strcpy_url: only %-encode values >= 0x80

OSS-Fuzz detected

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8000

Broke in dd7521bcc1b7

ctype: restore character classification for non-ASCII platforms

With commit 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2 curl-speficic
character classification macros and functions were intr

ctype: restore character classification for non-ASCII platforms

With commit 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2 curl-speficic
character classification macros and functions were introduced in
curl_ctype.[ch] to avoid dependencies on the locale. This broke curl on
non-ASCII, e.g. EBCDIC platforms. This change restores the previous set
of character classification macros when CURL_DOES_CONVERSIONS is
defined.

Closes #2494

show more ...

http2: handle GOAWAY properly

When receiving REFUSED_STREAM, mark the connection for close and retry
streams accordingly on another/fresh connection.

Reported-by: Terry Wu
F

http2: handle GOAWAY properly

When receiving REFUSED_STREAM, mark the connection for close and retry
streams accordingly on another/fresh connection.

Reported-by: Terry Wu
Fixes #2416
Fixes #1618
Closes #2510

show more ...

transfer: make HTTP without headers count correct body size

This is what "HTTP/0.9" basically looks like.

Reported on IRC

Closes #2382

readwrite: make sure excess reads don't go beyond buffer end

CVE-2018-1000122
Bug: https://curl.haxx.se/docs/adv_2018-b047.html

Detected by OSS-fuzz

HTTP: allow "header;" to replace an internal header with a blank one

Reported-by: Michael Kaufmann
Fixes #2357
Closes #2362

TODO fixed: Detect when called from within callbacks

Closes #2302

HTTP: support multiple Content-Encodings

This is implemented as an output streaming stack of unencoders, the last
calling the client write procedure.

New test 230 checks this fe

HTTP: support multiple Content-Encodings

This is implemented as an output streaming stack of unencoders, the last
calling the client write procedure.

New test 230 checks this feature.

Bug: https://github.com/curl/curl/pull/2002
Reported-By: Daniel Bankhead

show more ...

transfer: Fix chunked-encoding upload bug

- When uploading via chunked-encoding don't compare file size to bytes
sent to determine whether the upload has finished.

Chunked-enc

transfer: Fix chunked-encoding upload bug

- When uploading via chunked-encoding don't compare file size to bytes
sent to determine whether the upload has finished.

Chunked-encoding adds its own overhead which why the bytes sent is not
equal to the file size. Prior to this change if a file was uploaded in
chunked-encoding and its size was known it was possible that the upload
could end prematurely without sending the final few chunks. That would
result in a server hang waiting for the remaining data, likely followed
by a disconnect.

The scope of this bug is limited to some arbitrary file sizes which have
not been determined. One size that triggers the bug is 475020.

Bug: https://github.com/curl/curl/issues/2001
Reported-by: moohoorama@users.noreply.github.com

Closes https://github.com/curl/curl/pull/2010

show more ...

wildcards: don't use with non-supported protocols

Fixes timeouts in the fuzzing tests for non-FTP protocols.

Closes #2016

time: rename Curl_tvnow to Curl_now

... since the 'tv' stood for timeval and this function does not return a
timeval struct anymore.

Also, cleaned up the Curl_timediff*() functi

time: rename Curl_tvnow to Curl_now

... since the 'tv' stood for timeval and this function does not return a
timeval struct anymore.

Also, cleaned up the Curl_timediff*() functions to avoid typecasts and
clean up the descriptive comments.

Closes #2011

show more ...

timediff: return timediff_t from the time diff functions

... to cater for systems with unsigned time_t variables.

- Renamed the functions to curlx_timediff and Curl_timediff_us.

timediff: return timediff_t from the time diff functions

... to cater for systems with unsigned time_t variables.

- Renamed the functions to curlx_timediff and Curl_timediff_us.

- Added overflow protection for both of them in either direction for
both 32 bit and 64 bit time_ts

- Reprefixed the curlx_time functions to use Curl_*

Reported-by: Peter Piekarski
Fixes #2004
Closes #2005

show more ...

conversions: fix several compiler warnings

code style: remove wrong uses of multiple spaces

Closes #1878

code style: use spaces around pluses

code style: use spaces around equals signs

Curl_checkheaders: make it available for IMAP and SMTP too

... not only HTTP uses this now.

Closes #1875

mime: unified to use the typedef'd mime structs everywhere

... and slightly edited to follow our code style better.

mime: new MIME API.

Available in HTTP, SMTP and IMAP.
Deprecates the FORM API.
See CURLOPT_MIMEPOST.
Lib code and associated documentation.

progress: Track total times following redirects

Update the progress timers `t_nslookup`, `t_connect`, `t_appconnect`,
`t_pretransfer`, and `t_starttransfer` to track the total times for

progress: Track total times following redirects

Update the progress timers `t_nslookup`, `t_connect`, `t_appconnect`,
`t_pretransfer`, and `t_starttransfer` to track the total times for
these activities when a redirect is followed. Previously, only the times
for the most recent request would be tracked.

Related changes:

- Rename `Curl_pgrsResetTimesSizes` to `Curl_pgrsResetTransferSizes`
now that the function only resets transfer sizes and no longer
modifies any of the progress timers.

- Add a bool to the `Progress` struct that is used to prevent
double-counting `t_starttransfer` times.

Added test case 1399.

Fixes #522 and Known Bug 1.8
Closes #1602
Reported-by: joshhe on github

show more ...

redirect: skip URL encoding for host names

This fixes redirects to IDN URLs

Fixes #1441
Closes #1762
Reported by: David Lord

url: make the original string get used on subsequent transfers

... since CURLOPT_URL should follow the same rules as other options:
they remain set until changed or cleared.

Add

url: make the original string get used on subsequent transfers

... since CURLOPT_URL should follow the same rules as other options:
they remain set until changed or cleared.

Added test 1551 to verify.

Fixes #1631
Closes #1632
Reported-by: Pavel Rochnyak

show more ...

transfer: init the infilesize from the postfields...

... with a strlen() if no size was set, and do this in the pretransfer
function so that the info is set early. Otherwise, the default

transfer: init the infilesize from the postfields...

... with a strlen() if no size was set, and do this in the pretransfer
function so that the info is set early. Otherwise, the default strlen()
done on the POSTFIELDS data never sets state.infilesize.

Reported-by: Vincas Razma
Bug: #1294

show more ...

redirect: store the "would redirect to" URL when max redirs is reached

Test 1261 added to verify.

Reported-by: Lloyd Fournier

Fixes #1489
Closes #1497

multi: use a fixed array of timers instead of malloc

... since the total amount is low this is faster, easier and reduces
memory overhead.

Also, Curl_expire_done() can now mark

multi: use a fixed array of timers instead of malloc

... since the total amount is low this is faster, easier and reduces
memory overhead.

Also, Curl_expire_done() can now mark an expire timeout as done so that
it never times out.

Closes #1472

show more ...