- Dec 21, 2013
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
The comment in the code mentions the zero terminating after having copied data, but it mistakingly zero terminated the source data and not the destination! This caused the test 864 problem discussed on the list: http://curl.haxx.se/mail/lib-2013-12/0113.html Signed-off-by: Daniel Stenberg <daniel@haxx.se>
-
Steve Holme authored
This reverts commit 727d798d.
-
Steve Holme authored
-
- Dec 20, 2013
-
-
Steve Holme authored
-
Steve Holme authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Steve Holme authored
Although highlighted by a bug in commit 1cfb436a, APOP authentication could be chosen if the server was to reply with an empty or missing timestamp in the server greeting and APOP was given in the capability list by the server.
-
Steve Holme authored
Added a loop to pop3_statemach_act() in which Curl_pp_readresp() is called until the cache is drained. Without this multiple responses received in a single packet could result in a hang or delay.
-
- Dec 19, 2013
-
-
Steve Holme authored
Similar to the processing of untagged CAPABILITY responses in IMAP and multi-line EHLO responses in SMTP, moved the processing of multi-line CAPA responses to pop3_state_capa_resp().
-
Steve Holme authored
In an effort to reduce what pop3_endofresp() does and bring the POP3 source back inline with the IMAP and SMTP protocols, moved the APOP detection into pop3_state_servergreet_resp().
-
Steve Holme authored
Bug: http://curl.haxx.se/bug/view.cgi?id=1313 Reported-by: Viktor Szakáts
-
- Dec 18, 2013
-
-
Daniel Stenberg authored
... it could be misleading a reader into thinking it _has_ to be encoded.
-
Steve Holme authored
Added support for downgrading the SASL authentication mechanism when the decoding of CRAM-MD5, DIGEST-MD5 and NTLM messages fails. This enhances the previously added support for graceful cancellation by allowing the client to retry a lesser SASL mechanism such as LOGIN or PLAIN, or even APOP / clear text (in the case of POP3 and IMAP) when supported by the server.
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
smtp.c:478:21: error: unused variable 'smtpc' [-Werror=unused-variable]
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
-
- Dec 17, 2013
-
-
Steve Holme authored
In preparation for the upcoming SASL downgrade feature renamed the imap__perform_authenticate(), pop3__perform_authenticate() and smtp__perform_authenticate() functions.
-
Daniel Stenberg authored
-
- Dec 16, 2013
-
-
Daniel Stenberg authored
... for the pending 7.34.0 release Upped the contributor count
-
Daniel Stenberg authored
24 new great friends
-
Daniel Stenberg authored
Security flaw CVE-2013-6422 This is conceptually the same problem and fix that 3c3622b6 brought to the OpenSSL backend and that resulted in CVE-2013-4545. This version of the problem was independently introduced to the GnuTLS backend with commit 59cf93cc, present in the code since the libcurl 7.21.4 release. Advisory: http://curl.haxx.se/docs/adv_20131217.html Bug: http://curl.haxx.se/mail/lib-2013-11/0214.html Reported-by: Marc Deslauriers
-
- Dec 15, 2013
-
-
Daniel Stenberg authored
...also added as KNOWN_BUG #87 with reference to bug #1294
-
Daniel Stenberg authored
Since all systems have inaccuracy in the timeout handling it is imperative that we add an inaccuracy margin to the general timeout and connecttimeout handling with the multi interface. This way, when the timeout fires we should be fairly sure that it has passed the timeout value and will be suitably detected. For cases where the timeout fire before the actual timeout, we would otherwise consume the timeout action and still not run the timeout code since the condition wasn't met. Reported-by: He Qin Bug: http://curl.haxx.se/bug/view.cgi?id=1298
-
- Dec 14, 2013
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
To avoid the regression when users pass in passwords containing semi- colons, we now drop the ability to set the login options with the same options. Support for login options in CURLOPT_USERPWD was added in 7.31.0. Test case 83 was modified to verify that colons and semi-colons can be used as part of the password when using -u (CURLOPT_USERPWD). Bug: http://curl.haxx.se/bug/view.cgi?id=1311 Reported-by: Petr Bahula Assisted-by: Steve Holme Signed-off-by: Daniel Stenberg <daniel@haxx.se>
-
Steve Holme authored
It is not 100% clear whether * should include clear text LOGIN or not from RFC-5092, however, including it is then consistent with current POP3 behaviour where clear text, APOP or SASL may be chosen.
-
- Dec 13, 2013
-
-
Steve Holme authored
If a specific SASL authentication mechanism was requested by the user as part of the login options but wasn't supported by the server then curl would fallback to clear text, when it shouldn't, rather than reporting "No known authentication mechanisms supported" as the POP3 and SMTP protocols do.
-