]> granicus.if.org Git - curl/log
curl
7 years agocookie: avoid NULL dereference
Daniel Stenberg [Mon, 30 Oct 2017 15:42:25 +0000 (16:42 +0100)]
cookie: avoid NULL dereference

... when expiring old cookies.

Reported-by: Pavel Gushchin
Fixes #2032
Closes #2035

7 years agomemdebug: use send/recv signature for curl_dosend/curl_dorecv
Marcel Raad [Fri, 27 Oct 2017 08:10:30 +0000 (10:10 +0200)]
memdebug: use send/recv signature for curl_dosend/curl_dorecv

This avoids build errors and warnings caused by implicit casts.

Closes https://github.com/curl/curl/pull/2031

7 years agomkhelp.pl: support reproducible build
Juro Bystricky [Fri, 27 Oct 2017 15:28:25 +0000 (08:28 -0700)]
mkhelp.pl: support reproducible build

Do not generate line with the current date, such as:

* Generation time: Tue Oct-24 18:01:41 2017

This will improve reproducibility. The generated string is only
part of a comment, so there should be no adverse consequences.

Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
closes #2026

7 years agoruntests.pl: Fixed typo in message
Dan Fandrich [Mon, 30 Oct 2017 15:56:14 +0000 (16:56 +0100)]
runtests.pl: Fixed typo in message

7 years agocurlx: the timeval functions are no longer provided as curlx_*
Daniel Stenberg [Mon, 30 Oct 2017 15:41:02 +0000 (16:41 +0100)]
curlx: the timeval functions are no longer provided as curlx_*

Pointed-out-by: Dmitri Tikhonov
Bug: #2034

7 years agoselect: update comments
Daniel Stenberg [Mon, 30 Oct 2017 15:40:28 +0000 (16:40 +0100)]
select: update comments

s/curlx_tvnow/Curl_now

7 years agoINTERNALS: remove curlx_tv* functions no longer provided
Daniel Stenberg [Mon, 30 Oct 2017 14:30:01 +0000 (15:30 +0100)]
INTERNALS: remove curlx_tv* functions no longer provided

7 years agotimeval: use mach time on MacOS
Dmitri Tikhonov [Mon, 30 Oct 2017 12:12:41 +0000 (08:12 -0400)]
timeval: use mach time on MacOS

If clock_gettime() is not supported, use mach_absolute_time() on MacOS.

closes #2033

7 years agocli tool: improve ";type=" handling in -F option arguments
Patrick Monnerat [Sun, 29 Oct 2017 13:31:03 +0000 (14:31 +0100)]
cli tool: improve ";type=" handling in -F option arguments

7 years agocli tool: in -F option arg, comma is a delimiter for files only
Patrick Monnerat [Sun, 29 Oct 2017 12:57:16 +0000 (13:57 +0100)]
cli tool: in -F option arg, comma is a delimiter for files only

Also upgrade test 1133 to cover this case and clarify man page about
form data quoting.

Bug: https://github.com/curl/curl/issues/2022
Reported-By: omau on github
7 years agotimeleft: made two more users of Curl_timeleft use timediff_t
Daniel Stenberg [Sun, 29 Oct 2017 12:13:23 +0000 (13:13 +0100)]
timeleft: made two more users of Curl_timeleft use timediff_t

7 years agocmake: Export libcurl and curl targets to use by other cmake projects
Jakub Zakrzewski [Sun, 10 Sep 2017 14:56:16 +0000 (16:56 +0200)]
cmake: Export libcurl and curl targets to use by other cmake projects

The config files define curl and libcurl targets as imported targets
CURL::curl and CURL::libcurl. For backward compatibility with CMake-
provided find-module the CURL_INCLUDE_DIRS and CURL_LIBRARIES are
also set.

Closes #1879

7 years agoRELEASE-NOTES: synced with f20cbac97
Daniel Stenberg [Sat, 28 Oct 2017 14:49:27 +0000 (16:49 +0200)]
RELEASE-NOTES: synced with f20cbac97

7 years agoauth: Added test cases for RFC7616
Florin [Sat, 7 Oct 2017 11:30:17 +0000 (13:30 +0200)]
auth: Added test cases for RFC7616

Updated docs to include support for RFC7616

Signed-off-by: Florin <petriuc.florin@gmail.com>
Closes #1934

7 years agoauth: add support for RFC7616 - HTTP Digest access authentication
Florin [Sat, 30 Sep 2017 18:30:55 +0000 (20:30 +0200)]
auth: add support for RFC7616 - HTTP Digest access authentication

Signed-off-by: Florin <petriuc.florin@gmail.com>
7 years agoTODO: support multiple Content-Encodings
Daniel Bankhead [Fri, 20 Oct 2017 17:01:32 +0000 (13:01 -0400)]
TODO: support multiple Content-Encodings

Closes #2002

7 years agoROADMAP: cleanup
Daniel Stenberg [Sat, 28 Oct 2017 08:54:20 +0000 (10:54 +0200)]
ROADMAP: cleanup

Removed done stuff. Removed entries no longer considered for the near
term.

7 years agoROADMAP.md: spelling fixes
Magicansk [Sat, 28 Oct 2017 03:16:32 +0000 (11:16 +0800)]
ROADMAP.md: spelling fixes

Closes #2028

7 years agoCurl_timeleft: change return type to timediff_t
Daniel Stenberg [Thu, 26 Oct 2017 13:24:50 +0000 (15:24 +0200)]
Curl_timeleft: change return type to timediff_t

returning 'time_t' is problematic when that type is unsigned and we
return values less than zero to signal "already expired", used in
several places in the code.

Closes #2021

7 years agoappveyor: add a win32 build
Daniel Stenberg [Fri, 27 Oct 2017 21:40:04 +0000 (23:40 +0200)]
appveyor: add a win32 build

7 years agosetopt: fix CURLOPT_SSH_AUTH_TYPES option read
Daniel Stenberg [Fri, 27 Oct 2017 20:56:33 +0000 (22:56 +0200)]
setopt: fix CURLOPT_SSH_AUTH_TYPES option read

Regression since f121575c0b5f

Reported-by: Rob Cotrone
7 years agoresolvers: only include anything if needed
Marcel Raad [Thu, 26 Oct 2017 18:52:22 +0000 (20:52 +0200)]
resolvers: only include anything if needed

This avoids warnings about unused stuff.

Closes https://github.com/curl/curl/pull/2023

7 years agoHELP-US: rename the subtitle too since the label is changed
Daniel Stenberg [Fri, 27 Oct 2017 09:19:22 +0000 (11:19 +0200)]
HELP-US: rename the subtitle too since the label is changed

"PR-welcome" was the former name.

7 years agocurl_setup.h: oops, shorten the too long line
Daniel Stenberg [Fri, 27 Oct 2017 09:12:45 +0000 (11:12 +0200)]
curl_setup.h: oops, shorten the too long line

7 years agocurl_setup: Improve detection of CURL_WINDOWS_APP
Martin Storsjo [Fri, 27 Oct 2017 08:21:01 +0000 (11:21 +0300)]
curl_setup: Improve detection of CURL_WINDOWS_APP

If WINAPI_FAMILY is defined, it should be safe to try to include
winapifamily.h to check what the define evaluates to.

This should fix detection of CURL_WINDOWS_APP if building with
_WIN32_WINNT set to 0x0600.

Closes #2025

7 years agotransfer: Fix chunked-encoding upload bug
Jay Satiro [Tue, 24 Oct 2017 20:08:26 +0000 (16:08 -0400)]
transfer: Fix chunked-encoding upload bug

- When uploading via chunked-encoding don't compare file size to bytes
  sent to determine whether the upload has finished.

Chunked-encoding adds its own overhead which why the bytes sent is not
equal to the file size. Prior to this change if a file was uploaded in
chunked-encoding and its size was known it was possible that the upload
could end prematurely without sending the final few chunks. That would
result in a server hang waiting for the remaining data, likely followed
by a disconnect.

The scope of this bug is limited to some arbitrary file sizes which have
not been determined. One size that triggers the bug is 475020.

Bug: https://github.com/curl/curl/issues/2001
Reported-by: moohoorama@users.noreply.github.com
Closes https://github.com/curl/curl/pull/2010

7 years agotimeval: make timediff_t also work on 32bit windows
Daniel Stenberg [Thu, 26 Oct 2017 11:02:00 +0000 (13:02 +0200)]
timeval: make timediff_t also work on 32bit windows

... by using curl_off_t for the typedef if time_t is larger than 4
bytes.

Reported-by: Gisle Vanem
Bug: https://github.com/curl/curl/commit/b9d25f9a6b3ca791385b80a6a3c3fa5ae113e1e0#co
mmitcomment-25205058
Closes #2019

7 years agocurl_fnmatch: return error on illegal wildcard pattern
Daniel Stenberg [Wed, 25 Oct 2017 21:53:30 +0000 (23:53 +0200)]
curl_fnmatch: return error on illegal wildcard pattern

... instead of doing an infinite loop!

Added test 1162 to verify.

Reported-by: Max Dymond
Fixes #2015
Closes #2017

7 years agowildcards: don't use with non-supported protocols
Max Dymond [Wed, 25 Oct 2017 21:51:50 +0000 (22:51 +0100)]
wildcards: don't use with non-supported protocols

Fixes timeouts in the fuzzing tests for non-FTP protocols.

Closes #2016

7 years agomulti: allow table handle sizes to be overridden
Max Dymond [Wed, 11 Oct 2017 12:18:46 +0000 (13:18 +0100)]
multi: allow table handle sizes to be overridden

Allow users to specify their own hash define for
CURL_CONNECTION_HASH_SIZE so that both values can be overridden.

Closes #1982

7 years agotime: rename Curl_tvnow to Curl_now
Daniel Stenberg [Wed, 25 Oct 2017 09:59:43 +0000 (11:59 +0200)]
time: rename Curl_tvnow to Curl_now

... since the 'tv' stood for timeval and this function does not return a
timeval struct anymore.

Also, cleaned up the Curl_timediff*() functions to avoid typecasts and
clean up the descriptive comments.

Closes #2011

7 years agoftplistparser: follow-up cleanup to remove PL_ERROR()
Daniel Stenberg [Wed, 25 Oct 2017 16:19:44 +0000 (18:19 +0200)]
ftplistparser: follow-up cleanup to remove PL_ERROR()

7 years agoftplistparser: free off temporary memory always
Max Dymond [Wed, 25 Oct 2017 14:52:43 +0000 (15:52 +0100)]
ftplistparser: free off temporary memory always

When using the FTP list parser, ensure that the memory that's
allocated is always freed.

Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3682
Closes #2013

7 years agotimediff: return timediff_t from the time diff functions
Daniel Stenberg [Mon, 23 Oct 2017 10:05:49 +0000 (12:05 +0200)]
timediff: return timediff_t from the time diff functions

... to cater for systems with unsigned time_t variables.

- Renamed the functions to curlx_timediff and Curl_timediff_us.

- Added overflow protection for both of them in either direction for
  both 32 bit and 64 bit time_ts

- Reprefixed the curlx_time functions to use Curl_*

Reported-by: Peter Piekarski
Fixes #2004
Closes #2005

7 years agolibtest: Add required test libraries for lib1552 and lib1553
Paul Howarth [Mon, 23 Oct 2017 17:51:36 +0000 (18:51 +0100)]
libtest: Add required test libraries for lib1552 and lib1553

They use $(TESTUTIL) and thus should use $(TESTUTIL_LIBS) too.

This fixes build failures on Fedora 13.

Closes #2006

7 years agolibcurl-tutorial.3: fix typo
Alessandro Ghedini [Mon, 23 Oct 2017 22:24:10 +0000 (23:24 +0100)]
libcurl-tutorial.3: fix typo

closes #2008

7 years agocurl_mime_filedata.3: fix typos
Alessandro Ghedini [Mon, 23 Oct 2017 22:23:23 +0000 (23:23 +0100)]
curl_mime_filedata.3: fix typos

7 years agoRELEASE-NOTES: clean slate towards 7.57.0
Daniel Stenberg [Mon, 23 Oct 2017 11:33:04 +0000 (13:33 +0200)]
RELEASE-NOTES: clean slate towards 7.57.0

7 years agotravis: exit if any steps fail
Max Dymond [Mon, 9 Oct 2017 08:10:51 +0000 (09:10 +0100)]
travis: exit if any steps fail

We don't expect any steps to fail in travis. Exit the script if they do.

Closes #1966

7 years agoRELEASE-NOTES: 7.56.1 curl-7_56_1
Daniel Stenberg [Sun, 22 Oct 2017 14:20:04 +0000 (16:20 +0200)]
RELEASE-NOTES: 7.56.1

7 years agoTHANKS: update at 7.56.1 release time
Daniel Stenberg [Sun, 22 Oct 2017 21:32:03 +0000 (23:32 +0200)]
THANKS: update at 7.56.1 release time

7 years agomk-ca-bundle: Remove URL for aurora
Jon DeVree [Thu, 19 Oct 2017 15:54:04 +0000 (11:54 -0400)]
mk-ca-bundle: Remove URL for aurora

Aurora is no longer used by Mozilla
https://hacks.mozilla.org/2017/04/simplifying-firefox-release-channels/

7 years agomk-ca-bundle: Fix URL for NSS
Jon DeVree [Thu, 19 Oct 2017 12:40:54 +0000 (08:40 -0400)]
mk-ca-bundle: Fix URL for NSS

The 'tip' is the most recent branch committed to, this should be
'default' like the URLs for the browser are.

Closes #1998

7 years agoimap: if a FETCH response has no size, don't call write callback
Daniel Stenberg [Fri, 6 Oct 2017 22:11:31 +0000 (00:11 +0200)]
imap: if a FETCH response has no size, don't call write callback

CVE-2017-1000257

Reported-by: Brian Carpenter and 0xd34db347
Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586

7 years agoftp: reject illegal IP/port in PASV 227 response
Daniel Stenberg [Thu, 19 Oct 2017 12:41:14 +0000 (14:41 +0200)]
ftp: reject illegal IP/port in PASV 227 response

... by using range checks. Among other things, this avoids an undefined
behavior for a left shift that could happen on negative or very large
values.

Closes #1997

Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694

7 years agotest653: check reuse of easy handle after mime data change
Patrick Monnerat [Fri, 20 Oct 2017 13:01:14 +0000 (14:01 +0100)]
test653: check reuse of easy handle after mime data change

See issue #1999

7 years agomime: do not reuse previously computed multipart size
Patrick Monnerat [Fri, 20 Oct 2017 12:57:12 +0000 (13:57 +0100)]
mime: do not reuse previously computed multipart size

The contents might have changed: size must be recomputed.

Reported-by: moteus on github
Fixes #1999

7 years agotest308: disable if MultiSSL feature enabled
Patrick Monnerat [Thu, 19 Oct 2017 19:16:05 +0000 (20:16 +0100)]
test308: disable if MultiSSL feature enabled

Even if OpenSSL is enabled, it might not be the default backend when
multi-ssl is enabled, causing the test to fail.

7 years agoruntests: support MultiSSL client feature
Patrick Monnerat [Thu, 19 Oct 2017 19:15:21 +0000 (20:15 +0100)]
runtests: support MultiSSL client feature

7 years agovtls: change struct Curl_ssl `close' field name to `close_one'.
Patrick Monnerat [Thu, 19 Oct 2017 18:55:17 +0000 (19:55 +0100)]
vtls: change struct Curl_ssl `close' field name to `close_one'.

On OS/400, `close' is an ASCII system macro that corrupts the code if
not used in a context not targetting the close() system API.

7 years agoos400: add missing symbols in config file.
Patrick Monnerat [Thu, 19 Oct 2017 17:48:21 +0000 (18:48 +0100)]
os400: add missing symbols in config file.

Also adjust makefile to renamed files and warn about installation dirs mix-up.

7 years agotest652: curl_mime_data + base64 encoder with large contents
Patrick Monnerat [Thu, 19 Oct 2017 17:37:19 +0000 (18:37 +0100)]
test652: curl_mime_data + base64 encoder with large contents

7 years agomime: limit bas64-encoded lines length to 76 characters
Patrick Monnerat [Thu, 19 Oct 2017 17:33:27 +0000 (18:33 +0100)]
mime: limit bas64-encoded lines length to 76 characters

7 years agoRELEASE-NOTES: synced with f121575c0
Daniel Stenberg [Mon, 16 Oct 2017 09:07:30 +0000 (11:07 +0200)]
RELEASE-NOTES: synced with f121575c0

7 years agosetopt: range check most long options
Daniel Stenberg [Sat, 14 Oct 2017 15:20:13 +0000 (17:20 +0200)]
setopt: range check most long options

... filter early instead of risking "funny values" having to be dealt
with elsewhere.

7 years agosetopt: avoid integer overflows when setting millsecond values
Daniel Stenberg [Tue, 3 Oct 2017 15:00:18 +0000 (17:00 +0200)]
setopt: avoid integer overflows when setting millsecond values

... that are multiplied by 1000 when stored.

For 32 bit long systems, the max value accepted (2147483 seconds) is >
596 hours which is unlikely to ever be set by a legitimate application -
and previously it didn't work either, it just caused undefined behavior.

Also updated the man pages for these timeout options to mention the
return code.

Closes #1938

7 years agomakefile.m32: allow to override gcc, ar and ranlib
Viktor Szakats [Sun, 15 Oct 2017 19:42:32 +0000 (19:42 +0000)]
makefile.m32: allow to override gcc, ar and ranlib

Allow to ovverride certain build tools, making it possible to
use LLVM/Clang to build curl. The default behavior is unchanged.
To build with clang (as offered by MSYS2), these settings can
be used:

CURL_CC=clang
CURL_AR=llvm-ar
CURL_RANLIB=llvm-ranlib

Closes https://github.com/curl/curl/pull/1993

7 years agoldap: silence clang warning
Viktor Szakats [Sun, 15 Oct 2017 15:59:43 +0000 (15:59 +0000)]
ldap: silence clang warning

Use memset() to initialize a structure to avoid LLVM/Clang warning:
ldap.c:193:39: warning: missing field 'UserLength' initializer [-Wmissing-field-initializers]

Closes https://github.com/curl/curl/pull/1992

7 years agoruntests: use valgrind for torture as well
Daniel Stenberg [Tue, 10 Oct 2017 20:52:17 +0000 (22:52 +0200)]
runtests: use valgrind for torture as well

NOTE: it makes them terribly slow. I recommend only using valgrind for
specific torture tests or using lots of patience.

7 years agomemdebug: trace send, recv and socket
Daniel Stenberg [Tue, 10 Oct 2017 14:56:35 +0000 (16:56 +0200)]
memdebug: trace send, recv and socket

... to allow them to be included in torture tests too.

closes #1980

7 years agoconfigure: remove the C++ compiler check
Daniel Stenberg [Sat, 14 Oct 2017 11:52:51 +0000 (13:52 +0200)]
configure: remove the C++ compiler check

... we used it only for the fuzzer, which we now have in a separate git
repo.

Closes #1990

7 years agomime: do not call failf() if easy handle is NULL.
Patrick Monnerat [Fri, 13 Oct 2017 16:16:57 +0000 (17:16 +0100)]
mime: do not call failf() if easy handle is NULL.

7 years agotest651: curl_formadd with huge COPYCONTENTS
Daniel Stenberg [Thu, 12 Oct 2017 18:00:43 +0000 (20:00 +0200)]
test651: curl_formadd with huge COPYCONTENTS

7 years agomime: fix the content reader to handle >16K data properly
Daniel Stenberg [Thu, 12 Oct 2017 22:13:41 +0000 (00:13 +0200)]
mime: fix the content reader to handle >16K data properly

Reported-by: Jeroen Ooms
Closes #1988

7 years agomime: keep "text/plain" content type if user-specified.
Patrick Monnerat [Thu, 12 Oct 2017 18:36:16 +0000 (19:36 +0100)]
mime: keep "text/plain" content type if user-specified.

Include test cases in 554, 587, 650.

Fixes https://github.com/curl/curl/issues/1986

7 years agocli tool: use file2memory() to buffer stdin in -F option.
Patrick Monnerat [Thu, 12 Oct 2017 15:42:02 +0000 (16:42 +0100)]
cli tool: use file2memory() to buffer stdin in -F option.

Closes PR https://github.com/curl/curl/pull/1985

7 years agocli tool: reimplement stdin buffering in -F option.
Patrick Monnerat [Thu, 12 Oct 2017 13:25:59 +0000 (14:25 +0100)]
cli tool: reimplement stdin buffering in -F option.

If stdin is not a regular file, its content is memory-buffered to enable
a possible data "rewind".
In all cases, stdin data size is determined before real use to avoid
having an unknown part's size.

--libcurl generated code is left as an unbuffered stdin fread/fseek callback
part with unknown data size.

Buffering is not supported in deprecated curl_formadd() API.

7 years agowinbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2
Daniel Stenberg [Thu, 12 Oct 2017 11:54:00 +0000 (13:54 +0200)]
winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2

7 years agoHELP-US: the label "PR-welcome" is now renamed to "help wanted"
Daniel Stenberg [Thu, 12 Oct 2017 07:50:52 +0000 (09:50 +0200)]
HELP-US: the label "PR-welcome" is now renamed to "help wanted"

following the new github "standard"

7 years agoRELEASE-NOTES: synced with 5505df7d2
Daniel Stenberg [Wed, 11 Oct 2017 10:00:19 +0000 (12:00 +0200)]
RELEASE-NOTES: synced with 5505df7d2

7 years agourl: Update current connection SSL verify params in setopt
Artak Galoyan [Thu, 5 Oct 2017 19:43:13 +0000 (15:43 -0400)]
url: Update current connection SSL verify params in setopt

Now VERIFYHOST, VERIFYPEER and VERIFYSTATUS options change during active
connection updates the current connection's (i.e.'connectdata'
structure) appropriate ssl_config (and ssl_proxy_config) structures
variables, making these options effective for ongoing connection.

This functionality was available before and was broken by the
following change:
"proxy: Support HTTPS proxy and SOCKS+HTTP(s)"
CommitId: cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151.

Bug: https://github.com/curl/curl/issues/1941

Closes https://github.com/curl/curl/pull/1951

7 years agoopenssl: don't use old BORINGSSL_YYYYMM macros
David Benjamin [Mon, 9 Oct 2017 15:41:02 +0000 (11:41 -0400)]
openssl: don't use old BORINGSSL_YYYYMM macros

Those were temporary things we'd add and remove for our own convenience
long ago. The last few stayed around for too long as an oversight but
have since been removed. These days we have a running
BORINGSSL_API_VERSION counter which is bumped when we find it
convenient, but 2015-11-19 was quite some time ago, so just check
OPENSSL_IS_BORINGSSL.

Closes #1979

7 years agotest950; verify SMTP with custom request
Daniel Stenberg [Tue, 10 Oct 2017 14:59:13 +0000 (16:59 +0200)]
test950; verify SMTP with custom request

7 years agoftpserver: support case insensitive commands
Daniel Stenberg [Tue, 10 Oct 2017 14:58:40 +0000 (16:58 +0200)]
ftpserver: support case insensitive commands

7 years agosmtp_done: free data before returning (on send failure)
Daniel Stenberg [Tue, 10 Oct 2017 12:34:57 +0000 (14:34 +0200)]
smtp_done: free data before returning (on send failure)

... as otherwise it could leak that memory.

Detected by OSS-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600

Assisted-by: Max Dymond
Closes #1977

7 years agoFTP: URL decode path for dir listing in nocwd mode
Daniel Stenberg [Tue, 10 Oct 2017 10:02:11 +0000 (12:02 +0200)]
FTP: URL decode path for dir listing in nocwd mode

Reported-by: Zenju on github
Test 244 added to verify
Fixes #1974
Closes #1976

7 years agotest298: verify --ftp-method nowcwd with URL encoded path
Daniel Stenberg [Mon, 9 Oct 2017 20:50:40 +0000 (22:50 +0200)]
test298: verify --ftp-method nowcwd with URL encoded path

Ref: #1974

7 years agoCURLOPT_XFERINFODATA.3: fix duplicate see also
Daniel Stenberg [Mon, 9 Oct 2017 14:24:36 +0000 (16:24 +0200)]
CURLOPT_XFERINFODATA.3: fix duplicate see also

7 years agoCURLOPT_NOPROGRESS.3: also refer to xferinfofunction
Daniel Stenberg [Mon, 9 Oct 2017 14:24:19 +0000 (16:24 +0200)]
CURLOPT_NOPROGRESS.3: also refer to xferinfofunction

7 years agoFAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
Daniel Stenberg [Mon, 9 Oct 2017 14:13:27 +0000 (16:13 +0200)]
FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION

7 years agoopenssl: enable PKCS12 support for !BoringSSL
Daniel Stenberg [Thu, 5 Oct 2017 08:16:40 +0000 (10:16 +0200)]
openssl: enable PKCS12 support for !BoringSSL

Enable PKCS12 for all non-boringssl builds without relying on configure
or cmake checks.

Bug: https://curl.haxx.se/mail/lib-2017-10/0007.html
Reported-by: Christian Schmitz
Closes #1948

7 years agocurl: don't pass semicolons when parsing Content-Disposition
Kristiyan Tsaklev [Sat, 7 Oct 2017 14:47:11 +0000 (17:47 +0300)]
curl: don't pass semicolons when parsing Content-Disposition

Test 1422 updated to verify.

Closes #1964

7 years agomime: properly unbind mime structure in curl_mime_free().
Patrick Monnerat [Mon, 9 Oct 2017 00:26:27 +0000 (01:26 +0100)]
mime: properly unbind mime structure in curl_mime_free().

This allows freeing a mime structure bound to the easy handle before
curl_easy_cleanup().

Fixes #1970.

7 years agoRTSP: avoid integer overflow on funny RTSP response
Daniel Stenberg [Sun, 8 Oct 2017 15:15:44 +0000 (17:15 +0200)]
RTSP: avoid integer overflow on funny RTSP response

... like a very large non-existing RTSP version number.

Added test 577 to verify.

Detected by OSS-fuzz.
Closes #1969

7 years agoftpserver: properly reset $ftptargetdir.
Patrick Monnerat [Sun, 8 Oct 2017 18:29:44 +0000 (19:29 +0100)]
ftpserver: properly reset $ftptargetdir.

7 years agotest643: verify curl_mime_subparts() rejects cyclic additions.
Patrick Monnerat [Sun, 8 Oct 2017 18:05:59 +0000 (19:05 +0100)]
test643: verify curl_mime_subparts() rejects cyclic additions.

7 years agomime: refuse to add subparts to one of their own descendants.
Patrick Monnerat [Sun, 8 Oct 2017 17:49:52 +0000 (18:49 +0100)]
mime: refuse to add subparts to one of their own descendants.

Reported-by: Alexey Melnichuk
Fixes #1962

7 years agomime: avoid resetting a part's encoder when part's contents change.
Patrick Monnerat [Sun, 8 Oct 2017 17:43:13 +0000 (18:43 +0100)]
mime: avoid resetting a part's encoder when part's contents change.

7 years agomime: improve unbinding top multipart from easy handle.
Patrick Monnerat [Sun, 8 Oct 2017 17:38:34 +0000 (18:38 +0100)]
mime: improve unbinding top multipart from easy handle.

Also avoid dangling pointers in referencing parts.

7 years agoRELEASE-NOTES: synced with a4c1c75da30af1
Daniel Stenberg [Sun, 8 Oct 2017 15:27:57 +0000 (17:27 +0200)]
RELEASE-NOTES: synced with a4c1c75da30af1

7 years agocurlver.h: next expected release is 7.57.0
Daniel Stenberg [Sun, 8 Oct 2017 15:27:21 +0000 (17:27 +0200)]
curlver.h: next expected release is 7.57.0

7 years agomime: be tolerant about setting twice the same header list in a part.
Patrick Monnerat [Sun, 8 Oct 2017 15:20:13 +0000 (16:20 +0100)]
mime: be tolerant about setting twice the same header list in a part.

7 years agodocs: clarify form/mime usage of non-regular data files.
Patrick Monnerat [Sun, 8 Oct 2017 15:15:23 +0000 (16:15 +0100)]
docs: clarify form/mime usage of non-regular data files.

7 years agoRevert "multi_done: wait for name resolve to finish if still ongoing"
Daniel Stenberg [Sat, 7 Oct 2017 22:50:33 +0000 (00:50 +0200)]
Revert "multi_done: wait for name resolve to finish if still ongoing"

This reverts commit f3e03f6c0ac52a1bf396e03f7d7e9b5b3b7165fe.

Caused memory leaks in the fuzzer, needs to be done differently.

Disable test 1553 for now too, as it causes memory leaks without this
commit!

7 years agoremove_handle: call multi_done() first, then clear dns cache pointer
Daniel Stenberg [Sat, 7 Oct 2017 20:00:48 +0000 (22:00 +0200)]
remove_handle: call multi_done() first, then clear dns cache pointer

Closes #1960

7 years agomulti_done: wait for name resolve to finish if still ongoing
Daniel Stenberg [Sat, 7 Oct 2017 15:54:41 +0000 (17:54 +0200)]
multi_done: wait for name resolve to finish if still ongoing

... as we must clean up memory.

7 years agopingpong: return error when trying to send without connection
Daniel Stenberg [Fri, 6 Oct 2017 15:20:54 +0000 (17:20 +0200)]
pingpong: return error when trying to send without connection

When imap_done() got called before a connection is setup, it would try
to "finish up" and dereffed a NULL pointer.

Test case 1553 managed to reproduce. I had to actually use a host name
to try to resolve to slow it down, as using the normal local server IP
will make libcurl get a connection in the first curl_multi_perform()
loop and then the bug doesn't trigger.

Fixes #1953
Assisted-by: Max Dymond
7 years agotests: added flaky keyword to tests 587 and 644
Dan Fandrich [Fri, 6 Oct 2017 21:04:40 +0000 (23:04 +0200)]
tests: added flaky keyword to tests 587 and 644

These are around 5% flaky in my Linux x86 autobuilds.

7 years agovtls: fix warnings with --disable-crypto-auth
Marcel Raad [Fri, 6 Oct 2017 17:01:19 +0000 (19:01 +0200)]
vtls: fix warnings with --disable-crypto-auth

When CURL_DISABLE_CRYPTO_AUTH is defined, Curl_none_md5sum's parameters
are not used.

7 years agomulti_cleanup: call DONE on handles that never got that
Daniel Stenberg [Thu, 5 Oct 2017 23:11:17 +0000 (01:11 +0200)]
multi_cleanup: call DONE on handles that never got that

... fixes a memory leak with at least IMAP when remove_handle is never
called and the transfer is abruptly just abandoned early.

Test 1552 added to verify

Detected by OSS-fuzz
Assisted-by: Max Dymond
Closes #1954