Multiple reports suggest that GetAddrInfoExW fails when impersonation is
used. This PR checks if thread is impersonating and avoids using
GetAddrInfoExW api.
Reported-by: Keerthi Timmaraju
Assisted-by: edmcln on github
Fixes#13612Closes#13738
- add 2 variations on test_07_42 which PAUSEs uploads
and response connections terminating either right away
or after the 100-continue response
- when detecting the connection being closed in transfer.c
readwrite_data(), clear ALL send bits in data->req.keepon.
It no longer makes send to wait for a KEEP_SEND_PAUSE or HOLD.
- in the protocol client writer add the check for incomplete
response bodies. When an EOS is seen and the length is known,
check that and fail if bytes are missing.
Reported-by: Sergey Bronnikov
Fixes#13740Closes#13750
- send the TLS close notify message when cloding down
the mbedtls connection filter
- this is a "least" effort version and, as other TLS filters,
is lacking a graceful send/receive/timeout for a really
clean shutdown.
Closes#13745
Macro and static function names were colliding between
`lib/md4.c` and
`lib/md5.c`.
Fix it by namespacing these symbols.
Seen with a basic macOS build using these options:
`-DCMAKE_UNITY_BUILD=ON -DCURL_USE_SECTRANSP=ON`
Closes#13737
- refs #13556
- allow anon uploads on vsftpd test server
- add test_30_05 for plain upload of 1k, 100k, 1m
- add test_31_05 for SSL upload of 1k, 100k, 1m
- verify file size and contents
Closes#13734
with more than one transfer-encoding, 'chunked' must be the last added
to the writer stack (and therefore the first to decode). RFC 9112, ch.
6.1.
Closes#13736
- Only set PE file flag VS_FF_DEBUG if curl.exe and libcurl.dll were
built with winbuild option DEBUG=yes which builds with debug info.
VS_FF_DEBUG is a PE flag (Portable Executable file flag - dll, exe, etc)
that indicates the file contains or was built with debug info.
Prior to this change when winbuild was used to build curl, curl.exe
and libcurl.dll always had VS_FF_DEBUG set, regardless of build option
DEBUG=yes/no, due to some bad logic.
Closes https://github.com/curl/curl/pull/13739
It had no use in the curl codebase and was also protected by the macro
`AGGRESSIVE_TEST` (renamed in 2020), also with no local reference.
Added in ca6e770837 (2002-11-11)
Closes#13729
reject a response that applies a transfer-encoding after a 'chunked'
encoding. RFC 9112 ch. 6.1 required chunked to be the final encoding.
Closes#13733
- as reported in #13725, some servers wrongly send body bytes in
responses to a HEAD request. This used to be tolerated in curl
8.4 and before and leads to failed transfers in newer versions.
- restore previous behaviour for HTTP/1.1 and HTTP/2:
* 1.1: do not add 'Transfer-Encoding' writers from HEAD
responses. RFC 9112 says they do not apply.
* 2: when the transfer expects 'no_body', to not report stream
resets as error when all response headers have been received.
Reported-by: Jeroen Ooms
Fixes#13725Closes#13732
- Revert to the legacy TLS 1.2 key logging code for LibreSSL.
- Document SSLKEYLOGFILE for LibreSSL is TLS 1.2 max.
Prior to this change if the user specified a filename in the
SSLKEYLOGFILE environment variable and was using LibreSSL 3.5.0+ then
an empty file would be created and no keys would be logged.
This is effectively a revert of e43474b4 which changed openssl.c to use
SSL_CTX_set_keylog_callback for LibreSSL 3.5.0+. Unfortunately LibreSSL
added that function only as a stub that doesn't actually do anything.
Reported-by: Gonçalo Carvalho
Fixes https://github.com/curl/curl/issues/13672
Closes https://github.com/curl/curl/pull/13682
Add these jobs to GHA:
- NetBSD, cmake-unity, clang, OpenSSL, x86_64, with tests, w/o python,
no parallelism (was flaky sometimes)
- OpenBSD, cmake-unity, clang, LibreSSL, x86_64, with tests,
with python, -j8, TFTP results ignored due to #13623.
- FreeBSD, cmake-unity and autotools, clang, OpenSSL, arm64
(Tests disabled for arm64, because they are slow. It's available for
x86_64 with python, -j12.)
Configuration matches our existing Cirrus CI one.
- OmniOS, autotools, gcc, OpenSSL, x86_64, with tests, -j12.
All build with websockets and examples.
Closes#13583
Do not add linker flags to the global CMake static library tool (aka
"static linker") (e.g. `ar`) flags list. They don't mix well. This was
only done after successfully detecting GSSAPI.
Linker flags seen on Old Linux CI:
```
-- |GSS_LINKER_FLAGS|-Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/lib/x86_64-linux-gnu/heimdal|
-- |CMAKE_STATIC_LINKER_FLAGS| -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/lib/x86_64-linux-gnu/heimdal|
```
Ref: https://github.com/curl/curl/actions/runs/9138988036/job/25130791712#step:6:85
Causing:
```
/usr/bin/ar qc libcurltool.a -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/lib/x86_64-linux-gnu/heimdal
CMakeFiles/curltool.dir/slist_wc.c.o CMakeFiles/curltool.dir/tool_binmode.c.o CMakeFiles/curltool.dir/tool_bname.c.o
[...]
CMakeFiles/curltool.dir/tool_writeout_json.c.o CMakeFiles/curltool.dir/tool_xattr.c.o CMakeFiles/curltool.dir/var.c.o
CMakeFiles/curltool.dir/__/lib/base64.c.o CMakeFiles/curltool.dir/__/lib/dynbuf.c.o
/usr/bin/ar: invalid option -- 'W'
Usage: /usr/bin/ar [emulation options] [-]{dmpqrstx}[abcDfilMNoPsSTuvV] [--plugin <name>] [member-name] [count] archive-file file...
/usr/bin/ar -M [<mri-script]
```
Ref: https://github.com/curl/curl/actions/runs/9138988036/job/25130791712#step:9:125
This problem is invisible at the moment because of another bug (#13698)
that misses building unit tests when not using either the
`ENABLE_DEBUG=ON` or `ENABLE_CURLDEBUG=ON` options (to set
`-DCURLDEBUG`):
```
test 1300 SKIPPED: curl lacks unittest support
```
Ref: https://github.com/curl/curl/actions/runs/9135571781/job/25123104557#step:9:2883
With that fixed, this becomes the next issue.
It's possible this bug also required an older CMake version and/or
a specific OS environment which uses linker flags in GSSAPI that are not
playing well with `ar` options, to reproduce.
Follow-up to 558814e16d (2014-09-25)
Ref: #13698Closes#13697
- re-implement autotools MSYS and Cygwin AppVeyor jobs in GHA.
Now build with SSL and PSL to improve test coverage.
- re-implement MSYS2 mingw-w64 gcc 13 AppVeyor job in GHA.
`CMake, mingw-w64, gcc 13, Debug, x64, Schannel, Static, Unicode`
- add new cmake Cygwin job (build-only).
- enable `-j14` parallelism when running tests.
- delete the 5 migrated jobs from AppVeyor CI.
- add 2 build-only mingw-w64 builds, gcc Release and clang OpenSSL.
- also enable brotli, libssh2, nghttp2 for more test coverage.
These jobs offer better performance, more flexibility and
parallelization compared to the AppVeyor ones they replace. It also
offloads AppVeyor, allowing to iterate faster. They also appear more
reliable than e.g. Azure Windows jobs, where runners are prone to fail
[1].
Closes#13599
[1]:
`Exit code 143 returned from process: file name 'C:\Windows\system32\docker.EXE',
arguments 'exec -i 6b13a669c6dfe7fb9f59414369872fd64d61c7182f880c3d39c135cb4c115c8f
C:\__a\externals\node\bin\node.exe C:\__w\_temp\containerHandlerInvoker.js'.`
Fixes:
- in uds tests, abort also silently on os errors
- be conservative on the h3 goaway duration
- detect curl debug build and use in checks
- fix caddy version check for slight difference under linux
- set caddy default path fitting for linux
- fix deprecation warnings in valid time checks
FTP tests:
- add '--with-test-vsftpd=path' to configure
- use vsftpd default path suitable for linux
- add test_30 with plain FTP tests
- add test_31 with --ssl-reqd FTP tests
- add vsftpd to linux GHA for pytest workflows
Closes#13661
- rustls report it has finished the TLS handshake *before*
all relevant data has been sent off, e.g. it FINISHED message
- On connections the send data immediately, this was never noticed
as the FINISHED in rustls buffers was send with the app data
- On passive FTP connections, curl does not send any data after
the handshake, leaving FINISHED unsent and the server never
responded as it was waiting on this.
Closes#13686
Seen when setting `ENABLE_DEBUG=ON` and `-DDEBUGBUILD` for mingw-w64
gcc 13.2.0 CMake unity builds in 'Release' configurations.
```
curl/lib/curl_gethostname.c:71:5: error: 'strncpy' specified bound 1025 equals destination size [-Werror=stringop-truncation]
71 | strncpy(name, force_hostname, namelen);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from curl/_bld/lib/CMakeFiles/libcurl_object.dir/Unity/unity_0_c.c:175:
In function 'hostcache_timestamp_remove',
inlined from 'Curl_hash_clean_with_criterium' at curl/lib/hash.c:265:19,
inlined from 'Curl_hash_clean_with_criterium' at curl/lib/hash.c:247:1,
inlined from 'hostcache_prune' at curl/lib/hostip.c:228:3,
inlined from 'Curl_hostcache_prune' at curl/lib/hostip.c:256:21:
curl/lib/hostip.c:205:12: error: 'now' may be used uninitialized [-Werror=maybe-uninitialized]
205 | time_t age = prune->now - c->timestamp;
| ^~~
curl/lib/hostip.c: In function 'Curl_hostcache_prune':
curl/lib/hostip.c:241:10: note: 'now' was declared here
241 | time_t now;
| ^~~
In function 'hostcache_timestamp_remove',
inlined from 'fetch_addr' at curl/lib/hostip.c:310:8:
curl/lib/hostip.c:205:23: error: 'user.now' may be used uninitialized [-Werror=maybe-uninitialized]
205 | time_t age = prune->now - c->timestamp;
| ~~~~~^~~~~
curl/lib/hostip.c: In function 'fetch_addr':
curl/lib/hostip.c:304:33: note: 'user' declared here
304 | struct hostcache_prune_data user;
| ^~~~
In file included from curl/_bld/lib/CMakeFiles/libcurl_object.dir/Unity/unity_0_c.c:40:
curl/lib/cf-socket.c: In function 'cf_socket_send':
curl/lib/cf-socket.c:1294:10: error: 'c' may be used uninitialized [-Werror=maybe-uninitialized]
1294 | if(c >= ((100-ctx->wblock_percent)*256/100)) {
| ~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
curl/lib/cf-socket.c:1292:19: note: 'c' was declared here
1292 | unsigned char c;
| ^
In file included from curl/_bld/lib/CMakeFiles/libcurl_object.dir/Unity/unity_0_c.c:364:
In function 'tftp_state_timeout',
inlined from 'tftp_multi_statemach' at curl/lib/tftp.c:1230:27:
curl/lib/tftp.c:1208:5: error: 'current' may be used uninitialized [-Werror=maybe-uninitialized]
1208 | if(current > state->rx_time + state->retry_time) {
| ^
curl/lib/tftp.c: In function 'tftp_multi_statemach':
curl/lib/tftp.c:1192:10: note: 'current' was declared here
1192 | time_t current;
| ^~~~~~~
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/49792835/job/91c8dj5qb36spfe0#L112
Ref: https://github.com/curl/curl/actions/runs/9082968838/job/24960616145#step:12:62
Ref: #13592Closes#13643
When TLS bytes could not completely sent off, the amount of plain bytes
already added to rustls were forgotten. This lead to send those byte
duplicate, corrupting the request send to the server.
Closes#13676
Before this patch `BUILD_TESTING` was used once, then initialized, then
used again. This caused the `curlu` library not being built when relying
on an implicit `BUILD_TESTING=ON` setting, and ending up with a link
error when building the `testdeps` target.
It did not cause issues when `BUILD_TESTING` was explicitly set.
Move the initialization before the first use to fix it.
Regression from aace27b096#12287Closes#13668
Verifies that the issue in #13669 actually is fixed. This return code is
what the CURLOPT_WRITEFUNCTION manpage documents should be returned.
This code is mostly from the
Source-written-by: Trumeet on github
Closes#13671
