Age | Commit message (Collapse) | Author |
|
|
|
server.
|
|
|
|
|
|
got no notification, no mail, no nothing.
You didn't even bother to mail us when you went public with this. Cool.
NTLM buffer overflow fix, as reported here:
http://www.securityfocus.com/archive/1/391042
|
|
requested data from a host and then followed a redirect to another
host. libcurl then didn't use the proxy-auth properly in the second request,
due to the host-only check for original host name wrongly being extended to
the proxy auth as well. Added test case 233 to verify the flaw and that the
fix removed the problem.
|
|
Bug report #1124588 by David
|
|
that picks NTLM. Thanks to David Byron letting me test NTLM against his
servers, I could quickly repeat and fix the problem. It turned out to be:
When libcurl POSTs without knowing/using an authentication and it gets back a
list of types from which it picks NTLM, it needs to either continue sending
its data if it keeps the connection alive, or not send the data but close the
connection. Then do the first step in the NTLM auth. libcurl didn't send the
data nor close the connection but simply read the response-body and then sent
the first negotiation step. Which then failed miserably of course. The fixed
version forces a connection if there is more than 2000 bytes left to send.
|
|
do pretransfer stuff like Curl_pretransfer().
|
|
|
|
week day names and month names and servers don't like that.
|
|
|
|
|
|
at fixing this issue.
|
|
|
|
|
|
Don't free 'lud_dn' twice in case curl_unescape()
fails.
|
|
|
|
For ftp only?
|
|
|
|
The tag 'before_ftp_statemachine' was set just before this commit in case
of future need.
|
|
"Each command line must be terminated by a CRLF".
|
|
|
|
CURLE_OK or CURLE_OUT_OF_MEMORY.
Add typecast in hostares.c.
|
|
|
|
operation to the caller. Disconnecting has the disadvantage that the conn
pointer gets completely invalidated and this is not handled on lots of places
in the code.
|
|
produce a zlib error.
|
|
|
|
|
|
the buffer is already BUFSIZE +1 one big to fit the extra trailing zero. This
change is reported to fix David's weird SSL problem...
|
|
prevent memory leakage
|
|
properly, to avoid reading uninited variables when using file:// (valgrind)
|
|
|
|
gets closed just after the request has been sent failed and did not re-issue
a request on a fresh reconnect like the easy interface did. Now it does!
(define CURL_MULTIEASY, run test case 160)
|
|
that uses the multi interface to run the request. It is a great testbed for
the multi interface and I believe we shall do it this way for real in the
future when we have a successor to curl_multi_fdset().
|
|
|
|
libcurl leaked the last Location: URL.
|
|
timed out" even though the reason was different. Fixed this problem by not
setting this timeout to zero when using multi.
|
|
curl_easy_perform() invokes. It was previously unlocked at disconnect, which
could mean that it remained locked between multiple transfers. The DNS cache
may not live as long as the connection cache does, as they are separate.
To deal with the lack of DNS (host address) data availability in re-used
connections, libcurl now keeps a copy of the IP adress as a string, to be able
to show it even on subsequent requests on the same connection.
|
|
when built ipv6-enabled. I've now made a fix for it. Writing test cases for
custom port strings turned too tricky so unfortunately there's none.
|
|
present in RFC959... so now (lib)curl supports it as well. --ftp-account and
CURLOPT_FTP_ACCOUNT set the account string. (The server may ask for an account
string after PASS have been sent away. The client responds with "ACCT [account
string]".) Added test case 228 and 229 to verify the functionality. Updated
the test FTP server to support ACCT somewhat.
|
|
|
|
|
|
contains %0a or %0d in the user, password or CWD parts. (A future fix would
include doing it for %00 as well - see KNOWN_BUGS for details.) Test case 225
and 226 were added to verify this
|
|
GetCurrentProcess() twice; use a local variable.
|
|
1) the proxy environment variables are still read and used to set HTTP proxy
2) you couldn't disable http proxy with CURLOPT_PROXY (since the option was
disabled)
|
|
|
|
assumed this used the DICT protocol. While guessing protocols will remain
fuzzy, I've now made sure that the host names must start with "[protocol]."
for them to be a valid guessable name. I also removed "https" as a prefix that
indicates HTTPS, since we hardly ever see any host names using that.
|
|
Windows (unrelated to select). select() can never set errno
to EINTR on Windows.
|
|
|