading when building with mingw.

6 years agovtls: don't define MD5_DIGEST_LENGTH for wolfssl
Daniel Stenberg [Mon, 30 Apr 2018 13:34:26 +0000 (15:34 +0200)]
vtls: don't define MD5_DIGEST_LENGTH for wolfssl

... as it defines it (too)

6 years agoTODO: remove configure --disable-pthreads
Daniel Stenberg [Tue, 1 May 2018 09:38:16 +0000 (11:38 +0200)]
TODO: remove configure --disable-pthreads

6 years agowolfssl: Fix non-blocking connect
David Garske [Wed, 11 Apr 2018 16:46:08 +0000 (09:46 -0700)]
wolfssl: Fix non-blocking connect

Closes https://github.com/curl/curl/pull/2542

6 years agoCURLOPT_URL.3: add ENCODING section [ci skip]
Daniel Stenberg [Mon, 30 Apr 2018 12:31:04 +0000 (14:31 +0200)]
CURLOPT_URL.3: add ENCODING section [ci skip]

Feedback-by: Michael Kilburn
6 years agoKNOWN_BUGS: Client cert with Issuer DN differs between backends
Daniel Stenberg [Mon, 30 Apr 2018 08:26:26 +0000 (10:26 +0200)]
KNOWN_BUGS: Client cert with Issuer DN differs between backends

Closes #1411

6 years agoKNOWN_BUGS: Passive transfer tries only one IP address
Daniel Stenberg [Mon, 30 Apr 2018 08:22:17 +0000 (10:22 +0200)]
KNOWN_BUGS: Passive transfer tries only one IP address

Closes #1508

6 years agoKNOWN_BUGS: --upload-file . hang if delay in STDIN
Daniel Stenberg [Mon, 30 Apr 2018 08:19:45 +0000 (10:19 +0200)]
KNOWN_BUGS: --upload-file . hang if delay in STDIN

Closes #2051

6 years agoKNOWN_BUGS: Connection information when using TCP Fast Open
Daniel Stenberg [Mon, 30 Apr 2018 08:17:10 +0000 (10:17 +0200)]
KNOWN_BUGS: Connection information when using TCP Fast Open

Closes #1332

6 years agotravis: enable libssh2 on both macos and Linux
Daniel Stenberg [Sun, 29 Apr 2018 22:22:08 +0000 (00:22 +0200)]
travis: enable libssh2 on both macos and Linux

It seems to not be detected by default anymore (which is a bug I
believe)

Closes #2541

6 years agoTODO: Support the clienthello extension
Daniel Stenberg [Sun, 29 Apr 2018 22:42:34 +0000 (00:42 +0200)]
TODO: Support the clienthello extension

Closes #2299

6 years agoTODO: CLOEXEC
Daniel Stenberg [Sun, 29 Apr 2018 22:10:45 +0000 (00:10 +0200)]
TODO: CLOEXEC

Closes #2252

6 years agotests: provide 'manual' as a feature to optionally require
Daniel Stenberg [Sat, 28 Apr 2018 22:24:49 +0000 (00:24 +0200)]
tests: provide 'manual' as a feature to optionally require

... and make test 1026 rely on that feature so that --disable-manual
builds don't cause test failures.

Reported-by: Max Dymond and Anders Roxell
Fixes #2533
Closes #2540

6 years agoCURLINFO_PROTOCOL.3: mention the existing defined names
Daniel Stenberg [Fri, 27 Apr 2018 09:35:25 +0000 (11:35 +0200)]
CURLINFO_PROTOCOL.3: mention the existing defined names

6 years agocookies: remove unused macro
Daniel Gustafsson [Thu, 26 Apr 2018 22:54:21 +0000 (00:54 +0200)]
cookies: remove unused macro

Commit 2bc230de63 made the macro MAX_COOKIE_LINE_TXT become unused,
so remove as it's not part of the published API.

Closes https://github.com/curl/curl/pull/2537

6 years agochecksrc: force indentation of lines after an else
Daniel Gustafsson [Wed, 25 Apr 2018 19:53:27 +0000 (21:53 +0200)]
checksrc: force indentation of lines after an else

This extends the INDENTATION case to also handle 'else' statements
and require proper indentation on the following line. Also fixes the
offending cases found in the codebase.

Closes #2532

6 years agohttp2: fix null pointer dereference in http2_connisdead
Daniel Stenberg [Thu, 26 Apr 2018 14:07:10 +0000 (16:07 +0200)]
http2: fix null pointer dereference in http2_connisdead

This function can get called on a connection that isn't setup enough to
have the 'recv_underlying' function pointer initialized so it would try
to call the NULL pointer.

Reported-by: Dario Weisser
Follow-up to db1b2c7fe9b093f8 (never shipped in a release)
Closes #2536

6 years agohttp2: get rid of another strstr()
Daniel Stenberg [Thu, 26 Apr 2018 08:41:21 +0000 (10:41 +0200)]
http2: get rid of another strstr()

Follow-up to 1514c44655e12e: replace another strstr() call done on a
buffer that might not be zero terminated - with a memchr() call, even if
we know the substring will be found.

Assisted-by: Max Dymond
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021

Closes #2534

6 years agocyassl: adapt to libraries without TLS 1.0 support built-in
Daniel Stenberg [Wed, 25 Apr 2018 09:45:35 +0000 (11:45 +0200)]
cyassl: adapt to libraries without TLS 1.0 support built-in

WolfSSL doesn't enable it by default anymore

6 years agoconfigure: provide --with-wolfssl as an alias for --with-cyassl
Daniel Stenberg [Wed, 25 Apr 2018 07:04:25 +0000 (09:04 +0200)]
configure: provide --with-wolfssl as an alias for --with-cyassl

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Wed, 25 Apr 2018 13:37:54 +0000 (15:37 +0200)]
RELEASE-NOTES: synced

6 years agoos400.c: fix ASSIGNWITHINCONDITION checksrc warnings
Daniel Gustafsson [Mon, 23 Apr 2018 20:29:06 +0000 (22:29 +0200)]
os400.c: fix ASSIGNWITHINCONDITION checksrc warnings

All occurrences of assignment within conditional expression in
os400sys.c rewritten into two steps: first assignment and then the check
on the success of the assignment. Also adjust related incorrect brace
positions to match project indentation style.

This was spurred by seeing "if((inp = input_token))", but while in there
all warnings were fixed.

There should be no functional change from these changes.

Closes #2525

6 years agocookies: ensure that we have cookies before writing jar
Daniel Gustafsson [Tue, 24 Apr 2018 20:42:41 +0000 (22:42 +0200)]
cookies: ensure that we have cookies before writing jar

The jar should be written iff there are cookies, so ensure that we still
have cookies after expiration to avoid creating an empty file.

Closes #2529

6 years agostrcpy_url: only %-encode values >= 0x80
Daniel Stenberg [Wed, 25 Apr 2018 05:56:01 +0000 (07:56 +0200)]
strcpy_url: only %-encode values >= 0x80

OSS-Fuzz detected

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8000

Broke in dd7521bcc1b7

6 years agomime: avoid NULL pointer dereference risk
Daniel Stenberg [Tue, 24 Apr 2018 09:33:29 +0000 (11:33 +0200)]
mime: avoid NULL pointer dereference risk

Coverity detected, CID 1435120

Closes #2527

6 years agoctype: restore character classification for non-ASCII platforms
Stephan Mühlstrasser [Fri, 13 Apr 2018 12:28:55 +0000 (14:28 +0200)]
ctype: restore character classification for non-ASCII platforms

With commit 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2 curl-speficic
character classification macros and functions were introduced in
curl_ctype.[ch] to avoid dependencies on the locale. This broke curl on
non-ASCII, e.g. EBCDIC platforms. This change restores the previous set
of character classification macros when CURL_DOES_CONVERSIONS is
defined.

Closes #2494

6 years agoftplistparser: keep state between invokes
Daniel Stenberg [Thu, 19 Apr 2018 13:47:05 +0000 (15:47 +0200)]
ftplistparser: keep state between invokes

Fixes FTP wildcard parsing when done over a number of read buffers.

Regression from f786d1f14

Reported-by: wncboy on github
Fixes #2445
Closes #2526

6 years agoexamples/http2-upload: expand buffer to avoid silly warning
Daniel Stenberg [Tue, 24 Apr 2018 12:14:23 +0000 (14:14 +0200)]
examples/http2-upload: expand buffer to avoid silly warning

http2-upload.c:135:44: error: ‘%02d’ directive output may be truncated
writing between 2 and 11 bytes into a region of size between 8 and 17

6 years agoexamples/sftpuploadresume: typecast fseek argument to long
Daniel Stenberg [Tue, 24 Apr 2018 12:11:53 +0000 (14:11 +0200)]
examples/sftpuploadresume: typecast fseek argument to long

/docs/examples/sftpuploadresume.c:102:12: warning: conversion to 'long
int' from 'curl_off_t {aka long long int}' may alter its value

6 years agoRevert "ftplistparser: keep state between invokes"
Daniel Stenberg [Tue, 24 Apr 2018 06:19:54 +0000 (08:19 +0200)]
Revert "ftplistparser: keep state between invokes"

This reverts commit abbc8457d85aca74b7cfda1d394b0844932b2934.

Caused fuzzer problems on travis not seen when this was a PR!

6 years agoCurl_memchr: zero length input can't match
Daniel Stenberg [Tue, 24 Apr 2018 06:03:23 +0000 (08:03 +0200)]
Curl_memchr: zero length input can't match

Avoids undefined behavior.

Reported-by: Geeknik Labs
6 years agoftplistparser: keep state between invokes
Daniel Stenberg [Thu, 19 Apr 2018 13:47:05 +0000 (15:47 +0200)]
ftplistparser: keep state between invokes

Fixes FTP wildcard parsing when doing over a number of read buffers.

Regression from f786d1f14

Reported-by: wncboy on github
Fixes #2445
Closes #2519

6 years agoftplistparser: renamed some members and variables
Daniel Stenberg [Fri, 20 Apr 2018 08:29:44 +0000 (10:29 +0200)]
ftplistparser: renamed some members and variables

... to make them better spell out what they're for.

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Mon, 23 Apr 2018 12:43:02 +0000 (14:43 +0200)]
RELEASE-NOTES: synced

6 years agocurl_global_sslset: always provide available backends
Christian Schmitz [Sun, 15 Apr 2018 08:35:06 +0000 (10:35 +0200)]
curl_global_sslset: always provide available backends

Closes #2499

6 years agohttp2: convert an assert to run-time check
Daniel Stenberg [Sat, 21 Apr 2018 10:33:52 +0000 (12:33 +0200)]
http2: convert an assert to run-time check

Fuzzing has proven we can reach code in on_frame_recv with status_code
not having been set, so let's detect that in run-time (instead of with
assert) and error error accordingly.

(This should no longer happen with the latest nghttp2)

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7903
Closes #2514

6 years agocurl.1: clarify that options and URLs can be mixed
Daniel Stenberg [Mon, 23 Apr 2018 06:33:08 +0000 (08:33 +0200)]
curl.1: clarify that options and URLs can be mixed

Fixes #2515
Closes #2517

6 years agoCURLOPT_SSLCERT.3: improve WinSSL-specific usage info
Archangel_SDY [Wed, 18 Apr 2018 13:01:14 +0000 (21:01 +0800)]
CURLOPT_SSLCERT.3: improve WinSSL-specific usage info

Ref: https://github.com/curl/curl/pull/2376#issuecomment-381858780

Closes https://github.com/curl/curl/pull/2504

6 years agoschannel: fix build error on targets <= XP
Archangel_SDY [Wed, 18 Apr 2018 11:13:54 +0000 (19:13 +0800)]
schannel: fix build error on targets <= XP

- Use CRYPT_STRING_HEX instead of CRYPT_STRING_HEXRAW since XP doesn't
  support the latter.

Ref: https://github.com/curl/curl/pull/2376#issuecomment-382153668

Closes https://github.com/curl/curl/pull/2504

6 years agoRevert "ftplistparser: keep state between invokes"
Daniel Stenberg [Mon, 23 Apr 2018 05:50:01 +0000 (07:50 +0200)]
Revert "ftplistparser: keep state between invokes"

This reverts commit 8fb78f9ddc6d858d630600059b8ad84a80892fd9.

Unfortunately this fix introduces memory leaks I've not been able to fix
in several days. Reverting this for now to get the leaks fixed.

6 years agotool_help: clarify --max-time unit of time is seconds
Jay Satiro [Sat, 21 Apr 2018 18:19:37 +0000 (14:19 -0400)]
tool_help: clarify --max-time unit of time is seconds

Before:
 -m, --max-time <time> Maximum time allowed for the transfer

After:
 -m, --max-time <seconds> Maximum time allowed for the transfer

6 years agohttp2: handle GOAWAY properly
Daniel Stenberg [Thu, 19 Apr 2018 18:03:30 +0000 (20:03 +0200)]
http2: handle GOAWAY properly

When receiving REFUSED_STREAM, mark the connection for close and retry
streams accordingly on another/fresh connection.

Reported-by: Terry Wu
Fixes #2416
Fixes #1618
Closes #2510

6 years agohttp2: clear the "drain counter" when a stream is closed
Daniel Stenberg [Thu, 19 Apr 2018 18:01:52 +0000 (20:01 +0200)]
http2: clear the "drain counter" when a stream is closed

This fixes the notorious "httpc->drain_total >= data->state.drain"
assert.

Reported-by: Anders Bakken
Fixes #1680
Closes #2509

6 years agohttp2: avoid strstr() on data not zero terminated
Daniel Stenberg [Fri, 20 Apr 2018 14:32:46 +0000 (16:32 +0200)]
http2: avoid strstr() on data not zero terminated

It's not strictly clear if the API contract allows us to call strstr()
on a string that isn't zero terminated even when we know it will find
the substring, and clang's ASAN check dislikes us for it.

Also added a check of the return code in case it fails, even if I can't
think of a situation how that can trigger.

Detected by OSS-Fuzz
Closes #2513
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760

6 years agoopenssl: fix subjectAltName check on non-ASCII platforms
Stephan Mühlstrasser [Fri, 13 Apr 2018 12:04:11 +0000 (14:04 +0200)]
openssl: fix subjectAltName check on non-ASCII platforms

Curl_cert_hostcheck operates with the host character set, therefore the
ASCII subjectAltName string retrieved with OpenSSL must be converted to
the host encoding before comparison.

Closes #2493

6 years agoopenssl: Add support for OpenSSL 1.1.1 verbose-mode trace messages
Jay Satiro [Tue, 20 Mar 2018 06:57:50 +0000 (02:57 -0400)]
openssl: Add support for OpenSSL 1.1.1 verbose-mode trace messages

- Support handling verbose-mode trace messages of type
  SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS,
  SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO,
  SSL3_MT_MESSAGE_HASH

Reported-by: iz8mbw@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/2403

6 years agoftplistparser: keep state between invokes
Daniel Stenberg [Thu, 19 Apr 2018 13:47:05 +0000 (15:47 +0200)]
ftplistparser: keep state between invokes

Regression from f786d1f14

Reported-by: wncboy on github
Fixes #2445
Closes #2508

6 years agodetect_proxy: only show proxy use if it had contents
Daniel Stenberg [Thu, 19 Apr 2018 12:59:06 +0000 (14:59 +0200)]
detect_proxy: only show proxy use if it had contents

6 years agohttp2: handle on_begin_headers() called more than once
Daniel Stenberg [Wed, 18 Apr 2018 21:51:01 +0000 (23:51 +0200)]
http2: handle on_begin_headers() called more than once

This triggered an assert if called more than once in debug mode (and a
memory leak if not debug build). With the right sequence of HTTP/2
headers incoming it can happen.

Detected by OSS-Fuzz

Closes #2507
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764

6 years agoschannel: add support for CURLOPT_CAINFO
Dan McNulty [Fri, 10 Mar 2017 20:27:30 +0000 (14:27 -0600)]
schannel: add support for CURLOPT_CAINFO

- Move verify_certificate functionality in schannel.c into a new
  file called schannel_verify.c. Additionally, some structure defintions
  from schannel.c have been moved to schannel.h to allow them to be
  used in schannel_verify.c.

- Make verify_certificate functionality for Schannel available on
  all versions of Windows instead of just Windows CE. verify_certificate
  will be invoked on Windows CE or when the user specifies
  CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.

- In verify_certificate, create a custom certificate chain engine that
  exclusively trusts the certificate store backed by the CURLOPT_CAINFO
  file.

- doc updates of --cacert/CAINFO support for schannel

- Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
  when available. This implements a TODO in schannel.c to improve
  handling of multiple SANs in a certificate. In particular, all SANs
  will now be searched instead of just the first name.

- Update tool_operate.c to not search for the curl-ca-bundle.crt file
  when using Schannel to maintain backward compatibility. Previously,
  any curl-ca-bundle.crt file found in that search would have been
  ignored by Schannel. But, with CAINFO support, the file found by
  that search would have been used as the certificate store and
  could cause issues for any users that have curl-ca-bundle.crt in
  the search path.

- Update url.c to not set the build time CURL_CA_BUNDLE if the selected
  SSL backend is Schannel. We allow setting CA location for schannel
  only when explicitly specified by the user via CURLOPT_CAINFO /
  --cacert.

- Add new test cases 3000 and 3001. These test cases check that the first
  and last SAN, respectively, matches the connection hostname. New test
  certificates have been added for these cases. For 3000, the certificate
  prefix is Server-localhost-firstSAN and for 3001, the certificate
  prefix is Server-localhost-secondSAN.

- Remove TODO 15.2 (Add support for custom server certificate
  validation), this commit addresses it.

Closes https://github.com/curl/curl/pull/1325

6 years agoschannel: fix warning
Jay Satiro [Tue, 17 Apr 2018 17:47:01 +0000 (13:47 -0400)]
schannel: fix warning

- Fix warning 'integer from pointer without a cast' on 3rd arg in
  CertOpenStore. The arg type HCRYPTPROV may be a pointer or integer
  type of the same size.

Follow-up to e35b025.

Caught by Marc's CI builds.

6 years agodocs: fix typos
Jakub Wilk [Tue, 17 Apr 2018 19:17:57 +0000 (21:17 +0200)]
docs: fix typos

Closes https://github.com/curl/curl/pull/2503

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Tue, 17 Apr 2018 11:46:06 +0000 (13:46 +0200)]
RELEASE-NOTES: synced

6 years agowinbuild: Support custom devel paths for each dependency
kdekker [Mon, 9 Apr 2018 09:19:51 +0000 (11:19 +0200)]
winbuild: Support custom devel paths for each dependency

- Support custom devel paths for c-ares, mbedTLS, nghttp2, libSSH2,
  OpenSSL and zlib. Respectively: CARES_PATH, MBEDTLS_PATH,
  NGHTTP2_PATH, SSH2_PATH, SSL_PATH and ZLIB_PATH.

- Use lib.exe for making the static library instead of link.exe /lib.
  The latter is undocumented and could cause problems as noted in the
  comments.

- Remove a dangling URL that no longer worked. (I was not able to find
  the IDN download at MSDN/microsoft.com, so it seems to be removed.)

- Remove custom override for release-ssh2-ssl-dll-zlib configuration.
  Nobody knows why it was there and as far as we can see is unnecessary.

Closes https://github.com/curl/curl/pull/2474

6 years agoREADME.md: add backers and sponsors
Jess [Thu, 12 Apr 2018 05:40:17 +0000 (14:40 +0900)]
README.md: add backers and sponsors

Closes #2484

6 years agoschannel: add client certificate authentication
Archangel_SDY [Sat, 10 Mar 2018 15:40:00 +0000 (23:40 +0800)]
schannel: add client certificate authentication

Users can now specify a client certificate in system certificates store
explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"`

Closes #2376

6 years agontlm_sspi: fix authentication using Credential Manager
toughengineer [Sat, 8 Jul 2017 00:10:08 +0000 (02:10 +0200)]
ntlm_sspi: fix authentication using Credential Manager

If you pass empty user/pass asking curl to use Windows Credential
Storage (as stated in the docs) and it has valid credentials for the
domain, e.g.
curl -v -u : --ntlm example.com
currently authentication fails.
This change fixes it by providing proper SPN string to the SSPI API
calls.

Fixes https://github.com/curl/curl/issues/1622
Closes https://github.com/curl/curl/pull/1660

6 years agoconfigure: keep LD_LIBRARY_PATH changes local
Daniel Stenberg [Fri, 13 Apr 2018 12:07:39 +0000 (14:07 +0200)]
configure: keep LD_LIBRARY_PATH changes local

... only set it when we actually have to run tests to reduce its impact
on for example build commands etc.

Fixes #2490
Closes #2492

Reported-by: Dmitry Mikhirev
6 years agourldata: make service names unconditional
Marcel Raad [Tue, 10 Apr 2018 06:50:29 +0000 (08:50 +0200)]
urldata: make service names unconditional

The ifdefs have become quite long. Also, the condition for the
definition of CURLOPT_SERVICE_NAME and for setting it from
CURLOPT_SERVICE_NAME have diverged. We will soon also need the two
options for NTLM, at least when using SSPI, for
https://github.com/curl/curl/pull/1660.
Just make the definitions unconditional to make that easier.

Closes https://github.com/curl/curl/pull/2479

6 years agotest1148: tolerate progress updates better
Daniel Stenberg [Thu, 12 Apr 2018 15:56:13 +0000 (17:56 +0200)]
test1148: tolerate progress updates better

Fixes #2446
Closes #2488

6 years agossh: show libSSH2 error code when closing fails
Christian Schmitz [Sun, 15 Apr 2018 08:49:30 +0000 (10:49 +0200)]
ssh: show libSSH2 error code when closing fails

Closes #2500

6 years agovauth: Fix typo
Daniel Gustafsson [Sat, 14 Apr 2018 19:52:00 +0000 (21:52 +0200)]
vauth: Fix typo

Address various spellings of "credentials".

Closes https://github.com/curl/curl/pull/2496

6 years agosystem.h: Add sparcv8plus to oracle/sunpro 32-bit detection
Dagobert Michelsen [Fri, 13 Apr 2018 09:57:48 +0000 (11:57 +0200)]
system.h: Add sparcv8plus to oracle/sunpro 32-bit detection

With specific compiler options selecting the arch like -xarch=sparc on
newer compilers like Oracle Studio 12.4 there is no definition of
__sparcv8 but __sparcv8plus which means the V9 ISA, but limited to the
32ÎíÎñbit subset defined by the V8plus ISA specification, without the
Visual Instruction Set (VIS), and without other implementation-specific
ISA extensions. So it should be the same as __sparcv8.

Closes https://github.com/curl/curl/pull/2491

6 years agochecksrc: Fix typo
Daniel Gustafsson [Sat, 14 Apr 2018 22:47:36 +0000 (00:47 +0200)]
checksrc: Fix typo

Fix typo in "semicolon" spelling and remove stray tab character.

Closes https://github.com/curl/curl/pull/2498

6 years agoall: Refactor malloc+memset to use calloc
Daniel Gustafsson [Sat, 14 Apr 2018 20:42:04 +0000 (22:42 +0200)]
all: Refactor malloc+memset to use calloc

When a zeroed out allocation is required, use calloc() rather than
malloc() followed by an explicit memset(). The result will be the
same, but using calloc() everywhere increases consistency in the
codebase and avoids the risk of subtle bugs when code is injected
between malloc and memset by accident.

Closes https://github.com/curl/curl/pull/2497

6 years agoduphandle: make sure CURLOPT_RESOLVE is duplicated fine too
Daniel Stenberg [Thu, 12 Apr 2018 11:09:04 +0000 (13:09 +0200)]
duphandle: make sure CURLOPT_RESOLVE is duplicated fine too

Verified in test 1502 now

Fixes #2485
Closes #2486
Reported-by: Ernst Sjöstrand
6 years agomailmap: add a monnerat fixup [ci skip]
Daniel Stenberg [Thu, 12 Apr 2018 06:02:40 +0000 (08:02 +0200)]
mailmap: add a monnerat fixup [ci skip]

6 years agoproxy: show getenv proxy use in verbose output
Daniel Stenberg [Tue, 10 Apr 2018 19:30:28 +0000 (21:30 +0200)]
proxy: show getenv proxy use in verbose output

... to aid debugging etc as it sometimes isn't immediately obvious why
curl uses or doesn't use a proxy.

Inspired by #2477

Closes #2480

6 years agotravis: build libpsl and make builds use it
Daniel Stenberg [Sun, 8 Apr 2018 22:11:04 +0000 (00:11 +0200)]
travis: build libpsl and make builds use it

closes #2471

6 years agotravis: bump to clang 6 and gcc 7
Daniel Stenberg [Mon, 9 Apr 2018 18:30:57 +0000 (20:30 +0200)]
travis: bump to clang 6 and gcc 7

Extra-eye-on-this-by: Marcel Raad
Closes #2478

6 years agotravis: use trusty for coverage build
Marcel Raad [Thu, 20 Jul 2017 13:22:29 +0000 (15:22 +0200)]
travis: use trusty for coverage build

This works now and precise is in the process of being decommissioned.

Closes https://github.com/curl/curl/pull/2476

6 years agolib: silence null-dereference warnings
Marcel Raad [Mon, 9 Apr 2018 13:53:12 +0000 (15:53 +0200)]
lib: silence null-dereference warnings

In debug mode, MingGW-w64's GCC 7.3 issues null-dereference warnings
when dereferencing pointers after DEBUGASSERT-ing that they are not
NULL.
Fix this by removing the DEBUGASSERTs.

Suggested-by: Daniel Stenberg
Ref: https://github.com/curl/curl/pull/2463

6 years agowinbuild: fix URL
kdekker [Mon, 9 Apr 2018 10:10:43 +0000 (12:10 +0200)]
winbuild: fix URL

Follow up on https://github.com/curl/curl/pull/2472.
Now using en-us instead of nl-nl as language code in the URL.

Closes https://github.com/curl/curl/pull/2475

6 years agowinbuild: updated the documentation
kdekker [Mon, 9 Apr 2018 08:42:14 +0000 (10:42 +0200)]
winbuild: updated the documentation

The setenv command no longer exists and visual studio build prompts got
changed. Used Visual Studio 2015/2017 as reference.

Closes #2472

6 years agotest1136: fix cookie order after commit c990eadd1277
Daniel Stenberg [Sun, 8 Apr 2018 22:10:20 +0000 (00:10 +0200)]
test1136: fix cookie order after commit c990eadd1277

6 years agobuild: cleanup to fix clang warnings/errors
Daniel Stenberg [Sat, 7 Apr 2018 09:03:18 +0000 (11:03 +0200)]
build: cleanup to fix clang warnings/errors

unit1309 and vtls/gtls: error: arithmetic on a null pointer treated as a
cast from integer to pointer is a GNU extension

Reported-by: Rikard Falkeborn
Fixes #2466
Closes #2468

6 years agoexamples/sftpuploadresmue: Fix Windows large file seek
Jay Satiro [Sat, 7 Apr 2018 20:03:55 +0000 (16:03 -0400)]
examples/sftpuploadresmue: Fix Windows large file seek

- Use _fseeki64 instead of fseek (long) to seek curl_off_t in Windows.

- Use CURL_FORMAT_CURL_OFF_T specifier instead of %ld to print
  curl_off_t.

Caught by Marc's CI builds.

6 years agocurl_setup: provide a CURL_SA_FAMILY_T type if none exists
Daniel Stenberg [Fri, 6 Apr 2018 13:26:04 +0000 (15:26 +0200)]
curl_setup: provide a CURL_SA_FAMILY_T type if none exists

... and use this type instead of 'sa_family_t' in the code since several
platforms don't have it.

Closes #2463

6 years agobuild: add picky compiler warning flags for gcc 6 and 7
Eric Gallager [Mon, 12 Feb 2018 06:42:47 +0000 (01:42 -0500)]
build: add picky compiler warning flags for gcc 6 and 7

6 years agoconfigure: detect sa_family_t
Daniel Stenberg [Mon, 26 Mar 2018 14:01:07 +0000 (16:01 +0200)]
configure: detect sa_family_t

6 years agotool_operate: Fix retry on FTP 4xx to ignore other protocols
Stefan Agner [Fri, 6 Apr 2018 19:00:02 +0000 (21:00 +0200)]
tool_operate: Fix retry on FTP 4xx to ignore other protocols

Only treat response code as FTP response codes in case the
protocol type is FTP.

This fixes an issue where an HTTP download was treated as FTP
in case libcurl returned with 33. This happens when the
download has already finished and the server responses 416:
  HTTP/1.1 416 Requested Range Not Satisfiable

This should not be treated as an FTP error.

Fixes #2464
Closes #2465

6 years agohash: calculate sizes with size_t instead of longs
Daniel Stenberg [Fri, 6 Apr 2018 12:19:39 +0000 (14:19 +0200)]
hash: calculate sizes with size_t instead of longs

... since they return size_t anyway!

closes #2462

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Fri, 6 Apr 2018 13:52:10 +0000 (15:52 +0200)]
RELEASE-NOTES: synced

6 years agobuild-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
Jay Satiro [Fri, 22 Dec 2017 22:00:32 +0000 (17:00 -0500)]
build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15

.. and do the same for build-wolfssl.bat.

Because MS calls it VC14.1.

Closes https://github.com/curl/curl/pull/2189

6 years agowinbuild: make the clean target work without build-type
kdekker [Wed, 4 Apr 2018 09:32:19 +0000 (11:32 +0200)]
winbuild: make the clean target work without build-type

Due to the check in Makefile.vc and MakefileBuild.vc, no make call can
be invoked unless a build-type was specified. However, a clean target
only existed when a build type was specified. As a result, the clean
target was unreachable. Made clean target unconditional.

Closes #2455

6 years agobuild-openssl.bat: allow custom paths for VS and perl
patelvivekv1993 [Thu, 5 Apr 2018 11:06:05 +0000 (16:36 +0530)]
build-openssl.bat: allow custom paths for VS and perl

Fixes #2430
Closes #2457

6 years agoFTP: allow PASV on IPv6 connections when a proxy is being used
Laurie Clark-Michalek [Wed, 28 Mar 2018 14:42:33 +0000 (15:42 +0100)]
FTP: allow PASV on IPv6 connections when a proxy is being used

In the situation of a client connecting to an FTP server using an IPv6
tunnel proxy, the connection info will indicate that the connection is
IPv6. However, because the server behing the proxy is IPv4, it is
permissable to attempt PSV mode. In the case of the FTP server being
IPv4 only, EPSV will always fail, and with the current logic curl will
be unable to connect to the server, as the IPv6 fwdproxy causes curl to
think that EPSV is impossible.

Closes #2432

6 years agofile: restore old behavior for file:////foo/bar URLs
Jon DeVree [Thu, 29 Mar 2018 22:39:56 +0000 (18:39 -0400)]
file: restore old behavior for file:////foo/bar URLs

curl 7.57.0 and up interpret this according to Appendix E.3.2 of RFC
8089 but then returns an error saying this is unimplemented. This is
actually a regression in behavior on both Windows and Unix.

Before curl 7.57.0 this URL was treated as a path of "//foo/bar" and
then passed to the relevant OS API. This means that the behavior of this
case is actually OS dependent.

The Unix path resolution rules say that the OS must handle swallowing
the extra "/" and so this path is the same as "/foo/bar"

The Windows path resolution rules say that this is a UNC path and
automatically handles the SMB access for the program. So curl on Windows
was already doing Appendix E.3.2 without any special code in curl.

Regression

Closes #2438

6 years agoRevert "openssl: Don't add verify locations when verifypeer==0"
Gaurav Malhotra [Tue, 3 Apr 2018 12:41:27 +0000 (18:11 +0530)]
Revert "openssl: Don't add verify locations when verifypeer==0"

This reverts commit dc85437736e1fc90e689bb1f6c51c8f1aa9430eb.

libcurl (with the OpenSSL backend) performs server certificate verification
even if verifypeer == 0 and the verification result is available using
CURLINFO_SSL_VERIFYRESULT. The commit that is being reverted caused the
CURLINFO_SSL_VERIFYRESULT to not have useful information for the
verifypeer == 0 use case (it would always have
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY).

Closes #2451

6 years agotls: fix mbedTLS 2.7.0 build + handle sha256 failures
Wyatt O'Day [Mon, 2 Apr 2018 17:33:00 +0000 (13:33 -0400)]
tls: fix mbedTLS 2.7.0 build + handle sha256 failures

(mbedtls 2.70 compiled with MBEDTLS_DEPRECATED_REMOVED)

Closes #2453

6 years agocookie: case-insensitive hashing for the domains
Lauri Kasanen [Thu, 5 Apr 2018 12:55:59 +0000 (15:55 +0300)]
cookie: case-insensitive hashing for the domains

closes #2458