1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 16:18:48 -05:00
Commit Graph

2583 Commits

Author SHA1 Message Date
Daniel Stenberg
de8947f92f security.h is removed 2005-03-14 07:46:42 +00:00
Daniel Stenberg
34865ffb4a include security.h with lowercase s to work on cross-compiled mingw 2005-03-14 00:01:30 +00:00
Daniel Stenberg
62970da675 Removed security.h since it shadows an include file mingw needs when building
for SSPI support. The contents of the file has been moved into the krb4.h file.
2005-03-14 00:00:45 +00:00
Gisle Vanem
88a4dc2795 Swap <security.h> and <sspi.h> (needed for MingW). 2005-03-12 17:31:15 +00:00
Daniel Stenberg
84bc23b92f curl_version_info() returns the feature bit CURL_VERSION_SSPI 2005-03-11 15:10:36 +00:00
Dan Fandrich
fb9ae9d0e2 Fixed some compiler warnings. 2005-03-11 05:49:04 +00:00
Dan Fandrich
205f8b266c Fixed LDAP library file name bug (KNOWN_BUGS #1). configure now auto-detects
the correct dynamic library names by default, and provides override switches
--with-ldap-lib, --with-lber-lib and --without-lber-lib.  Added
CURL_DISABLE_LDAP to platform-specific config files to disable LDAP
support on those platforms that probably don't have dynamic OpenLDAP
libraries available to avoid compile errors.
2005-03-11 05:28:07 +00:00
Daniel Stenberg
d1d35ba85f Christopher R. Palmer made it possible to build libcurl with the
USE_WINDOWS_SSPI on Windows, and then libcurl will be built to use the native
way to do NTLM. SSPI also allows libcurl to pass on the current user and its
password in the request.
2005-03-10 23:15:29 +00:00
Daniel Stenberg
0472629222 As reported by 'nodak sodak' we should check for a NULL pointer before
referencing the proxy name pointer.
2005-03-09 22:13:52 +00:00
Daniel Stenberg
b7ffc6bb45 remove old printf() debug leftover 2005-03-08 22:21:59 +00:00
Daniel Stenberg
8a96aec567 mktime() returns a time_t. time_t is often 32 bits, even on many architectures
that feature 64 bit 'long'.

Some systems have 64 bit time_t and deal with years beyond 2038. However, even
some of the systems with 64 bit time_t returns -1 for dates beyond 03:14:07
UTC, January 19, 2038. (Such as AIX 5100-06)
2005-03-08 16:31:56 +00:00
Daniel Stenberg
702664e959 Dominick Meglio reported that using CURLOPT_FILETIME when transferring a FTP
file got a Last-Modified: header written to the data stream, corrupting the
actual data. This was because some conditions from the previous FTP code was
not properly brought into the new FTP code. I fixed and I added test case 520
to verify. (This bug was introduced in 7.13.1)
2005-03-08 08:09:14 +00:00
Daniel Stenberg
aa47ac4c06 Added test case 235 that makes a resumed upload of a file that isn't present
on the remote side. This then converts the operation to an ordinary STOR
upload. This was requested/pointed out by Ignacio Vazquez-Abrams.

It also proved (and I fixed) a bug in the newly rewritten ftp code (and
present in the 7.13.1 release) when trying to resume an upload and the servers
returns an error to the SIZE command. libcurl then loops and sends SIZE
commands infinitely.
2005-03-04 23:52:06 +00:00
Dan Fandrich
b01151e81c Reduced the length of data read from the random entropy file. 2005-03-04 22:36:56 +00:00
Dan Fandrich
67bd6f9ccd Don't try to read the whole of the random file because when /dev/urandom is
used, it slows initialization too much reading an infinitely long file!
2005-03-04 20:10:29 +00:00
Daniel Stenberg
6f752c64bc Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate
the cookie "engine" without having to provide an empty or non-existing file.
2005-03-04 00:26:50 +00:00
Daniel Stenberg
ccb7950c4c killed trailing whitespace 2005-03-04 00:24:52 +00:00
Daniel Stenberg
750e771376 killed trailing whitespace 2005-03-04 00:14:45 +00:00
Dan Fandrich
0ddab51ad8 Fix for a base64 decode heap buffer overflow vulnerability. 2005-02-28 23:54:17 +00:00
Dan Fandrich
9798432f56 Fixed some compiler warnings. Fixed a low incidence memory leak in the test server. 2005-02-24 18:54:23 +00:00
Daniel Stenberg
f8b4ba80e0 krb4 fixed 2005-02-22 12:20:30 +00:00
Daniel Stenberg
527f70e540 Curl_base64_decode() now returns an allocated buffer 2005-02-22 12:10:30 +00:00
Daniel Stenberg
19f66c7575 Thanks for the notification iDEFENCE. We are the "initial vendor" and we sure
got no notification, no mail, no nothing.

You didn't even bother to mail us when you went public with this. Cool.

NTLM buffer overflow fix, as reported here:

http://www.securityfocus.com/archive/1/391042
2005-02-22 07:44:14 +00:00
Daniel Stenberg
5ba188ab2d Ralph Mitchell reported a flaw when you used a proxy with auth, and you
requested data from a host and then followed a redirect to another
host. libcurl then didn't use the proxy-auth properly in the second request,
due to the host-only check for original host name wrongly being extended to
the proxy auth as well. Added test case 233 to verify the flaw and that the
fix removed the problem.
2005-02-18 23:53:07 +00:00
Daniel Stenberg
176981b529 close the socket properly when returning error due to failing localbind
Bug report #1124588 by David
2005-02-17 14:45:03 +00:00
Daniel Stenberg
ac022b2e30 Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth"
that picks NTLM. Thanks to David Byron letting me test NTLM against his
servers, I could quickly repeat and fix the problem. It turned out to be:

When libcurl POSTs without knowing/using an authentication and it gets back a
list of types from which it picks NTLM, it needs to either continue sending
its data if it keeps the connection alive, or not send the data but close the
connection. Then do the first step in the NTLM auth. libcurl didn't send the
data nor close the connection but simply read the response-body and then sent
the first negotiation step. Which then failed miserably of course. The fixed
version forces a connection if there is more than 2000 bytes left to send.
2005-02-16 14:31:23 +00:00
Daniel Stenberg
0a3065a2f2 Rename Curl_pretransfersec() to *_second_connect() since it does not just
do pretransfer stuff like Curl_pretransfer().
2005-02-14 09:30:40 +00:00
Daniel Stenberg
b98faaa8c0 Fixed bad krb4 code. It always tried to use krb4 if built enabled. 2005-02-11 22:50:57 +00:00
Daniel Stenberg
e7cefd684b Removed all uses of strftime() since it uses the localised version of the
week day names and month names and servers don't like that.
2005-02-11 00:03:49 +00:00
Daniel Stenberg
17d61e4f29 typecast assign to ftpport from int to prevent warnings 2005-02-10 07:45:26 +00:00
Daniel Stenberg
446b9467da init fix for non-SSL builds 2005-02-10 07:45:08 +00:00
Daniel Stenberg
8c83422fe2 David Byron identified the lack of SSL_pending() use, and this is my take
at fixing this issue.
2005-02-09 23:09:12 +00:00
Daniel Stenberg
61a1e3cd01 better error checking and SSL init by David Byron 2005-02-09 23:04:51 +00:00
Daniel Stenberg
89cac6f25c prevent a compiler warning 2005-02-09 22:47:57 +00:00
Gisle Vanem
32d76a5b57 Set 'bits.close' in case of malloc fail.
Don't free 'lud_dn' twice in case curl_unescape()
fails.
2005-02-09 14:28:35 +00:00
Gisle Vanem
f5394cccb1 Use CURL_SOCKET_BAD. 2005-02-09 14:01:15 +00:00
Gisle Vanem
64dd9c7656 Handle CURLE_LOGIN_DENIED in strerror.c.
For ftp only?
2005-02-09 13:59:40 +00:00
Daniel Stenberg
16ae0c6466 FD_SET can be big macro, use braces 2005-02-09 13:47:35 +00:00
Daniel Stenberg
6a2e21ec8c FTP code turned into state machine. Not completely yet, but a good start.
The tag 'before_ftp_statemachine' was set just before this commit in case
of future need.
2005-02-09 13:06:40 +00:00
Gisle Vanem
120f17ce04 Replace LF with CRLF. Ref RFC-2229, sec 2.3:
"Each command line must be terminated by a CRLF".
2005-02-09 11:50:41 +00:00
Daniel Stenberg
41def21f91 ares_gethostbyname wants a 'ares_host_callback' in the 4th argument 2005-02-08 19:03:27 +00:00
Gisle Vanem
d118312922 Curl_addrinfo?_callback() and addrinfo_callback() now returns
CURLE_OK or CURLE_OUT_OF_MEMORY.
Add typecast in hostares.c.
2005-02-08 12:36:13 +00:00
Gisle Vanem
82b93e4945 Don't free too much in freedirs() if realloc() fails. 2005-02-08 12:32:28 +00:00
Daniel Stenberg
e36fb1ecda Curl_wait_for_resolv() no longer disconnects on failure, but leaves that
operation to the caller. Disconnecting has the disadvantage that the conn
pointer gets completely invalidated and this is not handled on lots of places
in the code.
2005-02-08 07:36:57 +00:00
Dan Fandrich
e4a1788614 Fix for a bug report that compressed files that are exactly 64 KiB long
produce a zlib error.
2005-02-07 19:12:37 +00:00
Gisle Vanem
7b23eff9cf Preserve previous status in Curl_http_done(). 2005-02-06 12:43:40 +00:00
Daniel Stenberg
29350b363b Eric Vergnaud found a use of an uninitialized variable 2005-02-04 23:43:44 +00:00
Daniel Stenberg
83c470a443 David Byron pointed out that this -1 on the buffer size is pointless since
the buffer is already BUFSIZE +1 one big to fit the extra trailing zero. This
change is reported to fix David's weird SSL problem...
2005-02-04 13:42:41 +00:00
Daniel Stenberg
686d767053 if the DO operation returns failure, bail out and close down nicely to
prevent memory leakage
2005-01-30 22:54:06 +00:00
Daniel Stenberg
e6034ea299 Use calloc() to save us the memset() call and terminate conn->host.name
properly, to avoid reading uninited variables when using file:// (valgrind)
2005-01-30 12:42:15 +00:00