#
fa9a5649 |
| 10-May-2024 |
Orgad Shaneh |
digest: replace strcpy for empty string with simple assignment Closes #13586
|
#
1e517e9f |
| 07-Mar-2024 |
Evgeny Grin (Karlson2k) |
digest: add check for hashing error Closes #13072
|
#
e3461bbd |
| 08-Feb-2024 |
Evgeny Grin (Karlson2k) |
digest: support SHA-512/256 Also fix the tests. New implementation tested with GNU libmicrohttpd. The new numbers in tests are real SHA-512/256 numbers (not just some random ;) numbe
digest: support SHA-512/256 Also fix the tests. New implementation tested with GNU libmicrohttpd. The new numbers in tests are real SHA-512/256 numbers (not just some random ;) numbers ).
show more ...
|
#
84338c4d |
| 15-Nov-2023 |
Viktor Szakats |
build: add more picky warnings and fix them Enable more picky compiler warnings. I've found these options in the nghttp3 project when implementing the CMake quick picky warning funct
build: add more picky warnings and fix them Enable more picky compiler warnings. I've found these options in the nghttp3 project when implementing the CMake quick picky warning functionality for it [1]. `-Wunused-macros` was too noisy to keep around, but fixed a few issues it revealed while testing. - autotools: reflect the more precisely-versioned clang warnings. Follow-up to 033f8e2a08eb1d3102f08c4d8c8e85470f8b460e #12324 - autotools: sync between clang and gcc the way we set `no-multichar`. - autotools: avoid setting `-Wstrict-aliasing=3` twice. - autotools: disable `-Wmissing-noreturn` for MSYS gcc targets [2]. It triggers in libtool-generated stub code. - lib/timeval: delete a redundant `!MSDOS` guard from a `WIN32` branch. - lib/curl_setup.h: delete duplicate declaration for `fileno`. Added in initial commit ae1912cb0d494b48d514d937826c9fe83ec96c4d (1999-12-29). This suggests this may not be needed anymore, but if it does, we may restore this for those specific (non-Windows) systems. - lib: delete unused macro `FTP_BUFFER_ALLOCSIZE` since c1d6fe2aaa5a26e49a69a4f2495b3cc7a24d9394. - lib: delete unused macro `isxdigit_ascii` since f65f750742068f579f4ee6d8539ed9d5f0afcb85. - lib/mqtt: delete unused macro `MQTT_HEADER_LEN`. - lib/multi: delete unused macro `SH_READ`/`SH_WRITE`. - lib/hostip: add `noreturn` function attribute via new `CURL_NORETURN` macro. - lib/mprintf: delete duplicate declaration for `Curl_dyn_vprintf`. - lib/rand: fix `-Wunreachable-code` and related fallouts [3]. - lib/setopt: fix `-Wunreachable-code-break`. - lib/system_win32 and lib/timeval: fix double declarations for `Curl_freq` and `Curl_isVistaOrGreater` in CMake UNITY mode [4]. - lib/warnless: fix double declarations in CMake UNITY mode [5]. This was due to force-disabling the header guard of `warnless.h` to to reapply it to source code coming after `warnless.c` in UNITY builds. This reapplied declarations too, causing the warnings. Solved by adding a header guard for the lines that actually need to be reapplied. - lib/vauth/digest: fix `-Wunreachable-code-break` [6]. - lib/vssh/libssh2: fix `-Wunreachable-code-break` and delete redundant block. - lib/vtls/sectransp: fix `-Wunreachable-code-break` [7]. - lib/vtls/sectransp: suppress `-Wunreachable-code`. Detected in `else` branches of dynamic feature checks, with results known at compile-time, e.g. ```c if(SecCertificateCopySubjectSummary) /* -> true */ ``` Likely fixable as a separate micro-project, but given SecureTransport is deprecated anyway, let's just silence these locally. - src/tool_help: delete duplicate declaration for `helptext`. - src/tool_xattr: fix `-Wunreachable-code`. - tests: delete duplicate declaration for `unitfail` [8]. - tests: delete duplicate declaration for `strncasecompare`. - tests/libtest: delete duplicate declaration for `gethostname`. Originally added in 687df5c8c39c370a59999b9afc0917d808d978b7 (2010-08-02). Got complicated later: c49e9683b85ba9d12cbb6eebc4ab2c8dba68fbdc If there are still systems around with warnings, we may restore the prototype, but limited for those systems. - tests/lib2305: delete duplicate declaration for `libtest_debug_config`. - tests/h2-download: fix `-Wunreachable-code-break`. [1] https://github.com/ngtcp2/nghttp3/blob/a70edb08e954d690e8fb2c1df999b5a056f8bf9f/cmake/PickyWarningsC.cmake [2] https://ci.appveyor.com/project/curlorg/curl/builds/48553586/job/3qkgjauiqla5fj45?fullLog=true#L1675 [3] https://github.com/curl/curl/actions/runs/6880886309/job/18716044703?pr=12331#step:7:72 https://github.com/curl/curl/actions/runs/6883016087/job/18722707368?pr=12331#step:7:109 [4] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrriklpf1ut#L204 [5] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrriklpf1ut#L218 [6] https://github.com/curl/curl/actions/runs/6880886309/job/18716042927?pr=12331#step:7:290 [7] https://github.com/curl/curl/actions/runs/6891484996/job/18746659406?pr=12331#step:9:1193 [8] https://github.com/curl/curl/actions/runs/6882803986/job/18722082562?pr=12331#step:33:1870 Closes #12331
show more ...
|
#
7703ca7f |
| 29-Jun-2023 |
Chris Talbot |
digest: Use hostname to generate spn instead of realm In https://www.rfc-editor.org/rfc/rfc2831#section-2.1.2 digest-uri-value should be serv-type "/" host , where host is:
digest: Use hostname to generate spn instead of realm In https://www.rfc-editor.org/rfc/rfc2831#section-2.1.2 digest-uri-value should be serv-type "/" host , where host is: The DNS host name or IP address for the service requested. The DNS host name must be the fully-qualified canonical name of the host. The DNS host name is the preferred form; see notes on server processing of the digest-uri. Realm may not be the host, so we must specify the host explicitly. Note this change only affects the non-SSPI digest code. The digest code used by SSPI builds already uses the hostname to generate the spn. Ref: https://github.com/curl/curl/issues/11369 Closes https://github.com/curl/curl/pull/11395
show more ...
|
#
e92edfbe |
| 20-Jul-2023 |
Wyatt O'Day |
lib: add ability to disable auths individually Both with configure and cmake Closes #11490
|
#
955e2769 |
| 22-Mar-2023 |
Daniel Stenberg |
digest: clear target buffer Closes #10814
|
#
2bc1d775 |
| 02-Jan-2023 |
Daniel Stenberg |
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - save
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING checksrc is updated to allow non-year using copyright statements Closes #10205
show more ...
|
#
f151ec6c |
| 28-Oct-2022 |
Rose <83477269+AtariDreams@users.noreply.github.com> |
lib: fix some type mismatches and remove unneeded typecasts Many of these castings are unneeded if we change the variables to work better with each other. Ref: https://github.co
lib: fix some type mismatches and remove unneeded typecasts Many of these castings are unneeded if we change the variables to work better with each other. Ref: https://github.com/curl/curl/pull/9823 Closes https://github.com/curl/curl/pull/9835
show more ...
|
#
52cc4a85 |
| 30-Oct-2022 |
Daniel Stenberg |
style: use space after comment start and before comment end /* like this */ /*not this*/ checksrc is updated accordingly Closes #9828
|
#
4484270a |
| 26-Oct-2022 |
Ayesh Karunaratne |
misc: typo and grammar fixes - Replace `Github` with `GitHub`. - Replace `windows` with `Windows` - Replace `advice` with `advise` where a verb is used. - A few fixes on removing
misc: typo and grammar fixes - Replace `Github` with `GitHub`. - Replace `windows` with `Windows` - Replace `advice` with `advise` where a verb is used. - A few fixes on removing repeated words. - Replace `a HTTP` with `an HTTP` Closes #9802
show more ...
|
#
307b7543 |
| 17-Sep-2022 |
Daniel Stenberg |
misc: null-terminate Make use of this term consistently. Closes #9527
|
#
6f9fb7ec |
| 05-Sep-2022 |
Daniel Stenberg |
misc: ISSPACE() => ISBLANK() Instances of ISSPACE() use that should rather use ISBLANK(). I think somewhat carelessly used because it sounds as if it checks for space or whitespace,
misc: ISSPACE() => ISBLANK() Instances of ISSPACE() use that should rather use ISBLANK(). I think somewhat carelessly used because it sounds as if it checks for space or whitespace, but also includes %0a to %0d. For parsing purposes, we should only accept what we must and not be overly liberal. It leads to surprises and surprises lead to bad things. Closes #9432
show more ...
|
#
0ad7c8d7 |
| 07-Aug-2022 |
Daniel Stenberg |
digest: pass over leading spaces in qop values When parsing the "qop=" parameter of the digest authentication, and the value is provided within quotes, the list of values can have leadin
digest: pass over leading spaces in qop values When parsing the "qop=" parameter of the digest authentication, and the value is provided within quotes, the list of values can have leading white space which the parser previously did not handle correctly. Add test case 388 to verify. Reported-by: vlubart on github Fixes #9264 Closes #9270
show more ...
|
#
3fe24ea3 |
| 30-Jun-2022 |
Evgeny Grin (Karlson2k) |
digest: reject broken header with session protocol but without qop Closes #9077
|
#
6e241bbf |
| 25-Jul-2022 |
Evgeny Grin (Karlson2k) |
digest: fix memory leak, fix not quoted 'opaque' Fix leak regression introduced by 3a6fe0c. Closes https://github.com/curl/curl/pull/9199
|
#
647ed7c7 |
| 03-Jul-2022 |
Evgeny Grin (Karlson2k) |
digest: fix missing increment of 'nc' value for auth-int - Increment nc regardless of qop type. Prior to this change nc was only incremented for qop type auth even though libcur
digest: fix missing increment of 'nc' value for auth-int - Increment nc regardless of qop type. Prior to this change nc was only incremented for qop type auth even though libcurl sends nc with any qop. Closes https://github.com/curl/curl/pull/9090
show more ...
|
#
193215db |
| 04-Jul-2022 |
Daniel Stenberg |
digest: simplify a switch() to a simple if
|
#
a44c9ba7 |
| 04-Jul-2022 |
Daniel Stenberg |
digest: provide a special bit for "sess" algos Also shortened the names and moved them to the .c file since they are private for this source file only. Also made them #defines instead of
digest: provide a special bit for "sess" algos Also shortened the names and moved them to the .c file since they are private for this source file only. Also made them #defines instead of enum. Closes #9079
show more ...
|
#
ad9bc597 |
| 17-May-2022 |
max.mehl |
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the file `.reuse/dep5`. This commit also adds a Github workflow to check pull requests and adapts copyright.pl to the changes. Closes #8869
show more ...
|
#
f59508e6 |
| 25-May-2022 |
Evgeny Grin |
digest: tolerate missing "realm" Server headers may not define "realm", avoid NULL pointer dereference in such cases. Closes #8912
|
#
807f4403 |
| 25-May-2022 |
Evgeny Grin |
digest: added detection of more syntax error in server headers Invalid headers should not be processed otherwise they may create a security risk. Closes #8912
|
#
3a6fe0c7 |
| 25-May-2022 |
Evgeny Grin |
digest: unquote realm and nonce before processing RFC 7616 (and 2617) requires values to be "unquoted" before used for digest calculations. The only place where unquoting can be done
digest: unquote realm and nonce before processing RFC 7616 (and 2617) requires values to be "unquoted" before used for digest calculations. The only place where unquoting can be done correctly is header parsing function (realm="DOMAIN\\host" and realm=DOMAN\\host are different realms). This commit adds unquoting (de-escaping) of all values during header parsing and quoting of the values during header forming. This approach should be most straightforward and easy to read/maintain as all values are processed in the same way as required by RFC. Closes #8912
show more ...
|
#
26101421 |
| 03-Feb-2022 |
Daniel Stenberg |
lib: remove support for CURL_DOES_CONVERSIONS TPF was the only user and support for that was dropped. Closes #8378
|
#
21248e05 |
| 25-Dec-2021 |
Daniel Stenberg |
checksrc: detect more kinds of NULL comparisons we avoid Co-authored-by: Jay Satiro Closes #8180
|