1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 00:28:48 -05:00
Commit Graph

6199 Commits

Author SHA1 Message Date
Yang Tse
b16e3da12a smtp.c: fix compiler warnings 2012-04-04 17:24:30 +02:00
Lijo Antony
950b0b770e connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails
Curl_socket returns CURLE_COULDNT_CONNECT when the opensocket callback
returns CURL_SOCKET_BAD. Previous return value CURLE_FAILED_INIT
conveys incorrect information to the user.
2012-04-03 22:56:29 +02:00
Steve Holme
15e1227ed4 pop3: Reworked the command sending and handling
Reworked the command sending from two specific LIST and RETR command
functions into a single command based function as well as the two
associated response handlers into a generic command handler.
2012-04-02 23:24:00 +01:00
Steve Holme
54866b68cd smtp.c: Code policing and tidy up 2012-04-01 21:09:38 +01:00
Armel Asselin
05a443adf2 SSH: public key can now be an empty string
If an empty string is passed to CURLOPT_SSH_PUBLIC_KEYFILE, libcurl will
pass no public key to libssh2 which then tries to compute it from the
private key. This is known to work when libssh2 1.4.0+ is linked against
OpenSSL.
2012-04-01 20:22:37 +02:00
Tatsuhiro Tsujikawa
ebf315e6f3 OpenSSL: Made cert hostname check conform to RFC 6125
This change replaces RFC 2818 based hostname check in OpenSSL build with
RFC 6125 [1] based one.

The hostname check in RFC 2818 is ambiguous and each project implements
it in the their own way and they are slightly different. I check curl,
gnutls, Firefox and Chrome and they are all different.

I don't think there is a bug in current implementation of hostname
check. But it is not as strict as the modern browsers do. Currently,
curl allows multiple wildcard character '*' and it matches '.'. (as
described in the comment in ssluse.c).

Firefox implementation is also based on RFC 2818 but it only allows at
most one wildcard character and it must be in the left-most label in the
pattern and the wildcard must not be followed by any character in the
label.[2] Chromium implementation is based on RFC 6125 as my patch does.
Firefox and Chromium both require wildcard in the left-most label in the
presented identifier.

This patch is more strict than the current implementation, so there may
be some cases where old curl works but new one does not. But at the same
time I think it is good practice to follow the modern browsers do and
follow the newer RFC.

[1] http://tools.ietf.org/html/rfc6125#section-6.4.3
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=159483
2012-04-01 20:10:37 +02:00
Daniel Stenberg
c44d45db86 HTTP: reset expected DL/UL sizes on redirects
With FOLLOWLOCATION enabled. When a 3xx page is downloaded and the
download size was known (like with a Content-Length header), but the
subsequent URL (transfered after the 3xx page) was chunked encoded, then
the previous "known download size" would linger and cause the progress
meter to get incorrect information, ie the former value would remain
being sent in. This could easily result in downloads that were WAY
larger than "expected" and would cause >100% outputs with the curl
command line tool.

Test case 599 was created and it was used to repeat the bug and then
verify the fix.

Bug: http://curl.haxx.se/bug/view.cgi?id=3510057
Reported by: Michael Wallner
2012-04-01 00:07:24 +02:00
Gökhan Şengün
7a2647e162 smtp: Add support for DIGEST-MD5 authentication 2012-03-31 22:31:19 +01:00
Gökhan Şengün
9bae9ddad9 smtp: Cody tidy up of md5 digest length
Replaced the hard coded md5 digest length (16) with a preprocessor
constant
2012-03-31 22:31:18 +01:00
Gökhan Şengün
004d7251ab md5: Add support for calculating the md5 sum of buffers incrementally
It is now possible to calculate the md5 sum as the stream of buffers
becomes known where as previously it was only possible to calculate the
md5 sum of a pre-prepared buffer.
2012-03-31 22:31:16 +01:00
Daniel Stenberg
33d044a862 Revert "mk-ca-bundle.pl: use LWP::UserAgent for https"
This reverts commit 9f0e1689f1.

It turned out that "improvement" instead made the fetching of the
certificates unreliable

Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
Reported by: Tim Heckman
2012-03-31 19:51:36 +02:00
Steve Holme
761c3c5446 pop3: Added support for additional pop3 commands
This feature allows the user to specify and use additional POP3
commands such as UIDL and DELE via libcurl's CURLOPT_CUSTOMREQUEST or
curl's -X command line option.
2012-03-31 18:46:22 +01:00
Yang Tse
97ff646fc1 ssh.c: code cleanup, Curl_safefree() already nullifies pointer 2012-03-25 18:30:17 +02:00
Yang Tse
9801596fb3 fix some compiler warnings 2012-03-25 18:30:16 +02:00
Steve Holme
982315573c pop3.c: Corrected problem with state() introduced in 01690ed2bc 2012-03-25 12:47:39 +01:00
Steve Holme
9f96e6da28 pop.c: Small code tidy up 2012-03-25 11:28:59 +01:00
Steve Holme
01690ed2bc pop3: Removed the need for the single message LIST command handler
Simplified the code to remove the need for a separate "LIST <msg id>"
command handler and state machine and instead use the LIST command
handler for both operations.
2012-03-25 11:21:59 +01:00
Steve Holme
2da89708ec pop3.c: Code policing and tidy up
Corrected character and line spacing and re-ordered list and retr
functions based on the order of their state machines.
2012-03-24 12:28:11 +00:00
Steve Holme
5c62a551c4 email: Moved server greeting responses into separate functions
Moved the server greeting response handling code from the statemach_act
functions to separate response functions. This makes the code simpler
to follow and provides consistency with the other responses that are
handled here.
2012-03-24 11:55:34 +00:00
Steve Holme
602a8a565c pop3.c: Fixed body data being written when CURLOPT_NOBODY is specified
Body data would be forwarded to the client application in both the RETR
and LIST commands even if CURLOPT_NOBODY was specified.
2012-03-24 00:09:38 +00:00
Yang Tse
fe93b0a874 http_proxy.h: fix builds with proxy or http disabled 2012-03-22 17:27:14 +01:00
Yang Tse
e8a32438c2 parsedate.c: fix a numeric overflow 2012-03-22 15:54:34 +01:00
Andrei Cipu
97b66ebefe cookies: strip the numerical ipv6 host properly
The commit e650dbde86 that stripped off [brackets] from ipv6-only host
headers for the sake of cookie parsing wrongly incremented the host
pointer which would cause a bad free() call later on.
2012-03-22 08:56:33 +01:00
Yang Tse
3c80309c27 fix several compiler warnings 2012-03-22 04:54:04 +01:00
Daniel Stenberg
c83de6d076 CONNECT: fix multi interface regression
The refactoring of HTTP CONNECT handling in commit 41b0237834 that
made it protocol independent broke it for the multi interface. This fix
now introduce a better state handling and moved some logic to the
http_proxy.c source file.

Reported by: Yang Tse
Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-03-22 00:12:37 +01:00
Yang Tse
c6825b7a6b fix several compiler warnings 2012-03-20 18:28:24 +01:00
Daniel Stenberg
ad77420ac7 lwip: basic checks and macros for compatiblity 2012-03-17 23:02:21 +01:00
Yang Tse
0c8e36c18a http_proxy.c: fix OOM handling 2012-03-16 20:11:22 +01:00
Yang Tse
8af4b657d0 fix some compiler warnings 2012-03-16 19:06:34 +01:00
Maxim Prohorov
97386c3c84 resolve with c-ares: don't resolve IPv6 when not working
If the Curl_ipv6works() function says no, there is no reason to try AAAA
names even if libcurl was built with IPv6 support enabled.

Bug: http://curl.haxx.se/mail/lib-2012-03/0045.html
2012-03-13 22:52:39 +01:00
Steve Holme
e25590a2b3 smtp.c: Changed the curl error code for EHLO and HELO responses
Changed the returned curl error codes for EHLO and HELO responses from
CURLE_LOGIN_DENIED to CURLE_REMOTE_ACCESS_DENIED as a negative response
from these commands represents no service as opposed to a login error.
2012-03-10 22:03:42 +00:00
Andrei Cipu
e650dbde86 Curl_http: strip off [brackets] from ipv6-only host headers
Since the host name is passed in to the cookie engine it will not work
correctly if the brackets are left in the name.

Bug:http://curl.haxx.se/mail/lib-2012-03/0036.html
2012-03-10 16:48:59 +01:00
John Joseph Bachir
9f0e1689f1 mk-ca-bundle.pl: use LWP::UserAgent with proper https verify behavior.
An alternative would be:

1. specify HTTPS_CA_DIR and/or HTTPS_CA_FILE
2. ensure that Net::SSL is being used, and IO::Socket::SSL is NOT being
   used

This question and answer explain:
http://stackoverflow.com/questions/74358/
2012-03-10 15:51:24 +01:00
John Joseph Bachir
f7e2ab629e access the CA source file using HTTPS 2012-03-10 15:50:27 +01:00
Daniel Stenberg
2764bf2c5b includes: remove inclusion of unused file http_proxy.h 2012-03-09 00:05:24 +01:00
Daniel Stenberg
41b0237834 CONNECT: made generically not per-protocol
Curl_protocol_connect() now does the tunneling through the HTTP proxy if
requested instead of letting each protocol specific connection function
do it.
2012-03-08 23:31:38 +01:00
Daniel Stenberg
cabd010dd4 ssh_connect: tunnel through HTTP proxy if requested 2012-03-08 21:47:54 +01:00
Daniel Stenberg
c55a0809bb LWIP: don't consider HAVE_ERRNO_H to be winsock
The check for Winsock definition was a bit too broad

Bug: http://curl.haxx.se/mail/lib-2012-03/0046.html
2012-03-08 21:25:35 +01:00
Daniel Stenberg
79b6f4a2d3 CONNECT: fix ipv6 address in the Request-Line
Commit 466150bc64 fixed the Host: header with CONNECT, but I then
forgot the preceeding request-line. Now this too uses [brackets]
properly if a ipv6 numerical address was given.

Bug: http://curl.haxx.se/bug/view.cgi?id=3493129
Reported by: "Blacat"
2012-02-24 23:33:14 +01:00
Steve Holme
5430007222 SMTP: Added support for returning SMTP response codes
Set the conn->data->info.httpcode variable in smtp_statemach_act() to
allow Curl_getinfo() to return the SMTP response code via the
CURLINFO_RESPONSE_CODE action.
2012-02-23 23:29:03 +01:00
Steve Holme
2f1ad7d6e2 smtp.c: Fixed an issue with writing postdata
Fixed a problem in smtp_done() when writing out the postdata as
Curl_write() would periodically return zero bytes written.
2012-02-21 22:50:46 +01:00
Steve Holme
035ef06bda pop3.c: Fixed drop of final CRLF in EOB checking
Curl_pop3_write() would drop the final CRLF of a message as it was
considered part of the EOB as opposed to part of the message. Whilst
the EOB sequence needs to be searched for by the function only the
final 3 characters should be removed as per RFC-1939 section 3.

Reported by: Rich Gray
Bug: http://curl.haxx.se/mail/lib-2012-02/0051.html
2012-02-19 23:48:14 +01:00
Steve Holme
3d98aed5b3 smtp.c: Fixed an issue with the EOB checking
Curl_smtp_escape_eob() would leave off final CRLFs from emails ending
in multiple blank lines additionally leaving the smtpc->eob variable
with the character count in, which would cause problems for additional
emails when sent through multiple calls to curl_easy_perform() after a
CURLOPT_CONNECT_ONLY.
2012-02-17 22:47:19 +01:00
Steve Holme
5c409d03ec SMTP: Code policing and tidy up 2012-02-16 13:20:34 +01:00
Steve Holme
b685481d52 smtp.c: Fixed use of angled brackets in AUTH parameter.
Fixed the use of angled brackets "<>" in the optional AUTH parameter as
per RFC-2554 section 5. The address should not include them but an
empty address should be replaced by them.
2012-02-15 21:51:45 +01:00
Steve Holme
0cf0ab6f30 smtp_mail: Added support to MAIL FROM for the optional AUTH parameter
Added a new CURLOPT_MAIL_AUTH option that allows the calling program to
set the optional AUTH parameter in the MAIL FROM command.

When this option is specified and an authentication mechanism is used
to communicate with the mail server then the AUTH parameter will be
included in the MAIL FROM command. This is particularly useful when the
calling program is acting as a relay in a trusted environment and
performing server to server communication, as it allows the relaying
server to specify the address of the mailbox that was used to
authenticate and send the original email.
2012-02-14 22:50:49 +01:00
toddouska
ee7e4fc1d1 cyassl: update to CyaSSL 2.0.x API
Modify configure.ac to test for new CyaSSL Init function and remove
default install path to system.  Change to CyaSSL OpenSSL header and
proper Init in code as well.

Note that this no longer detects or works with CyaSSL before v2
2012-02-14 19:49:54 +01:00
Steve Holme
69406f0be7 SMTP: Fixed error when using CURLOPT_CONNECT_ONLY
Fixed incorrect behavior in smtp_done() which would cause the end of
block data to be sent to the SMTP server if libcurl was operating in
connect only mode. This would cause the server to return an error as
data would not be expected which in turn caused libcurl to return
CURLE_RECV_ERROR.
2012-02-14 19:12:28 +01:00
Daniel Stenberg
7ed25fcc5c parse_proxy: simply memory handling
... by making sure that the string is always freed after the invoke as
parse_proxy will always copy the data and this way there's a single
free() instead of multiple ones.
2012-02-10 17:00:55 +01:00
Daniel Stenberg
ecc93caaeb parse_proxy: bail out on zero-length proxy names!
The proxy parser function strips off trailing slashes off the proxy name
which could lead to a mistaken zero length proxy name which would be
treated as no proxy at all by subsequent functions!

This is now detected and an error is returned. Verified by the new test
1329.

Reported by: Chandrakant Bagul
Bug: http://curl.haxx.se/mail/lib-2012-02/0000.html
2012-02-10 16:26:20 +01:00
Kamil Dudka
ebf3138992 nss: add support for the CURLSSLOPT_ALLOW_BEAST option
... and fix some typos from the 62d15f1 commit.
2012-02-09 23:25:55 +01:00
Daniel Stenberg
2a699bc6e9 CURLOPT_SSL_OPTIONS: added
Allow an appliction to set libcurl specific SSL options. The first and
only options supported right now is CURLSSLOPT_ALLOW_BEAST.

It will make libcurl to disable any work-arounds the underlying SSL
library may have to address a known security flaw in the SSL3 and TLS1.0
protocol versions.

This is a reaction to us unconditionally removing that behavior after
this security advisory:

http://curl.haxx.se/docs/adv_20120124B.html

... it did however cause a lot of programs to fail because of old
servers not liking this work-around. Now programs can opt to decrease
the security in order to interoperate with old servers better.
2012-02-09 22:22:54 +01:00
Dave Reisner
705f0f7a5b add library support for tuning TCP_KEEPALIVE
This adds three new options to control the behavior of TCP keepalives:

- CURLOPT_TCP_KEEPALIVE: enable/disable probes
- CURLOPT_TCP_KEEPIDLE: idle time before sending first probe
- CURLOPT_TCP_KEEPINTVL: delay between successive probes

While not all operating systems support the TCP_KEEPIDLE and
TCP_KEEPINTVL knobs, the library will still allow these options to be
set by clients, silently ignoring the values.
2012-02-09 18:53:51 +01:00
Daniel Stenberg
ea055407fa curl_easy_reset: reset the referer string
When CURLOPT_REFERER has been used, curl_easy_reset() did not properly
clear it.

Verified with the new test 598

Bug: http://curl.haxx.se/bug/view.cgi?id=3481551
Reported by: Michael Day
2012-02-07 23:07:43 +01:00
Daniel Stenberg
466150bc64 CONNECT: send correct Host: with IPv6 numerical address
When the target host was given as a IPv6 numerical address, it was not
properly put within square brackets for the Host: header in the CONNECT
request. The "normal" request did fine.

Reported by: "zooloo"
Bug: http://curl.haxx.se/bug/view.cgi?id=3482093
2012-01-31 22:52:10 +01:00
Pierre Ynard
f4d3c0cbfb more resilient connection times among IP addresses
When connecting to a domain with multiple IP addresses, allow different,
decreasing connection timeout values. This should guarantee some
connections attempts with sufficiently long timeouts, while still
providing fallback.
2012-01-28 14:00:52 +01:00
Pierre Ynard
4d2737bcb2 remove write-only variable 2012-01-28 13:58:49 +01:00
Daniel Stenberg
70f71bb99f gnutls: enforced use of SSLv3
With advice from Nikos Mavrogiannopoulos, changed the priority string to
add "actual priorities" and favour ARCFOUR. This makes libcurl work
better when enforcing SSLv3 with GnuTLS. Both in the sense that the
libmicrohttpd test is now working again but also that it mitigates a
weakness in the older SSL/TLS protocols.

Bug: http://curl.haxx.se/mail/lib-2012-01/0225.html
Reported by: Christian Grothoff
2012-01-24 08:54:26 +01:00
Daniel Stenberg
75ca568fa1 URL sanitize: reject URLs containing bad data
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a
decoded manner now use the new Curl_urldecode() function to reject URLs
with embedded control codes (anything that is or decodes to a byte value
less than 32).

URLs containing such codes could easily otherwise be used to do harm and
allow users to do unintended actions with otherwise innocent tools and
applications. Like for example using a URL like
pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get
a mail and instead this would delete one.

This flaw is considered a security vulnerability: CVE-2012-0036

Security advisory at: http://curl.haxx.se/docs/adv_20120124.html

Reported by: Dan Fandrich
2012-01-24 08:54:26 +01:00
Daniel Stenberg
db1a856b4f OpenSSL: don't disable security work-around
OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
(http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit
to SSL_OP_ALL that _disables_ that work-around despite the fact that
SSL_OP_ALL is documented to do "rather harmless" workarounds.

The libcurl code uses the SSL_OP_ALL define and thus logically always
disables the OpenSSL fix.

In order to keep the secure work-around workding, the
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set and this change
makes sure of this.

Reported by: product-security at Apple
2012-01-24 08:54:26 +01:00
Daniel Stenberg
7883cd5af3 URL parse: user name with ipv6 numerical address
Using a URL with embedded user name and password didn't work if the host
was given as a numerical IPv6 string, like ftp://user:password@[::1]/

Reported by: Brandon Wang
Bug: http://curl.haxx.se/mail/archive-2012-01/0047.html
2012-01-20 23:32:43 +01:00
Yang Tse
d7af7de5b2 telnet.c: fix OOM triggered segfault 2012-01-20 00:11:15 +01:00
Yang Tse
e64d332e79 OpenSSL: follow-up for commit a20daf90e3
avoid checking preprocessor definition official value
2012-01-19 22:29:00 +01:00
Yang Tse
d56b4c3f89 ssl session caching: fix compiler warnings 2012-01-18 23:42:39 +01:00
Daniel Stenberg
d1becc3231 polarssl: show cipher suite name correctly with 1.1.0
Apparently ssl_get_ciphersuite() is needed to get the name of the used
cipher suite.
2012-01-18 23:19:37 +01:00
Daniel Stenberg
f55f95d49c polarssl: show error code correctly
The value was turned negative when it shouldn't have been
2012-01-18 23:19:01 +01:00
Daniel Stenberg
61d31a3caf polarssl: havege_rand is not present in version 1.1.0
... it is now named havege_random!

Reported by: Robert Schumann
Bug: http://curl.haxx.se/mail/lib-2012-01/0178.html
2012-01-18 23:17:54 +01:00
Colin Hogben
4563eeb9f4 Use correct file descriptor for telnet upload.
Fix a bug where input was read from stdin even when a different FILE *
had been configured via CURLOPT_READDATA
2012-01-18 22:17:10 +01:00
Yang Tse
2cafb0e97c OpenLDAP: fix LDAP connection phase memory leak
bug: http://curl.haxx.se/bug/view.cgi?id=3474308
2012-01-18 16:06:29 +01:00
Johannes Bauer
6ea7acf5a9 OpenSSL: fix PKCS#12 certificate parsing related memory leak
Leak triggered when CURLOPT_SSLCERTTYPE and CURLOPT_SSLKEYTYPE set to P12
and both CURLOPT_SSLCERT and CURLOPT_SSLKEY point to the same PKCS#12 file.
2012-01-18 13:39:12 +01:00
Yang Tse
a20daf90e3 OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option is no longer enabled
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed successfull
interoperability with web server Netscape Enterprise Server 2.0.1 released
back in 1996 more than 15 years ago.

Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
CVE-2010-4180 when using previous OpenSSL versions we no longer enable
this option regardless of OpenSSL version and SSL_OP_ALL definition.
2012-01-18 11:59:20 +01:00
Yang Tse
0ce2bca741 add LF termination to infof() trace string 2012-01-16 21:14:05 +01:00
Yang Tse
6d62c5a6fc Curl_proxyCONNECT() trace known bug #39 2012-01-15 19:21:55 +01:00
Yang Tse
8e82ef9c32 http_negotiate_sspi.c: fix compiler warning 2012-01-13 13:34:43 +01:00
Yang Tse
d016f5f5f5 ssh.c: fix compiler warning 2012-01-13 12:57:09 +01:00
Daniel Stenberg
9f20379fe4 hostip: avoid getaddrinfo when c-ares is used
Some functions using getaddrinfo and gethostbyname were still
mistakingly being used/linked even if c-ares was selected as resolver
backend.

Reported by: Arthur Murray
Bug: http://curl.haxx.se/mail/lib-2012-01/0160.html
2012-01-12 23:13:19 +01:00
gsengun
d28411c3cc FTP: CURLE_PARTIAL_FILE should not cause control connection to be closed
Test 161 updated accordingly
2012-01-09 22:50:20 +01:00
Yang Tse
f34ddb90e6 lib/setup.h: portable symbolic names for Winsock shutdown() mode flags 2012-01-08 02:32:51 +01:00
Daniel Stenberg
4897f4e517 win32-threaded-resolver: stop using a dummy socket
Previously the code would create a dummy socket while resolving just to
have curl_multi_fdset() return something but the non-win32 version
doesn't do it this way and the creation and use of a socket that isn't
made with the common create-socket callback can be confusing to apps
using the multi_socket API etc.

This change removes the dummy socket and thus will cause
curl_multi_fdset() to return with maxfd == -1 more often.
2012-01-04 23:16:30 +01:00
Peter Sylvester
81524cbfa0 OpenSSL: remove reference to openssl internal struct
With this change, curl compiles with the new OPENSSL_NO_SSL_INTERN
cflag. This flag might become the default in some distant future.
2012-01-04 23:02:36 +01:00
Yang Tse
7bd2add06f krb5.c: fix compiler warning: variable set but not used 2012-01-04 19:11:54 +01:00
Steve Holme
db4f69ef06 Fixed use of CURLUSESSL_TRY for POP3 and IMAP based connections.
Fixed a problem in POP3 and IMAP where a connection would fail when
CURLUSESSL_TRY was specified for a server that didn't support
SSL/TLS connections rather than continuing.
2012-01-04 00:48:20 +01:00
Steve Holme
277022b2e4 Fixed incorrect error code being returned in STARTTLS
The STARTTLS response code in SMTP, POP3 and IMAP would return
CURLE_LOGIN_DENIED rather than CURLE_USE_SSL_FAILED when SSL/TLS
was not available on the server.

Reported by: Gokhan Sengun
Bug: http://curl.haxx.se/mail/lib-2012-01/0018.html
2012-01-04 00:47:58 +01:00
Yang Tse
cc69e56ce3 hostip.c: fix potential write past the end of string buffer 2012-01-02 13:44:56 +01:00
Yang Tse
8e25d1b93b hostip.c: fix Curl_loadhostpairs() OOM handling 2012-01-02 13:41:09 +01:00
Daniel Stenberg
7f472618de Curl_input_negotiate: use the correct buffer for input
Unfortunately we have no test cases for this and I have no SSPI build or
server to verify this with. The change seems simple enough though.

Bug: http://curl.haxx.se/bug/view.cgi?id=3466497
Reported by: Patrice Guerin
2012-01-01 22:36:32 +01:00
Daniel Stenberg
a3403db02f just a stupid typo 2011-12-31 23:53:52 +01:00
Daniel Stenberg
c9a3cab6c4 SFTP dir: increase buffer size counter
When the buffer gets realloced to hold the file name in the
SSH_SFTP_READDIR_LINK state, the counter was not bumped accordingly.

Reported by: Armel Asselin
Patch by: Armel Asselin
Bug: http://curl.haxx.se/mail/lib-2011-12/0249.html
2011-12-31 23:52:15 +01:00
Daniel Stenberg
81ebdd9e28 create_hostcache_id: use the key lower cased
... to make sure the DNS cache is properly case insensitive
2011-12-31 10:58:05 +01:00
Daniel Stenberg
207cf15032 changed case: use new host name for subsequent HTTP requests
When a HTTP connection is re-used for a subsequent request without
proxy, it would always re-use the Host: header of the first request. As
host names are case insensitive it would make curl send another host
name case that what the particular request used.

Now it will instead always use the most recent host name to always use
the desired casing.

Added test case 1318 to verify.

Bug: http://curl.haxx.se/mail/lib-2011-12/0314.html
Reported by: Alex Vinnik
2011-12-31 10:45:28 +01:00
Daniel Stenberg
5e0a44e4d5 CURLOPT_RESOLVE: avoid adding already present host names
The load host names to DNS cache function was moved to hostip.c and it
now makes sure to not add host names that already are present in the
cache. It would previously lead to memory leaks when for example using
the --resolve and multiple URLs on the command line.
2011-12-31 10:45:27 +01:00
Yang Tse
ed0364343d removed trailing whitespace 2011-12-30 03:36:18 +01:00
Kamil Dudka
9f7f6a62ff transfer: avoid unnecessary timeout event when waiting for 100-continue
The commit 9dd85bc unintentionally changed the way we compute the time
spent waiting for 100-continue.  In particular, when using a SSL client
certificate, the time spent by SSL handshake was included and could
cause the CURL_TIMEOUT_EXPECT_100 timeout to be mistakenly fired up.

Bug: https://bugzilla.redhat.com/767490
Reported by: Mamoru Tasaka
2011-12-25 22:37:24 +01:00
Yang Tse
98292bcdd0 transfer.c: move a logging statement placement 2011-12-25 12:11:51 +01:00
Yang Tse
996f2454ba hash.c: fix OOM triggered segfault 2011-12-25 11:35:45 +01:00
Daniel Stenberg
99a12baa34 ftp_do_more: don't return success until all is done
ftp_do_more() returns after accepting the server connect however it
needs to fall through and set "*complete" to TRUE before exit from the
function.

Bug: http://curl.haxx.se/mail/lib-2011-12/0250.html
Reported by: Gokhan Sengun
2011-12-24 00:12:00 +01:00
Daniel Stenberg
4f8db8bf95 Curl_do_more: fix typo logic
In the recent do_more fix the new logic was mistakenly checking the
pointer instead of what it points to.

Reported by: Gokhan Sengun
Bug: http://curl.haxx.se/mail/lib-2011-12/0250.html
2011-12-24 00:09:41 +01:00
Daniel Stenberg
5ac9ec7205 SFTP mkdir: use correct permission
When sending quote command to a SFTP server and 'mkdir' was used, it
would send fixed permissions and not use the CURLOPT_NEW_DIRECTORY_PERMS
as it should.

Reported by: Armel
Patch by: Armel
Bug: http://curl.haxx.se/mail/lib-2011-12/0249.html
2011-12-24 00:04:04 +01:00
Daniel Stenberg
2caa454dc1 resolve: don't leak pre-populated dns entries
CURLOPT_RESOLVE populates the DNS cache with entries that are marked as
eternally in use. Those entries need to be taken care of when the cache
is killed off.

Bug: http://curl.haxx.se/bug/view.cgi?id=3463121
Reported by: "tw84452852"
2011-12-23 14:46:20 +01:00
Yang Tse
1afbccc676 formdata.c: OOM handling fixes 2011-12-21 15:39:44 +01:00
Daniel Stenberg
926916e28e Curl_socket_check: enlarge poll struct array to 3
This function was introduced in commit 5527417afa and as pointed out
by Gokhan Sengun, the array with poll structs must large enough to hold
3 sockets since that is what the function can accept. It could be noted
that he had this fixed in his patch as posted in
http://curl.haxx.se/mail/lib-2011-12/0179.html

Bug: http://curl.haxx.se/mail/lib-2011-12/0228.html
Reported by: Gokhan Sengun
2011-12-20 23:33:54 +01:00
Daniel Stenberg
130fac6c16 timeleft_accept: ack global timeout, moved to ftp.c
First off the timeout for accepting a server connect back must of course
respect a global timeout. Then the timeleft function is only used by ftp
code so it was moved to ftp.c and made static.
2011-12-20 20:55:54 +01:00
Daniel Stenberg
377471f387 FTP: move FTP-specific struct field to ftpc_conn
"wait_data_conn" was added to the connectionbits in commit c834213ad5 for
handling active FTP connections but as it is purely FTP specific and now
only ever accessed by ftp.c I moved it into the FTP connection struct.
2011-12-20 20:30:38 +01:00
Daniel Stenberg
dfdac61522 non-blocking active FTP: cleanup multi state usage
Backpedaled out the funny double-change of state in the multi state
machine by adding a new argument to the do_more() function to signal
completion. This way it can remain in the DO_MORE state properly until
done. Long term, the entire DO_MORE logic should be moved into the FTP
code and be hidden from the multi code as the logic is only used for
FTP.
2011-12-20 20:30:02 +01:00
Gokhan Sengun
c834213ad5 FTP: perform active connections non-blocking
1- Two new error codes are introduced.

CURLE_FTP_ACCEPT_FAILED to be set whenever ACCEPTing fails because of
FTP server connected.

CURLE_FTP_ACCEPT_TIMEOUT to be set whenever ACCEPTing timeouts.

Neither of these errors are considered fatal and control connection
remains OK because it could just be a firewall blocking server to
connect to the client.

2- One new setopt option was introduced.

CURLOPT_ACCEPTTIMEOUT_MS

It sets the maximum amount of time FTP client is going to wait for a
server to connect. Internal default accept timeout is 60 seconds.
2011-12-20 20:30:02 +01:00
Daniel Stenberg
5527417afa sockets: new Curl_socket_check() can wait for 3 sockets
This offers an alternative to the existing Curl_socket_ready() API which
only checks one socket for read and one for write.
2011-12-20 20:30:02 +01:00
Daniel Stenberg
51d4885ca0 Curl_pgrsTime: store now in an auto variable
It makes it easier to introduce debug outputs in this function, and
everything in the function is using the value anyway so it might even be
more efficient.
2011-12-20 15:05:50 +01:00
Daniel Stenberg
ce896875f8 timer: restore PRETRANSFER timing
Regression introduced in 7.23.0 with commit 9dd85bce. The function in
which the PRETRANSFER time stamp was recorded was moved in time causing
it be stored very quickly after the start timestamp. On most systems
shorter than 1 millisecond and thus it wouldn't even show with -w
"%{time_pretransfer}" using the command line tool.

Bug: http://curl.haxx.se/mail/archive-2011-12/0022.html
Reported by: Toni Moreno
2011-12-20 14:59:46 +01:00
Daniel Stenberg
5c71544fc6 gitignore: ignore the symbol versioning file 2011-12-20 11:07:23 +01:00
Alessandro Ghedini
7cc2e8b349 configure: add symbols versioning option
Allow, at configure time, the production of versioned symbols. The
symbols will look like "CURL_<FLAVOUR>_<VERSION> <SYMBOL>", where
<FLAVOUR> represents the SSL flavour (e.g. OPENSSL, GNUTLS, NSS, ...),
<VERSION> is the major SONAME version and <SYMBOL> is the actual symbol
name. If no SSL library is enabled the symbols will be just
"CURL_<VERSION> <SYMBOL>".
2011-12-19 23:25:36 +01:00
Sven Wegener
3c18b38dcc Use Curl_ssl_connect for non-blocking connect fallback
This gets the appconnect time right for ssl backends, which don't
support non-blocking connects.

Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
2011-12-19 22:37:37 +01:00
Daniel Stenberg
583a902789 Curl_proxyCONNECT: use newlines in debug output 2011-12-19 09:32:54 +01:00
Yang Tse
4c4e8ba1f0 if2ip.[ch]: fix compilation with MinGW
Avoid 'interface' literal that some MinGW versions define as a macro
2011-12-13 18:37:33 +01:00
Yang Tse
de6f4f356e connect.c: fix compiler warning 'enumerated type is mixed with another type' 2011-12-13 16:18:08 +01:00
Yang Tse
66c5076252 if2ip.c: fix compiler warning 'unused parameter' 2011-12-13 16:08:42 +01:00
Yang Tse
b9b772fefe pop3.c: fix compiler warning variable may be used uninitialized 2011-12-13 15:58:02 +01:00
Yang Tse
07efe110cc if2ip.c: fix compiler warning 'enumerated type is mixed with another type' 2011-12-13 15:47:26 +01:00
Jason Glasgow
6e4835c795 CURLOPT_INTERFACE: avoid resolving interfaces names
Do not try to resolve interfaces names via DNS by recognizing interface
names in a few ways.  If the interface option argument has a prefix of
"if!" then treat the argument as only an interface.  Similarly, if the
interface argument is the name of an interface (even if it does not have
an IP address assigned), treat it as an interface name.  Finally, if the
interface argument is prefixed by "host!" treat it as a hostname that
must be resolved by /etc/hosts or DNS.

These changes allow a client using the multi interfaces to avoid
blocking on name resolution if the interface loses its IP address or
disappears.
2011-12-12 23:12:37 +01:00
Steve Holme
1259ccf747 ConnectionExists: Fix reuse for TLS upgraded connections
Fixed the connection reuse detection in ConnectionExists() when
comparing a new connection that is non-SSL based against that of a SSL
based connection that has become so by being upgraded via TLS.
2011-12-12 00:32:47 +01:00
Daniel Stenberg
07e3b7512c create_conn: don't switch to HTTP protocol if tunneling is enabled
This is a regression since who knows when. When spotting that a HTTP
proxy is used we must not uncondititionally enable the HTTP protocol
since if we do tunneling through the proxy we're still using the target
protocol.

Reported by: Naveen Chandran
2011-12-09 22:51:08 +01:00
Gokhan Sengun
1cacf853da Curl_closesocket: clear sock_accepted on close
As a follow-up from commit d5b5f64bce, clear the sock_accepted status
when such a socket is closed to avoid a re-used connection to retain the
state wrongly.

Bug: http://curl.haxx.se/mail/lib-2011-12/0079.html
2011-12-07 16:03:00 +01:00
Gokhan Sengun
2b24dd870e multi interface: fix block when CONNECT_ONLY option is used 2011-12-07 15:37:05 +01:00
Daniel Stenberg
2b0e09b0f9 OpenSSL: check for the SSLv2 function in configure
If no SSLv2 was detected in OpenSSL by configure, then we enforce the
OPENSSL_NO_SSL2 define as it seems some people report it not being
defined properly in the OpenSSL headers.
2011-12-06 14:22:45 +01:00
Daniel Stenberg
347f951c39 SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5
When a 32 digit hex key is given as a hostkey md5 checksum, the code
would still run it against the knownhost check and not properly
acknowledge that the md5 should then be the sole guide for.

The verbose output now includes the evaluated MD5 hostkey checksum.

Some related source code comments were also updated.

Bug: http://curl.haxx.se/bug/view.cgi?id=3451592
Reported by: Reza Arbab
2011-12-05 22:24:28 +01:00
Daniel Stenberg
c50dbf670f Curl_resolver_is_resolved: differentiate between host/proxy errors
As there are different return codes for host vs proxy errors, this function
now properly returns the code properly depending on what was attempted to get
resolved.

Bug: http://curl.haxx.se/mail/archive-2011-12/0010.html
Reported by: Jason Liu
2011-12-05 12:44:55 +01:00
Daniel Stenberg
0cf05af744 c-ares: return proxy failure for all proxy types
When making a distinction which return code to return, the code previously
only regarded HTTP proxies to be proxies and thus return host-related errors
for failures on other proxy types than HTTP. Now all proxy types will be
considered proxies...
2011-12-05 12:41:38 +01:00
Daniel Stenberg
d5b5f64bce FTP: close callback fix
Keep track of which sockets that are the result of accept() calls and
refuse to call the closesocket callback for those sockets. Test case 596
now verifies that the open socket callback is called the same number of
times as the closed socket callback for active FTP connections.

Bug: http://curl.haxx.se/mail/lib-2011-12/0018.html
Reported by: Gokhan Sengun
2011-12-05 12:34:27 +01:00
Daniel Stenberg
088ba97a24 FTP: call opensocket callback properly
When the new socket is created for an active connection, it is now done
using the open socket callback.

Test case 596 was modified to run fine, although it hides the fact that
the close callback is still called too many times, as it also gets
called for closing sockets that were created with accept().
2011-12-05 11:42:10 +01:00
Daniel Stenberg
9109cdec11 Curl_socket: internal replacement for socket()
Moved out into a separate function to work as a "generic" socket()
replacement.
2011-12-05 10:58:38 +01:00
Jason Glasgow
62d3652b43 CURLOPT_DNS_SERVERS: set name servers if possible (fix)
Ensure that CURLE_OK is returned if setting the name servers is successfull.
2011-12-02 21:54:15 +01:00
Daniel Stenberg
d81f5ea3e0 multi interface: only use non-NULL function pointer!
If the socket callback function pointer hasn't been set, we must not
attempt to use it. Commit adc88ca20 made it more likely to occur.
2011-12-02 21:10:28 +01:00
Jason Glasgow
adc88ca203 multi: handle timeouts on DNS servers by checking for new sockets
If the first name server is not available, the multi interface does
not invoke the socket_cb when the DNS request to the first name server
timesout.  Ensure that the list of sockets are always updated after
calling Curl_resolver_is_resolved.

This bug can be reproduced if Curl is complied with --enable_ares and
your code uses the multi socket interfaces and the
CURLMOPT_SOCKETFUNCTION option.  To test try:
  iptables -I INPUT \
           -s $(sed -n -e '/name/{s/.* //p;q}' /etc/resolv.conf)/32 \
           -j REJECT
and then run a program which uses the multi-interface.
2011-12-02 10:18:52 +01:00
Steve Holme
bdb647814e POP3: fixed escaped dot not being striped out
Changed the eob detection to work across the whole of the buffer so that
lines that begin with a dot (which the server will have escaped) are
passed to the client application correctly.
2011-12-01 00:06:47 +01:00
Yang Tse
1038d0aa16 pop3.c: fix compiler warning 2011-11-29 20:28:49 +01:00
Daniel Stenberg
af64666434 POP3: detect when LIST returns no mails
By making sure the function can detect an "end of body" sequence
immediately on the first line, test 811 is now enabled.
2011-11-29 13:43:46 +01:00
Daniel Stenberg
dda815b776 POP3: fix end of body detection
Curl_pop3_write() now has a state machine that scans for the end of a
POP3 body so that the CR LF '.' CR LF sequence can come in everything
from one up to five subsequent packets.

Test case 810 is modified to use SLOWDOWN which makes the server pause
between each single byte and thus makes the POP3 body get sent to curl
basically one byte at a time.
2011-11-29 00:25:21 +01:00
Yang Tse
2d833852f6 CyaSSL 2.0+ library initialization adjustment 2011-11-25 17:23:36 +01:00
Jonas Schnelli
0604b2fb90 rectify comment 2011-11-25 15:02:43 +01:00
Daniel Stenberg
8f50a5c7e5 SSLSESSION_SHARED: new macro to check if session is shared
Added convenience macro to use to check if a handle is using a shared
SSL session, and fixed so that Curl_ssl_close_all() doesn't lock when
the session isn't shared.
2011-11-25 15:00:37 +01:00
Yang Tse
703fa0a6a8 telnet.c: fix MSVC compiler warning 2011-11-25 14:30:53 +01:00
Yang Tse
97d7a9260e tvdiff_secs(): sub-zero time difference adjustment
Skip a floating point addition operation when integral part of time difference
is zero. This avoids potential floating point addition rounding problems while
preserving decimal part value.
2011-11-25 13:51:55 +01:00
Daniel Stenberg
4a4d04446d telnet: fix macros to allow proper semicolon use
Macros that look like function calls need to be made so that we can use
semicolons properly for indentation and for reducing the risk for
mistakes when using them.
2011-11-25 10:56:18 +01:00
Laurent Rabret
b9223a17b8 TELNET: improved treatment of options
1) enables the Window Size option
2) allows the server to enable the echo mode
3) allows an app using libcurl to disable the default binary mode

Signed-off-by: Laurent Rabret
2011-11-25 10:46:49 +01:00
Jonas Schnelli
2c905fd1f8 query-part: ignore the URI part for given protocols
By setting PROTOPT_NOURLQUERY in the protocol handler struct, the
protocol will get the "query part" of the URL cut off before the data is
handled by the protocol-specific code. This makes libcurl adhere to
RFC3986 section 2.2.

Test 1220 is added to verify a file:// URL with query-part.
2011-11-24 23:31:19 +01:00
Yang Tse
46bd8b330a getinfo.c: reset app connect time when clearing session-info time variables 2011-11-24 18:13:09 +01:00
Yang Tse
78feaff9d8 Fix unreleased regression when using windows gnutls versions older than 2.8 2011-11-24 12:11:52 +01:00
Mark Brand
28bac99674 gnutls: only translate winsock errors for old versions
Bugfix: https handshake fails using gnutls 3 on windows
http://sourceforge.net/tracker/index.php?func=detail&aid=3441084&group_id=976&atid=100976

New gnutls versions have an error handler that knows about Winsock
errors, which is why gnutls_transport_set_global_errno() was deprecated
and then removed.

This is a correction of commit f5bb370 (blame me) which meant to
reimplement gnutls_transport_set_global_errno(), which is not necessary.
2011-11-23 22:38:11 +01:00
Daniel Stenberg
7248439fec protocol_connect: show verbose connect and set connect time
Regression: commit b998d95b (shipped first in release 7.22.0) made the
condition always equal false that should reset the TIMER_CONNECT timer
and call the Curl_verboseconnect() function.

Reported by: "Captain Basil"
Bug: http://curl.haxx.se/mail/archive-2011-11/0035.html
2011-11-21 23:36:21 +01:00
Martin Storsjo
64f328c787 Add support for using nettle instead of gcrypt as gnutls backend 2011-11-19 22:23:14 +01:00
Jonas Schnelli
f64812ca63 SFTP: support '*' prefix for quote operations
prefixing a command with '*' means it is allowed to fail without
aborting the chain actions
2011-11-18 16:04:52 +01:00
Daniel Stenberg
10ecdf5078 getsessionid: don't ever return while locked
Also, check for the session sharing bit instead of comparing pointers
2011-11-17 23:57:21 +01:00
Daniel Stenberg
bb4eb58996 Curl_ssl_getsessionid: increase the value, not the pointer 2011-11-17 23:46:29 +01:00
Alejandro Alvarez Ayllon
35f61c404d SSL session share: move the age counter to the share object
Previously the age counter would be counted individually in each easy
handle that shared SSL sessions!
2011-11-17 23:34:38 +01:00
Jason Glasgow
8d0a504f0d CURLOPT_DNS_SERVERS: set name servers if possible 2011-11-17 22:52:33 +01:00
Guenter Knauf
fd765c627f Fix to skip untrusted certs. 2011-11-08 05:46:46 +01:00
Daniel Stenberg
e3166df1bb ftp PORT: don't hang if bind() fails
When the user requests PORT with a specific port or port range, the code
could lock up in an endless loop. There's now an extra conditional that
makes sure to special treat the error and try the local address only
once so a second failure will abort the loop correctly.

Bug: http://curl.haxx.se/bug/view.cgi?id=3433968
Reported by: Gokhan Sengun
2011-11-06 23:02:27 +01:00
Daniel Stenberg
06a83e8050 pingpong: change two comments wrongly referring "FTP"
Just a sign of where the code originally was ripped out from. Now it is
generic "pingpong".
2011-11-06 17:38:36 +01:00
Rene Bernhardt
4851dafcf1 HTTP auth: fix proxy Negotiate bug
If a proxy offers several Authentication schemes where NTLM and
Negotiate are offered by the proxy and you tell libcurl not to use the
Negotiate scheme then the request never returns when the proxy answers
with its HTTP 407 reply.

It is reproducible by the following steps:

- Use a proxy that offers NTLM and Negotiate ( CURLOPT_PROXY and
CURLOPT_PROXYPORT )

- Tell libcurl NOT to use Negotiate CURL_EASY_SETOPT(CURLOPT_PROXYAUTH,
CURLAUTH_BASIC | CURLAUTH_DIGEST | CURLAUTH_NTLM )

- Start the request

The call to CURL_EASY_PERFORM never returns. If you switch on debug
logging you can see that libcurl issues a new request As soon as it
received the 407 reply. Instead it should return and set the response
code to 407.

Bug: http://curl.haxx.se/mail/lib-2011-10/0323.html
2011-11-06 17:19:37 +01:00
Yang Tse
73029dca5a ssluse.c: fix calling of OpenSSL's ERR_remove_state(0)
Move calling of ERR_remove_state(0) a.k.a ERR_remove_thread_state(NULL)
from Curl_ossl_close_all() to Curl_ossl_cleanup().

In this way ERR_remove_state(0) is now only called in libcurl by
curl_global_cleanup(). Previously it would get called by functions
curl_easy_cleanup(), curl_multi_cleanup and potentially each time a
connection was removed from a connection cache leading to premature
destruction of OpenSSL's thread local state hash.

Multi-threaded apps using OpenSSL enabled libcurl should still call
function ERR_remove_state(0) or ERR_remove_thread_state(NULL) at the
very end end of threads that do not call curl_global_cleanup().
2011-11-04 13:08:37 +01:00
Yang Tse
6fa6567b92 url.c and file.c: fix OOM triggered segfault 2011-11-03 21:56:51 +01:00
Daniel Stenberg
93e57d0628 rename ftp_ssl: the struct field is used for many protocols
Now called 'use_ssl' instead, which better matches the current CURLOPT
name and since the option is used for all pingpong protocols (at least)
it makes sense to not use 'ftp' in the name.
2011-11-03 09:54:12 +01:00
Daniel Stenberg
a873b95c21 gtls_connect_step1: remove use of deprecated functions
Use gnutls_priority_set_direct() instead of gnutls_protocol_set_priority().

Remove the gnutls_certificate_type_set_priority() use since x509 is the
default certificate type anyway.

Reported by: Vincent Torri
2011-11-02 22:44:22 +01:00
Yang Tse
6bdeca967d url.c and transfer.c: nullify connection pointer when free()'ed 2011-11-02 22:34:41 +01:00
Yang Tse
f7dfe2b87a multi.c: OOM handling fix 2011-11-01 14:38:21 +01:00
Yang Tse
49e3b2e03a setup.h: fix compiler warning 2011-10-31 22:42:43 +01:00
Yang Tse
f5bb370186 gtls.c: gnutls_transport_set_global_errno() deprecated in version 2.12.3 2011-10-29 14:58:50 +02:00
Yang Tse
ddeab48245 multi.c: OOM handling fix
Fix curl_multi_cleanup() segfault when using weird cleanup sequence.
2011-10-27 17:08:02 +02:00
Daniel Stenberg
b0d42da26b multi: start ftp state machine when switching to DO_MORE
This extends the fix from commit d7934b8bd4

When the multi state is changed within the multi_runsingle from DOING to
DO_MORE, we didn't immediately start the FTP state machine again. That
then left the FTP state in FTP_STOP. When curl_multi_fdset() was
subsequently called, the ftp_domore_getsock() function would return the
wrong fd info.

Reported by: Gokhan Sengun
2011-10-27 12:46:29 +02:00
Yang Tse
e8d8843a02 ftp.c: some OOM handling fixes 2011-10-24 20:45:13 +02:00
Daniel Stenberg
d7934b8bd4 curl_multi_fdset: correct fdset with FTP PORT use
After a PORT has been issued, and the multi handle would switch to the
CURLM_STATE_DO_MORE state (which is unique for FTP), libcurl would
return the wrong fdset to wait for when curl_multi_fdset() is
called. The code would blindly assume that it was waiting for a connect
of the second connection, while that isn't true immediately after the
PORT command.

Also, the function multi.c:domore_getsock() was highly FTP-centric and
therefore ugly to keep in protocol-agnostic code. I solved this problem
by introducing a new function pointer in the Curl_handler struct called
domore_getsock() which is only called during the DOMORE state for
protocols that set that pointer.

The new ftp.c:ftp_domore_getsock() function now returns fdset info about
the control connection's command/response handling while such a state is
in use, and goes over to waiting for a writable second connection first
once the commands are done.

The original problem could be seen by running test 525 and checking the
time stamps in the FTP server log. I can verify that this fix at least
fixes this problem.

Bug: http://curl.haxx.se/mail/lib-2011-10/0250.html
Reported by: Gokhan Sengun
2011-10-21 23:36:54 +02:00
Yang Tse
95d23d1ceb file.c: OOM handling fix
file_disconnect() free's resources for multi API
2011-10-21 16:52:17 +02:00
Yang Tse
a4758c3276 multi.c: fix segfault 2011-10-21 16:52:16 +02:00
Dan Fandrich
90fcad63cb Fixed compilation when HTTP or cookies are disabled 2011-10-20 17:54:18 -07:00
Daniel Stenberg
ff0a295cdb Curl_http_input_auth: handle multiple auths in WWW-Authenticate
The fix is pretty much the one Nick Zitzmann provided, just edited to do
the right indent levels and with test case 1204 added to verify the fix.

Bug: http://curl.haxx.se/mail/lib-2011-10/0190.html
Reported by: Nick Zitzmann
2011-10-20 13:12:02 +02:00
Daniel Stenberg
4fa0166173 Curl_smtp_escape_eob: first byte is index 0...
Fix a bug with with commit 2621dd42a4 that happened due to my last
second pre-commit cleanup of the change without proper testing
afterwards!
2011-10-20 13:12:02 +02:00
Tim Harder
8036da870c gtls: only call gnutls_transport_set_lowat with <gnutls-2.12.0
The default lowat level for gnutls-2.12* is set to zero to avoid
unnecessary system calls and the gnutls_transport_set_lowat function has
been totally removed in >=gnutls-3 which causes build failures.

Therefore, the function shouldn't be used except for versions that
require it, <gnutls-2.12.0.
2011-10-20 00:28:29 +02:00
Daniel Stenberg
2621dd42a4 Curl_smtp_escape_eob: fix EOB escaping
As the EOB string can come byte by byte over a series of writes we must
match byte-wise.

Bug: http://curl.haxx.se/mail/lib-2011-10/0172.html
2011-10-20 00:13:09 +02:00
Daniel Stenberg
ecbb08cea3 singleipconnect: unstick the ipv6-connection boolean
Previously the bit was set before the connection was found working so if
it would first fail to an ipv6 address and then connect fine to a IPv4
address the variable would still be TRUE.

Reported by: Thomas L. Shinnick
Bug: http://curl.haxx.se/bug/view.cgi?id=3421912
2011-10-17 23:12:58 +02:00
Kamil Dudka
491c5a497c nss: avoid a SIGSEGV with immature version of NSS
Bug: https://bugzilla.redhat.com/733685
2011-10-17 12:13:44 +02:00
Kamil Dudka
06e6755e87 nss: big cleanup in nss_load_cert() and cert_stuff() 2011-10-17 12:13:42 +02:00
Kamil Dudka
052a08ff59 nss: refactor fmt_nickname() -> dup_nickname()
Do not use artificial nicknames for certificates from files.
2011-10-17 12:11:40 +02:00
Kamil Dudka
f6980bbf24 nss: select client certificates by DER
... instead of nicknames, which are not unique.
2011-10-17 12:11:38 +02:00
Daniel Stenberg
840eff44f2 formdata: ack read callback abort
When doing a multipart formpost with a read callback, and that callback
returns CURL_READFUNC_ABORT, that return code must be properly
propagated back and handled accordingly. Previously it would be handled
as a zero byte read which would cause a hang!

Added test case 587 to verify. It uses the lib554.c source code with a
small ifdef.

Reported by: Anton Bychkov
Bug: http://curl.haxx.se/mail/lib-2011-10/0097.html
2011-10-16 01:09:56 +02:00
Daniel Stenberg
1a416cd27a singleipconnect: don't clobber errno
Save the errno value immediately after a connect() failure so that it
won't get reset to something else before we read it.

Bug: http://curl.haxx.se/mail/lib-2011-10/0066.html
Reported by: Frank Van Uffelen and Fabian Hiernaux
2011-10-15 23:44:28 +02:00
Yang Tse
8af94de50a file.c: fix compiler warning 2011-10-14 18:23:16 +02:00
Yang Tse
1bab38780b url.c: fix endless loop upon transport connection timeout
Jerry Wu detected and provided detailed info about this issue.
2011-10-14 17:34:42 +02:00
Yang Tse
ea12c72d12 curl_gethostname.c: fix signed/unsigned comparison and avoid a double copy
both introduced in 42be24af
2011-10-13 23:00:24 +02:00
Yang Tse
47e4537ac6 curl_ntlm_msgs.c: fix variable shadowing declaration introduced in 185ed340 2011-10-13 22:59:36 +02:00
Marcin Adamski
03adff1eba tftp.c: TFTP timeout and unexpected block adjustments
Set ACK timeout to 5 seconds.

If we are waiting for block X and receive block Y that is the expected one, we
should send ACK and increase X (which is already implemented). Otherwise drop
the packet and don't increase retry counter.
2011-10-13 19:45:36 +02:00
Yang Tse
34770b8ab0 multi.c: OOM handling fixes
Prevent modification of easy handle being added with curl_multi_add_handle()
unless this function actually suceeds.

Run Curl_posttransfer() to allow restoring of SIGPIPE handler when
Curl_connect() fails early in multi_runsingle().
2011-10-13 18:04:56 +02:00
Yang Tse
880cf0bedc url.c: make line shorter than 80 chars 2011-10-13 01:52:56 +02:00
Yang Tse
bff78cc18e OOM handling/cleanup slight adjustments 2011-10-12 21:32:10 +02:00
Yang Tse
584dc8b8af OOM handling/cleanup slight adjustments 2011-10-11 19:41:30 +02:00
Yang Tse
71c9453393 telnet.c: fix compiler warning 2011-10-08 01:27:03 +02:00
Yang Tse
17f48fe879 libcurl: some OOM handling fixes 2011-10-07 20:50:57 +02:00
Yang Tse
b82bd05354 multi.c: OOM handling fixes making torture tests 560 580 581 pass 2011-10-06 20:30:34 +02:00
Daniel Stenberg
ca2c326361 curl_share_cleanup: avoid compiler warning
Move the variable declaration to within the #ifdef
2011-10-04 16:34:45 +02:00
Daniel Stenberg
5c809178c2 struct Curl_share: provide sslsession unconditionally
It makes much nicer and less convuluted code everywhere if this struct
member is always present even when libcurl is built without SSL support.

This reverts parts of commit 15e3e45170
2011-10-04 16:33:07 +02:00
Daniel Stenberg
fa77f54a03 ftp: improved the failed PORT host name resolved error message 2011-10-04 16:24:50 +02:00
Daniel Stenberg
bc007d8ef5 codepolicing 2011-10-03 23:28:17 +02:00
Daniel Stenberg
d0dbd1e98e sspi build fix
define away Curl_ntlm_sspi_cleanup() when no windows SSPI build
2011-10-03 23:28:17 +02:00
Steve Holme
4d327d20c6 smtp: Added support for NTLM authentication
Modified smtp_endofresp() to detect NTLM from the server specified list
of supported authentication mechanisms.

Modified smtp_authenticate() to start the sending of the NTLM data.

Added smtp_auth_ntlm_type1_message() which creates a NTLM type-1
message. This function is used by authenticate() to start the sending
of data and by smtp_state_auth_ntlm_resp() when the AUTH command
doesn't contain the type-1 message as part of the initial response.
This lack of initial response can happen if an OOM error occurs or the
type-1 message is longer than 504 characters. As the main AUTH command
is limited to 512 character the data has to be transmitted in two
parts; one containing the AUTH NTLM and the second containing the
type-1 message.

Added smtp_state_auth_ntlm_type2msg_resp() which handles the incoming
type-2 message and sends an outgoing type-3 message. This type-2
message is sent by the server in response to our type-1 message.

Modified smtp_state_auth_resp() to handle the response to: the AUTH
NTLM without the initial response and the type-2 response.

Modified smtp_disconnect() to cleanup the NTLM SSPI stack.
2011-10-03 23:28:17 +02:00
Steve Holme
185ed3409a Curl_ntlm_create_typeX_message: Added the outlen parameter
Added the output message length as a parameter to both
Curl_ntlm_create_type1_message() and Curl_ntlm_create_type3_message()
for use by future functions that require it.

Updated curl_ntlm.c to cater for the extra parameter on these two
functions.
2011-10-03 23:28:17 +02:00
Steve Holme
d54bcebad4 smtp: General tidy up ready for adding NTLM support
Changed the name of variable l, in several functions, which represents
the length of strings being sent to the server, to len which is more
meaningful and consistent with other code in smtp.c and elsewhere.

Reworked smtp_authenticate() to be simpler and easier to follow.
Variables and now initialised in their definitions and if no username
and password are specified the function sets the state to SMTP_STOP and
returns immediately, rather than being part of a huge if statement.
2011-10-03 23:28:17 +02:00
Steve Holme
56ed07f7df smtp_mail: fixed another memory leak
... introduced in 7f304ab84f
2011-10-03 22:55:25 +02:00
Daniel Stenberg
15e3e45170 share: don't use SSL unless enabled
Don't even declare the struct members for disabled features

Introducing the CURLSHE_NOT_BUILT_IN return code for the share interface
when trying to set a sharing option that has been disabled (or not
enabled) in the library.
2011-10-03 22:35:04 +02:00
Daniel Stenberg
9dd85bced5 multi: progress function abort must close connection
When the progress function returns to cancel the request, we must mark
the connection to get closed and it must do to the DONE state.

do_init() must be called as early as possible so that state variables
for new connections are reset early. We could otherwise see that the old
values were still there when a connection was to be disconnected very
early and it would make it behave wrongly.

Bug: http://curl.haxx.se/mail/lib-2011-10/0006.html
Reported by: Vladimir Grishchenko
2011-10-02 19:28:39 +02:00
Daniel Stenberg
3d19e1eedf multi_runsingle: change state on callback abort
Reported by: Marcin Adamski
Bug: http://curl.haxx.se/mail/lib-2011-09/0329.html
2011-09-30 22:59:50 +02:00
Yang Tse
0c903ea189 Fix SSL disabled builds broken with 'SSL session sharing' commit 5793bc37 2011-09-30 21:09:59 +02:00
Daniel Stenberg
affed6725e smtp_mail: fix memory leak
... introduced in 7f304ab84f
2011-09-29 23:45:36 +02:00
Steve Holme
7f304ab84f smtp_mail: Added support to MAIL FROM for the optional SIZE parameter
The size of the email can now be set via CURLOPT_INFILESIZE. This
allows the email to be rejected by the server, if supported, and the
maximum size has been configured on the server.
2011-09-29 23:15:46 +02:00
Alejandro Alvarez
5793bc370c SSL session sharing support added
With locking, plus test, plus documentation
2011-09-28 23:06:34 +02:00
Guenter Knauf
b4fccc1d8e Added SPNEGO to NetWare build. 2011-09-27 16:02:07 +02:00
Yang Tse
d9f686db88 remove short-lived CURL_WRITEFUNC_OUT_OF_MEMORY 2011-09-26 13:05:42 +02:00
Steve Holme
400055bfaa smtp_connect: use defined buffer length for hostname 2011-09-26 00:01:09 +02:00
Steve Holme
5801ddb85c Curl_ntlm_create_type3_message: Tidied up the use of Curl_gethostname.
Removed the code that striped off the domain name when Curl_gethostname
returned the fully qualified domain name as the function has been
updated to return the un-qualified host name.

Replaced the use of HOSTNAME_MAX as the size of the buffer in the call
to Curl_gethostname with sizeof(host) as this is safer should the buffer
size ever be changed.
2011-09-25 23:59:53 +02:00
Steve Holme
38b5744266 HOSTNAME_MAX: Moved to curl_gethostname.h
Moved HOSTNAME_MAX #define into curl_gethostname.h rather than being
locally defined in curl_gethostname.c, curl_ntlm_msgs.c and smtp.c.
2011-09-25 23:58:47 +02:00
Yang Tse
d2a47021c0 Q&D fix header inclusion order 2011-09-25 19:08:12 +02:00
Yang Tse
119f43360b allow write callbacks to indicate OOM to libcurl
Allow (*curl_write_callback) write callbacks to return
CURL_WRITEFUNC_OUT_OF_MEMORY to properly indicate libcurl of OOM conditions
inside the callback itself.
2011-09-25 19:05:46 +02:00
Daniel Stenberg
2d6796aac5 curl_multi_fdset: avoid FD_SET out of bounds
If a socket is larger than FD_SETSIZE, avoid using FD_SET() on the
platforms where this is possible.

Bug: http://curl.haxx.se/bug/view.cgi?id=3413274
Reported by: Tim Starling
2011-09-25 17:34:12 +02:00
Guenter Knauf
230459dd00 NetWare makefile tweaks to select different builds. 2011-09-25 16:29:08 +02:00
Daniel Stenberg
5f0764870f http header: allow Content-Length to be replaced
In some cases Content-Length: couldn't be replaced by an application

Also, indented some code properly
2011-09-24 00:05:58 +02:00
Daniel Stenberg
40c27e299f Curl_pgrsStartNow: keep HEADERS_OUT set
To avoid that the progress meter headers get output between each
transfer, make sure the bits gets kept when (re-)inited.

Reported by: Christopher Stone
2011-09-22 22:41:06 +02:00
Guenter Knauf
3c3aa09c65 Added NetWare examples makefile. 2011-09-22 14:35:49 +02:00
Yang Tse
01c172f5e8 NTLM_WB: fix disabling of NTLM_WB when NTLM is disabled 2011-09-22 00:24:02 +02:00
Gisle Vanem
322f3d5af7 smtp: without a MAIL_FROM, send blank MAIL FROM
I think curl should ignore this case and smtp.c should test for this.
Since RFC-2821 seems to allow a "null reverse-path". Ref.  "MAIL
FROM:<>" in section 3.7, page 25.
2011-09-21 22:24:45 +02:00
Dave Reisner
c1057fc9aa lib/http: add missing whitespace in verbose output
Example:
* upload completely sent off: 35out of 35 bytes

Should be:
* upload completely sent off: 35 out of 35 bytes
2011-09-21 22:19:53 +02:00
Guenter Knauf
e4172d934d Changed suffix rules to pattern rules.
Suffix rules cannot have any prerequisites of their own.
2011-09-21 03:25:19 +02:00
Guenter Knauf
977825a68c Added dependency so that curlbuild.h is created. 2011-09-21 02:13:18 +02:00
Guenter Knauf
a6b69b64ad Some more MinGW build tweaks.
Added envvars to specify OpenSSL include, libpath and lib.
Added rule to create curlbuild.h from curlbuild.h.dist.
2011-09-21 02:06:05 +02:00
Guenter Knauf
a6c168b893 A bunch of MinGW build tweaks.
All paths to dependencies now quoted; synced examples makefile.
2011-09-20 15:05:28 +02:00
Guenter Knauf
dee7a08f64 Changed Windows 64bit OS define to x86_64.
Also added check for __x86_64__ define since MinGW64 seems to define
the _M_X64 macro through a header not available for config-win32.h.
2011-09-20 12:32:04 +02:00
Guenter Knauf
cd3cf55b47 Also skip certs masked as CKT_NSS_TRUST_UNKNOWN.
Fix posted by Tomas Hoger <thoger redhat com>.
2011-09-20 12:05:31 +02:00
Guenter Knauf
98a61d8e2e Added _WIN32_WINNT define for IPv6 builds. 2011-09-20 11:59:49 +02:00
Daniel Stenberg
81b41095ef Curl_follow: handle redirects to "//hostname/path" 2011-09-20 11:16:40 +02:00
Steve Holme
42be24af89 Curl_gethostname: return un-qualified machine name
Fixed Curl_gethostname() so that it always returns the un-qualified
machine name rather than being dependent on the socket provider.

Note: The return of getenv("CURL_GETHOSTNAME") is also parsed in case
the developer / test harness provided a fully qualified domain name as
it's value as well.
2011-09-18 13:24:58 +02:00
Yang Tse
ff9d858722 Make Curl_safefree() macro assign NULL to given pointer when free'd 2011-09-15 17:35:23 +02:00
Yang Tse
0216e517d0 ftp.c: add a couple of failure messages 2011-09-14 11:30:22 +02:00
warp kawada
aff70e2e95 Curl_add_custom_headers: support headers with no data
A custom HTTP header ending in a semicolon instead of a colon
will be treated as a header to be added without any data
portion.
2011-09-13 16:17:21 -07:00
Daniel Stenberg
73b18a9d24 codestyle: minor whitespace fix 2011-09-13 18:46:09 +02:00
Jeff Pohlmeyer
1bac153ea3 polarssl: build with PolarSSL-1.0.0
With this fix, it should work for PolarSSL-1.0.0 (and SVN-1091 trunk)
and retain compatibility with earlier versions. (Tested with 0.14.1)

PolarSSL still doesn't play nicely with curl's CA bundle (we discussed
this before) but I was at least able to retrieve the
https://www.gmail.com/ login page using a modified ca-certificates.crt
file with all 3 versions of PolarSSL.
2011-09-13 18:44:41 +02:00
Yang Tse
4e9a1c5bba ftp.c: fix socket leak torture tests detected 2011-08-30
Also fix inappropriate error handling when sending ftp EPRT or PORT commands.
2011-09-12 15:16:07 +02:00
Daniel Stenberg
94d64f8d4c spell-checked comments 2011-09-11 19:26:17 +02:00
Guenter Knauf
2a9fec16cc Updated makefiles to latest libssh2. 2011-09-11 16:50:30 +02:00
Yang Tse
72c14bd6f0 ftp.c: fix ftp active connects which got broken with commit fdf157abdf 2011-09-10 05:05:27 +02:00
Yang Tse
a7d8894291 ssh.c: revert needless commit 7b7c45879e 2011-09-10 00:52:13 +02:00
Daniel Stenberg
303c90074d tcpnodelay: rename variable
Renamed the variable from 'proto' to 'level' simply because it is not
protocol you set but level and that is the name of the argument used in
man pages and the POSIX documentation of the setsockopt function.
2011-09-09 15:31:11 +02:00
Yang Tse
7b7c45879e libssh2: use calloc as alloc function for libssh2 versions older than 1.3
This workarounds old libssh2 versions not properly initializing
some ssh session variables, which would trigger memory debuggers
warnings on memory being used without having been initialized.
2011-09-08 11:08:00 +02:00
Adriano Meirelles
81ead2c4e7 Curl_speedcheck: don't mistakenly clear Curl_expire()
The current version of speedcheck.c may disable timeout by setting zero
to Curl_expire. Which is fine using the curl_multi_perform, because it
recheck all timeout internals, but when using custom event poller (like
hiperfifo.c) it may keep stalle connection forever.
2011-09-08 08:39:53 +02:00
Daniel Stenberg
2147492050 ftp_state_use_port: minor code indent fix 2011-09-07 22:46:06 +02:00