Patrick Monnerat
19ea52da4d
vauth: factor base64 conversions out of authentication procedures
...
Input challenges and returned messages are now in binary.
Conversions from/to base64 are performed by callers (currently curl_sasl.c
and http_ntlm.c).
Closes #6654
2021-04-22 09:06:07 +02:00
Daniel Stenberg
4d2f800677
curl.se: new home
...
Closes #6172
2020-11-04 23:59:47 +01:00
Daniel Stenberg
d75e6ce85a
copyright: updated year ranges out of sync
...
... and whitelisted a few more files in the the copyright.pl script.
2020-05-24 00:02:33 +02:00
Major_Tom
8e762199b0
vauth/cleartext: fix theoretical integer overflow
...
Fix theoretical integer overflow in Curl_auth_create_plain_message.
The security impact of the overflow was discussed on hackerone. We
agreed this is more of a theoretical vulnerability, as the integer
overflow would only be triggerable on systems using 32-bits size_t with
over 4GB of available memory space for the process.
Closes #5391
2020-05-14 08:36:35 +02:00
Daniel Stenberg
93c4de6974
pingpong: disable more when no pingpong enabled
2019-05-13 08:17:10 +02:00
Steve Holme
f0950acc07
vauth/cleartext: Don't send the authzid if it is empty
...
Follow up to 762a292f
.
2019-04-21 23:34:21 +01:00
Steve Holme
762a292f87
vauth/cleartext: Update the PLAIN login function signature to match RFC 4616
...
Functionally this doesn't change anything as we still use the username
for both the authorisation identity and the authentication identity.
Closes #3757
2019-04-11 22:43:30 +01:00
Daniel Stenberg
f3a24d7916
Curl_auth_create_plain_message: fix too-large-input-check
...
CVE-2018-16839
Reported-by: Harry Sintonen
Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
2018-10-29 08:05:23 +01:00
Daniel Gustafsson
e182fc1613
comment: Fix multiple typos in function parameters
...
Ensure that the parameters in the comment match the actual names in the
prototype.
Closes #3079
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-03 10:27:27 +02:00
Daniel Stenberg
c1366571b6
vauth/cleartext: fix integer overflow check
...
Make the integer overflow check not rely on the undefined behavior that
a size_t wraps around on overflow.
Detected by lgtm.com
Closes #2408
2018-03-20 19:25:50 +01:00
Patrick Monnerat
945f60e8a7
Limit ASN.1 structure sizes to 256K. Prevent some allocation size overflows.
...
See CRL-01-006.
2016-11-24 14:28:39 +01:00
Daniel Stenberg
811a693b80
strcasecompare: all case insensitive string compares ignore locale now
...
We had some confusions on when each function was used. We should not act
differently on different locales anyway.
2016-10-31 08:46:35 +01:00
Daniel Stenberg
502acba2af
strcasecompare: is the new name for strequal()
...
... to make it less likely that we forget that the function actually
does case insentive compares. Also replaced several invokes of the
function with a plain strcmp when case sensitivity is not an issue (like
comparing with "-").
2016-10-31 08:46:35 +01:00
Daniel Stenberg
434f8d0389
internals: rename the SessionHandle struct to Curl_easy
2016-06-22 10:28:41 +02:00
Viktor Szakats
a24f71aac4
URLs: change http to https in many places
...
Closes #754
2016-04-06 11:58:34 +02:00
Steve Holme
58a7bc96ec
vauth: Refactored function names after move to new vauth directory
...
Renamed all the SASL functions that moved to the new vauth directory to
include the correct module name.
2016-03-25 17:40:12 +00:00
Steve Holme
7d2a5a05f6
vauth: Updated the copyright year after recent changes
...
As most of this work was performed in 2015 but not pushed until 2016
updated the copyright year to reflect the public facing changes.
2016-03-25 17:40:12 +00:00
Steve Holme
6101e35819
vauth: Moved the ClearText authentication code to the new vauth directory
2016-03-25 12:05:23 +00:00