Age | Commit message (Collapse) | Author |
|
When duplicating a handle, the data to post was duplicated using
strdup() when it could be binary and contain zeroes and it was not even
zero terminated! This caused read out of bounds crashes/segfaults.
Since the lib/strdup.c file no longer is easily shared with the curl
tool with this change, it now uses its own version instead.
Bug: http://curl.haxx.se/docs/adv_20141105.html
CVE: CVE-2014-3707
Reported-By: Symeon Paraschoudis
|
|
To verify that curl_easy_duphandle() works fine on a handle that has
gotten data stored with *_COPYPOSTFIELDS.
|
|
... and make test 2034 and 2035 require it, and have it set when built
with OpenSSL or GnuTLS.
|
|
|
|
|
|
As we only use libtoolize, only check for that!
|
|
|
|
|
|
As implementations are refereed to GSS-API libraries as per the RFC and
GSSAPI typically refers to the SASL authentication mechanism.
...and minor rewording on the same paragraph.
|
|
|
|
CMake 2.8's FindZLIB.cmake documents ZLIB_INCLUDE_DIRS, see
http://www.cmake.org/cmake/help/v2.8.0/cmake.html#module:FindZLIB
Bug: https://github.com/bagder/curl/pull/123
|
|
- Prior to this change no SSL minimum version was set by default at
runtime for PolarSSL. Therefore in most cases PolarSSL would probably
have defaulted to a minimum version of SSLv3 which is no longer secure.
|
|
|
|
... instead of duplicating info.
|
|
|
|
8cb010144 removed the CurlCheckCSourceCompiles.cmake and
CurlCheckCSourceRuns.cmake files
|
|
|
|
The previous condition that checked if the socket was marked as readable
when also adding a writable one, was incorrect and didn't take the pause
bits properly into account.
|
|
CHECK_TYPE_SIZE_PREINCLUDE is an internal, undocumented variable which
was removed in cmake 2.8.1. According to the MSDN docs[1], inclusion
of winsock2.h is sufficient. WIN32_LEAN_AND_MEAN does not really seem
to affect the tests, so remove it too[2].
For the non-windows case, remove inet headers as POSIX only requires
sys/socket.h.
[1]: http://msdn.microsoft.com/en-us/library/windows/desktop/ms740504%28v=vs.85%29.aspx
[2]: http://stackoverflow.com/questions/11040133/what-does-defining-win32-lean-and-mean-exclude-exactly
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
There were several -Wunused warnings and one duplicate macro definition.
The EXTRA_DEFINES variable of the CurlCheckCSources macro was being
abused ("__unused1\n#undef inline\n#define __unused2", seriously?) to
insert extra C code. Avoid this broken abstraction and use cmake's
check_c_source_compiles directly (works fine with CMake 2.8, maybe
even cmake 2.6).
After cleaning up all related variables (EXTRA_DEFINES,
HEADER_INCLUDES, auxiliary headers_hack), also remove a duplicate
add_headers_include macro and remove duplicate header additions before
the struct timeval check.
Oh, and now the code is converted to use CheckCSourceRuns and
CheckCSourceCompiles, the two curl-specific helpers can be removed.
Unfortunately, the cmake output is now slightly more verbose. Before:
Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test)
Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test) - Failed
Since check_c_source_compiles prints the varname, now you see:
Performing Test curl_cv_func_send_test
Performing Test curl_cv_func_send_test - Failed
Tested: int send(int, const void *, size_t, int)
Compared cmake output with each other using vimdiff, no functional
differences were found. Tested with GCC 4.9.1 and Clang 3.5.0.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
This patch cleans up the automatically-generated (?) code and fixes one
case that will always fail due to syntax error.
HAVE_GETHOSTBYADDR_R_5_REENTRANT always failed because of a trailing
character ("int length;q"). Several parameter type and unused variable
warnings popped up. This causes a detection failure with -Werror.
Observe that the REENTRANT cases are exactly the same as their
non-REENTRANT cases except for a `_REENTRANT` macro definition.
Merge all these pieces and build one big main function with different
cases, but reusing variables where logical.
For the cases where the parameters where NULL, I looked at
lib/hostip4.c to get an idea of the parameters types.
void-cast variables such as 'rc' to avoid -Wuninitialized errors.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
autotools does not use features.h nor _BSD_SOURCE. As this macro
triggers warnings since glibc 2.20, remove it. It should not have
functional differences.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
Additionally, updated "GSSAPI" to "GSS-API" for a Cmake related change
as GSSAPI can be confused with the authentication mechanism rather than
a GSS-API implementation library such as MIT or Heimdal.
|
|
Added support for WinIDN build configurations to the VC6 project files.
|
|
Added support for WinIDN build configurations to the VC7 and VC7.1
project files.
|
|
A left over from the VC6 project files, so mainly cosmetic in Visual
Studio .NET as it can handle both comma and semi-colon characters for
separating multiple pre-processor definitions.
However, the IDE uses semi-colons if the value is edited, and as such,
this may cause problems in future for anyone updating the files or
merging patches.
Used the Visual Studio IDE to correct the separator character.
|
|
..when working from the git repository. This is particularly useful
for single development environments where the project files for all
supported versions of Visual Studio may not be required.
|
|
Prior to this change if x64 release was specified a failed attempt was
made to build x86 release instead.
|
|
|
|
...and removed duplication of what protocols are supported from the
description text.
|
|
|
|
...and revised the proxy wording a little as well.
|
|
...and corrected a related typo in curl_easy_setopt.3.
|
|
|
|
|
|
As this has been present for SOCKSv5 proxy since v7.19.4 and for IMAP,
POP3 and SMTP authentication since v7.38.0.
|
|
Support for Kerberos V4 was removed in v7.33.0.
|
|
Typically the USE_WINDOWS_SSPI definition would not be used when the
CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build
configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication
data structures and functions would incorrectly be used when they
shouldn't be.
Introduced a new USE_KRB5 definition that takes into account the use of
CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
|
|
More CURLcode fixes.
|
|
Basically since servers often then don't respond well to this and
instead send the full contents and then libcurl would instead error out
with the assumption that the server doesn't support resume. As the data
is then already transfered, this is now considered fine.
Test case 1434 added to verify this. Test case 1042 slightly modified.
Reported-by: hugo
Bug: http://curl.haxx.se/bug/view.cgi?id=1443
|
|
More standardisation of CURLcode usage and coding style.
|
|
...and some minor code style changes.
|
|
|
|
|
|
As this is covered by the PROTOCOLS section and saves having to update
two parts of the document with the same information in future.
|
|
As implementations are refereed to GSS-API libraries as per the RFC and
GSSAPI typically refers to an authentication mechanism.
|
|
Added missing IMAP to the protocol list.
|
|
|
|
|
|
...as this option affects more that just FTP.
|