Commit Graph

6965 Commits

Author SHA1 Message Date
Marc Hoersken
f4b08b8f40 curl_setup.h: Fixed redefinition warning using mingw-w64 2013-06-02 15:53:08 +02:00
Daniel Stenberg
6691fdf517 multi_runsingle: add braces to clarify the code 2013-05-30 23:34:33 +02:00
Daniel Stenberg
ac419bf562 Digest auth: escape user names with \ or " in them
When sending the HTTP Authorization: header for digest, the user name
needs to be escaped if it contains a double-quote or backslash.

Test 1229 was added to verify

Reported and fixed by: Nach M. S
Bug: http://curl.haxx.se/bug/view.cgi?id=1230
2013-05-27 19:45:12 +02:00
Mike Giancola
520833cbe1 ossl_recv: SSL_read() returning 0 is an error too
SSL_read can return 0 for "not successful", according to the open SSL
documentation: http://www.openssl.org/docs/ssl/SSL_read.html
2013-05-22 23:42:33 +02:00
Mike Giancola
e58d9c87f7 ossl_send: SSL_write() returning 0 is an error too
We found that in specific cases if the connection is abruptly closed,
the underlying socket is listed in a close_wait state. We continue to
call the curl_multi_perform, curl_mutli_fdset etc. None of these APIs
report the socket closed / connection finished.  Since we have cases
where the multi connection is only used once, this can pose a problem
for us. I've read that if another connection was to come in, curl would
see the socket as bad and attempt to close it at that time -
unfortunately, this does not work for us.

I found that in specific situations, if SSL_write returns 0, curl did
not recognize the socket as closed (or errored out) and did not report
it to the application. I believe we need to change the code slightly, to
check if ssl_write returns 0. If so, treat it as an error - the same as
a negative return code.

For OpenSSL - the ssl_write documentation is here:
http://www.openssl.org/docs/ssl/SSL_write.html
2013-05-22 23:08:27 +02:00
Daniel Stenberg
85b9dc8023 Curl_cookie_add: handle IPv6 hosts
1 - don't skip host names with a colon in them in an attempt to bail out
on HTTP headers in the cookie file parser. It was only a shortcut anyway
and trying to parse a file with HTTP headers will still be handled, only
slightly slower.

2 - don't skip domain names based on number of dots. The original
netscape cookie spec had this oddity mentioned and while our code
decreased the check to only check for two, the existing cookie spec has
no such dot counting required.

Bug: http://curl.haxx.se/bug/view.cgi?id=1221
Reported-by: Stefan Neis
2013-05-21 23:28:59 +02:00
YAMADA Yasuharu
04f52e9b4d cookies: only consider full path matches
I found a bug which cURL sends cookies to the path not to aim at.
For example:
- cURL sends a request to http://example.fake/hoge/
- server returns cookie which with path=/hoge;
  the point is there is NOT the '/' end of path string.
- cURL sends a request to http://example.fake/hogege/ with the cookie.

The reason for this old "feature" is because that behavior is what is
described in the original netscape cookie spec:
http://curl.haxx.se/rfc/cookie_spec.html

The current cookie spec (RFC6265) clarifies the situation:
http://tools.ietf.org/html/rfc6265#section-5.2.4
2013-05-18 22:54:48 +02:00
Eric Hu
100a33f7ff axtls: prevent memleaks on SSL handshake failures 2013-05-16 20:26:42 +02:00
Daniel Stenberg
7ed25ccf0d Revert "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage"
This reverts commit 8ec2cb5544.

We don't have any code anywhere in libcurl (or the curl tool) that use
wcsdup so there's no such memory use to track. It seems to cause mild
problems with the Borland compiler though that we may avoid by reverting
this change again.

Bug: http://curl.haxx.se/mail/lib-2013-05/0070.html
2013-05-12 15:10:01 +02:00
Guenter Knauf
ae26ee3489 Updated zlib version in build files. 2013-05-11 17:08:00 +02:00
Daniel Stenberg
01a2abedd7 nss: give PR_INTERVAL_NO_WAIT instead of -1 to PR_Recv/PR_Send
Reported by: David Strauss
Bug: http://curl.haxx.se/mail/lib-2013-05/0088.html
2013-05-09 11:23:15 +02:00
Daniel Stenberg
bdb396ef2a servercert: allow empty subject
Bug: http://curl.haxx.se/bug/view.cgi?id=1220
Patch by: John Gardiner Myers
2013-05-07 23:02:01 +02:00
Marc Hoersken
35874298e4 curl_schannel.c: Fixed invalid memory access during SSL shutdown 2013-05-05 17:57:37 +02:00
Steve Holme
52d72e66c2 smtp: Fix trailing whitespace warning 2013-05-04 18:37:50 +01:00
Steve Holme
f3d10aa0d4 smtp: Fix compilation warning
comparison between signed and unsigned integer expressions
2013-05-04 13:24:05 +01:00
Steve Holme
92ef5f19c8 smtp: Updated RFC-2821 references to RFC-5321 2013-05-04 10:12:01 +01:00
Steve Holme
99b4045183 smtp: Fixed sending of double CRLF caused by first in EOB
If the mail sent during the transfer contains a terminating <CRLF> then
we should not send the first <CRLF> of the EOB as specified in RFC-5321.

Additionally don't send the <CRLF> if there is "no mail data" as the
DATA command already includes it.
2013-05-04 10:00:33 +01:00
Lars Johannesen
1c435295b8 bindlocal: move brace out of #ifdef
The code within #ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID wrongly had two
closing braces when it should only have one, so builds without that
define would fail.

Bug: http://curl.haxx.se/mail/lib-2013-05/0000.html
2013-05-01 14:18:47 +02:00
Steve Holme
46d26a0e77 smtp: Tidy up to move the eob counter to the per-request structure
Move the eob counter from the smtp_conn structure to the SMTP structure
as it is associated with a SMTP payload on a per-request basis.
2013-04-30 22:25:23 +01:00
Steve Holme
b52cf5d2cd smtp: Fixed unknown percentage complete in progress bar
The curl command line utility would display the the completed progress
bar with a percentage of zero as the progress routines didn't know the
size of the transfer.
2013-04-29 22:34:26 +01:00
Steve Holme
9ea5145952 email: Tidy up of *_perform_authenticate()
Removed the hard returns from imap and pop3 by using the same style for
sending the authentication string as smtp. Moved the "Other mechanisms
not supported" check in smtp to match that of imap and pop3 to provide
consistency between the three email protocols.
2013-04-28 12:57:42 +01:00
Steve Holme
1d7c38e1f0 smtp: Updated limit check to be more readable like the check in pop3 2013-04-28 12:26:44 +01:00
Steve Holme
18bfc8f2d7 pop3: Added 255 octet limit check when sending initial response
Added 255 octet limit check as per Section 4. Paragraph 8 of RFC-5034.
2013-04-28 12:26:11 +01:00
Nick Zitzmann
a5c0e20939 darwinssl: add TLS crypto authentication
Users using the Secure Transport (darwinssl) back-end can now use a
certificate and private key to authenticate with a site using TLS. Because
Apple's security system is based around the keychain and does not have any
non-public function to create a SecIdentityRef data structure from data
loaded outside of the Keychain, the certificate and private key have to be
loaded into the Keychain first (using the certtool command line tool or
the Security framework's C API) before we can find it and use it.
2013-04-27 23:15:07 -06:00
Steve Holme
dacbdaab94 imap: Added support for overriding the SASL initial response
In addition to checking for the SASL-IR capability the user can override
the sending of the client's initial response in the AUTHENTICATION
command with the use of CURLOPT_SASL_IR should the server erroneously
not report SASL-IR when it does support it.
2013-04-27 12:12:59 +01:00
Steve Holme
70e30f6caa smtp: Added support for disabling the SASL initial response
Updated the default behaviour of sending the client's initial response in the AUTH
command to not send it and added support for CURLOPT_SASL_IR to allow the user to
specify including the response.

Related Bug: http://curl.haxx.se/mail/lib-2012-03/0114.html
Reported-by: Gokhan Sengun
2013-04-27 12:09:15 +01:00
Steve Holme
7cb6c31370 pop3: Added support for enabling the SASL initial response
Allowed the user to specify whether to send the client's intial response
in the AUTH command via CURLOPT_SASL_IR.
2013-04-27 12:07:39 +01:00
Steve Holme
a846fbbe2a sasl-ir: Added CURLOPT_SASL_IR to enable/disable the SASL initial response 2013-04-27 09:58:20 +01:00
Daniel Stenberg
6420672879 curl_easy_init: use less mallocs
By introducing an internal alternative to curl_multi_init() that accepts
parameters to set the hash sizes, easy handles will now use tiny socket
and connection hash tables since it will only ever add a single easy
handle to that multi handle.

This decreased the number mallocs in test 40 (which is a rather simple
and typical easy interface use case) from 1142 to 138. The maximum
amount of memory allocated used went down from 118969 to 78805.
2013-04-26 22:55:55 +02:00
Daniel Stenberg
0523152ad6 ftp_state_pasv_resp: connect through proxy also when set by env
When connecting back to an FTP server after having sent PASV/EPSV,
libcurl sometimes didn't use the proxy properly even though the proxy
was used for the initial connect.

The function wrongly checked for the CURLOPT_PROXY variable to be set,
which made it act wrongly if the proxy information was set with an
environment variable.

Added test case 711 to verify (based on 707 which uses --socks5). Also
added test712 to verify another variation of setting the proxy: with
--proxy socks5://

Bug: http://curl.haxx.se/bug/view.cgi?id=1218
Reported-by: Zekun Ni
2013-04-26 16:49:25 +02:00
Zdenek Pavlas
b37b5233ca url: initialize speed-check data for file:// protocol
... in order to prevent an artificial timeout event based on stale
speed-check data from a previous network transfer.  This commit fixes
a regression caused by 9dd85bced5.

Bug: https://bugzilla.redhat.com/906031
2013-04-26 15:38:22 +02:00
Steve Holme
2af9fd4960 url: Added smtp and pop3 hostnames to the protocol detection list 2013-04-23 19:44:14 +01:00
Alessandro Ghedini
c49ed0b6c0 getinfo.c: reset timecond when clearing session-info variables
Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705783
Reported-by: Ludovico Cavedon <cavedon@debian.org>
2013-04-22 22:43:32 +02:00
Steve Holme
ddac43b38e url: Fixed missing length check in parse_proxy()
Commit 11332577b3 removed the length check that was performed by the
old scanf() code.
2013-04-21 18:29:33 +01:00
Steve Holme
416ecc1584 url: Fixed crash when no username or password supplied for proxy
Fixed an issue in parse_proxy(), introduced in commit 11332577b3,
where an empty username or password (For example: http://:@example.com)
would cause a crash.
2013-04-21 16:55:19 +01:00
Steve Holme
455ba691a7 url: Removed unused text length constants 2013-04-21 12:16:12 +01:00
Steve Holme
11332577b3 url: Updated proxy URL parsing to use parse_login_details() 2013-04-21 12:12:29 +01:00
Steve Holme
702b0dd408 url: Tidy up of setstropt_userpwd() parameters
Updated the naming convention of the login parameters to match those of
other functions.
2013-04-21 10:27:42 +01:00
Steve Holme
e8a9f794f0 url: Tidy up of code and comments following recent changes
Tidy up of variable names and comments in setstropt_userpwd() and
parse_login_details().
2013-04-21 10:23:47 +01:00
Steve Holme
bddf3d4705 url: Simplified setstropt_userpwd() following recent changes
There is no need to perform separate clearing of data if a NULL option
pointer is passed in. Instead this operation can be performed by simply
not calling parse_login_details() and letting the rest of the code do
the work.
2013-04-20 20:04:00 +01:00
Steve Holme
e99c81a07c url: Correction to scope of if statements when setting data 2013-04-20 19:10:10 +01:00
Steve Holme
fe880475ed url: Fixed memory leak in setstropt_userpwd()
setstropt_userpwd() was calling setstropt() in commit fddb7b44a7 to
set each of the login details which would duplicate the strings and
subsequently cause a memory leak.
2013-04-20 18:40:13 +01:00
Steve Holme
d535c4a2e1 url: Added overriding of URL login options from CURLOPT_USERPWD 2013-04-20 09:18:51 +01:00
Steve Holme
fddb7b44a7 url: Added support for parsing login options from the CURLOPT_USERPWD
In addition to parsing the optional login options from the URL, added
support for parsing them from CURLOPT_USERPWD, to allow the following
supported command line:

--user username:password;options
2013-04-20 09:08:28 +01:00
Steve Holme
49184c3723 url: Added bounds checking to parse_login_details()
Added bounds checking when searching for the separator characters within
the login string as this string may not be NULL terminated (For example
it is the login part of a URL). We do this in preference to allocating a
new string to copy the login details into which could then be passed to
parse_login_details() for performance reasons.
2013-04-19 19:37:55 +01:00
Steve Holme
cc7f6a2ddf url: Added size_t cast to pointer based length calculations 2013-04-19 14:11:43 +01:00
Steve Holme
90fe59b829 url: Corrected minor typo in comment 2013-04-19 12:53:59 +01:00
Steve Holme
8763374f0e url: Fix chksrc longer than 79 columns warning 2013-04-18 20:21:11 +01:00
Steve Holme
63388fe1f3 url: Fix incorrect variable type for result code 2013-04-18 19:18:02 +01:00
Steve Holme
b75a88aa72 url: Fix compiler warning
signed and unsigned type in conditional expression
2013-04-18 19:14:25 +01:00
Steve Holme
bb20989a63 url: Moved parsing of login details out of parse_url_login()
Separated the parsing of login details from the processing of them in
parse_url_login() ready for use by setstropt_userpwd().
2013-04-18 18:09:53 +01:00
Steve Holme
0d49e408a4 url: Re-factored set_userpass() and parse_url_userpass()
Re-factored these functions to reflect their new behaviour following the
addition of login options.
2013-04-18 17:36:15 +01:00
Steve Holme
90c87f311e url: Reworked URL parsing to allow overriding by CURLOPT_USERPWD 2013-04-18 17:20:43 +01:00
Steve Holme
c306d2e42f smtp: Re-factored all perform based functions
Standardised the naming of all perform based functions to be in the form
smtp_perform_something().
2013-04-16 19:48:20 +01:00
Steve Holme
f737e3a3dd smtp: Added description comments to all perform based functions 2013-04-16 19:44:53 +01:00
Steve Holme
686586b0f9 smtp: Moved smtp_quit() to be with the other perform functions 2013-04-16 19:44:52 +01:00
Steve Holme
e621a5f6ea smtp: Moved smtp_rcpt_to() to be with the other perform functions 2013-04-16 19:44:49 +01:00
Steve Holme
8093f9541e smtp: Moved smtp_mail() to be with the other perform functions 2013-04-16 19:44:47 +01:00
Steve Holme
552ba67bb1 pop3: Added missing comment for pop3_state_apop_resp() 2013-04-15 20:27:49 +01:00
Steve Holme
651254dcc7 smtp: Updated the coding style of smtp_state_servergreet_resp()
Updated the coding style, in this function, to be consistant with other
response functions rather then performing a hard return on failure.
2013-04-15 20:27:47 +01:00
Steve Holme
26bdafcbf9 pop3: Updated the coding style of pop3_state_servergreet_resp()
Updated the coding style, in this function, to be consistent with other
response functions rather then performing a hard return on failure.
2013-04-15 20:27:45 +01:00
Steve Holme
02dc9e788f pop3: Re-factored all perform based functions
Standardised the naming of all perform based functions to be in the form
pop3_perform_something() following the changes made to IMAP.
2013-04-14 10:06:10 +01:00
Steve Holme
e11c6e9961 pop3: Added description comments to all perform based functions 2013-04-14 10:06:08 +01:00
Steve Holme
e4eaa92728 pop3: Moved pop3_quit() to be with the other perform functions 2013-04-14 10:06:07 +01:00
Steve Holme
577f8e5ac6 pop3: Moved pop3_command() to be with the other perform functions
Started to apply the same tidy up to the POP3 code as applied to the
IMAP code in the 7.30.0 release.
2013-04-14 10:06:05 +01:00
Steve Holme
8723cade21 smtp: Added support for ;auth=<mech> in the URL
Added support for specifying the preferred authentication mechanism in
the URL as per Internet-Draft 'draft-earhart-url-smtp-00'.
2013-04-13 16:23:00 +01:00
Steve Holme
d956d9db47 pop3: Reworked authentication type constants
... to use left-shifted values, like those defined in curl.h, rather
than 16-bit hexadecimal values.
2013-04-13 16:20:48 +01:00
Steve Holme
ecf93ac986 pop3: Small consistency tidy up 2013-04-13 16:16:23 +01:00
Steve Holme
b3a01be2f3 pop3: Added support for ;auth=<mech> in the URL
Added support for specifying the preferred authentication type and SASL
mechanism in the URL as per RFC-2384.
2013-04-13 16:16:21 +01:00
Steve Holme
00045a3009 imap: Added support for ;auth=<mech> in the URL
Added support for specifying the preferred authentication mechanism in
the URL as per RFC-5092.
2013-04-13 16:11:27 +01:00
Steve Holme
3f7188dd94 sasl: Reworked SASL mechanism constants
... to use left-shifted values, like those defined in curl.h, rather
than 16-bit hexadecimal values.
2013-04-13 13:29:50 +01:00
Steve Holme
720218fea1 sasl: Added predefined preferred mechanism values
In preparation for the upcoming changes to IMAP, POP3 and SMTP added
preferred mechanism values.
2013-04-13 13:11:37 +01:00
Steve Holme
73aa95592f url: Added support for parsing login options from the URL
As well as parsing the username and password from the URL, added support
for parsing the optional options part from the login details, to allow
the following supported URL format:

schema://username:password;options@example.com/path?q=foobar

This will only be used by IMAP, POP3 and SMTP at present but any
protocol that may be given login options in the URL will be able to
add support for them.
2013-04-13 10:49:42 +01:00
Steve Holme
ad3fdbc0a4 smtp: Fix compiler warning
warning: unused variable 'smtp' introduced in commit 73cbd21b5e.
2013-04-13 00:06:19 +01:00
Steve Holme
73cbd21b5e smtp: Moved parsing of url path into separate function 2013-04-12 23:15:51 +01:00
Daniel Stenberg
c5ba0c2f54 FTP: handle a 230 welcome response
...instead of the 220 we otherwise expect.

Made the ftpserver.pl support sending a custom "welcome" and then
created test 1219 to verify this fix with such a 230 welcome.

Bug: http://curl.haxx.se/mail/lib-2013-02/0102.html
Reported by: Anders Havn
2013-04-12 23:59:37 +02:00
Daniel Stenberg
61d259f950 FTP: access files in root dir correctly
Accessing a file with an absolute path in the root dir but with no
directory specified was not handled correctly. This fix comes with four
new test cases that verify it.

Bug: http://curl.haxx.se/mail/lib-2013-04/0142.html
Reported by: Sam Deane
2013-04-12 22:43:13 +02:00
Steve Holme
c01735865f pop3: Reworked the function description for Curl_pop3_write() 2013-04-12 20:22:14 +01:00
Steve Holme
ca46c5dbe2 pop3: Added function description to pop3_parse_custom_request() 2013-04-12 20:22:12 +01:00
Steve Holme
2da127abb5 pop3: Moved utility functions to end of pop3.c 2013-04-12 20:22:10 +01:00
Nick Zitzmann
bc33f2200d darwinssl: add TLS session resumption
This ought to speed up additional TLS handshakes, at least in theory.
2013-04-12 12:20:10 -06:00
Steve Holme
fd399cde00 imap: Added function description to imap_parse_custom_request() 2013-04-12 18:27:51 +01:00
Steve Holme
00c74019f4 imap: Moved utility functions to end of imap.c (Part 3/3)
Moved imap_is_bchar() be with the other utility based functions.
2013-04-12 18:24:46 +01:00
Steve Holme
9d0063befa imap: Moved utility functions to end of imap.c (Part 2/3)
Moved imap_parse_url_path() and imap_parse_custom_request() to the end of the
file allowing all utility functions to be grouped together.
2013-04-12 18:24:44 +01:00
Steve Holme
01e55ebb26 imap: Moved utility functions to end of imap.c (Part 1/3)
Moved imap_atom() and imap_sendf() to the end of the file allowing all
utility functions to be grouped together.
2013-04-12 18:24:43 +01:00
Steve Holme
4bbad1dac7 imap: Corrected function description for imap_connect() 2013-04-12 18:14:43 +01:00
YAMADA Yasuharu
2eb8dcf26c cookie: fix tailmatching to prevent cross-domain leakage
Cookies set for 'example.com' could accidentaly also be sent by libcurl
to the 'bexample.com' (ie with a prefix to the first domain name).

This is a security vulnerabilty, CVE-2013-1944.

Bug: http://curl.haxx.se/docs/adv_20130412.html
2013-04-11 23:52:12 +02:00
Guenter Knauf
96ffe645fd Enabled MinGW sync resolver builds. 2013-04-11 14:05:08 +02:00
Yang Tse
c86ea58304 if2ip.c: fix compiler warning 2013-04-10 16:44:54 +02:00
Guenter Knauf
577703495e Fixed lost OpenSSL output with "-t" - followup.
The previously applied patch didnt work on Windows; we cant rely
on shell commands like 'echo' since they act diffently on each
platform and each shell.
In order to keep this script platform-independent the code must
only use pure Perl.
2013-04-10 00:20:37 +02:00
Bill Middlecamp
e0fb2d86c9 FTP: handle "rubbish" in front of directory name in 257 responses
When doing PWD, there's a 257 response which apparently some servers
prefix with a comment before the path instead of after it as is
otherwise the norm.

Failing to parse this, several otherwise legitimate use cases break.

Bug: http://curl.haxx.se/mail/lib-2013-04/0113.html
2013-04-09 22:18:33 +02:00
Guenter Knauf
658ec97055 Fixed ares-enabled builds with static makefiles. 2013-04-09 17:44:51 +02:00
Guenter Knauf
88535d593e Fixed lost OpenSSL output with "-t".
The OpenSSL pipe wrote to the final CA bundle file, but the encoded PEM
output wrote to a temporary file.  Consequently, the OpenSSL output was
lost when the temp file was renamed to the final file at script finish
(overwriting the final file written earlier by openssl).
Patch posted to the list by Richard Michael (rmichael edgeofthenet org).
2013-04-09 16:59:57 +02:00
Nick Zitzmann
d7f4c3772e darwinssl: disable insecure ciphers by default
I noticed that aria2's SecureTransport code disables insecure ciphers such
as NULL, anonymous, IDEA, and weak-key ciphers used by SSLv3 and later.
That's a good idea, and now we do the same thing in order to prevent curl
from accessing a "secure" site that only negotiates insecure ciphersuites.
2013-04-08 17:07:20 -06:00
Robert Wruck
29fdb2700f tcpkeepalive: Support CURLOPT_TCP_KEEPIDLE on OSX
MacOS X doesn't have TCP_KEEPIDLE/TCP_KEEPINTVL but only a single
TCP_KEEPALIVE (see
http://developer.apple.com/library/mac/#DOCUMENTATION/Darwin/Reference/ManPages/man4/tcp.4.html).
Here is a patch for CURLOPT_TCP_KEEPIDLE on OSX platforms.
2013-04-08 23:13:05 +02:00
Fabian Keil
638c6da9db proxy: make ConnectionExists() check credential of proxyconnections too
Previously it only compared credentials if the requested needle
connection wasn't using a proxy. This caused NTLM authentication
failures when using proxies as the authentication code wasn't send on
the connection where the challenge arrived.

Added test 1215 to verify: NTLM server authentication through a proxy
(This is a modified copy of test 67)
2013-04-08 16:13:27 +02:00
Marc Hoersken
6b8c36954f if2ip.c: Fixed another warning: unused parameter 'remote_scope' 2013-04-07 21:04:50 +02:00
Marc Hoersken
762961fe35 cookie.c: Made cookie sort function more deterministic
Since qsort implementations vary with regards to handling the order
of similiar elements, this change makes the internal sort function
more deterministic by comparing path length first, then domain length
and finally the cookie name. Spotted with testcase 62 on Windows.
2013-04-07 18:38:49 +02:00
Marc Hoersken
4b643f1ca4 curl_schannel.c: Follow up on memory leak fix ae4558d 2013-04-07 09:44:29 +02:00
Marc Hoersken
25f08de4d6 http_negotiate.c: Fixed passing argument from incompatible pointer type 2013-04-07 00:06:19 +02:00
Marc Hoersken
f3bd2abb61 ftp.c: Added missing brackets around ABOR command logic 2013-04-06 23:11:20 +02:00
Marc Hoersken
ae4558dbb4 curl_schannel.c: Fixed memory leak if connection was not successful 2013-04-06 20:55:27 +02:00
Marc Hoersken
ee7669ba3a if2ip.c: Fixed warning: unused parameter 'remote_scope' 2013-04-06 20:30:13 +02:00
Daniel Stenberg
57aeabcc1a FTP: wait on both connections during active STOR state
When doing PORT and upload (STOR), this function needs to extract the
file descriptor for both connections so that it will respond immediately
when the server eventually connects back.

This flaw caused active connections to become unnecessary slow but they
would still often work due to the normal polling on a timeout. The bug
also would not occur if the server connected back very fast, like when
testing on local networks.

Bug: http://curl.haxx.se/bug/view.cgi?id=1183
Reported by: Daniel Theron
2013-04-06 17:21:38 +02:00
Kim Vandry
090b55c100 connect: treat an interface bindlocal() problem as a non-fatal error
I am using curl_easy_setopt(CURLOPT_INTERFACE, "if!something") to force
transfers to use a particular interface but the transfer fails with
CURLE_INTERFACE_FAILED, "Failed binding local connection end" if the
interface I specify has no IPv6 address. The cause is as follows:

The remote hostname resolves successfully and has an IPv6 address and an
IPv4 address.

cURL attempts to connect to the IPv6 address first.

bindlocal (in lib/connect.c) fails because Curl_if2ip cannot find an
IPv6 address on the interface.

This is a fatal error in singleipconnect()

This change will make cURL try the next IP address in the list.

Also included are two changes related to IPv6 address scope:

- Filter the choice of address in Curl_if2ip to only consider addresses
with the same scope ID as the connection address (mismatched scope for
local and remote address does not result in a working connection).

- bindlocal was ignoring the scope ID of addresses returned by
Curl_if2ip . Now it uses them.

Bug: http://curl.haxx.se/bug/view.cgi?id=1189
2013-04-06 16:51:58 +02:00
Daniel Stenberg
e7c56a8406 Curl_open: restore default MAXCONNECTS to 5
At some point recently we lost the default value for the easy handle's
connection cache, and this change puts it back to 5 - which is the
former default value and it is documented in the curl_easy_setopt.3 man
page.
2013-04-05 09:20:04 +02:00
Yang Tse
5f5e4c92c4 easy.c: fix compiler warning 2013-04-04 16:31:26 +02:00
Yang Tse
ed35e1fa1b http_negotiate.c: follow-up for commit 3dcc1a9c 2013-04-04 12:11:29 +02:00
Linus Nielsen Feltzing
e87e76e2dc easy: Fix the broken CURLOPT_MAXCONNECTS option
Copy the CURLOPT_MAXCONNECTS option to CURLMOPT_MAXCONNECTS in
curl_easy_perform().

Bug: http://curl.haxx.se/bug/view.cgi?id=1212
Reported-by: Steven Gu
2013-04-04 10:33:39 +02:00
Guenter Knauf
984e20d6bb Updated copyright date. 2013-04-04 04:04:21 +02:00
Guenter Knauf
fbc35d394c Another small output fix for --help and --version. 2013-04-04 04:02:12 +02:00
Yang Tse
3dcc1a9c19 http_negotiate.c: fix several SPNEGO memory handling issues 2013-04-04 01:59:10 +02:00
Guenter Knauf
7ba091ca82 Added a cont to specify base64 line wrap. 2013-04-04 00:55:01 +02:00
Guenter Knauf
ce8a35c318 Fixed version output. 2013-04-04 00:23:58 +02:00
Guenter Knauf
c3fa3aaf2c Added support for --help and --version options. 2013-04-04 00:21:10 +02:00
Guenter Knauf
8efd74de46 Added option to specify length of base64 output.
Based on a patch posted to the list by Richard Michael.
2013-04-04 00:02:49 +02:00
Yasuharu Yamada
eb25dd3be2 Curl_cookie_add: only increase numcookies for new cookies
Count up numcookies in Curl_cookie_add() only when cookie is new one
2013-04-02 11:45:15 +02:00
Daniel Stenberg
43e045fc3e SO_SNDBUF: don't set SNDBUF for win32 versions vista or later
The Microsoft knowledge-base article
http://support.microsoft.com/kb/823764 describes how to use SNDBUF to
overcome a performance shortcoming in winsock, but it doesn't apply to
Windows Vista and later versions. If the described SNDBUF magic is
applied when running on those more recent Windows versions, it seems to
instead have the reversed effect in many cases and thus make libcurl
perform less good on those systems.

This fix thus adds a run-time version-check that does the SNDBUF magic
conditionally depending if it is deemed necessary or not.

Bug: http://curl.haxx.se/bug/view.cgi?id=1188
Reported by: Andrew Kurushin
Tested by: Christian Hägele
2013-04-02 11:31:05 +02:00
Nick Zitzmann
74467f8e78 darwinssl: additional descriptive messages of SSL handshake errors
(This doesn't need to appear in the release notes.)
2013-04-01 18:24:32 -06:00
Daniel Stenberg
0614b90213 code-policed 2013-04-01 00:36:39 +02:00
Daniel Stenberg
c4d7c1514f tcpkeepalive: support TCP_KEEPIDLE/TCP_KEEPINTVL on win32
Patch by: Robert Wruck
Bug: http://curl.haxx.se/bug/view.cgi?id=1209
2013-03-31 23:17:16 +02:00
Daniel Stenberg
ca62ac69bb ftp_sendquote: use PPSENDF, not FTPSENDF
The last remaining code piece that still used FTPSENDF now uses PPSENDF.
In the problematic case, a PREQUOTE series was done on a re-used
connection when Curl_pp_init() hadn't been called so it had messed up
pointers. The init call is done properly from Curl_pp_sendf() so this
change fixes this particular crash.

Bug: http://curl.haxx.se/mail/lib-2013-03/0319.html
Reported by: Sam Deane
2013-03-29 21:19:45 +01:00
Yang Tse
acafe9c160 NTLM: fix several NTLM code paths memory leaks 2013-03-25 03:32:47 +01:00
Yang Tse
8ec2cb5544 WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage
As of 25-mar-2013 wcsdup() _wcsdup() and _tcsdup() are only used in
WIN32 specific code, so tracking of these has not been extended for
other build targets. Without this fix, memory tracking system on
WIN32 builds, when using these functions, would provide misleading
results.

In order to properly extend this support for all targets curl.h
would have to define curl_wcsdup_callback prototype and consequently
wchar_t should be visible before that in curl.h.  IOW curl_wchar_t
defined in curlbuild.h and this pulling whatever system header is
required to get wchar_t definition.

Additionally a new curl_global_init_mem() function that also receives
user defined wcsdup() callback would be required.
2013-03-25 03:32:47 +01:00
Yang Tse
c5eabd48e8 curl_ntlm_msgs.c: revert commit 463082bea4
reverts unreleased invalid memory leak fix
2013-03-25 03:32:46 +01:00
Martin Jansen
bc6037ed3e Curl_proxyCONNECT: count received headers
Proxy servers tend to add their own headers at the beginning of
responses. The size of these headers was not taken into account by
CURLINFO_HEADER_SIZE before this change.

Bug: http://curl.haxx.se/bug/view.cgi?id=1204
2013-03-23 23:20:01 +01:00
Steve Holme
ce2008066a sasl: Corrected a few violations of the curl coding standards
Corrected some incorrectly positioned pointer variable declarations to
be "char *" rather than "char* ".
2013-03-21 22:21:22 +00:00
Steve Holme
d85647cfdd multi.c: Corrected a couple of violations of the curl coding standards
Corrected some incorrectly positioned pointer variable declarations to
be "type *" rather than "type* ".
2013-03-21 19:14:03 +00:00
Steve Holme
7713e67bc5 multi.c: Fix compilation warning
warning: an enumerated type is mixed with another type
2013-03-21 07:33:45 +00:00
Steve Holme
9a13a516b4 multi.c: fix compilation error
warning: conversion from enumeration type to different enumeration type
2013-03-20 23:36:46 +00:00
Nick Zitzmann
6f1f7e5de8 darwinssl: disable ECC ciphers under Mountain Lion by default
I found out that ECC doesn't work as of OS X 10.8.3, so those ciphers are
turned off until the next point release of OS X.
2013-03-19 15:21:34 -06:00
Oliver Schindler
d1d0ee075f Curl_proxyCONNECT: clear 'rewindaftersend' on success
After having done a POST over a CONNECT request, the 'rewindaftersend'
boolean could be holding the previous value which could lead to badness.

This should be tested for in a new test case!

Bug: https://groups.google.com/d/msg/msysgit/B31LNftR4BI/KhRTz0iuGmUJ
2013-03-18 22:53:40 +01:00
Steve Holme
b3440f490f imap: Fixed incorrect initial response generation for SASL AUTHENTICATE
Fixed incorrect initial response generation for the NTLM and LOGIN SASL
authentication mechanisms when the SASL-IR was detected.

Introduced in commit: 6da7dc026c.
2013-03-17 00:20:42 +00:00
Daniel Stenberg
e4b733e3f1 HTTP proxy: insert slash in URL if missing
curl has been accepting URLs using slightly wrong syntax for a long
time, such as when completely missing as slash "http://example.org" or
missing a slash when a query part is given
"http://example.org?q=foobar".

curl would translate these into a legitimate HTTP request to servers,
although as was shown in bug #1206 it was not adjusted properly in the
cases where a HTTP proxy was used.

Test 1213 and 1214 were added to the test suite to verify this fix.

The test HTTP server was adjusted to allow us to specify test number in
the host name only without using any slashes in a given URL.

Bug: http://curl.haxx.se/bug/view.cgi?id=1206
Reported by: ScottJi
2013-03-15 14:18:16 +01:00
Yang Tse
001e664ff7 curl_memory.h: introduce CURLX_NO_MEMORY_CALLBACKS usage possibility
This commit alone does not fix anything nor modifies existing
interfaces or behaviors, although it is a prerequisite for other
fixes.
2013-03-14 19:47:05 +01:00
Yang Tse
01dc954f8a Makefile.vc6: add missing files 2013-03-14 18:35:01 +01:00
Linus Nielsen Feltzing
c2fab66575 pipelining: Remove dead code. 2013-03-14 13:30:59 +01:00
Linus Nielsen Feltzing
0f147887b0 Multiple pipelines and limiting the number of connections.
Introducing a number of options to the multi interface that
allows for multiple pipelines to the same host, in order to
optimize the balance between the penalty for opening new
connections and the potential pipelining latency.

Two new options for limiting the number of connections:

CURLMOPT_MAX_HOST_CONNECTIONS - Limits the number of running connections
to the same host. When adding a handle that exceeds this limit,
that handle will be put in a pending state until another handle is
finished, so we can reuse the connection.

CURLMOPT_MAX_TOTAL_CONNECTIONS - Limits the number of connections in total.
When adding a handle that exceeds this limit,
that handle will be put in a pending state until another handle is
finished. The free connection will then be reused, if possible, or
closed if the pending handle can't reuse it.

Several new options for pipelining:

CURLMOPT_MAX_PIPELINE_LENGTH - Limits the pipeling length. If a
pipeline is "full" when a connection is to be reused, a new connection
will be opened if the CURLMOPT_MAX_xxx_CONNECTIONS limits allow it.
If not, the handle will be put in a pending state until a connection is
ready (either free or a pipe got shorter).

CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE - A pipelined connection will not
be reused if it is currently processing a transfer with a content
length that is larger than this.

CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE - A pipelined connection will not
be reused if it is currently processing a chunk larger than this.

CURLMOPT_PIPELINING_SITE_BL - A blacklist of hosts that don't allow
pipelining.

CURLMOPT_PIPELINING_SERVER_BL - A blacklist of server types that don't allow
pipelining.

See the curl_multi_setopt() man page for details.
2013-03-13 23:55:24 +01:00
Steve Holme
ac890cd5f2 pop3: Removed unnecessary transfer cancellation
Following commit e450f66a02 and the changes in the multi interface
being used internally, from 7.29.0, the transfer cancellation in
pop3_dophase_done() is no longer required.
2013-03-13 20:19:43 +00:00
Steve Holme
e450f66a02 pop3: Fixed continuous wait when using --ftp-list
Don't initiate a transfer when using --ftp-list.
2013-03-12 14:10:25 +00:00
Zdenek Pavlas
57ccdfa8d2 curl_global_init: accept the CURL_GLOBAL_ACK_EINTR flag
The flag can be used in pycurl-based applications where using the multi
interface would not be acceptable because of the performance lost caused
by implementing the select() loop in python.

Bug: http://curl.haxx.se/bug/view.cgi?id=1168
Downstream Bug: https://bugzilla.redhat.com/919127
2013-03-12 10:58:20 +01:00
Kamil Dudka
491e026ccd easy: do not ignore poll() failures other than EINTR 2013-03-12 10:58:19 +01:00
Yang Tse
83a42ee20e curl.h: stricter CURL_EXTERN linkage decorations logic
No API change involved.

Info: http://curl.haxx.se/mail/lib-2013-02/0234.html
2013-03-12 00:27:47 +01:00
Steve Holme
1fcf52cae4 imap: Reworked some function descriptions 2013-03-10 12:56:45 +00:00
Steve Holme
cbea345f61 imap: Added some missing comments to imap_sendf() 2013-03-10 12:47:28 +00:00
Steve Holme
059647f398 email: Removed hard returns from init functions 2013-03-09 22:25:40 +00:00
Daniel Stenberg
136a3a0ee2 curl_multi_wait: avoid second loop if nothing to do
... hopefully this will also make clang-analyzer stop warning on
potentional NULL dereferences (which were false positives anyway).
2013-03-09 22:27:15 +01:00
Daniel Stenberg
64b2d2d77e multi_runsingle: avoid NULL dereference
When Curl_do() returns failure, the connection pointer could be NULL so
the code path following needs to that that into account.

Bug: http://curl.haxx.se/mail/lib-2013-03/0062.html
Reported by: Eric Hu
2013-03-09 22:27:15 +01:00
Steve Holme
8826435571 imap: Re-factored all perform based functions
Standardised the naming of all perform based functions to be in the form
imap_perform_something().
2013-03-09 18:50:41 +00:00
Steve Holme
ca3c0ed3a9 imap: Added description comments to all perform based functions 2013-03-09 14:02:56 +00:00
Steve Holme
6bdd3d4a88 imap: Removed the need for separate custom request functions
Moved the custom request processing into the LIST command as the logic
is the same.
2013-03-09 13:27:16 +00:00
Steve Holme
69eca5c252 imap: Corrected typo in comment 2013-03-09 13:25:15 +00:00
Yang Tse
0840f01e99 Makefile.am: empty AM_LDFLAGS definition for automake 1.7 compatibility 2013-03-09 14:05:21 +01:00
Steve Holme
b4c9b515aa imap: Moved imap_logout() to be grouped with the other perform functions 2013-03-09 12:12:20 +00:00
Steve Holme
b482417ac4 email: Updated the function descriptions for the logout / quit functions
Updated the function description comments following commit 4838d196fd.
2013-03-09 12:10:01 +00:00
Steve Holme
4838d196fd email: Simplified the logout / quit functions
Moved the blocking state machine to the disconnect functions so that the
logout / quit functions are only responsible for sending the actual
command needed to logout or quit.

Additionally removed the hard return on failure.
2013-03-09 11:55:48 +00:00
Steve Holme
f691f9609c email: Tidied up the *_regular_transfer() functions
Added comments and simplified convoluted dophase_done comparison.
2013-03-08 23:25:04 +00:00
Steve Holme
e5bb4e86ac email: Simplified nesting of if statements in *_doing() functions 2013-03-08 23:02:20 +00:00
Steve Holme
1f41772bef imap: Fixed handling of untagged responses for the STORE custom command
Added an exception, for the STORE command, to the untagged response
processor in imap_endofresp() as servers will back respones containing
the FETCH keyword instead.
2013-03-08 21:18:36 +00:00
Gisle Vanem
bd649ac1c5 polarssl.c: fix header filename typo 2013-03-08 14:02:01 +01:00
Yang Tse
70b5173410 configure: use XC_LIBTOOL for portability across libtool versions 2013-03-08 13:27:45 +01:00
Steve Holme
170ae51c47 imap: Fixed SELECT not being performed for custom requests 2013-03-07 22:56:19 +00:00
Steve Holme
cc890906b1 email: Minor code tidy up following recent changes
Removed unwanted braces and added variable initialisation.
2013-03-07 22:44:10 +00:00
Steve Holme
67b6fa5f95 email: Optimised block_statemach() functions
Optimised the result test in each of the block_statemach() functions.
2013-03-07 18:21:58 +00:00
Daniel Stenberg
7f963a19ec checksrc: ban unsafe functions
The list of unsafe functions currently consists of sprintf, vsprintf,
strcat, strncat and gets.

Subsequently, some existing code needed updating to avoid warnings on
this.
2013-03-07 11:08:05 +01:00
Steve Holme
5c89413b24 imap: Tidied up the APPEND and final APPEND response functions
Removed unnecessary state changes on failure and setting of result codes
on success.
2013-03-06 20:31:53 +00:00
Steve Holme
37f3fcd631 imap: Tidied up the final FETCH response function
Removed unnecessary state change on failure and setting of result code on
success.
2013-03-06 20:19:46 +00:00
Steve Holme
c9f9f601b8 imap: Tidied up the LIST response function
Reworked comments as they referenced custom commands, removed
unnecessary state change on failure and setting of result code on
success.
2013-03-06 20:10:53 +00:00
Steve Holme
24ffceed81 imap: Removed the custom request response function
Removed imap_state_custom_resp() as imap_state_list_resp() provides the
same functionality.
2013-03-06 19:58:34 +00:00
Steve Holme
b7f39156d4 imap: Added check for empty UID in FETCH command
As the UID has to be specified by the user for the FETCH command to work
correctly, added a check to imap_fetch(), although strictly speaking it
is protected by the call from imap_perform().
2013-03-06 19:33:49 +00:00
Kamil Dudka
9d0af3018c nss: fix misplaced code enabling non-blocking socket mode
The option needs to be set on the SSL socket.  Setting it on the model
takes no effect.  Note that the non-blocking mode is still not enabled
for the handshake because the code is not yet ready for that.
2013-03-06 13:34:10 +01:00
Daniel Stenberg
fa9748df11 imap: fix compiler warning
imap.c:694:21: error: unused variable 'imapc' [-Werror=unused-variable]
2013-03-06 08:28:05 +01:00
Steve Holme
198012ee13 imap: Added support for list command 2013-03-05 22:04:03 +00:00
Steve Holme
742544aad0 imap: Added list perform and response handler functions 2013-03-05 21:39:18 +00:00
Steve Holme
041754e3fa imap: Introduced IMAP_LIST state 2013-03-05 21:35:16 +00:00
Steve Holme
b960f1e8bd imap: Small tidy up of imap_select() to match imap_append()
Updated the style of imap_select() before adding the LIST command.
2013-03-05 19:59:53 +00:00
Steve Holme
c29346613d imap: Moved mailbox check from the imap_do() function
In preparation for the addition of the LIST command, moved the mailbox
check from imap_do() to imap_select() and imap_append().
2013-03-05 19:52:11 +00:00
Steve Holme
172e6378f8 curl_setup.h: Added S_IRDIR() macro for compilers that don't support it
Commit 26eaa83830 introduces the use of S_ISDIR() yet some compilers,
such as MSVC don't support it, so we must define a substitute using
file flags and mask.
2013-03-05 19:45:51 +00:00
Daniel Stenberg
26eaa83830 AddFormData: prevent only directories from being posted
Commit f4cc54cb47 (shipped as part of the 7.29.0 release) was a
bug fix that introduced a regression in that while trying to avoid
allowing directory names, it also forbade "special" files like character
devices and more. like "/dev/null" as was used by Oliver who reported
this regression.

Reported by: Oliver Gondža
Bug: http://curl.haxx.se/mail/archive-2013-02/0040.html
2013-03-04 15:52:10 +01:00
Nick Zitzmann
fadf33c78a darwinssl: fix infinite loop if server disconnected abruptly
If the server hung up the connection without sending a closure alert,
then we'd keep probing the socket for data even though it's dead. Now
we're ready for this situation.

Bug: http://curl.haxx.se/mail/lib-2013-03/0014.html
Reported by: Aki Koskinen
2013-03-03 22:11:10 -07:00
Steve Holme
298f806d01 imap: Added comments to imap_append() 2013-03-03 16:44:53 +00:00
Jiri Hruska
e6b7dae947 imap: Added required mailbox check for FETCH and APPEND commands 2013-03-03 16:39:50 +00:00
Steve Holme
fa637c6cab pingpong.c: Fix enumerated type mixed with another type 2013-03-03 13:55:01 +00:00
Steve Holme
036366f1ef smtp: Updated the coding style for state changes after a send operation
Some state changes would be performed after a failure test that
performed a hard return, whilst others would be performed within a test
for success. Updated the code, for consistency, so all instances are
performed within a success test.
2013-03-03 13:48:22 +00:00
Steve Holme
757aa7b09d pop3: Updated the coding style for state changes after a send operation
Some state changes would be performed after a failure test that
performed a hard return, whilst others would be performed within a test
for success. Updated the code, for consistency, so all instances are
performed within a success test.
2013-03-03 13:36:12 +00:00
Steve Holme
b1ebf4bda1 imap: Fixed typo in variable assignment 2013-03-03 13:13:59 +00:00
Jiri Hruska
284ea5f924 imap: Fixed custom request handling in imap_done()
Fixed imap_done() so that neither the FINAL states are not entered when
a custom command has been performed.
2013-03-03 13:10:36 +00:00
Jiri Hruska
c03cad3a61 imap: Enabled custom requests in imap_select_resp()
Changed imap_select_resp() to invoke imap_custom() instead of
imap_fetch() after the mailbox has been selected if a custom
command has been set.
2013-03-03 13:10:34 +00:00
Jiri Hruska
ad8b76d094 imap: Enabled custom requests in imap_perform()
Modified imap_perform() to start with the custom command instead of
SELECT when a custom command is to be performed and no mailbox has
been given.
2013-03-03 13:10:32 +00:00
Jiri Hruska
226c1c6876 imap: Added custom request perform and response handler functions
Added imap_custom(), which initiates the custom command processing,
and an associated response handler imap_state_custom_resp(), which
handles any responses by sending them to the client as body data.

All untagged responses with the same name as the first word of the
custom request string are accepted, with the exception of SELECT and
EXAMINE which have responses that cannot be easily identified. An
extra check has been provided for them so that any untagged responses
are accepted for them.
2013-03-03 13:10:31 +00:00
Steve Holme
711065e4df pop3: Fixed unnecessary parent structure reference
Updated pop3 code following recent imap changes.
2013-03-03 11:10:24 +00:00
Jiri Hruska
ee7034800d imap: Added custom request parsing
Added imap_parse_custom_request() for parsing the CURLOPT_CUSTOMREQUEST
parameter which URL decodes the value and separates the request from
any parameters - This makes it easier to filter untagged responses
by the request command.
2013-03-03 11:06:55 +00:00
Jiri Hruska
1d3ccf27ec imap: Introduced custom request parameters
Added custom request parameters to the per-request structure.
2013-03-03 11:03:45 +00:00
Jiri Hruska
51dbaae432 imap: Introduced IMAP_CUSTOM state 2013-03-03 10:13:13 +00:00
Steve Holme
dcffd936e1 imap: Minor code tidy up
Minor tidy up of code layout and comments following recent changes.
2013-03-02 21:22:44 +00:00
Steve Holme
e94fbcabd7 imap: Simplified the imap_state_append_resp() function
Introduced the result code variable to simplify the state changes and
remove the hard returns.
2013-03-02 20:40:38 +00:00
Steve Holme
ec38ac38c7 imap: Changed successful response logic in imap_state_append_resp()
For consistency changed the logic of the imap_state_append_resp()
function to test for an unsucessful continuation response rather than a
succesful one.
2013-03-02 20:35:03 +00:00
Steve Holme
0f64dd086a imap: Standardised imapcode condition tests
For consistency changed two if(constant != imapcode) tests to be
if(imapcode != constant).
2013-03-02 20:29:27 +00:00
Steve Holme
459e1bffee imap: Moved imap_append() to be with the other perform functions 2013-03-02 20:24:49 +00:00
Jiri Hruska
7b471fb344 imap: Enabled APPEND support in imap_perform()
Added logic in imap_perform() to perform an APPEND rather than SELECT
and FETCH if an upload has been specified.
2013-03-02 20:17:45 +00:00