aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2015-05-14Curl_conncache_add_conn: fix memory leak on OOMDaniel Stenberg
2015-05-12conncache: keep bundles on host+port bases, not only host namesDaniel Stenberg
Previously we counted all connections to a specific host name and that would be used for the CURLMOPT_MAX_HOST_CONNECTIONS check for example, while servers on different port numbers are normally considered different "origins" on the web and should thus be considered different hosts.
2015-05-12bundles: merged into conncache.cDaniel Stenberg
All the existing Curl_bundle* functions were only ever used from within the conncache.c file, so I moved them over and made them static (and removed the Curl_ prefix).
2015-05-12hostcache: made all host caches use structs, not pointersDaniel Stenberg
This avoids unnecessary dynamic allocs and as this also removed the last users of *hash_alloc() and *hash_destroy(), those two functions are now removed.
2015-05-12multi: converted socket hash into non-allocated structDaniel Stenberg
avoids extra dynamic allocation
2015-05-12connection cache: avoid Curl_hash_alloc()Daniel Stenberg
... by using plain structs instead of pointers for the connection cache, we can avoid several dynamic allocations that weren't necessary.
2015-05-08proxy: add newline to info messageDaniel Stenberg
2015-05-08FTP: fix dangling conn->ip_addr dereference on verbose EPSV.Patrick Monnerat
2015-05-08FTP: Make EPSV use the control IP address rather than the original host.Patrick Monnerat
This ensures an alternate address is not used. Does not apply to proxy tunnel.
2015-05-06netrc: Read in text mode when cygwinOrgad Shaneh
Use text mode when cygwin to eliminate trailing carriage returns. Bug: https://github.com/bagder/curl/pull/258
2015-05-04gtls: properly retrieve certificate statusAlessandro Ghedini
Also print the revocation reason if appropriate.
2015-05-04OpenSSL: conditional check for SSL3_RT_HEADERDaniel Stenberg
The symbol is fairly new. Reported-by: Kamil Dudka
2015-05-04openssl: skip trace outputs for ssl_ver == 0Daniel Stenberg
The OpenSSL trace callback is wonderfully undocumented but given a journey in the source code, it seems the cases were ssl_ver is zero doesn't follow the same pattern and thus turned out confusing and misleading. For now, we skip doing any CURLINFO_TEXT logging on those but keep sending them as CURLINFO_SSL_DATA_OUT/IN. Also, I added direction to the text info and I edited some functions slightly. Bug: https://github.com/bagder/curl/issues/219 Reported-by: Jay Satiro, Ashish Shukla
2015-05-02schannel.c: Small changesMarc Hoersken
2015-05-02schannel.c: Improve code path and readabilityMarc Hoersken
2015-05-02schannel.c: Improve error and return code handling upon aa99a63f03Marc Hoersken
2015-05-02schannel: fix regression in schannel_recvChris Araman
https://github.com/bagder/curl/issues/244 Commit 145c263 changed the behavior when Curl_read_plain returns CURLE_AGAIN. We now handle CURLE_AGAIN and SEC_I_CONTEXT_EXPIRED correctly.
2015-05-01Bug born in changes made several days ago 9a91e80.Marc Hoersken
Commit: https://github.com/bagder/curl/commit/926cb9f Reported-by: Ray Satiro
2015-04-30http_negotiate_sspi: added missing data variableDan Fandrich
2015-04-30build: update depedency versions, urls, example makefilesViktor Szakats
- update default versions of dependencies (except for rare/old platforms) - update urls - sync examples makefiles with main ones - remove line ending space
2015-04-30curl_multi_add_handle: next is already NULLAnders Bakken
2015-04-30schannel: Fix out of bounds arrayJay Satiro
Bug born in changes made several days ago 9a91e80. Bug: http://curl.haxx.se/mail/lib-2015-04/0199.html Reported-by: Brian Chrisman
2015-04-29lib/makefile.m32: add arch -m32/-m64 to LDFLAGSViktor Szakats
This fixes using a multi-target mingw distro to build curl .dll for the non-default target. (mirroring the same patch present in src/makefile.m32)
2015-04-28CURLOPT_HEADEROPT: default to separateDaniel Stenberg
Make the HTTP headers separated by default for improved security and reduced risk for information leakage. Bug: http://curl.haxx.se/docs/adv_20150429.html Reported-by: Yehezkel Horowitz, Oren Souroujon
2015-04-28hash: simplify Curl_str_key_compare()Daniel Stenberg
2015-04-28Negotiate: custom service names for SPNEGO.Linus Nielsen
* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME. * Add new curl options, --proxy-service-name and --service-name.
2015-04-27http2: unify http_conn variable names to 'c'Daniel Stenberg
2015-04-27ConnectionExists: call it multi-use instead of pipeliningDaniel Stenberg
So that it fits HTTP/2 as well
2015-04-27nss: fix compilation failure with old versions of NSSPaul Howarth
Bug: http://curl.haxx.se/mail/lib-2015-04/0095.html
2015-04-26schannel.c: Fix typo introduced with 3447c973d0Marc Hoersken
2015-04-26schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL errorMarc Hoersken
Reported-by: Brian Chrisman
2015-04-26schannel: re-indented file to follow curl style betterDaniel Stenberg
white space changes only
2015-04-26Curl_ossl_init: load builtin modulesDaniel Stenberg
To have engine modules work, we must tell openssl to load builtin modules first. Bug: https://github.com/bagder/curl/pull/206
2015-04-26openssl: fix serial number outputDaniel Stenberg
The code extracting the cert serial number was broken and didn't display it properly. Bug: https://github.com/bagder/curl/issues/235 Reported-by: dkjjr89
2015-04-26sasl_sspi: Populate domain from the realm in the challengeGrant Pannell
Without this, SSPI based digest auth was broken. Bug: https://github.com/bagder/curl/pull/141.patch
2015-04-24netrc: support 'default' tokenViktor Szakats
The 'default' token has no argument and means to match _any_ domain. It must be placed last if there are 'machine <name>' tokens in the same file. See full description here: https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-File.html
2015-04-22cyassl: Implement public key pinningJay Satiro
Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.
2015-04-22connectionexists: follow-up to fd9d3a1ef1fDaniel Stenberg
PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not enabled. Mistake-caught-by: Kamil Dudka
2015-04-22connectionexists: fix build without NTLMDaniel Stenberg
Do not access NTLM-specific struct fields when built without NTLM enabled! bug: http://curl.haxx.se/?i=231 Reported-by: Patrick Rapin
2015-04-22nss: implement public key pinning for NSS backendKamil Dudka
Bug: https://bugzilla.redhat.com/1195771
2015-04-22dist: include {src,lib}/checksrc.whitelistDaniel Stenberg
2015-04-21http_done: close Negotiate connections when doneDaniel Stenberg
When doing HTTP requests Negotiate authenticated, the entire connnection may become authenticated and not just the specific HTTP request which is otherwise how HTTP works, as Negotiate can basically use NTLM under the hood. curl was not adhering to this fact but would assume that such requests would also be authenticated per request. CVE-2015-3148 Bug: http://curl.haxx.se/docs/adv_20150422B.html Reported-by: Isaac Boukris
2015-04-21fix_hostname: zero length host name caused -1 index offsetDaniel Stenberg
If a URL is given with a zero-length host name, like in "http://:80" or just ":80", `fix_hostname()` will index the host name pointer with a -1 offset (as it blindly assumes a non-zero length) and both read and assign that address. CVE-2015-3144 Bug: http://curl.haxx.se/docs/adv_20150422D.html Reported-by: Hanno Böck
2015-04-21cookie: cookie parser out of boundary memory accessDaniel Stenberg
The internal libcurl function called sanitize_cookie_path() that cleans up the path element as given to it from a remote site or when read from a file, did not properly validate the input. If given a path that consisted of a single double-quote, libcurl would index a newly allocated memory area with index -1 and assign a zero to it, thus destroying heap memory it wasn't supposed to. CVE-2015-3145 Bug: http://curl.haxx.se/docs/adv_20150422C.html Reported-by: Hanno Böck
2015-04-21ConnectionExists: for NTLM re-use, require credentials to matchDaniel Stenberg
CVE-2015-3143 Bug: http://curl.haxx.se/docs/adv_20150422A.html Reported-by: Paras Sethia
2015-04-21openssl: add OPENSSL_NO_SSL3_METHOD checkbyronhe
2015-04-19vtls/openssl: use https in URLs and a comment typo fixedViktor Szakáts
2015-04-17Revert "HTTP: don't abort connections with pending Negotiate authentication"Daniel Stenberg
This reverts commit 5dc68dd6092a789bb5e0a67a1c1356ba87fdcbc6. Bug: https://github.com/bagder/curl/issues/223 Reported-by: Michael Osipov
2015-04-17cyassl: Fix include orderJay Satiro
Prior to this change CyaSSL's build options could redefine some generic build symbols. http://curl.haxx.se/mail/lib-2015-04/0069.html
2015-04-14cyassl: Add support for TLS extension SNIJay Satiro