aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-04-03checksrc: allow ignore of specific warnings within a file (section)Daniel Stenberg
2016-04-03checksrc: add warning names, explain on help outputDaniel Stenberg
2016-04-03checksrc.bat: Disable tests by default until warnings are fixedSteve Holme
2016-04-03checksrc.bat: Added support for the tests directorySteve Holme
2016-04-03vauth: Removed the need for a separate GSS-API based SPN functionSteve Holme
2016-04-03curl_sasl: Fixed potential null pointer utilisationSteve Holme
Although this should never happen due to the relationship between the 'mech' and 'resp' variables, and the way they are allocated together, it does cause problems for code analysis tools: V595 The 'mech' pointer was utilized before it was verified against nullptr. Check lines: 376, 381. curl_sasl.c 376 Bug: https://github.com/curl/curl/issues/745 Reported-by: Alexis La Goutte
2016-04-03spnego: Small code tidy upSteve Holme
* Prefer dereference of string pointer rather than strlen() * Free challenge pointer in one place * Additional comments
2016-04-03krb5: Small code tidy upSteve Holme
* Prefer dereference of string pointer rather than strlen() * Free challenge pointer in one place * Additional comments
2016-04-03krb5_gssapi: Only process challenge when presentSteve Holme
This wouldn't cause a problem because of the way the function is called, but prior to this change, we were processing the challenge message when the credentials were NULL rather than when the challenge message was populated. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
2016-04-03krb5: Fixed missing client response when mutual authentication enabledSteve Holme
Although mutual authentication is currently turned off and can only be enabled by changing libcurl source code, authentication using Kerberos 5 has been broken since commit 79543caf90 in this use case.
2016-04-03krb5_sspi: Only process challenge when presentSteve Holme
This wouldn't cause a problem because of the way the function is called, but prior to this change, we were processing the challenge message when the credentials were NULL rather than when the challenge message was populated. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
2016-04-03krb5_sspi: Only generate the output token when its not allocatedSteve Holme
Prior to this change, we were generating the output token when the credentials were NULL rather than when the output token was NULL. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
2016-04-03krb5: Only generate a SPN when its not knownSteve Holme
Prior to this change, we were generating the SPN in the SSPI code when the credentials were NULL and in the GSS-API code when the context was empty. It is better to decouple the SPN generation from these checks and only generate it when the SPN itself is NULL. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
2016-04-03tests/libtest: follow our code style guidelines betterDaniel Stenberg
... checksrc of all test code is pending.
2016-04-03checksrc.whitelist: remove fopen() usesDaniel Stenberg
2016-04-03formdata: use appropriate fopen() macrosDaniel Stenberg
2016-04-03checksrc: improve the fopen() parser somewhatDaniel Stenberg
The quote scanner was too fragile, now look for a comma instead to find the mode argument.
2016-04-03unit1604: fix snprintfDaniel Stenberg
follow-up to 0326b06 sizeof(pointer) is no good for the buffer size! Reported-by: Viktor Szakats
2016-04-03unittests: Fixed compilation warningsSteve Holme
warning: implicit declaration of function 'sprintf_was_used' [-Wimplicit-function-declaration] Follow up to the modications made to tests/libtest in commit 55452ebdff as we prefer not to use sprintf() now.
2016-04-02curl.1: -w filename_effective was introduced in 7.26.0Daniel Stenberg
We never made a 7.25.1 release
2016-04-027.49.0: next release versionDaniel Stenberg
2016-04-02http2: make use of the nghttp2 error callbackDaniel Stenberg
It offers extra info from nghttp2 in certain error cases. Like for example when trying prior-knowledge http2 on a server that doesn't speak http2 at all. The error message is passed on as a verbose message to libcurl. Discussed in #722 The error callback was added in nghttp2 1.9.0
2016-04-02spnego: Renamed the context's SPN variableSteve Holme
To be consistent with the Kerberos 5 context and other authentication code.
2016-04-02krb5_gssapi: Renamed the status variablesSteve Holme
For consistency with the spnego code.
2016-04-02krb5: Moved host from Curl_auth_create_gssapi_user_message() to be argumentSteve Holme
For consistency with the spnego and oauth2 code moved the setting of the host name outside of the Curl_auth_create_gssapi_user_messag() function. This will allow us to more easily override it in the future.
2016-04-02test1119: Fixed missing CURL_DID_MEMORY_FUNC_TYPEDEFS symbolSteve Holme
2016-04-01RELEASE-NOTES: Removed "http_negotiate: Corrected host and proxy host name"Steve Holme
As this was introduced in the recent vauth changes and not a prior release.
2016-04-01RELEASE-NOTES: synced with 0aa8da10bbdafaDaniel Stenberg
2016-04-01http_negotiate: Corrected host and proxy host name being wrong way roundSteve Holme
I had accidentally used the proxy server name for the host and the host server name for the proxy in commit ad5e9bfd5d and 6d6f9ca1d9. Whilst Windows SSPI was quite happy with this, GSS-API wasn't. Thanks-to: Michael Osipov
2016-04-01build: Changed the Visual Studio projects warning level from 3 to 4Steve Holme
After squashing most of our compiler warnings, up'ed the default warning level from 3 to 4 in order to increase the likelyhood of catching future warnings.
2016-04-01IMAP: check pointer before dereferencing itehlertjd@gmail.com
may be null in the CURLOPT_CONNECT_ONLY case Fixes #747
2016-04-01.gitignore: Added new VC14 SQLite based program database filesSteve Holme
2016-04-01curl_memory.h: Fixed typo in commentSteve Holme
From commit 7218b52c49.
2016-04-01spnego: Corrected some typos in commentsSteve Holme
Corrected typos from commit ad5e9bfd5d and 6d6f9ca1d9.
2016-04-01memdebug: Ensure curl/curl.h is included before curl_memory.hSteve Holme
Follow up to commit 7db9782dd6.
2016-04-01upload: missing rewind call could make libcurl hangDaniel Stenberg
When an upload is done, there are two places where that can be detected and only one of them would rewind the input stream - which sometimes is necessary for example when doing NTLM HTTP POSTs and more. This could then end up libcurl hanging. Figured-out-by: Isaac Boukris Reported-by: Anatol Belski Fixes #741
2016-04-01curl.h: define CURL_DID_MEMORY_FUNC_TYPEDEFSDaniel Stenberg
So that we only do the extra typedefs in curl_memory.h when we really need to and avoid double typedefs. follow-up commit to 7218b52c49aeb1 Thanks-to: Steve Holme
2016-04-01curl/mprintf.h: remove support for _MPRINTF_REPLACEDaniel Stenberg
The define is not in our name space and is therefore not protected by our API promises. It was only really used by libcurl internals but was mostly erased from there already in 8aabbf5 (March 2015). This is supposedly the final death blow to that define from everywhere. As a side-effect, making sure _MPRINTF_REPLACE is gone and not used, I made the lib tests in tests/libtest/ use curl_printf.h for its redefine magic and then subsequently the use of sprintf() got banned in the tests as well (as it is in libcurl internals) and I then replaced them all with snprintf(). In the unlikely event that any users is actually using this define and gets sad by this change, it is very easily copied to the user's own code.
2016-04-01curl_memory.h: avoid the curl/curl.h includeDaniel Stenberg
Discussed in #743
2016-04-01url: Corrected get protocol family for FTP and LDAPSteve Holme
Fixed copy/paste error from commit a5aec58726.
2016-03-31strerror: don't bit shift a signed integerJay Satiro
Bug: https://github.com/curl/curl/issues/744 Reported-by: Alexis La Goutte
2016-03-31http2: more documentation for prior knowledgeDaniel Stenberg
2016-03-31http2: support "prior knowledge", no upgrade from HTTP/1.1Diego Bes
Supports HTTP/2 over clear TCP - Optimize switching to HTTP/2 by removing calls to init and setup before switching. Switching will eventually call setup and setup calls init. - Supports new version to “force” the use of HTTP/2 over clean TCP - Add common line parameter “--http2-prior-knowledge” to the Curl command line tool.
2016-03-31imap: remove duplicated functionDaniel Stenberg
The list and search response functions were identical! Merged into one now. Detected by PVS Studio. Reported-by: Alexis La Goutte
2016-03-31SOCKS5_gssapi_negotiate: don't assume little-endian intsDaniel Stenberg
The code copied one byte from a 32bit integer, which works fine as long as the byte order is the same. Not a fine assumption. Reported by PVS Studio. Reported-by: Alexis La Goutte
2016-03-31http: remove ((expression)) double parenthesesDaniel Stenberg
2016-03-31Curl_add_buffer_send: avoid possible NULL dereferenceDaniel Stenberg
... as we check for a NULL pointer below, we move the derefence to after the check. Detected by PVS Studio. Reported-by: Alexis La Goutte
2016-03-31file: remove duplicate checks of the same variableDaniel Stenberg
... as it doesn't change in between. Deteced by PVS Studio. Reported-by: Alexis La Goutte
2016-03-30openssl: Fix compilation warningsMarcel Raad
When compiling with OpenSSL 1.1.0 (so that the HAVE_X509_GET0_SIGNATURE && HAVE_X509_GET0_EXTENSIONS pre-processor block is active), Visual C++ 14 complains: warning C4701: potentially uninitialized local variable 'palg' used warning C4701: potentially uninitialized local variable 'psig' used
2016-03-30multi: turn Curl_done into file local multi_doneDaniel Stenberg
... as it now is used by multi.c only.