Commit Graph

30862 Commits

Author SHA1 Message Date
Matthias Gatto
b137634ba3 lib: fix aws-sigv4 having date header twice in some cases
When the user was providing the header X-XXX-Date, the header was
re-added during signature computation, and we had it twice in the
request.

Reported-by: apparentorder@users.noreply.github.com

Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>

Fixes: https://github.com/curl/curl/issues/11738
Closes: https://github.com/curl/curl/pull/11754
2023-08-30 03:41:29 -04:00
Jay Satiro
7f597ca12c multi: remove 'processing: <url>' debug message
- Remove debug message added by e024d566.

Closes https://github.com/curl/curl/pull/11759
2023-08-30 03:39:17 -04:00
Jay Satiro
2fe97dc274 ftp: fix temp write of ipv6 address
- During the check to differentiate between a port and IPv6 address
  without brackets, write the binary IPv6 address to an in6_addr.

Prior to this change the binary IPv6 address was erroneously written to
a sockaddr_in6 'sa6' when it should have been written to its in6_addr
member 'sin6_addr'. There's no fallout because no members of 'sa6' are
accessed before it is later overwritten.

Closes https://github.com/curl/curl/pull/11747
2023-08-30 03:22:07 -04:00
Jay Satiro
aacbeae7bb tool: change some fopen failures from warnings to errors
- Error on missing input file for --data, --data-binary,
  --data-urlencode, --header, --variable, --write-out.

Prior to this change if a user of the curl tool specified an input file
for one of the above options and that file could not be opened then it
would be treated as zero length data instead of an error. For example, a
POST using `--data @filenametypo` would cause a zero length POST which
is probably not what the user intended.

Closes https://github.com/curl/curl/pull/11677
2023-08-30 03:11:17 -04:00
Jay Satiro
2fe26a7c6a hostip: fix typo 2023-08-29 17:08:23 -04:00
Davide Masserut
226d042a58 tool: avoid including leading spaces in the Location hyperlink
Co-authored-by: Dan Fandrich <dan@coneharvesters.com>

Closes #11735
2023-08-29 10:12:05 -07:00
Daniel Stenberg
86bbb57e31
SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline
Closes #11757
2023-08-29 16:36:00 +02:00
Daniel Stenberg
748da39b94
connect: stop halving the remaining timeout when less than 600 ms left
When curl wants to connect to a host, it always has a TIMEOUT. The
maximum time it is allowed to spend until a connect is confirmed.

curl will try to connect to each of the IP adresses returned for the
host. Two loops, one for each IP family.

During the connect loop, while curl has more than one IP address left to
try within a single address family, curl has traditionally allowed (time
left/2) for *this* connect attempt. This, to not get stuck on the
initial addresses in case the timeout but still allow later addresses to
get attempted.

This has the downside that when users set a very short timeout and the
host has a large number of IP addresses, the effective result might be
that every attempt gets a little too short time.

This change stop doing the divided-by-two if the total time left is
below a threshold. This threshold is 600 milliseconds.

Closes #11693
2023-08-29 10:43:26 +02:00
Daniel Stenberg
a181b4a053
asyn-ares: reduce timeout to 2000ms
When UDP packets get lost this makes for slightly faster retries. This
lower timeout is used by @c-ares itself by default starting next
release.

Closes #11753
2023-08-29 10:40:57 +02:00
John Bampton
7378f9cc32
misc: remove duplicate words
Closes #11740
2023-08-29 10:39:31 +02:00
Daniel Stenberg
67890d6951
RELEASE-NOTES: synced 2023-08-29 10:27:05 +02:00
Daniel Stenberg
c0998fa9a9
wolfSSL: avoid the OpenSSL compat API when not needed
... and instead call wolfSSL functions directly.

Closes #11752
2023-08-28 23:46:52 +02:00
Viktor Szakats
d50fe6becb
lib: fix null ptr derefs and uninitialized vars (h2/h3)
Fixing compiler warnings with gcc 13.2.0 in unity builds.

Assisted-by: Jay Satiro
Assisted-by: Stefan Eissing
Closes #11739
2023-08-28 19:47:14 +00:00
Jay Satiro
51686e0054 secureserver.pl: fix stunnel version parsing
- Allow the stunnel minor-version version part to be zero.

Prior to this change with the stunnel version scheme of <major>.<minor>
if either part was 0 then version parsing would fail, causing
secureserver.pl to fail with error "No stunnel", causing tests that use
the SSL protocol to be skipped. As a practical matter this bug can only
be caused by a minor-version part of 0, since the major-version part is
always greater than 0.

Closes https://github.com/curl/curl/pull/11722
2023-08-28 15:10:48 -04:00
Jay Satiro
f2bc51a0bd secureserver.pl: fix stunnel path quoting
- Store the stunnel path in the private variable $stunnel unquoted and
  instead quote it in the command strings.

Prior to this change the quoted stunnel path was passed to perl's file
operators which cannot handle quoted paths. For example:

$stunnel = "\"/C/Program Files (x86)/stunnel/bin/tstunnel\"";
if(-x $stunnel or -x "$stunnel")
# false even if path exists and is executable

Our other test scripts written in perl, unlike this one, use servers.pm
which has a global $stunnel variable with the path stored unquoted and
therefore those scripts don't have this problem.

Closes https://github.com/curl/curl/pull/11721
2023-08-28 15:01:50 -04:00
Daniel Stenberg
25ca79df1e
altsvc: accept and parse IPv6 addresses in response headers
Store numerical IPv6 addresses in the alt-svc file with the brackets
present.

Verify with test 437 and 438

Fixes #11737
Reported-by: oliverpool on github
Closes #11743
2023-08-28 17:08:42 +02:00
Daniel Stenberg
a06de2b772
libtest: use curl_free() to free libcurl allocated data
In several test programs. These mistakes are not detected or a problem
as long as memdebug.h is included, as that provides the debug wrappers
for all memory functions in the same style libcurl internals do it,
which makes curl_free and free effectively the same call.

Reported-by: Nicholas Nethercote
Closes #11746
2023-08-28 13:24:51 +02:00
Jay Satiro
89b3cbd0e0
disable.d: explain --disable not implemented prior to 7.50.0
Option -q/--disable was added in 5.0 but only -q was actually
implemented. Later --disable was implemented in e200034 (precedes
7.49.0), but incorrectly, and fixed in 6dbc23c (precedes 7.50.0).

Reported-by: pszlazak@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/11710
Closes #11712
2023-08-28 11:11:12 +02:00
Nicholas Nethercote
9b84f274f1
hyper: fix ownership problems
Some of these changes come from comparing `Curl_http` and
`start_CONNECT`, which are similar, and adding things to them that are
present in one and missing in another.

The most important changes:
- In `start_CONNECT`, add a missing `hyper_clientconn_free` call on the
  happy path.
- In `start_CONNECT`, add a missing `hyper_request_free` on the error
  path.
- In `bodysend`, add a missing `hyper_body_free` on an early-exit path.
- In `bodysend`, remove an unnecessary `hyper_body_free` on a different
  error path that would cause a double-free.
  https://docs.rs/hyper/latest/hyper/ffi/fn.hyper_request_set_body.html
  says of `hyper_request_set_body`: "This takes ownership of the
  hyper_body *, you must not use it or free it after setting it on the
  request." This is true even if `hyper_request_set_body` returns an
  error; I confirmed this by looking at the hyper source code.

Other changes are minor but make things slightly nicer.

Closes #11745
2023-08-28 11:06:15 +02:00
Daniel Stenberg
a43511bff2
multi.h: the 'revents' field of curl_waitfd is supported
Since 6d30f8ebed

Reported-by: Nicolás Ojeda Bär
Ref: #11748
Closes #11749
2023-08-28 11:05:05 +02:00
Gerome Fournier
458c70db6a
tool_paramhlp: improve str2num(): avoid unnecessary call to strlen()
Closes #11742
2023-08-27 17:55:05 +02:00
Daniel Stenberg
864090ca39
docs: mention critical files in same directories as curl saves
... cannot be fully protected. Don't do it.

Co-authored-by: Jay Satiro
Reported-by: Harry Sintonen
Fixes #11530
Closes #11701
2023-08-27 11:16:29 +02:00
John Hawthorn
6d44625305
OpenSSL: clear error queue after SSL_shutdown
We've seen errors left in the OpenSSL error queue (specifically,
"shutdown while in init") by adding some logging it revealed that the
source was this file.

Since we call SSL_read and SSL_shutdown here, but don't check the return
code for an error, we should clear the OpenSSL error queue in case one
was raised.

This didn't affect curl because we call ERR_clear_error before every
write operation (a0dd9df9ab), but when
libcurl is used in a process with other OpenSSL users, they may detect
an OpenSSL error pushed by libcurl's SSL_shutdown as if it was their
own.

Co-authored-by: Satana de Sant'Ana <satana@skylittlesystem.org>

Closes #11736
2023-08-26 19:36:40 +02:00
Alexander Kanavin
c2212c05aa
tests: update cookie expiry dates to far in the future
This allows testing Y2038 with system time set to after that, so that
actual Y2038 issues can be exposed, and not masked by expiry errors.

Fixes #11576
Closes #11610
2023-08-25 20:57:05 +02:00
John Bampton
bc7c4996f1
misc: fix spelling
Closes #11733
2023-08-25 20:54:14 +02:00
Daniel Stenberg
a722ce71a3
cmdline-opts/page-header: clarify stronger that !opt == URL
Everything provided on the command line that is not an option (or an
argument to an option) is treated as a URL.

Closes #11734
2023-08-25 20:53:15 +02:00
Daniel Stenberg
1d2f41a8a3
tests/runner: fix %else handling
Getting the show state proper for %else and %endif did not properly work
in nested cases.

Follow-up to 3d089c41ea

Closes #11731
2023-08-25 15:46:50 +02:00
Nicholas Nethercote
629723ecf2
docs: Remove mention of #10803 from KNOWN_BUGS.
Because the leaks have been fixed.
2023-08-25 15:27:32 +02:00
Nicholas Nethercote
e854166472
c-hyper: fix another memory leak in Curl_http.
There is a `hyper_clientconn_free` call on the happy path, but not one
on the error path. This commit adds one.

Fixes the second memory leak reported by Valgrind in #10803.

Fixes #10803
Closes #11729
2023-08-25 15:27:22 +02:00
Nicholas Nethercote
c61dd5fed2
c-hyper: fix a memory leak in Curl_http.
A request created with `hyper_request_new` must be consumed by either
`hyper_clientconn_send` or `hyper_request_free`.

This is not terrifically clear from the hyper docs --
`hyper_request_free` is documented only with "Free an HTTP request if
not going to send it on a client" -- but a perusal of the hyper code
confirms it.

This commit adds a `hyper_request_free` to the `error:` path in
`Curl_http` so that the request is consumed when an error occurs after
the request is created but before it is sent.

Fixes the first memory leak reported by Valgrind in #10803.

Closes #11729
2023-08-25 15:27:11 +02:00
Daniel Stenberg
7e371dc994
RELEASE-NOTES: synced 2023-08-25 13:56:46 +02:00
John Bampton
fb3180a024
misc: spellfixes
Closes #11730
2023-08-25 13:21:07 +02:00
Daniel Stenberg
3d089c41ea
tests: add support for nested %if conditions
Provides more flexiblity to test cases.

Also warn and bail out if there is an '%else' or %endif' without a
preceeding '%if'.

Ref: #11610
Closes #11728
2023-08-25 08:25:25 +02:00
Daniel Stenberg
bb65f73b5d
time-cond.d: mention what happens on a missing file
Closes #11727
2023-08-24 23:04:32 +02:00
Christian Hesse
b02b907099
docs/cmdline-opts: match the current output
The release date has been added in output, reflect that in documentation.

Closes #11723
2023-08-24 23:03:34 +02:00
Daniel Stenberg
2ff7cd75c7
lib: minor comment corrections 2023-08-24 10:02:23 +02:00
Daniel Stenberg
5b060a4108
docs: rewrite to present tense
... instead of using future tense.

+ numerous cleanups and improvements
+ stick to "reuse" not "re-use"
+ fewer contractions

Closes #11713
2023-08-23 23:26:10 +02:00
Daniel Stenberg
887b998e6e
urlapi: setting a blank URL ("") is not an ok URL
Test it in 1560
Fixes #11714
Reported-by: ad0p on github
Closes #11715
2023-08-23 23:24:16 +02:00
Daniel Stenberg
5e2beb3395
spelling: use 'reuse' not 're-use' in code and elsewhere
Unify the spelling as both versions were previously used intermittently

Closes #11717
2023-08-23 23:22:36 +02:00
Michael Osipov
1a14f2179b
system.h: add CURL_OFF_T definitions on HP-UX with HP aCC
HP-UX on IA64 provides two modes: 32 and 64 bit while 32 bit being the
default one. Use "long long" in 32 bit mode and just "long" in 64 bit
mode.

Closes #11718
2023-08-23 23:19:28 +02:00
Dan Fandrich
814dc4b240 tests: don't call HTTP errors OK in test cases
Some HTTP errors codes were accompanied by the text OK, which causes
some cognitive dissonance when reading them.
2023-08-22 15:32:16 -07:00
Dan Fandrich
86179afcbb http: close the connection after a late 417 is received
In this situation, only part of the data has been sent before aborting
so the connection is no longer usable.

Assisted-by: Jay Satiro
Fixes #11678
Closes #11679
2023-08-22 15:32:16 -07:00
Dan Fandrich
0d89c9096d runtests: slightly increase the longest log file displayed
The new limit provides enough space for a 64 KiB data block to be logged
in a trace file, plus a few lines at the start and end for context. This
happens to be the amount of data sent at a time in a PUT request.
2023-08-22 15:32:16 -07:00
Dan Fandrich
66883a89d6 tests: add delay command to the HTTP server
This adds a delay after client connect.
2023-08-22 15:32:16 -07:00
Daniel Stenberg
a2caea87bc
cirrus: install everthing with pkg, avoid pip
Assisted-by: Sevan Janiyan

Closes #11711
2023-08-22 23:06:20 +02:00
Daniel Stenberg
8ef2992e11
curl_url*.3: update function descriptions
- expand and clarify several descriptions
- avoid using future tense all over

Closes #11708
2023-08-22 15:40:57 +02:00
Daniel Stenberg
c996e02afe
RELEASE-NOTES: synced 2023-08-22 08:26:12 +02:00
Stefan Eissing
527a17dc21
CI/cirrus: disable python install on FreeBSD
- python cryptography package does not build build FreeBSD
- install just mentions "error"
- this gets the build and the main test suite going again

Closes #11705
2023-08-21 19:46:00 +02:00
Stefan Eissing
862741637b
test2600: fix flakiness on low cpu
- refs #11355 where failures to to low cpu resources in CI
  are reported
- vastly extend CURLOPT_CONNECTTIMEOUT_MS and max durations
  to test cases
- trigger Curl_expire() in test filter to allow re-checks before
  the usual 1second interval

Closes #11690
2023-08-21 11:30:35 +02:00
Maksim Sciepanienka
20e3287aca
tool_urlglob: use the correct format specifier for curl_off_t in msnprintf
Closes #11698
2023-08-20 23:14:50 +02:00