| Age | Commit message (Collapse) | Author |
|---|
|
Detected by Coverity. CID 1418139.
Also, make sure to return error if the new 'from' allocation fails.
Closes #4997
|
|
Detected by Coverity. CID 1418139. "leaked_storage: Variable 'from'
going out of scope leaks the storage it points to"
Closes #4990
|
|
Make the function tolerate a NULL pointer input to avoid dereferencing
that pointer.
Follow-up to efce3ea5a85126d
Detected by OSS-Fuzz
Reviewed-By: Steve Holme
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20907
Fixes #4985
Closes #4986
|
|
Closes #4892
|
|
Simply notify the server we support the SMTPUTF8 extension if it does.
|
|
|
|
Note: The RCPT TO command isn't required to advertise to the server that
it contains UTF-8 characters, instead the server is told that a mail may
contain UTF-8 in any envelope command via the MAIL command.
|
|
Support the SMTPUTF8 extension when sending mailbox information in the
MAIL command (FROM and AUTH parameters). Non-ASCII domain names will
be ACE encoded, if IDN is supported, whilst non-ASCII characters in
the local address part are passed to the server.
Reported-by: ygthien on github
Fixes #4828
|
|
|
|
|
|
|
|
Non-ASCII host names will be ACE encoded if IDN is supported.
|
|
This avoids the duplication of strings when the optional AUTH and SIZE
parameters are required. It also assists with the modifications that
are part of #4892.
Closes #4903
|
|
Introduces CURLOPT_MAIL_RCPT_ALLLOWFAILS.
Verified with the new tests 3002-3007
Closes #4816
|
|
Otherwise, a three byte response would make the smtp_state_ehlo_resp()
function misbehave.
Credit to OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/16918
Assisted-by: Max Dymond
Closes #4287
|
|
It was used (intended) to pass in the size of the 'socks' array that is
also passed to these functions, but was rarely actually checked/used and
the array is defined to a fixed size of MAX_SOCKSPEREASYHANDLE entries
that should be used instead.
Closes #4169
|
|
Reduce variable scopes and remove redundant variable stores.
Closes https://github.com/curl/curl/pull/3975
|
|
They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing
or rephrasing them.
Ref: #3876
Closes #3883
|
|
|
|
- Fix clang string-plus-int warning.
Clang 8 warns about adding a string to an int does not append to the
string. Indeed it doesn't, but that was not the intention either. Use
array indexing as suggested to silence the warning. There should be no
functional changes.
(In other words clang warns about "foo"+2 but not &"foo"[2] so use the
latter.)
smtp.c:1221:29: warning: adding 'int' to a string does not append to the
string [-Wstring-plus-int]
eob = strdup(SMTP_EOB + 2);
~~~~~~~~~~~~~~~~^~~~
Closes https://github.com/curl/curl/pull/3729
|
|
- no need to have them protocol specific
- no need to set pointers to them with the Curl_setup_transfer() call
- make Curl_setup_transfer() operate on a transfer pointer, not
connection
- switch some counters from long to the more proper curl_off_t type
Closes #3627
|
|
If the incoming len 5, but the buffer does not have a termination
after 5 bytes, the strtol() call may keep reading through the line
buffer until is exceeds its boundary. Fix by ensuring that we are
using a bounded read with a temporary buffer on the stack.
Bug: https://curl.haxx.se/docs/CVE-2019-3823.html
Reported-by: Brian Carpenter (Geeknik Labs)
CVE-2019-3823
|
|
The timeout set with CURLOPT_TIMEOUT is no longer used when
disconnecting from one of the pingpong protocols (FTP, IMAP, SMTP,
POP3).
Reported-by: jasal82 on github
Fixes #3264
Closes #3374
|
|
... to make it a truly unified URL parser.
Closes #3017
|
|
This is step 3 of #2888.
Fixes #2888
Closes #2896
|
|
... not the read buffer size, as that can be set smaller and thus cause
a buffer overflow! CVE-2018-0500
Reported-by: Peter Wu
Bug: https://curl.haxx.se/docs/adv_2018-70a2.html
|
|
- Get rid of variable that was generating false positive warning
(unitialized)
- Fix issues in tests
- Reduce scope of several variables all over
etc
Closes #2631
|
|
RFC 5321 4.1.1.4 specifies the CRLF terminating the DATA command
should be taken into account when chasing the <CRLF>.<CRLF> end marker.
Thus a leading dot character in data is also subject to escaping.
Tests 911 and test server are adapted to this situation.
New tests 951 and 952 check proper handling of initial dot in data.
Closes #2304
|
|
Follow-up commit to 615edc1f73 which was incomplete.
Assisted-by: Max Dymond
Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5206
|
|
For pop3/imap/smtp, added test 891 to somewhat verify the pop3
case.
For this, I enhanced the pingpong test server to be able to send back
responses with LF-only instead of always using CRLF.
Closes #2150
|
|
... since the 'tv' stood for timeval and this function does not return a
timeval struct anymore.
Also, cleaned up the Curl_timediff*() functions to avoid typecasts and
clean up the descriptive comments.
Closes #2011
|
|
... as otherwise it could leak that memory.
Detected by OSS-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600
Assisted-by: Max Dymond
Closes #1977
|
|
Regression since ce0881edee
Coverity CID 1418139 and CID 1418136 found it, but it was also seen in
torture testing.
|
|
Available in HTTP, SMTP and IMAP.
Deprecates the FORM API.
See CURLOPT_MIMEPOST.
Lib code and associated documentation.
|
|
Add a new type of callback to Curl_handler which performs checks on
the connection. Alter RTSP so that it uses this callback to do its
own check on connection health.
|
|
... all other non-HTTP protocol schemes are now defaulting to "tunnel
trough" mode if a HTTP proxy is specified. In reality there are no HTTP
proxies out there that allow those other schemes.
Assisted-by: Ray Satiro, Michael Kaufmann
Closes #1505
|
|
... to properly use the dynamically set buffer size!
|
|
Fixes #1252
|
|
- Format the numeric denial code as an integer instead of a character.
|
|
|
|
|
|
We had some confusions on when each function was used. We should not act
differently on different locales anyway.
|
|
... to make it less likely that we forget that the function actually
does case insentive compares. Also replaced several invokes of the
function with a plain strcmp when case sensitivity is not an issue (like
comparing with "-").
|
|
Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as
more of a generic "failed to parse" introduce an alias without FTP in
the name.
Closes https://github.com/curl/curl/pull/975
|
|
|
|
|
|
curl_printf.h defines printf to curl_mprintf, etc. This can cause
problems with external headers which may use
__attribute__((format(printf, ...))) markers etc.
To avoid that they cause problems with system includes, we include
curl_printf.h after any system headers. That makes the three last
headers to always be, and we keep them in this order:
curl_printf.h
curl_memory.h
memdebug.h
None of them include system headers, they all do funny #defines.
Reported-by: David Benjamin
Fixes #743
|
|
... as it now is used by multi.c only.
|
|
warning C4706: assignment within conditional expression
|
|
Regression since commit 710f14edba.
Bug: https://github.com/curl/curl/issues/422
Reported-by: Justin Ehlert
|
