aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-04-03curl_sasl: Fixed potential null pointer utilisationSteve Holme
Although this should never happen due to the relationship between the 'mech' and 'resp' variables, and the way they are allocated together, it does cause problems for code analysis tools: V595 The 'mech' pointer was utilized before it was verified against nullptr. Check lines: 376, 381. curl_sasl.c 376 Bug: https://github.com/curl/curl/issues/745 Reported-by: Alexis La Goutte
2016-04-03spnego: Small code tidy upSteve Holme
* Prefer dereference of string pointer rather than strlen() * Free challenge pointer in one place * Additional comments
2016-04-03krb5: Small code tidy upSteve Holme
* Prefer dereference of string pointer rather than strlen() * Free challenge pointer in one place * Additional comments
2016-04-03krb5_gssapi: Only process challenge when presentSteve Holme
This wouldn't cause a problem because of the way the function is called, but prior to this change, we were processing the challenge message when the credentials were NULL rather than when the challenge message was populated. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
2016-04-03krb5: Fixed missing client response when mutual authentication enabledSteve Holme
Although mutual authentication is currently turned off and can only be enabled by changing libcurl source code, authentication using Kerberos 5 has been broken since commit 79543caf90 in this use case.
2016-04-03krb5_sspi: Only process challenge when presentSteve Holme
This wouldn't cause a problem because of the way the function is called, but prior to this change, we were processing the challenge message when the credentials were NULL rather than when the challenge message was populated. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
2016-04-03krb5_sspi: Only generate the output token when its not allocatedSteve Holme
Prior to this change, we were generating the output token when the credentials were NULL rather than when the output token was NULL. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
2016-04-03krb5: Only generate a SPN when its not knownSteve Holme
Prior to this change, we were generating the SPN in the SSPI code when the credentials were NULL and in the GSS-API code when the context was empty. It is better to decouple the SPN generation from these checks and only generate it when the SPN itself is NULL. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
2016-04-03tests/libtest: follow our code style guidelines betterDaniel Stenberg
... checksrc of all test code is pending.
2016-04-03checksrc.whitelist: remove fopen() usesDaniel Stenberg
2016-04-03formdata: use appropriate fopen() macrosDaniel Stenberg
2016-04-03checksrc: improve the fopen() parser somewhatDaniel Stenberg
The quote scanner was too fragile, now look for a comma instead to find the mode argument.
2016-04-03unit1604: fix snprintfDaniel Stenberg
follow-up to 0326b06 sizeof(pointer) is no good for the buffer size! Reported-by: Viktor Szakats
2016-04-03unittests: Fixed compilation warningsSteve Holme
warning: implicit declaration of function 'sprintf_was_used' [-Wimplicit-function-declaration] Follow up to the modications made to tests/libtest in commit 55452ebdff as we prefer not to use sprintf() now.
2016-04-02curl.1: -w filename_effective was introduced in 7.26.0Daniel Stenberg
We never made a 7.25.1 release
2016-04-027.49.0: next release versionDaniel Stenberg
2016-04-02http2: make use of the nghttp2 error callbackDaniel Stenberg
It offers extra info from nghttp2 in certain error cases. Like for example when trying prior-knowledge http2 on a server that doesn't speak http2 at all. The error message is passed on as a verbose message to libcurl. Discussed in #722 The error callback was added in nghttp2 1.9.0
2016-04-02spnego: Renamed the context's SPN variableSteve Holme
To be consistent with the Kerberos 5 context and other authentication code.
2016-04-02krb5_gssapi: Renamed the status variablesSteve Holme
For consistency with the spnego code.
2016-04-02krb5: Moved host from Curl_auth_create_gssapi_user_message() to be argumentSteve Holme
For consistency with the spnego and oauth2 code moved the setting of the host name outside of the Curl_auth_create_gssapi_user_messag() function. This will allow us to more easily override it in the future.
2016-04-02test1119: Fixed missing CURL_DID_MEMORY_FUNC_TYPEDEFS symbolSteve Holme
2016-04-01RELEASE-NOTES: Removed "http_negotiate: Corrected host and proxy host name"Steve Holme
As this was introduced in the recent vauth changes and not a prior release.
2016-04-01RELEASE-NOTES: synced with 0aa8da10bbdafaDaniel Stenberg
2016-04-01http_negotiate: Corrected host and proxy host name being wrong way roundSteve Holme
I had accidentally used the proxy server name for the host and the host server name for the proxy in commit ad5e9bfd5d and 6d6f9ca1d9. Whilst Windows SSPI was quite happy with this, GSS-API wasn't. Thanks-to: Michael Osipov
2016-04-01build: Changed the Visual Studio projects warning level from 3 to 4Steve Holme
After squashing most of our compiler warnings, up'ed the default warning level from 3 to 4 in order to increase the likelyhood of catching future warnings.
2016-04-01IMAP: check pointer before dereferencing itehlertjd@gmail.com
may be null in the CURLOPT_CONNECT_ONLY case Fixes #747
2016-04-01.gitignore: Added new VC14 SQLite based program database filesSteve Holme
2016-04-01curl_memory.h: Fixed typo in commentSteve Holme
From commit 7218b52c49.
2016-04-01spnego: Corrected some typos in commentsSteve Holme
Corrected typos from commit ad5e9bfd5d and 6d6f9ca1d9.
2016-04-01memdebug: Ensure curl/curl.h is included before curl_memory.hSteve Holme
Follow up to commit 7db9782dd6.
2016-04-01upload: missing rewind call could make libcurl hangDaniel Stenberg
When an upload is done, there are two places where that can be detected and only one of them would rewind the input stream - which sometimes is necessary for example when doing NTLM HTTP POSTs and more. This could then end up libcurl hanging. Figured-out-by: Isaac Boukris Reported-by: Anatol Belski Fixes #741
2016-04-01curl.h: define CURL_DID_MEMORY_FUNC_TYPEDEFSDaniel Stenberg
So that we only do the extra typedefs in curl_memory.h when we really need to and avoid double typedefs. follow-up commit to 7218b52c49aeb1 Thanks-to: Steve Holme
2016-04-01curl/mprintf.h: remove support for _MPRINTF_REPLACEDaniel Stenberg
The define is not in our name space and is therefore not protected by our API promises. It was only really used by libcurl internals but was mostly erased from there already in 8aabbf5 (March 2015). This is supposedly the final death blow to that define from everywhere. As a side-effect, making sure _MPRINTF_REPLACE is gone and not used, I made the lib tests in tests/libtest/ use curl_printf.h for its redefine magic and then subsequently the use of sprintf() got banned in the tests as well (as it is in libcurl internals) and I then replaced them all with snprintf(). In the unlikely event that any users is actually using this define and gets sad by this change, it is very easily copied to the user's own code.
2016-04-01curl_memory.h: avoid the curl/curl.h includeDaniel Stenberg
Discussed in #743
2016-04-01url: Corrected get protocol family for FTP and LDAPSteve Holme
Fixed copy/paste error from commit a5aec58726.
2016-03-31strerror: don't bit shift a signed integerJay Satiro
Bug: https://github.com/curl/curl/issues/744 Reported-by: Alexis La Goutte
2016-03-31http2: more documentation for prior knowledgeDaniel Stenberg
2016-03-31http2: support "prior knowledge", no upgrade from HTTP/1.1Diego Bes
Supports HTTP/2 over clear TCP - Optimize switching to HTTP/2 by removing calls to init and setup before switching. Switching will eventually call setup and setup calls init. - Supports new version to “force” the use of HTTP/2 over clean TCP - Add common line parameter “--http2-prior-knowledge” to the Curl command line tool.
2016-03-31imap: remove duplicated functionDaniel Stenberg
The list and search response functions were identical! Merged into one now. Detected by PVS Studio. Reported-by: Alexis La Goutte
2016-03-31SOCKS5_gssapi_negotiate: don't assume little-endian intsDaniel Stenberg
The code copied one byte from a 32bit integer, which works fine as long as the byte order is the same. Not a fine assumption. Reported by PVS Studio. Reported-by: Alexis La Goutte
2016-03-31http: remove ((expression)) double parenthesesDaniel Stenberg
2016-03-31Curl_add_buffer_send: avoid possible NULL dereferenceDaniel Stenberg
... as we check for a NULL pointer below, we move the derefence to after the check. Detected by PVS Studio. Reported-by: Alexis La Goutte
2016-03-31file: remove duplicate checks of the same variableDaniel Stenberg
... as it doesn't change in between. Deteced by PVS Studio. Reported-by: Alexis La Goutte
2016-03-30openssl: Fix compilation warningsMarcel Raad
When compiling with OpenSSL 1.1.0 (so that the HAVE_X509_GET0_SIGNATURE && HAVE_X509_GET0_EXTENSIONS pre-processor block is active), Visual C++ 14 complains: warning C4701: potentially uninitialized local variable 'palg' used warning C4701: potentially uninitialized local variable 'psig' used
2016-03-30multi: turn Curl_done into file local multi_doneDaniel Stenberg
... as it now is used by multi.c only.
2016-03-30multi: multi_reconnect_request is the former Curl_reconnect_requestDaniel Stenberg
now a file local function in multi.c
2016-03-30multi: move Curl_do and Curl_do_done to multi.c and make staticDaniel Stenberg
... called multi_do and multi_do_done as they're file local now.
2016-03-29wolfssl: Use ECC supported curves extensionJay Satiro
https://github.com/wolfSSL/wolfssl/issues/366
2016-03-29build-wolfssl: Allow a broader range of ciphers (Visual Studio)Jay Satiro
This is an update to the build-time options used to build wolfSSL in Visual Studio for greater compatibility, and make it behave similar to the way OpenSSL 1.0.2 behaves. Starting in wolfSSL v3.6.6 static ciphers and SSLv3 are disabled by default at build time, but we can use both. - Enable static cipher suites TLS_ECDH_ and TLS_RSA_. - Enable SSLv3 hello. Though in libcurl we disable it by default at runtime, we make it available so the user can manually select it if necessary.
2016-03-29GSS: make Curl_gss_log_error more verboseIsaac Boukris
Also display the GSS_C_GSS_CODE (major code) when specified instead of only GSS_C_MECH_CODE (minor code). In addition, the old code was printing a colon twice after the prefix and also miscalculated the length of the buffer in between calls to gss_display_status (the length of ": " was missing). Also, gss_buffer is not guaranteed to be NULL terminated and thus need to restrict reading by its length. Closes #738