Daniel Stenberg
21aafd09f6
openssl: biomem->data is not zero terminated
...
So printf(%s) on it or reading before bounds checking is wrong, fixing
it. Could previously lead to reading out of boundary.
Reported-by: Török Edwin
2014-05-04 00:50:10 +02:00
Daniel Stenberg
947bb79c08
easy_perform: spelling mistake in error message
2014-05-03 23:09:26 +02:00
Steve Holme
78ca3c6830
copyright: Updated following recent edits
2014-04-28 23:20:52 +01:00
Dan Fandrich
ef1322df67
Added a few more const where possible
2014-04-29 00:05:19 +02:00
Tatsuhiro Tsujikawa
b8a220d255
http2: Compile with latest nghttp2
...
commit 6d5f40238028f2d8c (Apr 27) or later nghttp2 is now required
2014-04-27 19:15:08 +02:00
Daniel Stenberg
d5ec44ca4c
INFILESIZE: fields in UserDefined must not be changed run-time
...
set.infilesize in this case was modified in several places, which could
lead to repeated requests using the same handle to get unintendent/wrong
consequences based on what the previous request did!
2014-04-26 18:17:10 +02:00
Kamil Dudka
9c941e92c4
nss: propagate blocking direction from NSPR I/O
...
... during the non-blocking SSL handshake
2014-04-25 15:08:12 +02:00
Daniel Stenberg
710f14edba
handler: make 'protocol' always specified as a single bit
...
This makes the findprotocol() function work as intended so that libcurl
can properly be restricted to not support HTTP while still supporting
HTTPS - since the HTTPS handler previously set both the HTTP and HTTPS
bits in the protocol field.
This fixes --proto and --proto-redir for most SSL protocols.
This is done by adding a few new convenience defines that groups HTTP
and HTTPS, FTP and FTPS etc that should then be used when the code wants
to check for both protocols at once. PROTO_FAMILY_[protocol] style.
Bug: https://github.com/bagder/curl/pull/97
Reported-by: drizzt
2014-04-23 22:36:01 +02:00
Dan Fandrich
0204e17bc6
cyassl: Use error-ssl.h when available
...
Versions since at least 2.9.4 renamed error.h to error-ssl.h, so use
whichever one is available.
2014-04-23 11:01:30 +02:00
Daniel Stenberg
386ed2d590
gtls: fix NULL pointer dereference
...
gnutls_x509_crt_import() must not be called with a NULL certificate
Bug: http://curl.haxx.se/mail/lib-2014-04/0145.html
Reported-by: Damian Dixon
2014-04-22 23:24:31 +02:00
Daniel Stenberg
5b463e97fa
curl_global_init_mem: bump initialized even if already initialized
...
As this makes curl_global_init_mem() behave the same way as
curl_global_init() already does in that aspect - the same number of
curl_global_cleanup() calls is then required to again decrease the
counter and then eventually do the cleanup.
Bug: http://curl.haxx.se/bug/view.cgi?id=1362
Reported-by: Tristan
2014-04-22 23:08:14 +02:00
Kamil Dudka
8868a226cd
nss: implement non-blocking SSL handshake
2014-04-22 22:56:14 +02:00
Kamil Dudka
a43bba3a34
nss: split Curl_nss_connect() into 4 functions
2014-04-22 22:56:14 +02:00
Marc Hoersken
ee6791128f
multi.c: fix possible invalid memory access in case nfds overflows
...
ufds might not be allocated in case nfds overflows to zero while
extra_nfds is still non-zero. udfs is then accessed within the
extra_nfds-based for loop.
2014-04-19 16:02:14 +02:00
Marc Hoersken
549b4a659a
netrc.c: fix multiple possible dereferences of null pointers
2014-04-19 16:00:43 +02:00
Marc Hoersken
9146f37973
parsedate.c: check sscanf result before passing it to strlen
2014-04-19 15:47:07 +02:00
Marc Hoersken
662fc62517
telnet.c: check sscanf results before passing them to snprintf
2014-04-19 15:23:04 +02:00
Marc Hoersken
f9ffbfce90
telnet.c: fix possible use of uninitialized variable
2014-04-19 15:18:19 +02:00
Marc Hoersken
aa0fbe3537
telnet.c: fix possible use of non-null-terminated strings
2014-04-19 14:26:02 +02:00
Marc Hoersken
c48b996cf2
url.c: fix possible use of non-null-terminated string with strlen
...
Follow up on b0e742544b
2014-04-19 14:25:32 +02:00
Marc Hoersken
b0e742544b
url.c: fix possible use of non-null-terminated string with strlen
2014-04-19 00:17:21 +02:00
Marc Hoersken
7296fc9e7e
connect.c: fix multiple possible dereferences of null pointers
...
In case the first address in the tempaddr array is NULL,
the code would previously dereference an unchecked null pointer.
2014-04-18 23:56:54 +02:00
Marc Hoersken
3f74e149f8
tftp.c: fix possible dereference of null pointer
2014-04-18 23:53:48 +02:00
Marc Hoersken
e81bdab13e
socks_sspi.c: added pointer guards to FreeContextBuffer calls
...
The FreeContextBuffer SAL declaration does not declare the pointer
as optional, therefore it must not be NULL.
2014-04-18 23:24:41 +02:00
Marc Hoersken
54df616729
md5.c: fix use of uninitialized variable
2014-04-18 22:59:25 +02:00
Marc Hoersken
6f72c2fe31
curl_schannel.c: added explicit cast of structure pointers
2014-04-18 22:38:42 +02:00
Marc Hoersken
a703914e60
curl_schannel.c: fix possible dereference of null pointer
2014-04-18 22:36:12 +02:00
Steve Holme
d7ed8da43e
imap: Extended FETCH support to include PARTIAL URL specifier
2014-04-18 20:14:09 +01:00
Steve Holme
e2c14bde22
url.c: Fixed typo in comment
2014-04-18 17:51:26 +01:00
Steve Holme
84c0aabe65
imap: Expanded mailbox SEARCH support to use URL query strings
2014-04-18 16:51:48 +01:00
Steve Holme
ca63d4feba
imap: Added support for parsing URL query strings
...
Added support for parsing query strings from the URL as defined by
RFC-5092.
2014-04-18 16:43:57 +01:00
Steve Holme
f804378d16
imap: Introduced the SEARCH state
2014-04-18 15:32:13 +01:00
Steve Holme
2c6b41e98a
imap: Fixed untagged response detection when no data after command
...
Should a command return untagged responses that contained no data then
the imap_matchresp() function would not detect them as valid responses,
as it wasn't taking the CRLF characters into account at the end of each
line.
2014-04-18 15:01:57 +01:00
Daniel Stenberg
b166117c60
README.http2: mention some alt-svc thoughts
2014-04-17 19:23:39 +02:00
Dan Fandrich
263ed02da6
url: only use if_nametoindex() if IFNAMSIZ is available
2014-04-14 08:02:06 +02:00
Steve Holme
b574e83079
sas: Added DIGEST-MD5 qop-option validation in native challange handling
...
Given that we presently support "auth" and not "auth-int" or "auth-conf"
for native challenge-response messages, added client side validation of
the quality-of-protection options from the server's challenge message.
2014-04-08 21:24:34 +01:00
Daniel Stenberg
73b7a03c3f
strerror: fix comment about vxworks' strerror_r buffer size
...
Bug: http://curl.haxx.se/mail/lib-2014-04/0063.html
Reported-by: Jeroen Koekkoek
2014-04-06 23:13:08 +02:00
Steve Holme
64381f5091
sasl: Added forward declaration of structures following recent changes
...
To avoid urldata.h being included from the header file or that the
source file has the correct include order as highlighted by one of
the auto builds recently.
2014-04-06 17:20:08 +01:00
Steve Holme
537b571c90
sasl: Fixed compilation warning
...
warning: no previous prototype for 'Curl_sasl_create_digest_md5_message'
2014-04-06 16:32:28 +01:00
Steve Holme
fe15ea67cc
sasl: Added curl_memory.h include as per test 1132
2014-04-06 16:09:19 +01:00
Steve Holme
2af28a147b
sasl: Fixed compilation warning in SSPI builds
...
warning: 'sasl_digest_get_key_value' defined but not used
2014-04-06 16:01:55 +01:00
Steve Holme
f700eb7d9a
sasl: Corrected missing free of decoded challenge message from 607883f13c
2014-04-06 14:18:31 +01:00
Steve Holme
175b605331
sasl: Corrected add of Curl_sasl_decode_digest_md5_message() from 2c49e96092
2014-04-06 14:02:10 +01:00
Steve Holme
ee40136f6c
sasl: Post DIGEST-MD5 SSPI code tidy up
...
* Added comments to SSPI NTLM message generation
* Added comments to native DIGEST-MD5 code
* Removed redundant identity pointer
2014-04-06 13:30:52 +01:00
Steve Holme
19a514237d
sasl: Corrected pre-processor inclusion of SSPI based DIGEST-MD5 code
...
When CURL_DISABLE_CRYPTO_AUTH is defined the DIGEST-MD5 code should not
be included, regardless of whether USE__WINDOWS_SSPI is defined or not.
This is indicated by the definition of USE_HTTP_NEGOTIATE and USE_NTLM
in curl_setup.h.
2014-04-06 13:01:14 +01:00
Steve Holme
607883f13c
sasl: Added support for DIGEST-MD5 via Windows SSPI
2014-04-06 12:49:32 +01:00
Steve Holme
d4150c317c
http_negotiate_sspi: Fixed compilation when USE_HTTP_NEGOTIATE not defined
2014-04-06 01:46:53 +01:00
Steve Holme
0bc14c9faf
Makefile.vc6: Added curl_sasl_sspi.c
2014-04-06 00:57:23 +01:00
Steve Holme
c469941293
ntlm: Moved the identity generation into shared SSPI code
2014-04-06 00:35:22 +01:00
Steve Holme
ff853960bd
sasl: Renamed SSPI module following short name clash
2014-04-06 00:35:01 +01:00