aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2015-08-24ntlm: mark deliberate switch case fall-throughDaniel Stenberg
Coverity CID 1317367, "Missing break in switch"
2015-08-24http2: on_frame_recv: get a proper 'conn' for the debug loggingDaniel Stenberg
"Explicit null dereferenced (FORWARD_NULL)" Coverity CID 1317366
2015-08-22CURLOPT_DEFAULT_PROTOCOL: addedNathaniel Waisbrot
- Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default protocol for schemeless URLs. - Add new tool option --proto-default to expose CURLOPT_DEFAULT_PROTOCOL. In the case of schemeless URLs libcurl will behave in this way: When the option is used libcurl will use the supplied default. When the option is not used, libcurl will follow its usual plan of guessing from the hostname and falling back to 'http'.
2015-08-22NTLM: recent boringssl brought DES_set_odd_parity backDaniel Stenberg
... so improve the #ifdefs for using our local implementation.
2015-08-21openssl: handle lack of server cert when strict checking disabledAlessandro Ghedini
If strict certificate checking is disabled (CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST are disabled) do not fail if the server doesn't present a certificate at all. Closes #392
2015-08-21ftp: clear the do_more bit when the server has connectedDaniel Stenberg
The multi state machine would otherwise go into the DO_MORE state after DO, even for the case when the FTP state machine had already performed those duties, which caused libcurl to get stuck in that state and fail miserably. This occured for for active ftp uploads. Reported-by: Patricia Muscalu
2015-08-20rtsp: stop reading empty DESCRIBE responsesErik Janssen
Based-on-patch-by: Jim Hollinger
2015-08-20rtsp: support basic/digest authenticationErik Janssen
2015-08-19inet_pton.c: Fix MSVC run-time check failureMarcel Raad
Visual Studio complains with a message box: "Run-Time Check Failure #1 - A cast to a smaller data type has caused a loss of data. If this was intentional, you should mask the source of the cast with the appropriate bitmask. For example: char c = (i & 0xFF); Changing the code in this way will not affect the quality of the resulting optimized code." This is because only 'val' is cast to unsigned char, so the "& 0xff" has no effect. Closes #387
2015-08-18gitignore: Sort for readabilityJay Satiro
find . -name .gitignore -print0 | xargs -i -0 sort -o '{}' '{}'
2015-08-11http2: discard frames with no SessionHandleAnders Bakken
Return 0 instead of NGHTTP2_ERR_CALLBACK_FAILURE if we can't locate the SessionHandle. Apparently mod_h2 will sometimes send a frame for a stream_id we're finished with. Use nghttp2_session_get_stream_user_data and nghttp2_session_set_stream_user_data to identify SessionHandles instead of a hash. Closes #372
2015-08-10build: refer to fixed libidn versionsViktor Szakats
closes #371
2015-08-10SFTP: fix range request off-by-one in size checkDaniel Stenberg
Reported-by: Tim Stack Closes #359
2015-08-06NTLM: handle auth for only a single requestIsaac Boukris
Currently when the server responds with 401 on NTLM authenticated connection (re-used) we consider it to have failed. However this is legitimate and may happen when for example IIS is set configured to 'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header). Implemented by imploying an additional state once a connection is re-used to indicate that if we receive 401 we need to restart authentication. Closes #363
2015-08-02SSH: three state machine fixupsDaniel Stenberg
The SSH state machine didn't clear the 'rc' variable appropriately in a two places which prevented it from looping the way it should. And it lacked an 'else' statement that made it possible to erroneously get stuck in the SSH_AUTH_AGENT state. Reported-by: Tim Stack Closes #357
2015-08-02curl_gssapi: remove 'const' to fix compiler warningsDaniel Stenberg
initialization discards 'const' qualifier from pointer target type
2015-08-01sspi: Fix typo from left over from old code which referenced NTLMSteve Holme
References to NTLM in the identity generation should have been removed in commit c469941293 but not all were.
2015-08-01win32: Fix compilation warnings from commit 40c921f8b8Steve Holme
connect.c:953:5: warning: initializer element is not computable at load time connect.c:953:5: warning: missing initializer for field 'dwMinorVersion' of 'OSVERSIONINFOEX' curl_sspi.c:97:5: warning: initializer element is not computable at load time curl_sspi.c:97:5: warning: missing initializer for field 'szCSDVersion' of 'OSVERSIONINFOEX'
2015-08-01schannel: Fix compilation warning from commit 7a8e861a56Steve Holme
schannel.c:1125:5: warning: missing initializer for field 'dwMinorVersion' of 'OSVERSIONINFOEX' [-Wmissing-field-initializers
2015-07-30http: move HTTP/2 cleanup code off http_disconnect()Kamil Dudka
Otherwise it would never be called for an HTTP/2 connection, which has its own disconnect handler. I spotted this while debugging <https://bugzilla.redhat.com/1248389> where the http_disconnect() handler was called on an FTP session handle causing 'dnf' to crash. conn->data->req.protop of type (struct FTP *) was reinterpreted as type (struct HTTP *) which resulted in SIGSEGV in Curl_add_buffer_free() after printing the "Connection cache is full, closing the oldest one." message. A previously working version of libcurl started to crash after it was recompiled with the HTTP/2 support despite the HTTP/2 protocol was not actually used. This commit makes it work again although I suspect the root cause (reinterpreting session handle data of incompatible protocol) still has to be fixed. Otherwise the same will happen when mixing FTP and HTTP/2 connections and exceeding the connection cache limit. Reported-by: Tomas Tomecek Bug: https://bugzilla.redhat.com/1248389
2015-07-25HTTP: ignore "Content-Encoding: compress"Michael Kaufmann
Currently, libcurl rejects responses with "Content-Encoding: compress" when CURLOPT_ACCEPT_ENCODING is set to "". I think that libcurl should treat the Content-Encoding "compress" the same as other Content-Encodings that it does not support, e.g. "bzip2". That means just ignoring it.
2015-07-24openssl: work around MSVC warningMarcel Raad
MSVC 12 complains: lib\vtls\openssl.c(1554): warning C4701: potentially uninitialized local variable 'verstr' used It's a false positive, but as it's normally not, I have enabled warning-as-error for that warning.
2015-07-23http2: verify success of strchr() in http2_send()Kamil Dudka
Detected by Coverity. Error: NULL_RETURNS: lib/http2.c:1301: returned_null: "strchr" returns null (checked 103 out of 109 times). lib/http2.c:1301: var_assigned: Assigning: "hdbuf" = null return value from "strchr". lib/http2.c:1302: dereference: Incrementing a pointer which might be null: "hdbuf". 1300| 1301| hdbuf = strchr(hdbuf, 0x0a); 1302|-> ++hdbuf; 1303| 1304| authority_idx = 0;
2015-07-22Windows: Fix VerifyVersionInfo callsJay Satiro
- Fix the VerifyVersionInfo calls, which we use to test for the OS major version, to also test for the minor version as well as the service pack major and minor versions. MSDN: "If you are testing the major version, you must also test the minor version and the service pack major and minor versions." https://msdn.microsoft.com/en-us/library/windows/desktop/ms725492.aspx Bug: https://github.com/bagder/curl/pull/353#issuecomment-123493098 Reported-by: Marcel Raad <MarcelRaad@users.noreply.github.com>
2015-07-22schannel: Replace deprecated GetVersion with VerifyVersionInfoMarcel Raad
2015-07-21libcurl: VERSIONINFO updatePatrick Monnerat
Addition of new procedures curl_pushheader_bynum and curl_pushheader_byname requires VERSIONINFO updating.
2015-07-21http2: satisfy external references even if http2 is not compiled in.Patrick Monnerat
2015-07-20http2: add stream != NULL checks for reliabilityDaniel Stenberg
They should not trigger, but in case of internal problems we at least avoid crashes this way.
2015-07-17SSL: Add an option to disable certificate revocation checksJay Satiro
New tool option --ssl-no-revoke. New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS. Currently this option applies only to WinSSL where we have automatic certificate revocation checking by default. According to the ssl-compared chart there are other backends that have automatic checking (NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at some later point. Bug: https://github.com/bagder/curl/issues/264 Reported-by: zenden2k <zenden2k@gmail.com>
2015-07-16ntlm_wb: Fix theoretical memory leakDavid Woodhouse
Static analysis indicated that my commit 9008f3d564 ("ntlm_wb: Fix hard-coded limit on NTLM auth packet size") introduced a potential memory leak on an error path, because we forget to free the buffer before returning an error. Fix this. Although actually, it never happens in practice because we never *get* here with state == NTLMSTATE_TYPE1. The state is always zero. That might want cleaning up in a separate patch. Reported-by: Terri Oda
2015-07-15strerror: Add CRYPT_E_REVOKED to SSPI error stringsJay Satiro
2015-07-14openssl: VMS support for SHA256John Malmberg
setup-vms.h: More symbols for SHA256, hacks for older VAX openssl.h: Use OpenSSL OPENSSL_NO_SHA256 macro to allow building on VAX. openssl.c: Use OpenSSL version checks and OPENSSL_NO_SHA256 macro to allow building on VAX and 64 bit VMS.
2015-07-07http2: Fix memory leak in push header arrayTatsuhiro Tsujikawa
2015-07-02cyassl: fixed mismatched sha256sum function prototypeDan Fandrich
2015-07-01SSL: Pinned public key hash supportmoparisthebest
2015-07-01OpenVMS: VMS Software, Inc now the supplier.John Malmberg
setup-vms.h: Symbol case fixups submitted by Michael Steve build_gnv_curl_pcsi_desc.com: VSI aka as VMS Software, is now the supplier of new versions of VMS. The install kit needs to accept VSI as a producer.
2015-06-24http2: Use nghttp2 library error code for error return valueTatsuhiro Tsujikawa
2015-06-24http2: Harden header validation for curl_pushheader_bynameTatsuhiro Tsujikawa
Since we do prefix match using given header by application code against header name pair in format "NAME:VALUE", and VALUE part can contain ":", we have to careful about existence of ":" in header parameter. ":" should be allowed to match HTTP/2 pseudo-header field, and other use of ":" in header must be treated as error, and curl_pushheader_byname should return NULL. This commit implements this behaviour.
2015-06-24http2: curl_pushheader_byname now takes a const char *Daniel Stenberg
2015-06-24http2: free all header memory after the push callbackDaniel Stenberg
2015-06-24http2: init the pushed transfer properlyDaniel Stenberg
2015-06-24http2: fixed the header accessor functions for the push callbackDaniel Stenberg
2015-06-24http2: setup the new pushed stream properlyDaniel Stenberg
2015-06-24http2: initial implementation of the push callbackDaniel Stenberg
2015-06-23pretransfer: init state.infilesize here, not in add_handleDaniel Stenberg
... to properly support that options are set to the handle after it is added to the multi handle. Bug: http://curl.haxx.se/mail/lib-2015-06/0122.html Reported-by: Stefan Bühler
2015-06-18cookie: Fix bug in export if any-domain cookie is presentJay Satiro
In 3013bb6 I had changed cookie export to ignore any-domain cookies, however the logic I used to do so was incorrect, and would lead to a busy loop in the case of exporting a cookie list that contained any-domain cookies. The result of that is worse though, because in that case the other cookies would not be written resulting in an empty file once the application is terminated to stop the busy loop.
2015-06-18FTP: fixed compiling with --disable-proxy, broken in b88f980aDan Fandrich
2015-06-18Makefile.m32: add support for CURL_LDFLAG_EXTRASViktor Szakats
It is similar to existing CURL_CFLAG_EXTRAS, but for extra linker option.
2015-06-18RTSP: removed another piece of dead codeDaniel Stenberg
Coverity CID 1306668
2015-06-18openssl: fix use of uninitialized bufferDaniel Stenberg
Make sure that the error buffer is always initialized and simplify the use of it to make the logic easier. Bug: https://github.com/bagder/curl/issues/318 Reported-by: sneis