Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-05-04 | openssl: biomem->data is not zero terminated | Daniel Stenberg | |
So printf(%s) on it or reading before bounds checking is wrong, fixing it. Could previously lead to reading out of boundary. Reported-by: Török Edwin | |||
2014-05-03 | easy_perform: spelling mistake in error message | Daniel Stenberg | |
2014-04-28 | copyright: Updated following recent edits | Steve Holme | |
2014-04-29 | Added a few more const where possible | Dan Fandrich | |
2014-04-27 | http2: Compile with latest nghttp2 | Tatsuhiro Tsujikawa | |
commit 6d5f40238028f2d8c (Apr 27) or later nghttp2 is now required | |||
2014-04-26 | INFILESIZE: fields in UserDefined must not be changed run-time | Daniel Stenberg | |
set.infilesize in this case was modified in several places, which could lead to repeated requests using the same handle to get unintendent/wrong consequences based on what the previous request did! | |||
2014-04-25 | nss: propagate blocking direction from NSPR I/O | Kamil Dudka | |
... during the non-blocking SSL handshake | |||
2014-04-23 | handler: make 'protocol' always specified as a single bit | Daniel Stenberg | |
This makes the findprotocol() function work as intended so that libcurl can properly be restricted to not support HTTP while still supporting HTTPS - since the HTTPS handler previously set both the HTTP and HTTPS bits in the protocol field. This fixes --proto and --proto-redir for most SSL protocols. This is done by adding a few new convenience defines that groups HTTP and HTTPS, FTP and FTPS etc that should then be used when the code wants to check for both protocols at once. PROTO_FAMILY_[protocol] style. Bug: https://github.com/bagder/curl/pull/97 Reported-by: drizzt | |||
2014-04-23 | cyassl: Use error-ssl.h when available | Dan Fandrich | |
Versions since at least 2.9.4 renamed error.h to error-ssl.h, so use whichever one is available. | |||
2014-04-22 | gtls: fix NULL pointer dereference | Daniel Stenberg | |
gnutls_x509_crt_import() must not be called with a NULL certificate Bug: http://curl.haxx.se/mail/lib-2014-04/0145.html Reported-by: Damian Dixon | |||
2014-04-22 | curl_global_init_mem: bump initialized even if already initialized | Daniel Stenberg | |
As this makes curl_global_init_mem() behave the same way as curl_global_init() already does in that aspect - the same number of curl_global_cleanup() calls is then required to again decrease the counter and then eventually do the cleanup. Bug: http://curl.haxx.se/bug/view.cgi?id=1362 Reported-by: Tristan | |||
2014-04-22 | nss: implement non-blocking SSL handshake | Kamil Dudka | |
2014-04-22 | nss: split Curl_nss_connect() into 4 functions | Kamil Dudka | |
2014-04-19 | multi.c: fix possible invalid memory access in case nfds overflows | Marc Hoersken | |
ufds might not be allocated in case nfds overflows to zero while extra_nfds is still non-zero. udfs is then accessed within the extra_nfds-based for loop. | |||
2014-04-19 | netrc.c: fix multiple possible dereferences of null pointers | Marc Hoersken | |
2014-04-19 | parsedate.c: check sscanf result before passing it to strlen | Marc Hoersken | |
2014-04-19 | telnet.c: check sscanf results before passing them to snprintf | Marc Hoersken | |
2014-04-19 | telnet.c: fix possible use of uninitialized variable | Marc Hoersken | |
2014-04-19 | telnet.c: fix possible use of non-null-terminated strings | Marc Hoersken | |
2014-04-19 | url.c: fix possible use of non-null-terminated string with strlen | Marc Hoersken | |
Follow up on b0e742544be22ede33206a597b22682e51e0c676 | |||
2014-04-19 | url.c: fix possible use of non-null-terminated string with strlen | Marc Hoersken | |
2014-04-18 | connect.c: fix multiple possible dereferences of null pointers | Marc Hoersken | |
In case the first address in the tempaddr array is NULL, the code would previously dereference an unchecked null pointer. | |||
2014-04-18 | tftp.c: fix possible dereference of null pointer | Marc Hoersken | |
2014-04-18 | socks_sspi.c: added pointer guards to FreeContextBuffer calls | Marc Hoersken | |
The FreeContextBuffer SAL declaration does not declare the pointer as optional, therefore it must not be NULL. | |||
2014-04-18 | md5.c: fix use of uninitialized variable | Marc Hoersken | |
2014-04-18 | curl_schannel.c: added explicit cast of structure pointers | Marc Hoersken | |
2014-04-18 | curl_schannel.c: fix possible dereference of null pointer | Marc Hoersken | |
2014-04-18 | imap: Extended FETCH support to include PARTIAL URL specifier | Steve Holme | |
2014-04-18 | url.c: Fixed typo in comment | Steve Holme | |
2014-04-18 | imap: Expanded mailbox SEARCH support to use URL query strings | Steve Holme | |
2014-04-18 | imap: Added support for parsing URL query strings | Steve Holme | |
Added support for parsing query strings from the URL as defined by RFC-5092. | |||
2014-04-18 | imap: Introduced the SEARCH state | Steve Holme | |
2014-04-18 | imap: Fixed untagged response detection when no data after command | Steve Holme | |
Should a command return untagged responses that contained no data then the imap_matchresp() function would not detect them as valid responses, as it wasn't taking the CRLF characters into account at the end of each line. | |||
2014-04-17 | README.http2: mention some alt-svc thoughts | Daniel Stenberg | |
2014-04-14 | url: only use if_nametoindex() if IFNAMSIZ is available | Dan Fandrich | |
2014-04-08 | sas: Added DIGEST-MD5 qop-option validation in native challange handling | Steve Holme | |
Given that we presently support "auth" and not "auth-int" or "auth-conf" for native challenge-response messages, added client side validation of the quality-of-protection options from the server's challenge message. | |||
2014-04-06 | strerror: fix comment about vxworks' strerror_r buffer size | Daniel Stenberg | |
Bug: http://curl.haxx.se/mail/lib-2014-04/0063.html Reported-by: Jeroen Koekkoek | |||
2014-04-06 | sasl: Added forward declaration of structures following recent changes | Steve Holme | |
To avoid urldata.h being included from the header file or that the source file has the correct include order as highlighted by one of the auto builds recently. | |||
2014-04-06 | sasl: Fixed compilation warning | Steve Holme | |
warning: no previous prototype for 'Curl_sasl_create_digest_md5_message' | |||
2014-04-06 | sasl: Added curl_memory.h include as per test 1132 | Steve Holme | |
2014-04-06 | sasl: Fixed compilation warning in SSPI builds | Steve Holme | |
warning: 'sasl_digest_get_key_value' defined but not used | |||
2014-04-06 | sasl: Corrected missing free of decoded challenge message from 607883f13c | Steve Holme | |
2014-04-06 | sasl: Corrected add of Curl_sasl_decode_digest_md5_message() from 2c49e96092 | Steve Holme | |
2014-04-06 | sasl: Post DIGEST-MD5 SSPI code tidy up | Steve Holme | |
* Added comments to SSPI NTLM message generation * Added comments to native DIGEST-MD5 code * Removed redundant identity pointer | |||
2014-04-06 | sasl: Corrected pre-processor inclusion of SSPI based DIGEST-MD5 code | Steve Holme | |
When CURL_DISABLE_CRYPTO_AUTH is defined the DIGEST-MD5 code should not be included, regardless of whether USE__WINDOWS_SSPI is defined or not. This is indicated by the definition of USE_HTTP_NEGOTIATE and USE_NTLM in curl_setup.h. | |||
2014-04-06 | sasl: Added support for DIGEST-MD5 via Windows SSPI | Steve Holme | |
2014-04-06 | http_negotiate_sspi: Fixed compilation when USE_HTTP_NEGOTIATE not defined | Steve Holme | |
2014-04-06 | Makefile.vc6: Added curl_sasl_sspi.c | Steve Holme | |
2014-04-06 | ntlm: Moved the identity generation into shared SSPI code | Steve Holme | |
2014-04-06 | sasl: Renamed SSPI module following short name clash | Steve Holme | |