RFC 7616 (and 2617) requires values to be "unquoted" before used for
digest calculations. The only place where unquoting can be done
correctly is header parsing function (realm="DOMAIN\\host" and
realm=DOMAN\\host are different realms).
This commit adds unquoting (de-escaping) of all values during header
parsing and quoting of the values during header forming. This approach
should be most straightforward and easy to read/maintain as all values
are processed in the same way as required by RFC.
Closes#8912
Enable Linux GSO in ngtcp2 QUIC. In order to recover from the
EAGAIN/EWOULDBLOCK by sendmsg with multiple packets in one GSO write,
packet buffer is now held by struct quicsocket. GSO write might fail in
runtime depending on NIC. Disable GSO if sendmsg returns EIO.
Closes#8909
As that would indicate an illegal header. The fuzzer reached the assert
in unfold_value() proving that this case can happen.
Follow-up to c9b60f0053Closes#8939
The .netrc parser now accepts strings within double-quotes in order to
deal with for example passwords containing white space - which
previously was not possible.
A password that starts with a double-quote also ends with one, and
double-quotes themselves are escaped with backslashes, like \". It also
supports \n, \r and \t for newline, carriage return and tabs
respectively.
If the password does not start with a double quote, it will end at first
white space and no escaping is performed.
WARNING: this change is not entirely backwards compatible. If anyone
previously used a double-quote as the first letter of their password,
the parser will now get it differently compared to before. This is
highly unfortunate but hard to avoid.
Reported-by: ImpatientHippo on GitHub
Fixes#8908Closes#8937
Folded header lines will now get passed through like before. The headers
API is adapted and will provide the content unfolded.
Added test 1274 and extended test 1940 to verify.
Reported-by: Petr Pisar
Fixes#8844Closes#8899
- `-D_AMD64_` has not been necessary for mingw-w64 builds for a long time now.
- `-fno-strict-aliasing` is mentioned for Intel C compiler in autotools, and
I used this with VxWorks in another project, but otherwise this isn't
necessary anymore as a default. If a target still needs it, it can be
added with `CURL_CFLAG_EXTRAS=-fno-strict-aliasing`
- bump up default optimization level to `-O3` (from `-O2`), and also rearrange
option order so the default can now be overridden via
`CURL_CFLAG_EXTRAS`.
- delete `-g` (generate debug info) from `CFLAGS` and `-s` from `LDFLAGS`
(strip debug info). They were working against each other. Now, if someone
needs debug info, it can be enabled via `CURL_CFLAG_EXTRAS=-g`
Closes#8904
The UNITTEST macro is defined by curl_setup.h so there is no use in
carry a local copy of the logic.
Closes: #8902
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Commit 709ae2454f added a fake hostname to avoid leaking the local
hostname, but omitted copying it to the host buffer. Fix by copying
and adjust the test fallout.
Closes: #8895Fixes: #8893
Reported-by: Patrick Monnerat <patrick@monnerat.net>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Allow curl to send larger UDP datagram if Path MTU Discovery finds the
availability of larger path MTU. To make it work and not to send
fragmented packet, we need to set DF bit. That makes send(2) fail with
EMSGSIZE if UDP datagram is too large. In that case, just let it be
lost. This patch enables DF bit for Linux only.
Closes#8883
The NTLM protocol includes providing the local host name, but apparently
other implementations already provide a fixed fake name instead to avoid
leaking the real local name.
The exact name used is 'WORKSTATION', because Firefox uses that.
The change is written to allow someone to "back-pedal" fairly easy in
case of need.
Reported-by: Carlo Alberto
Fixes#8859Closes#8889
- -DOPENSSL_NO_KRB5: No longer used by OpenSSL 1.1.x, 3.x, or
LibreSSL 3.5.x, yet it collides with the latter, which defines
it unconditionally, resulting in this warning:
../../libressl/include/openssl/opensslfeatures.h:14:9: warning: 'OPENSSL_NO_KRB5' macro redefined [-Wmacro-redefined]
It was originally added to curl in 2004.
- -DHAVE_OPENSSL_PKCS12_H: No longer used by OpenSSL 1.1.x, 3.x, or
LibreSSL back to at least 2.5.5. Originally added in the same
commit as the above, in 2004.
Closes#8884
Usage:
curl -x "socks5h://localhost/run/tor/socks" "https://example.com"
Updated runtests.pl to run a socksd server listening on unix socket
Added tests test1467 test1468
Added documentation for proxy command line option and socks proxy
options
Closes#8668
Lookup tables for toupper() and tolower() make Curl_strcasecompare()
about 1.5 times faster. Reorganising Curl_strcasecompare() to fully exit
early then also allows simplifying the check at the end, for another
15%. In total, the changes make Curl_strcasecompare() around 1.6 to 1.7
times faster.
Note that these optimisation assume ASCII. The original
Curl_raw_toupper() and raw_tolower() look like they already made that
assumption.
Closes#8875
This change removes adding an include `$prefix/wolfssl` or similar to
allow for openssl include aliasing. Include paths of `wolfssl/openssl/`
are used to explicitly use wolfSSL includes. This fixes cmake builds as
well as avoiding potentially using openSSL headers since include path
order is not guaranteed.
Closes#8864
These two options were only ever used for the OpenSSL backend for
versions before 1.1.0. They were never used for other backends and they
are not used with recent OpenSSL versions. They were never used much by
applications.
The defines RANDOM_FILE and EGD_SOCKET can still be set at build-time
for ancient EOL OpenSSL versions.
Closes#8670
Earlier if CURLOPT_LOCALPORT + CURLOPT_LOCALPORTRANGE would go past port
65535 the code would fall back to random port rather than giving up.
Closes#8862
Commit 0ef54abf52 accidentally used the conn variable before the
assertion for it being NULL. Fix by moving the assignment which use
conn to after the assertion.
Closes: #8857
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Add Curl_quic_idle which is called when no HTTP level read or write is
performed. It is a good place to handle timer expiry for QUIC transport
(.e.g, retransmission).
Closes#8698
SecTrustEvaluateAsync() is defined in the macOS 10.7 SDK, but it
requires Grand Central Dispatch to be supported by the compiler, and
some third-party macOS compilers do not support Grand Central Dispatch.
SecTrustCopyPublicKey() is not present in macOS 10.6, so this shouldn't
adversely affect anything.
Fixes#8846
Reported-by: Egor Pugin
Closes#8854
Accessing local variables outside of the scope is forbidden and
depending on the compiler can result in the value being
overwritten. Fixed by moving the pwbuf to be in scope.
Closes#8850
Explicitly initialize gss_buffer_desc strings such that a call to
freeing resources will succeed even if no data has been allocated
to it.
Reported-by: Jay Satiro <raysatiro@yahoo.com>
