Commit Graph

29994 Commits

Author SHA1 Message Date
Viktor Szakats
079079b2fd
src: silence wmain() warning for all build methods
llvm/clang and gcc doesn't recognize the wmain() function in Unicode
Windows builds:

llvm/clang:
```
../../src/tool_main.c:239:5: warning: no previous prototype for function 'wmain' [-Wmissing-prototypes]
int wmain(int argc, wchar_t *argv[])
    ^
1 warning generated.
```

gcc:
```
../../src/tool_main.c:239:5: warning: no previous prototype for 'wmain' [-Wmissing-prototypes]
  239 | int wmain(int argc, wchar_t *argv[])
      |     ^~~~~
```

Before this patch, we already silenced it with CMake. This patch moves
the silencing to the source, so that it applies to all build tools.

Bug: https://github.com/curl/curl/issues/7229#issuecomment-1464806651

Reviewed-by: Marcel Raad
Closes #10744
2023-03-11 15:21:43 +00:00
Dan Fandrich
c2b7249db2 CI: fix retrying on brew failures
The previous attempt didn't consider that the shell would exit
immediately after the false statement in the retry case.

Follow-up to dc141a37
2023-03-10 16:41:25 -08:00
Stefan Eissing
544a7f804d
http2: fix error handling during parallel operations
RST and connection close were not handled correctly during parallel
transfers, leading to aborted response bodies being reported complete.

Closes #10715
2023-03-10 23:52:53 +01:00
Daniel Stenberg
cb49e67303
url: only reuse connections with same GSS delegation
Reported-by: Harry Sintonen
Closes #10731
2023-03-10 23:30:34 +01:00
Viktor Szakats
b725fe1944
lib: silence clang/gcc -Wvla warnings in brotli headers
brotli v1.0.0 throughout current latest v1.0.9 and latest master [1]
trigger this warning.

It happened with CMake and GNU Make. autotools builds avoid it with
the `convert -I options to -isystem` macro.

llvm/clang:
```
In file included from ./curl/lib/content_encoding.c:36:
./brotli/x64-ucrt/usr/include/brotli/decode.h:204:34: warning: variable length array used [-Wvla]
    const uint8_t encoded_buffer[BROTLI_ARRAY_PARAM(encoded_size)],
                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./brotli/x64-ucrt/usr/include/brotli/port.h:253:34: note: expanded from macro 'BROTLI_ARRAY_PARAM'
                                 ^~~~~~
In file included from ./curl/lib/content_encoding.c:36:
./brotli/x64-ucrt/usr/include/brotli/decode.h:206:48: warning: variable length array used [-Wvla]
    uint8_t decoded_buffer[BROTLI_ARRAY_PARAM(*decoded_size)]);
                           ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
./brotli/x64-ucrt/usr/include/brotli/port.h:253:35: note: expanded from macro 'BROTLI_ARRAY_PARAM'
                                 ~^~~~~
```

gcc:
```
In file included from ./curl/lib/content_encoding.c:36:
./brotli/x64-ucrt/usr/include/brotli/decode.h:204:5: warning: ISO C90 forbids variable length array 'encoded_buffer' [-Wvla]
  204 |     const uint8_t encoded_buffer[BROTLI_ARRAY_PARAM(encoded_size)],
      |     ^~~~~
./brotli/x64-ucrt/usr/include/brotli/decode.h:206:5: warning: ISO C90 forbids variable length array 'decoded_buffer' [-Wvla]
  206 |     uint8_t decoded_buffer[BROTLI_ARRAY_PARAM(*decoded_size)]);
      |     ^~~~~~~
```

[1] ed1995b6bd

Reviewed-by: Daniel Stenberg
Reviewed-by: Marcel Raad
Closes #10738
2023-03-10 22:24:24 +00:00
Daniel Stenberg
4e2b52b5f7
curl_path: create the new path with dynbuf
Closes #10729
2023-03-10 23:20:19 +01:00
Daniel Stenberg
f384d40718
url: remove dummy protocol handler
Just two added checks were needed saves a whole handler struct.

Closes #10727
2023-03-10 23:19:20 +01:00
Dan Fandrich
dc141a37d3 CI: retry a failed brew update too, not just brew install
Also, make sure an eventual failure ends up returning a failure code so
the job stops.
2023-03-10 09:55:11 -08:00
Daniel Stenberg
af369db4d3
url: fix the SSH connection reuse check
Reported-by: Harry Sintonen
Closes #10735
2023-03-10 17:54:32 +01:00
Daniel Stenberg
fcee070cb1
CURLOPT_PROXY.3: curl+NSS does not handle HTTPS over unix domain socket
It results in error "NSS error -5985 (PR_ADDRESS_NOT_SUPPORTED_ERROR)"

Disabled test 1470 for NSS builds and documented the restriction.

Reported-by: Dan Fandrich
Fixes #10723
Closes #10734
2023-03-10 17:50:20 +01:00
Daniel Stenberg
dca4cdf071
CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
Reported-by: Hiroki Kurosawa
Closes #10732
2023-03-10 17:45:55 +01:00
Daniel Stenberg
538b1e79a6
telnet: only accept option arguments in ascii
To avoid embedded telnet negotiation commands etc.

Reported-by: Harry Sintonen
Closes #10728
2023-03-10 17:43:18 +01:00
Daniel Stenberg
674a0662cf test1903: test use of COOKIEFILE - reset - COOKIEFILE
This also tests for the memory leak bug fixed by parent commit b559ef6f.

Ref: #10694

Closes https://github.com/curl/curl/pull/10712
2023-03-10 03:56:59 -05:00
Jay Satiro
b559ef6f36 url: fix cookielist memleak when curl_easy_reset
- Free set.cookelist in Curl_freeset instead of Curl_close.

Prior to this change the cookielist linked list wasn't freed by
curl_easy_reset which calls Curl_freeset to free all set.

Bug: https://github.com/curl/curl/issues/10694#issuecomment-1458619157
Reported-by: Sergey Ryabinin

Closes https://github.com/curl/curl/pull/10709
2023-03-10 03:49:16 -05:00
Dan Fandrich
297ad6ae18 tests: fix some keywords and unused sections 2023-03-10 00:17:29 -08:00
Dan Fandrich
c10c0c0578 tests: fix test1301 to call the right binary
It was refactored in commit 480ac6e5 but this step was missed.
2023-03-10 00:17:29 -08:00
Dan Fandrich
b5d955bc79 tests: add timeout, SLOWDOWN and DELAY keywords to tests
These are tests that are testing timing and end up being quite slow.
2023-03-10 00:17:29 -08:00
Daniel Stenberg
c4a89cb153
RELEASE-NOTES: synced 2023-03-10 08:14:53 +01:00
Stefan Eissing
940b67803a
wolfSSL: ressurect the BIO io_result
In pytest'ing the situation occored that wolfSSL reported an
IO error when the underlying BIO operation was returning an
CURLE_AGAIN condition.

Readding the `io_result` filter context member to detect such
situations.

Also, making sure that the returned CURLcode is initialized
on all recv operations outcome.

Closes #10716
2023-03-10 08:06:17 +01:00
Stefan Eissing
adaec5d1d0
gssapi: align global gss_OID_desc vars to silence ld warnings on macOS ventura
Refs #9975 which first reported this.

Closes #10718
2023-03-10 08:04:42 +01:00
Daniel Stenberg
8b5f100db3
libssh2: only set the memory callbacks when debugging
This makes us debug libssh2 less and libcurl more when for example
running torture tests that otherwise will spend a lot of time in libssh2
functions.

We leave libssh2 to test libssh2.

Closes #10721
2023-03-10 08:01:47 +01:00
Daniel Stenberg
56f306a5a6
docs/SECURITY-PROCESS.md: updates
- allow Low+Medium issues to be managed through plain PRs
- update the bug-bounty part to reflect current reality

Closes #10719
2023-03-10 08:00:38 +01:00
Dan Fandrich
37a3c63427 tests: fix tag markup issues in some tests 2023-03-09 10:27:39 -08:00
Marcel Raad
29a19369ec
tests: add cookies features
These tests don't work with `--disable-cookies`.

Closes https://github.com/curl/curl/pull/10713
2023-03-09 14:33:05 +01:00
Marcel Raad
387dbe53c4
test420: add cookies keyword
It fails with `--disable-cookies`.

Closes https://github.com/curl/curl/pull/10713
2023-03-09 14:33:03 +01:00
Dan Fandrich
d194a19ed4 CI: Add more labeler match patterns
Also, add the  CI, tests or libcurl API tags in conjunction with any
others that might also apply.
2023-03-08 16:43:38 -08:00
andy5995
ab456e4e50
GHA: minor improvements to spellcheck
Closes #10640
2023-03-09 00:16:04 +01:00
Daniel Stenberg
3bef98f615
test1671: fix after fix 2023-03-09 00:13:41 +01:00
Daniel Stenberg
27a7600871
test421: -w %{header_json} test with multiple same header names
To reproduce the issue in #10704
2023-03-09 00:13:41 +01:00
Daniel Stenberg
842be672c8
tool_writeout_json. fix the output for duplicate header names
Header entries with index != 0 are handled at the index 0 level so they
should then be skipped when iterated over.

Reported-by: Boris Okunskiy
Fixes #10704
Closes #10707
2023-03-09 00:13:41 +01:00
Daniel Stenberg
05616379ee
headers: make curl_easy_header and nextheader return different buffers
By letting curl_easy_header() and curl_easy_nextheader() store the
header data in their own struct storage when they return a pointer to
it, it makes it possible for applications to use them both in a loop.
Like the curl tool does.

Reported-by: Boris Okunskiy
Fixes #10704
Closes #10707
2023-03-09 00:13:41 +01:00
rcombs
b1d735956f
urlapi: take const args in _dup and _get functions
Closes #10708
2023-03-08 15:38:26 +01:00
rcombs
95cb7d3166
urlapi: avoid mutating internals in getter routine
This was not intended.

Closes #10708
2023-03-08 15:38:18 +01:00
Daniel Stenberg
0a0c9b6dfa
urlapi: '%' is illegal in host names
Update test 1560 to verify

Ref: #10708
Closes #10711
2023-03-08 15:33:43 +01:00
Daniel Stenberg
0546ed54c2
ftp: make the 'ftpauth' a more normal 'char *'-array
Closes #10703
2023-03-08 15:32:16 +01:00
Evgeny Grin (Karlson2k)
372b95f77f
doc: fix compiler warning in libcurl.m4
Current test for curl_free() may produce warnings with strict compiler
flags or even with default compiler flags with upcoming versions.
These warning could turned into errors by -Werror or similar flags.
Such warnings/errors are avoided by this patch.

Closes #10710
2023-03-08 14:24:08 +01:00
Viktor Szakats
75087c3baa
misc: fix typos
Closes #10706
2023-03-08 08:00:35 +00:00
Stefan Eissing
a26418cf14
ftp: active mode with SSL, add the damn filter
- since 7.87.0 we lost adding the SSL filter for an active
  FTP connection that uses SSL. This leads to hangers and timeouts
  as reported in #10666.

Reported-by: SandakovMM on github
Fixes #10666
Closes #10669
2023-03-07 15:22:22 +01:00
Daniel Stenberg
2a31086f39
docs: extend the URL API descriptions
Closes #10701
2023-03-07 13:36:10 +01:00
Stefan Eissing
7c5637b8b4
url: fix logic in connection reuse to deny reuse on "unclean" connections
- add parameter to `conn_is_alive()` cfilter method that returns
  if there is input data waiting on the connection
- refrain from re-using connnection from the cache that have
  input pending
- adapt http/2 and http/3 alive checks to digest pending input
  to check the connection state
- remove check_cxn method from openssl as that was just doing
  what the socket filter now does.
- add tests for connection reuse with special server configs

Closes #10690
2023-03-07 12:50:31 +01:00
Daniel Stenberg
6466071e8e
x509asn1: use plain %x, not %lx, when the arg is an int
Pointed out by Coverity.

Closes #10689
2023-03-06 23:59:12 +01:00
Stefan Eissing
48cd032623
http2: fix handling of RST and GOAWAY to recognize partial transfers
- a reset transfer (HTTP/2 RST) did not always lead to the proper
  error message on receiving its response, leading to wrong reports
  of a successful transfer
- test_05_02 was able to trigger this condition with increased transfer
  count. The simulated response errors did not carry a 'Content-Length'
  so only proper RST handling could detect the abort
- When doing such transfers in parallel, a connection could enter the
  state where
  a) it had been closed (GOAWAY received)
  b) the RST had not been "seen" for the transfer yet
  or c) the GOAWAY announced an error and the last successful
  stream id was not checked against ongoing transfers

Closes #10693
2023-03-06 23:58:24 +01:00
Stefan Eissing
b0564c1d54
tests: use dynamic ports numbers in pytest suite
- necessary ports are bound at start of test suite and then
  given to server fixtures for use.
- this make parallel use of pytest (in separate directories),
  practically safe for use as OS tend to not reuse such port numbers
  for a while

Closes #10692
2023-03-06 23:44:45 +01:00
Stefan Eissing
257416023d
connect: fix time_connect and time_appconnect timer statistics
- time_connect was not updated when the overall connection failed,
  e.g. when SSL verification was unsuccessful, refs #10670
- rework gather those values to interrogate involved filters,
  also from all eyeballing attempts, to report the maximum of
  those values.
- added 3 test cases in test_06 to check reported values on
  successful, partially failed and totally failed connections.

Reported-by: Master Inspire
Fixes #10670
Closes #10671
2023-03-06 20:16:43 +01:00
Daniel Stenberg
93eefa6ba1
test1905: update output cookie order
After the #10685 update
2023-03-06 15:52:00 +01:00
Daniel Stenberg
076764c5d7
test420: verify expiring cookies
Cookies that are loaded fine from a jar but then are expired in headers.
2023-03-06 15:52:00 +01:00
Daniel Stenberg
45d4bf5af3
cookie: don't load cookies again when flushing
Reported-by: Sergio Mijatovic
Fixes #10677
Closes #10685
2023-03-06 15:51:56 +01:00
Daniel Stenberg
c8fe72a37e
RELEASE-NOTES: synced 2023-03-06 15:48:54 +01:00
andy5995
7c3822fe45
docs: note '--data-urlencode' option
Closes #10687
2023-03-06 15:35:48 +01:00
Daniel Stenberg
e4d5685cb5
DEPRECATE: the original legacy mingw version 1
Remove completely in September 2023

Closes #10667
2023-03-06 11:31:33 +01:00