1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 08:38:49 -05:00
Commit Graph

6642 Commits

Author SHA1 Message Date
Steve Holme
e2201dc849 pop3: Introduced a custom POP3 structure for per-request data
Created a new POP3 structure and changed the type of the pop3 proto
variable in connectdata from FTP* to POP*.
2013-02-23 16:06:54 +00:00
Jiri Hruska
4cfc7f951c imap: Fixed escaping of mailbox names
Used imap_atom() to escape mailbox names in imap_select().
2013-02-23 15:42:33 +00:00
Steve Holme
fcf02cbb75 pingpong: Moved curl_ftptransfer definition to pingpong.h
Moved the ftp transfer structure into pingpong.h so other protocols that
require it don't have to include ftp.h.
2013-02-23 15:26:26 +00:00
Steve Holme
419bcf9d60 urldata.h: Fixed comment for opt_no_body variable
Corrected comment for opt_no_body variable to CURLOPT_NOBODY.
2013-02-23 12:31:12 +00:00
Steve Holme
d415327bd7 email: Minor tidy up following IMAP changes 2013-02-23 11:34:52 +00:00
Jiri Hruska
35fb6bee0e imap: Removed more FTP leftovers
Changed some variables and comments still using FTP terminology.
2013-02-23 11:27:05 +00:00
Jiri Hruska
13625a0d09 imap: Removed some FTP heritage leftovers
Removed user and passwd from the IMAP struct as these cannot be set on
a per-request basis and are leftover from legacy FTP code.
2013-02-23 11:27:04 +00:00
Jiri Hruska
2476b34b95 imap: Introduced a custom IMAP structure for per-request data
Created a new IMAP structure and changed the type of the imap proto
variable in connectdata from FTP* to the new IMAP*.

Moved the mailbox variable from the per-connection struct imap_conn to
the new per-request struct and fixed references accordingly.
2013-02-23 11:27:02 +00:00
Steve Holme
3906353b41 pop3: Updated do phrase clean-up comment
Following commit 65644b8335 for the IMAP module updated the clean-up
comment in POP3.
2013-02-22 23:31:13 +00:00
Steve Holme
65644b8335 imap: Fixed memory leak when performing multiple selects
Moved the clean-up of the mailbox variable from imap_disconnect() to
imap_done() as this variable is allocated in the do phase, yet would
have only been freed only once if multiple selects where preformed
on a single connection.
2013-02-22 23:29:33 +00:00
Alexander Klauer
a5b231acc2 lib/url.c: Generic read/write data pointers
Always interprets the pointer passed with the CURLOPT_WRITEDATA or
CURLOPT_READDATA options of curl_easy_setopt() as a void pointer in
order to avoid problems in environments where FILE and void pointers
have non-trivial conversion.
2013-02-22 23:22:21 +01:00
Daniel Stenberg
1a4dd1aa7c ossl_seed: avoid recursive seeding! 2013-02-22 23:04:49 +01:00
Jiri Hruska
296b9a5af0 Fixed checking the socket if there is data waiting in the cache
Use Curl_pp_moredata() in Curl_pp_multi_statemach() to check if there is
more data to be received, rather than the socket state, as a task could
hang waiting for more data from the socket itself.
2013-02-22 20:23:25 +00:00
Steve Holme
1dac29fa83 imap.c: Fixed an incorrect variable reference
Fixed an incorrect variable reference which was introduced in commit
a1701eea28 as a result of a copy and paste from SMTP/POP3.
2013-02-22 19:58:42 +00:00
Jiri Hruska
cd65ecb2e8 pingpong: Introduce Curl_pp_moredata()
A simple function to test whether the PP is not sending and there are
still more data in its receiver cache. This will be later utilized to:

1) Change Curl_pp_multi_statemach() and Curl_pp_easy_statemach() to
   not test socket state and just call user's statemach_act() function
   when there are more data to process, because otherwise the task would
   just hang, waiting for more data from the socket.

2) Allow PP users to read multiple responses by looping as long as there
   are more data available and current phase is not finished.
   (Currently needed for correct processing of IMAP SELECT responses.)
2013-02-22 18:35:15 +00:00
Yang Tse
52605e006c smtp.c: fix enumerated type mixed with another type 2013-02-19 16:53:13 +01:00
Yang Tse
6a87ac8c88 polarssl threadlock cleanup 2013-02-19 13:11:55 +01:00
Daniel Stenberg
a995ea05b3 resolver_error: remove wrong error message output
The attempt to use gai_strerror() or alternative function didn't work as
the 'sock_error' field didn't contain the proper error code. But since
this hasn't been reported and thus isn't really a big deal I decided to
just scrap the whole attempt to output the detailed resolver error and
instead remain with just stating that the resolving of the name failed.
2013-02-18 22:52:58 +01:00
Kim Vandry
25e577b33d Curl_resolver_is_resolved: show proper host name on failed resolve 2013-02-18 22:45:52 +01:00
Daniel Stenberg
52b5eadf3c Curl_resolver_is_resolved: fix compiler warning
conversion to 'int' from 'long int' may alter its value
2013-02-18 13:40:13 +01:00
Daniel Stenberg
06e6fd1aa7 compiler warning fix
follow-up to commit ed7174c6f6, rename 'wait' to 'block'
2013-02-18 12:56:03 +01:00
Daniel Stenberg
ed7174c6f6 compiler warning fix: declaration of 'wait' shadows a global declaration
It seems older gcc installations (at least) will cause warnings if we
name a variable 'wait'. Now changed to 'block' instead.

Reported by: Jiří Hruška
Bug: http://curl.haxx.se/mail/lib-2013-02/0247.html
2013-02-18 00:14:35 +01:00
Nick Zitzmann
072b1ad15a MacOSX-Framework: Make script work in Xcode 4.0 and later
Apple made a number of changes to Xcode 4. The SDKs were moved, the entire
Developer folder was moved, and PowerPC support was removed. The script
will now adapt to those changes and should be future-proofed against
additional changes in case Apple moves the Developer folder ever again.
Also, the minimum OS X version compiler option was removed, so that the
framework can be built against the latest SDK but still run in older cats.
2013-02-17 14:30:38 -07:00
Steve Holme
e52fc1e297 email: Tidied up result code variables
Tidied up result variables to be consistent in name, declaration order
and default values.
2013-02-16 23:37:50 +00:00
Nick Zitzmann
12ea5beffc ntlm_core: fix compiler warning when building with clang
Fixed a 64-to-32 compiler warning raised when building with
clang and the --with-darwinssl option.
2013-02-16 14:21:09 -07:00
Daniel Stenberg
5e2e3cb54e polarsslthreadlock: #include the proper memory and debug includes
Pointed out by Steve Holme
2013-02-16 13:56:08 +01:00
Steve Holme
39b79c6b75 email: Removed unnecessary forward declaration
Due to the reordering of functions in commit 586f5d3614 the forward
declaration to state_upgrade_tls() are no longer required.
2013-02-16 10:28:32 +00:00
Steve Holme
b0e0f44934 pop3.c: Added reference to RFC-5034 2013-02-16 10:18:01 +00:00
Willem Sparreboom
6d7033b48a PolarSSL: Change to cURL coding style
Repaired all curl/lib/checksrc.pl warnings in the previous four patches
2013-02-15 23:31:25 +01:00
Willem Sparreboom
f10006ee5f PolarSSL: WIN32 threading support for entropy
Added WIN32 threading support for PolarSSL entropy if
--enable-threaded-resolver config flag is set and process.h can be found.
2013-02-15 23:31:25 +01:00
Willem Sparreboom
c35a10483d PolarSSL: pthread support for entropy
Added pthread support for polarssl entropy if --enable-threaded-resolver
config flag is set and pthread.h can be found.
2013-02-15 23:30:20 +01:00
Willem Sparreboom
db3f3c14f2 PolarSSL: changes to entropy/ctr_drbg/HAVEGE_RANDOM
Add non-threaded entropy and ctr_drbg and removed HAVEGE_RANDOM define
2013-02-15 23:15:10 +01:00
Willem Sparreboom
1346cb19f2 PolarSSL: added human readable error strings
Print out human readable error strings for PolarSSL related errors
2013-02-15 23:15:10 +01:00
Steve Holme
2dbeaf7dad pop3: Removed unnecessary state changes on failure 2013-02-15 18:33:28 +00:00
Steve Holme
673b7ba80a imap: Removed unnecessary state change on failure 2013-02-15 18:33:10 +00:00
Daniel Stenberg
c25383ae13 rename "easy" statemachines: call them block instead
... since they're not used by the easy interface really, I wanted to
remove the association. Also, I unified the pingpong statemachine driver
into a single function with a 'wait' argument: Curl_pp_statemach.
2013-02-15 11:10:18 +01:00
Gisle Vanem
6106eeba16 curl_setup_once.h: definition of HAVE_CLOSE_S defines sclose() to close_s() 2013-02-15 02:35:23 +01:00
Gisle Vanem
8481386513 config-dos.h: define HAVE_CLOSE_S for MSDOS/Watt-32 2013-02-15 02:35:22 +01:00
Gisle Vanem
2683927756 config-dos.h: define strerror() to strerror_s_() for High-C 2013-02-15 02:35:09 +01:00
Gisle Vanem
5d8ec4a634 config-dos.h: define HAVE_TERMIOS_H only for djgpp 2013-02-15 01:38:39 +01:00
Steve Holme
4f328b85c3 smtp.c: Fixed a trailing whitespace
Remove tailing whitespace introduced in commit 7ed689d24a.
2013-02-14 20:06:03 +00:00
Steve Holme
92a537a2bb pop3: Fixed blocking SSL connect when connecting via POP3S
A call to Curl_ssl_connect() was accidentally left in when the SSL/TLS
connection layer was reworked in 7.29. Not only would this cause the
connection to block but had the additional overhead of calling the
non-blocking connect a little bit later.
2013-02-14 18:20:52 +00:00
Steve Holme
7ed689d24a smtp: Refactored the smtp_state_auth_resp() function
Renamed smtp_state_auth_resp() function to match the implementations in
IMAP and POP3.
2013-02-14 18:15:07 +00:00
Daniel Stenberg
358c5c0745 strlcat: remove function
This function was only used twice, both in places where performance
isn't crucial (socks + if2ip). Removing the use of this function removes
the need to have our private version for systems without it == reduced
amount of code.

Also, in the SOCKS case it is clearly better to fail gracefully rather
than to truncate the results.

This work was triggered by a bug report on the strcal prototype in
strequal.h.

strlcat was added in commit db70cd28 in February 2001!

Bug: http://curl.haxx.se/bug/view.cgi?id=1192
Reported by: Jeremy Huddleston
2013-02-14 10:41:45 +01:00
Daniel Stenberg
d821525cee Curl_FormBoundary: made static
As Curl_FormBoundary() is no longer used outside of this file (since
commit ad7291c1a9), it is now renamed to formboundary() and is made
static.
2013-02-14 10:32:04 +01:00
Daniel Stenberg
ad7291c1a9 ossl_seed: fix the last resort PRNG seeding
Instead of just abusing the pseudo-randomizer from Curl_FormBoundary(),
this now uses Curl_ossl_random() to get entropy.
2013-02-14 00:06:19 +01:00
Steve Holme
d09d08dc1f email: Tidy up before additional IMAP work
Replaced two explicit comparisons of CURLE_OK with boolean alternatives.

General tidy up of comments.
2013-02-13 20:12:21 +00:00
Steve Holme
0c6fa0dd64 smtp: Removed duplicate pingpong structure initialisation
The smtp_connect() function was setting the member variables of the
pingpong structure twice, once before calling Curl_pp_init() and once
after!
2013-02-13 18:22:20 +00:00
Yang Tse
beae838ed5 move msvc IDE related files to 'vc' directory tree 2013-02-13 13:28:13 +01:00
Steve Holme
d713e9a207 imap: Corrected a whitespace issue from previous commit
Fixed a small whitespace issue that crept in there in commit
508cdf4da4.
2013-02-12 23:05:14 +00:00
Steve Holme
508cdf4da4 email: Another post optimisation of endofresp() tidy up 2013-02-12 23:00:34 +00:00
Steve Holme
e6c1e773d9 sasl: Fixed null pointer reference when decoding empty digest challenge
Fixed a null pointer reference when an empty challenge is passed to the
Curl_sasl_create_digest_md5_message() function.

Bug: http://sourceforge.net/p/curl/bugs/1193/
Reported by: Saran Neti
2013-02-12 22:20:44 +00:00
Steve Holme
52281a10aa email: Post optimisation of endofresp() tidy up
Removed unnecessary end of line check and return.
2013-02-12 21:01:50 +00:00
Nick Zitzmann
66aa9bf52d darwinssl: Fix send glitchiness with data > 32 or so KB
An ambiguity in the SSLWrite() documentation lead to a bad inference in the
code where we assumed SSLWrite() returned the amount of bytes written to
the socket, when that is not actually true; it returns the amount of data
that is buffered for writing to the socket if it returns errSSLWouldBlock.
Now darwinssl_send() returns CURLE_AGAIN if data is buffered but not written.

Reference URL: http://curl.haxx.se/mail/lib-2013-02/0145.html
2013-02-12 13:02:36 -07:00
Steve Holme
bd93062ee5 pingpong.h: Fixed line length over 78 characters from b56c9eb48e 2013-02-12 19:28:23 +00:00
Steve Holme
b56c9eb48e pingpong: Optimised the endofresp() function
Reworked the pp->endofresp() function so that the conndata, line and
line length are passed down to it just as with Curl_client_write()
rather than each implementation of the function having to query
these values.

Additionally changed the int return type to bool as this is more
representative of the function's usage.
2013-02-12 18:08:48 +00:00
Steve Holme
586f5d3614 email: Post STARTLS capability code tidy up (Part Three)
Corrected the order of the upgrade_tls() functions and moved the handler
upgrade and getsock() functions out from the middle of the state related
functions.
2013-02-11 23:13:50 +00:00
Steve Holme
de492b31c5 email: Post STARTLS capability code tidy up (Part Two)
Corrected the order of the pop3_state_capa() / imap_state_capability()
and the pop3_state_capa_resp() / imap_state_capability_resp() functions
to match the execution order.
2013-02-11 22:41:08 +00:00
ulion
5cd85db9fa SOCKS: fix socks proxy when noproxy matched
Test 1212 added to verify

Bug: http://curl.haxx.se/bug/view.cgi?id=1190
2013-02-11 20:10:52 +01:00
Steve Holme
9a6e580e3a ntlm: Updated comments for the addition of SASL support to IMAP in v7.29 2013-02-11 14:26:18 +00:00
Linus Nielsen Feltzing
da3fc1ee91 Fix NULL pointer reference when closing an unused multi handle. 2013-02-10 22:57:58 +01:00
Steve Holme
85a2e9ec82 email: Post STARTLS capability code tidy up (Part One)
Corrected the order of the CAPA / CAPABILITY state machine constants to
match the execution order.
2013-02-10 21:18:30 +00:00
Steve Holme
18d1ea4528 imap: Fixed memory leak following commit f6010d9a03 2013-02-10 20:32:36 +00:00
Steve Holme
566a3638fa smtp: Added support for the STARTTLS capability (Part Two)
Added honoring of the tls_supported flag when starting a TLS upgrade
rather than unconditionally attempting it. If the use_ssl flag is set
to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
connection will continue to authenticate. If this flag is set to
CURLUSESSL_ALL then the connection will complete with a failure as it
did previously.
2013-02-10 19:59:42 +00:00
Steve Holme
e0f4af4032 pop3: Added support for the STLS capability (Part Three)
Added honoring of the tls_supported flag when starting a TLS upgrade
rather than unconditionally attempting it. If the use_ssl flag is set
to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
connection will continue to authenticate. If this flag is set to
CURLUSESSL_ALL then the connection will complete with a failure as it
did previously.
2013-02-10 19:56:54 +00:00
Steve Holme
b50ce1e5ba imap: Added support for the STARTTLS capability (Part Three)
Added honoring of the tls_supported flag when starting a TLS upgrade
rather than unconditionally attempting it. If the use_ssl flag is set
to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
connection will continue to authenticate. If this flag is set to
CURLUSESSL_ALL then the connection will complete with a failure as it
did previously.
2013-02-10 19:53:49 +00:00
Steve Holme
2e0a295e3b pop3: Added support for the STLS capability (Part Two)
Added sending of initial CAPA command before STLS is sent. This allows
for the detection of the capability before trying to upgrade the
connection.
2013-02-10 15:45:01 +00:00
Steve Holme
f6010d9a03 imap: Added support for the STARTTLS capability (Part Two)
Added sending of initial CAPABILITY command before STARTTLS is sent.
This allows for the detection of the capability before trying to
upgrade the connection.
2013-02-10 15:41:56 +00:00
Steve Holme
c76cb3da04 smtp: Added support for the STLS capability (Part One)
Introduced detection of the STARTTLS capability, in order to add support
for TLS upgrades without unconditionally sending the STARTTLS command.
2013-02-10 12:19:10 +00:00
Steve Holme
2f66ca11c1 pop3: Added support for the STLS capability (Part One)
Introduced detection of the STLS capability, in order to add support
for TLS upgrades without unconditionally sending the STLS command.
2013-02-10 12:16:27 +00:00
Steve Holme
a1701eea28 imap: Added support for the STARTTLS capability (Part One)
Introduced detection of the STARTTLS capability, in order to add support
for TLS upgrades without unconditionally sending the STARTTLS command.
2013-02-10 12:13:55 +00:00
Steve Holme
92f7606f29 smtp: Fixed an issue when processing EHLO failure responses (Part 3)
Follow up fix to commit 62bd217464 to cater for servers that don't
respond with a 250 in their EHLO responses. Additionally updated the
SMTP tests to respond with a 250 response code as per RFC5321.
2013-02-09 19:01:15 +00:00
Steve Holme
fd52530b50 pop3: Fixed SASL authentication capability detection
Fixed the SASL capability detection to include the space character
before the authentication mechanism list. Otherwise a capability such
as SASLSOMETHING would be interpreted as enabling SASL and potentially
trying to identify SOMETHING as a mechanism.
2013-02-09 17:17:02 +00:00
Steve Holme
572f7864b2 pop3: Fixed incorrect return value from pop3_endofresp()
Corrected an incorrect return value when -ERR is received from the
server - introduced in commit b5bb61ee69 (June 2012).
2013-02-09 15:23:30 +00:00
Steve Holme
62bd217464 smtp: Fixed an issue when processing EHLO failure responses (Part 2)
Follow up fix to commit 23d17190ee as EHLO capabilities can exist
within a positive response line.
2013-02-09 14:32:20 +00:00
Steve Holme
f0bfc0fbd7 smtp: Fixed an issue with missing capabilities after the AUTH line
Follow up to commit 40f9bb787f to fix missing capabilities after an
AUTH line.
2013-02-09 14:26:22 +00:00
Nick Zitzmann
7f266f1c99 darwinssl: Make certificate errors less techy
Previously if a problem was found with one of the server's certificates,
we'd log an OSStatus for the end user to look up. Now we explain what
was wrong with the site's certificate chain. Also un-did part of the
previous commit where the code wouldn't catch errSSLServerAuthCompleted
if built under Leopard.
2013-02-08 18:34:11 -07:00
Guenter Knauf
5be2499e16 Updated dependency libs. 2013-02-09 01:35:11 +01:00
Steve Holme
f44d0aedc1 imap: Corrected some comments 2013-02-09 00:26:40 +00:00
Steve Holme
23d17190ee smtp: Fixed an issue when processing EHLO failure responses
Fixed a small issue where smtp_endofresp() would look for capabilities
in the description part of a failure response. In theory a server
shouldn't respond with SIZE or AUTH in an EHLO command's failure
response but if it did then capabilities would be unnecessarily set
before eventually failing.
2013-02-09 00:22:25 +00:00
Steve Holme
21657823ea pop3: Reworked pop3_endofresp() to simplify it little
Reworked pop3_endofresp() to simplify it and provide consistency between
imap and smtp.
2013-02-08 23:07:20 +00:00
Steve Holme
3bb45aa7f5 imap: Renamed state variables in imap_authenticate()
Renamed the authstate1 and authstate2 variables in imap_authenticate()
as the old name was a left over from when there was only one state
variable which was named due to a clash with the state() function.

Additionally this provides consistency with the smtp module.
2013-02-08 21:40:54 +00:00
Steve Holme
40f9bb787f smtp: Reworked smtp_endofresp() to allow for extra capability detection 2013-02-08 21:19:34 +00:00
Steve Holme
dda53476ca smtp: Renamed smtp_state_auth_passwd_resp() function
Renamed the login password response function to better describe it's
purpose as well as for consistency with the imap and pop3 modules.
2013-02-08 20:54:03 +00:00
Gisle Vanem
463082bea4 ntlm: fix memory leak
Running tests\libtest\libntlmconnect.exe reveals a 1 byte (!) leak in
./lib/curl_ntlm_msgs.c:

perl ..\memanalyze.pl c:memdebug.curl
Leak detected: memory still allocated: 1 bytes
At 9771e8, there's 1 bytes.
allocated by curl_ntlm_msgs.c:399

Snippet from curl_ntlm_msgs.c:
   /* setup ntlm identity's domain and length */
   dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));

(my domlen == 0).

'dup_domain.tbyte_ptr' looks to be freed in Curl_ntlm_sspi_cleanup() via
'ntlm->identity.Domain'. But I see no freeing of 'dup_domain.tchar_ptr'.
2013-02-08 15:51:27 +01:00
Daniel Stenberg
72688317ad DONE: consider callback-aborted transfers premature
This bug report properly identified that when doing SMTP and aborting
the transfer with a callback, it must be considered aborted prematurely
by the code to avoid QUIT etc to be attempted as that would cause a
hang.

The new test case 1507 verifies this behavior.

Reported by: Patricia Muscalu
Bug: http://curl.haxx.se/bug/view.cgi?id=1184
2013-02-08 13:57:01 +01:00
Nick Zitzmann
9613cf7211 darwinssl: Fix build under Leopard
It turns out that Leopard (OS X 10.5) doesn't have constants for the ECDH
ciphers in its headers, so the cases for them have been taken out of the
build when building under Leopard. Also added a standard function for
getting a string description of a SecCertificateRef.
2013-02-07 18:57:53 -07:00
Steve Holme
6da7dc026c imap: Added support for SASL-IR extension (Part 2)
Modified imap_authenticate() to add support for sending the initial
response with the AUTHENTICATE command, as per RFC4959.
2013-02-07 21:06:53 +00:00
Steve Holme
e07385f853 smtp: Updated SMTP_AUTH_PASSWD state constant
Changed the SMTP_AUTH_PASSWD state constant to SMTP_AUTH_LOGIN_PASSWD to
better describe the state as the second part of an AUTH LOGIN command,
as well as for consistency with the imap and pop3 modules.
2013-02-07 20:37:11 +00:00
Steve Holme
86dfcf737d imap: Added support for SASL-IR extension (Part 1)
Introduced detection of the SASL-IR capability, in order to add support
for sending the initial response with the AUTHENTICATE command, as per
RFC4959.
2013-02-07 20:02:06 +00:00
Steve Holme
7704621f4c imap: Changed response tag generation to be completely unique
Updated the automatic response tag generation to follow the examples
given in RC3501, which list a 4 character string such as A001, A002,
etc.

As a unique identifier should be generated for each command the string
generation is based on the connection id and the incrementing command
id.
2013-02-07 00:18:23 +00:00
Steve Holme
cecb9c0f71 imap: Small variable rename in preparation for upcoming change
Renamed a couple of variables and updated some comments in
preparation for upcoming command id / response tag change.
2013-02-06 22:22:57 +00:00
Daniel Stenberg
632e50ca8d msvc: move Makefile.msvc.names into winbuild/
In an attempt to clear up misc files from the root dir
2013-02-06 23:14:11 +01:00
Steve Holme
de0410fe9a email: Moved starttls code in separate functions
To help maintain the readability of the code in imap.c, pop3.c and
smtp.c moved the starttls code into state_starttls() functions.
2013-02-06 20:02:36 +00:00
Daniel Stenberg
bf633a584d vms: config-vms.h is removed, no use trying to distribute it 2013-02-06 11:11:55 +01:00
Eldar Zaitov
f206d6c055 Curl_sasl_create_digest_md5_message: fix buffer overflow
When negotiating SASL DIGEST-MD5 authentication, the function
Curl_sasl_create_digest_md5_message() uses the data provided from the
server without doing the proper length checks and that data is then
appended to a local fixed-size buffer on the stack.

This vulnerability can be exploited by someone who is in control of a
server that a libcurl based program is accessing with POP3, SMTP or
IMAP. For applications that accept user provided URLs, it is also
thinkable that a malicious user would feed an application with a URL to
a server hosting code targetting this flaw.

Bug: http://curl.haxx.se/docs/adv_20130206.html
2013-02-06 11:06:33 +01:00
Yang Tse
85625c5e28 setup-vms.h: post VMS patch cleanup - III
- rename post-config-vms.h to setup-vms.h
- move its inclusion into proper location in curl_setup.h
2013-02-06 04:53:34 +01:00
Steve Holme
33a182e6c2 imap.h: Corrected incorrect comment clarification
Corrected comment clarification made in commit 167717b806.
2013-02-05 23:59:47 +00:00
John E. Malmberg
25f351424b VMS: fix and generate the VMS build config
config_h.com is a new file that generates a config.h file based on the
curl_config.h.in file and a quick scan of the configure script.  This is
actually a generic procedure that is shared with other VMS packages.

The existing pre-built config-vms.h had over 100 entries that were not
correct and in some cases conflicted with the build options available in
the build_vms.com.

generate_config_vms_h_curl.com is a helper procedure to the
config_h.com.  It covers the cases that the generic config_h.com is not
able to figure out, and accepts input from the build_vms.com procedure.

build_curlbuild_h.com is a new file to generate the curlbuild.h file
that Curl is now using when it is using a curl_config.h file.

post-config-vms.h is a new file that is needed to provide VMS specific
definitions, and most of them need to be set before the system header
files are included.

The VMS build procedure is fixed:

   1. Fixed to link in the correct HP ssl library.
   2. Fixed to detect if HP Kerberos is installed.
   3. Fixed to detect if HP LDAP is installed.
   4. Fixed to detect if gnv$libzshr is installed.
   5. Simplified the input parameter parsing to not use a loop.
   6. Warn that 64 bit pointer option support is not complete
      in comments.
   7. Default to IEEE floating if platform supports it so
      resulting libcurl will be compatible with other
      open source projects on VMS.
   8. Default to LARGEFILE if platform supports it.
   9. Default to enable SSL, LDAP, Kerberos, libz
      if the libraries are present.
   10. Build with exact case global symbols for libcurl.
   11. Generate linker option file needed.
   12. Compiler list option only commonly needed items.
   13. fulllist option for those who really want it.
   14. Create debug symbol file on Alpha, IA64.
2013-02-05 23:08:57 +01:00
Daniel Stenberg
cb3e6dfa35 Curl_proxyCONNECT: return once CONNECT is sent
By doing this unconditionally, we infer a simpler and more defined
behavior. This also has the upside that test 1021 no longer fails for me
even if I run with valgrind.

Also fixed some wrong comments.
2013-02-05 23:06:00 +01:00
Steve Holme
1d22407863 email: Reworked comments in the endofresp() functions
Tidied up the comments in the endofresp() functions to be more
meaningful prior to release.
2013-02-05 21:09:34 +00:00
Marc Hoersken
bb7c2ee37c schannel: Removed extended error connection setup flag
According KB975858 this flag may cause problems on Windows 7 and
Windows Server 2008 R2 systems. Extended error information is not
currently used by libcurl and therefore not a requirement.

The flag may improve the SSL-connection shutdown in case of an
error. This means it might be a good improvement in the future.

Fixes bug/issue #1187 - thanks for the report
2013-02-05 22:02:45 +01:00
Tor Arntsen
278ab75e9f singleipconnect: Update *sockp for all CURLE_OK
The 56b7c87c7 change left a case where a good sockfd was not copied to
*sockp before returning with CURLE_OK
2013-02-05 17:58:28 +01:00
Daniel Stenberg
0d1b754376 curl_easy_perform: Value stored to 'mcode' is never read
pointed out by clang-analyzer
2013-02-05 14:09:18 +01:00
Daniel Stenberg
4cd027f17e singleipconnect: remove dead assignment
pointed out by clang-analyzer
2013-02-05 14:07:39 +01:00
Linus Nielsen Feltzing
bd1f170a5a CURLMOPT_MAXCONNECTS: restore functionality
When a connection is no longer used, it is kept in the cache. If the
cache is full, the oldest idle connection is closed. If no connection is
idle, the current one is closed instead.
2013-02-05 09:17:52 +01:00
Steve Holme
022e67294e email: Provided extra comments following recent pop3/imap fixes
Provided additional clarification about the logic of the authenticate()
functions following commit 6b6bdc83bd and b4270a9af1.
2013-02-04 23:51:36 +00:00
Steve Holme
e1cd753e4d pop3.c: Updated variable names to use shorter / more readable variant
Tidied up code from commit 6b6bdc83bdUpdated where a few instances of
the pop3c struct variable used the longer conndata struct rather than
matching what other code in pop3_authenticate() used.
2013-02-04 20:33:30 +00:00
Steve Holme
b4270a9af1 imap: Fixed no known authentication mechanism when fallback is required
Fixed an issue where (lib)curl is compiled without support for a
supported challenge-response based SASL authentication mechanism, such
as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
mechanisms and (lib)curl doesn't fallback to Clear Text authentication.

Note: In order to fallback to Clear Text authentication properly this
fix adds support for the LOGINDISABLED server capability.
imap: Fixed no known authentication mechanism when fallback is required

Fixed an issue where (lib)curl is compiled without support for a
supported challenge-response based SASL authentication mechanism, such
as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
mechanisms and (lib)curl doesn't fallback to Clear Text authentication.

Note: In order to fallback to Clear Text authentication properly this
fix adds support for the LOGINDISABLED server capability.

Related bug: http://curl.haxx.se/mail/lib-2013-02/0004.html
Reported by: Stanislav Ivochkin
2013-02-03 23:58:03 +00:00
Steve Holme
6b6bdc83bd pop3: Fixed no known authentication mechanism when fallback is required
Fixed an issue where (lib)curl is compiled without support for a
supported challenge-response based SASL authentication mechanism, such
as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
mechanisms and (lib)curl doesn't fallback to APOP or Clear Text
authentication.

Bug: http://curl.haxx.se/mail/lib-2013-02/0004.html
Reported by: Stanislav Ivochkin
2013-02-03 21:43:08 +00:00
Daniel Stenberg
56b7c87c74 singleipconnect: simplify and clean up
Remove timeout argument that's never used.

Make the actual connection get detected on a single spot to reduce code
duplication.

Store the IPv6 state already when the connection is attempted.
2013-02-01 08:16:08 +01:00
Daniel Stenberg
32e8467a66 Curl_perfom: removed
Curl_perfom is no longer used anywhere since the always-multi commit
c43127414d, and some related functions were used only from within
Curl_perfom.
2013-02-01 08:14:46 +01:00
Nick Zitzmann
163a1dca5f darwinssl: Fix bug where packets were sometimes transmitted twice
There was a bug where, if SSLWrite() returned errSSLWouldBlock but did
succeed in transmitting at least something, then we'd incorrectly
resend the packet. Now we never take errSSLWouldBlock as a sign that
nothing was transferred to/from the server.

Bug: http://curl.haxx.se/mail/lib-2013-01/0295.html
Reported by: Bruno de Carvalho
2013-01-29 09:05:59 +01:00
Guenter Knauf
0494da830b Updated dependency libs. 2013-01-28 01:25:39 +01:00
Steve Holme
0e5e720c19 smtp.c: Fixed unnecessary state change if starttls fails
The state machine should only be changed to SMTP_STARTTLS when the
STARTTLS command has been successfully sent to the server.
2013-01-27 10:44:21 +00:00
Steve Holme
3dbf11d0a1 pop3.c: Fixed unnecessary state change if starttls fails
The state machine should only be changed to POP3_STARTTLS when the
STLS command has been successfully sent to the server.
2013-01-27 10:42:32 +00:00
Steve Holme
499e30c4bb imap.c: Fixed unnecessary state change if starttls fails
The state machine should only be changed to IMAP_STARTTLS when the
STARTTLS command has been successfully sent to the server.
2013-01-27 10:41:10 +00:00
Steve Holme
73fae58132 email: Updated comment regarding ssldone usage
Updated the ssldone comment as multi mode is always used internally now.
2013-01-26 15:06:44 +00:00
Steve Holme
d9c3505e83 smtp.c: Added comments to smtp_endofresp()
Minor code tidy up to add comments similar to those used in the pop3
and imap end of resp functions, in order to assist anyone reading the
code and highlight the similarities between each of these protocols.
2013-01-25 22:14:21 +00:00
Steve Holme
fda0f14f73 smtp.c: Corrected RFC references
The most recent version of the SMTP RFC is RFC5321 and not RFC2821 as
previously documented.

Added RFC1870 and re-ordered list numerically.
2013-01-24 23:41:57 +00:00
Steve Holme
f8ba1273af smtp.c: Fixed failure detection during TLS upgrade
smtp_state_upgrade_tls() would attempt to incorrectly complete the
upgrade to smtps and start the EHLO command if
Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
was set to TRUE. This would only happen when a non-blocking API hadn't
been provided by the SSL implementation and curlssl_connect() was
called underneath.
2013-01-24 20:27:43 +00:00
Steve Holme
8b275718e2 pop3.c: Fixed failure detection during TLS upgrade
pop3_state_upgrade_tls() would attempt to incorrectly complete the
upgrade to pop3s and start the CAPA command if
Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
was set to TRUE. This would only happen when a non-blocking API hadn't
been provided by the SSL implementation and curlssl_connect() was
called underneath.
2013-01-24 20:24:39 +00:00
Steve Holme
379d63ecc7 imap.c: Fixed failure detection during TLS upgrade
imap_state_upgrade_tls() would attempt to incorrectly complete the
upgrade to imaps and start the CAPABILITY command if
Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
was set to TRUE. This would only happen when a non-blocking API hadn't
been provided by the SSL implementation and curlssl_connect() was
called underneath.
2013-01-24 20:22:20 +00:00
Steve Holme
6a55f25f67 email: Removed unnecessary return statements
Small tidy up to remove unnecessary return statements prior to the next
fix.
2013-01-23 21:59:56 +00:00
Steve Holme
de991037e4 curl_sasl.c: Corrected references to RFC
The most recent version of the RFC is RFC4422 and not RFC2222 as
previously documented.
2013-01-22 22:02:30 +00:00
Steve Holme
56d4de468c email: Corrected references to SASL RFC
The most recent version of the SASL RFC is RFC4422 and not RFC2222 as
previously documented.
2013-01-22 18:37:12 +00:00
Ulion
2698520aef formpost: support quotes, commas and semicolon in file names
- document the double-quote and backslash need be escaped if quoting.
- libcurl formdata escape double-quote in filename by backslash.
- curl formparse can parse filename both contains '"' and ',' or ';'.
- curl now can uploading file with ',' or ';' in filename.

Bug: http://curl.haxx.se/bug/view.cgi?id=1171
2013-01-22 15:43:29 +01:00
Steve Holme
e5ea45ec2e pop3.c: Fixed conditional compilation of the apop response function
Extended the fix from commit 8b15c84ea9 to additionally exclude
pop3_state_apop_resp() if the CURL_DISABLE_CRYPTO_AUTH flag is
defined.
2013-01-20 11:09:53 +00:00
Daniel Stenberg
f4cc54cb47 formadd: reject trying to read a directory where a file is expected
Bug: http://curl.haxx.se/mail/archive-2013-01/0017.html
Reported by: Ulrich Doehner
2013-01-19 23:08:12 +01:00
Steve Holme
ece8681a60 email: General code tidy up
Corrected some function argument definitions to maximize the 80
character line length limit and be in keeping with the curl
coding style.
2013-01-19 09:49:17 +00:00
Steve Holme
7b5be79908 pop3.c: Fixed a problem with pop3s connections not connecting properly
Fixed an issue where Curl_ssl_connect_nonblocking() wouldn't complete
correctly and the ssldone flag wouldn't be set to true for pop3s based
connections.

Bug introduced in commit: 4ffb8a6398.
2013-01-18 21:55:19 +00:00
Daniel Stenberg
c43127414d always-multi: always use non-blocking internals
Remove internal separated behavior of the easy vs multi intercace.
curl_easy_perform() is now using the multi interface itself.

Several minor multi interface quirks and bugs have been fixed in the
process.

Much help with debugging this has been provided by: Yang Tse
2013-01-17 19:40:35 +01:00
Yang Tse
9fd88abb70 url.c: fix HTTP CONNECT tunnel establishment upon delayed response
Fixes initial proxy response being processed by the tunneled protocol
handler instead of the HTTP wrapper handler. This issue would trigger
upon delayed CONNECT response from the proxy.

Additionally fixes a multi interface code-path in which connections
would not time out properly.

This does not fix known bug #39.

URL: http://curl.haxx.se/mail/lib-2013-01/0191.html
2013-01-17 17:07:19 +01:00
Daniel Stenberg
533c31b785 FTP: reject illegal port numbers in EPSV 229 responses 2013-01-15 22:35:48 +01:00
Kamil Dudka
26613d7817 nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
Do not use the error messages from NSS for errors not occurring in NSS.
2013-01-15 13:20:56 +01:00
Daniel Stenberg
600cbaca6f Curl_resolver_getsock: fix the function description comment
It referred to it by the wrong name and said it returned the wrong value.

Reported by: Gisle Vanem
2013-01-12 22:33:38 +01:00
Kamil Dudka
b36f1d26f8 nss: clear session cache if a client cert from file is used
This commit fixes a regression introduced in 052a08ff.

NSS caches certs/keys returned by the SSL_GetClientAuthDataHook callback
and if we connect second time to the same server, the cached cert/key
pair is used.  If we use multiple client certificates for different
paths on the same server, we need to clear the session cache to force
NSS to call the hook again.  The commit 052a08ff prevented the session
cache from being cleared if a client certificate from file was used.

The condition is now fixed to cover both cases: consssl->client_nickname
is not NULL if a client certificate from the NSS database is used and
connssl->obj_clicert is not NULL if a client certificate from file is
used.

Review by: Kai Engert
2013-01-11 10:59:11 +01:00
Yang Tse
a9ca5e61e5 sockfilt.c: fix some W64 compiler warnings 2013-01-09 22:23:49 +01:00
Yang Tse
5a053ffe80 build: fix circular header inclusion with other packages
This commit renames lib/setup.h to lib/curl_setup.h and
renames lib/setup_once.h to lib/curl_setup_once.h.

Removes the need and usage of a header inclusion guard foreign
to libcurl. [1]

Removes the need and presence of an alarming notice we carried
in old setup_once.h [2]

----------------------------------------

1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard
    up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H,
    this single inclusion guard is enough to ensure that inclusion of
    lib/setup_once.h done from lib/setup.h is only done once.

    Additionally lib/setup.h has always used __SETUP_ONCE_H macro to
    protect inclusion of setup_once.h even after commit ec691ca3, this
    was to avoid a circular header inclusion triggered when building a
    c-ares enabled version with c-ares sources available which also has
    a setup_once.h header. Commit ec691ca3 exposes the real nature of
    __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard
    foreign to libcurl belonging to c-ares's setup_once.h

    The renaming this commit does, fixes the circular header inclusion,
    and as such removes the need and usage of a header inclusion guard
    foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl.

2 - Due to the circular interdependency of old lib/setup_once.h and the
    c-ares setup_once.h header, old file lib/setup_once.h has carried
    back from 2006 up to now days an alarming and prominent notice about
    the need of keeping libcurl's and c-ares's setup_once.h in sync.

    Given that this commit fixes the circular interdependency, the need
    and presence of mentioned notice is removed.

    All mentioned interdependencies come back from now old days when
    the c-ares project lived inside a curl subdirectory. This commit
    removes last traces of such fact.
2013-01-09 00:49:50 +01:00
Steve Holme
4ffb8a6398 pop3: Added support for non-blocking SSL upgrade
Added support for asynchronous SSL upgrade when using the
multi-interface.
2013-01-08 11:31:48 +00:00
Steve Holme
905d0be509 imap.c: Small tidy up to add missing comment 2013-01-07 18:07:04 +00:00
Steve Holme
fd3efca164 imap: Added support for sasl digest-md5 authentication 2013-01-07 11:01:05 +00:00
Steve Holme
825677ad09 imap: Added support for sasl cram-md5 authentication 2013-01-07 07:35:49 +00:00
Steve Holme
f6e33cf669 imap: Added support for sasl ntlm authentication 2013-01-07 02:47:12 +00:00
Steve Holme
4e6265ea5a imap: Added support for sasl login authentication 2013-01-06 23:14:18 +00:00
Steve Holme
494b8664da pop3.c: Fixed default authentication detection
Fixed an issue where a server may positively respond to the CAPA command
but not list clear text as a valid authentication type.
2013-01-06 23:06:29 +00:00
Steve Holme
d6bebd56f7 curl_sasl.c: Small code tidy up following imap changes 2013-01-06 22:32:33 +00:00
Steve Holme
70dcde78d0 smtp.c: Small code tidy up following imap changes 2013-01-06 22:32:05 +00:00
Steve Holme
89a3086231 pop3.c: Small code tidy up following imap changes 2013-01-06 22:31:21 +00:00
Steve Holme
cfb6f03224 imap: Added support for sasl plain text authentication 2013-01-06 22:25:14 +00:00