1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-11 03:55:03 -05:00
Commit Graph

25 Commits

Author SHA1 Message Date
Steve Holme
4959be810b
digest: Corrected the name of the local HTTP digest function
Follow up to 2b5b37cb. Local static functions do not require the Curl
prefix.
2020-02-23 07:50:18 +00:00
Pierre-Yves Bigourdan
feba3f0549
digest: Do not quote algorithm in HTTP authorisation
RFC 7616 section 3.4 (The Authorization Header Field) states that "For
historical reasons, a sender MUST NOT generate the quoted string syntax
for the following parameters: algorithm, qop, and nc". This removes the
quoting for the algorithm parameter.

Reviewed-by: Steve Holme
Closes #4890
2020-02-07 22:46:21 +01:00
Marcel Raad
e23c52b329
build: fix Codacy warnings
Reduce variable scopes and remove redundant variable stores.

Closes https://github.com/curl/curl/pull/3975
2019-06-05 20:38:06 +02:00
Daniel Stenberg
8ece8177f1
cleanup: remove FIXME and TODO comments
They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing
or rephrasing them.

Ref: #3876
Closes #3883
2019-05-16 09:16:56 +02:00
Daniel Stenberg
dcd6f81025
snprintf: renamed and we now only use msnprintf()
The function does not return the same value as snprintf() normally does,
so readers may be mislead into thinking the code works differently than
it actually does. A different function name makes this easier to detect.

Reported-by: Tomas Hoger
Assisted-by: Daniel Gustafsson
Fixes #3296
Closes #3297
2018-11-23 08:26:51 +01:00
Daniel Gustafsson
2873971d62 memory: ensure to check allocation results
The result of a memory allocation should always be checked, as we may
run under memory pressure where even a small allocation can fail. This
adds checking and error handling to a few cases where the allocation
wasn't checked for success. In the ftp case, the freeing of the path
variable is moved ahead of the allocation since there is little point
in keeping it around across the strdup, and the separation makes for
more readable code. In nwlib, the lock is aslo freed in the error path.

Also bumps the copyright years on affected files.

Closes #3084
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-03 23:45:38 +02:00
Daniel Gustafsson
e182fc1613 comment: Fix multiple typos in function parameters
Ensure that the parameters in the comment match the actual names in the
prototype.

Closes #3079
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-03 10:27:27 +02:00
Marian Klymov
c45360d463
cppcheck: fix warnings
- Get rid of variable that was generating false positive warning
(unitialized)

- Fix issues in tests

- Reduce scope of several variables all over

etc

Closes #2631
2018-06-11 11:14:48 +02:00
Florin
2b5b37cb91
auth: add support for RFC7616 - HTTP Digest access authentication
Signed-off-by: Florin <petriuc.florin@gmail.com>
2017-10-28 16:32:43 +02:00
Jay Satiro
1cafede9f2 rand: treat fake entropy the same regardless of endianness
When the random seed is purposely made predictable for testing purposes
by using the CURL_ENTROPY environment variable, process that data in an
endian agnostic way so the the initial random seed is the same
regardless of endianness.

- Change Curl_rand to write to a char array instead of int array.

- Add Curl_rand_hex to write random hex characters to a buffer.

Fixes #1315
Closes #1468

Co-authored-by: Daniel Stenberg
Reported-by: Michael Kaufmann
2017-05-08 23:24:29 +02:00
Marcel Raad
4a8cf6c404
lib: fix maybe-uninitialized warnings
With -Og, GCC complains:

easy.c:628:7: error: ‘mcode’ may be used uninitialized in this function [-Werror=maybe-uninitialized]

../lib/strcase.h:35:29: error: ‘tok_buf’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
vauth/digest.c:208:9: note: ‘tok_buf’ was declared here

../lib/strcase.h:35:29: error: ‘tok_buf’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
vauth/digest.c:566:15: note: ‘tok_buf’ was declared here

Fix this by initializing the variables.
2017-04-22 22:12:37 +02:00
klemens
f7df67cff0 spelling fixes
Closes #1356
2017-03-26 23:56:23 +02:00
Daniel Stenberg
8657c268e1 checksrc: white space edits to comply to stricter checksrc 2016-11-24 23:58:22 +01:00
Daniel Stenberg
f682156a4f Curl_rand: fixed and moved to rand.c
Now Curl_rand() is made to fail if it cannot get the necessary random
level.

Changed the proto of Curl_rand() slightly to provide a number of ints at
once.

Moved out from vtls, since it isn't a TLS function and vtls provides
Curl_ssl_random() for this to use.

Discussion: https://curl.haxx.se/mail/lib-2016-11/0119.html
2016-11-14 08:23:52 +01:00
Daniel Stenberg
811a693b80 strcasecompare: all case insensitive string compares ignore locale now
We had some confusions on when each function was used. We should not act
differently on different locales anyway.
2016-10-31 08:46:35 +01:00
Steve Holme
a0f212946b vauth: Introduced Curl_auth_is_<mechansism>_supported() functions
As Windows SSPI authentication calls fail when a particular mechanism
isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5
and Negotiate to allow both HTTP and SASL authentication the opportunity
to query support for a supported mechanism before selecting it.

For now each function returns TRUE to maintain compatability with the
existing code when called.
2016-08-18 20:31:20 +01:00
Daniel Stenberg
434f8d0389 internals: rename the SessionHandle struct to Curl_easy 2016-06-22 10:28:41 +02:00
Viktor Szakats
a24f71aac4 URLs: change http to https in many places
Closes #754
2016-04-06 11:58:34 +02:00
Steve Holme
cbc52ff341 vauth: Corrected a number of typos in comments
Reported-by: Michael Osipov
2016-04-06 00:21:07 +01:00
Daniel Stenberg
a71012c03e code: style updates 2016-04-03 22:38:36 +02:00
Steve Holme
9feb2676a4 vauth: Removed the need for a separate GSS-API based SPN function 2016-04-03 20:26:03 +01:00
Steve Holme
58a7bc96ec vauth: Refactored function names after move to new vauth directory
Renamed all the SASL functions that moved to the new vauth directory to
include the correct module name.
2016-03-25 17:40:12 +00:00
Steve Holme
7d2a5a05f6 vauth: Updated the copyright year after recent changes
As most of this work was performed in 2015 but not pushed until 2016
updated the copyright year to reflect the public facing changes.
2016-03-25 17:40:12 +00:00
Steve Holme
568d26e0f5 digest.c: Fixed checksrc warnings 2016-03-25 12:17:34 +00:00
Steve Holme
51358a3f40 vauth: Moved the DIGEST authentication code to the new vauth directory 2016-03-25 12:05:23 +00:00