Age | Commit message (Collapse) | Author |
|
|
|
|
|
Reported-by: elsamuko at github
Fixes #3921
Closes #3922
|
|
Closes https://github.com/curl/curl/pull/3923
|
|
Regression since e91e48161235272ff485.
Reported-by: Tom Greenslade
Fixes #3924
Closes #3925
|
|
This reverts commit 3b06e68b7734cb10a555f9d7e804dd5d808236a4.
Clearly this change wasn't good enough as it broke CURLOPT_LOW_SPEED_LIMIT +
CURLOPT_LOW_SPEED_TIME
Reported-by: Dave Reisner
Fixes #3927
Closes #3928
|
|
Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in addition to the
authentication identity (authcid) and password when using SASL PLAIN
authentication.
Fixed #3653
Closes #3790
|
|
Also removed mentions from most docs.
Discussed: https://curl.haxx.se/mail/lib-2019-05/0045.html
Closes #3888
|
|
- adds the check to cmake
- fixes the configure check to work for cross-compiled windows builds
Closes #3917
|
|
If the proxy string is given as an IPv6 numerical address with a zone
id, make sure to use that for the connect to the proxy.
Reported-by: Edmond Yu
Fixes #3482
Closes #3918
|
|
Reported-by: GitYuanQu on github
Fixes #3902
Closes #3914
|
|
When compiling without getpeername() or getsockname(), the sockfd
paramter to Curl_udpateconninfo() became unused after commit e91e481612
added ifdef guards.
Closes #3910
Fixes https://curl.haxx.se/dev/log.cgi?id=20190520172441-32196
Reviewed-by: Marcel Raad, Daniel Stenberg
|
|
Commit e91e48161235272ff485ff32bd048c53af731f43 moved ftp_ccc in under
the FTP featureflag in the UserDefined struct, but vtls callsites were
still using it unprotected.
Closes #3912
Fixes: https://curl.haxx.se/dev/log.cgi?id=20190520044705-29865
Reviewed-by: Daniel Stenberg, Marcel Raad
|
|
Closes #3892
|
|
The longest currently registered URI scheme at IANA is 36 bytes long.
Closes #3905
Closes #3900
|
|
Fixes Codacy/CppCheck warnings.
Closes https://github.com/curl/curl/pull/3872
|
|
This way, we need only one call to free.
Closes https://github.com/curl/curl/pull/3873
|
|
sock was only used to be assigned to fd_read.
Closes https://github.com/curl/curl/pull/3873
|
|
bug: https://curl.haxx.se/docs/CVE-2019-5436.html
Reported-by: l00p3r on hackerone
CVE-2019-5436
|
|
When running a multi TLS backend build the version string needs more
buffer space. Make the internal ssl_buffer stack buffer match the one
in Curl_multissl_version() to allow for the longer string. For single
TLS backend builds there is no use in extended to buffer. This is a
fallout from #3863 which fixes up the multi_ssl string generation to
avoid a buffer overflow when the buffer is too small.
Closes #3875
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Currently when the server responds with 401 on NTLM authenticated
connection (re-used) we consider it to have failed. However this is
legitimate and may happen when for example IIS is set configured to
'authPersistSingleRequest' or when the request goes thru a proxy (with
'via' header).
Implemented by imploying an additional state once a connection is
re-used to indicate that if we receive 401 we need to restart
authentication.
Missed in fe6049f0.
|
|
Missed in 50b87c4e.
|
|
Missed in fe20826b as it wasn't implemented in http.c in b4d6db83.
Closes #3894
|
|
|
|
|
|
|
|
|
|
They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing
or rephrasing them.
Ref: #3876
Closes #3883
|
|
This brings the code inline with the other HTTP authentication mechanisms.
Closes #3890
|
|
As we treat a given proxy as a URL we should use the unified URL parser
to extract the parts out of it.
Closes #3878
|
|
Given that this member variable is not used by the SASL based protocols
there is no need to have it here.
Closes #3882
|
|
Given that this member variable is not used by the SASL based protocols
there is no need to have it here.
|
|
|
|
Given that Curl_disconnect() calls Curl_http_auth_cleanup_ntlm() prior
to calling conn_shutdown() and it in turn performs this, there is no
need to perform the same action in conn_shutdown().
Closes #3881
|
|
Updated test 1560 to verify.
Closes #3880
|
|
|
|
No need to set variables to zero as calloc() does this for us.
Closes #3879
|
|
In Curl_multissl_version() it was possible to overflow the passed in
buffer if the generated version string exceeded the size of the buffer.
Fix by inverting the logic, and also make sure to not exceed the local
buffer during the string generation.
Closes #3863
Reported-by: nevv on HackerOne/curl
Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For consistency and to a avoid confusion.
Closes #3869
|
|
I missed this one in commit 6b3dde7fe62ea5a557fd1fd323fac2bcd0c2e9be.
|
|
Codacy/CppCheck warns about this. Consistently use parentheses as we
already do in some places to silence the warning.
Closes https://github.com/curl/curl/pull/3866
|