1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-18 07:25:14 -05:00
Commit Graph

7044 Commits

Author SHA1 Message Date
Daniel Stenberg
5aa290f0f2 Curl_ssl_push_certinfo_len: don't %.*s non-zero-terminated string
Our own printf() replacement clearly can't properly handle %.*s with a
string that isn't zero terminated. Instead of fixing the printf code or
even figuring out what the proper posix behavior is, I reverted this
piece of the code back to the previous version where it does malloc +
memcpy instead.

Regression added in e839446c2a, released in curl 7.32.0.

Reported-by: Felix Yan
Bug: http://curl.haxx.se/bug/view.cgi?id=1295
2013-11-05 09:59:19 +01:00
Steve Holme
7fc3b2ce38 connect.h: Updated copyright year for last edit 2013-11-05 07:15:01 +00:00
Björn Stenberg
02fbc26d59 connect: Add connection delay to Happy Eyeballs.
This patch adds a 200ms delay between the first and second address
family socket connection attempts.

It also iterates over IP addresses in the order returned by the
system, meaning most dual-stack systems will try IPv6 first.

Additionally, it refactors the connect code, removing most code that
handled synchronous connects. Since all sockets are now non-blocking,
the logic can be made simpler.
2013-11-04 22:38:19 +01:00
Steve Holme
0074c9f5d1 winbind: Fixed ntlm_auth expecting eol following commit e17c1b25bc 2013-11-04 20:12:22 +00:00
Steve Holme
90acbfd52e nss.c: Fixed compilation warnings (Take Two)
nss.c:702: warning: pointer targets in passing argument 3 of
'Curl_extract_certinfo' differ in signedness

nss.c:702: warning: pointer targets in passing argument 4 of
'Curl_extract_certinfo' differ in signedness

Made sure the cast was correctly "unsigned char *" to "char *" and not
"unsigned char *" to "unsigned char *".
2013-11-04 14:17:11 +00:00
Steve Holme
989b28fe97 nss.c: Fixed compilation warnings
nss.c:700: warning: pointer targets in passing argument 3 of
'Curl_extract_certinfo' differ in signedness

nss.c:700: warning: pointer targets in passing argument 4 of
'Curl_extract_certinfo' differ in signedness
2013-11-04 00:38:58 +00:00
Steve Holme
f77d9b6584 connect.c: Code policing on commit 5094bb53f4
No need for a rhs condition on a bitwise compare.
2013-11-03 19:53:58 +00:00
Steve Holme
2736b27df7 nss.c: Fixed compilation warnings
warning: implicit declaration of function 'Curl_extract_certinfo'
2013-11-03 16:36:51 +00:00
Steve Holme
297644fa70 x509asn1.c: Fixed compilation warnings
warning: declaration of 'chsize' shadows a global declaration
2013-11-03 16:24:17 +00:00
Steve Holme
5b315a273e base64: Fixed compilation warnings when using Curl_base64_decode()
curl_sasl.c:294: warning: dereferencing type-punned pointer will break
strict-aliasing rules

getpart.c:201: warning: dereferencing type-punned pointer will break
strict-aliasing rules
2013-11-03 12:25:07 +00:00
Steve Holme
5094bb53f4 connect: Fixed "Whut?" no server connection failures
Introduced in commit 7d7df83198 curl would loop displaying "Whut?"
if it was trying to connect to an address and port that didn't have
anything listening on it.
2013-11-03 11:27:12 +00:00
Steve Holme
052f24c9b7 http: Post base64 decoding tidy up
Renamed copy_header_value() to Curl_copy_header_value() as this
function is now non static.

Simplified proxy flag in Curl_http_input_auth() when calling
sub-functions.

Removed unnecessary white space removal when using negotiate as it had
been missed in commit cdccb42267.
2013-11-03 10:17:26 +00:00
Steve Holme
3b59696a93 http: Added proxy tunnel authentication message header value extraction
...following recent changes to Curl_base64_decode() rather than trying
to parse a header line for the authentication mechanisms which is CRLF
terminated and inline zero terminate it.
2013-11-02 11:18:39 +00:00
Steve Holme
cdccb42267 http: Added authentication message header value extraction
...following recent changes to Curl_base64_decode() rather than trying
to parse a header line for the authentication mechanisms which is CRLF
terminated and inline zero terminate it.
2013-10-31 19:15:33 +00:00
Daniel Stenberg
753d44fa00 curl_multi_wait: accept 0 from multi_timeout() as valid timeout
The code rejected 0 as a valid timeout while in fact the function could
indeed legitimately return that and it should be respected.

Reported-by: Bjorn Stenberg
2013-10-30 23:48:08 +01:00
Steve Holme
cfdfdcdd9d email: Corrected a couple of typos from commit aa0eaef483 2013-10-30 21:25:15 +00:00
Steve Holme
43400b4086 email: Post graceful SASL authentication cancellation tidy up 2013-10-30 20:58:24 +00:00
Patrick Monnerat
f6c335d63f NSS: support for CERTINFO feature 2013-10-30 11:12:06 +01:00
Daniel Stenberg
2bd72fa61c base64: removed trailing white space
and updated copyright year
2013-10-30 09:11:10 +01:00
Steve Holme
e17c1b25bc base64: Added basic validation to base64 input string when decoding
A base64 string should be a multiple of 4 characters in length, not
contain any more than 2 padding characters and only contain padding
characters at the end of string. For example: Y3VybA==

Strings such as the following are considered invalid:

Y=   - Invalid length
Y==  - Invalid length
Y=== - More than two padding characters
Y=x= - Padding character contained within string
2013-10-30 07:31:22 +00:00
Björn Stenberg
255826c40f bugfix: Don't block waiting for socket1 connect.
This patch fixes a bug in Happy Eyeballs where curl would wait for a
connect response from socket1 before checking socket2.

Also, it updates error messages for failed connections, showing the ip
addresses that failed rather than just the host name repeatedly.

Bug: http://curl.haxx.se/mail/lib-2013-10/0236.html
Reported-by: Paul Marks
2013-10-29 22:52:07 +01:00
Steve Holme
1d0eead969 sasl: Updated create_digest_md5_message() to use a dynamic buffer 2013-10-28 23:48:53 +00:00
Patrick Monnerat
5d415815df OS400: coding style standards 2013-10-28 12:00:22 +01:00
Steve Holme
f68559c086 email: Added support for cancelling NTLM authentication 2013-10-27 22:25:18 +00:00
Steve Holme
08f97f3b1d sasl: Removed unused variables from commit b87ba2c942 2013-10-27 17:04:56 +00:00
Steve Holme
b87ba2c942 email: Added support for cancelling DIGEST-MD5 authentication 2013-10-27 16:27:38 +00:00
Steve Holme
e7a2ba41e3 email: Corrected a couple of typos from 1e39b95682 2013-10-27 16:24:03 +00:00
Steve Holme
1e39b95682 email: Added support for canceling CRAM-MD5 authentication 2013-10-27 12:42:30 +00:00
Björn Stenberg
8230af0b94 Typo fix in trynextip(). 2013-10-27 12:49:12 +01:00
Björn Stenberg
7d7df83198 Add "Happy Eyeballs" for IPv4/IPv6.
This patch invokes two socket connect()s nearly simultaneously, and
the socket that is first connected "wins" and is subsequently used for
the connection. The other is terminated.

There is a very slight IPv4 preference, in that if both sockets connect
simultaneously IPv4 is checked first and thus will win.
2013-10-27 11:19:53 +01:00
Steve Holme
7de4cc35f8 email: Added initial support for cancelling authentication
Should a client application fail to decode an authentication message
received from a server, or not support any of the parameters given by
the server in the message, then the authentication phrase should be
cancelled gracefully by the client rather than simply terminating the
connection.

The authentication phrase should be cancelled by simply sending a '*'
to the server, in response to erroneous data being received, as per
RFC-3501, RFC-4954 and RFC-5034.

This patch adds the necessary state machine constants and appropriate
response handlers in order to add this functionality for the CRAM-MD5,
DIGEST-MD5 and NTLM authentication mechanisms.
2013-10-27 09:17:03 +00:00
Steve Holme
aa0eaef483 email: Moved authentication message parsing into a separate function
...in preparation for upcoming modifications.
2013-10-27 09:04:59 +00:00
Steve Holme
9f503a254b ftp: Fixed compiler warning
warning: 'result' may be used uninitialized in this function
2013-10-27 00:00:01 +01:00
Daniel Stenberg
d44b014271 FTP: make the data connection work when going through proxy
This is a regression since the switch to always-multi internally
c43127414d.

Test 1316 was modified since we now clearly call the Curl_client_write()
function when doing the LIST transfer part and then the
handler->protocol says FTP and ftpc.transfertype is 'A' which implies
text converting even though that the response is initially a HTTP
CONNECT response in this case.
2013-10-26 23:33:06 +02:00
Steve Holme
0adad07690 email: Added references to SASL LOGIN authentication draft proposal 2013-10-26 14:35:27 +01:00
Steve Holme
2766262a68 smtp: Fixed response code parsing for bad AUTH continuation responses
This workaround had been previously been implemented for IMAP and POP3
but not SMTP. Some of the recent test case additions implemented this
behaviour to emulate a bad server and the SMTP code didn't cope with it.
2013-10-26 11:09:31 +01:00
Steve Holme
bdb1f0e53d gskit.c: Code policing following commit 2cc9246477
Corrected 80 character line length error and pointer declarations (some
of which were previously incorrect)
2013-10-26 00:57:45 +01:00
Patrick Monnerat
2cc9246477 OS400: sync RPG wrapper, zlib support, fix header file names, ...
IFS compilation support, SSL GSKit backend by default, TLSv1.[12] support in
  GSKit for OS400 >= V7R1, no more tabs in make scripts.
2013-10-25 18:37:37 +02:00
Steve Holme
650036633f sasl: Fixed memory leak in OAUTH2 message creation 2013-10-24 00:16:59 +01:00
Daniel Stenberg
9bd37a6d27 sasl: fix compiler warning
error: unused variable 'table16'
2013-10-23 22:28:13 +02:00
Steve Holme
1be69159f3 tests: Added POP3 DIGEST-MD5 authentication test 2013-10-23 18:30:00 +01:00
Kamil Dudka
f70b2c77f4 ssh: initialize per-handle data in ssh_connect()
... if not already initialized.  This fixes a regression introduced by
commit 4ad8e142da, which caused test619
to intermittently fail on certain machines (namely Fedora build hosts).
2013-10-21 19:00:06 +02:00
Steve Holme
ce61510127 email: Fixed QUIT / LOGOUT being sent when SSL connect fails 2013-10-18 19:28:20 +01:00
Kamil Dudka
86c64f3daf curl_sasl: initialize NSS before using crypto 2013-10-18 15:37:18 +02:00
Steve Holme
65e556d0ce SSL: Follow up work to commits 6a1363128f and 87861c9b0e
Changed the failure code when TLS v1.1 and v1.2 is requested but not
supported by older OpenSSL versions, following review from libcurl
peers, and reduced the number of required preprocessor if statements.
2013-10-17 19:57:26 +01:00
Steve Holme
6a1363128f SSL: Added unsupported cipher version check for OpenSSL
...with the use of CURL_SSLVERSION_TLSv1_1 and CURL_SSLVERSION_TLSv1_2
being conditional on OpenSSL v1.0.1 as the appropriate flags are not
supported under earlier versions.
2013-10-16 20:48:24 +01:00
Steve Holme
e7452415c5 SSL: Corrected typo from commit 87861c9b0e 2013-10-16 00:57:01 +01:00
Steve Holme
87861c9b0e SSL: Fixed OpenSSL builds prior to v1.0.1
Commit ad34a2d5c8 relies on definitions that are only present in
OpenSSL v1.0.1 and up. This quick fix allows the builds that use
older versions of OpenSSL to continue building.
2013-10-16 00:49:23 +01:00
Paul Donohue
f63603dec4 NSS: acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option 2013-10-15 21:50:22 +02:00
Tyler Hall
0218a737fe ssh: Handle successful SSH_USERAUTH_NONE
According to the documentation for libssh2_userauth_list(), a NULL
return value is not necessarily an error. You must call
libssh2_userauth_authenticated() to determine if the SSH_USERAUTH_NONE
request was successful.

This fixes a segv when using sftp on a server that allows logins with an
empty password. When NULL was interpreted as an error, it would
free the session but not flag an error since the libssh2 errno would be
clear. This resulted in dereferencing a NULL session pointer.

Signed-off-by: Tyler Hall <tylerwhall@gmail.com>
2013-10-15 20:53:09 +02:00