Jay Satiro [Mon, 7 Dec 2015 07:43:24 +0000 (02:43 -0500)]
formdata: Check if length is too large for memory
- If the size of the length type (curl_off_t) is greater than the size
of the size_t type then check before allocating memory to make sure the
value of length will fit in a size_t without overflow. If it doesn't
then return CURLE_BAD_FUNCTION_ARGUMENT.
Bug: https://github.com/bagder/curl/issues/425#issuecomment-154518679 Reported-by: Steve Holme
Daniel Stenberg [Thu, 3 Dec 2015 08:53:53 +0000 (09:53 +0100)]
curl: remove keepalive #ifdef checks done on libcurl's behalf
They didn't match the ifdef logic used within libcurl anyway so they
could indeed warn for the wrong case - plus the tool cannot know how the
lib actually performs at that level.
Daniel Stenberg [Fri, 27 Nov 2015 22:29:30 +0000 (23:29 +0100)]
nonblock: fix setting non-blocking mode for Amiga
IoctlSocket() apparently wants a pointer to a long, passed as a char *
in its third parameter. This bug was introduced already back in commit c5fdeef41d from October 1 2001!
Steve Holme [Fri, 27 Nov 2015 06:59:02 +0000 (06:59 +0000)]
tool_paramhlp: Fixed display of URL index in password prompt for --next
Commit f3bae6ed73 added the URL index to the password prompt when using
--next. Unfortunately, because the size_t specifier (%zu) is not
supported by all sprintf() implementations we use the curl_off_t format
specifier instead. The display of an incorrect value arises on platforms
where size_t and curl_off_t are of a different size.
Daniel Stenberg [Tue, 24 Nov 2015 18:51:59 +0000 (19:51 +0100)]
done: make sure the final progress update is made
It would previously be skipped if an existing error was returned, but
would lead to a previous value being left there and later used.
CURLINFO_TOTAL_TIME for example.
Still it avoids that final progress update if we reached DONE as the
result of a callback abort to avoid another callback to be called after
an abort-by-callback.
Steve Holme [Sat, 21 Nov 2015 11:41:20 +0000 (11:41 +0000)]
smb.c: Fixed compilation warnings
smb.c:134:3: warning: conversion to 'short unsigned int' from 'int' may
alter its value
smb.c:146:42: warning: conversion to 'unsigned int' from 'long long
unsigned int' may alter its value
smb.c:146:65: warning: conversion to 'unsigned int' from 'long long
unsigned int' may alter its value
Steve Holme [Sat, 21 Nov 2015 01:47:02 +0000 (01:47 +0000)]
examples: Fixed compilation warnings
pop3-multi.c:96:5: warning: implicit declaration of function 'memset'
imap-multi.c:96:5: warning: implicit declaration of function 'memset'
http2-download.c:226:5: warning: implicit declaration of function 'memset'
http2-upload.c:290:5: warning: implicit declaration of function 'memset'
http2-upload.c:290:5: warning: implicit declaration of function 'memset'
When an option's help string contains literal single quotes, those
single quotes would be stripped from the option's description in the
completion output (unless the zsh RC_QUOTES option were set while the
completion function was being sourced, which is not the default). This
patch makes the completion output contain single quotes where the --help
output does.
The push headers are freed after the push callback has been invoked,
meaning this code should only free the headers if the callback was never
invoked and thus the headers weren't freed at that time.
Steve Holme [Sun, 15 Nov 2015 20:14:46 +0000 (20:14 +0000)]
tests: Disabled 889 and 890 until we support POP3 continuation responses
As POP3 final and continuation responses both begin with a + character,
and both the finalcode and contcode variables in SASLprotoc are set as
such, we cannot tell the difference between them when we are expecting
an optional continuation from the server such as the following:
+ something else from the server
+OK final response
Disabled these tests until such a time we can tell the responses apart.
Steve Holme [Sat, 5 Sep 2015 17:09:40 +0000 (18:09 +0100)]
oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP
OAUTHBEARER is now the official "registered" SASL mechanism name for
OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some
servers won't support the new mechanism yet.
Daniel Stenberg [Fri, 13 Nov 2015 15:15:26 +0000 (16:15 +0100)]
cleanup: general removal of TODO (and similar) comments
They tend to never get updated anyway so they're frequently inaccurate
and we never go back to revisit them anyway. We document issues to work
on properly in KNOWN_BUGS and TODO instead.
dfandrich [Thu, 12 Nov 2015 22:45:56 +0000 (23:45 +0100)]
unit1603: Demote hash mismatch failure to a warning
The hashes can vary between architectures (e.g. Sparc differs from x86_64).
This is not a fatal problem but just reduces the coverage of these white-box
tests, as the assumptions about into which hash bucket each key falls are no
longer valid.
Steve Holme [Thu, 12 Nov 2015 19:45:24 +0000 (19:45 +0000)]
sasl: Re-introduced XOAUTH2 in the default enabled authentication mechanism
Following the fix in commit d6d58dd558 it is necessary to re-introduce
XOAUTH2 in the default enabled authentication mechanism, which was
removed in commit 7b2012f262, otherwise users will have to specify
AUTH=XOAUTH2 in the URL.
Note: OAuth 2.0 will only be used when the bearer is specified.
Steve Holme [Sat, 5 Sep 2015 16:29:49 +0000 (17:29 +0100)]
sasl: Don't choose OAuth 2.0 if mechanism not advertised
Regression from commit 9e8ced9890 which meant if --oauth2-bearer was
specified but the SASL mechanism wasn't supported by the server then
the mechanism would be chosen.
Steve Holme [Sat, 5 Sep 2015 16:08:54 +0000 (17:08 +0100)]
oauth2: Introduced support for host and port details
Added support to the OAuth 2.0 message function for host and port, in
order to accommodate the official OAUTHBEARER SASL mechanism which is
to be added shortly.
Douglas Creager [Tue, 10 Nov 2015 19:46:49 +0000 (14:46 -0500)]
cmake: Add missing feature macros in config header
The curl_config.h file can be generated either from curl_config.h.cmake
or curl_config.h.in, depending on whether you're building using CMake or
the autotools. The CMake template header doesn't include entries for
all of the protocols that you can disable, which (I think) means that
you can't actually disable those protocols when building via CMake.
Douglas Creager [Tue, 10 Nov 2015 20:05:18 +0000 (15:05 -0500)]
BoringSSL: Work with stricter BIO_get_mem_data()
BoringSSL implements `BIO_get_mem_data` as a function, instead of a
macro, and expects the output pointer to be a `char **`. We have to add
an explicit cast to grab the pointer as a `const char **`.