1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 00:28:48 -05:00
Commit Graph

7106 Commits

Author SHA1 Message Date
Steve Holme
c93bd31336 pop3: Moved the calculation of SASL login details into a separate function 2013-12-18 12:43:57 +00:00
Steve Holme
933e6c9d16 imap: Moved the calculation of SASL login details into a separate function 2013-12-18 12:43:28 +00:00
Steve Holme
da24fbbc00 smtp: Moved the sending of the AUTH command into a separate function 2013-12-18 00:11:25 +00:00
Steve Holme
367648d24a pop3: Moved the sending of the AUTH command into a separate function 2013-12-18 00:11:13 +00:00
Steve Holme
bd3a59ad41 imap: Moved the sending of the AUTHENICATE command into a separate function 2013-12-18 00:10:39 +00:00
Steve Holme
c0245cc591 email: Renamed *_perform_authenticate() functions
In preparation for the upcoming SASL downgrade feature renamed the
imap__perform_authenticate(), pop3__perform_authenticate() and
smtp__perform_authenticate() functions.
2013-12-17 23:08:32 +00:00
Daniel Stenberg
1dc43de0dc gtls: respect *VERIFYHOST independently of *VERIFYPEER
Security flaw CVE-2013-6422

This is conceptually the same problem and fix that 3c3622b6 brought to the
OpenSSL backend and that resulted in CVE-2013-4545.

This version of the problem was independently introduced to the GnuTLS
backend with commit 59cf93cc, present in the code since the libcurl
7.21.4 release.

Advisory: http://curl.haxx.se/docs/adv_20131217.html
Bug: http://curl.haxx.se/mail/lib-2013-11/0214.html
Reported-by: Marc Deslauriers
2013-12-16 22:47:31 +01:00
Daniel Stenberg
be28223f35 multi: add timer inaccuracy margin to timeout/connecttimeout
Since all systems have inaccuracy in the timeout handling it is
imperative that we add an inaccuracy margin to the general timeout and
connecttimeout handling with the multi interface. This way, when the
timeout fires we should be fairly sure that it has passed the timeout
value and will be suitably detected.

For cases where the timeout fire before the actual timeout, we would
otherwise consume the timeout action and still not run the timeout code
since the condition wasn't met.

Reported-by: He Qin
Bug: http://curl.haxx.se/bug/view.cgi?id=1298
2013-12-15 22:53:41 +01:00
Daniel Stenberg
169fedbdce login options: remove the ;[options] support from CURLOPT_USERPWD
To avoid the regression when users pass in passwords containing semi-
colons, we now drop the ability to set the login options with the same
options. Support for login options in CURLOPT_USERPWD was added in
7.31.0.

Test case 83 was modified to verify that colons and semi-colons can be
used as part of the password when using -u (CURLOPT_USERPWD).

Bug: http://curl.haxx.se/bug/view.cgi?id=1311
Reported-by: Petr Bahula
Assisted-by: Steve Holme
Signed-off-by: Daniel Stenberg <daniel@haxx.se>
2013-12-14 22:40:37 +01:00
Steve Holme
32b9c30e67 imap: Fixed exclude of clear text when using auth=* in commit 75cd7fd667
It is not 100% clear whether * should include clear text LOGIN or not
from RFC-5092, however, including it is then consistent with current
POP3 behaviour where clear text, APOP or SASL may be chosen.
2013-12-14 12:24:17 +00:00
Steve Holme
75cd7fd667 imap: Fixed incorrect fallback to clear text authentication
If a specific SASL authentication mechanism was requested by the user
as part of the login options but wasn't supported by the server then
curl would fallback to clear text, when it shouldn't, rather than
reporting "No known authentication mechanisms supported" as the POP3
and SMTP protocols do.
2013-12-13 23:15:43 +00:00
Eric Lubin
7246dffff5 parsedate: avoid integer overflow
In C, signed integer overflow is undefined behavior. Thus, the compiler
is allowed to assume that it will not occur. In the check for an
overflow, the developer assumes that the signed integer of type time_t
will wrap around if it overflows. However, this behavior is undefined in
the C standard. Thus, when the compiler sees this, it simplifies t +
delta < t to delta < 0. Since delta > 0 and delta < 0 can't both be
true, the entire if statement is optimized out under certain
optimization levels. Thus, the parsedate function would return
PARSEDATE_OK with an undefined value in the time, instead of return -1 =
PARSEDATE_FAIL.
2013-12-11 16:32:21 +01:00
James Dury
c4f46e97ca TFTP: let tftp_multi_statemach()'s return codes through
It would otherwise always clobber the return code with new function
calls and it couldn't return timeout etc.

Bug: http://curl.haxx.se/bug/view.cgi?id=1310
2013-12-07 15:53:08 +01:00
Melissa Mears
bd3ca6630a darwinssl: Fix #if 10.6.0 for SecKeychainSearch
The comment here says that SecKeychainSearch causes a deprecation
warning when used with a minimum Mac OS X SDK version of 10.7.0, which
is correct.  However, the #if guard did not match.  It was intended to
only use the code if 10.6.0 support was enabled, but it had 10.7.0
instead.  This caused a warning if the minimum was exactly 10.7.0.
2013-12-07 00:10:04 -06:00
Daniel Stenberg
ef118c13ba digest: fix CURLAUTH_DIGEST_IE
The URI that is passed in as part of the Authorization: header needs to
be cut off at '?' if CURLAUTH_DIGEST_IE is set. Previously the code only
did when calculating the MD5sum.

Bug: http://curl.haxx.se/bug/view.cgi?id=1308
Patched-by: Sergey Tatarincev
2013-12-04 23:08:17 +01:00
Daniel Stenberg
1cf71bd76e Curl_is_connected: use proxy name in error message when proxy is used
(bug introduced in 255826c4, never present in a release)

Reported-by: Dima Tisnek
Bug: http://curl.haxx.se/mail/lib-2013-12/0006.html
2013-12-04 22:51:37 +01:00
Steve Holme
2c0ecac9d3 imap/pop3: Post graceful cancellation consistency changes 2013-12-04 20:19:36 +00:00
Melissa Mears
b0b5b51193 pop3: Fix POP3_TYPE_ANY signed compilation warning
POP3_TYPE_ANY, or ~0, is written to pop3c->preftype in lib/pop3c.c, an
unsigned int variable.  The result of ~0 is -1, which caused a warning
due to writing a negative number to an unsigned variable.  To fix this,
make the expression ~0U so that its value is considered the unsigned
number UINT_MAX which is what SASL_AUTH_ANY does in curl_sasl.h.
2013-12-04 20:18:44 +00:00
Kamil Dudka
e221b55f67 nss: make sure that 'sslver' is always initialized 2013-12-02 16:09:12 +01:00
Kamil Dudka
865666afca nss: unconditionally require NSS_InitContext()
... since we depend on NSS 3.14+ because of SSL_VersionRangeSet() anyway
2013-12-02 15:00:13 +01:00
Kamil Dudka
7fc9325a52 nss: allow to use TLS > 1.0 if built against recent NSS
Bug: http://curl.haxx.se/mail/lib-2013-11/0162.html
2013-12-02 15:00:13 +01:00
Kamil Dudka
4fb8241add nss: put SSL version selection into separate fnc 2013-12-02 15:00:13 +01:00
Kamil Dudka
30e7e7552b nss: use a better API for controlling SSL version
This change introduces a dependency on NSS 3.14+.
2013-12-02 15:00:13 +01:00
Steve Holme
d92de3a7e9 multi.c: Fixed compilation warning
warning: declaration of 'pipe' shadows a global declaration
2013-12-01 20:22:57 +00:00
Steve Holme
ad3836448e base64: Corrected typo from commit f3ee587775 2013-12-01 16:43:57 +00:00
Steve Holme
f3ee587775 base64: Post extended extended validation tidy up
Reduced the separate processing of the last quantum to be performed in
the main decoding loop and renamed some variables for consistency.
2013-12-01 13:59:47 +00:00
Steve Holme
c92c30edbd base64: Extended validation to look for invalid characters
Extended the basic validation in commit e17c1b25bc to return a
failure when invalid base64 characters are included.
2013-12-01 11:12:23 +00:00
Steve Holme
4d10f48629 base64: Post basic validation tidy up
Due to the length checks introduced in commit e17c1b25bc there is no
need to allow for extra space in the output buffer for a non-padded last
quantum.
2013-11-30 19:14:29 +00:00
Steve Holme
dc68120e63 curl_easy_getinfo: Post CURLINFO_TLS_SESSION tidy up
1) Renamed curl_tlsinfo to curl_tlssessioninfo as discussed on the
mailing list.
2) Renamed curl_ssl_backend to curl_sslbackend so it doesn't follow our
function naming convention.
3) Updated sessioninfo.c example accordingly.
2013-11-30 11:08:56 +00:00
Steve Holme
26ff1ea6c3 multi.c: Fixed compilation error introduced in commit a900d45489
Systems that define SIGPIPE_VARIABLE as a noop would not compile as
restore_pipe was defined afterwards.
2013-11-27 23:45:45 +00:00
Christian Grothoff
59f1209fad curl_easy_getopt: Handle API violation gracefully
This fixes a NULL dereference in the case where the client asks for
CURLINFO_TLS_SESSION data after the (TLS) session has already been
destroyed (i.e. curl_easy_perform has already completed for this
handle). Instead of crashing, we now return a CURLSSLBACKEND_NONE
error.
2013-11-27 23:35:34 +00:00
Jeff King
a900d45489 curl_multi_cleanup: ignore SIGPIPE
This is an extension to the fix in 7d80ed64e4. We may
call Curl_disconnect() while cleaning up the multi handle,
which could lead to openssl sending packets, which could get
a SIGPIPE.

Signed-off-by: Jeff King <peff@peff.net>
2013-11-27 22:47:12 +01:00
Jeff King
e64f91feb7 sigpipe: factor out sigpipe_reset from easy.c
Commit 7d80ed64e4 introduced some helpers to handle
sigpipe in easy.c. However, that fix was incomplete, and we
need to add more callers in other files. The first step is
making the helpers globally accessible.

Since the functions are small and should generally end up
inlined anyway, we simply define them in the header as
static functions.

Signed-off-by: Jeff King <peff@peff.net>
2013-11-27 22:46:55 +01:00
Björn Stenberg
b2a55c8106 connect: Try next ip directly after immediate connect fail
This fixes a rare Happy Eyeballs bug where if the first IP family runs
out of addresses before the second-family-timer fires, and the second
IP family's first connect fails immediately, no further IPs of the
second family are attempted.
2013-11-27 22:26:43 +01:00
Daniel Stenberg
030a2b8cb8 hostip: don't prune DNS cache entries that are in use
When adding entries to the DNS cache with CURLOPT_RESOLVE, they are
marked 'inuse' forever to prevent them from ever being removed in normal
operations. Still, the code that pruned out-of-date DNS entries didn't
care for the 'inuse' struct field and pruned it anyway!

Reported-by: Romulo A. Ceccon
Bug: http://curl.haxx.se/bug/view.cgi?id=1303
2013-11-25 00:10:23 +01:00
Steve Holme
5ee64be9c6 smtp: Post SMTP command expansion tidy up
Removed unnecessary SMTP_STOP state changes on failure.

Removed hard return on failure in smtp_state_data_resp().
2013-11-23 09:35:44 +00:00
Christian Grothoff
2c04e8d80c curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
Added new API for returning a SSL backend type and pointer, in order to
allow access to the TLS internals, that may then be used to obtain X509
certificate information for example.
2013-11-21 20:40:04 +00:00
Steve Holme
8191800a0c smtp: Fixed space being sent in non --mail-rcpt based requests
Commands such as NOOP, RSET and HELP would be sent with a space at the
end of the command, for example: "NOOP ".
2013-11-17 16:39:02 +00:00
Steve Holme
3c8c9b2779 smtp: Changed the default command to HELP when no options are specified
Otherwise a NOOP operation would be performed which a) only returns a
single line response and not a multiline response where -I needs to be
used, and b) provides an inconsistent user experience compared to that
of the POP3 and IMAP protocols.
2013-11-17 10:09:07 +00:00
Steve Holme
b27dc009cf smtp:Fixed memory leak from commit dac01ff6d7
The buffer allocated by smtp_parse_custom_request() was not freed.
2013-11-17 09:00:21 +00:00
Steve Holme
2c7a5578e1 connect: Close open but unconnected socket in singleipconnect()
singleipconnect() could return the file descriptor of an open socket
even though the function returned a CURLE_COULDNT_CONNECT error code
from commit ed1662c374 and 02fbc26d59.

This could cause tests 19, 704 and 1233 to fail on FreeBSD, AIX and
Solaris.
2013-11-17 00:27:18 +00:00
Steve Holme
eedca5055e smtp: Fixed broken RCPT TO from commit 0ea4a80bb2 2013-11-15 22:20:56 +00:00
Daniel Stenberg
5d040632ac smtp_state_mail_resp: removed unused variable 'smtp' 2013-11-15 22:43:34 +01:00
Steve Holme
0ea4a80bb2 smtp: Simplified the next RCPT TO logic 2013-11-15 21:05:45 +00:00
Steve Holme
168aa59705 smtp.c: Fixed trailing whitespace 2013-11-15 20:43:04 +00:00
Steve Holme
f71b1ad908 smtp: Added support for VRFY and EXPN commands 2013-11-15 18:25:29 +00:00
Steve Holme
dac01ff6d7 smtp: Added support for NOOP and RSET commands 2013-11-15 16:14:01 +00:00
Steve Holme
4a9fe26837 smtp: Fixed handling of multiline server greeting responses
Incorrectly processed multiline server greeting responses as "wanted"
continue responses in smtp_endofresp(), from commit f16c0de4e9,
which in turn broke the SMTP server detection in the test suite,
because the EHLO command would not be sent.
2013-11-15 12:50:37 +00:00
Steve Holme
90ec8763a5 smtp.c: Fixed compilation error from commit f16c0de4e9
warning: unused variable 'smtpc'
2013-11-15 12:14:09 +00:00
Steve Holme
796333bc5e smtp: Fixed processing of more than one response when sent in same packet
Added a loop to smtp_statemach_act() in which Curl_pp_readresp() is
called until the cache is drained. Without this multiple responses
received in a single packet could result in a hang or delay.
2013-11-15 10:54:23 +00:00