summaryrefslogtreecommitdiff
path: root/lib/security.c
Commit message (Collapse)AuthorAgeFilesLines
* code style: use spaces around equals signsDaniel Stenberg2017-09-111-2/+2
|
* ftp-gss: check for init before useDaniel Stenberg2016-12-241-0/+4
| | | | | | To avoid dereferencing a NULL pointer. Reported-by: Daniel Romero
* checksrc: move open braces to comply with function declaration styleDaniel Stenberg2016-11-241-1/+2
|
* checksrc: white space edits to comply to stricter checksrcDaniel Stenberg2016-11-241-2/+2
|
* checksrc: code style: use 'char *name' styleDaniel Stenberg2016-11-241-1/+1
|
* realloc: use Curl_saferealloc to avoid common mistakesDaniel Stenberg2016-11-111-2/+2
| | | | Discussed: https://curl.haxx.se/mail/lib-2016-11/0087.html
* strcasecompare: all case insensitive string compares ignore locale nowDaniel Stenberg2016-10-311-1/+1
| | | | | We had some confusions on when each function was used. We should not act differently on different locales anyway.
* krb5: avoid realloc(0)Daniel Stenberg2016-10-311-3/+6
| | | | | | | | | | | If the requested size is zero, bail out with error instead of doing a realloc() that would cause a double-free: realloc(0) acts as a free() and then there's a second free in the cleanup path. CVE-2016-8619 Bug: https://curl.haxx.se/docs/adv_20161102E.html Reported-by: Cure53
* ftp: fix Curl_ftpsendf()Daniel Stenberg2016-10-081-1/+1
| | | | | | | | | | | ... it no longer takes printf() arguments since it was only really taken advantage by one user and it was not written and used in a safe way. Thus the 'f' is removed from the function name and the proto is changed. Although the current code wouldn't end up in badness, it was a risk that future changes could end up springf()ing too large data or passing in a format string inadvertently.
* internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg2016-06-221-1/+1
|
* security:choose_mech fix DEAD CODE warningDaniel Stenberg2015-06-151-46/+43
| | | | | | ... by removing the "do {} while (0)" block. Coverity CID 1306669
* security: fix "Unchecked return value" from sscanf()Daniel Stenberg2015-05-221-9/+9
| | | | | | | By (void) prefixing it and adding a comment. Did some minor related cleanups. Coverity CID 1299423.
* security: simplify choose_mechDaniel Stenberg2015-05-221-33/+19
| | | | | | | | Coverity CID 1299424 identified dead code because of checks that could never equal true (if the mechanism's name was NULL). Simplified the function by removing a level of pointers and removing the loop and array that weren't used.
* Bug #149: Deletion of unnecessary checks before calls of the function "free"Markus Elfring2015-03-161-4/+2
| | | | | | | | | | | The function "free" is documented in the way that no action shall occur for a passed null pointer. It is therefore not needed that a function caller repeats a corresponding check. http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first This issue was fixed by using the software Coccinelle 1.0.0-rc24. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
* security: avoid compiler warningDaniel Stenberg2015-01-281-3/+3
| | | | | | | Possible access to uninitialised memory '&nread' at line 140 of lib/security.c in function 'ftp_send_command'. Reported-by: Rich Burridge
* code cleanup: we prefer 'CURLcode result'Daniel Stenberg2014-10-241-20/+20
| | | | | | | | | | | | | | ... for the local variable name in functions holding the return code. Using the same name universally makes code easier to read and follow. Also, unify code for checking for CURLcode errors with: if(result) or if(!result) instead of if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
* do_sec_send: remove dead codeDaniel Stenberg2014-10-081-4/+2
| | | | | Coverity CID 1241951. The condition 'len >= 0' would always be true at that point and thus not necessary to check for.
* krb5_encode: remove unused argumentDaniel Stenberg2014-10-081-1/+1
| | | | | | Coverity CID 1241957. Removed the unused argument. As this struct and pointer now are used only for krb5, there's no need to keep unused function arguments around.
* choose_mech: fix return codeDaniel Stenberg2014-10-041-1/+1
| | | | | Coverity CID 1241950. The pointer is never NULL but it might point to NULL.
* Curl_sec_read_msg: spell out that we ignore return codeDaniel Stenberg2014-10-041-2/+2
| | | | | Coverity CID 1241947. Since if sscanf() fails, the previously set value remains set.
* security.h: rename to curl_sec.h to avoid name collisionDaniel Stenberg2013-08-261-1/+1
| | | | | | I brought back security.h in commit bb5529331334e. As we actually already found out back in 2005 in commit 62970da675249, the file name security.h causes problems so I renamed it curl_sec.h instead.
* FTP: remove krb4 supportDaniel Stenberg2013-08-251-10/+7
| | | | | | | | | | We've announced this pending removal for a long time and we've repeatedly asked if anyone would care or if anyone objects. Nobody has objected. It has probably not even been working for a good while since nobody has tested/used this code recently. The stuff in krb4.h that was generic enough to be used by other sources is now present in security.h
* string formatting: fix 25+ printf-style format stringsYang Tse2013-07-241-2/+2
|
* build: fix circular header inclusion with other packagesYang Tse2013-01-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit renames lib/setup.h to lib/curl_setup.h and renames lib/setup_once.h to lib/curl_setup_once.h. Removes the need and usage of a header inclusion guard foreign to libcurl. [1] Removes the need and presence of an alarming notice we carried in old setup_once.h [2] ---------------------------------------- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H, this single inclusion guard is enough to ensure that inclusion of lib/setup_once.h done from lib/setup.h is only done once. Additionally lib/setup.h has always used __SETUP_ONCE_H macro to protect inclusion of setup_once.h even after commit ec691ca3, this was to avoid a circular header inclusion triggered when building a c-ares enabled version with c-ares sources available which also has a setup_once.h header. Commit ec691ca3 exposes the real nature of __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard foreign to libcurl belonging to c-ares's setup_once.h The renaming this commit does, fixes the circular header inclusion, and as such removes the need and usage of a header inclusion guard foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl. 2 - Due to the circular interdependency of old lib/setup_once.h and the c-ares setup_once.h header, old file lib/setup_once.h has carried back from 2006 up to now days an alarming and prominent notice about the need of keeping libcurl's and c-ares's setup_once.h in sync. Given that this commit fixes the circular interdependency, the need and presence of mentioned notice is removed. All mentioned interdependencies come back from now old days when the c-ares project lived inside a curl subdirectory. This commit removes last traces of such fact.
* Revert changes relative to lib/*.[ch] recent renamingYang Tse2013-01-061-0/+604
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
* build: rename 93 lib/*.c filesYang Tse2013-01-031-604/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 93 lib/*.c source files renamed to use our standard naming scheme. This commit only does the file renaming. ---------------------------------------- renamed: lib/amigaos.c -> lib/curl_amigaos.c renamed: lib/asyn-ares.c -> lib/curl_asyn_ares.c renamed: lib/asyn-thread.c -> lib/curl_asyn_thread.c renamed: lib/axtls.c -> lib/curl_axtls.c renamed: lib/base64.c -> lib/curl_base64.c renamed: lib/bundles.c -> lib/curl_bundles.c renamed: lib/conncache.c -> lib/curl_conncache.c renamed: lib/connect.c -> lib/curl_connect.c renamed: lib/content_encoding.c -> lib/curl_content_encoding.c renamed: lib/cookie.c -> lib/curl_cookie.c renamed: lib/cyassl.c -> lib/curl_cyassl.c renamed: lib/dict.c -> lib/curl_dict.c renamed: lib/easy.c -> lib/curl_easy.c renamed: lib/escape.c -> lib/curl_escape.c renamed: lib/file.c -> lib/curl_file.c renamed: lib/fileinfo.c -> lib/curl_fileinfo.c renamed: lib/formdata.c -> lib/curl_formdata.c renamed: lib/ftp.c -> lib/curl_ftp.c renamed: lib/ftplistparser.c -> lib/curl_ftplistparser.c renamed: lib/getenv.c -> lib/curl_getenv.c renamed: lib/getinfo.c -> lib/curl_getinfo.c renamed: lib/gopher.c -> lib/curl_gopher.c renamed: lib/gtls.c -> lib/curl_gtls.c renamed: lib/hash.c -> lib/curl_hash.c renamed: lib/hmac.c -> lib/curl_hmac.c renamed: lib/hostasyn.c -> lib/curl_hostasyn.c renamed: lib/hostcheck.c -> lib/curl_hostcheck.c renamed: lib/hostip.c -> lib/curl_hostip.c renamed: lib/hostip4.c -> lib/curl_hostip4.c renamed: lib/hostip6.c -> lib/curl_hostip6.c renamed: lib/hostsyn.c -> lib/curl_hostsyn.c renamed: lib/http.c -> lib/curl_http.c renamed: lib/http_chunks.c -> lib/curl_http_chunks.c renamed: lib/http_digest.c -> lib/curl_http_digest.c renamed: lib/http_negotiate.c -> lib/curl_http_negotiate.c renamed: lib/http_negotiate_sspi.c -> lib/curl_http_negotiate_sspi.c renamed: lib/http_proxy.c -> lib/curl_http_proxy.c renamed: lib/idn_win32.c -> lib/curl_idn_win32.c renamed: lib/if2ip.c -> lib/curl_if2ip.c renamed: lib/imap.c -> lib/curl_imap.c renamed: lib/inet_ntop.c -> lib/curl_inet_ntop.c renamed: lib/inet_pton.c -> lib/curl_inet_pton.c renamed: lib/krb4.c -> lib/curl_krb4.c renamed: lib/krb5.c -> lib/curl_krb5.c renamed: lib/ldap.c -> lib/curl_ldap.c renamed: lib/llist.c -> lib/curl_llist.c renamed: lib/md4.c -> lib/curl_md4.c renamed: lib/md5.c -> lib/curl_md5.c renamed: lib/memdebug.c -> lib/curl_memdebug.c renamed: lib/mprintf.c -> lib/curl_mprintf.c renamed: lib/multi.c -> lib/curl_multi.c renamed: lib/netrc.c -> lib/curl_netrc.c renamed: lib/non-ascii.c -> lib/curl_non_ascii.c renamed: lib/curl_non-ascii.h -> lib/curl_non_ascii.h renamed: lib/nonblock.c -> lib/curl_nonblock.c renamed: lib/nss.c -> lib/curl_nss.c renamed: lib/nwlib.c -> lib/curl_nwlib.c renamed: lib/nwos.c -> lib/curl_nwos.c renamed: lib/openldap.c -> lib/curl_openldap.c renamed: lib/parsedate.c -> lib/curl_parsedate.c renamed: lib/pingpong.c -> lib/curl_pingpong.c renamed: lib/polarssl.c -> lib/curl_polarssl.c renamed: lib/pop3.c -> lib/curl_pop3.c renamed: lib/progress.c -> lib/curl_progress.c renamed: lib/qssl.c -> lib/curl_qssl.c renamed: lib/rawstr.c -> lib/curl_rawstr.c renamed: lib/rtsp.c -> lib/curl_rtsp.c renamed: lib/security.c -> lib/curl_security.c renamed: lib/select.c -> lib/curl_select.c renamed: lib/sendf.c -> lib/curl_sendf.c renamed: lib/share.c -> lib/curl_share.c renamed: lib/slist.c -> lib/curl_slist.c renamed: lib/smtp.c -> lib/curl_smtp.c renamed: lib/socks.c -> lib/curl_socks.c renamed: lib/socks_gssapi.c -> lib/curl_socks_gssapi.c renamed: lib/socks_sspi.c -> lib/curl_socks_sspi.c renamed: lib/speedcheck.c -> lib/curl_speedcheck.c renamed: lib/splay.c -> lib/curl_splay.c renamed: lib/ssh.c -> lib/curl_ssh.c renamed: lib/sslgen.c -> lib/curl_sslgen.c renamed: lib/ssluse.c -> lib/curl_ssluse.c renamed: lib/strdup.c -> lib/curl_strdup.c renamed: lib/strequal.c -> lib/curl_strequal.c renamed: lib/strerror.c -> lib/curl_strerror.c renamed: lib/strtok.c -> lib/curl_strtok.c renamed: lib/strtoofft.c -> lib/curl_strtoofft.c renamed: lib/telnet.c -> lib/curl_telnet.c renamed: lib/tftp.c -> lib/curl_tftp.c renamed: lib/timeval.c -> lib/curl_timeval.c renamed: lib/transfer.c -> lib/curl_transfer.c renamed: lib/url.c -> lib/curl_url.c renamed: lib/version.c -> lib/curl_version.c renamed: lib/warnless.c -> lib/curl_warnless.c renamed: lib/wildcard.c -> lib/curl_wildcard.c ----------------------------------------
* build: make use of 76 lib/*.h renamed filesYang Tse2012-12-281-8/+8
| | | | | | 76 private header files renamed to use our standard naming scheme. This change affects 322 files in libcurl's source tree.
* setup_once.h: refactor inclusion of <unistd.h> and <sys/socket.h>Yang Tse2012-12-141-4/+0
| | | | Inclusion of top two most included header files now done in setup_once.h
* security.c: Aligned internal type to return typeMarc Hoersken2012-10-041-4/+4
| | | | | Use ssize_t instead of int to avoid conversion problems on 64-bit systems. Also added curlx_sztosi where necessary.
* include limits.h for INT_MAXYang Tse2011-08-241-0/+4
|
* add missing semicolonsDaniel Stenberg2011-08-241-1/+1
|
* base64: fix Curl_base64_encode and Curl_base64_decode interfacesYang Tse2011-08-241-10/+26
| | | | | | | | | | | Previous interfaces for these libcurl internal functions did not allow to tell apart a legitimate zero size result from an error condition. These functions now return a CURLcode indicating function success or otherwise specific error. Output size is returned using a pointer argument. All usage of these two functions, and others closely related, has been adapted to the new interfaces. Relative error and OOM handling adapted or added where missing. Unit test 1302 also adapted.
* stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.hYang Tse2011-07-261-3/+0
|
* source cleanup: unify look, style and indent levelsDaniel Stenberg2011-04-271-5/+5
| | | | | By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed.
* Fix a couple of spelling errors in lib/Fabian Keil2011-04-211-2/+2
| | | | Found with codespell.
* urldata: Capitalize enum protect_level values.Julien Chaffraix2010-11-131-23/+23
| | | | | This makes it easier to spot the enum values from the variables. Removed some unneeded DEBUGASSERT added in the previous commit.
* security: tighten enum protection_level usage.Julien Chaffraix2010-11-131-7/+14
| | | | | | | | | | While changing Curl_sec_read_msg to accept an enum protection_level instead of an int, I went ahead and fixed the usage of the associated fields. Some code was assuming that prot_clear == 0. Fixed those to use the proper value. Added assertions prior to any code that would set the protection level.
* security: Pass the right parameter to init.Julien Chaffraix2010-11-121-1/+1
| | | | | init is expecting app_data. Passing it the struct connecdata would make us crash later.
* krb4: make a few functions staticDaniel Stenberg2010-10-181-10/+2
|
* krb5-gssapi: Remove several memory leaks.Julien Chaffraix2010-09-281-3/+12
| | | | | | | | | | | Remove a leak seen on Kerberos/MIT (gss_OID is copied internally and we were leaking it). Now we just pass NULL as advised in RFC2744. |tmp| was never set back to buf->data. Cleaned up Curl_sec_end to take into account failure in Curl_sec_login (where conn->mech would be NULL but not conn->app_data or conn->in_buffer->data).
* security.c: Remove Curl_sec_fflush_fd.Julien Chaffraix2010-09-281-11/+0
| | | | | The current implementation would make us send wrong data on a closed socket. We don't buffer our data so the method can be safely removed.
* security.c: We should always register the socket handler.Julien Chaffraix2010-09-281-6/+8
| | | | | | | | | Following a change in the way socket handler are registered, the custom recv and send method were conditionaly registered. We need to register them everytime to handle the ftp security extensions. Re-added the clear text handling in sec_recv.
* security.c: Fix Curl_sec_login after rewrite.Julien Chaffraix2010-09-281-3/+2
| | | | | | Curl_sec_login was returning the opposite result that the code in ftp.c was expecting. Simplified the return code (using a CURLcode) so to see more clearly what is going on.
* security.c: Readd the '\n' to the infof() calls.Julien Chaffraix2010-09-281-8/+8
| | | | | They are not automatically added and make the output of the verbose mode a lot more readable.
* security.c: Fix typo (PSBZ -> PBSZ)Julien Chaffraix2010-09-281-1/+1
|
* security.c: Fix ftp_send_command.Julien Chaffraix2010-09-281-2/+5
| | | | | My use of va_args was completely wrong. Fixed the usage so that we send the right commands!
* Revert "security.c: buffer_read various fixes."Daniel Stenberg2010-09-241-6/+4
| | | | This reverts commit fbb38de415b7bb7d743e53a7b4b887ffb12b3e5b.
* security.c: removed superfluous parenthesesDaniel Stenberg2010-09-221-15/+15
| | | | | And also removed the FIXME where memory was zeroed just before freed, and some other minor whitespace changes.
* security.c: Update the #include statements after the rewrite.Julien Chaffraix2010-09-221-7/+4
|
* security.c: sec_write tweaksJulien Chaffraix2010-09-221-6/+10
| | | | | | - |fd| is now a curl_socket_t and |len| a size_t to avoid conversions. - Added 2 FIXMEs about the 2 unsigned -> signed conversions. - Included 2 minor changes to Curl_sec_end.
View Lorry Controller Status