Skip to content
  1. Aug 27, 2013
  2. Aug 26, 2013
  3. Aug 25, 2013
  4. Aug 24, 2013
    • Daniel Stenberg's avatar
      FAQ: editorial updates · 1a911f7e
      Daniel Stenberg authored
      Several language fixes. Several reformats that should make the HTML
      generation of this document look better.
      
      Reported-by: Dave Thompson
      1a911f7e
  5. Aug 23, 2013
  6. Aug 22, 2013
  7. Aug 21, 2013
  8. Aug 20, 2013
    • Daniel Stenberg's avatar
      CURLM_ADDED_ALREADY: new error code · 19122c07
      Daniel Stenberg authored
      Doing curl_multi_add_handle() on an easy handle that is already added to
      a multi handle now returns this error code. It previously returned
      CURLM_BAD_EASY_HANDLE for this condition.
      19122c07
    • Daniel Stenberg's avatar
      multi_init: moved init code here from add_handle · c346c4c8
      Daniel Stenberg authored
      The closure_handle is "owned" by the multi handle and it is
      unconditional so the setting up of it should be in the Curl_multi_handle
      function rather than curl_multi_add_handle.
      c346c4c8
    • Daniel Stenberg's avatar
      multi: remove dns cache creation code from *add_handle · bc7d806e
      Daniel Stenberg authored
      As it is done unconditionally in multi_init() this code will never run!
      bc7d806e
    • Daniel Stenberg's avatar
      curl_easy_perform_ev: debug/test function · 6cf8413e
      Daniel Stenberg authored
      This function is meant to work *exactly* as curl_easy_perform() but will
      use the event-based libcurl API internally instead of
      curl_multi_perform(). To avoid relying on an actual event-based library
      and to not use non-portable functions (like epoll or similar), there's a
      rather inefficient emulation layer implemented on top of Curl_poll()
      instead.
      
      There's currently some convenience logging done in curl_easy_perform_ev
      which helps when tracking down problems. They may be suitable to remove
      or change once things seem to be fine enough.
      
      curl has a new --test-event option when built with debug enabled that
      then uses curl_easy_perform_ev() instead of curl_easy_perform(). If
      built without debug, using --test-event will only output a warning
      message.
      
      NOTE: curl_easy_perform_ev() is not part if the public API on purpose.
      It is only present in debug builds of libcurl and MUST NOT be considered
      stable even then. Use it for libcurl-testing purposes only.
      
      runtests.pl now features an -e command line option that makes it use
      --test-event for all curl command line tests. The man page is updated.
      6cf8413e
    • Gisle Vanem's avatar
    • Daniel Stenberg's avatar
      e4a1888b
    • Jonathan Nieder's avatar
      url: handle arbitrary-length username and password before '@' · 2f1a0bc0
      Jonathan Nieder authored
      libcurl quietly truncates usernames, passwords, and options from
      before an '@' sign in a URL to 255 (= MAX_CURL_PASSWORD_LENGTH - 1)
      characters to fit in fixed-size buffers on the stack.  Allocate a
      buffer large enough to fit the parsed fields on the fly instead to
      support longer passwords.
      
      After this change, there are no more uses of MAX_CURL_OPTIONS_LENGTH
      left, so stop defining that constant while at it.  The hardcoded max
      username and password length constants, on the other hand, are still
      used in HTTP proxy credential handling (which this patch doesn't
      touch).
      
      Reported-by: Colby Ranger
      2f1a0bc0
    • Jonathan Nieder's avatar
      url: handle exceptional cases first in parse_url_login() · 09ddb1d6
      Jonathan Nieder authored
      Instead of nesting "if(success)" blocks and leaving the reader in
      suspense about what happens in the !success case, deal with failure
      cases early, usually with a simple goto to clean up and return from
      the function.
      
      No functional change intended.  The main effect is to decrease the
      indentation of this function slightly.
      09ddb1d6
    • Jonathan Nieder's avatar
      Curl_setopt: handle arbitrary-length username and password · 15f76bf7
      Jonathan Nieder authored
      libcurl truncates usernames, passwords, and options set with
      curl_easy_setopt to 255 (= MAX_CURL_PASSWORD_LENGTH - 1) characters.
      This doesn't affect the return value from curl_easy_setopt(), so from
      the caller's point of view, there is no sign anything strange has
      happened, except that authentication fails.
      
      For example:
      
        # Prepare a long (300-char) password.
        s=0123456789; s=$s$s$s$s$s$s$s$s$s$s; s=$s$s$s;
        # Start a server.
        nc -l -p 8888 | tee out & pid=$!
        # Tell curl to pass the password to the server.
        curl --user me:$s http://localhost:8888 & sleep 1; kill $pid
        # Extract the password.
        userpass=$(
      	awk '/Authorization: Basic/ {print $3}' <out |
      	tr -d '\r' |
      	base64 -d
        )
        password=${userpass#me:}
        echo ${#password}
      
      Expected result: 300
      Actual result: 255
      
      The fix is simple: allocate appropriately sized buffers on the heap
      instead of trying to squeeze the provided values into fixed-size
      on-stack buffers.
      
      Bug: http://bugs.debian.org/719856
      Reported-by: Colby Ranger
      15f76bf7
    • Jonathan Nieder's avatar
      netrc: handle longer username and password · 36585b53
      Jonathan Nieder authored
      libcurl truncates usernames and passwords it reads from .netrc to
      LOGINSIZE and PASSWORDSIZE (64) characters without any indication to
      the user, to ensure the values returned from Curl_parsenetrc fit in a
      caller-provided buffer.
      
      Fix the interface by passing back dynamically allocated buffers
      allocated to fit the user's input.  The parser still relies on a
      256-character buffer to read each line, though.
      
      So now you can include an ~246-character password in your .netrc,
      instead of the previous limit of 63 characters.
      
      Reported-by: Colby Ranger
      36585b53
    • Jonathan Nieder's avatar
      url: allocate username, password, and options on the heap · 11baffbf
      Jonathan Nieder authored
      This makes it possible to increase the size of the buffers when needed
      in later patches.  No functional change yet.
      11baffbf
    • Jonathan Nieder's avatar
      url: use goto in create_conn() for exception handling · 53333a43
      Jonathan Nieder authored
      Instead of remembering before each "return" statement which temporary
      allocations, if any, need to be freed, take care to set pointers to
      NULL when no longer needed and use a goto to a common block to exit
      the function and free all temporaries.
      
      No functional change intended.  Currently the only temporary buffer in
      this function is "proxy" which is already correctly freed when
      appropriate, but there will be more soon.
      53333a43
    • Jonathan Nieder's avatar
      sasl: allow arbitrarily long username and password · c56f9797
      Jonathan Nieder authored
      Use appropriately sized buffers on the heap instead of fixed-size
      buffers on the stack, to allow for longer usernames and passwords.
      
      Callers never pass anything longer than MAX_CURL_USER_LENGTH (resp.
      MAX_CURL_PASSWORD_LENGTH), so no functional change inteded yet.
      c56f9797
  9. Aug 19, 2013