aboutsummaryrefslogtreecommitdiff
path: root/lib/url.c
AgeCommit message (Collapse)Author
2014-02-13ConnectionExists: reusing possible HTTP+NTLM connections betterDaniel Stenberg
Make sure that the special NTLM magic we do is for HTTP+NTLM only since that's where the authenticated connection is a weird non-standard paradigm. Regression brought in 8ae35102c (curl 7.35.0) Bug: http://curl.haxx.se/mail/lib-2014-02/0100.html Reported-by: Dan Fandrich
2014-02-13transfer: make Expect: 100-continue timeout configurable.Tiit Pikma
Replaced the #define CURL_TIMEOUT_EXPECT_100 in transfer.c with the CURLOPT_EXPECT_100_TIMEOUT_MS option to make the timeout configurable.
2014-02-10NPN/ALPN: allow disabling via command lineFabian Frank
when using --http2 one can now selectively disable NPN or ALPN with --no-alpn and --no-npn. for now honored with NSS only. TODO: honor this option with GnuTLS and OpenSSL
2014-01-30netrc: Fixed a memory leak in an OOM conditionDan Fandrich
2014-01-28oauth2: Fixed a memory leak in an OOM conditionDan Fandrich
2014-01-08info: remove debug outputDaniel Stenberg
Removed some of the infof() calls that were added with the recent pipeline improvements but they're not useful to the vast majority of readers and the pipelining seems to fundamentaly work - the debugging outputs can easily be added there if debugging these functions is needed again.
2014-01-07ConnectionExists: fix NTLM check for new connectionDaniel Stenberg
When the requested authentication bitmask includes NTLM, we cannot re-use a connection for another username/password as we then risk re-using NTLM (connection-based auth). This has the unfortunate downside that if you include NTLM as a possible auth, you cannot re-use connections for other usernames/passwords even if NTLM doesn't end up the auth type used. Reported-by: Paras S Patched-by: Paras S Bug: http://curl.haxx.se/mail/lib-2014-01/0046.html
2013-12-31mprintf: Replaced internal usage of FORMAT_OFF_T and FORMAT_OFF_TUSteve Holme
Following commit 0aafd77fa4c6f2, replaced the internal usage of FORMAT_OFF_T and FORMAT_OFF_TU with the external versions that we expect API programmers to use. This negates the need for separate definitions which were subtly different under different platforms/compilers.
2013-12-20vtls: renamed sslgen.[ch] to vtls.[ch]Daniel Stenberg
2013-12-20vtls: created subdir, moved sslgen.[ch] there, updated all include linesDaniel Stenberg
2013-12-14login options: remove the ;[options] support from CURLOPT_USERPWDDaniel Stenberg
To avoid the regression when users pass in passwords containing semi- colons, we now drop the ability to set the login options with the same options. Support for login options in CURLOPT_USERPWD was added in 7.31.0. Test case 83 was modified to verify that colons and semi-colons can be used as part of the password when using -u (CURLOPT_USERPWD). Bug: http://curl.haxx.se/bug/view.cgi?id=1311 Reported-by: Petr Bahula Assisted-by: Steve Holme Signed-off-by: Daniel Stenberg <daniel@haxx.se>
2013-11-12curl_easy_setopt: Added the ability to set the login options separatelySteve Holme
Rather than set the authentication options as part of the login details specified in the URL, or via the older CURLOPT_USERPWD option, added a new libcurl option to allow the login options to be set separately.
2013-11-10connect: Close temporary sockets in conn_free()Björn Stenberg
The temporary sockets used for Happy Eyeballs were not closed properly, if curl exited prematurely, which this patch fixes.
2013-11-05url.c: Very small amount of policingSteve Holme
2013-11-05url.c: Remove superfluous for loopBjörn Stenberg
The reason for this loop's existence was removed in commit 02fbc26d59c591.
2013-11-04connect: Add connection delay to Happy Eyeballs.Björn Stenberg
This patch adds a 200ms delay between the first and second address family socket connection attempts. It also iterates over IP addresses in the order returned by the system, meaning most dual-stack systems will try IPv6 first. Additionally, it refactors the connect code, removing most code that handled synchronous connects. Since all sockets are now non-blocking, the logic can be made simpler.
2013-10-30NSS: support for CERTINFO featurePatrick Monnerat
2013-10-27Add "Happy Eyeballs" for IPv4/IPv6.Björn Stenberg
This patch invokes two socket connect()s nearly simultaneously, and the socket that is first connected "wins" and is subsequently used for the connection. The other is terminated. There is a very slight IPv4 preference, in that if both sockets connect simultaneously IPv4 is checked first and thus will win.
2013-10-26FTP: make the data connection work when going through proxyDaniel Stenberg
This is a regression since the switch to always-multi internally c43127414d89c. Test 1316 was modified since we now clearly call the Curl_client_write() function when doing the LIST transfer part and then the handler->protocol says FTP and ftpc.transfertype is 'A' which implies text converting even though that the response is initially a HTTP CONNECT response in this case.
2013-09-12libcurl: New options to bind DNS to local interfaces or IP addressesKim Vandry
2013-09-09url: handle abortion by read/write callbacks, tooKamil Dudka
Otherwise, the FTP protocol would unnecessarily hang 60 seconds if aborted in the CURLOPT_HEADERFUNCTION callback. Reported by: Tomas Mlcoch Bug: https://bugzilla.redhat.com/1005686
2013-09-04Curl_setopt: refuse CURL_HTTP_VERSION_2_0 if built without supportDaniel Stenberg
2013-09-01url.c: Fixed compilation warningSteve Holme
An enumerated type is mixed with another type
2013-08-25options: added basic SASL XOAUTH2 supportKyle L. Huff
Added the ability to specify an XOAUTH2 bearer token [RFC6750] via the option CURLOPT_XOAUTH2_BEARER for authentication using RFC6749 "OAuth 2.0 Authorization Framework".
2013-08-25FTP: remove krb4 supportDaniel Stenberg
We've announced this pending removal for a long time and we've repeatedly asked if anyone would care or if anyone objects. Nobody has objected. It has probably not even been working for a good while since nobody has tested/used this code recently. The stuff in krb4.h that was generic enough to be used by other sources is now present in security.h
2013-08-20url: handle arbitrary-length username and password before '@'Jonathan Nieder
libcurl quietly truncates usernames, passwords, and options from before an '@' sign in a URL to 255 (= MAX_CURL_PASSWORD_LENGTH - 1) characters to fit in fixed-size buffers on the stack. Allocate a buffer large enough to fit the parsed fields on the fly instead to support longer passwords. After this change, there are no more uses of MAX_CURL_OPTIONS_LENGTH left, so stop defining that constant while at it. The hardcoded max username and password length constants, on the other hand, are still used in HTTP proxy credential handling (which this patch doesn't touch). Reported-by: Colby Ranger
2013-08-20url: handle exceptional cases first in parse_url_login()Jonathan Nieder
Instead of nesting "if(success)" blocks and leaving the reader in suspense about what happens in the !success case, deal with failure cases early, usually with a simple goto to clean up and return from the function. No functional change intended. The main effect is to decrease the indentation of this function slightly.
2013-08-20Curl_setopt: handle arbitrary-length username and passwordJonathan Nieder
libcurl truncates usernames, passwords, and options set with curl_easy_setopt to 255 (= MAX_CURL_PASSWORD_LENGTH - 1) characters. This doesn't affect the return value from curl_easy_setopt(), so from the caller's point of view, there is no sign anything strange has happened, except that authentication fails. For example: # Prepare a long (300-char) password. s=0123456789; s=$s$s$s$s$s$s$s$s$s$s; s=$s$s$s; # Start a server. nc -l -p 8888 | tee out & pid=$! # Tell curl to pass the password to the server. curl --user me:$s http://localhost:8888 & sleep 1; kill $pid # Extract the password. userpass=$( awk '/Authorization: Basic/ {print $3}' <out | tr -d '\r' | base64 -d ) password=${userpass#me:} echo ${#password} Expected result: 300 Actual result: 255 The fix is simple: allocate appropriately sized buffers on the heap instead of trying to squeeze the provided values into fixed-size on-stack buffers. Bug: http://bugs.debian.org/719856 Reported-by: Colby Ranger
2013-08-20netrc: handle longer username and passwordJonathan Nieder
libcurl truncates usernames and passwords it reads from .netrc to LOGINSIZE and PASSWORDSIZE (64) characters without any indication to the user, to ensure the values returned from Curl_parsenetrc fit in a caller-provided buffer. Fix the interface by passing back dynamically allocated buffers allocated to fit the user's input. The parser still relies on a 256-character buffer to read each line, though. So now you can include an ~246-character password in your .netrc, instead of the previous limit of 63 characters. Reported-by: Colby Ranger
2013-08-20url: allocate username, password, and options on the heapJonathan Nieder
This makes it possible to increase the size of the buffers when needed in later patches. No functional change yet.
2013-08-20url: use goto in create_conn() for exception handlingJonathan Nieder
Instead of remembering before each "return" statement which temporary allocations, if any, need to be freed, take care to set pointers to NULL when no longer needed and use a goto to a common block to exit the function and free all temporaries. No functional change intended. Currently the only temporary buffer in this function is "proxy" which is already correctly freed when appropriate, but there will be more soon.
2013-08-12cleanup: removed one function, made one staticDaniel Stenberg
Moved Curl_easy_addmulti() from easy.c to multi.c, renamed it to easy_addmulti and made it static. Removed Curl_easy_initHandleData() and uses of it since it was emptied in commit cdda92ab67b47d74a.
2013-08-12SessionHandle: the protocol specific pointer is now a void *Daniel Stenberg
All protocol handler structs are now opaque (void *) in the SessionHandle struct and moved in the request-specific sub-struct 'SingleRequest'. The intension is to keep the protocol specific knowledge in their own dedicated source files [protocol].c etc. There's some "leakage" where this policy is violated, to be addressed at a later point in time.
2013-08-12urldata: clean up the use of the protocol specific structsDaniel Stenberg
1 - always allocate the struct in protocol->setup_connection. Some protocol handlers had to get this function added. 2 - always free at the end of a request. This is also an attempt to keep less memory in the handle after it is completed.
2013-08-06FTP: when EPSV gets a 229 but fails to connect, retry with PASVDaniel Stenberg
This is a regression as this logic used to work. It isn't clear when it broke, but I'm assuming in 7.28.0 when we went all-multi internally. This likely never worked with the multi interface. As the failed connection is detected once the multi state has reached DO_MORE, the Curl_do_more() function was now expanded somewhat so that the ftp_do_more() function can request to go "back" to the previous state when it makes another attempt - using PASV. Added test case 1233 to verify this fix. It has the little issue that it assumes no service is listening/accepting connections on port 1... Reported-by: byte_bucket in the #curl IRC channel
2013-08-03multi: remove data->state.current_conn struct fieldDaniel Stenberg
Not needed
2013-07-24string formatting: fix 15+ printf-style format stringsYang Tse
2013-07-24string formatting: fix 25+ printf-style format stringsYang Tse
2013-07-23url.c: Fix dot file path cleanup when using an HTTP proxyFabian Keil
Previously the path was cleaned, but the URL wasn't properly updated.
2013-07-18CURLOPT_XFERINFOFUNCTION: introducing a new progress callbackDaniel Stenberg
CURLOPT_XFERINFOFUNCTION is now the preferred progress callback function and CURLOPT_PROGRESSFUNCTION is considered deprecated. This new callback uses pure 'curl_off_t' arguments to pass on full resolution sizes. It otherwise retains the same characteristics: the same call rate, the same meanings for the arguments and the return code is used the same way. The progressfunc.c example is updated to show how to use the new callback for newer libcurls while supporting the older one if built with an older libcurl or even built with a newer libcurl while running with an older.
2013-07-15OS400: new SSL backend GSKitPatrick Monnerat
2013-07-15x509asn1.c,x509asn1.h: new module to support ASN.1/X509 parsing & info extractPatrick Monnerat
Use from qssl backend
2013-07-14url.c: fix parse_url_login() OOM handlingYang Tse
2013-07-12url.c: fix parse_login_details() OOM handlingYang Tse
2013-07-11url.c: fix SIGSEGVYang Tse
2013-06-30url: restore the functionality of 'curl -u :'Kamil Dudka
This commit fixes a regression introduced in fddb7b44a79d78e05043e1c97e069308b6b85f79. Reported by: Markus Moeller Bug: http://curl.haxx.se/mail/archive-2013-06/0052.html
2013-06-22dotdot: introducing dot file path cleanupDaniel Stenberg
RFC3986 details how a path part passed in as part of a URI should be "cleaned" from dot sequences before getting used. The described algorithm is now implemented in lib/dotdot.c with the accompanied test case in test 1395. Bug: http://curl.haxx.se/bug/view.cgi?id=1200 Reported-by: Alex Vinnik
2013-06-17CURLOPT_COOKIELIST: take cookie share lockDaniel Stenberg
When performing COOKIELIST operations the cookie lock needs to be taken for the cases where the cookies are shared among multiple handles! Verified by Benjamin Gilbert's updated test 506 Bug: http://curl.haxx.se/bug/view.cgi?id=1215 Reported-by: Benjamin Gilbert
2013-04-27sasl-ir: Added CURLOPT_SASL_IR to enable/disable the SASL initial responseSteve Holme
2013-04-26url: initialize speed-check data for file:// protocolZdenek Pavlas
... in order to prevent an artificial timeout event based on stale speed-check data from a previous network transfer. This commit fixes a regression caused by 9dd85bced56f6951107f69e581c872c1e7e3e58e. Bug: https://bugzilla.redhat.com/906031