Viktor Szakats [Wed, 24 Sep 2025 12:53:18 +0000 (14:53 +0200)]
docs: fix/tidy code fences
- INSTALL.md: fence code to avoid wrong rendering. Reported-by: rinsuki on github Fixes: https://github.com/curl/curl-www/issues/480
- use `sh` instead of `bash` as fence language, for less visual noise.
Daniel Stenberg [Mon, 22 Sep 2025 09:08:43 +0000 (11:08 +0200)]
socks_gssapi: reject too long tokens
If GSS returns a token to use that is longer than 65535 bytes, it can't
be transmitted since the length field is an unisgned 16 bit field and
thus needs to trigger an error.
Viktor Szakats [Wed, 24 Sep 2025 08:16:05 +0000 (10:16 +0200)]
GHA/distcheck: bump timeout for the cmake integration
It may take 1.5 minutes to find the C compiler on macos with old cmake.
The build is also slow due to no unity and Ninja support.
```
Wed, 24 Sep 2025 04:56:51 GMT -- Using CMake version 3.11.4
Wed, 24 Sep 2025 04:58:01 GMT -- The C compiler identification is AppleClang 17.0.0.17000013
Wed, 24 Sep 2025 04:58:02 GMT -- Check for working C compiler: /Applications/Xcode_16.4.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang
Wed, 24 Sep 2025 04:59:33 GMT -- Check for working C compiler: /Applications/Xcode_16.4.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -- works
Wed, 24 Sep 2025 04:59:33 GMT -- Detecting C compiler ABI info
Wed, 24 Sep 2025 04:59:35 GMT -- Detecting C compiler ABI info - done
```
Ref: https://github.com/curl/curl/actions/runs/17966736478/job/51100678487?pr=18700#step:10:50
Viktor Szakats [Wed, 24 Sep 2025 08:29:30 +0000 (10:29 +0200)]
GHA/dist: fix number of parallel jobs on macos runner
It was using the global parallel value in cmake integration tests, while
on macos runners, this should be lower by one, as used in other macos
jobs. Performance impact is minimal.
Viktor Szakats [Tue, 23 Sep 2025 13:45:49 +0000 (15:45 +0200)]
GHA/macos: add macos-26, llvm20, gcc15, drop macos-14, gcc14
Number of combo jobs down to 22 from 24.
Also:
- update the version matrix.
- update exclusion matrix.
- include verbose compiler configuration dump.
It makes the Apple-included, default `-I/usr/local/include` visible.
Ref: #18683
Viktor Szakats [Tue, 23 Sep 2025 09:50:23 +0000 (11:50 +0200)]
GHA/linux: fix address sanitizer error output
Same issue as seen earlier in the tsan job. Fix it the same way, by
switching to cmake to avoid autotools' libtool confusing the analyzer.
Ref: 2a46df31fdb91851895bc46d81f0065e6cafc80b #18274
Configuration remains identical. I removed libssh2 from the installed
packages, because it was unused before, but cmake enabled it by default
and libssh2 has memory leaks:
Ref: https://github.com/curl/curl/actions/runs/17941312820/job/51018425159
Fixing:
```
/usr/bin/llvm-symbolizer-18: /home/runner/work/curl/curl/bld/lib/.libs/libcurl.so.4: no version information available (required by /usr/bin/llvm-symbolizer-18)
/usr/bin/llvm-symbolizer-18: symbol lookup error: /home/runner/work/curl/curl/bld/lib/.libs/libcurl.so.4: undefined symbol: __asan_option_detect_stack_use_after_return
==33900==WARNING: Can't read from symbolizer at fd 3
[..]
==33900==WARNING: Can't write to symbolizer at fd 6
==33900==WARNING: Failed to use and restart external symbolizer
```
Ref: https://github.com/curl/curl/actions/runs/17939949191/job/51013953675?pr=18693
Viktor Szakats [Mon, 22 Sep 2025 16:02:49 +0000 (18:02 +0200)]
cmake: use modern alternatives for `get_filename_component()`
- use `cmake_path()` to query filenames, with CMake 3.20 or upper.
https://cmake.org/cmake/help/v4.1/command/cmake_path.html#query
- use `cmake_host_system_information()` to query the registry,
with CMake 3.24 or upper.
https://cmake.org/cmake/help/v4.1/command/cmake_host_system_information.html#query-windows-registry
Replacing the undocumented method.
- also quote the value passed to `get_filename_component()` where
missing. (Could not cause an actual issue as used in the code.)
Viktor Szakats [Sat, 20 Sep 2025 09:43:59 +0000 (11:43 +0200)]
GHA: enable more options in static analyzer jobs
This is an effort to pass more code through clang-tidt and scan-build
static analyzers. Following CodeQL Linux jobs.
GHA/codeql:
- also build with libssh.
- disable verbose output in build steps.
GHA/linux:
- enable more build options for the clang-tidy and scan-build jobs:
libidn2, nghttp2, ldap, kerberos, rtmp, gnutls, gsasl, rustls,
mbedtls, wolfssl
Use Linuxbrew where necessary.
- also enable ECH, gssapi in the scan-build job.
- fix 'scanbuild' to be 'scan-build' in the job name.
GHA/macos:
- build with Rustls in the clang-tidy job.
- add a new clang-tidy job to test HTTP/3 (with openssl + ngtcp2).
- build with libssh in one of the clang-tidy jobs.
- build with LibreSSL in the MultiSSL clang-tidy job.
- build with heimdal and kerberos in the clang-tidy jobs respectively.
- build with OpenLDAP in one clang-tidy job.
- add support for `skipall`, `skiprun` job options, and use it.
Viktor Szakats [Mon, 22 Sep 2025 09:27:10 +0000 (11:27 +0200)]
libssh: drop two unused assigments
Reported in macOS clang-tidy v21.1.1 build, after enabling libssh in it:
```
lib/vssh/libssh.c
lib/vssh/libssh.c:1342:9: error: Value stored to 'to_t' is never read [clang-analyzer-deadcode.DeadStores,-warnings-as-errors]
1342 | to_t = STRE_OK;
| ^
lib/vssh/libssh.c:1342:9: note: Value stored to 'to_t' is never read
lib/vssh/libssh.c:1349:9: error: Value stored to 'from_t' is never read [clang-analyzer-deadcode.DeadStores,-warnings-as-errors]
1349 | from_t = STRE_OK;
| ^
lib/vssh/libssh.c:1349:9: note: Value stored to 'from_t' is never read
2 warnings generated.
```
Ref: https://github.com/curl/curl/actions/runs/17909917954/job/50918955923?pr=18660#step:11:182
Viktor Szakats [Sun, 21 Sep 2025 19:55:30 +0000 (21:55 +0200)]
rustls: fix clang-tidy warning
Seen with v21.1.1, non-debug-enabled build:
```
lib/vtls/rustls.c:415:23: error: File position of the stream might be 'indeterminate'
after a failed operation. Can cause undefined behavior [clang-analyzer-unix.Stream,-warnings-as-errors]
415 | const size_t rr = fread(buf, 1, sizeof(buf), f);
| ^
```
Ref: https://github.com/curl/curl/actions/runs/17898248031/job/50887746633?pr=18660#step:11:174
Viktor Szakats [Sat, 20 Sep 2025 11:34:08 +0000 (13:34 +0200)]
tool_doswin: fix to use curl socket functions
Replace `WSASocketW()` with `CURL_SOCKET()`. Also replace a call
to `socketclose()` with `sclose()`. According to a comment,
`socketclose()` was chosen to silence test 1498 (and 2300) reporting
`MEMORY FAILURE`. These reports were accurate, and were caused by
calling `WSASocketW()` instead of `socket()` (now `CURL_SOCKET()`).
This also fixes the curl `sclose()` call on an error branch, which is
now correctly paired with a curl socket open. The mismatched open/close
calls caused an issue in TrackMemory-enabled (aka `CURLDEBUG`) builds.
Docs confirm that `socket()` is defaulting to overlapped I/O, matching
the replaced `WSASocketW()` call:
https://learn.microsoft.com/windows/win32/api/winsock2/nf-winsock2-socket#remarks
Also:
- checksrc: ban `WSASocket*()` functions.
- report `SOCKERRNO` instead of `GetLastError()` for socket calls,
to match the rest of the codebase.
Daniel Stenberg [Mon, 22 Sep 2025 06:33:20 +0000 (08:33 +0200)]
managen: strict protocol check
- protocols MUST match one in the accept-list
- protocols are typically all uppercase
- drop All
- use SCP and SFTP instead of SSH
- add Protocols: to some options previously missing one
Daniel Stenberg [Sun, 21 Sep 2025 09:07:31 +0000 (11:07 +0200)]
tftp: pin the first used address
Store the used remote address on the first receive call and then make
sure that it remains the same address on subsequent calls to reduce the
risk of tampering. Doesn't make the transfer secure because it is still
unauthenticated and clear text.
Daniel Stenberg [Sun, 21 Sep 2025 08:48:00 +0000 (10:48 +0200)]
telnet: refuse IAC codes in content
Ban the use of IAC (0xff) in telnet options set by the application. They
need to be escaped when sent but I can't see any valid reason for an
application to send them.
Of course, an application sending such data basically ask for trouble.
Daniel Stenberg [Sat, 20 Sep 2025 21:38:04 +0000 (23:38 +0200)]
libssh: fix range parsing error handling mistake
The range-parsing returned CURLE_RANGE_ERROR directly on one error
instead of calling myssh_to_ERROR() like it should and like it does for
all other errors.
Daniel Stenberg [Sat, 20 Sep 2025 21:23:07 +0000 (23:23 +0200)]
ftp: fix ftp_do_more returning with *completep unset
Specifically, when ftpc->wait_data_conn was true and
Curl_conn_connect(...) returned with serv_conned == false the code
called ftp_check_ctrl_on_data_wait and returned without setting
*completep.
Now set it to 0 at function start to avoid this happening again.
Daniel Stenberg [Wed, 17 Sep 2025 06:32:39 +0000 (08:32 +0200)]
krb5: drop support for Kerberos FTP
It was accidentally broken in commit 0f4c439fc7347f499cf5, shipped since
8.8.0 (May 2024) and yet not a single person has noticed or reported,
indicating that we might as well drop support for FTP Kerberos.
Krb5 support was added in 54967d2a3ab55596314 (July 2007), and we have
been carrying the extra license information around since then for this
code. This commit removes the last traces of that code and thus we can
remove the extra copyright notices along with it.
Viktor Szakats [Tue, 9 Sep 2025 13:29:12 +0000 (15:29 +0200)]
build: avoid overriding system symbols for socket functions
Before this patch `accept4()`, `socket()`, `socketpair()`, `send()` and
`recv()` system symbols were remapped via macros, using the same name,
to local curl debug wrappers. This patch replaces these overrides by
introducing curl-namespaced macros that map either to the system symbols
or to their curl debug wrappers in `CURLDEBUG` (TrackMemory) builds.
This follows a patch that implemented the same for `accept()`.
The old method required tricks to make these redefines work in unity
builds, and avoid them interfering with system headers. These tricks
did not work for system symbols implemented as macros.
The new method allows to setup these mappings once, without interfering
with system headers, upstream macros, or unity builds. It makes builds
more robust.
Also:
- checksrc: ban all mapped functions.
- docs/examples: tidy up checksrc rules.
Daniel Stenberg [Sat, 20 Sep 2025 09:31:54 +0000 (11:31 +0200)]
tool_cb_hdr: size is always 1
- add comment in the header that the argument 'size' is always 1,
as guaranteed by the libcurl API
- then fix the call to fwrite() to avoid using "size, etag_length" which
would be wrong if size was something else than 1, and use a fixed
number there instead.
Viktor Szakats [Thu, 4 Sep 2025 09:56:33 +0000 (11:56 +0200)]
build: address some `-Weverything` warnings, update picky warnings
`-Weverything` is not enabled by curl, and not recommended by LLVM,
because it may enable experimental options, and will result in new
fallouts after toolchain upgrades. This patch aims to fix/silence as much
as possible as found with llvm/clang 21.1.0. It also permanently enables
warnings that were fixed in source and deemed manageable in the future.
`-Wformat` warnings are addressed separately via #18343.
Fix/silence warnings in the source:
- typecheck-gcc.h: fix `-Wreserved-identifier`.
- lib: silence `-Wcast-function-type-strict`.
For llvm 16+ or Apple clang 16+.
- asyn-ares: limit `HAPPY_EYEBALLS_DNS_TIMEOUT` to old c-ares versions.
- curl_trc: fix `-Wc++-hidden-decl`.
- doh: fix `-Wc++-keyword`.
- ftp: fix `-Wreserved-identifier`.
- ldap: fix `-Wreserved-identifier`.
- mqtt: comment unused macro to avoid warning.
- multi_ev: drop unused macros to avoid warnings.
- setopt: fix useless `break;` after `return;`.
- gtls, mbedtls, rustls: silence `-Wconditional-uninitialized`.
- socks_sspi, schannel, x509asn1: fix `-Wimplicit-int-enum-cast`.
- x509asn1: fix `-Wc++-keyword`.
- openssl: scope `OSSL_UI_METHOD_CAST` to avoid unused macro warning.
- libssh2, wolfssl: drop unused macros.
- curl_ngtcp2, curl_quiche, httpsrr, urlapi: drop/limit unused macros.
- tool_getparam: fix useless `break;` after `return;` or `break;`.
Not normally enabled because it doesn't work with unity.
https://github.com/llvm/llvm-project/issues/71046
- tool_operate: fix `-Wc++-keyword`.
- curlinfo: fix a `-Wunsafe-buffer-usage`.
- tests: silence `-Wformat-non-iso`.
- lib557: fix `-Wreserved-identifier`.
- lib1565: silence `-Wconditional-uninitialized`.
Enable the above clang warnings permanently in picky mode:
- `-Wc++-hidden-decl`
- `-Wc++-keyword` (except for Windows, where it collides with `wchar_t`)
- `-Wcast-function-type-strict`
- `-Wcast-function-type`
- `-Wconditional-uninitialized`
- `-Wformat-non-iso` (except for clang-cl)
- `-Wreserved-identifier`
- `-Wtentative-definition-compat`
Silence problematic `-Weverything` warnings globally (in picky mode):
- `-Wused-but-marked-unused` (88000+ hits) and
`-Wdisabled-macro-expansion` (2600+ hits).
Triggered by `typecheck-gcc.h` when building with clang 14+.
Maybe there exists a way to fix within that header?
Ref: https://discourse.llvm.org/t/removing-wused-but-marked-unused/55310
- `-Wunsafe-buffer-usage`. clang 16+. 7000+ hits.
May be useful in theory, but such high volume of hits makes it
impractical to review and possibly address. Meant for C++.
Ref: https://clang.llvm.org/docs/SafeBuffers.html
Ref: https://stackoverflow.com/questions/77017567/how-to-fix-code-to-avoid-warning-wunsafe-buffer-usage
Ref: https://discourse.llvm.org/t/rfc-c-buffer-hardening/65734
Ref: https://github.com/llvm/llvm-project/pull/111624
- `-Wimplicit-void-ptr-cast`. clang 21+. 1700+ hits.
C++ warning, deemed pure noise.
Ref: https://github.com/curl/curl/issues/18470#issuecomment-3253506266
- `-Wswitch-default` (180+ hits), `-Wswitch-enum` (190+ hits),
`-Wcovered-switch-default` (20+ hits).
Next to impossible to fix cleanly, esp. when the covered `case`
branches depend on compile-time options.
- `-Wdocumentation-unknown-command` (8+ hits).
Triggered in a few sources. Seems arbitrary and bogus.
- `-Wpadded` (550+ hits).
- `-Wc++-keyword` on Windows, where it collides with `wchar_t`.
(100+ hits)
Ref: https://github.com/llvm/llvm-project/issues/155988
- `-Wreserved-macro-identifier`. clang 13+. 5+ hits.
Sometimes it's necessary to set external macros that use
the reserved namespace. E.g. `_CRT_NONSTDC_NO_DEPRECATE`,
`__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__`, `__NO_NET_API`,
possibly `_REENTRANT`, and more.
It's not worth trying to silence them individually.
- `-Wnonportable-system-include-path` with `clang-cl`.
It'd be broken by doing what the warning suggests.
- `-Wformat-non-iso` for clang-cl.
CMake `PICKY_COMPILER=ON` (the default) or `./configure`
`--enable-warnings` (not the default) is required to enable these
silencing rules.
Also:
- autotools, cmake: fix Apple clang and mainline llvm version translations.
Ref: https://en.wikipedia.org/wiki/Xcode#Toolchain_versions
- autotools, cmake: enable `-Warray-compare` for clang 20+.
Follow-up to 4b7accda5ae3f2e663aa3f3853805241ef87c2fe #17196
- cmake: fix to enable `-Wmissing-variable-declarations` at an earlier
clang version.
- cmake: update internal logic to handle warning options with `+` in
them.
- cmake: fix internal logic to match the whole option when looking
into `CMAKE_C_FLAGS` for custom-disabled warnings.
Viktor Szakats [Sun, 7 Sep 2025 19:42:41 +0000 (21:42 +0200)]
windows: stop passing unused, optional argument for Win9x compatibility
Expiry timestamp in `AcquireCredentialsHandle()` (SSPI) and
`InitializeSecurityContext()` (Schannel) calls. The argument is optional
in both. The returned value was never used in curl. The reason for
passing it was Windows 95 compatibility, according to comments in
the SSPI code. curl no longer supports Windows 95.
Viktor Szakats [Fri, 5 Sep 2025 08:44:06 +0000 (10:44 +0200)]
tidy-up: avoid using the reserved macro namespace
To avoid hitting `-Wreserved-macro-identifier` where possible.
- amigaos: introduce local macro instead of reusing `__request()`.
- easy_lock: avoid redefining `__has_builtin()`.
Follow-up to 33fd57b8fff8c0d873da2316a2a7f911caac2bae #9062
- rand: drop interim macro `_random()`.
- windows: rename local macro `_tcsdup()` to `Curl_tcsdup()`.
To avoid using the reserved macro namespace and to avoid
colliding with `_tcsdup()` as defined by Windows headers.
- checksrc: ban `_tcsdup()` in favor of `Curl_tcsdup()`.
- tool_doswin: avoid redefining `_use_lfn()` (MS-DOS).
- tool_findfile: limit `__NO_NET_API` hack to AmigaOS.
Syncing this pattern with `lib/netrc.c`.
Follow-up to 784a8ec2c1a3cc4bd676077a28a0d5f6ee7786a5 #16279
- examples/http2-upload: avoid reserved namespace for local macro.
More cases will be removed when dropping WinCE support via #17927.
Cases remain when defining external macros out of curl's control.
Viktor Szakats [Fri, 1 Aug 2025 19:09:52 +0000 (21:09 +0200)]
windows: replace `_beginthreadex()` with `CreateThread()`
Replace `_beginthreadex()` C runtime calls with native win32 API
`CreateThread()`. The latter was already used in `src/tool_doswin.c`
and in UWP and Windows CE builds before this patch. After this patch
all Windows flavors use it. To drop PP logic and simplify code.
While working on this it turned out that `src/tool_doswin.c` calls
`TerminateThread()`, which isn't recommended by the documentation,
except for "the most extreme cases". This patch makes no attempt
to change that code.
Ref: 9a2663322c330ff11275abafd612e9c99407a94a #17572
Ref: https://learn.microsoft.com/windows/win32/api/processthreadsapi/nf-processthreadsapi-terminatethread
Also:
- use `WaitForSingleObjectEx()` on all desktop Windows.
Ref: 4be80d5109a340973dc6ce0221ec5c5761587df0
Ref: https://sourceforge.net/p/curl/feature-requests/82/
Ref: https://learn.microsoft.com/windows/win32/api/synchapi/nf-synchapi-waitforsingleobjectex
- tests: drop redundant casts.
- lib3207: fix to not rely on thread macros when building without thread
support.
Daniel Stenberg [Fri, 19 Sep 2025 11:47:16 +0000 (13:47 +0200)]
base64: accept zero length argument to base64_encode
We used to treat 0 as "call strlen() to get the length" for
curlx_base64_encode, but it turns out this is rather fragile as we
easily do the mistake of passing in zero when the data is actually not
there and then calling strlen() is wrong.
Force the caller to pass in the correct size. A zero length input string
now returns a zero length output and a NULL pointer.
Daniel Stenberg [Fri, 19 Sep 2025 13:59:57 +0000 (15:59 +0200)]
cookie: avoid saving a cookie file if no transfer was done
Because parts of the cookie loading happens on transfer start the
in-memory cookie jar risks being incomplete and then a save might
wrongly truncate the target file.
Added test 1902 to verify.
Reported-by: divinity76 on github
Fixes #18621
Closes #18622
Viktor Szakats [Fri, 19 Sep 2025 08:19:29 +0000 (10:19 +0200)]
GHA/codeql: try disabling the TRAP cache
The `cpp` CodeQL job is adding a cache entry for each run on the master
branch. One for Linux, another for Windows. Size: 68MB + 180MB = 248MB.
In one week we got 50+ such entries, almost filling the available cache
space.
Following the recommendation in an open issue thread, this patch tries
to disable this cache. Since it only affects master, the effect can only
be verified after merging.
The latest cache is picked up in PRs. The performance impact is also to
be seen after merge.
At that time this was a reasonable concern because libssh2 started
null-terminating this string just one year prior, in 2005:
https://github.com/libssh2/libssh2/commit/efc3841fd2c2c945e96492e9089e4d1810709d53
This fix was released in libssh2 v0.13 (2006-03-02).
curl requires libssh2 v1.2.8, making this workaround no longer necessary.
tftp: propagate expired timer from tftp_state_timeout()
When Curl_timeleft() < 0 we used to return 0, masking the expiry and
skipping the caller’s (timeout_ms < 0) path. Now we set FIN and return
the negative value so tftp_multi_statemach() aborts with
CURLE_OPERATION_TIMEDOUT as intended.
Jay Satiro [Thu, 18 Sep 2025 06:07:17 +0000 (02:07 -0400)]
socks_sspi: Fix some memory cleanup calls
- Ensure memory allocated by malloc() is freed by free().
Prior to this change SSPI's FreeContextBuffer() was sometimes used to
free malloc'd memory. I can only assume the reason we have no crash
reports about this is because the underlying heap free is probably the
same for both.
Stefan Eissing [Thu, 18 Sep 2025 09:10:45 +0000 (11:10 +0200)]
cfilter: unlink and discard
Rewrite the code that removes a filter from the connection and discards
it. Always look at the connection, otherwise it will not work of the
filter is at the top of the chain.
Change QUIC filter setup code to always tear down the chain in
construction when an error occured.
HTTP proxy, do not remove the h1/h2 sub filter on close. Leave it to be
discarded with the connection. Avoids keeping an additional pointer that
might become dangling.
Triggered by a reported on a code bug in discard method.
projects / thirdparty / curl.git / log
