Commit Graph

2564 Commits

Author SHA1 Message Date
Dan Fandrich
9798432f56 Fixed some compiler warnings. Fixed a low incidence memory leak in the test server. 2005-02-24 18:54:23 +00:00
Daniel Stenberg
f8b4ba80e0 krb4 fixed 2005-02-22 12:20:30 +00:00
Daniel Stenberg
527f70e540 Curl_base64_decode() now returns an allocated buffer 2005-02-22 12:10:30 +00:00
Daniel Stenberg
19f66c7575 Thanks for the notification iDEFENCE. We are the "initial vendor" and we sure
got no notification, no mail, no nothing.

You didn't even bother to mail us when you went public with this. Cool.

NTLM buffer overflow fix, as reported here:

http://www.securityfocus.com/archive/1/391042
2005-02-22 07:44:14 +00:00
Daniel Stenberg
5ba188ab2d Ralph Mitchell reported a flaw when you used a proxy with auth, and you
requested data from a host and then followed a redirect to another
host. libcurl then didn't use the proxy-auth properly in the second request,
due to the host-only check for original host name wrongly being extended to
the proxy auth as well. Added test case 233 to verify the flaw and that the
fix removed the problem.
2005-02-18 23:53:07 +00:00
Daniel Stenberg
176981b529 close the socket properly when returning error due to failing localbind
Bug report #1124588 by David
2005-02-17 14:45:03 +00:00
Daniel Stenberg
ac022b2e30 Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth"
that picks NTLM. Thanks to David Byron letting me test NTLM against his
servers, I could quickly repeat and fix the problem. It turned out to be:

When libcurl POSTs without knowing/using an authentication and it gets back a
list of types from which it picks NTLM, it needs to either continue sending
its data if it keeps the connection alive, or not send the data but close the
connection. Then do the first step in the NTLM auth. libcurl didn't send the
data nor close the connection but simply read the response-body and then sent
the first negotiation step. Which then failed miserably of course. The fixed
version forces a connection if there is more than 2000 bytes left to send.
2005-02-16 14:31:23 +00:00
Daniel Stenberg
0a3065a2f2 Rename Curl_pretransfersec() to *_second_connect() since it does not just
do pretransfer stuff like Curl_pretransfer().
2005-02-14 09:30:40 +00:00
Daniel Stenberg
b98faaa8c0 Fixed bad krb4 code. It always tried to use krb4 if built enabled. 2005-02-11 22:50:57 +00:00
Daniel Stenberg
e7cefd684b Removed all uses of strftime() since it uses the localised version of the
week day names and month names and servers don't like that.
2005-02-11 00:03:49 +00:00
Daniel Stenberg
17d61e4f29 typecast assign to ftpport from int to prevent warnings 2005-02-10 07:45:26 +00:00
Daniel Stenberg
446b9467da init fix for non-SSL builds 2005-02-10 07:45:08 +00:00
Daniel Stenberg
8c83422fe2 David Byron identified the lack of SSL_pending() use, and this is my take
at fixing this issue.
2005-02-09 23:09:12 +00:00
Daniel Stenberg
61a1e3cd01 better error checking and SSL init by David Byron 2005-02-09 23:04:51 +00:00
Daniel Stenberg
89cac6f25c prevent a compiler warning 2005-02-09 22:47:57 +00:00
Gisle Vanem
32d76a5b57 Set 'bits.close' in case of malloc fail.
Don't free 'lud_dn' twice in case curl_unescape()
fails.
2005-02-09 14:28:35 +00:00
Gisle Vanem
f5394cccb1 Use CURL_SOCKET_BAD. 2005-02-09 14:01:15 +00:00
Gisle Vanem
64dd9c7656 Handle CURLE_LOGIN_DENIED in strerror.c.
For ftp only?
2005-02-09 13:59:40 +00:00
Daniel Stenberg
16ae0c6466 FD_SET can be big macro, use braces 2005-02-09 13:47:35 +00:00
Daniel Stenberg
6a2e21ec8c FTP code turned into state machine. Not completely yet, but a good start.
The tag 'before_ftp_statemachine' was set just before this commit in case
of future need.
2005-02-09 13:06:40 +00:00
Gisle Vanem
120f17ce04 Replace LF with CRLF. Ref RFC-2229, sec 2.3:
"Each command line must be terminated by a CRLF".
2005-02-09 11:50:41 +00:00
Daniel Stenberg
41def21f91 ares_gethostbyname wants a 'ares_host_callback' in the 4th argument 2005-02-08 19:03:27 +00:00
Gisle Vanem
d118312922 Curl_addrinfo?_callback() and addrinfo_callback() now returns
CURLE_OK or CURLE_OUT_OF_MEMORY.
Add typecast in hostares.c.
2005-02-08 12:36:13 +00:00
Gisle Vanem
82b93e4945 Don't free too much in freedirs() if realloc() fails. 2005-02-08 12:32:28 +00:00
Daniel Stenberg
e36fb1ecda Curl_wait_for_resolv() no longer disconnects on failure, but leaves that
operation to the caller. Disconnecting has the disadvantage that the conn
pointer gets completely invalidated and this is not handled on lots of places
in the code.
2005-02-08 07:36:57 +00:00
Dan Fandrich
e4a1788614 Fix for a bug report that compressed files that are exactly 64 KiB long
produce a zlib error.
2005-02-07 19:12:37 +00:00
Gisle Vanem
7b23eff9cf Preserve previous status in Curl_http_done(). 2005-02-06 12:43:40 +00:00
Daniel Stenberg
29350b363b Eric Vergnaud found a use of an uninitialized variable 2005-02-04 23:43:44 +00:00
Daniel Stenberg
83c470a443 David Byron pointed out that this -1 on the buffer size is pointless since
the buffer is already BUFSIZE +1 one big to fit the extra trailing zero. This
change is reported to fix David's weird SSL problem...
2005-02-04 13:42:41 +00:00
Daniel Stenberg
686d767053 if the DO operation returns failure, bail out and close down nicely to
prevent memory leakage
2005-01-30 22:54:06 +00:00
Daniel Stenberg
e6034ea299 Use calloc() to save us the memset() call and terminate conn->host.name
properly, to avoid reading uninited variables when using file:// (valgrind)
2005-01-30 12:42:15 +00:00
Daniel Stenberg
9a820d7a98 include "url.h" for the Curl_safefree() proto 2005-01-29 22:38:45 +00:00
Daniel Stenberg
8dbaf534c8 Using the multi interface, and doing a requsted a re-used connection that
gets closed just after the request has been sent failed and did not re-issue
a request on a fresh reconnect like the easy interface did. Now it does!
(define CURL_MULTIEASY, run test case 160)
2005-01-29 22:31:06 +00:00
Daniel Stenberg
91f483c591 Define CURL_MULTIEASY when building this, to use my new curl_easy_perform()
that uses the multi interface to run the request. It is a great testbed for
the multi interface and I believe we shall do it this way for real in the
future when we have a successor to curl_multi_fdset().
2005-01-29 22:26:38 +00:00
Daniel Stenberg
c4ff5eb0ca conn->ip_addr MUST NOT be used on re-used connections 2005-01-29 13:07:16 +00:00
Daniel Stenberg
59b45a90cc multi interface: when a request is denied due to "Maximum redirects followed"
libcurl leaked the last Location: URL.
2005-01-29 12:01:20 +00:00
Daniel Stenberg
f661475962 Connect failures with the multi interface was often returned as "connect()
timed out" even though the reason was different. Fixed this problem by not
setting this timeout to zero when using multi.
2005-01-28 23:21:24 +00:00
Daniel Stenberg
4551e7ce49 KNOWN_BUGS #17 fixed. A DNS cache entry may not remain locked between two
curl_easy_perform() invokes. It was previously unlocked at disconnect, which
could mean that it remained locked between multiple transfers. The DNS cache
may not live as long as the connection cache does, as they are separate.

To deal with the lack of DNS (host address) data availability in re-used
connections, libcurl now keeps a copy of the IP adress as a string, to be able
to show it even on subsequent requests on the same connection.
2005-01-28 22:14:48 +00:00
Daniel Stenberg
064bc3ecbc Stephen More pointed out that CURLOPT_FTPPORT and the -P option didn't work
when built ipv6-enabled. I've now made a fix for it. Writing test cases for
custom port strings turned too tricky so unfortunately there's none.
2005-01-28 08:26:36 +00:00
Daniel Stenberg
177dbc7be0 Ian Ford asked about support for the FTP command ACCT, and I discovered it is
present in RFC959... so now (lib)curl supports it as well. --ftp-account and
CURLOPT_FTP_ACCOUNT set the account string. (The server may ask for an account
string after PASS have been sent away. The client responds with "ACCT [account
string]".) Added test case 228 and 229 to verify the functionality. Updated
the test FTP server to support ACCT somewhat.
2005-01-25 22:13:12 +00:00
Daniel Stenberg
043d70fcdf Use plain structs and not typedef'ed ones in the hash and linked-list code. 2005-01-25 00:06:29 +00:00
Daniel Stenberg
7e42cb61f7 FTP third transfer support overhaul. See CHANGES for details. 2005-01-21 09:32:32 +00:00
Daniel Stenberg
3050ae57c0 Stephan Bergmann made libcurl return CURLE_URL_MALFORMAT if an FTP URL
contains %0a or %0d in the user, password or CWD parts. (A future fix would
include doing it for %00 as well - see KNOWN_BUGS for details.) Test case 225
and 226 were added to verify this
2005-01-19 21:56:02 +00:00
Gisle Vanem
06ad5be3af Don't copy 'stderr' for Win-CE in IPv6 code. Don't call
GetCurrentProcess() twice; use a local variable.
2005-01-19 10:20:55 +00:00
Daniel Stenberg
a0c8b9bc68 Stephan Bergmann pointed out two flaws in libcurl built with HTTP disabled:
1) the proxy environment variables are still read and used to set HTTP proxy

2) you couldn't disable http proxy with CURLOPT_PROXY (since the option was
   disabled)
2005-01-19 09:36:44 +00:00
Daniel Stenberg
b1080f7c9a Cody Jones' enhanced version of Samuel Díaz García's MSVC makefile patch. 2005-01-18 10:17:34 +00:00
Daniel Stenberg
e0bea7d541 Alex aka WindEagle pointed out that when doing "curl -v dictionary.com", curl
assumed this used the DICT protocol. While guessing protocols will remain
fuzzy, I've now made sure that the host names must start with "[protocol]."
for them to be a valid guessable name. I also removed "https" as a prefix that
indicates HTTPS, since we hardly ever see any host names using that.
2005-01-16 08:51:52 +00:00
Gisle Vanem
f5b8a26d9a errrno can by freak accident become EINTR on DOS or
Windows (unrelated to select). select() can never set errno
to EINTR on Windows.
2005-01-15 09:26:07 +00:00
Daniel Stenberg
4d1f3d3cd0 Added README.hostip 2005-01-14 13:43:29 +00:00
Daniel Stenberg
0e26355348 Inspired by Martijn Koster's patch and example source at
http://www.greenhills.co.uk/mak/gentoo/curl-eintr-bug.c, I now made the
select() and poll() calls properly loop if they return -1 and errno is
EINTR. glibc docs for this is found here:
http://www.gnu.org/software/libc/manual/html_node/Interrupted-Primitives.html

This last link says BSD doesn't have this "effect". Will there be a problem
if we do this unconditionally?
S: ----------------------------------------------------------------------
2005-01-13 21:51:48 +00:00