Using the system's provided arpa/tftp.h and optimizing, GCC 12 detects
and reports a stringop-overread warning:
tftpd.c: In function ‘write_behind.isra’:
tftpd.c:485:12: warning: ‘write’ reading between 1 and 2147483647 bytes from a region of size 0 [-Wstringop-overread]
485 | return write(test->ofile, writebuf, count);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from tftpd.c:71:
/usr/include/arpa/tftp.h:58:30: note: source object ‘tu_data’ of size 0
58 | char tu_data[0]; /* data or error string */
| ^~~~~~~
This occurs because writebuf points to this field and the latter
cannot be considered as being of dynamic length because it is not
the last field in the structure. Thus it is bound to its declared
size.
This commit always uses curl's own version of tftp.h where the
target field is last in its structure, effectively avoiding the
warning.
As HAVE_ARPA_TFTP_H is not used anymore, cmake/configure checks for
arpa/tftp.h are removed.
Closes#11897
If uname -r returns something odd, perl could return an error code and
the test would be erroneously skipped. The qx// syntax avoid this.
Followup to 08f9b2148
These kernels only send a fraction of the requested amount of the first
large block, invalidating the assumptions of the test and causing it to
fail.
Assisted-by: Christian Weisgerber
Ref: https://curl.se/mail/lib-2023-09/0021.htmlCloses#11888
CI builds will now run these tests, but will ignore the results if they
fail. The relevant tests are ones that are sensitive to timing or
have edge conditions that make them more likely to fail on CI servers,
which are often heavily overloaded and slow.
This change only adds two additional tests to be ignored, since the
others already had the flaky keyword.
Closes#11865
Generate alphanumerical random strings.
Prior this change curl used to create random hex strings. This was
mostly okay, but having alphanumerical random strings is better: The
strings have more entropy in the same space.
The MIME multipart boundary used to be mere 64-bits of randomness due
to being 16 hex chars. With these changes the boundary is 22
alphanumerical chars, or little over 130 bits of randomness.
Closes#11838
This was originally added to handle platforms that supported only 1
second granularity in connect timeouts, but after some recent changes
the test currently permafails on several Windows platforms.
The need for this special-case was removed in commit 8627416, which
increased the connect timeout in all cases to well above 1 second.
Fixes#11767Closes#11849
This timeout is used to wait for the server to finish writing its logs
before checking them against the expected values. An overloaded machine
could take more than the two seconds previously allocated, so increase
the timeout to 5 seconds.
Ref: #11328Closes#11834
These tests had a 5 second timeout compared to 60 seconds for all other
tests. Make these consistent with the others for more reliability on
heavily-loaded machines.
Ref: #11328
This test relies on the IPv6 scope field being ignored when connecting to
ipv6-localhost (i.e. [::1%259999] is treated as [::1]). Maybe this is a bit
dodgy, but it works on all our test platforms except Windows. This
test was disabled manually on all Windows CI builds already, so instead
add an incompatible feature and precheck so it's skipped on Windows
everywhere automatically.
This test is designed to connect to the server, then immediately send a
few bytes and disconnect. In some situations, such as on a loaded
server, this doesn't give the server enough time to write its lock file
before its existence is checked. The test harness then fails to find the
server's input log file (because it hasn't been written yet) and fails
the test. By adding a short delay after the test, the HTTP server has
enough time to write its lock file which gives itself more time to write
its remaining files.
Ref: #11328
These tests reduce the server lock wait timeout which can increase
flakiness on loaded machines. Since this is merely an optimization,
eliminate them in favour of reliability.
Ref: #11328
These tests can fail when the test machine is so slow that the test HTTP
server didn't get a chance to complete before the client's one second
100-continue timeout triggered. Increase that 1 second to 999 seconds so
this situation doesn't happen.
Ref: #11328
These are ones likely to fail on heavily-loaded machines that alter the
normal test timing. Most of these tests already had the flaky keyword
since this condition makes them more likely to fail on CI.
These tests are run in SLOWDOWN mode which adds a 10 msec delay after
each character output, which means it takes at least 1.6 seconds (and
320 kernel calls) just to get through the long welcome banner. On an
overloaded system, this can end up taking much more than 1.6 seconds,
and even more than the 7 or 16 second curl timeout that the tests rely
on, causing them to fail. Reducing the size of the welcome banner drops
the total number of characters sent before the transfer starts by more
than half, which reduces the opportunity for test-breaking slowdowns by
the same amount.
Ref: #11328
- Handle user headers in format 'name:' and 'name;' with no value.
The former is used when the user wants to remove an internal libcurl
header and the latter is used when the user actually wants to send a
no-value header in the format 'name:' (note the semi-colon is converted
by libcurl to a colon).
Prior to this change the AWS header import code did not special case
either of those and the generated AWS SignedHeaders would be incorrect.
Reported-by: apparentorder@users.noreply.github.com
Ref: https://curl.se/docs/manpage.html#-H
Fixes https://github.com/curl/curl/issues/11664
Closes https://github.com/curl/curl/pull/11668
- Use CERT_CONTEXT's pbCertEncoded to determine chain order.
CERT_CONTEXT from SECPKG_ATTR_REMOTE_CERT_CONTEXT contains
end-entity/server certificate in pbCertEncoded. We can use this pointer
to determine the order of certificates when enumerating hCertStore using
CertEnumCertificatesInStore.
This change is to help ensure that the ordering of the certificate chain
requested by the user via CURLINFO_CERTINFO has the same ordering on all
versions of Windows.
Prior to this change Schannel certificate order was reversed in 8986df80
but that was later reverted in f540a39b when it was discovered that
Windows 11 22H2 does the reversal on its own.
Ref: https://github.com/curl/curl/issues/9706
Closes https://github.com/curl/curl/pull/11632
In https://www.rfc-editor.org/rfc/rfc2831#section-2.1.2
digest-uri-value should be serv-type "/" host , where host is:
The DNS host name or IP address for the service requested. The
DNS host name must be the fully-qualified canonical name of the
host. The DNS host name is the preferred form; see notes on server
processing of the digest-uri.
Realm may not be the host, so we must specify the host explicitly.
Note this change only affects the non-SSPI digest code. The digest code
used by SSPI builds already uses the hostname to generate the spn.
Ref: https://github.com/curl/curl/issues/11369
Closes https://github.com/curl/curl/pull/11395
- set CURL_CI for pytest runs in CI environments
- exclude timing sensitive tests from CI runs
- for failed results, list only the log and stat of
the failed transfer
- fix type in http.c comment
Closes#11812
- refs #11342 where errors with git https interactions
were observed
- problem was caused by 1st sends of size larger than 64KB
which resulted in later retries of 64KB only
- limit sending of 1st block to 64KB
- adjust h2/h3 filters to cope with parsing the HTTP/1.1
formatted request in chunks
- introducing Curl_nwrite() as companion to Curl_write()
for the many cases where the sockindex is already known
Fixes#11342 (again)
Closes#11803
- added test cases for various code paths
- fixed handling of blocked write when stream had
been closed inbetween attempts
- re-enabled DEBUGASSERT on send with smaller data size
- in debug builds, environment variables can be set to simulate a slow
network when sending data. cf-socket.c and vquic.c support
* CURL_DBG_SOCK_WBLOCK: percentage of send() calls that should be
answered with a EAGAIN. TCP/UNIX sockets.
This is chosen randomly.
* CURL_DBG_SOCK_WPARTIAL: percentage of data that shall be written
to the network. TCP/UNIX sockets.
Example: 80 means a send with 1000 bytes would only send 800
This is applied to every send.
* CURL_DBG_QUIC_WBLOCK: percentage of send() calls that should be
answered with EAGAIN. QUIC only.
This is chosen randomly.
Closes#11756
At least FreeBSD preserves cwd across makefile lines, so rules
consisting of more than one "cd X; do_something" must be explicitly run
in a subshell to avoid this. This problem caused the Cirrus FreeBSD
build to fail when parallel make jobs were enabled.
- delete completed TODO from `./CMakeLists.txt`.
- convert a C++ comment to C89 in `./CMake/CurlTests.c`.
- delete duplicate EOLs from EOF.
- add missing EOL at EOF.
- delete whitespace at EOL (except from expected test results).
- convert tabs to spaces.
- convert CRLF EOLs to LF in GHA yaml.
- text casing fixes in `./CMakeLists.txt`.
- fix a codespell typo in `packages/OS400/initscript.sh`.
Closes#11772
OS400 uses BSD 4.3 setsockopt() prototype by default: this does not
define parameter as const, resulting in an error if actual parameter is
const. Remove the const keyword from the actual parameter cast: this
works in all conditions, even if the formal parameter uses it.
Closes#11547
- Error on missing input file for --data, --data-binary,
--data-urlencode, --header, --variable, --write-out.
Prior to this change if a user of the curl tool specified an input file
for one of the above options and that file could not be opened then it
would be treated as zero length data instead of an error. For example, a
POST using `--data @filenametypo` would cause a zero length POST which
is probably not what the user intended.
Closes https://github.com/curl/curl/pull/11677
- Allow the stunnel minor-version version part to be zero.
Prior to this change with the stunnel version scheme of <major>.<minor>
if either part was 0 then version parsing would fail, causing
secureserver.pl to fail with error "No stunnel", causing tests that use
the SSL protocol to be skipped. As a practical matter this bug can only
be caused by a minor-version part of 0, since the major-version part is
always greater than 0.
Closes https://github.com/curl/curl/pull/11722
- Store the stunnel path in the private variable $stunnel unquoted and
instead quote it in the command strings.
Prior to this change the quoted stunnel path was passed to perl's file
operators which cannot handle quoted paths. For example:
$stunnel = "\"/C/Program Files (x86)/stunnel/bin/tstunnel\"";
if(-x $stunnel or -x "$stunnel")
# false even if path exists and is executable
Our other test scripts written in perl, unlike this one, use servers.pm
which has a global $stunnel variable with the path stored unquoted and
therefore those scripts don't have this problem.
Closes https://github.com/curl/curl/pull/11721
Store numerical IPv6 addresses in the alt-svc file with the brackets
present.
Verify with test 437 and 438
Fixes#11737
Reported-by: oliverpool on github
Closes#11743
