063d3f3b96
tidy-up: make conditional checks more consistent
...
... remove '== NULL' and '!= 0'
Closes #6912
2021-04-22 09:10:17 +02:00
19ea52da4d
vauth: factor base64 conversions out of authentication procedures
...
Input challenges and returned messages are now in binary.
Conversions from/to base64 are performed by callers (currently curl_sasl.c
and http_ntlm.c).
Closes #6654
2021-04-22 09:06:07 +02:00
4d2f800677
curl.se: new home
...
Closes #6172
2020-11-04 23:59:47 +01:00
d75e6ce85a
copyright: updated year ranges out of sync
...
... and whitelisted a few more files in the the copyright.pl script.
2020-05-24 00:02:33 +02:00
8e762199b0
vauth/cleartext: fix theoretical integer overflow
...
Fix theoretical integer overflow in Curl_auth_create_plain_message.
The security impact of the overflow was discussed on hackerone. We
agreed this is more of a theoretical vulnerability, as the integer
overflow would only be triggerable on systems using 32-bits size_t with
over 4GB of available memory space for the process.
Closes #5391
2020-05-14 08:36:35 +02:00
93c4de6974
pingpong: disable more when no pingpong enabled
2019-05-13 08:17:10 +02:00
f0950acc07
vauth/cleartext: Don't send the authzid if it is empty
...
Follow up to 762a292f
2019-04-21 23:34:21 +01:00
762a292f87
vauth/cleartext: Update the PLAIN login function signature to match RFC 4616
...
Functionally this doesn't change anything as we still use the username
for both the authorisation identity and the authentication identity.
Closes #3757
2019-04-11 22:43:30 +01:00
f3a24d7916
Curl_auth_create_plain_message: fix too-large-input-check
...
CVE-2018-16839
Reported-by: Harry Sintonen
Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
2018-10-29 08:05:23 +01:00
e182fc1613
comment: Fix multiple typos in function parameters
...
Ensure that the parameters in the comment match the actual names in the
prototype.
Closes #3079
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-03 10:27:27 +02:00
c1366571b6
vauth/cleartext: fix integer overflow check
...
Make the integer overflow check not rely on the undefined behavior that
a size_t wraps around on overflow.
Detected by lgtm.com
Closes #2408
2018-03-20 19:25:50 +01:00
945f60e8a7
Limit ASN.1 structure sizes to 256K. Prevent some allocation size overflows.
...
See CRL-01-006.
2016-11-24 14:28:39 +01:00
811a693b80
strcasecompare: all case insensitive string compares ignore locale now
...
We had some confusions on when each function was used. We should not act
differently on different locales anyway.
2016-10-31 08:46:35 +01:00
502acba2af
strcasecompare: is the new name for strequal()
...
... to make it less likely that we forget that the function actually
does case insentive compares. Also replaced several invokes of the
function with a plain strcmp when case sensitivity is not an issue (like
comparing with "-").
2016-10-31 08:46:35 +01:00
434f8d0389
internals: rename the SessionHandle struct to Curl_easy
2016-06-22 10:28:41 +02:00
a24f71aac4
URLs: change http to https in many places
...
Closes #754
2016-04-06 11:58:34 +02:00
58a7bc96ec
vauth: Refactored function names after move to new vauth directory
...
Renamed all the SASL functions that moved to the new vauth directory to
include the correct module name.
2016-03-25 17:40:12 +00:00
7d2a5a05f6
vauth: Updated the copyright year after recent changes
...
As most of this work was performed in 2015 but not pushed until 2016
updated the copyright year to reflect the public facing changes.
2016-03-25 17:40:12 +00:00
6101e35819
vauth: Moved the ClearText authentication code to the new vauth directory
2016-03-25 12:05:23 +00:00
Daniel Stenberg