| #
fbf5d507 |
| 18-Sep-2024 |
Daniel Stenberg |
lib/src: white space edits to comply better with code style
... as checksrc now finds and complains about these.
Closes #14921
|
| #
09437d8c |
| 26-Aug-2024 |
Viktor Szakats |
tests: delete `libhostname.so` and `chkhostname`
Before this patch, `libhostname.so` and `chkhostname` were a test
facility for overriding `gethostname()` in non-debug builds on
Linu
tests: delete `libhostname.so` and `chkhostname`
Before this patch, `libhostname.so` and `chkhostname` were a test
facility for overriding `gethostname()` in non-debug builds on
Linux and other Unix platforms supporting `LD_PRELOAD`.
`gethostname()` has a single use with SMTP.
The alternative way to override `gethostname()` is building in debug
mode, which allows to do this via the `CURL_GETHOSTNAME` env, on all
platforms.
Drop the `LD_PRELOAD` solution in favour of the above.
Also:
- delete inactive NTLM code with a `gethostname()` call made from it.
- streamline NTLM code by dropping a `printf()` and a macro.
- tests: stop setting `CURL_GETHOSTNAME` where unnecessary.
Closes #14695
show more ...
|
| #
c074ba64 |
| 01-Jul-2024 |
Daniel Stenberg |
code: language cleanup in comments
Based on the standards and guidelines we use for our documentation.
- expand contractions (they're => they are etc)
- host name = > hostname
code: language cleanup in comments
Based on the standards and guidelines we use for our documentation.
- expand contractions (they're => they are etc)
- host name = > hostname
- file name => filename
- user name = username
- man page => manpage
- run-time => runtime
- set-up => setup
- back-end => backend
- a HTTP => an HTTP
- Two spaces after a period => one space after period
Closes #14073
show more ...
|
| #
08872971 |
| 13-May-2024 |
Viktor Szakats |
lib/v*: tidy up types and casts
Also add a couple of negative checks.
Cherry-picked from #13489
Closes #13622
|
| #
7309b9cb |
| 05-Dec-2023 |
Daniel Stenberg |
lib: strndup/memdup instead of malloc, memcpy and null-terminate
- bufref: use strndup
- cookie: use strndup
- formdata: use strndup
- ftp: use strndup
- gtls: use aprin
lib: strndup/memdup instead of malloc, memcpy and null-terminate
- bufref: use strndup
- cookie: use strndup
- formdata: use strndup
- ftp: use strndup
- gtls: use aprintf instead of malloc + strcpy * 2
- http: use strndup
- mbedtls: use strndup
- md4: use memdup
- ntlm: use memdup
- ntlm_sspi: use strndup
- pingpong: use memdup
- rtsp: use strndup instead of malloc, memcpy and null-terminate
- sectransp: use strndup
- socks_gssapi.c: use memdup
- vtls: use dynbuf instead of malloc, snprintf and memcpy
- vtls: use strdup instead of malloc + memcpy
- wolfssh: use strndup
Closes #12453
show more ...
|
| #
7c8bae0d |
| 29-Jul-2023 |
Daniel Stenberg |
nss: remove support for this TLS library
Closes #11459
|
| #
15a36189 |
| 16-Apr-2023 |
Andreas Falkenhahn |
nbtlm: use semicolons instead of commas for (void) args
Closes #10978
|
| #
0c2fcb0f |
| 22-Mar-2023 |
Daniel Stenberg |
ntlm: clear lm and nt response buffers before use
To avoid the risk of MemorySanitizer: use-of-uninitialized-value
Closes #10814
|
| #
2bc1d775 |
| 02-Jan-2023 |
Daniel Stenberg |
copyright: update all copyright lines and remove year ranges
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- save
copyright: update all copyright lines and remove year ranges
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING
checksrc is updated to allow non-year using copyright statements
Closes #10205
show more ...
|
| #
2d9fee45 |
| 23-Nov-2022 |
Daniel Gustafsson |
netware: remove leftover traces
Commit 3b16575ae938dec2a29454631a12aa52b6ab9c67 removed support for
building on Novell Netware, but a few leftover traces remained. This
removes the l
netware: remove leftover traces
Commit 3b16575ae938dec2a29454631a12aa52b6ab9c67 removed support for
building on Novell Netware, but a few leftover traces remained. This
removes the last bits.
Closes: #9966
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
show more ...
|
| #
265fbd93 |
| 01-Oct-2022 |
Viktor Szakats |
docs: update sourceforge project links [ci skip]
SourceForge projects can now choose between two hostnames, with .io and
.net ending. Both support HTTPS by default now. Opening the other
docs: update sourceforge project links [ci skip]
SourceForge projects can now choose between two hostnames, with .io and
.net ending. Both support HTTPS by default now. Opening the other variant
will perm-redirected to the one chosen by the project.
The .io -> .net redirection is done insecurely.
Let's update the URLs to point to the current canonical endpoints to
avoid any redirects.
Closes #9630
show more ...
|
| #
307b7543 |
| 17-Sep-2022 |
Daniel Stenberg |
misc: null-terminate
Make use of this term consistently.
Closes #9527
|
| #
ad9bc597 |
| 17-May-2022 |
max.mehl |
copyright: make repository REUSE compliant
Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the
copyright: make repository REUSE compliant
Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.
This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.
Closes #8869
show more ...
|
| #
216636a4 |
| 23-May-2022 |
Daniel Stenberg |
ntlm: (void) typecast msnprintf() where we ignore return code
Follow-up to 5a41abef6, to please Coverity
|
| #
5a41abef |
| 22-May-2022 |
Daniel Gustafsson |
ntlm: copy NTLM_HOSTNAME to host buffer
Commit 709ae2454f43 added a fake hostname to avoid leaking the local
hostname, but omitted copying it to the host buffer. Fix by copying
and
ntlm: copy NTLM_HOSTNAME to host buffer
Commit 709ae2454f43 added a fake hostname to avoid leaking the local
hostname, but omitted copying it to the host buffer. Fix by copying
and adjust the test fallout.
Closes: #8895
Fixes: #8893
Reported-by: Patrick Monnerat <patrick@monnerat.net>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
show more ...
|
| #
709ae245 |
| 20-May-2022 |
Daniel Stenberg |
ntlm: provide a fixed fake host name
The NTLM protocol includes providing the local host name, but apparently
other implementations already provide a fixed fake name instead to avoid
ntlm: provide a fixed fake host name
The NTLM protocol includes providing the local host name, but apparently
other implementations already provide a fixed fake name instead to avoid
leaking the real local name.
The exact name used is 'WORKSTATION', because Firefox uses that.
The change is written to allow someone to "back-pedal" fairly easy in
case of need.
Reported-by: Carlo Alberto
Fixes #8859
Closes #8889
show more ...
|
| #
6968fb9d |
| 16-Apr-2022 |
Daniel Stenberg |
lib: remove exclamation marks
... from infof() and failf() calls. Make them less attention seeking.
Closes #8713
|
| #
897e8baa |
| 15-Feb-2022 |
Marcel Raad |
ntlm: remove unused feature defines
They're not used anymore and always supported.
Closes https://github.com/curl/curl/pull/8453
|
| #
26101421 |
| 03-Feb-2022 |
Daniel Stenberg |
lib: remove support for CURL_DOES_CONVERSIONS
TPF was the only user and support for that was dropped.
Closes #8378
|
| #
d6ff35b5 |
| 10-Dec-2021 |
x2018 |
sha256/md5: return errors when init fails
Closes #8133
|
| #
e7416cfd |
| 06-Jul-2021 |
Daniel Stenberg |
infof: remove newline from format strings, always append it
- the data needs to be "line-based" anyway since it's also passed to the
debug callback/application
- it makes info
infof: remove newline from format strings, always append it
- the data needs to be "line-based" anyway since it's also passed to the
debug callback/application
- it makes infof() work like failf() and consistency is good
- there's an assert that triggers on newlines in the format string
- Also removes a few instances of "..."
- Removes the code that would append "..." to the end of the data *iff*
it was truncated in infof()
Closes #7357
show more ...
|
| #
3e820fbf |
| 27-Apr-2021 |
Daniel Stenberg |
ntlm: precaution against super huge type2 offsets
... which otherwise caused an integer overflow and circumvented the if()
conditional size check.
Detected by OSS-Fuzz
Bug:
ntlm: precaution against super huge type2 offsets
... which otherwise caused an integer overflow and circumvented the if()
conditional size check.
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33720
Assisted-by: Max Dymond
Closes #6975
show more ...
|
|
Revision tags: curl-7_76_1, curl-7_76_0 |
|
| #
19ea52da |
| 17-Mar-2021 |
Patrick Monnerat |
vauth: factor base64 conversions out of authentication procedures
Input challenges and returned messages are now in binary.
Conversions from/to base64 are performed by callers (currently
vauth: factor base64 conversions out of authentication procedures
Input challenges and returned messages are now in binary.
Conversions from/to base64 are performed by callers (currently curl_sasl.c
and http_ntlm.c).
Closes #6654
show more ...
|
| #
9c1e1a61 |
| 06-Apr-2021 |
Patrick Monnerat |
ntlm: fix negotiated flags usage
According to Microsoft document MS-NLMP, current flags usage is not
accurate: flag NTLMFLAG_NEGOTIATE_NTLM2_KEY controls the use of
extended security
ntlm: fix negotiated flags usage
According to Microsoft document MS-NLMP, current flags usage is not
accurate: flag NTLMFLAG_NEGOTIATE_NTLM2_KEY controls the use of
extended security in an NTLM authentication message and NTLM version 2
cannot be negotiated within the protocol.
The solution implemented here is: if the extended security flag is set,
prefer using NTLM version 2 (as a server featuring extended security
should also support version 2). If version 2 has been disabled at
compile time, use extended security.
Tests involving NTLM are adjusted to this new behavior.
Fixes #6813
Closes #6849
show more ...
|
| #
cca455a3 |
| 06-Apr-2021 |
Patrick Monnerat |
ntlm: support version 2 on 32-bit platforms
Closes #6849
|
