1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 08:38:49 -05:00
Commit Graph

6594 Commits

Author SHA1 Message Date
Steve Holme
0ee79114ef pop3: Removed some FTP heritage leftovers
Removed user and passwd from the POP3 struct as these cannot be set on
a per-request basis and are leftover from legacy FTP code.

Changed some comments still using FTP terminology.
2013-02-23 16:27:17 +00:00
Steve Holme
29a4a16db8 pop3: Moved the per-request variables to the per-request data structure
Moved the mailbox and custom request variables from the per-connection
struct pop3_conn to the new per-request struct and fixed references
accordingly.
2013-02-23 16:15:38 +00:00
Steve Holme
e2201dc849 pop3: Introduced a custom POP3 structure for per-request data
Created a new POP3 structure and changed the type of the pop3 proto
variable in connectdata from FTP* to POP*.
2013-02-23 16:06:54 +00:00
Jiri Hruska
4cfc7f951c imap: Fixed escaping of mailbox names
Used imap_atom() to escape mailbox names in imap_select().
2013-02-23 15:42:33 +00:00
Steve Holme
fcf02cbb75 pingpong: Moved curl_ftptransfer definition to pingpong.h
Moved the ftp transfer structure into pingpong.h so other protocols that
require it don't have to include ftp.h.
2013-02-23 15:26:26 +00:00
Steve Holme
419bcf9d60 urldata.h: Fixed comment for opt_no_body variable
Corrected comment for opt_no_body variable to CURLOPT_NOBODY.
2013-02-23 12:31:12 +00:00
Steve Holme
d415327bd7 email: Minor tidy up following IMAP changes 2013-02-23 11:34:52 +00:00
Jiri Hruska
35fb6bee0e imap: Removed more FTP leftovers
Changed some variables and comments still using FTP terminology.
2013-02-23 11:27:05 +00:00
Jiri Hruska
13625a0d09 imap: Removed some FTP heritage leftovers
Removed user and passwd from the IMAP struct as these cannot be set on
a per-request basis and are leftover from legacy FTP code.
2013-02-23 11:27:04 +00:00
Jiri Hruska
2476b34b95 imap: Introduced a custom IMAP structure for per-request data
Created a new IMAP structure and changed the type of the imap proto
variable in connectdata from FTP* to the new IMAP*.

Moved the mailbox variable from the per-connection struct imap_conn to
the new per-request struct and fixed references accordingly.
2013-02-23 11:27:02 +00:00
Steve Holme
3906353b41 pop3: Updated do phrase clean-up comment
Following commit 65644b8335 for the IMAP module updated the clean-up
comment in POP3.
2013-02-22 23:31:13 +00:00
Steve Holme
65644b8335 imap: Fixed memory leak when performing multiple selects
Moved the clean-up of the mailbox variable from imap_disconnect() to
imap_done() as this variable is allocated in the do phase, yet would
have only been freed only once if multiple selects where preformed
on a single connection.
2013-02-22 23:29:33 +00:00
Alexander Klauer
a5b231acc2 lib/url.c: Generic read/write data pointers
Always interprets the pointer passed with the CURLOPT_WRITEDATA or
CURLOPT_READDATA options of curl_easy_setopt() as a void pointer in
order to avoid problems in environments where FILE and void pointers
have non-trivial conversion.
2013-02-22 23:22:21 +01:00
Daniel Stenberg
1a4dd1aa7c ossl_seed: avoid recursive seeding! 2013-02-22 23:04:49 +01:00
Jiri Hruska
296b9a5af0 Fixed checking the socket if there is data waiting in the cache
Use Curl_pp_moredata() in Curl_pp_multi_statemach() to check if there is
more data to be received, rather than the socket state, as a task could
hang waiting for more data from the socket itself.
2013-02-22 20:23:25 +00:00
Steve Holme
1dac29fa83 imap.c: Fixed an incorrect variable reference
Fixed an incorrect variable reference which was introduced in commit
a1701eea28 as a result of a copy and paste from SMTP/POP3.
2013-02-22 19:58:42 +00:00
Jiri Hruska
cd65ecb2e8 pingpong: Introduce Curl_pp_moredata()
A simple function to test whether the PP is not sending and there are
still more data in its receiver cache. This will be later utilized to:

1) Change Curl_pp_multi_statemach() and Curl_pp_easy_statemach() to
   not test socket state and just call user's statemach_act() function
   when there are more data to process, because otherwise the task would
   just hang, waiting for more data from the socket.

2) Allow PP users to read multiple responses by looping as long as there
   are more data available and current phase is not finished.
   (Currently needed for correct processing of IMAP SELECT responses.)
2013-02-22 18:35:15 +00:00
Yang Tse
52605e006c smtp.c: fix enumerated type mixed with another type 2013-02-19 16:53:13 +01:00
Yang Tse
6a87ac8c88 polarssl threadlock cleanup 2013-02-19 13:11:55 +01:00
Daniel Stenberg
a995ea05b3 resolver_error: remove wrong error message output
The attempt to use gai_strerror() or alternative function didn't work as
the 'sock_error' field didn't contain the proper error code. But since
this hasn't been reported and thus isn't really a big deal I decided to
just scrap the whole attempt to output the detailed resolver error and
instead remain with just stating that the resolving of the name failed.
2013-02-18 22:52:58 +01:00
Kim Vandry
25e577b33d Curl_resolver_is_resolved: show proper host name on failed resolve 2013-02-18 22:45:52 +01:00
Daniel Stenberg
52b5eadf3c Curl_resolver_is_resolved: fix compiler warning
conversion to 'int' from 'long int' may alter its value
2013-02-18 13:40:13 +01:00
Daniel Stenberg
06e6fd1aa7 compiler warning fix
follow-up to commit ed7174c6f6, rename 'wait' to 'block'
2013-02-18 12:56:03 +01:00
Daniel Stenberg
ed7174c6f6 compiler warning fix: declaration of 'wait' shadows a global declaration
It seems older gcc installations (at least) will cause warnings if we
name a variable 'wait'. Now changed to 'block' instead.

Reported by: Jiří Hruška
Bug: http://curl.haxx.se/mail/lib-2013-02/0247.html
2013-02-18 00:14:35 +01:00
Nick Zitzmann
072b1ad15a MacOSX-Framework: Make script work in Xcode 4.0 and later
Apple made a number of changes to Xcode 4. The SDKs were moved, the entire
Developer folder was moved, and PowerPC support was removed. The script
will now adapt to those changes and should be future-proofed against
additional changes in case Apple moves the Developer folder ever again.
Also, the minimum OS X version compiler option was removed, so that the
framework can be built against the latest SDK but still run in older cats.
2013-02-17 14:30:38 -07:00
Steve Holme
e52fc1e297 email: Tidied up result code variables
Tidied up result variables to be consistent in name, declaration order
and default values.
2013-02-16 23:37:50 +00:00
Nick Zitzmann
12ea5beffc ntlm_core: fix compiler warning when building with clang
Fixed a 64-to-32 compiler warning raised when building with
clang and the --with-darwinssl option.
2013-02-16 14:21:09 -07:00
Daniel Stenberg
5e2e3cb54e polarsslthreadlock: #include the proper memory and debug includes
Pointed out by Steve Holme
2013-02-16 13:56:08 +01:00
Steve Holme
39b79c6b75 email: Removed unnecessary forward declaration
Due to the reordering of functions in commit 586f5d3614 the forward
declaration to state_upgrade_tls() are no longer required.
2013-02-16 10:28:32 +00:00
Steve Holme
b0e0f44934 pop3.c: Added reference to RFC-5034 2013-02-16 10:18:01 +00:00
Willem Sparreboom
6d7033b48a PolarSSL: Change to cURL coding style
Repaired all curl/lib/checksrc.pl warnings in the previous four patches
2013-02-15 23:31:25 +01:00
Willem Sparreboom
f10006ee5f PolarSSL: WIN32 threading support for entropy
Added WIN32 threading support for PolarSSL entropy if
--enable-threaded-resolver config flag is set and process.h can be found.
2013-02-15 23:31:25 +01:00
Willem Sparreboom
c35a10483d PolarSSL: pthread support for entropy
Added pthread support for polarssl entropy if --enable-threaded-resolver
config flag is set and pthread.h can be found.
2013-02-15 23:30:20 +01:00
Willem Sparreboom
db3f3c14f2 PolarSSL: changes to entropy/ctr_drbg/HAVEGE_RANDOM
Add non-threaded entropy and ctr_drbg and removed HAVEGE_RANDOM define
2013-02-15 23:15:10 +01:00
Willem Sparreboom
1346cb19f2 PolarSSL: added human readable error strings
Print out human readable error strings for PolarSSL related errors
2013-02-15 23:15:10 +01:00
Steve Holme
2dbeaf7dad pop3: Removed unnecessary state changes on failure 2013-02-15 18:33:28 +00:00
Steve Holme
673b7ba80a imap: Removed unnecessary state change on failure 2013-02-15 18:33:10 +00:00
Daniel Stenberg
c25383ae13 rename "easy" statemachines: call them block instead
... since they're not used by the easy interface really, I wanted to
remove the association. Also, I unified the pingpong statemachine driver
into a single function with a 'wait' argument: Curl_pp_statemach.
2013-02-15 11:10:18 +01:00
Gisle Vanem
6106eeba16 curl_setup_once.h: definition of HAVE_CLOSE_S defines sclose() to close_s() 2013-02-15 02:35:23 +01:00
Gisle Vanem
8481386513 config-dos.h: define HAVE_CLOSE_S for MSDOS/Watt-32 2013-02-15 02:35:22 +01:00
Gisle Vanem
2683927756 config-dos.h: define strerror() to strerror_s_() for High-C 2013-02-15 02:35:09 +01:00
Gisle Vanem
5d8ec4a634 config-dos.h: define HAVE_TERMIOS_H only for djgpp 2013-02-15 01:38:39 +01:00
Steve Holme
4f328b85c3 smtp.c: Fixed a trailing whitespace
Remove tailing whitespace introduced in commit 7ed689d24a.
2013-02-14 20:06:03 +00:00
Steve Holme
92a537a2bb pop3: Fixed blocking SSL connect when connecting via POP3S
A call to Curl_ssl_connect() was accidentally left in when the SSL/TLS
connection layer was reworked in 7.29. Not only would this cause the
connection to block but had the additional overhead of calling the
non-blocking connect a little bit later.
2013-02-14 18:20:52 +00:00
Steve Holme
7ed689d24a smtp: Refactored the smtp_state_auth_resp() function
Renamed smtp_state_auth_resp() function to match the implementations in
IMAP and POP3.
2013-02-14 18:15:07 +00:00
Daniel Stenberg
358c5c0745 strlcat: remove function
This function was only used twice, both in places where performance
isn't crucial (socks + if2ip). Removing the use of this function removes
the need to have our private version for systems without it == reduced
amount of code.

Also, in the SOCKS case it is clearly better to fail gracefully rather
than to truncate the results.

This work was triggered by a bug report on the strcal prototype in
strequal.h.

strlcat was added in commit db70cd28 in February 2001!

Bug: http://curl.haxx.se/bug/view.cgi?id=1192
Reported by: Jeremy Huddleston
2013-02-14 10:41:45 +01:00
Daniel Stenberg
d821525cee Curl_FormBoundary: made static
As Curl_FormBoundary() is no longer used outside of this file (since
commit ad7291c1a9), it is now renamed to formboundary() and is made
static.
2013-02-14 10:32:04 +01:00
Daniel Stenberg
ad7291c1a9 ossl_seed: fix the last resort PRNG seeding
Instead of just abusing the pseudo-randomizer from Curl_FormBoundary(),
this now uses Curl_ossl_random() to get entropy.
2013-02-14 00:06:19 +01:00
Steve Holme
d09d08dc1f email: Tidy up before additional IMAP work
Replaced two explicit comparisons of CURLE_OK with boolean alternatives.

General tidy up of comments.
2013-02-13 20:12:21 +00:00
Steve Holme
0c6fa0dd64 smtp: Removed duplicate pingpong structure initialisation
The smtp_connect() function was setting the member variables of the
pingpong structure twice, once before calling Curl_pp_init() and once
after!
2013-02-13 18:22:20 +00:00
Yang Tse
beae838ed5 move msvc IDE related files to 'vc' directory tree 2013-02-13 13:28:13 +01:00
Steve Holme
d713e9a207 imap: Corrected a whitespace issue from previous commit
Fixed a small whitespace issue that crept in there in commit
508cdf4da4.
2013-02-12 23:05:14 +00:00
Steve Holme
508cdf4da4 email: Another post optimisation of endofresp() tidy up 2013-02-12 23:00:34 +00:00
Steve Holme
e6c1e773d9 sasl: Fixed null pointer reference when decoding empty digest challenge
Fixed a null pointer reference when an empty challenge is passed to the
Curl_sasl_create_digest_md5_message() function.

Bug: http://sourceforge.net/p/curl/bugs/1193/
Reported by: Saran Neti
2013-02-12 22:20:44 +00:00
Steve Holme
52281a10aa email: Post optimisation of endofresp() tidy up
Removed unnecessary end of line check and return.
2013-02-12 21:01:50 +00:00
Nick Zitzmann
66aa9bf52d darwinssl: Fix send glitchiness with data > 32 or so KB
An ambiguity in the SSLWrite() documentation lead to a bad inference in the
code where we assumed SSLWrite() returned the amount of bytes written to
the socket, when that is not actually true; it returns the amount of data
that is buffered for writing to the socket if it returns errSSLWouldBlock.
Now darwinssl_send() returns CURLE_AGAIN if data is buffered but not written.

Reference URL: http://curl.haxx.se/mail/lib-2013-02/0145.html
2013-02-12 13:02:36 -07:00
Steve Holme
bd93062ee5 pingpong.h: Fixed line length over 78 characters from b56c9eb48e 2013-02-12 19:28:23 +00:00
Steve Holme
b56c9eb48e pingpong: Optimised the endofresp() function
Reworked the pp->endofresp() function so that the conndata, line and
line length are passed down to it just as with Curl_client_write()
rather than each implementation of the function having to query
these values.

Additionally changed the int return type to bool as this is more
representative of the function's usage.
2013-02-12 18:08:48 +00:00
Steve Holme
586f5d3614 email: Post STARTLS capability code tidy up (Part Three)
Corrected the order of the upgrade_tls() functions and moved the handler
upgrade and getsock() functions out from the middle of the state related
functions.
2013-02-11 23:13:50 +00:00
Steve Holme
de492b31c5 email: Post STARTLS capability code tidy up (Part Two)
Corrected the order of the pop3_state_capa() / imap_state_capability()
and the pop3_state_capa_resp() / imap_state_capability_resp() functions
to match the execution order.
2013-02-11 22:41:08 +00:00
ulion
5cd85db9fa SOCKS: fix socks proxy when noproxy matched
Test 1212 added to verify

Bug: http://curl.haxx.se/bug/view.cgi?id=1190
2013-02-11 20:10:52 +01:00
Steve Holme
9a6e580e3a ntlm: Updated comments for the addition of SASL support to IMAP in v7.29 2013-02-11 14:26:18 +00:00
Linus Nielsen Feltzing
da3fc1ee91 Fix NULL pointer reference when closing an unused multi handle. 2013-02-10 22:57:58 +01:00
Steve Holme
85a2e9ec82 email: Post STARTLS capability code tidy up (Part One)
Corrected the order of the CAPA / CAPABILITY state machine constants to
match the execution order.
2013-02-10 21:18:30 +00:00
Steve Holme
18d1ea4528 imap: Fixed memory leak following commit f6010d9a03 2013-02-10 20:32:36 +00:00
Steve Holme
566a3638fa smtp: Added support for the STARTTLS capability (Part Two)
Added honoring of the tls_supported flag when starting a TLS upgrade
rather than unconditionally attempting it. If the use_ssl flag is set
to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
connection will continue to authenticate. If this flag is set to
CURLUSESSL_ALL then the connection will complete with a failure as it
did previously.
2013-02-10 19:59:42 +00:00
Steve Holme
e0f4af4032 pop3: Added support for the STLS capability (Part Three)
Added honoring of the tls_supported flag when starting a TLS upgrade
rather than unconditionally attempting it. If the use_ssl flag is set
to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
connection will continue to authenticate. If this flag is set to
CURLUSESSL_ALL then the connection will complete with a failure as it
did previously.
2013-02-10 19:56:54 +00:00
Steve Holme
b50ce1e5ba imap: Added support for the STARTTLS capability (Part Three)
Added honoring of the tls_supported flag when starting a TLS upgrade
rather than unconditionally attempting it. If the use_ssl flag is set
to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
connection will continue to authenticate. If this flag is set to
CURLUSESSL_ALL then the connection will complete with a failure as it
did previously.
2013-02-10 19:53:49 +00:00
Steve Holme
2e0a295e3b pop3: Added support for the STLS capability (Part Two)
Added sending of initial CAPA command before STLS is sent. This allows
for the detection of the capability before trying to upgrade the
connection.
2013-02-10 15:45:01 +00:00
Steve Holme
f6010d9a03 imap: Added support for the STARTTLS capability (Part Two)
Added sending of initial CAPABILITY command before STARTTLS is sent.
This allows for the detection of the capability before trying to
upgrade the connection.
2013-02-10 15:41:56 +00:00
Steve Holme
c76cb3da04 smtp: Added support for the STLS capability (Part One)
Introduced detection of the STARTTLS capability, in order to add support
for TLS upgrades without unconditionally sending the STARTTLS command.
2013-02-10 12:19:10 +00:00
Steve Holme
2f66ca11c1 pop3: Added support for the STLS capability (Part One)
Introduced detection of the STLS capability, in order to add support
for TLS upgrades without unconditionally sending the STLS command.
2013-02-10 12:16:27 +00:00
Steve Holme
a1701eea28 imap: Added support for the STARTTLS capability (Part One)
Introduced detection of the STARTTLS capability, in order to add support
for TLS upgrades without unconditionally sending the STARTTLS command.
2013-02-10 12:13:55 +00:00
Steve Holme
92f7606f29 smtp: Fixed an issue when processing EHLO failure responses (Part 3)
Follow up fix to commit 62bd217464 to cater for servers that don't
respond with a 250 in their EHLO responses. Additionally updated the
SMTP tests to respond with a 250 response code as per RFC5321.
2013-02-09 19:01:15 +00:00
Steve Holme
fd52530b50 pop3: Fixed SASL authentication capability detection
Fixed the SASL capability detection to include the space character
before the authentication mechanism list. Otherwise a capability such
as SASLSOMETHING would be interpreted as enabling SASL and potentially
trying to identify SOMETHING as a mechanism.
2013-02-09 17:17:02 +00:00
Steve Holme
572f7864b2 pop3: Fixed incorrect return value from pop3_endofresp()
Corrected an incorrect return value when -ERR is received from the
server - introduced in commit b5bb61ee69 (June 2012).
2013-02-09 15:23:30 +00:00
Steve Holme
62bd217464 smtp: Fixed an issue when processing EHLO failure responses (Part 2)
Follow up fix to commit 23d17190ee as EHLO capabilities can exist
within a positive response line.
2013-02-09 14:32:20 +00:00
Steve Holme
f0bfc0fbd7 smtp: Fixed an issue with missing capabilities after the AUTH line
Follow up to commit 40f9bb787f to fix missing capabilities after an
AUTH line.
2013-02-09 14:26:22 +00:00
Nick Zitzmann
7f266f1c99 darwinssl: Make certificate errors less techy
Previously if a problem was found with one of the server's certificates,
we'd log an OSStatus for the end user to look up. Now we explain what
was wrong with the site's certificate chain. Also un-did part of the
previous commit where the code wouldn't catch errSSLServerAuthCompleted
if built under Leopard.
2013-02-08 18:34:11 -07:00
Guenter Knauf
5be2499e16 Updated dependency libs. 2013-02-09 01:35:11 +01:00
Steve Holme
f44d0aedc1 imap: Corrected some comments 2013-02-09 00:26:40 +00:00
Steve Holme
23d17190ee smtp: Fixed an issue when processing EHLO failure responses
Fixed a small issue where smtp_endofresp() would look for capabilities
in the description part of a failure response. In theory a server
shouldn't respond with SIZE or AUTH in an EHLO command's failure
response but if it did then capabilities would be unnecessarily set
before eventually failing.
2013-02-09 00:22:25 +00:00
Steve Holme
21657823ea pop3: Reworked pop3_endofresp() to simplify it little
Reworked pop3_endofresp() to simplify it and provide consistency between
imap and smtp.
2013-02-08 23:07:20 +00:00
Steve Holme
3bb45aa7f5 imap: Renamed state variables in imap_authenticate()
Renamed the authstate1 and authstate2 variables in imap_authenticate()
as the old name was a left over from when there was only one state
variable which was named due to a clash with the state() function.

Additionally this provides consistency with the smtp module.
2013-02-08 21:40:54 +00:00
Steve Holme
40f9bb787f smtp: Reworked smtp_endofresp() to allow for extra capability detection 2013-02-08 21:19:34 +00:00
Steve Holme
dda53476ca smtp: Renamed smtp_state_auth_passwd_resp() function
Renamed the login password response function to better describe it's
purpose as well as for consistency with the imap and pop3 modules.
2013-02-08 20:54:03 +00:00
Gisle Vanem
463082bea4 ntlm: fix memory leak
Running tests\libtest\libntlmconnect.exe reveals a 1 byte (!) leak in
./lib/curl_ntlm_msgs.c:

perl ..\memanalyze.pl c:memdebug.curl
Leak detected: memory still allocated: 1 bytes
At 9771e8, there's 1 bytes.
allocated by curl_ntlm_msgs.c:399

Snippet from curl_ntlm_msgs.c:
   /* setup ntlm identity's domain and length */
   dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));

(my domlen == 0).

'dup_domain.tbyte_ptr' looks to be freed in Curl_ntlm_sspi_cleanup() via
'ntlm->identity.Domain'. But I see no freeing of 'dup_domain.tchar_ptr'.
2013-02-08 15:51:27 +01:00
Daniel Stenberg
72688317ad DONE: consider callback-aborted transfers premature
This bug report properly identified that when doing SMTP and aborting
the transfer with a callback, it must be considered aborted prematurely
by the code to avoid QUIT etc to be attempted as that would cause a
hang.

The new test case 1507 verifies this behavior.

Reported by: Patricia Muscalu
Bug: http://curl.haxx.se/bug/view.cgi?id=1184
2013-02-08 13:57:01 +01:00
Nick Zitzmann
9613cf7211 darwinssl: Fix build under Leopard
It turns out that Leopard (OS X 10.5) doesn't have constants for the ECDH
ciphers in its headers, so the cases for them have been taken out of the
build when building under Leopard. Also added a standard function for
getting a string description of a SecCertificateRef.
2013-02-07 18:57:53 -07:00
Steve Holme
6da7dc026c imap: Added support for SASL-IR extension (Part 2)
Modified imap_authenticate() to add support for sending the initial
response with the AUTHENTICATE command, as per RFC4959.
2013-02-07 21:06:53 +00:00
Steve Holme
e07385f853 smtp: Updated SMTP_AUTH_PASSWD state constant
Changed the SMTP_AUTH_PASSWD state constant to SMTP_AUTH_LOGIN_PASSWD to
better describe the state as the second part of an AUTH LOGIN command,
as well as for consistency with the imap and pop3 modules.
2013-02-07 20:37:11 +00:00
Steve Holme
86dfcf737d imap: Added support for SASL-IR extension (Part 1)
Introduced detection of the SASL-IR capability, in order to add support
for sending the initial response with the AUTHENTICATE command, as per
RFC4959.
2013-02-07 20:02:06 +00:00
Steve Holme
7704621f4c imap: Changed response tag generation to be completely unique
Updated the automatic response tag generation to follow the examples
given in RC3501, which list a 4 character string such as A001, A002,
etc.

As a unique identifier should be generated for each command the string
generation is based on the connection id and the incrementing command
id.
2013-02-07 00:18:23 +00:00
Steve Holme
cecb9c0f71 imap: Small variable rename in preparation for upcoming change
Renamed a couple of variables and updated some comments in
preparation for upcoming command id / response tag change.
2013-02-06 22:22:57 +00:00
Daniel Stenberg
632e50ca8d msvc: move Makefile.msvc.names into winbuild/
In an attempt to clear up misc files from the root dir
2013-02-06 23:14:11 +01:00
Steve Holme
de0410fe9a email: Moved starttls code in separate functions
To help maintain the readability of the code in imap.c, pop3.c and
smtp.c moved the starttls code into state_starttls() functions.
2013-02-06 20:02:36 +00:00
Daniel Stenberg
bf633a584d vms: config-vms.h is removed, no use trying to distribute it 2013-02-06 11:11:55 +01:00
Eldar Zaitov
f206d6c055 Curl_sasl_create_digest_md5_message: fix buffer overflow
When negotiating SASL DIGEST-MD5 authentication, the function
Curl_sasl_create_digest_md5_message() uses the data provided from the
server without doing the proper length checks and that data is then
appended to a local fixed-size buffer on the stack.

This vulnerability can be exploited by someone who is in control of a
server that a libcurl based program is accessing with POP3, SMTP or
IMAP. For applications that accept user provided URLs, it is also
thinkable that a malicious user would feed an application with a URL to
a server hosting code targetting this flaw.

Bug: http://curl.haxx.se/docs/adv_20130206.html
2013-02-06 11:06:33 +01:00
Yang Tse
85625c5e28 setup-vms.h: post VMS patch cleanup - III
- rename post-config-vms.h to setup-vms.h
- move its inclusion into proper location in curl_setup.h
2013-02-06 04:53:34 +01:00
Steve Holme
33a182e6c2 imap.h: Corrected incorrect comment clarification
Corrected comment clarification made in commit 167717b806.
2013-02-05 23:59:47 +00:00