aboutsummaryrefslogtreecommitdiff
path: root/lib/vauth/cleartext.c
AgeCommit message (Collapse)Author
2020-05-24copyright: updated year ranges out of syncDaniel Stenberg
... and whitelisted a few more files in the the copyright.pl script.
2020-05-14vauth/cleartext: fix theoretical integer overflowMajor_Tom
Fix theoretical integer overflow in Curl_auth_create_plain_message. The security impact of the overflow was discussed on hackerone. We agreed this is more of a theoretical vulnerability, as the integer overflow would only be triggerable on systems using 32-bits size_t with over 4GB of available memory space for the process. Closes #5391
2019-05-13pingpong: disable more when no pingpong enabledDaniel Stenberg
2019-04-21vauth/cleartext: Don't send the authzid if it is emptySteve Holme
Follow up to 762a292f.
2019-04-11vauth/cleartext: Update the PLAIN login function signature to match RFC 4616Steve Holme
Functionally this doesn't change anything as we still use the username for both the authorisation identity and the authentication identity. Closes #3757
2018-10-29Curl_auth_create_plain_message: fix too-large-input-checkDaniel Stenberg
CVE-2018-16839 Reported-by: Harry Sintonen Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
2018-10-03comment: Fix multiple typos in function parametersDaniel Gustafsson
Ensure that the parameters in the comment match the actual names in the prototype. Closes #3079 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-03-20vauth/cleartext: fix integer overflow checkDaniel Stenberg
Make the integer overflow check not rely on the undefined behavior that a size_t wraps around on overflow. Detected by lgtm.com Closes #2408
2016-11-24Limit ASN.1 structure sizes to 256K. Prevent some allocation size overflows.Patrick Monnerat
See CRL-01-006.
2016-10-31strcasecompare: all case insensitive string compares ignore locale nowDaniel Stenberg
We had some confusions on when each function was used. We should not act differently on different locales anyway.
2016-10-31strcasecompare: is the new name for strequal()Daniel Stenberg
... to make it less likely that we forget that the function actually does case insentive compares. Also replaced several invokes of the function with a plain strcmp when case sensitivity is not an issue (like comparing with "-").
2016-06-22internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg
2016-04-06URLs: change http to https in many placesViktor Szakats
Closes #754
2016-03-25vauth: Refactored function names after move to new vauth directorySteve Holme
Renamed all the SASL functions that moved to the new vauth directory to include the correct module name.
2016-03-25vauth: Updated the copyright year after recent changesSteve Holme
As most of this work was performed in 2015 but not pushed until 2016 updated the copyright year to reflect the public facing changes.
2016-03-25vauth: Moved the ClearText authentication code to the new vauth directorySteve Holme