diff options
| author | robot-contrib <robot-contrib@yandex-team.ru> | 2022-04-23 01:34:18 +0300 |
|---|---|---|
| committer | robot-contrib <robot-contrib@yandex-team.ru> | 2022-04-23 01:34:18 +0300 |
| commit | 70d823f7ee62199b67f5fbe469005124ffe1fe93 (patch) | |
| tree | 82277ba9117d43c5a5f973825b38a2ffe7d95818 | |
| parent | 19b525690e0c7788c39d741ea94023b64ae31a89 (diff) | |
| download | ydb-70d823f7ee62199b67f5fbe469005124ffe1fe93.tar.gz | |
Update contrib/libs/curl to 7.82.0
ref:0a102f02466c720a2ee37f41ed197348e7b727bd
120 files changed, 5095 insertions, 6280 deletions
diff --git a/contrib/libs/curl/.yandex_meta/devtools.copyrights.report b/contrib/libs/curl/.yandex_meta/devtools.copyrights.report index 19c4a85dcc..3bb2ab2c3f 100644 --- a/contrib/libs/curl/.yandex_meta/devtools.copyrights.report +++ b/contrib/libs/curl/.yandex_meta/devtools.copyrights.report @@ -33,7 +33,7 @@ KEEP COPYRIGHT_SERVICE_LABEL 01785bd64237dea815d6d9ed22d8812c BELONGS ya.make License text: * Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com> - * Copyright (C) 2018 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 @@ -42,31 +42,39 @@ BELONGS ya.make lib/curl_sha256.h [10:11] lib/sha256.c [8:9] -KEEP COPYRIGHT_SERVICE_LABEL 07b936b4d91754a9e3594aa53e39e425 +KEEP COPYRIGHT_SERVICE_LABEL 025b4abf07eeedd86775b181357ce255 BELONGS ya.make License text: - * Copyright (C) 2013 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. - * Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> + * Copyright (C) 1999 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 Match type : COPYRIGHT Files with this license: - lib/vtls/mbedtls_threadlock.c [8:9] + lib/mprintf.c [8:8] -KEEP COPYRIGHT_SERVICE_LABEL 0adcfdb2f3aabeff35065b0b55f45563 +KEEP COPYRIGHT_SERVICE_LABEL 063afe0986b6c2fb1a219941bc3c9981 BELONGS ya.make License text: - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * Copyright (c) 2004 - 2021 Daniel Stenberg - * All rights reserved. + * Copyright (C) 2019 - 2022, Michael Forney, <mforney@mforney.org> Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 Match type : COPYRIGHT Files with this license: - lib/krb5.c [3:6] + lib/vtls/bearssl.c [8:8] + +KEEP COPYRIGHT_SERVICE_LABEL 07b936b4d91754a9e3594aa53e39e425 +BELONGS ya.make + License text: + * Copyright (C) 2013 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> + Scancode info: + Original SPDX id: COPYRIGHT_SERVICE_LABEL + Score : 100.00 + Match type : COPYRIGHT + Files with this license: + lib/vtls/mbedtls_threadlock.c [8:9] KEEP COPYRIGHT_SERVICE_LABEL 0bd7e5cd48a574907e3f8e5d5cfa308f BELONGS ya.make @@ -94,14 +102,21 @@ BELONGS ya.make KEEP COPYRIGHT_SERVICE_LABEL 12905c2d6dcfe8f1ee19092ed4a751c9 BELONGS ya.make License text: + * Copyright (C) 2012 - 2016, Linus Nielsen Feltzing, <linus@haxx.se> * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. - * Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 Match type : COPYRIGHT Files with this license: + lib/conncache.c [8:9] + lib/curl_sasl.c [8:8] + lib/curl_sasl.h [10:10] lib/vtls/mbedtls.c [8:9] + lib/vtls/schannel.c [8:10] + lib/vtls/schannel.h [10:11] + lib/vtls/schannel_verify.c [8:10] + lib/vtls/sectransp.c [8:9] KEEP COPYRIGHT_SERVICE_LABEL 19b6de0c05c370c2ad2cc7375c862dd6 BELONGS ya.make @@ -125,17 +140,13 @@ BELONGS ya.make Score : 100.00 Match type : COPYRIGHT Files with this license: - include/curl/curl.h [10:10] - include/curl/curlver.h [10:10] include/curl/multi.h [10:10] include/curl/typecheck-gcc.h [10:10] lib/amigaos.c [8:8] lib/asyn-ares.c [8:8] lib/asyn-thread.c [8:8] lib/asyn.h [10:10] - lib/c-hyper.c [8:8] lib/c-hyper.h [10:10] - lib/connect.c [8:8] lib/connect.h [10:10] lib/content_encoding.c [8:8] lib/content_encoding.h [10:10] @@ -150,127 +161,66 @@ BELONGS ya.make lib/curl_md5.h [10:10] lib/curl_multibyte.c [8:8] lib/curl_multibyte.h [10:10] - lib/curl_ntlm_core.c [8:8] - lib/curl_ntlm_core.h [10:10] lib/curl_ntlm_wb.c [8:8] lib/curl_ntlm_wb.h [10:10] - lib/curl_path.c [8:8] lib/curl_range.c [8:8] lib/curl_range.h [10:10] - lib/curl_setup.h [10:10] lib/curl_setup_once.h [10:10] lib/curl_sspi.c [8:8] - lib/dict.c [8:8] - lib/easy.c [8:8] - lib/file.c [8:8] - lib/formdata.c [8:8] lib/formdata.h [10:10] lib/ftp.h [10:10] lib/ftplistparser.c [8:8] lib/getinfo.c [8:8] - lib/gopher.c [8:8] lib/hash.c [8:8] lib/hash.h [10:10] lib/hostasyn.c [8:8] - lib/hostcheck.c [8:8] - lib/hostip.c [8:8] lib/hostip.h [10:10] lib/hostip4.c [8:8] lib/hostip6.c [8:8] lib/hostsyn.c [8:8] - lib/http.c [8:8] - lib/http.h [10:10] - lib/http2.c [8:8] lib/http2.h [10:10] - lib/http_aws_sigv4.c [8:8] lib/http_aws_sigv4.h [10:10] - lib/http_chunks.c [8:8] lib/http_chunks.h [10:10] lib/http_digest.c [8:8] lib/http_digest.h [10:10] - lib/http_negotiate.c [8:8] lib/http_negotiate.h [10:10] - lib/http_ntlm.c [8:8] lib/http_ntlm.h [10:10] - lib/http_proxy.c [8:8] lib/http_proxy.h [10:10] - lib/if2ip.c [8:8] - lib/imap.c [8:8] - lib/ldap.c [8:8] lib/llist.c [8:8] lib/md4.c [8:8] - lib/md5.c [8:8] lib/memdebug.c [8:8] - lib/mime.c [8:8] - lib/mime.h [10:10] - lib/multi.c [8:8] lib/multihandle.h [10:10] lib/multiif.h [10:10] lib/netrc.c [8:8] - lib/non-ascii.c [8:8] - lib/nonblock.c [8:8] - lib/pingpong.c [8:8] lib/pingpong.h [10:10] - lib/pop3.c [8:8] lib/progress.c [8:8] lib/progress.h [10:10] lib/quic.h [10:10] lib/rand.c [8:8] - lib/rtsp.c [8:8] lib/rtsp.h [10:10] - lib/select.c [8:8] - lib/select.h [10:10] - lib/sendf.c [8:8] lib/sendf.h [10:10] - lib/setopt.c [8:8] lib/setup-win32.h [10:10] lib/share.c [8:8] lib/share.h [10:10] lib/sigpipe.h [10:10] - lib/smtp.c [8:8] lib/socks.h [10:10] lib/strdup.c [8:8] lib/strdup.h [10:10] - lib/telnet.c [8:8] - lib/tftp.c [8:8] lib/timeval.c [8:8] - lib/transfer.c [8:8] - lib/transfer.h [10:10] - lib/url.h [10:10] lib/urlapi-int.h [10:10] - lib/urldata.h [10:10] lib/vauth/cleartext.c [8:8] lib/vauth/cram.c [8:8] - lib/vauth/digest.c [8:8] - lib/vauth/ntlm.c [8:8] lib/vauth/ntlm_sspi.c [8:8] lib/vauth/oauth2.c [8:8] - lib/vauth/spnego_gssapi.c [8:8] - lib/vauth/spnego_sspi.c [8:8] - lib/version.c [8:8] - lib/vquic/ngtcp2.c [8:8] - lib/vquic/quiche.c [8:8] - lib/vssh/libssh2.c [8:8] lib/vssh/ssh.h [10:10] - lib/vtls/gskit.c [8:8] - lib/vtls/gtls.c [8:8] lib/vtls/gtls.h [10:10] - lib/vtls/mesalink.c [8:9] - lib/vtls/nss.c [8:8] - lib/vtls/openssl.c [8:8] - lib/vtls/openssl.h [10:10] - lib/vtls/vtls.c [8:8] - lib/vtls/vtls.h [10:10] - lib/vtls/wolfssl.c [8:8] lib/warnless.c [8:8] lib/warnless.h [10:10] - lib/x509asn1.c [8:8] - lib/x509asn1.h [11:11] KEEP COPYRIGHT_SERVICE_LABEL 1b9e8d9d7c9588e9a9cbcbd17572b2e4 BELONGS ya.make License text: - * Copyright (C) 2016 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2016 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2014, Bill Nagel <wnagel@tycoint.com>, Exacq Technologies Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL @@ -280,17 +230,29 @@ BELONGS ya.make lib/smb.c [8:9] lib/smb.h [10:11] -KEEP COPYRIGHT_SERVICE_LABEL 1fbf18dee75af272927dcb76130ac22c +KEEP COPYRIGHT_SERVICE_LABEL 1d04ada01a071cc7018d826bc2c0cd71 BELONGS ya.make License text: - Copyright (c) 1996 - 2021, Daniel Stenberg, <daniel@haxx.se>, and many - contributors, see the THANKS file. + * Copyright (C) 2015 - 2022, Steve Holme, <steve_holme@hotmail.com>. Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 Match type : COPYRIGHT Files with this license: - COPYING [3:4] + lib/curl_des.c [8:8] + lib/curl_des.h [10:10] + +KEEP COPYRIGHT_SERVICE_LABEL 2214d91fcfc61ee506b57f20784715d7 +BELONGS ya.make + License text: + * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + Scancode info: + Original SPDX id: COPYRIGHT_SERVICE_LABEL + Score : 100.00 + Match type : COPYRIGHT + Files with this license: + lib/hsts.c [8:8] + lib/mqtt.c [8:9] KEEP COPYRIGHT_SERVICE_LABEL 2963ab20f331f08f092c8490148587b0 BELONGS ya.make @@ -302,7 +264,6 @@ BELONGS ya.make Score : 100.00 Match type : COPYRIGHT Files with this license: - lib/vtls/rustls.c [8:9] lib/vtls/rustls.h [8:9] KEEP COPYRIGHT_SERVICE_LABEL 2a3c88ee2029a89e6dd5688e436297d4 @@ -336,14 +297,12 @@ BELONGS ya.make Score : 100.00 Match type : COPYRIGHT Files with this license: - lib/hsts.c [8:8] lib/hsts.h [10:10] - lib/mqtt.c [8:9] KEEP COPYRIGHT_SERVICE_LABEL 30553ccd897a11cf8938f616b0b84861 BELONGS ya.make License text: - * Copyright (C) 2011 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2010, Howard Chu, <hyc@openldap.org> Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL @@ -387,56 +346,26 @@ BELONGS ya.make Files with this license: lib/vtls/sectransp.h [10:11] -KEEP COPYRIGHT_SERVICE_LABEL 3f4d5e8d1859a7c9aed313a82765be1d -BELONGS ya.make - License text: - * Copyright (C) 2016 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. - * Copyright (C) 2014, Bill Nagel <wnagel@tycoint.com>, Exacq Technologies - Scancode info: - Original SPDX id: COPYRIGHT_SERVICE_LABEL - Score : 100.00 - Match type : COPYRIGHT - Files with this license: - lib/smb.c [8:9] - -KEEP COPYRIGHT_SERVICE_LABEL 418d4c36e7c88f4bb1c7bc0abc126aed -BELONGS ya.make - License text: - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. - Scancode info: - Original SPDX id: COPYRIGHT_SERVICE_LABEL - Score : 100.00 - Match type : COPYRIGHT - Files with this license: - lib/vtls/mesalink.c [32:32] - KEEP COPYRIGHT_SERVICE_LABEL 42fe364051245d8197687d46ffd09fdb BELONGS ya.make License text: - * Copyright (C) 2012 - 2016, Linus Nielsen Feltzing, <linus@haxx.se> * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2010, Howard Chu, <hyc@highlandsun.com> Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 Match type : COPYRIGHT Files with this license: - lib/conncache.c [8:9] lib/curl_rtmp.c [8:9] - lib/curl_sasl.c [8:8] - lib/curl_sasl.h [10:10] lib/socks_gssapi.c [8:9] lib/socks_sspi.c [8:9] - lib/vtls/schannel.c [8:10] - lib/vtls/schannel.h [10:11] - lib/vtls/schannel_verify.c [8:10] - lib/vtls/sectransp.c [8:9] KEEP COPYRIGHT_SERVICE_LABEL 487047a176f57677c51faf4394df4c7d BELONGS ya.make License text: * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). - * Copyright (c) 2004 - 2021 Daniel Stenberg + * Copyright (c) 2004 - 2022 Daniel Stenberg * All rights reserved. Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL @@ -445,6 +374,18 @@ BELONGS ya.make Files with this license: lib/krb5.c [3:6] +KEEP COPYRIGHT_SERVICE_LABEL 4a72b737105520f31945ee9cc1309190 +BELONGS ya.make + License text: + * Copyright (C) 2020 - 2022, Jacob Hoffman-Andrews, + * <github@hoffman-andrews.com> + Scancode info: + Original SPDX id: COPYRIGHT_SERVICE_LABEL + Score : 100.00 + Match type : COPYRIGHT + Files with this license: + lib/vtls/rustls.c [8:9] + KEEP COPYRIGHT_SERVICE_LABEL 4e8842dc60c6a1e15f16868c03918523 BELONGS ya.make License text: @@ -484,7 +425,7 @@ BELONGS ya.make KEEP COPYRIGHT_SERVICE_LABEL 520dfafb050652350468b32c3d62b5cd BELONGS ya.make License text: - * Copyright (C) 2020 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2019, Björn Stenberg, <bjorn@haxx.se> Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL @@ -504,6 +445,18 @@ BELONGS ya.make Files with this license: lib/easygetopt.c [8:8] +KEEP COPYRIGHT_SERVICE_LABEL 56bfb48b3999f5c4695de53fd33038ba +BELONGS ya.make + License text: + * Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2010, Howard Chu, <hyc@openldap.org> + Scancode info: + Original SPDX id: COPYRIGHT_SERVICE_LABEL + Score : 100.00 + Match type : COPYRIGHT + Files with this license: + lib/openldap.c [8:9] + KEEP COPYRIGHT_SERVICE_LABEL 5e85228ecbe10b11dde942f2822e8629 BELONGS ya.make License text: @@ -525,10 +478,98 @@ BELONGS ya.make Score : 100.00 Match type : COPYRIGHT Files with this license: + include/curl/curl.h [10:10] + include/curl/curlver.h [10:10] + include/curl/system.h [10:10] + lib/base64.c [8:8] + lib/c-hyper.c [8:8] + lib/connect.c [8:8] + lib/curl_base64.h [10:10] + lib/curl_ctype.c [8:8] + lib/curl_ctype.h [10:10] + lib/curl_ntlm_core.c [8:8] + lib/curl_ntlm_core.h [10:10] + lib/curl_path.c [8:8] + lib/curl_setup.h [10:10] + lib/dict.c [8:8] + lib/dotdot.c [8:8] + lib/easy.c [8:8] + lib/escape.c [8:8] + lib/escape.h [10:10] + lib/file.c [8:8] + lib/formdata.c [8:8] lib/ftp.c [8:8] + lib/gopher.c [8:8] + lib/h2h3.c [8:8] + lib/h2h3.h [10:10] + lib/hostip.c [8:8] + lib/http.c [8:8] + lib/http.h [10:10] + lib/http2.c [8:8] + lib/http_aws_sigv4.c [8:8] + lib/http_chunks.c [8:8] + lib/http_negotiate.c [8:8] + lib/http_ntlm.c [8:8] + lib/http_proxy.c [8:8] + lib/if2ip.c [8:8] + lib/imap.c [8:8] + lib/ldap.c [8:8] + lib/md5.c [8:8] + lib/mime.c [8:8] + lib/mime.h [10:10] + lib/multi.c [8:8] + lib/nonblock.c [8:8] + lib/pingpong.c [8:8] + lib/pop3.c [8:8] + lib/rtsp.c [8:8] + lib/select.c [8:8] + lib/select.h [10:10] + lib/sendf.c [8:8] + lib/setopt.c [8:8] + lib/smtp.c [8:8] lib/socks.c [8:8] + lib/strcase.c [8:8] + lib/strcase.h [10:10] + lib/telnet.c [8:8] + lib/tftp.c [8:8] + lib/transfer.c [8:8] + lib/transfer.h [10:10] lib/url.c [8:8] + lib/url.h [10:10] lib/urlapi.c [8:8] + lib/urldata.h [10:10] + lib/vauth/digest.c [8:8] + lib/vauth/ntlm.c [8:8] + lib/vauth/spnego_gssapi.c [8:8] + lib/vauth/spnego_sspi.c [8:8] + lib/version.c [8:8] + lib/vquic/ngtcp2.c [8:8] + lib/vquic/quiche.c [8:8] + lib/vquic/vquic.c [8:8] + lib/vssh/libssh2.c [8:8] + lib/vtls/gskit.c [8:8] + lib/vtls/gtls.c [8:8] + lib/vtls/hostcheck.c [8:8] + lib/vtls/hostcheck.h [10:10] + lib/vtls/nss.c [8:8] + lib/vtls/openssl.c [8:8] + lib/vtls/openssl.h [10:10] + lib/vtls/vtls.c [8:8] + lib/vtls/vtls.h [10:10] + lib/vtls/wolfssl.c [8:8] + lib/vtls/x509asn1.c [8:8] + lib/vtls/x509asn1.h [11:11] + +KEEP COPYRIGHT_SERVICE_LABEL 62e3d3c1807826946ebb38745e503228 +BELONGS ya.make + License text: + * Copyright (C) 2016 - 2022, Steve Holme, <steve_holme@hotmail.com>. + Scancode info: + Original SPDX id: COPYRIGHT_SERVICE_LABEL + Score : 100.00 + Match type : COPYRIGHT + Files with this license: + lib/version_win32.c [8:8] KEEP COPYRIGHT_SERVICE_LABEL 67beade75b70a2c2bc8e7b71eb5b5ea3 BELONGS ya.make @@ -542,6 +583,17 @@ BELONGS ya.make lib/bufref.c [8:8] lib/bufref.h [10:10] +KEEP COPYRIGHT_SERVICE_LABEL 6d3268b8c6a666d1f50ddc464237fc8d +BELONGS ya.make + License text: + * Copyright (C) 1998 - 2020, 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + Scancode info: + Original SPDX id: COPYRIGHT_SERVICE_LABEL + Score : 100.00 + Match type : COPYRIGHT + Files with this license: + lib/if2ip.h [10:10] + KEEP COPYRIGHT_SERVICE_LABEL 6feef5fca9290bd2166cd3c8cc470230 BELONGS ya.make License text: @@ -564,6 +616,18 @@ BELONGS ya.make Files with this license: lib/vtls/bearssl.h [10:10] +KEEP COPYRIGHT_SERVICE_LABEL 76e441c051a6f006513fb7754477af99 +BELONGS ya.make + License text: + Copyright (c) 1996 - 2022, Daniel Stenberg, <daniel@haxx.se>, and many + contributors, see the THANKS file. + Scancode info: + Original SPDX id: COPYRIGHT_SERVICE_LABEL + Score : 100.00 + Match type : COPYRIGHT + Files with this license: + COPYING [3:4] + KEEP COPYRIGHT_SERVICE_LABEL 7d6b98720b081e851b6f7a908ca2e809 BELONGS ya.make License text: @@ -610,14 +674,9 @@ BELONGS ya.make include/curl/easy.h [10:10] include/curl/mprintf.h [10:10] include/curl/stdcheaders.h [10:10] - include/curl/system.h [10:10] lib/amigaos.h [10:10] lib/arpa_telnet.h [10:10] - lib/base64.c [8:8] lib/curl_addrinfo.h [10:10] - lib/curl_base64.h [10:10] - lib/curl_ctype.c [8:8] - lib/curl_ctype.h [10:10] lib/curl_fnmatch.c [8:8] lib/curl_fnmatch.h [10:10] lib/curl_get_line.h [10:10] @@ -634,27 +693,21 @@ BELONGS ya.make lib/curl_threads.h [10:10] lib/curlx.h [10:10] lib/dict.h [10:10] - lib/dotdot.c [8:8] lib/dotdot.h [10:10] lib/easyif.h [10:10] lib/easyoptions.h [10:10] - lib/escape.c [8:8] - lib/escape.h [10:10] lib/file.h [10:10] lib/ftplistparser.h [10:10] lib/getenv.c [8:8] lib/getinfo.h [10:10] lib/gopher.h [10:10] lib/hmac.c [8:8] - lib/hostcheck.h [10:10] lib/idn_win32.c [8:8] - lib/if2ip.h [10:10] lib/inet_ntop.h [10:10] lib/inet_pton.h [10:10] lib/llist.h [10:10] lib/memdebug.h [11:11] lib/netrc.h [10:10] - lib/non-ascii.h [10:10] lib/nonblock.h [10:10] lib/parsedate.c [8:8] lib/parsedate.h [10:10] @@ -667,8 +720,6 @@ BELONGS ya.make lib/sockaddr.h [10:10] lib/speedcheck.c [8:8] lib/speedcheck.h [10:10] - lib/strcase.c [8:8] - lib/strcase.h [10:10] lib/strerror.h [10:10] lib/strtok.c [8:8] lib/strtok.h [10:10] @@ -679,11 +730,9 @@ BELONGS ya.make lib/timeval.h [10:10] lib/vauth/digest.h [10:10] lib/vauth/ntlm.h [10:10] - lib/vquic/vquic.c [8:8] lib/vtls/gskit.h [10:10] lib/vtls/keylog.c [8:8] lib/vtls/keylog.h [10:10] - lib/vtls/mesalink.h [10:11] lib/vtls/nssg.h [10:10] lib/vtls/wolfssl.h [10:10] lib/wildcard.c [8:8] @@ -692,7 +741,7 @@ KEEP COPYRIGHT_SERVICE_LABEL 87014353af9fe7d866b14d24d84b2406 BELONGS ya.make License text: * Copyright (C) 2012 - 2016, Linus Nielsen Feltzing, <linus@haxx.se> - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 @@ -700,30 +749,29 @@ BELONGS ya.make Files with this license: lib/conncache.c [8:9] -KEEP COPYRIGHT_SERVICE_LABEL 8cbbee0a8c1ab551232d9a35c27d25b2 +KEEP COPYRIGHT_SERVICE_LABEL 89b7c525128593b0cddb397594360c7b BELONGS ya.make License text: - * Copyright (C) 2019 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2004 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 Match type : COPYRIGHT Files with this license: - lib/altsvc.c [8:8] - lib/socketpair.c [8:8] - lib/socketpair.h [10:10] - lib/vssh/wolfssh.c [8:8] + lib/strerror.c [8:8] -KEEP COPYRIGHT_SERVICE_LABEL 90cdf298ce2c585659435307b15f1c38 +KEEP COPYRIGHT_SERVICE_LABEL 8cbbee0a8c1ab551232d9a35c27d25b2 BELONGS ya.make License text: - * Copyright (C) 2015 - 2021, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2019 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 Match type : COPYRIGHT Files with this license: - lib/curl_des.c [8:8] + lib/socketpair.c [8:8] + lib/socketpair.h [10:10] + lib/vssh/wolfssh.c [8:8] KEEP COPYRIGHT_SERVICE_LABEL 90ce0ec9551a9d561300240060256dff BELONGS ya.make @@ -747,52 +795,65 @@ BELONGS ya.make Match type : COPYRIGHT Files with this license: lib/curl_gssapi.c [8:8] - lib/openldap.c [8:9] -KEEP COPYRIGHT_SERVICE_LABEL 91bad89298b9794d69d621c727121508 +KEEP COPYRIGHT_SERVICE_LABEL 9d962b7054a48ee0efeaca166b582707 BELONGS ya.make License text: - * Copyright (C) 2017 - 2021 Red Hat, Inc. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 Match type : COPYRIGHT Files with this license: - lib/vssh/libssh.c [8:8] + lib/vtls/mbedtls.c [8:9] -KEEP COPYRIGHT_SERVICE_LABEL 9af388c33e2999a349bb35c94b01ec67 +KEEP COPYRIGHT_SERVICE_LABEL 9e4cccedbf78612626fd7b6037c8b7d9 BELONGS ya.make License text: - * Copyright (C) 2015 - 2020, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2016 - 2020, Steve Holme, <steve_holme@hotmail.com>. Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 Match type : COPYRIGHT Files with this license: - lib/curl_des.h [10:10] + lib/system_win32.h [10:10] -KEEP COPYRIGHT_SERVICE_LABEL 9d962b7054a48ee0efeaca166b582707 +KEEP COPYRIGHT_SERVICE_LABEL a060e6848444d4e55533127fb0b2671e BELONGS ya.make License text: - * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. - * Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> + * Copyright (C) 2014 - 2022, Steve Holme, <steve_holme@hotmail.com>. Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 Match type : COPYRIGHT Files with this license: - lib/vtls/mbedtls.c [8:9] + lib/vauth/vauth.h [10:10] -KEEP COPYRIGHT_SERVICE_LABEL 9e4cccedbf78612626fd7b6037c8b7d9 +KEEP COPYRIGHT_SERVICE_LABEL a46c3bea23632ec90129969fcf305c55 BELONGS ya.make License text: - * Copyright (C) 2016 - 2020, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 2004 - 2022 Daniel Stenberg + * All rights reserved. Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 Match type : COPYRIGHT Files with this license: - lib/system_win32.h [10:10] + lib/krb5.c [3:6] + +KEEP COPYRIGHT_SERVICE_LABEL a648c2cbbfd8a0722d79ba1a21c564fa +BELONGS ya.make + License text: + * Copyright (C) 2017 - 2022 Red Hat, Inc. + Scancode info: + Original SPDX id: COPYRIGHT_SERVICE_LABEL + Score : 100.00 + Match type : COPYRIGHT + Files with this license: + lib/vssh/libssh.c [8:8] KEEP COPYRIGHT_SERVICE_LABEL a708a3265e6d737aa48aa8db4c364178 BELONGS ya.make @@ -805,7 +866,6 @@ BELONGS ya.make Files with this license: lib/vauth/krb5_sspi.c [8:8] lib/vauth/vauth.c [8:8] - lib/vauth/vauth.h [10:10] KEEP COPYRIGHT_SERVICE_LABEL aa5c639ebb1d16024e37af0e0fff3962 BELONGS ya.make @@ -831,17 +891,6 @@ BELONGS ya.make lib/vtls/schannel.c [8:10] lib/vtls/schannel_verify.c [8:10] -KEEP COPYRIGHT_SERVICE_LABEL b5990c4e18bb3ef231f623acffa7a4a6 -BELONGS ya.make - License text: - * Copyright (C) 1999 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. - Scancode info: - Original SPDX id: COPYRIGHT_SERVICE_LABEL - Score : 100.00 - Match type : COPYRIGHT - Files with this license: - lib/mprintf.c [8:8] - KEEP COPYRIGHT_SERVICE_LABEL b9fa8adc6606591b18a8ad18fcdaf1fe BELONGS ya.make License text: @@ -857,7 +906,7 @@ BELONGS ya.make KEEP COPYRIGHT_SERVICE_LABEL c7f0e7aa6c4780bfd159a06d4c4c86b5 BELONGS ya.make License text: - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2012 - 2017, Nick Zitzmann, <nickzman@gmail.com>. Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL @@ -902,19 +951,6 @@ BELONGS ya.make Files with this license: lib/socks_sspi.c [8:9] -KEEP COPYRIGHT_SERVICE_LABEL d04bf69f9ae014a9eae00cff993771cc -BELONGS ya.make - License text: - * Copyright (C) 2017 - 2018, Yiming Jing, <jingyiming@baidu.com> - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. - Scancode info: - Original SPDX id: COPYRIGHT_SERVICE_LABEL - Score : 100.00 - Match type : COPYRIGHT - Files with this license: - lib/vtls/mesalink.c [8:9] - lib/vtls/mesalink.h [10:11] - KEEP COPYRIGHT_SERVICE_LABEL d9d1179eb82d7aee891a08ec5afdcb95 BELONGS ya.make License text: @@ -926,17 +962,6 @@ BELONGS ya.make Files with this license: lib/easyoptions.c [8:8] -KEEP COPYRIGHT_SERVICE_LABEL daaae7cab1a3d2e1f1eed231c0d3fdbd -BELONGS ya.make - License text: - * Copyright (C) 2004 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. - Scancode info: - Original SPDX id: COPYRIGHT_SERVICE_LABEL - Score : 100.00 - Match type : COPYRIGHT - Files with this license: - lib/strerror.c [8:8] - KEEP COPYRIGHT_SERVICE_LABEL dbf0d6aead9c6b94668a75987efe320c BELONGS ya.make License text: @@ -971,7 +996,6 @@ BELONGS ya.make Match type : COPYRIGHT Files with this license: lib/system_win32.c [8:8] - lib/version_win32.c [8:8] lib/version_win32.h [10:10] KEEP COPYRIGHT_SERVICE_LABEL e0c20beb084ce5dc172fdc6fbf9b54a5 @@ -985,22 +1009,23 @@ BELONGS ya.make Files with this license: lib/inet_pton.c [3:3] -KEEP COPYRIGHT_SERVICE_LABEL e0d1701a5a15c429dd6d54ccbadea738 +KEEP COPYRIGHT_SERVICE_LABEL e32b7f2aa13d077a35593b170bfdd1d9 BELONGS ya.make License text: - * Copyright (C) 2019 - 2021, Michael Forney, <mforney@mforney.org> + * Copyright (C) 2016 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2014, Bill Nagel <wnagel@tycoint.com>, Exacq Technologies Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 Match type : COPYRIGHT Files with this license: - lib/vtls/bearssl.c [8:8] + lib/smb.c [8:9] KEEP COPYRIGHT_SERVICE_LABEL f16ff514c9ef356f1de2d6e9544a4f35 BELONGS ya.make License text: * Copyright (C) 2012, Marc Hoersken, <info@marc-hoersken.de>, et al. - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 @@ -1028,7 +1053,7 @@ BELONGS ya.make Match type : COPYRIGHT Files with this license: lib/md4.c [226:231] - lib/md5.c [224:229] + lib/md5.c [262:267] KEEP COPYRIGHT_SERVICE_LABEL f5681c9f9526985592061799304792ee BELONGS ya.make @@ -1051,8 +1076,30 @@ BELONGS ya.make Match type : COPYRIGHT Files with this license: include/curl/urlapi.h [10:10] + lib/doh.h [10:10] + lib/smb.h [10:11] + +KEEP COPYRIGHT_SERVICE_LABEL f6fba16e38a040959af6a0082f24b315 +BELONGS ya.make + License text: + * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + Scancode info: + Original SPDX id: COPYRIGHT_SERVICE_LABEL + Score : 100.00 + Match type : COPYRIGHT + Files with this license: + lib/altsvc.c [8:8] + +KEEP COPYRIGHT_SERVICE_LABEL fe205fd73b9be07bd9a20b09c345f2ec +BELONGS ya.make + License text: + * Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com> + * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + Scancode info: + Original SPDX id: COPYRIGHT_SERVICE_LABEL + Score : 100.00 + Match type : COPYRIGHT + Files with this license: lib/curl_sha256.h [10:11] lib/doh.c [8:8] - lib/doh.h [10:10] lib/sha256.c [8:9] - lib/smb.h [10:11] diff --git a/contrib/libs/curl/.yandex_meta/devtools.licenses.report b/contrib/libs/curl/.yandex_meta/devtools.licenses.report index abf561b320..7a01a7f9e6 100644 --- a/contrib/libs/curl/.yandex_meta/devtools.licenses.report +++ b/contrib/libs/curl/.yandex_meta/devtools.licenses.report @@ -38,14 +38,14 @@ BELONGS ya.make Match type : NOTICE Links : http://www.linfo.org/publicdomain.html, https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/public-domain.LICENSE Files with this license: - lib/md5.c [219:236] + lib/md5.c [257:274] Scancode info: Original SPDX id: LicenseRef-scancode-other-permissive Score : 98.04 Match type : NOTICE Links : https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/other-permissive.LICENSE Files with this license: - lib/md5.c [219:236] + lib/md5.c [257:274] KEEP Public-Domain 18ed429b519e9abeeb3f768979574386 BELONGS ya.make @@ -65,17 +65,6 @@ BELONGS ya.make Files with this license: lib/md4.c [221:238] -KEEP curl 22ab1475a8e38f13b0b81e2e769b5d69 -BELONGS ya.make - Note: matched license text is too long. Read it in the source files. - Scancode info: - Original SPDX id: curl - Score : 89.53 - Match type : TEXT - Links : http://curl.haxx.se/, http://curl.haxx.se/docs/copyright.html, https://spdx.org/licenses/curl - Files with this license: - COPYING [1:22] - KEEP ISC a320c8c85dbcdf0a6f3f24f0dc7abbbb BELONGS ya.make Note: matched license text is too long. Read it in the source files. @@ -100,7 +89,7 @@ BELONGS ya.make KEEP curl a3ae8291721a79f582bf5823c43adb47 BELONGS ya.make -FILE_INCLUDE COPYING found in files: include/curl/curl.h at line 12, include/curl/curl.h at line 18, include/curl/curlver.h at line 12, include/curl/curlver.h at line 18, include/curl/easy.h at line 12, include/curl/easy.h at line 18, include/curl/mprintf.h at line 12, include/curl/mprintf.h at line 18, include/curl/multi.h at line 12, include/curl/multi.h at line 18, include/curl/options.h at line 12, include/curl/options.h at line 18, include/curl/stdcheaders.h at line 12, include/curl/stdcheaders.h at line 18, include/curl/system.h at line 12, include/curl/system.h at line 18, include/curl/typecheck-gcc.h at line 12, include/curl/typecheck-gcc.h at line 18, include/curl/urlapi.h at line 12, include/curl/urlapi.h at line 18, lib/altsvc.c at line 10, lib/altsvc.c at line 16, lib/altsvc.h at line 12, lib/altsvc.h at line 18, lib/amigaos.c at line 10, lib/amigaos.c at line 16, lib/amigaos.h at line 12, lib/amigaos.h at line 18, lib/arpa_telnet.h at line 12, lib/arpa_telnet.h at line 18, lib/asyn-ares.c at line 10, lib/asyn-ares.c at line 16, lib/asyn-thread.c at line 10, lib/asyn-thread.c at line 16, lib/asyn.h at line 12, lib/asyn.h at line 18, lib/base64.c at line 10, lib/base64.c at line 16, lib/bufref.c at line 10, lib/bufref.c at line 16, lib/bufref.h at line 12, lib/bufref.h at line 18, lib/conncache.c at line 11, lib/conncache.c at line 17, lib/conncache.h at line 13, lib/conncache.h at line 19, lib/connect.c at line 10, lib/connect.c at line 16, lib/connect.h at line 12, lib/connect.h at line 18, lib/content_encoding.c at line 10, lib/content_encoding.c at line 16, lib/content_encoding.h at line 12, lib/content_encoding.h at line 18, lib/cookie.c at line 10, lib/cookie.c at line 16, lib/cookie.h at line 12, lib/cookie.h at line 18, lib/curl_addrinfo.c at line 10, lib/curl_addrinfo.c at line 16, lib/curl_addrinfo.h at line 12, lib/curl_addrinfo.h at line 18, lib/curl_base64.h at line 12, lib/curl_base64.h at line 18, lib/curl_ctype.c at line 10, lib/curl_ctype.c at line 16, lib/curl_ctype.h at line 12, lib/curl_ctype.h at line 18, lib/curl_des.c at line 10, lib/curl_des.c at line 16, lib/curl_des.h at line 12, lib/curl_des.h at line 18, lib/curl_endian.c at line 10, lib/curl_endian.c at line 16, lib/curl_endian.h at line 12, lib/curl_endian.h at line 18, lib/curl_fnmatch.c at line 10, lib/curl_fnmatch.c at line 16, lib/curl_fnmatch.h at line 12, lib/curl_fnmatch.h at line 18, lib/curl_get_line.c at line 10, lib/curl_get_line.c at line 16, lib/curl_get_line.h at line 12, lib/curl_get_line.h at line 18, lib/curl_gethostname.c at line 10, lib/curl_gethostname.c at line 16, lib/curl_gethostname.h at line 12, lib/curl_gethostname.h at line 18, lib/curl_gssapi.c at line 10, lib/curl_gssapi.c at line 16, lib/curl_hmac.h at line 12, lib/curl_hmac.h at line 18, lib/curl_krb5.h at line 12, lib/curl_krb5.h at line 18, lib/curl_ldap.h at line 12, lib/curl_ldap.h at line 18, lib/curl_md4.h at line 12, lib/curl_md4.h at line 18, lib/curl_md5.h at line 12, lib/curl_md5.h at line 18, lib/curl_memory.h at line 12, lib/curl_memory.h at line 18, lib/curl_memrchr.c at line 10, lib/curl_memrchr.c at line 16, lib/curl_memrchr.h at line 12, lib/curl_memrchr.h at line 18, lib/curl_multibyte.c at line 10, lib/curl_multibyte.c at line 16, lib/curl_multibyte.h at line 12, lib/curl_multibyte.h at line 18, lib/curl_ntlm_core.c at line 10, lib/curl_ntlm_core.c at line 16, lib/curl_ntlm_core.h at line 12, lib/curl_ntlm_core.h at line 18, lib/curl_ntlm_wb.c at line 10, lib/curl_ntlm_wb.c at line 16, lib/curl_ntlm_wb.h at line 12, lib/curl_ntlm_wb.h at line 18, lib/curl_path.c at line 10, lib/curl_path.c at line 16, lib/curl_printf.h at line 12, lib/curl_printf.h at line 18, lib/curl_range.c at line 10, lib/curl_range.c at line 16, lib/curl_range.h at line 12, lib/curl_range.h at line 18, lib/curl_rtmp.c at line 11, lib/curl_rtmp.c at line 17, lib/curl_rtmp.h at line 12, lib/curl_rtmp.h at line 18, lib/curl_sasl.c at line 10, lib/curl_sasl.c at line 16, lib/curl_sasl.h at line 12, lib/curl_sasl.h at line 18, lib/curl_setup.h at line 12, lib/curl_setup.h at line 18, lib/curl_setup_once.h at line 12, lib/curl_setup_once.h at line 18, lib/curl_sha256.h at line 13, lib/curl_sha256.h at line 19, lib/curl_sspi.c at line 10, lib/curl_sspi.c at line 16, lib/curl_sspi.h at line 12, lib/curl_sspi.h at line 18, lib/curl_threads.c at line 10, lib/curl_threads.c at line 16, lib/curl_threads.h at line 12, lib/curl_threads.h at line 18, lib/curlx.h at line 12, lib/curlx.h at line 18, lib/dict.c at line 10, lib/dict.c at line 16, lib/dict.h at line 12, lib/dict.h at line 18, lib/doh.c at line 10, lib/doh.c at line 16, lib/doh.h at line 12, lib/doh.h at line 18, lib/dotdot.c at line 10, lib/dotdot.c at line 16, lib/dotdot.h at line 12, lib/dotdot.h at line 18, lib/dynbuf.c at line 10, lib/dynbuf.c at line 16, lib/dynbuf.h at line 12, lib/dynbuf.h at line 18, lib/easy.c at line 10, lib/easy.c at line 16, lib/easygetopt.c at line 10, lib/easygetopt.c at line 16, lib/easyif.h at line 12, lib/easyif.h at line 18, lib/easyoptions.c at line 10, lib/easyoptions.c at line 16, lib/easyoptions.h at line 12, lib/easyoptions.h at line 18, lib/escape.c at line 10, lib/escape.c at line 16, lib/escape.h at line 12, lib/escape.h at line 18, lib/file.c at line 10, lib/file.c at line 16, lib/file.h at line 12, lib/file.h at line 18, lib/fileinfo.c at line 10, lib/fileinfo.c at line 16, lib/fileinfo.h at line 12, lib/fileinfo.h at line 18, lib/formdata.c at line 10, lib/formdata.c at line 16, lib/formdata.h at line 12, lib/formdata.h at line 18, lib/ftp.c at line 10, lib/ftp.c at line 16, lib/ftp.h at line 12, lib/ftp.h at line 18, lib/ftplistparser.c at line 10, lib/ftplistparser.c at line 16, lib/ftplistparser.h at line 12, lib/ftplistparser.h at line 18, lib/getenv.c at line 10, lib/getenv.c at line 16, lib/getinfo.c at line 10, lib/getinfo.c at line 16, lib/getinfo.h at line 12, lib/getinfo.h at line 18, lib/gopher.c at line 10, lib/gopher.c at line 16, lib/gopher.h at line 12, lib/gopher.h at line 18, lib/hash.c at line 10, lib/hash.c at line 16, lib/hash.h at line 12, lib/hash.h at line 18, lib/hmac.c at line 10, lib/hmac.c at line 16, lib/hostasyn.c at line 10, lib/hostasyn.c at line 16, lib/hostcheck.c at line 10, lib/hostcheck.c at line 16, lib/hostcheck.h at line 12, lib/hostcheck.h at line 18, lib/hostip.c at line 10, lib/hostip.c at line 16, lib/hostip.h at line 12, lib/hostip.h at line 18, lib/hostip4.c at line 10, lib/hostip4.c at line 16, lib/hostip6.c at line 10, lib/hostip6.c at line 16, lib/hostsyn.c at line 10, lib/hostsyn.c at line 16, lib/hsts.c at line 10, lib/hsts.c at line 16, lib/hsts.h at line 12, lib/hsts.h at line 18, lib/http.c at line 10, lib/http.c at line 16, lib/http.h at line 12, lib/http.h at line 18, lib/http2.c at line 10, lib/http2.c at line 16, lib/http2.h at line 12, lib/http2.h at line 18, lib/http_chunks.c at line 10, lib/http_chunks.c at line 16, lib/http_chunks.h at line 12, lib/http_chunks.h at line 18, lib/http_digest.c at line 10, lib/http_digest.c at line 16, lib/http_digest.h at line 12, lib/http_digest.h at line 18, lib/http_negotiate.c at line 10, lib/http_negotiate.c at line 16, lib/http_negotiate.h at line 12, lib/http_negotiate.h at line 18, lib/http_ntlm.c at line 10, lib/http_ntlm.c at line 16, lib/http_ntlm.h at line 12, lib/http_ntlm.h at line 18, lib/http_proxy.c at line 10, lib/http_proxy.c at line 16, lib/http_proxy.h at line 12, lib/http_proxy.h at line 18, lib/idn_win32.c at line 10, lib/idn_win32.c at line 16, lib/if2ip.c at line 10, lib/if2ip.c at line 16, lib/if2ip.h at line 12, lib/if2ip.h at line 18, lib/imap.c at line 10, lib/imap.c at line 16, lib/imap.h at line 12, lib/imap.h at line 18, lib/inet_ntop.h at line 12, lib/inet_ntop.h at line 18, lib/inet_pton.h at line 12, lib/inet_pton.h at line 18, lib/ldap.c at line 10, lib/ldap.c at line 16, lib/llist.c at line 10, lib/llist.c at line 16, lib/llist.h at line 12, lib/llist.h at line 18, lib/md4.c at line 10, lib/md4.c at line 16, lib/md5.c at line 10, lib/md5.c at line 16, lib/memdebug.c at line 10, lib/memdebug.c at line 16, lib/memdebug.h at line 13, lib/memdebug.h at line 19, lib/mime.c at line 10, lib/mime.c at line 16, lib/mime.h at line 12, lib/mime.h at line 18, lib/mprintf.c at line 10, lib/mprintf.c at line 16, lib/mqtt.c at line 11, lib/mqtt.c at line 17, lib/mqtt.h at line 12, lib/mqtt.h at line 18, lib/multi.c at line 10, lib/multi.c at line 16, lib/multihandle.h at line 12, lib/multihandle.h at line 18, lib/multiif.h at line 12, lib/multiif.h at line 18, lib/netrc.c at line 10, lib/netrc.c at line 16, lib/netrc.h at line 12, lib/netrc.h at line 18, lib/non-ascii.c at line 10, lib/non-ascii.c at line 16, lib/non-ascii.h at line 12, lib/non-ascii.h at line 18, lib/nonblock.c at line 10, lib/nonblock.c at line 16, lib/nonblock.h at line 12, lib/nonblock.h at line 18, lib/openldap.c at line 11, lib/openldap.c at line 17, lib/parsedate.c at line 10, lib/parsedate.c at line 16, lib/parsedate.h at line 12, lib/parsedate.h at line 18, lib/pingpong.c at line 10, lib/pingpong.c at line 16, lib/pingpong.h at line 12, lib/pingpong.h at line 18, lib/pop3.c at line 10, lib/pop3.c at line 16, lib/pop3.h at line 12, lib/pop3.h at line 18, lib/progress.c at line 10, lib/progress.c at line 16, lib/progress.h at line 12, lib/progress.h at line 18, lib/psl.c at line 10, lib/psl.c at line 16, lib/psl.h at line 12, lib/psl.h at line 18, lib/quic.h at line 12, lib/quic.h at line 18, lib/rand.c at line 10, lib/rand.c at line 16, lib/rand.h at line 12, lib/rand.h at line 18, lib/rename.c at line 10, lib/rename.c at line 16, lib/rename.h at line 12, lib/rename.h at line 18, lib/rtsp.c at line 10, lib/rtsp.c at line 16, lib/rtsp.h at line 12, lib/rtsp.h at line 18, lib/select.c at line 10, lib/select.c at line 16, lib/select.h at line 12, lib/select.h at line 18, lib/sendf.c at line 10, lib/sendf.c at line 16, lib/sendf.h at line 12, lib/sendf.h at line 18, lib/setopt.c at line 10, lib/setopt.c at line 16, lib/setopt.h at line 12, lib/setopt.h at line 18, lib/setup-win32.h at line 12, lib/setup-win32.h at line 18, lib/sha256.c at line 11, lib/sha256.c at line 17, lib/share.c at line 10, lib/share.c at line 16, lib/share.h at line 12, lib/share.h at line 18, lib/sigpipe.h at line 12, lib/sigpipe.h at line 18, lib/slist.c at line 10, lib/slist.c at line 16, lib/slist.h at line 12, lib/slist.h at line 18, lib/smb.c at line 11, lib/smb.c at line 17, lib/smb.h at line 13, lib/smb.h at line 19, lib/smtp.c at line 10, lib/smtp.c at line 16, lib/smtp.h at line 12, lib/smtp.h at line 18, lib/sockaddr.h at line 12, lib/sockaddr.h at line 18, lib/socketpair.c at line 10, lib/socketpair.c at line 16, lib/socketpair.h at line 12, lib/socketpair.h at line 18, lib/socks.c at line 10, lib/socks.c at line 16, lib/socks.h at line 12, lib/socks.h at line 18, lib/socks_gssapi.c at line 11, lib/socks_gssapi.c at line 17, lib/socks_sspi.c at line 11, lib/socks_sspi.c at line 17, lib/speedcheck.c at line 10, lib/speedcheck.c at line 16, lib/speedcheck.h at line 12, lib/speedcheck.h at line 18, lib/splay.c at line 10, lib/splay.c at line 16, lib/splay.h at line 12, lib/splay.h at line 18, lib/strcase.c at line 10, lib/strcase.c at line 16, lib/strcase.h at line 12, lib/strcase.h at line 18, lib/strdup.c at line 10, lib/strdup.c at line 16, lib/strdup.h at line 12, lib/strdup.h at line 18, lib/strerror.c at line 10, lib/strerror.c at line 16, lib/strerror.h at line 12, lib/strerror.h at line 18, lib/strtok.c at line 10, lib/strtok.c at line 16, lib/strtok.h at line 12, lib/strtok.h at line 18, lib/strtoofft.c at line 10, lib/strtoofft.c at line 16, lib/strtoofft.h at line 12, lib/strtoofft.h at line 18, lib/system_win32.c at line 10, lib/system_win32.c at line 16, lib/system_win32.h at line 12, lib/system_win32.h at line 18, lib/telnet.c at line 10, lib/telnet.c at line 16, lib/telnet.h at line 12, lib/telnet.h at line 18, lib/tftp.c at line 10, lib/tftp.c at line 16, lib/tftp.h at line 12, lib/tftp.h at line 18, lib/timeval.c at line 10, lib/timeval.c at line 16, lib/timeval.h at line 12, lib/timeval.h at line 18, lib/transfer.c at line 10, lib/transfer.c at line 16, lib/transfer.h at line 12, lib/transfer.h at line 18, lib/url.c at line 10, lib/url.c at line 16, lib/url.h at line 12, lib/url.h at line 18, lib/urlapi-int.h at line 12, lib/urlapi-int.h at line 18, lib/urlapi.c at line 10, lib/urlapi.c at line 16, lib/urldata.h at line 12, lib/urldata.h at line 18, lib/vauth/cleartext.c at line 10, lib/vauth/cleartext.c at line 16, lib/vauth/cram.c at line 10, lib/vauth/cram.c at line 16, lib/vauth/digest.c at line 10, lib/vauth/digest.c at line 16, lib/vauth/digest.h at line 12, lib/vauth/digest.h at line 18, lib/vauth/digest_sspi.c at line 11, lib/vauth/digest_sspi.c at line 17, lib/vauth/gsasl.c at line 10, lib/vauth/gsasl.c at line 16, lib/vauth/krb5_gssapi.c at line 11, lib/vauth/krb5_gssapi.c at line 17, lib/vauth/krb5_sspi.c at line 10, lib/vauth/krb5_sspi.c at line 16, lib/vauth/ntlm.c at line 10, lib/vauth/ntlm.c at line 16, lib/vauth/ntlm.h at line 12, lib/vauth/ntlm.h at line 18, lib/vauth/ntlm_sspi.c at line 10, lib/vauth/ntlm_sspi.c at line 16, lib/vauth/oauth2.c at line 10, lib/vauth/oauth2.c at line 16, lib/vauth/spnego_gssapi.c at line 10, lib/vauth/spnego_gssapi.c at line 16, lib/vauth/spnego_sspi.c at line 10, lib/vauth/spnego_sspi.c at line 16, lib/vauth/vauth.c at line 10, lib/vauth/vauth.c at line 16, lib/vauth/vauth.h at line 12, lib/vauth/vauth.h at line 18, lib/version.c at line 10, lib/version.c at line 16, lib/version_win32.c at line 10, lib/version_win32.c at line 16, lib/version_win32.h at line 12, lib/version_win32.h at line 18, lib/vquic/ngtcp2.c at line 10, lib/vquic/ngtcp2.c at line 16, lib/vquic/quiche.c at line 10, lib/vquic/quiche.c at line 16, lib/vquic/vquic.c at line 10, lib/vquic/vquic.c at line 16, lib/vssh/libssh.c at line 13, lib/vssh/libssh.c at line 19, lib/vssh/libssh2.c at line 10, lib/vssh/libssh2.c at line 16, lib/vssh/ssh.h at line 12, lib/vssh/ssh.h at line 18, lib/vssh/wolfssh.c at line 10, lib/vssh/wolfssh.c at line 16, lib/vtls/bearssl.c at line 10, lib/vtls/bearssl.c at line 16, lib/vtls/bearssl.h at line 12, lib/vtls/bearssl.h at line 18, lib/vtls/gskit.c at line 10, lib/vtls/gskit.c at line 16, lib/vtls/gskit.h at line 12, lib/vtls/gskit.h at line 18, lib/vtls/gtls.c at line 10, lib/vtls/gtls.c at line 16, lib/vtls/gtls.h at line 12, lib/vtls/gtls.h at line 18, lib/vtls/keylog.c at line 10, lib/vtls/keylog.c at line 16, lib/vtls/keylog.h at line 12, lib/vtls/keylog.h at line 18, lib/vtls/mbedtls.c at line 11, lib/vtls/mbedtls.c at line 17, lib/vtls/mbedtls.h at line 13, lib/vtls/mbedtls.h at line 19, lib/vtls/mbedtls_threadlock.c at line 11, lib/vtls/mbedtls_threadlock.c at line 17, lib/vtls/mesalink.c at line 11, lib/vtls/mesalink.c at line 17, lib/vtls/mesalink.h at line 13, lib/vtls/mesalink.h at line 19, lib/vtls/nss.c at line 10, lib/vtls/nss.c at line 16, lib/vtls/nssg.h at line 12, lib/vtls/nssg.h at line 18, lib/vtls/openssl.c at line 10, lib/vtls/openssl.c at line 16, lib/vtls/openssl.h at line 12, lib/vtls/openssl.h at line 18, lib/vtls/rustls.c at line 11, lib/vtls/rustls.c at line 17, lib/vtls/rustls.h at line 11, lib/vtls/rustls.h at line 17, lib/vtls/schannel.c at line 12, lib/vtls/schannel.c at line 18, lib/vtls/schannel.h at line 13, lib/vtls/schannel.h at line 19, lib/vtls/schannel_verify.c at line 12, lib/vtls/schannel_verify.c at line 18, lib/vtls/sectransp.c at line 11, lib/vtls/sectransp.c at line 17, lib/vtls/sectransp.h at line 13, lib/vtls/sectransp.h at line 19, lib/vtls/vtls.c at line 10, lib/vtls/vtls.c at line 16, lib/vtls/vtls.h at line 12, lib/vtls/vtls.h at line 18, lib/vtls/wolfssl.c at line 10, lib/vtls/wolfssl.c at line 16, lib/vtls/wolfssl.h at line 12, lib/vtls/wolfssl.h at line 18, lib/warnless.c at line 10, lib/warnless.c at line 16, lib/warnless.h at line 12, lib/warnless.h at line 18, lib/wildcard.c at line 10, lib/wildcard.c at line 16, lib/wildcard.h at line 12, lib/wildcard.h at line 18, lib/x509asn1.c at line 10, lib/x509asn1.c at line 16, lib/x509asn1.h at line 13, lib/x509asn1.h at line 19 +FILE_INCLUDE COPYING found in files: include/curl/curl.h at line 12, include/curl/curl.h at line 18, include/curl/curlver.h at line 12, include/curl/curlver.h at line 18, include/curl/easy.h at line 12, include/curl/easy.h at line 18, include/curl/mprintf.h at line 12, include/curl/mprintf.h at line 18, include/curl/multi.h at line 12, include/curl/multi.h at line 18, include/curl/options.h at line 12, include/curl/options.h at line 18, include/curl/stdcheaders.h at line 12, include/curl/stdcheaders.h at line 18, include/curl/system.h at line 12, include/curl/system.h at line 18, include/curl/typecheck-gcc.h at line 12, include/curl/typecheck-gcc.h at line 18, include/curl/urlapi.h at line 12, include/curl/urlapi.h at line 18, lib/altsvc.c at line 10, lib/altsvc.c at line 16, lib/altsvc.h at line 12, lib/altsvc.h at line 18, lib/amigaos.c at line 10, lib/amigaos.c at line 16, lib/amigaos.h at line 12, lib/amigaos.h at line 18, lib/arpa_telnet.h at line 12, lib/arpa_telnet.h at line 18, lib/asyn-ares.c at line 10, lib/asyn-ares.c at line 16, lib/asyn-thread.c at line 10, lib/asyn-thread.c at line 16, lib/asyn.h at line 12, lib/asyn.h at line 18, lib/base64.c at line 10, lib/base64.c at line 16, lib/bufref.c at line 10, lib/bufref.c at line 16, lib/bufref.h at line 12, lib/bufref.h at line 18, lib/conncache.c at line 11, lib/conncache.c at line 17, lib/conncache.h at line 13, lib/conncache.h at line 19, lib/connect.c at line 10, lib/connect.c at line 16, lib/connect.h at line 12, lib/connect.h at line 18, lib/content_encoding.c at line 10, lib/content_encoding.c at line 16, lib/content_encoding.h at line 12, lib/content_encoding.h at line 18, lib/cookie.c at line 10, lib/cookie.c at line 16, lib/cookie.h at line 12, lib/cookie.h at line 18, lib/curl_addrinfo.c at line 10, lib/curl_addrinfo.c at line 16, lib/curl_addrinfo.h at line 12, lib/curl_addrinfo.h at line 18, lib/curl_base64.h at line 12, lib/curl_base64.h at line 18, lib/curl_ctype.c at line 10, lib/curl_ctype.c at line 16, lib/curl_ctype.h at line 12, lib/curl_ctype.h at line 18, lib/curl_des.c at line 10, lib/curl_des.c at line 16, lib/curl_des.h at line 12, lib/curl_des.h at line 18, lib/curl_endian.c at line 10, lib/curl_endian.c at line 16, lib/curl_endian.h at line 12, lib/curl_endian.h at line 18, lib/curl_fnmatch.c at line 10, lib/curl_fnmatch.c at line 16, lib/curl_fnmatch.h at line 12, lib/curl_fnmatch.h at line 18, lib/curl_get_line.c at line 10, lib/curl_get_line.c at line 16, lib/curl_get_line.h at line 12, lib/curl_get_line.h at line 18, lib/curl_gethostname.c at line 10, lib/curl_gethostname.c at line 16, lib/curl_gethostname.h at line 12, lib/curl_gethostname.h at line 18, lib/curl_gssapi.c at line 10, lib/curl_gssapi.c at line 16, lib/curl_hmac.h at line 12, lib/curl_hmac.h at line 18, lib/curl_krb5.h at line 12, lib/curl_krb5.h at line 18, lib/curl_ldap.h at line 12, lib/curl_ldap.h at line 18, lib/curl_md4.h at line 12, lib/curl_md4.h at line 18, lib/curl_md5.h at line 12, lib/curl_md5.h at line 18, lib/curl_memory.h at line 12, lib/curl_memory.h at line 18, lib/curl_memrchr.c at line 10, lib/curl_memrchr.c at line 16, lib/curl_memrchr.h at line 12, lib/curl_memrchr.h at line 18, lib/curl_multibyte.c at line 10, lib/curl_multibyte.c at line 16, lib/curl_multibyte.h at line 12, lib/curl_multibyte.h at line 18, lib/curl_ntlm_core.c at line 10, lib/curl_ntlm_core.c at line 16, lib/curl_ntlm_core.h at line 12, lib/curl_ntlm_core.h at line 18, lib/curl_ntlm_wb.c at line 10, lib/curl_ntlm_wb.c at line 16, lib/curl_ntlm_wb.h at line 12, lib/curl_ntlm_wb.h at line 18, lib/curl_path.c at line 10, lib/curl_path.c at line 16, lib/curl_printf.h at line 12, lib/curl_printf.h at line 18, lib/curl_range.c at line 10, lib/curl_range.c at line 16, lib/curl_range.h at line 12, lib/curl_range.h at line 18, lib/curl_rtmp.c at line 11, lib/curl_rtmp.c at line 17, lib/curl_rtmp.h at line 12, lib/curl_rtmp.h at line 18, lib/curl_sasl.c at line 10, lib/curl_sasl.c at line 16, lib/curl_sasl.h at line 12, lib/curl_sasl.h at line 18, lib/curl_setup.h at line 12, lib/curl_setup.h at line 18, lib/curl_setup_once.h at line 12, lib/curl_setup_once.h at line 18, lib/curl_sha256.h at line 13, lib/curl_sha256.h at line 19, lib/curl_sspi.c at line 10, lib/curl_sspi.c at line 16, lib/curl_sspi.h at line 12, lib/curl_sspi.h at line 18, lib/curl_threads.c at line 10, lib/curl_threads.c at line 16, lib/curl_threads.h at line 12, lib/curl_threads.h at line 18, lib/curlx.h at line 12, lib/curlx.h at line 18, lib/dict.c at line 10, lib/dict.c at line 16, lib/dict.h at line 12, lib/dict.h at line 18, lib/doh.c at line 10, lib/doh.c at line 16, lib/doh.h at line 12, lib/doh.h at line 18, lib/dotdot.c at line 10, lib/dotdot.c at line 16, lib/dotdot.h at line 12, lib/dotdot.h at line 18, lib/dynbuf.c at line 10, lib/dynbuf.c at line 16, lib/dynbuf.h at line 12, lib/dynbuf.h at line 18, lib/easy.c at line 10, lib/easy.c at line 16, lib/easygetopt.c at line 10, lib/easygetopt.c at line 16, lib/easyif.h at line 12, lib/easyif.h at line 18, lib/easyoptions.c at line 10, lib/easyoptions.c at line 16, lib/easyoptions.h at line 12, lib/easyoptions.h at line 18, lib/escape.c at line 10, lib/escape.c at line 16, lib/escape.h at line 12, lib/escape.h at line 18, lib/file.c at line 10, lib/file.c at line 16, lib/file.h at line 12, lib/file.h at line 18, lib/fileinfo.c at line 10, lib/fileinfo.c at line 16, lib/fileinfo.h at line 12, lib/fileinfo.h at line 18, lib/formdata.c at line 10, lib/formdata.c at line 16, lib/formdata.h at line 12, lib/formdata.h at line 18, lib/ftp.c at line 10, lib/ftp.c at line 16, lib/ftp.h at line 12, lib/ftp.h at line 18, lib/ftplistparser.c at line 10, lib/ftplistparser.c at line 16, lib/ftplistparser.h at line 12, lib/ftplistparser.h at line 18, lib/getenv.c at line 10, lib/getenv.c at line 16, lib/getinfo.c at line 10, lib/getinfo.c at line 16, lib/getinfo.h at line 12, lib/getinfo.h at line 18, lib/gopher.c at line 10, lib/gopher.c at line 16, lib/gopher.h at line 12, lib/gopher.h at line 18, lib/h2h3.c at line 10, lib/h2h3.c at line 16, lib/h2h3.h at line 12, lib/h2h3.h at line 18, lib/hash.c at line 10, lib/hash.c at line 16, lib/hash.h at line 12, lib/hash.h at line 18, lib/hmac.c at line 10, lib/hmac.c at line 16, lib/hostasyn.c at line 10, lib/hostasyn.c at line 16, lib/hostip.c at line 10, lib/hostip.c at line 16, lib/hostip.h at line 12, lib/hostip.h at line 18, lib/hostip4.c at line 10, lib/hostip4.c at line 16, lib/hostip6.c at line 10, lib/hostip6.c at line 16, lib/hostsyn.c at line 10, lib/hostsyn.c at line 16, lib/hsts.c at line 10, lib/hsts.c at line 16, lib/hsts.h at line 12, lib/hsts.h at line 18, lib/http.c at line 10, lib/http.c at line 16, lib/http.h at line 12, lib/http.h at line 18, lib/http2.c at line 10, lib/http2.c at line 16, lib/http2.h at line 12, lib/http2.h at line 18, lib/http_chunks.c at line 10, lib/http_chunks.c at line 16, lib/http_chunks.h at line 12, lib/http_chunks.h at line 18, lib/http_digest.c at line 10, lib/http_digest.c at line 16, lib/http_digest.h at line 12, lib/http_digest.h at line 18, lib/http_negotiate.c at line 10, lib/http_negotiate.c at line 16, lib/http_negotiate.h at line 12, lib/http_negotiate.h at line 18, lib/http_ntlm.c at line 10, lib/http_ntlm.c at line 16, lib/http_ntlm.h at line 12, lib/http_ntlm.h at line 18, lib/http_proxy.c at line 10, lib/http_proxy.c at line 16, lib/http_proxy.h at line 12, lib/http_proxy.h at line 18, lib/idn_win32.c at line 10, lib/idn_win32.c at line 16, lib/if2ip.c at line 10, lib/if2ip.c at line 16, lib/if2ip.h at line 12, lib/if2ip.h at line 18, lib/imap.c at line 10, lib/imap.c at line 16, lib/imap.h at line 12, lib/imap.h at line 18, lib/inet_ntop.h at line 12, lib/inet_ntop.h at line 18, lib/inet_pton.h at line 12, lib/inet_pton.h at line 18, lib/ldap.c at line 10, lib/ldap.c at line 16, lib/llist.c at line 10, lib/llist.c at line 16, lib/llist.h at line 12, lib/llist.h at line 18, lib/md4.c at line 10, lib/md4.c at line 16, lib/md5.c at line 10, lib/md5.c at line 16, lib/memdebug.c at line 10, lib/memdebug.c at line 16, lib/memdebug.h at line 13, lib/memdebug.h at line 19, lib/mime.c at line 10, lib/mime.c at line 16, lib/mime.h at line 12, lib/mime.h at line 18, lib/mprintf.c at line 10, lib/mprintf.c at line 16, lib/mqtt.c at line 11, lib/mqtt.c at line 17, lib/mqtt.h at line 12, lib/mqtt.h at line 18, lib/multi.c at line 10, lib/multi.c at line 16, lib/multihandle.h at line 12, lib/multihandle.h at line 18, lib/multiif.h at line 12, lib/multiif.h at line 18, lib/netrc.c at line 10, lib/netrc.c at line 16, lib/netrc.h at line 12, lib/netrc.h at line 18, lib/nonblock.c at line 10, lib/nonblock.c at line 16, lib/nonblock.h at line 12, lib/nonblock.h at line 18, lib/openldap.c at line 11, lib/openldap.c at line 17, lib/parsedate.c at line 10, lib/parsedate.c at line 16, lib/parsedate.h at line 12, lib/parsedate.h at line 18, lib/pingpong.c at line 10, lib/pingpong.c at line 16, lib/pingpong.h at line 12, lib/pingpong.h at line 18, lib/pop3.c at line 10, lib/pop3.c at line 16, lib/pop3.h at line 12, lib/pop3.h at line 18, lib/progress.c at line 10, lib/progress.c at line 16, lib/progress.h at line 12, lib/progress.h at line 18, lib/psl.c at line 10, lib/psl.c at line 16, lib/psl.h at line 12, lib/psl.h at line 18, lib/quic.h at line 12, lib/quic.h at line 18, lib/rand.c at line 10, lib/rand.c at line 16, lib/rand.h at line 12, lib/rand.h at line 18, lib/rename.c at line 10, lib/rename.c at line 16, lib/rename.h at line 12, lib/rename.h at line 18, lib/rtsp.c at line 10, lib/rtsp.c at line 16, lib/rtsp.h at line 12, lib/rtsp.h at line 18, lib/select.c at line 10, lib/select.c at line 16, lib/select.h at line 12, lib/select.h at line 18, lib/sendf.c at line 10, lib/sendf.c at line 16, lib/sendf.h at line 12, lib/sendf.h at line 18, lib/setopt.c at line 10, lib/setopt.c at line 16, lib/setopt.h at line 12, lib/setopt.h at line 18, lib/setup-win32.h at line 12, lib/setup-win32.h at line 18, lib/sha256.c at line 11, lib/sha256.c at line 17, lib/share.c at line 10, lib/share.c at line 16, lib/share.h at line 12, lib/share.h at line 18, lib/sigpipe.h at line 12, lib/sigpipe.h at line 18, lib/slist.c at line 10, lib/slist.c at line 16, lib/slist.h at line 12, lib/slist.h at line 18, lib/smb.c at line 11, lib/smb.c at line 17, lib/smb.h at line 13, lib/smb.h at line 19, lib/smtp.c at line 10, lib/smtp.c at line 16, lib/smtp.h at line 12, lib/smtp.h at line 18, lib/sockaddr.h at line 12, lib/sockaddr.h at line 18, lib/socketpair.c at line 10, lib/socketpair.c at line 16, lib/socketpair.h at line 12, lib/socketpair.h at line 18, lib/socks.c at line 10, lib/socks.c at line 16, lib/socks.h at line 12, lib/socks.h at line 18, lib/socks_gssapi.c at line 11, lib/socks_gssapi.c at line 17, lib/socks_sspi.c at line 11, lib/socks_sspi.c at line 17, lib/speedcheck.c at line 10, lib/speedcheck.c at line 16, lib/speedcheck.h at line 12, lib/speedcheck.h at line 18, lib/splay.c at line 10, lib/splay.c at line 16, lib/splay.h at line 12, lib/splay.h at line 18, lib/strcase.c at line 10, lib/strcase.c at line 16, lib/strcase.h at line 12, lib/strcase.h at line 18, lib/strdup.c at line 10, lib/strdup.c at line 16, lib/strdup.h at line 12, lib/strdup.h at line 18, lib/strerror.c at line 10, lib/strerror.c at line 16, lib/strerror.h at line 12, lib/strerror.h at line 18, lib/strtok.c at line 10, lib/strtok.c at line 16, lib/strtok.h at line 12, lib/strtok.h at line 18, lib/strtoofft.c at line 10, lib/strtoofft.c at line 16, lib/strtoofft.h at line 12, lib/strtoofft.h at line 18, lib/system_win32.c at line 10, lib/system_win32.c at line 16, lib/system_win32.h at line 12, lib/system_win32.h at line 18, lib/telnet.c at line 10, lib/telnet.c at line 16, lib/telnet.h at line 12, lib/telnet.h at line 18, lib/tftp.c at line 10, lib/tftp.c at line 16, lib/tftp.h at line 12, lib/tftp.h at line 18, lib/timeval.c at line 10, lib/timeval.c at line 16, lib/timeval.h at line 12, lib/timeval.h at line 18, lib/transfer.c at line 10, lib/transfer.c at line 16, lib/transfer.h at line 12, lib/transfer.h at line 18, lib/url.c at line 10, lib/url.c at line 16, lib/url.h at line 12, lib/url.h at line 18, lib/urlapi-int.h at line 12, lib/urlapi-int.h at line 18, lib/urlapi.c at line 10, lib/urlapi.c at line 16, lib/urldata.h at line 12, lib/urldata.h at line 18, lib/vauth/cleartext.c at line 10, lib/vauth/cleartext.c at line 16, lib/vauth/cram.c at line 10, lib/vauth/cram.c at line 16, lib/vauth/digest.c at line 10, lib/vauth/digest.c at line 16, lib/vauth/digest.h at line 12, lib/vauth/digest.h at line 18, lib/vauth/digest_sspi.c at line 11, lib/vauth/digest_sspi.c at line 17, lib/vauth/gsasl.c at line 10, lib/vauth/gsasl.c at line 16, lib/vauth/krb5_gssapi.c at line 11, lib/vauth/krb5_gssapi.c at line 17, lib/vauth/krb5_sspi.c at line 10, lib/vauth/krb5_sspi.c at line 16, lib/vauth/ntlm.c at line 10, lib/vauth/ntlm.c at line 16, lib/vauth/ntlm.h at line 12, lib/vauth/ntlm.h at line 18, lib/vauth/ntlm_sspi.c at line 10, lib/vauth/ntlm_sspi.c at line 16, lib/vauth/oauth2.c at line 10, lib/vauth/oauth2.c at line 16, lib/vauth/spnego_gssapi.c at line 10, lib/vauth/spnego_gssapi.c at line 16, lib/vauth/spnego_sspi.c at line 10, lib/vauth/spnego_sspi.c at line 16, lib/vauth/vauth.c at line 10, lib/vauth/vauth.c at line 16, lib/vauth/vauth.h at line 12, lib/vauth/vauth.h at line 18, lib/version.c at line 10, lib/version.c at line 16, lib/version_win32.c at line 10, lib/version_win32.c at line 16, lib/version_win32.h at line 12, lib/version_win32.h at line 18, lib/vquic/ngtcp2.c at line 10, lib/vquic/ngtcp2.c at line 16, lib/vquic/quiche.c at line 10, lib/vquic/quiche.c at line 16, lib/vquic/vquic.c at line 10, lib/vquic/vquic.c at line 16, lib/vssh/libssh.c at line 13, lib/vssh/libssh.c at line 19, lib/vssh/libssh2.c at line 10, lib/vssh/libssh2.c at line 16, lib/vssh/ssh.h at line 12, lib/vssh/ssh.h at line 18, lib/vssh/wolfssh.c at line 10, lib/vssh/wolfssh.c at line 16, lib/vtls/bearssl.c at line 10, lib/vtls/bearssl.c at line 16, lib/vtls/bearssl.h at line 12, lib/vtls/bearssl.h at line 18, lib/vtls/gskit.c at line 10, lib/vtls/gskit.c at line 16, lib/vtls/gskit.h at line 12, lib/vtls/gskit.h at line 18, lib/vtls/gtls.c at line 10, lib/vtls/gtls.c at line 16, lib/vtls/gtls.h at line 12, lib/vtls/gtls.h at line 18, lib/vtls/hostcheck.c at line 10, lib/vtls/hostcheck.c at line 16, lib/vtls/hostcheck.h at line 12, lib/vtls/hostcheck.h at line 18, lib/vtls/keylog.c at line 10, lib/vtls/keylog.c at line 16, lib/vtls/keylog.h at line 12, lib/vtls/keylog.h at line 18, lib/vtls/mbedtls.c at line 11, lib/vtls/mbedtls.c at line 17, lib/vtls/mbedtls.h at line 13, lib/vtls/mbedtls.h at line 19, lib/vtls/mbedtls_threadlock.c at line 11, lib/vtls/mbedtls_threadlock.c at line 17, lib/vtls/nss.c at line 10, lib/vtls/nss.c at line 16, lib/vtls/nssg.h at line 12, lib/vtls/nssg.h at line 18, lib/vtls/openssl.c at line 10, lib/vtls/openssl.c at line 16, lib/vtls/openssl.h at line 12, lib/vtls/openssl.h at line 18, lib/vtls/rustls.c at line 11, lib/vtls/rustls.c at line 17, lib/vtls/rustls.h at line 11, lib/vtls/rustls.h at line 17, lib/vtls/schannel.c at line 12, lib/vtls/schannel.c at line 18, lib/vtls/schannel.h at line 13, lib/vtls/schannel.h at line 19, lib/vtls/schannel_verify.c at line 12, lib/vtls/schannel_verify.c at line 18, lib/vtls/sectransp.c at line 11, lib/vtls/sectransp.c at line 17, lib/vtls/sectransp.h at line 13, lib/vtls/sectransp.h at line 19, lib/vtls/vtls.c at line 10, lib/vtls/vtls.c at line 16, lib/vtls/vtls.h at line 12, lib/vtls/vtls.h at line 18, lib/vtls/wolfssl.c at line 10, lib/vtls/wolfssl.c at line 16, lib/vtls/wolfssl.h at line 12, lib/vtls/wolfssl.h at line 18, lib/vtls/x509asn1.c at line 10, lib/vtls/x509asn1.c at line 16, lib/vtls/x509asn1.h at line 13, lib/vtls/x509asn1.h at line 19, lib/warnless.c at line 10, lib/warnless.c at line 16, lib/warnless.h at line 12, lib/warnless.h at line 18, lib/wildcard.c at line 10, lib/wildcard.c at line 16, lib/wildcard.h at line 12, lib/wildcard.h at line 18 Note: matched license text is too long. Read it in the source files. Scancode info: Original SPDX id: curl @@ -213,12 +202,12 @@ FILE_INCLUDE COPYING found in files: include/curl/curl.h at line 12, include/cur lib/getinfo.h [12:21] lib/gopher.c [10:19] lib/gopher.h [12:21] + lib/h2h3.c [10:19] + lib/h2h3.h [12:21] lib/hash.c [10:19] lib/hash.h [12:21] lib/hmac.c [10:19] lib/hostasyn.c [10:19] - lib/hostcheck.c [10:19] - lib/hostcheck.h [12:21] lib/hostip.c [10:19] lib/hostip.h [12:21] lib/hostip4.c [10:19] @@ -264,8 +253,6 @@ FILE_INCLUDE COPYING found in files: include/curl/curl.h at line 12, include/cur lib/multiif.h [12:21] lib/netrc.c [10:19] lib/netrc.h [12:21] - lib/non-ascii.c [10:19] - lib/non-ascii.h [12:21] lib/nonblock.c [10:19] lib/nonblock.h [12:21] lib/openldap.c [11:20] @@ -371,13 +358,13 @@ FILE_INCLUDE COPYING found in files: include/curl/curl.h at line 12, include/cur lib/vtls/gskit.h [12:21] lib/vtls/gtls.c [10:19] lib/vtls/gtls.h [12:21] + lib/vtls/hostcheck.c [10:19] + lib/vtls/hostcheck.h [12:21] lib/vtls/keylog.c [10:19] lib/vtls/keylog.h [12:21] lib/vtls/mbedtls.c [11:20] lib/vtls/mbedtls.h [13:22] lib/vtls/mbedtls_threadlock.c [11:20] - lib/vtls/mesalink.c [11:20] - lib/vtls/mesalink.h [13:22] lib/vtls/nss.c [10:19] lib/vtls/nssg.h [12:21] lib/vtls/openssl.c [10:19] @@ -393,12 +380,12 @@ FILE_INCLUDE COPYING found in files: include/curl/curl.h at line 12, include/cur lib/vtls/vtls.h [12:21] lib/vtls/wolfssl.c [10:19] lib/vtls/wolfssl.h [12:21] + lib/vtls/x509asn1.c [10:19] + lib/vtls/x509asn1.h [13:22] lib/warnless.c [10:19] lib/warnless.h [12:21] lib/wildcard.c [10:19] lib/wildcard.h [12:21] - lib/x509asn1.c [10:19] - lib/x509asn1.h [13:22] KEEP BSD-3-Clause be4b0ef51fe3fb41b94214ba4614bf94 BELONGS ya.make @@ -437,7 +424,18 @@ BELONGS ya.make Match type : TEXT Links : http://www.linfo.org/publicdomain.html, https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/public-domain.LICENSE Files with this license: - lib/sha256.c [260:261] + lib/sha256.c [266:267] + +KEEP curl e41835bff01eee6d384e23af2e11dbd4 +BELONGS ya.make + Note: matched license text is too long. Read it in the source files. + Scancode info: + Original SPDX id: curl + Score : 89.53 + Match type : TEXT + Links : http://curl.haxx.se/, http://curl.haxx.se/docs/copyright.html, https://spdx.org/licenses/curl + Files with this license: + COPYING [1:22] KEEP ISC e6a382fc7564fdd1a5e46b2d97b3221f BELONGS ya.make diff --git a/contrib/libs/curl/.yandex_meta/licenses.list.txt b/contrib/libs/curl/.yandex_meta/licenses.list.txt index 197d80ede2..7dc5bdbb93 100644 --- a/contrib/libs/curl/.yandex_meta/licenses.list.txt +++ b/contrib/libs/curl/.yandex_meta/licenses.list.txt @@ -28,10 +28,6 @@ ====================COPYRIGHT==================== - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. - - -====================COPYRIGHT==================== * Copyright (C) 1996-2021 Internet Software Consortium. @@ -44,6 +40,10 @@ ====================COPYRIGHT==================== + * Copyright (C) 1998 - 2020, 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + + +====================COPYRIGHT==================== * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel.se>, et al. @@ -64,11 +64,11 @@ ====================COPYRIGHT==================== - * Copyright (C) 1999 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1999 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. ====================COPYRIGHT==================== - * Copyright (C) 2004 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2004 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. ====================COPYRIGHT==================== @@ -92,7 +92,7 @@ ====================COPYRIGHT==================== - * Copyright (C) 2011 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2010, Howard Chu, <hyc@openldap.org> @@ -103,7 +103,7 @@ ====================COPYRIGHT==================== * Copyright (C) 2012 - 2016, Linus Nielsen Feltzing, <linus@haxx.se> - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. ====================COPYRIGHT==================== @@ -127,24 +127,24 @@ ====================COPYRIGHT==================== - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. - * Copyright (C) 2012 - 2016, Marc Hoersken, <info@marc-hoersken.de> - * Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com> + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> ====================COPYRIGHT==================== - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. - * Copyright (C) 2012 - 2017, Nick Zitzmann, <nickzman@gmail.com>. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2016, Marc Hoersken, <info@marc-hoersken.de> + * Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com> ====================COPYRIGHT==================== * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. - * Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> + * Copyright (C) 2012 - 2017, Nick Zitzmann, <nickzman@gmail.com>. ====================COPYRIGHT==================== * Copyright (C) 2012, Marc Hoersken, <info@marc-hoersken.de>, et al. - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. ====================COPYRIGHT==================== @@ -167,7 +167,7 @@ ====================COPYRIGHT==================== - * Copyright (C) 2015 - 2020, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2014 - 2022, Steve Holme, <steve_holme@hotmail.com>. ====================COPYRIGHT==================== @@ -176,7 +176,7 @@ ====================COPYRIGHT==================== - * Copyright (C) 2015 - 2021, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2015 - 2022, Steve Holme, <steve_holme@hotmail.com>. ====================COPYRIGHT==================== @@ -184,26 +184,25 @@ ====================COPYRIGHT==================== - * Copyright (C) 2016 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. - * Copyright (C) 2014, Bill Nagel <wnagel@tycoint.com>, Exacq Technologies + * Copyright (C) 2016 - 2021, Steve Holme, <steve_holme@hotmail.com>. ====================COPYRIGHT==================== - * Copyright (C) 2016 - 2021, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2016 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2014, Bill Nagel <wnagel@tycoint.com>, Exacq Technologies ====================COPYRIGHT==================== - * Copyright (C) 2017 - 2018, Yiming Jing, <jingyiming@baidu.com> - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2016 - 2022, Steve Holme, <steve_holme@hotmail.com>. ====================COPYRIGHT==================== - * Copyright (C) 2017 - 2021 Red Hat, Inc. + * Copyright (C) 2017 - 2022 Red Hat, Inc. ====================COPYRIGHT==================== * Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com> - * Copyright (C) 2018 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. ====================COPYRIGHT==================== @@ -231,16 +230,15 @@ ====================COPYRIGHT==================== - * Copyright (C) 2019 - 2021, Michael Forney, <mforney@mforney.org> + * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. ====================COPYRIGHT==================== - * Copyright (C) 2020 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2019 - 2022, Michael Forney, <mforney@mforney.org> ====================COPYRIGHT==================== * Copyright (C) 2020 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. - * Copyright (C) 2019, Björn Stenberg, <bjorn@haxx.se> ====================COPYRIGHT==================== @@ -253,6 +251,20 @@ ====================COPYRIGHT==================== + * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + + +====================COPYRIGHT==================== + * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2019, Björn Stenberg, <bjorn@haxx.se> + + +====================COPYRIGHT==================== + * Copyright (C) 2020 - 2022, Jacob Hoffman-Andrews, + * <github@hoffman-andrews.com> + + +====================COPYRIGHT==================== * Copyright (C) 2020, 2021, Daniel Stenberg, <daniel@haxx.se>, et al. @@ -267,7 +279,7 @@ ====================COPYRIGHT==================== * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). - * Copyright (c) 2004 - 2021 Daniel Stenberg + * Copyright (c) 2004 - 2022 Daniel Stenberg * All rights reserved. @@ -289,14 +301,14 @@ ====================COPYRIGHT==================== -Copyright (c) 1996 - 2021, Daniel Stenberg, <daniel@haxx.se>, and many +Copyright (c) 1996 - 2022, Daniel Stenberg, <daniel@haxx.se>, and many contributors, see the THANKS file. ====================File: COPYING==================== COPYRIGHT AND PERMISSION NOTICE -Copyright (c) 1996 - 2021, Daniel Stenberg, <daniel@haxx.se>, and many +Copyright (c) 1996 - 2022, Daniel Stenberg, <daniel@haxx.se>, and many contributors, see the THANKS file. All rights reserved. @@ -438,7 +450,7 @@ in this Software without prior written authorization of the copyright holder. ====================curl==================== COPYRIGHT AND PERMISSION NOTICE -Copyright (c) 1996 - 2021, Daniel Stenberg, <daniel@haxx.se>, and many +Copyright (c) 1996 - 2022, Daniel Stenberg, <daniel@haxx.se>, and many contributors, see the THANKS file. All rights reserved. diff --git a/contrib/libs/curl/CHANGES b/contrib/libs/curl/CHANGES index 692f78f2bb..2e6456681a 100644 --- a/contrib/libs/curl/CHANGES +++ b/contrib/libs/curl/CHANGES @@ -6,6 +6,1881 @@ Changelog +Version 7.82.0 (5 Mar 2022) + +Daniel Stenberg (5 Mar 2022) +- RELEASE-NOTES: synced + + The 7.82.0 release + +- THANKS: updates from the 7.82.0 release notes + +- misc: update copyright year ranges + +Jay Satiro (5 Mar 2022) +- unit1610: init SSL library before calling SHA256 functions + + The SSL library must be initialized (via global initialization) because + libcurl's SHA256 functions may call SHA256 functions in the SSL library. + + Reported-by: Gisle Vanem + + Fixes https://github.com/curl/curl/issues/8538 + Closes https://github.com/curl/curl/pull/8540 + +- examples/curlx: support building with OpenSSL 1.1.0+ + + - Access members of X509_STORE_CTX in OpenSSL 1.1.0+ by using API + functions. + + The X509_STORE_CTX struct has been opaque since OpenSSL 1.1.0. + + Ref: https://curl.se/mail/lib-2022-03/0004.html + + Closes https://github.com/curl/curl/pull/8529 + +- h2h3: fix typo + + Bug: https://github.com/curl/curl/issues/8381#issuecomment-1055440241 + Reported-by: Michael Kaufmann + +- [Farzin brought this change] + + CURLOPT_XFERINFOFUNCTION.3: fix example struct assignment + + Closes https://github.com/curl/curl/pull/8519 + +Daniel Stenberg (26 Feb 2022) +- azure-pipelines: add a build on Windows with libssh + + Closes #8511 + +- runtests: make 'oldlibssh' be before 0.9.5 + + Closes #8511 + +- libssh: fix include files and defines use for Windows builds + + Reported-by: æ¢¦ç»ˆæ— ç—• + Bug: https://curl.se/mail/lib-2022-02/0131.html + Closes #8511 + +- RELEASE-NOTES: synced + +- [illusory-dream brought this change] + + winbuild: add parameter WITH_SSH + + For building with libssh + Closes #8514 + +- configure: change output for cross-compiled alt-svc support + + It said 'no', while it actually is 'yes' + + Closes #8512 + +- gha: add a macOS CI job with libssh + + Closes #8513 + +- TODO: remove "Bring back libssh tests on Travis" + + The job was added to Circle CI in d8ddd0e7536 + +- TODO: remove "better persistency for HTTP/1.0" + + Let's not bother. + +- TODO: remove "Option to ignore private IP" + + ... as curl ignores the IP entirely by default these days. + +- TODO: remove "hardcode the "localhost" addresses" + + This is implmented since 1a0ebf6632f88 + +- TODO: 1.24 was a dupe of 1.1 + +- TODO: remove "Typesafe curl_easy_setopt()" + + I don't consider this a serious TODO item + +- KNOWN_BUGS: remove "Uploading HTTP/3 files gets interrupted" + + This works now + +- KNOWN_BUGS: remove "HTTP/3 multipart POST with quiche fails" + + It works now + +- quiche: remove two leftover debug infof() outputs + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: Reset dynbuf when it is fully drained + + Reported-by: vl409 on github + Fixes #7351 + Closes #8504 + +- [Stewart Gebbie brought this change] + + hostip: avoid unused parameter error in Curl_resolv_check + + When built without DNS-over-HTTP and without asynchronous resolvers, + neither the dns nor the data parameters are used. + + That is Curl_resolv_check appears to call + Curl_resolver_is_resolved(data, dns). But, + with CURL_DISABLE_DOH without CURLRES_ASYNCH, the call is actually + elided via a macro definition. + + This fix resolves the resultant: "unused parameter 'data'" error. + + Closes #8505 + +- http2: move two infof calls to debug-h2-only + + and remove a superflous one + + Ref: https://github.com/curl/curl/discussions/8498 + Closes #8502 + +- [Jean-Philippe Menil brought this change] + + quiche: fix upload for bigger content-length + + Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com> + Closes #8421 + +Jay Satiro (23 Feb 2022) +- [Farzin brought this change] + + CURLOPT_PROGRESSFUNCTION.3: fix example struct assignment + + Closes https://github.com/curl/curl/pull/8500 + +Daniel Stenberg (22 Feb 2022) +- [Rob Boeckermann brought this change] + + OS400/README: clarify compilation steps + + Closes #8494 + +- [Rob Boeckermann brought this change] + + OS400: fix typos in rpg include file + + This resolves issues compiling rpg code that includes the curl header + file. + + Closes #8494 + +- [MichaÅ‚ Antoniak brought this change] + + vtls: fix socket check conditions + + fix condition to check the second socket during associate and + disassociate connection + + Closes #8493 + +- libssh2: don't typecast socket to int for libssh2_session_handshake + + Since libssh2_socket_t uses SOCKET on windows which can be larger than + int. + + Closes #8492 + +- RELEASE-NOTES: fix typo and make one desc shorter + +- RELEASE-NOTES: synced + +- CURLOPT_XFERINFOFUNCTION.3: fix typo in example + + Reported-by: coralw on github + Fixes #8487 + Closes #8488 + +- README: disable linkchecks for the sponsor links + + Closes #8489 + +Jay Satiro (21 Feb 2022) +- openssl: check if sessionid flag is enabled before retrieving session + + Ideally, Curl_ssl_getsessionid should not be called unless sessionid + caching is enabled. There is a debug assertion in the function to help + ensure that. Therefore, the pattern in all vtls is basically: + + if(primary.sessionid) {lock(); Curl_ssl_getsessionid(...); unlock();} + + There was one instance in openssl.c where sessionid was not checked + beforehand and this change fixes that. + + Prior to this change an assertion would occur in openssl debug builds + during connection stage if session caching was disabled. + + Reported-by: Jim Beveridge + + Fixes https://github.com/curl/curl/issues/8472 + Closes https://github.com/curl/curl/pull/8484 + +- multi: allow user callbacks to call curl_multi_assign + + Several years ago a change was made to block user callbacks from calling + back into the API when not supported (recursive calls). One of the calls + blocked was curl_multi_assign. Recently the blocking was extended to the + multi interface API, however curl_multi_assign may need to be called + from within those user callbacks (eg CURLMOPT_SOCKETFUNCTION). + + I can't think of any callback where it would be unsafe to call + curl_multi_assign so I removed the restriction entirely. + + Reported-by: Michael Wallner + + Ref: https://github.com/curl/curl/commit/b46cfbc + Ref: https://github.com/curl/curl/commit/340bb19 + + Fixes https://github.com/curl/curl/issues/8480 + Closes https://github.com/curl/curl/pull/8483 + +Daniel Stenberg (21 Feb 2022) +- [MichaÅ‚ Antoniak brought this change] + + ssl: reduce allocated space for ssl backend when FTP is disabled + + Add assert() for the backend pointer in many places + + Closes #8471 + +- [MichaÅ‚ Antoniak brought this change] + + checkprefix: remove strlen calls + + Closes #8481 + +Jay Satiro (20 Feb 2022) +- [1337vt brought this change] + + curl.h: fix typo + + Closes https://github.com/curl/curl/pull/8482 + +- [Jan Venekamp brought this change] + + sectransp: mark a 3DES cipher as weak + + - Change TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA strength to weak. + + All other 3DES ciphers are already marked as weak. + + Closes https://github.com/curl/curl/pull/8479 + +- [Jan Venekamp brought this change] + + bearssl: fix EXC_BAD_ACCESS on incomplete CA cert + + - Do not create trust anchor object for a CA certificate until after it + is processed. + + Prior to this change the object was created at state BR_PEM_BEGIN_OBJ + (certificate processing begin state). An incomplete certificate (for + example missing a newline at the end) never reaches BR_PEM_END_OBJ + (certificate processing end state) and therefore the trust anchor data + was not set in those objects, which caused EXC_BAD_ACCESS. + + Ref: https://github.com/curl/curl/pull/8106 + + Closes https://github.com/curl/curl/pull/8476 + +- [Jan Venekamp brought this change] + + bearssl: fix connect error on expired cert and no verify + + - When peer verification is disabled use the x509_decode engine instead + of the x509_minimal engine to parse and extract the public key from + the first cert of the chain. + + Prior to this change in such a case no key was extracted and that caused + CURLE_SSL_CONNECT_ERROR. The x509_minimal engine will stop parsing if + any validity check fails but the x509_decode won't. + + Ref: https://github.com/curl/curl/pull/8106 + + Closes https://github.com/curl/curl/pull/8475 + +- [Jan Venekamp brought this change] + + bearssl: fix session resumption (session id) + + Prior to this change br_ssl_client_reset was mistakenly called with + resume_session param set to 0, which disabled session resumption. + + Ref: https://github.com/curl/curl/pull/8106 + + Closes https://github.com/curl/curl/pull/8474 + +Daniel Stenberg (18 Feb 2022) +- [MichaÅ‚ Antoniak brought this change] + + openssl: fix build for version < 1.1.0 + + Closes #8470 + +- [Joel Depooter brought this change] + + schannel: move the algIds array out of schannel.h + + This array is only used by the SCHANNEL_CRED struct in the + schannel_acquire_credential_handle function. It can therefore be kept as + a local variable. This is a minor update to + bbb71507b7bab52002f9b1e0880bed6a32834511. + + This change also updates the NUM_CIPHERS value to accurately count the + number of ciphers options listed in schannel.c, which is 47 instead of + 45. It is unlikely that anyone tries to set all 47 values, but if they + had tried, the last two would not have been set. + + Closes #8469 + +- [Alejandro R. Sedeño brought this change] + + configure.ac: use user-specified gssapi dir when using pkg-config + + Using the system pkg-config path in the face of a user-specified + library path is asking to link the wrong library. + + Reported-by: Michael Kaufmann + Fixes #8289 + Closes #8456 + +- [Kevin Adler brought this change] + + os400: Add link to QADRT devkit to README.OS400 + + Closes #8455 + +- [Kevin Adler brought this change] + + os400: Add function wrapper for system command + + The wrapper will exit if the system command failed instead of blindly + continuing on. + + In addition, only copy docs which exist, since now the copy failure will + cause the build to stop. + + Closes #8455 + +- [Kevin Adler brought this change] + + os400: Default build to target current release + + V6R1M0 is not available as a target release since IBM i 7.2. To keep + from having to keep this up to date in git, default to the current + release. Users can configure this to whatever release they want to + actually build for. + + Closes #8455 + +- docs/INTERNALS.md: clean up, refer to the book + + The explanatory parts are now in the everything curl book (which can + also use images etc). This document now refers to that resource and only + leaves listings of supported versions of libs, tools and operating + systems. See https://everything.curl.dev/internals + + Closes #8467 + +Marcel Raad (17 Feb 2022) +- des: fix compile break for OpenSSL without DES + + When `USE_OPENSSL` was defined but OpenSSL had no DES support and a + different crypto library was used for that, `Curl_des_set_odd_parity` + was called but not defined. This could for example happen on Windows + and macOS when using OpenSSL v3 with deprecated features disabled. + + Use the same condition for the function definition as used at the + caller side, but leaving out the OpenSSL part to avoid including + OpenSSL headers. + + Closes https://github.com/curl/curl/pull/8459 + +Daniel Stenberg (17 Feb 2022) +- RELEASE-NOTES: synced + +- docs/DEPRECATE: remove NPN support in August 2022 + + Closes #8458 + +- ftp: provide error message for control bytes in path + + Closes #8460 + +- http: fix "unused parameter ‘conn’" warning + + Follow-up from 7d600ad1c395 + + Spotted on appveyor + + Closes #8465 + +Jay Satiro (17 Feb 2022) +- [Alejandro R. Sedeño brought this change] + + sha256: Fix minimum OpenSSL version + + - Change the minimum OpenSSL version for using their SHA256 + implementation from 0.9.7 to 0.9.8. + + EVP_sha256() does not appear in the OpenSSL source before 0.9.7h, and + does not get built by default until 0.9.8, so trying to use it for all + 0.9.7 is wrong, and before 0.9.8 is unreliable. + + Closes https://github.com/curl/curl/pull/8464 + +Daniel Stenberg (16 Feb 2022) +- KNOWN_BUGS: remove "slow connect to localhost on Windows" + + localhost is not resolved anymore since 1a0ebf6632f88 + +- KNOWN_BUGS: remove "HTTP/3 download is 5x times slower than HTTP/2" + + It's not actually a bug. More like room for improvement. + +- KNOWN_BUGS: remove "HTTP/3 download with quiche halts after a while" + + Follow-up to 96f85a0fef694 + +- KNOWN_BUGS: remove "pulseUI vpn" as a problem + + We haven't heard about this for a long time and rumours have it they + might have fixed it. + +- urldata: remove conn->bits.user_passwd + + The authentication status should be told by the transfer and not the + connection. + + Reported-by: John H. Ayad + Fixes #8449 + Closes #8451 + +- [Kevin Adler brought this change] + + gskit: Convert to using Curl_poll + + As mentioned in 32766cb, gskit was the last user of Curl_select which is + now gone. Convert to using Curl_poll to allow build to work on IBM i. + + Closes #8454 + +- [Kevin Adler brought this change] + + gskit: Fix initialization of Curl_ssl_gskit struct + + In c30bf22, Curl_ssl_getsock was factored out in to a member of + struct Curl_ssl but the gskit initialization was not updated to reflect + this new member. + + Closes #8454 + +- [Kevin Adler brought this change] + + gskit: Fix errors from Curl_strerror refactor + + 2f0bb864c1 replaced sterror with Curl_strerror, but the strerror buffer + shadows the set_buffer "buffer" parameter. To keep consistency with the + other functions that use Curl_strerror, rename the parameter. + + In addition, strerror.h is needed for the definition of STRERROR_LEN. + + Closes #8454 + +Marcel Raad (15 Feb 2022) +- ntlm: remove unused feature defines + + They're not used anymore and always supported. + + Closes https://github.com/curl/curl/pull/8453 + +Daniel Stenberg (15 Feb 2022) +- [Kantanat Wannapaka brought this change] + + README.md: fix link and layout + + replace <a></a> tags and <img></img> tags + + Closes #8448 + +- KNOWN_BUGS: fix typo "libpsl" + +Jay Satiro (14 Feb 2022) +- h2h3: fix compiler warning due to function prototype mismatch + + - Add missing const qualifier in Curl_pseudo_headers declaration. + +Daniel Stenberg (14 Feb 2022) +- [Stefan Eissing brought this change] + + urlapi: handle "redirects" smarter + + - avoid one malloc when setting a new url via curl_url_set() + and CURLUPART_URL. + - extract common pattern into a new static function. + + Closes #8450 + +- cijobs: pick up circleci configure lines better + +- circleci: add a job using wolfSSH + + Build only, no tests. + + Closes #8445 + +- scripts/ciconfig.pl: show used options not available + +- circleci: add a job using libssh + + Closes #8444 + +- runtests: set 'oldlibssh' for libssh versions before 0.9.6 + + ... and make test 1459 check for the different return code then. + + Closes #8444 + +Jay Satiro (13 Feb 2022) +- Makefile.am: Generate VS 2022 projects + + Follow-up to f13d4d0 which added VS 2022 project support. + + Ref: https://github.com/curl/curl/pull/8438 + +- [Daniel Stenberg brought this change] + + projects: remove support for MSVC before VC10 (Visual Studio 2010) + + - Remove Visual Studio project files for VC6, VC7, VC7.1, VC8 and VC9. + + Those versions are too old to be maintained any longer. + + Closes https://github.com/curl/curl/pull/8442 + +- [Stav Nir brought this change] + + projects: add support for Visual Studio 17 (2022) + + Closes https://github.com/curl/curl/pull/8438 + +Daniel Stenberg (13 Feb 2022) +- RELEASE-NOTES: synced + +- connect: follow-up fix the copyright year + +- [MichaÅ‚ Antoniak brought this change] + + misc: remove unused data when IPv6 is not supported + + Closes #8430 + +- scripts/ciconfig: show CI job config info + + Closes #8446 + +- quiche: handle stream reset + + A stream reset now causes a CURLE_PARTIAL_FILE error. I'm not convinced + this is the right action nor the right error code. + + Reported-by: Lucas Pardue + Fixes #8437 + Closes #8440 + +- mime: use a define instead of the magic number 24 + + MIME_BOUNDARY_DASHES is now the number of leading dashes in the + generated boundary string. + + Closes #8441 + +- [Henrik Holst brought this change] + + hostcheck: reduce strlen calls on chained certificates + + Closes #8428 + +- [Patrick Monnerat brought this change] + + mime: some more strlen() call removals. + + Closes #8423 + +- scripts/cijobs.pl: detect zuul cmake jobs better + +- url: exclude zonefrom_url when no ipv6 is available + + Closes #8439 + +- if2ip: make Curl_ipv6_scope a blank macro when IPv6-disabled + + Closes #8439 + +- [Henrik Holst brought this change] + + mprintf: remove strlen calls on empty strings in dprintf_formatf + + Turns out that in dprintf_formatf we did a strlen on empty strings, a + bit strange is how common this actually is, 24 alone when doing a simple + GET from https://curl.se + + Closes #8427 + +- wolfssl: return CURLE_AGAIN for the SSL_ERROR_NONE case + + Closes #8431 + +- wolfssl: when SSL_read() returns zero, check the error + + Returning zero indicates end of connection, so if there's no data read + but the connection is alive, it needs to return -1 with CURLE_AGAIN. + + Closes #8431 + +- quiche: after leaving h3_recving state, poll again + + This could otherwise easily leave libcurl "hanging" after the entire + transfer is done but without noticing the end-of-transfer signal. + + Assisted-by: Lucas Pardue + Closes #8436 + +- quiche: when *recv_body() returns data, drain it before polling again + + Assisted-by: Lucas Pardue + + Closes #8429 + +- [gaoxingwang on github brought this change] + + configure: fix '--enable-code-coverage' typo + + Fixes #8425 + Closes #8426 + +- lib/h2h3: #ifdef on ENABLE_QUIC, not the wrong define + + Otherwise the build fails when H3 is enabled but the build doesn't + include nghttp2. + + Closes #8424 + +- hostcheck: pass in pattern length too, to avoid a strlen call + + Removes one strlen() call per SAN name in a cert-check. + + Closes #8418 + +- [Henrik Holst brought this change] + + misc: remove strlen for Curl_checkheaders + Curl_checkProxyheaders + + Closes #8409 + +- configure: requires --with-nss-deprecated to build with NSS + + Add deprecation plans to docs/DEPRECATE.md + + Closes #8395 + +- mqtt: free 'sendleftovers' in disconnect + + Fix a memory-leak + + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43646 + Closes #8415 + +- [Patrick Monnerat brought this change] + + openldap: pass string length arguments to client_write() + + This uses the new STRCONST() macro and saves 2 strlen() calls on short + string constants per LDIF output line. + + Closes #8404 + +- [Henrik Holst brought this change] + + misc: reduce strlen() calls with Curl_dyn_add() + + Use STRCONST() to switch from Curl_dyn_add() to Curl_dyn_addn() for + string literals. + + Closes #8398 + +- http2: fix the array copy to nghttp2_nv + + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44517 + Follow-up to 9f985a11e794 + Closes #8414 + +- RELEASE-NOTES: synced + +- scripts/cijobs.pl: output data about all currect CI jobs + + This script parses the config files for all the CI services currently in + use and output the information in a uniform way. The idea is that the + output from this script should be possible to massage into informational + tables or graphs to help us visualize what they are all testing and NOT + testing. + + Closes #8408 + +- maketgz: return error if 'make dist' fails + + To better detect this problem in CI jobs + + Reported-by: Marcel Raad + Bug: https://curl.se/mail/lib-2022-02/0070.html + Closes #8402 + +- h2h3: pass correct argument types to infof() + + Detected by Coverity. CID 1497993 + + Closes #8401 + +- lib/Makefile: remove config-tpf.h from the dist + + Follow-up from da15443dddea2bfb. Missed before because the 'distcheck' + CI job was not working as intended. + + Reported-by: Marcel Raad + Bug: https://curl.se/mail/lib-2022-02/0070.html + Closes #8403 + +- configure: remove support for "embedded ares" + + In March 2010 (commit 4259d2df7dd) we removed the embedded 'ares' + directory from the curl source tree but we have since supported + especially detecting and using that build directory. The time has come + to remove that kludge and ask users to specify the c-ares dir correctly + with --enable-ares. + + Closes #8397 + +- [Sebastian Sterk brought this change] + + github/workflows/mbedtls: fix indent & remove unnecessary line breaks + + Closes #8399 + +- CI: move the NSS job from zuul to GHA + + Closes #8396 + +- tests/unit/Makefile.am: add NSS_LIBS to build with NSS fine + + Closes #8396 + +Marcel Raad (7 Feb 2022) +- curl-openssl: fix SRP check for OpenSSL 3.0 + + When OpenSSL 3.0 is built with `--api=3.0` and `no-deprecated`, the SRP + functions exist in the library, but are disabled for user code. Check + if they are actually usable instead of only if they exist. Also, check + for the functions actually required for TLS-SRP. + + TLS-SRP support is still enabled if OpenSSL is configured with just + `--api=3.0` or with `--api=1.1.1 no-deprecated`. + + Closes https://github.com/curl/curl/pull/8394 + +Daniel Stenberg (7 Feb 2022) +- [Henrik Holst brought this change] + + http: make Curl_compareheader() take string length arguments too + + Also add STRCONST, a macro that returns a string literal and it's length + for functions that take "string,len" + + Removes unnecesary calls to strlen(). + + Closes #8391 + +- vquic/vquic.h: removed the unused H3 psuedo defines + +- ngtcp2: use Curl_pseudo_headers + +- quiche: use Curl_pseudo_headers + +- http2: use Curl_pseudo_headers + +- h2h3: added Curl_pseudo_headers() + + For use with both http2 and http3 requests. + +- ngtcp2/quiche: make :scheme possible to set + +- http2: allow CURLOPT_HTTPHEADER change ":scheme" + + The only h2 psuedo header that wasn't previously possible to change by a + user. This change also makes it impossible to send a HTTP/1 header that + starts with a colon, which I don't think anyone does anyway. + + The other pseudo headers are possible to change indirectly by doing the + rightly crafted request. + + Reported-by: siddharthchhabrap on github + Fixes #8381 + Closes #8393 + +- h2/h3: provide and refer to pseudo headers as defines + + ... and do sizeof() on the defines to use constants better. + + Closes #8389 + +- [MichaÅ‚ Antoniak brought this change] + + smb: passing a socket for writing and reading data instead of FIRSTSOCKET + + Closes #8383 + +- x509asn1: toggle off functions not needed for diff tls backends + + ... and clean the header file from private defines/structs (move to C + file) and unused function prototypes. + + Closes #8386 + +- lib: move hostcheck and x509sn1 sources to vtls/ + + ... since they are used strictly by TLS code. + + Closes #8386 + +Marcel Raad (4 Feb 2022) +- version_win32: fix warning for `CURL_WINDOWS_APP` + + The build version is not supported by the UWP code. + + Closes https://github.com/curl/curl/pull/8385 + +Daniel Stenberg (4 Feb 2022) +- tests/disable-scan.pl: properly detect multiple symbols per line + + Test 1165 would fail on some systems because it didn't detect + CURL_DISABLE_* symbols that were used to the right of another one on the + same line! The script would only detect and extract the first one. + + Reported-by: Marcel Raad + Fixes #8384 + Closes #8388 + +Jay Satiro (4 Feb 2022) +- config.d: Clarify _curlrc filename is still valid on Windows + + Recent changes added support for filename .curlrc on Windows, and + when it's not found curl falls back on the original Windows filename + _curlrc. _curlrc was removed from the doc, however it is still valid. + + Closes https://github.com/curl/curl/pull/8382 + +Daniel Stenberg (4 Feb 2022) +- lib: remove support for CURL_DOES_CONVERSIONS + + TPF was the only user and support for that was dropped. + + Closes #8378 + +- TPF: drop support + + There has been no TPF related changes done since September 2010 (commit + 7e1a45e224e57) and since this is a platform that is relatively different + than many others (== needs attention), I draw the conclusion that this + build is broken since a long time. + + Closes #8378 + +- scripts/delta: check the file delta for current branch + + ... also polish the output style a little bit + +Jay Satiro (3 Feb 2022) +- [Fabian Keil brought this change] + + runtests.pl: tolerate test directories without Makefile.inc + + Silences the following warnings when using a Makefile.inc-free + TESTDIR using the "-o" argument: + + readline() on closed filehandle D at ./runtests.pl line 592. + Use of uninitialized value $disttests in pattern match (m//) at + ./runtests.pl line 3602. + + Closes https://github.com/curl/curl/pull/8379 + +Daniel Stenberg (3 Feb 2022) +- [Henrik Holst brought this change] + + setopt: do bounds-check before strdup + + Curl_setstropt() allocated memory for the string before checking if the + string was within bounds. The bounds check should be done first. + + Closes #8377 + +- [MichaÅ‚ Antoniak brought this change] + + mbedtls: enable use of mbedtls without filesystem functions support + + Closes #8376 + +- [Bernhard Walle brought this change] + + configure: support specification of a nghttp2 library path + + This enables using --with-nghttp2=<dir> on systems without pkg-config. + + Closes #8375 + +- scripts/release-notes.pl: remove leftover debug output + +- RELEASE-NOTES: synced + +- scripts/release-notes.pl: fix number extraction for full URLs + +- [Leah Neukirchen brought this change] + + scripts/completion.pl: improve zsh completion + + - Detect all spellings of <file>, <file name> etc as well as <path>. + - Only complete directories for <dir>. + - Complete URLs for <URL>. + - Complete --request and --ftp-method. + + Closes #8363 + +- [Davide Cassioli brought this change] + + configure: use correct CFLAGS for threaded resolver with xlC on AIX + + Fixes #8276 + Closes #8374 + +- mailmap: Henrik Holst + +Jay Satiro (2 Feb 2022) +- build: fix ngtcp2 crypto library detection + + - Change library link check for ngtcp2_crypto_{gnutls,openssl} to + to use function ngtcp2_crypto_recv_client_initial_cb instead of + ngtcp2_crypto_ctx_initial. + + The latter function is no longer external since two days ago in + ngtcp2/ngtcp2@533451f. curl HTTP/3 CI builds have been failing since + then because they would not link to the ngtcp2 crypto library. + + Ref: https://github.com/ngtcp2/ngtcp2/pull/356 + + Closes https://github.com/curl/curl/pull/8372 + +- [Henrik Holst brought this change] + + urlapi: remove an unnecessary call to strlen + + - Use strcpy instead of strlen+memcpy to copy the url path. + + Ref: https://curl.se/mail/lib-2022-02/0006.html + + Closes https://github.com/curl/curl/pull/8370 + +Daniel Stenberg (1 Feb 2022) +- scripts/copyright.pl: fix for handling removed files better + +- vxworks: drop support + + No changes or fixes in vxworks related code since 2009 leads me to + believe that this doesn't work anymore. + + Closes #8362 + +- [Henrik Holst brought this change] + + base64: remove an unnecessary call to strlen + + Closes #8369 + +- tool_getparam: initial --json support + + Adds these test cases: + + 383 - simple single command line option + 384 - reading it from stdin + 385 - getting two --json options on command line + 386 - --next works after --json + + Closes #8314 + +- [Bjarni Ingi Gislason brought this change] + + curl_getdate.3: remove pointless .PP line + + mandoc: WARNING: skipping paragraph macro: PP empty + + Reported-by: Samuel Henrique + Closes #8365 + +- [Sebastian Sterk brought this change] + + multi: grammar fix in comment + + After 'must', the verb is used without 'to'. Correct: "must" or "have + to" + + Closes #8368 + +- openldap: fix compiler warning when built without SSL support + + openldap.c:841:52: error: unused parameter ‘data’ [-Werror=unused-parameter] + + Closes #8367 + +- [Samuel Henrique brought this change] + + CURLSHOPT_LOCKFUNC.3: fix typo "relased" -> "released" + + Found when packaging 7.81.0 for Debian. + + Closes #8364 + +- netware: remove support + + There are no current users and no Netware related changes done in the + code for over 13 years is a clear sign this is abandoned. + + Closes #8358 + +- CI: move two jobs from Zuul to Circle CI + + - openssl-no-verbose + - openssl-no-proxy + + Closes #8359 + +- cirlceci: also run a c-ares job on arm with debug enabled + + Closes #8357 + +- ci: move the OpenSSL + c-ares job from Zuul to Circle CI + + Closes #8357 + +- mailmap: Jan-Piet Mens + +- [luminixinc on github brought this change] + + multi: remember connection_id before returning connection to pool + + Fix a bug that does not require a new CVE as discussed on hackerone.com. + Previously `connection_id` was accessed after returning connection to + the shared pool. + + Bug: https://hackerone.com/reports/1463013 + Closes #8355 + +Jay Satiro (31 Jan 2022) +- write-out.d: Fix num_headers formatting + +- [Jan-Piet Mens brought this change] + + docs: capitalize the name 'Netscape' + + Closes https://github.com/curl/curl/pull/8354 + +Daniel Stenberg (30 Jan 2022) +- RELEASE-NOTES: synced + +- [Antoine Pietri brought this change] + + docs: grammar proofread, typo fixes + + (Partially automated) proofread of most of the documentation, leading to + various typo fixes. + + Closes #8353 + +- urldata: CONN_IS_PROXIED replaces bits.close when proxy can be disabled + + To remove run-time checks for such builds. + + Closes #8350 + +- setopt: fix the TLSAUTH #ifdefs for proxy-disabled builds + + Closes #8350 + +- conncache: make conncache_add_bundle return the pointer + + Simplifies the logic a little and avoids a ternary operator. + + Ref: #8346 + Closes #8349 + +- mailmap: neutric on github + +Jay Satiro (30 Jan 2022) +- [neutric on github brought this change] + + docs/TheArtOfHttpScripting: fix example POST URL + + Closes https://github.com/curl/curl/pull/8352 + +Daniel Stenberg (28 Jan 2022) +- nss: handshake callback during shutdown has no conn->bundle + + The callback gets called because of the call to PR_Recv() done to + attempt to avoid RST on the TCP connection. The conn->bundle pointer is + already cleared at this point so avoid dereferencing it. + + Reported-by: Eric Musser + Fixes #8341 + Closes #8342 + +- [MichaÅ‚ Antoniak brought this change] + + mbedtls: remove #include <mbedtls/certs.h> + + mbedtls/certs.h file contains only certificates example (all definitions + is beginning by mbedtls_test_*). None of them is used so we can avoid + include the file. + + Closes #8343 + +- [MichaÅ‚ Antoniak brought this change] + + mbedtls: enable use of mbedtls without CRL support + + Closes #8344 + +- [Bernhard Walle brought this change] + + configure: set CURL_LIBRARY_PATH for nghttp2 + + To execute the test program, we might need the library path so that the + lib is found at runtime. + + Closes #8340 + +Jay Satiro (28 Jan 2022) +- schannel: restore debug message in schannel_connect_step2 + + This is a follow-up to recent commit 2218c3a which removed the debug + message to avoid an unused variable warning. The message has been + reworked to avoid the warning. + + Ref: https://github.com/curl/curl/pull/8320#issuecomment-1022957904 + + Closes https://github.com/curl/curl/pull/8336 + +- test3021: disable all msys2 path transformation + + - Disable all MSYS2 path transformation in test3021 and test3022. + + Prior to this change path transformation in those tests was disabled + only for arguments that start with forward slashes. However arguments + that are in base64 contain forward slashes at any position and caused + unwanted translations. + + == Info: Denied establishing ssh session: mismatch sha256 fingerprint. + Remote +/EYG2YDzDGm6yiwepEMSuExgRRMoTi8Di1UN3kixZw= is not equal to + +C:/msys64/EYG2YDzDGm6yiwepEMSuExgRRMoTi8Di1UN3kixZw + + In the above example an argument containing a base64 sha256 fingerprint + was passed to curl after MSYS2 translated +/ into +C:/msys64/, and then + the fingerprint didn't match what was expected. + + Ref: https://www.msys2.org/wiki/Porting/ + + Fixes https://github.com/curl/curl/issues/8084 + Closes https://github.com/curl/curl/pull/8325 + +Daniel Stenberg (27 Jan 2022) +- CI: move scan-build job from Zuul to Azure Pipelines + + Closes #8338 + +Marcel Raad (27 Jan 2022) +- openssl: fix `ctx_option_t` for OpenSSL v3+ + + The options have been changed to `uint64_t` in + https://github.com/openssl/openssl/commit/56bd17830f2d5855b533d923d4e0649d3ed61d11. + + Closes https://github.com/curl/curl/pull/8331 + +Daniel Stenberg (27 Jan 2022) +- CI: move 'distcheck' job from zuul to azure pipelines + + Assisted-by: Kushal Das + + Closes #8334 + +- vtls: pass on the right SNI name + + The TLS backends convert the host name to SNI name and need to use that. + This involves cutting off any trailing dot and lowercasing. + + Co-authored-by: Jay Satiro + Closes #8320 + +- url: revert the removal of trailing dot from host name + + Reverts 5de8d84098db1bd24e (May 2014, shipped in 7.37.0) and the + follow-up changes done afterward. + + Keep the dot in names for everything except the SNI to make curl behave + more similar to current browsers. This means 'name' and 'name.' send the + same SNI for different 'Host:' headers. + + Updated test 1322 accordingly + + Fixes #8290 + Reported-by: Charles Cazabon + Closes #8320 + +- [neutric on github brought this change] + + docs/TheArtOfHttpScripting: fix capitalization + + Closes #8333 + +- tests/memanalyze.pl: also count and show "total allocations" + + This is the total number of bytes allocated, increasing for new + allocations and never reduced when freed. The existing "Maximum + allocated" is the high water mark. + + Closes #8330 + +- mailmap: spellfix githuh => github + +- RELEASE-NOTES: synced + +- hostcheck: fixed to not touch used input strings + + Avoids the need to clone the strings before check, thus avoiding + mallocs, which for cases where there are many SAN names in a cert could + end up numerous. + + Closes #8321 + +- ngtcp2: adapt to changed end of headers callback proto + + Closes #8322 + +- [Xiaoke Wang brought this change] + + openssl: check SSL_get_ex_data to prevent potential NULL dereference + + Closes #8268 + +Jay Satiro (23 Jan 2022) +- md5: check md5_init_func return value + + Prior to this change the md5_init_func (my_md5_init) return value was + ignored. + + Closes https://github.com/curl/curl/pull/8319 + +- md5: refactor for standard compliance + + - Wrap OpenSSL / wolfSSL MD5 functions instead of taking their function + addresses during static initialization. + + Depending on how curl was built the old way may have used a dllimport + function address during static initialization, which is not standard + compliant, resulting in Visual Studio warning C4232 (nonstandard + extension). Instead the function pointers now point to the wrappers + which call the MD5 functions. + + This change only affects OpenSSL and wolfSSL because calls to other SSL + libraries' md5 functions were already wrapped. Also sha256.c already + does this for all SSL libraries. + + Ref: https://github.com/curl/curl/pull/8298 + + Closes https://github.com/curl/curl/pull/8318 + +Daniel Stenberg (21 Jan 2022) +- [Lucas Pardue brought this change] + + docs: update IETF links to use datatracker + + The tools.ietf.org domain has been deprecated a while now, with the + links being redirected to datatracker.ietf.org. + + Rather than make people eat that redirect time, this change switches the + URL to a more canonical source. + + Closes #8317 + +- [Harry Sarson brought this change] + + CI: test building wolfssl with --enable-opensslextra + + Closes #8315 + +- [Harry Sarson brought this change] + + misc: allow curl to build with wolfssl --enable-opensslextra + + put all #include of openssl files behind wolfssl ifdefs so that we can + use the wolfssl/ prefixed include paths. Without these curl only builds + when wolfssl is built with enable-all. + + Fixes #8292 + Closes #8315 + +- [Lucas Pardue brought this change] + + quiche: change qlog file extension to `.sqlog` + + quiche has just switched it's qlog serialization format to JSON-SEQ by + default . The spec says this SHOULD use `.sqlog` extension. + + I believe ngtcp2 also supports JSON-SEQ by default as of + https://github.com/ngtcp2/ngtcp2/commit/9baf06fc3f352a1d062b6953ae1de22cae30639d + + Let's update curl so that tools know what format we are using! + + Closes #8316 + +Jay Satiro (21 Jan 2022) +- projects: Fix Visual Studio wolfSSL configurations + + - Change build-wolfssl.bat to disable SSLv3, enable TLSv1.3, enable + wolfSSL_DES_ecb_encrypt (needed by NTLM) and enable alt cert chains. + + - Disable warning C4214 'bit field types other than int'. + + - Add include directory wolfssl\wolfssl. + + wolfSSL offers OpenSSL API compatibility that libcurl uses, and some + recent change in libcurl included an include file for wolfSSL like + openssl/foo.h, which has a path like wolfssl\wolfssl\openssl\foo.h. + + The include directory issue was reported in #8292 but it's currently + unclear whether this type of change is needed for other build systems. + + Bug: https://github.com/curl/curl/issues/8292 + Reported-by: Harry Sarson + + Closes https://github.com/curl/curl/pull/8298 + +Daniel Stenberg (21 Jan 2022) +- openssl: return error if TLS 1.3 is requested when not supported + + Previously curl would just silently ignore it if the necessary defines + are not present at build-time. + + Reported-by: Stefan Eissing + Fixes #8309 + Closes #8310 + +- TODO: Passing NOTIFY option to CURLOPT_MAIL_RCPT + + Closes #8232 + +- [pheiduck on github brought this change] + + workflows/wolfssl: install impacket + + needed Python Package for SMB tests + + Closes #8307 + +- url: make Curl_disconnect return void + + 1. The function would only ever return CURLE_OK anyway + 2. Only one caller actually used the return code + 3. Most callers did (void)Curl_disconnect() + + Closes #8303 + +- docs: document HTTP/2 not insisting on TLS 1.2 + + Both for --http2 and CURLOPT_HTTP_VERSION. + + Reported-by: jhoyla on github + Fixes #8235 + Closes #8300 + +- cmdline-opts/gen.pl: fix option matching to improve references + + Previously it could mistakenly match partial names when there are + options that start with the same prefix, leading to the wrong references + used. + + Closes #8299 + +- TODO: Less memory massaging with Schannel + +- [Patrick Monnerat brought this change] + + runtests.pl: disable debuginfod + + Valgrind and gdb implement this feature: as this highly slows down tests, + disable it. + + Closes #8291 + +- RELEASE-NOTES: synced + +- CURLMOPT_TIMERFUNCTION/DATA.3: fix the examples + + ... to not call libcurl recursively back. + + Closes #8286 + +- multi: set in_callback for multi interface callbacks + + This makes most libcurl functions return error if called from within a + callback using the same multi handle. For example timer or socket + callbacks calling curl_multi_socket_action. + + Reported-by: updatede on github + Fixes #8282 + Closes #8286 + +- docs/HISTORY.md: mention alt-svc and HSTS + +- misc: remove the final watcom references + + Follow-up to bbf8cae44dedc495e6 + + We removed support for the watcom builds files back in September + 2020. This removes all remaining watcom references and ifdefs. + + Closes #8287 + +- misc: remove BeOS code and references + + There has not been a mention of this OS in any commit since December + 2004 (58f4af7973e3d2). The OS is also long gone. + + Closes #8288 + +- tool_getparam: DNS options that need c-ares now fail without it + + Just silently accepting the options and then not having any effect is + not good. + + Ref: #8283 + Closes #8285 + +- curl: remove "separators" (when using globbed URLs) + + Unless muted (with -s) When doing globbing, curl would output mime-like + separators between the separate transfers. This is not documented + anywhere, surprises users and clobbers the output. Gone now. + + Updated test 18 and 1235 + + Reported-by: jonny112 on github + Bug: https://github.com/curl/curl/discussions/8257 + Closes #8278 + +Jay Satiro (15 Jan 2022) +- [Niels Martignène brought this change] + + mbedtls: fix CURLOPT_SSLCERT_BLOB (again) + + - Increase the buffer length passed to mbedtls_x509_crt_parse to account + for the null byte appended to the temporary blob. + + Follow-up to 867ad1c which uses a null terminated copy of the + certificate blob, because mbedtls_x509_crt_parse requires PEM data + to be null terminated. + + Ref: https://github.com/curl/curl/commit/867ad1c#r63439893 + Ref: https://github.com/curl/curl/pull/8146 + + Closes https://github.com/curl/curl/pull/8260 + +Daniel Stenberg (15 Jan 2022) +- [Alessandro Ghedini brought this change] + + quiche: verify the server cert on connect + + Similarly to c148f0f551f9bea0e3d0, make quiche correctly acknowledge + `CURLOPT_SSL_VERIFYPEER` and `CURLOPT_SSL_VERIFYHOST`. + + Fixes #8173 + Closes #8275 + +- [Ikko Ashimine brought this change] + + checksrc: fix typo in comment + + enfore -> enforce + + Closes #8281 + +- curl-openssl: remove the OpenSSL headers and library versions check + + It is more work to maintain that check than the (any?) benefit it + brings. + + Fixes #8279 + Reported-by: Satadru Pramanik + Closes #8280 + +- mqtt: free any leftover when done + + Oss-fuzz found an issue when the "sendleftovers" pointer could leak memory. + Fix this by always freeing it (if still assigned) in the done function. + + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43515 + Closes #8274 + +- formdata: avoid size_t => long typecast overflows + + Typically a problem for platforms with 32 bit long and 64 bit size_t + + Reported-by: Fabian Yamaguchi + Bug: https://hackerone.com/reports/1444539 + Closes #8272 + +- RELEASE-NOTES: synced + + bump next release to become 7.82.0 + +Marcel Raad (13 Jan 2022) +- build: enable -Warith-conversion + + This makes the behavior consistent between GCC 10 and earlier versions. + + Closes https://github.com/curl/curl/pull/8271 + +- build: fix -Wenum-conversion handling + + Don't enable that warning when warnings are disabled. + Also add it to CMake. + + Closes https://github.com/curl/curl/pull/8271 + +- appveyor: use VS 2017 image for the autotools builds + + The newer images don't have all required MSYS2 packages. + + Fixes https://github.com/curl/curl/issues/8248 + Closes https://github.com/curl/curl/pull/8265 + +- appveyor: update images from VS 2019 to 2022 + + Closes https://github.com/curl/curl/pull/8265 + +Daniel Stenberg (12 Jan 2022) +- [MichaÅ‚ Antoniak brought this change] + + mbedtls: return CURLcode result instead of a mbedtls error code + + ... when a certificate fails to be loaded from a blob + + Closes #8266 + +- curl_multi_socket.3: remove callback and typical usage descriptions + + 1. The callback is better described in the option for setting it. Having + it in a single place reduces the risk that one of them is wrong. + + 2. The "typical usage" is wrong since the functions described in this + man page are both deprecated so they cannot be used in any "typical" way + anymore. + + Closes #8262 + +- curl-functions.m4: revert DYLD_LIBRARY_PATH tricks in CURL_RUN_IFELSE + + Mostly reverts ba0657c343f, but now instead just run the plain macro on + darwin. The approach as used on other platforms is simply not necessary + on macOS. + + Fixes #8229 + Reported-by: Ryan Schmidt + Closes #8247 + +- [Patrick Monnerat brought this change] + + openldap: implement SASL authentication + + As credentials can be quite different depending on the mechanism used, + there are no default mechanisms for LDAP and simple bind with a DN is + then used. + + The caller has to provide mechanism(s) using CURLOPT_LOGIN_OPTIONS to + enable SASL authentication and disable simple bind. + + Closes #8152 + +Jay Satiro (10 Jan 2022) +- [Cameron Will brought this change] + + CURLOPT_RESOLVE.3: change example port to 443 + + 83cc966 changed documentation from using http to https. However, + CURLOPT_RESOLVE being set to port 80 in the documentation means that it + isn't valid for the new URL. Update to 443. + + Closes https://github.com/curl/curl/pull/8258 + +Daniel Stenberg (10 Jan 2022) +- [Fabian Keil brought this change] + + test374: gif data without new line at the end + + Closes #8239 + +- [Fabian Keil brought this change] + + runtests.pl: support the nonewline attribute for the data part + + Added to FILEFORMAT + + Closes #8239 + +- [Patrick Monnerat brought this change] + + curl tool: erase some more sensitive command line arguments + + As the ps command may reveal sensitive command line info, obfuscate + options --tlsuser, --tlspasswd, --proxy-tlsuser, --proxy-tlspassword and + --oauth2-bearer arguments. + + Reported-by: Stephen Boost <s.booth@epcc.ed.ac.uk> + + Closes #7964 + +- mesalink: remove support + + Mesalink has ceased development. We can no longer encourage use of it. + It seems to be continued under the name TabbySSL, but no attempts have + (yet) been to make curl support it. + + Fixes #8188 + Closes #8191 + +- ldap: return CURLE_URL_MALFORMAT for bad URL + + For consistency, use the same return code for URL malformats, + independently of what scheme that is used. Previously this would return + CURLE_LDAP_INVALID_URL, but starting now that error cannot be returned. + + Closes #8170 + +- docs/cmdline-opts: add "mutexed" options for more http versions + + Update four http version man page sections. + + Closes #8254 + +- [Stephen M. Coakley brought this change] + + rustls: add CURLOPT_CAINFO_BLOB support + + Add support for `CURLOPT_CAINFO_BLOB` `CURLOPT_PROXY_CAINFO_BLOB` to the + rustls TLS backend. Multiple certificates in a single PEM string are + supported just like OpenSSL does with this option. + + This is compatible at least with rustls-ffi 0.8+ which is our new + minimum version anyway. + + I was able to build and run this on Windows, pulling trusted certs from + the system and then add them to rustls by setting + `CURLOPT_CAINFO_BLOB`. Handy! + + Closes #8255 + +- scripts/copyright.pl: ignore missing files + +- RELEASE-NOTES: synced + +- data/DISABLED: disable test 313 for wolfssl builds + + It was previously disabled only in the CI jobs yaml + + Closes #8252 + +- runtests: make 'wolfssl' a testable feature + + Closes #8252 + +- GHA: install stunnel in the medbtls + wolfssl CI jobs + + Closes #8252 + +- CI: move the rustls CI job to GHA from Zuul + + Closes #8251 + +- DISABLE: disable a dozen tests in the rustls build + + Disables tests that don't yet work with the rustls backend. + + Fixes #8004 + Closes #8250 + +- runtests: make 'rustls' a testable feature + +- remote-header-name.d: clarify + + - it strips off the path from the server provided name + - it saves in current directory or --output-dir + + Ref: https://curl.se/mail/archive-2022-01/0032.html + Closes #8249 + +- url: given a user in the URL, find pwd for that user in netrc + + Add test 380 and 381 to verify, edited test 133 + + Reported-by: Manfred Schwarb + Fixes #8241 + Closes #8243 + +- [Niels Martignène brought this change] + + mbedtls: Fix ssl_init error with mbedTLS 3.1.0+ + + Since mbedTLS 3.1.0, mbedtls_ssl_setup() fails if the provided + config struct is not valid. + + mbedtls_ssl_config_defaults() needs to be called before the config + struct is passed to mbedtls_ssl_setup(). + + Closes #8238 + +- [Filip Lundgren brought this change] + + cmake: fix iOS CMake project generation error + + Closes #8244 + +- ngtcp2: fix declaration of ‘result’ shadows a previous local + + Follow-up to 8fbd6feddfa587cfd3 + + Closes #8245 + +- openssl.h: avoid including OpenSSL headers here + + ... by instead using the struct version of the typedef'ed pointer. To + fix build errors when both Schannel and OpenSSL are enabled. + + Fixes #8240 + Reported-by: Jan Ehrhardt + Closes #8246 + +- curl_url_set.3: mention when CURLU_ALLOW_SPACE was added + +- tool_findfile: free mem properly + + Follow-up to 764e4f066d5 + + Closes #8242 + +- tool_findfile: check ~/.config/curlrc too + + ... after the initial checks for .curlrc and if XDG_CONFIG_HOME is not + set, use $HOME and $CURL_HOME to check if ~/.config/curlrc is present. + + Add test 436 to verify + + Reported-by: Sandro Jaeckel + Fixes #8208 + Closes #8213 + +- runtests: allow client/file to specify multiple directories + + ... and make sure to mkdir them all + +- scripts/copyright.pl: support many provided file names on the cmdline + +- [Fabian Keil brought this change] + + tests/FILEFORMAT.md: fix typo + +- [Fabian Keil brought this change] + + Add test373: multiple chunks with binary zeros + +- [Fabian Keil brought this change] + + Add test372: binary zero in data element + +- [Fabian Keil brought this change] + + tests/server/getpart.c: properly deal with binary data containing NUL bytes + +- [Fabian Keil brought this change] + + runtests.pl: properly print the test if it contains binary zeros + +- mailmap: Xiaoke Wang + +- openssl: copyright year update + + Follow-up to 30aea2b1ede + +- scripts/copyright.pl: hush unless -v (for verbose) is used + +- [Xiaoke Wang brought this change] + + openssl: check the return value of BIO_new_mem_buf() + + Closes #8233 + +- examples/multi-app.c: call curl_multi_remove_handle as well + + Fixes #8234 + Reported-by: Melroy van den Berg + Closes #8236 + +- COPYING: bump copyright year range + +- RELEASE-NOTES: synced + + and bump curlver after release + +- docs: fix mandoc -T lint formatting complaints + + Closes #8228 + +- next.d. remove .fi/.nf as they are handled by gen.pl + + Closes #8228 + +- gen.pl: terminate "example" sections better + + If the example (section that is prefixed with spaces) ends the + description gen.pl would previously miss to output the terminating .fi + + Closes #8228 + +- [Satadru Pramanik brought this change] + + curl-functions.m4: fix LIBRARY_PATH adjustment to avoid eval + + $$ usage in a m4 file introduces the PID in linux. + Instead, just duplicate previous working code with a case switch. + + Fixes #8229 + Closes #8230 + Version 7.81.0 (5 Jan 2022) Daniel Stenberg (5 Jan 2022) @@ -457,7 +2332,7 @@ Daniel Stenberg (13 Dec 2021) Closes #8137 -- [x2018 brought this change] +- [Xiaoke Wang brought this change] sha256/md5: return errors when init fails @@ -761,7 +2636,7 @@ Jay Satiro (2 Dec 2021) Prior to this change the fingerprint was mistakenly printed in binary. Daniel Stenberg (1 Dec 2021) -- [x2018 brought this change] +- [Xiaoke Wang brought this change] openssl: check the return value of BIO_new() @@ -1698,7 +3573,7 @@ Daniel Stenberg (29 Oct 2021) Closes #7885 -- [x2018 brought this change] +- [Xiaoke Wang brought this change] url: check the return value of curl_url() @@ -5855,2086 +7730,3 @@ Daniel Stenberg (14 Jun 2021) Later scan-builds don't claim this on the same code. Closes #7248 - -- asyn-ares: remove check for 'data' in Curl_resolver_cancel - - It implied it would survive a NULL in there which it won't. Instead do - an assert. - - Pointed out by scan-build. - - Closes #7248 - -- url.c: remove two variable assigns that are never read - - Pointed out by scan-build - - Closes #7248 - -- [Gealber Morales brought this change] - - mqtt: add support for username and password - - Minor-edits-by: Daniel Stenberg - Added test 2200 to 2205 - - Closes #7243 - -- travis: remove the arm job - - We do it on circle CI instead - -- CI: add .circleci/config.yml - - Assisted-by: Gabriel Simmer - - Closes #7239 - -- RELEASE-NOTES: synced - -- runtests: init $VERSION to avoid warnings when using -l - -- openssl: don't remove session id entry in disassociate - - When a connection is disassociated from a transfer, the Session ID entry - should remain. - - Regression since 7f4a9a9 (shipped in libcurl 7.77.0) - Reported-by: Gergely Nagy - Reported-by: Paul Groke - - Fixes #7222 - Closes #7230 - -- single_transfer: ignore blank --output-dir - - ... as otherwise it creates a rather unexpected target directory with a - leading slash. - - Reported-by: Harry Sintonen - Fixes #7218 - Closes #7233 - -- tests: update README about servers and port numbers - - Closes #7242 - -- conn_shutdown: if closed during CONNECT cleanup properly - - Reported-by: Alex Xu - Reported-by: Phil E. Taylor - - Fixes #7236 - Closes #7237 - -- [Christian Weisgerber brought this change] - - sws: malloc request struct instead of using stack - - ... 2MB requests is otherwise just too big for some systems. - - (The allocations are not freed properly.) - - Bug: https://curl.se/mail/lib-2021-06/0018.html - - Closes #7235 - -- [Mark Swaanenburg brought this change] - - lib: don't compare fd to FD_SETSIZE when using poll - - FD_SETSIZE is irrelevant when using poll. So ensuring that the file - descriptor is smaller than FD_SETSIZE in VALID_SOCK, can cause - multi_wait to ignore perfectly valid file descriptors and simply wait - for 1s to avoid hammering the CPU in a busy loop. - - Fixes #7240 - Closes #7241 - -- [zhangxiuhua brought this change] - - doh: fix wrong DEBUGASSERT for doh private_data - - Closes #7227 - -- [yb999 brought this change] - - tests: update README.md with a missing single quote - - Closes #7231 - -- GHA: run all tests for hyper too - - As it lists disabled ones in DISABLED now - - Closes #7209 - -- tests/data/DISABLED: add tests not working with hyper - - The goal is to remove them all from here over time. - - Closes #7209 - -- runtests: also find the last test in Makefile.inc - - Closes #7209 - -- test3010: work with hyper mode - - Closes #7209 - -- configure: disable RTSP when hyper is selected - - Makes test 1013 work - - Closes #7209 - -- test1594/1595/1596: fix to work in hyper mode - - Closes #7209 - -- test1438/1457: add HTTP keyword to make hyper mode work - - Closes #7209 - -- test1340/1341: adjusted for hyper mode - - Closes #7209 - -- test1218: adjusted for hyper mode - - Closes #7209 - -- test1216: adjusted for hyper mode - - Closes #7209 - -- test1230: adjust to work in hyper mode - - Closes #7209 - -- c-hyper: abort CONNECT response reading early on non 2xx responses - - Fixes test 493 - - Closes #7209 - -- test434: add HTTP keyword - - Closes #7209 - -- test599: adjusted to work in hyper mode - - Closes #7209 - -- c-hyper: fix the uploaded field in progress callbacks - - Makes test 578 work - - Closes #7209 - -- test566: adjust to work with hyper mode - - Closes #7209 - -- [Fawad Mirza brought this change] - - CURLOPT_WRITEFUNCTION.3: minor update of the example - - Safely avoid chunk.size garbage value if declared non globally. - - Closes #7219 - -- [Bastian Krause brought this change] - - configure: rename get-easy-option configure option to get-easy-options - - "get-easy-options" is the configure option advertised by the help text - anyway, so use that. - - Fixes #7211 - Closes #7213 - - Follow-up to ad691b191 ("configure: added --disable-get-easy-options") - Suggested-by: Daniel Stenberg <daniel@haxx.se> - Signed-off-by: Bastian Krause <bst@pengutronix.de> - -- runtests: skip disabled tests unless -f is used - - To make it easier to write ranges like '115 to 229' without that - explicitly enabling tests that are listed in DISABLED, this makes - runtests always skip disabled tests unless the -f command line option is - used. - - Previously the code attempted to not run such tests, but didn't do it - correctly. - - Closes #7212 - -- [Jun-ya Kato brought this change] - - ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS - - The latest GnuTLS-3.7.2 implements disable switch for TLSv1.3 compatible - mode for middle box but it is enabled by default, which is unnecessary - for QUIC. - - Fixes #6896 - Closes #7202 - -- test644: remove as duplicate of test 587 - - Closes #7208 - -Daniel Gustafsson (8 Jun 2021) -- RELEASE-NOTES: synced - -- cookies: track expiration in jar to optimize removals - - Removing expired cookies needs to be a fast operation since we want to - be able to perform it often and speculatively. By tracking the timestamp - of the next known expiration we can exit early in case the timestamp is - in the future. - - Closes: #7172 - Reviewed-by: Daniel Stenberg <daniel@haxx.se> - -Daniel Stenberg (7 Jun 2021) -- GHA: add several libcurl tests to the hyper job - - 500 to 512 - -- test500: adjust to work with hyper mode - -- c-hyper: support CURLINFO_STARTTRANSFER_TIME - - Closes #7204 - -- c-hyper: support CURLOPT_HEADER - - When enabled, the headers are passed to the body write callback as well. - - Like in test 500 - - Closes #7204 - -- GHA: run the newly fixed tests with hyper - - Closes #7205 - -- test433: adjust for hyper mode - - Closes #7205 - -- test395: hyper cannot work around > 64 bit content-lengths like built-in - - Closes #7205 - -- test394: hyper returns a different error - - Closes #7205 - -- test393: make Content-Length fit within 64 bit for hyper - - Closes #7205 - -- test347: CRLFify to work in hyper mode - - Closes #7205 - -- test339: CRLFify better to work in hyper mode - - Closes #7205 - -- travis: remove the hyper build - -- GHA: add a linux-hyper job - - Closes #7206 - -- test328: avoid a header-looking body to make hyper mode work - - The test still works the same, just modified two bytes in the content. - - Closes #7203 - -- release-notes.pl: also spot common 'closes' typo - -- metalink: remove - - Warning: this will make existing curl command lines that use metalink to - stop working. - - Reasons for removal: - - 1. We've found several security problems and issues involving the - metalink support in curl. The issues are not detailed here. When - working on those, it become apparent to the team that several of the - problems are due to the system design, metalink library API and what - the metalink RFC says. They are very hard to fix on the curl side - only. - - 2. The metalink usage with curl was only very briefly documented and was - not following the "normal" curl usage pattern in several ways, making - it surprising and non-intuitive which could lead to further security - issues. - - 3. The metalink library was last updated 6 years ago and wasn't so - active the years before that either. An unmaintained library means - there's a security problem waiting to happen. This is probably reason - enough. - - 4. Metalink requires an XML parsing library, which is complex code (even - the smaller alternatives) and to this day often gets security - updates. - - 5. Metalink is not a widely used curl feature. In the 2020 curl user - survey, only 1.4% of the responders said that they'd are using it. In - 2021 that number was 1.2%. Searching the web also show very few - traces of it being used, even with other tools. - - 6. The torrent format and associated technology clearly won for - downloading large files from multiple sources in parallel. - - Cloes #7176 - -- docs/INSTALL: remove mentions of configure --with-darwin-ssl - - ... as it isn't supported since a while back. - - Make configure fail with a warning if used. - - Reported-by: Vadim Grinshpun - Bug: https://curl.se/mail/lib-2021-06/0008.html - Closes #7200 - -- RELEASE-NOTES: synced - -- [Gregor Jasny brought this change] - - cmake: Avoid leaking absolute paths into exported config - - The `find_libarary` command resolves the library or framework - into an absolute path. In case of system frameworks which are - located within an Xcode-provided SDK this results in the Xcode - path and SDK version being part of the library path. - - Because those library paths end up in the exported CMake config - importing curl will fail once the Xcode location or SDK version - changes: - - ```cmake - set_target_properties(CURL::libcurl PROPERTIES - INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include" - INTERFACE_LINK_LIBRARIES "lber;ldap;/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk/System/Library/Frameworks/SystemConfiguration.framework;OpenSSL::SSL;OpenSSL::Crypto;ZLIB::ZLIB" - ) - ``` - - A work-around is to link against system-level frameworks with - `-framework XYZ`. In case of `SystemConfiguration` we might be able - to omit the lookup-check because we could assume the framework is - always present. - - Closes #7152 - -- [Shikha Sharma brought this change] - - http2_connisdead: handle trailing GOAWAY better - - When checking the connection the input processing returns error - immediately, we now consider that a dead connnection. - - Bug: https://curl.se/mail/lib-2021-06/0001.html - Closes #7192 - -- [Dmitry Karpov brought this change] - - ares: always store IPv6 addresses first - - Trying dual-stack on some embedded platform, I noticed that quite - frequently (20%) libCurl starts from IPv4 regardless the Happy Eyeballs - timeout value. After debugging this issue, I noticed that this happens - if c-ares resolver response for IPv6 family comes before IPv4 (which was - randomly happening in my tests). - - In such cases, because libCurl puts the last resolver response on top of - the address list, when IPv4 resolver response comes after IPv6 one - the - IPv4 family starts the connection phase instead of IPv6 family. - - The solution for this issue is to always put IPv6 addresses on top of - the address list, regardless the order of resolver responses. - - Bug: https://curl.se/mail/lib-2021-06/0003.html - - Closes #7188 - -- Revert "Revert "socketpair: fix potential hangs"" - - This reverts commit 3e70c3430a370a31eff2c1d8fea29edaca8f1127. - - Thus brings back the change from #7144 as was originally landed in - c769d1eab4de8b - - Closes #7144 (again) - -- [Ebe Janchivdorj brought this change] - - schannel: move code out of SChannel_connect_step1 - - Reviewed-by: Marc Hoersken - Closes #7168 - -- tests/data/Makefile.inc: error: trailing backslash on last line - - Follow-up to d8dcb399b8009d - -- TODO: Support rate-limiting for MQTT - -- [Dmitry Kostjuchenko brought this change] - - warnless: simplify type size handling - - By using sizeof(T), existing defines and relying on the compiler to - define the required signed/unsigned mask. - - Closes #7181 - -Gisle Vanem (4 Jun 2021) -- [Win32] Fix for USE_WATT32 - - My Watt-32 tcp/ip stack works on Windows but it does not have `WSAIoctl()` - -Daniel Stenberg (4 Jun 2021) -- [Alexis Vachette brought this change] - - url: bad CURLOPT_CONNECT_TO syntax now returns error - - Added test 3020 to verify - - Closes #7183 - -- github: remove the cmake macOS gcc-8 jobs - - They're too similar to the gcc-9 ones to be useful (and seems to not - work anymore). - - Closes #7187 - -- test269: disable for hyper - - --ignore-content-length / CURLOPT_IGNORE_CONTENT_LENGTH doesn't work - with hyper. - - Closes #7184 - -- runtests: enable 'hyper mode' only for HTTP tests - - The 'hyper mode' makes line-ending checks work in the test suite for - when hyper is used. Now it also requires that HTTP or HTTPS are - mentioned as keywords to be enabled so that it doesn't wrongly adjusts - tests for other protocols. - - This makes test 271 (TFTP) work again in hyper enabled builds. - - Closes #7185 - -- [Alexis Vachette brought this change] - - hostip: bad CURLOPT_RESOLVE syntax now returns error - - Added test 3019 - Fixes #7170 - Closes #7174 - -Daniel Gustafsson (3 Jun 2021) -- cookies: fix typo and expand comment - - Fix a typo in the sorting comment, and while in there elaborate slightly - on why creationtime can be used as a tiebreaker. - -- cookies: remove unused header - - Commit 1c1d9f1affbd3367bcb24062e261d0ea5d185e3a removed the last use - for the inet_pton.h headerfile, this removes the inclusion of the - header. - - Closes: #7182 - Reviewed-by: Daniel Stenberg <daniel@haxx.se> - -Daniel Stenberg (3 Jun 2021) -- Revert "socketpair: fix potential hangs" - - This reverts commit c769d1eab4de8b9f1bd84d992c63692fdc43c5be. - - See #7144 for details - -- [Paul Groke brought this change] - - socketpair: fix potential hangs - - Fixes potential hang in accept by using select + non-blocking accept. - - Fixes potential hang in peer check by replacing the send/recv check with - a getsockname/getpeername check. - - Adds length check for returned sockaddr data. - - Closes #7144 - -- runtests: parse data/Makefile.inc instead of using make - - The warning about missing entries in that file then doesn't require that - the Makefile has been regenerated which was confusing. - - The scan for the test num is a little more error prone than before - (since now it doesn't actually verify that it is legitimate Makefile - syntax), but I think it is good enough. - - Closes #7177 - -- [Harry Sintonen brought this change] - - filecheck: quietly remove test-place/*~ - - Closes #7179 - -- CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax - - For options that pass in lists or strings that are subsequently parsed - and must be correct. This broadens the scope for the option previously - known as CURLE_TELNET_OPTION_SYNTAX but the old name is of course still - provided as a #define for existing applications. - - Closes #7175 - -- tests: fix Accept-Encoding strips to work with Hyper builds - - The previous strip also removed the CR which turned problematic. - - valgrind.supp: add zstd suppression using hyper - - Reported-and-analyzed-by: Kevin Burke - Fixes #7169 - Closes #7171 - -- github: timeout jobs on macOS after 90 minutes - - Assisted-by: Marc Hoersken - Closes #7173 - -- [Harry Sintonen brought this change] - - mqtt: detect illegal and too large file size - - Add test 3017 and 3018 to verify. - Closes #7166 - -- [Abhinav Singh brought this change] - - cmake: add CURL_DISABLE_NTLM option - - Closes #7028 - -- [Abhinav Singh brought this change] - - configure: add --disable-ntlm option - - Closes #7028 - -- [Abhinav Singh brought this change] - - define: re-add CURL_DISABLE_NTLM and corresponding ifdefs - - This flag will be further exposed by adding build options. - - Reverts #6809 - Closes #7028 - -- RELEASE-NOTES: synced - -Viktor Szakats (1 Jun 2021) -- travis: delete --enable-hsts option (it is the default now) [ci skip] - - Reviewed-by: Daniel Stenberg - Closes #7167 - -Daniel Stenberg (1 Jun 2021) -- hostip: fix 3 coverity complaints - - Follow-up to 1a0ebf6632f889eed - - - Check the return code to Curl_inet_pton() in two instances, even - though we know the input is valid so the functions won't fail. - - - Clear the 'struct sockaddr_in' struct before use so that the - 'sin_zero' field isn't left uninitialized. - - Detected by Coverity. - Assisted-by: Harry Sintonen - Closes #7163 - -- c-hyper: fix NTLM on closed connection tested with test159 - - Closes #7154 - -- conncache: lowercase the hash key for better match - - As host names are case insensitive, the use of case sensitive hashing - caused unnecesary cache misses and therefore lost performance. This - lowercases the hash key. - - Reported-by: Harry Sintonen - Fixes #7159 - Closes #7161 - -- mbedtls: make mbedtls_strerror always work - - If the function doesn't exist, provide a macro that just clears the - error message. Removes #ifdef uses from the code. - - Closes #7162 - -- vtls: exit addsessionid if no cache is inited - - Follow-up to b249592d29ae0 - - Avoids NULL pointer derefs. - - Closes #7165 - -- [Harry Sintonen brought this change] - - Curl_ntlm_core_mk_nt_hash: fix OOM in error path - - Closes #7164 - -Michael Kaufmann (1 Jun 2021) -- ssl: read pending close notify alert before closing the connection - - This avoids a TCP reset (RST) if the server initiates a connection - shutdown by sending an SSL close notify alert and then closes the TCP - connection. - - For SSL connections, usually the server announces that it will close the - connection with an SSL close notify alert. curl should read this alert. - If curl does not read this alert and just closes the connection, some - operating systems close the TCP connection with an RST flag. - - See RFC 1122, section 4.2.2.13 - - If curl reads the close notify alert, the TCP connection is closed - normally with a FIN flag. - - The new code is similar to existing code in the "SSL shutdown" function: - try to read an alert (non-blocking), and ignore any read errors. - - Closes #7095 - -Daniel Stenberg (1 Jun 2021) -- [Laurent Dufresne brought this change] - - setopt: fix incorrect comments - - Closes #7157 - -- [Laurent Dufresne brought this change] - - mbedtls: add support for cert and key blob options - - CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB weren't usable with - mbedtls backend, so the support was added. - - Closes #7157 - -- [Gregor Jasny brought this change] - - cmake: try well-known send/recv signature for Apple - - The CMake `try_compile` command is especially slow for - the Xcode generator. With this patch applied it first tests - for the currently used (and Open Group specified) send/recv - signature. In case this fails testing falls-back to the - permutations. - - speed-up: - - ``` - time cmake .. -GNinja -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -DCMAKE_USE_LIBSSH2=OFF - before: 11.64s user 11.09s system 55% cpu 40.754 total - after: 7.84s user 6.57s system 51% cpu 28.074 total - ``` - - ``` - time cmake .. -GXcode -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -DCMAKE_USE_LIBSSH2=OFF - before: 217.07s user 104.15s system 60% cpu 8:51.79 total - after: 108.76s user 51.80s system 58% cpu 4:32.58 total - ``` - - Closes #7158 - -- http2: init recvbuf struct for pushed streams - - Debug builds would warn that these structs were not initialized properly - for pushed streams. - - Ref: #7148 - Closes #7153 - -- Curl_ssl_getsessionid: fail if no session cache exists - - This function might get called for an easy handle for which the session - cache hasn't been setup. It now just returns a "miss" in that case. - - Reported-by: Christoph M. Becker - Fixes #7148 - Closes #7153 - -- GOVERNANCE: add 'user', 'committer' and 'contributor' - - As those are commonly used terms in the project. - - Closes #7151 - -- URL-SYNTAX.md: document the new 'localhost' treatment - -- hostip: make 'localhost' return fixed values - - Resolving the case insensitive host name 'localhost' now returns the - addresses 127.0.0.1 and (if IPv6 is enabled) ::1 without using any - resolver. - - This removes the risk that users accidentally resolves 'localhost' to - something else. By making sure 'localhost' is always local, we can - assume a "secure context" for such transfers (for cookies etc). - - Closes #7039 - -Daniel Gustafsson (31 May 2021) -- docs: fix typos - -Daniel Stenberg (30 May 2021) -- hsts: ignore numberical IP address hosts - - Also, use a single function library-wide for detecting if a given hostname is - a numerical IP address. - - Reported-by: Harry Sintonen - Fixes #7146 - Closes #7149 - -- test178: adjust for hyper - - Hyper returns the same error for wrong HTTP version as for negative - content-length. Test 178 verifies that negative content-length is - rejected but the hyper backend will return a different error for it (and - without any helpful message telling why the message was bad). It will - also not return any headers at all for the response, not even the ones - that arrived before the error. - - Closes #7147 - -- HYPER: remove mentions of deprecated development branch - -- c-hyper: handle NULL from hyper_buf_copy() - - Closes #7143 - -- HSTS: not experimental anymore - -- [Douglas R. Reno brought this change] - - INSTALL: use correct extension for CURL-DISABLE.md - - In INSTALL.MD, it's currently set to CURL-DISABLE-md instead of - CURL-DISABLE.md. This generates a 404 on the cURL website as well as - when viewing the docs through Github. - - Closes #7142 - -- travis: run tests 1 - 153 with hyper - -- c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL - - Makes test 129 work (HTTP/1.2 response). - - Closes #7141 - -- http_proxy: deal with non-200 CONNECT response with Hyper - - Makes test 94 and 95 work - - Closes #7141 - -- c-hyper: clear NTLM auth buffer when request is issued - - To prevent previous ones to get reused on subsequent requests. Matches - how the built-in HTTP code works. Makes test 90 to 93 work. - - Add test 90 to 93 in travis. - - Closes #7139 - -- [Joel Depooter brought this change] - - schannel: set ALPN length correctly for HTTP/2 - - In a3268eca792f1 this code was changed to use the ALPN_H2 constant - instead of the NGHTTP2_PROTO_ALPN constant. However, these constants are - not the same. The nghttp2 constant included the length of the string, - like this: "\x2h2". The ALPN_H2 constant is just "h2". Therefore we need - to re-add the length of the string to the ALPN buffer. - - Closes #7138 - -- travis: run tests 1-89 in the hyper build - - Closes #7137 - -- Revert "c-hyper: handle body on HYPER_TASK_EMPTY" - - This reverts commit c3eefa95c31f55657f0af422e8268d738f689066. - - Reported-by: Kevin Burke - Fixes #7122 - Closes #7136 - -- [Jon Rumsey brought this change] - - ccsidcurl: fix the compile errors - - Looks like the declaration of cpp shoule be const char ** and return - null if convert_version_info_string fails. - - Fixes #7134 - Closes #7135 - -- [Viktor Szakats brought this change] - - docs: use --max-redirs instead of --max-redir - - For consistency. - - Closes #7130 - -- RELEASE-NOTES: synced - - ... and bump to 7.77.1 - -- [Michael Forney brought this change] - - travis: add bearssl build - - Closes #7133 - -- [Michael Forney brought this change] - - bearssl: explicitly initialize all fields of Curl_ssl - - Also, add comments like the other vtls backends. - - Closes #7133 - -- [Michael Forney brought this change] - - bearssl: remove incorrect const on variable that is modified - - hostname may be set to NULL later on in this function if it is an - IP address. - - Closes #7133 - -Version 7.77.0 (26 May 2021) - -Daniel Stenberg (26 May 2021) -- RELEASE-NOTES: synced - -- THANKS: added contributors from 7.77.0 cycle - -- copyright: update copyright year ranges to 2021 - -- [Radek Zajic brought this change] - - hostip: fix broken macOS/CMake/GCC builds - - Follow-up to 31f631a142d855f06 - - Fixes #7128 - Closes #7129 - -- TODO: netrc caching and sharing - - URL: https://curl.se/mail/archive-2021-05/0018.html - -- [Orgad Shaneh brought this change] - - setopt: streamline ssl option code - - Make it use the same style as the code next to it - - Closes #7123 - -- [Radek Zajic brought this change] - - lib/hostip6.c: make NAT64 address synthesis on macOS work - - Closes #7121 - -- [ejanchivdorj brought this change] - - sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer - - When the SecCertificateCopyCommonName function fails, it leaves - common_name in a invalid state so CFStringCompare uses the invalid - result, causing EXC_BAD_ACCESS. - - The fix is to check the return value of the function before using the - name. - - Closes #7126 - -- [PaweÅ‚ Wegner brought this change] - - CMake: add CURL_ENABLE_EXPORT_TARGET option - - install(EXPORT ...) causes trouble when embedding curl dependencies - which don't provide install(EXPORT ...) targets (e.g libressl and - nghttp2) with cmake's add_subdirectory. - - Reviewed-by: Jakub Zakrzewski - Closes #7060 - -- [Alessandro Ghedini brought this change] - - quiche: update for network path aware API - - Latest version of quiche requires the application to pass the peer - address of received packets, and it provides the address for outgoing - packets back. - - Closes #7120 - -- [Jacob Hoffman-Andrews brought this change] - - rustls: switch read_tls and write_tls to callbacks - - And update to 0.6.0, including a rename from session to connection for - many fields. - - Closes #7071 - -- [Koichi Shiraishi brought this change] - - sectransp: fix 7f4a9a9b2a49 commit about missing comma - - Follow-up to 7f4a9a9b2a495 - - Closes #7119 - -- [Harry Sintonen brought this change] - - openssl: associate/detach the transfer from connection - - CVE-2021-22901 - - Bug: https://curl.se/docs/CVE-2021-22901.html - -- [Harry Sintonen brought this change] - - telnet: check sscanf() for correct number of matches - - CVE-2021-22898 - - Bug: https://curl.se/docs/CVE-2021-22898.html - -- schannel: don't use static to store selected ciphers - - CVE-2021-22897 - - Bug: https://curl.se/docs/CVE-2021-22897.html - -- docs/tests: remove freenode references - -- RELEASE-NOTES: synced - -- [Sergey Markelov brought this change] - - NSS: make colons, commas and spaces valid separators in cipher list - - Fixes #7110 - Closes #7115 - -- curl: include libmetalink version in --version output - - Closes #7112 - -Jay Satiro (21 May 2021) -- [Matias N. Goldberg brought this change] - - cmake: Use multithreaded compilation on VS 2008+ - - Multithreaded compilation has been supported since at least VS 2005 and - been robustly stable since at least VS 2008 - - Closes https://github.com/curl/curl/pull/7109 - -Daniel Stenberg (21 May 2021) -- [Matias N. Goldberg brought this change] - - cmake: fix two invokes result in different curl_config.h - - Fixes #7100 - Closes #7101 - - Reviewed-by: Jakub Zakrzewski - Signed-off-by: Matias N. Goldberg <dark_sylinc@yahoo.com.ar> - -- [Peng-Yu Chen brought this change] - - cmake: detect CURL_SA_FAMILY_T - - Fixes #7049 - Closes #7065 - -- [Lucas Clemente Vella brought this change] - - CURLOPT_IPRESOLVE: preventing wrong IP version from being used - - In some situations, it was possible that a transfer was setup to - use an specific IP version, but due do DNS caching or connection - reuse, it ended up using a different IP version from requested. - - This commit changes the effect of CURLOPT_IPRESOLVE from simply - restricting address resolution to preventing the wrong connection - type being used, when choosing a connection from the pool, and - to restricting what addresses could be used when establishing - a new connection. - - It is important that all addresses versions are resolved, even if - not used in that transfer in particular, because the result is - cached, and could be useful for a different transfer with a - different CURLOPT_IPRESOLVE setting. - - Closes #6853 - -- [Oliver Urbann brought this change] - - AmigaOS: add functions definitions for SHA256 - - AmiSSL replaces many functions with macros. Curl requires pointer - to some of these functions. Thus, we have to encapsulate these macros: - SHA256_Init, SHA256_Update, SHA256_Final, X509_INFO_free. - - Bug: https://github.com/jens-maus/amissl/issues/15 - Co-authored-by: Daniel Stenberg <daniel@haxx.se> - - Closes #7099 - -- test2100: make it run with and require IPv6 - - Closes #7083 - -- tests/getpart: generate output URL encoded for better diffs - - Closes #7083 - -- [Ryan Beck-Buysse brought this change] - - docs/TheArtOfHttpScripting: fix markdown links - - extra parens cause the links to be incorrectly formatted - and inconsistent with the rest of the document. - - Signed-off-by: Ryan Beck-Buysse <rbuysse@gmail.com> - Closes #7097 - -- RELEASE-NOTES: synced - -- [Emil Engler brought this change] - - docs: replace dots with dashes in markdown enums - - We use dashes instead of dots nearly everywhere except for those few - cases. This commit addresses this issues and brings more coherency into - it. - - Closes #7093 - -- [Emil Engler brought this change] - - docs: improve INTERNALS.md regarding getsock cb - - This adds the I/O prefix to indicate that those "actions" are kind-of - related to those found in select(2) or poll(2) (reading/writing). - - It also adds a note where the prototypes of those functions can be found - in the source code. - - Closes #7092 - -- [Emil Engler brought this change] - - docs: document attach in INTERNALS.md - - The new field in the Curl_handler struct still lacks documentation. This - adds it it from the information extracted from lib/urldata.h:797 - - Closes #7091 - -- [Marc Aldorasi brought this change] - - config: remove now-unused macros - - Closes #7094 - -- [Marc Aldorasi brought this change] - - hostip.h: remove declaration of unimplemented function - - Closes #7094 - -- h3: add 'attach' callback to protocol handlers - - Follow-up to 0c55fbab45be - - Reviewed-by: Emil Engler - Closes #7090 - -- wolfssl: remove SSLv3 support leftovers - - Closes #7088 - -- curl-wolfssl.m4: without custom include path, assume /usr/include - - ... so that we can point out the root of the OpenSSL emulation headers. - Previously this used the '$includedir' variable which is wrong since - that defaults to the dir where the current configure invoke will install - the built libcurl headers: /usr/local by default. - - Fixes #7085 - Reported-by: Joel Jakobsson - Closes #7087 - -- [Joel Depooter brought this change] - - data_pending: check only SECONDARY socket for FTP(S) transfers - - Check the FIRST for all other protocols. - - This fixes a timeout in an ftps download. The server sends a TLS - close_notify message in the same packet as the file data. The - close_notify seems to not be handled in the schannel_recv function, so - libcurl is not aware that the server has closed the connection. Thus - libcurl ends up waiting for action on the socket until a timeout is - reached. With the secondary socket check added to the data_pending - function, the close_notify is properly handled, and the ftps transfer - terminates as expected. - - Fixes #7068 - Closes #7069 - -- github: inhibit deprecated declarations for clang on macOS - - ... as they otherwise cause ldap build errors in the CI. - - Fixes #7081 - Closes #7082 - -- conn: add 'attach' to protocol handler, make libssh2 use it - - The libssh2 backend has SSH session associated with the connection but - the callback context is the easy handle, so when a connection gets - attached to a transfer, the protocol handler now allows for a custom - function to get used to set things up correctly. - - Reported-by: Michael O'Farrell - Fixes #6898 - Closes #7078 - -- http2: make sure pause is done on HTTP - - Since the function is called for any protocol, we can't assume that the - HTTP struct is there without first making sure it is HTTP. - - Reported-by: Denis Goleshchikhin - Fixes #7079 - Closes #7080 - -- docs: cookies from HTTP headers need domain set - - ... or the cookies won't get sent. Push users to using the "Netscape" - format instead, which curl uses when saving a cookie "jar". - - Reported-by: Martin Dorey - Reviewed-by: Daniel Gustafsson - Fixes #6723 - Closes #7077 - -- RELEASE-NOTES: synced - -- github: add a workflow with libssh2 on macOS using cmake - - Closes #7047 - -- sws: allow HTTP requests up to 2MB in size - - To allow tests with slightly larger payloads. Like #7071 ... - - Closes #7075 - -Marc Hoersken (16 May 2021) -- CI/azure: increase verbosity and fix outdated task names - - Closes #7063 - -- CI/cirrus: add shared and static Windows release builds - - Azure Pipelines is currently being used for debug builds, - let's also run some non-debug (release) Windows builds and - make use of previously underutilized Cirrus CI for that. - - Reviewed-by: Marcel Raad - - Closes #6991 - -Daniel Stenberg (16 May 2021) -- CURLOPT_CAPATH.3: defaults to a path, not NULL - - Reported-by: Andrew Barnert - - Closes #7062 - -- [Jacob Hoffman-Andrews brought this change] - - c-hyper: handle body on HYPER_TASK_EMPTY - - Some of the time, we get a HYPER_TASK_EMPTY response before the status - line, headers, and body have been read. Previously, that would cause us - to poll again, leading to a 1 second timeout. - - The HYPER_TASK_EMPTY docs say: - - The value of this task is null (does not imply an error). - - So, if we receive a HYPER_TASK_EMPTY, continue on with processing the - response. - - Reported-by: Kevin Burke - Fixes #7064 - Closes #7070 - -- [Ikko Ashimine brought this change] - - tool_getparam: fix comment typo in tool_getparam.c - - enfore -> enforce - - Closes #7074 - -- mem-include-scan.pl: require a non-word letter before memory funcs - - ... so that ldap_memfree() for example doesn't match the scan for free. - - Closes #7061 - -- version: free the openldap info correctly - - ... to avoid memory leaks. - - Follow-up to: bf0feae7768d9 - Closes #7061 - -- dupset: remove totally off comment - - Closes #7067 - -- configure: if asked for, fail if ldap is not found - - Reported-by: Jakub Zakrzewski - Fixes #7053 - Closes #7055 - -- version: add OpenLDAP version in the output - - Assisted-by: Howard Chu - Closes #7054 - -Jay Satiro (13 May 2021) -- [Joel Depooter brought this change] - - schannel: Ensure the security context request flags are always set - - As of commit 54e7475, these flags would only be set when using a new - credential handle. When re-using an existing credential handle, the - flags would not be set. - - Closes https://github.com/curl/curl/pull/7051 - -Dan Fandrich (12 May 2021) -- tests: Fix some tag matching issues in a number of tests - -Daniel Stenberg (12 May 2021) -- sasl: use 'unsigned short' to store mechanism - - ... saves a few bytes of struct size in memory and it only uses - 10 bits anyway. - - Closes #7045 - -- hostip: remove the debug code for LocalHost - - The Curl_resolv() had special code (when built in debug mode) for when - resolving the host name "LocalHost" (using that exact casing). It would - then get the host name from the --interface option instead. - - This development-only feature was not used by anything (anymore) and we - have the --resolve feature if we want to play similar tricks properly - going forward. - - Closes #7044 - -- progress: reset limit_size variables at transfer start - - Otherwise the old value would linger from a previous use and would mess - up the network speed cap logic. - - Reported-by: Ymir1711 on github - - Fixes #7042 - Closes #7043 - -- RELEASE-NOTES: synced - -- [Daniel Gustafsson brought this change] - - cookies: use CURLcode for cookie_output reporting - - Writing the cookie file has multiple error conditions, and was using an - int with magic numbers to report the different error (which in turn were - disregarded anyways). This moves reporting to use a CURLcode value. - - Lightly-touched-by: Daniel Stenberg - - Closes #7037 - Closes #6749 - -- [Daniel Gustafsson brought this change] - - cookies: make use of string duplication function - - strstore() is defined as a strdup which ensures to free the target - pointer before duping the source char * into it. Make use of it in - two more cases where it can simplify the code. - -- [Daniel Gustafsson brought this change] - - cookies: refactor comments - - Comments in the cookie code were a bit all over the place in terms of - style and wording. This takes a stab at cleaning them up by keeping to - a single style and overall shape. Some comments are moved a little and - some removed alltogether due to being redundant. No functional changes - have been made, - -- [Peng-Yu Chen brought this change] - - http2: skip immediate parsing of payload following protocol switch - - This is considered not harmful as a following http2_recv shall be - called very soon. - - This is considered helpful in the specific situation where some - servers (e.g. nghttpx v1.43.0) may fulfill stream 1 immediately - following the return of HTTP status 101, other than waiting for - the client-side connection preface to arrive. - - Fixes #7036 - Closes #7040 - -- [Peng-Yu Chen brought this change] - - http2: use nghttp2_session_upgrade2 instead of nghttp2_session_upgrade - - Following the upstream deprecation of nghttp2_session_upgrade. - - Also provides further checks for requests with the HEAD method. - - Closes #7041 - -- progress/trspeed: use a local convenient pointer to beautify code - - The function becomes easier to read and understand with less repetition. - -- trspeed: use long double for transfer speed calculation - -- progress: move transfer speed calc into function - - This silences two scan-build-11 warnings: "The result of the '/' - expression is undefined" - - Bug: https://curl.se/mail/lib-2021-05/0022.html - Closes #7035 - -- [Cameron Cawley brought this change] - - openssl: remove unneeded cast for CertOpenSystemStore() - - Closes #7025 - -- travis: disable the libssh build - - It can't run on focal and causes warnings on bionic. Since the focal - failure started rather suddenly a while ago, we can suspect it might be - temporary. - - Added "bring back the build" to the TODO document. - - Fixes #7011 - Closes #7012 - -- [Peng-Yu Chen brought this change] - - http: use calculated offsets inst of integer literals for header parsing - - Assumed to be a minor coding style improvement with no behavior change. - - A modern compiler is expected to have the calculation optimized during - compilation. It may be deemed okay even if that's not the case, since - the added overhead is considered very low. - - Closes #7032 - -- [Peng-Yu Chen brought this change] - - GIT-INFO: suggest using autoreconf instead of buildconf - - Follow-up to 85868537d - - Closes #7033 - -- http: deal with partial CONNECT sends - - Also added 'CURL_SMALLSENDS' to make Curl_write() send short packets, - which helped verifying this even more. - - Add test 363 to verify. - - Reported-by: ustcqidi on github - Fixes #6950 - Closes #7024 - -- HTTP3: make the ngtcp2 build use the quictls fork - - ... as ngtcp2 itself documents the build this way. - - Closes #7031 - -- http: limit the initial send amount to used upload buffer size - - Previously this logic would cap the send to CURL_MAX_WRITE_SIZE bytes, - but for the situations where a larger upload buffer has been set, this - function can benefit from sending more bytes. With default size used, - this does the same as before. - - Also changed the storage of the size to an 'unsigned int' as it is not - allowed to be set larger than 2M. - - Also added cautions to the man pages about changing buffer sizes in - run-time. - - Closes #7022 - -- RELEASE-NOTES: synced - -- ngtcp2: fix the cb_acked_stream_data_offset proto - - The 'datalen' value should be 64 bit, not size_t! - - Reported-by: Dmitry Karpov - Bug: https://curl.se/mail/lib-2021-05/0019.html - Closes #7027 - -- progress: when possible, calculate transfer speeds with microseconds - - ... this improves precision, especially for transfers in the few or even - sub millisecond range. - - Reported-by: J. Bromley - Fixes #7017 - Closes #7020 - -- http: reset the header buffer when sending the request - - A reused transfer handle could otherwise reuse the previous leftover - buffer and havoc would ensue. - - Reported-by: sergio-nsk on github - Fixes #7018 - Closes #7021 - -- curl_mprintf.3: add description - - These functions have existed in the API since the dawn of time. It is - about time we describe how they work, even if we discourage users from - using them. - - Closes #7010 - -- [Timothy Gu brought this change] - - URL-SYNTAX: update IDNA section for WHATWG spec changes - - WHATWG URL has dictated the use of Nontransitional Processing (IDNA - 2008) for several years now. Chrome (and derivatives) still use - Transitional Processing, but Firefox and Safari have both switched. - - Also document the fact that winidn functions differently from libidn2 - here. - - Closes #7026 - -- [Calvin Buckley brought this change] - - INSTALL: add IBM i specific quirks - - Fixes #6830 - Closes #7013 - -- libcurl.3: mention the URL API - - To make it easier to find. Also a minor polish of libcurl-url.3 - - Closes #7009 - -- GnuTLS: don't allow TLS 1.3 for versions that don't support it - - Follow-up to 781864bedbc5 - - ... as they don't understand it and will return error at us! - - Closes #7014 - -Kamil Dudka (6 May 2021) -- tool_getparam: handle failure of curlx_convert_tchar_to_UTF8() - - Reported by GCC analyzer: - - Error: GCC_ANALYZER_WARNING (CWE-476): - src/tool_getparam.c: scope_hint: In function 'parse_args' - src/tool_getparam.c:2318:38: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'orig_opt' - lib/curlx.h:56: included_from: Included from here. - src/tool_getparam.c:28: included_from: Included from here. - lib/curl_multibyte.h:70:51: note: in definition of macro 'curlx_convert_tchar_to_UTF8' - src/tool_getparam.c:2316:16: note: in expansion of macro 'curlx_convert_tchar_to_UTF8' - - Reviewed-by: Marcel Raad - Reviewed-by: Daniel Stenberg - Closes #7023 - -Daniel Stenberg (6 May 2021) -- scripts/delta: also show total number of days - -Marc Hoersken (5 May 2021) -- sockfilt: fix invalid increment of handles index variable nfd - - Only increment the array index if we actually stored a handle. - - Follow up to e917492048f4b85a0fd58a033d10072fc7666c3b - Closes #6992 - -- sockfilt: avoid getting stuck waiting for writable socket - - Reset FD_WRITE event using the same approach as in multi.c - - Follow up to b36442b24305f3cda7c13cc64b46838995a4985b - Closes #6992 - -Jay Satiro (5 May 2021) -- test678: Fix for Windows multibyte builds - - Follow-up to 77fc385 from yesterday. - - Bug: https://github.com/curl/curl/pull/6662#issuecomment-832966557 - Reported-by: Marc Hörsken - -- [Dmitry Kostjuchenko brought this change] - - build: fix compilation for Windows UWP platform - - - Include afunix.h which is necessary for sockaddr_un when - USE_UNIX_SOCKETS is defined on Windows. - - Closes https://github.com/curl/curl/pull/7006 - -Daniel Stenberg (5 May 2021) -- gnutls: make setting only the MAX TLS allowed version work - - Previously, settting only the max allowed TLS version, leaving the - minimum one at default, didn't actually set it and left it to default - (TLS 1.3) too! - - As a bonus, this change also removes the dead code handling of SSLv3 - since that version can't be set anymore (since eff614fb0242cb). - - Reported-by: Daniel Carpenter - Fixes #6998 - Closes #7000 - -- openldap: replace ldap_ prefix on private functions - - Since openldap itself uses that prefix and with OpenĹDAP 2.5.4 (at - least) there's a symbol collision because of that. - - The private functions now use the 'oldap_' prefix where it previously - used 'ldap_'. - - Reported-by: 3eka on github - Fixes #7004 - Closes #7005 - -Jay Satiro (5 May 2021) -- http2: fix potentially uninitialized variable - - introduced several days ago in 3193170. caught by visual studio linker. - -- [Gilles Vollant brought this change] - - SSL: support in-memory CA certs for some backends - - - New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to - specify in-memory PEM certificates for OpenSSL, Schannel (Windows) - and Secure Transport (Apple) SSL backends. - - Prior to this change PEM certificates could only be imported from a file - and not from memory. - - Co-authored-by: moparisthebest@users.noreply.github.com - - Ref: https://github.com/curl/curl/pull/4679 - Ref: https://github.com/curl/curl/pull/5677 - Ref: https://github.com/curl/curl/pull/6109 - - Closes https://github.com/curl/curl/pull/6662 - -Daniel Stenberg (4 May 2021) -- [David Cook brought this change] - - tests: ignore case of chunked hex numbers in tests - - When hyper is used, it emits uppercase hexadecimal numbers for chunked - encoding lengths. Without hyper, lowercase hexadecimal numbers are used. - This change adds preprocessor statements to tests where this is an - issue, and adapts the fixtures to match. - - Closes #6987 - -- cmake: check for getppid and utimes - - ... as they're checked for in the configure script and are used by - source code. - - Removed checks for perror, setvbuf and strlcat since those defines are - not checked for in source code. - - Bonus: removed HAVE_STRLCPY from a few config-*.h files since that - symbol is not used in source code. - - Closes #6997 - -- libtest: remove lib530.c - - Follow up from e50a877df when test 530 was removed. Since then this - source file has not been used/needed. - - Closes #6999 - -- FILEFORMAT: mention sectransp as a feature - - Been supported since at least 40259ca65 - - Closes #7001 - -- RELEASE-NOTES: synced - -- libssh2: ignore timeout during disconnect - - ... to avoid memory leaks! - - libssh2 is tricky as we have to deal with the non-blockiness even in - close and shutdown cases. In the cases when we shutdown after a timeout - already expired, it is crucial that curl doen't let the timeout abort - the shutdown process as that then leaks memory! - - Reported-by: Benjamin Riefenstahl - Fixes #6990 - -- KNOWN_BUGS: add two HTTP/2 bugs - -- KNOWN_BUGS: add three HTTP/3 issues - - ... and moved the HTTP/2 issues to its own section - - Closes #6606 - Closes #6510 - Closes #6494 - -- [ejanchivdorj brought this change] - - CURLcode: add CURLE_SSL_CLIENTCERT - - When a TLS server requests a client certificate during handshake and - none can be provided, libcurl now returns this new error code - CURLE_SSL_CLIENTCERT - - Only supported by Secure Transport and OpenSSL for TLS 1.3 so far. - - Closes #6721 - -- [Tobias Gabriel brought this change] - - .github/FUNDING: add link to GitHub sponsors - - Closes #6985 - -- [Harry Sintonen brought this change] - - krb5/name_to_level: replace checkprefix with curl_strequal - - Closes #6993 - -- [Harry Sintonen brought this change] - - Curl_input_digest: require space after Digest - - Closes #6993 - -- [Harry Sintonen brought this change] - - Curl_http_header: check for colon when matching Persistent-Auth - - Closes #6993 - -- [Harry Sintonen brought this change] - - Curl_http_input_auth: require valid separator after negotiation type - - Closes #6993 - -- http: fix the check for 'Authorization' with Bearer - - The code would wrongly check for it using an additional colon. - - Reported-by: Blake Burkhart - Closes #6988 - -- [Kamil Dudka brought this change] - - http2: fix a resource leak in push_promise() - - ... detected by Coverity: - - Error: RESOURCE_LEAK (CWE-772): - lib/http2.c:532: alloc_fn: Storage is returned from allocation function "duphandle". - lib/http2.c:532: var_assign: Assigning: "newhandle" = storage returned from "duphandle(data)". - lib/http2.c:552: noescape: Resource "newhandle" is not freed or pointed-to in "set_transfer_url". - lib/http2.c:555: leaked_storage: Variable "newhandle" going out of scope leaks the storage it points to. - - Closes #6986 - -- [Kamil Dudka brought this change] - - http2: fix resource leaks in set_transfer_url() - - ... detected by Coverity: - - Error: RESOURCE_LEAK (CWE-772): - lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] - lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". - lib/http2.c:486: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.] - lib/http2.c:488: leaked_storage: Variable "u" going out of scope leaks the storage it points to. - - Error: RESOURCE_LEAK (CWE-772): - lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] - lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". - lib/http2.c:493: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.] - lib/http2.c:495: leaked_storage: Variable "u" going out of scope leaks the storage it points to. - - Error: RESOURCE_LEAK (CWE-772): - lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] - lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". - lib/http2.c:500: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.] - lib/http2.c:502: leaked_storage: Variable "u" going out of scope leaks the storage it points to. - - Error: RESOURCE_LEAK (CWE-772): - lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] - lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". - lib/http2.c:505: noescape: Resource "u" is not freed or pointed-to in "curl_url_get". [Note: The source code implementation of the function has been overridden by a builtin model.] - lib/http2.c:507: leaked_storage: Variable "u" going out of scope leaks the storage it points to. - - Closes #6986 - -- [Jacob Hoffman-Andrews brought this change] - - rustls: use ALPN - - Update required rustls to 0.5.0 - - Closes #6960 - -- [MichaÅ‚ Antoniak brought this change] - - gskit: fix CURL_DISABLE_PROXY build - - Removed localfd and remotefd from ssl_backend_data (ued only with proxy - connection). Function pipe_ssloverssl return always 0, when proxy is not - used. - - Closes #6981 - -- [MichaÅ‚ Antoniak brought this change] - - gskit: fix undefined reference to 'conn' - - Closes #6980 - -- [Jacob Hoffman-Andrews brought this change] - - tls: add USE_HTTP2 define - - This abstracts across the two HTTP/2 backends: nghttp2 and Hyper. - - Add our own define for the "h2" ALPN protocol, so TLS backends can use - it without depending on a specific HTTP backend. - - Closes #6959 - -- [Jacob Hoffman-Andrews brought this change] - - lib: fix 0-length Curl_client_write calls - - Closes #6954 - -- [Jacob Hoffman-Andrews brought this change] - - lib: remove strlen call from Curl_client_write - - At all call sites with an explicit 0 len, pass an appropriate nonzero - len. - - Closes #6954 - -- [Ayushman Singh Chauhan brought this change] - - docs: camelcase it like GitHub everywhere - - Closes #6979 - -Jay Satiro (27 Apr 2021) -- [Lucas Servén MarÃn brought this change] - - docs: fix typo in fail-with-body doc - - This commit fixes a small typo in the documentation for the - --fail-with-body flag. - - Closes https://github.com/curl/curl/pull/6977 - -- lib: fix some misuse of curlx_convert_UTF8_to_tchar - - curlx_convert_UTF8_to_tchar must be freed by curlx_unicodefree, but - prior to this change some uses mistakenly called free. - - I've reviewed all other uses of curlx_convert_UTF8_to_tchar and - curlx_convert_tchar_to_UTF8. - - Bug: https://github.com/curl/curl/pull/6602#issuecomment-825236763 - Reported-by: sergio-nsk@users.noreply.github.com - - Closes https://github.com/curl/curl/pull/6938 - -Daniel Stenberg (27 Apr 2021) -- ntlm: precaution against super huge type2 offsets - - ... which otherwise caused an integer overflow and circumvented the if() - conditional size check. - - Detected by OSS-Fuzz - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33720 - Assisted-by: Max Dymond - Closes #6975 - -- c-hyper: fix unused variable ‘wrote’ - -- libcurl-security.3: be careful of setuid - - Reported-by: Harry Sintonen - Closes #6970 - -- [Kevin Burke brought this change] - - c-hyper: don't write to set.writeheader if null - - Previously if a caller set CURLOPT_WRITEFUNCTION but did not set a - CURLOPT_HEADERDATA buffer, Hyper would still attempt to write headers to - the data->set.writeheader header buffer, even though it is null. This - led to NPE segfaults attempting to use libcurl+Hyper with Git, for - example. - - Instead, process the client write for the status line using the same - logic we use to process the client write for the later HTTP headers, - which contains the appropriate guard logic. As a side benefit, - data->set.writeheader is now only read in one file instead of two. - - Fixes #6619 - Fixes abetterinternet/crustls#49 - Fixes hyperium/hyper#2438 - Closes #6971 - -- wolfssl: handle SSL_write() returns 0 for error - - Reported-by: Timo Lange - - Closes #6967 - -- easy: ignore sigpipe in curl_easy_send - - Closes #6965 - -- sigpipe: ignore SIGPIPE when using wolfSSL as well - - Closes #6966 - -- libcurl-security.3: don't try to filter IPv4 hosts based on the URL - - Closes #6942 - -- [Harry Sintonen brought this change] - - nss_set_blocking: avoid static for sock_opt - - Reviewed-by: Kamil Dudka - Closes #6945 - -- RELEASE-NOTES: synced - -- [Yusuke Nakamura brought this change] - - docs/HTTP3.md: fix nghttp2's HTTP/3 server port - - Port 8443 does not work now. - Correct origin is in the quicwg's wiki. - https://github.com/quicwg/base-drafts/wiki/Implementations#ngtcp2 - - Closes #6964 - -- krb5: don't use 'static' to store PBSZ size response - - ... because it makes the knowledge and usage cross-transfer in funny and - unexpected ways. - - Reported-by: Harry Sintonen - Closes #6963 - -- [Kevin Burke brought this change] - - m4: add security frameworks on Mac when compiling rustls - - Previously compiling rustls on Mac would only complete if you also - compiled the SecureTransport TLS backend, which curl would prefer to - the Rust backend. - - Appending these flags to LDFLAGS makes it possible to compile the - Rustls backend on Mac without the SecureTransport backend, which means - this patch will make it possible for Mac users to use the Rustls - backend for TLS. - - Reviewed-by: Jacob Hoffman-Andrews - - Fixes #6955 - Cloes #6956 - -- krb5: remove the unused 'overhead' function - - Closes #6947 - -- [Johann150 brought this change] - - curl_url_set.3: add memory management information - - wording taken from man page for CURLOPT_URL.3 - - As far as I can see, the URL part is either malloc'ed before due to - encoding or it is strdup'ed. - - Closes #6953 - -- [Jacob Hoffman-Andrews brought this change] - - c-hpyer: fix handling of zero-byte chunk from hyper - - Closes #6951 - -- CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data - - Ref: https://curl.se/mail/lib-2021-04/0085.html - Closes #6943 - -- [Ralph Langendam brought this change] - - cmake: make libcurl output filename configurable - - Reviewed-by: Jakub Zakrzewski - Closes #6933 - -- [Patrick Monnerat brought this change] - - vtls: reset ssl use flag upon negotiation failure - - Fixes the segfault in ldaps disconnect. - - Reported-by: Illarion Taev - Fixes #6934 - Closes #6937 - -- configure: fix typo in TLS error message - - Reported-by: Pontus Lundkvist - -- README: link to the commercial support option - -Jay Satiro (22 Apr 2021) -- [Martin Halle brought this change] - - version: add gsasl_version to curl_version_info_data - - - Add gsasl_version string and bump to CURLVERSION_TENTH. - - Ref: https://curl.se/mail/lib-2021-04/0003.html - - Closes https://github.com/curl/curl/pull/6843 - -- [Morten Minde Neergaard brought this change] - - schannel: Support strong crypto option - - - Support enabling strong crypto via optional user cipher list when - USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list. - - MSDN says SCH_USE_STRONG_CRYPTO "Instructs Schannel to disable known - weak cryptographic algorithms, cipher suites, and SSL/TLS protocol - versions that may be otherwise enabled for better interoperability." - - Ref: https://curl.se/mail/lib-2021-02/0066.html - Ref: https://curl.se/docs/manpage.html#--ciphers - Ref: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html - Ref: https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred - - Closes https://github.com/curl/curl/pull/6734 - -Daniel Stenberg (22 Apr 2021) -- RELEASE-NOTES: synced - -- ci: adapt to configure requiring an explicit TLS choice - -- configure: split out each TLS library detector into its own function - - ... and put those functions in separate m4 files per TLS library. diff --git a/contrib/libs/curl/CMakeLists.darwin.txt b/contrib/libs/curl/CMakeLists.darwin.txt index bf9f98c1e2..29c86a358e 100644 --- a/contrib/libs/curl/CMakeLists.darwin.txt +++ b/contrib/libs/curl/CMakeLists.darwin.txt @@ -84,10 +84,10 @@ target_sources(contrib-libs-curl PRIVATE ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/getenv.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/getinfo.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/gopher.c + ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/h2h3.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hash.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hmac.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hostasyn.c - ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hostcheck.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hostip.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hostip4.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hostip6.c @@ -117,7 +117,6 @@ target_sources(contrib-libs-curl PRIVATE ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/mqtt.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/multi.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/netrc.c - ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/non-ascii.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/nonblock.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/openldap.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/parsedate.c @@ -176,6 +175,7 @@ target_sources(contrib-libs-curl PRIVATE ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vssh/libssh2.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vssh/wolfssh.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/bearssl.c + ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/hostcheck.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/keylog.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/mbedtls_threadlock.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/openssl.c @@ -183,7 +183,7 @@ target_sources(contrib-libs-curl PRIVATE ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/sectransp.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/vtls.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/wolfssl.c + ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/x509asn1.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/warnless.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/wildcard.c - ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/x509asn1.c ) diff --git a/contrib/libs/curl/CMakeLists.linux.txt b/contrib/libs/curl/CMakeLists.linux.txt index d18764c465..4a179f74cf 100644 --- a/contrib/libs/curl/CMakeLists.linux.txt +++ b/contrib/libs/curl/CMakeLists.linux.txt @@ -80,10 +80,10 @@ target_sources(contrib-libs-curl PRIVATE ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/getenv.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/getinfo.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/gopher.c + ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/h2h3.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hash.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hmac.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hostasyn.c - ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hostcheck.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hostip.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hostip4.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hostip6.c @@ -113,7 +113,6 @@ target_sources(contrib-libs-curl PRIVATE ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/mqtt.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/multi.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/netrc.c - ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/non-ascii.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/nonblock.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/openldap.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/parsedate.c @@ -172,6 +171,7 @@ target_sources(contrib-libs-curl PRIVATE ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vssh/libssh2.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vssh/wolfssh.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/bearssl.c + ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/hostcheck.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/keylog.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/mbedtls_threadlock.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/openssl.c @@ -179,7 +179,7 @@ target_sources(contrib-libs-curl PRIVATE ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/sectransp.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/vtls.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/wolfssl.c + ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vtls/x509asn1.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/warnless.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/wildcard.c - ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/x509asn1.c ) diff --git a/contrib/libs/curl/COPYING b/contrib/libs/curl/COPYING index 48f144758e..90f05adf25 100644 --- a/contrib/libs/curl/COPYING +++ b/contrib/libs/curl/COPYING @@ -1,6 +1,6 @@ COPYRIGHT AND PERMISSION NOTICE -Copyright (c) 1996 - 2021, Daniel Stenberg, <daniel@haxx.se>, and many +Copyright (c) 1996 - 2022, Daniel Stenberg, <daniel@haxx.se>, and many contributors, see the THANKS file. All rights reserved. diff --git a/contrib/libs/curl/RELEASE-NOTES b/contrib/libs/curl/RELEASE-NOTES index 6c9553bc64..b16e31f1eb 100644 --- a/contrib/libs/curl/RELEASE-NOTES +++ b/contrib/libs/curl/RELEASE-NOTES @@ -1,138 +1,191 @@ -curl and libcurl 7.81.0 +curl and libcurl 7.82.0 - Public curl releases: 205 - Command line options: 244 + Public curl releases: 206 + Command line options: 245 curl_easy_setopt() options: 295 Public functions in libcurl: 86 - Contributors: 2558 + Contributors: 2597 This release includes the following changes: - o mime: use percent-escaping for multipart form field and file names [1] + o curl: add --json [67] + o mesalink: remove support [23] This release includes the following bugfixes: - o asyn-ares: ares_getaddrinfo needs no happy eyeballs timer [73] - o azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper [12] - o BINDINGS: add cURL client for PostgreSQL [68] - o BINDINGS: add one from Everything curl and update a link - o checksrc: detect more kinds of NULL comparisons we avoid [105] - o CI: build examples for additional code verification [75] - o CI: bump job to use mbedtls 3.1.0 [90] - o cmake: don't set _USRDLL on a static Windows build [22] - o cmake: prevent dev warning due to mismatched arg [94] - o cmake: private identifiers use CURL_ instead of CMAKE_ prefix [40] - o config.d: update documentation to match the path search - o configure: add -lm to configure for rustls build. [13] - o configure: better diagnostics if hyper is built wrong [6] - o configure: don't enable TLS when --without-* flags are used [17] - o configure: fix runtime-lib detection on macOS [21] - o curl.1: require "see also" for every documented option [27] - o curl: improve error message for --head with -J [42] - o curl_easy_cleanup.3: remove from multi handle first [3] - o curl_easy_escape.3: call curl_easy_cleanup in example [58] - o curl_easy_unescape.3: call curl_easy_cleanup in example [57] - o curl_multi_init.3: fix EXAMPLE formatting - o curl_multi_perform/socket_action.3: clarify what errors mean [70] - o curl_share_setopt.3: split out options into their own manpages [14] - o CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL [51] - o digest: compute user:realm:pass digest w/o userhash [45] - o docs/checksrc: Add documentation for STRERROR [18] - o docs/cmdline-opts: do not say "protocols: all" [26] - o docs/examples: workaround broken -Wno-pedantic-ms-format - o docs/HTTP3: describe how to setup a h3 reverse-proxy for testing [88] - o docs/INSTALL.md: typo fix : added missing "get" verb [31] - o docs/URL-SYNTAX.md: space is not fine in a given URL - o docs: add known bugs list to HTTP3.md [83] - o docs: address proselint nits [16] - o docs: consistent manpage SYNOPSIS [47] - o docs: fix dead links, remove ECH.md - o docs: fix typo in OpenSSL 3 build instructions [80] - o docs: Update the Reducing Size section - o example/progressfunc: remove code for old libcurls [78] - o examples/multi-single.c: remove WAITMS() [98] - o FAQ: typo fix : "yout" ➤ "your" [30] - o ftp: disable warning 4706 in MSVC [85] - o gen.pl: improve example output format [29] - o github workflow: add wolfssl (removed from zuul) [103] - o github/workflows: add mbedtls and mbedtls-clang (removed from zuul) [92] - o gtls: check return code for gnutls_alpn_set_protocols [86] - o hash: lazy-alloc the table in Curl_hash_add() [54] - o http2:set_transfer_url() return early on OOM [53] - o HTTP3: update quiche build instructions [37] - o http: enable haproxy support for hyper backend [20] - o http: Fix CURLOPT_HTTP200ALIASES [89] - o http_proxy: don't close the socket (too early) [100] - o insecure.d: detail its use for SFTP and SCP as well [32] - o insecure.d: expand and clarify [28] - o libcurl-multi.3: "SOCKS proxy handshakes" are not blocking - o libcurl-security.3: mention address and URL mitigations - o libssh2: fix error message for sha256 mismatch - o libtest: avoid "assignment within conditional expression" [84] - o lift: ignore is a deprecated config option, use ignoreRules [35] - o linkcheck.yml: add CI job that checks markdown links [82] - o m4/curl-compilers: tell clang -Wno-pointer-bool-conversion [99] - o Makefile.m32: rename -winssl option to -schannel and tidy up [33] - o mbedTLS: add support for CURLOPT_CAINFO_BLOB [44] - o mbedtls: fix CURLOPT_SSLCERT_BLOB [72] - o mbedtls: fix private member designations for v3.1.0 [93] - o misc: remove unused doh flags when CURL_DISABLE_DOH is defined [71] - o misc: s/e-mail/email [74] - o multi: cleanup the socket hash when destroying it [55] - o multi: handle errors returned from socket/timer callbacks [52] - o multi: shut down CONNECT in Curl_detach_connnection [2] - o netrc.d: edit the .netrc example to look nicer [24] - o ngtcp2: verify the server cert on connect (quictls) [102] - o ngtcp2: verify the server certificate for the gnutls case [101] - o nss:set_cipher don't clobber the cipher list [38] - o openldap: implement STARTTLS [56] - o openldap: process search query response messages one by one [50] - o openldap: several minor improvements [69] - o openldap: simplify ldif generation code [77] - o openssl: check the return value of BIO_new() [43] - o openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+ - o openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable - o openssl: remove usage of deprecated `SSL_get_peer_certificate` - o openssl: use non-deprecated API to read key parameters - o page-footer: add a mention of how to report bugs to the man page - o page-footer: document more environment variables [23] - o request.d: refer to 'method' rather than 'command' [59] - o retry-all-errors.d: make the example complete - o runtests: make the SSH library a testable feature - o rustls: read of zero bytes might be okay [9] - o rustls: remove comment about checking handshaking [15] - o rustls: remove incorrect EOF check [10] - o sha256/md5: return errors when init fails [79] - o socks5: use appropriate ATYP for numerical IP address host names [91] - o test1156: enable for hyper [65] - o test1156: fixup the stdout check for Windows [60] - o test1525: tweaked for hyper [64] - o test1526: enable for hyper [63] - o test1527: enable for hyper [62] - o test1528: enable for hyper [61] - o test1554: adjust for hyper [49] - o test1556: adjust for hyper [48] - o test302[12]: run only with the libssh2 backend [8] - o test661: enable for hyper [66] - o tests/CI.md: add more information on CI environments [39] - o tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256 [76] - o tftp: mark protocol as not possible to do over CONNECT [25] - o tool_findfile: updated search for a file in the homedir [46] - o tool_operate: only set SSH related libcurl options for SSH URLs [11] - o tool_operate: warn if too many output arguments were found [87] - o url.c: fix the SIGPIPE comment for Curl_close [4] - o url: check ssl_config when re-use proxy connection [81] - o url: reduce ssl backend count for CURL_DISABLE_PROXY builds [96] - o urlapi: accept port number zero [34] - o urlapi: if possible, shorten given numerical IPv6 addresses [95] - o urlapi: provide more detailed return codes [36] - o urlapi: reject short file URLs [41] - o version_win32: Check build number and platform id - o vtls/rustls: adapt to the updated rustls_version proto [19] - o writeout: fix %{http_version} for HTTP/3 [7] - o x509asn1: return early on errors [67] - o zuul.d: update rustls-ffi to version 0.8.2 [5] - o zuul: fix quiche build pointing to wrong Cargo [104] + o appveyor: update images from VS 2019 to 2022 + o appveyor: use VS 2017 image for the autotools builds + o azure-pipelines: add a build on Windows with libssh [154] + o bearssl: fix connect error on expired cert and no verify [132] + o bearssl: fix EXC_BAD_ACCESS on incomplete CA cert [131] + o bearssl: fix session resumption (session id) [133] + o build: enable -Warith-conversion + o build: fix -Wenum-conversion handling + o build: fix ngtcp2 crypto library detection [63] + o checkprefix: remove strlen calls [128] + o checksrc: fix typo in comment [34] + o CI: move 'distcheck' job from zuul to azure pipelines [60] + o CI: move scan-build job from Zuul to Azure Pipelines [59] + o CI: move the NSS job from zuul to GHA [84] + o ci: move the OpenSSL + c-ares job from Zuul to Circle CI [75] + o CI: move the rustls CI job to GHA from Zuul [8] + o CI: move two jobs from Zuul to Circle CI [73] + o CI: test building wolfssl with --enable-opensslextra [42] + o CI: workflows/wolfssl: install impacket [47] + o circleci: add a job using libssh [121] + o cirlceci: also run a c-ares job on arm with debug enabled [74] + o cmake: fix iOS CMake project generation error [13] + o cmdline-opts/gen.pl: fix option matching to improve references [50] + o config.d: Clarify _curlrc filename is still valid on Windows [95] + o configure.ac: use user-specified gssapi dir when using pkg-config [136] + o configure: change output for cross-compiled alt-svc support [140] + o configure: fix '--enable-code-coverage' typo [110] + o configure: remove support for "embedded ares" [82] + o configure: requires --with-nss-deprecated to build with NSS [114] + o configure: set CURL_LIBRARY_PATH for nghttp2 [58] + o configure: support specification of a nghttp2 library path [101] + o configure: use correct CFLAGS for threaded resolver with xlC on AIX [54] + o curl tool: erase some more sensitive command line arguments [22] + o curl-functions.m4: fix LIBRARY_PATH adjustment to avoid eval [5] + o curl-functions.m4: revert DYLD_LIBRARY_PATH tricks in CURL_RUN_IFELSE [9] + o curl-openssl: fix SRP check for OpenSSL 3.0 [86] + o curl-openssl: remove the OpenSSL headers and library versions check [35] + o curl.h: fix typo [129] + o curl: remove "separators" (when using globbed URLs) [32] + o curl_getdate.3: remove pointless .PP line [68] + o curl_multi_socket.3: remove callback and typical usage descriptions [7] + o curl_url_set.3: mention when CURLU_ALLOW_SPACE was added + o CURLMOPT_TIMERFUNCTION/DATA.3: fix the examples [27] + o CURLOPT_PROGRESSFUNCTION.3: fix example struct assignment [147] + o CURLOPT_RESOLVE.3: change example port to 443 + o CURLOPT_XFERINFOFUNCTION.3: fix example struct assignment [153] + o CURLOPT_XFERINFOFUNCTION.3: fix typo in example [81] + o CURLSHOPT_LOCKFUNC.3: fix typo "relased" -> "released" [71] + o des: fix compile break for OpenSSL without DES [141] + o docs/cmdline-opts: add "mutexed" options for more http versions [25] + o docs/DEPRECATE: remove NPN support in August 2022 [64] + o docs: capitalize the name 'Netscape' [77] + o docs: document HTTP/2 not insisting on TLS 1.2 [49] + o docs: fix mandoc -T lint formatting complaints [2] + o docs: update IETF links to use datatracker [41] + o examples/curlx: support building with OpenSSL 1.1.0+ [148] + o examples/multi-app.c: call curl_multi_remove_handle as well [19] + o formdata: avoid size_t => long typecast overflows [37] + o ftp: provide error message for control bytes in path [66] + o gen.pl: terminate "example" sections better [4] + o gha: add a macOS CI job with libssh [142] + o gskit: Convert to using Curl_poll [111] + o gskit: Fix errors from Curl_strerror refactor [113] + o gskit: Fix initialization of Curl_ssl_gskit struct [112] + o h2/h3: allow CURLOPT_HTTPHEADER change ":scheme" [88] + o hostcheck: fixed to not touch used input strings [38] + o hostcheck: reduce strlen calls on chained certificates [92] + o hostip: avoid unused parameter error in Curl_resolv_check [144] + o http2: move two infof calls to debug-h2-only [145] + o http: make Curl_compareheader() take string length arguments too [87] + o if2ip: make Curl_ipv6_scope a blank macro when IPv6-disabled [104] + o KNOWN_BUGS: fix typo "libpsl" + o ldap: return CURLE_URL_MALFORMAT for bad URL [24] + o lib: remove support for CURL_DOES_CONVERSIONS [96] + o libssh2: don't typecast socket to int for libssh2_session_handshake [151] + o libssh: fix include files and defines use for Windows builds [156] + o Makefile.am: Generate VS 2022 projects + o maketgz: return error if 'make dist' fails [79] + o mbedtls: enable use of mbedtls without CRL support [57] + o mbedtls: enable use of mbedtls without filesystem functions support [100] + o mbedtls: fix CURLOPT_SSLCERT_BLOB (again) + o mbedtls: fix ssl_init error with mbedTLS 3.1.0+ [12] + o mbedtls: remove #include <mbedtls/certs.h> [56] + o mbedtls: return CURLcode result instead of a mbedtls error code [1] + o md5: check md5_init_func return value + o mime: use a define instead of the magic number 24 [89] + o misc: allow curl to build with wolfssl --enable-opensslextra [43] + o misc: remove BeOS code and references [30] + o misc: remove the final watcom references [29] + o misc: remove unused data when IPv6 is not supported [80] + o mqtt: free 'sendleftovers' in disconnect [115] + o mqtt: free any send leftover data when done [36] + o multi: allow user callbacks to call curl_multi_assign [126] + o multi: grammar fix in comment [69] + o multi: remember connection_id before returning connection to pool [76] + o multi: set in_callback for multi interface callbacks [28] + o netware: remove support [72] + o next.d. remove .fi/.nf as they are handled by gen.pl [3] + o ngtcp2: adapt to changed end of headers callback proto [39] + o ngtcp2: fix declaration of ‘result’ shadows a previous local [14] + o ngtcp2: Reset dynbuf when it is fully drained [143] + o nss: handshake callback during shutdown has no conn->bundle [55] + o ntlm: remove unused feature defines [117] + o openldap: fix compiler warning when built without SSL support [70] + o openldap: implement SASL authentication [16] + o openldap: pass string length arguments to client_write() [116] + o openssl.h: avoid including OpenSSL headers here [15] + o openssl: check if sessionid flag is enabled before retrieving session [125] + o openssl: check SSL_get_ex_data to prevent potential NULL dereference [40] + o openssl: check the return value of BIO_new_mem_buf() [18] + o openssl: fix `ctx_option_t` for OpenSSL v3+ + o openssl: fix build for version < 1.1.0 [134] + o openssl: return error if TLS 1.3 is requested when not supported [45] + o os400: Add function wrapper for system command [138] + o os400: Add link to QADRT devkit to README.OS400 [137] + o os400: Default build to target current release [139] + o OS400: fix typos in rpg include file [149] + o projects: add support for Visual Studio 17 (2022) [124] + o projects: fix Visual Studio wolfSSL configurations + o projects: remove support for MSVC before VC10 (Visual Studio 2010) [123] + o quiche: after leaving h3_recving state, poll again [108] + o quiche: change qlog file extension to `.sqlog` [44] + o quiche: fix upload for bigger content-length [146] + o quiche: handle stream reset [83] + o quiche: remove two leftover debug infof() outputs + o quiche: verify the server cert on connect [33] + o quiche: when *recv_body() returns data, drain it before polling again [109] + o README.md: fix links [118] + o remote-header-name.d: clarify [10] + o runtests.pl: disable debuginfod [51] + o runtests.pl: properly print the test if it contains binary zeros + o runtests.pl: support the nonewline attribute for the data part [21] + o runtests.pl: tolerate test directories without Makefile.inc [98] + o runtests: allow client/file to specify multiple directories + o runtests: make 'rustls' a testable feature + o runtests: make 'wolfssl' a testable feature [6] + o runtests: set 'oldlibssh' for libssh versions before 0.9.5 [122] + o rustls: add CURLOPT_CAINFO_BLOB support [26] + o schannel: move the algIds array out of schannel.h [135] + o scripts/cijobs.pl: output data about all currect CI jobs [78] + o scripts/completion.pl: improve zsh completion [46] + o scripts/copyright.pl: support many provided file names on the cmdline + o scripts/delta: check the file delta for current branch + o sectransp: mark a 3DES cipher as weak [130] + o setopt: do bounds-check before strdup [99] + o setopt: fix the TLSAUTH #ifdefs for proxy-disabled builds [53] + o sha256: Fix minimum OpenSSL version [102] + o smb: pass socket for writing and reading data instead of FIRSTSOCKET [90] + o ssl: reduce allocated space for ssl backend when FTP is disabled [127] + o test3021: disable all msys2 path transformation + o test374: gif data without new line at the end [20] + o tests/disable-scan.pl: properly detect multiple symbols per line [94] + o tests/unit/Makefile.am: add NSS_LIBS to build with NSS fine [85] + o tool_findfile: check ~/.config/curlrc too [17] + o tool_getparam: DNS options that need c-ares now fail without it [31] + o TPF: drop support [97] + o unit1610: init SSL library before calling SHA256 functions [152] + o url: exclude zonefrom_url when no ipv6 is available [103] + o url: given a user in the URL, find pwd for that user in netrc [11] + o url: keep trailing dot in host name [62] + o url: make Curl_disconnect return void [48] + o urlapi: handle "redirects" smarter [119] + o urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled [52] + o urldata: remove conn->bits.user_passwd [105] + o version_win32: fix warning for `CURL_WINDOWS_APP` [93] + o vtls: fix socket check conditions [150] + o vtls: pass on the right SNI name [61] + o vxworks: drop support [65] + o winbuild: add parameter WITH_SSH [120] + o wolfssl: return CURLE_AGAIN for the SSL_ERROR_NONE case [106] + o wolfssl: when SSL_read() returns zero, check the error [107] + o write-out.d: Fix num_headers formatting + o x509asn1: toggle off functions not needed for diff tls backends [91] This release includes the following known bugs: @@ -141,124 +194,179 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Alessandro Ghedini, Bernat Mut, Bernhard Walle, Boris Rasin, - Brad Fitzpatrick, Bruno Baguette, Damien Walsh, Dan Fandrich, - Daniel Stenberg, David Bohman, Don J Olmstead, Eric Musser, Even Rouault, - Florian Van Heghe, gclinch on github, Glenn Strauss, Jacob Hoffman-Andrews, - James Fuller, Jeff Luszcz, jeffrson on github, Jun Tseng, Kevin Burke, - Leszek Kubik, lllaffer on github, Marcelo Juchem, Marcel Raad, Marc Hörsken, - Mark Dodgson, Matt Holt, Melroy van den Berg, MichaÅ‚ Antoniak, - Nicolas Sterchele, nimaje on github, Patrick Monnerat, Paul Howarth, - Peter Piekarski, Ray Satiro, RekGRpth on github, Rikard Falkeborn, - Ryan Sleevi, Stan Hu, Stefan Eissing, Stefan Huber, Stephane Pellegrino, - Stephen M. Coakley, Tobias Nießen, Valentin Richter, Viktor Szakats, - Vincent Grande, Vladimir Panteleev, Wyatt O'Day, x2018 on github, - Yongkang Huang, - (53 contributors) + 1337vt on github, Alejandro R. Sedeño, Alessandro Ghedini, Antoine Pietri, + Bernhard Walle, Bjarni Ingi Gislason, Cameron Will, Charles Cazabon, + coralw on github, Dan Fandrich, Daniel Stenberg, Davide Cassioli, + Eric Musser, Fabian Keil, Fabian Yamaguchi, Farzin on github, Filip Lundgren, + gaoxingwang on github, Harry Sarson, Henrik Holst, Ikko Ashimine, + illusory-dream on github, Jan Ehrhardt, Jan-Piet Mens, Jan Venekamp, + Jean-Philippe Menil, jhoyla on github, Jim Beveridge, Joel Depooter, + John H. Ayad, jonny112 on github, Kantanat Wannapaka, Kevin Adler, + Kushal Das, Leah Neukirchen, Lucas Pardue, luminixinc on github, + Manfred Schwarb, Marcel Raad, Melroy van den Berg, Michael Kaufmann, + Michael Wallner, MichaÅ‚ Antoniak, Neal McBurnett, neutric on github, + Niels Martignène, Patrick Monnerat, pheiduck on github, Ray Satiro, + Rob Boeckermann, Ryan Schmidt, Samuel Henrique, Sandro Jaeckel, + Satadru Pramanik, Sebastian Sterk, siddharthchhabrap on github, Stav Nir, + Stefan Eissing, Stephen Boost, Stephen M. Coakley, Stewart Gebbie, + Tatsuhiro Tsujikawa, updatede on github, Viktor Szakats, vl409 on github, + Xiaoke Wang, æ¢¦ç»ˆæ— ç—• + (67 contributors) References to bug reports and discussions on issues: - [1] = https://curl.se/bug/?i=7789 - [2] = https://curl.se/bug/?i=7982 - [3] = https://curl.se/bug/?i=7983 - [4] = https://curl.se/bug/?i=7984 - [5] = https://curl.se/bug/?i=8013 - [6] = https://curl.se/bug/?i=8001 - [7] = https://curl.se/bug/?i=8072 - [8] = https://curl.se/bug/?i=8009 - [9] = https://curl.se/bug/?i=8003 - [10] = https://curl.se/bug/?i=8003 - [11] = https://curl.se/bug/?i=8040 - [12] = https://curl.se/bug/?i=8006 - [13] = https://curl.se/bug/?i=8002 - [14] = https://curl.se/bug/?i=7998 - [15] = https://curl.se/bug/?i=8038 - [16] = https://curl.se/bug/?i=8060 - [17] = https://curl.se/bug/?i=7994 - [18] = https://curl.se/bug/?i=7991 - [19] = https://curl.se/bug/?i=7956 - [20] = https://curl.se/bug/?i=8034 - [21] = https://curl.se/bug/?i=8028 - [22] = https://curl.se/bug/?i=8030 - [23] = https://curl.se/bug/?i=8027 - [24] = https://curl.se/bug/?i=8025 - [25] = https://curl.se/bug/?i=8018 - [26] = https://curl.se/bug/?i=8021 - [27] = https://curl.se/bug/?i=8019 - [28] = https://curl.se/bug/?i=8017 - [29] = https://curl.se/bug/?i=8016 - [30] = https://curl.se/bug/?i=8059 - [31] = https://curl.se/bug/?i=8058 - [32] = https://curl.se/bug/?i=8056 - [33] = https://curl.se/bug/?i=8053 - [34] = https://curl.se/bug/?i=8090 - [35] = https://curl.se/bug/?i=8082 - [36] = https://curl.se/bug/?i=8049 - [37] = https://curl.se/bug/?i=8076 - [38] = https://curl.se/bug/?i=8160 - [39] = https://curl.se/bug/?i=8012 - [40] = https://curl.se/bug/?i=7988 - [41] = https://curl.se/bug/?i=8042 - [42] = https://curl.se/bug/?i=7987 - [43] = https://curl.se/bug/?i=8078 - [44] = https://curl.se/bug/?i=8071 - [45] = https://curl.se/bug/?i=8066 - [46] = https://curl.se/bug/?i=8033 - [47] = https://curl.se/bug/?i=8062 - [48] = https://curl.se/bug/?i=8105 - [49] = https://curl.se/bug/?i=8104 - [50] = https://curl.se/bug/?i=8101 - [51] = https://curl.se/bug/?i=8103 - [52] = https://curl.se/bug/?i=8083 - [53] = https://curl.se/bug/?i=8100 - [54] = https://curl.se/bug/?i=8132 - [55] = https://curl.se/bug/?i=8129 - [56] = https://curl.se/bug/?i=8065 - [57] = https://curl.se/bug/?i=8097 - [58] = https://curl.se/bug/?i=8097 - [59] = https://curl.se/bug/?i=8094 - [60] = https://curl.se/bug/?i=8134 - [61] = https://curl.se/bug/?i=8128 - [62] = https://curl.se/bug/?i=8128 - [63] = https://curl.se/bug/?i=8128 - [64] = https://curl.se/bug/?i=8128 - [65] = https://curl.se/bug/?i=8127 - [66] = https://curl.se/bug/?i=8126 - [67] = https://curl.se/bug/?i=8147 - [68] = https://curl.se/bug/?i=8125 - [69] = https://curl.se/bug/?i=8140 - [70] = https://curl.se/bug/?i=8120 - [71] = https://curl.se/bug/?i=8148 - [72] = https://curl.se/bug/?i=8146 - [73] = https://curl.se/bug/?i=8142 - [74] = https://curl.se/bug/?i=8159 - [75] = https://curl.se/bug/?i=7922 - [76] = https://curl.se/bug/?i=8084 - [77] = https://curl.se/bug/?i=8136 - [78] = https://curl.se/bug/?i=8137 - [79] = https://curl.se/bug/?i=8133 - [80] = https://curl.se/bug/?i=8162 - [81] = https://curl.se/bug/?i=8141 - [82] = https://curl.se/bug/?i=8158 - [83] = https://curl.se/bug/?i=8156 - [84] = https://curl.se/bug/?i=8218 - [85] = https://curl.se/bug/?i=8218 - [86] = https://curl.se/bug/?i=8181 - [87] = https://curl.se/bug/?i=8210 - [88] = https://curl.se/bug/?i=8177 - [89] = https://curl.se/bug/?i=8171 - [90] = https://curl.se/bug/?i=8215 - [91] = https://curl.se/bug/?i=8216 - [92] = https://curl.se/bug/?i=8215 - [93] = https://curl.se/bug/?i=8214 - [94] = https://curl.se/bug/?i=8207 - [95] = https://curl.se/bug/?i=8206 - [96] = https://curl.se/bug/?i=8212 - [98] = https://curl.se/bug/?i=8200 - [99] = https://curl.se/bug/?i=8197 - [100] = https://curl.se/bug/?i=8193 - [101] = https://curl.se/bug/?i=8178 - [102] = https://curl.se/bug/?i=8178 - [103] = https://curl.se/bug/?i=8196 - [104] = https://curl.se/bug/?i=8184 - [105] = https://curl.se/bug/?i=8180 + [1] = https://curl.se/bug/?i=8266 + [2] = https://curl.se/bug/?i=8228 + [3] = https://curl.se/bug/?i=8228 + [4] = https://curl.se/bug/?i=8228 + [5] = https://curl.se/bug/?i=8229 + [6] = https://curl.se/bug/?i=8252 + [7] = https://curl.se/bug/?i=8262 + [8] = https://curl.se/bug/?i=8251 + [9] = https://curl.se/bug/?i=8229 + [10] = https://curl.se/bug/?i=8249 + [11] = https://curl.se/bug/?i=8241 + [12] = https://curl.se/bug/?i=8238 + [13] = https://curl.se/bug/?i=8244 + [14] = https://curl.se/bug/?i=8245 + [15] = https://curl.se/bug/?i=8240 + [16] = https://curl.se/bug/?i=8152 + [17] = https://curl.se/bug/?i=8208 + [18] = https://curl.se/bug/?i=8233 + [19] = https://curl.se/bug/?i=8234 + [20] = https://curl.se/bug/?i=8239 + [21] = https://curl.se/bug/?i=8239 + [22] = https://curl.se/bug/?i=7964 + [23] = https://curl.se/bug/?i=8188 + [24] = https://curl.se/bug/?i=8170 + [25] = https://curl.se/bug/?i=8254 + [26] = https://curl.se/bug/?i=8255 + [27] = https://curl.se/bug/?i=8286 + [28] = https://curl.se/bug/?i=8282 + [29] = https://curl.se/bug/?i=8287 + [30] = https://curl.se/bug/?i=8288 + [31] = https://curl.se/bug/?i=8285 + [32] = https://curl.se/bug/?i=8278 + [33] = https://curl.se/bug/?i=8173 + [34] = https://curl.se/bug/?i=8281 + [35] = https://curl.se/bug/?i=8279 + [36] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43515 + [37] = https://hackerone.com/reports/1444539 + [38] = https://curl.se/bug/?i=8321 + [39] = https://curl.se/bug/?i=8322 + [40] = https://curl.se/bug/?i=8268 + [41] = https://curl.se/bug/?i=8317 + [42] = https://curl.se/bug/?i=8315 + [43] = https://curl.se/bug/?i=8292 + [44] = https://curl.se/bug/?i=8316 + [45] = https://curl.se/bug/?i=8309 + [46] = https://curl.se/bug/?i=8363 + [47] = https://curl.se/bug/?i=8307 + [48] = https://curl.se/bug/?i=8303 + [49] = https://curl.se/bug/?i=8235 + [50] = https://curl.se/bug/?i=8299 + [51] = https://curl.se/bug/?i=8291 + [52] = https://curl.se/bug/?i=8350 + [53] = https://curl.se/bug/?i=8350 + [54] = https://curl.se/bug/?i=8276 + [55] = https://curl.se/bug/?i=8341 + [56] = https://curl.se/bug/?i=8343 + [57] = https://curl.se/bug/?i=8344 + [58] = https://curl.se/bug/?i=8340 + [59] = https://curl.se/bug/?i=8338 + [60] = https://curl.se/bug/?i=8334 + [61] = https://curl.se/bug/?i=8320 + [62] = https://curl.se/bug/?i=8290 + [63] = https://curl.se/bug/?i=8372 + [64] = https://curl.se/bug/?i=8458 + [65] = https://curl.se/bug/?i=8362 + [66] = https://curl.se/bug/?i=8460 + [67] = https://curl.se/bug/?i=8314 + [68] = https://curl.se/bug/?i=8365 + [69] = https://curl.se/bug/?i=8368 + [70] = https://curl.se/bug/?i=8367 + [71] = https://curl.se/bug/?i=8364 + [72] = https://curl.se/bug/?i=8358 + [73] = https://curl.se/bug/?i=8359 + [74] = https://curl.se/bug/?i=8357 + [75] = https://curl.se/bug/?i=8357 + [76] = https://hackerone.com/reports/1463013 + [77] = https://curl.se/bug/?i=8354 + [78] = https://curl.se/bug/?i=8408 + [79] = https://curl.se/mail/lib-2022-02/0070.html + [80] = https://curl.se/bug/?i=8430 + [81] = https://curl.se/bug/?i=8487 + [82] = https://curl.se/bug/?i=8397 + [83] = https://curl.se/bug/?i=8437 + [84] = https://curl.se/bug/?i=8396 + [85] = https://curl.se/bug/?i=8396 + [86] = https://curl.se/bug/?i=8394 + [87] = https://curl.se/bug/?i=8391 + [88] = https://curl.se/bug/?i=8381 + [89] = https://curl.se/bug/?i=8441 + [90] = https://curl.se/bug/?i=8383 + [91] = https://curl.se/bug/?i=8386 + [92] = https://curl.se/bug/?i=8428 + [93] = https://curl.se/bug/?i=8385 + [94] = https://curl.se/bug/?i=8384 + [95] = https://curl.se/bug/?i=8382 + [96] = https://curl.se/bug/?i=8378 + [97] = https://curl.se/bug/?i=8378 + [98] = https://curl.se/bug/?i=8379 + [99] = https://curl.se/bug/?i=8377 + [100] = https://curl.se/bug/?i=8376 + [101] = https://curl.se/bug/?i=8375 + [102] = https://curl.se/bug/?i=8464 + [103] = https://curl.se/bug/?i=8439 + [104] = https://curl.se/bug/?i=8439 + [105] = https://curl.se/bug/?i=8449 + [106] = https://curl.se/bug/?i=8431 + [107] = https://curl.se/bug/?i=8431 + [108] = https://curl.se/bug/?i=8436 + [109] = https://curl.se/bug/?i=8429 + [110] = https://curl.se/bug/?i=8425 + [111] = https://curl.se/bug/?i=8454 + [112] = https://curl.se/bug/?i=8454 + [113] = https://curl.se/bug/?i=8454 + [114] = https://curl.se/bug/?i=8395 + [115] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43646 + [116] = https://curl.se/bug/?i=8404 + [117] = https://curl.se/bug/?i=8453 + [118] = https://curl.se/bug/?i=8448 + [119] = https://curl.se/bug/?i=8450 + [120] = https://curl.se/bug/?i=8514 + [121] = https://curl.se/bug/?i=8444 + [122] = https://curl.se/bug/?i=8444 + [123] = https://curl.se/bug/?i=8442 + [124] = https://curl.se/bug/?i=8438 + [125] = https://curl.se/bug/?i=8472 + [126] = https://curl.se/bug/?i=8480 + [127] = https://curl.se/bug/?i=8471 + [128] = https://curl.se/bug/?i=8481 + [129] = https://curl.se/bug/?i=8482 + [130] = https://curl.se/bug/?i=8479 + [131] = https://curl.se/bug/?i=8476 + [132] = https://curl.se/bug/?i=8475 + [133] = https://curl.se/bug/?i=8474 + [134] = https://curl.se/bug/?i=8470 + [135] = https://curl.se/bug/?i=8469 + [136] = https://curl.se/bug/?i=8289 + [137] = https://curl.se/bug/?i=8455 + [138] = https://curl.se/bug/?i=8455 + [139] = https://curl.se/bug/?i=8455 + [140] = https://curl.se/bug/?i=8512 + [141] = https://curl.se/bug/?i=8459 + [142] = https://curl.se/bug/?i=8513 + [143] = https://curl.se/bug/?i=7351 + [144] = https://curl.se/bug/?i=8505 + [145] = https://curl.se/bug/?i=8502 + [146] = https://curl.se/bug/?i=8421 + [147] = https://curl.se/bug/?i=8500 + [148] = https://curl.se/bug/?i=8529 + [149] = https://curl.se/bug/?i=8494 + [150] = https://curl.se/bug/?i=8493 + [151] = https://curl.se/bug/?i=8492 + [152] = https://curl.se/bug/?i=8538 + [153] = https://curl.se/bug/?i=8519 + [154] = https://curl.se/bug/?i=8511 + [156] = https://curl.se/mail/lib-2022-02/0131.html diff --git a/contrib/libs/curl/include/curl/curl.h b/contrib/libs/curl/include/curl/curl.h index 7b69ce2d67..2e260d5168 100644 --- a/contrib/libs/curl/include/curl/curl.h +++ b/contrib/libs/curl/include/curl/curl.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -73,8 +73,7 @@ defined(ANDROID) || defined(__ANDROID__) || defined(__OpenBSD__) || \ defined(__CYGWIN__) || defined(AMIGA) || defined(__NuttX__) || \ (defined(__FreeBSD_version) && (__FreeBSD_version < 800000)) || \ - (defined(__MidnightBSD_version) && (__MidnightBSD_version < 100000)) || \ - defined(__VXWORKS__) + (defined(__MidnightBSD_version) && (__MidnightBSD_version < 100000)) #include <sys/select.h> #endif @@ -82,14 +81,10 @@ #include <sys/socket.h> #endif -#if !defined(CURL_WIN32) && !defined(__WATCOMC__) && !defined(__VXWORKS__) +#if !defined(CURL_WIN32) #include <sys/time.h> #endif -#ifdef __BEOS__ -#include <support/SupportDefs.h> -#endif - /* Compatibility for non-Clang compilers */ #ifndef __has_declspec_attribute # define __has_declspec_attribute(x) 0 @@ -529,10 +524,6 @@ typedef enum { CURLE_UPLOAD_FAILED, /* 25 - failed upload "command" */ CURLE_READ_ERROR, /* 26 - couldn't open/read from file */ CURLE_OUT_OF_MEMORY, /* 27 */ - /* Note: CURLE_OUT_OF_MEMORY may sometimes indicate a conversion error - instead of a memory allocation error if CURL_DOES_CONVERSIONS - is defined - */ CURLE_OPERATION_TIMEDOUT, /* 28 - the timeout time was reached */ CURLE_OBSOLETE29, /* 29 - NOT USED */ CURLE_FTP_PORT_FAILED, /* 30 - FTP PORT operation failed */ @@ -569,7 +560,7 @@ typedef enum { CURLE_PEER_FAILED_VERIFICATION, /* 60 - peer's certificate or fingerprint wasn't verified fine */ CURLE_BAD_CONTENT_ENCODING, /* 61 - Unrecognized/bad encoding */ - CURLE_LDAP_INVALID_URL, /* 62 - Invalid LDAP URL */ + CURLE_OBSOLETE62, /* 62 - NOT IN USE since 7.82.0 */ CURLE_FILESIZE_EXCEEDED, /* 63 - Maximum file size exceeded */ CURLE_USE_SSL_FAILED, /* 64 - Requested FTP SSL level failed */ CURLE_SEND_FAIL_REWIND, /* 65 - Sending the data requires a rewind @@ -585,11 +576,7 @@ typedef enum { CURLE_REMOTE_FILE_EXISTS, /* 73 - File already exists */ CURLE_TFTP_NOSUCHUSER, /* 74 - No such user */ CURLE_CONV_FAILED, /* 75 - conversion failed */ - CURLE_CONV_REQD, /* 76 - caller must register conversion - callbacks using curl_easy_setopt options - CURLOPT_CONV_FROM_NETWORK_FUNCTION, - CURLOPT_CONV_TO_NETWORK_FUNCTION, and - CURLOPT_CONV_FROM_UTF8_FUNCTION */ + CURLE_OBSOLETE76, /* 76 - NOT IN USE since 7.82.0 */ CURLE_SSL_CACERT_BADFILE, /* 77 - could not load CACERT file, missing or wrong format */ CURLE_REMOTE_FILE_NOT_FOUND, /* 78 - remote file not found */ @@ -683,13 +670,13 @@ typedef enum { /* The following were added earlier */ #define CURLE_OPERATION_TIMEOUTED CURLE_OPERATION_TIMEDOUT - #define CURLE_HTTP_NOT_FOUND CURLE_HTTP_RETURNED_ERROR #define CURLE_HTTP_PORT_FAILED CURLE_INTERFACE_FAILED #define CURLE_FTP_COULDNT_STOR_FILE CURLE_UPLOAD_FAILED - #define CURLE_FTP_PARTIAL_FILE CURLE_PARTIAL_FILE #define CURLE_FTP_BAD_DOWNLOAD_RESUME CURLE_BAD_DOWNLOAD_RESUME +#define CURLE_LDAP_INVALID_URL CURLE_OBSOLETE62 +#define CURLE_CONV_REQD CURLE_OBSOLETE76 /* This was the error code 50 in 7.7.3 and a few earlier versions, this is no longer used by libcurl but is instead #defined here only to not @@ -2832,7 +2819,7 @@ typedef enum { CURLCLOSEPOLICY_LAST /* last, never use this */ } curl_closepolicy; -#define CURL_GLOBAL_SSL (1<<0) /* no purpose since since 7.57.0 */ +#define CURL_GLOBAL_SSL (1<<0) /* no purpose since 7.57.0 */ #define CURL_GLOBAL_WIN32 (1<<1) #define CURL_GLOBAL_ALL (CURL_GLOBAL_SSL|CURL_GLOBAL_WIN32) #define CURL_GLOBAL_NOTHING 0 diff --git a/contrib/libs/curl/include/curl/curlver.h b/contrib/libs/curl/include/curl/curlver.h index 6d2f99b6da..14d168e935 100644 --- a/contrib/libs/curl/include/curl/curlver.h +++ b/contrib/libs/curl/include/curl/curlver.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -26,16 +26,16 @@ a script at release-time. This was made its own header file in 7.11.2 */ /* This is the global package copyright */ -#define LIBCURL_COPYRIGHT "1996 - 2021 Daniel Stenberg, <daniel@haxx.se>." +#define LIBCURL_COPYRIGHT "1996 - 2022 Daniel Stenberg, <daniel@haxx.se>." /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "7.81.0" +#define LIBCURL_VERSION "7.82.0" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 7 -#define LIBCURL_VERSION_MINOR 81 +#define LIBCURL_VERSION_MINOR 82 #define LIBCURL_VERSION_PATCH 0 /* This is the numeric version of the libcurl version number, meant for easier @@ -57,7 +57,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x075100 +#define LIBCURL_VERSION_NUM 0x075200 /* * This is the date and time when the full source package was created. The @@ -68,7 +68,7 @@ * * "2007-11-23" */ -#define LIBCURL_TIMESTAMP "2022-01-05" +#define LIBCURL_TIMESTAMP "2022-03-05" #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z)) #define CURL_AT_LEAST_VERSION(x,y,z) \ diff --git a/contrib/libs/curl/include/curl/system.h b/contrib/libs/curl/include/curl/system.h index faf8fcf84f..038ac0b167 100644 --- a/contrib/libs/curl/include/curl/system.h +++ b/contrib/libs/curl/include/curl/system.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -98,22 +98,6 @@ # define CURL_SUFFIX_CURL_OFF_TU UL # define CURL_TYPEOF_CURL_SOCKLEN_T int -#elif defined(__WATCOMC__) -# if defined(__386__) -# define CURL_TYPEOF_CURL_OFF_T __int64 -# define CURL_FORMAT_CURL_OFF_T "I64d" -# define CURL_FORMAT_CURL_OFF_TU "I64u" -# define CURL_SUFFIX_CURL_OFF_T i64 -# define CURL_SUFFIX_CURL_OFF_TU ui64 -# else -# define CURL_TYPEOF_CURL_OFF_T long -# define CURL_FORMAT_CURL_OFF_T "ld" -# define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SUFFIX_CURL_OFF_T L -# define CURL_SUFFIX_CURL_OFF_TU UL -# endif -# define CURL_TYPEOF_CURL_SOCKLEN_T int - #elif defined(__POCC__) # if (__POCC__ < 280) # define CURL_TYPEOF_CURL_OFF_T long diff --git a/contrib/libs/curl/lib/altsvc.c b/contrib/libs/curl/lib/altsvc.c index 36acc3a5ef..242733bfd7 100644 --- a/contrib/libs/curl/lib/altsvc.c +++ b/contrib/libs/curl/lib/altsvc.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2019 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -21,7 +21,7 @@ ***************************************************************************/ /* * The Alt-Svc: header is defined in RFC 7838: - * https://tools.ietf.org/html/rfc7838 + * https://datatracker.ietf.org/doc/html/rfc7838 */ #include "curl_setup.h" diff --git a/contrib/libs/curl/lib/base64.c b/contrib/libs/curl/lib/base64.c index be6f163dc4..960a1ca3ad 100644 --- a/contrib/libs/curl/lib/base64.c +++ b/contrib/libs/curl/lib/base64.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -34,7 +34,6 @@ #include "urldata.h" /* for the Curl_easy definition */ #include "warnless.h" #include "curl_base64.h" -#include "non-ascii.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -176,19 +175,15 @@ CURLcode Curl_base64_decode(const char *src, } static CURLcode base64_encode(const char *table64, - struct Curl_easy *data, const char *inputbuff, size_t insize, char **outptr, size_t *outlen) { - CURLcode result; unsigned char ibuf[3]; unsigned char obuf[4]; int i; int inputparts; char *output; char *base64data; - char *convbuf = NULL; - const char *indata = inputbuff; *outptr = NULL; @@ -206,20 +201,6 @@ static CURLcode base64_encode(const char *table64, if(!output) return CURLE_OUT_OF_MEMORY; - /* - * The base64 data needs to be created using the network encoding - * not the host encoding. And we can't change the actual input - * so we copy it to a buffer, translate it, and use that instead. - */ - result = Curl_convert_clone(data, indata, insize, &convbuf); - if(result) { - free(output); - return result; - } - - if(convbuf) - indata = (char *)convbuf; - while(insize > 0) { for(i = inputparts = 0; i < 3; i++) { if(insize > 0) { @@ -270,10 +251,8 @@ static CURLcode base64_encode(const char *table64, /* Return the pointer to the new data (allocated memory) */ *outptr = base64data; - free(convbuf); - /* Return the length of the new data */ - *outlen = strlen(base64data); + *outlen = output - base64data; return CURLE_OK; } @@ -295,11 +274,10 @@ static CURLcode base64_encode(const char *table64, * * @unittest: 1302 */ -CURLcode Curl_base64_encode(struct Curl_easy *data, - const char *inputbuff, size_t insize, +CURLcode Curl_base64_encode(const char *inputbuff, size_t insize, char **outptr, size_t *outlen) { - return base64_encode(base64, data, inputbuff, insize, outptr, outlen); + return base64_encode(base64, inputbuff, insize, outptr, outlen); } /* @@ -319,11 +297,10 @@ CURLcode Curl_base64_encode(struct Curl_easy *data, * * @unittest: 1302 */ -CURLcode Curl_base64url_encode(struct Curl_easy *data, - const char *inputbuff, size_t insize, +CURLcode Curl_base64url_encode(const char *inputbuff, size_t insize, char **outptr, size_t *outlen) { - return base64_encode(base64url, data, inputbuff, insize, outptr, outlen); + return base64_encode(base64url, inputbuff, insize, outptr, outlen); } #endif /* no users so disabled */ diff --git a/contrib/libs/curl/lib/c-hyper.c b/contrib/libs/curl/lib/c-hyper.c index a19a556b6f..00f9d7a51d 100644 --- a/contrib/libs/curl/lib/c-hyper.c +++ b/contrib/libs/curl/lib/c-hyper.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -142,7 +142,7 @@ static int hyper_each_header(void *userdata, return HYPER_ITER_BREAK; } else { - if(Curl_dyn_add(&data->state.headerb, "\r\n")) + if(Curl_dyn_addn(&data->state.headerb, STRCONST("\r\n"))) return HYPER_ITER_BREAK; } len = Curl_dyn_len(&data->state.headerb); @@ -1022,7 +1022,8 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) goto error; } - p_accept = Curl_checkheaders(data, "Accept")?NULL:"Accept: */*\r\n"; + p_accept = Curl_checkheaders(data, + STRCONST("Accept"))?NULL:"Accept: */*\r\n"; if(p_accept) { result = Curl_hyper_header(data, headers, p_accept); if(result) @@ -1036,8 +1037,8 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) #ifndef CURL_DISABLE_PROXY if(conn->bits.httpproxy && !conn->bits.tunnel_proxy && - !Curl_checkheaders(data, "Proxy-Connection") && - !Curl_checkProxyheaders(data, conn, "Proxy-Connection")) { + !Curl_checkheaders(data, STRCONST("Proxy-Connection")) && + !Curl_checkProxyheaders(data, conn, STRCONST("Proxy-Connection"))) { result = Curl_hyper_header(data, headers, "Proxy-Connection: Keep-Alive"); if(result) goto error; @@ -1045,7 +1046,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) #endif Curl_safefree(data->state.aptr.ref); - if(data->state.referer && !Curl_checkheaders(data, "Referer")) { + if(data->state.referer && !Curl_checkheaders(data, STRCONST("Referer"))) { data->state.aptr.ref = aprintf("Referer: %s\r\n", data->state.referer); if(!data->state.aptr.ref) result = CURLE_OUT_OF_MEMORY; @@ -1055,7 +1056,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) goto error; } - if(!Curl_checkheaders(data, "Accept-Encoding") && + if(!Curl_checkheaders(data, STRCONST("Accept-Encoding")) && data->set.str[STRING_ENCODING]) { Curl_safefree(data->state.aptr.accept_encoding); data->state.aptr.accept_encoding = diff --git a/contrib/libs/curl/lib/conncache.c b/contrib/libs/curl/lib/conncache.c index fec1937f0b..cd5756ae40 100644 --- a/contrib/libs/curl/lib/conncache.c +++ b/contrib/libs/curl/lib/conncache.c @@ -6,7 +6,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2012 - 2016, Linus Nielsen Feltzing, <linus@haxx.se> - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -193,13 +193,11 @@ Curl_conncache_find_bundle(struct Curl_easy *data, return bundle; } -static bool conncache_add_bundle(struct conncache *connc, - char *key, - struct connectbundle *bundle) +static void *conncache_add_bundle(struct conncache *connc, + char *key, + struct connectbundle *bundle) { - void *p = Curl_hash_add(&connc->hash, key, strlen(key), bundle); - - return p?TRUE:FALSE; + return Curl_hash_add(&connc->hash, key, strlen(key), bundle); } static void conncache_remove_bundle(struct conncache *connc, @@ -238,7 +236,6 @@ CURLcode Curl_conncache_add_conn(struct Curl_easy *data) bundle = Curl_conncache_find_bundle(data, conn, data->state.conn_cache, NULL); if(!bundle) { - int rc; char key[HASHKEY_SIZE]; result = bundle_create(&bundle); @@ -247,9 +244,8 @@ CURLcode Curl_conncache_add_conn(struct Curl_easy *data) } hashkey(conn, key, sizeof(key), NULL); - rc = conncache_add_bundle(data->state.conn_cache, key, bundle); - if(!rc) { + if(!conncache_add_bundle(data->state.conn_cache, key, bundle)) { bundle_destroy(bundle); result = CURLE_OUT_OF_MEMORY; goto unlock; @@ -410,7 +406,7 @@ bool Curl_conncache_return_conn(struct Curl_easy *data, conn_candidate = Curl_conncache_extract_oldest(data); if(conn_candidate) { /* the winner gets the honour of being disconnected */ - (void)Curl_disconnect(data, conn_candidate, /* dead_connection */ FALSE); + Curl_disconnect(data, conn_candidate, /* dead_connection */ FALSE); } } @@ -547,7 +543,7 @@ void Curl_conncache_close_all_connections(struct conncache *connc) /* This will remove the connection from the cache */ connclose(conn, "kill all"); Curl_conncache_remove_conn(connc->closure_handle, conn, TRUE); - (void)Curl_disconnect(connc->closure_handle, conn, FALSE); + Curl_disconnect(connc->closure_handle, conn, FALSE); sigpipe_restore(&pipe_st); conn = conncache_find_first_connection(connc); diff --git a/contrib/libs/curl/lib/connect.c b/contrib/libs/curl/lib/connect.c index 5252f9714d..64f951118b 100644 --- a/contrib/libs/curl/lib/connect.c +++ b/contrib/libs/curl/lib/connect.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -257,6 +257,9 @@ static CURLcode bindlocal(struct Curl_easy *data, #ifdef IP_BIND_ADDRESS_NO_PORT int on = 1; #endif +#ifndef ENABLE_IPV6 + (void)scope; +#endif /************************************************************* * Select device to bind socket to @@ -314,8 +317,11 @@ static CURLcode bindlocal(struct Curl_easy *data, } #endif - switch(Curl_if2ip(af, scope, conn->scope_id, dev, - myhost, sizeof(myhost))) { + switch(Curl_if2ip(af, +#ifdef ENABLE_IPV6 + scope, conn->scope_id, +#endif + dev, myhost, sizeof(myhost))) { case IF2IP_NOT_FOUND: if(is_interface) { /* Do not fall back to treating it as a host name */ diff --git a/contrib/libs/curl/lib/curl_base64.h b/contrib/libs/curl/lib/curl_base64.h index d48edc4241..4cb9d73537 100644 --- a/contrib/libs/curl/lib/curl_base64.h +++ b/contrib/libs/curl/lib/curl_base64.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,13 +22,10 @@ * ***************************************************************************/ -CURLcode Curl_base64_encode(struct Curl_easy *data, - const char *inputbuff, size_t insize, +CURLcode Curl_base64_encode(const char *inputbuff, size_t insize, char **outptr, size_t *outlen); -CURLcode Curl_base64url_encode(struct Curl_easy *data, - const char *inputbuff, size_t insize, +CURLcode Curl_base64url_encode(const char *inputbuff, size_t insize, char **outptr, size_t *outlen); - CURLcode Curl_base64_decode(const char *src, unsigned char **outptr, size_t *outlen); diff --git a/contrib/libs/curl/lib/curl_config-linux.h b/contrib/libs/curl/lib/curl_config-linux.h index 804397de28..0ac2bc9a4d 100644 --- a/contrib/libs/curl/lib/curl_config-linux.h +++ b/contrib/libs/curl/lib/curl_config-linux.h @@ -493,7 +493,8 @@ /* Define to 1 if you have the <openssl/rsa.h> header file. */ #define HAVE_OPENSSL_RSA_H 1 -/* if you have the function SRP_Calc_client_key */ +/* if you have the functions SSL_CTX_set_srp_username and + SSL_CTX_set_srp_password */ #define HAVE_OPENSSL_SRP 1 /* Define to 1 if you have the <openssl/ssl.h> header file. */ @@ -966,9 +967,6 @@ /* if mbedTLS is enabled */ /* #undef USE_MBEDTLS */ -/* if MesaLink is enabled */ -/* #undef USE_MESALINK */ - /* if nghttp2 is in use */ #define USE_NGHTTP2 1 diff --git a/contrib/libs/curl/lib/curl_ctype.c b/contrib/libs/curl/lib/curl_ctype.c index d6cd08a077..233a69e76f 100644 --- a/contrib/libs/curl/lib/curl_ctype.c +++ b/contrib/libs/curl/lib/curl_ctype.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,8 +22,6 @@ #include "curl_setup.h" -#ifndef CURL_DOES_CONVERSIONS - #undef _U #define _U (1<<0) /* upper case */ #undef _L @@ -130,4 +128,3 @@ int Curl_iscntrl(int c) return (ascii[c] & (_C)); } -#endif /* !CURL_DOES_CONVERSIONS */ diff --git a/contrib/libs/curl/lib/curl_ctype.h b/contrib/libs/curl/lib/curl_ctype.h index 17dfaa0942..2fa749dca9 100644 --- a/contrib/libs/curl/lib/curl_ctype.h +++ b/contrib/libs/curl/lib/curl_ctype.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,32 +24,6 @@ #include "curl_setup.h" -#ifdef CURL_DOES_CONVERSIONS - -/* - * Uppercase macro versions of ANSI/ISO is*() functions/macros which - * avoid negative number inputs with argument byte codes > 127. - * - * For non-ASCII platforms the C library character classification routines - * are used despite being locale-dependent, because this is better than - * not to work at all. - */ -#include <ctype.h> - -#define ISSPACE(x) (isspace((int) ((unsigned char)x))) -#define ISDIGIT(x) (isdigit((int) ((unsigned char)x))) -#define ISALNUM(x) (isalnum((int) ((unsigned char)x))) -#define ISXDIGIT(x) (isxdigit((int) ((unsigned char)x))) -#define ISGRAPH(x) (isgraph((int) ((unsigned char)x))) -#define ISALPHA(x) (isalpha((int) ((unsigned char)x))) -#define ISPRINT(x) (isprint((int) ((unsigned char)x))) -#define ISUPPER(x) (isupper((int) ((unsigned char)x))) -#define ISLOWER(x) (islower((int) ((unsigned char)x))) -#define ISCNTRL(x) (iscntrl((int) ((unsigned char)x))) -#define ISASCII(x) (isascii((int) ((unsigned char)x))) - -#else - int Curl_isspace(int c); int Curl_isdigit(int c); int Curl_isalnum(int c); @@ -73,8 +47,6 @@ int Curl_iscntrl(int c); #define ISCNTRL(x) (Curl_iscntrl((int) ((unsigned char)x))) #define ISASCII(x) (((x) >= 0) && ((x) <= 0x80)) -#endif - #define ISBLANK(x) (int)((((unsigned char)x) == ' ') || \ (((unsigned char)x) == '\t')) diff --git a/contrib/libs/curl/lib/curl_des.c b/contrib/libs/curl/lib/curl_des.c index 76185cbf21..5f28ef4f33 100644 --- a/contrib/libs/curl/lib/curl_des.c +++ b/contrib/libs/curl/lib/curl_des.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2015 - 2021, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2015 - 2022, Steve Holme, <steve_holme@hotmail.com>. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,7 +22,12 @@ #include "curl_setup.h" -#if defined(USE_NTLM) && !defined(USE_OPENSSL) && !defined(USE_WOLFSSL) +#if defined(USE_CURL_NTLM_CORE) && !defined(USE_WOLFSSL) && \ + (defined(USE_GNUTLS) || \ + defined(USE_NSS) || \ + defined(USE_SECTRANSP) || \ + defined(USE_OS400CRYPTO) || \ + defined(USE_WIN32_CRYPTO)) #include "curl_des.h" @@ -60,4 +65,4 @@ void Curl_des_set_odd_parity(unsigned char *bytes, size_t len) } } -#endif /* USE_NTLM && !USE_OPENSSL */ +#endif diff --git a/contrib/libs/curl/lib/curl_des.h b/contrib/libs/curl/lib/curl_des.h index 438706a0d2..3d0fd92600 100644 --- a/contrib/libs/curl/lib/curl_des.h +++ b/contrib/libs/curl/lib/curl_des.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2015 - 2020, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2015 - 2022, Steve Holme, <steve_holme@hotmail.com>. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,11 +24,16 @@ #include "curl_setup.h" -#if defined(USE_NTLM) && !defined(USE_OPENSSL) +#if defined(USE_CURL_NTLM_CORE) && !defined(USE_WOLFSSL) && \ + (defined(USE_GNUTLS) || \ + defined(USE_NSS) || \ + defined(USE_SECTRANSP) || \ + defined(USE_OS400CRYPTO) || \ + defined(USE_WIN32_CRYPTO)) /* Applies odd parity to the given byte array */ void Curl_des_set_odd_parity(unsigned char *bytes, size_t length); -#endif /* USE_NTLM && !USE_OPENSSL */ +#endif #endif /* HEADER_CURL_DES_H */ diff --git a/contrib/libs/curl/lib/curl_ntlm_core.c b/contrib/libs/curl/lib/curl_ntlm_core.c index daefaae7c0..2e4c31ebcd 100644 --- a/contrib/libs/curl/lib/curl_ntlm_core.c +++ b/contrib/libs/curl/lib/curl_ntlm_core.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -108,7 +108,6 @@ #endif #include "urldata.h" -#include "non-ascii.h" #include "strcase.h" #include "curl_ntlm_core.h" #include "curl_md5.h" @@ -402,11 +401,9 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys, /* * Set up lanmanager hashed password */ -CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data, - const char *password, +CURLcode Curl_ntlm_core_mk_lm_hash(const char *password, unsigned char *lmbuffer /* 21 bytes */) { - CURLcode result; unsigned char pw[14]; static const unsigned char magic[] = { 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 /* i.e. KGS!@#$% */ @@ -416,14 +413,6 @@ CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data, Curl_strntoupper((char *)pw, password, len); memset(&pw[len], 0, 14 - len); - /* - * The LanManager hashed password needs to be created using the - * password in the network encoding not the host encoding. - */ - result = Curl_convert_to_network(data, (char *)pw, 14); - if(result) - return result; - { /* Create LanManager hashed password. */ @@ -455,7 +444,6 @@ CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data, return CURLE_OK; } -#ifdef USE_NTRESPONSES static void ascii_to_unicode_le(unsigned char *dest, const char *src, size_t srclen) { @@ -466,7 +454,7 @@ static void ascii_to_unicode_le(unsigned char *dest, const char *src, } } -#if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI) +#if !defined(USE_WINDOWS_SSPI) static void ascii_uppercase_to_unicode_le(unsigned char *dest, const char *src, size_t srclen) @@ -478,19 +466,17 @@ static void ascii_uppercase_to_unicode_le(unsigned char *dest, } } -#endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */ +#endif /* !USE_WINDOWS_SSPI */ /* * Set up nt hashed passwords * @unittest: 1600 */ -CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, - const char *password, +CURLcode Curl_ntlm_core_mk_nt_hash(const char *password, unsigned char *ntbuffer /* 21 bytes */) { size_t len = strlen(password); unsigned char *pw; - CURLcode result; if(len > SIZE_T_MAX/2) /* avoid integer overflow */ return CURLE_OUT_OF_MEMORY; pw = len ? malloc(len * 2) : (unsigned char *)strdup(""); @@ -499,22 +485,16 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, ascii_to_unicode_le(pw, password, len); - /* - * The NT hashed password needs to be created using the password in the - * network encoding not the host encoding. - */ - result = Curl_convert_to_network(data, (char *)pw, len * 2); - if(!result) { - /* Create NT hashed password. */ - Curl_md4it(ntbuffer, pw, 2 * len); - memset(ntbuffer + 16, 0, 21 - 16); - } + /* Create NT hashed password. */ + Curl_md4it(ntbuffer, pw, 2 * len); + memset(ntbuffer + 16, 0, 21 - 16); + free(pw); - return result; + return CURLE_OK; } -#if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI) +#if !defined(USE_WINDOWS_SSPI) /* Timestamp in tenths of a microsecond since January 1, 1601 00:00:00 UTC. */ struct ms_filetime { @@ -730,8 +710,6 @@ CURLcode Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash, return result; } -#endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */ - -#endif /* USE_NTRESPONSES */ +#endif /* !USE_WINDOWS_SSPI */ #endif /* USE_CURL_NTLM_CORE */ diff --git a/contrib/libs/curl/lib/curl_ntlm_core.h b/contrib/libs/curl/lib/curl_ntlm_core.h index 31b36a8f55..164790fb76 100644 --- a/contrib/libs/curl/lib/curl_ntlm_core.h +++ b/contrib/libs/curl/lib/curl_ntlm_core.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -42,22 +42,6 @@ # include <openssl/ssl.h> #endif -/* Define USE_NTRESPONSES in order to make the type-3 message include - * the NT response message. */ -#define USE_NTRESPONSES - -/* Define USE_NTLM2SESSION in order to make the type-3 message include the - NTLM2Session response message, requires USE_NTRESPONSES defined to 1 */ -#if defined(USE_NTRESPONSES) -#define USE_NTLM2SESSION -#endif - -/* Define USE_NTLM_V2 in order to allow the type-3 message to include the - LMv2 and NTLMv2 response messages, requires USE_NTRESPONSES defined to 1 */ -#if defined(USE_NTRESPONSES) -#define USE_NTLM_V2 -#endif - /* Helpers to generate function byte arguments in little endian order */ #define SHORTPAIR(x) ((int)((x) & 0xff)), ((int)(((x) >> 8) & 0xff)) #define LONGQUARTET(x) ((int)((x) & 0xff)), ((int)(((x) >> 8) & 0xff)), \ @@ -67,16 +51,13 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys, const unsigned char *plaintext, unsigned char *results); -CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data, - const char *password, +CURLcode Curl_ntlm_core_mk_lm_hash(const char *password, unsigned char *lmbuffer /* 21 bytes */); -#ifdef USE_NTRESPONSES -CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, - const char *password, +CURLcode Curl_ntlm_core_mk_nt_hash(const char *password, unsigned char *ntbuffer /* 21 bytes */); -#if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI) +#if !defined(USE_WINDOWS_SSPI) CURLcode Curl_hmac_md5(const unsigned char *key, unsigned int keylen, const unsigned char *data, unsigned int datalen, @@ -98,9 +79,7 @@ CURLcode Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash, unsigned char *challenge_server, unsigned char *lmresp); -#endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */ - -#endif /* USE_NTRESPONSES */ +#endif /* !USE_WINDOWS_SSPI */ #endif /* USE_CURL_NTLM_CORE */ diff --git a/contrib/libs/curl/lib/curl_path.c b/contrib/libs/curl/lib/curl_path.c index f6ae8f012b..60b5798b9f 100644 --- a/contrib/libs/curl/lib/curl_path.c +++ b/contrib/libs/curl/lib/curl_path.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -40,7 +40,7 @@ CURLcode Curl_getworkingpath(struct Curl_easy *data, char *working_path; size_t working_path_len; CURLcode result = - Curl_urldecode(data, data->state.up.path, 0, &working_path, + Curl_urldecode(data->state.up.path, 0, &working_path, &working_path_len, REJECT_ZERO); if(result) return result; diff --git a/contrib/libs/curl/lib/curl_sasl.c b/contrib/libs/curl/lib/curl_sasl.c index 8d39e4f81b..7e28c92fd3 100644 --- a/contrib/libs/curl/lib/curl_sasl.c +++ b/contrib/libs/curl/lib/curl_sasl.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -48,7 +48,6 @@ #include "warnless.h" #include "strtok.h" #include "sendf.h" -#include "non-ascii.h" /* included for Curl_convert_... prototypes */ /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" @@ -283,8 +282,7 @@ static CURLcode get_server_message(struct SASL *sasl, struct Curl_easy *data, } /* Encode the outgoing SASL message. */ -static CURLcode build_message(struct SASL *sasl, struct Curl_easy *data, - struct bufref *msg) +static CURLcode build_message(struct SASL *sasl, struct bufref *msg) { CURLcode result = CURLE_OK; @@ -297,7 +295,7 @@ static CURLcode build_message(struct SASL *sasl, struct Curl_easy *data, char *base64; size_t base64len; - result = Curl_base64_encode(data, (const char *) Curl_bufref_ptr(msg), + result = Curl_base64_encode((const char *) Curl_bufref_ptr(msg), Curl_bufref_len(msg), &base64, &base64len); if(!result) Curl_bufref_set(msg, base64, base64len, curl_free); @@ -312,10 +310,10 @@ static CURLcode build_message(struct SASL *sasl, struct Curl_easy *data, * * Check if we have enough auth data and capabilities to authenticate. */ -bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn) +bool Curl_sasl_can_authenticate(struct SASL *sasl, struct Curl_easy *data) { /* Have credentials been provided? */ - if(conn->bits.user_passwd) + if(data->state.aptr.user) return TRUE; /* EXTERNAL can authenticate without a user name and/or password */ @@ -367,7 +365,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data, if(force_ir || data->set.sasl_ir) result = Curl_auth_create_external_message(conn->user, &resp); } - else if(conn->bits.user_passwd) { + else if(data->state.aptr.user) { #if defined(USE_KERBEROS5) if((enabledmechs & SASL_MECH_GSSAPI) && Curl_auth_is_gssapi_supported() && Curl_auth_user_contains_domain(conn->user)) { @@ -494,7 +492,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data, if(!result && mech) { sasl->curmech = mech; if(Curl_bufref_ptr(&resp)) - result = build_message(sasl, data, &resp); + result = build_message(sasl, &resp); if(sasl->params->maxirlen && strlen(mech) + Curl_bufref_len(&resp) > sasl->params->maxirlen) @@ -729,7 +727,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data, newstate = SASL_CANCEL; break; case CURLE_OK: - result = build_message(sasl, data, &resp); + result = build_message(sasl, &resp); if(!result) result = sasl->params->contauth(data, sasl->curmech, &resp); break; diff --git a/contrib/libs/curl/lib/curl_sasl.h b/contrib/libs/curl/lib/curl_sasl.h index 91458c74a0..d377ae7bc8 100644 --- a/contrib/libs/curl/lib/curl_sasl.h +++ b/contrib/libs/curl/lib/curl_sasl.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -150,7 +150,7 @@ void Curl_sasl_init(struct SASL *sasl, struct Curl_easy *data, const struct SASLproto *params); /* Check if we have enough auth data and capabilities to authenticate */ -bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn); +bool Curl_sasl_can_authenticate(struct SASL *sasl, struct Curl_easy *data); /* Calculate the required login details for SASL authentication */ CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data, diff --git a/contrib/libs/curl/lib/curl_setup.h b/contrib/libs/curl/lib/curl_setup.h index 6b61f93d94..0086a3d696 100644 --- a/contrib/libs/curl/lib/curl_setup.h +++ b/contrib/libs/curl/lib/curl_setup.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -101,14 +101,6 @@ # error #include "config-os400.h" #endif -#ifdef TPF -# error #include "config-tpf.h" -#endif - -#ifdef __VXWORKS__ -# error #include "config-vxworks.h" -#endif - #ifdef __PLAN9__ # error #include "config-plan9.h" #endif @@ -274,22 +266,6 @@ # include <extra/strdup.h> #endif -#ifdef TPF -# include <strings.h> /* for bzero, strcasecmp, and strncasecmp */ -# include <string.h> /* for strcpy and strlen */ -# include <stdlib.h> /* for rand and srand */ -# include <sys/socket.h> /* for select and ioctl*/ -# include <netdb.h> /* for in_addr_t definition */ -# include <tpf/sysapi.h> /* for tpf_process_signals */ - /* change which select is used for libcurl */ -# define select(a,b,c,d,e) tpf_select_libcurl(a,b,c,d,e) -#endif - -#ifdef __VXWORKS__ -# include <sockLib.h> /* for generic BSD socket functions */ -# include <ioLib.h> /* for basic I/O interface functions */ -#endif - #ifdef __AMIGA__ # include <exec/types.h> # include <exec/execbase.h> @@ -619,14 +595,6 @@ # endif #endif -#ifdef NETWARE -int netware_init(void); -#ifndef __NOVELL_LIBC__ -#include <sys/bsdskt.h> -#include <sys/timeval.h> -#endif -#endif - #if defined(HAVE_LIBIDN2) && defined(HAVE_IDN2_H) && !defined(USE_WIN32_IDN) /* The lib and header are present */ #define USE_LIBIDN2 @@ -641,7 +609,7 @@ int netware_init(void); #if defined(USE_GNUTLS) || defined(USE_OPENSSL) || defined(USE_NSS) || \ defined(USE_MBEDTLS) || \ defined(USE_WOLFSSL) || defined(USE_SCHANNEL) || \ - defined(USE_SECTRANSP) || defined(USE_GSKIT) || defined(USE_MESALINK) || \ + defined(USE_SECTRANSP) || defined(USE_GSKIT) || \ defined(USE_BEARSSL) || defined(USE_RUSTLS) #define USE_SSL /* SSL support has been enabled */ #endif @@ -804,6 +772,11 @@ endings either CRLF or LF so 't' is appropriate. #define CURLMAX(x,y) ((x)>(y)?(x):(y)) #define CURLMIN(x,y) ((x)<(y)?(x):(y)) +/* A convenience macro to provide both the string literal and the length of + the string literal in one go, useful for functions that take "string,len" + as their argument */ +#define STRCONST(x) x,sizeof(x)-1 + /* Some versions of the Android SDK is missing the declaration */ #if defined(HAVE_GETPWUID_R) && defined(HAVE_DECL_GETPWUID_R_MISSING) struct passwd; diff --git a/contrib/libs/curl/lib/curl_sha256.h b/contrib/libs/curl/lib/curl_sha256.h index 7b408ef548..9b46156abb 100644 --- a/contrib/libs/curl/lib/curl_sha256.h +++ b/contrib/libs/curl/lib/curl_sha256.h @@ -8,7 +8,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com> - * Copyright (C) 2018 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -32,7 +32,7 @@ extern const struct HMAC_params Curl_HMAC_SHA256[1]; /* SHA256_DIGEST_LENGTH is an enum value in wolfSSL. Need to import it from * sha.h*/ #error #include <wolfssl/options.h> -#include <openssl/sha.h> +#error #include <wolfssl/openssl/sha.h> #else #define SHA256_DIGEST_LENGTH 32 #endif diff --git a/contrib/libs/curl/lib/dict.c b/contrib/libs/curl/lib/dict.c index 5d53b8f1ff..e23e661912 100644 --- a/contrib/libs/curl/lib/dict.c +++ b/contrib/libs/curl/lib/dict.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -96,13 +96,13 @@ const struct Curl_handler Curl_handler_dict = { PROTOPT_NONE | PROTOPT_NOURLQUERY /* flags */ }; -static char *unescape_word(struct Curl_easy *data, const char *inputbuff) +static char *unescape_word(const char *inputbuff) { char *newp = NULL; char *dictp; size_t len; - CURLcode result = Curl_urldecode(data, inputbuff, 0, &newp, &len, + CURLcode result = Curl_urldecode(inputbuff, 0, &newp, &len, REJECT_NADA); if(!newp || result) return NULL; @@ -190,10 +190,6 @@ static CURLcode dict_do(struct Curl_easy *data, bool *done) *done = TRUE; /* unconditionally */ - if(conn->bits.user_passwd) { - /* AUTH is missing */ - } - if(strncasecompare(path, DICT_MATCH, sizeof(DICT_MATCH)-1) || strncasecompare(path, DICT_MATCH2, sizeof(DICT_MATCH2)-1) || strncasecompare(path, DICT_MATCH3, sizeof(DICT_MATCH3)-1)) { @@ -226,7 +222,7 @@ static CURLcode dict_do(struct Curl_easy *data, bool *done) strategy = (char *)"."; } - eword = unescape_word(data, word); + eword = unescape_word(word); if(!eword) return CURLE_OUT_OF_MEMORY; @@ -274,7 +270,7 @@ static CURLcode dict_do(struct Curl_easy *data, bool *done) database = (char *)"!"; } - eword = unescape_word(data, word); + eword = unescape_word(word); if(!eword) return CURLE_OUT_OF_MEMORY; diff --git a/contrib/libs/curl/lib/doh.c b/contrib/libs/curl/lib/doh.c index d6a2167701..292f5dc667 100644 --- a/contrib/libs/curl/lib/doh.c +++ b/contrib/libs/curl/lib/doh.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2018 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -530,7 +530,7 @@ static DOHcode store_cname(const unsigned char *doh, if(length) { if(Curl_dyn_len(c)) { - if(Curl_dyn_add(c, ".")) + if(Curl_dyn_addn(c, STRCONST("."))) return DOH_OUT_OF_MEM; } if((index + length) > dohlen) @@ -911,7 +911,7 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data, if(!dohp->probe[DOH_PROBE_SLOT_IPADDR_V4].easy && !dohp->probe[DOH_PROBE_SLOT_IPADDR_V6].easy) { failf(data, "Could not DoH-resolve: %s", data->state.async.hostname); - return data->conn->bits.proxy?CURLE_COULDNT_RESOLVE_PROXY: + return CONN_IS_PROXIED(data->conn)?CURLE_COULDNT_RESOLVE_PROXY: CURLE_COULDNT_RESOLVE_HOST; } else if(!dohp->pending) { diff --git a/contrib/libs/curl/lib/dotdot.c b/contrib/libs/curl/lib/dotdot.c index 3a1435f8ec..73ef2fa729 100644 --- a/contrib/libs/curl/lib/dotdot.c +++ b/contrib/libs/curl/lib/dotdot.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -32,7 +32,7 @@ /* * "Remove Dot Segments" - * https://tools.ietf.org/html/rfc3986#section-5.2.4 + * https://datatracker.ietf.org/doc/html/rfc3986#section-5.2.4 */ /* diff --git a/contrib/libs/curl/lib/easy.c b/contrib/libs/curl/lib/easy.c index 20293a710b..0e23561376 100644 --- a/contrib/libs/curl/lib/easy.c +++ b/contrib/libs/curl/lib/easy.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -68,7 +68,6 @@ #include "slist.h" #include "mime.h" #include "amigaos.h" -#include "non-ascii.h" #include "warnless.h" #include "multiif.h" #include "sigpipe.h" @@ -168,12 +167,6 @@ static CURLcode global_init(long flags, bool memoryfuncs) } #endif -#ifdef NETWARE - if(netware_init()) { - DEBUGF(fprintf(stderr, "Warning: LONG namespace not available\n")); - } -#endif - if(Curl_resolver_global_init()) { DEBUGF(fprintf(stderr, "Error: resolver_global_init failed\n")); goto fail; @@ -933,8 +926,6 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) } #endif /* USE_ARES */ - Curl_convert_setup(outcurl); - Curl_initinfo(outcurl); outcurl->magic = CURLEASY_MAGIC_NUMBER; diff --git a/contrib/libs/curl/lib/escape.c b/contrib/libs/curl/lib/escape.c index 683b6fc4a6..ff5887508e 100644 --- a/contrib/libs/curl/lib/escape.c +++ b/contrib/libs/curl/lib/escape.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -29,7 +29,6 @@ #include "urldata.h" #include "warnless.h" -#include "non-ascii.h" #include "escape.h" #include "strdup.h" /* The last 3 #include files should be in this order */ @@ -39,7 +38,7 @@ /* Portable character check (remember EBCDIC). Do not use isalnum() because its behavior is altered by the current locale. - See https://tools.ietf.org/html/rfc3986#section-2.3 + See https://datatracker.ietf.org/doc/html/rfc3986#section-2.3 */ bool Curl_isunreserved(unsigned char in) { @@ -80,8 +79,8 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string, int inlength) { size_t length; - CURLcode result; struct dynbuf d; + (void)data; if(inlength < 0) return NULL; @@ -102,16 +101,7 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string, } else { /* encode it */ - char encoded[4]; - result = Curl_convert_to_network(data, (char *)&in, 1); - if(result) { - /* Curl_convert_to_network calls failf if unsuccessful */ - Curl_dyn_free(&d); - return NULL; - } - - msnprintf(encoded, sizeof(encoded), "%%%02X", in); - if(Curl_dyn_add(&d, encoded)) + if(Curl_dyn_addf(&d, "%%%02X", in)) return NULL; } string++; @@ -126,8 +116,7 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string, * Returns a pointer to a malloced string in *ostring with length given in * *olen. If length == 0, the length is assumed to be strlen(string). * - * 'data' can be set to NULL but then this function can't convert network - * data to host for non-ascii. + * 'data' can be set to NULL * * ctrl options: * - REJECT_NADA: accept everything @@ -139,8 +128,7 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string, * invokes that used TRUE/FALSE (0 and 1). */ -CURLcode Curl_urldecode(struct Curl_easy *data, - const char *string, size_t length, +CURLcode Curl_urldecode(const char *string, size_t length, char **ostring, size_t *olen, enum urlreject ctrl) { @@ -148,7 +136,6 @@ CURLcode Curl_urldecode(struct Curl_easy *data, char *ns; size_t strindex = 0; unsigned long hex; - CURLcode result = CURLE_OK; DEBUGASSERT(string); DEBUGASSERT(ctrl >= REJECT_NADA); /* crash on TRUE/FALSE */ @@ -174,15 +161,6 @@ CURLcode Curl_urldecode(struct Curl_easy *data, in = curlx_ultouc(hex); /* this long is never bigger than 255 anyway */ - if(data) { - result = Curl_convert_from_network(data, (char *)&in, 1); - if(result) { - /* Curl_convert_from_network calls failf if unsuccessful */ - free(ns); - return result; - } - } - string += 2; alloc -= 2; } @@ -218,10 +196,11 @@ char *curl_easy_unescape(struct Curl_easy *data, const char *string, int length, int *olen) { char *str = NULL; + (void)data; if(length >= 0) { size_t inputlen = length; size_t outputlen; - CURLcode res = Curl_urldecode(data, string, inputlen, &str, &outputlen, + CURLcode res = Curl_urldecode(string, inputlen, &str, &outputlen, REJECT_NADA); if(res) return NULL; diff --git a/contrib/libs/curl/lib/escape.h b/contrib/libs/curl/lib/escape.h index 46cb59039a..02668835cc 100644 --- a/contrib/libs/curl/lib/escape.h +++ b/contrib/libs/curl/lib/escape.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -32,8 +32,7 @@ enum urlreject { REJECT_ZERO }; -CURLcode Curl_urldecode(struct Curl_easy *data, - const char *string, size_t length, +CURLcode Curl_urldecode(const char *string, size_t length, char **ostring, size_t *olen, enum urlreject ctrl); diff --git a/contrib/libs/curl/lib/file.c b/contrib/libs/curl/lib/file.c index 0420db3454..3da79a2c1b 100644 --- a/contrib/libs/curl/lib/file.c +++ b/contrib/libs/curl/lib/file.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -147,7 +147,7 @@ static CURLcode file_connect(struct Curl_easy *data, bool *done) #endif size_t real_path_len; - CURLcode result = Curl_urldecode(data, data->state.up.path, 0, &real_path, + CURLcode result = Curl_urldecode(data->state.up.path, 0, &real_path, &real_path_len, REJECT_ZERO); if(result) return result; diff --git a/contrib/libs/curl/lib/formdata.c b/contrib/libs/curl/lib/formdata.c index ac7a0009cd..5fefd7a6ef 100644 --- a/contrib/libs/curl/lib/formdata.c +++ b/contrib/libs/curl/lib/formdata.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -33,7 +33,6 @@ #include "urldata.h" /* for struct Curl_easy */ #include "mime.h" -#include "non-ascii.h" #include "vtls/vtls.h" #include "strcase.h" #include "sendf.h" @@ -77,10 +76,15 @@ AddHttpPost(char *name, size_t namelength, struct curl_httppost **last_post) { struct curl_httppost *post; + if(!namelength && name) + namelength = strlen(name); + if((bufferlength > LONG_MAX) || (namelength > LONG_MAX)) + /* avoid overflow in typecasts below */ + return NULL; post = calloc(1, sizeof(struct curl_httppost)); if(post) { post->name = name; - post->namelength = (long)(name?(namelength?namelength:strlen(name)):0); + post->namelength = (long)namelength; post->contents = value; post->contentlen = contentslength; post->buffer = buffer; @@ -269,14 +273,8 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, * Set the Name property. */ case CURLFORM_PTRNAME: -#ifdef CURL_DOES_CONVERSIONS - /* Treat CURLFORM_PTR like CURLFORM_COPYNAME so that libcurl will copy - * the data in all cases so that we'll have safe memory for the eventual - * conversion. - */ -#else current_form->flags |= HTTPPOST_PTRNAME; /* fall through */ -#endif + /* FALLTHROUGH */ case CURLFORM_COPYNAME: if(current_form->name) @@ -901,11 +899,6 @@ CURLcode Curl_getformdata(struct Curl_easy *data, else uclen = (size_t)clen; result = curl_mime_data(part, post->contents, uclen); -#ifdef CURL_DOES_CONVERSIONS - /* Convert textual contents now. */ - if(!result && data && part->datasize) - result = Curl_convert_to_network(data, part->data, part->datasize); -#endif } } diff --git a/contrib/libs/curl/lib/ftp.c b/contrib/libs/curl/lib/ftp.c index f6921e4262..c6efaedd3d 100644 --- a/contrib/libs/curl/lib/ftp.c +++ b/contrib/libs/curl/lib/ftp.c @@ -76,7 +76,6 @@ #include "speedcheck.h" #include "warnless.h" #include "http_proxy.h" -#include "non-ascii.h" #include "socks.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -1030,8 +1029,11 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, if(*addr != '\0') { /* attempt to get the address of the given interface name */ switch(Curl_if2ip(conn->ip_addr->ai_family, +#ifdef ENABLE_IPV6 Curl_ipv6_scope(conn->ip_addr->ai_addr), - conn->scope_id, addr, hbuf, sizeof(hbuf))) { + conn->scope_id, +#endif + addr, hbuf, sizeof(hbuf))) { case IF2IP_NOT_FOUND: /* not an interface, use the given string as host name instead */ host = addr; @@ -1460,7 +1462,7 @@ static CURLcode ftp_state_list(struct Curl_easy *data) /* url-decode before evaluation: e.g. paths starting/ending with %2f */ const char *slashPos = NULL; char *rawPath = NULL; - result = Curl_urldecode(data, ftp->path, 0, &rawPath, NULL, REJECT_CTRL); + result = Curl_urldecode(ftp->path, 0, &rawPath, NULL, REJECT_CTRL); if(result) return result; @@ -3247,7 +3249,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, if(!result) /* get the url-decoded "raw" path */ - result = Curl_urldecode(data, ftp->path, 0, &rawPath, &pathLen, + result = Curl_urldecode(ftp->path, 0, &rawPath, &pathLen, REJECT_CTRL); if(result) { /* We can limp along anyway (and should try to since we may already be in @@ -4131,9 +4133,11 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data) ftpc->cwdfail = FALSE; /* url-decode ftp path before further evaluation */ - result = Curl_urldecode(data, ftp->path, 0, &rawPath, &pathLen, REJECT_CTRL); - if(result) + result = Curl_urldecode(ftp->path, 0, &rawPath, &pathLen, REJECT_CTRL); + if(result) { + failf(data, "path contains control characters"); return result; + } switch(data->set.ftp_filemethod) { case FTPFILE_NOCWD: /* fastest, but less standard-compliant */ diff --git a/contrib/libs/curl/lib/gopher.c b/contrib/libs/curl/lib/gopher.c index f61232ff56..0a3ba8fb56 100644 --- a/contrib/libs/curl/lib/gopher.c +++ b/contrib/libs/curl/lib/gopher.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -165,7 +165,7 @@ static CURLcode gopher_do(struct Curl_easy *data, bool *done) newp += 2; /* ... and finally unescape */ - result = Curl_urldecode(data, newp, 0, &sel, &len, REJECT_ZERO); + result = Curl_urldecode(newp, 0, &sel, &len, REJECT_ZERO); free(gopherpath); if(result) return result; diff --git a/contrib/libs/curl/lib/h2h3.c b/contrib/libs/curl/lib/h2h3.c new file mode 100644 index 0000000000..cf8d156945 --- /dev/null +++ b/contrib/libs/curl/lib/h2h3.c @@ -0,0 +1,310 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "curl_setup.h" +#include "urldata.h" +#include "h2h3.h" +#include "transfer.h" +#include "sendf.h" +#include "strcase.h" + +/* The last 3 #include files should be in this order */ +#include "curl_printf.h" +#include "curl_memory.h" +#include "memdebug.h" + +/* + * Curl_pseudo_headers() creates the array with pseudo headers to be + * used in a HTTP/2 or HTTP/3 request. + */ + +#if defined(USE_NGHTTP2) || defined(ENABLE_QUIC) + +/* Index where :authority header field will appear in request header + field list. */ +#define AUTHORITY_DST_IDX 3 + +/* USHRT_MAX is 65535 == 0xffff */ +#define HEADER_OVERFLOW(x) \ + (x.namelen > 0xffff || x.valuelen > 0xffff - x.namelen) + +/* + * Check header memory for the token "trailers". + * Parse the tokens as separated by comma and surrounded by whitespace. + * Returns TRUE if found or FALSE if not. + */ +static bool contains_trailers(const char *p, size_t len) +{ + const char *end = p + len; + for(;;) { + for(; p != end && (*p == ' ' || *p == '\t'); ++p) + ; + if(p == end || (size_t)(end - p) < sizeof("trailers") - 1) + return FALSE; + if(strncasecompare("trailers", p, sizeof("trailers") - 1)) { + p += sizeof("trailers") - 1; + for(; p != end && (*p == ' ' || *p == '\t'); ++p) + ; + if(p == end || *p == ',') + return TRUE; + } + /* skip to next token */ + for(; p != end && *p != ','; ++p) + ; + if(p == end) + return FALSE; + ++p; + } +} + +typedef enum { + /* Send header to server */ + HEADERINST_FORWARD, + /* Don't send header to server */ + HEADERINST_IGNORE, + /* Discard header, and replace it with "te: trailers" */ + HEADERINST_TE_TRAILERS +} header_instruction; + +/* Decides how to treat given header field. */ +static header_instruction inspect_header(const char *name, size_t namelen, + const char *value, size_t valuelen) { + switch(namelen) { + case 2: + if(!strncasecompare("te", name, namelen)) + return HEADERINST_FORWARD; + + return contains_trailers(value, valuelen) ? + HEADERINST_TE_TRAILERS : HEADERINST_IGNORE; + case 7: + return strncasecompare("upgrade", name, namelen) ? + HEADERINST_IGNORE : HEADERINST_FORWARD; + case 10: + return (strncasecompare("connection", name, namelen) || + strncasecompare("keep-alive", name, namelen)) ? + HEADERINST_IGNORE : HEADERINST_FORWARD; + case 16: + return strncasecompare("proxy-connection", name, namelen) ? + HEADERINST_IGNORE : HEADERINST_FORWARD; + case 17: + return strncasecompare("transfer-encoding", name, namelen) ? + HEADERINST_IGNORE : HEADERINST_FORWARD; + default: + return HEADERINST_FORWARD; + } +} + +CURLcode Curl_pseudo_headers(struct Curl_easy *data, + const char *mem, /* the requeset */ + const size_t len /* size of request */, + struct h2h3req **hp) +{ + struct connectdata *conn = data->conn; + size_t nheader = 0; + size_t i; + size_t authority_idx; + char *hdbuf = (char *)mem; + char *end, *line_end; + struct h2h3pseudo *nva = NULL; + struct h2h3req *hreq = NULL; + char *vptr; + + /* Calculate number of headers contained in [mem, mem + len). Assumes a + correctly generated HTTP header field block. */ + for(i = 1; i < len; ++i) { + if(hdbuf[i] == '\n' && hdbuf[i - 1] == '\r') { + ++nheader; + ++i; + } + } + if(nheader < 2) { + goto fail; + } + /* We counted additional 2 \r\n in the first and last line. We need 3 + new headers: :method, :path and :scheme. Therefore we need one + more space. */ + nheader += 1; + hreq = malloc(sizeof(struct h2h3req) + + sizeof(struct h2h3pseudo) * (nheader - 1)); + if(!hreq) { + goto fail; + } + + nva = &hreq->header[0]; + + /* Extract :method, :path from request line + We do line endings with CRLF so checking for CR is enough */ + line_end = memchr(hdbuf, '\r', len); + if(!line_end) { + goto fail; + } + + /* Method does not contain spaces */ + end = memchr(hdbuf, ' ', line_end - hdbuf); + if(!end || end == hdbuf) + goto fail; + nva[0].name = H2H3_PSEUDO_METHOD; + nva[0].namelen = sizeof(H2H3_PSEUDO_METHOD) - 1; + nva[0].value = hdbuf; + nva[0].valuelen = (size_t)(end - hdbuf); + + hdbuf = end + 1; + + /* Path may contain spaces so scan backwards */ + end = NULL; + for(i = (size_t)(line_end - hdbuf); i; --i) { + if(hdbuf[i - 1] == ' ') { + end = &hdbuf[i - 1]; + break; + } + } + if(!end || end == hdbuf) + goto fail; + nva[1].name = H2H3_PSEUDO_PATH; + nva[1].namelen = sizeof(H2H3_PSEUDO_PATH) - 1; + nva[1].value = hdbuf; + nva[1].valuelen = (end - hdbuf); + + nva[2].name = H2H3_PSEUDO_SCHEME; + nva[2].namelen = sizeof(H2H3_PSEUDO_SCHEME) - 1; + vptr = Curl_checkheaders(data, STRCONST(H2H3_PSEUDO_SCHEME)); + if(vptr) { + vptr += sizeof(H2H3_PSEUDO_SCHEME); + while(*vptr && ISSPACE(*vptr)) + vptr++; + nva[2].value = vptr; + infof(data, "set pseudo header %s to %s", H2H3_PSEUDO_SCHEME, vptr); + } + else { + if(conn->handler->flags & PROTOPT_SSL) + nva[2].value = "https"; + else + nva[2].value = "http"; + } + nva[2].valuelen = strlen((char *)nva[2].value); + + authority_idx = 0; + i = 3; + while(i < nheader) { + size_t hlen; + + hdbuf = line_end + 2; + + /* check for next CR, but only within the piece of data left in the given + buffer */ + line_end = memchr(hdbuf, '\r', len - (hdbuf - (char *)mem)); + if(!line_end || (line_end == hdbuf)) + goto fail; + + /* header continuation lines are not supported */ + if(*hdbuf == ' ' || *hdbuf == '\t') + goto fail; + + for(end = hdbuf; end < line_end && *end != ':'; ++end) + ; + if(end == hdbuf || end == line_end) + goto fail; + hlen = end - hdbuf; + + if(hlen == 4 && strncasecompare("host", hdbuf, 4)) { + authority_idx = i; + nva[i].name = H2H3_PSEUDO_AUTHORITY; + nva[i].namelen = sizeof(H2H3_PSEUDO_AUTHORITY) - 1; + } + else { + nva[i].namelen = (size_t)(end - hdbuf); + /* Lower case the header name for HTTP/3 */ + Curl_strntolower((char *)hdbuf, hdbuf, nva[i].namelen); + nva[i].name = hdbuf; + } + hdbuf = end + 1; + while(*hdbuf == ' ' || *hdbuf == '\t') + ++hdbuf; + end = line_end; + + switch(inspect_header((const char *)nva[i].name, nva[i].namelen, hdbuf, + end - hdbuf)) { + case HEADERINST_IGNORE: + /* skip header fields prohibited by HTTP/2 specification. */ + --nheader; + continue; + case HEADERINST_TE_TRAILERS: + nva[i].value = "trailers"; + nva[i].valuelen = sizeof("trailers") - 1; + break; + default: + nva[i].value = hdbuf; + nva[i].valuelen = (end - hdbuf); + } + + nva[i].value = hdbuf; + nva[i].valuelen = (end - hdbuf); + + ++i; + } + + /* :authority must come before non-pseudo header fields */ + if(authority_idx && authority_idx != AUTHORITY_DST_IDX) { + struct h2h3pseudo authority = nva[authority_idx]; + for(i = authority_idx; i > AUTHORITY_DST_IDX; --i) { + nva[i] = nva[i - 1]; + } + nva[i] = authority; + } + + /* Warn stream may be rejected if cumulative length of headers is too + large. */ +#define MAX_ACC 60000 /* <64KB to account for some overhead */ + { + size_t acc = 0; + + for(i = 0; i < nheader; ++i) { + acc += nva[i].namelen + nva[i].valuelen; + + infof(data, "h2h3 [%.*s: %.*s]", + (int)nva[i].namelen, nva[i].name, + (int)nva[i].valuelen, nva[i].value); + } + + if(acc > MAX_ACC) { + infof(data, "http_request: Warning: The cumulative length of all " + "headers exceeds %d bytes and that could cause the " + "stream to be rejected.", MAX_ACC); + } + } + + hreq->entries = nheader; + *hp = hreq; + + return CURLE_OK; + + fail: + free(hreq); + return CURLE_OUT_OF_MEMORY; +} + +void Curl_pseudo_free(struct h2h3req *hp) +{ + free(hp); +} + +#endif /* USE_NGHTTP2 or HTTP/3 enabled */ diff --git a/contrib/libs/curl/lib/h2h3.h b/contrib/libs/curl/lib/h2h3.h new file mode 100644 index 0000000000..22256841c6 --- /dev/null +++ b/contrib/libs/curl/lib/h2h3.h @@ -0,0 +1,59 @@ +#ifndef HEADER_CURL_H2H3_H +#define HEADER_CURL_H2H3_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +#include "curl_setup.h" + +#define H2H3_PSEUDO_METHOD ":method" +#define H2H3_PSEUDO_SCHEME ":scheme" +#define H2H3_PSEUDO_AUTHORITY ":authority" +#define H2H3_PSEUDO_PATH ":path" +#define H2H3_PSEUDO_STATUS ":status" + +struct h2h3pseudo { + const char *name; + size_t namelen; + const char *value; + size_t valuelen; +}; + +struct h2h3req { + size_t entries; + struct h2h3pseudo header[1]; /* the array is allocated to contain entries */ +}; + +/* + * Curl_pseudo_headers() creates the array with pseudo headers to be + * used in a HTTP/2 or HTTP/3 request. Returns an allocated struct. + * Free it with Curl_pseudo_free(). + */ +CURLcode Curl_pseudo_headers(struct Curl_easy *data, + const char *request, + const size_t len, + struct h2h3req **hp); + +/* + * Curl_pseudo_free() frees a h2h3req struct. + */ +void Curl_pseudo_free(struct h2h3req *hp); + +#endif /* HEADER_CURL_H2H3_H */ diff --git a/contrib/libs/curl/lib/hostip.c b/contrib/libs/curl/lib/hostip.c index 0ea005e4d2..8536ec9cd3 100644 --- a/contrib/libs/curl/lib/hostip.c +++ b/contrib/libs/curl/lib/hostip.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1220,6 +1220,7 @@ CURLcode Curl_resolv_check(struct Curl_easy *data, struct Curl_dns_entry **dns) { #if defined(CURL_DISABLE_DOH) && !defined(CURLRES_ASYNCH) + (void)data; (void)dns; #endif #ifndef CURL_DISABLE_DOH diff --git a/contrib/libs/curl/lib/hsts.c b/contrib/libs/curl/lib/hsts.c index 052dc11571..03fcc9e425 100644 --- a/contrib/libs/curl/lib/hsts.c +++ b/contrib/libs/curl/lib/hsts.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2020 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -21,7 +21,7 @@ ***************************************************************************/ /* * The Strict-Transport-Security header is defined in RFC 6797: - * https://tools.ietf.org/html/rfc6797 + * https://datatracker.ietf.org/doc/html/rfc6797 */ #include "curl_setup.h" diff --git a/contrib/libs/curl/lib/http.c b/contrib/libs/curl/lib/http.c index 04dc034fd0..97ab1cbd4d 100644 --- a/contrib/libs/curl/lib/http.c +++ b/contrib/libs/curl/lib/http.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -77,7 +77,6 @@ #include "content_encoding.h" #include "http_proxy.h" #include "warnless.h" -#include "non-ascii.h" #include "http2.h" #include "connect.h" #include "strdup.h" @@ -216,10 +215,10 @@ static CURLcode http_setup_conn(struct Curl_easy *data, */ char *Curl_checkProxyheaders(struct Curl_easy *data, const struct connectdata *conn, - const char *thisheader) + const char *thisheader, + const size_t thislen) { struct curl_slist *head; - size_t thislen = strlen(thisheader); for(head = (conn->bits.proxy && data->set.sep_headers) ? data->set.proxyheaders : data->set.headers; @@ -233,7 +232,7 @@ char *Curl_checkProxyheaders(struct Curl_easy *data, } #else /* disabled */ -#define Curl_checkProxyheaders(x,y,z) NULL +#define Curl_checkProxyheaders(x,y,z,a) NULL #endif /* @@ -327,7 +326,7 @@ static CURLcode http_output_basic(struct Curl_easy *data, bool proxy) if(!out) return CURLE_OUT_OF_MEMORY; - result = Curl_base64_encode(data, out, strlen(out), &authorization, &size); + result = Curl_base64_encode(out, strlen(out), &authorization, &size); if(result) goto fail; @@ -588,7 +587,7 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data) if(data->state.authproblem) return data->set.http_fail_on_error?CURLE_HTTP_RETURNED_ERROR:CURLE_OK; - if((conn->bits.user_passwd || data->set.str[STRING_BEARER]) && + if((data->state.aptr.user || data->set.str[STRING_BEARER]) && ((data->req.httpcode == 401) || (conn->bits.authneg && data->req.httpcode < 300))) { pickhost = pickoneauth(&data->state.authhost, authmask); @@ -667,6 +666,7 @@ output_auth_headers(struct Curl_easy *data, { const char *auth = NULL; CURLcode result = CURLE_OK; + (void)conn; #ifdef CURL_DISABLE_CRYPTO_AUTH (void)request; @@ -725,10 +725,10 @@ output_auth_headers(struct Curl_easy *data, if( #ifndef CURL_DISABLE_PROXY (proxy && conn->bits.proxy_user_passwd && - !Curl_checkProxyheaders(data, conn, "Proxy-authorization")) || + !Curl_checkProxyheaders(data, conn, STRCONST("Proxy-authorization"))) || #endif - (!proxy && conn->bits.user_passwd && - !Curl_checkheaders(data, "Authorization"))) { + (!proxy && data->state.aptr.user && + !Curl_checkheaders(data, STRCONST("Authorization")))) { auth = "Basic"; result = http_output_basic(data, proxy); if(result) @@ -742,7 +742,7 @@ output_auth_headers(struct Curl_easy *data, if(authstatus->picked == CURLAUTH_BEARER) { /* Bearer */ if((!proxy && data->set.str[STRING_BEARER] && - !Curl_checkheaders(data, "Authorization"))) { + !Curl_checkheaders(data, STRCONST("Authorization")))) { auth = "Bearer"; result = http_output_bearer(data); if(result) @@ -811,7 +811,7 @@ Curl_http_output_auth(struct Curl_easy *data, #ifndef CURL_DISABLE_PROXY (conn->bits.httpproxy && conn->bits.proxy_user_passwd) || #endif - conn->bits.user_passwd || data->set.str[STRING_BEARER]) + data->state.aptr.user || data->set.str[STRING_BEARER]) /* continue please */; else { authhost->done = TRUE; @@ -1143,7 +1143,7 @@ static bool http_should_fail(struct Curl_easy *data) ** Either we're not authenticating, or we're supposed to ** be authenticating something else. This is an error. */ - if((httpcode == 401) && !data->conn->bits.user_passwd) + if((httpcode == 401) && !data->state.aptr.user) return TRUE; #ifndef CURL_DISABLE_PROXY if((httpcode == 407) && !data->conn->bits.proxy_user_passwd) @@ -1251,14 +1251,6 @@ CURLcode Curl_buffer_send(struct dynbuf *in, DEBUGASSERT(size > (size_t)included_body_bytes); - result = Curl_convert_to_network(data, ptr, headersize); - /* Curl_convert_to_network calls failf if unsuccessful */ - if(result) { - /* conversion failed, free memory and return to the caller */ - Curl_dyn_free(in); - return result; - } - if((conn->handler->flags & PROTOPT_SSL #ifndef CURL_DISABLE_PROXY || conn->http_proxy.proxytype == CURLPROXY_HTTPS @@ -1425,18 +1417,22 @@ CURLcode Curl_buffer_send(struct dynbuf *in, bool Curl_compareheader(const char *headerline, /* line to check */ const char *header, /* header keyword _with_ colon */ - const char *content) /* content string to find */ + const size_t hlen, /* len of the keyword in bytes */ + const char *content, /* content string to find */ + const size_t clen) /* len of the content in bytes */ { /* RFC2616, section 4.2 says: "Each header field consists of a name followed * by a colon (":") and the field value. Field names are case-insensitive. * The field value MAY be preceded by any amount of LWS, though a single SP * is preferred." */ - size_t hlen = strlen(header); - size_t clen; size_t len; const char *start; const char *end; + DEBUGASSERT(hlen); + DEBUGASSERT(clen); + DEBUGASSERT(header); + DEBUGASSERT(content); if(!strncasecompare(headerline, header, hlen)) return FALSE; /* doesn't start with header */ @@ -1460,7 +1456,6 @@ Curl_compareheader(const char *headerline, /* line to check */ } len = end-start; /* length of the content part of the input line */ - clen = strlen(content); /* length of the word to find */ /* find the content string in the rest of the line */ for(; len >= clen; len--, start++) { @@ -1546,7 +1541,7 @@ static CURLcode add_haproxy_protocol_header(struct Curl_easy *data) #ifdef USE_UNIX_SOCKETS if(data->conn->unix_domain_socket) /* the buffer is large enough to hold this! */ - result = Curl_dyn_add(&req, "PROXY UNKNOWN\r\n"); + result = Curl_dyn_addn(&req, STRCONST("PROXY UNKNOWN\r\n")); else { #endif /* Emit the correct prefix for IPv6 */ @@ -1713,13 +1708,13 @@ static CURLcode expect100(struct Curl_easy *data, /* if not doing HTTP 1.0 or version 2, or disabled explicitly, we add an Expect: 100-continue to the headers which actually speeds up post operations (as there is one packet coming back from the web server) */ - const char *ptr = Curl_checkheaders(data, "Expect"); + const char *ptr = Curl_checkheaders(data, STRCONST("Expect")); if(ptr) { data->state.expect100header = - Curl_compareheader(ptr, "Expect:", "100-continue"); + Curl_compareheader(ptr, STRCONST("Expect:"), STRCONST("100-continue")); } else { - result = Curl_dyn_add(req, "Expect: 100-continue\r\n"); + result = Curl_dyn_addn(req, STRCONST("Expect: 100-continue\r\n")); if(!result) data->state.expect100header = TRUE; } @@ -1867,7 +1862,7 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data, ptr = optr; } } - if(ptr) { + if(ptr && (ptr != headers->data)) { /* we require a colon for this to be a true header */ ptr++; /* pass the colon */ @@ -1949,6 +1944,7 @@ CURLcode Curl_add_timecondition(struct Curl_easy *data, CURLcode result; char datestr[80]; const char *condp; + size_t len; if(data->set.timecondition == CURL_TIMECOND_NONE) /* no condition was asked for */ @@ -1967,16 +1963,19 @@ CURLcode Curl_add_timecondition(struct Curl_easy *data, case CURL_TIMECOND_IFMODSINCE: condp = "If-Modified-Since"; + len = 17; break; case CURL_TIMECOND_IFUNMODSINCE: condp = "If-Unmodified-Since"; + len = 19; break; case CURL_TIMECOND_LASTMOD: condp = "Last-Modified"; + len = 13; break; } - if(Curl_checkheaders(data, condp)) { + if(Curl_checkheaders(data, condp, len)) { /* A custom header was specified; it will be sent instead. */ return CURLE_OK; } @@ -2065,7 +2064,7 @@ CURLcode Curl_http_useragent(struct Curl_easy *data) it might have been used in the proxy connect, but if we have got a header with the user-agent string specified, we erase the previously made string here. */ - if(Curl_checkheaders(data, "User-Agent")) { + if(Curl_checkheaders(data, STRCONST("User-Agent"))) { free(data->state.aptr.uagent); data->state.aptr.uagent = NULL; } @@ -2088,7 +2087,7 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn) } Curl_safefree(data->state.aptr.host); - ptr = Curl_checkheaders(data, "Host"); + ptr = Curl_checkheaders(data, STRCONST("Host")); if(ptr && (!data->state.this_is_a_follow || strcasecompare(data->state.first_host, conn->host.name))) { #if !defined(CURL_DISABLE_COOKIES) @@ -2305,7 +2304,7 @@ CURLcode Curl_http_body(struct Curl_easy *data, struct connectdata *conn, #ifndef CURL_DISABLE_MIME if(http->sendit) { - const char *cthdr = Curl_checkheaders(data, "Content-Type"); + const char *cthdr = Curl_checkheaders(data, STRCONST("Content-Type")); /* Read and seek body only. */ http->sendit->flags |= MIME_BODY_ONLY; @@ -2330,11 +2329,12 @@ CURLcode Curl_http_body(struct Curl_easy *data, struct connectdata *conn, } #endif - ptr = Curl_checkheaders(data, "Transfer-Encoding"); + ptr = Curl_checkheaders(data, STRCONST("Transfer-Encoding")); if(ptr) { /* Some kind of TE is requested, check if 'chunked' is chosen */ data->req.upload_chunky = - Curl_compareheader(ptr, "Transfer-Encoding:", "chunked"); + Curl_compareheader(ptr, + STRCONST("Transfer-Encoding:"), STRCONST("chunked")); } else { if((conn->handler->protocol & PROTO_FAMILY_HTTP) && @@ -2394,7 +2394,8 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, http->postsize = data->state.infilesize; if((http->postsize != -1) && !data->req.upload_chunky && - (conn->bits.authneg || !Curl_checkheaders(data, "Content-Length"))) { + (conn->bits.authneg || + !Curl_checkheaders(data, STRCONST("Content-Length")))) { /* only add Content-Length if not uploading chunked */ result = Curl_dyn_addf(r, "Content-Length: %" CURL_FORMAT_CURL_OFF_T "\r\n", http->postsize); @@ -2409,7 +2410,7 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, } /* end of headers */ - result = Curl_dyn_add(r, "\r\n"); + result = Curl_dyn_addn(r, STRCONST("\r\n")); if(result) return result; @@ -2434,7 +2435,7 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, /* This is form posting using mime data. */ if(conn->bits.authneg) { /* nothing to post! */ - result = Curl_dyn_add(r, "Content-Length: 0\r\n\r\n"); + result = Curl_dyn_addn(r, STRCONST("Content-Length: 0\r\n\r\n")); if(result) return result; @@ -2454,7 +2455,8 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, we don't upload data chunked, as RFC2616 forbids us to set both kinds of headers (Transfer-Encoding: chunked and Content-Length) */ if(http->postsize != -1 && !data->req.upload_chunky && - (conn->bits.authneg || !Curl_checkheaders(data, "Content-Length"))) { + (conn->bits.authneg || + !Curl_checkheaders(data, STRCONST("Content-Length")))) { /* we allow replacing this header if not during auth negotiation, although it isn't very wise to actually set your own */ result = Curl_dyn_addf(r, @@ -2481,10 +2483,10 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, the somewhat bigger ones we allow the app to disable it. Just make sure that the expect100header is always set to the preferred value here. */ - ptr = Curl_checkheaders(data, "Expect"); + ptr = Curl_checkheaders(data, STRCONST("Expect")); if(ptr) { data->state.expect100header = - Curl_compareheader(ptr, "Expect:", "100-continue"); + Curl_compareheader(ptr, STRCONST("Expect:"), STRCONST("100-continue")); } else if(http->postsize > EXPECT_100_THRESHOLD || http->postsize < 0) { result = expect100(data, conn, r); @@ -2495,7 +2497,7 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, data->state.expect100header = FALSE; /* make the request end in a true CRLF */ - result = Curl_dyn_add(r, "\r\n"); + result = Curl_dyn_addn(r, STRCONST("\r\n")); if(result) return result; @@ -2534,7 +2536,8 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, we don't upload data chunked, as RFC2616 forbids us to set both kinds of headers (Transfer-Encoding: chunked and Content-Length) */ if((http->postsize != -1) && !data->req.upload_chunky && - (conn->bits.authneg || !Curl_checkheaders(data, "Content-Length"))) { + (conn->bits.authneg || + !Curl_checkheaders(data, STRCONST("Content-Length")))) { /* we allow replacing this header if not during auth negotiation, although it isn't very wise to actually set your own */ result = Curl_dyn_addf(r, "Content-Length: %" CURL_FORMAT_CURL_OFF_T @@ -2543,9 +2546,9 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, return result; } - if(!Curl_checkheaders(data, "Content-Type")) { - result = Curl_dyn_add(r, "Content-Type: application/" - "x-www-form-urlencoded\r\n"); + if(!Curl_checkheaders(data, STRCONST("Content-Type"))) { + result = Curl_dyn_addn(r, STRCONST("Content-Type: application/" + "x-www-form-urlencoded\r\n")); if(result) return result; } @@ -2554,10 +2557,10 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, the somewhat bigger ones we allow the app to disable it. Just make sure that the expect100header is always set to the preferred value here. */ - ptr = Curl_checkheaders(data, "Expect"); + ptr = Curl_checkheaders(data, STRCONST("Expect")); if(ptr) { data->state.expect100header = - Curl_compareheader(ptr, "Expect:", "100-continue"); + Curl_compareheader(ptr, STRCONST("Expect:"), STRCONST("100-continue")); } else if(http->postsize > EXPECT_100_THRESHOLD || http->postsize < 0) { result = expect100(data, conn, r); @@ -2584,7 +2587,7 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, get the data duplicated with malloc() and family. */ /* end of headers! */ - result = Curl_dyn_add(r, "\r\n"); + result = Curl_dyn_addn(r, STRCONST("\r\n")); if(result) return result; @@ -2606,12 +2609,12 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, result = Curl_dyn_addn(r, data->set.postfields, (size_t)http->postsize); if(!result) - result = Curl_dyn_add(r, "\r\n"); + result = Curl_dyn_addn(r, STRCONST("\r\n")); included_body += 2; } } if(!result) { - result = Curl_dyn_add(r, "\x30\x0d\x0a\x0d\x0a"); + result = Curl_dyn_addn(r, STRCONST("\x30\x0d\x0a\x0d\x0a")); /* 0 CR LF CR LF */ included_body += 5; } @@ -2634,7 +2637,7 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, Curl_pgrsSetUploadSize(data, http->postsize); /* end of headers! */ - result = Curl_dyn_add(r, "\r\n"); + result = Curl_dyn_addn(r, STRCONST("\r\n")); if(result) return result; } @@ -2643,14 +2646,14 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, #endif { /* end of headers! */ - result = Curl_dyn_add(r, "\r\n"); + result = Curl_dyn_addn(r, STRCONST("\r\n")); if(result) return result; if(data->req.upload_chunky && conn->bits.authneg) { /* Chunky upload is selected and we're negotiating auth still, send end-of-data only */ - result = Curl_dyn_add(r, (char *)"\x30\x0d\x0a\x0d\x0a"); + result = Curl_dyn_addn(r, (char *)STRCONST("\x30\x0d\x0a\x0d\x0a")); /* 0 CR LF CR LF */ if(result) return result; @@ -2678,7 +2681,7 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, break; default: - result = Curl_dyn_add(r, "\r\n"); + result = Curl_dyn_addn(r, STRCONST("\r\n")); if(result) return result; @@ -2702,7 +2705,8 @@ CURLcode Curl_http_cookies(struct Curl_easy *data, { CURLcode result = CURLE_OK; char *addcookies = NULL; - if(data->set.str[STRING_COOKIE] && !Curl_checkheaders(data, "Cookie")) + if(data->set.str[STRING_COOKIE] && + !Curl_checkheaders(data, STRCONST("Cookie"))) addcookies = data->set.str[STRING_COOKIE]; if(data->cookies || addcookies) { @@ -2728,7 +2732,7 @@ CURLcode Curl_http_cookies(struct Curl_easy *data, while(co) { if(co->value) { if(0 == count) { - result = Curl_dyn_add(r, "Cookie: "); + result = Curl_dyn_addn(r, STRCONST("Cookie: ")); if(result) break; } @@ -2744,14 +2748,14 @@ CURLcode Curl_http_cookies(struct Curl_easy *data, } if(addcookies && !result) { if(!count) - result = Curl_dyn_add(r, "Cookie: "); + result = Curl_dyn_addn(r, STRCONST("Cookie: ")); if(!result) { result = Curl_dyn_addf(r, "%s%s", count?"; ":"", addcookies); count++; } } if(count && !result) - result = Curl_dyn_add(r, "\r\n"); + result = Curl_dyn_addn(r, STRCONST("\r\n")); if(result) return result; @@ -2770,14 +2774,14 @@ CURLcode Curl_http_range(struct Curl_easy *data, * ones if any such are specified. */ if(((httpreq == HTTPREQ_GET) || (httpreq == HTTPREQ_HEAD)) && - !Curl_checkheaders(data, "Range")) { + !Curl_checkheaders(data, STRCONST("Range"))) { /* if a line like this was already allocated, free the previous one */ free(data->state.aptr.rangeline); data->state.aptr.rangeline = aprintf("Range: bytes=%s\r\n", data->state.range); } else if((httpreq == HTTPREQ_POST || httpreq == HTTPREQ_PUT) && - !Curl_checkheaders(data, "Content-Range")) { + !Curl_checkheaders(data, STRCONST("Content-Range"))) { /* if a line like this was already allocated, free the previous one */ free(data->state.aptr.rangeline); @@ -2962,14 +2966,14 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data, #ifdef HAVE_LIBZ CURLcode Curl_transferencode(struct Curl_easy *data) { - if(!Curl_checkheaders(data, "TE") && + if(!Curl_checkheaders(data, STRCONST("TE")) && data->set.http_transfer_encoding) { /* When we are to insert a TE: header in the request, we must also insert TE in a Connection: header, so we need to merge the custom provided Connection: header and prevent the original to get sent. Note that if the user has inserted his/her own TE: header we don't do this magic but then assume that the user will handle it all! */ - char *cptr = Curl_checkheaders(data, "Connection"); + char *cptr = Curl_checkheaders(data, STRCONST("Connection")); #define TE_HEADER "TE: gzip\r\n" Curl_safefree(data->state.aptr.te); @@ -3089,13 +3093,13 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) } Curl_safefree(data->state.aptr.ref); - if(data->state.referer && !Curl_checkheaders(data, "Referer")) { + if(data->state.referer && !Curl_checkheaders(data, STRCONST("Referer"))) { data->state.aptr.ref = aprintf("Referer: %s\r\n", data->state.referer); if(!data->state.aptr.ref) return CURLE_OUT_OF_MEMORY; } - if(!Curl_checkheaders(data, "Accept-Encoding") && + if(!Curl_checkheaders(data, STRCONST("Accept-Encoding")) && data->set.str[STRING_ENCODING]) { Curl_safefree(data->state.aptr.accept_encoding); data->state.aptr.accept_encoding = @@ -3117,7 +3121,8 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(result) return result; - p_accept = Curl_checkheaders(data, "Accept")?NULL:"Accept: */*\r\n"; + p_accept = Curl_checkheaders(data, + STRCONST("Accept"))?NULL:"Accept: */*\r\n"; result = Curl_http_resume(data, conn, httpreq); if(result) @@ -3147,7 +3152,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) } #ifndef CURL_DISABLE_ALTSVC - if(conn->bits.altused && !Curl_checkheaders(data, "Alt-Used")) { + if(conn->bits.altused && !Curl_checkheaders(data, STRCONST("Alt-Used"))) { altused = aprintf("Alt-Used: %s:%d\r\n", conn->conn_to_host.name, conn->conn_to_port); if(!altused) { @@ -3194,8 +3199,10 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) #ifndef CURL_DISABLE_PROXY (conn->bits.httpproxy && !conn->bits.tunnel_proxy && - !Curl_checkheaders(data, "Proxy-Connection") && - !Curl_checkProxyheaders(data, conn, "Proxy-Connection"))? + !Curl_checkheaders(data, STRCONST("Proxy-Connection")) && + !Curl_checkProxyheaders(data, + conn, + STRCONST("Proxy-Connection")))? "Proxy-Connection: Keep-Alive\r\n":"", #else "", @@ -3308,20 +3315,6 @@ checkhttpprefix(struct Curl_easy *data, struct curl_slist *head = data->set.http200aliases; statusline rc = STATUS_BAD; statusline onmatch = len >= 5? STATUS_DONE : STATUS_UNKNOWN; -#ifdef CURL_DOES_CONVERSIONS - /* convert from the network encoding using a scratch area */ - char *scratch = strdup(s); - if(!scratch) { - failf(data, "Failed to allocate memory for conversion!"); - return FALSE; /* can't return CURLE_OUT_OF_MEMORY so return FALSE */ - } - if(CURLE_OK != Curl_convert_from_network(data, scratch, strlen(s) + 1)) { - /* Curl_convert_from_network calls failf if unsuccessful */ - free(scratch); - return FALSE; /* can't return CURLE_foobar so return FALSE */ - } - s = scratch; -#endif /* CURL_DOES_CONVERSIONS */ while(head) { if(checkprefixmax(head->data, s, len)) { @@ -3334,9 +3327,6 @@ checkhttpprefix(struct Curl_easy *data, if((rc != STATUS_DONE) && (checkprefixmax("HTTP/", s, len))) rc = onmatch; -#ifdef CURL_DOES_CONVERSIONS - free(scratch); -#endif /* CURL_DOES_CONVERSIONS */ return rc; } @@ -3347,26 +3337,9 @@ checkrtspprefix(struct Curl_easy *data, { statusline result = STATUS_BAD; statusline onmatch = len >= 5? STATUS_DONE : STATUS_UNKNOWN; - -#ifdef CURL_DOES_CONVERSIONS - /* convert from the network encoding using a scratch area */ - char *scratch = strdup(s); - if(!scratch) { - failf(data, "Failed to allocate memory for conversion!"); - return FALSE; /* can't return CURLE_OUT_OF_MEMORY so return FALSE */ - } - if(CURLE_OK != Curl_convert_from_network(data, scratch, strlen(s) + 1)) { - /* Curl_convert_from_network calls failf if unsuccessful */ - result = FALSE; /* can't return CURLE_foobar so return FALSE */ - } - else if(checkprefixmax("RTSP/", scratch, len)) - result = onmatch; - free(scratch); -#else (void)data; /* unused */ if(checkprefixmax("RTSP/", s, len)) result = onmatch; -#endif /* CURL_DOES_CONVERSIONS */ return result; } @@ -3436,7 +3409,9 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, #ifndef CURL_DISABLE_PROXY else if((conn->httpversion == 10) && conn->bits.httpproxy && - Curl_compareheader(headp, "Proxy-Connection:", "keep-alive")) { + Curl_compareheader(headp, + STRCONST("Proxy-Connection:"), + STRCONST("keep-alive"))) { /* * When a HTTP/1.0 reply comes when using a proxy, the * 'Proxy-Connection: keep-alive' line tells us the @@ -3448,7 +3423,9 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, } else if((conn->httpversion == 11) && conn->bits.httpproxy && - Curl_compareheader(headp, "Proxy-Connection:", "close")) { + Curl_compareheader(headp, + STRCONST("Proxy-Connection:"), + STRCONST("close"))) { /* * We get a HTTP/1.1 response from a proxy and it says it'll * close down after this transfer. @@ -3458,7 +3435,9 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, } #endif else if((conn->httpversion == 10) && - Curl_compareheader(headp, "Connection:", "keep-alive")) { + Curl_compareheader(headp, + STRCONST("Connection:"), + STRCONST("keep-alive"))) { /* * A HTTP/1.0 reply with the 'Connection: keep-alive' line * tells us the connection will be kept alive for our @@ -3468,7 +3447,8 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, connkeep(conn, "Connection keep-alive"); infof(data, "HTTP/1.0 connection set to keep alive!"); } - else if(Curl_compareheader(headp, "Connection:", "close")) { + else if(Curl_compareheader(headp, + STRCONST("Connection:"), STRCONST("close"))) { /* * [RFC 2616, section 8.1.2.1] * "Connection: close" is HTTP/1.1 language and means that @@ -3903,21 +3883,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, size_t headerlen; /* Zero-length header line means end of headers! */ -#ifdef CURL_DOES_CONVERSIONS - if(0x0d == *headp) { - *headp = '\r'; /* replace with CR in host encoding */ - headp++; /* pass the CR byte */ - } - if(0x0a == *headp) { - *headp = '\n'; /* replace with LF in host encoding */ - headp++; /* pass the LF byte */ - } -#else if('\r' == *headp) headp++; /* pass the \r byte */ if('\n' == *headp) headp++; /* pass the \n byte */ -#endif /* CURL_DOES_CONVERSIONS */ if(100 <= k->httpcode && 199 >= k->httpcode) { /* "A user agent MAY ignore unexpected 1xx status responses." */ @@ -4189,30 +4158,11 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, int httpversion_major; int rtspversion_major; int nc = 0; -#ifdef CURL_DOES_CONVERSIONS -#define HEADER1 scratch -#define SCRATCHSIZE 21 - CURLcode res; - char scratch[SCRATCHSIZE + 1]; /* "HTTP/major.minor 123" */ - /* We can't really convert this yet because we don't know if it's the - 1st header line or the body. So we do a partial conversion into a - scratch area, leaving the data at 'headp' as-is. - */ - strncpy(&scratch[0], headp, SCRATCHSIZE); - scratch[SCRATCHSIZE] = 0; /* null terminate */ - res = Curl_convert_from_network(data, - &scratch[0], - SCRATCHSIZE); - if(res) - /* Curl_convert_from_network calls failf if unsuccessful */ - return res; -#else #define HEADER1 headp /* no conversion needed, just use headp */ -#endif /* CURL_DOES_CONVERSIONS */ if(conn->handler->protocol & PROTO_FAMILY_HTTP) { /* - * https://tools.ietf.org/html/rfc7230#section-3.1.2 + * https://datatracker.ietf.org/doc/html/rfc7230#section-3.1.2 * * The response code is always a three-digit number in HTTP as the spec * says. We allow any three-digit number here, but we cannot make @@ -4333,11 +4283,6 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, } } - result = Curl_convert_from_network(data, headp, strlen(headp)); - /* Curl_convert_from_network calls failf if unsuccessful */ - if(result) - return result; - result = Curl_http_header(data, conn, headp); if(result) return result; diff --git a/contrib/libs/curl/lib/http.h b/contrib/libs/curl/lib/http.h index b4aaba2a26..07e963dc48 100644 --- a/contrib/libs/curl/lib/http.h +++ b/contrib/libs/curl/lib/http.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -47,13 +47,16 @@ extern const struct Curl_handler Curl_handler_https; /* Header specific functions */ bool Curl_compareheader(const char *headerline, /* line to check */ const char *header, /* header keyword _with_ colon */ - const char *content); /* content string to find */ + const size_t hlen, /* len of the keyword in bytes */ + const char *content, /* content string to find */ + const size_t clen); /* len of the content in bytes */ char *Curl_copy_header_value(const char *header); char *Curl_checkProxyheaders(struct Curl_easy *data, const struct connectdata *conn, - const char *thisheader); + const char *thisheader, + const size_t thislen); CURLcode Curl_buffer_send(struct dynbuf *in, struct Curl_easy *data, curl_off_t *bytes_written, diff --git a/contrib/libs/curl/lib/http2.c b/contrib/libs/curl/lib/http2.c index e74400a4ca..1254365847 100644 --- a/contrib/libs/curl/lib/http2.c +++ b/contrib/libs/curl/lib/http2.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -36,7 +36,9 @@ #include "connect.h" #include "strtoofft.h" #include "strdup.h" +#include "transfer.h" #include "dynbuf.h" +#include "h2h3.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" @@ -64,7 +66,6 @@ #define H2BUGF(x) do { } while(0) #endif - static ssize_t http2_recv(struct Curl_easy *data, int sockindex, char *mem, size_t len, CURLcode *err); static bool http2_connisdead(struct Curl_easy *data, @@ -200,9 +201,9 @@ static bool http2_connisdead(struct Curl_easy *data, struct connectdata *conn) nread = ((Curl_recv *)httpc->recv_underlying)( data, FIRSTSOCKET, httpc->inbuf, H2_BUFSIZE, &result); if(nread != -1) { - infof(data, - "%d bytes stray data read before trying h2 connection", - (int)nread); + H2BUGF(infof(data, + "%d bytes stray data read before trying h2 connection", + (int)nread)); httpc->nread_inbuf = 0; httpc->inbuflen = nread; if(h2_process_pending_input(data, httpc, &result) < 0) @@ -513,7 +514,7 @@ static int set_transfer_url(struct Curl_easy *data, if(!u) return 5; - v = curl_pushheader_byname(hp, ":scheme"); + v = curl_pushheader_byname(hp, H2H3_PSEUDO_SCHEME); if(v) { uc = curl_url_set(u, CURLUPART_SCHEME, v, 0); if(uc) { @@ -522,7 +523,7 @@ static int set_transfer_url(struct Curl_easy *data, } } - v = curl_pushheader_byname(hp, ":authority"); + v = curl_pushheader_byname(hp, H2H3_PSEUDO_AUTHORITY); if(v) { uc = curl_url_set(u, CURLUPART_HOST, v, 0); if(uc) { @@ -531,7 +532,7 @@ static int set_transfer_url(struct Curl_easy *data, } } - v = curl_pushheader_byname(hp, ":path"); + v = curl_pushheader_byname(hp, H2H3_PSEUDO_PATH); if(v) { uc = curl_url_set(u, CURLUPART_PATH, v, 0); if(uc) { @@ -757,7 +758,7 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame, stream->status_code = -1; } - result = Curl_dyn_add(&stream->header_recvbuf, "\r\n"); + result = Curl_dyn_addn(&stream->header_recvbuf, STRCONST("\r\n")); if(result) return NGHTTP2_ERR_CALLBACK_FAILURE; @@ -1009,7 +1010,7 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, if(frame->hd.type == NGHTTP2_PUSH_PROMISE) { char *h; - if(!strcmp(":authority", (const char *)name)) { + if(!strcmp(H2H3_PSEUDO_AUTHORITY, (const char *)name)) { /* pseudo headers are lower case */ int rc = 0; char *check = aprintf("%s:%d", conn->host.name, conn->remote_port); @@ -1072,22 +1073,22 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, return 0; } - if(namelen == sizeof(":status") - 1 && - memcmp(":status", name, namelen) == 0) { + if(namelen == sizeof(H2H3_PSEUDO_STATUS) - 1 && + memcmp(H2H3_PSEUDO_STATUS, name, namelen) == 0) { /* nghttp2 guarantees :status is received first and only once, and value is 3 digits status code, and decode_status_code always succeeds. */ stream->status_code = decode_status_code(value, valuelen); DEBUGASSERT(stream->status_code != -1); - result = Curl_dyn_add(&stream->header_recvbuf, "HTTP/2 "); + result = Curl_dyn_addn(&stream->header_recvbuf, STRCONST("HTTP/2 ")); if(result) return NGHTTP2_ERR_CALLBACK_FAILURE; result = Curl_dyn_addn(&stream->header_recvbuf, value, valuelen); if(result) return NGHTTP2_ERR_CALLBACK_FAILURE; /* the space character after the status code is mandatory */ - result = Curl_dyn_add(&stream->header_recvbuf, " \r\n"); + result = Curl_dyn_addn(&stream->header_recvbuf, STRCONST(" \r\n")); if(result) return NGHTTP2_ERR_CALLBACK_FAILURE; /* if we receive data for another handle, wake that up */ @@ -1105,13 +1106,13 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, result = Curl_dyn_addn(&stream->header_recvbuf, name, namelen); if(result) return NGHTTP2_ERR_CALLBACK_FAILURE; - result = Curl_dyn_add(&stream->header_recvbuf, ": "); + result = Curl_dyn_addn(&stream->header_recvbuf, STRCONST(": ")); if(result) return NGHTTP2_ERR_CALLBACK_FAILURE; result = Curl_dyn_addn(&stream->header_recvbuf, value, valuelen); if(result) return NGHTTP2_ERR_CALLBACK_FAILURE; - result = Curl_dyn_add(&stream->header_recvbuf, "\r\n"); + result = Curl_dyn_addn(&stream->header_recvbuf, STRCONST("\r\n")); if(result) return NGHTTP2_ERR_CALLBACK_FAILURE; /* if we receive data for another handle, wake that up */ @@ -1235,7 +1236,7 @@ void Curl_http2_done(struct Curl_easy *data, bool premature) (void)nghttp2_session_send(httpc->h2); if(http->stream_id == httpc->pause_stream_id) { - infof(data, "stopped the pause stream!"); + H2BUGF(infof(data, "stopped the pause stream!")); httpc->pause_stream_id = 0; } } @@ -1337,7 +1338,7 @@ CURLcode Curl_http2_request_upgrade(struct dynbuf *req, } conn->proto.httpc.binlen = binlen; - result = Curl_base64url_encode(data, (const char *)binsettings, binlen, + result = Curl_base64url_encode((const char *)binsettings, binlen, &base64, &blen); if(result) { Curl_dyn_free(req); @@ -1816,80 +1817,6 @@ static ssize_t http2_recv(struct Curl_easy *data, int sockindex, return -1; } -/* Index where :authority header field will appear in request header - field list. */ -#define AUTHORITY_DST_IDX 3 - -/* USHRT_MAX is 65535 == 0xffff */ -#define HEADER_OVERFLOW(x) \ - (x.namelen > 0xffff || x.valuelen > 0xffff - x.namelen) - -/* - * Check header memory for the token "trailers". - * Parse the tokens as separated by comma and surrounded by whitespace. - * Returns TRUE if found or FALSE if not. - */ -static bool contains_trailers(const char *p, size_t len) -{ - const char *end = p + len; - for(;;) { - for(; p != end && (*p == ' ' || *p == '\t'); ++p) - ; - if(p == end || (size_t)(end - p) < sizeof("trailers") - 1) - return FALSE; - if(strncasecompare("trailers", p, sizeof("trailers") - 1)) { - p += sizeof("trailers") - 1; - for(; p != end && (*p == ' ' || *p == '\t'); ++p) - ; - if(p == end || *p == ',') - return TRUE; - } - /* skip to next token */ - for(; p != end && *p != ','; ++p) - ; - if(p == end) - return FALSE; - ++p; - } -} - -typedef enum { - /* Send header to server */ - HEADERINST_FORWARD, - /* Don't send header to server */ - HEADERINST_IGNORE, - /* Discard header, and replace it with "te: trailers" */ - HEADERINST_TE_TRAILERS -} header_instruction; - -/* Decides how to treat given header field. */ -static header_instruction inspect_header(const char *name, size_t namelen, - const char *value, size_t valuelen) { - switch(namelen) { - case 2: - if(!strncasecompare("te", name, namelen)) - return HEADERINST_FORWARD; - - return contains_trailers(value, valuelen) ? - HEADERINST_TE_TRAILERS : HEADERINST_IGNORE; - case 7: - return strncasecompare("upgrade", name, namelen) ? - HEADERINST_IGNORE : HEADERINST_FORWARD; - case 10: - return (strncasecompare("connection", name, namelen) || - strncasecompare("keep-alive", name, namelen)) ? - HEADERINST_IGNORE : HEADERINST_FORWARD; - case 16: - return strncasecompare("proxy-connection", name, namelen) ? - HEADERINST_IGNORE : HEADERINST_FORWARD; - case 17: - return strncasecompare("transfer-encoding", name, namelen) ? - HEADERINST_IGNORE : HEADERINST_FORWARD; - default: - return HEADERINST_FORWARD; - } -} - static ssize_t http2_send(struct Curl_easy *data, int sockindex, const void *mem, size_t len, CURLcode *err) { @@ -1904,14 +1831,12 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex, struct HTTP *stream = data->req.p.http; nghttp2_nv *nva = NULL; size_t nheader; - size_t i; - size_t authority_idx; - char *hdbuf = (char *)mem; - char *end, *line_end; nghttp2_data_provider data_prd; int32_t stream_id; nghttp2_session *h2 = httpc->h2; nghttp2_priority_spec pri_spec; + CURLcode result; + struct h2h3req *hreq; (void)sockindex; @@ -1977,174 +1902,29 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex, return len; } - /* Calculate number of headers contained in [mem, mem + len) */ - /* Here, we assume the curl http code generate *correct* HTTP header - field block */ - nheader = 0; - for(i = 1; i < len; ++i) { - if(hdbuf[i] == '\n' && hdbuf[i - 1] == '\r') { - ++nheader; - ++i; - } + result = Curl_pseudo_headers(data, mem, len, &hreq); + if(result) { + *err = result; + return -1; } - if(nheader < 2) - goto fail; + nheader = hreq->entries; - /* We counted additional 2 \r\n in the first and last line. We need 3 - new headers: :method, :path and :scheme. Therefore we need one - more space. */ - nheader += 1; nva = malloc(sizeof(nghttp2_nv) * nheader); if(!nva) { + Curl_pseudo_free(hreq); *err = CURLE_OUT_OF_MEMORY; return -1; } - - /* Extract :method, :path from request line - We do line endings with CRLF so checking for CR is enough */ - line_end = memchr(hdbuf, '\r', len); - if(!line_end) - goto fail; - - /* Method does not contain spaces */ - end = memchr(hdbuf, ' ', line_end - hdbuf); - if(!end || end == hdbuf) - goto fail; - nva[0].name = (unsigned char *)":method"; - nva[0].namelen = strlen((char *)nva[0].name); - nva[0].value = (unsigned char *)hdbuf; - nva[0].valuelen = (size_t)(end - hdbuf); - nva[0].flags = NGHTTP2_NV_FLAG_NONE; - if(HEADER_OVERFLOW(nva[0])) { - failf(data, "Failed sending HTTP request: Header overflow"); - goto fail; - } - - hdbuf = end + 1; - - /* Path may contain spaces so scan backwards */ - end = NULL; - for(i = (size_t)(line_end - hdbuf); i; --i) { - if(hdbuf[i - 1] == ' ') { - end = &hdbuf[i - 1]; - break; - } - } - if(!end || end == hdbuf) - goto fail; - nva[1].name = (unsigned char *)":path"; - nva[1].namelen = strlen((char *)nva[1].name); - nva[1].value = (unsigned char *)hdbuf; - nva[1].valuelen = (size_t)(end - hdbuf); - nva[1].flags = NGHTTP2_NV_FLAG_NONE; - if(HEADER_OVERFLOW(nva[1])) { - failf(data, "Failed sending HTTP request: Header overflow"); - goto fail; - } - - nva[2].name = (unsigned char *)":scheme"; - nva[2].namelen = strlen((char *)nva[2].name); - if(conn->handler->flags & PROTOPT_SSL) - nva[2].value = (unsigned char *)"https"; - else - nva[2].value = (unsigned char *)"http"; - nva[2].valuelen = strlen((char *)nva[2].value); - nva[2].flags = NGHTTP2_NV_FLAG_NONE; - if(HEADER_OVERFLOW(nva[2])) { - failf(data, "Failed sending HTTP request: Header overflow"); - goto fail; - } - - authority_idx = 0; - i = 3; - while(i < nheader) { - size_t hlen; - - hdbuf = line_end + 2; - - /* check for next CR, but only within the piece of data left in the given - buffer */ - line_end = memchr(hdbuf, '\r', len - (hdbuf - (char *)mem)); - if(!line_end || (line_end == hdbuf)) - goto fail; - - /* header continuation lines are not supported */ - if(*hdbuf == ' ' || *hdbuf == '\t') - goto fail; - - for(end = hdbuf; end < line_end && *end != ':'; ++end) - ; - if(end == hdbuf || end == line_end) - goto fail; - hlen = end - hdbuf; - - if(hlen == 4 && strncasecompare("host", hdbuf, 4)) { - authority_idx = i; - nva[i].name = (unsigned char *)":authority"; - nva[i].namelen = strlen((char *)nva[i].name); - } - else { - nva[i].namelen = (size_t)(end - hdbuf); - /* Lower case the header name for HTTP/2 */ - Curl_strntolower((char *)hdbuf, hdbuf, nva[i].namelen); - nva[i].name = (unsigned char *)hdbuf; - } - hdbuf = end + 1; - while(*hdbuf == ' ' || *hdbuf == '\t') - ++hdbuf; - end = line_end; - - switch(inspect_header((const char *)nva[i].name, nva[i].namelen, hdbuf, - end - hdbuf)) { - case HEADERINST_IGNORE: - /* skip header fields prohibited by HTTP/2 specification. */ - --nheader; - continue; - case HEADERINST_TE_TRAILERS: - nva[i].value = (uint8_t*)"trailers"; - nva[i].valuelen = sizeof("trailers") - 1; - break; - default: - nva[i].value = (unsigned char *)hdbuf; - nva[i].valuelen = (size_t)(end - hdbuf); - } - - nva[i].flags = NGHTTP2_NV_FLAG_NONE; - if(HEADER_OVERFLOW(nva[i])) { - failf(data, "Failed sending HTTP request: Header overflow"); - goto fail; - } - ++i; - } - - /* :authority must come before non-pseudo header fields */ - if(authority_idx && authority_idx != AUTHORITY_DST_IDX) { - nghttp2_nv authority = nva[authority_idx]; - for(i = authority_idx; i > AUTHORITY_DST_IDX; --i) { - nva[i] = nva[i - 1]; - } - nva[i] = authority; - } - - /* Warn stream may be rejected if cumulative length of headers is too large. - It appears nghttp2 will not send a header frame larger than 64KB. */ -#define MAX_ACC 60000 /* <64KB to account for some overhead */ - { - size_t acc = 0; - - for(i = 0; i < nheader; ++i) { - acc += nva[i].namelen + nva[i].valuelen; - - H2BUGF(infof(data, "h2 header: %.*s:%.*s", - nva[i].namelen, nva[i].name, - nva[i].valuelen, nva[i].value)); - } - - if(acc > MAX_ACC) { - infof(data, "http2_send: Warning: The cumulative length of all " - "headers exceeds %d bytes and that could cause the " - "stream to be rejected.", MAX_ACC); + else { + unsigned int i; + for(i = 0; i < nheader; i++) { + nva[i].name = (unsigned char *)hreq->header[i].name; + nva[i].namelen = hreq->header[i].namelen; + nva[i].value = (unsigned char *)hreq->header[i].value; + nva[i].valuelen = hreq->header[i].valuelen; + nva[i].flags = NGHTTP2_NV_FLAG_NONE; } + Curl_pseudo_free(hreq); } h2_pri_spec(data, &pri_spec); @@ -2213,11 +1993,6 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex, nghttp2_session_resume_data(h2, stream->stream_id); return len; - -fail: - free(nva); - *err = CURLE_SEND_ERROR; - return -1; } CURLcode Curl_http2_setup(struct Curl_easy *data, @@ -2271,8 +2046,6 @@ CURLcode Curl_http2_setup(struct Curl_easy *data, httpc->pause_stream_id = 0; httpc->drain_total = 0; - infof(data, "Connection state changed (HTTP/2 confirmed)"); - return CURLE_OK; } diff --git a/contrib/libs/curl/lib/http_aws_sigv4.c b/contrib/libs/curl/lib/http_aws_sigv4.c index 751e5af5f9..210c3dbe56 100644 --- a/contrib/libs/curl/lib/http_aws_sigv4.c +++ b/contrib/libs/curl/lib/http_aws_sigv4.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -87,7 +87,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) struct tm tm; char timestamp[17]; char date[9]; - const char *content_type = Curl_checkheaders(data, "Content-Type"); + const char *content_type = Curl_checkheaders(data, STRCONST("Content-Type")); char *canonical_headers = NULL; char *signed_headers = NULL; Curl_HttpReq httpreq; @@ -110,7 +110,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) DEBUGASSERT(!proxy); (void)proxy; - if(Curl_checkheaders(data, "Authorization")) { + if(Curl_checkheaders(data, STRCONST("Authorization"))) { /* Authorization already present, Bailing out */ return CURLE_OK; } diff --git a/contrib/libs/curl/lib/http_chunks.c b/contrib/libs/curl/lib/http_chunks.c index beb9695884..7edfd64724 100644 --- a/contrib/libs/curl/lib/http_chunks.c +++ b/contrib/libs/curl/lib/http_chunks.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -29,7 +29,6 @@ #include "dynbuf.h" #include "content_encoding.h" #include "http.h" -#include "non-ascii.h" /* for Curl_convert_to_network prototype */ #include "strtoofft.h" #include "warnless.h" @@ -74,18 +73,7 @@ */ -#ifdef CURL_DOES_CONVERSIONS -/* Check for an ASCII hex digit. - We avoid the use of ISXDIGIT to accommodate non-ASCII hosts. */ -static bool isxdigit_ascii(char digit) -{ - return (digit >= 0x30 && digit <= 0x39) /* 0-9 */ - || (digit >= 0x41 && digit <= 0x46) /* A-F */ - || (digit >= 0x61 && digit <= 0x66); /* a-f */ -} -#else #define isxdigit_ascii(x) Curl_isxdigit(x) -#endif void Curl_httpchunk_init(struct Curl_easy *data) { @@ -157,14 +145,6 @@ CHUNKcode Curl_httpchunk_read(struct Curl_easy *data, /* length and datap are unmodified */ ch->hexbuffer[ch->hexindex] = 0; - /* convert to host encoding before calling strtoul */ - result = Curl_convert_from_network(data, ch->hexbuffer, ch->hexindex); - if(result) { - /* Curl_convert_from_network calls failf if unsuccessful */ - /* Treat it as a bad hex character */ - return CHUNKE_ILLEGAL_HEX; - } - if(curlx_strtoofft(ch->hexbuffer, &endptr, 16, &ch->datasize)) return CHUNKE_ILLEGAL_HEX; ch->state = CHUNK_LF; /* now wait for the CRLF */ @@ -234,19 +214,12 @@ CHUNKcode Curl_httpchunk_read(struct Curl_easy *data, if(tr) { size_t trlen; - result = Curl_dyn_add(&conn->trailer, (char *)"\x0d\x0a"); + result = Curl_dyn_addn(&conn->trailer, (char *)STRCONST("\x0d\x0a")); if(result) return CHUNKE_OUT_OF_MEMORY; tr = Curl_dyn_ptr(&conn->trailer); trlen = Curl_dyn_len(&conn->trailer); - /* Convert to host encoding before calling Curl_client_write */ - result = Curl_convert_from_network(data, tr, trlen); - if(result) - /* Curl_convert_from_network calls failf if unsuccessful */ - /* Treat it as a bad chunk */ - return CHUNKE_BAD_CHUNK; - if(!data->set.http_te_skip) { result = Curl_client_write(data, CLIENTWRITE_HEADER, tr, trlen); if(result) { diff --git a/contrib/libs/curl/lib/http_negotiate.c b/contrib/libs/curl/lib/http_negotiate.c index 5f764dc136..888d3b24a2 100644 --- a/contrib/libs/curl/lib/http_negotiate.c +++ b/contrib/libs/curl/lib/http_negotiate.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -161,7 +161,7 @@ CURLcode Curl_output_negotiate(struct Curl_easy *data, return result; } - result = Curl_auth_create_spnego_message(data, neg_ctx, &base64, &len); + result = Curl_auth_create_spnego_message(neg_ctx, &base64, &len); if(result) return result; diff --git a/contrib/libs/curl/lib/http_ntlm.c b/contrib/libs/curl/lib/http_ntlm.c index a6526db9f7..bb7e5360f9 100644 --- a/contrib/libs/curl/lib/http_ntlm.c +++ b/contrib/libs/curl/lib/http_ntlm.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -213,8 +213,7 @@ CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy) ntlm, &ntlmmsg); if(!result) { DEBUGASSERT(Curl_bufref_len(&ntlmmsg) != 0); - result = Curl_base64_encode(data, - (const char *) Curl_bufref_ptr(&ntlmmsg), + result = Curl_base64_encode((const char *) Curl_bufref_ptr(&ntlmmsg), Curl_bufref_len(&ntlmmsg), &base64, &len); if(!result) { free(*allocuserpwd); @@ -233,8 +232,7 @@ CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy) result = Curl_auth_create_ntlm_type3_message(data, userp, passwdp, ntlm, &ntlmmsg); if(!result && Curl_bufref_len(&ntlmmsg)) { - result = Curl_base64_encode(data, - (const char *) Curl_bufref_ptr(&ntlmmsg), + result = Curl_base64_encode((const char *) Curl_bufref_ptr(&ntlmmsg), Curl_bufref_len(&ntlmmsg), &base64, &len); if(!result) { free(*allocuserpwd); diff --git a/contrib/libs/curl/lib/http_proxy.c b/contrib/libs/curl/lib/http_proxy.c index 2324b6effd..e02211ca21 100644 --- a/contrib/libs/curl/lib/http_proxy.c +++ b/contrib/libs/curl/lib/http_proxy.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -35,7 +35,6 @@ #include "url.h" #include "select.h" #include "progress.h" -#include "non-ascii.h" #include "connect.h" #include "curlx.h" #include "vtls/vtls.h" @@ -245,7 +244,7 @@ static CURLcode CONNECT_host(struct Curl_easy *data, if(!hostheader) return CURLE_OUT_OF_MEMORY; - if(!Curl_checkProxyheaders(data, conn, "Host")) { + if(!Curl_checkProxyheaders(data, conn, STRCONST("Host"))) { host = aprintf("Host: %s\r\n", hostheader); if(!host) { free(hostheader); @@ -324,20 +323,23 @@ static CURLcode CONNECT(struct Curl_easy *data, data->state.aptr.proxyuserpwd? data->state.aptr.proxyuserpwd:""); - if(!result && !Curl_checkProxyheaders(data, conn, "User-Agent") && + if(!result && !Curl_checkProxyheaders(data, + conn, STRCONST("User-Agent")) && data->set.str[STRING_USERAGENT]) result = Curl_dyn_addf(req, "User-Agent: %s\r\n", data->set.str[STRING_USERAGENT]); - if(!result && !Curl_checkProxyheaders(data, conn, "Proxy-Connection")) - result = Curl_dyn_add(req, "Proxy-Connection: Keep-Alive\r\n"); + if(!result && !Curl_checkProxyheaders(data, conn, + STRCONST("Proxy-Connection"))) + result = Curl_dyn_addn(req, + STRCONST("Proxy-Connection: Keep-Alive\r\n")); if(!result) result = Curl_add_custom_headers(data, TRUE, req); if(!result) /* CRLF terminate the request */ - result = Curl_dyn_add(req, "\r\n"); + result = Curl_dyn_addn(req, STRCONST("\r\n")); if(!result) { /* Send the connect request to the proxy */ @@ -481,12 +483,6 @@ static CURLcode CONNECT(struct Curl_easy *data, linep = Curl_dyn_ptr(&s->rcvbuf); perline = Curl_dyn_len(&s->rcvbuf); /* amount of bytes in this line */ - /* convert from the network encoding */ - result = Curl_convert_from_network(data, linep, perline); - /* Curl_convert_from_network calls failf if unsuccessful */ - if(result) - return result; - /* output debug if that is requested */ Curl_debug(data, CURLINFO_HEADER_IN, linep, perline); @@ -596,7 +592,8 @@ static CURLcode CONNECT(struct Curl_easy *data, strlen("Content-Length:"), NULL, 10, &s->cl); } } - else if(Curl_compareheader(linep, "Connection:", "close")) + else if(Curl_compareheader(linep, + STRCONST("Connection:"), STRCONST("close"))) s->close_connection = TRUE; else if(checkprefix("Transfer-Encoding:", linep)) { if(k->httpcode/100 == 2) { @@ -607,14 +604,17 @@ static CURLcode CONNECT(struct Curl_easy *data, "CONNECT %03d response", k->httpcode); } else if(Curl_compareheader(linep, - "Transfer-Encoding:", "chunked")) { + STRCONST("Transfer-Encoding:"), + STRCONST("chunked"))) { infof(data, "CONNECT responded chunked"); s->chunked_encoding = TRUE; /* init our chunky engine */ Curl_httpchunk_init(data); } } - else if(Curl_compareheader(linep, "Proxy-Connection:", "close")) + else if(Curl_compareheader(linep, + STRCONST("Proxy-Connection:"), + STRCONST("close"))) s->close_connection = TRUE; else if(2 == sscanf(linep, "HTTP/1.%d %d", &subversion, @@ -877,7 +877,7 @@ static CURLcode CONNECT(struct Curl_easy *data, goto error; } - if(!Curl_checkProxyheaders(data, conn, "User-Agent") && + if(!Curl_checkProxyheaders(data, conn, STRCONST("User-Agent")) && data->set.str[STRING_USERAGENT]) { struct dynbuf ua; Curl_dyn_init(&ua, DYN_HTTP_REQUEST); @@ -891,7 +891,7 @@ static CURLcode CONNECT(struct Curl_easy *data, Curl_dyn_free(&ua); } - if(!Curl_checkProxyheaders(data, conn, "Proxy-Connection")) { + if(!Curl_checkProxyheaders(data, conn, STRCONST("Proxy-Connection"))) { result = Curl_hyper_header(data, headers, "Proxy-Connection: Keep-Alive"); if(result) diff --git a/contrib/libs/curl/lib/if2ip.c b/contrib/libs/curl/lib/if2ip.c index 132b3eeeea..1d34531932 100644 --- a/contrib/libs/curl/lib/if2ip.c +++ b/contrib/libs/curl/lib/if2ip.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -60,12 +60,10 @@ /* ------------------------------------------------------------------ */ +#ifdef ENABLE_IPV6 /* Return the scope of the given address. */ unsigned int Curl_ipv6_scope(const struct sockaddr *sa) { -#ifndef ENABLE_IPV6 - (void) sa; -#else if(sa->sa_family == AF_INET6) { const struct sockaddr_in6 * sa6 = (const struct sockaddr_in6 *)(void *) sa; const unsigned char *b = sa6->sin6_addr.s6_addr; @@ -88,27 +86,25 @@ unsigned int Curl_ipv6_scope(const struct sockaddr *sa) break; } } -#endif - return IPV6_SCOPE_GLOBAL; } - +#endif #if defined(HAVE_GETIFADDRS) -if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, - unsigned int local_scope_id, const char *interf, +if2ip_result_t Curl_if2ip(int af, +#ifdef ENABLE_IPV6 + unsigned int remote_scope, + unsigned int local_scope_id, +#endif + const char *interf, char *buf, int buf_size) { struct ifaddrs *iface, *head; if2ip_result_t res = IF2IP_NOT_FOUND; -#ifndef ENABLE_IPV6 - (void) remote_scope; -#endif - -#if !defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID) || \ - !defined(ENABLE_IPV6) +#if defined(ENABLE_IPV6) && \ + !defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID) (void) local_scope_id; #endif @@ -181,8 +177,12 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, #elif defined(HAVE_IOCTL_SIOCGIFADDR) -if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, - unsigned int local_scope_id, const char *interf, +if2ip_result_t Curl_if2ip(int af, +#ifdef ENABLE_IPV6 + unsigned int remote_scope, + unsigned int local_scope_id, +#endif + const char *interf, char *buf, int buf_size) { struct ifreq req; @@ -192,8 +192,10 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, size_t len; const char *r; +#ifdef ENABLE_IPV6 (void)remote_scope; (void)local_scope_id; +#endif if(!interf || (af != AF_INET)) return IF2IP_NOT_FOUND; @@ -230,13 +232,19 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, #else -if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, - unsigned int local_scope_id, const char *interf, +if2ip_result_t Curl_if2ip(int af, +#ifdef ENABLE_IPV6 + unsigned int remote_scope, + unsigned int local_scope_id, +#endif + const char *interf, char *buf, int buf_size) { (void) af; +#ifdef ENABLE_IPV6 (void) remote_scope; (void) local_scope_id; +#endif (void) interf; (void) buf; (void) buf_size; diff --git a/contrib/libs/curl/lib/if2ip.h b/contrib/libs/curl/lib/if2ip.h index e074e476dc..a360d4a0e4 100644 --- a/contrib/libs/curl/lib/if2ip.h +++ b/contrib/libs/curl/lib/if2ip.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2020, 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -30,7 +30,11 @@ #define IPV6_SCOPE_UNIQUELOCAL 3 /* Unique local */ #define IPV6_SCOPE_NODELOCAL 4 /* Loopback. */ +#ifdef ENABLE_IPV6 unsigned int Curl_ipv6_scope(const struct sockaddr *sa); +#else +#define Curl_ipv6_scope(x) 0 +#endif typedef enum { IF2IP_NOT_FOUND = 0, /* Interface not found */ @@ -38,8 +42,12 @@ typedef enum { IF2IP_FOUND = 2 /* The address has been stored in "buf" */ } if2ip_result_t; -if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, - unsigned int local_scope_id, const char *interf, +if2ip_result_t Curl_if2ip(int af, +#ifdef ENABLE_IPV6 + unsigned int remote_scope, + unsigned int local_scope_id, +#endif + const char *interf, char *buf, int buf_size); #ifdef __INTERIX diff --git a/contrib/libs/curl/lib/imap.c b/contrib/libs/curl/lib/imap.c index 958ad1456c..fb5a114d1d 100644 --- a/contrib/libs/curl/lib/imap.c +++ b/contrib/libs/curl/lib/imap.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -507,7 +507,7 @@ static CURLcode imap_perform_login(struct Curl_easy *data, /* Check we have a username and password to authenticate with and end the connect phase if we don't */ - if(!conn->bits.user_passwd) { + if(!data->state.aptr.user) { state(data, IMAP_STOP); return result; @@ -608,7 +608,7 @@ static CURLcode imap_perform_authentication(struct Curl_easy *data, /* Check if already authenticated OR if there is enough data to authenticate with and end the connect phase if we don't */ if(imapc->preauth || - !Curl_sasl_can_authenticate(&imapc->sasl, conn)) { + !Curl_sasl_can_authenticate(&imapc->sasl, data)) { state(data, IMAP_STOP); return result; } @@ -777,7 +777,7 @@ static CURLcode imap_perform_append(struct Curl_easy *data) NULL, MIMESTRATEGY_MAIL); if(!result) - if(!Curl_checkheaders(data, "Mime-Version")) + if(!Curl_checkheaders(data, STRCONST("Mime-Version"))) result = Curl_mime_add_header(&data->set.mimepost.curlheaders, "Mime-Version: 1.0"); @@ -1986,7 +1986,7 @@ static CURLcode imap_parse_url_path(struct Curl_easy *data) if(end > begin && end[-1] == '/') end--; - result = Curl_urldecode(data, begin, end - begin, &imap->mailbox, NULL, + result = Curl_urldecode(begin, end - begin, &imap->mailbox, NULL, REJECT_CTRL); if(result) return result; @@ -2009,7 +2009,7 @@ static CURLcode imap_parse_url_path(struct Curl_easy *data) return CURLE_URL_MALFORMAT; /* Decode the name parameter */ - result = Curl_urldecode(data, begin, ptr - begin, &name, NULL, + result = Curl_urldecode(begin, ptr - begin, &name, NULL, REJECT_CTRL); if(result) return result; @@ -2020,7 +2020,7 @@ static CURLcode imap_parse_url_path(struct Curl_easy *data) ptr++; /* Decode the value parameter */ - result = Curl_urldecode(data, begin, ptr - begin, &value, &valuelen, + result = Curl_urldecode(begin, ptr - begin, &value, &valuelen, REJECT_CTRL); if(result) { free(name); @@ -2108,7 +2108,7 @@ static CURLcode imap_parse_custom_request(struct Curl_easy *data) if(custom) { /* URL decode the custom request */ - result = Curl_urldecode(data, custom, 0, &imap->custom, NULL, REJECT_CTRL); + result = Curl_urldecode(custom, 0, &imap->custom, NULL, REJECT_CTRL); /* Extract the parameters if specified */ if(!result) { diff --git a/contrib/libs/curl/lib/krb5.c b/contrib/libs/curl/lib/krb5.c index ebccc6790f..8591bf2037 100644 --- a/contrib/libs/curl/lib/krb5.c +++ b/contrib/libs/curl/lib/krb5.c @@ -2,7 +2,7 @@ * * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). - * Copyright (c) 2004 - 2021 Daniel Stenberg + * Copyright (c) 2004 - 2022 Daniel Stenberg * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -47,7 +47,6 @@ #include "sendf.h" #include "curl_krb5.h" #include "warnless.h" -#include "non-ascii.h" #include "strcase.h" #include "strdup.h" @@ -81,11 +80,6 @@ static CURLcode ftpsend(struct Curl_easy *data, struct connectdata *conn, write_len += 2; bytes_written = 0; - result = Curl_convert_to_network(data, s, write_len); - /* Curl_convert_to_network calls failf if unsuccessful */ - if(result) - return result; - for(;;) { #ifdef HAVE_GSSAPI conn->data_prot = PROT_CMD; @@ -298,7 +292,7 @@ krb5_auth(void *app_data, struct Curl_easy *data, struct connectdata *conn) if(output_buffer.length) { char *cmd; - result = Curl_base64_encode(data, (char *)output_buffer.value, + result = Curl_base64_encode((char *)output_buffer.value, output_buffer.length, &p, &base64_sz); if(result) { infof(data, "base64-encoding: %s", curl_easy_strerror(result)); @@ -612,7 +606,7 @@ static void do_sec_send(struct Curl_easy *data, struct connectdata *conn, return; /* error */ if(iscmd) { - error = Curl_base64_encode(data, buffer, curlx_sitouz(bytes), + error = Curl_base64_encode(buffer, curlx_sitouz(bytes), &cmd_buffer, &cmd_size); if(error) { free(buffer); diff --git a/contrib/libs/curl/lib/ldap.c b/contrib/libs/curl/lib/ldap.c index 8170c31677..6e40f41ce5 100644 --- a/contrib/libs/curl/lib/ldap.c +++ b/contrib/libs/curl/lib/ldap.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -306,8 +306,8 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) rc = _ldap_url_parse(data, conn, &ludp); #endif if(rc) { - failf(data, "LDAP local: %s", ldap_err2string(rc)); - result = CURLE_LDAP_INVALID_URL; + failf(data, "Bad LDAP URL: %s", ldap_err2string(rc)); + result = CURLE_URL_MALFORMAT; goto quit; } @@ -328,7 +328,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) host = conn->host.name; #endif - if(conn->bits.user_passwd) { + if(data->state.aptr.user) { user = conn->user; passwd = conn->passwd; } @@ -636,11 +636,8 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) if((attr_len > 7) && (strcmp(";binary", (char *) attr + (attr_len - 7)) == 0)) { /* Binary attribute, encode to base64. */ - result = Curl_base64_encode(data, - vals[i]->bv_val, - vals[i]->bv_len, - &val_b64, - &val_b64_sz); + result = Curl_base64_encode(vals[i]->bv_val, vals[i]->bv_len, + &val_b64, &val_b64_sz); if(result) { ldap_value_free_len(vals); FREE_ON_WINLDAP(attr); @@ -870,7 +867,7 @@ static int _ldap_url_parse2(struct Curl_easy *data, LDAP_TRACE(("DN '%s'\n", dn)); /* Unescape the DN */ - result = Curl_urldecode(data, dn, 0, &unescaped, NULL, REJECT_ZERO); + result = Curl_urldecode(dn, 0, &unescaped, NULL, REJECT_ZERO); if(result) { rc = LDAP_NO_MEMORY; @@ -935,7 +932,7 @@ static int _ldap_url_parse2(struct Curl_easy *data, LDAP_TRACE(("attr[%zu] '%s'\n", i, attributes[i])); /* Unescape the attribute */ - result = Curl_urldecode(data, attributes[i], 0, &unescaped, NULL, + result = Curl_urldecode(attributes[i], 0, &unescaped, NULL, REJECT_ZERO); if(result) { free(attributes); @@ -1005,7 +1002,7 @@ static int _ldap_url_parse2(struct Curl_easy *data, LDAP_TRACE(("filter '%s'\n", filter)); /* Unescape the filter */ - result = Curl_urldecode(data, filter, 0, &unescaped, NULL, REJECT_ZERO); + result = Curl_urldecode(filter, 0, &unescaped, NULL, REJECT_ZERO); if(result) { rc = LDAP_NO_MEMORY; diff --git a/contrib/libs/curl/lib/md5.c b/contrib/libs/curl/lib/md5.c index a1e514d357..9f7843bd6a 100644 --- a/contrib/libs/curl/lib/md5.c +++ b/contrib/libs/curl/lib/md5.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -60,22 +60,22 @@ /* The last #include file should be: */ #include "memdebug.h" -typedef struct md5_ctx MD5_CTX; +typedef struct md5_ctx my_md5_ctx; -static CURLcode MD5_Init(MD5_CTX *ctx) +static CURLcode my_md5_init(my_md5_ctx *ctx) { md5_init(ctx); return CURLE_OK; } -static void MD5_Update(MD5_CTX *ctx, - const unsigned char *input, - unsigned int inputLen) +static void my_md5_update(my_md5_ctx *ctx, + const unsigned char *input, + unsigned int inputLen) { md5_update(ctx, inputLen, input); } -static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) +static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) { md5_digest(ctx, 16, digest); } @@ -83,11 +83,38 @@ static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) #elif defined(USE_OPENSSL_MD5) || defined(USE_WOLFSSL_MD5) /* When OpenSSL or wolfSSL is available, we use their MD5 functions. */ +#if defined(USE_OPENSSL_MD5) #include <openssl/md5.h> +#elif defined(USE_WOLFSSL_MD5) +#error #include <wolfssl/openssl/md5.h> +#endif + #include "curl_memory.h" /* The last #include file should be: */ #include "memdebug.h" +typedef MD5_CTX my_md5_ctx; + +static CURLcode my_md5_init(my_md5_ctx *ctx) +{ + if(!MD5_Init(ctx)) + return CURLE_OUT_OF_MEMORY; + + return CURLE_OK; +} + +static void my_md5_update(my_md5_ctx *ctx, + const unsigned char *input, + unsigned int len) +{ + (void)MD5_Update(ctx, input, len); +} + +static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) +{ + (void)MD5_Final(digest, ctx); +} + #elif defined(USE_MBEDTLS) #error #include <mbedtls/md5.h> @@ -97,21 +124,25 @@ static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) /* The last #include file should be: */ #include "memdebug.h" -typedef mbedtls_md5_context MD5_CTX; +typedef mbedtls_md5_context my_md5_ctx; -static CURLcode MD5_Init(MD5_CTX *ctx) +static CURLcode my_md5_init(my_md5_ctx *ctx) { -#if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) - (void) mbedtls_md5_starts(ctx); +#if (MBEDTLS_VERSION_NUMBER >= 0x03000000) + if(mbedtls_md5_starts(ctx)) + return CURLE_OUT_OF_MEMORY; +#elif defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) + if(mbedtls_md5_starts_ret(ctx)) + return CURLE_OUT_OF_MEMORY; #else - (void) mbedtls_md5_starts_ret(ctx); + (void)mbedtls_md5_starts(ctx); #endif return CURLE_OK; } -static void MD5_Update(MD5_CTX *ctx, - const unsigned char *data, - unsigned int length) +static void my_md5_update(my_md5_ctx *ctx, + const unsigned char *data, + unsigned int length) { #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) (void) mbedtls_md5_update(ctx, data, length); @@ -120,7 +151,7 @@ static void MD5_Update(MD5_CTX *ctx, #endif } -static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) +static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) { #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) (void) mbedtls_md5_finish(ctx, digest); @@ -143,25 +174,27 @@ static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) Declaring the functions as static like this seems to be a bit more reliable than defining COMMON_DIGEST_FOR_OPENSSL on older cats. */ # include <CommonCrypto/CommonDigest.h> -# define MD5_CTX CC_MD5_CTX +# define my_md5_ctx CC_MD5_CTX #include "curl_memory.h" /* The last #include file should be: */ #include "memdebug.h" -static CURLcode MD5_Init(MD5_CTX *ctx) +static CURLcode my_md5_init(my_md5_ctx *ctx) { - CC_MD5_Init(ctx); + if(!CC_MD5_Init(ctx)) + return CURLE_OUT_OF_MEMORY; + return CURLE_OK; } -static void MD5_Update(MD5_CTX *ctx, - const unsigned char *input, - unsigned int inputLen) +static void my_md5_update(my_md5_ctx *ctx, + const unsigned char *input, + unsigned int inputLen) { CC_MD5_Update(ctx, input, inputLen); } -static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) +static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) { CC_MD5_Final(digest, ctx); } @@ -177,25 +210,30 @@ struct md5_ctx { HCRYPTPROV hCryptProv; HCRYPTHASH hHash; }; -typedef struct md5_ctx MD5_CTX; +typedef struct md5_ctx my_md5_ctx; -static CURLcode MD5_Init(MD5_CTX *ctx) +static CURLcode my_md5_init(my_md5_ctx *ctx) { - if(CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { - CryptCreateHash(ctx->hCryptProv, CALG_MD5, 0, 0, &ctx->hHash); + if(!CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) + return CURLE_OUT_OF_MEMORY; + + if(!CryptCreateHash(ctx->hCryptProv, CALG_MD5, 0, 0, &ctx->hHash)) { + CryptReleaseContext(ctx->hCryptProv, 0); + return CURLE_OUT_OF_MEMORY; } + return CURLE_OK; } -static void MD5_Update(MD5_CTX *ctx, - const unsigned char *input, - unsigned int inputLen) +static void my_md5_update(my_md5_ctx *ctx, + const unsigned char *input, + unsigned int inputLen) { CryptHashData(ctx->hHash, (unsigned char *)input, inputLen, 0); } -static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) +static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) { unsigned long length = 0; CryptGetHashParam(ctx->hHash, HP_HASHVAL, NULL, &length, 0); @@ -263,11 +301,12 @@ struct md5_ctx { unsigned char buffer[64]; MD5_u32plus block[16]; }; -typedef struct md5_ctx MD5_CTX; +typedef struct md5_ctx my_md5_ctx; -static CURLcode MD5_Init(MD5_CTX *ctx); -static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size); -static void MD5_Final(unsigned char *result, MD5_CTX *ctx); +static CURLcode my_md5_init(my_md5_ctx *ctx); +static void my_md5_update(my_md5_ctx *ctx, const void *data, + unsigned long size); +static void my_md5_final(unsigned char *result, my_md5_ctx *ctx); /* * The basic MD5 functions. @@ -318,7 +357,7 @@ static void MD5_Final(unsigned char *result, MD5_CTX *ctx); * This processes one or more 64-byte data blocks, but does NOT update * the bit counters. There are no alignment requirements. */ -static const void *body(MD5_CTX *ctx, const void *data, unsigned long size) +static const void *body(my_md5_ctx *ctx, const void *data, unsigned long size) { const unsigned char *ptr; MD5_u32plus a, b, c, d; @@ -426,7 +465,7 @@ static const void *body(MD5_CTX *ctx, const void *data, unsigned long size) return ptr; } -static CURLcode MD5_Init(MD5_CTX *ctx) +static CURLcode my_md5_init(my_md5_ctx *ctx) { ctx->a = 0x67452301; ctx->b = 0xefcdab89; @@ -439,7 +478,8 @@ static CURLcode MD5_Init(MD5_CTX *ctx) return CURLE_OK; } -static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size) +static void my_md5_update(my_md5_ctx *ctx, const void *data, + unsigned long size) { MD5_u32plus saved_lo; unsigned long used; @@ -474,7 +514,7 @@ static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size) memcpy(ctx->buffer, data, size); } -static void MD5_Final(unsigned char *result, MD5_CTX *ctx) +static void my_md5_final(unsigned char *result, my_md5_ctx *ctx) { unsigned long used, available; @@ -530,13 +570,13 @@ static void MD5_Final(unsigned char *result, MD5_CTX *ctx) const struct HMAC_params Curl_HMAC_MD5[] = { { /* Hash initialization function. */ - CURLX_FUNCTION_CAST(HMAC_hinit_func, MD5_Init), + CURLX_FUNCTION_CAST(HMAC_hinit_func, my_md5_init), /* Hash update function. */ - CURLX_FUNCTION_CAST(HMAC_hupdate_func, MD5_Update), + CURLX_FUNCTION_CAST(HMAC_hupdate_func, my_md5_update), /* Hash computation end function. */ - CURLX_FUNCTION_CAST(HMAC_hfinal_func, MD5_Final), + CURLX_FUNCTION_CAST(HMAC_hfinal_func, my_md5_final), /* Size of hash context structure. */ - sizeof(MD5_CTX), + sizeof(my_md5_ctx), /* Maximum key length. */ 64, /* Result size. */ @@ -547,13 +587,13 @@ const struct HMAC_params Curl_HMAC_MD5[] = { const struct MD5_params Curl_DIGEST_MD5[] = { { /* Digest initialization function */ - CURLX_FUNCTION_CAST(Curl_MD5_init_func, MD5_Init), + CURLX_FUNCTION_CAST(Curl_MD5_init_func, my_md5_init), /* Digest update function */ - CURLX_FUNCTION_CAST(Curl_MD5_update_func, MD5_Update), + CURLX_FUNCTION_CAST(Curl_MD5_update_func, my_md5_update), /* Digest computation end function */ - CURLX_FUNCTION_CAST(Curl_MD5_final_func, MD5_Final), + CURLX_FUNCTION_CAST(Curl_MD5_final_func, my_md5_final), /* Size of digest context struct */ - sizeof(MD5_CTX), + sizeof(my_md5_ctx), /* Result size */ 16 } @@ -564,15 +604,17 @@ const struct MD5_params Curl_DIGEST_MD5[] = { * Returns CURLE_OK on success. */ CURLcode Curl_md5it(unsigned char *outbuffer, const unsigned char *input, - const size_t len) + const size_t len) { - MD5_CTX ctx; + CURLcode result; + my_md5_ctx ctx; - MD5_Init(&ctx); - MD5_Update(&ctx, input, curlx_uztoui(len)); - MD5_Final(outbuffer, &ctx); - - return CURLE_OK; + result = my_md5_init(&ctx); + if(!result) { + my_md5_update(&ctx, input, curlx_uztoui(len)); + my_md5_final(outbuffer, &ctx); + } + return result; } struct MD5_context *Curl_MD5_init(const struct MD5_params *md5params) @@ -594,7 +636,11 @@ struct MD5_context *Curl_MD5_init(const struct MD5_params *md5params) ctxt->md5_hash = md5params; - (*md5params->md5_init_func)(ctxt->md5_hashctx); + if((*md5params->md5_init_func)(ctxt->md5_hashctx)) { + free(ctxt->md5_hashctx); + free(ctxt); + return NULL; + } return ctxt; } diff --git a/contrib/libs/curl/lib/mime.c b/contrib/libs/curl/lib/mime.c index 7783b8990a..cab3ef1c37 100644 --- a/contrib/libs/curl/lib/mime.c +++ b/contrib/libs/curl/lib/mime.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -25,7 +25,6 @@ #include <curl/curl.h> #include "mime.h" -#include "non-ascii.h" #include "warnless.h" #include "urldata.h" #include "sendf.h" @@ -315,7 +314,7 @@ static char *escape_string(struct Curl_easy *data, Curl_dyn_init(&db, CURL_MAX_INPUT_LENGTH); - for(result = Curl_dyn_add(&db, ""); !result && *src; src++) { + for(result = Curl_dyn_addn(&db, STRCONST("")); !result && *src; src++) { for(p = table; *p && **p != *src; p++) ; @@ -340,9 +339,9 @@ static char *match_header(struct curl_slist *hdr, const char *lbl, size_t len) } /* Get a header from an slist. */ -static char *search_header(struct curl_slist *hdrlist, const char *hdr) +static char *search_header(struct curl_slist *hdrlist, + const char *hdr, size_t len) { - size_t len = strlen(hdr); char *value = NULL; for(; !value && hdrlist; hdrlist = hdrlist->next) @@ -506,15 +505,6 @@ static size_t encoder_base64_read(char *buffer, size_t size, bool ateof, } } -#ifdef CURL_DOES_CONVERSIONS - /* This is now textual data, Convert character codes. */ - if(part->easy && cursize) { - CURLcode result = Curl_convert_to_network(part->easy, buffer, cursize); - if(result) - return READ_ERROR; - } -#endif - return cursize; } @@ -768,7 +758,7 @@ static void mime_file_free(void *ptr) static size_t readback_bytes(struct mime_state *state, char *buffer, size_t bufsize, const char *bytes, size_t numbytes, - const char *trail) + const char *trail, size_t traillen) { size_t sz; size_t offset = curlx_sotouz(state->offset); @@ -778,13 +768,11 @@ static size_t readback_bytes(struct mime_state *state, bytes += offset; } else { - size_t tsz = strlen(trail); - sz = offset - numbytes; - if(sz >= tsz) + if(sz >= traillen) return 0; bytes = trail + sz; - sz = tsz - sz; + sz = traillen - sz; } if(sz > bufsize) @@ -925,9 +913,6 @@ static size_t readback_part(curl_mimepart *part, char *buffer, size_t bufsize, bool *hasread) { size_t cursize = 0; -#ifdef CURL_DOES_CONVERSIONS - char *convbuf = buffer; -#endif /* Readback from part. */ @@ -956,26 +941,18 @@ static size_t readback_part(curl_mimepart *part, mimesetstate(&part->state, MIMESTATE_USERHEADERS, part->userheaders); else { sz = readback_bytes(&part->state, buffer, bufsize, - hdr->data, strlen(hdr->data), "\r\n"); + hdr->data, strlen(hdr->data), STRCONST("\r\n")); if(!sz) mimesetstate(&part->state, part->state.state, hdr->next); } break; case MIMESTATE_EOH: - sz = readback_bytes(&part->state, buffer, bufsize, "\r\n", 2, ""); + sz = readback_bytes(&part->state, buffer, bufsize, STRCONST("\r\n"), + STRCONST("")); if(!sz) mimesetstate(&part->state, MIMESTATE_BODY, NULL); break; case MIMESTATE_BODY: -#ifdef CURL_DOES_CONVERSIONS - if(part->easy && convbuf < buffer) { - CURLcode result = Curl_convert_to_network(part->easy, convbuf, - buffer - convbuf); - if(result) - return READ_ERROR; - convbuf = buffer; - } -#endif cleanup_encoder_state(&part->encstate); mimesetstate(&part->state, MIMESTATE_CONTENT, NULL); break; @@ -1012,16 +989,6 @@ static size_t readback_part(curl_mimepart *part, bufsize -= sz; } -#ifdef CURL_DOES_CONVERSIONS - if(part->easy && convbuf < buffer && - part->state.state < MIMESTATE_BODY) { - CURLcode result = Curl_convert_to_network(part->easy, convbuf, - buffer - convbuf); - if(result) - return READ_ERROR; - } -#endif - return cursize; } @@ -1031,10 +998,6 @@ static size_t mime_subparts_read(char *buffer, size_t size, size_t nitems, { curl_mime *mime = (curl_mime *) instream; size_t cursize = 0; -#ifdef CURL_DOES_CONVERSIONS - char *convbuf = buffer; -#endif - (void) size; /* Always 1. */ while(nitems) { @@ -1043,9 +1006,6 @@ static size_t mime_subparts_read(char *buffer, size_t size, size_t nitems, switch(mime->state.state) { case MIMESTATE_BEGIN: case MIMESTATE_BODY: -#ifdef CURL_DOES_CONVERSIONS - convbuf = buffer; -#endif mimesetstate(&mime->state, MIMESTATE_BOUNDARY1, mime->firstpart); /* The first boundary always follows the header termination empty line, so is always preceded by a CRLF. We can then spare 2 characters @@ -1053,23 +1013,19 @@ static size_t mime_subparts_read(char *buffer, size_t size, size_t nitems, mime->state.offset += 2; break; case MIMESTATE_BOUNDARY1: - sz = readback_bytes(&mime->state, buffer, nitems, "\r\n--", 4, ""); + sz = readback_bytes(&mime->state, buffer, nitems, STRCONST("\r\n--"), + STRCONST("")); if(!sz) mimesetstate(&mime->state, MIMESTATE_BOUNDARY2, part); break; case MIMESTATE_BOUNDARY2: - sz = readback_bytes(&mime->state, buffer, nitems, mime->boundary, - strlen(mime->boundary), part? "\r\n": "--\r\n"); + if(part) + sz = readback_bytes(&mime->state, buffer, nitems, mime->boundary, + MIME_BOUNDARY_LEN, STRCONST("\r\n")); + else + sz = readback_bytes(&mime->state, buffer, nitems, mime->boundary, + MIME_BOUNDARY_LEN, STRCONST("--\r\n")); if(!sz) { -#ifdef CURL_DOES_CONVERSIONS - if(mime->easy && convbuf < buffer) { - CURLcode result = Curl_convert_to_network(mime->easy, convbuf, - buffer - convbuf); - if(result) - return READ_ERROR; - convbuf = buffer; - } -#endif mimesetstate(&mime->state, MIMESTATE_CONTENT, part); } break; @@ -1086,9 +1042,6 @@ static size_t mime_subparts_read(char *buffer, size_t size, size_t nitems, case STOP_FILLING: return cursize? cursize: sz; case 0: -#ifdef CURL_DOES_CONVERSIONS - convbuf = buffer; -#endif mimesetstate(&mime->state, MIMESTATE_BOUNDARY1, part->nextpart); break; } @@ -1105,16 +1058,6 @@ static size_t mime_subparts_read(char *buffer, size_t size, size_t nitems, nitems -= sz; } -#ifdef CURL_DOES_CONVERSIONS - if(mime->easy && convbuf < buffer && - mime->state.state <= MIMESTATE_CONTENT) { - CURLcode result = Curl_convert_to_network(mime->easy, convbuf, - buffer - convbuf); - if(result) - return READ_ERROR; - } -#endif - return cursize; } @@ -1341,8 +1284,9 @@ curl_mime *curl_mime_init(struct Curl_easy *easy) mime->firstpart = NULL; mime->lastpart = NULL; - memset(mime->boundary, '-', 24); - if(Curl_rand_hex(easy, (unsigned char *) &mime->boundary[24], + memset(mime->boundary, '-', MIME_BOUNDARY_DASHES); + if(Curl_rand_hex(easy, + (unsigned char *) &mime->boundary[MIME_BOUNDARY_DASHES], MIME_RAND_BOUNDARY_CHARS + 1)) { /* failed to get random separator, bail out */ free(mime); @@ -1675,10 +1619,9 @@ CURLcode Curl_mime_rewind(curl_mimepart *part) /* Compute header list size. */ static size_t slist_size(struct curl_slist *s, - size_t overhead, const char *skip) + size_t overhead, const char *skip, size_t skiplen) { size_t size = 0; - size_t skiplen = skip? strlen(skip): 0; for(; s; s = s->next) if(!skip || !match_header(s, skip, skiplen)) @@ -1696,7 +1639,7 @@ static curl_off_t multipart_size(curl_mime *mime) if(!mime) return 0; /* Not present -> empty. */ - boundarysize = 4 + strlen(mime->boundary) + 2; + boundarysize = 4 + MIME_BOUNDARY_LEN + 2; size = boundarysize; /* Final boundary - CRLF after headers. */ for(part = mime->firstpart; part; part = part->nextpart) { @@ -1727,8 +1670,8 @@ curl_off_t Curl_mime_size(curl_mimepart *part) if(size >= 0 && !(part->flags & MIME_BODY_ONLY)) { /* Compute total part size. */ - size += slist_size(part->curlheaders, 2, NULL); - size += slist_size(part->userheaders, 2, "Content-Type"); + size += slist_size(part->curlheaders, 2, NULL, 0); + size += slist_size(part->userheaders, 2, STRCONST("Content-Type")); size += 2; /* CRLF after headers. */ } return size; @@ -1804,10 +1747,9 @@ const char *Curl_mime_contenttype(const char *filename) return NULL; } -static bool content_type_match(const char *contenttype, const char *target) +static bool content_type_match(const char *contenttype, + const char *target, size_t len) { - size_t len = strlen(target); - if(contenttype && strncasecompare(contenttype, target, len)) switch(contenttype[len]) { case '\0': @@ -1843,7 +1785,7 @@ CURLcode Curl_mime_prepare_headers(curl_mimepart *part, /* Check if content type is specified. */ customct = part->mimetype; if(!customct) - customct = search_header(part->userheaders, "Content-Type"); + customct = search_header(part->userheaders, STRCONST("Content-Type")); if(customct) contenttype = customct; @@ -1872,12 +1814,12 @@ CURLcode Curl_mime_prepare_headers(curl_mimepart *part, boundary = mime->boundary; } else if(contenttype && !customct && - content_type_match(contenttype, "text/plain")) + content_type_match(contenttype, STRCONST("text/plain"))) if(strategy == MIMESTRATEGY_MAIL || !part->filename) contenttype = NULL; /* Issue content-disposition header only if not already set by caller. */ - if(!search_header(part->userheaders, "Content-Disposition")) { + if(!search_header(part->userheaders, STRCONST("Content-Disposition"))) { if(!disposition) if(part->filename || part->name || (contenttype && !strncasecompare(contenttype, "multipart/", 10))) @@ -1924,7 +1866,8 @@ CURLcode Curl_mime_prepare_headers(curl_mimepart *part, } /* Content-Transfer-Encoding header. */ - if(!search_header(part->userheaders, "Content-Transfer-Encoding")) { + if(!search_header(part->userheaders, + STRCONST("Content-Transfer-Encoding"))) { if(part->encoder) cte = part->encoder->name; else if(contenttype && strategy == MIMESTRATEGY_MAIL && @@ -1948,7 +1891,7 @@ CURLcode Curl_mime_prepare_headers(curl_mimepart *part, curl_mimepart *subpart; disposition = NULL; - if(content_type_match(contenttype, "multipart/form-data")) + if(content_type_match(contenttype, STRCONST("multipart/form-data"))) disposition = "form-data"; for(subpart = mime->firstpart; subpart; subpart = subpart->nextpart) { ret = Curl_mime_prepare_headers(subpart, NULL, disposition, strategy); diff --git a/contrib/libs/curl/lib/mime.h b/contrib/libs/curl/lib/mime.h index 56642ae661..f2fc434c58 100644 --- a/contrib/libs/curl/lib/mime.h +++ b/contrib/libs/curl/lib/mime.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,6 +24,7 @@ #include "curl_setup.h" +#define MIME_BOUNDARY_DASHES 24 /* leading boundary dashes */ #define MIME_RAND_BOUNDARY_CHARS 16 /* Nb. of random boundary chars. */ #define MAX_ENCODED_LINE_LENGTH 76 /* Maximum encoded line length. */ #define ENCODING_BUFFER_SIZE 256 /* Encoding temp buffers size. */ @@ -91,8 +92,8 @@ struct mime_state { curl_off_t offset; /* State-dependent offset. */ }; -/* minimum buffer size for the boundary string */ -#define MIME_BOUNDARY_LEN (24 + MIME_RAND_BOUNDARY_CHARS + 1) +/* Boundary string length. */ +#define MIME_BOUNDARY_LEN (MIME_BOUNDARY_DASHES + MIME_RAND_BOUNDARY_CHARS) /* A mime multipart. */ struct curl_mime { @@ -100,7 +101,7 @@ struct curl_mime { curl_mimepart *parent; /* Parent part. */ curl_mimepart *firstpart; /* First part. */ curl_mimepart *lastpart; /* Last part. */ - char boundary[MIME_BOUNDARY_LEN]; /* The part boundary. */ + char boundary[MIME_BOUNDARY_LEN + 1]; /* The part boundary. */ struct mime_state state; /* Current readback state. */ }; diff --git a/contrib/libs/curl/lib/mprintf.c b/contrib/libs/curl/lib/mprintf.c index 0fd3afc8ae..13812010b3 100644 --- a/contrib/libs/curl/lib/mprintf.c +++ b/contrib/libs/curl/lib/mprintf.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1999 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1999 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -65,7 +65,6 @@ */ #if (defined(__BORLANDC__) && (__BORLANDC__ >= 0x520)) || \ - (defined(__WATCOMC__) && defined(__386__)) || \ (defined(__POCC__) && defined(_MSC_VER)) || \ (defined(_WIN32_WCE)) || \ (defined(__MINGW32__)) || \ @@ -830,6 +829,8 @@ static int dprintf_formatf( } else if(prec != -1) len = (size_t)prec; + else if(*str == '\0') + len = 0; else len = strlen(str); diff --git a/contrib/libs/curl/lib/mqtt.c b/contrib/libs/curl/lib/mqtt.c index fcd40b41e6..e79bd3b482 100644 --- a/contrib/libs/curl/lib/mqtt.c +++ b/contrib/libs/curl/lib/mqtt.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2020 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2019, Björn Stenberg, <bjorn@haxx.se> * * This software is licensed as described in the file COPYING, which @@ -60,6 +60,8 @@ */ static CURLcode mqtt_do(struct Curl_easy *data, bool *done); +static CURLcode mqtt_done(struct Curl_easy *data, + CURLcode status, bool premature); static CURLcode mqtt_doing(struct Curl_easy *data, bool *done); static int mqtt_getsock(struct Curl_easy *data, struct connectdata *conn, curl_socket_t *sock); @@ -74,7 +76,7 @@ const struct Curl_handler Curl_handler_mqtt = { "MQTT", /* scheme */ mqtt_setup_conn, /* setup_connection */ mqtt_do, /* do_it */ - ZERO_NULL, /* done */ + mqtt_done, /* done */ ZERO_NULL, /* do_more */ ZERO_NULL, /* connect_it */ ZERO_NULL, /* connecting */ @@ -344,7 +346,9 @@ end: static CURLcode mqtt_disconnect(struct Curl_easy *data) { CURLcode result = CURLE_OK; + struct MQTT *mq = data->req.p.mqtt; result = mqtt_send(data, (char *)"\xe0\x00", 2); + Curl_safefree(mq->sendleftovers); return result; } @@ -384,8 +388,7 @@ static CURLcode mqtt_get_topic(struct Curl_easy *data, { char *path = data->state.up.path; if(strlen(path) > 1) - return Curl_urldecode(data, path + 1, 0, topic, topiclen, - REJECT_NADA); + return Curl_urldecode(path + 1, 0, topic, topiclen, REJECT_NADA); failf(data, "No MQTT topic found. Forgot to URL encode it?"); return CURLE_URL_MALFORMAT; } @@ -692,6 +695,16 @@ static CURLcode mqtt_do(struct Curl_easy *data, bool *done) return CURLE_OK; } +static CURLcode mqtt_done(struct Curl_easy *data, + CURLcode status, bool premature) +{ + struct MQTT *mq = data->req.p.mqtt; + (void)status; + (void)premature; + Curl_safefree(mq->sendleftovers); + return CURLE_OK; +} + static CURLcode mqtt_doing(struct Curl_easy *data, bool *done) { CURLcode result = CURLE_OK; diff --git a/contrib/libs/curl/lib/multi.c b/contrib/libs/curl/lib/multi.c index a58b8c543a..429d656bcf 100644 --- a/contrib/libs/curl/lib/multi.c +++ b/contrib/libs/curl/lib/multi.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -689,16 +689,10 @@ static CURLcode multi_done(struct Curl_easy *data, #endif ) || conn->bits.close || (premature && !(conn->handler->flags & PROTOPT_STREAM))) { - CURLcode res2; connclose(conn, "disconnecting"); Curl_conncache_remove_conn(data, conn, FALSE); CONNCACHE_UNLOCK(data); - res2 = Curl_disconnect(data, conn, premature); - - /* If we had an error already, make sure we return that one. But - if we got a new error, return that. */ - if(!result && res2) - result = res2; + Curl_disconnect(data, conn, premature); } else { char buffer[256]; @@ -711,14 +705,15 @@ static CURLcode multi_done(struct Curl_easy *data, conn->bits.conn_to_host ? conn->conn_to_host.dispname : conn->host.dispname; /* create string before returning the connection */ + long connection_id = conn->connection_id; msnprintf(buffer, sizeof(buffer), "Connection #%ld to host %s left intact", - conn->connection_id, host); + connection_id, host); /* the connection is no longer in use by this transfer */ CONNCACHE_UNLOCK(data); if(Curl_conncache_return_conn(data, conn)) { /* remember the most recently used connection */ - data->state.lastconnect_id = conn->connection_id; + data->state.lastconnect_id = connection_id; infof(data, "%s", buffer); } else @@ -1761,6 +1756,10 @@ CURLcode Curl_preconnect(struct Curl_easy *data) return CURLE_OK; } +static void set_in_callback(struct Curl_multi *multi, bool value) +{ + multi->in_callback = value; +} static CURLMcode multi_runsingle(struct Curl_multi *multi, struct curltime *nowp, @@ -2171,8 +2170,8 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, Curl_posttransfer(data); drc = multi_done(data, result, FALSE); - /* When set to retry the connection, we must to go back to - * the CONNECT state */ + /* When set to retry the connection, we must go back to the CONNECT + * state */ if(newurl) { if(!drc || (drc == CURLE_SEND_ERROR)) { follow = FOLLOW_RETRY; @@ -2874,8 +2873,10 @@ static CURLMcode singlesocket(struct Curl_multi *multi, continue; if(multi->socket_cb) { + set_in_callback(multi, TRUE); rc = multi->socket_cb(data, s, comboaction, multi->socket_userp, entry->socketp); + set_in_callback(multi, FALSE); if(rc == -1) { multi->dead = TRUE; return CURLM_ABORTED_BY_CALLBACK; @@ -2916,8 +2917,10 @@ static CURLMcode singlesocket(struct Curl_multi *multi, entry->readers--; if(!entry->users) { if(multi->socket_cb) { + set_in_callback(multi, TRUE); rc = multi->socket_cb(data, s, CURL_POLL_REMOVE, multi->socket_userp, entry->socketp); + set_in_callback(multi, FALSE); if(rc == -1) { multi->dead = TRUE; return CURLM_ABORTED_BY_CALLBACK; @@ -2971,9 +2974,12 @@ void Curl_multi_closed(struct Curl_easy *data, curl_socket_t s) if(entry) { int rc = 0; - if(multi->socket_cb) + if(multi->socket_cb) { + set_in_callback(multi, TRUE); rc = multi->socket_cb(data, s, CURL_POLL_REMOVE, multi->socket_userp, entry->socketp); + set_in_callback(multi, FALSE); + } /* now remove it from the socket hash */ sh_delentry(entry, &multi->sockhash, s); @@ -3345,7 +3351,9 @@ CURLMcode Curl_update_timer(struct Curl_multi *multi) multi->timer_lastcall = none; /* there's no timeout now but there was one previously, tell the app to disable it */ + set_in_callback(multi, TRUE); rc = multi->timer_cb(multi, -1, multi->timer_userp); + set_in_callback(multi, FALSE); if(rc == -1) { multi->dead = TRUE; return CURLM_ABORTED_BY_CALLBACK; @@ -3364,7 +3372,9 @@ CURLMcode Curl_update_timer(struct Curl_multi *multi) multi->timer_lastcall = multi->timetree->key; + set_in_callback(multi, TRUE); rc = multi->timer_cb(multi, timeout_ms, multi->timer_userp); + set_in_callback(multi, FALSE); if(rc == -1) { multi->dead = TRUE; return CURLM_ABORTED_BY_CALLBACK; @@ -3563,9 +3573,6 @@ CURLMcode curl_multi_assign(struct Curl_multi *multi, curl_socket_t s, { struct Curl_sh_entry *there = NULL; - if(multi->in_callback) - return CURLM_RECURSIVE_API_CALL; - there = sh_getentry(&multi->sockhash, s); if(!there) diff --git a/contrib/libs/curl/lib/non-ascii.c b/contrib/libs/curl/lib/non-ascii.c deleted file mode 100644 index 3b77ae98d5..0000000000 --- a/contrib/libs/curl/lib/non-ascii.c +++ /dev/null @@ -1,336 +0,0 @@ -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -#include "curl_setup.h" - -#ifdef CURL_DOES_CONVERSIONS - -#include <curl/curl.h> - -#include "non-ascii.h" -#include "formdata.h" -#include "sendf.h" -#include "urldata.h" -#include "multiif.h" -#include "strerror.h" - -#include "curl_memory.h" -/* The last #include file should be: */ -#include "memdebug.h" - -#ifdef HAVE_ICONV -#include <iconv.h> -/* set default codesets for iconv */ -#ifndef CURL_ICONV_CODESET_OF_NETWORK -#define CURL_ICONV_CODESET_OF_NETWORK "ISO8859-1" -#endif -#ifndef CURL_ICONV_CODESET_FOR_UTF8 -#define CURL_ICONV_CODESET_FOR_UTF8 "UTF-8" -#endif -#define ICONV_ERROR (size_t)-1 -#endif /* HAVE_ICONV */ - -/* - * Curl_convert_clone() returns a malloced copy of the source string (if - * returning CURLE_OK), with the data converted to network format. - */ -CURLcode Curl_convert_clone(struct Curl_easy *data, - const char *indata, - size_t insize, - char **outbuf) -{ - char *convbuf; - CURLcode result; - - convbuf = malloc(insize); - if(!convbuf) - return CURLE_OUT_OF_MEMORY; - - memcpy(convbuf, indata, insize); - result = Curl_convert_to_network(data, convbuf, insize); - if(result) { - free(convbuf); - return result; - } - - *outbuf = convbuf; /* return the converted buffer */ - - return CURLE_OK; -} - -/* - * Curl_convert_to_network() is an internal function for performing ASCII - * conversions on non-ASCII platforms. It converts the buffer _in place_. - */ -CURLcode Curl_convert_to_network(struct Curl_easy *data, - char *buffer, size_t length) -{ - if(data && data->set.convtonetwork) { - /* use translation callback */ - CURLcode result; - Curl_set_in_callback(data, true); - result = data->set.convtonetwork(buffer, length); - Curl_set_in_callback(data, false); - if(result) { - failf(data, - "CURLOPT_CONV_TO_NETWORK_FUNCTION callback returned %d: %s", - (int)result, curl_easy_strerror(result)); - } - - return result; - } - else { -#ifdef HAVE_ICONV - /* do the translation ourselves */ - iconv_t tmpcd = (iconv_t) -1; - iconv_t *cd = &tmpcd; - char *input_ptr, *output_ptr; - size_t in_bytes, out_bytes, rc; - char ebuffer[STRERROR_LEN]; - - /* open an iconv conversion descriptor if necessary */ - if(data) - cd = &data->outbound_cd; - if(*cd == (iconv_t)-1) { - *cd = iconv_open(CURL_ICONV_CODESET_OF_NETWORK, - CURL_ICONV_CODESET_OF_HOST); - if(*cd == (iconv_t)-1) { - failf(data, - "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s", - CURL_ICONV_CODESET_OF_NETWORK, - CURL_ICONV_CODESET_OF_HOST, - errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); - return CURLE_CONV_FAILED; - } - } - /* call iconv */ - input_ptr = output_ptr = buffer; - in_bytes = out_bytes = length; - rc = iconv(*cd, &input_ptr, &in_bytes, - &output_ptr, &out_bytes); - if(!data) - iconv_close(tmpcd); - if((rc == ICONV_ERROR) || (in_bytes)) { - failf(data, - "The Curl_convert_to_network iconv call failed with errno %i: %s", - errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); - return CURLE_CONV_FAILED; - } -#else - failf(data, "CURLOPT_CONV_TO_NETWORK_FUNCTION callback required"); - return CURLE_CONV_REQD; -#endif /* HAVE_ICONV */ - } - - return CURLE_OK; -} - -/* - * Curl_convert_from_network() is an internal function for performing ASCII - * conversions on non-ASCII platforms. It converts the buffer _in place_. - */ -CURLcode Curl_convert_from_network(struct Curl_easy *data, - char *buffer, size_t length) -{ - if(data && data->set.convfromnetwork) { - /* use translation callback */ - CURLcode result; - Curl_set_in_callback(data, true); - result = data->set.convfromnetwork(buffer, length); - Curl_set_in_callback(data, false); - if(result) { - failf(data, - "CURLOPT_CONV_FROM_NETWORK_FUNCTION callback returned %d: %s", - (int)result, curl_easy_strerror(result)); - } - - return result; - } - else { -#ifdef HAVE_ICONV - /* do the translation ourselves */ - iconv_t tmpcd = (iconv_t) -1; - iconv_t *cd = &tmpcd; - char *input_ptr, *output_ptr; - size_t in_bytes, out_bytes, rc; - char ebuffer[STRERROR_LEN]; - - /* open an iconv conversion descriptor if necessary */ - if(data) - cd = &data->inbound_cd; - if(*cd == (iconv_t)-1) { - *cd = iconv_open(CURL_ICONV_CODESET_OF_HOST, - CURL_ICONV_CODESET_OF_NETWORK); - if(*cd == (iconv_t)-1) { - failf(data, - "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s", - CURL_ICONV_CODESET_OF_HOST, - CURL_ICONV_CODESET_OF_NETWORK, - errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); - return CURLE_CONV_FAILED; - } - } - /* call iconv */ - input_ptr = output_ptr = buffer; - in_bytes = out_bytes = length; - rc = iconv(*cd, &input_ptr, &in_bytes, - &output_ptr, &out_bytes); - if(!data) - iconv_close(tmpcd); - if((rc == ICONV_ERROR) || (in_bytes)) { - failf(data, - "Curl_convert_from_network iconv call failed with errno %i: %s", - errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); - return CURLE_CONV_FAILED; - } -#else - failf(data, "CURLOPT_CONV_FROM_NETWORK_FUNCTION callback required"); - return CURLE_CONV_REQD; -#endif /* HAVE_ICONV */ - } - - return CURLE_OK; -} - -/* - * Curl_convert_from_utf8() is an internal function for performing UTF-8 - * conversions on non-ASCII platforms. - */ -CURLcode Curl_convert_from_utf8(struct Curl_easy *data, - char *buffer, size_t length) -{ - if(data && data->set.convfromutf8) { - /* use translation callback */ - CURLcode result; - Curl_set_in_callback(data, true); - result = data->set.convfromutf8(buffer, length); - Curl_set_in_callback(data, false); - if(result) { - failf(data, - "CURLOPT_CONV_FROM_UTF8_FUNCTION callback returned %d: %s", - (int)result, curl_easy_strerror(result)); - } - - return result; - } - else { -#ifdef HAVE_ICONV - /* do the translation ourselves */ - iconv_t tmpcd = (iconv_t) -1; - iconv_t *cd = &tmpcd; - char *input_ptr; - char *output_ptr; - size_t in_bytes, out_bytes, rc; - char ebuffer[STRERROR_LEN]; - - /* open an iconv conversion descriptor if necessary */ - if(data) - cd = &data->utf8_cd; - if(*cd == (iconv_t)-1) { - *cd = iconv_open(CURL_ICONV_CODESET_OF_HOST, - CURL_ICONV_CODESET_FOR_UTF8); - if(*cd == (iconv_t)-1) { - failf(data, - "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s", - CURL_ICONV_CODESET_OF_HOST, - CURL_ICONV_CODESET_FOR_UTF8, - errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); - return CURLE_CONV_FAILED; - } - } - /* call iconv */ - input_ptr = output_ptr = buffer; - in_bytes = out_bytes = length; - rc = iconv(*cd, &input_ptr, &in_bytes, - &output_ptr, &out_bytes); - if(!data) - iconv_close(tmpcd); - if((rc == ICONV_ERROR) || (in_bytes)) { - failf(data, - "The Curl_convert_from_utf8 iconv call failed with errno %i: %s", - errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); - return CURLE_CONV_FAILED; - } - if(output_ptr < input_ptr) { - /* null terminate the now shorter output string */ - *output_ptr = 0x00; - } -#else - failf(data, "CURLOPT_CONV_FROM_UTF8_FUNCTION callback required"); - return CURLE_CONV_REQD; -#endif /* HAVE_ICONV */ - } - - return CURLE_OK; -} - -/* - * Init conversion stuff for a Curl_easy - */ -void Curl_convert_init(struct Curl_easy *data) -{ -#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV) - /* conversion descriptors for iconv calls */ - data->outbound_cd = (iconv_t)-1; - data->inbound_cd = (iconv_t)-1; - data->utf8_cd = (iconv_t)-1; -#else - (void)data; -#endif /* CURL_DOES_CONVERSIONS && HAVE_ICONV */ -} - -/* - * Setup conversion stuff for a Curl_easy - */ -void Curl_convert_setup(struct Curl_easy *data) -{ - data->inbound_cd = iconv_open(CURL_ICONV_CODESET_OF_HOST, - CURL_ICONV_CODESET_OF_NETWORK); - data->outbound_cd = iconv_open(CURL_ICONV_CODESET_OF_NETWORK, - CURL_ICONV_CODESET_OF_HOST); - data->utf8_cd = iconv_open(CURL_ICONV_CODESET_OF_HOST, - CURL_ICONV_CODESET_FOR_UTF8); -} - -/* - * Close conversion stuff for a Curl_easy - */ - -void Curl_convert_close(struct Curl_easy *data) -{ -#ifdef HAVE_ICONV - /* close iconv conversion descriptors */ - if(data->inbound_cd != (iconv_t)-1) { - iconv_close(data->inbound_cd); - } - if(data->outbound_cd != (iconv_t)-1) { - iconv_close(data->outbound_cd); - } - if(data->utf8_cd != (iconv_t)-1) { - iconv_close(data->utf8_cd); - } -#else - (void)data; -#endif /* HAVE_ICONV */ -} - -#endif /* CURL_DOES_CONVERSIONS */ diff --git a/contrib/libs/curl/lib/non-ascii.h b/contrib/libs/curl/lib/non-ascii.h deleted file mode 100644 index 458e8ef091..0000000000 --- a/contrib/libs/curl/lib/non-ascii.h +++ /dev/null @@ -1,61 +0,0 @@ -#ifndef HEADER_CURL_NON_ASCII_H -#define HEADER_CURL_NON_ASCII_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ -#include "curl_setup.h" - -#ifdef CURL_DOES_CONVERSIONS - -#include "urldata.h" - -/* - * Curl_convert_clone() returns a malloced copy of the source string (if - * returning CURLE_OK), with the data converted to network format. - * - * If no conversion was needed *outbuf may be NULL. - */ -CURLcode Curl_convert_clone(struct Curl_easy *data, - const char *indata, - size_t insize, - char **outbuf); - -void Curl_convert_init(struct Curl_easy *data); -void Curl_convert_setup(struct Curl_easy *data); -void Curl_convert_close(struct Curl_easy *data); - -CURLcode Curl_convert_to_network(struct Curl_easy *data, - char *buffer, size_t length); -CURLcode Curl_convert_from_network(struct Curl_easy *data, - char *buffer, size_t length); -CURLcode Curl_convert_from_utf8(struct Curl_easy *data, - char *buffer, size_t length); -#else -#define Curl_convert_clone(a,b,c,d) ((void)a, CURLE_OK) -#define Curl_convert_init(x) Curl_nop_stmt -#define Curl_convert_setup(x) Curl_nop_stmt -#define Curl_convert_close(x) Curl_nop_stmt -#define Curl_convert_to_network(a,b,c) ((void)a, CURLE_OK) -#define Curl_convert_from_network(a,b,c) ((void)a, CURLE_OK) -#define Curl_convert_from_utf8(a,b,c) ((void)a, CURLE_OK) -#endif - -#endif /* HEADER_CURL_NON_ASCII_H */ diff --git a/contrib/libs/curl/lib/nonblock.c b/contrib/libs/curl/lib/nonblock.c index fda2e9ad79..92fb22ec22 100644 --- a/contrib/libs/curl/lib/nonblock.c +++ b/contrib/libs/curl/lib/nonblock.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -73,12 +73,6 @@ int curlx_nonblock(curl_socket_t sockfd, /* operate on this */ long flags = nonblock ? 1L : 0L; return IoctlSocket(sockfd, FIONBIO, (char *)&flags); -#elif defined(HAVE_SETSOCKOPT_SO_NONBLOCK) - - /* BeOS */ - long b = nonblock ? 1L : 0L; - return setsockopt(sockfd, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b)); - #else # error "no non-blocking method was found/used/set" #endif diff --git a/contrib/libs/curl/lib/openldap.c b/contrib/libs/curl/lib/openldap.c index f2c1cee070..adff70eaf0 100644 --- a/contrib/libs/curl/lib/openldap.c +++ b/contrib/libs/curl/lib/openldap.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2011 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2010, Howard Chu, <hyc@openldap.org> * * This software is licensed as described in the file COPYING, which @@ -46,6 +46,8 @@ #include "curl_ldap.h" #include "curl_base64.h" #include "connect.h" +#include "curl_sasl.h" +#include "strcase.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" @@ -76,6 +78,8 @@ typedef enum { OLDAP_SSL, /* Performing SSL handshake. */ OLDAP_STARTTLS, /* STARTTLS request sent. */ OLDAP_TLS, /* Performing TLS handshake. */ + OLDAP_MECHS, /* Get SASL authentication mechanisms. */ + OLDAP_SASL, /* SASL binding reply. */ OLDAP_BIND, /* Simple bind reply. */ OLDAP_BINDV2, /* Simple bind reply in protocol version 2. */ OLDAP_LAST /* Never used */ @@ -96,6 +100,13 @@ static CURLcode oldap_connecting(struct Curl_easy *data, bool *done); static CURLcode oldap_disconnect(struct Curl_easy *data, struct connectdata *conn, bool dead); +static CURLcode oldap_perform_auth(struct Curl_easy *data, const char *mech, + const struct bufref *initresp); +static CURLcode oldap_continue_auth(struct Curl_easy *data, const char *mech, + const struct bufref *resp); +static CURLcode oldap_cancel_auth(struct Curl_easy *data, const char *mech); +static CURLcode oldap_get_message(struct Curl_easy *data, struct bufref *out); + static Curl_recv oldap_recv; /* @@ -154,10 +165,26 @@ const struct Curl_handler Curl_handler_ldaps = { }; #endif +/* SASL parameters for the ldap protocol */ +static const struct SASLproto saslldap = { + "ldap", /* The service name */ + oldap_perform_auth, /* Send authentication command */ + oldap_continue_auth, /* Send authentication continuation */ + oldap_cancel_auth, /* Send authentication cancellation */ + oldap_get_message, /* Get SASL response message */ + 0, /* Maximum initial response length (no max) */ + LDAP_SASL_BIND_IN_PROGRESS, /* Code received when continuation is expected */ + LDAP_SUCCESS, /* Code to receive upon authentication success */ + SASL_AUTH_NONE, /* Default mechanisms */ + 0 /* Configuration flags */ +}; + struct ldapconninfo { + struct SASL sasl; /* SASL-related parameters */ LDAP *ld; /* Openldap connection handle. */ Curl_recv *recv; /* For stacking SSL handler */ Curl_send *send; + struct berval *servercred; /* SASL data from server. */ ldapstate state; /* Current machine state. */ int proto; /* LDAP_PROTO_TCP/LDAP_PROTO_UDP/LDAP_PROTO_IPC */ int msgid; /* Current message id. */ @@ -184,6 +211,8 @@ static void state(struct Curl_easy *data, ldapstate newstate) "SSL", "STARTTLS", "TLS", + "MECHS", + "SASL", "BIND", "BINDV2", /* LAST */ @@ -251,6 +280,37 @@ static CURLcode oldap_url_parse(struct Curl_easy *data, LDAPURLDesc **ludp) return result; } +/* Parse the login options. */ +static CURLcode oldap_parse_login_options(struct connectdata *conn) +{ + CURLcode result = CURLE_OK; + struct ldapconninfo *li = conn->proto.ldapc; + const char *ptr = conn->options; + + while(!result && ptr && *ptr) { + const char *key = ptr; + const char *value; + + while(*ptr && *ptr != '=') + ptr++; + + value = ptr + 1; + + while(*ptr && *ptr != ';') + ptr++; + + if(checkprefix("AUTH=", key)) + result = Curl_sasl_parse_url_auth_option(&li->sasl, value, ptr - value); + else + result = CURLE_SETOPT_OPTION_SYNTAX; + + if(*ptr == ';') + ptr++; + } + + return result == CURLE_URL_MALFORMAT? CURLE_SETOPT_OPTION_SYNTAX: result; +} + static CURLcode oldap_setup_connection(struct Curl_easy *data, struct connectdata *conn) { @@ -271,14 +331,94 @@ static CURLcode oldap_setup_connection(struct Curl_easy *data, conn->proto.ldapc = li; connkeep(conn, "OpenLDAP default"); + /* Initialize the SASL storage */ + Curl_sasl_init(&li->sasl, data, &saslldap); + /* Clear the TLS upgraded flag */ conn->bits.tls_upgraded = FALSE; + + result = oldap_parse_login_options(conn); } } return result; } +/* + * Get the SASL authentication challenge from the server credential buffer. + */ +static CURLcode oldap_get_message(struct Curl_easy *data, struct bufref *out) +{ + struct berval *servercred = data->conn->proto.ldapc->servercred; + + if(!servercred || !servercred->bv_val) + return CURLE_WEIRD_SERVER_REPLY; + Curl_bufref_set(out, servercred->bv_val, servercred->bv_len, NULL); + return CURLE_OK; +} + +/* + * Sends an initial SASL bind request to the server. + */ +static CURLcode oldap_perform_auth(struct Curl_easy *data, const char *mech, + const struct bufref *initresp) +{ + struct connectdata *conn = data->conn; + struct ldapconninfo *li = conn->proto.ldapc; + CURLcode result = CURLE_OK; + struct berval cred; + struct berval *pcred = &cred; + int rc; + + cred.bv_val = (char *) Curl_bufref_ptr(initresp); + cred.bv_len = Curl_bufref_len(initresp); + if(!cred.bv_val) + pcred = NULL; + rc = ldap_sasl_bind(li->ld, NULL, mech, pcred, NULL, NULL, &li->msgid); + if(rc != LDAP_SUCCESS) + result = oldap_map_error(rc, CURLE_LDAP_CANNOT_BIND); + return result; +} + +/* + * Sends SASL continuation. + */ +static CURLcode oldap_continue_auth(struct Curl_easy *data, const char *mech, + const struct bufref *resp) +{ + struct connectdata *conn = data->conn; + struct ldapconninfo *li = conn->proto.ldapc; + CURLcode result = CURLE_OK; + struct berval cred; + struct berval *pcred = &cred; + int rc; + + cred.bv_val = (char *) Curl_bufref_ptr(resp); + cred.bv_len = Curl_bufref_len(resp); + if(!cred.bv_val) + pcred = NULL; + rc = ldap_sasl_bind(li->ld, NULL, mech, pcred, NULL, NULL, &li->msgid); + if(rc != LDAP_SUCCESS) + result = oldap_map_error(rc, CURLE_LDAP_CANNOT_BIND); + return result; +} + +/* + * Sends SASL bind cancellation. + */ +static CURLcode oldap_cancel_auth(struct Curl_easy *data, const char *mech) +{ + struct ldapconninfo *li = data->conn->proto.ldapc; + CURLcode result = CURLE_OK; + int rc = ldap_sasl_bind(li->ld, NULL, LDAP_SASL_NULL, NULL, NULL, NULL, + &li->msgid); + + (void)mech; + if(rc != LDAP_SUCCESS) + result = oldap_map_error(rc, CURLE_LDAP_CANNOT_BIND); + return result; +} + /* Starts LDAP simple bind. */ static CURLcode oldap_perform_bind(struct Curl_easy *data, ldapstate newstate) { @@ -292,7 +432,7 @@ static CURLcode oldap_perform_bind(struct Curl_easy *data, ldapstate newstate) passwd.bv_val = NULL; passwd.bv_len = 0; - if(conn->bits.user_passwd) { + if(data->state.aptr.user) { binddn = conn->user; passwd.bv_val = conn->passwd; passwd.bv_len = strlen(passwd.bv_val); @@ -304,11 +444,45 @@ static CURLcode oldap_perform_bind(struct Curl_easy *data, ldapstate newstate) state(data, newstate); else result = oldap_map_error(rc, - conn->bits.user_passwd? + data->state.aptr.user? CURLE_LOGIN_DENIED: CURLE_LDAP_CANNOT_BIND); return result; } +/* Query the supported SASL authentication mechanisms. */ +static CURLcode oldap_perform_mechs(struct Curl_easy *data) +{ + CURLcode result = CURLE_OK; + struct ldapconninfo *li = data->conn->proto.ldapc; + int rc; + static const char * const supportedSASLMechanisms[] = { + "supportedSASLMechanisms", + NULL + }; + + rc = ldap_search_ext(li->ld, "", LDAP_SCOPE_BASE, "(objectclass=*)", + (char **) supportedSASLMechanisms, 0, + NULL, NULL, NULL, 0, &li->msgid); + if(rc == LDAP_SUCCESS) + state(data, OLDAP_MECHS); + else + result = oldap_map_error(rc, CURLE_LOGIN_DENIED); + return result; +} + +/* Starts SASL bind. */ +static CURLcode oldap_perform_sasl(struct Curl_easy *data) +{ + saslprogress progress = SASL_IDLE; + struct ldapconninfo *li = data->conn->proto.ldapc; + CURLcode result = Curl_sasl_start(&li->sasl, data, TRUE, &progress); + + state(data, OLDAP_SASL); + if(!result && progress != SASL_INPROGRESS) + result = CURLE_LOGIN_DENIED; + return result; +} + #ifdef USE_SSL static Sockbuf_IO ldapsb_tls; @@ -414,11 +588,106 @@ static CURLcode oldap_connect(struct Curl_easy *data, bool *done) } #endif + if(li->sasl.prefmech != SASL_AUTH_NONE) + return oldap_perform_mechs(data); + /* Force bind even if anonymous bind is not needed in protocol version 3 to detect missing version 3 support. */ return oldap_perform_bind(data, OLDAP_BIND); } +/* Handle the supported SASL mechanisms query response */ +static CURLcode oldap_state_mechs_resp(struct Curl_easy *data, + LDAPMessage *msg, int code) +{ + struct connectdata *conn = data->conn; + struct ldapconninfo *li = conn->proto.ldapc; + int rc; + BerElement *ber = NULL; + CURLcode result = CURLE_OK; + struct berval bv, *bvals; + + switch(ldap_msgtype(msg)) { + case LDAP_RES_SEARCH_ENTRY: + /* Got a list of supported SASL mechanisms. */ + if(code != LDAP_SUCCESS && code != LDAP_NO_RESULTS_RETURNED) + return CURLE_LOGIN_DENIED; + + rc = ldap_get_dn_ber(li->ld, msg, &ber, &bv); + if(rc < 0) + return oldap_map_error(rc, CURLE_BAD_CONTENT_ENCODING); + for(rc = ldap_get_attribute_ber(li->ld, msg, ber, &bv, &bvals); + rc == LDAP_SUCCESS; + rc = ldap_get_attribute_ber(li->ld, msg, ber, &bv, &bvals)) { + int i; + + if(!bv.bv_val) + break; + + if(bvals) { + for(i = 0; bvals[i].bv_val; i++) { + size_t llen; + unsigned short mech = Curl_sasl_decode_mech((char *) bvals[i].bv_val, + bvals[i].bv_len, &llen); + if(bvals[i].bv_len == llen) + li->sasl.authmechs |= mech; + } + ber_memfree(bvals); + } + } + ber_free(ber, 0); + break; + + case LDAP_RES_SEARCH_RESULT: + switch(code) { + case LDAP_SIZELIMIT_EXCEEDED: + infof(data, "Too many authentication mechanisms\n"); + /* FALLTHROUGH */ + case LDAP_SUCCESS: + case LDAP_NO_RESULTS_RETURNED: + if(Curl_sasl_can_authenticate(&li->sasl, data)) + result = oldap_perform_sasl(data); + else + result = CURLE_LOGIN_DENIED; + break; + default: + result = oldap_map_error(code, CURLE_LOGIN_DENIED); + break; + } + break; + default: + break; + } + return result; +} + +/* Handle a SASL bind response. */ +static CURLcode oldap_state_sasl_resp(struct Curl_easy *data, + LDAPMessage *msg, int code) +{ + struct connectdata *conn = data->conn; + struct ldapconninfo *li = conn->proto.ldapc; + CURLcode result = CURLE_OK; + saslprogress progress; + int rc; + + li->servercred = NULL; + rc = ldap_parse_sasl_bind_result(li->ld, msg, &li->servercred, 0); + if(rc != LDAP_SUCCESS) { + failf(data, "LDAP local: sasl ldap_parse_result %s", ldap_err2string(rc)); + result = oldap_map_error(rc, CURLE_LOGIN_DENIED); + } + else { + result = Curl_sasl_continue(&li->sasl, data, code, &progress); + if(!result && progress != SASL_INPROGRESS) + state(data, OLDAP_STOP); + } + + if(li->servercred) + ber_bvfree(li->servercred); + return result; +} + /* Handle a simple bind response. */ static CURLcode oldap_state_bind_resp(struct Curl_easy *data, LDAPMessage *msg, int code) @@ -459,12 +728,20 @@ static CURLcode oldap_connecting(struct Curl_easy *data, bool *done) if(li->state != OLDAP_SSL && li->state != OLDAP_TLS) { /* Get response to last command. */ rc = ldap_result(li->ld, li->msgid, LDAP_MSG_ONE, &tv, &msg); - if(!rc) - return CURLE_OK; /* Timed out. */ - if(rc < 0) { - failf(data, "LDAP local: connecting ldap_result %s", - ldap_err2string(rc)); - return oldap_map_error(rc, CURLE_COULDNT_CONNECT); + switch(rc) { + case 0: /* Timed out. */ + return CURLE_OK; + case LDAP_RES_SEARCH_ENTRY: + case LDAP_RES_SEARCH_REFERENCE: + break; + default: + li->msgid = 0; /* Nothing to abandon upon error. */ + if(rc < 0) { + failf(data, "LDAP local: connecting ldap_result %s", + ldap_err2string(rc)); + return oldap_map_error(rc, CURLE_COULDNT_CONNECT); + } + break; } /* Get error code from message. */ @@ -477,11 +754,11 @@ static CURLcode oldap_connecting(struct Curl_easy *data, bool *done) } /* If protocol version 3 is not supported, fallback to version 2. */ - if(code == LDAP_PROTOCOL_ERROR && li->state != OLDAP_BINDV2 + if(code == LDAP_PROTOCOL_ERROR && li->state != OLDAP_BINDV2 && #ifdef USE_SSL - && (ssl_installed(conn) || data->set.use_ssl <= CURLUSESSL_TRY) + (ssl_installed(conn) || data->set.use_ssl <= CURLUSESSL_TRY) && #endif - ) { + li->sasl.prefmech == SASL_AUTH_NONE) { static const int version = LDAP_VERSION2; ldap_set_option(li->ld, LDAP_OPT_PROTOCOL_VERSION, &version); @@ -496,13 +773,19 @@ static CURLcode oldap_connecting(struct Curl_easy *data, bool *done) #ifdef USE_SSL case OLDAP_SSL: result = oldap_ssl_connect(data, OLDAP_SSL); - if(!result && ssl_installed(conn)) - result = oldap_perform_bind(data, OLDAP_BIND); + if(!result && ssl_installed(conn)) { + if(li->sasl.prefmech != SASL_AUTH_NONE) + result = oldap_perform_mechs(data); + else + result = oldap_perform_bind(data, OLDAP_BIND); + } break; case OLDAP_STARTTLS: if(code != LDAP_SUCCESS) { if(data->set.use_ssl != CURLUSESSL_TRY) result = oldap_map_error(code, CURLE_USE_SSL_FAILED); + else if(li->sasl.prefmech != SASL_AUTH_NONE) + result = oldap_perform_mechs(data); else result = oldap_perform_bind(data, OLDAP_BIND); break; @@ -514,7 +797,9 @@ static CURLcode oldap_connecting(struct Curl_easy *data, bool *done) result = oldap_map_error(code, CURLE_USE_SSL_FAILED); else if(ssl_installed(conn)) { conn->bits.tls_upgraded = TRUE; - if(conn->bits.user_passwd) + if(li->sasl.prefmech != SASL_AUTH_NONE) + result = oldap_perform_mechs(data); + else if(data->state.aptr.user) result = oldap_perform_bind(data, OLDAP_BIND); else { state(data, OLDAP_STOP); /* Version 3 supported: no bind required */ @@ -524,6 +809,12 @@ static CURLcode oldap_connecting(struct Curl_easy *data, bool *done) break; #endif + case OLDAP_MECHS: + result = oldap_state_mechs_resp(data, msg, code); + break; + case OLDAP_SASL: + result = oldap_state_sasl_resp(data, msg, code); + break; case OLDAP_BIND: case OLDAP_BINDV2: result = oldap_state_bind_resp(data, msg, code); @@ -540,6 +831,10 @@ static CURLcode oldap_connecting(struct Curl_easy *data, bool *done) if(*done) conn->recv[FIRSTSOCKET] = oldap_recv; + if(result && li->msgid) { + ldap_abandon_ext(li->ld, li->msgid, NULL, NULL); + li->msgid = 0; + } return result; } @@ -549,6 +844,9 @@ static CURLcode oldap_disconnect(struct Curl_easy *data, { struct ldapconninfo *li = conn->proto.ldapc; (void) dead_connection; +#ifndef USE_SSL + (void)data; +#endif if(li) { if(li->ld) { @@ -562,6 +860,7 @@ static CURLcode oldap_disconnect(struct Curl_easy *data, ldap_unbind_ext(li->ld, NULL, NULL); li->ld = NULL; } + Curl_sasl_cleanup(conn, li->sasl.authused); conn->proto.ldapc = NULL; free(li); } @@ -632,21 +931,21 @@ static CURLcode oldap_done(struct Curl_easy *data, CURLcode res, return CURLE_OK; } -static CURLcode client_write(struct Curl_easy *data, const char *prefix, - const char *value, size_t len, const char *suffix) +static CURLcode client_write(struct Curl_easy *data, + const char *prefix, size_t plen, + const char *value, size_t len, + const char *suffix, size_t slen) { CURLcode result = CURLE_OK; - size_t l; if(prefix) { - l = strlen(prefix); /* If we have a zero-length value and the prefix ends with a space separator, drop the latter. */ - if(!len && l && prefix[l - 1] == ' ') - l--; - result = Curl_client_write(data, CLIENTWRITE_BODY, (char *) prefix, l); + if(!len && plen && prefix[plen - 1] == ' ') + plen--; + result = Curl_client_write(data, CLIENTWRITE_BODY, (char *) prefix, plen); if(!result) - data->req.bytecount += l; + data->req.bytecount += plen; } if(!result && value) { result = Curl_client_write(data, CLIENTWRITE_BODY, (char *) value, len); @@ -654,10 +953,9 @@ static CURLcode client_write(struct Curl_easy *data, const char *prefix, data->req.bytecount += len; } if(!result && suffix) { - l = strlen(suffix); - result = Curl_client_write(data, CLIENTWRITE_BODY, (char *) suffix, l); + result = Curl_client_write(data, CLIENTWRITE_BODY, (char *) suffix, slen); if(!result) - data->req.bytecount += l; + data->req.bytecount += slen; } return result; } @@ -734,7 +1032,8 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, break; } - result = client_write(data, "DN: ", bv.bv_val, bv.bv_len, "\n"); + result = client_write(data, STRCONST("DN: "), bv.bv_val, bv.bv_len, + STRCONST("\n")); if(result) break; @@ -747,7 +1046,8 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, break; if(!bvals) { - result = client_write(data, "\t", bv.bv_val, bv.bv_len, ":\n"); + result = client_write(data, STRCONST("\t"), bv.bv_val, bv.bv_len, + STRCONST(":\n")); if(result) break; continue; @@ -759,7 +1059,8 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, for(i = 0; bvals[i].bv_val != NULL; i++) { int binval = 0; - result = client_write(data, "\t", bv.bv_val, bv.bv_len, ":"); + result = client_write(data, STRCONST("\t"), bv.bv_val, bv.bv_len, + STRCONST(":")); if(result) break; @@ -784,15 +1085,17 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, /* Binary value, encode to base64. */ if(bvals[i].bv_len) - result = Curl_base64_encode(data, bvals[i].bv_val, bvals[i].bv_len, + result = Curl_base64_encode(bvals[i].bv_val, bvals[i].bv_len, &val_b64, &val_b64_sz); if(!result) - result = client_write(data, ": ", val_b64, val_b64_sz, "\n"); + result = client_write(data, STRCONST(": "), val_b64, val_b64_sz, + STRCONST("\n")); free(val_b64); } else - result = client_write(data, " ", - bvals[i].bv_val, bvals[i].bv_len, "\n"); + result = client_write(data, STRCONST(" "), + bvals[i].bv_val, bvals[i].bv_len, + STRCONST("\n")); if(result) break; } @@ -800,7 +1103,7 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, ber_memfree(bvals); bvals = NULL; if(!result) - result = client_write(data, "\n", NULL, 0, NULL); + result = client_write(data, STRCONST("\n"), NULL, 0, NULL, 0); if(result) break; } @@ -808,7 +1111,7 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, ber_free(ber, 0); if(!result) - result = client_write(data, "\n", NULL, 0, NULL); + result = client_write(data, STRCONST("\n"), NULL, 0, NULL, 0); if(!result) result = CURLE_AGAIN; break; diff --git a/contrib/libs/curl/lib/pingpong.c b/contrib/libs/curl/lib/pingpong.c index 84c7f51de5..1453bf299a 100644 --- a/contrib/libs/curl/lib/pingpong.c +++ b/contrib/libs/curl/lib/pingpong.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -32,7 +32,6 @@ #include "speedcheck.h" #include "pingpong.h" #include "multiif.h" -#include "non-ascii.h" #include "vtls/vtls.h" /* The last 3 #include files should be in this order */ @@ -199,11 +198,6 @@ CURLcode Curl_pp_vsendf(struct Curl_easy *data, s = Curl_dyn_ptr(&pp->sendbuf); Curl_pp_init(data, pp); - result = Curl_convert_to_network(data, s, write_len); - /* Curl_convert_to_network calls failf if unsuccessful */ - if(result) - return result; - #ifdef HAVE_GSSAPI conn->data_prot = PROT_CMD; #endif @@ -324,11 +318,6 @@ CURLcode Curl_pp_readresp(struct Curl_easy *data, if(result == CURLE_AGAIN) return CURLE_OK; /* return */ - if(!result && (gotbytes > 0)) - /* convert from the network encoding */ - result = Curl_convert_from_network(data, ptr, gotbytes); - /* Curl_convert_from_network calls failf if unsuccessful */ - if(result) /* Set outer result variable to this error. */ keepon = FALSE; diff --git a/contrib/libs/curl/lib/pop3.c b/contrib/libs/curl/lib/pop3.c index d4ca67877d..065bdbaf51 100644 --- a/contrib/libs/curl/lib/pop3.c +++ b/contrib/libs/curl/lib/pop3.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -401,7 +401,7 @@ static CURLcode pop3_perform_user(struct Curl_easy *data, /* Check we have a username and password to authenticate with and end the connect phase if we don't */ - if(!conn->bits.user_passwd) { + if(!data->state.aptr.user) { state(data, POP3_STOP); return result; @@ -435,7 +435,7 @@ static CURLcode pop3_perform_apop(struct Curl_easy *data, /* Check we have a username and password to authenticate with and end the connect phase if we don't */ - if(!conn->bits.user_passwd) { + if(!data->state.aptr.user) { state(data, POP3_STOP); return result; @@ -545,7 +545,7 @@ static CURLcode pop3_perform_authentication(struct Curl_easy *data, /* Check we have enough data to authenticate with and end the connect phase if we don't */ - if(!Curl_sasl_can_authenticate(&pop3c->sasl, conn)) { + if(!Curl_sasl_can_authenticate(&pop3c->sasl, data)) { state(data, POP3_STOP); return result; } @@ -1423,7 +1423,7 @@ static CURLcode pop3_parse_url_path(struct Curl_easy *data) const char *path = &data->state.up.path[1]; /* skip leading path */ /* URL decode the path for the message ID */ - return Curl_urldecode(data, path, 0, &pop3->id, NULL, REJECT_CTRL); + return Curl_urldecode(path, 0, &pop3->id, NULL, REJECT_CTRL); } /*********************************************************************** @@ -1440,7 +1440,7 @@ static CURLcode pop3_parse_custom_request(struct Curl_easy *data) /* URL decode the custom request */ if(custom) - result = Curl_urldecode(data, custom, 0, &pop3->custom, NULL, REJECT_CTRL); + result = Curl_urldecode(custom, 0, &pop3->custom, NULL, REJECT_CTRL); return result; } diff --git a/contrib/libs/curl/lib/rtsp.c b/contrib/libs/curl/lib/rtsp.c index 30fefb9b82..f16e87c12d 100644 --- a/contrib/libs/curl/lib/rtsp.c +++ b/contrib/libs/curl/lib/rtsp.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -340,7 +340,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) } /* Transport Header for SETUP requests */ - p_transport = Curl_checkheaders(data, "Transport"); + p_transport = Curl_checkheaders(data, STRCONST("Transport")); if(rtspreq == RTSPREQ_SETUP && !p_transport) { /* New Transport: setting? */ if(data->set.str[STRING_RTSP_TRANSPORT]) { @@ -364,11 +364,11 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) /* Accept Headers for DESCRIBE requests */ if(rtspreq == RTSPREQ_DESCRIBE) { /* Accept Header */ - p_accept = Curl_checkheaders(data, "Accept")? + p_accept = Curl_checkheaders(data, STRCONST("Accept"))? NULL:"Accept: application/sdp\r\n"; /* Accept-Encoding header */ - if(!Curl_checkheaders(data, "Accept-Encoding") && + if(!Curl_checkheaders(data, STRCONST("Accept-Encoding")) && data->set.str[STRING_ENCODING]) { Curl_safefree(data->state.aptr.accept_encoding); data->state.aptr.accept_encoding = @@ -385,11 +385,12 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) it might have been used in the proxy connect, but if we have got a header with the user-agent string specified, we erase the previously made string here. */ - if(Curl_checkheaders(data, "User-Agent") && data->state.aptr.uagent) { + if(Curl_checkheaders(data, STRCONST("User-Agent")) && + data->state.aptr.uagent) { Curl_safefree(data->state.aptr.uagent); data->state.aptr.uagent = NULL; } - else if(!Curl_checkheaders(data, "User-Agent") && + else if(!Curl_checkheaders(data, STRCONST("User-Agent")) && data->set.str[STRING_USERAGENT]) { p_uagent = data->state.aptr.uagent; } @@ -405,7 +406,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) /* Referrer */ Curl_safefree(data->state.aptr.ref); - if(data->state.referer && !Curl_checkheaders(data, "Referer")) + if(data->state.referer && !Curl_checkheaders(data, STRCONST("Referer"))) data->state.aptr.ref = aprintf("Referer: %s\r\n", data->state.referer); else data->state.aptr.ref = NULL; @@ -422,7 +423,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) (rtspreq & (RTSPREQ_PLAY | RTSPREQ_PAUSE | RTSPREQ_RECORD))) { /* Check to see if there is a range set in the custom headers */ - if(!Curl_checkheaders(data, "Range") && data->state.range) { + if(!Curl_checkheaders(data, STRCONST("Range")) && data->state.range) { Curl_safefree(data->state.aptr.rangeline); data->state.aptr.rangeline = aprintf("Range: %s\r\n", data->state.range); p_range = data->state.aptr.rangeline; @@ -432,11 +433,11 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) /* * Sanity check the custom headers */ - if(Curl_checkheaders(data, "CSeq")) { + if(Curl_checkheaders(data, STRCONST("CSeq"))) { failf(data, "CSeq cannot be set as a custom header."); return CURLE_RTSP_CSEQ_ERROR; } - if(Curl_checkheaders(data, "Session")) { + if(Curl_checkheaders(data, STRCONST("Session"))) { failf(data, "Session ID cannot be set as a custom header."); return CURLE_BAD_FUNCTION_ARGUMENT; } @@ -523,7 +524,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) if(putsize > 0 || postsize > 0) { /* As stated in the http comments, it is probably not wise to * actually set a custom Content-Length in the headers */ - if(!Curl_checkheaders(data, "Content-Length")) { + if(!Curl_checkheaders(data, STRCONST("Content-Length"))) { result = Curl_dyn_addf(&req_buffer, "Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n", @@ -534,18 +535,20 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) if(rtspreq == RTSPREQ_SET_PARAMETER || rtspreq == RTSPREQ_GET_PARAMETER) { - if(!Curl_checkheaders(data, "Content-Type")) { - result = Curl_dyn_addf(&req_buffer, - "Content-Type: text/parameters\r\n"); + if(!Curl_checkheaders(data, STRCONST("Content-Type"))) { + result = Curl_dyn_addn(&req_buffer, + STRCONST("Content-Type: " + "text/parameters\r\n")); if(result) return result; } } if(rtspreq == RTSPREQ_ANNOUNCE) { - if(!Curl_checkheaders(data, "Content-Type")) { - result = Curl_dyn_addf(&req_buffer, - "Content-Type: application/sdp\r\n"); + if(!Curl_checkheaders(data, STRCONST("Content-Type"))) { + result = Curl_dyn_addn(&req_buffer, + STRCONST("Content-Type: " + "application/sdp\r\n")); if(result) return result; } @@ -563,7 +566,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) /* RTSP never allows chunked transfer */ data->req.forbidchunk = TRUE; /* Finish the request buffer */ - result = Curl_dyn_add(&req_buffer, "\r\n"); + result = Curl_dyn_addn(&req_buffer, STRCONST("\r\n")); if(result) return result; diff --git a/contrib/libs/curl/lib/select.c b/contrib/libs/curl/lib/select.c index 70d7ee5c26..1de207725f 100644 --- a/contrib/libs/curl/lib/select.c +++ b/contrib/libs/curl/lib/select.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -34,19 +34,10 @@ #error "We can't compile without select() or poll() support." #endif -#if defined(__BEOS__) && !defined(__HAIKU__) -/* BeOS has FD_SET defined in socket.h */ -#include <socket.h> -#endif - #ifdef MSDOS #include <dos.h> /* delay() */ #endif -#ifdef __VXWORKS__ -#include <strings.h> /* bzero() in FD_SET */ -#endif - #include <curl/curl.h> #include "urldata.h" @@ -450,23 +441,3 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, timediff_t timeout_ms) return r; } - -#ifdef TPF -/* - * This is a replacement for select() on the TPF platform. - * It is used whenever libcurl calls select(). - * The call below to tpf_process_signals() is required because - * TPF's select calls are not signal interruptible. - * - * Return values are the same as select's. - */ -int tpf_select_libcurl(int maxfds, fd_set *reads, fd_set *writes, - fd_set *excepts, struct timeval *tv) -{ - int rc; - - rc = tpf_select_bsd(maxfds, reads, writes, excepts, tv); - tpf_process_signals(); - return rc; -} -#endif /* TPF */ diff --git a/contrib/libs/curl/lib/select.h b/contrib/libs/curl/lib/select.h index 59a571dbbd..f4bcba30fb 100644 --- a/contrib/libs/curl/lib/select.h +++ b/contrib/libs/curl/lib/select.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -83,22 +83,11 @@ int Curl_socket_check(curl_socket_t readfd, curl_socket_t readfd2, int Curl_poll(struct pollfd ufds[], unsigned int nfds, timediff_t timeout_ms); int Curl_wait_ms(timediff_t timeout_ms); -#ifdef TPF -int tpf_select_libcurl(int maxfds, fd_set* reads, fd_set* writes, - fd_set* excepts, struct timeval *tv); -#endif - -/* TPF sockets are not in range [0..FD_SETSIZE-1], which - unfortunately makes it impossible for us to easily check if they're valid - +/* With Winsock the valid range is [0..INVALID_SOCKET-1] according to https://docs.microsoft.com/en-us/windows/win32/winsock/socket-data-type-2 */ -#if defined(TPF) -#define VALID_SOCK(x) 1 -#define VERIFY_SOCK(x) Curl_nop_stmt -#define FDSET_SOCK(x) 1 -#elif defined(USE_WINSOCK) +#ifdef USE_WINSOCK #define VALID_SOCK(s) ((s) < INVALID_SOCKET) #define FDSET_SOCK(x) 1 #define VERIFY_SOCK(x) do { \ diff --git a/contrib/libs/curl/lib/sendf.c b/contrib/libs/curl/lib/sendf.c index bcfa27a501..220c7dd7ba 100644 --- a/contrib/libs/curl/lib/sendf.c +++ b/contrib/libs/curl/lib/sendf.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -41,7 +41,6 @@ #include "vssh/ssh.h" #include "easyif.h" #include "multiif.h" -#include "non-ascii.h" #include "strerror.h" #include "select.h" #include "strdup.h" @@ -628,19 +627,14 @@ CURLcode Curl_client_write(struct Curl_easy *data, /* FTP data may need conversion. */ if((type & CLIENTWRITE_BODY) && - (conn->handler->protocol & PROTO_FAMILY_FTP) && - conn->proto.ftpc.transfertype == 'A') { - /* convert from the network encoding */ - CURLcode result = Curl_convert_from_network(data, ptr, len); - /* Curl_convert_from_network calls failf if unsuccessful */ - if(result) - return result; + (conn->handler->protocol & PROTO_FAMILY_FTP) && + conn->proto.ftpc.transfertype == 'A') { #ifdef CURL_DO_LINEEND_CONV /* convert end-of-line markers */ len = convert_lineends(data, ptr, len); #endif /* CURL_DO_LINEEND_CONV */ - } + } return chop_write(data, type, ptr, len); } @@ -716,44 +710,6 @@ int Curl_debug(struct Curl_easy *data, curl_infotype type, if(data->set.verbose) { static const char s_infotype[CURLINFO_END][3] = { "* ", "< ", "> ", "{ ", "} ", "{ ", "} " }; - -#ifdef CURL_DOES_CONVERSIONS - char *buf = NULL; - size_t conv_size = 0; - - switch(type) { - case CURLINFO_HEADER_OUT: - buf = Curl_memdup(ptr, size); - if(!buf) - return 1; - conv_size = size; - - /* Special processing is needed for this block if it - * contains both headers and data (separated by CRLFCRLF). - * We want to convert just the headers, leaving the data as-is. - */ - if(size > 4) { - size_t i; - for(i = 0; i < size-4; i++) { - if(memcmp(&buf[i], "\x0d\x0a\x0d\x0a", 4) == 0) { - /* convert everything through this CRLFCRLF but no further */ - conv_size = i + 4; - break; - } - } - } - - Curl_convert_from_network(data, buf, conv_size); - /* Curl_convert_from_network calls failf if unsuccessful */ - /* we might as well continue even if it fails... */ - ptr = buf; /* switch pointer to use my buffer instead */ - break; - default: - /* leave everything else as-is */ - break; - } -#endif /* CURL_DOES_CONVERSIONS */ - if(data->set.fdebug) { Curl_set_in_callback(data, true); rc = (*data->set.fdebug)(data, type, ptr, size, data->set.debugdata); @@ -766,20 +722,11 @@ int Curl_debug(struct Curl_easy *data, curl_infotype type, case CURLINFO_HEADER_IN: fwrite(s_infotype[type], 2, 1, data->set.err); fwrite(ptr, size, 1, data->set.err); -#ifdef CURL_DOES_CONVERSIONS - if(size != conv_size) { - /* we had untranslated data so we need an explicit newline */ - fwrite("\n", 1, 1, data->set.err); - } -#endif break; default: /* nada */ break; } } -#ifdef CURL_DOES_CONVERSIONS - free(buf); -#endif } return rc; } diff --git a/contrib/libs/curl/lib/setopt.c b/contrib/libs/curl/lib/setopt.c index 599ed5d994..8e1bf12791 100644 --- a/contrib/libs/curl/lib/setopt.c +++ b/contrib/libs/curl/lib/setopt.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -62,19 +62,12 @@ CURLcode Curl_setstropt(char **charp, const char *s) Curl_safefree(*charp); if(s) { - char *str = strdup(s); + if(strlen(s) > CURL_MAX_INPUT_LENGTH) + return CURLE_BAD_FUNCTION_ARGUMENT; - if(str) { - size_t len = strlen(str); - if(len > CURL_MAX_INPUT_LENGTH) { - free(str); - return CURLE_BAD_FUNCTION_ARGUMENT; - } - } - if(!str) + *charp = strdup(s); + if(!*charp) return CURLE_OUT_OF_MEMORY; - - *charp = str; } return CURLE_OK; @@ -162,7 +155,9 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) char *argptr; CURLcode result = CURLE_OK; long arg; +#ifdef ENABLE_IPV6 unsigned long uarg; +#endif curl_off_t bigsize; switch(option) { @@ -1650,24 +1645,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) */ data->set.seek_client = va_arg(param, void *); break; - case CURLOPT_CONV_FROM_NETWORK_FUNCTION: - /* - * "Convert from network encoding" callback - */ - data->set.convfromnetwork = va_arg(param, curl_conv_callback); - break; - case CURLOPT_CONV_TO_NETWORK_FUNCTION: - /* - * "Convert to network encoding" callback - */ - data->set.convtonetwork = va_arg(param, curl_conv_callback); - break; - case CURLOPT_CONV_FROM_UTF8_FUNCTION: - /* - * "Convert from UTF-8 encoding" callback - */ - data->set.convfromutf8 = va_arg(param, curl_conv_callback); - break; case CURLOPT_IOCTLFUNCTION: /* * I/O control callback. Might be NULL. @@ -2558,6 +2535,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; #endif +#ifdef ENABLE_IPV6 case CURLOPT_ADDRESS_SCOPE: /* * Use this scope id when using IPv6 @@ -2571,6 +2549,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #endif data->set.scope_id = (unsigned int)uarg; break; +#endif case CURLOPT_PROTOCOLS: /* set the bitmask for the protocols that are allowed to be used for the @@ -2769,30 +2748,30 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype) data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ break; +#ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_TLSAUTH_USERNAME: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY], va_arg(param, char *)); -#ifndef CURL_DISABLE_PROXY if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] && !data->set.proxy_ssl.authtype) data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ -#endif break; +#endif case CURLOPT_TLSAUTH_PASSWORD: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD], va_arg(param, char *)); if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype) data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ break; +#ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_TLSAUTH_PASSWORD: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY], va_arg(param, char *)); -#ifndef CURL_DISABLE_PROXY if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] && !data->set.proxy_ssl.authtype) data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ -#endif break; +#endif case CURLOPT_TLSAUTH_TYPE: argptr = va_arg(param, char *); if(!argptr || diff --git a/contrib/libs/curl/lib/sha256.c b/contrib/libs/curl/lib/sha256.c index 1317d30023..a2702a6929 100644 --- a/contrib/libs/curl/lib/sha256.c +++ b/contrib/libs/curl/lib/sha256.c @@ -6,7 +6,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com> - * Copyright (C) 2018 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -40,7 +40,7 @@ #include <openssl/opensslv.h> -#if (OPENSSL_VERSION_NUMBER >= 0x0090700fL) +#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) #define USE_OPENSSL_SHA256 #endif @@ -69,8 +69,14 @@ #if defined(USE_OPENSSL_SHA256) -/* When OpenSSL is available we use the SHA256-function from OpenSSL */ +/* When OpenSSL or wolfSSL is available is available we use their + * SHA256-functions. + */ +#if defined(USE_OPENSSL) #include <openssl/evp.h> +#elif defined(USE_WOLFSSL) +#error #include <wolfssl/openssl/evp.h> +#endif #include "curl_memory.h" diff --git a/contrib/libs/curl/lib/smb.c b/contrib/libs/curl/lib/smb.c index fd49cf6aaf..8f44704a2c 100644 --- a/contrib/libs/curl/lib/smb.c +++ b/contrib/libs/curl/lib/smb.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2016 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2016 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2014, Bill Nagel <wnagel@tycoint.com>, Exacq Technologies * * This software is licensed as described in the file COPYING, which @@ -262,7 +262,7 @@ static CURLcode smb_connect(struct Curl_easy *data, bool *done) (void) done; /* Check we have a username and password to authenticate with */ - if(!conn->bits.user_passwd) + if(!data->state.aptr.user) return CURLE_LOGIN_DENIED; /* Initialize the connection state */ @@ -299,6 +299,7 @@ static CURLcode smb_connect(struct Curl_easy *data, bool *done) static CURLcode smb_recv_message(struct Curl_easy *data, void **msg) { struct connectdata *conn = data->conn; + curl_socket_t sockfd = conn->sock[FIRSTSOCKET]; struct smb_conn *smbc = &conn->proto.smbc; char *buf = smbc->recv_buf; ssize_t bytes_read; @@ -307,7 +308,7 @@ static CURLcode smb_recv_message(struct Curl_easy *data, void **msg) size_t len = MAX_MESSAGE_SIZE - smbc->got; CURLcode result; - result = Curl_read(data, FIRSTSOCKET, buf + smbc->got, len, &bytes_read); + result = Curl_read(data, sockfd, buf + smbc->got, len, &bytes_read); if(result) return result; @@ -377,11 +378,12 @@ static CURLcode smb_send(struct Curl_easy *data, ssize_t len, size_t upload_size) { struct connectdata *conn = data->conn; + curl_socket_t sockfd = conn->sock[FIRSTSOCKET]; struct smb_conn *smbc = &conn->proto.smbc; ssize_t bytes_written; CURLcode result; - result = Curl_write(data, FIRSTSOCKET, data->state.ulbuf, + result = Curl_write(data, sockfd, data->state.ulbuf, len, &bytes_written); if(result) return result; @@ -399,6 +401,7 @@ static CURLcode smb_send(struct Curl_easy *data, ssize_t len, static CURLcode smb_flush(struct Curl_easy *data) { struct connectdata *conn = data->conn; + curl_socket_t sockfd = conn->sock[FIRSTSOCKET]; struct smb_conn *smbc = &conn->proto.smbc; ssize_t bytes_written; ssize_t len = smbc->send_size - smbc->sent; @@ -407,7 +410,7 @@ static CURLcode smb_flush(struct Curl_easy *data) if(!smbc->send_size) return CURLE_OK; - result = Curl_write(data, FIRSTSOCKET, + result = Curl_write(data, sockfd, data->state.ulbuf + smbc->sent, len, &bytes_written); if(result) @@ -459,14 +462,10 @@ static CURLcode smb_send_setup(struct Curl_easy *data) if(byte_count > sizeof(msg.bytes)) return CURLE_FILESIZE_EXCEEDED; - Curl_ntlm_core_mk_lm_hash(data, conn->passwd, lm_hash); + Curl_ntlm_core_mk_lm_hash(conn->passwd, lm_hash); Curl_ntlm_core_lm_resp(lm_hash, smbc->challenge, lm); -#ifdef USE_NTRESPONSES - Curl_ntlm_core_mk_nt_hash(data, conn->passwd, nt_hash); + Curl_ntlm_core_mk_nt_hash(conn->passwd, nt_hash); Curl_ntlm_core_lm_resp(nt_hash, smbc->challenge, nt); -#else - memset(nt, 0, sizeof(nt)); -#endif memset(&msg, 0, sizeof(msg)); msg.word_count = SMB_WC_SETUP_ANDX; @@ -989,7 +988,7 @@ static CURLcode smb_parse_url_path(struct Curl_easy *data, char *slash; /* URL decode the path */ - CURLcode result = Curl_urldecode(data, data->state.up.path, 0, &path, NULL, + CURLcode result = Curl_urldecode(data->state.up.path, 0, &path, NULL, REJECT_CTRL); if(result) return result; diff --git a/contrib/libs/curl/lib/smtp.c b/contrib/libs/curl/lib/smtp.c index 6c08293783..28aa44a49a 100644 --- a/contrib/libs/curl/lib/smtp.c +++ b/contrib/libs/curl/lib/smtp.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -492,7 +492,7 @@ static CURLcode smtp_perform_authentication(struct Curl_easy *data) /* Check we have enough data to authenticate with, and the server supports authentication, and end the connect phase if not */ if(!smtpc->auth_supported || - !Curl_sasl_can_authenticate(&smtpc->sasl, conn)) { + !Curl_sasl_can_authenticate(&smtpc->sasl, data)) { state(data, SMTP_STOP); return result; } @@ -698,7 +698,7 @@ static CURLcode smtp_perform_mail(struct Curl_easy *data) NULL, MIMESTRATEGY_MAIL); if(!result) - if(!Curl_checkheaders(data, "Mime-Version")) + if(!Curl_checkheaders(data, STRCONST("Mime-Version"))) result = Curl_mime_add_header(&data->set.mimepost.curlheaders, "Mime-Version: 1.0"); @@ -1724,8 +1724,7 @@ static CURLcode smtp_parse_url_path(struct Curl_easy *data) } /* URL decode the path and use it as the domain in our EHLO */ - return Curl_urldecode(data, path, 0, &smtpc->domain, NULL, - REJECT_CTRL); + return Curl_urldecode(path, 0, &smtpc->domain, NULL, REJECT_CTRL); } /*********************************************************************** @@ -1742,7 +1741,7 @@ static CURLcode smtp_parse_custom_request(struct Curl_easy *data) /* URL decode the custom request */ if(custom) - result = Curl_urldecode(data, custom, 0, &smtp->custom, NULL, REJECT_CTRL); + result = Curl_urldecode(custom, 0, &smtp->custom, NULL, REJECT_CTRL); return result; } diff --git a/contrib/libs/curl/lib/strcase.c b/contrib/libs/curl/lib/strcase.c index 955e3c79ea..dd46ca1ba0 100644 --- a/contrib/libs/curl/lib/strcase.c +++ b/contrib/libs/curl/lib/strcase.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -28,142 +28,25 @@ static char raw_tolower(char in); -/* Portable, consistent toupper (remember EBCDIC). Do not use toupper() because - its behavior is altered by the current locale. */ +/* Portable, consistent toupper. Do not use toupper() because its behavior is + altered by the current locale. */ char Curl_raw_toupper(char in) { -#if !defined(CURL_DOES_CONVERSIONS) if(in >= 'a' && in <= 'z') return (char)('A' + in - 'a'); -#else - switch(in) { - case 'a': - return 'A'; - case 'b': - return 'B'; - case 'c': - return 'C'; - case 'd': - return 'D'; - case 'e': - return 'E'; - case 'f': - return 'F'; - case 'g': - return 'G'; - case 'h': - return 'H'; - case 'i': - return 'I'; - case 'j': - return 'J'; - case 'k': - return 'K'; - case 'l': - return 'L'; - case 'm': - return 'M'; - case 'n': - return 'N'; - case 'o': - return 'O'; - case 'p': - return 'P'; - case 'q': - return 'Q'; - case 'r': - return 'R'; - case 's': - return 'S'; - case 't': - return 'T'; - case 'u': - return 'U'; - case 'v': - return 'V'; - case 'w': - return 'W'; - case 'x': - return 'X'; - case 'y': - return 'Y'; - case 'z': - return 'Z'; - } -#endif - return in; } -/* Portable, consistent tolower (remember EBCDIC). Do not use tolower() because - its behavior is altered by the current locale. */ +/* Portable, consistent tolower. Do not use tolower() because its behavior is + altered by the current locale. */ static char raw_tolower(char in) { -#if !defined(CURL_DOES_CONVERSIONS) if(in >= 'A' && in <= 'Z') return (char)('a' + in - 'A'); -#else - switch(in) { - case 'A': - return 'a'; - case 'B': - return 'b'; - case 'C': - return 'c'; - case 'D': - return 'd'; - case 'E': - return 'e'; - case 'F': - return 'f'; - case 'G': - return 'g'; - case 'H': - return 'h'; - case 'I': - return 'i'; - case 'J': - return 'j'; - case 'K': - return 'k'; - case 'L': - return 'l'; - case 'M': - return 'm'; - case 'N': - return 'n'; - case 'O': - return 'o'; - case 'P': - return 'p'; - case 'Q': - return 'q'; - case 'R': - return 'r'; - case 'S': - return 's'; - case 'T': - return 't'; - case 'U': - return 'u'; - case 'V': - return 'v'; - case 'W': - return 'w'; - case 'X': - return 'x'; - case 'Y': - return 'y'; - case 'Z': - return 'z'; - } -#endif - return in; } - /* * Curl_strcasecompare() is for doing "raw" case insensitive strings. This is * meant to be locale independent and only compare strings we know are safe @@ -171,9 +54,6 @@ static char raw_tolower(char in) * https://daniel.haxx.se/blog/2008/10/15/strcasecmp-in-turkish/ for some * further explanation to why this function is necessary. * - * The function is capable of comparing a-z case insensitively even for - * non-ascii. - * * @unittest: 1301 */ diff --git a/contrib/libs/curl/lib/strcase.h b/contrib/libs/curl/lib/strcase.h index 10dc698817..b628656b97 100644 --- a/contrib/libs/curl/lib/strcase.h +++ b/contrib/libs/curl/lib/strcase.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -28,8 +28,7 @@ * Only "raw" case insensitive strings. This is meant to be locale independent * and only compare strings we know are safe for this. * - * The function is capable of comparing a-z case insensitively even for - * non-ascii. + * The function is capable of comparing a-z case insensitively. */ #define strcasecompare(a,b) Curl_strcasecompare(a,b) @@ -42,8 +41,8 @@ int Curl_strncasecompare(const char *first, const char *second, size_t max); char Curl_raw_toupper(char in); /* checkprefix() is a shorter version of the above, used when the first - argument is zero-byte terminated */ -#define checkprefix(a,b) curl_strnequal(a,b,strlen(a)) + argument is the string literal */ +#define checkprefix(a,b) curl_strnequal(b, STRCONST(a)) void Curl_strntoupper(char *dest, const char *src, size_t n); void Curl_strntolower(char *dest, const char *src, size_t n); diff --git a/contrib/libs/curl/lib/strerror.c b/contrib/libs/curl/lib/strerror.c index 7a53087983..406b735f9a 100644 --- a/contrib/libs/curl/lib/strerror.c +++ b/contrib/libs/curl/lib/strerror.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2004 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2004 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,12 +24,9 @@ #ifdef HAVE_STRERROR_R # if (!defined(HAVE_POSIX_STRERROR_R) && \ - !defined(HAVE_GLIBC_STRERROR_R) && \ - !defined(HAVE_VXWORKS_STRERROR_R)) || \ - (defined(HAVE_POSIX_STRERROR_R) && defined(HAVE_VXWORKS_STRERROR_R)) || \ - (defined(HAVE_GLIBC_STRERROR_R) && defined(HAVE_VXWORKS_STRERROR_R)) || \ + !defined(HAVE_GLIBC_STRERROR_R)) || \ (defined(HAVE_POSIX_STRERROR_R) && defined(HAVE_GLIBC_STRERROR_R)) -# error "strerror_r MUST be either POSIX, glibc or vxworks-style" +# error "strerror_r MUST be either POSIX, glibc style" # endif #endif @@ -224,9 +221,6 @@ curl_easy_strerror(CURLcode error) case CURLE_BAD_CONTENT_ENCODING: return "Unrecognized or bad HTTP Content or Transfer-Encoding"; - case CURLE_LDAP_INVALID_URL: - return "Invalid LDAP URL"; - case CURLE_FILESIZE_EXCEEDED: return "Maximum file size exceeded"; @@ -272,9 +266,6 @@ curl_easy_strerror(CURLcode error) case CURLE_CONV_FAILED: return "Conversion failed"; - case CURLE_CONV_REQD: - return "Caller must register CURLOPT_CONV_ callback options"; - case CURLE_REMOTE_FILE_NOT_FOUND: return "Remote file not found"; @@ -337,6 +328,8 @@ curl_easy_strerror(CURLcode error) case CURLE_OBSOLETE50: case CURLE_OBSOLETE51: case CURLE_OBSOLETE57: + case CURLE_OBSOLETE62: + case CURLE_OBSOLETE76: case CURL_LAST: break; } @@ -883,18 +876,6 @@ const char *Curl_strerror(int err, char *buf, size_t buflen) else msnprintf(buf, max, "Unknown error %d", err); } -#elif defined(HAVE_STRERROR_R) && defined(HAVE_VXWORKS_STRERROR_R) - /* - * The vxworks-style strerror_r() does use the buffer we pass to the function. - * The buffer size should be at least NAME_MAX (256) - */ - { - char buffer[256]; - if(OK == strerror_r(err, buffer)) - strncpy(buf, buffer, max); - else - msnprintf(buf, max, "Unknown error %d", err); - } #else { /* !checksrc! disable STRERROR 1 */ diff --git a/contrib/libs/curl/lib/telnet.c b/contrib/libs/curl/lib/telnet.c index a81bb81c36..e709973244 100644 --- a/contrib/libs/curl/lib/telnet.c +++ b/contrib/libs/curl/lib/telnet.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -781,7 +781,7 @@ static CURLcode check_telnet_options(struct Curl_easy *data) /* Add the user name as an environment variable if it was given on the command line */ - if(conn->bits.user_passwd) { + if(data->state.aptr.user) { msnprintf(option_arg, sizeof(option_arg), "USER,%s", conn->user); beg = curl_slist_append(tn->telnet_vars, option_arg); if(!beg) { diff --git a/contrib/libs/curl/lib/tftp.c b/contrib/libs/curl/lib/tftp.c index f8c68441ca..7f2c88b71e 100644 --- a/contrib/libs/curl/lib/tftp.c +++ b/contrib/libs/curl/lib/tftp.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -327,7 +327,7 @@ static CURLcode tftp_parse_option_ack(struct tftp_state_data *state, infof(data, "got option=(%s) value=(%s)", option, value); - if(checkprefix(option, TFTP_OPTION_BLKSIZE)) { + if(checkprefix(TFTP_OPTION_BLKSIZE, option)) { long blksize; blksize = strtol(value, NULL, 10); @@ -359,7 +359,7 @@ static CURLcode tftp_parse_option_ack(struct tftp_state_data *state, infof(data, "%s (%d) %s (%d)", "blksize parsed from OACK", state->blksize, "requested", state->requested_blksize); } - else if(checkprefix(option, TFTP_OPTION_TSIZE)) { + else if(checkprefix(TFTP_OPTION_TSIZE, option)) { long tsize = 0; tsize = strtol(value, NULL, 10); @@ -463,7 +463,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state, /* As RFC3617 describes the separator slash is not actually part of the file name so we skip the always-present first letter of the path string. */ - result = Curl_urldecode(data, &state->data->state.up.path[1], 0, + result = Curl_urldecode(&state->data->state.up.path[1], 0, &filename, NULL, REJECT_ZERO); if(result) return result; diff --git a/contrib/libs/curl/lib/transfer.c b/contrib/libs/curl/lib/transfer.c index 22704fa158..1f8019b3d0 100644 --- a/contrib/libs/curl/lib/transfer.c +++ b/contrib/libs/curl/lib/transfer.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -73,7 +73,6 @@ #include "select.h" #include "multiif.h" #include "connect.h" -#include "non-ascii.h" #include "http2.h" #include "mime.h" #include "strcase.h" @@ -95,10 +94,10 @@ * Returns a pointer to the first matching header or NULL if none matched. */ char *Curl_checkheaders(const struct Curl_easy *data, - const char *thisheader) + const char *thisheader, + const size_t thislen) { struct curl_slist *head; - size_t thislen = strlen(thisheader); DEBUGASSERT(thislen); DEBUGASSERT(thisheader[thislen-1] != ':'); @@ -165,20 +164,6 @@ CURLcode Curl_fillreadbuffer(struct Curl_easy *data, size_t bytes, curl_read_callback readfunc = NULL; void *extra_data = NULL; -#ifdef CURL_DOES_CONVERSIONS - bool sending_http_headers = FALSE; - struct connectdata *conn = data->conn; - - if(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)) { - const struct HTTP *http = data->req.p.http; - - if(http->sending == HTTPSEND_REQUEST) - /* We're sending the HTTP request headers, not the data. - Remember that so we don't re-translate them into garbage. */ - sending_http_headers = TRUE; - } -#endif - #ifndef CURL_DISABLE_HTTP if(data->state.trailers_state == TRAILERS_INITIALIZED) { struct curl_slist *trailers = NULL; @@ -347,26 +332,6 @@ CURLcode Curl_fillreadbuffer(struct Curl_easy *data, size_t bytes, } } -#ifdef CURL_DOES_CONVERSIONS - { - CURLcode result; - size_t length; - if(data->state.prefer_ascii) - /* translate the protocol and data */ - length = nread; - else - /* just translate the protocol portion */ - length = hexlen; - if(length) { - result = Curl_convert_to_network(data, data->req.upload_fromhere, - length); - /* Curl_convert_to_network calls failf if unsuccessful */ - if(result) - return result; - } - } -#endif /* CURL_DOES_CONVERSIONS */ - #ifndef CURL_DISABLE_HTTP if(data->state.trailers_state == TRAILERS_SENDING && !trailers_left(data)) { @@ -391,15 +356,6 @@ CURLcode Curl_fillreadbuffer(struct Curl_easy *data, size_t bytes, if(added_crlf) nread += strlen(endofline_network); /* for the added end of line */ } -#ifdef CURL_DOES_CONVERSIONS - else if((data->state.prefer_ascii) && (!sending_http_headers)) { - CURLcode result; - result = Curl_convert_to_network(data, data->req.upload_fromhere, nread); - /* Curl_convert_to_network calls failf if unsuccessful */ - if(result) - return result; - } -#endif /* CURL_DOES_CONVERSIONS */ *nreadp = nread; diff --git a/contrib/libs/curl/lib/transfer.h b/contrib/libs/curl/lib/transfer.h index 0fa3d55e82..56d2fd1ee3 100644 --- a/contrib/libs/curl/lib/transfer.h +++ b/contrib/libs/curl/lib/transfer.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,7 +24,8 @@ #define Curl_headersep(x) ((((x)==':') || ((x)==';'))) char *Curl_checkheaders(const struct Curl_easy *data, - const char *thisheader); + const char *thisheader, + const size_t thislen); void Curl_init_CONNECT(struct Curl_easy *data); diff --git a/contrib/libs/curl/lib/url.c b/contrib/libs/curl/lib/url.c index 3fdf02d8ec..75f43db3d8 100644 --- a/contrib/libs/curl/lib/url.c +++ b/contrib/libs/curl/lib/url.c @@ -99,7 +99,6 @@ bool curl_win32_idn_to_ascii(const char *in, char **out); #include "easyif.h" #include "speedcheck.h" #include "warnless.h" -#include "non-ascii.h" #include "getinfo.h" #include "urlapi-int.h" #include "system_win32.h" @@ -137,15 +136,6 @@ bool curl_win32_idn_to_ascii(const char *in, char **out); #include "curl_memory.h" #include "memdebug.h" -/* Count of the backend ssl objects to allocate */ -#ifdef USE_SSL -# ifndef CURL_DISABLE_PROXY -# define SSL_BACKEND_CNT 4 -# else -# define SSL_BACKEND_CNT 2 -# endif -#endif - static void conn_free(struct connectdata *conn); /* Some parts of the code (e.g. chunked encoding) assume this buffer has at @@ -445,7 +435,6 @@ CURLcode Curl_close(struct Curl_easy **datap) Curl_resolver_cleanup(data->state.async.resolver); Curl_http2_cleanup_dependencies(data); - Curl_convert_close(data); /* No longer a dirty share, if it exists */ if(data->share) { @@ -509,11 +498,6 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) set->seek_func = ZERO_NULL; set->seek_client = ZERO_NULL; - /* conversion callbacks for non-ASCII hosts */ - set->convfromnetwork = ZERO_NULL; - set->convtonetwork = ZERO_NULL; - set->convfromutf8 = ZERO_NULL; - set->filesize = -1; /* we don't know the size */ set->postfieldsize = -1; /* unknown size */ set->maxredirs = -1; /* allow any amount by default */ @@ -677,7 +661,6 @@ CURLcode Curl_open(struct Curl_easy **curl) result = Curl_init_userdefined(data); if(!result) { Curl_dyn_init(&data->state.headerb, CURL_MAX_HTTP_HEADER); - Curl_convert_init(data); Curl_initinfo(data); /* most recent connection is not yet defined */ @@ -760,7 +743,9 @@ static void conn_shutdown(struct Curl_easy *data, struct connectdata *conn) /* close the SSL stuff before we close any sockets since they will/may write to the sockets */ Curl_ssl_close(data, conn, FIRSTSOCKET); +#ifndef CURL_DISABLE_FTP Curl_ssl_close(data, conn, SECONDARYSOCKET); +#endif /* close possibly still open sockets */ if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET]) @@ -830,8 +815,8 @@ static void conn_free(struct connectdata *conn) * */ -CURLcode Curl_disconnect(struct Curl_easy *data, - struct connectdata *conn, bool dead_connection) +void Curl_disconnect(struct Curl_easy *data, + struct connectdata *conn, bool dead_connection) { /* there must be a connection to close */ DEBUGASSERT(conn); @@ -851,7 +836,7 @@ CURLcode Curl_disconnect(struct Curl_easy *data, */ if(CONN_INUSE(conn) && !dead_connection) { DEBUGF(infof(data, "Curl_disconnect when inuse: %zu", CONN_INUSE(conn))); - return CURLE_OK; + return; } if(conn->dns_entry) { @@ -883,7 +868,6 @@ CURLcode Curl_disconnect(struct Curl_easy *data, Curl_detach_connnection(data); conn_free(conn); - return CURLE_OK; } /* @@ -949,7 +933,7 @@ socks_proxy_info_matches(const struct proxy_info *data, /* the user information is case-sensitive or at least it is not defined as case-insensitive - see https://tools.ietf.org/html/rfc3986#section-3.2.1 */ + see https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.1 */ if(!data->user != !needle->user) return FALSE; /* curl_strequal does a case insentive comparison, so do not use it here! */ @@ -1105,7 +1089,7 @@ static void prune_dead_connections(struct Curl_easy *data) Curl_conncache_remove_conn(data, prune.extracted, TRUE); /* disconnect it */ - (void)Curl_disconnect(data, prune.extracted, TRUE); + Curl_disconnect(data, prune.extracted, TRUE); } CONNCACHE_LOCK(data); data->state.conn_cache->last_cleanup = now; @@ -1209,7 +1193,7 @@ ConnectionExists(struct Curl_easy *data, if(extract_if_dead(check, data)) { /* disconnect it */ - (void)Curl_disconnect(data, check, TRUE); + Curl_disconnect(data, check, TRUE); continue; } @@ -1575,20 +1559,6 @@ bool Curl_is_ASCII_name(const char *hostname) } /* - * Strip single trailing dot in the hostname, - * primarily for SNI and http host header. - */ -static void strip_trailing_dot(struct hostname *host) -{ - size_t len; - if(!host || !host->name) - return; - len = strlen(host->name); - if(len && (host->name[len-1] == '.')) - host->name[len-1] = 0; -} - -/* * Perform any necessary IDN conversion of hostname */ CURLcode Curl_idnconvert_hostname(struct Curl_easy *data, @@ -1690,18 +1660,35 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) Note that these backend pointers can be swapped by vtls (eg ssl backend data becomes proxy backend data). */ { - size_t sslsize = Curl_ssl->sizeof_ssl_backend_data; - char *ssl = calloc(SSL_BACKEND_CNT, sslsize); + size_t onesize = Curl_ssl->sizeof_ssl_backend_data; + size_t totalsize = onesize; + char *ssl; + +#ifndef CURL_DISABLE_FTP + totalsize *= 2; +#endif +#ifndef CURL_DISABLE_PROXY + totalsize *= 2; +#endif + + ssl = calloc(1, totalsize); if(!ssl) { free(conn); return NULL; } conn->ssl_extra = ssl; - conn->ssl[0].backend = (void *)ssl; - conn->ssl[1].backend = (void *)(ssl + sslsize); + conn->ssl[FIRSTSOCKET].backend = (void *)ssl; +#ifndef CURL_DISABLE_FTP + ssl += onesize; + conn->ssl[SECONDARYSOCKET].backend = (void *)ssl; +#endif #ifndef CURL_DISABLE_PROXY - conn->proxy_ssl[0].backend = (void *)(ssl + 2 * sslsize); - conn->proxy_ssl[1].backend = (void *)(ssl + 3 * sslsize); + ssl += onesize; + conn->proxy_ssl[FIRSTSOCKET].backend = (void *)ssl; +#ifndef CURL_DISABLE_FTP + ssl += onesize; + conn->proxy_ssl[SECONDARYSOCKET].backend = (void *)ssl; +#endif #endif } #endif @@ -1761,7 +1748,6 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) conn->bits.tunnel_proxy = data->set.tunnel_thru_httpproxy; #endif /* CURL_DISABLE_PROXY */ - conn->bits.user_passwd = (data->state.aptr.user) ? TRUE : FALSE; #ifndef CURL_DISABLE_FTP conn->bits.ftp_use_epsv = data->set.ftp_use_epsv; conn->bits.ftp_use_eprt = data->set.ftp_use_eprt; @@ -1882,6 +1868,7 @@ CURLcode Curl_uc_to_curlcode(CURLUcode uc) } } +#ifdef ENABLE_IPV6 /* * If the URL was set with an IPv6 numerical address with a zone id part, set * the scope_id based on that! @@ -1931,6 +1918,9 @@ static void zonefrom_url(CURLU *uh, struct Curl_easy *data, free(zoneid); } } +#else +#define zonefrom_url(a,b,c) Curl_nop_stmt +#endif /* * Parse URL and fill in the relevant members of the connection struct. @@ -2038,45 +2028,47 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, * User name and password set with their own options override the * credentials possibly set in the URL. */ - if(!data->state.aptr.user) { - /* we don't use the URL API's URL decoder option here since it rejects - control codes and we want to allow them for some schemes in the user - and password fields */ - uc = curl_url_get(uh, CURLUPART_USER, &data->state.up.user, 0); + if(!data->state.aptr.passwd) { + uc = curl_url_get(uh, CURLUPART_PASSWORD, &data->state.up.password, 0); if(!uc) { char *decoded; - result = Curl_urldecode(NULL, data->state.up.user, 0, &decoded, NULL, + result = Curl_urldecode(data->state.up.password, 0, &decoded, NULL, conn->handler->flags&PROTOPT_USERPWDCTRL ? REJECT_ZERO : REJECT_CTRL); if(result) return result; - conn->user = decoded; - conn->bits.user_passwd = TRUE; - result = Curl_setstropt(&data->state.aptr.user, decoded); + conn->passwd = decoded; + result = Curl_setstropt(&data->state.aptr.passwd, decoded); if(result) return result; } - else if(uc != CURLUE_NO_USER) + else if(uc != CURLUE_NO_PASSWORD) return Curl_uc_to_curlcode(uc); } - if(!data->state.aptr.passwd) { - uc = curl_url_get(uh, CURLUPART_PASSWORD, &data->state.up.password, 0); + if(!data->state.aptr.user) { + /* we don't use the URL API's URL decoder option here since it rejects + control codes and we want to allow them for some schemes in the user + and password fields */ + uc = curl_url_get(uh, CURLUPART_USER, &data->state.up.user, 0); if(!uc) { char *decoded; - result = Curl_urldecode(NULL, data->state.up.password, 0, &decoded, NULL, + result = Curl_urldecode(data->state.up.user, 0, &decoded, NULL, conn->handler->flags&PROTOPT_USERPWDCTRL ? REJECT_ZERO : REJECT_CTRL); if(result) return result; - conn->passwd = decoded; - conn->bits.user_passwd = TRUE; - result = Curl_setstropt(&data->state.aptr.passwd, decoded); - if(result) - return result; + conn->user = decoded; + result = Curl_setstropt(&data->state.aptr.user, decoded); } - else if(uc != CURLUE_NO_PASSWORD) + else if(uc != CURLUE_NO_USER) return Curl_uc_to_curlcode(uc); + else if(data->state.aptr.passwd) { + /* no user was set but a password, set a blank user */ + result = Curl_setstropt(&data->state.aptr.user, ""); + } + if(result) + return result; } uc = curl_url_get(uh, CURLUPART_OPTIONS, &data->state.up.options, @@ -2128,9 +2120,11 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; conn->host.name = conn->host.rawalloc; +#ifdef ENABLE_IPV6 if(data->set.scope_id) /* Override any scope that was set above. */ conn->scope_id = data->set.scope_id; +#endif return CURLE_OK; } @@ -2560,14 +2554,14 @@ static CURLcode parse_proxy_auth(struct Curl_easy *data, CURLcode result = CURLE_OK; if(proxyuser) { - result = Curl_urldecode(data, proxyuser, 0, &conn->http_proxy.user, NULL, + result = Curl_urldecode(proxyuser, 0, &conn->http_proxy.user, NULL, REJECT_ZERO); if(!result) result = Curl_setstropt(&data->state.aptr.proxyuser, conn->http_proxy.user); } if(!result && proxypasswd) { - result = Curl_urldecode(data, proxypasswd, 0, &conn->http_proxy.passwd, + result = Curl_urldecode(proxypasswd, 0, &conn->http_proxy.passwd, NULL, REJECT_ZERO); if(!result) result = Curl_setstropt(&data->state.aptr.proxypasswd, @@ -2922,10 +2916,10 @@ static CURLcode override_login(struct Curl_easy *data, char **optionsp = &conn->options; #ifndef CURL_DISABLE_NETRC - if(data->set.use_netrc == CURL_NETRC_REQUIRED && conn->bits.user_passwd) { + if(data->set.use_netrc == CURL_NETRC_REQUIRED && data->state.aptr.user) { Curl_safefree(*userp); Curl_safefree(*passwdp); - conn->bits.user_passwd = FALSE; /* disable user+password */ + Curl_safefree(data->state.aptr.user); /* disable user+password */ } #endif @@ -2942,6 +2936,13 @@ static CURLcode override_login(struct Curl_easy *data, bool netrc_user_changed = FALSE; bool netrc_passwd_changed = FALSE; int ret; + bool url_provided = FALSE; + + if(data->state.up.user) { + /* there was a user name in the URL */ + userp = &data->state.up.user; + url_provided = TRUE; + } ret = Curl_parsenetrc(conn->host.name, userp, passwdp, @@ -2959,29 +2960,37 @@ static CURLcode override_login(struct Curl_easy *data, file, so that it is safe to use even if we followed a Location: to a different host or similar. */ conn->bits.netrc = TRUE; - conn->bits.user_passwd = TRUE; /* enable user+password */ + } + if(url_provided) { + Curl_safefree(conn->user); + conn->user = strdup(*userp); + if(!conn->user) + return CURLE_OUT_OF_MEMORY; + /* don't update the user name below */ + userp = NULL; } } #endif /* for updated strings, we update them in the URL */ - if(*userp) { - CURLcode result = Curl_setstropt(&data->state.aptr.user, *userp); - if(result) - return result; - } - if(data->state.aptr.user) { - uc = curl_url_set(data->state.uh, CURLUPART_USER, data->state.aptr.user, - CURLU_URLENCODE); - if(uc) - return Curl_uc_to_curlcode(uc); - if(!*userp) { - *userp = strdup(data->state.aptr.user); - if(!*userp) - return CURLE_OUT_OF_MEMORY; + if(userp) { + if(*userp) { + CURLcode result = Curl_setstropt(&data->state.aptr.user, *userp); + if(result) + return result; + } + if(data->state.aptr.user) { + uc = curl_url_set(data->state.uh, CURLUPART_USER, data->state.aptr.user, + CURLU_URLENCODE); + if(uc) + return Curl_uc_to_curlcode(uc); + if(!*userp) { + *userp = strdup(data->state.aptr.user); + if(!*userp) + return CURLE_OUT_OF_MEMORY; + } } } - if(*passwdp) { CURLcode result = Curl_setstropt(&data->state.aptr.passwd, *passwdp); if(result) @@ -3005,14 +3014,15 @@ static CURLcode override_login(struct Curl_easy *data, /* * Set the login details so they're available in the connection */ -static CURLcode set_login(struct connectdata *conn) +static CURLcode set_login(struct Curl_easy *data, + struct connectdata *conn) { CURLcode result = CURLE_OK; const char *setuser = CURL_DEFAULT_USER; const char *setpasswd = CURL_DEFAULT_PASSWORD; /* If our protocol needs a password and we have none, use the defaults */ - if((conn->handler->flags & PROTOPT_NEEDSPWD) && !conn->bits.user_passwd) + if((conn->handler->flags & PROTOPT_NEEDSPWD) && !data->state.aptr.user) ; else { setuser = ""; @@ -3389,7 +3399,7 @@ static CURLcode resolve_server(struct Curl_easy *data, else #endif - if(!conn->bits.proxy) { + if(!CONN_IS_PROXIED(conn)) { struct hostname *connhost; if(conn->bits.conn_to_host) connhost = &conn->conn_to_host; @@ -3486,8 +3496,7 @@ static void reuse_conn(struct Curl_easy *data, /* get the user+password information from the old_conn struct since it may * be new for this request even when we re-use an existing connection */ - conn->bits.user_passwd = old_conn->bits.user_passwd; - if(conn->bits.user_passwd) { + if(old_conn->user) { /* use the new user name and password though */ Curl_safefree(conn->user); Curl_safefree(conn->passwd); @@ -3665,7 +3674,7 @@ static CURLcode create_conn(struct Curl_easy *data, if(result) goto out; - result = set_login(conn); /* default credentials */ + result = set_login(data, conn); /* default credentials */ if(result) goto out; @@ -3947,7 +3956,7 @@ static CURLcode create_conn(struct Curl_easy *data, CONNCACHE_UNLOCK(data); if(conn_candidate) - (void)Curl_disconnect(data, conn_candidate, FALSE); + Curl_disconnect(data, conn_candidate, FALSE); else { infof(data, "No more connections allowed to host %s: %zu", bundlehost, max_host_connections); @@ -3967,7 +3976,7 @@ static CURLcode create_conn(struct Curl_easy *data, /* The cache is full. Let's see if we can kill a connection. */ conn_candidate = Curl_conncache_extract_oldest(data); if(conn_candidate) - (void)Curl_disconnect(data, conn_candidate, FALSE); + Curl_disconnect(data, conn_candidate, FALSE); else { infof(data, "No connections available in cache"); connections_available = FALSE; @@ -4038,17 +4047,6 @@ static CURLcode create_conn(struct Curl_easy *data, *************************************************************/ result = resolve_server(data, conn, async); - /* Strip trailing dots. resolve_server copied the name. */ - strip_trailing_dot(&conn->host); -#ifndef CURL_DISABLE_PROXY - if(conn->bits.httpproxy) - strip_trailing_dot(&conn->http_proxy.host); - if(conn->bits.socksproxy) - strip_trailing_dot(&conn->socks_proxy.host); -#endif - if(conn->bits.conn_to_host) - strip_trailing_dot(&conn->conn_to_host); - out: return result; } diff --git a/contrib/libs/curl/lib/url.h b/contrib/libs/curl/lib/url.h index 929fc60f26..59a1c24919 100644 --- a/contrib/libs/curl/lib/url.h +++ b/contrib/libs/curl/lib/url.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -35,8 +35,8 @@ void Curl_freeset(struct Curl_easy *data); CURLcode Curl_uc_to_curlcode(CURLUcode uc); CURLcode Curl_close(struct Curl_easy **datap); /* opposite of curl_open() */ CURLcode Curl_connect(struct Curl_easy *, bool *async, bool *protocol_connect); -CURLcode Curl_disconnect(struct Curl_easy *data, - struct connectdata *, bool dead_connection); +void Curl_disconnect(struct Curl_easy *data, + struct connectdata *, bool dead_connection); CURLcode Curl_setup_conn(struct Curl_easy *data, bool *protocol_done); void Curl_free_request_state(struct Curl_easy *data); diff --git a/contrib/libs/curl/lib/urlapi.c b/contrib/libs/curl/lib/urlapi.c index d29aeb238f..ff00ee4243 100644 --- a/contrib/libs/curl/lib/urlapi.c +++ b/contrib/libs/curl/lib/urlapi.c @@ -90,16 +90,6 @@ static void free_urlhandle(struct Curl_URL *u) free(u->temppath); } -/* move the full contents of one handle onto another and - free the original */ -static void mv_urlhandle(struct Curl_URL *from, - struct Curl_URL *to) -{ - free_urlhandle(to); - *to = *from; - free(from); -} - /* * Find the separator at the end of the host name, or the '?' in cases like * http://www.url.com?id=2380 @@ -804,8 +794,7 @@ static CURLUcode decode_host(char *hostname, char **outp) else { /* might be encoded */ size_t dlen; - CURLcode result = Curl_urldecode(NULL, hostname, 0, - outp, &dlen, REJECT_CTRL); + CURLcode result = Curl_urldecode(hostname, 0, outp, &dlen, REJECT_CTRL); if(result) return CURLUE_BAD_HOSTNAME; } @@ -1005,9 +994,7 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) return CURLUE_NO_HOST; } - len = strlen(p); - memcpy(path, p, len); - path[len] = 0; + strcpy(path, p); if(schemep) { u->scheme = strdup(schemep); @@ -1157,6 +1144,25 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) } /* + * Parse the URL and, if successful, replace everyting in the Curl_URL struct. + */ +static CURLUcode parseurl_and_replace(const char *url, CURLU *u, + unsigned int flags) +{ + CURLUcode result; + CURLU tmpurl; + memset(&tmpurl, 0, sizeof(tmpurl)); + result = parseurl(url, &tmpurl, flags); + if(!result) { + free_urlhandle(u); + *u = tmpurl; + } + else + free_urlhandle(&tmpurl); + return result; +} + +/* */ CURLU *curl_url(void) { @@ -1422,8 +1428,7 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what, size_t dlen; /* this unconditional rejection of control bytes is documented API behavior */ - CURLcode res = Curl_urldecode(NULL, *part, 0, &decoded, &dlen, - REJECT_CTRL); + CURLcode res = Curl_urldecode(*part, 0, &decoded, &dlen, REJECT_CTRL); free(*part); if(res) { *part = NULL; @@ -1564,52 +1569,24 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, CURLUcode result; char *oldurl; char *redired_url; - CURLU *handle2; - if(Curl_is_absolute_url(part, NULL, 0)) { - handle2 = curl_url(); - if(!handle2) - return CURLUE_OUT_OF_MEMORY; - result = parseurl(part, handle2, flags); - if(!result) - mv_urlhandle(handle2, u); - else - curl_url_cleanup(handle2); - return result; - } - /* extract the full "old" URL to do the redirect on */ - result = curl_url_get(u, CURLUPART_URL, &oldurl, flags); - if(result) { - /* couldn't get the old URL, just use the new! */ - handle2 = curl_url(); - if(!handle2) - return CURLUE_OUT_OF_MEMORY; - result = parseurl(part, handle2, flags); - if(!result) - mv_urlhandle(handle2, u); - else - curl_url_cleanup(handle2); - return result; + /* if the new thing is absolute or the old one is not + * (we could not get an absolute url in 'oldurl'), + * then replace the existing with the new. */ + if(Curl_is_absolute_url(part, NULL, 0) + || curl_url_get(u, CURLUPART_URL, &oldurl, flags)) { + return parseurl_and_replace(part, u, flags); } - /* apply the relative part to create a new URL */ + /* apply the relative part to create a new URL + * and replace the existing one with it. */ redired_url = concat_url(oldurl, part); free(oldurl); if(!redired_url) return CURLUE_OUT_OF_MEMORY; - /* now parse the new URL */ - handle2 = curl_url(); - if(!handle2) { - free(redired_url); - return CURLUE_OUT_OF_MEMORY; - } - result = parseurl(redired_url, handle2, flags); + result = parseurl_and_replace(redired_url, u, flags); free(redired_url); - if(!result) - mv_urlhandle(handle2, u); - else - curl_url_cleanup(handle2); return result; } default: diff --git a/contrib/libs/curl/lib/urldata.h b/contrib/libs/curl/lib/urldata.h index 93aea80691..ccf3c32cfe 100644 --- a/contrib/libs/curl/lib/urldata.h +++ b/contrib/libs/curl/lib/urldata.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -352,10 +352,6 @@ typedef enum { GSS_AUTHSUCC } curlnegotiate; -#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV) -#include <iconv.h> -#endif - /* Struct used for GSSAPI (Kerberos V5) authentication */ #if defined(USE_KERBEROS5) struct kerberos5data { @@ -450,6 +446,11 @@ struct negotiatedata { }; #endif +#ifdef CURL_DISABLE_PROXY +#define CONN_IS_PROXIED(x) 0 +#else +#define CONN_IS_PROXIED(x) x->bits.proxy +#endif /* * Boolean values that concerns this connection. @@ -470,6 +471,7 @@ struct ConnectBits { BIT(proxy_connect_closed); /* TRUE if a proxy disconnected the connection in a CONNECT request with auth, so that libcurl should reconnect and continue. */ + BIT(proxy); /* if set, this transfer is done through a proxy - any type */ #endif /* always modify bits.close with the connclose() and connkeep() macros! */ BIT(close); /* if set, we close the connection after this request */ @@ -479,8 +481,6 @@ struct ConnectBits { that overrides the host in the URL */ BIT(conn_to_port); /* if set, this connection has a "connect to port" that overrides the port in the URL (remote port) */ - BIT(proxy); /* if set, this transfer is done through a proxy - any type */ - BIT(user_passwd); /* do we use user+password for this connection? */ BIT(ipv6_ip); /* we communicate with a remote site specified with pure IPv6 IP address */ BIT(ipv6); /* we communicate with a site using an IPv6 address */ @@ -939,8 +939,9 @@ struct connectdata { cache entry remains locked. It gets unlocked in multi_done() */ struct Curl_addrinfo *ip_addr; struct Curl_addrinfo *tempaddr[2]; /* for happy eyeballs */ - +#ifdef ENABLE_IPV6 unsigned int scope_id; /* Scope id for IPv6 */ +#endif enum { TRNSPRT_TCP = 3, @@ -1659,13 +1660,6 @@ struct UserDefined { void *prereq_userp; /* pre-initial request user data */ void *seek_client; /* pointer to pass to the seek callback */ - /* the 3 curl_conv_callback functions below are used on non-ASCII hosts */ - /* function to convert from the network encoding: */ - curl_conv_callback convfromnetwork; - /* function to convert to the network encoding: */ - curl_conv_callback convtonetwork; - /* function to convert from UTF-8 encoding: */ - curl_conv_callback convfromutf8; #ifndef CURL_DISABLE_HSTS curl_hstsread_callback hsts_read; void *hsts_read_userp; @@ -1749,7 +1743,9 @@ struct UserDefined { long ssh_auth_types; /* allowed SSH auth types */ char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */ struct curl_blob *blobs[BLOB_LAST]; +#ifdef ENABLE_IPV6 unsigned int scope_id; /* Scope id for IPv6 */ +#endif long allowed_protocols; long redir_protocols; long mime_options; /* Mime option flags. */ @@ -1949,11 +1945,6 @@ struct Curl_easy { struct PureInfo info; /* stats, reports and info data */ struct curl_tlssessioninfo tsi; /* Information about the TLS session, only valid after a client has asked for it */ -#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV) - iconv_t outbound_cd; /* for translating to the network encoding */ - iconv_t inbound_cd; /* for translating from the network encoding */ - iconv_t utf8_cd; /* for translating to UTF8 */ -#endif /* CURL_DOES_CONVERSIONS && HAVE_ICONV */ #ifdef USE_HYPER struct hyptransfer hyp; #endif diff --git a/contrib/libs/curl/lib/vauth/digest.c b/contrib/libs/curl/lib/vauth/digest.c index d8aac66bda..d4616095da 100644 --- a/contrib/libs/curl/lib/vauth/digest.c +++ b/contrib/libs/curl/lib/vauth/digest.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -40,7 +40,6 @@ #include "warnless.h" #include "strtok.h" #include "strcase.h" -#include "non-ascii.h" /* included for Curl_convert_... prototypes */ #include "curl_printf.h" #include "rand.h" @@ -56,20 +55,7 @@ #define DIGEST_QOP_VALUE_STRING_AUTH "auth" #define DIGEST_QOP_VALUE_STRING_AUTH_INT "auth-int" #define DIGEST_QOP_VALUE_STRING_AUTH_CONF "auth-conf" - -/* The CURL_OUTPUT_DIGEST_CONV macro below is for non-ASCII machines. - It converts digest text to ASCII so the MD5 will be correct for - what ultimately goes over the network. -*/ -#define CURL_OUTPUT_DIGEST_CONV(a, b) \ - do { \ - result = Curl_convert_to_network(a, b, strlen(b)); \ - if(result) { \ - free(b); \ - return result; \ - } \ - } while(0) -#endif /* !USE_WINDOWS_SSPI */ +#endif bool Curl_auth_digest_get_pair(const char *str, char *value, char *content, const char **endptr) @@ -692,7 +678,7 @@ static CURLcode auth_create_digest_http_message( if(result) return result; - result = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf), + result = Curl_base64_encode(cnoncebuf, strlen(cnoncebuf), &cnonce, &cnonce_sz); if(result) return result; @@ -705,7 +691,6 @@ static CURLcode auth_create_digest_http_message( if(!hashthis) return CURLE_OUT_OF_MEMORY; - CURL_OUTPUT_DIGEST_CONV(data, hashthis); hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); free(hashthis); convert_to_ascii(hashbuf, (unsigned char *)userh); @@ -726,7 +711,6 @@ static CURLcode auth_create_digest_http_message( if(!hashthis) return CURLE_OUT_OF_MEMORY; - CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); free(hashthis); convert_to_ascii(hashbuf, ha1); @@ -739,7 +723,6 @@ static CURLcode auth_create_digest_http_message( if(!tmp) return CURLE_OUT_OF_MEMORY; - CURL_OUTPUT_DIGEST_CONV(data, tmp); /* Convert on non-ASCII machines */ hash(hashbuf, (unsigned char *) tmp, strlen(tmp)); free(tmp); convert_to_ascii(hashbuf, ha1); @@ -778,7 +761,6 @@ static CURLcode auth_create_digest_http_message( if(!hashthis) return CURLE_OUT_OF_MEMORY; - CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); free(hashthis); convert_to_ascii(hashbuf, ha2); @@ -794,7 +776,6 @@ static CURLcode auth_create_digest_http_message( if(!hashthis) return CURLE_OUT_OF_MEMORY; - CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); free(hashthis); convert_to_ascii(hashbuf, request_digest); diff --git a/contrib/libs/curl/lib/vauth/ntlm.c b/contrib/libs/curl/lib/vauth/ntlm.c index 04f6590acf..b769e0f5d2 100644 --- a/contrib/libs/curl/lib/vauth/ntlm.c +++ b/contrib/libs/curl/lib/vauth/ntlm.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -34,7 +34,6 @@ #define DEBUG_ME 0 #include "urldata.h" -#include "non-ascii.h" #include "sendf.h" #include "curl_ntlm_core.h" #include "curl_gethostname.h" @@ -383,12 +382,6 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, /* Clean up any former leftovers and initialise to defaults */ Curl_auth_cleanup_ntlm(ntlm); -#if defined(USE_NTRESPONSES) && \ - (defined(USE_NTLM2SESSION) || defined(USE_NTLM_V2)) -#define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY -#else -#define NTLM2FLAG 0 -#endif ntlmbuf = aprintf(NTLMSSP_SIGNATURE "%c" "\x01%c%c%c" /* 32-bit type = 1 */ "%c%c%c%c" /* 32-bit NTLM flag field */ @@ -408,7 +401,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM | NTLMFLAG_REQUEST_TARGET | NTLMFLAG_NEGOTIATE_NTLM_KEY | - NTLM2FLAG | + NTLMFLAG_NEGOTIATE_NTLM2_KEY | NTLMFLAG_NEGOTIATE_ALWAYS_SIGN), SHORTPAIR(domlen), SHORTPAIR(domlen), @@ -433,18 +426,18 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM | NTLMFLAG_REQUEST_TARGET | NTLMFLAG_NEGOTIATE_NTLM_KEY | - NTLM2FLAG | + NTLMFLAG_NEGOTIATE_NTLM2_KEY | NTLMFLAG_NEGOTIATE_ALWAYS_SIGN), NTLMFLAG_NEGOTIATE_OEM | NTLMFLAG_REQUEST_TARGET | NTLMFLAG_NEGOTIATE_NTLM_KEY | - NTLM2FLAG | + NTLMFLAG_NEGOTIATE_NTLM2_KEY | NTLMFLAG_NEGOTIATE_ALWAYS_SIGN); ntlm_print_flags(stderr, NTLMFLAG_NEGOTIATE_OEM | NTLMFLAG_REQUEST_TARGET | NTLMFLAG_NEGOTIATE_NTLM_KEY | - NTLM2FLAG | + NTLMFLAG_NEGOTIATE_NTLM2_KEY | NTLMFLAG_NEGOTIATE_ALWAYS_SIGN); fprintf(stderr, "\n****\n"); }); @@ -498,13 +491,11 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, unsigned char ntlmbuf[NTLM_BUFSIZE]; int lmrespoff; unsigned char lmresp[24]; /* fixed-size */ -#ifdef USE_NTRESPONSES int ntrespoff; unsigned int ntresplen = 24; unsigned char ntresp[24]; /* fixed-size */ unsigned char *ptr_ntresp = &ntresp[0]; unsigned char *ntlmv2resp = NULL; -#endif bool unicode = (ntlm->flags & NTLMFLAG_NEGOTIATE_UNICODE) ? TRUE : FALSE; char host[HOSTNAME_MAX + 1] = ""; const char *user; @@ -540,12 +531,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, hostlen = strlen(host); } -#if defined(USE_NTRESPONSES) && \ - (defined(USE_NTLM2SESSION) || defined(USE_NTLM_V2)) - /* We don't support NTLM2 or extended security if we don't have - USE_NTRESPONSES */ if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) { -# if defined(USE_NTLM_V2) unsigned char ntbuffer[0x18]; unsigned char entropy[8]; unsigned char ntlmv2hash[0x18]; @@ -558,7 +544,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, if(result) return result; - result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer); + result = Curl_ntlm_core_mk_nt_hash(passwdp, ntbuffer); if(result) return result; @@ -580,67 +566,21 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, return result; ptr_ntresp = ntlmv2resp; -# else /* defined(USE_NTLM_V2) */ - unsigned char ntbuffer[0x18]; - unsigned char tmp[0x18]; - unsigned char md5sum[MD5_DIGEST_LEN]; - unsigned char entropy[8]; - - /* NTLM version 1 with extended security. */ - - /* Need to create 8 bytes random data */ - result = Curl_rand(data, entropy, 8); - if(result) - return result; - - /* 8 bytes random data as challenge in lmresp */ - memcpy(lmresp, entropy, 8); - - /* Pad with zeros */ - memset(lmresp + 8, 0, 0x10); - - /* Fill tmp with challenge(nonce?) + entropy */ - memcpy(tmp, &ntlm->nonce[0], 8); - memcpy(tmp + 8, entropy, 8); - - result = Curl_md5it(md5sum, tmp, 16); - if(result) - return result; - - /* We shall only use the first 8 bytes of md5sum, but the des code in - Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */ - result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer); - if(result) - return result; - - Curl_ntlm_core_lm_resp(ntbuffer, md5sum, ntresp); - - /* End of NTLM2 Session code */ - /* NTLM v2 session security is a misnomer because it is not NTLM v2. - It is NTLM v1 using the extended session security that is also - in NTLM v2 */ -# endif /* defined(USE_NTLM_V2) */ } - else -#endif - { + else { -#ifdef USE_NTRESPONSES unsigned char ntbuffer[0x18]; -#endif unsigned char lmbuffer[0x18]; /* NTLM version 1 */ -#ifdef USE_NTRESPONSES - result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer); + result = Curl_ntlm_core_mk_nt_hash(passwdp, ntbuffer); if(result) return result; Curl_ntlm_core_lm_resp(ntbuffer, &ntlm->nonce[0], ntresp); -#endif - result = Curl_ntlm_core_mk_lm_hash(data, passwdp, lmbuffer); + result = Curl_ntlm_core_mk_lm_hash(passwdp, lmbuffer); if(result) return result; @@ -659,12 +599,8 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, } lmrespoff = 64; /* size of the message header */ -#ifdef USE_NTRESPONSES ntrespoff = lmrespoff + 0x18; domoff = ntrespoff + ntresplen; -#else - domoff = lmrespoff + 0x18; -#endif useroff = domoff + domlen; hostoff = useroff + userlen; @@ -719,17 +655,11 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, SHORTPAIR(lmrespoff), 0x0, 0x0, -#ifdef USE_NTRESPONSES SHORTPAIR(ntresplen), /* NT-response length, twice */ SHORTPAIR(ntresplen), SHORTPAIR(ntrespoff), 0x0, 0x0, -#else - 0x0, 0x0, - 0x0, 0x0, - 0x0, 0x0, - 0x0, 0x0, -#endif + SHORTPAIR(domlen), SHORTPAIR(domlen), SHORTPAIR(domoff), @@ -766,7 +696,6 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, ntlm_print_hex(stderr, (char *)&ntlmbuf[lmrespoff], 0x18); }); -#ifdef USE_NTRESPONSES /* ntresplen + size should not be risking an integer overflow here */ if(ntresplen + size > sizeof(ntlmbuf)) { failf(data, "incoming NTLM message too big"); @@ -783,8 +712,6 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, free(ntlmv2resp);/* Free the dynamic buffer allocated for NTLMv2 */ -#endif - DEBUG_OUT({ fprintf(stderr, "\n flags=0x%02.2x%02.2x%02.2x%02.2x 0x%08.8x ", LONGQUARTET(ntlm->flags), ntlm->flags); @@ -823,12 +750,6 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, size += hostlen; - /* Convert domain, user, and host to ASCII but leave the rest as-is */ - result = Curl_convert_to_network(data, (char *)&ntlmbuf[domoff], - size - domoff); - if(result) - return CURLE_CONV_FAILED; - /* Return the binary blob. */ result = Curl_bufref_memdup(out, ntlmbuf, size); diff --git a/contrib/libs/curl/lib/vauth/spnego_gssapi.c b/contrib/libs/curl/lib/vauth/spnego_gssapi.c index 360f3cb4a9..9229c318fa 100644 --- a/contrib/libs/curl/lib/vauth/spnego_gssapi.c +++ b/contrib/libs/curl/lib/vauth/spnego_gssapi.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -204,16 +204,14 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, * * Returns CURLE_OK on success. */ -CURLcode Curl_auth_create_spnego_message(struct Curl_easy *data, - struct negotiatedata *nego, +CURLcode Curl_auth_create_spnego_message(struct negotiatedata *nego, char **outptr, size_t *outlen) { CURLcode result; OM_uint32 minor_status; /* Base64 encode the already generated response */ - result = Curl_base64_encode(data, - nego->output_token.value, + result = Curl_base64_encode(nego->output_token.value, nego->output_token.length, outptr, outlen); diff --git a/contrib/libs/curl/lib/vauth/spnego_sspi.c b/contrib/libs/curl/lib/vauth/spnego_sspi.c index 68bb17da59..d219d8bb24 100644 --- a/contrib/libs/curl/lib/vauth/spnego_sspi.c +++ b/contrib/libs/curl/lib/vauth/spnego_sspi.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -301,27 +301,19 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, * * Returns CURLE_OK on success. */ -CURLcode Curl_auth_create_spnego_message(struct Curl_easy *data, - struct negotiatedata *nego, +CURLcode Curl_auth_create_spnego_message(struct negotiatedata *nego, char **outptr, size_t *outlen) { - CURLcode result; - /* Base64 encode the already generated response */ - result = Curl_base64_encode(data, - (const char *) nego->output_token, - nego->output_token_length, - outptr, outlen); - - if(result) - return result; - - if(!*outptr || !*outlen) { + CURLcode result = Curl_base64_encode((const char *) nego->output_token, + nego->output_token_length, outptr, + outlen); + if(!result && (!*outptr || !*outlen)) { free(*outptr); - return CURLE_REMOTE_ACCESS_DENIED; + result = CURLE_REMOTE_ACCESS_DENIED; } - return CURLE_OK; + return result; } /* diff --git a/contrib/libs/curl/lib/vauth/vauth.h b/contrib/libs/curl/lib/vauth/vauth.h index 47a7c0bc81..6e1237834a 100644 --- a/contrib/libs/curl/lib/vauth/vauth.h +++ b/contrib/libs/curl/lib/vauth/vauth.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2014 - 2021, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2014 - 2022, Steve Holme, <steve_holme@hotmail.com>. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -219,8 +219,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, /* This is used to generate a base64 encoded SPNEGO (Negotiate) response message */ -CURLcode Curl_auth_create_spnego_message(struct Curl_easy *data, - struct negotiatedata *nego, +CURLcode Curl_auth_create_spnego_message(struct negotiatedata *nego, char **outptr, size_t *outlen); /* This is used to clean up the SPNEGO specifiec data */ diff --git a/contrib/libs/curl/lib/version.c b/contrib/libs/curl/lib/version.c index 9fb16c5444..84dfa5c2e5 100644 --- a/contrib/libs/curl/lib/version.c +++ b/contrib/libs/curl/lib/version.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -46,10 +46,6 @@ #error #include <libpsl.h> #endif -#if defined(HAVE_ICONV) && defined(CURL_DOES_CONVERSIONS) -#include <iconv.h> -#endif - #ifdef USE_LIBRTMP #include <librtmp/rtmp.h> #endif @@ -106,7 +102,7 @@ static void zstd_version(char *buf, size_t bufsz) * zeros in the data. */ -#define VERSION_PARTS 17 /* number of substrings we can concatenate */ +#define VERSION_PARTS 16 /* number of substrings we can concatenate */ char *curl_version(void) { @@ -135,9 +131,6 @@ char *curl_version(void) #ifdef USE_LIBPSL char psl_version[40]; #endif -#if defined(HAVE_ICONV) && defined(CURL_DOES_CONVERSIONS) - char iconv_version[40]="iconv"; -#endif #ifdef USE_SSH char ssh_version[40]; #endif @@ -206,15 +199,7 @@ char *curl_version(void) msnprintf(psl_version, sizeof(psl_version), "libpsl/%s", psl_get_version()); src[i++] = psl_version; #endif -#if defined(HAVE_ICONV) && defined(CURL_DOES_CONVERSIONS) -#ifdef _LIBICONV_VERSION - msnprintf(iconv_version, sizeof(iconv_version), "iconv/%d.%d", - _LIBICONV_VERSION >> 8, _LIBICONV_VERSION & 255); -#else - /* version unknown, let the default stand */ -#endif /* _LIBICONV_VERSION */ - src[i++] = iconv_version; -#endif + #ifdef USE_SSH Curl_ssh_version(ssh_version, sizeof(ssh_version)); src[i++] = ssh_version; @@ -433,9 +418,6 @@ static curl_version_info_data version_info = { #if defined(WIN32) && defined(UNICODE) && defined(_UNICODE) | CURL_VERSION_UNICODE #endif -#if defined(CURL_DOES_CONVERSIONS) - | CURL_VERSION_CONV -#endif #if defined(USE_TLS_SRP) | CURL_VERSION_TLSAUTH_SRP #endif @@ -551,15 +533,6 @@ curl_version_info_data *curl_version_info(CURLversion stamp) version_info.features |= CURL_VERSION_IDN; #endif -#if defined(HAVE_ICONV) && defined(CURL_DOES_CONVERSIONS) -#ifdef _LIBICONV_VERSION - version_info.iconv_ver_num = _LIBICONV_VERSION; -#else - /* version unknown */ - version_info.iconv_ver_num = -1; -#endif /* _LIBICONV_VERSION */ -#endif - #if defined(USE_SSH) Curl_ssh_version(ssh_buffer, sizeof(ssh_buffer)); version_info.libssh_version = ssh_buffer; diff --git a/contrib/libs/curl/lib/version_win32.c b/contrib/libs/curl/lib/version_win32.c index 79a2aa6ab4..afdb1d6a72 100644 --- a/contrib/libs/curl/lib/version_win32.c +++ b/contrib/libs/curl/lib/version_win32.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2016 - 2021, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2016 - 2022, Steve Holme, <steve_holme@hotmail.com>. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -76,6 +76,8 @@ bool curlx_verify_windows_version(const unsigned int majorVersion, bool matched = FALSE; #if defined(CURL_WINDOWS_APP) + (void)buildVersion; + /* We have no way to determine the Windows version from Windows apps, so let's assume we're running on the target Windows version. */ const WORD fullVersion = MAKEWORD(minorVersion, majorVersion); diff --git a/contrib/libs/curl/lib/vquic/ngtcp2.c b/contrib/libs/curl/lib/vquic/ngtcp2.c index 008862d4bd..bcf3d193d3 100644 --- a/contrib/libs/curl/lib/vquic/ngtcp2.c +++ b/contrib/libs/curl/lib/vquic/ngtcp2.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -45,6 +45,7 @@ #include "strerror.h" #include "dynbuf.h" #error #include "vquic.h" +#include "h2h3.h" #include "vtls/keylog.h" /* The last 3 #include files should be in this order */ @@ -1043,7 +1044,7 @@ static int decode_status_code(const uint8_t *value, size_t len) } static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id, - void *user_data, void *stream_user_data) + int fin, void *user_data, void *stream_user_data) { struct Curl_easy *data = stream_user_data; struct HTTP *stream = data->req.p.http; @@ -1051,6 +1052,7 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id, (void)conn; (void)stream_id; (void)user_data; + (void)fin; /* add a CRLF only if we've received some headers */ if(stream->firstheader) { @@ -1078,8 +1080,8 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id, (void)flags; (void)user_data; - if(h3name.len == sizeof(":status") - 1 && - !memcmp(":status", h3name.base, h3name.len)) { + if(h3name.len == sizeof(H2H3_PSEUDO_STATUS) - 1 && + !memcmp(H2H3_PSEUDO_STATUS, h3name.base, h3name.len)) { char line[14]; /* status line is always 13 characters long */ size_t ncopy; int status = decode_status_code(h3val.base, h3val.len); @@ -1218,6 +1220,8 @@ static size_t drain_overflow_buffer(struct HTTP *stream) if(ncopy != overlen) /* make the buffer only keep the tail */ (void)Curl_dyn_tail(&stream->overflow, overlen - ncopy); + else + Curl_dyn_reset(&stream->overflow); } return ncopy; } @@ -1383,16 +1387,13 @@ static CURLcode http_request(struct Curl_easy *data, const void *mem, struct connectdata *conn = data->conn; struct HTTP *stream = data->req.p.http; size_t nheader; - size_t i; - size_t authority_idx; - char *hdbuf = (char *)mem; - char *end, *line_end; struct quicsocket *qs = conn->quic; CURLcode result = CURLE_OK; nghttp3_nv *nva = NULL; int64_t stream3_id; int rc; struct h3out *h3out = NULL; + struct h2h3req *hreq = NULL; rc = ngtcp2_conn_open_bidi_stream(qs->qconn, &stream3_id, NULL); if(rc) { @@ -1405,158 +1406,23 @@ static CURLcode http_request(struct Curl_easy *data, const void *mem, stream->h3req = TRUE; /* senf off! */ Curl_dyn_init(&stream->overflow, CURL_MAX_READ_SIZE); - /* Calculate number of headers contained in [mem, mem + len). Assumes a - correctly generated HTTP header field block. */ - nheader = 0; - for(i = 1; i < len; ++i) { - if(hdbuf[i] == '\n' && hdbuf[i - 1] == '\r') { - ++nheader; - ++i; - } - } - if(nheader < 2) + result = Curl_pseudo_headers(data, mem, len, &hreq); + if(result) goto fail; + nheader = hreq->entries; - /* We counted additional 2 \r\n in the first and last line. We need 3 - new headers: :method, :path and :scheme. Therefore we need one - more space. */ - nheader += 1; nva = malloc(sizeof(nghttp3_nv) * nheader); if(!nva) { result = CURLE_OUT_OF_MEMORY; goto fail; } - - /* Extract :method, :path from request line - We do line endings with CRLF so checking for CR is enough */ - line_end = memchr(hdbuf, '\r', len); - if(!line_end) { - result = CURLE_BAD_FUNCTION_ARGUMENT; /* internal error */ - goto fail; - } - - /* Method does not contain spaces */ - end = memchr(hdbuf, ' ', line_end - hdbuf); - if(!end || end == hdbuf) - goto fail; - nva[0].name = (unsigned char *)":method"; - nva[0].namelen = strlen((char *)nva[0].name); - nva[0].value = (unsigned char *)hdbuf; - nva[0].valuelen = (size_t)(end - hdbuf); - nva[0].flags = NGHTTP3_NV_FLAG_NONE; - - hdbuf = end + 1; - - /* Path may contain spaces so scan backwards */ - end = NULL; - for(i = (size_t)(line_end - hdbuf); i; --i) { - if(hdbuf[i - 1] == ' ') { - end = &hdbuf[i - 1]; - break; - } - } - if(!end || end == hdbuf) - goto fail; - nva[1].name = (unsigned char *)":path"; - nva[1].namelen = strlen((char *)nva[1].name); - nva[1].value = (unsigned char *)hdbuf; - nva[1].valuelen = (size_t)(end - hdbuf); - nva[1].flags = NGHTTP3_NV_FLAG_NONE; - - nva[2].name = (unsigned char *)":scheme"; - nva[2].namelen = strlen((char *)nva[2].name); - if(conn->handler->flags & PROTOPT_SSL) - nva[2].value = (unsigned char *)"https"; - else - nva[2].value = (unsigned char *)"http"; - nva[2].valuelen = strlen((char *)nva[2].value); - nva[2].flags = NGHTTP3_NV_FLAG_NONE; - - - authority_idx = 0; - i = 3; - while(i < nheader) { - size_t hlen; - - hdbuf = line_end + 2; - - /* check for next CR, but only within the piece of data left in the given - buffer */ - line_end = memchr(hdbuf, '\r', len - (hdbuf - (char *)mem)); - if(!line_end || (line_end == hdbuf)) - goto fail; - - /* header continuation lines are not supported */ - if(*hdbuf == ' ' || *hdbuf == '\t') - goto fail; - - for(end = hdbuf; end < line_end && *end != ':'; ++end) - ; - if(end == hdbuf || end == line_end) - goto fail; - hlen = end - hdbuf; - - if(hlen == 4 && strncasecompare("host", hdbuf, 4)) { - authority_idx = i; - nva[i].name = (unsigned char *)":authority"; - nva[i].namelen = strlen((char *)nva[i].name); - } - else { - nva[i].namelen = (size_t)(end - hdbuf); - /* Lower case the header name for HTTP/3 */ - Curl_strntolower((char *)hdbuf, hdbuf, nva[i].namelen); - nva[i].name = (unsigned char *)hdbuf; - } - nva[i].flags = NGHTTP3_NV_FLAG_NONE; - hdbuf = end + 1; - while(*hdbuf == ' ' || *hdbuf == '\t') - ++hdbuf; - end = line_end; - -#if 0 /* This should probably go in more or less like this */ - switch(inspect_header((const char *)nva[i].name, nva[i].namelen, hdbuf, - end - hdbuf)) { - case HEADERINST_IGNORE: - /* skip header fields prohibited by HTTP/2 specification. */ - --nheader; - continue; - case HEADERINST_TE_TRAILERS: - nva[i].value = (uint8_t*)"trailers"; - nva[i].value_len = sizeof("trailers") - 1; - break; - default: - nva[i].value = (unsigned char *)hdbuf; - nva[i].value_len = (size_t)(end - hdbuf); - } -#endif - nva[i].value = (unsigned char *)hdbuf; - nva[i].valuelen = (size_t)(end - hdbuf); - nva[i].flags = NGHTTP3_NV_FLAG_NONE; - - ++i; - } - - /* :authority must come before non-pseudo header fields */ - if(authority_idx && authority_idx != AUTHORITY_DST_IDX) { - nghttp3_nv authority = nva[authority_idx]; - for(i = authority_idx; i > AUTHORITY_DST_IDX; --i) { - nva[i] = nva[i - 1]; - } - nva[i] = authority; - } - - /* Warn stream may be rejected if cumulative length of headers is too - large. */ -#define MAX_ACC 60000 /* <64KB to account for some overhead */ - { - size_t acc = 0; - for(i = 0; i < nheader; ++i) - acc += nva[i].namelen + nva[i].valuelen; - - if(acc > MAX_ACC) { - infof(data, "http_request: Warning: The cumulative length of all " - "headers exceeds %d bytes and that could cause the " - "stream to be rejected.", MAX_ACC); + else { + unsigned int i; + for(i = 0; i < nheader; i++) { + nva[i].name = (unsigned char *)hreq->header[i].name; + nva[i].namelen = hreq->header[i].namelen; + nva[i].value = (unsigned char *)hreq->header[i].value; + nva[i].valuelen = hreq->header[i].valuelen; } } @@ -1605,10 +1471,12 @@ static CURLcode http_request(struct Curl_easy *data, const void *mem, infof(data, "Using HTTP/3 Stream ID: %x (easy handle %p)", stream3_id, (void *)data); + Curl_pseudo_free(hreq); return CURLE_OK; fail: free(nva); + Curl_pseudo_free(hreq); return result; } static ssize_t ngh3_stream_send(struct Curl_easy *data, @@ -1676,7 +1544,6 @@ static CURLcode ng_has_connected(struct Curl_easy *data, if(conn->ssl_config.verifyhost) { #ifdef USE_OPENSSL X509 *server_cert; - CURLcode result; server_cert = SSL_get_peer_certificate(conn->quic->ssl); if(!server_cert) { return CURLE_PEER_FAILED_VERIFICATION; diff --git a/contrib/libs/curl/lib/vquic/quiche.c b/contrib/libs/curl/lib/vquic/quiche.c index 1762c77b13..a545cebdcc 100644 --- a/contrib/libs/curl/lib/vquic/quiche.c +++ b/contrib/libs/curl/lib/vquic/quiche.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -25,6 +25,7 @@ #ifdef USE_QUICHE #error #include <quiche.h> #include <openssl/err.h> +#include <openssl/ssl.h> #include "urldata.h" #include "sendf.h" #include "strdup.h" @@ -35,6 +36,10 @@ #include "connect.h" #include "strerror.h" #error #include "vquic.h" +#include "transfer.h" +#include "h2h3.h" +#include "vtls/openssl.h" +#include "vtls/keylog.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -172,6 +177,68 @@ static void quiche_debug_log(const char *line, void *argp) } #endif +static void keylog_callback(const SSL *ssl, const char *line) +{ + (void)ssl; + Curl_tls_keylog_write_line(line); +} + +static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) +{ + SSL_CTX *ssl_ctx = SSL_CTX_new(TLS_method()); + + SSL_CTX_set_alpn_protos(ssl_ctx, + (const uint8_t *)QUICHE_H3_APPLICATION_PROTOCOL, + sizeof(QUICHE_H3_APPLICATION_PROTOCOL) - 1); + + SSL_CTX_set_default_verify_paths(ssl_ctx); + + /* Open the file if a TLS or QUIC backend has not done this before. */ + Curl_tls_keylog_open(); + if(Curl_tls_keylog_enabled()) { + SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback); + } + + { + struct connectdata *conn = data->conn; + const char * const ssl_cafile = conn->ssl_config.CAfile; + const char * const ssl_capath = conn->ssl_config.CApath; + + if(conn->ssl_config.verifypeer) { + SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); + /* tell OpenSSL where to find CA certificates that are used to verify + the server's certificate. */ + if(!SSL_CTX_load_verify_locations(ssl_ctx, ssl_cafile, ssl_capath)) { + /* Fail if we insist on successfully verifying the server. */ + failf(data, "error setting certificate verify locations:" + " CAfile: %s CApath: %s", + ssl_cafile ? ssl_cafile : "none", + ssl_capath ? ssl_capath : "none"); + return NULL; + } + infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); + infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); + } + } + return ssl_ctx; +} + +static int quic_init_ssl(struct quicsocket *qs, struct connectdata *conn) +{ + /* this will need some attention when HTTPS proxy over QUIC get fixed */ + const char * const hostname = conn->host.name; + + DEBUGASSERT(!qs->ssl); + qs->ssl = SSL_new(qs->sslctx); + + SSL_set_app_data(qs->ssl, qs); + + /* set SNI */ + SSL_set_tlsext_host_name(qs->ssl, hostname); + return 0; +} + + CURLcode Curl_quic_connect(struct Curl_easy *data, struct connectdata *conn, curl_socket_t sockfd, int sockindex, @@ -179,7 +246,6 @@ CURLcode Curl_quic_connect(struct Curl_easy *data, { CURLcode result; struct quicsocket *qs = &conn->hequic[sockindex]; - char *keylog_file = NULL; char ipbuf[40]; int port; @@ -216,25 +282,25 @@ CURLcode Curl_quic_connect(struct Curl_easy *data, sizeof(QUICHE_H3_APPLICATION_PROTOCOL) - 1); + qs->sslctx = quic_ssl_ctx(data); + if(!qs->sslctx) + return CURLE_QUIC_CONNECT_ERROR; + + if(quic_init_ssl(qs, conn)) + return CURLE_QUIC_CONNECT_ERROR; + result = Curl_rand(data, qs->scid, sizeof(qs->scid)); if(result) return result; - keylog_file = getenv("SSLKEYLOGFILE"); - - if(keylog_file) - quiche_config_log_keys(qs->cfg); - - qs->conn = quiche_connect(conn->host.name, (const uint8_t *) qs->scid, - sizeof(qs->scid), addr, addrlen, qs->cfg); + qs->conn = quiche_conn_new_with_tls((const uint8_t *) qs->scid, + sizeof(qs->scid), NULL, 0, addr, addrlen, + qs->cfg, qs->ssl, false); if(!qs->conn) { failf(data, "can't create quiche connection"); return CURLE_OUT_OF_MEMORY; } - if(keylog_file) - quiche_conn_set_keylog_path(qs->conn, keylog_file); - /* Known to not work on Windows */ #if !defined(WIN32) && defined(HAVE_QUICHE_CONN_SET_QLOG_FD) { @@ -284,7 +350,8 @@ CURLcode Curl_quic_connect(struct Curl_easy *data, return CURLE_OK; } -static CURLcode quiche_has_connected(struct connectdata *conn, +static CURLcode quiche_has_connected(struct Curl_easy *data, + struct connectdata *conn, int sockindex, int tempindex) { @@ -298,6 +365,21 @@ static CURLcode quiche_has_connected(struct connectdata *conn, conn->httpversion = 30; conn->bundle->multiuse = BUNDLE_MULTIPLEX; + if(conn->ssl_config.verifyhost) { + X509 *server_cert; + server_cert = SSL_get_peer_certificate(qs->ssl); + if(!server_cert) { + return CURLE_PEER_FAILED_VERIFICATION; + } + result = Curl_ossl_verifyhost(data, conn, server_cert); + X509_free(server_cert); + if(result) + return result; + infof(data, "Verified certificate just fine"); + } + else + infof(data, "Skipped certificate verification"); + qs->h3config = quiche_h3_config_new(); if(!qs->h3config) return CURLE_OUT_OF_MEMORY; @@ -344,7 +426,7 @@ CURLcode Curl_quic_is_connected(struct Curl_easy *data, if(quiche_conn_is_established(qs->conn)) { *done = TRUE; - result = quiche_has_connected(conn, 0, sockindex); + result = quiche_has_connected(data, conn, 0, sockindex); DEBUGF(infof(data, "quiche established connection!")); } @@ -392,7 +474,18 @@ static CURLcode process_ingress(struct Curl_easy *data, int sockfd, break; if(recvd < 0) { + if(QUICHE_ERR_TLS_FAIL == recvd) { + long verify_ok = SSL_get_verify_result(qs->ssl); + if(verify_ok != X509_V_OK) { + failf(data, "SSL certificate problem: %s", + X509_verify_cert_error_string(verify_ok)); + + return CURLE_PEER_FAILED_VERIFICATION; + } + } + failf(data, "quiche_conn_recv() == %zd", recvd); + return CURLE_RECV_ERROR; } } while(1); @@ -451,7 +544,7 @@ static int cb_each_header(uint8_t *name, size_t name_len, struct h3h1header *headers = (struct h3h1header *)argp; size_t olen = 0; - if((name_len == 7) && !strncmp(":status", (char *)name, 7)) { + if((name_len == 7) && !strncmp(H2H3_PSEUDO_STATUS, (char *)name, 7)) { msnprintf(headers->dest, headers->destlen, "HTTP/3 %.*s\n", (int) value_len, value); @@ -496,6 +589,19 @@ static ssize_t h3_stream_recv(struct Curl_easy *data, return -1; } + if(qs->h3_recving) { + /* body receiving state */ + rcode = quiche_h3_recv_body(qs->h3c, qs->conn, stream->stream3_id, + (unsigned char *)buf, buffersize); + if(rcode <= 0) { + recvd = -1; + qs->h3_recving = FALSE; + /* fall through into the while loop below */ + } + else + recvd = rcode; + } + while(recvd < 0) { int64_t s = quiche_h3_conn_poll(qs->h3c, qs->conn, &ev); if(s < 0) @@ -537,9 +643,15 @@ static ssize_t h3_stream_recv(struct Curl_easy *data, recvd = -1; break; } + qs->h3_recving = TRUE; recvd += rcode; break; + case QUICHE_H3_EVENT_RESET: + streamclose(conn, "Stream reset"); + *curlcode = CURLE_PARTIAL_FILE; + return -1; + case QUICHE_H3_EVENT_FINISHED: streamclose(conn, "End of stream"); recvd = 0; /* end of stream */ @@ -585,10 +697,12 @@ static ssize_t h3_stream_send(struct Curl_easy *data, sent = len; } else { - H3BUGF(infof(data, "Pass on %zd body bytes to quiche", len)); sent = quiche_h3_send_body(qs->h3c, qs->conn, stream->stream3_id, (uint8_t *)mem, len, FALSE); - if(sent < 0) { + if(sent == QUICHE_H3_ERR_DONE) { + sent = 0; + } + else if(sent < 0) { *curlcode = CURLE_SEND_ERROR; return -1; } @@ -618,175 +732,34 @@ void Curl_quic_ver(char *p, size_t len) static CURLcode http_request(struct Curl_easy *data, const void *mem, size_t len) { - /* - */ struct connectdata *conn = data->conn; struct HTTP *stream = data->req.p.http; size_t nheader; - size_t i; - size_t authority_idx; - char *hdbuf = (char *)mem; - char *end, *line_end; int64_t stream3_id; quiche_h3_header *nva = NULL; struct quicsocket *qs = conn->quic; CURLcode result = CURLE_OK; + struct h2h3req *hreq = NULL; stream->h3req = TRUE; /* senf off! */ - /* Calculate number of headers contained in [mem, mem + len). Assumes a - correctly generated HTTP header field block. */ - nheader = 0; - for(i = 1; i < len; ++i) { - if(hdbuf[i] == '\n' && hdbuf[i - 1] == '\r') { - ++nheader; - ++i; - } - } - if(nheader < 2) + result = Curl_pseudo_headers(data, mem, len, &hreq); + if(result) goto fail; + nheader = hreq->entries; - /* We counted additional 2 \r\n in the first and last line. We need 3 - new headers: :method, :path and :scheme. Therefore we need one - more space. */ - nheader += 1; nva = malloc(sizeof(quiche_h3_header) * nheader); if(!nva) { result = CURLE_OUT_OF_MEMORY; goto fail; } - - /* Extract :method, :path from request line - We do line endings with CRLF so checking for CR is enough */ - line_end = memchr(hdbuf, '\r', len); - if(!line_end) { - result = CURLE_BAD_FUNCTION_ARGUMENT; /* internal error */ - goto fail; - } - - /* Method does not contain spaces */ - end = memchr(hdbuf, ' ', line_end - hdbuf); - if(!end || end == hdbuf) - goto fail; - nva[0].name = (unsigned char *)":method"; - nva[0].name_len = strlen((char *)nva[0].name); - nva[0].value = (unsigned char *)hdbuf; - nva[0].value_len = (size_t)(end - hdbuf); - - hdbuf = end + 1; - - /* Path may contain spaces so scan backwards */ - end = NULL; - for(i = (size_t)(line_end - hdbuf); i; --i) { - if(hdbuf[i - 1] == ' ') { - end = &hdbuf[i - 1]; - break; - } - } - if(!end || end == hdbuf) - goto fail; - nva[1].name = (unsigned char *)":path"; - nva[1].name_len = strlen((char *)nva[1].name); - nva[1].value = (unsigned char *)hdbuf; - nva[1].value_len = (size_t)(end - hdbuf); - - nva[2].name = (unsigned char *)":scheme"; - nva[2].name_len = strlen((char *)nva[2].name); - if(conn->handler->flags & PROTOPT_SSL) - nva[2].value = (unsigned char *)"https"; - else - nva[2].value = (unsigned char *)"http"; - nva[2].value_len = strlen((char *)nva[2].value); - - - authority_idx = 0; - i = 3; - while(i < nheader) { - size_t hlen; - - hdbuf = line_end + 2; - - /* check for next CR, but only within the piece of data left in the given - buffer */ - line_end = memchr(hdbuf, '\r', len - (hdbuf - (char *)mem)); - if(!line_end || (line_end == hdbuf)) - goto fail; - - /* header continuation lines are not supported */ - if(*hdbuf == ' ' || *hdbuf == '\t') - goto fail; - - for(end = hdbuf; end < line_end && *end != ':'; ++end) - ; - if(end == hdbuf || end == line_end) - goto fail; - hlen = end - hdbuf; - - if(hlen == 4 && strncasecompare("host", hdbuf, 4)) { - authority_idx = i; - nva[i].name = (unsigned char *)":authority"; - nva[i].name_len = strlen((char *)nva[i].name); - } - else { - nva[i].name_len = (size_t)(end - hdbuf); - /* Lower case the header name for HTTP/3 */ - Curl_strntolower((char *)hdbuf, hdbuf, nva[i].name_len); - nva[i].name = (unsigned char *)hdbuf; - } - hdbuf = end + 1; - while(*hdbuf == ' ' || *hdbuf == '\t') - ++hdbuf; - end = line_end; - -#if 0 /* This should probably go in more or less like this */ - switch(inspect_header((const char *)nva[i].name, nva[i].namelen, hdbuf, - end - hdbuf)) { - case HEADERINST_IGNORE: - /* skip header fields prohibited by HTTP/2 specification. */ - --nheader; - continue; - case HEADERINST_TE_TRAILERS: - nva[i].value = (uint8_t*)"trailers"; - nva[i].value_len = sizeof("trailers") - 1; - break; - default: - nva[i].value = (unsigned char *)hdbuf; - nva[i].value_len = (size_t)(end - hdbuf); - } -#endif - nva[i].value = (unsigned char *)hdbuf; - nva[i].value_len = (size_t)(end - hdbuf); - - ++i; - } - - /* :authority must come before non-pseudo header fields */ - if(authority_idx && authority_idx != AUTHORITY_DST_IDX) { - quiche_h3_header authority = nva[authority_idx]; - for(i = authority_idx; i > AUTHORITY_DST_IDX; --i) { - nva[i] = nva[i - 1]; - } - nva[i] = authority; - } - - /* Warn stream may be rejected if cumulative length of headers is too - large. */ -#define MAX_ACC 60000 /* <64KB to account for some overhead */ - { - size_t acc = 0; - - for(i = 0; i < nheader; ++i) { - acc += nva[i].name_len + nva[i].value_len; - - H3BUGF(infof(data, "h3 [%.*s: %.*s]", - nva[i].name_len, nva[i].name, - nva[i].value_len, nva[i].value)); - } - - if(acc > MAX_ACC) { - infof(data, "http_request: Warning: The cumulative length of all " - "headers exceeds %d bytes and that could cause the " - "stream to be rejected.", MAX_ACC); + else { + unsigned int i; + for(i = 0; i < nheader; i++) { + nva[i].name = (unsigned char *)hreq->header[i].name; + nva[i].name_len = hreq->header[i].namelen; + nva[i].value = (unsigned char *)hreq->header[i].value; + nva[i].value_len = hreq->header[i].valuelen; } } @@ -833,10 +806,12 @@ static CURLcode http_request(struct Curl_easy *data, const void *mem, stream3_id, (void *)data); stream->stream3_id = stream3_id; + Curl_pseudo_free(hreq); return CURLE_OK; fail: free(nva); + Curl_pseudo_free(hreq); return result; } diff --git a/contrib/libs/curl/lib/vquic/vquic.c b/contrib/libs/curl/lib/vquic/vquic.c index e01e575834..9004d733f4 100644 --- a/contrib/libs/curl/lib/vquic/vquic.c +++ b/contrib/libs/curl/lib/vquic/vquic.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -67,7 +67,7 @@ CURLcode Curl_qlogdir(struct Curl_easy *data, result = Curl_dyn_add(&fname, hex); } if(!result) - result = Curl_dyn_add(&fname, ".qlog"); + result = Curl_dyn_add(&fname, ".sqlog"); if(!result) { int qlogfd = open(Curl_dyn_ptr(&fname), QLOGMODE, diff --git a/contrib/libs/curl/lib/vssh/libssh.c b/contrib/libs/curl/lib/vssh/libssh.c index c1e42edee3..253190c276 100644 --- a/contrib/libs/curl/lib/vssh/libssh.c +++ b/contrib/libs/curl/lib/vssh/libssh.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2017 - 2021 Red Hat, Inc. + * Copyright (C) 2017 - 2022 Red Hat, Inc. * * Authors: Nikos Mavrogiannopoulos, Tomas Mraz, Stanislav Zidek, * Robert Kolcun, Andreas Schneider @@ -32,10 +32,6 @@ #error #include <libssh/libssh.h> #error #include <libssh/sftp.h> -#ifdef HAVE_FCNTL_H -#include <fcntl.h> -#endif - #ifdef HAVE_NETINET_IN_H #include <netinet/in.h> #endif @@ -81,18 +77,22 @@ #include "multiif.h" #include "select.h" #include "warnless.h" +#error #include "curl_path.h" -/* for permission and open flags */ -#include <sys/types.h> +#ifdef HAVE_SYS_STAT_H #include <sys/stat.h> +#endif +#ifdef HAVE_UNISTD_H #include <unistd.h> +#endif +#ifdef HAVE_FCNTL_H #include <fcntl.h> +#endif /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" #include "memdebug.h" -#error #include "curl_path.h" /* A recent macro provided by libssh. Or make our own. */ #ifndef SSH_STRING_FREE_CHAR @@ -1468,8 +1468,8 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) memcpy(sshc->readdir_line, sshc->readdir_longentry, sshc->readdir_currLen); if((sshc->readdir_attrs->flags & SSH_FILEXFER_ATTR_PERMISSIONS) && - ((sshc->readdir_attrs->permissions & S_IFMT) == - S_IFLNK)) { + ((sshc->readdir_attrs->permissions & SSH_S_IFMT) == + SSH_S_IFLNK)) { sshc->readdir_linkPath = aprintf("%s%s", protop->path, sshc->readdir_filename); diff --git a/contrib/libs/curl/lib/vssh/libssh2.c b/contrib/libs/curl/lib/vssh/libssh2.c index df8c71a3b4..9a7b90678c 100644 --- a/contrib/libs/curl/lib/vssh/libssh2.c +++ b/contrib/libs/curl/lib/vssh/libssh2.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -433,7 +433,9 @@ static int sshkeycallback(struct Curl_easy *easy, * libssh2 1.2.8 fixed the problem with 32bit ints used for sockets on win64. */ #ifdef HAVE_LIBSSH2_SESSION_HANDSHAKE -#define libssh2_session_startup(x,y) libssh2_session_handshake(x,y) +#define session_startup(x,y) libssh2_session_handshake(x, y) +#else +#define session_startup(x,y) libssh2_session_startup(x, (int)y) #endif static CURLcode ssh_knownhost(struct Curl_easy *data) @@ -661,7 +663,7 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data) /* The length of fingerprint is 32 bytes for SHA256. * See libssh2_hostkey_hash documentation. */ - if(Curl_base64_encode(data, fingerprint, 32, &fingerprint_b64, + if(Curl_base64_encode(fingerprint, 32, &fingerprint_b64, &fingerprint_b64_len) != CURLE_OK) { state(data, SSH_SESSION_FREE); sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; @@ -932,7 +934,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) /* FALLTHROUGH */ case SSH_S_STARTUP: - rc = libssh2_session_startup(sshc->ssh_session, (int)sock); + rc = session_startup(sshc->ssh_session, sock); if(rc == LIBSSH2_ERROR_EAGAIN) { break; } diff --git a/contrib/libs/curl/lib/vtls/bearssl.c b/contrib/libs/curl/lib/vtls/bearssl.c index 9b772d064d..77e22cf3e0 100644 --- a/contrib/libs/curl/lib/vtls/bearssl.c +++ b/contrib/libs/curl/lib/vtls/bearssl.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2019 - 2021, Michael Forney, <mforney@mforney.org> + * Copyright (C) 2019 - 2022, Michael Forney, <mforney@mforney.org> * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -39,8 +39,10 @@ struct x509_context { const br_x509_class *vtable; br_x509_minimal_context minimal; + br_x509_decoder_context decoder; bool verifyhost; bool verifypeer; + int cert_num; }; struct ssl_backend_data { @@ -159,6 +161,18 @@ static CURLcode load_cafile(struct cafile_source *source, if(strcmp(name, "CERTIFICATE") && strcmp(name, "X509 CERTIFICATE")) break; br_x509_decoder_init(&ca.xc, append_dn, &ca); + ca.in_cert = TRUE; + ca.dn_len = 0; + break; + case BR_PEM_END_OBJ: + if(!ca.in_cert) + break; + ca.in_cert = FALSE; + if(br_x509_decoder_last_error(&ca.xc)) { + ca.err = CURLE_SSL_CACERT_BADFILE; + goto fail; + } + /* add trust anchor */ if(ca.anchors_len == SIZE_MAX / sizeof(ca.anchors[0])) { ca.err = CURLE_OUT_OF_MEMORY; goto fail; @@ -172,19 +186,8 @@ static CURLcode load_cafile(struct cafile_source *source, } ca.anchors = new_anchors; ca.anchors_len = new_anchors_len; - ca.in_cert = TRUE; - ca.dn_len = 0; ta = &ca.anchors[ca.anchors_len - 1]; ta->dn.data = NULL; - break; - case BR_PEM_END_OBJ: - if(!ca.in_cert) - break; - ca.in_cert = FALSE; - if(br_x509_decoder_last_error(&ca.xc)) { - ca.err = CURLE_SSL_CACERT_BADFILE; - goto fail; - } ta->flags = 0; if(br_x509_decoder_isCA(&ca.xc)) ta->flags |= BR_X509_TA_CA; @@ -238,6 +241,8 @@ static CURLcode load_cafile(struct cafile_source *source, } while(source->type != CAFILE_SOURCE_BLOB); if(fp && ferror(fp)) ca.err = CURLE_READ_ERROR; + else if(ca.in_cert) + ca.err = CURLE_SSL_CACERT_BADFILE; fail: if(fp) @@ -260,6 +265,11 @@ static void x509_start_chain(const br_x509_class **ctx, { struct x509_context *x509 = (struct x509_context *)ctx; + if(!x509->verifypeer) { + x509->cert_num = 0; + return; + } + if(!x509->verifyhost) server_name = NULL; x509->minimal.vtable->start_chain(&x509->minimal.vtable, server_name); @@ -269,6 +279,13 @@ static void x509_start_cert(const br_x509_class **ctx, uint32_t length) { struct x509_context *x509 = (struct x509_context *)ctx; + if(!x509->verifypeer) { + /* Only decode the first cert in the chain to obtain the public key */ + if(x509->cert_num == 0) + br_x509_decoder_init(&x509->decoder, NULL, NULL); + return; + } + x509->minimal.vtable->start_cert(&x509->minimal.vtable, length); } @@ -277,6 +294,12 @@ static void x509_append(const br_x509_class **ctx, const unsigned char *buf, { struct x509_context *x509 = (struct x509_context *)ctx; + if(!x509->verifypeer) { + if(x509->cert_num == 0) + br_x509_decoder_push(&x509->decoder, buf, len); + return; + } + x509->minimal.vtable->append(&x509->minimal.vtable, buf, len); } @@ -284,21 +307,23 @@ static void x509_end_cert(const br_x509_class **ctx) { struct x509_context *x509 = (struct x509_context *)ctx; + if(!x509->verifypeer) { + x509->cert_num++; + return; + } + x509->minimal.vtable->end_cert(&x509->minimal.vtable); } static unsigned x509_end_chain(const br_x509_class **ctx) { struct x509_context *x509 = (struct x509_context *)ctx; - unsigned err; - err = x509->minimal.vtable->end_chain(&x509->minimal.vtable); - if(err && !x509->verifypeer) { - /* ignore any X.509 errors */ - err = BR_ERR_OK; + if(!x509->verifypeer) { + return br_x509_decoder_last_error(&x509->decoder); } - return err; + return x509->minimal.vtable->end_chain(&x509->minimal.vtable); } static const br_x509_pkey *x509_get_pkey(const br_x509_class *const *ctx, @@ -306,6 +331,15 @@ static const br_x509_pkey *x509_get_pkey(const br_x509_class *const *ctx, { struct x509_context *x509 = (struct x509_context *)ctx; + if(!x509->verifypeer) { + /* Nothing in the chain is verified, just return the public key of the + first certificate and allow its usage for both TLS_RSA_* and + TLS_ECDHE_* */ + if(usages) + *usages = BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN; + return br_x509_decoder_get_pkey(&x509->decoder); + } + return x509->minimal.vtable->get_pkey(&x509->minimal.vtable, usages); } @@ -339,6 +373,8 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data, struct in_addr addr; #endif + DEBUGASSERT(backend); + switch(SSL_CONN_CONFIG(version)) { case CURL_SSLVERSION_SSLv2: failf(data, "BearSSL does not support SSLv2"); @@ -465,8 +501,16 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data, } hostname = NULL; } + else { + char *snihost = Curl_ssl_snihost(data, hostname, NULL); + if(!snihost) { + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } + hostname = snihost; + } - if(!br_ssl_client_reset(&backend->ctx, hostname, 0)) + if(!br_ssl_client_reset(&backend->ctx, hostname, 1)) return CURLE_FAILED_INIT; backend->active = TRUE; @@ -488,6 +532,8 @@ static CURLcode bearssl_run_until(struct Curl_easy *data, ssize_t ret; int err; + DEBUGASSERT(backend); + for(;;) { state = br_ssl_engine_current_state(&backend->ctx.eng); if(state & BR_SSL_CLOSED) { @@ -560,6 +606,8 @@ static CURLcode bearssl_connect_step2(struct Curl_easy *data, struct ssl_backend_data *backend = connssl->backend; CURLcode ret; + DEBUGASSERT(backend); + ret = bearssl_run_until(data, conn, sockindex, BR_SSL_SENDAPP | BR_SSL_RECVAPP); if(ret == CURLE_AGAIN) @@ -582,6 +630,7 @@ static CURLcode bearssl_connect_step3(struct Curl_easy *data, CURLcode ret; DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); + DEBUGASSERT(backend); if(conn->bits.tls_enable_alpn) { const char *protocol; @@ -647,6 +696,8 @@ static ssize_t bearssl_send(struct Curl_easy *data, int sockindex, unsigned char *app; size_t applen; + DEBUGASSERT(backend); + for(;;) { *err = bearssl_run_until(data, conn, sockindex, BR_SSL_SENDAPP); if (*err != CURLE_OK) @@ -680,6 +731,8 @@ static ssize_t bearssl_recv(struct Curl_easy *data, int sockindex, unsigned char *app; size_t applen; + DEBUGASSERT(backend); + *err = bearssl_run_until(data, conn, sockindex, BR_SSL_RECVAPP); if(*err != CURLE_OK) return -1; @@ -805,6 +858,7 @@ static bool bearssl_data_pending(const struct connectdata *conn, { const struct ssl_connect_data *connssl = &conn->ssl[connindex]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); return br_ssl_engine_current_state(&backend->ctx.eng) & BR_SSL_RECVAPP; } @@ -854,6 +908,7 @@ static void *bearssl_get_internals(struct ssl_connect_data *connssl, CURLINFO info UNUSED_PARAM) { struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); return &backend->ctx; } @@ -864,6 +919,8 @@ static void bearssl_close(struct Curl_easy *data, struct ssl_backend_data *backend = connssl->backend; size_t i; + DEBUGASSERT(backend); + if(backend->active) { br_ssl_engine_close(&backend->ctx.eng); (void)bearssl_run_until(data, conn, sockindex, BR_SSL_CLOSED); diff --git a/contrib/libs/curl/lib/vtls/gskit.c b/contrib/libs/curl/lib/vtls/gskit.c index e451f6aebe..56d48497db 100644 --- a/contrib/libs/curl/lib/vtls/gskit.c +++ b/contrib/libs/curl/lib/vtls/gskit.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -28,6 +28,7 @@ #include <qsoasync.h> #undef HAVE_SOCKETPAIR /* because the native one isn't good enough */ #include "socketpair.h" +#include "strerror.h" /* Some symbols are undefined/unsupported on OS400 versions < V7R1. */ #ifndef GSK_SSL_EXTN_SERVERNAME_REQUEST @@ -247,10 +248,10 @@ static CURLcode set_enum(struct Curl_easy *data, gsk_handle h, static CURLcode set_buffer(struct Curl_easy *data, gsk_handle h, - GSK_BUF_ID id, const char *buffer, bool unsupported_ok) + GSK_BUF_ID id, const char *buf, bool unsupported_ok) { char buffer[STRERROR_LEN]; - int rc = gsk_attribute_set_buffer(h, id, buffer, 0); + int rc = gsk_attribute_set_buffer(h, id, buf, 0); switch(rc) { case GSK_OK: @@ -513,6 +514,8 @@ static void cancel_async_handshake(struct connectdata *conn, int sockindex) struct ssl_connect_data *connssl = &conn->ssl[sockindex]; Qso_OverlappedIO_t cstat; + DEBUGASSERT(BACKEND); + if(QsoCancelOperation(conn->sock[sockindex], 0) > 0) QsoWaitForIOCompletion(BACKEND->iocport, &cstat, (struct timeval *) NULL); } @@ -520,6 +523,7 @@ static void cancel_async_handshake(struct connectdata *conn, int sockindex) static void close_async_handshake(struct ssl_connect_data *connssl) { + DEBUGASSERT(BACKEND); QsoDestroyIOCompletionPort(BACKEND->iocport); BACKEND->iocport = -1; } @@ -530,36 +534,36 @@ static int pipe_ssloverssl(struct connectdata *conn, int sockindex, #ifndef CURL_DISABLE_PROXY struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connproxyssl = &conn->proxy_ssl[sockindex]; - fd_set fds_read; - fd_set fds_write; + struct pollfd fds[2]; int n; int m; int i; int ret = 0; char buf[CURL_MAX_WRITE_SIZE]; + DEBUGASSERT(BACKEND); + DEBUGASSERT(connproxyssl->backend); + if(!connssl->use || !connproxyssl->use) return 0; /* No SSL over SSL: OK. */ - FD_ZERO(&fds_read); - FD_ZERO(&fds_write); - n = -1; + n = 1; + fds[0].fd = BACKEND->remotefd; + fds[1].fd = conn->sock[sockindex]; + if(directions & SOS_READ) { - FD_SET(BACKEND->remotefd, &fds_write); - n = BACKEND->remotefd; + fds[0].events |= POLLOUT; } if(directions & SOS_WRITE) { - FD_SET(BACKEND->remotefd, &fds_read); - n = BACKEND->remotefd; - FD_SET(conn->sock[sockindex], &fds_write); - if(n < conn->sock[sockindex]) - n = conn->sock[sockindex]; + n = 2; + fds[0].events |= POLLIN; + fds[1].events |= POLLOUT; } - i = Curl_select(n + 1, &fds_read, &fds_write, NULL, 0); + i = Curl_poll(fds, n, 0); if(i < 0) return -1; /* Select error. */ - if(FD_ISSET(BACKEND->remotefd, &fds_write)) { + if(fds[0].revents & POLLOUT) { /* Try getting data from HTTPS proxy and pipe it upstream. */ n = 0; i = gsk_secure_soc_read(connproxyssl->backend->handle, @@ -581,8 +585,7 @@ static int pipe_ssloverssl(struct connectdata *conn, int sockindex, } } - if(FD_ISSET(BACKEND->remotefd, &fds_read) && - FD_ISSET(conn->sock[sockindex], &fds_write)) { + if((fds[0].revents & POLLIN) && (fds[1].revents & POLLOUT)) { /* Pipe data to HTTPS proxy. */ n = read(BACKEND->remotefd, buf, sizeof(buf)); if(n < 0) @@ -605,6 +608,7 @@ static int pipe_ssloverssl(struct connectdata *conn, int sockindex, static void close_one(struct ssl_connect_data *connssl, struct Curl_easy *data, struct connectdata *conn, int sockindex) { + DEBUGASSERT(BACKEND); if(BACKEND->handle) { gskit_status(data, gsk_secure_soc_close(&BACKEND->handle), "gsk_secure_soc_close()", 0); @@ -636,6 +640,8 @@ static ssize_t gskit_send(struct Curl_easy *data, int sockindex, CURLcode cc = CURLE_SEND_ERROR; int written; + DEBUGASSERT(BACKEND); + if(pipe_ssloverssl(conn, sockindex, SOS_WRITE) >= 0) { cc = gskit_status(data, gsk_secure_soc_write(BACKEND->handle, @@ -661,6 +667,8 @@ static ssize_t gskit_recv(struct Curl_easy *data, int num, char *buf, int nread; CURLcode cc = CURLE_RECV_ERROR; + DEBUGASSERT(BACKEND); + if(pipe_ssloverssl(conn, num, SOS_READ) >= 0) { int buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize; cc = gskit_status(data, gsk_secure_soc_read(BACKEND->handle, @@ -734,6 +742,7 @@ static CURLcode gskit_connect_step1(struct Curl_easy *data, #endif /* Create SSL environment, start (preferably asynchronous) handshake. */ + DEBUGASSERT(BACKEND); BACKEND->handle = (gsk_handle) NULL; BACKEND->iocport = -1; @@ -830,8 +839,13 @@ static CURLcode gskit_connect_step1(struct Curl_easy *data, /* Process SNI. Ignore if not supported (on OS400 < V7R1). */ if(sni) { + char *snihost = Curl_ssl_snihost(data, sni, NULL); + if(!snihost) { + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } result = set_buffer(data, BACKEND->handle, - GSK_SSL_EXTN_SERVERNAME_REQUEST, sni, TRUE); + GSK_SSL_EXTN_SERVERNAME_REQUEST, snihost, TRUE); if(result == CURLE_UNSUPPORTED_PROTOCOL) result = CURLE_OK; } @@ -958,6 +972,7 @@ static CURLcode gskit_connect_step2(struct Curl_easy *data, CURLcode result; /* Poll or wait for end of SSL asynchronous handshake. */ + DEBUGASSERT(BACKEND); for(;;) { timediff_t timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE); @@ -1014,6 +1029,7 @@ static CURLcode gskit_connect_step3(struct Curl_easy *data, CURLcode result; /* SSL handshake done: gather certificate info and verify host. */ + DEBUGASSERT(BACKEND); if(gskit_status(data, gsk_attribute_get_cert_info(BACKEND->handle, GSK_PARTNER_CERT_INFO, @@ -1070,9 +1086,10 @@ static CURLcode gskit_connect_step3(struct Curl_easy *data, /* Check pinned public key. */ ptr = SSL_PINNED_PUB_KEY(); if(!result && ptr) { - curl_X509certificate x509; - curl_asn1Element *p; + struct Curl_X509certificate x509; + struct Curl_asn1Element *p; + memset(&x509, 0, sizeof(x509)); if(Curl_parseX509(&x509, cert, certend)) return CURLE_SSL_PINNEDPUBKEYNOTMATCH; p = &x509.subjectPublicKeyInfo; @@ -1205,6 +1222,8 @@ static int gskit_shutdown(struct Curl_easy *data, char buf[120]; int loop = 10; /* don't get stuck */ + DEBUGASSERT(BACKEND); + if(!BACKEND->handle) return 0; @@ -1268,6 +1287,7 @@ static int gskit_check_cxn(struct connectdata *cxn) int errlen; /* The only thing that can be tested here is at the socket level. */ + DEBUGASSERT(BACKEND); if(!BACKEND->handle) return 0; /* connection has been closed */ @@ -1287,6 +1307,7 @@ static void *gskit_get_internals(struct ssl_connect_data *connssl, CURLINFO info UNUSED_PARAM) { (void)info; + DEBUGASSERT(BACKEND); return BACKEND->handle; } @@ -1308,6 +1329,7 @@ const struct Curl_ssl Curl_ssl_gskit = { Curl_none_cert_status_request, /* cert_status_request */ gskit_connect, /* connect */ gskit_connect_nonblocking, /* connect_nonblocking */ + Curl_ssl_getsock, /* getsock */ gskit_get_internals, /* get_internals */ gskit_close, /* close_one */ Curl_none_close_all, /* close_all */ diff --git a/contrib/libs/curl/lib/vtls/gtls.c b/contrib/libs/curl/lib/vtls/gtls.c index 18864aa4b2..57493767e5 100644 --- a/contrib/libs/curl/lib/vtls/gtls.c +++ b/contrib/libs/curl/lib/vtls/gtls.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -202,9 +202,12 @@ static CURLcode handshake(struct Curl_easy *data, { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; - gnutls_session_t session = backend->session; + gnutls_session_t session; curl_socket_t sockfd = conn->sock[sockindex]; + DEBUGASSERT(backend); + session = backend->session; + for(;;) { timediff_t timeout_ms; int rc; @@ -406,6 +409,8 @@ gtls_connect_step1(struct Curl_easy *data, const char *tls13support; CURLcode result; + DEBUGASSERT(backend); + if(connssl->state == ssl_connection_complete) /* to make us tolerant against being called more than once for the same connection */ @@ -542,11 +547,15 @@ gtls_connect_step1(struct Curl_easy *data, #ifdef ENABLE_IPV6 (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) && #endif - sni && - (gnutls_server_name_set(session, GNUTLS_NAME_DNS, hostname, - strlen(hostname)) < 0)) - infof(data, "WARNING: failed to configure server name indication (SNI) " - "TLS extension"); + sni) { + size_t snilen; + char *snihost = Curl_ssl_snihost(data, hostname, &snilen); + if(!snihost || gnutls_server_name_set(session, GNUTLS_NAME_DNS, snihost, + snilen) < 0) { + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } + } /* Use default priorities */ rc = gnutls_set_default_priority(session); @@ -697,7 +706,10 @@ gtls_connect_step1(struct Curl_easy *data, #ifndef CURL_DISABLE_PROXY if(conn->proxy_ssl[sockindex].use) { - transport_ptr = conn->proxy_ssl[sockindex].backend->session; + struct ssl_backend_data *proxy_backend; + proxy_backend = conn->proxy_ssl[sockindex].backend; + DEBUGASSERT(proxy_backend); + transport_ptr = proxy_backend->session; gnutls_transport_push = gtls_push_ssl; gnutls_transport_pull = gtls_pull_ssl; } @@ -1352,7 +1364,9 @@ gtls_connect_common(struct Curl_easy *data, /* Finish connecting once the handshake is done */ if(ssl_connect_1 == connssl->connecting_state) { struct ssl_backend_data *backend = connssl->backend; - gnutls_session_t session = backend->session; + gnutls_session_t session; + DEBUGASSERT(backend); + session = backend->session; rc = Curl_gtls_verifyserver(data, conn, session, sockindex); if(rc) return rc; @@ -1393,6 +1407,9 @@ static bool gtls_data_pending(const struct connectdata *conn, const struct ssl_connect_data *connssl = &conn->ssl[connindex]; bool res = FALSE; struct ssl_backend_data *backend = connssl->backend; + + DEBUGASSERT(backend); + if(backend->session && 0 != gnutls_record_check_pending(backend->session)) res = TRUE; @@ -1400,6 +1417,7 @@ static bool gtls_data_pending(const struct connectdata *conn, #ifndef CURL_DISABLE_PROXY connssl = &conn->proxy_ssl[connindex]; backend = connssl->backend; + DEBUGASSERT(backend); if(backend->session && 0 != gnutls_record_check_pending(backend->session)) res = TRUE; @@ -1417,7 +1435,10 @@ static ssize_t gtls_send(struct Curl_easy *data, struct connectdata *conn = data->conn; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; - ssize_t rc = gnutls_record_send(backend->session, mem, len); + ssize_t rc; + + DEBUGASSERT(backend); + rc = gnutls_record_send(backend->session, mem, len); if(rc < 0) { *curlcode = (rc == GNUTLS_E_AGAIN) @@ -1433,6 +1454,8 @@ static ssize_t gtls_send(struct Curl_easy *data, static void close_one(struct ssl_connect_data *connssl) { struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + if(backend->session) { char buf[32]; /* Maybe the server has already sent a close notify alert. @@ -1475,6 +1498,8 @@ static int gtls_shutdown(struct Curl_easy *data, struct connectdata *conn, struct ssl_backend_data *backend = connssl->backend; int retval = 0; + DEBUGASSERT(backend); + #ifndef CURL_DISABLE_FTP /* This has only been tested on the proftpd server, and the mod_tls code sends a close notify alert without waiting for a close notify alert in @@ -1553,6 +1578,8 @@ static ssize_t gtls_recv(struct Curl_easy *data, /* connection data */ struct ssl_backend_data *backend = connssl->backend; ssize_t ret; + DEBUGASSERT(backend); + ret = gnutls_record_recv(backend->session, buf, buffersize); if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) { *curlcode = CURLE_AGAIN; @@ -1624,6 +1651,7 @@ static void *gtls_get_internals(struct ssl_connect_data *connssl, { struct ssl_backend_data *backend = connssl->backend; (void)info; + DEBUGASSERT(backend); return backend->session; } diff --git a/contrib/libs/curl/lib/hostcheck.c b/contrib/libs/curl/lib/vtls/hostcheck.c index 3e436f0351..3ceaf93b84 100644 --- a/contrib/libs/curl/lib/hostcheck.c +++ b/contrib/libs/curl/lib/vtls/hostcheck.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -33,6 +33,7 @@ #ifdef HAVE_NETINET_IN6_H #error #include <netinet/in6.h> #endif +#include "curl_memrchr.h" #include "hostcheck.h" #include "strcase.h" @@ -42,13 +43,23 @@ /* The last #include file should be: */ #include "memdebug.h" +/* check the two input strings with given length, but do not + assume they end in nul-bytes */ +static bool pmatch(const char *hostname, size_t hostlen, + const char *pattern, size_t patternlen) +{ + if(hostlen != patternlen) + return FALSE; + return strncasecompare(hostname, pattern, hostlen); +} + /* * Match a hostname against a wildcard pattern. * E.g. * "foo.host.com" matches "*.host.com". * * We use the matching rule described in RFC6125, section 6.4.3. - * https://tools.ietf.org/html/rfc6125#section-6.4.3 + * https://datatracker.ietf.org/doc/html/rfc6125#section-6.4.3 * * In addition: ignore trailing dots in the host names and wildcards, so that * the names are used normalized. This is what the browsers do. @@ -58,85 +69,72 @@ * apparent distinction between a name and an IP. We need to detect the use of * an IP address and not wildcard match on such names. * - * NOTE: hostmatch() gets called with copied buffers so that it can modify the - * contents at will. + * Return TRUE on a match. FALSE if not. */ -static int hostmatch(char *hostname, char *pattern) +static bool hostmatch(const char *hostname, + size_t hostlen, + const char *pattern, + size_t patternlen) { - const char *pattern_label_end, *pattern_wildcard, *hostname_label_end; - int wildcard_enabled; + const char *pattern_label_end, *wildcard, *hostname_label_end; size_t prefixlen, suffixlen; /* normalize pattern and hostname by stripping off trailing dots */ - size_t len = strlen(hostname); - if(hostname[len-1]=='.') - hostname[len-1] = 0; - len = strlen(pattern); - if(pattern[len-1]=='.') - pattern[len-1] = 0; - - pattern_wildcard = strchr(pattern, '*'); - if(!pattern_wildcard) - return strcasecompare(pattern, hostname) ? - CURL_HOST_MATCH : CURL_HOST_NOMATCH; + DEBUGASSERT(patternlen); + if(hostname[hostlen-1]=='.') + hostlen--; + if(pattern[patternlen-1]=='.') + patternlen--; + + wildcard = memchr(pattern, '*', patternlen); + if(!wildcard) + return pmatch(hostname, hostlen, pattern, patternlen); /* detect IP address as hostname and fail the match if so */ if(Curl_host_is_ipnum(hostname)) - return CURL_HOST_NOMATCH; + return FALSE; - /* We require at least 2 dots in pattern to avoid too wide wildcard + /* We require at least 2 dots in the pattern to avoid too wide wildcard match. */ - wildcard_enabled = 1; - pattern_label_end = strchr(pattern, '.'); - if(!pattern_label_end || !strchr(pattern_label_end + 1, '.') || - pattern_wildcard > pattern_label_end || - strncasecompare(pattern, "xn--", 4)) { - wildcard_enabled = 0; + pattern_label_end = memchr(pattern, '.', patternlen); + if(!pattern_label_end || + (memrchr(pattern, '.', patternlen) == pattern_label_end) || + strncasecompare(pattern, "xn--", 4)) + return pmatch(hostname, hostlen, pattern, patternlen); + + hostname_label_end = memchr(hostname, '.', hostlen); + if(!hostname_label_end) + return FALSE; + else { + size_t skiphost = hostname_label_end - hostname; + size_t skiplen = pattern_label_end - pattern; + if(!pmatch(hostname_label_end, hostlen - skiphost, + pattern_label_end, patternlen - skiplen)) + return FALSE; } - if(!wildcard_enabled) - return strcasecompare(pattern, hostname) ? - CURL_HOST_MATCH : CURL_HOST_NOMATCH; - - hostname_label_end = strchr(hostname, '.'); - if(!hostname_label_end || - !strcasecompare(pattern_label_end, hostname_label_end)) - return CURL_HOST_NOMATCH; - /* The wildcard must match at least one character, so the left-most label of the hostname is at least as large as the left-most label of the pattern. */ if(hostname_label_end - hostname < pattern_label_end - pattern) - return CURL_HOST_NOMATCH; + return FALSE; - prefixlen = pattern_wildcard - pattern; - suffixlen = pattern_label_end - (pattern_wildcard + 1); + prefixlen = wildcard - pattern; + suffixlen = pattern_label_end - (wildcard + 1); return strncasecompare(pattern, hostname, prefixlen) && - strncasecompare(pattern_wildcard + 1, hostname_label_end - suffixlen, - suffixlen) ? - CURL_HOST_MATCH : CURL_HOST_NOMATCH; + strncasecompare(wildcard + 1, hostname_label_end - suffixlen, + suffixlen) ? TRUE : FALSE; } -int Curl_cert_hostcheck(const char *match_pattern, const char *hostname) +/* + * Curl_cert_hostcheck() returns TRUE if a match and FALSE if not. + */ +bool Curl_cert_hostcheck(const char *match, size_t matchlen, + const char *hostname, size_t hostlen) { - int res = 0; - if(!match_pattern || !*match_pattern || - !hostname || !*hostname) /* sanity check */ - ; - else { - char *matchp = strdup(match_pattern); - if(matchp) { - char *hostp = strdup(hostname); - if(hostp) { - if(hostmatch(hostp, matchp) == CURL_HOST_MATCH) - res = 1; - free(hostp); - } - free(matchp); - } - } - - return res; + if(match && *match && hostname && *hostname) + return hostmatch(hostname, hostlen, match, matchlen); + return FALSE; } #endif /* OPENSSL, GSKIT or schannel+wince */ diff --git a/contrib/libs/curl/lib/hostcheck.h b/contrib/libs/curl/lib/vtls/hostcheck.h index 52155f43b4..aa966403dd 100644 --- a/contrib/libs/curl/lib/hostcheck.h +++ b/contrib/libs/curl/lib/vtls/hostcheck.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,8 +24,8 @@ #include <curl/curl.h> -#define CURL_HOST_NOMATCH 0 -#define CURL_HOST_MATCH 1 -int Curl_cert_hostcheck(const char *match_pattern, const char *hostname); +/* returns TRUE if there's a match */ +bool Curl_cert_hostcheck(const char *match_pattern, size_t matchlen, + const char *hostname, size_t hostlen); #endif /* HEADER_CURL_HOSTCHECK_H */ diff --git a/contrib/libs/curl/lib/vtls/mbedtls.c b/contrib/libs/curl/lib/vtls/mbedtls.c index e177d3990d..d59ad92581 100644 --- a/contrib/libs/curl/lib/vtls/mbedtls.c +++ b/contrib/libs/curl/lib/vtls/mbedtls.c @@ -41,9 +41,6 @@ #error #include <mbedtls/net.h> #endif #error #include <mbedtls/ssl.h> -#if MBEDTLS_VERSION_NUMBER < 0x03000000 -#error #include <mbedtls/certs.h> -#endif #error #include <mbedtls/x509.h> #error #include <mbedtls/error.h> @@ -80,7 +77,9 @@ struct ssl_backend_data { int server_fd; mbedtls_x509_crt cacert; mbedtls_x509_crt clicert; +#ifdef MBEDTLS_X509_CRL_PARSE_C mbedtls_x509_crl crl; +#endif mbedtls_pk_context pk; mbedtls_ssl_config config; const char *protocols[3]; @@ -231,6 +230,8 @@ set_ssl_version_min_max(struct Curl_easy *data, struct connectdata *conn, long ssl_version_max = SSL_CONN_CONFIG(version_max); CURLcode result = CURLE_OK; + DEBUGASSERT(backend); + switch(ssl_version) { case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: @@ -286,6 +287,8 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, int ret = -1; char errorbuf[128]; + DEBUGASSERT(backend); + if((SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv2) || (SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv3)) { failf(data, "Not supported SSL version"); @@ -335,11 +338,12 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); failf(data, "Error importing ca cert blob - mbedTLS: (-0x%04X) %s", -ret, errorbuf); - return ret; + return CURLE_SSL_CERTPROBLEM; } } if(ssl_cafile && verifypeer) { +#ifdef MBEDTLS_FS_IO ret = mbedtls_x509_crt_parse_file(&backend->cacert, ssl_cafile); if(ret<0) { @@ -348,9 +352,14 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, ssl_cafile, -ret, errorbuf); return CURLE_SSL_CACERT_BADFILE; } +#else + failf(data, "mbedtls: functions that use the filesystem not built in"); + return CURLE_NOT_BUILT_IN; +#endif } if(ssl_capath) { +#ifdef MBEDTLS_FS_IO ret = mbedtls_x509_crt_parse_path(&backend->cacert, ssl_capath); if(ret<0) { @@ -361,12 +370,17 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, if(verifypeer) return CURLE_SSL_CACERT_BADFILE; } +#else + failf(data, "mbedtls: functions that use the filesystem not built in"); + return CURLE_NOT_BUILT_IN; +#endif } /* Load the client certificate */ mbedtls_x509_crt_init(&backend->clicert); if(ssl_cert) { +#ifdef MBEDTLS_FS_IO ret = mbedtls_x509_crt_parse_file(&backend->clicert, ssl_cert); if(ret) { @@ -376,6 +390,10 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, return CURLE_SSL_CERTPROBLEM; } +#else + failf(data, "mbedtls: functions that use the filesystem not built in"); + return CURLE_NOT_BUILT_IN; +#endif } if(ssl_cert_blob) { @@ -388,7 +406,7 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, memcpy(newblob, ssl_cert_blob->data, ssl_cert_blob->len); newblob[ssl_cert_blob->len] = 0; /* null terminate */ ret = mbedtls_x509_crt_parse(&backend->clicert, newblob, - ssl_cert_blob->len); + ssl_cert_blob->len + 1); free(newblob); if(ret) { @@ -404,6 +422,7 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, if(SSL_SET_OPTION(key) || SSL_SET_OPTION(key_blob)) { if(SSL_SET_OPTION(key)) { +#ifdef MBEDTLS_FS_IO #if MBEDTLS_VERSION_NUMBER >= 0x03000000 ret = mbedtls_pk_parse_keyfile(&backend->pk, SSL_SET_OPTION(key), SSL_SET_OPTION(key_passwd), @@ -420,6 +439,10 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, SSL_SET_OPTION(key), -ret, errorbuf); return CURLE_SSL_CERTPROBLEM; } +#else + failf(data, "mbedtls: functions that use the filesystem not built in"); + return CURLE_NOT_BUILT_IN; +#endif } else { const struct curl_blob *ssl_key_blob = SSL_SET_OPTION(key_blob); @@ -452,9 +475,11 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, } /* Load the CRL */ +#ifdef MBEDTLS_X509_CRL_PARSE_C mbedtls_x509_crl_init(&backend->crl); if(ssl_crlfile) { +#ifdef MBEDTLS_FS_IO ret = mbedtls_x509_crl_parse_file(&backend->crl, ssl_crlfile); if(ret) { @@ -464,17 +489,21 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, return CURLE_SSL_CRL_BADFILE; } +#else + failf(data, "mbedtls: functions that use the filesystem not built in"); + return CURLE_NOT_BUILT_IN; +#endif + } +#else + if(ssl_crlfile) { + failf(data, "mbedtls: crl support not built in"); + return CURLE_NOT_BUILT_IN; } +#endif infof(data, "mbedTLS: Connecting to %s:%ld", hostname, port); mbedtls_ssl_config_init(&backend->config); - - mbedtls_ssl_init(&backend->ssl); - if(mbedtls_ssl_setup(&backend->ssl, &backend->config)) { - failf(data, "mbedTLS: ssl_init failed"); - return CURLE_SSL_CONNECT_ERROR; - } ret = mbedtls_ssl_config_defaults(&backend->config, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, @@ -484,6 +513,12 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, return CURLE_SSL_CONNECT_ERROR; } + mbedtls_ssl_init(&backend->ssl); + if(mbedtls_ssl_setup(&backend->ssl, &backend->config)) { + failf(data, "mbedTLS: ssl_init failed"); + return CURLE_SSL_CONNECT_ERROR; + } + /* new profile with RSA min key len = 1024 ... */ mbedtls_ssl_conf_cert_profile(&backend->config, &mbedtls_x509_crt_profile_fr); @@ -555,18 +590,25 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, mbedtls_ssl_conf_ca_chain(&backend->config, &backend->cacert, +#ifdef MBEDTLS_X509_CRL_PARSE_C &backend->crl); +#else + NULL); +#endif if(SSL_SET_OPTION(key) || SSL_SET_OPTION(key_blob)) { mbedtls_ssl_conf_own_cert(&backend->config, &backend->clicert, &backend->pk); } - if(mbedtls_ssl_set_hostname(&backend->ssl, hostname)) { - /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks *and* - the name to set in the SNI extension. So even if curl connects to a - host specified as an IP address, this function must be used. */ - failf(data, "couldn't set hostname in mbedTLS"); - return CURLE_SSL_CONNECT_ERROR; + { + char *snihost = Curl_ssl_snihost(data, hostname, NULL); + if(!snihost || mbedtls_ssl_set_hostname(&backend->ssl, snihost)) { + /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks and + the name to set in the SNI extension. So even if curl connects to a + host specified as an IP address, this function must be used. */ + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } } #ifdef HAS_ALPN @@ -627,6 +669,8 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn, const mbedtls_x509_crt *peercert; const char * const pinnedpubkey = SSL_PINNED_PUB_KEY(); + DEBUGASSERT(backend); + conn->recv[sockindex] = mbed_recv; conn->send[sockindex] = mbed_send; @@ -806,6 +850,7 @@ mbed_connect_step3(struct Curl_easy *data, struct connectdata *conn, struct ssl_backend_data *backend = connssl->backend; DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); + DEBUGASSERT(backend); if(SSL_SET_OPTION(primary.sessionid)) { int ret; @@ -862,6 +907,8 @@ static ssize_t mbed_send(struct Curl_easy *data, int sockindex, struct ssl_backend_data *backend = connssl->backend; int ret = -1; + DEBUGASSERT(backend); + ret = mbedtls_ssl_write(&backend->ssl, (unsigned char *)mem, len); if(ret < 0) { @@ -886,6 +933,8 @@ static void mbedtls_close(struct Curl_easy *data, char buf[32]; (void) data; + DEBUGASSERT(backend); + /* Maybe the server has already sent a close notify alert. Read it to avoid an RST on the TCP connection. */ (void)mbedtls_ssl_read(&backend->ssl, (unsigned char *)buf, sizeof(buf)); @@ -893,7 +942,9 @@ static void mbedtls_close(struct Curl_easy *data, mbedtls_pk_free(&backend->pk); mbedtls_x509_crt_free(&backend->clicert); mbedtls_x509_crt_free(&backend->cacert); +#ifdef MBEDTLS_X509_CRL_PARSE_C mbedtls_x509_crl_free(&backend->crl); +#endif mbedtls_ssl_config_free(&backend->config); mbedtls_ssl_free(&backend->ssl); mbedtls_ctr_drbg_free(&backend->ctr_drbg); @@ -912,6 +963,8 @@ static ssize_t mbed_recv(struct Curl_easy *data, int num, int ret = -1; ssize_t len = -1; + DEBUGASSERT(backend); + ret = mbedtls_ssl_read(&backend->ssl, (unsigned char *)buf, buffersize); @@ -1146,6 +1199,7 @@ static bool mbedtls_data_pending(const struct connectdata *conn, { const struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); return mbedtls_ssl_get_bytes_avail(&backend->ssl) != 0; } @@ -1175,6 +1229,7 @@ static void *mbedtls_get_internals(struct ssl_connect_data *connssl, { struct ssl_backend_data *backend = connssl->backend; (void)info; + DEBUGASSERT(backend); return &backend->ssl; } diff --git a/contrib/libs/curl/lib/vtls/mesalink.c b/contrib/libs/curl/lib/vtls/mesalink.c deleted file mode 100644 index 35a916586e..0000000000 --- a/contrib/libs/curl/lib/vtls/mesalink.c +++ /dev/null @@ -1,679 +0,0 @@ -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 2017 - 2018, Yiming Jing, <jingyiming@baidu.com> - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -/* - * Source file for all MesaLink-specific code for the TLS/SSL layer. No code - * but vtls.c should ever call or use these functions. - * - */ - -/* - * Based upon the CyaSSL implementation in cyassl.c and cyassl.h: - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * Thanks for code and inspiration! - */ - -#include "curl_setup.h" - -#ifdef USE_MESALINK - -#include <mesalink/options.h> -#include <mesalink/version.h> - -#include "urldata.h" -#include "sendf.h" -#include "inet_pton.h" -#include "vtls.h" -#include "parsedate.h" -#include "connect.h" /* for the connect timeout */ -#include "select.h" -#include "strcase.h" -#include "x509asn1.h" -#include "curl_printf.h" - -#include "mesalink.h" -#include <mesalink/openssl/ssl.h> -#include <mesalink/openssl/err.h> - -/* The last #include files should be: */ -#include "curl_memory.h" -#include "memdebug.h" - -#define MESALINK_MAX_ERROR_SZ 80 - -struct ssl_backend_data -{ - SSL_CTX *ctx; - SSL *handle; -}; - -static Curl_recv mesalink_recv; -static Curl_send mesalink_send; - -static int do_file_type(const char *type) -{ - if(!type || !type[0]) - return SSL_FILETYPE_PEM; - if(strcasecompare(type, "PEM")) - return SSL_FILETYPE_PEM; - if(strcasecompare(type, "DER")) - return SSL_FILETYPE_ASN1; - return -1; -} - -/* - * This function loads all the client/CA certificates and CRLs. Setup the TLS - * layer and do all necessary magic. - */ -static CURLcode -mesalink_connect_step1(struct Curl_easy *data, - struct connectdata *conn, int sockindex) -{ - char *ciphers; - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - struct in_addr addr4; -#ifdef ENABLE_IPV6 - struct in6_addr addr6; -#endif - const char * const hostname = SSL_HOST_NAME(); - size_t hostname_len = strlen(hostname); - SSL_METHOD *req_method = NULL; - curl_socket_t sockfd = conn->sock[sockindex]; - struct ssl_backend_data *backend = connssl->backend; - - if(connssl->state == ssl_connection_complete) - return CURLE_OK; - - if(SSL_CONN_CONFIG(version_max) != CURL_SSLVERSION_MAX_NONE) { - failf(data, "MesaLink does not support to set maximum SSL/TLS version"); - return CURLE_SSL_CONNECT_ERROR; - } - - switch(SSL_CONN_CONFIG(version)) { - case CURL_SSLVERSION_SSLv3: - case CURL_SSLVERSION_TLSv1: - case CURL_SSLVERSION_TLSv1_0: - case CURL_SSLVERSION_TLSv1_1: - failf(data, "MesaLink does not support SSL 3.0, TLS 1.0, or TLS 1.1"); - return CURLE_NOT_BUILT_IN; - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1_2: - req_method = TLSv1_2_client_method(); - break; - case CURL_SSLVERSION_TLSv1_3: - req_method = TLSv1_3_client_method(); - break; - case CURL_SSLVERSION_SSLv2: - failf(data, "MesaLink does not support SSLv2"); - return CURLE_SSL_CONNECT_ERROR; - default: - failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); - return CURLE_SSL_CONNECT_ERROR; - } - - if(!req_method) { - failf(data, "SSL: couldn't create a method!"); - return CURLE_OUT_OF_MEMORY; - } - - if(backend->ctx) - SSL_CTX_free(backend->ctx); - backend->ctx = SSL_CTX_new(req_method); - - if(!backend->ctx) { - failf(data, "SSL: couldn't create a context!"); - return CURLE_OUT_OF_MEMORY; - } - - SSL_CTX_set_verify( - backend->ctx, SSL_CONN_CONFIG(verifypeer) ? - SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL); - - if(SSL_CONN_CONFIG(CAfile) || SSL_CONN_CONFIG(CApath)) { - if(!SSL_CTX_load_verify_locations(backend->ctx, SSL_CONN_CONFIG(CAfile), - SSL_CONN_CONFIG(CApath))) { - if(SSL_CONN_CONFIG(verifypeer)) { - failf(data, - "error setting certificate verify locations: " - " CAfile: %s CApath: %s", - SSL_CONN_CONFIG(CAfile) ? - SSL_CONN_CONFIG(CAfile) : "none", - SSL_CONN_CONFIG(CApath) ? - SSL_CONN_CONFIG(CApath) : "none"); - return CURLE_SSL_CACERT_BADFILE; - } - infof(data, - "error setting certificate verify locations," - " continuing anyway:"); - } - else { - infof(data, "successfully set certificate verify locations:"); - } - infof(data, " CAfile: %s", - SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile): "none"); - infof(data, " CApath: %s", - SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath): "none"); - } - - if(SSL_SET_OPTION(primary.clientcert) && SSL_SET_OPTION(key)) { - int file_type = do_file_type(SSL_SET_OPTION(cert_type)); - - if(SSL_CTX_use_certificate_chain_file(backend->ctx, - SSL_SET_OPTION(primary.clientcert), - file_type) != 1) { - failf(data, "unable to use client certificate (no key or wrong pass" - " phrase?)"); - return CURLE_SSL_CONNECT_ERROR; - } - - file_type = do_file_type(SSL_SET_OPTION(key_type)); - if(SSL_CTX_use_PrivateKey_file(backend->ctx, SSL_SET_OPTION(key), - file_type) != 1) { - failf(data, "unable to set private key"); - return CURLE_SSL_CONNECT_ERROR; - } - infof(data, - "client cert: %s", - SSL_CONN_CONFIG(clientcert)? - SSL_CONN_CONFIG(clientcert): "none"); - } - - ciphers = SSL_CONN_CONFIG(cipher_list); - if(ciphers) { -#ifdef MESALINK_HAVE_CIPHER - if(!SSL_CTX_set_cipher_list(backend->ctx, ciphers)) { - failf(data, "failed setting cipher list: %s", ciphers); - return CURLE_SSL_CIPHER; - } -#endif - infof(data, "Cipher selection: %s", ciphers); - } - - if(backend->handle) - SSL_free(backend->handle); - backend->handle = SSL_new(backend->ctx); - if(!backend->handle) { - failf(data, "SSL: couldn't create a context (handle)!"); - return CURLE_OUT_OF_MEMORY; - } - - if((hostname_len < USHRT_MAX) && - (0 == Curl_inet_pton(AF_INET, hostname, &addr4)) -#ifdef ENABLE_IPV6 - && (0 == Curl_inet_pton(AF_INET6, hostname, &addr6)) -#endif - ) { - /* hostname is not a valid IP address */ - if(SSL_set_tlsext_host_name(backend->handle, hostname) != SSL_SUCCESS) { - failf(data, - "WARNING: failed to configure server name indication (SNI) " - "TLS extension\n"); - return CURLE_SSL_CONNECT_ERROR; - } - } - else { -#ifdef CURLDEBUG - /* Check if the hostname is 127.0.0.1 or [::1]; - * otherwise reject because MesaLink always wants a valid DNS Name - * specified in RFC 5280 Section 7.2 */ - if(strncmp(hostname, "127.0.0.1", 9) == 0 -#ifdef ENABLE_IPV6 - || strncmp(hostname, "[::1]", 5) == 0 -#endif - ) { - SSL_set_tlsext_host_name(backend->handle, "localhost"); - } - else -#endif - { - failf(data, - "ERROR: MesaLink does not accept an IP address as a hostname\n"); - return CURLE_SSL_CONNECT_ERROR; - } - } - -#ifdef MESALINK_HAVE_SESSION - if(SSL_SET_OPTION(primary.sessionid)) { - void *ssl_sessionid = NULL; - - Curl_ssl_sessionid_lock(data); - if(!Curl_ssl_getsessionid(data, conn, - SSL_IS_PROXY() ? TRUE : FALSE, - &ssl_sessionid, NULL, sockindex)) { - /* we got a session id, use it! */ - if(!SSL_set_session(backend->handle, ssl_sessionid)) { - Curl_ssl_sessionid_unlock(data); - failf( - data, - "SSL: SSL_set_session failed: %s", - ERR_error_string(SSL_get_error(backend->handle, 0), error_buffer)); - return CURLE_SSL_CONNECT_ERROR; - } - /* Informational message */ - infof(data, "SSL re-using session ID"); - } - Curl_ssl_sessionid_unlock(data); - } -#endif /* MESALINK_HAVE_SESSION */ - - if(SSL_set_fd(backend->handle, (int)sockfd) != SSL_SUCCESS) { - failf(data, "SSL: SSL_set_fd failed"); - return CURLE_SSL_CONNECT_ERROR; - } - - connssl->connecting_state = ssl_connect_2; - return CURLE_OK; -} - -static CURLcode -mesalink_connect_step2(struct Curl_easy *data, - struct connectdata *conn, int sockindex) -{ - int ret = -1; - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - struct ssl_backend_data *backend = connssl->backend; - - conn->recv[sockindex] = mesalink_recv; - conn->send[sockindex] = mesalink_send; - - ret = SSL_connect(backend->handle); - if(ret != SSL_SUCCESS) { - int detail = SSL_get_error(backend->handle, ret); - - if(SSL_ERROR_WANT_CONNECT == detail || SSL_ERROR_WANT_READ == detail) { - connssl->connecting_state = ssl_connect_2_reading; - return CURLE_OK; - } - else { - char error_buffer[MESALINK_MAX_ERROR_SZ]; - failf(data, - "SSL_connect failed with error %d: %s", - detail, - ERR_error_string_n(detail, error_buffer, sizeof(error_buffer))); - ERR_print_errors_fp(stderr); - if(detail && SSL_CONN_CONFIG(verifypeer)) { - detail &= ~0xFF; - if(detail == TLS_ERROR_WEBPKI_ERRORS) { - failf(data, "Cert verify failed"); - return CURLE_PEER_FAILED_VERIFICATION; - } - } - return CURLE_SSL_CONNECT_ERROR; - } - } - - connssl->connecting_state = ssl_connect_3; - infof(data, - "SSL connection using %s / %s", - SSL_get_version(backend->handle), - SSL_get_cipher_name(backend->handle)); - - return CURLE_OK; -} - -static CURLcode -mesalink_connect_step3(struct connectdata *conn, int sockindex) -{ - CURLcode result = CURLE_OK; - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - - DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); - -#ifdef MESALINK_HAVE_SESSION - if(SSL_SET_OPTION(primary.sessionid)) { - bool incache; - SSL_SESSION *our_ssl_sessionid; - void *old_ssl_sessionid = NULL; - bool isproxy = SSL_IS_PROXY() ? TRUE : FALSE; - struct ssl_backend_data *backend = connssl->backend; - - our_ssl_sessionid = SSL_get_session(backend->handle); - - Curl_ssl_sessionid_lock(data); - incache = - !(Curl_ssl_getsessionid(data, conn, isproxy, &old_ssl_sessionid, NULL, - sockindex)); - if(incache) { - if(old_ssl_sessionid != our_ssl_sessionid) { - infof(data, "old SSL session ID is stale, removing"); - Curl_ssl_delsessionid(data, old_ssl_sessionid); - incache = FALSE; - } - } - - if(!incache) { - result = - Curl_ssl_addsessionid(data, conn, isproxy, our_ssl_sessionid, 0, - sockindex, NULL); - if(result) { - Curl_ssl_sessionid_unlock(data); - failf(data, "failed to store ssl session"); - return result; - } - } - Curl_ssl_sessionid_unlock(data); - } -#endif /* MESALINK_HAVE_SESSION */ - - connssl->connecting_state = ssl_connect_done; - - return result; -} - -static ssize_t -mesalink_send(struct Curl_easy *data, int sockindex, const void *mem, - size_t len, CURLcode *curlcode) -{ - struct connectdata *conn = data->conn; - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - struct ssl_backend_data *backend = connssl->backend; - char error_buffer[MESALINK_MAX_ERROR_SZ]; - int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; - int rc = SSL_write(backend->handle, mem, memlen); - - if(rc < 0) { - int err = SSL_get_error(backend->handle, rc); - switch(err) { - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - /* there's data pending, re-invoke SSL_write() */ - *curlcode = CURLE_AGAIN; - return -1; - default: - failf(data, - "SSL write: %s, errno %d", - ERR_error_string_n(err, error_buffer, sizeof(error_buffer)), - SOCKERRNO); - *curlcode = CURLE_SEND_ERROR; - return -1; - } - } - return rc; -} - -static void -mesalink_close(struct Curl_easy *data, struct connectdata *conn, int sockindex) -{ - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - struct ssl_backend_data *backend = connssl->backend; - - (void) data; - - if(backend->handle) { - (void)SSL_shutdown(backend->handle); - SSL_free(backend->handle); - backend->handle = NULL; - } - if(backend->ctx) { - SSL_CTX_free(backend->ctx); - backend->ctx = NULL; - } -} - -static ssize_t -mesalink_recv(struct Curl_easy *data, int num, char *buf, size_t buffersize, - CURLcode *curlcode) -{ - struct connectdata *conn = data->conn; - struct ssl_connect_data *connssl = &conn->ssl[num]; - struct ssl_backend_data *backend = connssl->backend; - char error_buffer[MESALINK_MAX_ERROR_SZ]; - int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; - int nread = SSL_read(backend->handle, buf, buffsize); - - if(nread <= 0) { - int err = SSL_get_error(backend->handle, nread); - - switch(err) { - case SSL_ERROR_ZERO_RETURN: /* no more data */ - case IO_ERROR_CONNECTION_ABORTED: - break; - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - /* there's data pending, re-invoke SSL_read() */ - *curlcode = CURLE_AGAIN; - return -1; - default: - failf(data, - "SSL read: %s, errno %d", - ERR_error_string_n(err, error_buffer, sizeof(error_buffer)), - SOCKERRNO); - *curlcode = CURLE_RECV_ERROR; - return -1; - } - } - return nread; -} - -static size_t -mesalink_version(char *buffer, size_t size) -{ - return msnprintf(buffer, size, "MesaLink/%s", MESALINK_VERSION_STRING); -} - -static int -mesalink_init(void) -{ - return (SSL_library_init() == SSL_SUCCESS); -} - -/* - * This function is called to shut down the SSL layer but keep the - * socket open (CCC - Clear Command Channel) - */ -static int -mesalink_shutdown(struct Curl_easy *data, - struct connectdata *conn, int sockindex) -{ - int retval = 0; - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - struct ssl_backend_data *backend = connssl->backend; - - (void) data; - - if(backend->handle) { - SSL_free(backend->handle); - backend->handle = NULL; - } - return retval; -} - -static CURLcode -mesalink_connect_common(struct Curl_easy *data, struct connectdata *conn, - int sockindex, bool nonblocking, bool *done) -{ - CURLcode result; - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - curl_socket_t sockfd = conn->sock[sockindex]; - timediff_t timeout_ms; - int what; - - /* check if the connection has already been established */ - if(ssl_connection_complete == connssl->state) { - *done = TRUE; - return CURLE_OK; - } - - if(ssl_connect_1 == connssl->connecting_state) { - /* Find out how much more time we're allowed */ - timeout_ms = Curl_timeleft(data, NULL, TRUE); - - if(timeout_ms < 0) { - /* no need to continue if time already is up */ - failf(data, "SSL connection timeout"); - return CURLE_OPERATION_TIMEDOUT; - } - - result = mesalink_connect_step1(data, conn, sockindex); - if(result) - return result; - } - - while(ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state) { - - /* check allowed time left */ - timeout_ms = Curl_timeleft(data, NULL, TRUE); - - if(timeout_ms < 0) { - /* no need to continue if time already is up */ - failf(data, "SSL connection timeout"); - return CURLE_OPERATION_TIMEDOUT; - } - - /* if ssl is expecting something, check if it's available. */ - if(connssl->connecting_state == ssl_connect_2_reading || - connssl->connecting_state == ssl_connect_2_writing) { - - curl_socket_t writefd = - ssl_connect_2_writing == connssl->connecting_state ? sockfd - : CURL_SOCKET_BAD; - curl_socket_t readfd = ssl_connect_2_reading == connssl->connecting_state - ? sockfd - : CURL_SOCKET_BAD; - - what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, - nonblocking ? 0 : timeout_ms); - if(what < 0) { - /* fatal error */ - failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); - return CURLE_SSL_CONNECT_ERROR; - } - else if(0 == what) { - if(nonblocking) { - *done = FALSE; - return CURLE_OK; - } - else { - /* timeout */ - failf(data, "SSL connection timeout"); - return CURLE_OPERATION_TIMEDOUT; - } - } - /* socket is readable or writable */ - } - - /* Run transaction, and return to the caller if it failed or if - * this connection is part of a multi handle and this loop would - * execute again. This permits the owner of a multi handle to - * abort a connection attempt before step2 has completed while - * ensuring that a client using select() or epoll() will always - * have a valid fdset to wait on. - */ - result = mesalink_connect_step2(data, conn, sockindex); - - if(result || - (nonblocking && (ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state))) { - return result; - } - } /* repeat step2 until all transactions are done. */ - - if(ssl_connect_3 == connssl->connecting_state) { - result = mesalink_connect_step3(conn, sockindex); - if(result) - return result; - } - - if(ssl_connect_done == connssl->connecting_state) { - connssl->state = ssl_connection_complete; - conn->recv[sockindex] = mesalink_recv; - conn->send[sockindex] = mesalink_send; - *done = TRUE; - } - else - *done = FALSE; - - /* Reset our connect state machine */ - connssl->connecting_state = ssl_connect_1; - - return CURLE_OK; -} - -static CURLcode -mesalink_connect_nonblocking(struct Curl_easy *data, struct connectdata *conn, - int sockindex, bool *done) -{ - return mesalink_connect_common(data, conn, sockindex, TRUE, done); -} - -static CURLcode -mesalink_connect(struct Curl_easy *data, struct connectdata *conn, - int sockindex) -{ - CURLcode result; - bool done = FALSE; - - result = mesalink_connect_common(data, conn, sockindex, FALSE, &done); - if(result) - return result; - - DEBUGASSERT(done); - - return CURLE_OK; -} - -static void * -mesalink_get_internals(struct ssl_connect_data *connssl, - CURLINFO info UNUSED_PARAM) -{ - struct ssl_backend_data *backend = connssl->backend; - (void)info; - return backend->handle; -} - -const struct Curl_ssl Curl_ssl_mesalink = { - { CURLSSLBACKEND_MESALINK, "MesaLink" }, /* info */ - - SSLSUPP_SSL_CTX, - - sizeof(struct ssl_backend_data), - - mesalink_init, /* init */ - Curl_none_cleanup, /* cleanup */ - mesalink_version, /* version */ - Curl_none_check_cxn, /* check_cxn */ - mesalink_shutdown, /* shutdown */ - Curl_none_data_pending, /* data_pending */ - Curl_none_random, /* random */ - Curl_none_cert_status_request, /* cert_status_request */ - mesalink_connect, /* connect */ - mesalink_connect_nonblocking, /* connect_nonblocking */ - Curl_ssl_getsock, /* getsock */ - mesalink_get_internals, /* get_internals */ - mesalink_close, /* close_one */ - Curl_none_close_all, /* close_all */ - Curl_none_session_free, /* session_free */ - Curl_none_set_engine, /* set_engine */ - Curl_none_set_engine_default, /* set_engine_default */ - Curl_none_engines_list, /* engines_list */ - Curl_none_false_start, /* false_start */ - NULL, /* sha256sum */ - NULL, /* associate_connection */ - NULL /* disassociate_connection */ -}; - -#endif diff --git a/contrib/libs/curl/lib/vtls/mesalink.h b/contrib/libs/curl/lib/vtls/mesalink.h deleted file mode 100644 index 03f520c1dc..0000000000 --- a/contrib/libs/curl/lib/vtls/mesalink.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef HEADER_CURL_MESALINK_H -#define HEADER_CURL_MESALINK_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 2017 - 2018, Yiming Jing, <jingyiming@baidu.com> - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ -#include "curl_setup.h" - -#ifdef USE_MESALINK - -extern const struct Curl_ssl Curl_ssl_mesalink; - -#endif /* USE_MESALINK */ -#endif /* HEADER_CURL_MESALINK_H */ diff --git a/contrib/libs/curl/lib/vtls/nss.c b/contrib/libs/curl/lib/vtls/nss.c index 2b44f05126..558e3bed39 100644 --- a/contrib/libs/curl/lib/vtls/nss.c +++ b/contrib/libs/curl/lib/vtls/nss.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -488,6 +488,9 @@ static CURLcode nss_create_object(struct ssl_connect_data *connssl, const int slot_id = (cacert) ? 0 : 1; char *slot_name = aprintf("PEM Token #%d", slot_id); struct ssl_backend_data *backend = connssl->backend; + + DEBUGASSERT(backend); + if(!slot_name) return CURLE_OUT_OF_MEMORY; @@ -882,8 +885,14 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg) !memcmp(ALPN_HTTP_1_1, buf, ALPN_HTTP_1_1_LENGTH)) { conn->negnpn = CURL_HTTP_VERSION_1_1; } - Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ? - BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); + + /* This callback might get called when PR_Recv() is used within + * close_one() during a connection shutdown. At that point there might not + * be any "bundle" associated with the connection anymore. + */ + if(conn->bundle) + Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ? + BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); } } @@ -1105,9 +1114,12 @@ static CURLcode cmp_peer_pubkey(struct ssl_connect_data *connssl, { CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; struct ssl_backend_data *backend = connssl->backend; - struct Curl_easy *data = backend->data; + struct Curl_easy *data = NULL; CERTCertificate *cert; + DEBUGASSERT(backend); + data = backend->data; + if(!pinnedpubkey) /* no pinned public key specified */ return CURLE_OK; @@ -1158,10 +1170,15 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock, { struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg; struct ssl_backend_data *backend = connssl->backend; - struct Curl_easy *data = backend->data; - const char *nickname = backend->client_nickname; + struct Curl_easy *data = NULL; + const char *nickname = NULL; static const char pem_slotname[] = "PEM Token #1"; + DEBUGASSERT(backend); + + data = backend->data; + nickname = backend->client_nickname; + if(backend->obj_clicert) { /* use the cert/key provided by PEM reader */ SECItem cert_der = { 0, NULL, 0 }; @@ -1529,6 +1546,8 @@ static int nss_check_cxn(struct connectdata *conn) int rc; char buf; + DEBUGASSERT(backend); + rc = PR_Recv(backend->handle, (void *)&buf, 1, PR_MSG_PEEK, PR_SecondsToInterval(1)); @@ -1545,7 +1564,11 @@ static void close_one(struct ssl_connect_data *connssl) { /* before the cleanup, check whether we are using a client certificate */ struct ssl_backend_data *backend = connssl->backend; - const bool client_cert = (backend->client_nickname != NULL) + bool client_cert = true; + + DEBUGASSERT(backend); + + client_cert = (backend->client_nickname != NULL) || (backend->obj_clicert != NULL); if(backend->handle) { @@ -1587,8 +1610,13 @@ static void nss_close(struct Curl_easy *data, struct connectdata *conn, struct ssl_connect_data *connssl_proxy = &conn->proxy_ssl[sockindex]; #endif struct ssl_backend_data *backend = connssl->backend; - (void)data; + + DEBUGASSERT(backend); +#ifndef CURL_DISABLE_PROXY + DEBUGASSERT(connssl_proxy->backend != NULL); +#endif + if(backend->handle #ifndef CURL_DISABLE_PROXY || connssl_proxy->backend->handle @@ -1816,6 +1844,8 @@ static CURLcode nss_fail_connect(struct ssl_connect_data *connssl, { struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + if(is_nss_error(curlerr)) { /* read NSPR error code */ PRErrorCode err = PR_GetError(); @@ -1842,6 +1872,9 @@ static CURLcode nss_set_blocking(struct ssl_connect_data *connssl, { PRSocketOptionData sock_opt; struct ssl_backend_data *backend = connssl->backend; + + DEBUGASSERT(backend); + sock_opt.option = PR_SockOpt_Nonblocking; sock_opt.value.non_blocking = !blocking; @@ -1865,7 +1898,6 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, CURLcode result; bool second_layer = FALSE; SSLVersionRange sslver_supported; - SSLVersionRange sslver = { SSL_LIBRARY_VERSION_TLS_1_0, /* min */ #ifdef SSL_LIBRARY_VERSION_TLS_1_3 @@ -1878,6 +1910,13 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, SSL_LIBRARY_VERSION_TLS_1_0 #endif }; + char *snihost = Curl_ssl_snihost(data, SSL_HOST_NAME(), NULL); + if(!snihost) { + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } + + DEBUGASSERT(backend); backend->data = data; @@ -2028,9 +2067,12 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, #ifndef CURL_DISABLE_PROXY if(conn->proxy_ssl[sockindex].use) { + struct ssl_backend_data *proxy_backend; + proxy_backend = conn->proxy_ssl[sockindex].backend; DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state); - DEBUGASSERT(conn->proxy_ssl[sockindex].backend->handle != NULL); - nspr_io = conn->proxy_ssl[sockindex].backend->handle; + DEBUGASSERT(proxy_backend); + DEBUGASSERT(proxy_backend->handle); + nspr_io = proxy_backend->handle; second_layer = TRUE; } #endif @@ -2140,11 +2182,11 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, goto error; /* propagate hostname to the TLS layer */ - if(SSL_SetURL(backend->handle, SSL_HOST_NAME()) != SECSuccess) + if(SSL_SetURL(backend->handle, snihost) != SECSuccess) goto error; /* prevent NSS from re-using the session for a different hostname */ - if(SSL_SetSockPeerID(backend->handle, SSL_HOST_NAME()) != SECSuccess) + if(SSL_SetSockPeerID(backend->handle, snihost) != SECSuccess) goto error; return CURLE_OK; @@ -2172,6 +2214,8 @@ static CURLcode nss_do_connect(struct Curl_easy *data, goto error; } + DEBUGASSERT(backend); + /* Force the handshake now */ timeout = PR_MillisecondsToInterval((PRUint32) time_left); if(SSL_ForceHandshakeWithTimeout(backend->handle, timeout) != SECSuccess) { @@ -2305,6 +2349,8 @@ static ssize_t nss_send(struct Curl_easy *data, /* transfer */ struct ssl_backend_data *backend = connssl->backend; ssize_t rc; + DEBUGASSERT(backend); + /* The SelectClientCert() hook uses this for infof() and failf() but the handle stored in nss_setup_connect() could have already been freed. */ backend->data = data; @@ -2344,6 +2390,8 @@ static ssize_t nss_recv(struct Curl_easy *data, /* transfer */ struct ssl_backend_data *backend = connssl->backend; ssize_t nread; + DEBUGASSERT(backend); + /* The SelectClientCert() hook uses this for infof() and failf() but the handle stored in nss_setup_connect() could have already been freed. */ backend->data = data; @@ -2442,6 +2490,7 @@ static void *nss_get_internals(struct ssl_connect_data *connssl, { struct ssl_backend_data *backend = connssl->backend; (void)info; + DEBUGASSERT(backend); return backend->handle; } diff --git a/contrib/libs/curl/lib/vtls/openssl.c b/contrib/libs/curl/lib/vtls/openssl.c index 8c0f946dd5..d3ed3e7ba0 100644 --- a/contrib/libs/curl/lib/vtls/openssl.c +++ b/contrib/libs/curl/lib/vtls/openssl.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -91,7 +91,6 @@ #endif #include "warnless.h" -#include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */ /* The last #include files should be: */ #include "curl_memory.h" @@ -266,7 +265,7 @@ struct ssl_backend_data { #endif }; -static void ossl_associate_connection(struct Curl_easy *data, +static bool ossl_associate_connection(struct Curl_easy *data, struct connectdata *conn, int sockindex); @@ -1432,6 +1431,9 @@ static void ossl_closeone(struct Curl_easy *data, struct ssl_connect_data *connssl) { struct ssl_backend_data *backend = connssl->backend; + + DEBUGASSERT(backend); + if(backend->handle) { char buf[32]; set_logger(conn, data); @@ -1489,6 +1491,8 @@ static int ossl_shutdown(struct Curl_easy *data, struct ssl_backend_data *backend = connssl->backend; int loop = 10; + DEBUGASSERT(backend); + #ifndef CURL_DISABLE_FTP /* This has only been tested on the proftpd server, and the mod_tls code sends a close notify alert without waiting for a close notify alert in @@ -1610,54 +1614,26 @@ static void ossl_close_all(struct Curl_easy *data) /* ====================================================== */ /* - * Match subjectAltName against the host name. This requires a conversion - * in CURL_DOES_CONVERSIONS builds. + * Match subjectAltName against the host name. */ static bool subj_alt_hostcheck(struct Curl_easy *data, - const char *match_pattern, const char *hostname, + const char *match_pattern, + size_t matchlen, + const char *hostname, + size_t hostlen, const char *dispname) -#ifdef CURL_DOES_CONVERSIONS -{ - bool res = FALSE; - - /* Curl_cert_hostcheck uses host encoding, but we get ASCII from - OpenSSl. - */ - char *match_pattern2 = strdup(match_pattern); - - if(match_pattern2) { - if(Curl_convert_from_network(data, match_pattern2, - strlen(match_pattern2)) == CURLE_OK) { - if(Curl_cert_hostcheck(match_pattern2, hostname)) { - res = TRUE; - infof(data, - " subjectAltName: host \"%s\" matched cert's \"%s\"", - dispname, match_pattern2); - } - } - free(match_pattern2); - } - else { - failf(data, - "SSL: out of memory when allocating temporary for subjectAltName"); - } - return res; -} -#else { #ifdef CURL_DISABLE_VERBOSE_STRINGS (void)dispname; (void)data; #endif - if(Curl_cert_hostcheck(match_pattern, hostname)) { + if(Curl_cert_hostcheck(match_pattern, matchlen, hostname, hostlen)) { infof(data, " subjectAltName: host \"%s\" matched cert's \"%s\"", dispname, match_pattern); return TRUE; } return FALSE; } -#endif - /* Quote from RFC2818 section 3.1 "Server Identity" @@ -1698,6 +1674,7 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, bool iPAddress = FALSE; /* if a iPAddress field exists in the cert */ const char * const hostname = SSL_HOST_NAME(); const char * const dispname = SSL_HOST_DISPNAME(); + size_t hostlen = strlen(hostname); #ifdef ENABLE_IPV6 if(conn->bits.ipv6_ip && @@ -1760,7 +1737,9 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, if((altlen == strlen(altptr)) && /* if this isn't true, there was an embedded zero in the name string and we cannot match it. */ - subj_alt_hostcheck(data, altptr, hostname, dispname)) { + subj_alt_hostcheck(data, + altptr, + altlen, hostname, hostlen, dispname)) { dnsmatched = TRUE; } break; @@ -1796,17 +1775,17 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, else { /* we have to look to the last occurrence of a commonName in the distinguished one to get the most significant one. */ - int j, i = -1; + int i = -1; + unsigned char *peer_CN = NULL; + int peerlen = 0; /* The following is done because of a bug in 0.9.6b */ - - unsigned char *nulstr = (unsigned char *)""; - unsigned char *peer_CN = nulstr; - X509_NAME *name = X509_get_subject_name(server_cert); - if(name) + if(name) { + int j; while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0) i = j; + } /* we have the name entry and we will now convert this to a string that we can use for comparison. Doing this we support BMPstring, @@ -1822,19 +1801,21 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, conditional in the future when OpenSSL has been fixed. */ if(tmp) { if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { - j = ASN1_STRING_length(tmp); - if(j >= 0) { - peer_CN = OPENSSL_malloc(j + 1); + peerlen = ASN1_STRING_length(tmp); + if(peerlen >= 0) { + peer_CN = OPENSSL_malloc(peerlen + 1); if(peer_CN) { - memcpy(peer_CN, ASN1_STRING_get0_data(tmp), j); - peer_CN[j] = '\0'; + memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen); + peer_CN[peerlen] = '\0'; } + else + result = CURLE_OUT_OF_MEMORY; } } else /* not a UTF8 name */ - j = ASN1_STRING_to_UTF8(&peer_CN, tmp); + peerlen = ASN1_STRING_to_UTF8(&peer_CN, tmp); - if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) { + if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != peerlen)) { /* there was a terminating zero before the end of string, this cannot match and we return failure! */ failf(data, "SSL: illegal cert name field"); @@ -1843,19 +1824,6 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, } } - if(peer_CN == nulstr) - peer_CN = NULL; - else { - /* convert peer_CN from UTF8 */ - CURLcode rc = Curl_convert_from_utf8(data, (char *)peer_CN, - strlen((char *)peer_CN)); - /* Curl_convert_from_utf8 calls failf if unsuccessful */ - if(rc) { - OPENSSL_free(peer_CN); - return rc; - } - } - if(result) /* error already detected, pass through */ ; @@ -1864,7 +1832,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, "SSL: unable to obtain common name from peer certificate"); result = CURLE_PEER_FAILED_VERIFICATION; } - else if(!Curl_cert_hostcheck((const char *)peer_CN, hostname)) { + else if(!Curl_cert_hostcheck((const char *)peer_CN, + peerlen, hostname, hostlen)) { failf(data, "SSL: certificate subject name '%s' does not match " "target host name '%s'", peer_CN, dispname); result = CURLE_PEER_FAILED_VERIFICATION; @@ -1898,8 +1867,11 @@ static CURLcode verifystatus(struct Curl_easy *data, int cert_status, crl_reason; ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; int ret; + long len; + + DEBUGASSERT(backend); - long len = SSL_get_tlsext_status_ocsp_resp(backend->handle, &status); + len = SSL_get_tlsext_status_ocsp_resp(backend->handle, &status); if(!status) { failf(data, "No OCSP response received"); @@ -2158,7 +2130,10 @@ static void ossl_trace(int direction, int ssl_ver, int content_type, struct connectdata *conn = userp; struct ssl_connect_data *connssl = &conn->ssl[0]; struct ssl_backend_data *backend = connssl->backend; - struct Curl_easy *data = backend->logger; + struct Curl_easy *data = NULL; + + DEBUGASSERT(backend); + data = backend->logger; if(!conn || !data || !data->set.fdebug || (direction != 0 && direction != 1)) @@ -2363,10 +2338,12 @@ set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn) case CURL_SSLVERSION_TLSv1_2: ossl_ssl_version_min = TLS1_2_VERSION; break; -#ifdef TLS1_3_VERSION case CURL_SSLVERSION_TLSv1_3: +#ifdef TLS1_3_VERSION ossl_ssl_version_min = TLS1_3_VERSION; break; +#else + return CURLE_NOT_BUILT_IN; #endif } @@ -2422,6 +2399,8 @@ set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn) #ifdef OPENSSL_IS_BORINGSSL typedef uint32_t ctx_option_t; +#elif OPENSSL_VERSION_NUMBER >= 0x30000000L +typedef uint64_t ctx_option_t; #else typedef long ctx_option_t; #endif @@ -2442,6 +2421,8 @@ set_ssl_version_min_max_legacy(ctx_option_t *ctx_options, #ifdef TLS1_3_VERSION { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); SSL_CTX_set_max_proto_version(backend->ctx, TLS1_3_VERSION); *ctx_options |= SSL_OP_NO_TLSv1_2; } @@ -2521,13 +2502,12 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) return 0; conn = (struct connectdata*) SSL_get_ex_data(ssl, connectdata_idx); - if(!conn) - return 0; - data = (struct Curl_easy *) SSL_get_ex_data(ssl, data_idx); - /* The sockindex has been stored as a pointer to an array element */ sockindex_ptr = (curl_socket_t*) SSL_get_ex_data(ssl, sockindex_idx); + if(!conn || !data || !sockindex_ptr) + return 0; + sockindex = (int)(sockindex_ptr - conn->sock); isproxy = SSL_get_ex_data(ssl, proxy_idx) ? TRUE : FALSE; @@ -2670,6 +2650,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, bool imported_native_ca = false; DEBUGASSERT(ssl_connect_1 == connssl->connecting_state); + DEBUGASSERT(backend); /* Make funny stuff to get random input */ result = ossl_seed(data); @@ -2736,8 +2717,8 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, implementations is desired." The "-no_ticket" option was introduced in OpenSSL 0.9.8j. It's a flag to - disable "rfc4507bis session ticket support". rfc4507bis was later turned - into the proper RFC5077 it seems: https://tools.ietf.org/html/rfc5077 + disable "rfc4507bis session ticket support". rfc4507bis was later turned + into the proper RFC5077: https://datatracker.ietf.org/doc/html/rfc5077 The enabled extension concerns the session management. I wonder how often libcurl stops a connection and then resumes a TLS session. Also, sending @@ -2942,7 +2923,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, /* Import certificates from the Windows root certificate store if requested. https://stackoverflow.com/questions/9507184/ https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L1037 - https://tools.ietf.org/html/rfc5280 */ + https://datatracker.ietf.org/doc/html/rfc5280 */ if((SSL_CONN_CONFIG(verifypeer) || SSL_CONN_CONFIG(verifyhost)) && (SSL_SET_OPTION(native_ca_store))) { X509_STORE *store = SSL_CTX_get_cert_store(backend->ctx); @@ -3243,44 +3224,48 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) && #endif sni) { - size_t nlen = strlen(hostname); - if((long)nlen >= data->set.buffer_size) - /* this is seriously messed up */ + char *snihost = Curl_ssl_snihost(data, hostname, NULL); + if(!snihost || !SSL_set_tlsext_host_name(backend->handle, snihost)) { + failf(data, "Failed set SNI"); return CURLE_SSL_CONNECT_ERROR; - - /* RFC 6066 section 3 says the SNI field is case insensitive, but browsers - send the data lowercase and subsequently there are now numerous servers - out there that don't work unless the name is lowercased */ - Curl_strntolower(data->state.buffer, hostname, nlen); - data->state.buffer[nlen] = 0; - if(!SSL_set_tlsext_host_name(backend->handle, data->state.buffer)) - infof(data, "WARNING: failed to configure server name indication (SNI) " - "TLS extension"); + } } #endif - ossl_associate_connection(data, conn, sockindex); + if(!ossl_associate_connection(data, conn, sockindex)) { + /* Maybe the internal errors of SSL_get_ex_new_index or SSL_set_ex_data */ + failf(data, "SSL: ossl_associate_connection failed: %s", + ossl_strerror(ERR_get_error(), error_buffer, + sizeof(error_buffer))); + return CURLE_SSL_CONNECT_ERROR; + } - Curl_ssl_sessionid_lock(data); - if(!Curl_ssl_getsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE, - &ssl_sessionid, NULL, sockindex)) { - /* we got a session id, use it! */ - if(!SSL_set_session(backend->handle, ssl_sessionid)) { - Curl_ssl_sessionid_unlock(data); - failf(data, "SSL: SSL_set_session failed: %s", - ossl_strerror(ERR_get_error(), error_buffer, - sizeof(error_buffer))); - return CURLE_SSL_CONNECT_ERROR; + if(SSL_SET_OPTION(primary.sessionid)) { + Curl_ssl_sessionid_lock(data); + if(!Curl_ssl_getsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE, + &ssl_sessionid, NULL, sockindex)) { + /* we got a session id, use it! */ + if(!SSL_set_session(backend->handle, ssl_sessionid)) { + Curl_ssl_sessionid_unlock(data); + failf(data, "SSL: SSL_set_session failed: %s", + ossl_strerror(ERR_get_error(), error_buffer, + sizeof(error_buffer))); + return CURLE_SSL_CONNECT_ERROR; + } + /* Informational message */ + infof(data, "SSL re-using session ID"); } - /* Informational message */ - infof(data, "SSL re-using session ID"); + Curl_ssl_sessionid_unlock(data); } - Curl_ssl_sessionid_unlock(data); #ifndef CURL_DISABLE_PROXY if(conn->proxy_ssl[sockindex].use) { BIO *const bio = BIO_new(BIO_f_ssl()); - SSL *handle = conn->proxy_ssl[sockindex].backend->handle; + struct ssl_backend_data *proxy_backend; + SSL* handle = NULL; + proxy_backend = conn->proxy_ssl[sockindex].backend; + DEBUGASSERT(proxy_backend); + handle = proxy_backend->handle; DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state); DEBUGASSERT(handle != NULL); DEBUGASSERT(bio != NULL); @@ -3310,6 +3295,7 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data, DEBUGASSERT(ssl_connect_2 == connssl->connecting_state || ssl_connect_2_reading == connssl->connecting_state || ssl_connect_2_writing == connssl->connecting_state); + DEBUGASSERT(backend); ERR_clear_error(); @@ -3571,6 +3557,8 @@ static CURLcode get_cert_chain(struct Curl_easy *data, BIO *mem; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + sk = SSL_get_peer_cert_chain(backend->handle); if(!sk) { return CURLE_OUT_OF_MEMORY; @@ -3883,6 +3871,8 @@ static CURLcode servercert(struct Curl_easy *data, BIO *mem = BIO_new(BIO_s_mem()); struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + if(!mem) { failf(data, "BIO_new return NULL, " OSSL_PACKAGE @@ -3953,9 +3943,20 @@ static CURLcode servercert(struct Curl_easy *data, /* e.g. match issuer name with provided issuer certificate */ if(SSL_CONN_CONFIG(issuercert) || SSL_CONN_CONFIG(issuercert_blob)) { - if(SSL_CONN_CONFIG(issuercert_blob)) + if(SSL_CONN_CONFIG(issuercert_blob)) { fp = BIO_new_mem_buf(SSL_CONN_CONFIG(issuercert_blob)->data, (int)SSL_CONN_CONFIG(issuercert_blob)->len); + if(!fp) { + failf(data, + "BIO_new_mem_buf NULL, " OSSL_PACKAGE + " error %s", + ossl_strerror(ERR_get_error(), error_buffer, + sizeof(error_buffer)) ); + X509_free(backend->server_cert); + backend->server_cert = NULL; + return CURLE_OUT_OF_MEMORY; + } + } else { fp = BIO_new(BIO_s_file()); if(!fp) { @@ -4222,11 +4223,13 @@ static bool ossl_data_pending(const struct connectdata *conn, int connindex) { const struct ssl_connect_data *connssl = &conn->ssl[connindex]; + DEBUGASSERT(connssl->backend); if(connssl->backend->handle && SSL_pending(connssl->backend->handle)) return TRUE; #ifndef CURL_DISABLE_PROXY { const struct ssl_connect_data *proxyssl = &conn->proxy_ssl[connindex]; + DEBUGASSERT(proxyssl->backend); if(proxyssl->backend->handle && SSL_pending(proxyssl->backend->handle)) return TRUE; } @@ -4253,6 +4256,8 @@ static ssize_t ossl_send(struct Curl_easy *data, struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + ERR_clear_error(); memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; @@ -4332,6 +4337,8 @@ static ssize_t ossl_recv(struct Curl_easy *data, /* transfer */ struct ssl_connect_data *connssl = &conn->ssl[num]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + ERR_clear_error(); buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; @@ -4531,20 +4538,22 @@ static void *ossl_get_internals(struct ssl_connect_data *connssl, { /* Legacy: CURLINFO_TLS_SESSION must return an SSL_CTX pointer. */ struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); return info == CURLINFO_TLS_SESSION ? (void *)backend->ctx : (void *)backend->handle; } -static void ossl_associate_connection(struct Curl_easy *data, +static bool ossl_associate_connection(struct Curl_easy *data, struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); /* If we don't have SSL context, do nothing. */ if(!backend->handle) - return; + return FALSE; if(SSL_SET_OPTION(primary.sessionid)) { int data_idx = ossl_get_ssl_data_index(); @@ -4554,19 +4563,26 @@ static void ossl_associate_connection(struct Curl_easy *data, if(data_idx >= 0 && connectdata_idx >= 0 && sockindex_idx >= 0 && proxy_idx >= 0) { + int data_status, conn_status, sockindex_status, proxy_status; + /* Store the data needed for the "new session" callback. * The sockindex is stored as a pointer to an array element. */ - SSL_set_ex_data(backend->handle, data_idx, data); - SSL_set_ex_data(backend->handle, connectdata_idx, conn); - SSL_set_ex_data(backend->handle, sockindex_idx, conn->sock + sockindex); + data_status = SSL_set_ex_data(backend->handle, data_idx, data); + conn_status = SSL_set_ex_data(backend->handle, connectdata_idx, conn); + sockindex_status = SSL_set_ex_data(backend->handle, sockindex_idx, + conn->sock + sockindex); #ifndef CURL_DISABLE_PROXY - SSL_set_ex_data(backend->handle, proxy_idx, SSL_IS_PROXY() ? (void *) 1: - NULL); + proxy_status = SSL_set_ex_data(backend->handle, proxy_idx, + SSL_IS_PROXY() ? (void *) 1 : NULL); #else - SSL_set_ex_data(backend->handle, proxy_idx, NULL); + proxy_status = SSL_set_ex_data(backend->handle, proxy_idx, NULL); #endif + if(data_status && conn_status && sockindex_status && proxy_status) + return TRUE; } + return FALSE; } + return TRUE; } /* @@ -4583,6 +4599,7 @@ static void ossl_disassociate_connection(struct Curl_easy *data, struct connectdata *conn = data->conn; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); /* If we don't have SSL context, do nothing. */ if(!backend->handle) diff --git a/contrib/libs/curl/lib/vtls/openssl.h b/contrib/libs/curl/lib/vtls/openssl.h index 28058453c0..7df642bc9a 100644 --- a/contrib/libs/curl/lib/vtls/openssl.h +++ b/contrib/libs/curl/lib/vtls/openssl.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -30,11 +30,17 @@ * and ngtcp2.c */ -#include <openssl/x509v3.h> #include "urldata.h" +/* + * In an effort to avoid using 'X509 *' here, we instead use the struct + * x509_st version of the type so that we can forward-declare it here without + * having to include <openssl/x509v3.h>. Including that header causes name + * conflicts when libcurl is built with both Schannel and OpenSSL support. + */ +struct x509_st; CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, - X509 *server_cert); + struct x509_st *server_cert); extern const struct Curl_ssl Curl_ssl_openssl; #endif /* USE_OPENSSL */ diff --git a/contrib/libs/curl/lib/vtls/rustls.c b/contrib/libs/curl/lib/vtls/rustls.c index 6dbb1ef3cd..0e651aed9d 100644 --- a/contrib/libs/curl/lib/vtls/rustls.c +++ b/contrib/libs/curl/lib/vtls/rustls.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2020 - 2021, Jacob Hoffman-Andrews, + * Copyright (C) 2020 - 2022, Jacob Hoffman-Andrews, * <github@hoffman-andrews.com> * * This software is licensed as described in the file COPYING, which @@ -65,6 +65,7 @@ cr_data_pending(const struct connectdata *conn, int sockindex) { const struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); return backend->data_pending; } @@ -118,7 +119,8 @@ cr_recv(struct Curl_easy *data, int sockindex, struct connectdata *conn = data->conn; struct ssl_connect_data *const connssl = &conn->ssl[sockindex]; struct ssl_backend_data *const backend = connssl->backend; - struct rustls_connection *const rconn = backend->conn; + struct rustls_connection *rconn = NULL; + size_t n = 0; size_t tls_bytes_read = 0; size_t plain_bytes_copied = 0; @@ -126,6 +128,9 @@ cr_recv(struct Curl_easy *data, int sockindex, char errorbuf[255]; rustls_io_result io_error; + DEBUGASSERT(backend); + rconn = backend->conn; + io_error = rustls_connection_read_tls(rconn, read_cb, &conn->sock[sockindex], &tls_bytes_read); if(io_error == EAGAIN || io_error == EWOULDBLOCK) { @@ -215,13 +220,16 @@ cr_send(struct Curl_easy *data, int sockindex, struct connectdata *conn = data->conn; struct ssl_connect_data *const connssl = &conn->ssl[sockindex]; struct ssl_backend_data *const backend = connssl->backend; - struct rustls_connection *const rconn = backend->conn; + struct rustls_connection *rconn = NULL; size_t plainwritten = 0; size_t tlswritten = 0; size_t tlswritten_total = 0; rustls_result rresult; rustls_io_result io_error; + DEBUGASSERT(backend); + rconn = backend->conn; + infof(data, "cr_send %ld bytes of plaintext", plainlen); if(plainlen > 0) { @@ -295,9 +303,13 @@ static CURLcode cr_init_backend(struct Curl_easy *data, struct connectdata *conn, struct ssl_backend_data *const backend) { - struct rustls_connection *rconn = backend->conn; + struct rustls_connection *rconn = NULL; struct rustls_client_config_builder *config_builder = NULL; - const char *const ssl_cafile = SSL_CONN_CONFIG(CAfile); + struct rustls_root_cert_store *roots = NULL; + const struct curl_blob *ca_info_blob = SSL_CONN_CONFIG(ca_info_blob); + const char * const ssl_cafile = + /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */ + (ca_info_blob ? NULL : SSL_CONN_CONFIG(CAfile)); const bool verifypeer = SSL_CONN_CONFIG(verifypeer); const char *hostname = conn->host.name; char errorbuf[256]; @@ -308,6 +320,9 @@ cr_init_backend(struct Curl_easy *data, struct connectdata *conn, { (const uint8_t *)ALPN_H2, ALPN_H2_LENGTH }, }; + DEBUGASSERT(backend); + rconn = backend->conn; + config_builder = rustls_client_config_builder_new(); #ifdef USE_HTTP2 infof(data, "offering ALPN for HTTP/1.1 and HTTP/2"); @@ -328,6 +343,29 @@ cr_init_backend(struct Curl_easy *data, struct connectdata *conn, hostname = "example.invalid"; } } + else if(ca_info_blob) { + roots = rustls_root_cert_store_new(); + + /* Enable strict parsing only if verification isn't disabled. */ + result = rustls_root_cert_store_add_pem(roots, ca_info_blob->data, + ca_info_blob->len, verifypeer); + if(result != RUSTLS_RESULT_OK) { + failf(data, "failed to parse trusted certificates from blob"); + rustls_root_cert_store_free(roots); + rustls_client_config_free( + rustls_client_config_builder_build(config_builder)); + return CURLE_SSL_CACERT_BADFILE; + } + + result = rustls_client_config_builder_use_roots(config_builder, roots); + rustls_root_cert_store_free(roots); + if(result != RUSTLS_RESULT_OK) { + failf(data, "failed to load trusted certificates"); + rustls_client_config_free( + rustls_client_config_builder_build(config_builder)); + return CURLE_SSL_CACERT_BADFILE; + } + } else if(ssl_cafile) { result = rustls_client_config_builder_load_roots_from_file( config_builder, ssl_cafile); @@ -341,7 +379,14 @@ cr_init_backend(struct Curl_easy *data, struct connectdata *conn, backend->config = rustls_client_config_builder_build(config_builder); DEBUGASSERT(rconn == NULL); - result = rustls_client_connection_new(backend->config, hostname, &rconn); + { + char *snihost = Curl_ssl_snihost(data, hostname, NULL); + if(!snihost) { + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } + result = rustls_client_connection_new(backend->config, snihost, &rconn); + } if(result != RUSTLS_RESULT_OK) { rustls_error(result, errorbuf, sizeof(errorbuf), &errorlen); failf(data, "rustls_client_connection_new: %.*s", errorlen, errorbuf); @@ -401,6 +446,8 @@ cr_connect_nonblocking(struct Curl_easy *data, struct connectdata *conn, curl_socket_t writefd; curl_socket_t readfd; + DEBUGASSERT(backend); + if(ssl_connection_none == connssl->state) { result = cr_init_backend(data, conn, connssl->backend); if(result != CURLE_OK) { @@ -495,7 +542,10 @@ cr_getsock(struct connectdata *conn, curl_socket_t *socks) struct ssl_connect_data *const connssl = &conn->ssl[FIRSTSOCKET]; curl_socket_t sockfd = conn->sock[FIRSTSOCKET]; struct ssl_backend_data *const backend = connssl->backend; - struct rustls_connection *rconn = backend->conn; + struct rustls_connection *rconn = NULL; + + DEBUGASSERT(backend); + rconn = backend->conn; if(rustls_connection_wants_write(rconn)) { socks[0] = sockfd; @@ -514,6 +564,7 @@ cr_get_internals(struct ssl_connect_data *connssl, CURLINFO info UNUSED_PARAM) { struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); return &backend->conn; } @@ -526,6 +577,8 @@ cr_close(struct Curl_easy *data, struct connectdata *conn, CURLcode tmperr = CURLE_OK; ssize_t n = 0; + DEBUGASSERT(backend); + if(backend->conn) { rustls_connection_send_close_notify(backend->conn); n = cr_send(data, sockindex, NULL, 0, &tmperr); @@ -550,7 +603,8 @@ static size_t cr_version(char *buffer, size_t size) const struct Curl_ssl Curl_ssl_rustls = { { CURLSSLBACKEND_RUSTLS, "rustls" }, - SSLSUPP_TLS13_CIPHERSUITES, /* supports */ + SSLSUPP_CAINFO_BLOB | /* supports */ + SSLSUPP_TLS13_CIPHERSUITES, sizeof(struct ssl_backend_data), Curl_none_init, /* init */ diff --git a/contrib/libs/curl/lib/vtls/schannel.c b/contrib/libs/curl/lib/vtls/schannel.c index 0a8e60610d..04c8f3b6cf 100644 --- a/contrib/libs/curl/lib/vtls/schannel.c +++ b/contrib/libs/curl/lib/vtls/schannel.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2012 - 2016, Marc Hoersken, <info@marc-hoersken.de> * Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com> * @@ -325,13 +325,15 @@ get_alg_id_by_name(char *name) return 0; } +#define NUM_CIPHERS 47 /* There are 47 options listed above */ + static CURLcode set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers, ALG_ID *algIds) { char *startCur = ciphers; int algCount = 0; - while(startCur && (0 != *startCur) && (algCount < NUMOF_CIPHERS)) { + while(startCur && (0 != *startCur) && (algCount < NUM_CIPHERS)) { long alg = strtol(startCur, 0, 0); if(!alg) alg = get_alg_id_by_name(startCur); @@ -418,11 +420,14 @@ schannel_acquire_credential_handle(struct Curl_easy *data, { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; SCHANNEL_CRED schannel_cred; + ALG_ID algIds[NUM_CIPHERS]; PCCERT_CONTEXT client_certs[1] = { NULL }; SECURITY_STATUS sspi_status = SEC_E_OK; CURLcode result; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + /* setup Schannel API options */ memset(&schannel_cred, 0, sizeof(schannel_cred)); schannel_cred.dwVersion = SCHANNEL_CRED_VERSION; @@ -502,7 +507,7 @@ schannel_acquire_credential_handle(struct Curl_easy *data, if(SSL_CONN_CONFIG(cipher_list)) { result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list), - backend->algIds); + algIds); if(CURLE_OK != result) { failf(data, "Unable to set ciphers to passed via SSL_CONN_CONFIG"); return result; @@ -765,11 +770,12 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn, #ifdef ENABLE_IPV6 struct in6_addr addr6; #endif - TCHAR *host_name; CURLcode result; char * const hostname = SSL_HOST_NAME(); struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %hu (step 1/3)", hostname, conn->remote_port)); @@ -846,10 +852,21 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn, } if(!backend->cred) { + char *snihost; result = schannel_acquire_credential_handle(data, conn, sockindex); if(result != CURLE_OK) { return result; } + /* A hostname associated with the credential is needed by + InitializeSecurityContext for SNI and other reasons. */ + snihost = Curl_ssl_snihost(data, SSL_HOST_NAME(), NULL); + if(!snihost) { + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } + backend->cred->sni_hostname = curlx_convert_UTF8_to_tchar(snihost); + if(!backend->cred->sni_hostname) + return CURLE_OUT_OF_MEMORY; } /* Warn if SNI is disabled due to use of an IP address */ @@ -936,10 +953,6 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn, return CURLE_OUT_OF_MEMORY; } - host_name = curlx_convert_UTF8_to_tchar(hostname); - if(!host_name) - return CURLE_OUT_OF_MEMORY; - /* Schannel InitializeSecurityContext: https://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx @@ -948,13 +961,12 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn, us problems with inbuf regardless. https://github.com/curl/curl/issues/983 */ sspi_status = s_pSecFn->InitializeSecurityContext( - &backend->cred->cred_handle, NULL, host_name, backend->req_flags, 0, 0, + &backend->cred->cred_handle, NULL, backend->cred->sni_hostname, + backend->req_flags, 0, 0, (backend->use_alpn ? &inbuf_desc : NULL), 0, &backend->ctxt->ctxt_handle, &outbuf_desc, &backend->ret_flags, &backend->ctxt->time_stamp); - curlx_unicodefree(host_name); - if(sspi_status != SEC_I_CONTINUE_NEEDED) { char buffer[STRERROR_LEN]; Curl_safefree(backend->ctxt); @@ -1027,15 +1039,16 @@ schannel_connect_step2(struct Curl_easy *data, struct connectdata *conn, SECURITY_STATUS sspi_status = SEC_E_OK; CURLcode result; bool doread; - char * const hostname = SSL_HOST_NAME(); const char *pubkey_ptr; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + doread = (connssl->connecting_state != ssl_connect_2_writing) ? TRUE : FALSE; DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %hu (step 2/3)", - hostname, conn->remote_port)); + SSL_HOST_NAME(), conn->remote_port)); if(!backend->cred || !backend->ctxt) return CURLE_SSL_CONNECT_ERROR; @@ -1083,7 +1096,6 @@ schannel_connect_step2(struct Curl_easy *data, struct connectdata *conn, } for(;;) { - TCHAR *host_name; if(doread) { /* read encrypted handshake data from socket */ result = Curl_read_plain(conn->sock[sockindex], @@ -1136,17 +1148,12 @@ schannel_connect_step2(struct Curl_easy *data, struct connectdata *conn, memcpy(inbuf[0].pvBuffer, backend->encdata_buffer, backend->encdata_offset); - host_name = curlx_convert_UTF8_to_tchar(hostname); - if(!host_name) - return CURLE_OUT_OF_MEMORY; - sspi_status = s_pSecFn->InitializeSecurityContext( &backend->cred->cred_handle, &backend->ctxt->ctxt_handle, - host_name, backend->req_flags, 0, 0, &inbuf_desc, 0, NULL, + backend->cred->sni_hostname, backend->req_flags, + 0, 0, &inbuf_desc, 0, NULL, &outbuf_desc, &backend->ret_flags, &backend->ctxt->time_stamp); - curlx_unicodefree(host_name); - /* free buffer for received handshake data */ Curl_safefree(inbuf[0].pvBuffer); @@ -1370,6 +1377,7 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn, struct ssl_backend_data *backend = connssl->backend; DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); + DEBUGASSERT(backend); DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %hu (step 3/3)", @@ -1610,6 +1618,7 @@ schannel_connect_common(struct Curl_easy *data, struct connectdata *conn, */ { struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); conn->sslContext = &backend->ctxt->ctxt_handle; } #endif @@ -1640,6 +1649,8 @@ schannel_send(struct Curl_easy *data, int sockindex, CURLcode result; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + /* check if the maximum stream sizes were queried */ if(backend->stream_sizes.cbMaximumMessage == 0) { sspi_status = s_pSecFn->QueryContextAttributes( @@ -1788,6 +1799,8 @@ schannel_recv(struct Curl_easy *data, int sockindex, size_t min_encdata_length = len + CURL_SCHANNEL_BUFFER_FREE_SIZE; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + /**************************************************************************** * Don't return or set backend->recv_unrecoverable_err unless in the cleanup. * The pattern for return error is set *err, optional infof, goto cleanup. @@ -2122,6 +2135,8 @@ static bool schannel_data_pending(const struct connectdata *conn, const struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + if(connssl->use) /* SSL/TLS is in use */ return (backend->decdata_offset > 0 || (backend->encdata_offset > 0 && !backend->encdata_is_incomplete)); @@ -2138,6 +2153,7 @@ static void schannel_session_free(void *ptr) cred->refcount--; if(cred->refcount == 0) { s_pSecFn->FreeCredentialsHandle(&cred->cred_handle); + curlx_unicodefree(cred->sni_hostname); Curl_safefree(cred); } } @@ -2157,6 +2173,7 @@ static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn, struct ssl_backend_data *backend = connssl->backend; DEBUGASSERT(data); + DEBUGASSERT(backend); if(connssl->use) { infof(data, "schannel: shutting down SSL/TLS connection with %s port %hu", @@ -2170,7 +2187,6 @@ static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn, SecBuffer outbuf; SecBufferDesc outbuf_desc; CURLcode result; - TCHAR *host_name; DWORD dwshut = SCHANNEL_SHUTDOWN; InitSecBuffer(&Buffer, SECBUFFER_TOKEN, &dwshut, sizeof(dwshut)); @@ -2185,10 +2201,6 @@ static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn, Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); } - host_name = curlx_convert_UTF8_to_tchar(hostname); - if(!host_name) - return CURLE_OUT_OF_MEMORY; - /* setup output buffer */ InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0); InitSecBufferDesc(&outbuf_desc, &outbuf, 1); @@ -2196,7 +2208,7 @@ static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn, sspi_status = s_pSecFn->InitializeSecurityContext( &backend->cred->cred_handle, &backend->ctxt->ctxt_handle, - host_name, + backend->cred->sni_hostname, backend->req_flags, 0, 0, @@ -2207,8 +2219,6 @@ static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn, &backend->ret_flags, &backend->ctxt->time_stamp); - curlx_unicodefree(host_name); - if((sspi_status == SEC_E_OK) || (sspi_status == SEC_I_CONTEXT_EXPIRED)) { /* send close message which is in output buffer */ ssize_t written; @@ -2314,6 +2324,8 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, /* Result is returned to caller */ CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; + DEBUGASSERT(backend); + /* if a path wasn't specified, don't pin */ if(!pinnedpubkey) return CURLE_OK; @@ -2434,6 +2446,7 @@ static void *schannel_get_internals(struct ssl_connect_data *connssl, { struct ssl_backend_data *backend = connssl->backend; (void)info; + DEBUGASSERT(backend); return &backend->ctxt->ctxt_handle; } diff --git a/contrib/libs/curl/lib/vtls/schannel.h b/contrib/libs/curl/lib/vtls/schannel.h index 77853aa30f..da60702771 100644 --- a/contrib/libs/curl/lib/vtls/schannel.h +++ b/contrib/libs/curl/lib/vtls/schannel.h @@ -8,7 +8,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2012, Marc Hoersken, <info@marc-hoersken.de>, et al. - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -71,11 +71,10 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data, #endif #endif -#define NUMOF_CIPHERS 45 /* There are 45 listed in the MS headers */ - struct Curl_schannel_cred { CredHandle cred_handle; TimeStamp time_stamp; + TCHAR *sni_hostname; int refcount; }; @@ -104,7 +103,6 @@ struct ssl_backend_data { #ifdef HAS_MANUAL_VERIFY_API bool use_manual_cred_validation; /* true if manual cred validation is used */ #endif - ALG_ID algIds[NUMOF_CIPHERS]; }; #endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */ diff --git a/contrib/libs/curl/lib/vtls/schannel_verify.c b/contrib/libs/curl/lib/vtls/schannel_verify.c index 4966cd4945..202a814cd9 100644 --- a/contrib/libs/curl/lib/vtls/schannel_verify.c +++ b/contrib/libs/curl/lib/vtls/schannel_verify.c @@ -7,7 +7,7 @@ * * Copyright (C) 2012 - 2016, Marc Hoersken, <info@marc-hoersken.de> * Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com> - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -465,6 +465,7 @@ static CURLcode verify_host(struct Curl_easy *data, CURLcode result = CURLE_PEER_FAILED_VERIFICATION; TCHAR *cert_hostname_buff = NULL; size_t cert_hostname_buff_index = 0; + size_t hostlen = strlen(conn_hostname); DWORD len = 0; DWORD actual_len = 0; @@ -520,10 +521,8 @@ static CURLcode verify_host(struct Curl_easy *data, result = CURLE_OUT_OF_MEMORY; } else { - int match_result; - - match_result = Curl_cert_hostcheck(cert_hostname, conn_hostname); - if(match_result == CURL_HOST_MATCH) { + if(Curl_cert_hostcheck(cert_hostname, strlen(cert_hostname), + conn_hostname, hostlen)) { infof(data, "schannel: connection hostname (%s) validated " "against certificate name (%s)", @@ -577,6 +576,8 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data, HCERTSTORE trust_store = NULL; const char * const conn_hostname = SSL_HOST_NAME(); + DEBUGASSERT(BACKEND); + sspi_status = s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, SECPKG_ATTR_REMOTE_CERT_CONTEXT, diff --git a/contrib/libs/curl/lib/vtls/sectransp.c b/contrib/libs/curl/lib/vtls/sectransp.c index f7a20b20b1..b2e1727278 100644 --- a/contrib/libs/curl/lib/vtls/sectransp.c +++ b/contrib/libs/curl/lib/vtls/sectransp.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2012 - 2017, Nick Zitzmann, <nickzman@gmail.com>. * * This software is licensed as described in the file COPYING, which @@ -603,7 +603,7 @@ const static struct st_cipher ciphertable[] = { CIPHER_WEAK_RC_ENCRYPTION), CIPHER_DEF(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC003 */ "ECDH-ECDSA-DES-CBC3-SHA", - CIPHER_STRONG_ENOUGH), + CIPHER_WEAK_3DES_ENCRYPTION), CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC004 */ "ECDH-ECDSA-AES128-SHA", CIPHER_STRONG_ENOUGH), @@ -837,12 +837,14 @@ static OSStatus SocketRead(SSLConnectionRef connection, /*int sock = *(int *)connection;*/ struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection; struct ssl_backend_data *backend = connssl->backend; - int sock = backend->ssl_sockfd; + int sock; OSStatus rtn = noErr; size_t bytesRead; ssize_t rrtn; int theErr; + DEBUGASSERT(backend); + sock = backend->ssl_sockfd; *dataLength = 0; for(;;) { @@ -898,13 +900,15 @@ static OSStatus SocketWrite(SSLConnectionRef connection, /*int sock = *(int *)connection;*/ struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection; struct ssl_backend_data *backend = connssl->backend; - int sock = backend->ssl_sockfd; + int sock; ssize_t length; size_t dataLen = *dataLength; const UInt8 *dataPtr = (UInt8 *)data; OSStatus ortn; int theErr; + DEBUGASSERT(backend); + sock = backend->ssl_sockfd; *dataLength = 0; do { @@ -1376,6 +1380,8 @@ set_ssl_version_min_max(struct Curl_easy *data, struct connectdata *conn, long ssl_version_max = SSL_CONN_CONFIG(version_max); long max_supported_version_by_os; + DEBUGASSERT(backend); + /* macOS 10.5-10.7 supported TLS 1.0 only. macOS 10.8 and later, and iOS 5 and later, added TLS 1.1 and 1.2. macOS 10.13 and later, and iOS 11 and later, added TLS 1.3. */ @@ -1684,6 +1690,8 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data, #if CURL_BUILD_MAC int darwinver_maj = 0, darwinver_min = 0; + DEBUGASSERT(backend); + GetDarwinVersionNumber(&darwinver_maj, &darwinver_min); #endif /* CURL_BUILD_MAC */ @@ -2028,8 +2036,13 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data, * Both hostname check and SNI require SSLSetPeerDomainName(). * Also: the verifyhost setting influences SNI usage */ if(conn->ssl_config.verifyhost) { - err = SSLSetPeerDomainName(backend->ssl_ctx, hostname, - strlen(hostname)); + size_t snilen; + char *snihost = Curl_ssl_snihost(data, hostname, &snilen); + if(!snihost) { + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } + err = SSLSetPeerDomainName(backend->ssl_ctx, snihost, snilen); if(err != noErr) { infof(data, "WARNING: SSL: SSLSetPeerDomainName() failed: OSStatus %d", @@ -2542,6 +2555,7 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn, DEBUGASSERT(ssl_connect_2 == connssl->connecting_state || ssl_connect_2_reading == connssl->connecting_state || ssl_connect_2_writing == connssl->connecting_state); + DEBUGASSERT(backend); /* Here goes nothing: */ err = SSLHandshake(backend->ssl_ctx); @@ -2918,6 +2932,8 @@ collect_server_cert(struct Curl_easy *data, CFIndex i, count; SecTrustRef trust = NULL; + DEBUGASSERT(backend); + if(!show_verbose_server_cert && !data->set.ssl.certinfo) return CURLE_OK; @@ -3162,6 +3178,8 @@ static void sectransp_close(struct Curl_easy *data, struct connectdata *conn, (void) data; + DEBUGASSERT(backend); + if(backend->ssl_ctx) { (void)SSLClose(backend->ssl_ctx); #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS @@ -3190,6 +3208,8 @@ static int sectransp_shutdown(struct Curl_easy *data, char buf[120]; int loop = 10; /* avoid getting stuck */ + DEBUGASSERT(backend); + if(!backend->ssl_ctx) return 0; @@ -3269,6 +3289,8 @@ static int sectransp_check_cxn(struct connectdata *conn) OSStatus err; SSLSessionState state; + DEBUGASSERT(backend); + if(backend->ssl_ctx) { err = SSLGetSessionState(backend->ssl_ctx, &state); if(err == noErr) @@ -3286,6 +3308,8 @@ static bool sectransp_data_pending(const struct connectdata *conn, OSStatus err; size_t buffer; + DEBUGASSERT(backend); + if(backend->ssl_ctx) { /* SSL is in use */ err = SSLGetBufferedReadSize(backend->ssl_ctx, &buffer); if(err == noErr) @@ -3347,6 +3371,8 @@ static ssize_t sectransp_send(struct Curl_easy *data, size_t processed = 0UL; OSStatus err; + DEBUGASSERT(backend); + /* The SSLWrite() function works a little differently than expected. The fourth argument (processed) is currently documented in Apple's documentation as: "On return, the length, in bytes, of the data actually @@ -3414,6 +3440,8 @@ static ssize_t sectransp_recv(struct Curl_easy *data, size_t processed = 0UL; OSStatus err; + DEBUGASSERT(backend); + again: err = SSLRead(backend->ssl_ctx, buf, buffersize, &processed); @@ -3463,6 +3491,7 @@ static void *sectransp_get_internals(struct ssl_connect_data *connssl, { struct ssl_backend_data *backend = connssl->backend; (void)info; + DEBUGASSERT(backend); return backend->ssl_ctx; } diff --git a/contrib/libs/curl/lib/vtls/vtls.c b/contrib/libs/curl/lib/vtls/vtls.c index 6007bbba0f..03b85ba065 100644 --- a/contrib/libs/curl/lib/vtls/vtls.c +++ b/contrib/libs/curl/lib/vtls/vtls.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -300,6 +300,8 @@ ssl_connect_init_proxy(struct connectdata *conn, int sockindex) pbdata = conn->proxy_ssl[sockindex].backend; conn->proxy_ssl[sockindex] = conn->ssl[sockindex]; + DEBUGASSERT(pbdata != NULL); + memset(&conn->ssl[sockindex], 0, sizeof(conn->ssl[sockindex])); memset(pbdata, 0, Curl_ssl->sizeof_ssl_backend_data); @@ -628,7 +630,8 @@ void Curl_ssl_associate_conn(struct Curl_easy *data, { if(Curl_ssl->associate_connection) { Curl_ssl->associate_connection(data, conn, FIRSTSOCKET); - if(conn->sock[SECONDARYSOCKET] && conn->bits.sock_accepted) + if((conn->sock[SECONDARYSOCKET] != CURL_SOCKET_BAD) && + conn->bits.sock_accepted) Curl_ssl->associate_connection(data, conn, SECONDARYSOCKET); } } @@ -638,7 +641,8 @@ void Curl_ssl_detach_conn(struct Curl_easy *data, { if(Curl_ssl->disassociate_connection) { Curl_ssl->disassociate_connection(data, FIRSTSOCKET); - if(conn->sock[SECONDARYSOCKET] && conn->bits.sock_accepted) + if((conn->sock[SECONDARYSOCKET] != CURL_SOCKET_BAD) && + conn->bits.sock_accepted) Curl_ssl->disassociate_connection(data, SECONDARYSOCKET); } } @@ -872,6 +876,32 @@ CURLcode Curl_ssl_random(struct Curl_easy *data, } /* + * Curl_ssl_snihost() converts the input host name to a suitable SNI name put + * in data->state.buffer. Returns a pointer to the name (or NULL if a problem) + * and stores the new length in 'olen'. + * + * SNI fields must not have any trailing dot and while RFC 6066 section 3 says + * the SNI field is case insensitive, browsers always send the data lowercase + * and subsequently there are numerous servers out there that don't work + * unless the name is lowercased. + */ + +char *Curl_ssl_snihost(struct Curl_easy *data, const char *host, size_t *olen) +{ + size_t len = strlen(host); + if(len && (host[len-1] == '.')) + len--; + if((long)len >= data->set.buffer_size) + return NULL; + + Curl_strntolower(data->state.buffer, host, len); + data->state.buffer[len] = 0; + if(olen) + *olen = len; + return data->state.buffer; +} + +/* * Public key pem to der conversion */ @@ -969,7 +999,7 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, if(encode != CURLE_OK) return encode; - encode = Curl_base64_encode(data, (char *)sha256sumdigest, + encode = Curl_base64_encode((char *)sha256sumdigest, CURL_SHA256_DIGEST_LENGTH, &encoded, &encodedlen); Curl_safefree(sha256sumdigest); @@ -1296,8 +1326,6 @@ const struct Curl_ssl *Curl_ssl = &Curl_ssl_openssl; #elif defined(USE_SCHANNEL) &Curl_ssl_schannel; -#elif defined(USE_MESALINK) - &Curl_ssl_mesalink; #elif defined(USE_BEARSSL) &Curl_ssl_bearssl; #else @@ -1329,9 +1357,6 @@ static const struct Curl_ssl *available_backends[] = { #if defined(USE_SCHANNEL) &Curl_ssl_schannel, #endif -#if defined(USE_MESALINK) - &Curl_ssl_mesalink, -#endif #if defined(USE_BEARSSL) &Curl_ssl_bearssl, #endif diff --git a/contrib/libs/curl/lib/vtls/vtls.h b/contrib/libs/curl/lib/vtls/vtls.h index c7bbba082d..af3b8d3c94 100644 --- a/contrib/libs/curl/lib/vtls/vtls.h +++ b/contrib/libs/curl/lib/vtls/vtls.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -85,7 +85,7 @@ struct Curl_ssl { CURLcode (*sha256sum)(const unsigned char *input, size_t inputlen, unsigned char *sha256sum, size_t sha256sumlen); - void (*associate_connection)(struct Curl_easy *data, + bool (*associate_connection)(struct Curl_easy *data, struct connectdata *conn, int sockindex); void (*disassociate_connection)(struct Curl_easy *data, int sockindex); @@ -120,7 +120,6 @@ bool Curl_ssl_tls13_ciphersuites(void); #include "schannel.h" /* Schannel SSPI version */ #include "sectransp.h" /* SecureTransport (Darwin) version */ #include "mbedtls.h" /* mbedTLS versions */ -#include "mesalink.h" /* MesaLink versions */ #include "bearssl.h" /* BearSSL versions */ #include "rustls.h" /* rustls versions */ @@ -173,6 +172,7 @@ bool Curl_ssl_tls13_ciphersuites(void); data->set.str[STRING_SSL_PINNEDPUBLICKEY] #endif +char *Curl_ssl_snihost(struct Curl_easy *data, const char *host, size_t *olen); bool Curl_ssl_config_matches(struct ssl_primary_config *data, struct ssl_primary_config *needle); bool Curl_clone_primary_ssl_config(struct ssl_primary_config *source, diff --git a/contrib/libs/curl/lib/vtls/wolfssl.c b/contrib/libs/curl/lib/vtls/wolfssl.c index 242f193bc0..f1f786ffb6 100644 --- a/contrib/libs/curl/lib/vtls/wolfssl.c +++ b/contrib/libs/curl/lib/vtls/wolfssl.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -263,6 +263,8 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, #define use_sni(x) Curl_nop_stmt #endif + DEBUGASSERT(backend); + if(connssl->state == ssl_connection_complete) return CURLE_OK; @@ -462,12 +464,17 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, if((hostname_len < USHRT_MAX) && (0 == Curl_inet_pton(AF_INET, hostname, &addr4)) && #ifdef ENABLE_IPV6 - (0 == Curl_inet_pton(AF_INET6, hostname, &addr6)) && + (0 == Curl_inet_pton(AF_INET6, hostname, &addr6)) #endif - (wolfSSL_CTX_UseSNI(backend->ctx, WOLFSSL_SNI_HOST_NAME, hostname, - (unsigned short)hostname_len) != 1)) { - infof(data, "WARNING: failed to configure server name indication (SNI) " - "TLS extension"); + ) { + size_t snilen; + char *snihost = Curl_ssl_snihost(data, hostname, &snilen); + if(!snihost || + wolfSSL_CTX_UseSNI(backend->ctx, WOLFSSL_SNI_HOST_NAME, snihost, + (unsigned short)snilen) != 1) { + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } } } #endif @@ -590,10 +597,11 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn, int ret = -1; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; - const char * const hostname = SSL_HOST_NAME(); const char * const dispname = SSL_HOST_DISPNAME(); const char * const pinnedpubkey = SSL_PINNED_PUB_KEY(); + DEBUGASSERT(backend); + ERR_clear_error(); conn->recv[sockindex] = wolfssl_recv; @@ -601,9 +609,10 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn, /* Enable RFC2818 checks */ if(SSL_CONN_CONFIG(verifyhost)) { - ret = wolfSSL_check_domain_name(backend->handle, hostname); - if(ret == SSL_FAILURE) - return CURLE_OUT_OF_MEMORY; + char *snihost = Curl_ssl_snihost(data, SSL_HOST_NAME(), NULL); + if(!snihost || + (wolfSSL_check_domain_name(backend->handle, snihost) == SSL_FAILURE)) + return CURLE_SSL_CONNECT_ERROR; } ret = SSL_connect(backend->handle); @@ -797,6 +806,7 @@ wolfssl_connect_step3(struct Curl_easy *data, struct connectdata *conn, struct ssl_backend_data *backend = connssl->backend; DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); + DEBUGASSERT(backend); if(SSL_SET_OPTION(primary.sessionid)) { bool incache; @@ -848,6 +858,8 @@ static ssize_t wolfssl_send(struct Curl_easy *data, int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; int rc; + DEBUGASSERT(backend); + ERR_clear_error(); rc = SSL_write(backend->handle, mem, memlen); @@ -880,6 +892,8 @@ static void wolfssl_close(struct Curl_easy *data, struct connectdata *conn, (void) data; + DEBUGASSERT(backend); + if(backend->handle) { char buf[32]; /* Maybe the server has already sent a close notify alert. @@ -908,17 +922,22 @@ static ssize_t wolfssl_recv(struct Curl_easy *data, int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; int nread; + DEBUGASSERT(backend); + ERR_clear_error(); nread = SSL_read(backend->handle, buf, buffsize); - if(nread < 0) { + if(nread <= 0) { int err = SSL_get_error(backend->handle, nread); switch(err) { case SSL_ERROR_ZERO_RETURN: /* no more data */ break; + case SSL_ERROR_NONE: + /* FALLTHROUGH */ case SSL_ERROR_WANT_READ: + /* FALLTHROUGH */ case SSL_ERROR_WANT_WRITE: /* there's data pending, re-invoke SSL_read() */ *curlcode = CURLE_AGAIN; @@ -974,6 +993,7 @@ static bool wolfssl_data_pending(const struct connectdata *conn, { const struct ssl_connect_data *connssl = &conn->ssl[connindex]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); if(backend->handle) /* SSL is in use */ return (0 != SSL_pending(backend->handle)) ? TRUE : FALSE; else @@ -994,6 +1014,8 @@ static int wolfssl_shutdown(struct Curl_easy *data, struct connectdata *conn, (void) data; + DEBUGASSERT(backend); + if(backend->handle) { ERR_clear_error(); SSL_free(backend->handle); @@ -1173,6 +1195,7 @@ static void *wolfssl_get_internals(struct ssl_connect_data *connssl, { struct ssl_backend_data *backend = connssl->backend; (void)info; + DEBUGASSERT(backend); return backend->handle; } diff --git a/contrib/libs/curl/lib/x509asn1.c b/contrib/libs/curl/lib/vtls/x509asn1.c index 0341543a2b..f64acb83c9 100644 --- a/contrib/libs/curl/lib/x509asn1.c +++ b/contrib/libs/curl/lib/vtls/x509asn1.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,8 +22,23 @@ #include "curl_setup.h" -#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \ - defined(USE_WOLFSSL) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) +#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \ + defined(USE_WOLFSSL) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) + +#if defined(USE_GSKIT) || defined(USE_WOLFSSL) || defined(USE_SCHANNEL) +#define WANT_PARSEX509 /* uses Curl_parseX509() */ +#endif + +#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \ + defined(USE_SCHANNEL) || defined(USE_SECTRANSP) +#define WANT_EXTRACT_CERTINFO /* uses Curl_extract_certinfo() */ +#define WANT_PARSEX509 /* ... uses Curl_parseX509() */ +#endif + +#if defined(USE_GSKIT) +#define WANT_VERIFYHOST /* uses Curl_verifyhost () */ +#define WANT_PARSEX509 /* ... uses Curl_parseX509() */ +#endif #include <curl/curl.h> #include "urldata.h" @@ -41,6 +56,56 @@ #include "curl_memory.h" #include "memdebug.h" +/* + * Constants. + */ + +/* Largest supported ASN.1 structure. */ +#define CURL_ASN1_MAX ((size_t) 0x40000) /* 256K */ + +/* ASN.1 classes. */ +#define CURL_ASN1_UNIVERSAL 0 +#define CURL_ASN1_APPLICATION 1 +#define CURL_ASN1_CONTEXT_SPECIFIC 2 +#define CURL_ASN1_PRIVATE 3 + +/* ASN.1 types. */ +#define CURL_ASN1_BOOLEAN 1 +#define CURL_ASN1_INTEGER 2 +#define CURL_ASN1_BIT_STRING 3 +#define CURL_ASN1_OCTET_STRING 4 +#define CURL_ASN1_NULL 5 +#define CURL_ASN1_OBJECT_IDENTIFIER 6 +#define CURL_ASN1_OBJECT_DESCRIPTOR 7 +#define CURL_ASN1_INSTANCE_OF 8 +#define CURL_ASN1_REAL 9 +#define CURL_ASN1_ENUMERATED 10 +#define CURL_ASN1_EMBEDDED 11 +#define CURL_ASN1_UTF8_STRING 12 +#define CURL_ASN1_RELATIVE_OID 13 +#define CURL_ASN1_SEQUENCE 16 +#define CURL_ASN1_SET 17 +#define CURL_ASN1_NUMERIC_STRING 18 +#define CURL_ASN1_PRINTABLE_STRING 19 +#define CURL_ASN1_TELETEX_STRING 20 +#define CURL_ASN1_VIDEOTEX_STRING 21 +#define CURL_ASN1_IA5_STRING 22 +#define CURL_ASN1_UTC_TIME 23 +#define CURL_ASN1_GENERALIZED_TIME 24 +#define CURL_ASN1_GRAPHIC_STRING 25 +#define CURL_ASN1_VISIBLE_STRING 26 +#define CURL_ASN1_GENERAL_STRING 27 +#define CURL_ASN1_UNIVERSAL_STRING 28 +#define CURL_ASN1_CHARACTER_STRING 29 +#define CURL_ASN1_BMP_STRING 30 + +#ifdef WANT_EXTRACT_CERTINFO +/* ASN.1 OID table entry. */ +struct Curl_OID { + const char *numoid; /* Dotted-numeric OID. */ + const char *textoid; /* OID name. */ +}; + /* ASN.1 OIDs. */ static const char cnOID[] = "2.5.4.3"; /* Common name. */ static const char sanOID[] = "2.5.29.17"; /* Subject alternative name. */ @@ -95,6 +160,8 @@ static const struct Curl_OID OIDtable[] = { { (const char *) NULL, (const char *) NULL } }; +#endif /* WANT_EXTRACT_CERTINFO */ + /* * Lightweight ASN.1 parser. * In particular, it does not check for syntactic/lexical errors. @@ -173,6 +240,8 @@ static const char *getASN1Element(struct Curl_asn1Element *elem, return elem->end; } +#ifdef WANT_EXTRACT_CERTINFO + /* * Search the null terminated OID or OID identifier in local table. * Return the table entry pointer or NULL if not found. @@ -683,28 +752,9 @@ static ssize_t encodeDN(char *buf, size_t buflen, struct Curl_asn1Element *dn) return l; } -/* - * Convert an ASN.1 distinguished name into a printable string. - * Return the dynamically allocated string, or NULL if an error occurs. - */ -static const char *DNtostr(struct Curl_asn1Element *dn) -{ - char *buf = NULL; - ssize_t buflen = encodeDN(NULL, 0, dn); - - if(buflen >= 0) { - buf = malloc(buflen + 1); - if(buf) { - if(encodeDN(buf, buflen + 1, dn) == -1) { - free(buf); - return NULL; - } - buf[buflen] = '\0'; - } - } - return buf; -} +#endif /* WANT_EXTRACT_CERTINFO */ +#ifdef WANT_PARSEX509 /* * ASN.1 parse an X509 certificate into structure subfields. * Syntax is assumed to have already been checked by the SSL backend. @@ -824,6 +874,9 @@ int Curl_parseX509(struct Curl_X509certificate *cert, return 0; } +#endif /* WANT_PARSEX509 */ + +#ifdef WANT_EXTRACT_CERTINFO /* * Copy at most 64-characters, terminate with a newline and returns the @@ -969,6 +1022,28 @@ static int do_pubkey(struct Curl_easy *data, int certnum, return 0; } +/* + * Convert an ASN.1 distinguished name into a printable string. + * Return the dynamically allocated string, or NULL if an error occurs. + */ +static const char *DNtostr(struct Curl_asn1Element *dn) +{ + char *buf = NULL; + ssize_t buflen = encodeDN(NULL, 0, dn); + + if(buflen >= 0) { + buf = malloc(buflen + 1); + if(buf) { + if(encodeDN(buf, buflen + 1, dn) == -1) { + free(buf); + return NULL; + } + buf[buflen] = '\0'; + } + } + return buf; +} + CURLcode Curl_extract_certinfo(struct Curl_easy *data, int certnum, const char *beg, @@ -1119,7 +1194,7 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, return result; /* Generate PEM certificate. */ - result = Curl_base64_encode(data, cert.certificate.beg, + result = Curl_base64_encode(cert.certificate.beg, cert.certificate.end - cert.certificate.beg, &cp1, &cl1); if(result) @@ -1153,10 +1228,12 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, return result; } +#endif /* WANT_EXTRACT_CERTINFO */ + #endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL * or USE_SECTRANSP */ -#if defined(USE_GSKIT) +#ifdef WANT_VERIFYHOST static const char *checkOID(const char *beg, const char *end, const char *oid) @@ -1198,6 +1275,7 @@ CURLcode Curl_verifyhost(struct Curl_easy *data, struct connectdata *conn, ssize_t len; const char * const hostname = SSL_HOST_NAME(); const char * const dispname = SSL_HOST_DISPNAME(); + size_t hostlen = strlen(hostname); #ifdef ENABLE_IPV6 struct in6_addr addr; #else @@ -1253,7 +1331,8 @@ CURLcode Curl_verifyhost(struct Curl_easy *data, struct connectdata *conn, len = utf8asn1str(&dnsname, CURL_ASN1_IA5_STRING, name.beg, name.end); if(len > 0 && (size_t)len == strlen(dnsname)) - matched = Curl_cert_hostcheck(dnsname, hostname); + matched = Curl_cert_hostcheck(dnsname, + (size_t)len, hostname, hostlen); else matched = 0; free(dnsname); @@ -1312,7 +1391,8 @@ CURLcode Curl_verifyhost(struct Curl_easy *data, struct connectdata *conn, } if(strlen(dnsname) != (size_t) len) /* Nul byte in string ? */ failf(data, "SSL: illegal cert name field"); - else if(Curl_cert_hostcheck((const char *) dnsname, hostname)) { + else if(Curl_cert_hostcheck((const char *) dnsname, + len, hostname, hostlen)) { infof(data, " common name: %s (matched)", dnsname); free(dnsname); return CURLE_OK; @@ -1326,4 +1406,4 @@ CURLcode Curl_verifyhost(struct Curl_easy *data, struct connectdata *conn, return CURLE_PEER_FAILED_VERIFICATION; } -#endif /* USE_GSKIT */ +#endif /* WANT_VERIFYHOST */ diff --git a/contrib/libs/curl/lib/x509asn1.h b/contrib/libs/curl/lib/vtls/x509asn1.h index 3b51eeef8d..db7df0ef12 100644 --- a/contrib/libs/curl/lib/x509asn1.h +++ b/contrib/libs/curl/lib/vtls/x509asn1.h @@ -8,7 +8,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -31,50 +31,6 @@ #include "urldata.h" /* - * Constants. - */ - -/* Largest supported ASN.1 structure. */ -#define CURL_ASN1_MAX ((size_t) 0x40000) /* 256K */ - -/* ASN.1 classes. */ -#define CURL_ASN1_UNIVERSAL 0 -#define CURL_ASN1_APPLICATION 1 -#define CURL_ASN1_CONTEXT_SPECIFIC 2 -#define CURL_ASN1_PRIVATE 3 - -/* ASN.1 types. */ -#define CURL_ASN1_BOOLEAN 1 -#define CURL_ASN1_INTEGER 2 -#define CURL_ASN1_BIT_STRING 3 -#define CURL_ASN1_OCTET_STRING 4 -#define CURL_ASN1_NULL 5 -#define CURL_ASN1_OBJECT_IDENTIFIER 6 -#define CURL_ASN1_OBJECT_DESCRIPTOR 7 -#define CURL_ASN1_INSTANCE_OF 8 -#define CURL_ASN1_REAL 9 -#define CURL_ASN1_ENUMERATED 10 -#define CURL_ASN1_EMBEDDED 11 -#define CURL_ASN1_UTF8_STRING 12 -#define CURL_ASN1_RELATIVE_OID 13 -#define CURL_ASN1_SEQUENCE 16 -#define CURL_ASN1_SET 17 -#define CURL_ASN1_NUMERIC_STRING 18 -#define CURL_ASN1_PRINTABLE_STRING 19 -#define CURL_ASN1_TELETEX_STRING 20 -#define CURL_ASN1_VIDEOTEX_STRING 21 -#define CURL_ASN1_IA5_STRING 22 -#define CURL_ASN1_UTC_TIME 23 -#define CURL_ASN1_GENERALIZED_TIME 24 -#define CURL_ASN1_GRAPHIC_STRING 25 -#define CURL_ASN1_VISIBLE_STRING 26 -#define CURL_ASN1_GENERAL_STRING 27 -#define CURL_ASN1_UNIVERSAL_STRING 28 -#define CURL_ASN1_CHARACTER_STRING 29 -#define CURL_ASN1_BMP_STRING 30 - - -/* * Types. */ @@ -88,14 +44,6 @@ struct Curl_asn1Element { bool constructed; /* Element is constructed. */ }; - -/* ASN.1 OID table entry. */ -struct Curl_OID { - const char *numoid; /* Dotted-numeric OID. */ - const char *textoid; /* OID name. */ -}; - - /* X509 certificate: RFC 5280. */ struct Curl_X509certificate { struct Curl_asn1Element certificate; @@ -119,10 +67,6 @@ struct Curl_X509certificate { * Prototypes. */ -const char *Curl_getASN1Element(struct Curl_asn1Element *elem, - const char *beg, const char *end); -const char *Curl_ASN1tostr(struct Curl_asn1Element *elem, int type); -const char *Curl_DNtostr(struct Curl_asn1Element *dn); int Curl_parseX509(struct Curl_X509certificate *cert, const char *beg, const char *end); CURLcode Curl_extract_certinfo(struct Curl_easy *data, int certnum, |