aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-11-11progress_cb: avoid buffer overflowDaniel Stenberg
The progress bar output function would blindly use the terminal width without bounds checking. When using a very wide terminal that caused a buffer overflow and segfault. We now limit the max bar with to 255 columns, and I simplified the code to avoid an extra snprintf and buffer. Bug: http://curl.haxx.se/bug/view.cgi?id=3435710 Reported by: Alexey Zakhlestin
2011-11-11Active mode FTP test cases with server not establishing data connectionYang Tse
591 -> FTP multi PORT and 425 on upload 592 -> FTP multi PORT and 421 on upload 593 -> FTP multi PORT upload, no data conn and no transient neg. reply 594 -> FTP multi PORT upload, no data conn and no positive prelim. reply 1206 -> FTP PORT and 425 on download 1207 -> FTP PORT and 421 on download 1208 -> FTP PORT download, no data conn and no transient negative reply 1209 -> FTP PORT download, no data conn and no positive preliminary reply
2011-11-08Fix to skip untrusted certs.Guenter Knauf
2011-11-06RELEASE-NOTES: synced with e3166df1bb3Daniel Stenberg
4 new bugfixes, 2 more contributors
2011-11-06ftp PORT: don't hang if bind() failsDaniel Stenberg
When the user requests PORT with a specific port or port range, the code could lock up in an endless loop. There's now an extra conditional that makes sure to special treat the error and try the local address only once so a second failure will abort the loop correctly. Bug: http://curl.haxx.se/bug/view.cgi?id=3433968 Reported by: Gokhan Sengun
2011-11-06pingpong: change two comments wrongly referring "FTP"Daniel Stenberg
Just a sign of where the code originally was ripped out from. Now it is generic "pingpong".
2011-11-06test 590: verify the bug fix in 4851dafcf1Daniel Stenberg
This test is created to verify Rene Bernhardt's patch which makes sure libcurl properly _not_ deals with Negotiate if not asked to even if the proxy says it can serve it.
2011-11-06HTTP auth: fix proxy Negotiate bugRene Bernhardt
If a proxy offers several Authentication schemes where NTLM and Negotiate are offered by the proxy and you tell libcurl not to use the Negotiate scheme then the request never returns when the proxy answers with its HTTP 407 reply. It is reproducible by the following steps: - Use a proxy that offers NTLM and Negotiate ( CURLOPT_PROXY and CURLOPT_PROXYPORT ) - Tell libcurl NOT to use Negotiate CURL_EASY_SETOPT(CURLOPT_PROXYAUTH, CURLAUTH_BASIC | CURLAUTH_DIGEST | CURLAUTH_NTLM ) - Start the request The call to CURL_EASY_PERFORM never returns. If you switch on debug logging you can see that libcurl issues a new request As soon as it received the 407 reply. Instead it should return and set the response code to 407. Bug: http://curl.haxx.se/mail/lib-2011-10/0323.html
2011-11-04ssluse.c: fix calling of OpenSSL's ERR_remove_state(0)Yang Tse
Move calling of ERR_remove_state(0) a.k.a ERR_remove_thread_state(NULL) from Curl_ossl_close_all() to Curl_ossl_cleanup(). In this way ERR_remove_state(0) is now only called in libcurl by curl_global_cleanup(). Previously it would get called by functions curl_easy_cleanup(), curl_multi_cleanup and potentially each time a connection was removed from a connection cache leading to premature destruction of OpenSSL's thread local state hash. Multi-threaded apps using OpenSSL enabled libcurl should still call function ERR_remove_state(0) or ERR_remove_thread_state(NULL) at the very end end of threads that do not call curl_global_cleanup().
2011-11-03tool_cb_wrt.c: disambiguate warning messageYang Tse
2011-11-03tool_cfgable.c: pending check doneYang Tse
2011-11-03url.c and file.c: fix OOM triggered segfaultYang Tse
2011-11-03rename ftp_ssl: the struct field is used for many protocolsDaniel Stenberg
Now called 'use_ssl' instead, which better matches the current CURLOPT name and since the option is used for all pingpong protocols (at least) it makes sense to not use 'ftp' in the name.
2011-11-02gtls_connect_step1: remove use of deprecated functionsDaniel Stenberg
Use gnutls_priority_set_direct() instead of gnutls_protocol_set_priority(). Remove the gnutls_certificate_type_set_priority() use since x509 is the default certificate type anyway. Reported by: Vincent Torri
2011-11-02url.c and transfer.c: nullify connection pointer when free()'edYang Tse
2011-11-02FTP test server: NODATACONN commands follow-upYang Tse
Make NODATACONN425 and NODATACONN421 return a 150 positive preliminary reply before 425 or 421. New NODATACONN150 returns 150 without further positive nor negative reply Now NODATACONN doesn't reply anything at all.
2011-11-01multi.c: OOM handling fixYang Tse
2011-11-01FTP test server: NODATACONN commands follow-upYang Tse
Make NODATACONN custom commands apply to both active and passive FTP, and ensure 425 and 421 are not returned unless data channel usage is attempted.
2011-11-01tool_cb_see.h: fix compiler warningYang Tse
2011-10-31setup.h: fix compiler warningYang Tse
2011-10-31FTP test server: NODATACONN commands commit c761fcb0 follow-upYang Tse
Adjustments that make NODATACONN custom commands fully usable.
2011-10-30doc/curl.1: fix sentence with ending for -# optionDave Reisner
Try to be a little more descriptive about the effect of this flag, rather than parroting what was said in the paragraph just above.
2011-10-30FTP test server: fix server unresponsivenessYang Tse
Some torture tests left FTP test server in an unresponsive state, resulting in torture tests that actually completed following unexpected code paths. Changes in this commit solely address this issue and some adjustments for ftpserver.pl logging relative to data channel establishment and tear down. Pending NODATACONN relative adjustments reserved for a further commit.
2011-10-30runtests.pl: running server checks - commit 4464583a follow-upYang Tse
Ensure verification takes place with no server commands file. Ignore verbose setting for running server precheck. Tweak unresponsive server message, to allow detection by haxx.se scripts.
2011-10-29gtls.c: gnutls_transport_set_global_errno() deprecated in version 2.12.3Yang Tse
2011-10-28runtests.pl: running server checks - commit 3676ec96 follow-upYang Tse
Fix called sub when checking TFTP server, and adjust message.
2011-10-28runtests.pl: running server checks - commit 4464583a follow-upYang Tse
Extended server checks to others in addition to pingpong when torture testing.
2011-10-27lib589.c: add CURLOPT_READDATA missing stuffYang Tse
2011-10-27ftpserver.pl: three new custom FTP server commands to disable data channelYang Tse
NODATACONN421: applies only to active FTP mode, instructs server to not establish data connection back to client and reply with FTP 421. NODATACONN425: applies only to active FTP mode, instructs server to not establish data connection back to client and reply with FTP 425. NODATACONN: applies to both active and passive FTP modes, instructs server to not establish nor accept a data channel and fool client into believing that the data channel connection is possible. Some polishing probably required.
2011-10-27multi.c: OOM handling fixYang Tse
Fix curl_multi_cleanup() segfault when using weird cleanup sequence.
2011-10-27multi: start ftp state machine when switching to DO_MOREDaniel Stenberg
This extends the fix from commit d7934b8bd491 When the multi state is changed within the multi_runsingle from DOING to DO_MORE, we didn't immediately start the FTP state machine again. That then left the FTP state in FTP_STOP. When curl_multi_fdset() was subsequently called, the ftp_domore_getsock() function would return the wrong fd info. Reported by: Gokhan Sengun
2011-10-27libcurl-multi.3: update the list of areas still blockingDaniel Stenberg
2011-10-26test 589: active FTP upload using multi timeout and EPRT disabled serverYang Tse
2011-10-26multi tests: OOM handling fixes - commit 629d2e34 follow-upYang Tse
2011-10-26- Prepare the ILE/RPG binding and OS400 documentation for the upcoming releasePatrick Monnerat
2011-10-25RELEASE-NOTES: synced with 4464583a6edDaniel Stenberg
5 more bug fixes, 4 additional contributors
2011-10-25runtests.pl: running server checksYang Tse
When running torture tests, verify before each test case that required pingpong servers which are supposed to be alive are actually responsive. If found not responsive then restart them.
2011-10-24dist: add test 587Daniel Stenberg
I created test 587 in commit 840eff44f2b but forgot to add the file to the tarball. Added now.
2011-10-24test 588: verify active FTP with multi interface without EPRTDaniel Stenberg
This is using the verbatim 525 test code but it disables EPRT in the server and this should work just as well anyway.
2011-10-24FTP server: allow EPRT by defaultDaniel Stenberg
EPRT is now supported by default by the server. To disable it, use the generic REPLY instruction in the <servercmd> tag. Test 116 now has it disabled. All other existing active FTP port tests strip out the port commands from the logs already so the change of the server isn't that noticable.
2011-10-24ftp.c: some OOM handling fixesYang Tse
2011-10-24ftpserver.pl: ensure integral number usage for passive mode stringYang Tse
2011-10-24large headers: have curl accept >16K headersDaniel Stenberg
As commit 5850cc4808ab clarifies, libcurl can deliver header lines that are longer than CURL_MAX_WRITE_SIZE, only body data is limited to that size. The curl tool has check (when built debug-enabled) that made the wrong checks and this new test 1205 verifies that larger headers work.
2011-10-24curl_easy_setopt.3: headers can be CURL_MAX_HTTP_HEADER bytesDaniel Stenberg
Mention this maximum header size for the header callback cases
2011-10-24Merge pull request #25 from trtom/masterDaniel Stenberg
make sure the static build uses the static build option!
2011-10-24curl_easy_setopt.3: fix typoDaniel Stenberg
shoot, Dan Fandrich already had this pointed out...
2011-10-24curl_easy_setopt: Added pop3 to CURLOPT_URL.Steve Holme
Added pop3 username and password example as well as an explanation of how path part of the URL is used under pop3. Additionally have corrected a couple of typos.
2011-10-22tool_operate.c: OOM handling fixYang Tse
Move curl_easy_perform source code geneartion out of curl_easy_perform's loop for proper OOM handling and source code geneartion.
2011-10-21curl_multi_fdset: correct fdset with FTP PORT useDaniel Stenberg
After a PORT has been issued, and the multi handle would switch to the CURLM_STATE_DO_MORE state (which is unique for FTP), libcurl would return the wrong fdset to wait for when curl_multi_fdset() is called. The code would blindly assume that it was waiting for a connect of the second connection, while that isn't true immediately after the PORT command. Also, the function multi.c:domore_getsock() was highly FTP-centric and therefore ugly to keep in protocol-agnostic code. I solved this problem by introducing a new function pointer in the Curl_handler struct called domore_getsock() which is only called during the DOMORE state for protocols that set that pointer. The new ftp.c:ftp_domore_getsock() function now returns fdset info about the control connection's command/response handling while such a state is in use, and goes over to waiting for a writable second connection first once the commands are done. The original problem could be seen by running test 525 and checking the time stamps in the FTP server log. I can verify that this fix at least fixes this problem. Bug: http://curl.haxx.se/mail/lib-2011-10/0250.html Reported by: Gokhan Sengun
2011-10-21Added some missing test case XML tags and keywordsDan Fandrich