Commit Graph

5659 Commits

Author SHA1 Message Date
Ben Noordhuis
88e825de86 SMTP in multi mode: use Curl_ssl_connect_nonblocking() when connecting. 2011-03-15 20:09:51 +01:00
Daniel Stenberg
36cb24ec19 buildfix: spell define correctly 2011-03-15 16:49:27 +01:00
Kamil Dudka
806dbb022b nss: do not ignore value of CURLOPT_SSL_VERIFYPEER
When NSS-powered libcurl connected to a SSL server with
CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer
certificate was accepted by libcurl and did not ask the second time when
connecting to the same server with CURLOPT_SSL_VERIFYPEER equal to one.

This patch turns off the SSL session cache for the particular SSL socket
if peer verification is disabled.  In order to avoid any performance
impact, the peer verification is completely skipped in that case, which
makes it even faster than before.

Bug: https://bugzilla.redhat.com/678580
2011-03-15 15:48:24 +01:00
Daniel Stenberg
cc228ea6f6 protocol handler cleanup: SSL awareness
As a follow-up to commit 8831000bc0: don't assume that the SSL powered
protocol alternatives are available.
2011-03-15 10:02:05 +01:00
Daniel Stenberg
211504ba8a ldap: use the new protocol handler setup
Use the new flags field and stop using the old protocol defines.
2011-03-15 09:13:11 +01:00
Daniel Stenberg
13b64d7558 protocols: use CURLPROTO_ internally
The PROT_* set of internal defines for the protocols is no longer
used. We now use the same bits internally as we have defined in the
public header using the CURLPROTO_ prefix. This is for simplicity and
because the PROT_* prefix was already used duplicated internally for a
set of KRB4 values.

The PROTOPT_* defines were moved up to just below the struct definition
within which they are used.
2011-03-14 22:52:14 +01:00
Daniel Stenberg
8831000bc0 protocol handler: added flags field
The protocol handler struct got a 'flags' field for special information
and characteristics of the given protocol.

This now enables us to move away central protocol information such as
CLOSEACTION and DUALCHANNEL from single defines in a central place, out
to each protocol's definition. It also made us stop abusing the protocol
field for other info than the protocol, and we could start cleaning up
other protocol-specific things by adding flags bits to set in the
handler struct.

The "protocol" field connectdata struct was removed as well and the code
now refers directly to the conn->handler->protocol field instead. To
make things work properly, the code now always store a conn->given
pointer that points out the original handler struct so that the code can
learn details from the original protocol even if conn->handler is
modified along the way - for example when switching to go over a HTTP
proxy.
2011-03-14 22:22:22 +01:00
Daniel Stenberg
fdaa8da75d sslgen: define Curl_ssl_connect_nonblocking for non-SSL
The non-blocking connect improvement for IMAP showed that we didn't
properly define the Curl_ssl_connect_nonblocking function for non-SSL
builds.

Reported by: Tor Arntsen
2011-03-14 11:13:12 +01:00
Ask Bjørn Hansen
3e00af34c8 mk-ca-bundle.pl: Only download if modified
Only download and convert the certdata to the ca-bundle.crt if Mozilla
changed the data

The Perl LWP module (which in a bit of a circular reference is used by
mk-ca-bundle.pl) is now indirectly using this script. I made this small
tweak to make it easier to automatically maintain the generated
ca-bundle.crt file in version control.
2011-03-14 10:20:21 +01:00
Daniel Stenberg
3eac14b43c SSH: add protocol lock direction
Some protocols have to call the underlying functions without regard to
what exact state the socket signals. For example even if the socket says
"readable", the send function might need to be called while uploading,
or vice versa. This is the case for libssh2 based protocols: SCP and
SFTP and we now introduce a define to set those protocols and we make
the multi interface code aware of this concept.

This is another fix to make test 582 run properly.
2011-03-13 23:21:03 +01:00
Daniel Stenberg
60406ff7f8 state: add missing state to debug table
As a new state recently was added to the IMAP state machine it has to be
in the array of names as well as otherwise libcurl crashes when a debug
version runs...
2011-03-13 14:19:16 +01:00
Daniel Stenberg
ca37692bf4 ssh_statemach_act: set cselect for sftp upload
For uploads we want to use the _sending_ function even when the socket
turns out readable as the underlying libssh2 sftp send function will
deal with both accordingly. This is what the cselect_bits magic is for.

Fixes test 582.
2011-03-13 14:10:27 +01:00
Daniel Stenberg
c8fba59731 Merge branch 'imap' of https://github.com/bnoordhuis/curl into bnoordhuis-imap 2011-03-13 00:36:38 +01:00
Karl M
05ebc6f0cc VC: add missing file
http_negotiate_sspi.c was added to the source tree recently
2011-03-13 00:23:04 +01:00
Marcus Sundberg
6f0ee717c3 GSS: handle reuse fix
Make GSS authentication work when a curl handle is reused for multiple
authenticated requests, by always setting negdata->state in
output_auth_headers().

Signed-off-by: Marcus Sundberg <marcus.sundberg@aptilo.com>
2011-03-13 00:21:07 +01:00
Daniel Stenberg
60172a0446 SFTP: gracefully handle shutdown early
When using the multi interface and a handle using SFTP was removed very
early on, we would get a segfault due to the code assumed data was there
that hadn't yet been setup.

Bug: http://curl.haxx.se/mail/lib-2011-03/0066.html
Reported by: Saqib Ali
2011-03-13 00:15:59 +01:00
Daniel Stenberg
bec9692a77 PROT_CLOSEACTION: added SFTP and SCP
Both SFTP and SCP are protocols that need to shut down stuff properly
when the connection is about to get torned down. The primary effect of
not doing this shows up as memory leaks (when using SCP or SFTP with the
multi interface).

This is one of the problems detected by test 582.
2011-03-12 23:08:10 +01:00
Daniel Stenberg
a07a865d5d readwrite_upload: stop upload at file size
As we know how much to send, we can and should stop once we've sent that
much data as it avoids having to rely on other mechanisms to detect the
end.

This is one of the problems detected by test 582.

Reported by: Henry Ludemann <misc@hl.id.au>
2011-03-12 23:05:11 +01:00
Daniel Stenberg
cccba72920 sftp upload: expire to advance state machine
When using the multi_socket API to do SFTP upload, it is important that
we set a quick expire when leaving the SSH_SFTP_UPLOAD_INIT state as
there's nothing happening on the socket so there's no read or write to
wait for, but the next libssh2 API function needs to be called to get
the ball rolling.

This is one of the problems detected by test 582.

Reported by: Henry Ludemann <misc@hl.id.au>
2011-03-12 23:02:04 +01:00
Daniel Stenberg
1aeb635cdd sources: update source headers
All C and H files now (should) feature the proper project curl source
code header, which includes basic info, a copyright statement and some
basic disclaimers.
2011-03-10 12:04:33 +01:00
Daniel Stenberg
d6b9f76943 cyassl: fix compiler warnings 2011-03-08 14:09:20 +01:00
Todd A Ouska
9e60d8fd9e SSL: (part 2) Added CyaSSL to SSL abstraction layer
This is the modified existing files commit.
2011-03-08 13:54:58 +01:00
Todd A Ouska
a8f30fa555 SSL: Added CyaSSL to SSL abstraction layer
CyaSSL (available from git@github.com:cyassl/cyassl.git) has been
added to the SSL abstraction layer.

To test:
1) git CyaSSL sources
2) autoreconf -i
3) ./configure --disable-static
4) make
5) sudo make install
6) autoreconf -i
7) git curl sources (and this patch)
8) ./configure --disable-shared --with-cyassl --without-ssl --enable-debug
9) make
10) normal testing

Please send questions or comments to todd@yassl.com .
2011-03-08 13:06:38 +01:00
Dan Fandrich
29f0898525 Fixed libcurl to honour the --disable-ldaps configure option 2011-03-07 17:45:33 -08:00
Daniel Stenberg
c9ee341bfb cpp: correct #endif placement
The end-of-file #endif in rawstr.h was not correcly positioned after all
prototypes.

Reported by: Boris
Bug: http://curl.haxx.se/bug/view.cgi?id=3195205
2011-03-06 23:00:28 +01:00
Stefan Krause
8511b6436c transfer: avoid insane conversion of time_t 2011-03-04 21:17:08 +01:00
Daniel Stenberg
17de1cc382 ssh_connect: treat libssh2 return code better
libssh2_knownhost_readfile() returns a negative value on error or
otherwise number of parsed known hosts - this was previously not
documented correctly in the libssh2 man page for the function.

Bug: http://curl.haxx.se/mail/lib-2011-02/0327.html
Reported by: murat
2011-02-26 11:00:44 +01:00
Julien Chaffraix
5719e56168 http: removed wrong unused comment.
|premature| is used in Curl_http_done.
2011-02-25 20:54:39 -08:00
Julien Chaffraix
d7846237a4 http: removed code duplication for stubbed https_getsock function. 2011-02-25 20:50:26 -08:00
Kamil Dudka
7aa2d10e0d nss: do not ignore failure of SSL handshake
Flaw introduced in fc77790 and present in curl-7.21.4.
Bug: https://bugzilla.redhat.com/669702#c16
2011-02-22 13:19:57 +01:00
Julien Chaffraix
0b8cdc0635 netrc: Removed _NETRC_DEBUG code.
This is not needed anymore as we have unit testing running on it.
2011-02-20 21:11:53 -08:00
Julien Chaffraix
9f8e960a1a tests: Cleaned up netrc testing.
Removed the "netrc_debug" keyword replaced with --netrc-file additions.
Removed the debug code from Curl_parsenetrc as it is superseeded by
--netrc-file.
2011-02-20 21:11:52 -08:00
Ben Noordhuis
dd3760f2eb IMAP in multi mode: use Curl_ssl_connect_nonblocking() when upgrading the connection to TLS/SSL. 2011-02-20 21:11:12 +01:00
Ben Noordhuis
45ca048f44 IMAP in multi mode: use Curl_ssl_connect_nonblocking() when connecting. 2011-02-20 21:11:12 +01:00
Mike Crowe
c4369f34b9 multi: close connection on timeout
After a request times out, the connection wasn't properly closed and
prevented to get re-used, so subsequent transfers could still mistakenly
get to use the previously aborted connection.
2011-02-18 23:19:14 +01:00
Daniel Stenberg
d85cae9225 multi: better failed connect treatment
When failing to connect the protocol during the CURLM_STATE_PROTOCONNECT
state, Curl_done() has to be called with the premature flag set TRUE as
for the pingpong protocols this can be important.

When Curl_done() is called with premature == TRUE, it needs to call
Curl_disconnect() with its 'dead_connection' argument set to TRUE as
well so that any protocol handler's disconnect function won't attempt to
use the (control) connection for anything.

This problem caused the pingpong protocols to fail to disconnect when
STARTTLS failed.

Reported by: Alona Rossen
Bug: http://curl.haxx.se/mail/lib-2011-02/0195.html
2011-02-18 23:01:55 +01:00
Hoi-Ho Chan
05895927f5 PolarSSL: Return 0 on receiving TLS CLOSE_NOTIFY alert
Signed-off-by: Hoi-Ho Chan <hoiho.chan@gmail.com>
2011-02-18 09:17:32 +01:00
Daniel Stenberg
1c3c0162c6 SOCKOPTFUNCTION: callback can say already-connected
Introducing a few CURL_SOCKOPT* defines for conveniance. The new
CURL_SOCKOPT_ALREADY_CONNECTED signals to libcurl that the socket is to
be treated as already connected and thus it will skip the connect()
call.
2011-02-17 22:32:01 +01:00
Kamil Dudka
a40f58d2ef nss: avoid memory leak on SSL connection failure 2011-02-17 17:57:16 +01:00
Guenter Knauf
827f0a318c Set -fpcc-struct-return only for gcc compiler. 2011-02-17 11:46:41 +01:00
Daniel Stenberg
c3a6116dc9 nss_load_key: fix unused variable warning 2011-02-16 19:34:04 +01:00
Daniel Stenberg
f19ace8d33 gmtime: remove define
It turns out some systems rely on the gmtime or gmtime_r to be defined
already in the system headers and thus my "precaution" redefining of
them only caused trouble. They are now removed.
2011-02-14 13:42:01 +01:00
Guenter Knauf
c2dff28c41 Added -m32 to CFLAGS to compile with x86_64 gcc. 2011-02-13 14:31:22 +01:00
Guenter Knauf
e36c039a07 Updated OpenSSL version, added links to docu. 2011-02-13 12:13:21 +01:00
Dan Fandrich
61fc9044c7 Call ERR_peek_error instead of ERR_peek_last_error
The latter isn't available in older OpenSSL versions, and is
less useful since it returns the most recent error instead of
the first one encountered.
2011-02-10 12:29:34 -08:00
Julien Chaffraix
39d0d787d2 test1304: Added some unit tests for Curl_parsenetrc.
Moved some definitons into the header file so that we can reuse them.
2011-02-10 07:38:48 -08:00
Quinn Slack
3cffcba3d0 CURLE_TLSAUTH_FAILED: removed
On second thought, I think CURLE_TLSAUTH_FAILED should be eliminated. It
was only being raised when an internal error occurred while allocating
or setting the GnuTLS SRP client credentials struct. For TLS
authentication failures, the general CURLE_SSL_CONNECT_ERROR seems
appropriate; its error string already includes "passwords" as a possible
cause. Having a separate TLS auth error code might also cause people to
think that a TLS auth failure means the wrong username or password was
entered, when it could also be a sign of a man-in-the-middle attack.
2011-02-09 23:34:30 +01:00
Daniel Stenberg
b370fcd300 CURLOPT_SOCKOPTFUNCTION: return proper error code
When the callback returns an error, this function must make sure to return
CURLE_ABORTED_BY_CALLBACK properly and not CURLE_OK as before to allow the
callback to properly abort the operation.
2011-02-09 15:36:36 +01:00
Julien Chaffraix
266bcb06d7 netrc: Removed dead code.
The main has not been updated from some time and is out of sync with
the code. The code is now tested by several test cases so no need for
a seperate code path.
2011-02-07 20:15:35 -08:00
Julien Chaffraix
fe165c69de netrc: Tightened up the type checks.
The state should not be anonymous so that we can check if the values
are fine. Added 2 unreachables states to the switch as a result of this
change.
2011-02-07 20:15:35 -08:00
Julien Chaffraix
4e2ac742c9 imap: Fixed typo in a comment. 2011-02-07 20:15:35 -08:00
Daniel Stenberg
0696260122 Curl_gmtime: avoid future mistakes
Document Curl_gmtime() and define away the old functions so that they
won't be used internally again by mistake.
2011-02-07 15:09:24 +01:00
Daniel Stenberg
54d9f060b4 Curl_gmtime: added a portable gmtime
Instead of polluting many places with #ifdefs, we create a single place
for this function, and also check return code properly so that a NULL
pointer returned won't cause problems.
2011-02-07 15:00:48 +01:00
Guenter Knauf
2cacd82661 mk-ca-bundle.vbs: use new cacert url
The official Mozilla page at http://www.mozilla.org/projects/security/certs/
points out a new place as the "proper" place to get Mozilla's CA certs from
so this script is now updated to use that instead.

Reported by: Daniel Mentz
2011-02-03 09:59:00 +01:00
Daniel Stenberg
ec7978c512 mk-ca-bundle.pl: use new cacert url
The official Mozilla page at
http://www.mozilla.org/projects/security/certs/ points out a new place
as the "proper" place to get Mozilla's CA certs from so this script is
now updated to use that instead.

Reported by: Daniel Mentz
2011-02-02 22:22:15 +01:00
Bjoern Sikora
0e9626ba39 ssluse: improved error message on SSL_CTX_new failures
"SSL: couldn't create a context" really isn't that helpful, now it'll
also extract an explanation from OpenSSL and append to the right.
2011-02-02 18:25:57 +01:00
Nicholas Maniscalco
73eb9965cf multi: fix CURLM_STATE_TOOFAST for multi_socket
The code in the toofast state needs to first recalculate the values
before it uses them again since it may have been a while since it last
did it when it reaches this point.
2011-02-02 13:41:22 +01:00
Dave Reisner
b89122a2bf file: add support for CURLOPT_TIMECONDITION 2011-01-31 14:49:51 +01:00
Dave Reisner
99dcb11ed8 transfer: add Curl_meets_timecondition()
This will be used by file_do() and Curl_readwrite() as a unified method
of checking to see if a remote document meets the supplied
CURLOPT_TIMEVAL and CURLOPT_TIMECONDITION.

Signed-off-by: Dave Reisner <d@falconindy.com>
2011-01-31 14:29:48 +01:00
Daniel Stenberg
ef19e30985 ares: memory leak fix
The double name resolve trick used with c-ares could leave allocated
memory in 'temp_ai' if the operation was aborted in the middle.
2011-01-27 14:41:07 +01:00
Daniel Stenberg
2d356ba168 ares_query_completed_cb: don't touch invalid data
When this callback is called due to the destruction of the ares handle,
the connection pointer passed in as an argument may no longer pointing
to valid data and this function doesn't need to do anything with it
anyway so we make sure it doesn't.

Bug: http://curl.haxx.se/mail/lib-2011-01/0333.html
Reported by: Vsevolod Novikov
2011-01-27 14:41:07 +01:00
Kamil Dudka
dc0a7161f8 nss: avoid memory leaks and failure of NSS shutdown
... in case more than one CA is loaded.

Bug: https://bugzilla.redhat.com/670802
2011-01-27 11:14:18 +01:00
Daniel Stenberg
dbcaa00657 HTTP: memory leak on multiple Location:
The HTTP parser allocated memory on each received Location: header
without properly freeing old data. Starting now, the code only considers
the first Location: header and will blissfully ignore subsequent ones.

Bug: http://curl.haxx.se/bug/view.cgi?id=3165129
Reported by: Martin Lemke
2011-01-25 12:06:50 +01:00
Darshan Mody
03be2c99ba Fixed compile using OpenSSL versions < 0.9.4a 2011-01-20 12:11:22 -08:00
Quinn Slack
59cf93ccdb TLS-SRP: support added when using GnuTLS 2011-01-19 20:35:02 +01:00
Kamil Dudka
fc77790bcd nss: fix a bug in handling of CURLOPT_CAPATH
... and update the curl.1 and curl_easy_setopt.3 man pages such that
they do not suggest to use an OpenSSL utility if curl is not built
against OpenSSL.

Bug: https://bugzilla.redhat.com/669702
2011-01-18 14:30:49 +01:00
Guenter Knauf
ef46fcdd90 Avoid redefines. 2011-01-17 01:27:57 +01:00
Guenter Knauf
8fa7b8cb9b Added casts to silent gcc warnings. 2011-01-14 12:39:54 +01:00
Yang Tse
fd6b4b3e9b build: BCC - makefile.b32 tweak
Get rid of stdout redirection to NUL and move stderr redirection
into RM and RMDIR macros.
2011-01-13 15:54:14 +01:00
Yang Tse
1da65c3d4d build: BCC - makefile.b32 tweak
Check for BCCDIR environment var done now as other checks.
2011-01-13 15:33:34 +01:00
Guenter Knauf
d541085407 Use env var for PSDK instead of hardcoded path. 2011-01-13 05:55:09 +01:00
Guenter Knauf
c73e5e839d Enabled SSPI support by default. 2011-01-13 02:55:26 +01:00
Yang Tse
61623b74e3 build: BCC - require Borlands's MAKE for Makefile.b32 processing. 2011-01-12 20:53:28 +01:00
Yang Tse
5f7d34811a build: BCC - recover lost functionality from commit 3d81320426
Borland's $(MAKEDIR) expands to the path where make.exe is located,
use this feature to define BCCDIR when user has not defined BCCDIR.
2011-01-12 18:07:04 +01:00
Yang Tse
42f5e8a0f1 build: use external preprocessor cpp32 when building with Borland C 2011-01-12 02:35:14 +01:00
Guenter Knauf
b5cc77bd25 Disable LDAP support since BCC headers are insufficient. 2011-01-11 18:32:38 +01:00
Guenter Knauf
3d81320426 Instead of exiting with error lets set BCCDIR self. 2011-01-11 18:22:42 +01:00
Guenter Knauf
308db9d780 Some Borland C++ makefile tweaks. 2011-01-11 17:51:14 +01:00
Guenter Knauf
03ea06b8e3 Borland C++ doesnt have struct sockaddr_storage. 2011-01-11 17:40:13 +01:00
Daniel Stenberg
08a65b10fb connect: use UDP correctly
The idea that the protocol and socktype is part of name resolving in the
libc functions is nuts. We keep the name resolver functions assume
TCP/STREAM and we make sure that when we want to connect to a UDP
service we use the correct UDP/DGRAM set instead. This bug was because
the ->protocol field was not always set correctly.

This bug was only affecting ipv6-disabled non-cares non-threaded builds.

Bug: http://curl.haxx.se/bug/view.cgi?id=3154436
Reported by: "dperham"
2011-01-11 00:14:36 +01:00
Quinn Slack
1238edaeaf SSL: fix memory leak
In OOM situation. Follow-up fix to commit a9cd4f4ed4.
2011-01-10 13:53:57 +01:00
Daniel Stenberg
a9cd4f4ed4 gtls: fix memory leak
Bug: http://curl.haxx.se/mail/lib-2011-01/0079.html
Reported by: Quinn Slack
2011-01-08 19:14:28 +01:00
Marcel Roelofs
1d28efb9d1 HTTP: HTTP Negotiate authentication using SSPI
Only under Windows
2011-01-07 23:48:40 +01:00
Daniel Stenberg
53014175e8 SSH: speedcheck clobbered existing error
The just added speedcheck must not ruin the error code if already set
due to a problem.
2011-01-06 00:19:17 +01:00
Daniel Stenberg
d45ed0ecf5 SSH: acknowledge speedcheck
Check for speedcheck limits during the state machine traversals
2011-01-05 14:09:53 +01:00
Daniel Stenberg
adb49ad8bb Curl_timeleft: s/conn/data in first argument
As the function doesn't really use the connectdata struct but only the
SessionHanadle struct I modified what argument it wants.
2011-01-04 23:13:10 +01:00
Kamil Dudka
d8f6d1c334 nss: avoid CURLE_OUT_OF_MEMORY given a file name without any slash
Bug: https://bugzilla.redhat.com/623663
2011-01-04 17:20:43 +01:00
Daniel Stenberg
c0c89cd44e get_cert_chain: support larger data sets
512 bytes turned out too short for some data, so now we allocate a
larger buffer instead

Bug: http://curl.haxx.se/mail/archive-2011-01/0002.html
2011-01-04 10:20:28 +01:00
Daniel Stenberg
53640a3ce0 unittesting: build a separate static lib
When configure --enable-debug has been used, all files in lib/ are now
built twice and a separate static library crafted for unit-testing will
be linked. The unit tests in the tests/unit subdir will use that
library.
2011-01-03 22:16:16 +01:00
Daniel Stenberg
45cea71968 SSH: avoid PATH_MAX with alloc
We cannot assume that PATH_MAX will be enough for the remote path name
so allocating room for it is the only sensible approach.
2011-01-03 13:36:45 +01:00
Daniel Stenberg
2b3fbc8cdb Curl_nss_connect: avoid PATH_MAX
Since some systems don't have PATH_MAX and it isn't that clever to
assume a fixed maximum path length, the code now allocates buffer space
instead of using stack.

Reported by: Samuel Thibault
Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608521
2011-01-02 23:43:03 +01:00
Daniel Stenberg
1ad5764feb SFTP: make pwd output result to header callback
Sending "pwd" as a QUOTE command only sent the reply to the
DEBUGFUNCTION. Now it also sends an FTP-like header to the header
callback to allow similar operations as with FTP, and apps can re-use
the same parser.
2011-01-01 15:35:53 +01:00
Daniel Stenberg
ae29142198 pubkey_show: allocate buffer to fit any-size result
The loop condition was wrong so keys larger than 340 bits would overflow
the local stack-based buffer.
2011-01-01 15:33:57 +01:00
Luke Amery
0dc8479b89 ssh: honour the CURLINFO_FTP_ENTRY_PATH curl_getinfo option 2010-12-30 23:42:44 +01:00
Pierre Joye
420eac5542 IDN: use win32 API if told to
The functionality is provided in a new source file: lib/idn_win32.c
2010-12-28 20:01:03 +01:00
Daniel Stenberg
b6a3e2be8e c-ares: fix cancelled resolves
When built IPv6-enabled, we could do Curl_done() with one of the two
resolves having returned already, so when ares_cancel() is called the
resolve callback ends up doing funny things (sometimes resulting in a
segfault) since it would try to actually store the previous resolve even
though we're shutting down the resolve.

This bug was introduced in commit 8ab137b2bc so it hasn't been
included in any public release.

Bug: http://curl.haxx.se/bug/view.cgi?id=3145445
Reported by: Pedro Larroy
2010-12-27 10:01:44 +01:00
Daniel Stenberg
49465fffdb cookies: tricked dotcounter fixed
Providing multiple dots in a series in the domain field (domain=..com) could
trick the cookie engine to wrongly accept the cookie believing it to be
fine. Since the tailmatching would then match all .com sites, the cookie would
then be sent to all of them.

The code now requires at least one letter between each dot for them to be
counted. Edited test case 61 to verify this.
2010-12-23 22:52:32 +01:00
Daniel Stenberg
5825aa149d multi: connect fail => use next IP address
When using the multi interface and connecting to a host name that
resolves to multiple IP addresses, there was no logic that made it
continue to the next IP if connecting to the first address times
out. This is now corrected.
2010-12-23 22:21:24 +01:00
Daniel Stenberg
2dded8fedb ossl_seed: no more RAND_screen
RAND_screen() is slow, not thread-safe and not needed anymore since OpenSSL
uses the thread-safe win32 CryptoAPI nowadays.
2010-12-23 14:36:07 +01:00
Daniel Stenberg
be16b227b7 multi: inhibit some verbose outputs
The info about pipe status and expire cleared are clearly debug-related
and not anything mere mortals will or should care about so they are now
ifdef'ed DEBUGBUILD
2010-12-22 15:29:21 +01:00
Brad Hards
375aa41ba1 SMTP: add brackets for MAIL FROM
Similar to what is done already for RCPT TO, the code now checks for and
adds angle brackets (<>) around the email address that is provided for
CURLOPT_MAIL_RCPT unless the app has done so itself.
2010-12-22 14:41:53 +01:00
Guenter Knauf
5f829456c1 Added support for axTLS to NetWare build. 2010-12-22 04:45:41 +01:00
Guenter Knauf
a834e00454 Fixed include: memory.h -> curl_memory.h. 2010-12-22 03:34:13 +01:00
Brad Hards
f37d681166 Typo fixes. 2010-12-21 22:39:56 +01:00
Yang Tse
71ab0ceaa0 build: sort configuration hunks in lib/Makefile.vc6
sorted to reflect same internal order as the one shown
in the usage message.
2010-12-21 00:14:55 +01:00
Daniel Stenberg
af54fbbcb5 loadhostpairs: return errorcode
Make sure that Curl_cache_addr() errors are propagated to callers of
loadhostpairs().

(this loadhostpairs function caused a scan-build warning due to the
'dns' variable getting assigned but never used)
2010-12-20 22:22:02 +01:00
Yang Tse
8d569c7bb0 build: refactoring of msvc makefiles to allow overriding of library filenames.
Default libcurl's file names are kept equal to those used since Y2K.
2010-12-20 21:53:44 +01:00
Daniel Stenberg
7f3b87d878 ftp_parselist: fix compiler warning
Doing curlx_strtoofft() on the size just to figure out the end of it
causes a compiler warning since the result wasn't used, but is also a
bit of a waste.
2010-12-19 00:15:12 +01:00
Pasha Kuznetsov
6b5dc72575 Curl_do: avoid using stale conn pointer
Since the original `conn' pointer was used after the `connectdata' it
points to has been closed/cleaned up by Curl_reconnect_request it caused
a crash. We must make sure to use the newly created connection instead!

URL: http://curl.haxx.se/mail/lib-2010-12/0202.html
2010-12-18 22:35:37 +01:00
Tommie Gannert
8ab137b2bc ares: ask for both IPv4 and IPv6 addresses
Make the c-ares resolver code ask for both IPv4 and IPv6 addresses when
IPv6 is enabled.

This is a workaround for the missing ares_getaddrinfo() and is a lot
easier to implement.

Note that as long as c-ares returns IPv4 addresses when IPv6 addresses
were requested but missing, this will cause a host's IPv4 addresses to
occur twice in the DNS cache.

URL: http://curl.haxx.se/mail/lib-2010-12/0041.html
2010-12-18 22:33:27 +01:00
Brad Hards
f0aad0089e Trival comment fix. 2010-12-18 17:08:23 +01:00
Daniel Stenberg
c75a9fef59 axtls_connect: allow connect without peer verification
The SSL_SERVER_VERIFY_LATER bit in the ssl_ctx_new() call allows the
code to verify the peer certificate explicitly after the handshake and
then the "data->set.ssl.verifypeer" option works.
2010-12-15 16:05:17 +01:00
Daniel Stenberg
9035709e25 axTLS: allow "default" SSL version as well
When no explicit version is selected we should try to use whatever is
best for us, and in the axTLS case that means TLSv1.
2010-12-15 16:05:17 +01:00
Daniel Stenberg
b88ead62e7 axtls.c: cleanup
Removed trailing whitespace
Removed several compiler warnings
Removed odd backslashes at some line endings
2010-12-15 16:05:17 +01:00
Daniel Stenberg
b998b04c02 urldate: undef hideous memory defines
The public axTLS header (at least as of 1.2.7) redefines the memory
functions. We #undef those again immediately after the public header to
limit the damage. This should be fixed in axTLS.
2010-12-15 16:05:17 +01:00
Eric Hu
a7cf30f808 Minor fixes to pass tests 301 and 306 with a patched axTLS. 2010-12-15 16:05:17 +01:00
Eric Hu
be312336f6 Initial axTLS integration. Connections can be made and some tests pass.
Failed HTTPS tests: 301, 306, 311, 312, 313, 560
311, 312 need more detailed error reporting from axTLS.
313 relates to CRL, which hasn't been implemented yet.
2010-12-15 16:05:17 +01:00
Eric Hu
108d7693a4 Preparing for axTLS. Actual SSL API functions are only stubbed.
Added axTLS to autotool files and glue code to misc other files.
axtls.h maps SSL API functions, but may change.
axtls.c is just a stub file and will definitely change.
2010-12-15 16:05:17 +01:00
Daniel Stenberg
a865bd9fba IsPipeliningPossible: only for HTTP
The function that checks if pipelining is possible now requires the HTTP
bit to be set so that it doesn't mistakenly tries to do it for other
protocols.

Bug: http://curl.haxx.se/mail/lib-2010-12/0152.html
Reported by: Dmitri Shubin
2010-12-13 13:44:50 +01:00
Daniel Stenberg
0fd439ebac multi_runsingle: don't timeout completed handles
The generic timeout code must not check easy handles that are already
completed. Going to completed (again) within there risked decreasing the
number of alive handles again and thus it could go negative.

This regression bug was added in 7.21.2 in commit ca10e28f06
2010-12-13 12:51:48 +01:00
Yang Tse
0b5901bec6 easy: fix compiler warning: end-of-loop code not reached 2010-12-07 03:27:59 +01:00
Daniel Stenberg
5965d4554d disconnect: pass on the dead_connection argument
Cleanup fix after Kamil's commit 5c7c9a768d
2010-12-06 15:33:38 +01:00
Heinrich Ko
315e5277dc ossl_connect_common: detect connection re-use
ossl_connect_common() now checks whether or not 'struct
connectdata->state' is equal 'ssl_connection_complete' and if so, will
return CURLE_OK with 'done' set to 'TRUE'. This check prevents
ossl_connect_common() from creating a new ssl connection on an existing
ssl session which causes openssl to fail when it tries to parse an
encrypted TLS packet since the cipher data was effectively thrown away
when the new ssl connection was created.

Bug: http://curl.haxx.se/mail/lib-2010-11/0169.html
2010-12-06 14:41:18 +01:00
Kamil Dudka
5c7c9a768d url: provide dead_connection flag in Curl_handler::disconnect
It helps to prevent a hangup with some FTP servers in case idle session
timeout has exceeded.  But it may be useful also for other protocols
that send any quit message on disconnect.  Currently used by FTP, POP3,
IMAP and SMTP.
2010-12-06 14:35:42 +01:00
Yang Tse
bf1c102b80 ssh: fix a download resume point calculation 2010-12-06 14:29:16 +01:00
Daniel Stenberg
2271b60b71 Curl_wait_for_resolv: correct timeout
When looping in this function and checking for the timeout being
expired, it was not updating the reference time when calculating the
timediff since previous round which made it think each subsequent loop
to have taken longer than it actually did.

I also modified the function to use the generic Curl_timeleft() function
instead of the custom logic.

Bug: http://curl.haxx.se/bug/view.cgi?id=3112579
2010-12-05 23:39:41 +01:00
Daniel Stenberg
c2bfe60086 Curl_send/recv_plain: return errno on failure
When send() and recv() fail, we now store the errno value to allow the
app to access it.

Bug: http://curl.haxx.se/bug/view.cgi?id=3128121
Reported by: Yuri
2010-12-05 23:04:11 +01:00
Guenter Knauf
63598059cd Updated OpenSSL version. 2010-12-05 10:59:58 +01:00
Yang Tse
c1901f7ed0 fix compiler warning: conversion may lose significant bits 2010-12-04 05:53:07 +01:00
Yang Tse
9c4ff4874e fix compiler warning: assignment within conditional expression 2010-12-03 16:53:11 +01:00
Yang Tse
46a0062dff fix getinfo CURLINFO_LOCAL* for reused connections (take 2) follow-up
- Show address string from proper buffer in case of connection failure.

- Try next address when inet_ntop() fails.
2010-12-03 14:30:00 +01:00
Yang Tse
d534cd0027 build: provide SIZEOF_SIZE_T DOS definition 2010-12-03 04:15:39 +01:00
Yang Tse
afd6e738f7 build: lib/config.dos renamed to lib/config-dos.h 2010-12-03 04:13:33 +01:00
Yang Tse
de670efeab build: provide SIZEOF_SIZE_T VMS definition 2010-12-03 03:40:16 +01:00
Yang Tse
421d918da3 build: move config-vms.h from subdir 'packages/vms' into 'lib' 2010-12-03 02:36:22 +01:00
Yang Tse
99a07a1fdf build: provide SIZEOF_SIZE_T definition for non-configure builds 2010-12-02 21:41:23 +01:00
Yang Tse
81c16c2e30 build: provide SIZEOF_SIZE_T netware definition 2010-12-02 20:53:42 +01:00
Yang Tse
07f60235b0 fix compiler warning: rounding, sign extension, or loss of accuracy may result 2010-12-02 18:46:13 +01:00
Yang Tse
5580fb2b9c fix compiler warning: statement is not reachable 2010-12-02 16:35:02 +01:00
Yang Tse
7e3f0bffe5 fix compiler warning: conversion may lose significant bits 2010-12-01 23:33:43 +01:00
Yang Tse
5d47bf3776 connect: fix compiler warning: unused variable 2010-12-01 17:30:52 +01:00
Yang Tse
11cddb68e0 fix getinfo CURLINFO_LOCAL* for reused connections (take 2) 2010-11-30 22:14:37 +01:00
Yang Tse
1b2b93e074 fix getinfo CURLINFO_LOCAL* for reused connections follow-up
Reinstate IPV6 build variable that got removed.
2010-11-30 13:42:02 +01:00
Yang Tse
c328214a2d fix getinfo CURLINFO_LOCAL* for reused connections
Failed to commit this file changes along with the others.
2010-11-30 13:31:25 +01:00
Yang Tse
f6f5d7874f fix getinfo CURLINFO_LOCAL* for reused connections 2010-11-30 06:20:54 +01:00
Yang Tse
5db0a412ff atoi: remove atoi usage 2010-11-28 23:11:14 +01:00
Yang Tse
cbe67a1b71 multi: fix compiler warning: conversion may lose significant bits follow-up 2010-11-28 20:49:40 +01:00
Yang Tse
23245ca83a ftp: fix 'bool' data type implementation dependant usage 2010-11-26 20:19:45 +01:00
Yang Tse
3590874999 multi: fix compiler warning: conversion may lose significant bits 2010-11-26 19:57:27 +01:00
Yang Tse
e39ab6f203 multi: fix compiler warning: enumerated type mixed with another type 2010-11-26 19:34:10 +01:00
Yang Tse
c9081a8280 hostip: edit comment 2010-11-26 18:18:26 +01:00
Yang Tse
c2ba8ca81f s/isspace/ISSPACE 2010-11-26 13:59:01 +01:00
Yang Tse
5087f89ac8 curl_multi_info_read: fix compiler warning: conversion may lose significant bits 2010-11-25 02:58:59 +01:00
Yang Tse
b3d39275f5 inet_pton: fix compiler warning
warning C4146: unary minus operator applied to unsigned type, result still unsigned
2010-11-25 02:20:14 +01:00
Yang Tse
1d75d30816 Curl_getaddrinfo_ex: sanitize function results follow-up. 2010-11-24 04:36:57 +01:00
Yang Tse
6fe18add71 Curl_getaddrinfo_ex: sanitize function results.
Ensure that spurious results from system's getaddrinfo() ares not propagated
by Curl_getaddrinfo_ex() into the library.

Also ensure that the ai_addrlen member of Curl_getaddrinfo_ex()'s output linked
list of Curl_addrinfo structures has appropriate family-specific address size.
2010-11-23 21:38:20 +01:00
Kamil Dudka
d212fe43af openldap: use remote port in URL passed to ldap_init_fd()
... not the proxy port.  It makes no difference unless a proxy is used.
2010-11-22 23:59:59 +01:00
Yang Tse
13d537e404 gtls: define and use gtls_EAGAIN, gtls_EINTR and gtls_EIO.
Winsock builds clobber some errno.h defines in setup_once.
2010-11-20 05:02:02 +01:00
Matthias Bolte
a83870ef9d Detect socket errors in GnuTLS on Windows
On Windows, translate WSAGetLastError() to errno values as GNU
TLS does it internally, too. This is necessary because send() and
recv() on Windows don't set errno when they fail but GNU TLS
expects a proper errno value.

Bug: http://curl.haxx.se/bug/view.cgi?id=3110991
2010-11-19 13:34:07 -08:00
Daniel Stenberg
cbf4961bf3 gnutls->handshake: improved timeout handling
When no timeout is set, we call the socket_ready function with a timeout
value of 0 during handshake, which makes it loop too much/fast in this
function. It also made this function return CURLE_OPERATION_TIMEDOUT
wrongly on a slow handshake.

However, the particular bug report that highlighted this problem is not
solved by this fix, as this fix only makes the more proper error get
reported instead.

Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594150
Reported by: Johannes Ernst
2010-11-14 12:42:29 +01:00
Julien Chaffraix
add5766dd4 urldata: Capitalize enum protect_level values.
This makes it easier to spot the enum values from the variables.
Removed some unneeded DEBUGASSERT added in the previous commit.
2010-11-13 14:42:34 -08:00
Julien Chaffraix
8d59d69449 security: tighten enum protection_level usage.
While changing Curl_sec_read_msg to accept an enum protection_level
instead of an int, I went ahead and fixed the usage of the associated
fields.

Some code was assuming that prot_clear == 0. Fixed those to use the
proper value. Added assertions prior to any code that would set the
protection level.
2010-11-13 14:12:43 -08:00
Julien Chaffraix
c79f816c32 krb5: Use GSS_ERROR to check for error.
This is the advised way of checking for errors in the GSS-API RFC.
Also added some '\n' to the error message so that they are not mixed
with other outputs.
2010-11-12 08:24:32 -08:00
Julien Chaffraix
c8a7df108f security: Pass the right parameter to init.
init is expecting app_data. Passing it the struct connecdata would make
us crash later.
2010-11-12 08:24:32 -08:00
Daniel Stenberg
a1f32ffee5 ip_version: moved to connection struct
The IP version choice was previously only in the UserDefined struct
within the SessionHandle, but since we sometimes alter that option
during a request we need to have it on a per-connection basis.

I also moved more "init conn" code into the allocate_conn() function
which is designed for that purpose more or less.
2010-11-11 15:16:21 +01:00
Rutger Hofman
592df29f9c TFTP: resend the correct data
I found a bug in tftp_tx() in tftp.c. If a data resend is done after
reception of an ACK/OACK, the call to sendto is wrong.
2010-11-10 15:08:18 +01:00
Kamil Dudka
12b2412c52 ftp: treat server's response 421 as CURLE_OPERATION_TIMEDOUT
Bug: https://bugzilla.redhat.com/650255
Reported by: Simon H.
2010-11-09 18:13:20 +01:00
Kamil Dudka
c6b97a8278 ftp: close connection as soon as ABOR has been sent
... and do not send ABOR unless really necessary.

Bug: https://bugzilla.redhat.com/649347
Reported by: Simon H.
2010-11-08 20:50:52 +01:00
Daniel Stenberg
1b24b89cca CURLOPT_RESOLVE: added
CURLOPT_RESOLVE is a new option that sends along a curl_slist with
name:port:address sets that will populate the DNS cache with entries so
that request can be "fooled" to use another host than what otherwise
would've been used. Previously we've encouraged the use of Host: for
that when dealing with HTTP, but this new feature has the added bonus
that it allows the name from the URL to be used for TLS SNI and server
certificate name checks as well.

This is a first change. Surely more will follow to make it decent.
2010-11-08 08:56:21 +01:00
Yang Tse
dc3e7df1c9 fix compiler warning 2010-11-08 04:03:11 +01:00
Alfred Gebert
6a07e704ca LDAP: detect non-binary attributes properly
If the query result has a binary attribute, the binary attribute is
base64 encoded. But all following non binary attributes are also base64
encoded which is wrong.

This is a test (LDAP server is public).

curl
ldap://x500.bund.de:389/o=Bund,c=DE?userCertificate,certificateSerialNumber?sub
?cn=*Woehleke*
2010-11-05 15:53:41 +01:00
Daniel Stenberg
87374a47c9 Revert: use Host: name for SNI and cert name checks
This reverts commit b0fd03f5b8,
4b2fbe1e97, afecd1aa13, 68cde058f6
2010-11-05 10:25:58 +01:00
Daniel Stenberg
b0fd03f5b8 certcheck: use the custom Host: name for checks
If you use a custom Host: name in a request to a SSL server, libcurl
will now use that given name when it verifies the server certificate to
be correct rather than using the host name used in the actual URL.
2010-11-04 15:18:35 +01:00
Daniel Stenberg
4b2fbe1e97 SNI: simplify the custom host name use
The redirect check is already done at the position where the customhost
field is assigned so there's no point in doing that a second time.
2010-11-04 15:16:27 +01:00
Daniel Stenberg
afecd1aa13 host: get the custom Host: name more genericly
When given a custom host name in a Host: header, we can use it for
several different purposes other than just cookies, so we rename it and
use it for SSL SNI etc.
2010-11-04 14:58:15 +01:00
Hongli Lai (Phusion)
68cde058f6 SNI: set name to custom Host header
OpenSSL SNI host name should be set to the custom Host header, if the
user provided one.
2010-11-04 14:10:56 +01:00
Kamil Dudka
0c8e5f7e6a ftp: prevent server from hanging on closed data connection
Some FTP servers (e.g. Pure-ftpd) end up hanging if we close the data
connection before transferring all the requested data.  If we send ABOR
in that case, it prevents the server from hanging.

Bug: https://bugzilla.redhat.com/643656
Reported by: Pasi Karkkainen, Patrick Monnerat
2010-10-29 12:01:19 +02:00
Dan Fandrich
59db31902c Removed a leftover mention of FTP in an error message 2010-10-28 15:47:57 -07:00
Dan Fandrich
c36b00a166 Removed the native Makefile.riscos files
These haven't worked in at least 8 years due to missing source
files, and most active RiscOS developers these days apparently
cross-compile anyway.

Signed-off-by: James Bursa <james@zamez.org>
2010-10-21 14:33:35 -07:00
Dan Fandrich
59f07ddf28 Lightened the stack in wc_statemach to permit deeper recursion
Also, added a few hints to help compilers to perform tail call
recursion optimization.
2010-10-20 18:27:56 -07:00
Daniel Stenberg
e214cd4a73 SSH: use libssh2_session_handshake()
In libssh2 1.2.8, libssh2_session_handshake() replaces
libssh2_session_startup() to fix the previous portability problem with
the socket type that was too small for win64 and thus easily could cause
crashes and more.
2010-10-20 23:31:34 +02:00
Daniel Stenberg
5997f54a71 SSH: avoid using the libssh2_ prefix
It is a bad idea to use the public prefix used by another library and
now we realize that libssh2 introduces a symbol in the upcoming version
1.2.8 that conflicts with our static function named libssh2_free.
2010-10-20 23:29:37 +02:00
Daniel Stenberg
e8c442952d formdata: provide error message
When failing to build form post due to an error, the code now does a
proper failf(). Previously libcurl would report an error like "failed
creating formpost data" when a file wasn't possible to open which was
not easy for users to figure out.

I also lower cased a function name to be named more curl-style and
removed some unnecessary code.
2010-10-20 14:57:43 +02:00
Daniel Stenberg
98d9dc7840 URL-parsing: consider ? a divider
The URL parser got a little stricter as it now considers a ? to be a
host name divider so that the slightly sloppier URLs work too. The
problem that made me do this change was the reported problem with an URL
like: www.example.com?email=name@example.com This form of URL is not
really a legal URL (due to the missing slash after the host name) but is
widely accepted by all major browsers and libcurl also already accepted
it, it was just the '@' letter that triggered the problem now.

The side-effect of this change is that now libcurl no longer accepts the
?  letter as part of user-name or password when given in the URL, which
it used to accept (and is tested in test 191). That letter is however
mentioned in RFC3986 to be required to be percent encoded since it is
used as a divider.

Bug: http://curl.haxx.se/bug/view.cgi?id=3090268
2010-10-19 20:20:06 +02:00
Daniel Stenberg
d09a905751 krb4.h: removed unused prototypes 2010-10-18 16:20:13 +02:00
Daniel Stenberg
0152dbbe23 krb4: make a few functions static 2010-10-18 10:00:37 +02:00
Daniel Stenberg
09a2d93a0f http_chunks: remove debug output
Accidentally left in there during my previous debugging of this
2010-10-17 18:50:38 +02:00
Daniel Stenberg
b0ccd24a72 Curl_setopt: disallow CURLOPT_USE_SSL without SSL support
In order to avoid for example the pingpong protocols to issue STARTTLS
(or equivalent) even though there's no SSL support built-in.

Reported by: Sune Ahlgren
Bug: http://curl.haxx.se/mail/archive-2010-10/0045.html
2010-10-14 22:33:20 +02:00
Guenter Knauf
0cb3d7913c Some more small Watcom makefile fixes. 2010-10-14 01:22:40 +02:00
Guenter Knauf
7b79c8bf96 Modified Watcom makefiles to work on Linux too. 2010-10-13 17:29:47 +02:00
Daniel Stenberg
987168d6b9 gitignore: ignore Makefile.vc10.dist made by maketgz 2010-10-13 00:26:19 +02:00
Guenter Knauf
2d3c7b7e01 Fixed Watcom makefile. 2010-10-12 15:31:41 +02:00
Guenter Knauf
edf9566c3b Added build bits for librtmp / libssh2 to Watcom makefiles. 2010-10-12 06:55:01 +02:00
Guenter Knauf
331531f70e Added build bits for librtmp to NetWare makefiles. 2010-10-12 04:31:56 +02:00
Daniel Stenberg
51b8d30dc4 SFTP: more ignoring negative file sizes
As the change in 5f0ae7a062 added a precaution against negative
file sizes that for some reason managed to get returned, this change now
introduces the same check at the second place in the code where the file
size from the libssh2 stat call is used.

This check might not be suitable for a 32 bit curl_off_t, but libssh2.h
assumes long long to work and to be 64 bit so I believe such a small
curl_off_t will be very unlikely to occur in the wild.
2010-10-12 00:01:40 +02:00
Daniel Stenberg
450c994a49 SMTP: debug output for no known auth mechanisms supported
... and some minor source code whitespace edits
2010-10-11 21:31:12 +02:00
Guenter Knauf
6a90aa3f3d Added build bits for librtmp to MingW32 makefiles. 2010-10-11 00:39:24 +02:00
Guenter Knauf
81e107010e Some NetWare makefile tweaks.
Renamed SDK_* to NDK_*; made NDK_* defines overwriteable from
environment; removed now obsolete YACC macro;
moved some curl_config.h defines to IPv6 section since they
are only needed when IPv6 is enabled - this makes libcurl compile
with older NDKs too which were not IPv6-aware.
2010-10-03 23:02:41 +02:00
Julien Chaffraix
fc137ee272 krb5-gssapi: Removed a memory leak in krb5_auth.
We forgot to release the buffer passed to gss_init_sec_context.

The previous logic was difficult to read as we were reusing the same
variable (gssbuf) for both input buffer and output buffer. Splitted the
logic in 2 variables to better underline who needs to be released.
Also made the code break at 80 lines.
2010-10-02 10:00:42 -07:00
Julien Chaffraix
79cd7ef9ab krb5-gssapi: Made the function always return a value.
kr5_auth missed a final 'return' statement. This is not an error in
gcc but can lead to potential bugs.
2010-10-02 10:00:42 -07:00
Julien Chaffraix
4b69f641a6 krb5-gssapi: Delete the GSS-API context.
This fixes a memory leak related to the GSS-API code.

Added a krb5_init and krb5_end functions. Also removed a work-around
the lack of proper initialization of the GSS-API context.
2010-10-02 10:00:42 -07:00
Daniel Stenberg
2ae6c47d5d HTTP: remove special case for 416
It was pointed out that the special case libcurl did for 416 was
incorrect and wrong. 416 is not really different to other errors so the
response body must be handled like for other errors/http responses.

Reported by: Chris Smowton
Bug: http://curl.haxx.se/bug/view.cgi?id=3076808
2010-10-02 00:22:48 +02:00
Daniel Stenberg
750c9179ca README.ares: we know require c-ares 1.6.0 2010-09-30 23:14:58 +02:00
Daniel Stenberg
5f0ae7a062 SFTP: avoid downloading negative sizes!
It is still not clarified exactly why this happens, but libssh2
sometimes report a negative file size for the remote SFTP file and that
deeply confuses libcurl (or crashes it) so this precaution is added to
avoid badness.

Reported by: Ernest Beinrohr
Bug: http://curl.haxx.se/bug/view.cgi?id=3076430
2010-09-30 23:08:37 +02:00
Julien Chaffraix
87badbef84 krb5-gssapi: Remove several memory leaks.
Remove a leak seen on Kerberos/MIT (gss_OID is copied internally and
we were leaking it). Now we just pass NULL as advised in RFC2744.

|tmp| was never set back to buf->data.

Cleaned up Curl_sec_end to take into account failure in Curl_sec_login
(where conn->mech would be NULL but not conn->app_data or
conn->in_buffer->data).
2010-09-28 22:05:24 -07:00
Julien Chaffraix
e3811ed7c3 security.c: Remove Curl_sec_fflush_fd.
The current implementation would make us send wrong data on a closed
socket. We don't buffer our data so the method can be safely removed.
2010-09-28 22:05:24 -07:00
Julien Chaffraix
dacc44ddc2 security.c: We should always register the socket handler.
Following a change in the way socket handler are registered, the custom
recv and send method were conditionaly registered.
We need to register them everytime to handle the ftp security
extensions.

Re-added the clear text handling in sec_recv.
2010-09-28 22:05:24 -07:00
Julien Chaffraix
fc9f369829 security.c: Fix Curl_sec_login after rewrite.
Curl_sec_login was returning the opposite result that the code in ftp.c
was expecting. Simplified the return code (using a CURLcode) so to see
more clearly what is going on.
2010-09-28 22:05:24 -07:00
Julien Chaffraix
bfbc4c7e00 security.c: Readd the '\n' to the infof() calls.
They are not automatically added and make the output of the verbose
mode a lot more readable.
2010-09-28 22:05:24 -07:00
Julien Chaffraix
05b72a6af2 security.c: Fix typo (PSBZ -> PBSZ) 2010-09-28 22:05:24 -07:00
Julien Chaffraix
1e2056fecb security.c: Fix ftp_send_command.
My use of va_args was completely wrong. Fixed the usage so that
we send the right commands!
2010-09-28 22:05:24 -07:00
Daniel Stenberg
5df13c3173 curl_easy_escape: don't escape "unreserved" characters
According to RFC3986 section 2.3 the letters -, ., _ and ~ should not be
percent-encoded.

Reported by: Miguel Diaz
Bug: http://curl.haxx.se/mail/lib-2010-09/0227.html
2010-09-28 23:49:32 +02:00
Daniel Stenberg
ed4eecc05e multi: don't expire timeouts at disonnect or done
The functions Curl_disconnect() and Curl_done() are both used within the
scope of a single request so they cannot be allowed to use
Curl_expire(... 0) to kill all timeouts as there are some timeouts that
are set before a request that are supposed to remain until the request
is done.

The timeouts are now instead cleared at curl_easy_cleanup() and when the
multi state machine changes a handle to the complete state.
2010-09-28 23:49:32 +02:00
Dirk Manske
397e61128f multi_runsingle: set timeout error messages
With the latest changes to fix the timeout handling with multi interface
we lost the timeout error messages. This patch brings them back.
2010-09-27 21:12:49 +02:00
Daniel Stenberg
4d58f97f60 parsedate: allow time specified without seconds
The date format in RFC822 allows that the seconds part of HH:MM:SS is
left out, but this function didn't allow it. This change also includes a
modified test case that makes sure that this now works.

Reported by: Matt Ford
Bug: http://curl.haxx.se/bug/view.cgi?id=3076529
2010-09-27 16:54:02 +02:00
Daniel Stenberg
33c3bb057b TFTP: re-indented the source code
Just made sure that the good old curl indentation style is used all over
this file.
2010-09-26 23:38:00 +02:00
Tim Newsome
6bf2014745 TFTP: Work around tftpd-hpa upload bug
tftpd-hpa has a bug where it will send an incorrect ack when the block
counter wraps and tftp options have been sent. Work around that by
accepting an ack for 65535 when we're expecting one for 0.
2010-09-26 23:30:56 +02:00
Daniel Stenberg
a10f5b34ff Revert "security.c: buffer_read various fixes."
This reverts commit fbb38de415.
2010-09-24 00:20:02 +02:00
Daniel Stenberg
b1df37c60e security.c: removed superfluous parentheses
And also removed the FIXME where memory was zeroed just before freed,
and some other minor whitespace changes.
2010-09-22 23:41:28 +02:00
Julien Chaffraix
31d59fb2cc security.c: Update the #include statements after the rewrite. 2010-09-22 23:34:36 +02:00
Julien Chaffraix
562d40e671 security.c: sec_write tweaks
- |fd| is now a curl_socket_t and |len| a size_t to avoid conversions.
- Added 2 FIXMEs about the 2 unsigned -> signed conversions.
- Included 2 minor changes to Curl_sec_end.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
612832e4c0 security.c: _sec_send tweaks
- Renamed the method to sec_send now that we
  renamed sec_send to do_sec_send.
- Some more variable renaming.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
3c69a08e3b security.c: sec_read tweaks
- Renamed the function to sec_recv.
- Renamed the parameters and variable to match the rest of the code.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
5ea9e78bd7 security.c: Curl_sec_fflush_fd tweaks
- Use an early return as it makes the code more readable.
- Added a FIXME about a conversion.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
69d7c48072 security.c: sec_send tweaks
- Renamed it to do_sec_send as it is the function doing the actual
  transfer.
- Do not return any values as no one was checking it and it never
  reported a failure (added a FIXME about checking for errors).
- Renamed the variables to make their use more specific.
- Removed some casts (int -> curl_socket_t, ...)
- Avoid doing the htnl <-> nthl twice by caching the 2 results.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
7d4f8c2809 security.c: Curl_sec_read_msg tweaks
- Renamed the variables name to better match their intend.
- Unified the |decoded_len| checks.
- Added some FIXMEs to flag some improvement that did not go in this
  change.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
d23c59ecfc security.c: Curl_sec_set_protection_level tweaking
- Removed sec_prot_internal as it is now inlined in the function (this removed
  a redundant check).
- Changed the prototype to return an error code.
- Updated the method to use the new ftp_send_command function.
- Added a level_to_char helper method to avoid relying on the compiler's
  bound checks. This default to the maximum security we have in case of a
  wrong input.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
1d95a48fe9 security.c: factored the logic from Curl_sec_login into a dedicated method that better reflect its intent.
Introduced a helper method ftp_send_command that synchronously send
an FTP query.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
512a82d395 security.c: Remove out_buffer as it was never written into. 2010-09-22 23:34:36 +02:00
Julien Chaffraix
fbb38de415 security.c: buffer_read various fixes.
Tighten the type of the |data| parameter to avoid a cast. Also made
it const as we should not modify it.

Added a DEBUGASSERT on the size to be written while changing it.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
0006cdddee security.c: Made block_write return a CURLcode.
While doing so, renamed it to socket_write to better match its
function.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
b684ccd8b1 security.c: Made block_read and sec_get_data return CURLcode.
To do so, made block_read call Curl_read_plain instead of read.

While changing them renamed block_read to socket_read and sec_get_data
to read_data to better match their function.

Also fixed a potential memory leak in block_read.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
3f64d05d34 Security.c: Fix headers guard to match the rest of the code. 2010-09-22 23:34:35 +02:00
Daniel Stenberg
8665d4e593 parse_remote_port: ignore colons without port number
Obviously, browsers ignore a colon without a following port number. Both
Firefox and Chrome just removes the colon for such URLs. This change
does not remove the colon for URLs sent over a HTTP proxy, so we should
consider doing that change as well.

Reported by: github user 'kreshano'
2010-09-21 19:51:30 +02:00
Daniel Stenberg
19f45eaa79 duphandle: use ares_dup()
curl_easy_duphandle() was not properly duping the ares channel. The
ares_dup() function was introduced in c-ares 1.6.0 so by starting to use
this function we also raise the bar and require c-ares >= 1.6.0
(released Dec 9, 2008) for such builds.

Reported by: Ning Dong
Bug: http://curl.haxx.se/mail/lib-2010-08/0318.html
2010-09-21 16:41:14 +02:00
Daniel Stenberg
8a00c94b0f FTP: fix bad check of Curl_timeleft() return code
When it returns 0 it means no timeout. Only a negative value means that
we're out of time.
2010-09-18 23:08:32 +02:00
Daniel Stenberg
9de4b26643 LDAP: moved variable declaration to avoid compiler warn
If built without HTTP or proxy support it would cause a compiler warning
due to the unused variable. I moved the declaration of it into the only
scope it is used.
2010-09-18 22:50:04 +02:00
Tor Arntsen
3208757c1a LDAP: Use FALSE instead of bool_false when setting bits.close
bool_false is the internal name used in the setup_once.h definition
we fall back to for non-C99 non-stdbool systems, it's not the actual
name to use in assignments (we use bool_false, bool_true there to
avoid global namespace problems, see comment in setup_once.h).
The correct C99 value to use is 'false', but let's use FALSE as
used elsewhere when assigning to bits.close. FALSE is set equal
to 'false' in setup_once.h when possible.

This fixes a build problem on C99 targets.
2010-09-18 14:27:08 +02:00
Tor Arntsen
fae19aed8d LDAP: Add missing declaration for 'result' 2010-09-18 14:23:34 +02:00
Mauro Iorio
c59dba338e LDAP: Support for tunnelling queries through HTTP proxy
As of curl-7.21.1 tunnelling ldap queries through HTTP Proxies is not
supported. Actually if --proxytunnel command-line option (or equivalent
CURLOPT_HTTPPROXYTUNNEL) is used for ldap queries like
ldap://ldap.my.server.com/... You are unable to successfully execute the
query. In facts ldap_*_bind is executed directly against the ldap server
and proxy is totally ignored. This is true for both openLDAP and
Microsoft LDAP API.

Step to reproduce the error:
Just launch "curl --proxytunnel --proxy 192.168.1.1:8080
ldap://ldap.my.server.com/dc=... "

This fix adds an invocation to Curl_proxyCONNECT against the provided
proxy address and on successful "CONNECT" it tunnels ldap query to the
final ldap server through the HTTP proxy. As far as I know Microsoft
LDAP APIs don't permit tunnelling in any way so the patch provided is
for OpenLDAP only.  The patch has been developed against OpenLDAP 2.4.23
and has been tested with Microsoft ISA Server 2006 and works properly
with basic, digest and NTLM authentication.
2010-09-18 00:03:23 +02:00
Daniel Stenberg
a76f852ca4 timeout: use the correct start value as offset
Rodric provide an awesome recipe that proved libcurl didn't timeout at
the requested time - it instead often timed out at [connect time] +
[timeout time] instead of the documented and intended [timeout time]
only. This bug was due to the code using the wrong base offset when
comparing against "now". I could also take the oppurtinity to simplify
the code by properly using of the generic help function for this:
Curl_timeleft.

Reported by: Rodric Glaser
Bug: http://curl.haxx.se/bug/view.cgi?id=3061535
2010-09-17 23:02:33 +02:00
Daniel Stenberg
3880dd3741 Curl_timeleft: avoid returning "no timeout" by mistake
As this function uses return code 0 to mean that there is no timeout, it
needs to check that it doesn't return a time left value that is exactly
zero. It could lead to libcurl doing an extra 1000 ms select() call and
thus not timing out as accurately as it should.

I fell over this bug when working on the bug 3061535 but this fix does
not correct that problem alone, although this is a problem that needs to
be fixed.

Reported by: Rodric Glaser
Bug: http://curl.haxx.se/bug/view.cgi?id=3061535
2010-09-17 22:58:08 +02:00
Daniel Stenberg
296b246b9c multi: don't do extra expire calls for the connection
The timeout is set for the connect phase already at the start of the
request so we should not add a new one, and we MUST not set expire to 0
as that will remove any other potentially existing timeouts.
2010-09-14 22:40:05 +02:00
Daniel Stenberg
22085f7d6e inflate_stream: remove redundant check that is always true 2010-09-12 16:34:16 +02:00
Daniel Stenberg
2c1b4e74e4 digest: make it clear the condition is always true 2010-09-12 16:29:05 +02:00
Daniel Stenberg
aca67e2775 ssluse: removed redundant check that is always true 2010-09-12 16:29:04 +02:00
Daniel Stenberg
18a758d907 chunky parser: only rewind if needed
The code reading chunked encoding attempts to rewind the code if it had
read more data than the chunky parser consumes. The rewinding can fail
and it will then cause an error. This change now makes the rewinding
only happen if pipelining is in use - as that's the only time it really
needs to be done.

Bug: http://curl.haxx.se/mail/lib-2010-08/0297.html
Reported by: Ron Parker
2010-09-07 18:29:03 +02:00
Kamil Dudka
7aea2d522d rtsp: avoid SIGSEGV on malformed header 2010-09-06 16:03:37 +02:00
Kamil Dudka
f3e3f5f1b2 rtsp: avoid SIGSEGV on malformed header 2010-09-06 15:31:01 +02:00
Daniel Stenberg
62ef465262 warning: fix conversion to 'int' from 'size_t' 2010-09-06 00:18:58 +02:00