- Apr 03, 2016
-
-
Steve Holme authored
Although this should never happen due to the relationship between the 'mech' and 'resp' variables, and the way they are allocated together, it does cause problems for code analysis tools: V595 The 'mech' pointer was utilized before it was verified against nullptr. Check lines: 376, 381. curl_sasl.c 376 Bug: https://github.com/curl/curl/issues/745 Reported-by: Alexis La Goutte
-
Steve Holme authored
* Prefer dereference of string pointer rather than strlen() * Free challenge pointer in one place * Additional comments
-
Steve Holme authored
* Prefer dereference of string pointer rather than strlen() * Free challenge pointer in one place * Additional comments
-
Steve Holme authored
This wouldn't cause a problem because of the way the function is called, but prior to this change, we were processing the challenge message when the credentials were NULL rather than when the challenge message was populated. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
-
Steve Holme authored
Although mutual authentication is currently turned off and can only be enabled by changing libcurl source code, authentication using Kerberos 5 has been broken since commit 79543caf in this use case.
-
Steve Holme authored
This wouldn't cause a problem because of the way the function is called, but prior to this change, we were processing the challenge message when the credentials were NULL rather than when the challenge message was populated. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
-
Steve Holme authored
Prior to this change, we were generating the output token when the credentials were NULL rather than when the output token was NULL. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
-
Steve Holme authored
Prior to this change, we were generating the SPN in the SSPI code when the credentials were NULL and in the GSS-API code when the context was empty. It is better to decouple the SPN generation from these checks and only generate it when the SPN itself is NULL. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
-
Daniel Stenberg authored
... checksrc of all test code is pending.
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
The quote scanner was too fragile, now look for a comma instead to find the mode argument.
-
Daniel Stenberg authored
follow-up to 0326b067 sizeof(pointer) is no good for the buffer size! Reported-by: Viktor Szakats
-
- Apr 02, 2016
-
-
Steve Holme authored
warning: implicit declaration of function 'sprintf_was_used' [-Wimplicit-function-declaration] Follow up to the modications made to tests/libtest in commit 55452ebd as we prefer not to use sprintf() now.
-
Daniel Stenberg authored
We never made a 7.25.1 release
-
Daniel Stenberg authored
-
Daniel Stenberg authored
It offers extra info from nghttp2 in certain error cases. Like for example when trying prior-knowledge http2 on a server that doesn't speak http2 at all. The error message is passed on as a verbose message to libcurl. Discussed in #722 The error callback was added in nghttp2 1.9.0
-
Steve Holme authored
To be consistent with the Kerberos 5 context and other authentication code.
-
Steve Holme authored
For consistency with the spnego code.
-
Steve Holme authored
For consistency with the spnego and oauth2 code moved the setting of the host name outside of the Curl_auth_create_gssapi_user_messag() function. This will allow us to more easily override it in the future.
-
- Apr 01, 2016
-
-
Steve Holme authored
-
Steve Holme authored
As this was introduced in the recent vauth changes and not a prior release.
-
Daniel Stenberg authored
-
Steve Holme authored
I had accidentally used the proxy server name for the host and the host server name for the proxy in commit ad5e9bfd and 6d6f9ca1. Whilst Windows SSPI was quite happy with this, GSS-API wasn't. Thanks-to: Michael Osipov
-
Steve Holme authored
After squashing most of our compiler warnings, up'ed the default warning level from 3 to 4 in order to increase the likelyhood of catching future warnings.
-
ehlertjd@gmail.com authored
may be null in the CURLOPT_CONNECT_ONLY case Fixes #747
-
Steve Holme authored
-
Steve Holme authored
From commit 7218b52c.
-
Steve Holme authored
Corrected typos from commit ad5e9bfd and 6d6f9ca1.
-
Steve Holme authored
Follow up to commit 7db9782d.
-
Daniel Stenberg authored
When an upload is done, there are two places where that can be detected and only one of them would rewind the input stream - which sometimes is necessary for example when doing NTLM HTTP POSTs and more. This could then end up libcurl hanging. Figured-out-by: Isaac Boukris Reported-by: Anatol Belski Fixes #741
-
Daniel Stenberg authored
So that we only do the extra typedefs in curl_memory.h when we really need to and avoid double typedefs. follow-up commit to 7218b52c Thanks-to: Steve Holme
-
Daniel Stenberg authored
The define is not in our name space and is therefore not protected by our API promises. It was only really used by libcurl internals but was mostly erased from there already in 8aabbf5f (March 2015). This is supposedly the final death blow to that define from everywhere. As a side-effect, making sure _MPRINTF_REPLACE is gone and not used, I made the lib tests in tests/libtest/ use curl_printf.h for its redefine magic and then subsequently the use of sprintf() got banned in the tests as well (as it is in libcurl internals) and I then replaced them all with snprintf(). In the unlikely event that any users is actually using this define and gets sad by this change, it is very easily copied to the user's own code.
-
Daniel Stenberg authored
Discussed in #743
-
Steve Holme authored
Fixed copy/paste error from commit a5aec587.
-
Jay Satiro authored
Bug: https://github.com/curl/curl/issues/744 Reported-by: Alexis La Goutte
-
- Mar 31, 2016
-
-
Daniel Stenberg authored
-
Diego Bes authored
Supports HTTP/2 over clear TCP - Optimize switching to HTTP/2 by removing calls to init and setup before switching. Switching will eventually call setup and setup calls init. - Supports new version to “force” the use of HTTP/2 over clean TCP - Add common line parameter “--http2-prior-knowledge” to the Curl command line tool.
-
Daniel Stenberg authored
The list and search response functions were identical! Merged into one now. Detected by PVS Studio. Reported-by: Alexis La Goutte
-
Daniel Stenberg authored
The code copied one byte from a 32bit integer, which works fine as long as the byte order is the same. Not a fine assumption. Reported by PVS Studio. Reported-by: Alexis La Goutte
-