aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2005-02-28Fix for a base64 decode heap buffer overflow vulnerability.Dan Fandrich
2005-02-24Fixed some compiler warnings. Fixed a low incidence memory leak in the test ↵Dan Fandrich
server.
2005-02-22krb4 fixedDaniel Stenberg
2005-02-22Curl_base64_decode() now returns an allocated bufferDaniel Stenberg
2005-02-22Thanks for the notification iDEFENCE. We are the "initial vendor" and we sureDaniel Stenberg
got no notification, no mail, no nothing. You didn't even bother to mail us when you went public with this. Cool. NTLM buffer overflow fix, as reported here: http://www.securityfocus.com/archive/1/391042
2005-02-18Ralph Mitchell reported a flaw when you used a proxy with auth, and youDaniel Stenberg
requested data from a host and then followed a redirect to another host. libcurl then didn't use the proxy-auth properly in the second request, due to the host-only check for original host name wrongly being extended to the proxy auth as well. Added test case 233 to verify the flaw and that the fix removed the problem.
2005-02-17close the socket properly when returning error due to failing localbindDaniel Stenberg
Bug report #1124588 by David
2005-02-16Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth"Daniel Stenberg
that picks NTLM. Thanks to David Byron letting me test NTLM against his servers, I could quickly repeat and fix the problem. It turned out to be: When libcurl POSTs without knowing/using an authentication and it gets back a list of types from which it picks NTLM, it needs to either continue sending its data if it keeps the connection alive, or not send the data but close the connection. Then do the first step in the NTLM auth. libcurl didn't send the data nor close the connection but simply read the response-body and then sent the first negotiation step. Which then failed miserably of course. The fixed version forces a connection if there is more than 2000 bytes left to send.
2005-02-14Rename Curl_pretransfersec() to *_second_connect() since it does not justDaniel Stenberg
do pretransfer stuff like Curl_pretransfer().
2005-02-11Fixed bad krb4 code. It always tried to use krb4 if built enabled.Daniel Stenberg
2005-02-11Removed all uses of strftime() since it uses the localised version of theDaniel Stenberg
week day names and month names and servers don't like that.
2005-02-10typecast assign to ftpport from int to prevent warningsDaniel Stenberg
2005-02-10init fix for non-SSL buildsDaniel Stenberg
2005-02-09David Byron identified the lack of SSL_pending() use, and this is my takeDaniel Stenberg
at fixing this issue.
2005-02-09better error checking and SSL init by David ByronDaniel Stenberg
2005-02-09prevent a compiler warningDaniel Stenberg
2005-02-09Set 'bits.close' in case of malloc fail.Gisle Vanem
Don't free 'lud_dn' twice in case curl_unescape() fails.
2005-02-09Use CURL_SOCKET_BAD.Gisle Vanem
2005-02-09Handle CURLE_LOGIN_DENIED in strerror.c.Gisle Vanem
For ftp only?
2005-02-09FD_SET can be big macro, use bracesDaniel Stenberg
2005-02-09FTP code turned into state machine. Not completely yet, but a good start.Daniel Stenberg
The tag 'before_ftp_statemachine' was set just before this commit in case of future need.
2005-02-09Replace LF with CRLF. Ref RFC-2229, sec 2.3:Gisle Vanem
"Each command line must be terminated by a CRLF".
2005-02-08ares_gethostbyname wants a 'ares_host_callback' in the 4th argumentDaniel Stenberg
2005-02-08Curl_addrinfo?_callback() and addrinfo_callback() now returnsGisle Vanem
CURLE_OK or CURLE_OUT_OF_MEMORY. Add typecast in hostares.c.
2005-02-08Don't free too much in freedirs() if realloc() fails.Gisle Vanem
2005-02-08Curl_wait_for_resolv() no longer disconnects on failure, but leaves thatDaniel Stenberg
operation to the caller. Disconnecting has the disadvantage that the conn pointer gets completely invalidated and this is not handled on lots of places in the code.
2005-02-07Fix for a bug report that compressed files that are exactly 64 KiB longDan Fandrich
produce a zlib error.
2005-02-06Preserve previous status in Curl_http_done().Gisle Vanem
2005-02-04Eric Vergnaud found a use of an uninitialized variableDaniel Stenberg
2005-02-04David Byron pointed out that this -1 on the buffer size is pointless sinceDaniel Stenberg
the buffer is already BUFSIZE +1 one big to fit the extra trailing zero. This change is reported to fix David's weird SSL problem...
2005-01-30if the DO operation returns failure, bail out and close down nicely toDaniel Stenberg
prevent memory leakage
2005-01-30Use calloc() to save us the memset() call and terminate conn->host.nameDaniel Stenberg
properly, to avoid reading uninited variables when using file:// (valgrind)
2005-01-29include "url.h" for the Curl_safefree() protoDaniel Stenberg
2005-01-29Using the multi interface, and doing a requsted a re-used connection thatDaniel Stenberg
gets closed just after the request has been sent failed and did not re-issue a request on a fresh reconnect like the easy interface did. Now it does! (define CURL_MULTIEASY, run test case 160)
2005-01-29Define CURL_MULTIEASY when building this, to use my new curl_easy_perform()Daniel Stenberg
that uses the multi interface to run the request. It is a great testbed for the multi interface and I believe we shall do it this way for real in the future when we have a successor to curl_multi_fdset().
2005-01-29conn->ip_addr MUST NOT be used on re-used connectionsDaniel Stenberg
2005-01-29multi interface: when a request is denied due to "Maximum redirects followed"Daniel Stenberg
libcurl leaked the last Location: URL.
2005-01-28Connect failures with the multi interface was often returned as "connect()Daniel Stenberg
timed out" even though the reason was different. Fixed this problem by not setting this timeout to zero when using multi.
2005-01-28KNOWN_BUGS #17 fixed. A DNS cache entry may not remain locked between twoDaniel Stenberg
curl_easy_perform() invokes. It was previously unlocked at disconnect, which could mean that it remained locked between multiple transfers. The DNS cache may not live as long as the connection cache does, as they are separate. To deal with the lack of DNS (host address) data availability in re-used connections, libcurl now keeps a copy of the IP adress as a string, to be able to show it even on subsequent requests on the same connection.
2005-01-28Stephen More pointed out that CURLOPT_FTPPORT and the -P option didn't workDaniel Stenberg
when built ipv6-enabled. I've now made a fix for it. Writing test cases for custom port strings turned too tricky so unfortunately there's none.
2005-01-25Ian Ford asked about support for the FTP command ACCT, and I discovered it isDaniel Stenberg
present in RFC959... so now (lib)curl supports it as well. --ftp-account and CURLOPT_FTP_ACCOUNT set the account string. (The server may ask for an account string after PASS have been sent away. The client responds with "ACCT [account string]".) Added test case 228 and 229 to verify the functionality. Updated the test FTP server to support ACCT somewhat.
2005-01-25Use plain structs and not typedef'ed ones in the hash and linked-list code.Daniel Stenberg
2005-01-21FTP third transfer support overhaul. See CHANGES for details.Daniel Stenberg
2005-01-19Stephan Bergmann made libcurl return CURLE_URL_MALFORMAT if an FTP URLDaniel Stenberg
contains %0a or %0d in the user, password or CWD parts. (A future fix would include doing it for %00 as well - see KNOWN_BUGS for details.) Test case 225 and 226 were added to verify this
2005-01-19Don't copy 'stderr' for Win-CE in IPv6 code. Don't callGisle Vanem
GetCurrentProcess() twice; use a local variable.
2005-01-19Stephan Bergmann pointed out two flaws in libcurl built with HTTP disabled:Daniel Stenberg
1) the proxy environment variables are still read and used to set HTTP proxy 2) you couldn't disable http proxy with CURLOPT_PROXY (since the option was disabled)
2005-01-18Cody Jones' enhanced version of Samuel Díaz García's MSVC makefile patch.Daniel Stenberg
2005-01-16Alex aka WindEagle pointed out that when doing "curl -v dictionary.com", curlDaniel Stenberg
assumed this used the DICT protocol. While guessing protocols will remain fuzzy, I've now made sure that the host names must start with "[protocol]." for them to be a valid guessable name. I also removed "https" as a prefix that indicates HTTPS, since we hardly ever see any host names using that.
2005-01-15errrno can by freak accident become EINTR on DOS orGisle Vanem
Windows (unrelated to select). select() can never set errno to EINTR on Windows.
2005-01-14Added README.hostipDaniel Stenberg