Commit Graph

31608 Commits

Author SHA1 Message Date
Stefan Eissing
49ca84144e
websockets: check for negative payload lengths
- in en- and decoding, check the websocket frame payload lengths for
  negative values (from curl_off_t) and error the operation in that case
- add test 2307 to verify

Closes #12707
2024-01-16 14:56:15 +01:00
Daniel Stenberg
9034a16d97
docs: mention env vars not used by schannel
Ref: #12704

Co-authored-by: Jay Satiro <raysatiro@yahoo.com>

Closes #12711
2024-01-16 11:02:13 +01:00
Daniel Stenberg
ae9f01f336
tool_operate: make --remove-on-error only remove "real" files
Reported-by: Harry Sintonen
Assisted-by: Dan Fandrich

Closes #12710
2024-01-16 10:57:12 +01:00
Jay Wu
c5801a28c5
url: don't set default CA paths for Secure Transport backend
As the default for this backend is the native CA store.

Closes #12704
2024-01-16 10:48:36 +01:00
Lin Sun
4224d6e0f3
asyn-ares: with modern c-ares, use its default timeout
Closes #12703
2024-01-16 10:45:58 +01:00
Daniel Stenberg
ba01cac39b
tool_operate: stop setting the file comment on Amiga
- the URL is capped at 80 cols, which ruins it if longer
- it does not strip off URL credentials
- it is done unconditonally, not on --xattr
- we don't have Amiga in the CI which makes fixing it blindly fragile

Someone who builds and tests on Amiga can add it back correctly in a
future if there is a desire.

Reported-by: Harry Sintonen
Closes #12709
2024-01-15 18:21:16 +01:00
Stefan Eissing
036eb150d1
rtsp: deal with borked server responses
- enforce a response body length of 0, if the
  response has no Content-lenght. This is according
  to the RTSP spec.
- excess bytes in a response body are forwarded to
  the client writers which will report and fail the
  transfer

Follow-up to d7b6ce6
Fixes #12701
Closes #12706
2024-01-15 14:13:58 +01:00
Daniel Stenberg
72bd88adde
version: show only the libpsl version, not its dependencies
The libpsl version output otherwise also includes version number for its
dependencies, like IDN lib, but since libcurl does not use libpsl's IDN
functionality those components are not important.

Ref: https://github.com/curl/curl-for-win/issues/63
Closes #12700
2024-01-14 23:33:22 +01:00
bch
e3b386f86f
curl.h: CURLOPT_DNS_SERVERS is only available with c-ares
Closes #12695
2024-01-14 18:18:43 +01:00
Daniel Stenberg
aaab6cb0c4
cmdline-opts/gen.pl: error on initital blank line
After the "---" separator, there should be no blank line and this script
now errors out if one is detected.

Ref: #12696
Closes #12698
2024-01-14 18:12:14 +01:00
Daniel Stenberg
e186ca6534
cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper
Follow-up to 693cd16793 which was incomplete

Ref #12680
Closes #12697
2024-01-14 18:11:15 +01:00
Daniel Stenberg
beb2283746
curl_multi_fdset.3: remove mention of null pointer support
... since this funtion has not supported null pointer fd_set arguments since
at least 2006. (That's when I stopped my git blame journey)

Fixes #12691
Reported-by: sfan5 on github
Closes #12692
2024-01-14 14:53:38 +01:00
Mark Huang
3167dab0d5
docs/cmdline: remove unnecessary line breaks
Closes #12696
2024-01-14 14:45:23 +01:00
Daniel Stenberg
adfffc39a3
transfer: remove warning: Value stored to 'blen' is never read
Detected by scan-build

Follow-up from 1cd2f0072f

Closes #12693
2024-01-14 14:33:46 +01:00
Stefan Eissing
d7b6ce64ce
lib: replace readwrite with write_resp
This clarifies the handling of server responses by folding the code for
the complicated protocols into their protocol handlers. This concerns
mainly HTTP and its bastard sibling RTSP.

The terms "read" and "write" are often used without clear context if
they refer to the connect or the client/application side of a
transfer. This PR uses "read/write" for operations on the client side
and "send/receive" for the connection, e.g. server side. If this is
considered useful, we can revisit renaming of further methods in another
PR.

Curl's protocol handler `readwrite()` method been changed:

```diff
-  CURLcode (*readwrite)(struct Curl_easy *data, struct connectdata *conn,
-                        const char *buf, size_t blen,
-                        size_t *pconsumed, bool *readmore);
+  CURLcode (*write_resp)(struct Curl_easy *data, const char *buf, size_t blen,
+                         bool is_eos, bool *done);
```

The name was changed to clarify that this writes reponse data to the
client side. The parameter changes are:

* `conn` removed as it always operates on `data->conn`
* `pconsumed` removed as the method needs to handle all data on success
* `readmore` removed as no longer necessary
* `is_eos` as indicator that this is the last call for the transfer
  response (end-of-stream).
* `done` TRUE on return iff the transfer response is to be treated as
  finished

This change affects many files only because of updated comments in
handlers that provide no implementation. The real change is that the
HTTP protocol handlers now provide an implementation.

The HTTP protocol handlers `write_resp()` implementation will get passed
**all** raw data of a server response for the transfer. The HTTP/1.x
formatted status and headers, as well as the undecoded response
body. `Curl_http_write_resp_hds()` is used internally to parse the
response headers and pass them on. This method is public as the RTSP
protocol handler also uses it.

HTTP/1.1 "chunked" transport encoding is now part of the general
*content encoding* writer stack, just like other encodings. A new flag
`CLIENTWRITE_EOS` was added for the last client write. This allows
writers to verify that they are in a valid end state. The chunked
decoder will check if it indeed has seen the last chunk.

The general response handling in `transfer.c:466` happens in function
`readwrite_data()`. This mainly operates now like:

```
static CURLcode readwrite_data(data, ...)
{
  do {
    Curl_xfer_recv_resp(data, buf)
    ...
    Curl_xfer_write_resp(data, buf)
    ...
  } while(interested);
  ...
}
```

All the response data handling is implemented in
`Curl_xfer_write_resp()`. It calls the protocol handler's `write_resp()`
implementation if available, or does the default behaviour.

All raw response data needs to pass through this function. Which also
means that anyone in possession of such data may call
`Curl_xfer_write_resp()`.

Closes #12480
2024-01-13 17:23:42 +01:00
Daniel Stenberg
d587ab422d
RELEASE-NOTES: synced 2024-01-13 17:02:45 +01:00
Daniel Stenberg
9582f20d8a
TODO: TFTP doesn't convert LF to CRLF for mode=netascii
Closes #12655
Closes #12690
2024-01-13 16:26:17 +01:00
Daniel Stenberg
9729560a6f
gen: do italics/bold for a range of letters, not just single word
Previously it would match only on a sequence of non-space, which made it
miss to highlight for example "public suffix list".

Updated the recent cookie.d edit from 5da57193b7 to use bold instead
of italics.

Closes #12689
2024-01-13 16:25:20 +01:00
Daniel Stenberg
5da57193b7
docs: describe and highlight super cookies
Reported-by: Yadhu Krishna M

Closes #12687
2024-01-12 23:55:20 +01:00
Daniel Stenberg
b3f02e1d92
configure: when enabling QUIC, check that TLS supports QUIC
Most importantly perhaps is when using OpenSSL that the used
build/flavor has the QUIC API: the vanilla OpenSSL does not, only
BoringSSL, libressl, AWS-LC and quictls do.

Ref: 5d044ad948 (r136780413)

Closes #12683
2024-01-12 09:47:42 +01:00
Stefan Eissing
5d044ad948
vquic: extract TLS setup into own source
- separate ngtcp2 specific parts out
- provide callback during init to allow ngtcp2 to apply its defaults

Closes #12678
2024-01-11 10:43:00 +01:00
Sergey Markelov
98543fc2cf
multi: remove total timer reset in file_do() while fetching file://
The total timer is properly reset in MSTATE_INIT.  MSTATE_CONNECT starts
with resetting the timer that is a start point for further multi states.
If file://, MSTATE_DO calls file_do() that should not reset the total
timer.  Otherwise, the total time is always less than the pre-transfer
and the start transfer times.

Closes #12682
2024-01-11 08:51:29 +01:00
Daniel Stenberg
693cd16793
http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT
Extended test 80 to verify this.

Reported-by: Stefan Eissing
Fixes #12680
Closes #12681
2024-01-11 08:49:21 +01:00
Daniel Stenberg
dd0f680fc0
sectransp: do verify_cert without memdup for blobs
Since the information is then already stored in memory, this can avoid
an extra set of malloc + free calls.

Closes #12679
2024-01-10 23:22:52 +01:00
Daniel Stenberg
24ae4a07f3
hsts: remove assert for zero length domain
A zero length domain can happen if the HSTS parser is given invalid
input data which is not unheard of and is done by the fuzzer.

Follow-up from cfe7902111

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65661

Closes #12676
2024-01-10 13:58:14 +01:00
Daniel Stenberg
a9e128d569
headers: make sure the trailing newline is not stored
extended test1940 to verify blank header fields too

Bug: https://curl.se/mail/lib-2024-01/0019.html
Reported-by: Dmitry Karpov
Closes #12675
2024-01-10 13:57:08 +01:00
Daniel Stenberg
77c3c1a8fb
curl_easy_header.3: tiny language fix
Closes #12672
2024-01-10 09:42:49 +01:00
Daniel Stenberg
5d75bcd2ea
examples/range.c: add
Closes #12671
2024-01-10 09:33:08 +01:00
Daniel Stenberg
1404bcdeae
examples/netrc.c: add
Closes #12671
2024-01-10 09:33:06 +01:00
Daniel Stenberg
dd09f88f13
examples/ipv6.c: new example showing IPv6-only internet transfer
Closes #12671
2024-01-10 09:33:03 +01:00
Daniel Stenberg
ebbc6243d7
examples/address-scope.c: renamed from ipv6.c
It shows address scope use really

Closes #12671
2024-01-10 09:32:54 +01:00
Stefan Eissing
48d86999af
multi: pollset adjust, init with FIRSTSOCKET during connect
- `conn->sockfd` is set by `Curl_setup_transfer()`, but that
  is called *after* the connection has been established
- use `conn->sock[FIRSTSOCKET]` instead

Follow-up to a0f94800d5
Closes #12664
2024-01-09 17:41:13 +01:00
Daniel Stenberg
6d9bf0db7e
WEBSOCKET.md: remove dead link 2024-01-09 16:00:29 +01:00
Daniel Stenberg
e2fbe56610
CI: spellcheck/appveyor: invoke configure --without-libpsl
Follow-up to 2998874bb6
2024-01-09 16:00:29 +01:00
Daniel Stenberg
89bb115e4a
cmdline/docs/*.d: switch to using ## instead of .IP
To make the editing easier. To write and to read.

Closes #12667
2024-01-09 16:00:23 +01:00
Daniel Stenberg
a859e29a60
gen.pl: support ## for doing .IP in table-like lists
Warn on use of .RS/.IP/.RE

Closes #12667
2024-01-09 16:00:16 +01:00
Jay Satiro
0ad13e0618 cookie.d: Document use of empty string to enable cookie engine
- Explain that --cookie "" can be used to enable the cookie engine
  without reading any initial cookies.

As is documented in CURLOPT_COOKIEFILE.

Ref: https://curl.se/libcurl/c/CURLOPT_COOKIEFILE.html

Bug: https://github.com/curl/curl/issues/12643#issuecomment-1879844420
Reported-by: janko-js@users.noreply.github.com

Closes https://github.com/curl/curl/pull/12646
2024-01-09 03:40:47 -05:00
Daniel Stenberg
ac4dbc9cb5
setopt: use memdup0 when cloning COPYPOSTFIELDS
Closes #12651
2024-01-09 09:23:15 +01:00
Daniel Stenberg
2959f45b7d
telnet: use dynbuf instad of malloc for escape buffer
Previously, send_telnet_data() would malloc + free a buffer every time
for escaping IAC codes. Now, it reuses a dynbuf for this purpose.

Closes #12652
2024-01-09 09:21:01 +01:00
Daniel Stenberg
d18811b52b
CI: install libpsl or configure --without-libpsl in builds
As a follow-up to the stricted libpsl check in configure
2024-01-09 09:10:58 +01:00
Daniel Stenberg
2998874bb6
configure: make libpsl detection failure cause error
To force users to explictily disable it if they really don't want it
used and make it harder to accidentally miss it.

--without-libpsl is the option to use if PSL is not wanted.

Closes #12661
2024-01-09 09:09:51 +01:00
Daniel Stenberg
912d80c680
RELEASE-NOTES: synced 2024-01-08 23:00:21 +01:00
Daniel Stenberg
a3abc81a48
pop3: replace calloc + memcpy with memdup0
... and make sure to return error on out of memory.

Closes #12650
2024-01-08 22:55:39 +01:00
Daniel Stenberg
cfe7902111
lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT
Closes #12658
2024-01-08 22:48:24 +01:00
Daniel Stenberg
8e0323b4b5
mime: use memdup0 instead of malloc + memcpy
Closes #12649
2024-01-08 22:40:43 +01:00
Daniel Stenberg
fb414370ac
tool_getparam: move the --rate logic into set_rate() 2024-01-08 22:39:18 +01:00
Daniel Stenberg
9e4e527735
tool_getparam: switch to an enum for every option
To make the big switch much easier to read/understand and to make it
easier to add new options.
2024-01-08 22:39:11 +01:00
Daniel Stenberg
1f4433dad4
tool_getparam: build post data using dynbuf (more) 2024-01-08 22:38:22 +01:00
Daniel Stenberg
1dba44b2f1
tool_getparam: replace malloc + copy by dynbuf for --data 2024-01-08 22:38:22 +01:00
Daniel Stenberg
f37840a46e
tool_getparam: make data_urlencode avoid direct malloc
use aprintf() instead
2024-01-08 22:38:22 +01:00