Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-04-22 | gtls: fix NULL pointer dereference | Daniel Stenberg | |
gnutls_x509_crt_import() must not be called with a NULL certificate Bug: http://curl.haxx.se/mail/lib-2014-04/0145.html Reported-by: Damian Dixon | |||
2014-04-22 | curl_global_init_mem: bump initialized even if already initialized | Daniel Stenberg | |
As this makes curl_global_init_mem() behave the same way as curl_global_init() already does in that aspect - the same number of curl_global_cleanup() calls is then required to again decrease the counter and then eventually do the cleanup. Bug: http://curl.haxx.se/bug/view.cgi?id=1362 Reported-by: Tristan | |||
2014-04-22 | nss: implement non-blocking SSL handshake | Kamil Dudka | |
2014-04-22 | nss: split Curl_nss_connect() into 4 functions | Kamil Dudka | |
2014-04-19 | multi.c: fix possible invalid memory access in case nfds overflows | Marc Hoersken | |
ufds might not be allocated in case nfds overflows to zero while extra_nfds is still non-zero. udfs is then accessed within the extra_nfds-based for loop. | |||
2014-04-19 | netrc.c: fix multiple possible dereferences of null pointers | Marc Hoersken | |
2014-04-19 | parsedate.c: check sscanf result before passing it to strlen | Marc Hoersken | |
2014-04-19 | telnet.c: check sscanf results before passing them to snprintf | Marc Hoersken | |
2014-04-19 | telnet.c: fix possible use of uninitialized variable | Marc Hoersken | |
2014-04-19 | telnet.c: fix possible use of non-null-terminated strings | Marc Hoersken | |
2014-04-19 | url.c: fix possible use of non-null-terminated string with strlen | Marc Hoersken | |
Follow up on b0e742544be22ede33206a597b22682e51e0c676 | |||
2014-04-19 | url.c: fix possible use of non-null-terminated string with strlen | Marc Hoersken | |
2014-04-18 | connect.c: fix multiple possible dereferences of null pointers | Marc Hoersken | |
In case the first address in the tempaddr array is NULL, the code would previously dereference an unchecked null pointer. | |||
2014-04-18 | tftp.c: fix possible dereference of null pointer | Marc Hoersken | |
2014-04-18 | socks_sspi.c: added pointer guards to FreeContextBuffer calls | Marc Hoersken | |
The FreeContextBuffer SAL declaration does not declare the pointer as optional, therefore it must not be NULL. | |||
2014-04-18 | md5.c: fix use of uninitialized variable | Marc Hoersken | |
2014-04-18 | curl_schannel.c: added explicit cast of structure pointers | Marc Hoersken | |
2014-04-18 | curl_schannel.c: fix possible dereference of null pointer | Marc Hoersken | |
2014-04-18 | imap: Extended FETCH support to include PARTIAL URL specifier | Steve Holme | |
2014-04-18 | url.c: Fixed typo in comment | Steve Holme | |
2014-04-18 | imap: Expanded mailbox SEARCH support to use URL query strings | Steve Holme | |
2014-04-18 | imap: Added support for parsing URL query strings | Steve Holme | |
Added support for parsing query strings from the URL as defined by RFC-5092. | |||
2014-04-18 | imap: Introduced the SEARCH state | Steve Holme | |
2014-04-18 | imap: Fixed untagged response detection when no data after command | Steve Holme | |
Should a command return untagged responses that contained no data then the imap_matchresp() function would not detect them as valid responses, as it wasn't taking the CRLF characters into account at the end of each line. | |||
2014-04-17 | README.http2: mention some alt-svc thoughts | Daniel Stenberg | |
2014-04-14 | url: only use if_nametoindex() if IFNAMSIZ is available | Dan Fandrich | |
2014-04-08 | sas: Added DIGEST-MD5 qop-option validation in native challange handling | Steve Holme | |
Given that we presently support "auth" and not "auth-int" or "auth-conf" for native challenge-response messages, added client side validation of the quality-of-protection options from the server's challenge message. | |||
2014-04-06 | strerror: fix comment about vxworks' strerror_r buffer size | Daniel Stenberg | |
Bug: http://curl.haxx.se/mail/lib-2014-04/0063.html Reported-by: Jeroen Koekkoek | |||
2014-04-06 | sasl: Added forward declaration of structures following recent changes | Steve Holme | |
To avoid urldata.h being included from the header file or that the source file has the correct include order as highlighted by one of the auto builds recently. | |||
2014-04-06 | sasl: Fixed compilation warning | Steve Holme | |
warning: no previous prototype for 'Curl_sasl_create_digest_md5_message' | |||
2014-04-06 | sasl: Added curl_memory.h include as per test 1132 | Steve Holme | |
2014-04-06 | sasl: Fixed compilation warning in SSPI builds | Steve Holme | |
warning: 'sasl_digest_get_key_value' defined but not used | |||
2014-04-06 | sasl: Corrected missing free of decoded challenge message from 607883f13c | Steve Holme | |
2014-04-06 | sasl: Corrected add of Curl_sasl_decode_digest_md5_message() from 2c49e96092 | Steve Holme | |
2014-04-06 | sasl: Post DIGEST-MD5 SSPI code tidy up | Steve Holme | |
* Added comments to SSPI NTLM message generation * Added comments to native DIGEST-MD5 code * Removed redundant identity pointer | |||
2014-04-06 | sasl: Corrected pre-processor inclusion of SSPI based DIGEST-MD5 code | Steve Holme | |
When CURL_DISABLE_CRYPTO_AUTH is defined the DIGEST-MD5 code should not be included, regardless of whether USE__WINDOWS_SSPI is defined or not. This is indicated by the definition of USE_HTTP_NEGOTIATE and USE_NTLM in curl_setup.h. | |||
2014-04-06 | sasl: Added support for DIGEST-MD5 via Windows SSPI | Steve Holme | |
2014-04-06 | http_negotiate_sspi: Fixed compilation when USE_HTTP_NEGOTIATE not defined | Steve Holme | |
2014-04-06 | Makefile.vc6: Added curl_sasl_sspi.c | Steve Holme | |
2014-04-06 | ntlm: Moved the identity generation into shared SSPI code | Steve Holme | |
2014-04-06 | sasl: Renamed SSPI module following short name clash | Steve Holme | |
2014-04-05 | sasl: Added initial stub functions for SSPI DIGEST-MD support | Steve Holme | |
2014-04-05 | sasl: Combined DIGEST-MD5 message decoding and generation | Steve Holme | |
2014-04-05 | http2: Compile with current nghttp2, which supports h2-11 | Tatsuhiro Tsujikawa | |
2014-04-04 | PROXYHEADER: send these headers in "normal" proxy requests too | Daniel Stenberg | |
Updated the docs to clarify and the code accordingly, with test 1528 to verify: When CURLHEADER_SEPARATE is set and libcurl is asked to send a request to a proxy but it isn't CONNECT, then _both_ header lists (CURLOPT_HTTPHEADER and CURLOPT_PROXYHEADER) will be used since the single request is then made for both the proxy and the server. | |||
2014-04-04 | CURLOPT_HEADEROPT: added | Daniel Stenberg | |
Modified the logic so that CURLOPT_HEADEROPT now controls if PROXYHEADER is actually used or not. | |||
2014-04-04 | CURLOPT_PROXYHEADER: set headers for proxy-only | Daniel Stenberg | |
Includes docs and new test cases: 1525, 1526 and 1527 Co-written-by: Vijay Panghal | |||
2014-04-04 | HTTP: don't send Content-Length: 0 _and_ Expect: 100-continue | Daniel Stenberg | |
Without request body there's no point in asking for 100-continue. Bug: http://curl.haxx.se/bug/view.cgi?id=1349 Reported-by: JimS | |||
2014-04-03 | ftp: in passive data connect wait for happy eyeballs sockets | Daniel Stenberg | |
When doing passive FTP, the multi state function needs to extract and use the happy eyeballs sockets to wait for to check for completion! Bug: http://curl.haxx.se/mail/lib-2014-02/0135.html (ruined) Reported-by: Alan | |||
2014-04-03 | http2+openssl: fix compiler warnings in ALPN using code | Daniel Stenberg | |