summaryrefslogtreecommitdiff
path: root/lib/smtp.c
Commit message (Collapse)AuthorAgeFilesLines
* escape: make the URL decode able to reject only %00 bytesDaniel Stenberg2020-06-251-2/+3
| | | | | | ... or all "control codes" or nothing. Assisted-by: Nicolas Sterchele
* urldata: connect related booleans live in struct ConnectBitsDaniel Stenberg2020-05-271-2/+2
| | | | | | And remove a few unused booleans! Closes #5461
* smtp: set auth correctlyDaniel Stenberg2020-04-251-4/+1
| | | | | | | | | | | | Regression since 7.69.0 and 68fb25fa3fcff. The code wrongly assigned 'from' instead of 'auth' which probably was a copy and paste mistake from other code, leading to that auth could remain NULL and later cause an error to be returned. Assisted-by: Eric Sauvageau Fixes #5294 Closes #5295
* lib: fix typos in comments and errormessagesDaniel Gustafsson2020-04-201-3/+3
| | | | | This fixes a few randomly spotted typos in recently merged code, most notably one in a userfacing errormessage the schannel code.
* smtp: overwriting 'from' leaks memoryDaniel Stenberg2020-02-281-0/+3
| | | | | | | | Detected by Coverity. CID 1418139. Also, make sure to return error if the new 'from' allocation fails. Closes #4997
* smtp: fix memory leak on exit pathDaniel Stenberg2020-02-271-1/+3
| | | | | | | Detected by Coverity. CID 1418139. "leaked_storage: Variable 'from' going out of scope leaks the storage it points to" Closes #4990
* Curl_is_ASCII_name: handle a NULL argumentDaniel Stenberg2020-02-271-2/+0
| | | | | | | | | | | | Make the function tolerate a NULL pointer input to avoid dereferencing that pointer. Follow-up to efce3ea5a85126d Detected by OSS-Fuzz Reviewed-By: Steve Holme Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20907 Fixes #4985 Closes #4986
* smtp: Tidy up, following recent changes, to maintain the coding styleSteve Holme2020-02-261-4/+4
| | | | Closes #4892
* smtp: Support the SMTPUTF8 extension for the EXPN commandSteve Holme2020-02-261-9/+16
| | | | Simply notify the server we support the SMTPUTF8 extension if it does.
* smtp: Support the SMTPUTF8 extension in the VRFY commandSteve Holme2020-02-261-2/+15
|
* smtp: Support the SMTPUTF8 extension in the RCPT TO commandSteve Holme2020-02-261-1/+18
| | | | | | Note: The RCPT TO command isn't required to advertise to the server that it contains UTF-8 characters, instead the server is told that a mail may contain UTF-8 in any envelope command via the MAIL command.
* smtp: Support the SMTPUTF8 extension in the MAIL commandSteve Holme2020-02-261-13/+36
| | | | | | | | | | Support the SMTPUTF8 extension when sending mailbox information in the MAIL command (FROM and AUTH parameters). Non-ASCII domain names will be ACE encoded, if IDN is supported, whilst non-ASCII characters in the local address part are passed to the server. Reported-by: ygthien on github Fixes #4828
* smtp: Detect server support for the UTF-8 extension as defined in RFC-6531Steve Holme2020-02-261-0/+5
|
* smtp: Support UTF-8 based host names in the VRFY commandSteve Holme2020-02-261-6/+28
|
* smtp: Support UTF-8 based host names in the RCPT TO commandSteve Holme2020-02-261-5/+19
|
* smtp: Support UTF-8 based host names in the MAIL commandSteve Holme2020-02-261-6/+121
| | | | Non-ASCII host names will be ACE encoded if IDN is supported.
* smtp: Simplify the MAIL command and avoid a duplication of send stringsSteve Holme2020-02-091-12/+7
| | | | | | | | This avoids the duplication of strings when the optional AUTH and SIZE parameters are required. It also assists with the modifications that are part of #4892. Closes #4903
* smtp: Allow RCPT TO command to fail for some recipientsPavel Volgarev2020-01-211-8/+42
| | | | | | | | Introduces CURLOPT_MAIL_RCPT_ALLLOWFAILS. Verified with the new tests 3002-3007 Closes #4816
* smtp: check for and bail out on too short EHLO responseDaniel Stenberg2019-09-031-1/+5
| | | | | | | | | | | | Otherwise, a three byte response would make the smtp_state_ehlo_resp() function misbehave. Credit to OSS-Fuzz Bug: https://crbug.com/oss-fuzz/16918 Assisted-by: Max Dymond Closes #4287
* cleanup: remove the 'numsocks' argument used in many placesDaniel Stenberg2019-07-301-5/+3
| | | | | | | | | It was used (intended) to pass in the size of the 'socks' array that is also passed to these functions, but was rarely actually checked/used and the array is defined to a fixed size of MAX_SOCKSPEREASYHANDLE entries that should be used instead. Closes #4169
* build: fix Codacy warningsMarcel Raad2019-06-051-10/+5
| | | | | | Reduce variable scopes and remove redundant variable stores. Closes https://github.com/curl/curl/pull/3975
* cleanup: remove FIXME and TODO commentsDaniel Stenberg2019-05-161-6/+1
| | | | | | | | | They serve very little purpose and mostly just add noise. Most of them have been around for a very long time. I read them all before removing or rephrasing them. Ref: #3876 Closes #3883
* emailL Added reference to RFC8314 for implicit TLSSteve Holme2019-04-111-0/+1
|
* smtp: fix compiler warningRikard Falkeborn2019-04-041-1/+1
| | | | | | | | | | | | | | | | | | | - Fix clang string-plus-int warning. Clang 8 warns about adding a string to an int does not append to the string. Indeed it doesn't, but that was not the intention either. Use array indexing as suggested to silence the warning. There should be no functional changes. (In other words clang warns about "foo"+2 but not &"foo"[2] so use the latter.) smtp.c:1221:29: warning: adding 'int' to a string does not append to the string [-Wstring-plus-int] eob = strdup(SMTP_EOB + 2); ~~~~~~~~~~~~~~~~^~~~ Closes https://github.com/curl/curl/pull/3729
* urldata: simplify bytecountersDaniel Stenberg2019-03-011-2/+2
| | | | | | | | | | | | | - no need to have them protocol specific - no need to set pointers to them with the Curl_setup_transfer() call - make Curl_setup_transfer() operate on a transfer pointer, not connection - switch some counters from long to the more proper curl_off_t type Closes #3627
* smtp: avoid risk of buffer overflow in strtolDaniel Gustafsson2019-02-041-2/+6
| | | | | | | | | | | If the incoming len 5, but the buffer does not have a termination after 5 bytes, the strtol() call may keep reading through the line buffer until is exceeds its boundary. Fix by ensuring that we are using a bounded read with a temporary buffer on the stack. Bug: https://curl.haxx.se/docs/CVE-2019-3823.html Reported-by: Brian Carpenter (Geeknik Labs) CVE-2019-3823
* pingpong: ignore regular timeout in disconnect phaseDaniel Stenberg2018-12-171-5/+6
| | | | | | | | | | | The timeout set with CURLOPT_TIMEOUT is no longer used when disconnecting from one of the pingpong protocols (FTP, IMAP, SMTP, POP3). Reported-by: jasal82 on github Fixes #3264 Closes #3374
* url: use the URL API internally as wellDaniel Stenberg2018-09-221-4/+1
| | | | | | ... to make it a truly unified URL parser. Closes #3017
* CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer sizeDaniel Stenberg2018-09-061-2/+2
| | | | | | | This is step 3 of #2888. Fixes #2888 Closes #2896
* smtp: use the upload buffer size for scratch buffer mallocDaniel Stenberg2018-07-091-1/+2
| | | | | | | | ... not the read buffer size, as that can be set smaller and thus cause a buffer overflow! CVE-2018-0500 Reported-by: Peter Wu Bug: https://curl.haxx.se/docs/adv_2018-70a2.html
* cppcheck: fix warningsMarian Klymov2018-06-111-1/+1
| | | | | | | | | | | | | - Get rid of variable that was generating false positive warning (unitialized) - Fix issues in tests - Reduce scope of several variables all over etc Closes #2631
* smtp: fix processing of initial dot in dataPatrick Monnerat2018-02-121-0/+5
| | | | | | | | | | | RFC 5321 4.1.1.4 specifies the CRLF terminating the DATA command should be taken into account when chasing the <CRLF>.<CRLF> end marker. Thus a leading dot character in data is also subject to escaping. Tests 911 and test server are adapted to this situation. New tests 951 and 952 check proper handling of initial dot in data. Closes #2304
* smtp/pop3/imap_get_message: decrease the data length too...Daniel Stenberg2018-01-151-3/+5
| | | | | | | | Follow-up commit to 615edc1f73 which was incomplete. Assisted-by: Max Dymond Detected by OSS-fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5206
* sasl_getmesssage: make sure we have a long enough string to passDaniel Stenberg2017-12-051-12/+17
| | | | | | | | | | For pop3/imap/smtp, added test 891 to somewhat verify the pop3 case. For this, I enhanced the pingpong test server to be able to send back responses with LF-only instead of always using CRLF. Closes #2150
* time: rename Curl_tvnow to Curl_nowDaniel Stenberg2017-10-251-1/+1
| | | | | | | | | | ... since the 'tv' stood for timeval and this function does not return a timeval struct anymore. Also, cleaned up the Curl_timediff*() functions to avoid typecasts and clean up the descriptive comments. Closes #2011
* smtp_done: free data before returning (on send failure)Daniel Stenberg2017-10-101-3/+3
| | | | | | | | | | ... as otherwise it could leak that memory. Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600 Assisted-by: Max Dymond Closes #1977
* smtp: fix memory leak in OOMDaniel Stenberg2017-09-201-1/+4
| | | | | | | Regression since ce0881edee Coverity CID 1418139 and CID 1418136 found it, but it was also seen in torture testing.
* mime: new MIME API.Patrick Monnerat2017-09-021-3/+34
| | | | | | | Available in HTTP, SMTP and IMAP. Deprecates the FORM API. See CURLOPT_MIMEPOST. Lib code and associated documentation.
* handler: refactor connection checkingMax Dymond2017-06-301-0/+2
| | | | | | Add a new type of callback to Curl_handler which performs checks on the connection. Alter RTSP so that it uses this callback to do its own check on connection health.
* http-proxy: only attempt FTP over HTTP proxyDaniel Stenberg2017-06-151-76/+0
| | | | | | | | | | ... all other non-HTTP protocol schemes are now defaulting to "tunnel trough" mode if a HTTP proxy is specified. In reality there are no HTTP proxies out there that allow those other schemes. Assisted-by: Ray Satiro, Michael Kaufmann Closes #1505
* buffer: use data->set.buffer_size instead of BUFSIZEDaniel Stenberg2017-05-011-1/+1
| | | | ... to properly use the dynamically set buffer size!
* URL: only accept ";options" in SMTP/POP3/IMAP URL schemesDaniel Stenberg2017-02-101-3/+4
| | | | Fixes #1252
* smtp: Fix STARTTLS denied error messageJay Satiro2017-01-121-1/+1
| | | | - Format the numeric denial code as an integer instead of a character.
* checksrc: white space edits to comply to stricter checksrcDaniel Stenberg2016-11-241-1/+1
|
* checksrc: code style: use 'char *name' styleDaniel Stenberg2016-11-241-2/+2
|
* strcasecompare: all case insensitive string compares ignore locale nowDaniel Stenberg2016-10-311-1/+0
| | | | | We had some confusions on when each function was used. We should not act differently on different locales anyway.
* strcasecompare: is the new name for strequal()Daniel Stenberg2016-10-311-3/+2
| | | | | | | ... to make it less likely that we forget that the function actually does case insentive compares. Also replaced several invokes of the function with a plain strcmp when case sensitivity is not an issue (like comparing with "-").
* errors: new alias CURLE_WEIRD_SERVER_REPLY (8)Jay Satiro2016-09-071-1/+1
| | | | | | | | Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as more of a generic "failed to parse" introduce an alias without FTP in the name. Closes https://github.com/curl/curl/pull/975
* internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg2016-06-221-22/+22
|
* smtp: minor ident (white space) fixesDaniel Stenberg2016-05-231-8/+8
|
View Lorry Controller Status