Dan Fandrich [Mon, 28 Feb 2005 23:54:17 +0000 (23:54 +0000)]
Fix for a base64 decode heap buffer overflow vulnerability.
Dan Fandrich [Thu, 24 Feb 2005 18:54:23 +0000 (18:54 +0000)]
Fixed some compiler warnings. Fixed a low incidence memory leak in the test server.
Daniel Stenberg [Tue, 22 Feb 2005 18:39:40 +0000 (18:39 +0000)]
Updated as suggested by Samuel Díaz García
Daniel Stenberg [Tue, 22 Feb 2005 12:20:30 +0000 (12:20 +0000)]
krb4 fixed
Daniel Stenberg [Tue, 22 Feb 2005 12:10:30 +0000 (12:10 +0000)]
Curl_base64_decode() now returns an allocated buffer
Daniel Stenberg [Tue, 22 Feb 2005 07:44:14 +0000 (07:44 +0000)]
Thanks for the notification iDEFENCE. We are the "initial vendor" and we sure
got no notification, no mail, no nothing.
You didn't even bother to mail us when you went public with this. Cool.
NTLM buffer overflow fix, as reported here:
http://www.securityfocus.com/archive/1/391042
Daniel Stenberg [Sat, 19 Feb 2005 22:33:06 +0000 (22:33 +0000)]
added test case 234 which is like 233 but uses --location-trusted instead so
thus the second request to the new host will use authentication fine
Daniel Stenberg [Fri, 18 Feb 2005 23:53:07 +0000 (23:53 +0000)]
Ralph Mitchell reported a flaw when you used a proxy with auth, and you
requested data from a host and then followed a redirect to another
host. libcurl then didn't use the proxy-auth properly in the second request,
due to the host-only check for original host name wrongly being extended to
the proxy auth as well. Added test case 233 to verify the flaw and that the
fix removed the problem.
Daniel Stenberg [Fri, 18 Feb 2005 11:54:52 +0000 (11:54 +0000)]
socket leak, mingw build
Daniel Stenberg [Fri, 18 Feb 2005 08:24:53 +0000 (08:24 +0000)]
Based on Mike Dobbs' report, BUILDING_LIBCURL is now defined in here if it
runs to build with mingw.
Daniel Stenberg [Thu, 17 Feb 2005 14:45:03 +0000 (14:45 +0000)]
close the socket properly when returning error due to failing localbind
Bug report #1124588 by David
Daniel Stenberg [Thu, 17 Feb 2005 07:47:32 +0000 (07:47 +0000)]
mention filename= for the -F
Daniel Stenberg [Wed, 16 Feb 2005 14:31:23 +0000 (14:31 +0000)]
Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth"
that picks NTLM. Thanks to David Byron letting me test NTLM against his
servers, I could quickly repeat and fix the problem. It turned out to be:
When libcurl POSTs without knowing/using an authentication and it gets back a
list of types from which it picks NTLM, it needs to either continue sending
its data if it keeps the connection alive, or not send the data but close the
connection. Then do the first step in the NTLM auth. libcurl didn't send the
data nor close the connection but simply read the response-body and then sent
the first negotiation step. Which then failed miserably of course. The fixed
version forces a connection if there is more than 2000 bytes left to send.
Daniel Stenberg [Mon, 14 Feb 2005 23:50:29 +0000 (23:50 +0000)]
check for ENGINE_load_builtin_engines() as well if engine is around
Marty Kuhrt [Mon, 14 Feb 2005 22:37:59 +0000 (22:37 +0000)]
changed config-vms info
Marty Kuhrt [Mon, 14 Feb 2005 22:36:21 +0000 (22:36 +0000)]
changed curlmsg.* entries to see if CVS would ignore it now
Daniel Stenberg [Mon, 14 Feb 2005 09:30:40 +0000 (09:30 +0000)]
Rename Curl_pretransfersec() to *_second_connect() since it does not just
do pretransfer stuff like Curl_pretransfer().
Daniel Stenberg [Fri, 11 Feb 2005 22:50:57 +0000 (22:50 +0000)]
Fixed bad krb4 code. It always tried to use krb4 if built enabled.
Marty Kuhrt [Fri, 11 Feb 2005 22:42:16 +0000 (22:42 +0000)]
rename amigaos.c and nwlib.c if they exist before building
Daniel Stenberg [Fri, 11 Feb 2005 22:05:04 +0000 (22:05 +0000)]
Removed per Marty's request: The .h_* files aren't needed anymore, I
consolidated them into one file called config-vms.h. The curlmsg.h and .sdl
files are generated from the curlmsg.msg file and, thus, shouldn't be in the
dist.
Marty Kuhrt [Fri, 11 Feb 2005 21:17:23 +0000 (21:17 +0000)]
re-sync'd with curlmsg.msg
Marty Kuhrt [Fri, 11 Feb 2005 21:07:35 +0000 (21:07 +0000)]
ignore curlmsg.h and .sdl as they are generated by curlmsg.msg
Marty Kuhrt [Fri, 11 Feb 2005 21:01:52 +0000 (21:01 +0000)]
sync'd error codes with include/curl.h
Marty Kuhrt [Fri, 11 Feb 2005 20:17:21 +0000 (20:17 +0000)]
Added $Id$ and pre-exisiting logical check
Daniel Stenberg [Fri, 11 Feb 2005 19:34:05 +0000 (19:34 +0000)]
remove the check for strftime(), we don't need it
Daniel Stenberg [Fri, 11 Feb 2005 00:03:49 +0000 (00:03 +0000)]
Removed all uses of strftime() since it uses the localised version of the
week day names and month names and servers don't like that.
Daniel Stenberg [Thu, 10 Feb 2005 08:57:23 +0000 (08:57 +0000)]
valgrind stuff for test suite, vms build and more
Daniel Stenberg [Thu, 10 Feb 2005 08:50:33 +0000 (08:50 +0000)]
Moved out the valgrind report parser to valgrind.pm, to make it easier to
test it outside the test suite. Now we also disable valgrind usage if libcurl
was built shared, as then valgrind is only testing the wrapper-script running
shell which is pointless.
Daniel Stenberg [Thu, 10 Feb 2005 07:45:26 +0000 (07:45 +0000)]
typecast assign to ftpport from int to prevent warnings
Daniel Stenberg [Thu, 10 Feb 2005 07:45:08 +0000 (07:45 +0000)]
init fix for non-SSL builds
Marty Kuhrt [Thu, 10 Feb 2005 01:54:11 +0000 (01:54 +0000)]
Reduced the two config-vms.h_* files into this one.
Daniel Stenberg [Wed, 9 Feb 2005 23:16:03 +0000 (23:16 +0000)]
David Byron fixed his SSL problems, initially mentioned here:
http://curl.haxx.se/mail/lib-2005-01/0240.html. It turned out we didn't use
SSL_pending() as we should.
This was TODO-RELEASE issue #59.
Daniel Stenberg [Wed, 9 Feb 2005 23:09:12 +0000 (23:09 +0000)]
David Byron identified the lack of SSL_pending() use, and this is my take
at fixing this issue.
Daniel Stenberg [Wed, 9 Feb 2005 23:04:51 +0000 (23:04 +0000)]
better error checking and SSL init by David Byron
Daniel Stenberg [Wed, 9 Feb 2005 22:47:57 +0000 (22:47 +0000)]
prevent a compiler warning
Gisle Vanem [Wed, 9 Feb 2005 15:15:01 +0000 (15:15 +0000)]
Some functions are static here, but extern in libxml's
SAX.h. gcc doesn't like that. Rename.
Daniel Stenberg [Wed, 9 Feb 2005 14:34:46 +0000 (14:34 +0000)]
the new ftp code and Gisle's DICT fix
Daniel Stenberg [Wed, 9 Feb 2005 14:29:57 +0000 (14:29 +0000)]
issue #54 done
Gisle Vanem [Wed, 9 Feb 2005 14:28:35 +0000 (14:28 +0000)]
Set 'bits.close' in case of malloc fail.
Don't free 'lud_dn' twice in case curl_unescape()
fails.
Daniel Stenberg [Wed, 9 Feb 2005 14:13:21 +0000 (14:13 +0000)]
add missing error codes
Gisle Vanem [Wed, 9 Feb 2005 14:01:15 +0000 (14:01 +0000)]
Use CURL_SOCKET_BAD.
Gisle Vanem [Wed, 9 Feb 2005 13:59:40 +0000 (13:59 +0000)]
Handle CURLE_LOGIN_DENIED in strerror.c.
For ftp only?
Daniel Stenberg [Wed, 9 Feb 2005 13:47:35 +0000 (13:47 +0000)]
FD_SET can be big macro, use braces
Daniel Stenberg [Wed, 9 Feb 2005 13:06:40 +0000 (13:06 +0000)]
FTP code turned into state machine. Not completely yet, but a good start.
The tag 'before_ftp_statemachine' was set just before this commit in case
of future need.
Gisle Vanem [Wed, 9 Feb 2005 11:50:41 +0000 (11:50 +0000)]
Replace LF with CRLF. Ref RFC-2229, sec 2.3:
"Each command line must be terminated by a CRLF".
Daniel Stenberg [Tue, 8 Feb 2005 23:39:47 +0000 (23:39 +0000)]
-O clarification
Daniel Stenberg [Tue, 8 Feb 2005 19:07:28 +0000 (19:07 +0000)]
inflate and out of memory fixes
Daniel Stenberg [Tue, 8 Feb 2005 19:03:27 +0000 (19:03 +0000)]
ares_gethostbyname wants a 'ares_host_callback' in the 4th argument
Gisle Vanem [Tue, 8 Feb 2005 12:36:13 +0000 (12:36 +0000)]
Curl_addrinfo?_callback() and addrinfo_callback() now returns
CURLE_OK or CURLE_OUT_OF_MEMORY.
Add typecast in hostares.c.
Gisle Vanem [Tue, 8 Feb 2005 12:32:28 +0000 (12:32 +0000)]
Don't free too much in freedirs() if realloc() fails.
Daniel Stenberg [Tue, 8 Feb 2005 07:36:57 +0000 (07:36 +0000)]
Curl_wait_for_resolv() no longer disconnects on failure, but leaves that
operation to the caller. Disconnecting has the disadvantage that the conn
pointer gets completely invalidated and this is not handled on lots of places
in the code.
Dan Fandrich [Mon, 7 Feb 2005 19:12:37 +0000 (19:12 +0000)]
Fix for a bug report that compressed files that are exactly 64 KiB long
produce a zlib error.
Gisle Vanem [Sun, 6 Feb 2005 12:43:40 +0000 (12:43 +0000)]
Preserve previous status in Curl_http_done().
Daniel Stenberg [Sat, 5 Feb 2005 10:25:20 +0000 (10:25 +0000)]
valgrind errors occur too often when 'make test' is used. It is because too
many third-party libs and tools have problems. When curl is built without
--disable-shared, the testing is done with a front-end script which makes the
valgrind testing include (ba)sh as well and that often causes valgrind
errors. Either we improve the valgrind error scanner a lot to better identify
(lib)curl errors only, or we disable valgrind checking by default
Daniel Stenberg [Fri, 4 Feb 2005 23:53:12 +0000 (23:53 +0000)]
fix type
Daniel Stenberg [Fri, 4 Feb 2005 23:43:44 +0000 (23:43 +0000)]
Eric Vergnaud found a use of an uninitialized variable
Daniel Stenberg [Fri, 4 Feb 2005 13:42:41 +0000 (13:42 +0000)]
David Byron pointed out that this -1 on the buffer size is pointless since
the buffer is already BUFSIZE +1 one big to fit the extra trailing zero. This
change is reported to fix David's weird SSL problem...
Daniel Stenberg [Wed, 2 Feb 2005 19:25:49 +0000 (19:25 +0000)]
another example
Daniel Stenberg [Wed, 2 Feb 2005 19:25:37 +0000 (19:25 +0000)]
HTML parsing example with libtidy, by Jeff Pohlmeyer
Daniel Stenberg [Tue, 1 Feb 2005 08:46:06 +0000 (08:46 +0000)]
and we start over again
Daniel Stenberg [Tue, 1 Feb 2005 07:54:36 +0000 (07:54 +0000)]
7.13 coming up
Daniel Stenberg [Mon, 31 Jan 2005 20:03:01 +0000 (20:03 +0000)]
somewhat nicer libcurl usage
Daniel Stenberg [Mon, 31 Jan 2005 18:23:42 +0000 (18:23 +0000)]
htmltitle
Daniel Stenberg [Mon, 31 Jan 2005 18:22:40 +0000 (18:22 +0000)]
HTML <head> parsing (with libxml) example code by Lars Nilsson.
Daniel Stenberg [Sun, 30 Jan 2005 22:57:19 +0000 (22:57 +0000)]
four changes
Daniel Stenberg [Sun, 30 Jan 2005 22:54:06 +0000 (22:54 +0000)]
if the DO operation returns failure, bail out and close down nicely to
prevent memory leakage
Daniel Stenberg [Sun, 30 Jan 2005 13:26:12 +0000 (13:26 +0000)]
Let's add a cookie interface in 7.14
Daniel Stenberg [Sun, 30 Jan 2005 12:56:36 +0000 (12:56 +0000)]
Bugfixed the parser that scans the valgrind report outputs. I noticed that it
previously didn't detect and report the "Conditional jump or move depends on
uninitialised value(s)" error.
When I fixed this, I caught a few curl bugs with it. And then I had to spend
time to make the test suite IGNORE these errors when OpenSSL is used since it
produce massive amounts of valgrind warnings (but only of the "Conditional..."
kind it seems).
So, if a test that requires SSL is run, it ignores the "Conditional..."
errors, and you'll get a "valgrind PARTIAL" output instead of "valgrind OK".
Daniel Stenberg [Sun, 30 Jan 2005 12:53:05 +0000 (12:53 +0000)]
properly mark tests as requiring feature 'SSL'
Daniel Stenberg [Sun, 30 Jan 2005 12:42:15 +0000 (12:42 +0000)]
Use calloc() to save us the memset() call and terminate conn->host.name
properly, to avoid reading uninited variables when using file:// (valgrind)
Daniel Stenberg [Sat, 29 Jan 2005 23:46:27 +0000 (23:46 +0000)]
Clear the urlglob struct when allocated, since we might otherwise use
uninitialized variables. Pointed out to us by the friendly Valgrind.
Daniel Stenberg [Sat, 29 Jan 2005 22:38:45 +0000 (22:38 +0000)]
include "url.h" for the Curl_safefree() proto
Daniel Stenberg [Sat, 29 Jan 2005 22:31:06 +0000 (22:31 +0000)]
Using the multi interface, and doing a requsted a re-used connection that
gets closed just after the request has been sent failed and did not re-issue
a request on a fresh reconnect like the easy interface did. Now it does!
(define CURL_MULTIEASY, run test case 160)
Daniel Stenberg [Sat, 29 Jan 2005 22:26:38 +0000 (22:26 +0000)]
Define CURL_MULTIEASY when building this, to use my new curl_easy_perform()
that uses the multi interface to run the request. It is a great testbed for
the multi interface and I believe we shall do it this way for real in the
future when we have a successor to curl_multi_fdset().
Daniel Stenberg [Sat, 29 Jan 2005 13:54:15 +0000 (13:54 +0000)]
corrected the URL
Daniel Stenberg [Sat, 29 Jan 2005 13:07:16 +0000 (13:07 +0000)]
conn->ip_addr MUST NOT be used on re-used connections
Daniel Stenberg [Sat, 29 Jan 2005 13:06:31 +0000 (13:06 +0000)]
when using valgrind, include a much longer stack trace
Daniel Stenberg [Sat, 29 Jan 2005 12:01:20 +0000 (12:01 +0000)]
multi interface: when a request is denied due to "Maximum redirects followed"
libcurl leaked the last Location: URL.
Daniel Stenberg [Fri, 28 Jan 2005 23:21:24 +0000 (23:21 +0000)]
Connect failures with the multi interface was often returned as "connect()
timed out" even though the reason was different. Fixed this problem by not
setting this timeout to zero when using multi.
Daniel Stenberg [Fri, 28 Jan 2005 22:22:59 +0000 (22:22 +0000)]
adjusted to the moved unlock of the DNS entry
Daniel Stenberg [Fri, 28 Jan 2005 22:14:48 +0000 (22:14 +0000)]
KNOWN_BUGS #17 fixed. A DNS cache entry may not remain locked between two
curl_easy_perform() invokes. It was previously unlocked at disconnect, which
could mean that it remained locked between multiple transfers. The DNS cache
may not live as long as the connection cache does, as they are separate.
To deal with the lack of DNS (host address) data availability in re-used
connections, libcurl now keeps a copy of the IP adress as a string, to be able
to show it even on subsequent requests on the same connection.
Daniel Stenberg [Fri, 28 Jan 2005 08:26:36 +0000 (08:26 +0000)]
Stephen More pointed out that CURLOPT_FTPPORT and the -P option didn't work
when built ipv6-enabled. I've now made a fix for it. Writing test cases for
custom port strings turned too tricky so unfortunately there's none.
Daniel Stenberg [Thu, 27 Jan 2005 23:03:02 +0000 (23:03 +0000)]
test the EPRT/LPRT/PORT somewhat more
Daniel Stenberg [Thu, 27 Jan 2005 22:40:56 +0000 (22:40 +0000)]
Use the same work-around for the memdebug stuff as in the command line client,
to allow the contents of the env var decide the file name.
Daniel Stenberg [Thu, 27 Jan 2005 15:59:01 +0000 (15:59 +0000)]
a slightly involved work-around to prevent the debug-tracing from logging
a free-without-alloc as the first call
Daniel Stenberg [Thu, 27 Jan 2005 15:51:03 +0000 (15:51 +0000)]
Make the debug build get the debug dump file path from the environment
variable to allow the test suite to better control where it ends up.
Daniel Stenberg [Thu, 27 Jan 2005 12:59:40 +0000 (12:59 +0000)]
verify a part of the PORT line
Daniel Stenberg [Wed, 26 Jan 2005 23:18:31 +0000 (23:18 +0000)]
Make the server ignore the given PORT address, to make it possible to test
curl's -P option easier.
Daniel Stenberg [Wed, 26 Jan 2005 12:05:33 +0000 (12:05 +0000)]
added more official web and download mirrors
Daniel Stenberg [Wed, 26 Jan 2005 11:53:49 +0000 (11:53 +0000)]
new curlpp URL
Daniel Stenberg [Wed, 26 Jan 2005 11:53:12 +0000 (11:53 +0000)]
fixed sort, mention C, the java binding is now maintained by Vic Hanson
Daniel Stenberg [Tue, 25 Jan 2005 23:40:35 +0000 (23:40 +0000)]
add number to the bugs to make them easier to refer to
Daniel Stenberg [Tue, 25 Jan 2005 22:21:42 +0000 (22:21 +0000)]
two known bugs
Daniel Stenberg [Tue, 25 Jan 2005 22:13:12 +0000 (22:13 +0000)]
Ian Ford asked about support for the FTP command ACCT, and I discovered it is
present in RFC959... so now (lib)curl supports it as well. --ftp-account and
CURLOPT_FTP_ACCOUNT set the account string. (The server may ask for an account
string after PASS have been sent away. The client responds with "ACCT [account
string]".) Added test case 228 and 229 to verify the functionality. Updated
the test FTP server to support ACCT somewhat.
Daniel Stenberg [Tue, 25 Jan 2005 21:45:03 +0000 (21:45 +0000)]
A minor "syntax error" in numerous test files corrected
Daniel Stenberg [Tue, 25 Jan 2005 13:59:48 +0000 (13:59 +0000)]
new web mirror
Daniel Stenberg [Tue, 25 Jan 2005 12:06:12 +0000 (12:06 +0000)]
--protocols is added in 7.13.0
Daniel Stenberg [Tue, 25 Jan 2005 09:29:05 +0000 (09:29 +0000)]
David Shaw contributed a fairly complete and detailed autoconf macro you can
use to detect libcurl and setup variables for the protocols the installed
libcurl supports: docs/libcurl/libcurl.m4
Daniel Stenberg [Tue, 25 Jan 2005 00:06:29 +0000 (00:06 +0000)]
Use plain structs and not typedef'ed ones in the hash and linked-list code.
Daniel Stenberg [Sun, 23 Jan 2005 00:08:56 +0000 (00:08 +0000)]
two options less