Daniel Stenberg
5c9b2e68a4
sectransp: handle errSSLPeerAuthCompleted from SSLRead()
...
Reported-by: smuellerDD on github
Fixes #3932
Closes #3933
2019-05-24 11:34:13 +02:00
Gisle Vanem
9d55e09cfe
Fix typo.
2019-05-24 09:05:28 +02:00
Daniel Stenberg
9ad313dcb8
md4: include the mbedtls config.h to get the MD4 info
2019-05-23 17:06:40 +02:00
Daniel Stenberg
0dc9a80199
md4: build correctly with openssl without MD4
...
Reported-by: elsamuko at github
Fixes #3921
Closes #3922
2019-05-23 17:06:29 +02:00
Zenju
170bd047f5
config-win32: add support for if_nametoindex and getsockname
...
Closes https://github.com/curl/curl/pull/3923
2019-05-23 11:10:28 +02:00
Daniel Stenberg
dc0a671213
url: fix bad #ifdef
...
Regression since e91e481612
.
Reported-by: Tom Greenslade
Fixes #3924
Closes #3925
2019-05-23 09:06:48 +02:00
Daniel Stenberg
c6b5813723
Revert "progress: CURL_DISABLE_PROGRESS_METER"
...
This reverts commit 3b06e68b77
.
Clearly this change wasn't good enough as it broke CURLOPT_LOW_SPEED_LIMIT +
CURLOPT_LOW_SPEED_TIME
Reported-by: Dave Reisner
Fixes #3927
Closes #3928
2019-05-23 09:05:20 +02:00
Steve Holme
a14d72ca2f
sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
...
Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in addition to the
authentication identity (authcid) and password when using SASL PLAIN
authentication.
Fixed #3653
Closes #3790
2019-05-22 22:55:05 +01:00
Daniel Stenberg
269f7df0ae
PolarSSL: deprecate support step 1. Removed from configure.
...
Also removed mentions from most docs.
Discussed: https://curl.haxx.se/mail/lib-2019-05/0045.html
Closes #3888
2019-05-22 10:00:56 +02:00
Daniel Stenberg
c9c4f7b547
configure/cmake: check for if_nametoindex()
...
- adds the check to cmake
- fixes the configure check to work for cross-compiled windows builds
Closes #3917
2019-05-22 09:49:19 +02:00
Daniel Stenberg
12e564ca20
parse_proxy: use the IPv6 zone id if given
...
If the proxy string is given as an IPv6 numerical address with a zone
id, make sure to use that for the connect to the proxy.
Reported-by: Edmond Yu
Fixes #3482
Closes #3918
2019-05-22 09:45:43 +02:00
Daniel Stenberg
8fba2d6a6b
url: convert the zone id from a IPv6 URL to correct scope id
...
Reported-by: GitYuanQu on github
Fixes #3902
Closes #3914
2019-05-21 18:58:45 +02:00
Daniel Gustafsson
528b284e4b
udpateconninfo: mark variable unused
...
When compiling without getpeername() or getsockname(), the sockfd
paramter to Curl_udpateconninfo() became unused after commit e91e481612
added ifdef guards.
Closes #3910
Fixes https://curl.haxx.se/dev/log.cgi?id=20190520172441-32196
Reviewed-by: Marcel Raad, Daniel Stenberg
2019-05-21 09:42:22 +02:00
Daniel Gustafsson
8986d3c6f4
ftp: move ftp_ccc in under featureflag
...
Commit e91e481612
moved ftp_ccc in under
the FTP featureflag in the UserDefined struct, but vtls callsites were
still using it unprotected.
Closes #3912
Fixes: https://curl.haxx.se/dev/log.cgi?id=20190520044705-29865
Reviewed-by: Daniel Stenberg, Marcel Raad
2019-05-21 09:38:11 +02:00
Guy Poizat
0da8441298
mbedtls: enable use of EC keys
...
Closes #3892
2019-05-20 19:00:59 +02:00
Omar Ramadan
c454d7f3f4
urlapi: increase supported scheme length to 40 bytes
...
The longest currently registered URI scheme at IANA is 36 bytes long.
Closes #3905
Closes #3900
2019-05-20 15:27:02 +02:00
Marcel Raad
10db3ef21e
lib: reduce variable scopes
...
Fixes Codacy/CppCheck warnings.
Closes https://github.com/curl/curl/pull/3872
2019-05-20 08:51:11 +02:00
Marcel Raad
320cec284d
ssh: move variable declaration to where it's used
...
This way, we need only one call to free.
Closes https://github.com/curl/curl/pull/3873
2019-05-20 08:06:22 +02:00
Marcel Raad
c92a4debd2
ssh-libssh: remove unused variable
...
sock was only used to be assigned to fd_read.
Closes https://github.com/curl/curl/pull/3873
2019-05-20 08:06:05 +02:00
Daniel Stenberg
2576003415
tftp: use the current blksize for recvfrom()
...
bug: https://curl.haxx.se/docs/CVE-2019-5436.html
Reported-by: l00p3r on hackerone
CVE-2019-5436
2019-05-20 07:57:49 +02:00
Daniel Gustafsson
9a87fe704e
version: make ssl_version buffer match for multi_ssl
...
When running a multi TLS backend build the version string needs more
buffer space. Make the internal ssl_buffer stack buffer match the one
in Curl_multissl_version() to allow for the longer string. For single
TLS backend builds there is no use in extended to buffer. This is a
fallout from #3863 which fixes up the multi_ssl string generation to
avoid a buffer overflow when the buffer is too small.
Closes #3875
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-05-19 22:06:26 +02:00
Steve Holme
7ca7f82ba7
http_ntlm_wb: Handle auth for only a single request
...
Currently when the server responds with 401 on NTLM authenticated
connection (re-used) we consider it to have failed. However this is
legitimate and may happen when for example IIS is set configured to
'authPersistSingleRequest' or when the request goes thru a proxy (with
'via' header).
Implemented by imploying an additional state once a connection is
re-used to indicate that if we receive 401 we need to restart
authentication.
Missed in fe6049f0
.
2019-05-18 19:01:11 +01:00
Steve Holme
2697d63363
http_ntlm_wb: Cleanup handshake after clean NTLM failure
...
Missed in 50b87c4e
.
2019-05-18 19:01:10 +01:00
Steve Holme
bd21fc9d2f
http_ntlm_wb: Return the correct error on receiving an empty auth message
...
Missed in fe20826b
as it wasn't implemented in http.c in b4d6db83
.
Closes #3894
2019-05-18 19:00:51 +01:00
Daniel Stenberg
e91e481612
libcurl: #ifdef away more code for disabled features/protocols
2019-05-17 23:24:34 +02:00
Daniel Stenberg
3b06e68b77
progress: CURL_DISABLE_PROGRESS_METER
2019-05-17 23:24:34 +02:00
Daniel Stenberg
3cfcdf08d8
hostip: CURL_DISABLE_SHUFFLE_DNS
2019-05-17 23:24:34 +02:00
Daniel Stenberg
1f8a584f6a
netrc: CURL_DISABLE_NETRC
2019-05-17 23:24:34 +02:00
Daniel Stenberg
8ece8177f1
cleanup: remove FIXME and TODO comments
...
They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing
or rephrasing them.
Ref: #3876
Closes #3883
2019-05-16 09:16:56 +02:00
Steve Holme
fe20826b58
http_ntlm_wb: Move the type-2 message processing into a dedicated function
...
This brings the code inline with the other HTTP authentication mechanisms.
Closes #3890
2019-05-16 00:03:30 +01:00
Daniel Stenberg
ee68bbe29c
parse_proxy: use the URL parser API
...
As we treat a given proxy as a URL we should use the unified URL parser
to extract the parts out of it.
Closes #3878
2019-05-15 12:02:05 +02:00
Steve Holme
e832d1ef74
http_negotiate: Move the Negotiate state out of the negotiatedata structure
...
Given that this member variable is not used by the SASL based protocols
there is no need to have it here.
Closes #3882
2019-05-15 00:32:42 +01:00
Steve Holme
85bef18ca1
http_ntlm: Move the NTLM state out of the ntlmdata structure
...
Given that this member variable is not used by the SASL based protocols
there is no need to have it here.
2019-05-15 00:31:45 +01:00
Steve Holme
0c73adfad3
url: Move the negotiate state type into a dedicated enum
2019-05-15 00:31:35 +01:00
Steve Holme
be9fd703e0
url: Remove duplicate clean up of the winbind variables in conn_shutdown()
...
Given that Curl_disconnect() calls Curl_http_auth_cleanup_ntlm() prior
to calling conn_shutdown() and it in turn performs this, there is no
need to perform the same action in conn_shutdown().
Closes #3881
2019-05-14 14:35:11 +01:00
Daniel Stenberg
9f9ec7da57
urlapi: require a non-zero host name length when parsing URL
...
Updated test 1560 to verify.
Closes #3880
2019-05-14 13:39:10 +02:00
Daniel Gustafsson
bd91e7f340
imap: Fix typo in comment
2019-05-14 12:38:23 +02:00
Steve Holme
b5d1de8e21
url: Remove unnecessary initialisation from allocate_conn()
...
No need to set variables to zero as calloc() does this for us.
Closes #3879
2019-05-14 09:48:16 +01:00
Daniel Gustafsson
b4bb920405
vtls: fix potential ssl_buffer stack overflow
...
In Curl_multissl_version() it was possible to overflow the passed in
buffer if the generated version string exceeded the size of the buffer.
Fix by inverting the logic, and also make sure to not exceed the local
buffer during the string generation.
Closes #3863
Reported-by: nevv on HackerOne/curl
Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg
2019-05-13 20:27:50 +02:00
Daniel Stenberg
93c4de6974
pingpong: disable more when no pingpong enabled
2019-05-13 08:17:10 +02:00
Daniel Stenberg
6d32b72822
proxy: acknowledge DISABLE_PROXY more
2019-05-13 08:17:10 +02:00
Daniel Stenberg
b084616210
parsedate: CURL_DISABLE_PARSEDATE
2019-05-13 08:17:10 +02:00
Daniel Stenberg
e5b546b339
sasl: only enable if there's a protocol enabled using it
2019-05-13 08:17:10 +02:00
Daniel Stenberg
b95456f4e2
mime: acknowledge CURL_DISABLE_MIME
2019-05-13 08:17:09 +02:00
Daniel Stenberg
0e2208ada6
wildcard: disable from build when FTP isn't present
2019-05-13 08:17:09 +02:00
Daniel Stenberg
7c70a3b1ad
http: CURL_DISABLE_HTTP_AUTH
2019-05-13 08:17:09 +02:00
Daniel Stenberg
bf7303966e
base64: build conditionally if there are users
2019-05-13 08:17:09 +02:00
Daniel Stenberg
ae4adae954
doh: CURL_DISABLE_DOH
2019-05-13 08:17:09 +02:00
Steve Holme
52dfab65d6
auth: Rename the various authentication clean up functions
...
For consistency and to a avoid confusion.
Closes #3869
2019-05-12 18:37:00 +01:00
Marcel Raad
15fd9abfea
easy: fix another "clarify calculation precedence" warning
...
I missed this one in commit 6b3dde7fe6
.
2019-05-12 13:36:45 +02:00