Commit Graph

13387 Commits

Author SHA1 Message Date
Julien Chaffraix
87badbef84 krb5-gssapi: Remove several memory leaks.
Remove a leak seen on Kerberos/MIT (gss_OID is copied internally and
we were leaking it). Now we just pass NULL as advised in RFC2744.

|tmp| was never set back to buf->data.

Cleaned up Curl_sec_end to take into account failure in Curl_sec_login
(where conn->mech would be NULL but not conn->app_data or
conn->in_buffer->data).
2010-09-28 22:05:24 -07:00
Julien Chaffraix
e3811ed7c3 security.c: Remove Curl_sec_fflush_fd.
The current implementation would make us send wrong data on a closed
socket. We don't buffer our data so the method can be safely removed.
2010-09-28 22:05:24 -07:00
Julien Chaffraix
dacc44ddc2 security.c: We should always register the socket handler.
Following a change in the way socket handler are registered, the custom
recv and send method were conditionaly registered.
We need to register them everytime to handle the ftp security
extensions.

Re-added the clear text handling in sec_recv.
2010-09-28 22:05:24 -07:00
Julien Chaffraix
fc9f369829 security.c: Fix Curl_sec_login after rewrite.
Curl_sec_login was returning the opposite result that the code in ftp.c
was expecting. Simplified the return code (using a CURLcode) so to see
more clearly what is going on.
2010-09-28 22:05:24 -07:00
Julien Chaffraix
bfbc4c7e00 security.c: Readd the '\n' to the infof() calls.
They are not automatically added and make the output of the verbose
mode a lot more readable.
2010-09-28 22:05:24 -07:00
Julien Chaffraix
05b72a6af2 security.c: Fix typo (PSBZ -> PBSZ) 2010-09-28 22:05:24 -07:00
Julien Chaffraix
1e2056fecb security.c: Fix ftp_send_command.
My use of va_args was completely wrong. Fixed the usage so that
we send the right commands!
2010-09-28 22:05:24 -07:00
Daniel Stenberg
5df13c3173 curl_easy_escape: don't escape "unreserved" characters
According to RFC3986 section 2.3 the letters -, ., _ and ~ should not be
percent-encoded.

Reported by: Miguel Diaz
Bug: http://curl.haxx.se/mail/lib-2010-09/0227.html
2010-09-28 23:49:32 +02:00
Daniel Stenberg
ed4eecc05e multi: don't expire timeouts at disonnect or done
The functions Curl_disconnect() and Curl_done() are both used within the
scope of a single request so they cannot be allowed to use
Curl_expire(... 0) to kill all timeouts as there are some timeouts that
are set before a request that are supposed to remain until the request
is done.

The timeouts are now instead cleared at curl_easy_cleanup() and when the
multi state machine changes a handle to the complete state.
2010-09-28 23:49:32 +02:00
Dan Fandrich
7e1a45e224 Changed the TPF make file to get source files from Makefile.inc
Patch was fixed and validated by David McCreedy.
2010-09-27 17:47:20 -07:00
Dan Fandrich
e329586489 Added test case 1204 to test HTTP range failure
This is an attempt to reproduce bug #3076808
2010-09-27 16:44:12 -07:00
Dirk Manske
397e61128f multi_runsingle: set timeout error messages
With the latest changes to fix the timeout handling with multi interface
we lost the timeout error messages. This patch brings them back.
2010-09-27 21:12:49 +02:00
Daniel Stenberg
578e833d3b TODO-RELEASE: updated list of issues to work on 2010-09-27 18:25:33 +02:00
Daniel Stenberg
4d58f97f60 parsedate: allow time specified without seconds
The date format in RFC822 allows that the seconds part of HH:MM:SS is
left out, but this function didn't allow it. This change also includes a
modified test case that makes sure that this now works.

Reported by: Matt Ford
Bug: http://curl.haxx.se/bug/view.cgi?id=3076529
2010-09-27 16:54:02 +02:00
Daniel Stenberg
33c3bb057b TFTP: re-indented the source code
Just made sure that the good old curl indentation style is used all over
this file.
2010-09-26 23:38:00 +02:00
Tim Newsome
6bf2014745 TFTP: Work around tftpd-hpa upload bug
tftpd-hpa has a bug where it will send an incorrect ack when the block
counter wraps and tftp options have been sent. Work around that by
accepting an ack for 65535 when we're expecting one for 0.
2010-09-26 23:30:56 +02:00
Daniel Stenberg
a10f5b34ff Revert "security.c: buffer_read various fixes."
This reverts commit fbb38de415.
2010-09-24 00:20:02 +02:00
Daniel Stenberg
b1df37c60e security.c: removed superfluous parentheses
And also removed the FIXME where memory was zeroed just before freed,
and some other minor whitespace changes.
2010-09-22 23:41:28 +02:00
Julien Chaffraix
31d59fb2cc security.c: Update the #include statements after the rewrite. 2010-09-22 23:34:36 +02:00
Julien Chaffraix
562d40e671 security.c: sec_write tweaks
- |fd| is now a curl_socket_t and |len| a size_t to avoid conversions.
- Added 2 FIXMEs about the 2 unsigned -> signed conversions.
- Included 2 minor changes to Curl_sec_end.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
612832e4c0 security.c: _sec_send tweaks
- Renamed the method to sec_send now that we
  renamed sec_send to do_sec_send.
- Some more variable renaming.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
3c69a08e3b security.c: sec_read tweaks
- Renamed the function to sec_recv.
- Renamed the parameters and variable to match the rest of the code.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
5ea9e78bd7 security.c: Curl_sec_fflush_fd tweaks
- Use an early return as it makes the code more readable.
- Added a FIXME about a conversion.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
69d7c48072 security.c: sec_send tweaks
- Renamed it to do_sec_send as it is the function doing the actual
  transfer.
- Do not return any values as no one was checking it and it never
  reported a failure (added a FIXME about checking for errors).
- Renamed the variables to make their use more specific.
- Removed some casts (int -> curl_socket_t, ...)
- Avoid doing the htnl <-> nthl twice by caching the 2 results.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
7d4f8c2809 security.c: Curl_sec_read_msg tweaks
- Renamed the variables name to better match their intend.
- Unified the |decoded_len| checks.
- Added some FIXMEs to flag some improvement that did not go in this
  change.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
d23c59ecfc security.c: Curl_sec_set_protection_level tweaking
- Removed sec_prot_internal as it is now inlined in the function (this removed
  a redundant check).
- Changed the prototype to return an error code.
- Updated the method to use the new ftp_send_command function.
- Added a level_to_char helper method to avoid relying on the compiler's
  bound checks. This default to the maximum security we have in case of a
  wrong input.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
1d95a48fe9 security.c: factored the logic from Curl_sec_login into a dedicated method that better reflect its intent.
Introduced a helper method ftp_send_command that synchronously send
an FTP query.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
512a82d395 security.c: Remove out_buffer as it was never written into. 2010-09-22 23:34:36 +02:00
Julien Chaffraix
fbb38de415 security.c: buffer_read various fixes.
Tighten the type of the |data| parameter to avoid a cast. Also made
it const as we should not modify it.

Added a DEBUGASSERT on the size to be written while changing it.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
0006cdddee security.c: Made block_write return a CURLcode.
While doing so, renamed it to socket_write to better match its
function.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
b684ccd8b1 security.c: Made block_read and sec_get_data return CURLcode.
To do so, made block_read call Curl_read_plain instead of read.

While changing them renamed block_read to socket_read and sec_get_data
to read_data to better match their function.

Also fixed a potential memory leak in block_read.
2010-09-22 23:34:36 +02:00
Julien Chaffraix
3f64d05d34 Security.c: Fix headers guard to match the rest of the code. 2010-09-22 23:34:35 +02:00
Julien Chaffraix
e4128f90ba configure: Fix the LDAPS disable message
... for example when LDAP is not compiled.

Fixed the logic to match the rest of the options' message that is we
update the default message only if the option is not disabled after the
different checks.

Reported by: Guenter Knauf
2010-09-22 23:14:55 +02:00
Daniel Stenberg
e991a3536d RELEASE-NOTES: sync with 8665d4e5 and c-ares >= 1.6.0 note 2010-09-21 22:29:21 +02:00
Daniel Stenberg
8665d4e593 parse_remote_port: ignore colons without port number
Obviously, browsers ignore a colon without a following port number. Both
Firefox and Chrome just removes the colon for such URLs. This change
does not remove the colon for URLs sent over a HTTP proxy, so we should
consider doing that change as well.

Reported by: github user 'kreshano'
2010-09-21 19:51:30 +02:00
Daniel Stenberg
0e36bb71f2 RELEASE-NOTES: in sync with 19f45eaa79 2010-09-21 16:53:30 +02:00
Daniel Stenberg
19f45eaa79 duphandle: use ares_dup()
curl_easy_duphandle() was not properly duping the ares channel. The
ares_dup() function was introduced in c-ares 1.6.0 so by starting to use
this function we also raise the bar and require c-ares >= 1.6.0
(released Dec 9, 2008) for such builds.

Reported by: Ning Dong
Bug: http://curl.haxx.se/mail/lib-2010-08/0318.html
2010-09-21 16:41:14 +02:00
Hendrik Visage
70a025f3df MacOSX-Framework: updates for Snowleopard
1) PPC64 appears to be an 10.5 only supported architecture, so I
forced 10.5 for 64bit if there is a need for PPC64, else 64bit only
does x86_64

2) proper "make clean" after every ./configure. fixes a bug where
subsequent runs the 32bit do not get compiled

3) Added a version numbering curl-$VERSION} rather than the "stock standard" A
2010-09-21 00:07:45 +02:00
Daniel Stenberg
95e230c591 RELEASE-NOTES: synced with 5fcc4332d6
Removed the duplicate entry of Kamil in the credits.
2010-09-21 00:02:10 +02:00
Daniel Stenberg
5fcc4332d6 configure: don't enable RTMP if the lib detect fails
librtmp is often statically linked and using sub dependencies like
OpenSSL, so we need to make sure we can actually link with it properly
before enabling it. Otherwise we easily end up trying to link with a
RTMP lib that fails.
2010-09-20 23:56:51 +02:00
Daniel Stenberg
7d84113e1d TODO: added 8.4 non-gcrypt under GnuTLS
We must not assume gcrypt just because of GnuTLS
2010-09-20 23:19:51 +02:00
Daniel Stenberg
f3df524b62 configure: check for gcrypt if using GnuTLS
1 - libcurl assumes that there are gcrypt functions available when
GnuTLS is.

2 - GnuTLS can be built to use libnettle instead as crypto library,
which breaks assumption (1)

This change makes configure make sure that if GnuTLS is requested and
detected, it also makes sure that gcrypt is present or it errors
out. This is mostly a way to make the user more aware of this flaw, the
correct fix would be to detect which crypto layer that is in use and
adapt our code to use that instead of blindly assuming gcrypt.

Reported by: Michal Gorny
Bug: http://curl.haxx.se/bug/view.cgi?id=3071038
2010-09-20 23:19:07 +02:00
Daniel Stenberg
c47148f142 RELEASE-NOTES: sync from d2a7fd2fe6 to HEAD 2010-09-18 23:16:07 +02:00
Daniel Stenberg
8a00c94b0f FTP: fix bad check of Curl_timeleft() return code
When it returns 0 it means no timeout. Only a negative value means that
we're out of time.
2010-09-18 23:08:32 +02:00
Daniel Stenberg
9de4b26643 LDAP: moved variable declaration to avoid compiler warn
If built without HTTP or proxy support it would cause a compiler warning
due to the unused variable. I moved the declaration of it into the only
scope it is used.
2010-09-18 22:50:04 +02:00
Tor Arntsen
3208757c1a LDAP: Use FALSE instead of bool_false when setting bits.close
bool_false is the internal name used in the setup_once.h definition
we fall back to for non-C99 non-stdbool systems, it's not the actual
name to use in assignments (we use bool_false, bool_true there to
avoid global namespace problems, see comment in setup_once.h).
The correct C99 value to use is 'false', but let's use FALSE as
used elsewhere when assigning to bits.close. FALSE is set equal
to 'false' in setup_once.h when possible.

This fixes a build problem on C99 targets.
2010-09-18 14:27:08 +02:00
Tor Arntsen
fae19aed8d LDAP: Add missing declaration for 'result' 2010-09-18 14:23:34 +02:00
Mauro Iorio
c59dba338e LDAP: Support for tunnelling queries through HTTP proxy
As of curl-7.21.1 tunnelling ldap queries through HTTP Proxies is not
supported. Actually if --proxytunnel command-line option (or equivalent
CURLOPT_HTTPPROXYTUNNEL) is used for ldap queries like
ldap://ldap.my.server.com/... You are unable to successfully execute the
query. In facts ldap_*_bind is executed directly against the ldap server
and proxy is totally ignored. This is true for both openLDAP and
Microsoft LDAP API.

Step to reproduce the error:
Just launch "curl --proxytunnel --proxy 192.168.1.1:8080
ldap://ldap.my.server.com/dc=... "

This fix adds an invocation to Curl_proxyCONNECT against the provided
proxy address and on successful "CONNECT" it tunnels ldap query to the
final ldap server through the HTTP proxy. As far as I know Microsoft
LDAP APIs don't permit tunnelling in any way so the patch provided is
for OpenLDAP only.  The patch has been developed against OpenLDAP 2.4.23
and has been tested with Microsoft ISA Server 2006 and works properly
with basic, digest and NTLM authentication.
2010-09-18 00:03:23 +02:00
Daniel Stenberg
a76f852ca4 timeout: use the correct start value as offset
Rodric provide an awesome recipe that proved libcurl didn't timeout at
the requested time - it instead often timed out at [connect time] +
[timeout time] instead of the documented and intended [timeout time]
only. This bug was due to the code using the wrong base offset when
comparing against "now". I could also take the oppurtinity to simplify
the code by properly using of the generic help function for this:
Curl_timeleft.

Reported by: Rodric Glaser
Bug: http://curl.haxx.se/bug/view.cgi?id=3061535
2010-09-17 23:02:33 +02:00
Daniel Stenberg
3880dd3741 Curl_timeleft: avoid returning "no timeout" by mistake
As this function uses return code 0 to mean that there is no timeout, it
needs to check that it doesn't return a time left value that is exactly
zero. It could lead to libcurl doing an extra 1000 ms select() call and
thus not timing out as accurately as it should.

I fell over this bug when working on the bug 3061535 but this fix does
not correct that problem alone, although this is a problem that needs to
be fixed.

Reported by: Rodric Glaser
Bug: http://curl.haxx.se/bug/view.cgi?id=3061535
2010-09-17 22:58:08 +02:00