aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2016-04-03vauth: Removed the need for a separate GSS-API based SPN functionSteve Holme
2016-04-03curl_sasl: Fixed potential null pointer utilisationSteve Holme
Although this should never happen due to the relationship between the 'mech' and 'resp' variables, and the way they are allocated together, it does cause problems for code analysis tools: V595 The 'mech' pointer was utilized before it was verified against nullptr. Check lines: 376, 381. curl_sasl.c 376 Bug: https://github.com/curl/curl/issues/745 Reported-by: Alexis La Goutte
2016-04-03spnego: Small code tidy upSteve Holme
* Prefer dereference of string pointer rather than strlen() * Free challenge pointer in one place * Additional comments
2016-04-03krb5: Small code tidy upSteve Holme
* Prefer dereference of string pointer rather than strlen() * Free challenge pointer in one place * Additional comments
2016-04-03krb5_gssapi: Only process challenge when presentSteve Holme
This wouldn't cause a problem because of the way the function is called, but prior to this change, we were processing the challenge message when the credentials were NULL rather than when the challenge message was populated. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
2016-04-03krb5: Fixed missing client response when mutual authentication enabledSteve Holme
Although mutual authentication is currently turned off and can only be enabled by changing libcurl source code, authentication using Kerberos 5 has been broken since commit 79543caf90 in this use case.
2016-04-03krb5_sspi: Only process challenge when presentSteve Holme
This wouldn't cause a problem because of the way the function is called, but prior to this change, we were processing the challenge message when the credentials were NULL rather than when the challenge message was populated. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
2016-04-03krb5_sspi: Only generate the output token when its not allocatedSteve Holme
Prior to this change, we were generating the output token when the credentials were NULL rather than when the output token was NULL. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
2016-04-03krb5: Only generate a SPN when its not knownSteve Holme
Prior to this change, we were generating the SPN in the SSPI code when the credentials were NULL and in the GSS-API code when the context was empty. It is better to decouple the SPN generation from these checks and only generate it when the SPN itself is NULL. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
2016-04-03checksrc.whitelist: remove fopen() usesDaniel Stenberg
2016-04-03formdata: use appropriate fopen() macrosDaniel Stenberg
2016-04-03checksrc: improve the fopen() parser somewhatDaniel Stenberg
The quote scanner was too fragile, now look for a comma instead to find the mode argument.
2016-04-02http2: make use of the nghttp2 error callbackDaniel Stenberg
It offers extra info from nghttp2 in certain error cases. Like for example when trying prior-knowledge http2 on a server that doesn't speak http2 at all. The error message is passed on as a verbose message to libcurl. Discussed in #722 The error callback was added in nghttp2 1.9.0
2016-04-02spnego: Renamed the context's SPN variableSteve Holme
To be consistent with the Kerberos 5 context and other authentication code.
2016-04-02krb5_gssapi: Renamed the status variablesSteve Holme
For consistency with the spnego code.
2016-04-02krb5: Moved host from Curl_auth_create_gssapi_user_message() to be argumentSteve Holme
For consistency with the spnego and oauth2 code moved the setting of the host name outside of the Curl_auth_create_gssapi_user_messag() function. This will allow us to more easily override it in the future.
2016-04-01http_negotiate: Corrected host and proxy host name being wrong way roundSteve Holme
I had accidentally used the proxy server name for the host and the host server name for the proxy in commit ad5e9bfd5d and 6d6f9ca1d9. Whilst Windows SSPI was quite happy with this, GSS-API wasn't. Thanks-to: Michael Osipov
2016-04-01IMAP: check pointer before dereferencing itehlertjd@gmail.com
may be null in the CURLOPT_CONNECT_ONLY case Fixes #747
2016-04-01curl_memory.h: Fixed typo in commentSteve Holme
From commit 7218b52c49.
2016-04-01spnego: Corrected some typos in commentsSteve Holme
Corrected typos from commit ad5e9bfd5d and 6d6f9ca1d9.
2016-04-01memdebug: Ensure curl/curl.h is included before curl_memory.hSteve Holme
Follow up to commit 7db9782dd6.
2016-04-01upload: missing rewind call could make libcurl hangDaniel Stenberg
When an upload is done, there are two places where that can be detected and only one of them would rewind the input stream - which sometimes is necessary for example when doing NTLM HTTP POSTs and more. This could then end up libcurl hanging. Figured-out-by: Isaac Boukris Reported-by: Anatol Belski Fixes #741
2016-04-01curl.h: define CURL_DID_MEMORY_FUNC_TYPEDEFSDaniel Stenberg
So that we only do the extra typedefs in curl_memory.h when we really need to and avoid double typedefs. follow-up commit to 7218b52c49aeb1 Thanks-to: Steve Holme
2016-04-01curl/mprintf.h: remove support for _MPRINTF_REPLACEDaniel Stenberg
The define is not in our name space and is therefore not protected by our API promises. It was only really used by libcurl internals but was mostly erased from there already in 8aabbf5 (March 2015). This is supposedly the final death blow to that define from everywhere. As a side-effect, making sure _MPRINTF_REPLACE is gone and not used, I made the lib tests in tests/libtest/ use curl_printf.h for its redefine magic and then subsequently the use of sprintf() got banned in the tests as well (as it is in libcurl internals) and I then replaced them all with snprintf(). In the unlikely event that any users is actually using this define and gets sad by this change, it is very easily copied to the user's own code.
2016-04-01curl_memory.h: avoid the curl/curl.h includeDaniel Stenberg
Discussed in #743
2016-04-01url: Corrected get protocol family for FTP and LDAPSteve Holme
Fixed copy/paste error from commit a5aec58726.
2016-03-31strerror: don't bit shift a signed integerJay Satiro
Bug: https://github.com/curl/curl/issues/744 Reported-by: Alexis La Goutte
2016-03-31http2: support "prior knowledge", no upgrade from HTTP/1.1Diego Bes
Supports HTTP/2 over clear TCP - Optimize switching to HTTP/2 by removing calls to init and setup before switching. Switching will eventually call setup and setup calls init. - Supports new version to “force” the use of HTTP/2 over clean TCP - Add common line parameter “--http2-prior-knowledge” to the Curl command line tool.
2016-03-31imap: remove duplicated functionDaniel Stenberg
The list and search response functions were identical! Merged into one now. Detected by PVS Studio. Reported-by: Alexis La Goutte
2016-03-31SOCKS5_gssapi_negotiate: don't assume little-endian intsDaniel Stenberg
The code copied one byte from a 32bit integer, which works fine as long as the byte order is the same. Not a fine assumption. Reported by PVS Studio. Reported-by: Alexis La Goutte
2016-03-31http: remove ((expression)) double parenthesesDaniel Stenberg
2016-03-31Curl_add_buffer_send: avoid possible NULL dereferenceDaniel Stenberg
... as we check for a NULL pointer below, we move the derefence to after the check. Detected by PVS Studio. Reported-by: Alexis La Goutte
2016-03-31file: remove duplicate checks of the same variableDaniel Stenberg
... as it doesn't change in between. Deteced by PVS Studio. Reported-by: Alexis La Goutte
2016-03-30openssl: Fix compilation warningsMarcel Raad
When compiling with OpenSSL 1.1.0 (so that the HAVE_X509_GET0_SIGNATURE && HAVE_X509_GET0_EXTENSIONS pre-processor block is active), Visual C++ 14 complains: warning C4701: potentially uninitialized local variable 'palg' used warning C4701: potentially uninitialized local variable 'psig' used
2016-03-30multi: turn Curl_done into file local multi_doneDaniel Stenberg
... as it now is used by multi.c only.
2016-03-30multi: multi_reconnect_request is the former Curl_reconnect_requestDaniel Stenberg
now a file local function in multi.c
2016-03-30multi: move Curl_do and Curl_do_done to multi.c and make staticDaniel Stenberg
... called multi_do and multi_do_done as they're file local now.
2016-03-29wolfssl: Use ECC supported curves extensionJay Satiro
https://github.com/wolfSSL/wolfssl/issues/366
2016-03-29GSS: make Curl_gss_log_error more verboseIsaac Boukris
Also display the GSS_C_GSS_CODE (major code) when specified instead of only GSS_C_MECH_CODE (minor code). In addition, the old code was printing a colon twice after the prefix and also miscalculated the length of the buffer in between calls to gss_display_status (the length of ": " was missing). Also, gss_buffer is not guaranteed to be NULL terminated and thus need to restrict reading by its length. Closes #738
2016-03-29http2: set correct scheme in handler structs [regression]Daniel Stenberg
Since commit a5aec58 the handler schemes need to match for the connections to be reused and for HTTP/2 multiplexing to work, reusing connections is very important! Closes #736
2016-03-29hostip.c: minor white space edit for styleDaniel Stenberg
2016-03-28wolfssl: Add ALPN supportJay Satiro
2016-03-27http_ntlm: Renamed from curl_ntlm.[c|h]Steve Holme
Renamed the header and source files for this module as they are HTTP specific and as such, they should use the naming convention as other HTTP authentication source files do - this revert commit 260ee6b7bf. Note: We could also rename curl_ntlm_wb.[c|h], however, the Winbind code needs separating from the HTTP protocol and migrating into the vauth directory, thus adding support for Winbind to the SASL based protocols such as IMAP, POP3 and SMTP.
2016-03-27SSH: new CURLOPT_QUOTE command "statvfs"marquis-de-muesli
usage: "statvfs path" returns remote file system statistics
2016-03-27SSH: support CURLINFO_FILETIMEmarquis-de-muesli
2016-03-26url: don't use bad offset in tld_check_name to show errorJay Satiro
libidn's tld_check_lz returns an error offset of the first character that it failed to process, however that offset is not a byte offset and may not even be in the locale encoding therefore we can't use it to show the user the character that failed to process. Bug: https://github.com/curl/curl/issues/731 Reported-by: Karlson2k
2016-03-26http_negotiate: Combine GSS-API and SSPI source filesSteve Holme
As the GSS-API and SSPI based source files are no longer library/API specific, following the extraction of that authentication code to the vauth directory, combine these files rather than maintain two separate versions.
2016-03-26vauth: Moved the Negotiate authentication code to the new vauth directorySteve Holme
Part 2 of 2 - Moved the GSS-API based Negotiate authentication code.
2016-03-26vauth: Moved the Negotiate authentication code to the new vauth directorySteve Holme
Part 1 of 2 - Moved the SSPI based Negotiate authentication code.
2016-03-26warnless.h: Removed spurious character from commit 696bc6b9c9Steve Holme
Not picked up by checksrc or Visual Studio but my own code review, this would haven broken Intel based Unix builds - Perhaps I should learn to type on my laptop's keyboard before committing!