19f66c7575
Thanks for the notification iDEFENCE. We are the "initial vendor" and we sure
...
got no notification, no mail, no nothing.
You didn't even bother to mail us when you went public with this. Cool.
NTLM buffer overflow fix, as reported here:
http://www.securityfocus.com/archive/1/391042
2005-02-22 07:44:14 +00:00
5ba188ab2d
Ralph Mitchell reported a flaw when you used a proxy with auth, and you
...
requested data from a host and then followed a redirect to another
host. libcurl then didn't use the proxy-auth properly in the second request,
due to the host-only check for original host name wrongly being extended to
the proxy auth as well. Added test case 233 to verify the flaw and that the
fix removed the problem.
2005-02-18 23:53:07 +00:00
176981b529
close the socket properly when returning error due to failing localbind
...
Bug report #1124588 by David
2005-02-17 14:45:03 +00:00
ac022b2e30
Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth"
...
that picks NTLM. Thanks to David Byron letting me test NTLM against his
servers, I could quickly repeat and fix the problem. It turned out to be:
When libcurl POSTs without knowing/using an authentication and it gets back a
list of types from which it picks NTLM, it needs to either continue sending
its data if it keeps the connection alive, or not send the data but close the
connection. Then do the first step in the NTLM auth. libcurl didn't send the
data nor close the connection but simply read the response-body and then sent
the first negotiation step. Which then failed miserably of course. The fixed
version forces a connection if there is more than 2000 bytes left to send.
2005-02-16 14:31:23 +00:00
0a3065a2f2
Rename Curl_pretransfersec() to *_second_connect() since it does not just
...
do pretransfer stuff like Curl_pretransfer().
2005-02-14 09:30:40 +00:00
b98faaa8c0
Fixed bad krb4 code. It always tried to use krb4 if built enabled.
2005-02-11 22:50:57 +00:00
e7cefd684b
Removed all uses of strftime() since it uses the localised version of the
...
week day names and month names and servers don't like that.
2005-02-11 00:03:49 +00:00
17d61e4f29
typecast assign to ftpport from int to prevent warnings
2005-02-10 07:45:26 +00:00
446b9467da
init fix for non-SSL builds
2005-02-10 07:45:08 +00:00
8c83422fe2
David Byron identified the lack of SSL_pending() use, and this is my take
...
at fixing this issue.
2005-02-09 23:09:12 +00:00
61a1e3cd01
better error checking and SSL init by David Byron
2005-02-09 23:04:51 +00:00
89cac6f25c
prevent a compiler warning
2005-02-09 22:47:57 +00:00
32d76a5b57
Set 'bits.close' in case of malloc fail.
...
Don't free 'lud_dn' twice in case curl_unescape()
fails.
2005-02-09 14:28:35 +00:00
f5394cccb1
Use CURL_SOCKET_BAD.
2005-02-09 14:01:15 +00:00
64dd9c7656
Handle CURLE_LOGIN_DENIED in strerror.c.
...
For ftp only?
2005-02-09 13:59:40 +00:00
16ae0c6466
FD_SET can be big macro, use braces
2005-02-09 13:47:35 +00:00
6a2e21ec8c
FTP code turned into state machine. Not completely yet, but a good start.
...
The tag 'before_ftp_statemachine' was set just before this commit in case
of future need.
2005-02-09 13:06:40 +00:00
120f17ce04
Replace LF with CRLF. Ref RFC-2229, sec 2.3:
...
"Each command line must be terminated by a CRLF".
2005-02-09 11:50:41 +00:00
41def21f91
ares_gethostbyname wants a 'ares_host_callback' in the 4th argument
2005-02-08 19:03:27 +00:00
d118312922
Curl_addrinfo?_callback() and addrinfo_callback() now returns
...
CURLE_OK or CURLE_OUT_OF_MEMORY.
Add typecast in hostares.c.
2005-02-08 12:36:13 +00:00
82b93e4945
Don't free too much in freedirs() if realloc() fails.
2005-02-08 12:32:28 +00:00
e36fb1ecda
Curl_wait_for_resolv() no longer disconnects on failure, but leaves that
...
operation to the caller. Disconnecting has the disadvantage that the conn
pointer gets completely invalidated and this is not handled on lots of places
in the code.
2005-02-08 07:36:57 +00:00
e4a1788614
Fix for a bug report that compressed files that are exactly 64 KiB long
...
produce a zlib error.
2005-02-07 19:12:37 +00:00
7b23eff9cf
Preserve previous status in Curl_http_done().
2005-02-06 12:43:40 +00:00
29350b363b
Eric Vergnaud found a use of an uninitialized variable
2005-02-04 23:43:44 +00:00
83c470a443
David Byron pointed out that this -1 on the buffer size is pointless since
...
the buffer is already BUFSIZE +1 one big to fit the extra trailing zero. This
change is reported to fix David's weird SSL problem...
2005-02-04 13:42:41 +00:00
686d767053
if the DO operation returns failure, bail out and close down nicely to
...
prevent memory leakage
2005-01-30 22:54:06 +00:00
e6034ea299
Use calloc() to save us the memset() call and terminate conn->host.name
...
properly, to avoid reading uninited variables when using file:// (valgrind)
2005-01-30 12:42:15 +00:00
9a820d7a98
include "url.h" for the Curl_safefree() proto
2005-01-29 22:38:45 +00:00
8dbaf534c8
Using the multi interface, and doing a requsted a re-used connection that
...
gets closed just after the request has been sent failed and did not re-issue
a request on a fresh reconnect like the easy interface did. Now it does!
(define CURL_MULTIEASY, run test case 160)
2005-01-29 22:31:06 +00:00
91f483c591
Define CURL_MULTIEASY when building this, to use my new curl_easy_perform()
...
that uses the multi interface to run the request. It is a great testbed for
the multi interface and I believe we shall do it this way for real in the
future when we have a successor to curl_multi_fdset().
2005-01-29 22:26:38 +00:00
c4ff5eb0ca
conn->ip_addr MUST NOT be used on re-used connections
2005-01-29 13:07:16 +00:00
59b45a90cc
multi interface: when a request is denied due to "Maximum redirects followed"
...
libcurl leaked the last Location: URL.
2005-01-29 12:01:20 +00:00
f661475962
Connect failures with the multi interface was often returned as "connect()
...
timed out" even though the reason was different. Fixed this problem by not
setting this timeout to zero when using multi.
2005-01-28 23:21:24 +00:00
4551e7ce49
KNOWN_BUGS #17 fixed. A DNS cache entry may not remain locked between two
...
curl_easy_perform() invokes. It was previously unlocked at disconnect, which
could mean that it remained locked between multiple transfers. The DNS cache
may not live as long as the connection cache does, as they are separate.
To deal with the lack of DNS (host address) data availability in re-used
connections, libcurl now keeps a copy of the IP adress as a string, to be able
to show it even on subsequent requests on the same connection.
2005-01-28 22:14:48 +00:00
064bc3ecbc
Stephen More pointed out that CURLOPT_FTPPORT and the -P option didn't work
...
when built ipv6-enabled. I've now made a fix for it. Writing test cases for
custom port strings turned too tricky so unfortunately there's none.
2005-01-28 08:26:36 +00:00
177dbc7be0
Ian Ford asked about support for the FTP command ACCT, and I discovered it is
...
present in RFC959... so now (lib)curl supports it as well. --ftp-account and
CURLOPT_FTP_ACCOUNT set the account string. (The server may ask for an account
string after PASS have been sent away. The client responds with "ACCT [account
string]".) Added test case 228 and 229 to verify the functionality. Updated
the test FTP server to support ACCT somewhat.
2005-01-25 22:13:12 +00:00
043d70fcdf
Use plain structs and not typedef'ed ones in the hash and linked-list code.
2005-01-25 00:06:29 +00:00
7e42cb61f7
FTP third transfer support overhaul. See CHANGES for details.
2005-01-21 09:32:32 +00:00
3050ae57c0
Stephan Bergmann made libcurl return CURLE_URL_MALFORMAT if an FTP URL
...
contains %0a or %0d in the user, password or CWD parts. (A future fix would
include doing it for %00 as well - see KNOWN_BUGS for details.) Test case 225
and 226 were added to verify this
2005-01-19 21:56:02 +00:00
06ad5be3af
Don't copy 'stderr' for Win-CE in IPv6 code. Don't call
...
GetCurrentProcess() twice; use a local variable.
2005-01-19 10:20:55 +00:00
a0c8b9bc68
Stephan Bergmann pointed out two flaws in libcurl built with HTTP disabled:
...
1) the proxy environment variables are still read and used to set HTTP proxy
2) you couldn't disable http proxy with CURLOPT_PROXY (since the option was
disabled)
2005-01-19 09:36:44 +00:00
b1080f7c9a
Cody Jones' enhanced version of Samuel Daz Garca's MSVC makefile patch.
2005-01-18 10:17:34 +00:00
e0bea7d541
Alex aka WindEagle pointed out that when doing "curl -v dictionary.com", curl
...
assumed this used the DICT protocol. While guessing protocols will remain
fuzzy, I've now made sure that the host names must start with "[protocol]."
for them to be a valid guessable name. I also removed "https" as a prefix that
indicates HTTPS, since we hardly ever see any host names using that.
2005-01-16 08:51:52 +00:00
f5b8a26d9a
errrno can by freak accident become EINTR on DOS or
...
Windows (unrelated to select). select() can never set errno
to EINTR on Windows.
2005-01-15 09:26:07 +00:00
4d1f3d3cd0
Added README.hostip
2005-01-14 13:43:29 +00:00
0e26355348
Inspired by Martijn Koster's patch and example source at
...
http://www.greenhills.co.uk/mak/gentoo/curl-eintr-bug.c , I now made the
select() and poll() calls properly loop if they return -1 and errno is
EINTR. glibc docs for this is found here:
http://www.gnu.org/software/libc/manual/html_node/Interrupted-Primitives.html
This last link says BSD doesn't have this "effect". Will there be a problem
if we do this unconditionally?
S: ----------------------------------------------------------------------
2005-01-13 21:51:48 +00:00
7c1bba315b
Added '-bd' option; target is a DLL.
...
Added dependencies.
2005-01-12 15:32:26 +00:00
c5b2e85b47
Dan Torop cleaned up a few no longer used variables from David Phillips'
...
select() overhaul fix.
2005-01-11 20:22:44 +00:00
e3fa7d021e
Renamed easy.h and multi.h to easyif.h and multiif.h to make sure they don't
...
shadow our public headers with the former names.
2005-01-11 15:25:29 +00:00
a1813e2b2d
".\lib\easy.h" shadows for <curl/easy.h> in Watcom.
...
Force including ../include/curl/easy.h.
2005-01-11 14:59:24 +00:00
bb9e5565f2
".\lib\multi.h" shadows for <curl/multi.h> in Watcom.
...
Force including ../include/curl/multi.h.
2005-01-11 14:32:09 +00:00
29102befa6
Cyrill Osterwalder posted a detailed analysis about a bug that occurs when
...
using a custom Host: header and curl fails to send a request on a re-used
persistent connection and thus creates a new connection and resends it. It
then sent two Host: headers. Cyrill's analysis was posted here:
http://curl.haxx.se/mail/archive-2005-01/0022.html
2005-01-11 14:00:45 +00:00
9d1145598a
Bruce Mitchener identified (bug report #1099640 ) the never-ending SOCKS5
...
problem with the version byte and the check for bad versions. Bruce has lots
of clues on this, and based on his suggestion I've now removed the check of
that byte since it seems to be able to contain 1 or 5.
2005-01-10 23:32:14 +00:00
065e466f1a
Use Curl_easy_addmulti() to clear associations from easy handles to multi
...
handles. Include multi.h to get proto.
2005-01-10 11:42:20 +00:00
21bb852750
Pavel Orehov reported memory problems with the multi interface in bug report
...
#1098843 . In short, a shared DNS cache was setup for a multi handle and when
the shared cache was deleted before the individual easy handles, the latter
cleanups caused read/writes to already freed memory.
2005-01-10 10:07:07 +00:00
83bab78bda
Hzhijun reported a memory leak in the SSL certificate code, that leaked the
...
remote certificate name when it didn't match the used host name.
2005-01-10 09:48:39 +00:00
9fd33c0b96
New file.
2005-01-08 16:06:37 +00:00
3c09f2d2bd
Added Makefile.Watcom to EXTRA_DIST.
2005-01-08 16:03:45 +00:00
316e74be74
Removed _WIN32_WINNT to support IPv6 under Win-2K.
2005-01-04 16:00:14 +00:00
ad9648a215
reverted the bad naming of the implib names
2005-01-02 21:15:29 +00:00
1576f3319e
Alex Neblett's minor update
2005-01-02 19:19:32 +00:00
67abd4cd47
Rune Kleveland fixed a minor memory leak for received cookies with the (rare)
...
version attribute set.
2004-12-22 22:33:31 +00:00
58f4af7973
Marcin Konicki provided two configure fixes and a source fix to make curl
...
build out-of-the-box on BeOS.
2004-12-22 22:28:10 +00:00
99befd3a15
C ensures that static variables are initialized to 0
2004-12-22 20:12:15 +00:00
444f6427b8
oops, variables first then code
2004-12-21 14:33:37 +00:00
a173e07eec
Prevent failf() from using the va_list variable more than once.
...
See bug report #1088962 and Single Unix Specification:
http://www.opengroup.org/onlinepubs/007908799/xsh/vfprintf.html
2004-12-21 14:22:10 +00:00
f4c5314890
include sys/types.h before sys/select.h
2004-12-21 10:11:07 +00:00
80d301257c
Make some more arrays of pointers const.
2004-12-20 18:23:43 +00:00
13ee90bbd4
OpenSSL updates; get CA_BUNDLE from env. Assume no
...
Kerberos, have <pkcs12.h>, <engine.h> and built-in engines.
2004-12-19 11:52:31 +00:00
754d6c3abd
Remove 'data' initialiser.
2004-12-19 11:39:34 +00:00
3d647b9a98
if the pkcs12.h header exists, include it already in urldata.h to work around
...
a precedence problem with the zlib header. See CHANGES for details.
2004-12-19 09:37:32 +00:00
8ad47a13e5
Samuel Listopad added support for PKCS12 formatted certificates.
2004-12-18 10:42:48 +00:00
a07dcfd850
Renamed a variable to avoid conflict with a C++ reserved word.
2004-12-17 20:18:53 +00:00
321511a5be
Watcom has strtoll().
2004-12-17 19:57:50 +00:00
c5297b9fd9
Watcom uses 'i64' suffix.
2004-12-17 18:33:09 +00:00
7e00076586
<windows.h> required for Watcom.
2004-12-17 18:32:41 +00:00
41e776f9db
Fix calling convention of wlap32.dll function. Watcom
...
uses fastcall by default, so force cdecl.
2004-12-17 17:54:21 +00:00
5c2d4a6bdd
Watcom has 'struct timeval'.
2004-12-17 17:49:10 +00:00
5e2e87cc8d
getdate.c is gone.
2004-12-17 12:28:04 +00:00
b1bdba7db5
Print true netrc name (.netrc/_netrc).
2004-12-17 12:26:18 +00:00
e3d342df96
avoid an extra malloc
2004-12-17 10:09:32 +00:00
ccf65be0a4
fixed minor memory leak when running out of memory
2004-12-17 09:00:19 +00:00
7dfef13224
oops, add missing return keyword
2004-12-17 08:58:48 +00:00
6e1e9caa32
Based on Gisle Vanem's patch: make sure the directory re-use works even when
...
a URL-encoded path is used.
2004-12-16 22:20:33 +00:00
f71725de6e
Must include <io.h> and <sys/stat.h> before redefining
...
stat(), fstat() and lseek().
2004-12-16 21:27:29 +00:00
26fe6da93b
Renamed a struct member to avoid conflict with a C++ reserved word.
2004-12-16 21:27:23 +00:00
8d4ac69175
reduced the number of sub-blocks
2004-12-16 18:18:23 +00:00
4f5a6a33b4
moved the lseek() and stat() magic defines to setup.h and now take advantage
...
of struct_stat in formdata.c as well, to support formpost uploads of large
files on Windows too
2004-12-16 18:09:27 +00:00
494c40fd98
NULL the fp pointer after it has been fclosed()
2004-12-16 13:55:19 +00:00
d3b414724b
Dinar in bug report #1086121 , found a file handle leak when a multipart
...
formpost (including a file upload part) was aborted before the whole file was
sent.
2004-12-16 09:52:36 +00:00
95b84adb9b
precaution to prevent double typedefs of the bool
2004-12-15 14:05:07 +00:00
a28b32aa45
Make some arrays of pointers const, too.
2004-12-15 02:32:04 +00:00
1ba47e7af9
Add 'const' to immutable arrays.
2004-12-15 01:38:25 +00:00
553082e24a
prevent compiler warning when built without engine support
2004-12-14 22:06:25 +00:00
0d0d5e7ee3
Harshal Pradhan fixed changing username/password on a persitent HTTP
...
connection.
2004-12-14 21:22:51 +00:00
f23d923fd3
Only declare static variables if they're needed. Fixed some compile warnings.
2004-12-14 20:44:36 +00:00
10d6d8b2ae
Header files are in openssl/ only if USE_OPENSSL is set.
2004-12-14 20:25:23 +00:00
358e08b95d
Removed fputc() prototype since it's already in stdio.h
2004-12-14 20:17:58 +00:00
7d3f5d7ac1
urldata.h: Removed engine_list.
...
ssluse.*: Added SSL_strerror(). Curl_SSL_engines_list() now returns a slist
which must be freed by caller.
2004-12-14 14:20:21 +00:00
Daniel Stenberg