diff options
author | Elliott Hughes <enh@google.com> | 2018-05-30 15:43:58 -0700 |
---|---|---|
committer | Elliott Hughes <enh@google.com> | 2018-05-30 15:43:58 -0700 |
commit | 1ef06bace62ce735c9bc61f21025dad170fd1af4 (patch) | |
tree | d60783f9cd6e95c69bf0e1898b9146a73f087be8 /lib/curl_sasl.c | |
parent | f035f52daa6e33ea38cb371eccacd5b91958f5a0 (diff) | |
download | external_curl-1ef06bace62ce735c9bc61f21025dad170fd1af4.tar.gz external_curl-1ef06bace62ce735c9bc61f21025dad170fd1af4.tar.bz2 external_curl-1ef06bace62ce735c9bc61f21025dad170fd1af4.zip |
Update to 7.60.0 - May 15 2018.
Changes:
Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
Add --haproxy-protocol for the command line tool
Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses
Bugfixes:
FTP: shutdown response buffer overflow CVE-2018-1000300
RTSP: bad headers buffer over-read CVE-2018-1000301
FTP: fix typo in recursive callback detection for seeking
test1208: marked flaky
HTTP: make header-less responses still count correct body size
user-agent.d:: mention --proxy-header as well
http2: fixes typo
cleanup: misc typos in strings and comments
rate-limit: use three second window to better handle high speeds
examples/hiperfifo.c: improved
pause: when changing pause state, update socket state
multi: improved pending transfers handling => improved performance
curl_version_info.3: fix ssl_version description
add_handle/easy_perform: clear errorbuffer on start if set
darwinssl: fix iOS build
cmake: add support for brotli
parsedate: support UT timezone
vauth/ntlm.h: fix the #ifdef header guard
lib/curl_path.h: added #ifdef header guard
vauth/cleartext: fix integer overflow check
CURLINFO_COOKIELIST.3: made the example not leak memory
cookie.d: mention that "-" as filename means stdin
CURLINFO_SSL_VERIFYRESULT.3: fixed the example
http2: read pending frames (including GOAWAY) in connection-check
timeval: remove compilation warning by casting
cmake: avoid warn-as-error during config checks
travis-ci: enable -Werror for CMake builds
openldap: fix for NULL return from ldap_get_attribute_ber()
threaded resolver: track resolver time and set suitable timeout values
cmake: Add advapi32 as explicit link library for win32
docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
test1148: set a fixed locale for the test
cookies: when reading from a file, only remove_expired once
cookie: store cookies per top-level-domain-specific hash table
openssl: fix build with LibreSSL 2.7
tls: fix mbedTLS 2.7.0 build + handle sha256 failures
openssl: RESTORED verify locations when verifypeer==0
file: restore old behavior for file:////foo/bar URLs
FTP: allow PASV on IPv6 connections when a proxy is being used
build-openssl.bat: allow custom paths for VS and perl
winbuild: make the clean target work without build-type
build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
curl: retry on FTP 4xx, ignore other protocols
configure: detect (and use) sa_family_t
examples/sftpuploadresume: Fix Windows large file seek
build: cleanup to fix clang warnings/errors
winbuild: updated the documentation
lib: silence null-dereference warnings
travis: bump to clang 6 and gcc 7
travis: build libpsl and make builds use it
proxy: show getenv proxy use in verbose output
duphandle: make sure CURLOPT_RESOLVE is duplicated
all: Refactor malloc+memset to use calloc
checksrc: Fix typo
system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
vauth: Fix typo
ssh: show libSSH2 error code when closing fails
test1148: tolerate progress updates better
urldata: make service names unconditional
configure: keep LD_LIBRARY_PATH changes local
ntlm_sspi: fix authentication using Credential Manager
schannel: add client certificate authentication
winbuild: Support custom devel paths for each dependency
schannel: add support for CURLOPT_CAINFO
http2: handle on_begin_headers() called more than once
openssl: support OpenSSL 1.1.1 verbose-mode trace messages
openssl: fix subjectAltName check on non-ASCII platforms
http2: avoid strstr() on data not zero terminated
http2: clear the "drain counter" when a stream is closed
http2: handle GOAWAY properly
tool_help: clarify --max-time unit of time is seconds
curl.1: clarify that options and URLs can be mixed
http2: convert an assert to run-time check
curl_global_sslset: always provide available backends
ftplistparser: keep state between invokes
Curl_memchr: zero length input can't match
examples/sftpuploadresume: typecast fseek argument to long
examples/http2-upload: expand buffer to avoid silly warning
ctype: restore character classification for non-ASCII platforms
mime: avoid NULL pointer dereference risk
cookies: ensure that we have cookies before writing jar
os400.c: fix checksrc warnings
configure: provide --with-wolfssl as an alias for --with-cyassl
cyassl: adapt to libraries without TLS 1.0 support built-in
http2: get rid of another strstr
checksrc: force indentation of lines after an else
cookies: remove unused macro
CURLINFO_PROTOCOL.3: mention the existing defined names
tests: provide 'manual' as a feature to optionally require
travis: enable libssh2 on both macos and Linux
CURLOPT_URL.3: added ENCODING section
wolfssl: Fix non-blocking connect
vtls: don't define MD5_DIGEST_LENGTH for wolfssl
docs: remove extraneous commas in man pages
URL: fix ASCII dependency in strcpy_url and strlen_url
ssh-libssh.c: fix left shift compiler warning
configure: only check for CA bundle for file-using SSL backends
travis: add an mbedtls build
http: don't set the "rewind" flag when not uploading anything
configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
transfer: don't unset writesockfd on setup of multiplexed conns
vtls: use unified "supports" bitfield member in backends
URLs: fix one more http url
travis: add a build using WolfSSL
openssl: change FILE ops to BIO ops
travis: add build using NSS
smb: reject negative file sizes
cookies: accept parameter names as cookie name
http2: getsock fix for uploads
all over: fixed format specifiers
http2: use the correct function pointer typedef
Bug: http://b/78771319
Test: builds, boots, `vendor/google/tools/fake-ota on streaming` works
Change-Id: Icfcaf6f3f6e5e00894d731c1623ebd66674bcb0d
Diffstat (limited to 'lib/curl_sasl.c')
-rw-r--r-- | lib/curl_sasl.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index 7052bd91..e54e4875 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -265,7 +265,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn, const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : conn->host.name; const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port; -#if defined(USE_KERBEROS5) +#if defined(USE_KERBEROS5) || defined(USE_NTLM) const char *service = data->set.str[STRING_SERVICE_NAME] ? data->set.str[STRING_SERVICE_NAME] : sasl->params->service; @@ -333,7 +333,10 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn, if(force_ir || data->set.sasl_ir) result = Curl_auth_create_ntlm_type1_message(data, conn->user, conn->passwd, - &conn->ntlm, &resp, &len); + service, + hostname, + &conn->ntlm, &resp, + &len); } else #endif @@ -419,13 +422,11 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn, char *chlg = NULL; size_t chlglen = 0; #endif -#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) +#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) || \ + defined(USE_NTLM) const char *service = data->set.str[STRING_SERVICE_NAME] ? data->set.str[STRING_SERVICE_NAME] : sasl->params->service; -#endif -#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) || \ - defined(USE_NTLM) char *serverdata; #endif size_t len = 0; @@ -496,6 +497,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn, /* Create the type-1 message */ result = Curl_auth_create_ntlm_type1_message(data, conn->user, conn->passwd, + service, hostname, &conn->ntlm, &resp, &len); newstate = SASL_NTLM_TYPE2MSG; break; |