1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-10 11:35:07 -05:00
Commit Graph

5220 Commits

Author SHA1 Message Date
Daniel Stenberg
5b40c11c2f gzip: Value stored to 'data' is never read 2010-04-24 12:37:11 +02:00
Yang Tse
81512cc02b hmac.c related compilation adjustment 2010-04-20 21:35:31 +02:00
Yang Tse
32236dad5e hmac.c related compilation adjustment 2010-04-20 21:23:53 +02:00
monnerat
b30ce34d84 Add compilation directives for hmac in Watcom,riscos and vc6 platform-specific makefiles. 2010-04-20 19:23:48 +02:00
Ruslan Gazizov
2164b6b463 replaced wsock32.lib usage with ws2_32.lib in MSVC makefiles 2010-04-20 16:30:10 +02:00
monnerat
7af5e3c39e Merge branch 'master' of github.com:bagder/curl 2010-04-19 17:37:51 +02:00
monnerat
42930155ab Remove null-effect leftover code. 2010-04-19 17:30:20 +02:00
Daniel Stenberg
a5b7e3205d Curl_HMAC_MD5: fix the array init to not warn with picky compilers 2010-04-19 16:19:36 +02:00
monnerat
dfce37da23 Fix GnuTLS compilation problem in md5.c 2010-04-19 14:09:45 +02:00
monnerat
14bfcb96f5 Fix compilation problem: declare Curl_HMAC_MD5 as extern in include file. 2010-04-19 12:44:17 +02:00
monnerat
87fbcb4494 Merge branch 'master' of github.com:bagder/curl 2010-04-19 11:17:46 +02:00
monnerat
4bfe07640c Implement SMTP authentication 2010-04-19 11:16:30 +02:00
Daniel Stenberg
b7848e4a72 parsedate: Value stored to 'found' is never read 2010-04-17 18:57:39 +02:00
Daniel Stenberg
99ec359b4d check_gzip_header: Value stored to 'data' is never read 2010-04-17 18:55:52 +02:00
Daniel Stenberg
dfad8a6dad dprintf_formatf: Value stored to 'left' is never read 2010-04-16 23:50:39 +02:00
Daniel Stenberg
d841ab82b8 curl_version: remove superfluous assignments 2010-04-16 23:49:03 +02:00
Daniel Stenberg
d6be52d80e FTP PORT: Value stored to 'rc' is never read 2010-04-16 23:45:05 +02:00
Daniel Stenberg
c0111460b0 Curl_setup_transfer: no longer returns anything
This function could only return CURLE_OK and by changing it to
a void instead, we can simplify code all over.
2010-04-16 23:43:04 +02:00
Daniel Stenberg
93981bb9b5 PASV response: Value stored to 'rc' is never read 2010-04-16 23:28:20 +02:00
Daniel Stenberg
8f136288c5 Curl_perform: Value stored to 'res2' is never read 2010-04-16 23:27:35 +02:00
Daniel Stenberg
9799dbebd6 sftp range: remove unnecessary check for NULL pointer 2010-04-16 23:20:50 +02:00
Daniel Stenberg
b025ac16a6 ftp_range: remove unnecessary check for NULL pointer 2010-04-16 23:20:07 +02:00
Daniel Stenberg
5d43c75c66 file_range: remove unnecessary check for NULL pointer 2010-04-16 23:18:43 +02:00
Daniel Stenberg
15fa5dcfe6 SOCKS4: Value stored to 'rc' is never read 2010-04-16 23:03:55 +02:00
Daniel Stenberg
516dfd1705 FTP PASV: Value stored to 'rc' is never read 2010-04-16 23:02:15 +02:00
Daniel Stenberg
743bd81e64 ftp_range: Value stored to 'totalsize' is never read
Simplified the code by removing a local variable completely.
2010-04-16 23:00:21 +02:00
Daniel Stenberg
520cee3fb7 SOCKS5: when name resolves fail return immediately
This makes the code flow more obvious and reacts on the return
code properly, even if the code acted the same way before.
2010-04-16 22:58:04 +02:00
Daniel Stenberg
fa7341143a POP3: when USER command fails, don't even try PASS 2010-04-16 22:56:13 +02:00
Daniel Stenberg
313a5b05c2 tftp_rx: Value stored to 'sbytes' is never read 2010-04-16 22:55:07 +02:00
Daniel Stenberg
01fc53e027 file_range: Value stored to 'totalsize' is never read 2010-04-16 22:52:49 +02:00
Jerome Vouillon
c2888604d7 GnuTLS: make the connection phase non-blocking
When multi interface is used, the SSL handshake is no longer
blocking when GnuTLS is used.
2010-04-16 22:43:01 +02:00
Daniel Stenberg
6632d957e7 krb5_auth: fix my previous change to compile 2010-04-16 20:22:46 +02:00
Daniel Stenberg
2056ca9fea SSL_RECV: EOF is not an error here
The recent overhaul of the SSL recv function made this treat a
zero returned from gnutls_record_recv() as an error, and this
caused our HTTPS test cases to fail. We leave it to upper layer
code to detect if an EOF is a problem or not.
2010-04-16 15:29:25 +02:00
Daniel Stenberg
f3d4b17a9c resolvers: no more using AI_CANONNAME
No resolver anymore needs to use AI_CANONNAME and do reverse
lookups.  We should work hard to avoid having code that relies on
it.
2010-04-16 15:03:52 +02:00
Daniel Stenberg
5bd38b70dd KRB5: use given host name instead of reverse lookup'ed name
This code would previously use dns_entry->addr->ai_canonname
instead of the given host name, which caused us grief and
problems since not all our resolver options do the reverse lookup
and I would also guess that it caused problems with KRB5/GSS with
virtual name-based hosts. Now the host name from the URL is used.
2010-04-16 15:02:08 +02:00
Dan Fandrich
44f1bef668 Remove redundant conditional 2010-04-15 10:51:03 -07:00
Daniel Stenberg
68aae7f579 Curl_ipv4_resolve_r: only set AI_CANONNAME when needed
As reported in bug report #2987196, the code for ipv6 already did
the setting of this bit correctly so we copied that logic into
the Curl_ipv4_resolve_r() function as well. KRB code is the only
code we know that might need the cannonical name so only resolve
it for such requests!
2010-04-15 13:04:01 +02:00
Daniel Stenberg
5a814f6f2c ignore files generated by 'maketgz' 2010-04-14 17:12:34 +02:00
Yang Tse
6432fafa1a fix compiler warning: variable might be clobbered by longjmp or vfork 2010-04-13 16:34:13 +02:00
Guenter Knauf
32edba1999 added a cast to silent compiler warning with 64bit systems. 2010-04-12 16:47:48 +02:00
Daniel Stenberg
f9db721c1c update the section on timeouts
The section that describes how to work with timeouts was
misleading and could easily trick users to use the wrong API.
2010-04-12 11:09:55 +02:00
Daniel Stenberg
cf9145973b update URL and cut out wrong info on ipv6
c-ares has had its own URL for a while and we should point
people to that. It also works with IPv6 since a long time.
2010-04-12 11:09:08 +02:00
Daniel Stenberg
02892e4fd8 FTP quote commands prefixed with '*' now can fail without aborting
Prefixing the FTP quote commands with an asterisk really only
worked for the postquote actions. This is now fixed and test case
227 has been extended to verify.
2010-04-09 16:54:52 +02:00
Kamil Dudka
10977f57de qssl: reflect recent code changes in SSL interface
Reported by Guenter Knauf.
2010-04-07 10:47:19 +02:00
Kamil Dudka
ef1ac363ee nss: handle client certificate related errors 2010-04-06 13:42:11 +02:00
Ben Greear
e6858e267b ssl: Fix build when SSL isn't enabled
Signed-off-by: Ben Greear <greearb@candelatech.com>
2010-04-06 01:44:28 +02:00
Kamil Dudka
ff8711135e refactorize interface of Curl_ssl_recv/Curl_ssl_send 2010-04-04 23:37:18 +02:00
Kamil Dudka
7425db3fab simplify code of Curl_resolv_timeout() 2010-04-04 23:35:21 +02:00
Kamil Dudka
64ac64e783 eliminate a race condition in Curl_resolv_timeout() 2010-04-04 23:34:24 +02:00
Ben Greear
e7e37a246a fixed compiler warnings 2010-04-02 21:02:35 +02:00
Daniel Stenberg
49f3160d69 fix SFTP download hang
Matt Wixson found and fixed a bug in the SCP/SFTP area where the
code treated a 0 return code from libssh2 to be the same as
EAGAIN while in reality it isn't. The problem caused a hang in
SFTP transfers from a MessageWay server.
2010-04-01 22:39:15 +02:00
Daniel Stenberg
1d265692b7 removed README.cmake due to the improved situation 2010-03-31 23:05:16 +02:00
Guenter Knauf
7b913444ec fix compiler warning with a cast. 2010-03-31 02:09:49 +02:00
Guenter Knauf
909fdc07bf make folks use latest available dependent libraries. 2010-03-31 01:10:09 +02:00
Daniel Stenberg
d1837ad90a use (s)size_t for string lengths to fix compiler warns 2010-03-29 16:30:35 +02:00
Ben Greear
7e22d6332b Fix compile warnings in ssh.c
strlen() returns size_t, but ssh libraries are wanting 'unsigned int'.  Add
explicit casts and use _ex versions of the ssh library calls.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2010-03-29 16:09:09 +02:00
Ben Greear
3ec7543007 fix smtp compile warning
Use ssize_t instead of int for the Curl_smtp_escape_eob nread
argument.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2010-03-29 16:03:38 +02:00
Ben Greear
69ccc9f861 pop3: Get message listing if no mailbox in URL
If you pass a URL to pop3 that does not contain a message ID as
part of the URL, it will currently ask for 'INBOX' which just
causes the pop3 server to return an error.

The change makes libcurl treat en empty message ID as a request
for LIST (list of pop3 message IDs).  User's code could then
parse this and download individual messages as desired.
2010-03-28 23:49:00 +02:00
Ben Greear
0eda142e90 allow user+password in the URL for all protocols
Ben Greear brought a patch that from now on allows all protocols
to specify name and user within the URL, in the same manner HTTP
and FTP have been allowed to in the past - although far from all
of the libcurl supported protocols actually have that feature in
their URL definition spec.
2010-03-27 23:00:51 +01:00
Ben Greear
7de44e0a42 Make rate-limitation logic smoother
This gives a smoother rate limitation performance by using
sub-second pauses and also taking the buffer sizes into
account.
2010-03-26 23:33:02 +01:00
Daniel Stenberg
05de2cf180 remove all .cvsignore files 2010-03-25 23:22:03 +01:00
Daniel Stenberg
93e6b1cb7c PROT_CLOSEACTION should not include TFTP
TFTP is not a protocol that uses close actions so it should
not be set in that bitmask!
2010-03-25 19:56:50 +01:00
Daniel Stenberg
675330b8df use CURL_SIZEOF_LONG instead of SIZEOF_LONG
That's the symbol we have or generate in include/curl/curlbuild.h
2010-03-25 11:39:13 +01:00
Bill Hoffman
481c61d060 Merge branch 'master' of github.com:bagder/curl 2010-03-24 14:19:50 -04:00
Bob Richmond
05632d5db9 fix: timeout after last data chunk was handled
Bob Richmond: There's an annoying situation where libcurl will
read new HTTP response data from a socket, then check if it's a
timeout if one is set. If the last packet received constitutes
the end of the response body, libcurl still treats it as a
timeout condition and reports a message like:

"Operation timed out after 3000 milliseconds with 876 out of 876
bytes received"

It should only a timeout if the timer lapsed and we DIDN'T
receive the end of the response body yet.
2010-03-24 17:02:17 +01:00
Daniel Stenberg
c245a8f92e avoid compiler warning without USE_ALARM_TIMEOUT 2010-03-24 17:00:20 +01:00
Bill Hoffman
d42f9329dc Fix curl CMake build.
This commit fixes the cmake build of curl, and cleans up the
cmake code a little.  It removes some commented out code and
some trailing whitespace.  To get curl to build the binary
tree include/curl directory needed to be added to the include
path. Also, SIZEOF_SHORT needed to be added.  A check for the
lack of defines of SIZEOF_* for warnless.c was added.
2010-03-24 10:57:54 -04:00
Chris Conroy
1ac168e576 Fix RTSP GET_PARAMETER empty and non-empty operation.
Test coverage included. Thanks to Massimo Callegari for the bug report
2010-03-24 13:21:14 +01:00
Daniel Stenberg
be28825b2d restore executable bits on some files 2010-03-24 11:07:35 +01:00
Daniel Stenberg
2309b4e330 remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
Daniel Stenberg
3f96b7827b update to current state 2010-03-24 10:44:25 +01:00
Daniel Stenberg
4b351d018e mark connection as connected
Kenny To filed the bug report #2963679 with patch to fix a
problem he experienced with doing multi interface HTTP POST over
a proxy using PROXYTUNNEL. He found a case where it would connect
fine but bits.tcpconnect was not set correct so libcurl didn't
work properly.

(http://curl.haxx.se/bug/view.cgi?id=2963679)
2010-03-23 23:30:39 +01:00
Daniel Stenberg
7fd32ce73d chunked-encoding with Content-Length: header problem
Akos Pasztory filed debian bug report #572276
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572276
mentioning a problem with a resource that returns chunked-encoded
_and_ with a Content-Length and libcurl failed to properly ignore
the latter information.
2010-03-23 15:26:45 +01:00
Daniel Stenberg
2a94293efd delayed easy handle kill caused double Curl_close() call
Hauke Duden provided an example program that made the multi
interface crash.  His example simply used the multi interface and
did first one FTP transfer and after completion it used a second
easy handle and did another FTP transfer on the same FTP server.

This triggered a bug in the "delayed easy handle kill" system
that curl uses: when an FTP connection is left alive it must keep
an easy handle around internally - only for the purpose of having
an easy handle when it later disconnects it. The code assumed
that when the easy handle was removed and an internal reference
was made, that version could be killed later on when a new easy
handle came using the same connection. This was wrong as Hauke's
example showed that the removed handle wasn't killed for real
until later. This caused a double close attempt => segfault.
2010-03-23 13:18:30 +01:00
Thomas Lopatic
6657f12fff fix the alarm()-based DNS timeout
Looking at the code of Curl_resolv_timeout() in hostip.c, I think
that in case of a timeout, the signal handler for SIGALRM never
gets removed. I think that in my case it gets executed at some
point later on when execution has long left Curl_resolv_timeout()
or even the cURL library.

The code that is jumped to with siglongjmp() simply sets the
error message to "name lookup timed out" and then returns with
CURLRESOLV_ERROR. I guess that instead of simply returning
without cleaning up, the code should have a goto that jumps to
the spot right after the call to Curl_resolv().
2010-03-22 21:57:48 +01:00
douglas steinwand
abcea311e3 Fix insufficient initialization in Curl_clone_ssl_config()
which could have caused a double free when reusing curl handle.
2010-03-22 09:25:03 +01:00
Ben Greear
ad76d58e7f Fix tftp return codes and tsize upload handling
Error codes were not properly returned to the main curl code (and on to apps
using libcurl).

tftp was crapping out when tsize == 0 on upload, but I see no reason to fail
to upload just because the remote file is zero-length.  Ignore tsize option on
upload.
2010-03-21 23:24:36 +01:00
Daniel Stenberg
930742776a more files to ignore 2010-03-21 00:21:34 +01:00
Daniel Stenberg
b40acd8009 provide an initial set of .gitignore files 2010-03-20 23:35:45 +01:00
Kamil Dudka
19ca0c0fbe - Improved Curl_read() to not ignore the error returned from Curl_ssl_recv(). 2010-03-19 15:43:11 +00:00
Daniel Stenberg
6728334edb fix warning about conversions between curl_off_t and long 2010-03-18 21:52:31 +00:00
Yang Tse
749fd2f9e9 another shot at the ftp_init() icc 9.1 optimizer issue 2010-03-18 17:37:00 +00:00
Daniel Stenberg
733f794cb8 - Constantine Sapuntzakis brought a patch:
The problem mentioned on Dec 10 2009
  (http://curl.haxx.se/bug/view.cgi?id=2905220) was only partially fixed.
  Partially because an easy handle can be associated with many connections in
  the cache (e.g. if there is a redirect during the lifetime of the easy
  handle).  The previous patch only cleaned up the first one. The new fix now
  removes the easy handle from all connections, not just the first one.
2010-03-15 22:40:42 +00:00
Yang Tse
52cd332b95 fix compiler warning 2010-03-11 18:53:42 +00:00
Dan Fandrich
c7e647b88a Allow compilation even when OpenSSL has been configured without MD4 support. 2010-03-11 06:57:33 +00:00
Daniel Stenberg
e262aaae2b - Ben Greear brought a patch that fixed the rate limiting logic for TFTP when
the easy interface was used.
2010-03-06 18:42:06 +00:00
Daniel Stenberg
a0c3edcc37 indent fix by Ben Greear, I removed some braces for single-line conditional
expressions
2010-03-06 18:39:45 +00:00
Yang Tse
f4551a9678 Constantine Sapuntzakis detected and fixed a double free in builds done
with threaded resolver enabled (Windows default configuration) that would
get triggered when a curl handle is closed while doing DNS resolution.
2010-03-05 03:15:19 +00:00
Daniel Stenberg
9b2cce236f - Based on patch provided by Jacob Moshenko, the transfer logic now properly
makes sure that when using sub-second timeouts, there's no final bad 1000ms
  wait. Previously, a sub-second timeout would often make the elapsed time end
  up the time rounded up to the nearest second (e.g. 1s for 200ms timeout)
2010-03-02 21:20:22 +00:00
Daniel Stenberg
6bf071df7e - Andrei Benea filed bug report #2956698 and pointed out that the
CURLOPT_CERTINFO feature leaked memory due to a missing OpenSSL function
  call. He provided the patch to fix it too.

  http://curl.haxx.se/bug/view.cgi?id=2956698
2010-03-02 13:41:18 +00:00
Daniel Stenberg
13ac29382f - Made the pingpong timeout code properly deal with the response timeout AND
the global timeout if set. Also, as was reported in the bug report #2956437
  by Ryan Chan, the time stamp to use as basis for the per command timeout was
  not set properly in the DONE phase for FTP (and not for SMTP) so I fixed
  that just now. This was a regression compared to 7.19.7 due to the
  conversion of FTP code over to the generic pingpong concepts.

  http://curl.haxx.se/bug/view.cgi?id=2956437
2010-03-02 13:26:23 +00:00
Daniel Stenberg
8719398d05 remove assignment never used 2010-03-02 13:05:02 +00:00
Daniel Stenberg
53aa6b21fe - Ben Greear provided an update for TFTP that fixes upload. 2010-03-01 22:14:47 +00:00
Daniel Stenberg
496002ea1c - Wesley Miaw reported bug #2958179 which identified a case of looping during
OpenSSL based SSL handshaking even though the multi interface was used and
  there was no good reason for it.

  http://curl.haxx.se/bug/view.cgi?id=2958179
2010-03-01 21:59:07 +00:00
Daniel Stenberg
03a57308b9 - Pat Ray in bug #2958474 pointed out an off-by-one case when receiving a
chunked-encoding trailer.

  http://curl.haxx.se/bug/view.cgi?id=2958474
2010-02-26 22:55:30 +00:00
Dan Fandrich
507d58435a Fixed a couple of out of memory leaks and a segfault in the IMAP code. 2010-02-26 21:24:44 +00:00
Yang Tse
cef95aadeb Added SIZEOF_INT and SIZEOF_SHORT definitions for non-configure systems 2010-02-26 18:32:46 +00:00
Yang Tse
bcd1c7c2e9 fix compiler warning 2010-02-26 16:42:33 +00:00
Yang Tse
87428e07ca fix compiler warning 2010-02-26 01:47:21 +00:00
Yang Tse
01fb0d8497 fix compiler warning 2010-02-25 08:09:05 +00:00
Dan Fandrich
cce81a7f45 Fixed a couple of out of memory leaks and a segfault in the SMTP code. 2010-02-25 08:07:06 +00:00
Yang Tse
5695c4db86 fix compiler warning 2010-02-24 00:03:06 +00:00
Yang Tse
4186b5b41f fix compiler warning 2010-02-23 16:07:54 +00:00
Yang Tse
5b778a7ca4 fix socket data type and logging format in debug tracking socket functions 2010-02-22 23:28:56 +00:00
Yang Tse
439f62bfa8 convert Curl_ultous() and Curl_ultouc() functions to curlx_ultous() and
curlx_ultouc(), exposing them through curlx.h to allow proper code reuse
later in our test harness.
2010-02-22 18:56:29 +00:00
Patrick Monnerat
e1625ba727 _ Adjusted RFC821 HELO fallback and enabled test804 2010-02-22 13:57:57 +00:00
Patrick Monnerat
338553eda3 - Proper handling of STARTTLS on SMTP, taking CURLUSESSL_TRY into account.
- SMTP falls back to RFC821 HELO when EHLO fails (and SSL is not required).
- Use of true local host name (i.e.: via gethostname()) when available, as default argument to SMTP HELO/EHLO.
- Test case 804 for HELO fallback.
2010-02-22 12:41:02 +00:00
Yang Tse
2abcd132f8 add header inclusion 2010-02-22 03:41:02 +00:00
Yang Tse
dc9f0a9758 fix compiler warning 2010-02-22 02:37:13 +00:00
Yang Tse
10affed097 fix compiler warning 2010-02-21 19:59:09 +00:00
Daniel Stenberg
a4a60afabb - Fixed the SMTP compliance by making sure RCPT TO addresses are specified
properly in angle brackets. Recipients provided with CURLOPT_MAIL_RCPT now
  get angle bracket wrapping automatically by libcurl unless the recipient
  starts with an angle bracket as then the app is assumed to deal with that
  properly on its own.
2010-02-20 22:29:59 +00:00
Daniel Stenberg
a434cb43e8 - I made the SMTP code expect a 250 response back from the server after the
full DATA has been sent, and I modified the test SMTP server to also send
  that response. As usual, the DONE operation that is made after a completed
  transfer is still not doable in a non-blocking way so this waiting for 250
  is unfortunately made blockingly.
2010-02-20 21:56:48 +00:00
Daniel Stenberg
846b926a3f corected a comment and wrapped a few longish lines 2010-02-20 21:41:25 +00:00
Yang Tse
f0d3930346 fix compiler warning 2010-02-20 19:51:02 +00:00
Yang Tse
a6fb6b70c7 fix compiler warning 2010-02-20 11:58:26 +00:00
Yang Tse
2179ef9fa9 fix compiler warning 2010-02-20 01:15:10 +00:00
Yang Tse
048438345a fix compiler warning 2010-02-19 18:02:38 +00:00
Daniel Stenberg
23bab783d4 use curl standard indentation and line lengths 2010-02-17 12:13:55 +00:00
Yang Tse
46b112bcd4 replaced tabs with spaces 2010-02-16 13:32:45 +00:00
Yang Tse
4b43d18c4a fix compiler warning: conversion from "long" to "size_t" may lose sign 2010-02-15 16:18:52 +00:00
Yang Tse
a07bc79117 removed trailing whitespace 2010-02-14 19:40:18 +00:00
Gunter Knauf
68b73bcfba used allways #ifdef / #ifndef;
moved gethostbyname_thread() to #else case to avoid 'not used' compiler warning.
2010-02-13 18:39:47 +00:00
Gunter Knauf
ac04add596 replaced tabs by spaces, removed trailing tabs/spaces. 2010-02-13 18:29:59 +00:00
Daniel Stenberg
975814368a - Jack Zhang reported a problem with SMTP: we wrongly used multiple addresses
in the same RCPT TO line, when they should be sent in separate single
  commands. I updated test case 802 to verify this.

- I also fixed a bad use of my_setopt_str() of CURLOPT_MAIL_RCPT in the curl
  tool which made it try to output it as string for the --libcurl feature
  which could lead to crashes.
2010-02-12 22:23:46 +00:00
Patrick Monnerat
4258e943a1 _ Make it compilable again on OS400.
_ Upgrade OS400 EBCDIC wrappers for new options.
_ Upgrade ILE/RPG bindings to current state.
2010-02-11 18:49:06 +00:00
Daniel Stenberg
06ae8ca5a6 - When downloading compressed content over HTTP and the app as asked libcurl
to automatically uncompress it with the CURLOPT_ENCODING option, libcurl
  could wrongly provide the callback with more data than what the maximum
  documented amount. An application could thus get tricked into badness if the
  maximum limit was trusted to be enforced by libcurl itself (as it is
  documented).

  This is further detailed and explained in the libcurl security advisory
  20100209 at

    http://curl.haxx.se/docs/adv_20100209.html
2010-02-09 09:35:48 +00:00
Daniel Stenberg
d33da42334 set VERSIONINFO accordingly for the 7.20.0 release 2010-02-09 09:35:07 +00:00
Yang Tse
71593dfe57 OOM handling fix 2010-02-06 17:30:06 +00:00
Yang Tse
0f4a91afde OOM handling fix 2010-02-06 13:21:45 +00:00
Yang Tse
12d01bc5f7 - avoid OpenSSL 0.9.8 ENGINE_by_id memory leak
- cleanup parenthesis usage in return statements
2010-02-05 09:33:36 +00:00
Yang Tse
bc7615ae2d - attempt to workaround icc 9.1 optimizer issue 2010-02-05 09:32:11 +00:00
Yang Tse
7aef172a34 fix printf-style format strings 2010-02-04 19:44:31 +00:00
Yang Tse
15efa262bb Fix compiler warning: unused variable 2010-02-04 10:08:39 +00:00
Dan Fandrich
680434f313 Changed the Watcom makefiles to make them easier to keep in sync with
Makefile.inc since that can't be included directly.
2010-02-03 23:07:11 +00:00
Yang Tse
b77d0db59e Fix OOM handling 2010-02-03 13:28:47 +00:00
Yang Tse
381a4d6efe Fix portability issue related with unaligned memory access 2010-02-03 06:49:27 +00:00
Yang Tse
f6d288a397 Fix compiler warnings: conversion from 'const int ' to 'unsigned char ', possible loss of data 2010-02-03 06:44:18 +00:00
Yang Tse
d1717e7c90 Fix compiler warning: conditional expression is constant 2010-02-02 16:25:07 +00:00
Yang Tse
e569ff959f Fix compiler warning: local variable may be used without having been initialized. 2010-02-02 16:23:42 +00:00
Yang Tse
839b61c32a Fix compiler warnings: conversion from 'const int ' to 'unsigned char ', possible loss of data 2010-02-02 16:23:01 +00:00
Yang Tse
46de140aca Fix compiler warning: variable was set but never used
Simplify preprocessor symbol checking
2010-02-02 09:15:52 +00:00
Daniel Stenberg
17a2c32ca9 Julien Chaffraix pointed out a comment mistake, and I re-indented the code
slightly while editing
2010-02-02 08:48:58 +00:00
Yang Tse
35e220606d Conroy's fix to make the code match with the RTP documentation regarding
writing out the whole header. The docs say it writes the whole header,
but the code (before this patch) did not write out the leading $.
2010-02-01 22:13:55 +00:00
Daniel Stenberg
55f1e787f3 We introduce a loop in lib/multi.c around all calls to multi_runsingle() and
simply check for CURLM_CALL_MULTI_PERFORM internally. This has the added
benefit that this goes in line with my long-term wishes to get rid of the
CURLM_CALL_MULTI_PERFORM all together from the public API.
2010-02-01 21:42:44 +00:00
Yang Tse
715e3a806f Make Curl_pop3_write() additionally truncate trailing POP3_EOB from received
string buffer, otherwise Curl_client_write() call with zero size would write
to the end of string buffer including matched POP3_EOB.
2010-01-30 05:22:30 +00:00
Yang Tse
6ebd71d186 WIN32 fix, _beginthreadex() may return either 0 or -1L upon failure 2010-01-29 17:47:54 +00:00
Yang Tse
4ee4e66c4f fix errno usage for WIN32 builds 2010-01-29 16:38:43 +00:00
Yang Tse
fce02e1cab RTSP followup fix. Both the pipelined and non-pipelined case need to
check for (excess > 0 && !k->ignorebody).
2010-01-29 01:16:23 +00:00
Yang Tse
d65cf7889b fix printf-style format strings 2010-01-28 15:34:18 +00:00
Yang Tse
3e21f1e971 fix printf-style format strings 2010-01-28 07:52:12 +00:00
Yang Tse
2f3bce1193 Chris Conroy's RTSP followup fixes 2010-01-28 01:39:16 +00:00
Yang Tse
bbefdf88fd fix compiler warning 2010-01-27 03:43:34 +00:00
Daniel Stenberg
c82a1f95eb - Mike Crowe made libcurl return CURLE_COULDNT_RESOLVE_PROXY when it is the
proxy that cannot be resolved when using c-ares. This matches the behaviour
  when not using c-ares.
2010-01-26 22:59:43 +00:00
Daniel Stenberg
9bc897f380 Andre Guibert de Bruet improved the libssh2 error code translation 2010-01-26 12:25:03 +00:00
Yang Tse
9b0e57b0f7 resolver selection for non-configure Windows builds, default is threaded DNS 2010-01-26 12:13:39 +00:00
Yang Tse
1d86ebfc88 add curl_threads.c to non-configure target build files 2010-01-26 09:20:09 +00:00
Yang Tse
a9b860765d onstantine Sapuntzakis threaded resolver enhancements 2010-01-26 08:43:21 +00:00
Yang Tse
483ff1ca75 Constantine Sapuntzakis threaded resolver enhancements 2010-01-25 23:50:13 +00:00
Yang Tse
c054b8bfa7 Constantine Sapuntzakis provided initial thread abstraction layer 2010-01-25 23:46:27 +00:00
Yang Tse
340ab2f87f make Curl_handler_*_proxy definition static 2010-01-25 23:41:02 +00:00
Yang Tse
4bb80cfd75 fix compiler warning 2010-01-25 04:36:13 +00:00
Daniel Stenberg
de2cc11a73 Julien Chaffraix corrected bad #elif lines to silence warnings 2010-01-24 22:44:10 +00:00
Yang Tse
c656098ee0 HAVE_GETADDRINFO_THREADSAFE definition for non-configure win32 builds 2010-01-24 01:13:47 +00:00
Yang Tse
0abd928d3d add inclusion of curl_memory.h 2010-01-23 17:31:54 +00:00
Yang Tse
597ad5a2ce adjust preprocessor symbol definition check relative to resolver specialty 2010-01-23 13:53:33 +00:00
Dan Fandrich
ec4647c0f9 Include "curl_memory.h" to get the strdup replacement when necessary 2010-01-23 10:04:04 +00:00
Daniel Stenberg
33ce0ec1f1 wrap long lines and do some indent policing 2010-01-22 23:21:39 +00:00
Yang Tse
1435864030 Definitions of resolver specialty compile-time defines CURLRES_* moved
from hostip.h to setup.h in order to allow proper inclusion in any file.

This represents no functional change at all in which resolver is used,
everything still works as usual, internally and externally there is no
difference in behavior.
2010-01-22 20:27:48 +00:00
Yang Tse
6636fbf238 deal with the possibility that CURL_DISABLE_RTSP may already be defined 2010-01-22 15:15:08 +00:00
Yang Tse
c94d44505f fix compiler warning: statement is unreachable 2010-01-22 14:21:28 +00:00
Yang Tse
0032ce762e fix compilation when http is disabled 2010-01-22 14:20:56 +00:00
Yang Tse
bdb338b3c7 disabling of rtsp when http isn't enabled required here for non-configure systems 2010-01-22 14:20:08 +00:00
Daniel Stenberg
099eed7bf1 wrap long lines, remove (very old) attribution from code 2010-01-22 13:52:35 +00:00
Daniel Stenberg
a771fb0d41 alphabetically sort the list of supported protocols 2010-01-22 13:06:50 +00:00
Daniel Stenberg
844c19cc5b s/RTPFUNCTION/INTERLEAVEFUNCTION/
s/RTPDATA/INTERLEAVEDATA/
2010-01-22 12:17:03 +00:00
Yang Tse
bfc4c33985 Constantine Sapuntzakis refactoring of async callbacks, allowing
removal of Curl_addrinfo_copy(), Curl_addrinfo6_callback(), and
Curl_addrinfo4_callback()
2010-01-22 06:36:52 +00:00
Dan Fandrich
5af20c70e4 Added rtsp.c to the non-configure target build files 2010-01-21 22:03:26 +00:00
Yang Tse
bd7430c1ee fix compiler warning 2010-01-21 19:27:32 +00:00
Yang Tse
6e5acc2fc1 make tftp_translate_code() static, it is only used from within tftp.c 2010-01-21 14:44:28 +00:00
Daniel Stenberg
bc4582b68a Chris Conroy brought support for RTSP transfers, and with it comes 8(!) new
libcurl options for controlling what to get and how to receive posssibly
interleaved RTP data. Initial commit.
2010-01-21 13:58:30 +00:00
Daniel Stenberg
877dad1e24 - As was pointed out on the http-state mailing list, the order of cookies in a
HTTP Cookie: header _needs_ to be sorted on the path length in the cases
  where two cookies using the same name are set more than once using
  (overlapping) paths. Realizing this, identically named cookies must be
  sorted correctly. But detecting only identically named cookies and take care
  of them individually is harder than just to blindly and unconditionally sort
  all cookies based on their path lengths. All major browsers also already do
  this, so this makes our behavior one step closer to them in the cookie area.

  Test case 8 was the only one that broke due to this change and I updated it
  accordingly.
2010-01-19 23:19:59 +00:00
Daniel Stenberg
a5ca3f1754 - David McCreedy brought a fix and a new test case (129) to make libcurl work
again when downloading files over FTP using ASCII and it turns out that the
  final size of the file is not the same as the initial size the server
  reported. This is very common since servers don't take the newline
  conversions into account.
2010-01-19 21:39:10 +00:00
Yang Tse
afdc3d81e9 update copyright year notice 2010-01-19 01:30:07 +00:00
Yang Tse
ccfe279117 Constantine Sapuntzakis enhancements to make memory tracking log file writing
of messages atomic, on systems where an fwrite of a memory buffer is atomic.
2010-01-18 20:22:04 +00:00
Yang Tse
b992928f3d Store now this file in CVS with unix line endings.
maketgz already converts this file to DOS style with an awk filter.
2010-01-15 20:23:35 +00:00
Dan Fandrich
a644af129e Added the new protocol source files to the non-autoconf build files 2010-01-15 06:33:46 +00:00
Daniel Stenberg
d17416190b ssh_statemach_act() is now modified to loop over the switch() to perform as
much as possible in one go, as long as it doesn't block and hasn't reached the
end of the state machine.
This avoids spurious -1 returns from curl_multi_fdset() simply because
previously it would return from this function without anything in EWOUDLBLOCK
and thus basically it wasn't actually waiting for anything!!
2010-01-11 23:10:53 +00:00
Daniel Stenberg
2158e234aa After the TCP connect is confirmed in CURLM_STATE_WAITCONNECT and it changes
state, we return CURLM_CALL_MULTI_PERFORM unconditionally then so that we
can act faster like in the case the protocol-specific connect doesn't block
on anything and we can just persue on the next action immediately. It also
then avoids a case where curl_multi_fdset() would return -1.
2010-01-11 23:05:35 +00:00
Daniel Stenberg
377b2db05b - Made sure that the progress callback is repeatedly called at a regular
interval even during very slow connects.
2010-01-11 21:38:13 +00:00
Daniel Stenberg
b90703f594 struct Curl_sh_entry's 'inuse' member was no longer used and is now removed 2010-01-09 00:03:33 +00:00
Daniel Stenberg
552c3de357 - Johan van Selst found and fixed a OpenSSL session ref count leak:
ossl_connect_step3() increments an SSL session handle reference counter on
  each call. When sessions are re-used this reference counter may be
  incremented many times, but it will be decremented only once when done (by
  Curl_ossl_session_free()); and the internal OpenSSL data will not be freed
  if this reference count remains positive. When a session is re-used the
  reference counter should be corrected by explicitly calling
  SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid
  introducing a memory leak.

  (http://curl.haxx.se/bug/view.cgi?id=2926284)
2010-01-08 23:45:23 +00:00
Daniel Stenberg
8524c04ca9 removed a parameter from the Curl_http_readwrite_headers() prototype to remove
the need for the struct forward declaration from http.h which caused problems
with gcc 2.96 and quite frankly the parameter wasn't necessary anyway
2010-01-07 22:48:28 +00:00
Daniel Stenberg
d37a9c4f87 removed Curl_http_header_append() prototype as it isn't used anymore, the
function was moved to http.c and was made static and renamed
2010-01-07 14:02:05 +00:00
Daniel Stenberg
88944eb13a - Make sure the progress callback is called repeatedly even during very slow
name resolves when c-ares is used for resolving.
2010-01-06 23:04:17 +00:00
Claes Jakobsson
9bd03483ce Julien Chaffraix fixed so that the fragment part in an URL is not sent to the server anymore 2010-01-06 16:01:48 +00:00
Kamil Dudka
fd903eb6be - Julien Chaffraix eliminated a duplicated initialization in singlesocket(). 2010-01-03 13:46:37 +00:00
Daniel Stenberg
a62f32d3c2 update copyright year since we are in 2010 now 2010-01-01 14:52:50 +00:00
Daniel Stenberg
605bbfc4c0 - Ingmar Runge enhanced libcurl's FTP engine to support the PRET command. This
command is a special "hack" used by the drftpd server, but even though it is
  a custom extension I've deemed it fine to add to libcurl since this server
  seems to survive and people keep using it and want libcurl to support
  it. The new libcurl option is named CURLOPT_FTP_USE_PRET, and it is also
  usable from the curl tool with --ftp-pret. Using this option on a server
  that doesn't support this command will make libcurl fail.
2010-01-01 14:44:44 +00:00
Daniel Stenberg
3f3f6be825 turned CURLOPT_MAIL_RCPT into a curl_slist list instead to support multiple
receivers, and made the command line tool thus support the option specified
many times
2009-12-31 21:52:01 +00:00
Daniel Stenberg
6c6dc3f879 modified to get the EHLO domain from the path part of the URL instead of the
user name
2009-12-30 22:50:42 +00:00
Daniel Stenberg
a1311e5a24 moved the SMTP payload escape function into Curl_smtp_escape_eob and put
it in smtp.c
2009-12-30 22:09:43 +00:00
Daniel Stenberg
5e6ffe353a (SMTP) support DATA better in the server and make sure to "escape" CRLF.CRLF
sequences in uploaded data. The test server doesn't "decode" escaped dot-lines
but instead test cases must be written to take them into account. Added test
case 803 to verify dot-escaping.
2009-12-30 21:52:27 +00:00
Yang Tse
d7cd761047 Oops, should have removed 'not' in previous commit. 2009-12-30 19:43:12 +00:00
Yang Tse
3184a91ec8 VMS specific preprocessor symbol checking adjustments 2009-12-30 17:59:56 +00:00
Yang Tse
a487c80535 Replaced stricmp() usage with our portable strequal() 2009-12-30 15:47:23 +00:00
Daniel Stenberg
1e9a946e6d move HTTP-specific functions to http.c where they belong 2009-12-29 21:45:02 +00:00
Daniel Stenberg
a218235964 first shot at actually doing the SMTP upload as well, not doing the proper
end-of-body treatment
2009-12-25 22:50:11 +00:00
Daniel Stenberg
d911e22d8f remove some unused code 2009-12-20 22:11:16 +00:00
Daniel Stenberg
6add5baa3a free the allocated mailbox name at disconnect 2009-12-20 11:10:08 +00:00
Daniel Stenberg
240fa29e94 fixed a precaution check in the cookie code, pointed out by Julien Chaffraix 2009-12-19 19:20:26 +00:00
Yang Tse
4d0b0cae9e Fix compilation failure 2009-12-17 20:01:24 +00:00
Daniel Stenberg
a75d9d9169 uh, assign the bool it points to properly 2009-12-17 16:07:02 +00:00
Daniel Stenberg
54c60d0067 Stop overloading the conn->protocol field with the PROT_MISSING bit. It
really didn't belong there and had no real point.
2009-12-17 16:03:39 +00:00
Daniel Stenberg
91d05903b4 Remove pointless storing of the protocol as a string within the connectdata
struct, and instead use the already stored string in the handler struct.
2009-12-17 15:45:04 +00:00
Daniel Stenberg
10a11e3abe - David Byron fixed Curl_ossl_cleanup to actually call ENGINE_cleanup when
available.
2009-12-17 13:29:41 +00:00
Daniel Stenberg
7603a29fc3 Follow-up fix for the proxy fix I did for Jon Nelson's bug. It turned out I
was a bit too quick and broke test case 1101 with that change. The order of
some of the setups is sensitive. I now changed it slightly again.
2009-12-16 23:11:47 +00:00
Daniel Stenberg
3111701c38 - Jon Nelson found a regression that turned out to be a flaw in how libcurl
detects and uses proxies based on the environment variables. If the proxy
  was given as an explicit option it worked, but due to the setup order
  mistake proxies would not be used fine for a few protocols when picked up
  from '[protocol]_proxy'. Obviously this broke after 7.19.4. I now also added
  test case 1106 that verifies this functionality.

  (http://curl.haxx.se/bug/view.cgi?id=2913886)
2009-12-14 23:16:09 +00:00
Yang Tse
2c9644b812 Fix compiler warning 2009-12-14 16:05:57 +00:00
Yang Tse
b0f548fb56 Fix compiler warnings 2009-12-14 14:02:43 +00:00
Daniel Stenberg
83a6b34803 split out more protocol-specific structs from urldata.h into their own
protocol-specific header files
2009-12-12 22:17:51 +00:00
Daniel Stenberg
ec3bb8f727 introducing IMAP, POP3 and SMTP support (still lots of polish left to do) 2009-12-12 21:54:01 +00:00
Yang Tse
463d2d395c Prevent rewinding unless pipelining.
See http://curl.haxx.se/mail/lib-2009-12/0107.html
2009-12-11 18:41:29 +00:00
Yang Tse
2fc1752d6e Removed function prototype without implementation 2009-12-11 02:14:11 +00:00
Daniel Stenberg
315253b367 - Constantine Sapuntzakis figured out a case which would lead to libcurl
accessing alredy freed memory and thus crash when using HTTPS (with
  OpenSSL), multi interface and the CURLOPT_DEBUGFUNCTION and a certain order
  of cleaning things up. I fixed it.

  (http://curl.haxx.se/bug/view.cgi?id=2891591)
2009-12-10 20:20:15 +00:00
Daniel Stenberg
3b1de97eaa minor indent change 2009-12-10 20:19:56 +00:00
Daniel Stenberg
ebe5339003 - Martin Storsjo made libcurl use the Expect: 100-continue header for posts
with unknown size. Previously it was only used for posts with a known size
  larger than 1024 bytes.
2009-12-07 20:25:17 +00:00
Kamil Dudka
fb2425b147 lib/nss.c: avoid use of uninitialized value 2009-12-02 17:24:38 +00:00
Daniel Stenberg
f0826974f2 - If the Expect: 100-continue header has been set by the application through
curl_easy_setopt with CURLOPT_HTTPHEADER, the library should set
  data->state.expect100header accordingly - the current code (in 7.19.7 at
  least) doesn't handle this properly. Martin Storsjo provided the fix!
2009-12-01 12:04:54 +00:00
Yang Tse
230dc699e2 s/socklen_t/curl_socklen_t/g 2009-11-28 04:34:46 +00:00
Yang Tse
3f6854272f Fix compiler warning: unused variable `data' 2009-11-28 03:00:32 +00:00
Daniel Stenberg
6e38cc9048 - Markus Koetter provided a polished and updated version of Chad Monroe's TFTP
rework patch that now integrates TFTP properly into libcurl so that it can
  be used non-blocking with the multi interface and more. BLKSIZE also works.

  The --tftp-blksize option was added to allow setting the TFTP BLKSIZE from
  the command line.
2009-11-27 23:46:29 +00:00
Daniel Stenberg
c7d2e4c1e1 - Extended and fixed the change I did on Dec 11 for the the progress
meter/callback during FTP command/response sequences. It turned out it was
   really lame before and now the progress meter SHOULD get called at least
   once per second.
2009-11-26 19:07:54 +00:00
Daniel Stenberg
88fe6557e9 refreshed 2009-11-24 07:40:43 +00:00
Daniel Stenberg
504e6d7ae6 - Constantine Sapuntzakis identified a write after close, as the sockets were
closed by libcurl before the SSL lib were shutdown and they may write to its
  socket. Detected to at least happen with OpenSSL builds.
2009-11-20 19:32:49 +00:00
Daniel Stenberg
a41493b3b0 - Jad Chamcham pointed out a bug with connection re-use. If a connection had
CURLOPT_HTTPPROXYTUNNEL enabled over a proxy, a subsequent request using the
  same proxy with the tunnel option disabled would still wrongly re-use that
  previous connection and the outcome would only be badness.
2009-11-20 13:27:21 +00:00
Yang Tse
5129442ee7 Explicit initialization of all FTP struct members in ftp_init() 2009-11-19 17:21:56 +00:00
Yang Tse
e8fd5d8062 Fix compiler warning: ISO C90 forbids mixed declarations and code 2009-11-18 11:53:31 +00:00
Yang Tse
2f6dcaa644 Make memory tracking system intolerant with zero sized malloc(),
calloc() and realloc() function calls.
2009-11-18 11:21:58 +00:00
Yang Tse
59939313f8 Make usage of calloc()'s arguments consistent with rest of code base 2009-11-18 10:33:54 +00:00
Daniel Stenberg
b32d1a9a1d - Constantine Sapuntzakis provided another fix for the DNS cache that could
end up with entries that wouldn't time-out:

  1. Set up a first web server that redirects (307) to a http://server:port
     that's down
  2. Have curl connect to the first web server using curl multi

  After the curl_easy_cleanup call, there will be curl dns entries hanging
  around with in_use != 0.

  (http://curl.haxx.se/bug/view.cgi?id=2891591)
2009-11-17 22:53:55 +00:00
Yang Tse
3b8d7fddf7 Client certificate ENG file type requires OpenSSL 0.9.7 or newer 2009-11-15 12:58:50 +00:00
Yang Tse
581ce03345 Remove enable-thread / disable-thread configure option. These were only placebo
options. The library is always built as thread safe as possible on every system.
2009-11-15 02:45:23 +00:00
Yang Tse
1cbc93fb54 Refactor how preprocessor symbol _THREAD_SAFE definition is done. 2009-11-14 18:51:37 +00:00
Yang Tse
a8ddd6ce31 OpenSSL 0.9.7 or newer required for ENGINE_CTRL_GET_CMD_FROM_NAME definition 2009-11-14 11:33:49 +00:00
Daniel Stenberg
9c49e51f7e - Camille Moncelier added support for the file type SSL_FILETYPE_ENGINE for
the client certificate. It also disable the key name test as some engines
  can select a private key/cert automatically (When there is only one key
  and/or certificate on the hardware device used by the engine)
2009-11-14 07:53:34 +00:00
Yang Tse
90bc6ee8f3 - Constantine Sapuntzakis provided the fix that ensures that an SSL connection
won't be reused unless protection level for peer and host verification match.
2009-11-14 02:30:30 +00:00
Yang Tse
05a4abea04 Constantine Sapuntzakis patch for hostip.c
No need for a separate variable ndns.

The memory leak detection will detect code that fails to release a dns reference.

The DEBUGASSERT will detect code that releases too many references.
2009-11-12 19:28:43 +00:00
Yang Tse
011a2818db Add missing variable initialization 2009-11-12 14:36:34 +00:00
Kamil Dudka
571309dc3e - libcurl-NSS now tries to reconnect with TLS disabled in case it detects
a broken TLS server. However it does not happen if SSL version is selected
  manually. The approach was originally taken from PSM. Kaspar Brand helped me
  to complete the patch. Original bug reports:
  https://bugzilla.redhat.com/525496
  https://bugzilla.redhat.com/527771
2009-11-12 11:16:31 +00:00
Kamil Dudka
d547d00f2c - Kevin Baughman provided a fix preventing libcurl-NSS from crash on doubly
closed NSPR descriptor. The issue was hard to find, reported several times
  before and always closed unresolved. More info at the RH bug:
  https://bugzilla.redhat.com/534176
2009-11-12 10:54:10 +00:00