1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-11 20:15:03 -05:00
Commit Graph

7444 Commits

Author SHA1 Message Date
Daniel Stenberg
52d16c84d2 openssl: unbreak PKCS12 support
Regression introduced in ce362e8eb9 (7.31.0)

Bug: http://curl.haxx.se/bug/view.cgi?id=1371
Reported-by: Dmitry
2014-05-12 13:06:50 +02:00
Steve Holme
b4c81b6cee Makefile.inc: Added resource file to assist Visual Studio project generation 2014-05-11 20:52:56 +01:00
Steve Holme
8342b6e1dc sasl: Fixed missing qop in the client's challenge-response message
Whilst the qop directive isn't required to be present in a client's
response, as servers should assume a qop of "auth" if it isn't
specified, some may return authentication failure if it is missing.
2014-05-11 14:48:28 +01:00
Steve Holme
fdb2d32144 Makefile.inc: Separated the lib and lib/vtls source file variables
To cater for the automatic generation of the new Visual Studio project
files, moved the lib file list into a separated variable so that lib
and lib/vtls can be referenced independently.
2014-05-09 23:07:32 +01:00
Steve Holme
0ab2c444b5 Makefile.b32: Fixed for vtls changes
Follow up fix to commits a47c142a88, 11e8066ef9 and 92b9ae5c5d.

Bug: http://curl.haxx.se/mail/lib-2014-05/0025.html
Reported and assisted by: Jon Torrey
2014-05-09 21:09:51 +01:00
Steve Holme
65bb4a0d38 getinfo.c: Fixed compilation warning
The indicated statement is not reachable.
2014-05-09 13:18:55 +01:00
Kamil Dudka
ec5fde24de http: avoid auth failure on a duplicated header
... 'WWW-Authenticate: Negotiate' received from server

Reported by: David Woodhouse
Bug: https://bugzilla.redhat.com/1093348
2014-05-09 13:44:04 +02:00
Patrick Watson
94898303d2 mk-ca-bundle: added -p
-p takes a list of Mozilla trust purposes and levels for certificates to
include in output.  Takes the form of a comma separated list of
purposes, a colon, and a comma separated list of levels.
2014-05-08 11:37:45 +02:00
Tatsuhiro Tsujikawa
6404896d8c http2: Compile with latest nghttp2
Now nghttp2_submit_request returns assigned stream ID, we don't have
to check stream ID using before_stream_send_callback.  The
adjust_priority_callback was removed.
2014-05-07 20:51:51 +01:00
Steve Holme
6f8085ca77 url.c: Fixed compilation warning/error
Depending on compiler line 3505 could generate the following warning or
error:

* warning: ISO C90 forbids mixed declarations and code
* A declaration cannot appear after an executable statement in a block
* error C2275: 'size_t' : illegal use of this type as an expression
2014-05-07 10:55:19 +01:00
Daniel Stenberg
5de8d84098 fix_hostname: strip off a single trailing dot from host name
Primarily for SNI, we need the host name without a trailing dot.
"https://www.example.com." resolves fine but fails on SNI unless the dot
is removed.

Reported-by: Leon Winter
Bug: http://curl.haxx.se/mail/lib-2014-04/0161.html
2014-05-06 08:44:11 +02:00
Jeff King
37f484276d curl_multi_cleanup: ignore SIGPIPE better
When looping and closing each individual connection left open, the
SIGPIPE ignoring was not done and could thus lead to death by signal 13.

Bug: http://thread.gmane.org/gmane.comp.version-control.git/238242
2014-05-05 12:47:46 +02:00
Daniel Stenberg
a18a2ba0bb schannel: don't use the connect-timeout during send
As there's a default connection timeout and this wrongly used the
connection timeout during a transfer after the connection is completed,
this function would trigger timeouts during transfers erroneously.

Bug: http://curl.haxx.se/bug/view.cgi?id=1352
Figured-out-by: Radu Simionescu
2014-05-05 00:10:37 +02:00
Daniel Stenberg
812da4190f mprintf: allow %.s with data not being zero terminated
If the precision is indeed shorter than the string, don't strlen() to
find the end because that's not how the precision operator works.

I also added a unit test for curl_msnprintf to make sure this works and
that the fix doesn't a few other basic use cases. I found a POSIX
compliance problem that I marked TODO in the unit test, and I figure we
need to add more tests in the future.

Reported-by: Török Edwin
2014-05-04 23:39:52 +02:00
Steve Holme
4febbedc5a curl_ntlm_core: Fixed use of long long for VC6 and VC7
Commit 07b66cbfa4 unfortunately broke native NTLM message support in
compilers, such as VC6, VC7 and others, that don't support long long
type declarations. This commit fixes VC6 and VC7 as they support the
__int64 extension, however, we should consider an additional fix for
other compilers that don't support this.
2014-05-04 19:07:17 +01:00
Steve Holme
6ebc0d3bd8 config-win32.h: Fixed HAVE_LONGLONG for Visual Studio .NET 2003 and up
Fixed the HAVE_LONGLONG declaration as long long is supported in Visual
Studio .NET 2003 (VC7.1) onwards.
2014-05-04 19:05:06 +01:00
Daniel Stenberg
21aafd09f6 openssl: biomem->data is not zero terminated
So printf(%s) on it or reading before bounds checking is wrong, fixing
it. Could previously lead to reading out of boundary.

Reported-by: Török Edwin
2014-05-04 00:50:10 +02:00
Daniel Stenberg
947bb79c08 easy_perform: spelling mistake in error message 2014-05-03 23:09:26 +02:00
Steve Holme
78ca3c6830 copyright: Updated following recent edits 2014-04-28 23:20:52 +01:00
Dan Fandrich
ef1322df67 Added a few more const where possible 2014-04-29 00:05:19 +02:00
Tatsuhiro Tsujikawa
b8a220d255 http2: Compile with latest nghttp2
commit 6d5f40238028f2d8c (Apr 27) or later nghttp2 is now required
2014-04-27 19:15:08 +02:00
Daniel Stenberg
d5ec44ca4c INFILESIZE: fields in UserDefined must not be changed run-time
set.infilesize in this case was modified in several places, which could
lead to repeated requests using the same handle to get unintendent/wrong
consequences based on what the previous request did!
2014-04-26 18:17:10 +02:00
Kamil Dudka
9c941e92c4 nss: propagate blocking direction from NSPR I/O
... during the non-blocking SSL handshake
2014-04-25 15:08:12 +02:00
Daniel Stenberg
710f14edba handler: make 'protocol' always specified as a single bit
This makes the findprotocol() function work as intended so that libcurl
can properly be restricted to not support HTTP while still supporting
HTTPS - since the HTTPS handler previously set both the HTTP and HTTPS
bits in the protocol field.

This fixes --proto and --proto-redir for most SSL protocols.

This is done by adding a few new convenience defines that groups HTTP
and HTTPS, FTP and FTPS etc that should then be used when the code wants
to check for both protocols at once. PROTO_FAMILY_[protocol] style.

Bug: https://github.com/bagder/curl/pull/97
Reported-by: drizzt
2014-04-23 22:36:01 +02:00
Dan Fandrich
0204e17bc6 cyassl: Use error-ssl.h when available
Versions since at least 2.9.4 renamed error.h to error-ssl.h, so use
whichever one is available.
2014-04-23 11:01:30 +02:00
Daniel Stenberg
386ed2d590 gtls: fix NULL pointer dereference
gnutls_x509_crt_import() must not be called with a NULL certificate

Bug: http://curl.haxx.se/mail/lib-2014-04/0145.html
Reported-by: Damian Dixon
2014-04-22 23:24:31 +02:00
Daniel Stenberg
5b463e97fa curl_global_init_mem: bump initialized even if already initialized
As this makes curl_global_init_mem() behave the same way as
curl_global_init() already does in that aspect - the same number of
curl_global_cleanup() calls is then required to again decrease the
counter and then eventually do the cleanup.

Bug: http://curl.haxx.se/bug/view.cgi?id=1362
Reported-by: Tristan
2014-04-22 23:08:14 +02:00
Kamil Dudka
8868a226cd nss: implement non-blocking SSL handshake 2014-04-22 22:56:14 +02:00
Kamil Dudka
a43bba3a34 nss: split Curl_nss_connect() into 4 functions 2014-04-22 22:56:14 +02:00
Marc Hoersken
ee6791128f multi.c: fix possible invalid memory access in case nfds overflows
ufds might not be allocated in case nfds overflows to zero while
extra_nfds is still non-zero. udfs is then accessed within the
extra_nfds-based for loop.
2014-04-19 16:02:14 +02:00
Marc Hoersken
549b4a659a netrc.c: fix multiple possible dereferences of null pointers 2014-04-19 16:00:43 +02:00
Marc Hoersken
9146f37973 parsedate.c: check sscanf result before passing it to strlen 2014-04-19 15:47:07 +02:00
Marc Hoersken
662fc62517 telnet.c: check sscanf results before passing them to snprintf 2014-04-19 15:23:04 +02:00
Marc Hoersken
f9ffbfce90 telnet.c: fix possible use of uninitialized variable 2014-04-19 15:18:19 +02:00
Marc Hoersken
aa0fbe3537 telnet.c: fix possible use of non-null-terminated strings 2014-04-19 14:26:02 +02:00
Marc Hoersken
c48b996cf2 url.c: fix possible use of non-null-terminated string with strlen
Follow up on b0e742544b
2014-04-19 14:25:32 +02:00
Marc Hoersken
b0e742544b url.c: fix possible use of non-null-terminated string with strlen 2014-04-19 00:17:21 +02:00
Marc Hoersken
7296fc9e7e connect.c: fix multiple possible dereferences of null pointers
In case the first address in the tempaddr array is NULL,
the code would previously dereference an unchecked null pointer.
2014-04-18 23:56:54 +02:00
Marc Hoersken
3f74e149f8 tftp.c: fix possible dereference of null pointer 2014-04-18 23:53:48 +02:00
Marc Hoersken
e81bdab13e socks_sspi.c: added pointer guards to FreeContextBuffer calls
The FreeContextBuffer SAL declaration does not declare the pointer
as optional, therefore it must not be NULL.
2014-04-18 23:24:41 +02:00
Marc Hoersken
54df616729 md5.c: fix use of uninitialized variable 2014-04-18 22:59:25 +02:00
Marc Hoersken
6f72c2fe31 curl_schannel.c: added explicit cast of structure pointers 2014-04-18 22:38:42 +02:00
Marc Hoersken
a703914e60 curl_schannel.c: fix possible dereference of null pointer 2014-04-18 22:36:12 +02:00
Steve Holme
d7ed8da43e imap: Extended FETCH support to include PARTIAL URL specifier 2014-04-18 20:14:09 +01:00
Steve Holme
e2c14bde22 url.c: Fixed typo in comment 2014-04-18 17:51:26 +01:00
Steve Holme
84c0aabe65 imap: Expanded mailbox SEARCH support to use URL query strings 2014-04-18 16:51:48 +01:00
Steve Holme
ca63d4feba imap: Added support for parsing URL query strings
Added support for parsing query strings from the URL as defined by
RFC-5092.
2014-04-18 16:43:57 +01:00
Steve Holme
f804378d16 imap: Introduced the SEARCH state 2014-04-18 15:32:13 +01:00
Steve Holme
2c6b41e98a imap: Fixed untagged response detection when no data after command
Should a command return untagged responses that contained no data then
the imap_matchresp() function would not detect them as valid responses,
as it wasn't taking the CRLF characters into account at the end of each
line.
2014-04-18 15:01:57 +01:00
Daniel Stenberg
b166117c60 README.http2: mention some alt-svc thoughts 2014-04-17 19:23:39 +02:00
Dan Fandrich
263ed02da6 url: only use if_nametoindex() if IFNAMSIZ is available 2014-04-14 08:02:06 +02:00
Steve Holme
b574e83079 sas: Added DIGEST-MD5 qop-option validation in native challange handling
Given that we presently support "auth" and not "auth-int" or "auth-conf"
for native challenge-response messages, added client side validation of
the quality-of-protection options from the server's challenge message.
2014-04-08 21:24:34 +01:00
Daniel Stenberg
73b7a03c3f strerror: fix comment about vxworks' strerror_r buffer size
Bug: http://curl.haxx.se/mail/lib-2014-04/0063.html
Reported-by: Jeroen Koekkoek
2014-04-06 23:13:08 +02:00
Steve Holme
64381f5091 sasl: Added forward declaration of structures following recent changes
To avoid urldata.h being included from the header file or that the
source file has the correct include order as highlighted by one of
the auto builds recently.
2014-04-06 17:20:08 +01:00
Steve Holme
537b571c90 sasl: Fixed compilation warning
warning: no previous prototype for 'Curl_sasl_create_digest_md5_message'
2014-04-06 16:32:28 +01:00
Steve Holme
fe15ea67cc sasl: Added curl_memory.h include as per test 1132 2014-04-06 16:09:19 +01:00
Steve Holme
2af28a147b sasl: Fixed compilation warning in SSPI builds
warning: 'sasl_digest_get_key_value' defined but not used
2014-04-06 16:01:55 +01:00
Steve Holme
f700eb7d9a sasl: Corrected missing free of decoded challenge message from 607883f13c 2014-04-06 14:18:31 +01:00
Steve Holme
175b605331 sasl: Corrected add of Curl_sasl_decode_digest_md5_message() from 2c49e96092 2014-04-06 14:02:10 +01:00
Steve Holme
ee40136f6c sasl: Post DIGEST-MD5 SSPI code tidy up
* Added comments to SSPI NTLM message generation
* Added comments to native DIGEST-MD5 code
* Removed redundant identity pointer
2014-04-06 13:30:52 +01:00
Steve Holme
19a514237d sasl: Corrected pre-processor inclusion of SSPI based DIGEST-MD5 code
When CURL_DISABLE_CRYPTO_AUTH is defined the DIGEST-MD5 code should not
be included, regardless of whether USE__WINDOWS_SSPI is defined or not.
This is indicated by the definition of USE_HTTP_NEGOTIATE and USE_NTLM
in curl_setup.h.
2014-04-06 13:01:14 +01:00
Steve Holme
607883f13c sasl: Added support for DIGEST-MD5 via Windows SSPI 2014-04-06 12:49:32 +01:00
Steve Holme
d4150c317c http_negotiate_sspi: Fixed compilation when USE_HTTP_NEGOTIATE not defined 2014-04-06 01:46:53 +01:00
Steve Holme
0bc14c9faf Makefile.vc6: Added curl_sasl_sspi.c 2014-04-06 00:57:23 +01:00
Steve Holme
c469941293 ntlm: Moved the identity generation into shared SSPI code 2014-04-06 00:35:22 +01:00
Steve Holme
ff853960bd sasl: Renamed SSPI module following short name clash 2014-04-06 00:35:01 +01:00
Steve Holme
2c49e96092 sasl: Added initial stub functions for SSPI DIGEST-MD support 2014-04-05 23:16:51 +01:00
Steve Holme
3a92de5636 sasl: Combined DIGEST-MD5 message decoding and generation 2014-04-05 23:09:04 +01:00
Tatsuhiro Tsujikawa
9e86209d04 http2: Compile with current nghttp2, which supports h2-11 2014-04-05 19:30:12 +02:00
Daniel Stenberg
74851340bd PROXYHEADER: send these headers in "normal" proxy requests too
Updated the docs to clarify and the code accordingly, with test 1528 to
verify:

When CURLHEADER_SEPARATE is set and libcurl is asked to send a request
to a proxy but it isn't CONNECT, then _both_ header lists
(CURLOPT_HTTPHEADER and CURLOPT_PROXYHEADER) will be used since the
single request is then made for both the proxy and the server.
2014-04-04 17:03:43 +02:00
Daniel Stenberg
ef6be35bae CURLOPT_HEADEROPT: added
Modified the logic so that CURLOPT_HEADEROPT now controls if PROXYHEADER
is actually used or not.
2014-04-04 17:03:43 +02:00
Daniel Stenberg
ac887eedbc CURLOPT_PROXYHEADER: set headers for proxy-only
Includes docs and new test cases: 1525, 1526 and 1527

Co-written-by: Vijay Panghal
2014-04-04 17:03:43 +02:00
Daniel Stenberg
42937f87e6 HTTP: don't send Content-Length: 0 _and_ Expect: 100-continue
Without request body there's no point in asking for 100-continue.

Bug: http://curl.haxx.se/bug/view.cgi?id=1349
Reported-by: JimS
2014-04-04 15:46:35 +02:00
Daniel Stenberg
c81021f747 ftp: in passive data connect wait for happy eyeballs sockets
When doing passive FTP, the multi state function needs to extract and
use the happy eyeballs sockets to wait for to check for completion!

Bug: http://curl.haxx.se/mail/lib-2014-02/0135.html (ruined)
Reported-by: Alan
2014-04-03 20:38:19 +02:00
Daniel Stenberg
97f214d0c9 http2+openssl: fix compiler warnings in ALPN using code 2014-04-03 17:03:02 +02:00
Steve Holme
dd9ce1b86c smtp: Fixed login denied with a RFC-821 based server
In addition to commit fe260b75e7 fixed the same issue for RFC-821 based
SMTP servers and allow the credientials to be given to curl even though
they are not used with the server.
2014-04-01 07:20:19 +01:00
Daniel Stenberg
8a0385c1ad urldata: spellfix comment
Reported-by: Melissa
2014-04-01 08:00:34 +02:00
Daniel Stenberg
13682d1a24 ipv6: strip off zone identifiers in redirects too
Follow up to 9317eced98 makes test 1056 work again.
2014-03-31 09:35:32 +02:00
Daniel Stenberg
6448946ac3 http2: let openssl mention the exact protocol negotiated
Remove a superfluous "negotiated http2" info line
2014-03-31 09:00:58 +02:00
Daniel Stenberg
ef813c7097 http2: remove _DRAFT09 from the NPN_HTTP2 enum
We're progressing throught drafts so there's no point in having a fixed
one in a symbol that'll survive.
2014-03-31 08:40:24 +02:00
Till Maas
9317eced98 URL parser: IPv6 zone identifiers are now supported 2014-03-31 07:58:25 +02:00
Steve Holme
fe260b75e7 smtp: Fixed login denied when server doesn't support AUTH capability
Specifying user credentials when the SMTP server doesn't support
authentication would cause curl to display "No known authentication
mechanisms supported!" and return CURLE_LOGIN_DENIED.

Reported-by: Tom Sparrow
Bug: http://curl.haxx.se/mail/lib-2014-03/0173.html
2014-03-28 18:21:27 +00:00
Dan Fandrich
a8c7cf6281 hostcheck: added a system include to define struct in_addr 2014-03-26 22:29:00 +01:00
Daniel Stenberg
965690f67e Curl_cert_hostcheck: strip trailing dots in host name and wildcard
Reported-by: Richard Moore
2014-03-25 23:01:37 +01:00
Daniel Stenberg
5019c78095 Curl_cert_hostcheck: reject IP address wildcard matches
There are server certificates used with IP address in the CN field, but
we MUST not allow wild cart certs for hostnames given as IP addresses
only. Therefore we must make Curl_cert_hostcheck() fail such attempts.

Bug: http://curl.haxx.se/docs/adv_20140326B.html
Reported-by: Richard Moore
2014-03-25 23:01:37 +01:00
Steve Holme
517b06d657 url: Fixed connection re-use when using different log-in credentials
In addition to FTP, other connection based protocols such as IMAP, POP3,
SMTP, SCP, SFTP and LDAP require a new connection when different log-in
credentials are specified. Fixed the detection logic to include these
other protocols.

Bug: http://curl.haxx.se/docs/adv_20140326A.html
2014-03-25 23:01:37 +01:00
Gisle Vanem
196140dcaf polarssl: avoid extra newlines in debug messages
The debug messages printed inside PolarSSL always seems to end with a
newline. So 'infof()' should not add one. Besides the trace 'line'
should be 'const'.
2014-03-22 16:55:39 +01:00
Daniel Stenberg
4ff71183b9 rtsp: parse "Session:" header properly
The parser skipped the initial letter, which presumably often is
whitespace but doesn't have to be.

Reported-by: Mike Hasselberg
Bug: http://curl.haxx.se/mail/lib-2014-03/0134.html
2014-03-20 11:52:27 +01:00
Daniel Stenberg
930b81387b trynextip: don't store 'ai' on failed connects...
It leads to the "next family" tries starting from the wrong point and thus
fails!

Bug: http://curl.haxx.se/bug/view.cgi?id=1337
Reported-by: ricker
2014-03-19 16:34:12 +01:00
Gaël PORTAY
47f8e99e78 polarssl: fix possible handshake timeout issue in multi.
Because of the socket is unblocking, PolarSSL does need call to getsock to
get the action to perform in multi environment.

In some cases, it might happen we have not received yet all data to perform
the handshake. ssh_handshake returns POLARSSL_ERR_NET_WANT_READ, the state
is updated but because of the getsock has not the proper #define macro to,
the library never prevents to select socket for input thus the socket will
never be awaken when last data is available. Thus it leads to timeout.
2014-03-19 16:10:18 +01:00
Gaël PORTAY
ff25f437a5 polarssl: break compatibility with version older than 1.3.
Remove all #ifdef/else/endif macros that ensure compatibility with polarssl
version previous than 1.3.
2014-03-18 21:01:11 +01:00
Gaël PORTAY
31265376bc polarssl: drop use of 1.2 compatibility header.
API has changed since version 1.3. A compatibility header has been created
to ensure forward compatibility for code using old API:
 * x509 certificate structure has been renamed to from x509_cert to
   x509_crt
 * new dedicated setter for RSA certificates ssl_set_own_cert_rsa,
   ssl_set_own_cert is for generic keys
 * ssl_default_ciphersuites has been replaced by function
   ssl_list_ciphersuites()

This patch drops the use of the compatibly header.
2014-03-18 21:01:11 +01:00
Daniel Stenberg
7a1fb8e816 polarssl: added missing end-of-comment from previous commit 2014-03-18 08:03:45 +01:00
Daniel Stenberg
5017d5ada8 polarssl: now require 1.3.0+
Also fixed a function name change in the version requirement bump
2014-03-17 20:48:06 +01:00
hasufell
4d6108315b polarssl: fix compilation
Rename x509_cert to x509_crt and add "compat-1.2.h"
include.
This would still need some more thorough conversion
in order to drop "compat-1.2.h" include.
2014-03-17 20:08:45 +01:00
Kamil Dudka
67061e3f4e nss: allow to enable/disable new AES GCM cipher-suites
... if built against a new enough version of NSS
2014-03-15 13:07:55 +01:00
Kamil Dudka
c864d81289 nss: allow to enable/disable new HMAC-SHA256 cipher-suites
... if built against a new enough version of NSS
2014-03-15 13:07:55 +01:00
Kamil Dudka
b4f6cd46eb nss: do not enable AES cipher-suites by default
... but allow them to be enabled/disabled explicitly.  The default
policy should be maintained at the NSS level.
2014-03-15 13:07:55 +01:00
Dan Fandrich
9b5b6a2b1a ssh: prevent a logic error that could result in an infinite loop 2014-03-15 10:26:29 +01:00
Dan Fandrich
596800378d ssh: removed a redundant close state transition 2014-03-14 23:38:00 +01:00