Daniel Stenberg
f61917594e
fix the distribution files
2005-03-03 06:51:31 +00:00
Dan Fandrich
0ddab51ad8
Fix for a base64 decode heap buffer overflow vulnerability.
2005-02-28 23:54:17 +00:00
Dan Fandrich
9798432f56
Fixed some compiler warnings. Fixed a low incidence memory leak in the test server.
2005-02-24 18:54:23 +00:00
Daniel Stenberg
5faf52619d
Updated as suggested by Samuel Díaz García
2005-02-22 18:39:40 +00:00
Daniel Stenberg
f8b4ba80e0
krb4 fixed
2005-02-22 12:20:30 +00:00
Daniel Stenberg
527f70e540
Curl_base64_decode() now returns an allocated buffer
2005-02-22 12:10:30 +00:00
Daniel Stenberg
19f66c7575
Thanks for the notification iDEFENCE. We are the "initial vendor" and we sure
...
got no notification, no mail, no nothing.
You didn't even bother to mail us when you went public with this. Cool.
NTLM buffer overflow fix, as reported here:
http://www.securityfocus.com/archive/1/391042
2005-02-22 07:44:14 +00:00
Daniel Stenberg
b7721deb02
added test case 234 which is like 233 but uses --location-trusted instead so
...
thus the second request to the new host will use authentication fine
2005-02-19 22:33:06 +00:00
Daniel Stenberg
5ba188ab2d
Ralph Mitchell reported a flaw when you used a proxy with auth, and you
...
requested data from a host and then followed a redirect to another
host. libcurl then didn't use the proxy-auth properly in the second request,
due to the host-only check for original host name wrongly being extended to
the proxy auth as well. Added test case 233 to verify the flaw and that the
fix removed the problem.
2005-02-18 23:53:07 +00:00
Daniel Stenberg
eadfd78c2e
socket leak, mingw build
2005-02-18 11:54:52 +00:00
Daniel Stenberg
4d815c9990
Based on Mike Dobbs' report, BUILDING_LIBCURL is now defined in here if it
...
runs to build with mingw.
2005-02-18 08:24:53 +00:00
Daniel Stenberg
176981b529
close the socket properly when returning error due to failing localbind
...
Bug report #1124588 by David
2005-02-17 14:45:03 +00:00
Daniel Stenberg
85baebd0d4
mention filename= for the -F
2005-02-17 07:47:32 +00:00
Daniel Stenberg
ac022b2e30
Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth"
...
that picks NTLM. Thanks to David Byron letting me test NTLM against his
servers, I could quickly repeat and fix the problem. It turned out to be:
When libcurl POSTs without knowing/using an authentication and it gets back a
list of types from which it picks NTLM, it needs to either continue sending
its data if it keeps the connection alive, or not send the data but close the
connection. Then do the first step in the NTLM auth. libcurl didn't send the
data nor close the connection but simply read the response-body and then sent
the first negotiation step. Which then failed miserably of course. The fixed
version forces a connection if there is more than 2000 bytes left to send.
2005-02-16 14:31:23 +00:00
Daniel Stenberg
f169b750b8
check for ENGINE_load_builtin_engines() as well if engine is around
2005-02-14 23:50:29 +00:00
Marty Kuhrt
86295eef13
changed config-vms info
2005-02-14 22:37:59 +00:00
Marty Kuhrt
32d60b2714
changed curlmsg.* entries to see if CVS would ignore it now
2005-02-14 22:36:21 +00:00
Daniel Stenberg
0a3065a2f2
Rename Curl_pretransfersec() to *_second_connect() since it does not just
...
do pretransfer stuff like Curl_pretransfer().
2005-02-14 09:30:40 +00:00
Daniel Stenberg
b98faaa8c0
Fixed bad krb4 code. It always tried to use krb4 if built enabled.
2005-02-11 22:50:57 +00:00
Marty Kuhrt
73772323c9
rename amigaos.c and nwlib.c if they exist before building
2005-02-11 22:42:16 +00:00
Daniel Stenberg
98389066e2
Removed per Marty's request: The .h_* files aren't needed anymore, I
...
consolidated them into one file called config-vms.h. The curlmsg.h and .sdl
files are generated from the curlmsg.msg file and, thus, shouldn't be in the
dist.
2005-02-11 22:05:04 +00:00
Marty Kuhrt
fb53ed4c1f
re-sync'd with curlmsg.msg
2005-02-11 21:17:23 +00:00
Marty Kuhrt
e719eb5b81
ignore curlmsg.h and .sdl as they are generated by curlmsg.msg
2005-02-11 21:07:35 +00:00
Marty Kuhrt
3858063bcd
sync'd error codes with include/curl.h
2005-02-11 21:01:52 +00:00
Marty Kuhrt
d4f5fea840
Added $Id$ and pre-exisiting logical check
2005-02-11 20:17:21 +00:00
Daniel Stenberg
22c1d48cb2
remove the check for strftime(), we don't need it
2005-02-11 19:34:05 +00:00
Daniel Stenberg
e7cefd684b
Removed all uses of strftime() since it uses the localised version of the
...
week day names and month names and servers don't like that.
2005-02-11 00:03:49 +00:00
Daniel Stenberg
d2485e4f20
valgrind stuff for test suite, vms build and more
2005-02-10 08:57:23 +00:00
Daniel Stenberg
160d6b26b0
Moved out the valgrind report parser to valgrind.pm, to make it easier to
...
test it outside the test suite. Now we also disable valgrind usage if libcurl
was built shared, as then valgrind is only testing the wrapper-script running
shell which is pointless.
2005-02-10 08:50:33 +00:00
Daniel Stenberg
17d61e4f29
typecast assign to ftpport from int to prevent warnings
2005-02-10 07:45:26 +00:00
Daniel Stenberg
446b9467da
init fix for non-SSL builds
2005-02-10 07:45:08 +00:00
Marty Kuhrt
3970a7056c
Reduced the two config-vms.h_* files into this one.
2005-02-10 01:54:11 +00:00
Daniel Stenberg
74068a6d1b
David Byron fixed his SSL problems, initially mentioned here:
...
http://curl.haxx.se/mail/lib-2005-01/0240.html . It turned out we didn't use
SSL_pending() as we should.
This was TODO-RELEASE issue #59 .
2005-02-09 23:16:03 +00:00
Daniel Stenberg
8c83422fe2
David Byron identified the lack of SSL_pending() use, and this is my take
...
at fixing this issue.
2005-02-09 23:09:12 +00:00
Daniel Stenberg
61a1e3cd01
better error checking and SSL init by David Byron
2005-02-09 23:04:51 +00:00
Daniel Stenberg
89cac6f25c
prevent a compiler warning
2005-02-09 22:47:57 +00:00
Gisle Vanem
62082293c5
Some functions are static here, but extern in libxml's
...
SAX.h. gcc doesn't like that. Rename.
2005-02-09 15:15:01 +00:00
Daniel Stenberg
153fd2752c
the new ftp code and Gisle's DICT fix
2005-02-09 14:34:46 +00:00
Daniel Stenberg
e649a40f5d
issue #54 done
2005-02-09 14:29:57 +00:00
Gisle Vanem
32d76a5b57
Set 'bits.close' in case of malloc fail.
...
Don't free 'lud_dn' twice in case curl_unescape()
fails.
2005-02-09 14:28:35 +00:00
Daniel Stenberg
14aa3fa258
add missing error codes
2005-02-09 14:13:21 +00:00
Gisle Vanem
f5394cccb1
Use CURL_SOCKET_BAD.
2005-02-09 14:01:15 +00:00
Gisle Vanem
64dd9c7656
Handle CURLE_LOGIN_DENIED in strerror.c.
...
For ftp only?
2005-02-09 13:59:40 +00:00
Daniel Stenberg
16ae0c6466
FD_SET can be big macro, use braces
2005-02-09 13:47:35 +00:00
Daniel Stenberg
6a2e21ec8c
FTP code turned into state machine. Not completely yet, but a good start.
...
The tag 'before_ftp_statemachine' was set just before this commit in case
of future need.
2005-02-09 13:06:40 +00:00
Gisle Vanem
120f17ce04
Replace LF with CRLF. Ref RFC-2229, sec 2.3:
...
"Each command line must be terminated by a CRLF".
2005-02-09 11:50:41 +00:00
Daniel Stenberg
ab938bb9bd
-O clarification
2005-02-08 23:39:47 +00:00
Daniel Stenberg
33820cd2ac
inflate and out of memory fixes
2005-02-08 19:07:28 +00:00
Daniel Stenberg
41def21f91
ares_gethostbyname wants a 'ares_host_callback' in the 4th argument
2005-02-08 19:03:27 +00:00
Gisle Vanem
d118312922
Curl_addrinfo?_callback() and addrinfo_callback() now returns
...
CURLE_OK or CURLE_OUT_OF_MEMORY.
Add typecast in hostares.c.
2005-02-08 12:36:13 +00:00