Daniel Stenberg
386ed2d590
gtls: fix NULL pointer dereference
...
gnutls_x509_crt_import() must not be called with a NULL certificate
Bug: http://curl.haxx.se/mail/lib-2014-04/0145.html
Reported-by: Damian Dixon
2014-04-22 23:24:31 +02:00
Daniel Stenberg
5b463e97fa
curl_global_init_mem: bump initialized even if already initialized
...
As this makes curl_global_init_mem() behave the same way as
curl_global_init() already does in that aspect - the same number of
curl_global_cleanup() calls is then required to again decrease the
counter and then eventually do the cleanup.
Bug: http://curl.haxx.se/bug/view.cgi?id=1362
Reported-by: Tristan
2014-04-22 23:08:14 +02:00
Kamil Dudka
8868a226cd
nss: implement non-blocking SSL handshake
2014-04-22 22:56:14 +02:00
Kamil Dudka
a43bba3a34
nss: split Curl_nss_connect() into 4 functions
2014-04-22 22:56:14 +02:00
Marc Hoersken
ee6791128f
multi.c: fix possible invalid memory access in case nfds overflows
...
ufds might not be allocated in case nfds overflows to zero while
extra_nfds is still non-zero. udfs is then accessed within the
extra_nfds-based for loop.
2014-04-19 16:02:14 +02:00
Marc Hoersken
549b4a659a
netrc.c: fix multiple possible dereferences of null pointers
2014-04-19 16:00:43 +02:00
Marc Hoersken
9146f37973
parsedate.c: check sscanf result before passing it to strlen
2014-04-19 15:47:07 +02:00
Marc Hoersken
662fc62517
telnet.c: check sscanf results before passing them to snprintf
2014-04-19 15:23:04 +02:00
Marc Hoersken
f9ffbfce90
telnet.c: fix possible use of uninitialized variable
2014-04-19 15:18:19 +02:00
Marc Hoersken
aa0fbe3537
telnet.c: fix possible use of non-null-terminated strings
2014-04-19 14:26:02 +02:00
Marc Hoersken
c48b996cf2
url.c: fix possible use of non-null-terminated string with strlen
...
Follow up on b0e742544be22ede33206a597b22682e51e0c676
2014-04-19 14:25:32 +02:00
Marc Hoersken
b0e742544b
url.c: fix possible use of non-null-terminated string with strlen
2014-04-19 00:17:21 +02:00
Marc Hoersken
7296fc9e7e
connect.c: fix multiple possible dereferences of null pointers
...
In case the first address in the tempaddr array is NULL,
the code would previously dereference an unchecked null pointer.
2014-04-18 23:56:54 +02:00
Marc Hoersken
3f74e149f8
tftp.c: fix possible dereference of null pointer
2014-04-18 23:53:48 +02:00
Marc Hoersken
e81bdab13e
socks_sspi.c: added pointer guards to FreeContextBuffer calls
...
The FreeContextBuffer SAL declaration does not declare the pointer
as optional, therefore it must not be NULL.
2014-04-18 23:24:41 +02:00
Marc Hoersken
54df616729
md5.c: fix use of uninitialized variable
2014-04-18 22:59:25 +02:00
Marc Hoersken
6f72c2fe31
curl_schannel.c: added explicit cast of structure pointers
2014-04-18 22:38:42 +02:00
Marc Hoersken
a703914e60
curl_schannel.c: fix possible dereference of null pointer
2014-04-18 22:36:12 +02:00
Steve Holme
d7ed8da43e
imap: Extended FETCH support to include PARTIAL URL specifier
2014-04-18 20:14:09 +01:00
Steve Holme
e2c14bde22
url.c: Fixed typo in comment
2014-04-18 17:51:26 +01:00
Steve Holme
84c0aabe65
imap: Expanded mailbox SEARCH support to use URL query strings
2014-04-18 16:51:48 +01:00
Steve Holme
ca63d4feba
imap: Added support for parsing URL query strings
...
Added support for parsing query strings from the URL as defined by
RFC-5092.
2014-04-18 16:43:57 +01:00
Steve Holme
f804378d16
imap: Introduced the SEARCH state
2014-04-18 15:32:13 +01:00
Steve Holme
2c6b41e98a
imap: Fixed untagged response detection when no data after command
...
Should a command return untagged responses that contained no data then
the imap_matchresp() function would not detect them as valid responses,
as it wasn't taking the CRLF characters into account at the end of each
line.
2014-04-18 15:01:57 +01:00
Daniel Stenberg
b166117c60
README.http2: mention some alt-svc thoughts
2014-04-17 19:23:39 +02:00
Dan Fandrich
263ed02da6
url: only use if_nametoindex() if IFNAMSIZ is available
2014-04-14 08:02:06 +02:00
Steve Holme
b574e83079
sas: Added DIGEST-MD5 qop-option validation in native challange handling
...
Given that we presently support "auth" and not "auth-int" or "auth-conf"
for native challenge-response messages, added client side validation of
the quality-of-protection options from the server's challenge message.
2014-04-08 21:24:34 +01:00
Daniel Stenberg
73b7a03c3f
strerror: fix comment about vxworks' strerror_r buffer size
...
Bug: http://curl.haxx.se/mail/lib-2014-04/0063.html
Reported-by: Jeroen Koekkoek
2014-04-06 23:13:08 +02:00
Steve Holme
64381f5091
sasl: Added forward declaration of structures following recent changes
...
To avoid urldata.h being included from the header file or that the
source file has the correct include order as highlighted by one of
the auto builds recently.
2014-04-06 17:20:08 +01:00
Steve Holme
537b571c90
sasl: Fixed compilation warning
...
warning: no previous prototype for 'Curl_sasl_create_digest_md5_message'
2014-04-06 16:32:28 +01:00
Steve Holme
fe15ea67cc
sasl: Added curl_memory.h include as per test 1132
2014-04-06 16:09:19 +01:00
Steve Holme
2af28a147b
sasl: Fixed compilation warning in SSPI builds
...
warning: 'sasl_digest_get_key_value' defined but not used
2014-04-06 16:01:55 +01:00
Steve Holme
f700eb7d9a
sasl: Corrected missing free of decoded challenge message from 607883f13c
2014-04-06 14:18:31 +01:00
Steve Holme
175b605331
sasl: Corrected add of Curl_sasl_decode_digest_md5_message() from 2c49e96092
2014-04-06 14:02:10 +01:00
Steve Holme
ee40136f6c
sasl: Post DIGEST-MD5 SSPI code tidy up
...
* Added comments to SSPI NTLM message generation
* Added comments to native DIGEST-MD5 code
* Removed redundant identity pointer
2014-04-06 13:30:52 +01:00
Steve Holme
19a514237d
sasl: Corrected pre-processor inclusion of SSPI based DIGEST-MD5 code
...
When CURL_DISABLE_CRYPTO_AUTH is defined the DIGEST-MD5 code should not
be included, regardless of whether USE__WINDOWS_SSPI is defined or not.
This is indicated by the definition of USE_HTTP_NEGOTIATE and USE_NTLM
in curl_setup.h.
2014-04-06 13:01:14 +01:00
Steve Holme
607883f13c
sasl: Added support for DIGEST-MD5 via Windows SSPI
2014-04-06 12:49:32 +01:00
Steve Holme
d4150c317c
http_negotiate_sspi: Fixed compilation when USE_HTTP_NEGOTIATE not defined
2014-04-06 01:46:53 +01:00
Steve Holme
0bc14c9faf
Makefile.vc6: Added curl_sasl_sspi.c
2014-04-06 00:57:23 +01:00
Steve Holme
c469941293
ntlm: Moved the identity generation into shared SSPI code
2014-04-06 00:35:22 +01:00
Steve Holme
ff853960bd
sasl: Renamed SSPI module following short name clash
2014-04-06 00:35:01 +01:00
Steve Holme
2c49e96092
sasl: Added initial stub functions for SSPI DIGEST-MD support
2014-04-05 23:16:51 +01:00
Steve Holme
3a92de5636
sasl: Combined DIGEST-MD5 message decoding and generation
2014-04-05 23:09:04 +01:00
Tatsuhiro Tsujikawa
9e86209d04
http2: Compile with current nghttp2, which supports h2-11
2014-04-05 19:30:12 +02:00
Daniel Stenberg
74851340bd
PROXYHEADER: send these headers in "normal" proxy requests too
...
Updated the docs to clarify and the code accordingly, with test 1528 to
verify:
When CURLHEADER_SEPARATE is set and libcurl is asked to send a request
to a proxy but it isn't CONNECT, then _both_ header lists
(CURLOPT_HTTPHEADER and CURLOPT_PROXYHEADER) will be used since the
single request is then made for both the proxy and the server.
2014-04-04 17:03:43 +02:00
Daniel Stenberg
ef6be35bae
CURLOPT_HEADEROPT: added
...
Modified the logic so that CURLOPT_HEADEROPT now controls if PROXYHEADER
is actually used or not.
2014-04-04 17:03:43 +02:00
Daniel Stenberg
ac887eedbc
CURLOPT_PROXYHEADER: set headers for proxy-only
...
Includes docs and new test cases: 1525, 1526 and 1527
Co-written-by: Vijay Panghal
2014-04-04 17:03:43 +02:00
Daniel Stenberg
42937f87e6
HTTP: don't send Content-Length: 0 _and_ Expect: 100-continue
...
Without request body there's no point in asking for 100-continue.
Bug: http://curl.haxx.se/bug/view.cgi?id=1349
Reported-by: JimS
2014-04-04 15:46:35 +02:00
Daniel Stenberg
c81021f747
ftp: in passive data connect wait for happy eyeballs sockets
...
When doing passive FTP, the multi state function needs to extract and
use the happy eyeballs sockets to wait for to check for completion!
Bug: http://curl.haxx.se/mail/lib-2014-02/0135.html (ruined)
Reported-by: Alan
2014-04-03 20:38:19 +02:00
Daniel Stenberg
97f214d0c9
http2+openssl: fix compiler warnings in ALPN using code
2014-04-03 17:03:02 +02:00