#
c321b9f7 |
| 04-Apr-2007 |
Dan Fandrich |
Fixes some more out of memory handling bugs.
|
#
39aac635 |
| 21-Feb-2007 |
Daniel Stenberg |
silence two cases of "comparison between signed and unsigned"
|
#
3a634a27 |
| 21-Feb-2007 |
Yang Tse |
curlassert macro replaced with DEBUGASSERT macro defined in setup_once.h
|
Revision tags: curl-7_16_1 |
|
#
354c8dcd |
| 23-Jan-2007 |
Daniel Stenberg |
- David McCreedy did NTLM changes mainly for non-ASCII platforms: #1 There's a compilation error in http_ntlm.c if USE_NTLM2SESSION is NOT defined. I noticed this while testin
- David McCreedy did NTLM changes mainly for non-ASCII platforms: #1 There's a compilation error in http_ntlm.c if USE_NTLM2SESSION is NOT defined. I noticed this while testing various configurations. Line 867 of the current http_ntlm.c is a closing bracket for an if/else pair that only gets compiled in if USE_NTLM2SESSION is defined. But this closing bracket wasn't in an #ifdef so the code fails to compile unless USE_NTLM2SESSION was defined. Lines 198 and 140 of my patch wraps that closing bracket in an #ifdef USE_NTLM2SESSION. #2 I noticed several picky compiler warnings when DEBUG_ME is defined. I've fixed them with casting. By the way, DEBUG_ME was a huge help in understanding this code. #3 Hopefully the last non-ASCII conversion patch for libcurl in a while. I changed the "NTLMSSP" literal to hex since this signature must always be in ASCII. Conversion code was strategically added where necessary. And the Curl_base64_encode calls were changed so the binary "blobs" http_ntlm.c creates are NOT translated on non-ASCII platforms.
show more ...
|
#
359d5009 |
| 03-Jan-2007 |
Daniel Stenberg |
- David McCreedy made changes to allow base64 encoding/decoding to work on non-ASCII platforms.
|
#
0ed285e8 |
| 02-Nov-2006 |
Yang Tse |
prototype for gethostname is in unistd.h
|
Revision tags: curl-7_16_0 |
|
#
44d84ac1 |
| 17-Oct-2006 |
Daniel Stenberg |
Avoid typecasting a signed char to an int when using is*() functions, as that could very well cause a negate number get passed in and thus cause reading outside of the array usually used for
Avoid typecasting a signed char to an int when using is*() functions, as that could very well cause a negate number get passed in and thus cause reading outside of the array usually used for this purpose. We avoid this by using the uppercase macro versions introduced just now that does some extra crazy typecasts to avoid byte codes > 127 to cause negative int values.
show more ...
|
#
b0f6e7ce |
| 09-Sep-2006 |
Daniel Stenberg |
Michele Bini fixed how the hostname is put in NTLM packages. As servers don't expect fully qualified names we need to cut them off at the first dot.
|
Revision tags: curl-7_15_6-prepipeline, curl-7_15_5 |
|
#
d157c292 |
| 19-Jul-2006 |
Yang Tse |
Fix compiler warnings
|
Revision tags: curl-7_15_4 |
|
#
2bd3033f |
| 07-Jun-2006 |
Daniel Stenberg |
NTLM2 session response support
|
#
e4a4b562 |
| 08-Apr-2006 |
Gisle Vanem |
readint_le() not needed in USE_WINDOWS_SSPI code.
|
#
be285cde |
| 05-Apr-2006 |
Daniel Stenberg |
Michele Bini modified the NTLM code to work for his "weird IIS case" (http://curl.haxx.se/mail/lib-2006-02/0154.html) by adding the NTLM hash function in addition to the LM one and making som
Michele Bini modified the NTLM code to work for his "weird IIS case" (http://curl.haxx.se/mail/lib-2006-02/0154.html) by adding the NTLM hash function in addition to the LM one and making some other adjustments in the order the different parts of the data block are sent in the Type-2 reply. Inspiration for this work was taken from the Firefox NTLM implementation. I edited the existing 21(!) NTLM test cases to run fine with these news. Due to the fact that we now properly include the host name in the Type-2 message the test cases now only compare parts of that chunk.
show more ...
|
Revision tags: curl-7_15_3, curl-7_15_2, curl-7_15_1 |
|
#
92c0de51 |
| 14-Nov-2005 |
Daniel Stenberg |
Quagmire reported that he needed to raise a NTLM buffer for SSPI to work properly for a case, and so we did. We raised it even for non-SSPI builds but it should not do any harm. http://curl.h
Quagmire reported that he needed to raise a NTLM buffer for SSPI to work properly for a case, and so we did. We raised it even for non-SSPI builds but it should not do any harm. http://curl.haxx.se/bug/view.cgi?id=1356715
show more ...
|
#
17533580 |
| 08-Nov-2005 |
Daniel Stenberg |
Dmitry Bartsevich discovered some issues in compatibilty of SSPI-enabled version of libcurl with different Windows versions. Current version of libcurl imports SSPI functions from secur32.dll
Dmitry Bartsevich discovered some issues in compatibilty of SSPI-enabled version of libcurl with different Windows versions. Current version of libcurl imports SSPI functions from secur32.dll. However, under Windows NT 4.0 these functions are located in security.dll, under Windows 9x - in secur32.dll and Windows 2000 and XP contains both these DLLs (security.dll just forwards calls to secur32.dll). Dmitry's patch loads proper library dynamically depending on Windows version. Function InitSecurityInterface() is used to obtain pointers to all of SSPI function in one structure. : ----------------------------------------------------------------------
show more ...
|
Revision tags: curl-7_15_0 |
|
#
943aea62 |
| 13-Oct-2005 |
Daniel Stenberg |
Make sure that the user and domain strings fit in the target buffer before we copy them there.
|
#
06c3bec6 |
| 02-Oct-2005 |
Gisle Vanem |
Avoid gcc warning "dereferencing type-punned pointer will break strict-aliasing rules".
|
#
58d628c9 |
| 20-Sep-2005 |
Daniel Stenberg |
Uses __stdcall instead of SEC_ENTRY since it seems (at least) mingw doesn't define SEC_ENTRY and thus fails unless this is done!
|
#
3fe53119 |
| 19-Sep-2005 |
Daniel Stenberg |
Dmitry Bartsevich made the SSPI support work on Windows 9x as well
|
Revision tags: curl-7_14_1, c-ares-1_3_0, curl-7_14_0 |
|
#
6e619393 |
| 07-Apr-2005 |
Daniel Stenberg |
GnuTLS support added. There's now a "generic" SSL layer that we use all over internally, with code provided by sslgen.c. All SSL-layer-specific code is then written in ssluse.c (for OpenSSL)
GnuTLS support added. There's now a "generic" SSL layer that we use all over internally, with code provided by sslgen.c. All SSL-layer-specific code is then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS). As far as possible, internals should not need to know what SSL layer that is in use. Building with GnuTLS currently makes two test cases fail. TODO.gnutls contains a few known outstanding issues for the GnuTLS support. GnuTLS support is enabled with configure --with-gnutls
show more ...
|
Revision tags: curl-7_13_2 |
|
#
ec4e653c |
| 14-Mar-2005 |
Daniel Stenberg |
hushing up more warnings
|
#
76c24a0d |
| 14-Mar-2005 |
Gisle Vanem |
Avoid "unused variable" warnings.
|
#
fb9ae9d0 |
| 11-Mar-2005 |
Dan Fandrich |
Fixed some compiler warnings.
|
#
d1d35ba8 |
| 10-Mar-2005 |
Daniel Stenberg |
Christopher R. Palmer made it possible to build libcurl with the USE_WINDOWS_SSPI on Windows, and then libcurl will be built to use the native way to do NTLM. SSPI also allows libcurl to pass
Christopher R. Palmer made it possible to build libcurl with the USE_WINDOWS_SSPI on Windows, and then libcurl will be built to use the native way to do NTLM. SSPI also allows libcurl to pass on the current user and its password in the request.
show more ...
|
Revision tags: curl-7_13_1 |
|
#
527f70e5 |
| 22-Feb-2005 |
Daniel Stenberg |
Curl_base64_decode() now returns an allocated buffer
|
#
19f66c75 |
| 22-Feb-2005 |
Daniel Stenberg |
Thanks for the notification iDEFENCE. We are the "initial vendor" and we sure got no notification, no mail, no nothing. You didn't even bother to mail us when you went public with this.
Thanks for the notification iDEFENCE. We are the "initial vendor" and we sure got no notification, no mail, no nothing. You didn't even bother to mail us when you went public with this. Cool. NTLM buffer overflow fix, as reported here: http://www.securityfocus.com/archive/1/391042
show more ...
|