Commit Graph

29994 Commits

Author SHA1 Message Date
Gregory Panakkal
01772a3c39
WEBSOCKET.md: typo
Fixing missing slash for ws protocol scheme

Closes #10464
2023-02-10 10:28:40 +01:00
Stefan Eissing
c96f982166
vquic: stabilization and improvements
vquic stabilization
- udp send code shared between ngtcp2 and quiche
- quiche handling of data and events improved

ngtcp2 and pytest improvements
- fixes handling of "drain" situations, discovered in scorecard
  tests with the Caddy server.
- improvements in handling transfers that have already  data or
  are already closed to make an early return on recv

pytest
- adding caddy tests when available

scorecard improvemnts.
- using correct caddy port
- allowing tests for only httpd or caddy

Closes #10451
2023-02-10 10:26:40 +01:00
Philip H
bd12f27258
Linux CI: update some dependecies to latest tag
Closes #10458
2023-02-10 08:35:58 +01:00
Daniel Stenberg
5a9a04d556
test2305: send 3 frames, 4097 bytes each, as one message
Receive them using a 256 bytes buffer in a loop.
2023-02-10 08:28:59 +01:00
Daniel Stenberg
2e2e3d16c5
ws: fix recv of larger frames
+ remove 'oleft' from the struct
 + deal with "overflow data" in a separate dynbuf

Reported-by: Mike Duglas
Fixes #10438
Closes #10447
2023-02-10 08:28:58 +01:00
Daniel Stenberg
2aed8e179f
curl/websockets.h: extend the websocket frame struct 2023-02-10 08:28:58 +01:00
Daniel Stenberg
8360d58ac7
sws: fix typo, indentation add more ws logging 2023-02-10 08:28:58 +01:00
Daniel Stenberg
f2fa4112ad
test2304: remove stdout verification
This cripples the test somewhat but the check was bad since depending on
timing it could exit before the output was done, making the test flaky.
2023-02-10 08:28:25 +01:00
Dan Fandrich
c4095faebf CI: Add more labeler match patterns 2023-02-09 15:21:07 -08:00
Dan Fandrich
bfb9838380 CI: Retry failed downloads to reduce spurious failures
A temporary error with a remote server shouldn't cause a CI run to fail.
Also, put a cap on the time to download to fail faster on a misbehaving
server or connection and use HTTP compression where possible to reduce
download times.
2023-02-09 15:18:04 -08:00
Daniel Stenberg
33866a31c3
no-clobber.d: only use long form options in man page text
... since they are expanded and the short-form gets mentioned
automatically so if the short form is mentioned as well, it gets
repeated.

Fixes #10461
Closes #10462
Reported-by: Dan Fandrich
2023-02-09 23:38:44 +01:00
Daniel Stenberg
528583cf77
GHA: enable websockets in the torture job
Closes #10448
2023-02-09 18:54:17 +01:00
Daniel Stenberg
458b85be27
header.d: add a header file example
Closes #10455
2023-02-09 15:45:19 +01:00
Stefan Eissing
3de3ea6a64
HTTP/[23]: continue upload when state.drain is set
- as reported in #10433, HTTP/2 uploads may stall when a response is
  received before the upload is done. This happens when the
  data->state.drain is set for such a transfer, as the special handling
  in transfer.c from then on only cared about downloads.
- add continuation of uploads, if applicable, in this case.
- add pytest case test_07_12_upload_seq_large to reproduce this scenario
  (although, current nghttp2 implementation is using drain less often)

Reported-by: Lucas Pardue

Fixes #10433
Closes #10443
2023-02-09 09:13:30 +01:00
Stefan Eissing
8c762f5998
http2: minor buffer and error path fixes
- use memory buffer in full available size
- fail receive of reset/errored streams early

pytest:
- make test_05 error cases more reliable

Closes #10444
2023-02-09 08:38:01 +01:00
Federico Pellegrin
cace68e299
openldap: fix missing sasl symbols at build in specific configs
If curl is built with openldap support (USE_OPENLDAP=1) but does not
have also some other protocol (IMAP/SMTP/POP3) enabled that brings
in Curl_sasl_* functions, then the build will fail with undefined
references to various symbols:

ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_decode_mech'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_parse_url_auth_option'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_cleanup'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_can_authenticate'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_continue'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_start'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_init'

This was tracked down to these functions bein used in openldap.c but
defined in curl_sasl.c and then forward in two vauth/ files to have
a guard against a set of #define configurations that was now extended
to cover also this case.

Example configuration targeted that could reproduce the problem:

curl 7.87.1-DEV () libcurl/7.87.1-DEV .... OpenLDAP/2.6.3
Protocols: file ftp ftps http https ldap ldaps

Closes #10445
2023-02-09 08:17:20 +01:00
Daniel Stenberg
da8e97b5d0
ws: use %Ou for outputting curl_off_t with info()
Reported-by: Mike Duglas
Fixes #10439
Closes #10441
2023-02-09 08:15:24 +01:00
Jay Satiro
b4b6e4f1fa curl_setup: Disable by default recv-before-send in Windows
Prior to this change a workaround for Windows to recv before every send
was enabled by default. The way it works is a recv is called before
every send and saves the received data, in case send fails because in
Windows apparently that can wipe out the socket's internal received
data buffer.

This feature has led to several bugs because the way libcurl operates
it waits on a socket to read or to write, and may not at all times
check for buffered receive data.

Two recent significant bugs this workaround caused:
- Broken Schannel TLS 1.3 connections (#9431)
- HTTP/2 arbitrary hangs (#10253)

The actual code remains though it is disabled by default. Though future
changes to connection filter buffering could improve the situation IMO
it's just not tenable to manage this workaround.

Ref: https://github.com/curl/curl/issues/657
Ref: https://github.com/curl/curl/pull/668
Ref: https://github.com/curl/curl/pull/720

Ref: https://github.com/curl/curl/issues/9431
Ref: https://github.com/curl/curl/issues/10253

Closes https://github.com/curl/curl/pull/10409
2023-02-09 01:30:10 -05:00
Stefan Eissing
ead2b2d4f6
http2: aggregate small SETTINGS/PRIO/WIN_UPDATE frames
add a small buffer to nghttp2 session sending in order to aggregate
small SETTINGS/PRIO/WIN_UPDATE frames that nghttp2 "writes" to the
callback individually.

Ref: #10389
Closes #10432
2023-02-08 10:41:15 +01:00
Stefan Eissing
e8b00fcd6a
openssl: store the CA after first send (ClientHello)
move Curl_ssl_setup_x509_store() call after the first send (ClientHello)
this gives time to parse CA anchors while waiting on the server reply

Ref: #10389
Closes #10432
2023-02-08 10:41:11 +01:00
Daniel Stenberg
341280e161
RELEASE-NOTES: synced 2023-02-08 09:31:29 +01:00
Anthony Hu
12e9186fc4
wolfssl: remove deprecated post-quantum algorithms
Closes #10440
2023-02-08 08:31:45 +01:00
John Bampton
0065b146eb
misc: fix spelling
Closes #10437
2023-02-08 08:30:05 +01:00
Daniel Stenberg
1695fcf57d
man pages: call the custom user pointer 'clientp' consistently
The variable had a few different names. Now try to use 'clientp'
consistently for all man pages using a custom pointer set by the
application.

Reported-by: Gerrit Renker

Fixes #10434
Closes #10435
2023-02-07 22:33:47 +01:00
Daniel Stenberg
1c91ba3939
vtls: infof using %.*s needs to provide the length as int
Fixes a Coverity warning.

Closes #10436
2023-02-07 16:33:04 +01:00
Stefan Eissing
7dad86a03f
vrls: addressing issues reported by coverity
I believe the code was secure before this, but limiting the accepted
name length to what is used in the structures should help Coverity's
analysis.

Closes #10431
2023-02-07 14:05:21 +01:00
Daniel Stenberg
95fe2bba74
tool_operate: move the 'updated' variable
This was already done by Dan Fandrich in the previous PR but somehow I
lost that fixup.

Follow-up to 349c5391f2
2023-02-07 12:16:13 +01:00
Dan Fandrich
df3722a46c
tool_operate: Fix error codes during DOS filename sanitize
It would return CURLE_URL_MALFORMAT in an OOM condition.

Closes #10414
2023-02-07 08:20:19 +01:00
Dan Fandrich
349c5391f2
tool_operate: Fix error codes on bad URL & OOM
curl would erroneously report CURLE_OUT_OF_MEMORY in some cases instead
of CURLE_URL_MALFORMAT. In other cases, it would erroneously return
CURLE_URL_MALFORMAT instead of CURLE_OUT_OF_MEMORY.  Add a test case to
test the former condition.

Fixes #10130
Closes #10414
2023-02-07 08:20:04 +01:00
Daniel Stenberg
a0adda4b47
setopt: use >, not >=, when checking if uarg is larger than uint-max
Closes #10421
2023-02-06 23:42:27 +01:00
Daniel Stenberg
82123417ff
vtls: fix failf() format argument type for %.*s handling
Reported by Coverity

Closes #10422
2023-02-06 23:41:21 +01:00
Daniel Stenberg
b0b33fe71d
openssl: fix "Improper use of negative value"
By getting the socket first and returning error in case of bad socket.

Detected by Coverity.

Closes #10423
2023-02-06 23:40:20 +01:00
Dan Fandrich
30607e77dc packages: Remove Android.mk from makefile
This was missed in commit #44141512

Ref: #10418
2023-02-06 14:02:06 -08:00
Daniel Stenberg
ff7c390b29
curl_ws_send.3: clarify how to send multi-frame messages 2023-02-06 17:27:51 +01:00
Mike Duglas
ad55b23634
ws: fix multiframe send handling
Fixes #10413
Closes #10420
2023-02-06 17:27:46 +01:00
Daniel Stenberg
51e9cff268
unit2600: make sure numerical curl_easy_setopt sets long
Follow-up to 671158242d

Reported-by: Marcel Raad
Fixes #10410
Closes #10419
2023-02-06 17:26:18 +01:00
andy5995
4f051d0e54
GHA: move Slackware test into matrix
Closes #10412
2023-02-06 09:57:53 +01:00
Pronyushkin Petr
2b46ce0313
urlapi: fix part of conditional expression is always true: qlen
Closes #10408
2023-02-06 08:53:07 +01:00
Pronyushkin Petr
690c43b3ee
url: fix part of conditional expression is always true
Closes #10407
2023-02-06 08:51:31 +01:00
Daniel Stenberg
6740cf9ea0
RELEASE-NOTES: synced 2023-02-06 08:35:03 +01:00
Philip H
b87664445c
GHA/macos.yml: bump to gcc-12
Closes #10415
2023-02-06 08:20:03 +01:00
Daniel Stenberg
44141512ed
packages: remove Android, update README
- Nobody builds curl for Android using this anymore
- Refreshed the README and converted to markdown

Reported-by: John Porter
Fixes #10416
Closes #10418
2023-02-06 08:18:21 +01:00
Kvarec Lezki
74040ddecb fopen: remove unnecessary assignment
[CWE-1164] V1048: The '* tempname' variable was assigned the same value.

Ref: https://pvs-studio.com/en/docs/warnings/v1048/

Closes https://github.com/curl/curl/pull/10398
2023-02-05 03:15:08 -05:00
Gisle Vanem
62097a7ea4 libtest: add a sleep macro for Windows
.. because sleep() is used in some libtests.

Closes https://github.com/curl/curl/pull/10295
2023-02-05 03:15:07 -05:00
Kvarec Lezki
97f7f668d6
http_aws_sigv4: remove typecasts from HMAC_SHA256 macro
V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize.

https://pvs-studio.com/en/docs/warnings/v220/

Closes #10400
2023-02-03 10:07:28 +01:00
Daniel Stenberg
2537808d9e
mailmap: Thomas1664 on github 2023-02-03 10:04:34 +01:00
Thomas1664
c29ccb35ff
CURLOPT_WRITEFUNCTION.3: fix memory leak in example
Closes #10390
2023-02-03 10:02:47 +01:00
Kvarec Lezki
80c98ef6d2
doh: ifdef IPv6 code
For disabled IPv6 a condition (conn->ip_version != CURL_IPRESOLVE_V4) is
always false. https://pvs-studio.com/en/docs/warnings/v560/

Closes #10397
2023-02-03 08:23:27 +01:00
Daniel Stenberg
37554d7c07
urlapi: remove pathlen assignment
"Value stored to 'pathlen' is never read"

Follow-up to 804d5293f8

Reported-by: Kvarec Lezki

Closes #10405
2023-02-03 08:20:21 +01:00
Kvarec Lezki
e1f78ce25b
http: fix "part of conditional expression is always false"
[CWE-570] V560: A part of conditional expression is always false: conn->bits.authneg.
[CWE-570] V560: A part of conditional expression is always false: conn->handler->protocol & (0 | 0).

https://pvs-studio.com/en/docs/warnings/v560/

Closes #10399
2023-02-03 08:17:18 +01:00