Adds a "cw-pause" client writer in the PROTOCOL phase that buffers
output when the client paused the transfer. This prevents content
decoding from blowing the buffer in the "cw-out" writer.
Added test_02_35 that downloads 2 100MB gzip bombs in parallel and
pauses after 1MB of decoded 0's.
This is a solution to issue #16280, with some limitations:
- cw-out still needs buffering of its own, since it can be paused
"in the middle" of a write that started with some KB of gzipped
zeros and exploded into several MB of calls to cw-out.
- cw-pause will then start buffering on its own *after* the write
that caused the pause. cw-pause has no buffer limits, but the
data it buffers is still content-encoded.
Protocols like http/1.1 stop receiving, h2/h3 have window sizes,
so the cw-pause buffer should not grow out of control, at least
for these protocols.
- the current limit on cw-out's buffer is ~75MB (for whatever
historical reason). A potential content-encoding that blows 16KB
(the common h2 chunk size) into > 75MB would still blow the buffer,
making the transfer fail. A gzip of 0's makes 16KB into ~16MB, so
that still works.
A better solution would be to allow CURLE_AGAIN handling in the client
writer chain and make all content encoders handle that. This would stop
explosion of encoding on a pause right away. But this is a large change
of the deocoder operations.
Reported-by: lf- on github
Fixes#16280Closes#16296
Add a 'wanted' major HTTP version bitmask next to the 'allowed' bitmask
in HTTP version negotiation. This will try connections as specified in
'wanted', but enabled Alt-Svc and HTTPS-RR to redirect to other major
HTTP versions, if those are 'allowed'.
Changes libcurl internal default to `CURL_HTTP_VERSION_NONE` and removes
the code in curl that sets `CURL_HTTP_VERSION_2TLS` if the command line
does not say anything else.
Closes#16117
Remove `blocking` argument from cfilter's connect method.
Implement blocking behaviour in Curl_conn_connect() instead for all
filter chains.
Update filters implementations. Several of which did never use the
paramter (QUIC for example). Simplifies connect handling in TLS filters
that no longer need to loop
Fixed a blocking connect call in FTP when waiting on a socket accept()
which only worked because the filter did not implement it.
Closes#16397
curl attempts to clear some flags to hide them from snooping neighbors
(on platforms where it works). For example the credentials provided with
-u. Previously it would only do that if there was a space between the
option and the credentials as in "-u joe:s3cr3t" but not when done
without a separating space as in "-ujoe:s3cr3t".
This addresses that previous shortcoming.
Reported-by: kayrus on github
Fixes#16396Closes#16401
It's fixed in gcc 5.5.0.
Example: https://godbolt.org/z/x6Th8q844
Seen in gcc 5.1.0, 5.4.0 (both 32/64-bit) with dl-mingw:
```
lib/rtsp.c: In function 'rtsp_parse_transport':
lib/rtsp.c:1025:36: error: conversion to 'unsigned char' from 'int' may alter its value [-Werror=conversion]
rtp_channel_mask[idx] |= (unsigned char)(1 << off);
^
lib/mprintf.c: In function 'parsefmt':
lib/mprintf.c:526:31: error: conversion to 'unsigned char' from 'int' may alter its value [-Werror=conversion]
usedinput[width/8] |= (unsigned char)(1 << (width&7));
^
lib/mprintf.c:544:35: error: conversion to 'unsigned char' from 'int' may alter its value [-Werror=conversion]
usedinput[precision/8] |= (unsigned char)(1 << (precision&7));
^
lib/mprintf.c:559:29: error: conversion to 'unsigned char' from 'int' may alter its value [-Werror=conversion]
usedinput[param/8] |= (unsigned char)(1 << (param&7));
^
lib/cfilters.c: In function 'Curl_pollset_change':
lib/cfilters.c:935:25: error: conversion to 'unsigned char' from 'int' may alter its value [-Werror=conversion]
ps->actions[i] |= (unsigned char)add_flags;
^
```
gcc 5.1.0: https://github.com/curl/curl/actions/runs/13413103492/job/37467698381#step:9:21
gcc 5.4.0: https://github.com/curl/curl/actions/runs/13413103492/job/37467694479#step:9:19Closes#16398
To access the string and the length without having to directly use the
struct field names. Gives more freedom, flexbility and keeps
implementation specifics out of users' code.
Closes#16386
- using strparse cleans up the code and makes it easier to read and follow
- remove ? handling never used - since the path is provided without queries nowadays
- simplify sanitize_cookie_path
- avoid the strdup in pathmatch()
Closes#16386
ALPN requires mingw-w64 9.0 or newer.
Also fix ALPN-enabled builds for UWP. This assumes that WINE doesn't
support UWP, which seems to be the case when writing this.
Closes#16385
They have always been documented in lowercase. They have never been
claimed to be case insensitive. They mostly map to unix counterparts
that are always lowercase. Switch to case sensitive checks: lowercase.
Closes#16382
Around 2.3x speed-up parsing many large hexadecimal numbers. The decimal and
octal parser get marginally faster.
Still very readable, compact and easy to follow code.
Tweaks
- combine the max and the overflow check, gains 3ns/num (use a separate
check outside of the loop instead for max < base)
- one less indirection in the pointer, gains 3ns/num
- using the table lookup for hex nums, gains 5ns/num
- unfold the num_digit() macro, gains 3s/num
- use the hexasciitable unconditionally, gains 2ns/num
- use post-increment pointer in the table lookup, gains 1ns/num
- improved valid_digit() using the table for the hex case,
gains 26 ns/num
- use "max char" in valid_digit(), gains 3ns/num
Behavior changes:
- no longer returns STRE_TOO_BIG - only STRE_OVERFLOW
- does not move the char ** on error, which is probably better
Updated and extended test 1664 (significantly).
Closes#16374
- fold DoH and async HTTPS-RR handling into common code.
have common cleanups, etc. Have a CURLcode result in async
handling to allow HTTPS RR parsing to fail.
- keep target, ipv4hints, ipv6hints, port and echconfig also
when resolving via cares. We need to know `target` and `port`
when evaluating possible ALPN candidates to not go astray.
- add CURL_TRC_DNS for tracing DNS operations
- replace DoH specific tracing with DNS, use doh as alias
for dns in curl_global_tracea()
Closes#16132
Translate the `data->set.httpwant` which is one of the consts from the
public API (CURL_HTTP_VERSION_*) into a major version mask plus
additional flags for internal handling.
`Curl_http_neg_init()` does the translation and flags setting in http.c,
using new internal consts CURL_HTTP_V1x, CURL_HTTP_V2x and CURL_HTTP_V3x
for the major versions. The flags are
- only_10: when the application explicity asked fro HTTP/1.0
- h2_upgrade: when the application asks for upgrading 1.1 to 2.
- h2_prior_knowledge: when directly talking h2 without ALPN
- accept_09: when a HTTP/0.9 response is acceptable.
The Alt-Svc and HTTPS RR redirections from one ALPN to another obey the
allowed major versions. If a transfer has only h3 enabled, Alt-Svc
redirection to h2 is ignored.
This is the current implementation. It can be debated if Alt-Svc should
be able to override the allowed major versions. Added test_12_06 to
verify the current restriction.
Closes#16100
This also applies to --resolve of course.
Applied strparse functions on the function.
Fixes#16357
Reported-by: rmg-x on github
Closes#16358
Assisted-by: Jay Satiro
They use Visual Studio generators, which are multi-target.
The build command does the Release/Debug selection via `--config`.
Also:
- appveyor: drop unnecessary conditional for 3 options.
To sync with GHA.
- appveyor: drop unused `-DCMAKE_INSTALL_PREFIX=`.
To sync with GHA.
- sync cmake option order between GHA and appveyor.
Closes#16372
`./configure` uses `AC_CHECK_FUNC` for these checks, with one exception
(`SSL_CTX_set_srp_username`). It's slightly less precise but simpler as
it doesn't need headers and/or macros. Do the same in CMake.
It also allows merging ECH detections across OpenSSL forks in CMake too.
Closes#16352
Give peers and `exportable` flag, set TRUE when sessions for this peer
should not be exported. This evalualtes if the peer uses confidential
information (like srp username/password), a client certificate OR if the
"ssl_peer_key" contains relative paths.
When SSL is configured with paths for relevant components, like CA trust
anchors, an attempt is made to make this path absolute. When that does
not work or the infrstructure is not available, the peer key is marked
as *local*.
Exporting sessions based on relative paths may lead to confusion when
later imported in another execution context.
Closes#16322
Curl's double linked list is proven code, but it comes with some
additional memory overhead. Since hash's internal list of elements needs
only forward traversals, it seems worthwhile to use a single linked list
internally.
This saves 3 pointers per entry plus 3 pointers per slot.
Closes#16351
Since the ISBLANK() and ISSPACE() macros check for specific matches,
there is no point in using while(*ptr && ISSPACE(*ptr)) etc, as the
'*ptr' check is then superfluous.
Closes#16363
This reverts the main part of commit
3f79695be9e4628d246740bcd36c627daab676ca, but keeping the
formatting fix.
Closes https://github.com/curl/curl/pull/16356
- Use the variable name 'var' instead of 'url' since the latter is also
a function name and that may confuse the user.
Closes https://github.com/curl/curl/pull/16346
- Terminate a code section before parsing a heading line.
Prior to this change when a code line (eg " code") was followed
by a heading line (eg "## heading") the code section in the output
was terminated after converting the header instead of before. That led
to some weird formatting outputs depending on the nroff or roffit etc.
With this change:
.nf
curl \--expand\-url https.//example.com/{{url:trim}}
.fi
.IP json
Without this change:
.nf
curl \--expand\-url https.//example.com/{{url:trim}}
.IP json
.fi
Closes https://github.com/curl/curl/pull/16345
- Fix option 'single' to generate single manpages.
As far as I can tell the option did not work prior to this change.
Example: scripts/managen -d docs/cmdline-opts single variable.md
Closes https://github.com/curl/curl/pull/16344
- replace `add_compile_options()`, `add_definitions()` with directory
properties. To harmonize this across all scripts. The new commands are
verbose, but describe better how they work. The syntax is also closer
to setting target properties, helps grepping.
- prefer `CMAKE_INSTALL_PREFIX` over `--prefix` (in tests, CI).
- tidy up cmake invocations.
- formatting.
Closes#16238
Fix or silence compiler warnings happening in feature detections
to reduce log noise. Warnings may also get promoted to errors in certain
cases, causing missed detections.
It reduces the number of warnings by 4500+ across the linux, linux-old,
macos, non-native and windows GHA workflows (~142 jobs).
Also move picky warning logic for MSVC/Borland to
`CMake/PickyWarnings.cmake. To make them listed in the picky-warnings
log output, and to also apply to feature detections to make them compile
under the same conditions as source code. The hope is to help catching
issues faster. It also improves code quality of feature tests.
Fixed/silenced:
```
warning #177: variable "dummy" was declared but never referenced
warning #177: variable "flag" was declared but never referenced
warning #177: variable "res" was declared but never referenced
warning #592: variable "s" is used before its value is set
warning #1011: missing return statement at end of non-void function "main"
warning #1786: function "SSL_CTX_set_srp_password" (declared at line 1888 of "/usr/include/openssl/ssl.h") was declared deprecated ("Since OpenSSL 3.0")
warning #1786: function "SSL_CTX_set_srp_username" (declared at line 1887 of "/usr/include/openssl/ssl.h") was declared deprecated ("Since OpenSSL 3.0")
warning #2332: a value of type "const char *" cannot be assigned to an entity of type "char *" (dropping qualifiers)
warning: 'SSL_CTX_set_srp_password' is deprecated [-Wdeprecated-declarations]
warning: 'SSL_CTX_set_srp_password' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: 'SSL_CTX_set_srp_username' is deprecated [-Wdeprecated-declarations]
warning: 'SSL_CTX_set_srp_username' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: 'b' is used uninitialized [-Wuninitialized]
warning: 'gethostname' redeclared without dllimport attribute: previous dllimport ignored [-Wattributes]
warning: Undefined or garbage value returned to caller [core.uninitialized.UndefReturn]
warning: Value stored to 'i' is never read [deadcode.DeadStores]
warning: assigning to 'char *' from 'const char *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
warning: control reaches end of non-void function [-Wreturn-type]
warning: empty expression statement has no effect; remove unnecessary ';' to silence this warning [-Wextra-semi-stmt]
warning: excess elements in struct initializer
warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
warning: macro "_FILE_OFFSET_BITS" is not used [-Wunused-macros]
warning: macro "_REENTRANT" is not used [-Wunused-macros]
warning: missing braces around initializer [-Wmissing-braces]
warning: no previous extern declaration for non-static variable 'off_t_is_large' [-Wmissing-variable-declarations]
warning: no previous prototype for 'check' [-Wmissing-prototypes]
warning: no previous prototype for function 'check' [-Wmissing-prototypes]
warning: null argument where non-null required (argument 2) [-Wnonnull]
warning: passing 'const char[1]' to parameter of type 'char *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
warning: passing argument 2 of 'SSL_CTX_set_srp_password' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
warning: passing argument 2 of 'SSL_CTX_set_srp_username' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
warning: unused parameter 'c' [-Wunused-parameter]
warning: unused parameter 'f' [-Wunused-parameter]
warning: unused variable 'data' [-Wunused-variable]
warning: unused variable 'dummy' [-Wunused-variable]
warning: unused variable 'flag' [-Wunused-variable]
warning: unused variable 'res' [-Wunused-variable]
warning: unused variable 's' [-Wunused-variable]
warning: variable 's' set but not used [-Wunused-but-set-variable]
warning: variable 'ts' set but not used [-Wunused-but-set-variable]
```
Closes#16287
