aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2015-12-07formdata: Check if length is too large for memoryJay Satiro
- If the size of the length type (curl_off_t) is greater than the size of the size_t type then check before allocating memory to make sure the value of length will fit in a size_t without overflow. If it doesn't then return CURLE_BAD_FUNCTION_ARGUMENT. Bug: https://github.com/bagder/curl/issues/425#issuecomment-154518679 Reported-by: Steve Holme
2015-11-30Curl_read_plain: clean up ifdefs that break statementsFlavio Medeiros
Closes #546
2015-11-30http2: convert some verbose output into debug-only outputDaniel Stenberg
2015-11-30http2 push: add missing inits of new streamDaniel Stenberg
- set the correct stream_id for pushed streams - init maxdownload and size properly
2015-11-30http2 push: set weight for new streamDaniel Stenberg
give the new stream the old one's stream_weight internally to avoid sending a PRIORITY frame unless asked for it
2015-11-28curl_setup.h: undef freeaddrinfo in c-ares block to fix buildDaniel Stenberg
Fixes warnings 78c25c854a added.
2015-11-27nonblock: fix setting non-blocking mode for AmigaDaniel Stenberg
IoctlSocket() apparently wants a pointer to a long, passed as a char * in its third parameter. This bug was introduced already back in commit c5fdeef41d from October 1 2001! Bug: http://curl.haxx.se/mail/lib-2015-11/0088.html Reported-by: Norbert Kett
2015-11-27lib: Only define curl_dofreeaddrinfo if struct addrinfo is availableDan Fandrich
2015-11-25timecond: do not add if-modified-since without timeconditionDaniel Stenberg
The RTSP code path didn't skip adding the if-modified-since for certain RTSP code paths, even if CURLOPT_TIMECONDITION was set to CURL_TIMECOND_NONE. Also, an unknown non-zero CURLOPT_TIMECONDITION value no longer equals CURL_TIMECOND_IFMODSINCE. Bug: http://stackoverflow.com/questions/33903982/curl-timecond-none-doesnt-work-how-to-remove-if-modified-since-header
2015-11-24done: make sure the final progress update is madeDaniel Stenberg
It would previously be skipped if an existing error was returned, but would lead to a previous value being left there and later used. CURLINFO_TOTAL_TIME for example. Still it avoids that final progress update if we reached DONE as the result of a callback abort to avoid another callback to be called after an abort-by-callback. Reported-by: Lukas Ruzicka Closes #538
2015-11-24Revert "cleanup: general removal of TODO (and similar) comments"Daniel Stenberg
This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a. Feedback-by: Dan Fandrich URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
2015-11-21smb.c: Fixed compilation warningsSteve Holme
smb.c:134:3: warning: conversion to 'short unsigned int' from 'int' may alter its value smb.c:146:42: warning: conversion to 'unsigned int' from 'long long unsigned int' may alter its value smb.c:146:65: warning: conversion to 'unsigned int' from 'long long unsigned int' may alter its value
2015-11-21schannel: Corrected copy/paste error in commit 8d17117683Steve Holme
2015-11-21schannel: Use GetVersionEx() when VerifyVersionInfo() isn't availableSteve Holme
Regression from commit 7a8e861a5 as highlighted in the msys autobuilds.
2015-11-20pop3: Differentiate between success and continuation responsesSteve Holme
2015-11-20pop3: Added clarity on some server response codesSteve Holme
2015-11-17http2: http_done: don't free already-freed push headersDaniel Stenberg
The push headers are freed after the push callback has been invoked, meaning this code should only free the headers if the callback was never invoked and thus the headers weren't freed at that time. Reported-by: Davey Shafik
2015-11-16getconnectinfo: Don't call recv(2) if socket == -1Anders Bakken
Closes #528
2015-11-16http2: minor comment typoDaniel Stenberg
2015-11-15sasl; fix checksrc warningsDaniel Stenberg
2015-11-15oauth2: Support OAUTHBEARER failures sent as continuation responsesSteve Holme
According to RFC7628 a failure message may be sent by the server in a base64 encoded JSON string as a continuation response. Currently only implemented for OAUTHBEARER and not XAUTH2.
2015-11-14oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMPSteve Holme
OAUTHBEARER is now the official "registered" SASL mechanism name for OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some servers won't support the new mechanism yet.
2015-11-13openssl: Free modules on cleanupSebastian Pohlschmidt
Curl_ossl_init calls OPENSSL_load_builtin_modules() but Curl_ossl_cleanup doesn't make a call to free these modules. Bug: https://github.com/bagder/curl/issues/526
2015-11-13cleanup: general removal of TODO (and similar) commentsDaniel Stenberg
They tend to never get updated anyway so they're frequently inaccurate and we never go back to revisit them anyway. We document issues to work on properly in KNOWN_BUGS and TODO instead.
2015-11-13ftplistparser: remove empty functionDaniel Stenberg
2015-11-13openssl: remove #if check for 0.9.7 for ENGINE_load_private_keyDaniel Stenberg
2015-11-13openssl: all supported versions have X509_STORE_set_flagsDaniel Stenberg
Simplify by removing #ifdefs and macros
2015-11-13openssl: remove 0.9.3 checkDaniel Stenberg
2015-11-13openssl: remove #ifdefs for < 0.9.5 supportDaniel Stenberg
We only support >= 0.9.7
2015-11-13lib/vtls/openssl: remove unused traces of yassl ifdefsDaniel Stenberg
2015-11-12unit1603: Added unit tests for hash functionsdfandrich
2015-11-12sasl: Re-introduced XOAUTH2 in the default enabled authentication mechanismSteve Holme
Following the fix in commit d6d58dd558 it is necessary to re-introduce XOAUTH2 in the default enabled authentication mechanism, which was removed in commit 7b2012f262, otherwise users will have to specify AUTH=XOAUTH2 in the URL. Note: OAuth 2.0 will only be used when the bearer is specified.
2015-11-12sasl_sspi: fix identity memory leak in digest authenticationStefan Bühler
2015-11-12sasl_sspi: fixed unicode build for digest authenticationStefan Bühler
Closes #525
2015-11-12oauth2: Re-factored OAuth 2.0 state variableSteve Holme
2015-11-12sasl: Don't choose OAuth 2.0 if mechanism not advertisedSteve Holme
Regression from commit 9e8ced9890 which meant if --oauth2-bearer was specified but the SASL mechanism wasn't supported by the server then the mechanism would be chosen.
2015-11-11oauth2: Introduced support for host and port detailsSteve Holme
Added support to the OAuth 2.0 message function for host and port, in order to accommodate the official OAUTHBEARER SASL mechanism which is to be added shortly.
2015-11-11curl_setup.h: Removed duplicate CURL_DISABLE_RTSP when HTTP_ONLY definedSteve Holme
2015-11-11cmake: Add missing feature macros in config header (Part 2)Steve Holme
In addition to commit a215381c94 added the RTSP, RTMP and SMB protocols.
2015-11-10cmake: Add missing feature macros in config headerDouglas Creager
The curl_config.h file can be generated either from curl_config.h.cmake or curl_config.h.in, depending on whether you're building using CMake or the autotools. The CMake template header doesn't include entries for all of the protocols that you can disable, which (I think) means that you can't actually disable those protocols when building via CMake. Closes #523
2015-11-10BoringSSL: Work with stricter BIO_get_mem_data()Douglas Creager
BoringSSL implements `BIO_get_mem_data` as a function, instead of a macro, and expects the output pointer to be a `char **`. We have to add an explicit cast to grab the pointer as a `const char **`. Closes #524
2015-11-10http2: rectify the http2 version #if checkDaniel Stenberg
We need 1.0.0 or later. Also verified by configure.
2015-11-09oauth2: Don't use XAUTH2 in OAuth 2.0 function nameSteve Holme
2015-11-09oauth2: Don't use XOAUTH2 in OAuth 2.0 variablesSteve Holme
2015-11-09oauth2: Use OAuth 2.0 rather than XOAUTH2 in commentsSteve Holme
When referring to OAuth 2.0 we should use the official name rather the SASL mechanism name.
2015-11-09imap: avoid freeing constant stringDaniel Stenberg
The fix in 1a614c6c3 was wrong and would leed to free() of a fixed string. Pointed-out-by: Kamil Dudka
2015-11-08imap: Don't check for continuation when executing a CUSTOMREQUESTJustin Ehlert
Bug: https://github.com/bagder/curl/issues/486 Closes https://github.com/bagder/curl/pull/487
2015-11-07imap: checksrc: remove space after while before parenDaniel Stenberg
2015-11-07checksrc.whitelist: "missing space after close paren"Daniel Stenberg
... when it was within a string!
2015-11-07imap: Quote other 'atom-specials' and not just the space characterSteve Holme
Closes #517