Commit Graph

32261 Commits

Author SHA1 Message Date
Max Dymond
73a3602120 Add some basic versioning for some workflows to check whether this is detected properly 2024-05-13 22:34:46 +01:00
renovate[bot]
bdfe3dcd6c Add renovate.json 2024-05-13 22:34:46 +01:00
Daniel Stenberg
742196bd62
vauth: make two functions void that always just returned OK
Removes the need to check return values when they can never fail.

Pointed out by CodeSonar

Closes #13621
2024-05-13 22:38:25 +02:00
Daniel Stenberg
a11774776f
setopt: remove check for 'option' that is always true
- make sure that passing in option set to NULL clears the fields
  correctly

- remove the weird second take if Curl_parse_login_details() returns
  error

Follow-up to 7333faf00b

Spotted by CodeSonar

Closes #13619
2024-05-13 19:41:29 +02:00
Viktor Szakats
0c49ea4ff2
tests: tidy up types in server code
Cherry-picked from #13489
Closes #13610
2024-05-13 11:16:26 +02:00
Daniel Stenberg
7333faf00b
setopt: make the setstropt_userpwd args compulsory
They were always used so no point in allowing them to be optional.

follow-up to 0e37b42dc9

Closes #13608
Reviewed-by: Daniel Gustafsson
2024-05-13 10:24:01 +02:00
Daniel Stenberg
9f2dd222e3
RELEASE-NOTES: synced 2024-05-13 09:48:25 +02:00
Daniel Gustafsson
266baf2d34 websocket: Avoid memory leak in error path
In the errorpath for randstr being too long to copy into the buffer
we leak the randstr when returning CURLE_FAILED_INIT.  Fix by using
an explicit free on randstr in the errorpath.

Closes: #13602
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2024-05-13 09:11:23 +02:00
Daniel Gustafsson
4d96873a4d hsts: Remove single-use single-line function
The hsts_entry() function contains of a single line and is only
used in a single place in the code, so move the allocation into
hsts_create instead to improve code readability. C code usually
don't use the factory abstraction for object creation, and this
small example wasn't following our usual code style.

Closes: #13604
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2024-05-13 09:07:30 +02:00
Viktor Szakats
a35bbe8977
lib: bump hash sizes to size_t
Follow-up to cc907e80a2 #13502
Cherry-picked from #13489
Closes #13601
2024-05-12 18:53:09 +02:00
Viktor Szakats
25cbc2f79a
tests: make the unit test result type CURLcode
Before this patch, the result code was a mixture of `int` and
`CURLcode`.

Also adjust casts and fix a couple of minor issues found along the way.

Cherry-picked from #13489
Closes #13600
2024-05-12 18:53:07 +02:00
Viktor Szakats
dad03dc593
appveyor: tidy-ups
- delete a duplicate line.
- simplify a `make` call.
- merge two `if` branches.
- reorder autotools options for clarity.
- add `--enable-warnings` where missing (it's also the default.)
- add empty lines to YAML for readability.
- use lowercase install prefix/directory.

Closes #13598
2024-05-12 18:53:04 +02:00
Daniel Stenberg
7d8d25174c
docs/cmdline-opts: mention STARTTLS for --ssl and --ssl-reqd
... since users might look for those terms in the manpage.

Closes #13590
2024-05-12 17:39:20 +02:00
Daniel Stenberg
efe93019a7
setopt: warn on Curl_set*opt() uses not using the return value
And switch the invokes that would "set" NULL to instead just plainly
free the pointer, as those were otherwise the invokes that would ignore
the return code. And possibly confuse static code analyzers.

Closes #13591
2024-05-12 17:27:51 +02:00
Orgad Shaneh
c8925f3ec3
autotools: delete unused functions
Closes #13605
2024-05-12 17:26:29 +02:00
Viktor Szakats
5b9955e0bd
examples: fix/silence -Wsign-conversion
- extend `FD_SET()` hack to all platforms (was only Cygwin).
  Warnings may also happen in other envs, e.g. OmniOS.
  Ref: https://github.com/libssh2/libssh2/actions/runs/8854199687/job/24316762831#step:3:2021

- tidy-up `CURLcode` vs `int` use.

- cast an unsigned to `long` before passing to `curl_easy_setopt()`.

Cherry-picked from #13489
Follow-up to 3829759bd0 #12489
Closes #13501
2024-05-11 11:11:32 +02:00
Orgad Shaneh
7ca0a3791b
cmake: fix HAVE_IOCTLSOCKET_FIONBIO test with gcc 14
The function signature has had u_long flags since ever. This is how it
is defined in the documentation, and implemented in MinGW.

The code that uses ioctlsocket in nonblock.c also has unsigned long.

Error:
CurlTests.c:275:41: error: passing argument 3 of 'ioctlsocket' from incompatible pointer type [-Wincompatible-pointer-types]
  275 |         if(0 != ioctlsocket(0, FIONBIO, &flags))
      |                                         ^~~~~~
      |                                         |
      |                                         int *
In file included from CurlTests.c:266:
/opt/mxe/usr/i686-w64-mingw32.static/include/winsock2.h:1007:76: note: expected 'u_long *' {aka 'long unsigned int *'} but argument is of type 'int *'
 1007 |   WINSOCK_API_LINKAGE int WSAAPI ioctlsocket(SOCKET s,__LONG32 cmd,u_long *argp);
      |                                                                    ~~~~~~~~^~~~

Closes #13578
2024-05-11 10:56:37 +02:00
Jay Satiro
3a564fecab ftp: fix build for CURL_DISABLE_VERBOSE_STRINGS
This is a follow-up to b7c7dffe which changed the FTP state change
verbose debug text (aka infof) to tracing debug text (aka trc).

Prior to this change if libcurl was without DEBUGBUILD and built with
CURL_DISABLE_VERBOSE_STRINGS (ie --disable-verbose) the build would
error.

Caught by Circle CI job openssl-no-verbose.
2024-05-10 19:14:29 -04:00
Jay Satiro
798a37b25e lib: clear the easy handle's saved errno before transfer
- Clear data->state.os_errno before transfer.

- Explain the change in behavior in the CURLINFO_OS_ERRNO doc.

- Add to the CURLINFO_OS_ERRNO doc the list of libcurl network-related
  errors that may cause the errno to be saved.

data->state.os_errno is saved before libcurl returns a network-related
failure such as connection failure. It is accessible to the user via
CURLINFO_OS_ERRNO so they can get more information about the failure.

Prior to this change it wasn't cleared before transfer, so if a user
retrieved the saved errno it could be from a previous transfer. That is
because an errno is not always saved for network-related errors.

Closes https://github.com/curl/curl/pull/13574
2024-05-10 18:26:32 -04:00
Stefan Eissing
b7c7dffe35
ftp: add tracing support
- add `Curl_trc_feat_ftp` for tracing via trace config
- add macro CURL_TRC_FTP(data, fmt, ...)
- replace DEBUGF(infof()) statements in ftp.c by CURL_TRC_FTP()
- always trace FTP connection state

Closes #13580
2024-05-10 23:39:48 +02:00
Daniel Stenberg
7b5bacdd0a
http: remove redundant check
Spotted by CodeSonar

Closes #13582
2024-05-10 23:37:09 +02:00
Viktor Szakats
e0866dd054
ldap: fix unused variables (seen on OmniOS)
```
../../lib/ldap.c: In function 'ldap_do':
  ../../lib/ldap.c:380:11: error: unused variable 'ldap_ca' [-Werror=unused-variable]
    380 |     char *ldap_ca = conn->ssl_config.CAfile;
        |           ^~~~~~~
  ../../lib/ldap.c:379:9: error: unused variable 'ldap_option' [-Werror=unused-variable]
    379 |     int ldap_option;
        |         ^~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/9033564377/job/24824192730#step:3:6059

Ref: #13583
Closes #13588
2024-05-10 23:11:55 +02:00
Daniel Stenberg
0e37b42dc9
url: make parse_login_details use memdup0
Also make the user and password arguments mandatory, since all code
paths in libcurl used them anyway.

Adapted unit test case 1620 to the new rules.

Closes #13584
2024-05-10 22:53:12 +02:00
Orgad Shaneh
fa9a564942
digest: replace strcpy for empty string with simple assignment
Closes #13586
2024-05-10 22:52:36 +02:00
Viktor Szakats
b65f0e04b9
autotools: fix HAVE_IOCTLSOCKET_FIONBIO test for gcc 14
```
conftest.c:152:41: error: passing argument 3 of 'ioctlsocket' from incompatible pointer type [-Wincompatible-pointer-types]
  152 |         if(0 != ioctlsocket(0, FIONBIO, &flags))
      |                                         ^~~~~~
      |                                         |
      |                                         int *
```

Reported-by: LigH
Fixes #13579
Closes #13587
2024-05-10 18:59:22 +02:00
Viktor Szakats
2725488bea
CI: ignore test 286 on Appveyor gcc 7 build
Disabled earlier for gcc 9 builds. gcc 7 uses the same runner and
prone to similar intermittent failures.

Follow-up to f1e05a6e6e #12106 #12040
Closes #13575
2024-05-10 16:49:09 +02:00
Daniel Stenberg
4d38cea94f
cf-socket: don't try getting local IP without socket
In cf_tcp_connect(), it might fail and not get a socket assigned to
ctx->sock but set_local_ip() is still called which would make
getsockname() get invoked with a negative file desriptor and fail.

By adding this check, set_local_ip() will now instead blank out the
fields correctly.

Spotted by CodeSonar

Closes #13577
2024-05-10 15:54:50 +02:00
Daniel Stenberg
cabbb9b2a5
tool_getparam: remove two redundant conditions
When getstr() does not return error, it returns a valid pointer.

Spotted by CodeSonar

Closes #13576
2024-05-10 15:54:01 +02:00
Stefan Eissing
2036bebb07
quiche: trust its timeout handling
- set the idle timeout transport parameter
  in milliseconds as documented by quiche
- do not calculate the idle timeout, rely on
  quiche handling it

Closes #13581
2024-05-10 15:53:11 +02:00
Daniel Stenberg
bc5261a1b4
dmaketgz: accept a SOURCE_DATE_EPOCH as an second argument
to make it easier to reproduce a tarball

Closes #13573
2024-05-10 10:57:41 +02:00
Daniel Stenberg
6e6be487d6
RELEASE-NOTES: synced 2024-05-10 09:33:26 +02:00
Stefan Eissing
bc6e3e6049
h3/ngtcp2: improve error handling
- identify ngtcp2 and nghttp3 error codes that are fatal
- close quic connection on fatal errors
- refuse further filter operations once connection is closed
- confusion about the nghttp3 API. We should close the QUIC stream on
  cancel and not use the nghttp3 calls intended to be invoked when the
  QUIC stream was closed by the peer.

Closes #13562
2024-05-10 09:29:19 +02:00
Jay Satiro
edc5b3502c docs: fix some CURLINFO examples
- improve getinfo result check for example sections:
  CURLINFO_ACTIVESOCKET, CURLINFO_LASTSOCKET, CURLINFO_SSL_VERIFYRESULT,
  CURLINFO_PROXY_SSL_VERIFYRESULT

- fix getinfo result check for example sections:
  CURLINFO_NUM_CONNECTS, CURLINFO_OS_ERRNO

- fix verify result check for example sections:
  CURLINFO_PROXY_SSL_VERIFYRESULT

Bug: https://github.com/curl/curl/discussions/13557#discussion-6625507
Reported-by: farazrbx@users.noreply.github.com

Closes https://github.com/curl/curl/pull/13559
2024-05-10 01:12:36 -04:00
Daniel Stenberg
3b4b6bd1df
KNOWN_BUGS: gssapi library name + version is missing in curl_version_info()
Closes #13492
Closes #13570
2024-05-09 12:04:19 +02:00
Daniel Stenberg
0f4c439fc7
krb5: use dynbuf
Closes #13568
2024-05-09 10:59:13 +02:00
Daniel Stenberg
a95fd86404
managen: fix the option sort order
... it used to strip off the .d file extension to sort correctly but
ever since the extension changed to .md the operation failed and the
sort got wrong.

Follow-up to 2494b8dd51

Closes #13567
2024-05-09 10:39:43 +02:00
Stefan Eissing
e1cf21b5c2
GHA: repair the linux-old job
package libc6_2.28-10+deb10u2_amd64.deb changed to
libc6_2.28-10+deb10u3_amd64.deb

Closes #13564
2024-05-08 23:40:33 +02:00
Viktor Szakats
217878bade
appveyor: make gcc 6 mingw64 job build-only
This job has proven to be the flakiest of all, and it's also the oldest
Windows runner we had tests running on: 'Visual Studio 2015', that is
running on Windows Server 2012 R2:
  https://www.appveyor.com/docs/windows-images-software/

Turn off tests on this job to help stabilizing CI runs.

This was also one of the slowest running job amongst the AppVeyor CI ones.

Flakiness data:
  https://testclutch.curl.se/static/reports/summary.html
Entries:
  Appveyor / CMake, mingw-w64, gcc 6, Debug, x86, Schannel, Static, no-unity (curl) [current]
  Appveyor / CMake, mingw-w64, gcc 6, Debug, x86, Schannel, Static (curl) [former]

Closes #13566
2024-05-08 23:39:45 +02:00
Stefan Eissing
3ecba2decd
unit2604: use alloc instead of overlong string const
Closes #13563
2024-05-08 23:30:43 +02:00
Daniel Gustafsson
60580f9f21 bufq: remove duplicate word in comment
Inspired by 13552.

Closes: #13554
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2024-05-08 19:12:03 +02:00
Viktor Szakats
bbeeccdea8
lib/cf-h1-proxy: silence compiler warnings (gcc 14)
They came up ealier with gcc 12 (Windows), but apparently gcc 14 is
still reporting them, also under Linux.

```
/home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c: In function 'cf_h1_proxy_close':
/home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:1060:17: warning: null pointer dereference [-Wnull-dereference]
 1060 |   cf->connected = FALSE;
/home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:1061:8: warning: null pointer dereference [-Wnull-dereference]
 1061 |   if(cf->ctx) {
      |      ~~^~~~~
In function 'tunnel_free',
    inlined from 'cf_h1_proxy_destroy' at /home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:1053:3:
/home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:198:27: warning: null pointer dereference [-Wnull-dereference]
  198 |   struct h1_tunnel_state *ts = cf->ctx;
      |                           ^~
```
Ref: https://github.com/curl/curl-for-win/actions/runs/8985369476/job/24679219528#step:3:6320

Fixes #13237
Closes #13555
2024-05-08 12:37:33 +02:00
MAntoniak
1ea7dce08d
mbedtls: support TLS 1.3
Closes #13539
2024-05-08 11:11:45 +02:00
Daniel Stenberg
7c8970e95f
version: use msnprintf instead of strncpy
- to ensure a terminating null byte
- to avoid zero-padding the target

debug code only

Closes #13549
2024-05-08 10:40:58 +02:00
Daniel Stenberg
cd3463d99e
curl_path: make Curl_get_pathname use dynbuf
... instead of malloc and memcpy

- unit test 2604 verifies Curl_get_pathname()

Closes #13550
2024-05-08 10:10:12 +02:00
Daniel Stenberg
c294f9cb56
lib: make protocol handlers store scheme name lowercase
- saves a lowercase operation when the "[scheme]_proxy" name is
  generated
- appears less "shouting"
- update test 970, 972, 1438 and 1536

Closes #13553
2024-05-08 09:39:30 +02:00
Daniel Stenberg
848c104639
lib: remove two instances of "only only" messages
Fixes #13551
Reported-by: Lucas Nussbaum
Closes #13552
2024-05-08 00:03:38 +02:00
Pavel P
428579f5d1 asyn-thread: fix curl_global_cleanup crash in Windows
- Make sure that asynchronous resolves handled by Winsock are stopped
  before WSACleanup is called.

This is implemented by ensuring that when Curl_resolver_kill is called
(eg via multi_done) it will cancel the Winsock asynchronous resolve and
wait for the cancellation to complete. Winsock runs the asynchronous
completion routine immediately when a resolve is canceled.

Prior to this change it was possible that during curl_global_cleanup
"a DNS resolver thread created by GetAddrInfoExW did not terminate yet,
however curl is already shutting down, deinitializing Winsock with
WSACleanup() leading to an access violation."

Background:

If libcurl is built with the asynchronous threaded resolver option for
Windows then it resolves in one of two ways. For Windows 8.1 and later,
libcurl resolves by using the Winsock asynchronous resolver which does
its own thread management. For older versions of Windows, libcurl
resolves by creating a separate thread that calls getaddrinfo. This
change only affects the former and it's already handled for the latter.

Reported-by: Ch40zz@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/13509
Closes https://github.com/curl/curl/pull/13518
2024-05-07 14:54:11 -04:00
Jay Satiro
62ae1f10e5 asyn-thread: fix Curl_thread_create result check
- Compare to curl_thread_t_null instead of 0 for error.

Currently for both supported thread libraries (pthreads and Windows)
curl_thread_t_null is defined as 0. However, the pattern throughout the
code is to check against curl_thread_t_null and not 0 since for
posterity some thread library may not use 0 for error.

Closes https://github.com/curl/curl/pull/13542
2024-05-07 02:28:58 -04:00
Jay Satiro
22cde3baa8 curl_multibyte: remove access() function wrapper for Windows
- Remove curlx_win32_access() which was a wrapper to use access() in
  Windows.

This is a follow-up to 602fc213, one of two commits which removed
access() calls from the codebase and banned use of the function.

Closes https://github.com/curl/curl/pull/13529
2024-05-07 02:28:10 -04:00
Daniel Gustafsson
46d7214ca9 tls: Remove EXAMPLEs from deprecated options
CURLOPT_EGDSOCKET and CURLOPT_RANDOM_FILE are both completely dead
so remove their example sections since the code there is useless.
There is still a way to inject a random file for OpenSSL older than
1.1.0 but it's not what the example showed (and it's not even done
with this option) so we refrain from documenting it here.

Closes: #13540
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2024-05-06 20:55:27 +02:00