Viktor Szakats [Tue, 16 Jan 2024 16:30:07 +0000 (16:30 +0000)]
mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls`
- Silence warning in mbedTLS v3.5.1 public headers:
```
./mbedtls/_x64-linux-musl/usr/include/psa/crypto_extra.h:489:14: warning: redundant redeclaration of 'psa_set_key_domain_parameters' [-Wredundant-decls]
./mbedtls/_x64-linux-musl/usr/include/psa/crypto_struct.h:354:14: note: previous declaration of 'psa_set_key_domain_parameters' was here
```
Ref: https://github.com/libssh2/libssh2/commit/ecec68a2c13a9c63fe8c2dc457ae785a513e157c
Ref: https://github.com/libssh2/libssh2/pull/1226
- Fix compiler warnings seen with gcc 9.2.0 + cmake unity:
```
./curl/lib/vtls/mbedtls.c: In function 'mbedtls_bio_cf_read':
./curl/lib/vtls/mbedtls.c:189:11: warning: null pointer dereference [-Wnull-dereference]
189 | nread = Curl_conn_cf_recv(cf->next, data, (char *)buf, blen, &result);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./curl/lib/vtls/mbedtls.c: In function 'mbedtls_bio_cf_write':
./curl/lib/vtls/mbedtls.c:168:14: warning: null pointer dereference [-Wnull-dereference]
168 | nwritten = Curl_conn_cf_send(cf->next, data, (char *)buf, blen, &result);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
Daniel Stenberg [Wed, 17 Jan 2024 13:27:16 +0000 (14:27 +0100)]
docs: cleanup nroff format use
- remove use of .BI for code snippet
- stop using .br, just do a blank line
- remove use of .PP
- remove use for .sp
- remove backslash in .IP
- use .IP instead of .TP
Jay Satiro [Sun, 7 Jan 2024 05:07:55 +0000 (00:07 -0500)]
tool_getparam: stop supporting `@filename` style for --cookie
The `@filename` style was never documented for --cookie <data|filename>
but prior to this change curl would accept it anyway and always treat a
@ prefixed string as a filename.
That's a problem if the string also contains a = sign because then it is
documented to be interpreted as a cookie string and not a filename.
Example:
`--cookie @foo=bar`
Before: Interpreted as load cookies from filename foo=bar.
After: Interpreted as cookie `@foo=bar` (name `@foo` and value `bar`).
Other curl options with a data/filename option-value use the `@filename`
to distinguish filenames which is probably how this happened. The
--cookie option has never been documented that way.
Stefan Eissing [Mon, 15 Jan 2024 12:02:34 +0000 (13:02 +0100)]
websockets: check for negative payload lengths
- in en- and decoding, check the websocket frame payload lengths for
negative values (from curl_off_t) and error the operation in that case
- add test 2307 to verify
Daniel Stenberg [Mon, 15 Jan 2024 15:28:04 +0000 (16:28 +0100)]
tool_operate: stop setting the file comment on Amiga
- the URL is capped at 80 cols, which ruins it if longer
- it does not strip off URL credentials
- it is done unconditonally, not on --xattr
- we don't have Amiga in the CI which makes fixing it blindly fragile
Someone who builds and tests on Amiga can add it back correctly in a
future if there is a desire.
Stefan Eissing [Mon, 15 Jan 2024 10:33:13 +0000 (11:33 +0100)]
rtsp: deal with borked server responses
- enforce a response body length of 0, if the
response has no Content-lenght. This is according
to the RTSP spec.
- excess bytes in a response body are forwarded to
the client writers which will report and fail the
transfer
Daniel Stenberg [Sun, 14 Jan 2024 16:54:51 +0000 (17:54 +0100)]
version: show only the libpsl version, not its dependencies
The libpsl version output otherwise also includes version number for its
dependencies, like IDN lib, but since libcurl does not use libpsl's IDN
functionality those components are not important.
Stefan Eissing [Fri, 1 Dec 2023 12:50:32 +0000 (13:50 +0100)]
lib: replace readwrite with write_resp
This clarifies the handling of server responses by folding the code for
the complicated protocols into their protocol handlers. This concerns
mainly HTTP and its bastard sibling RTSP.
The terms "read" and "write" are often used without clear context if
they refer to the connect or the client/application side of a
transfer. This PR uses "read/write" for operations on the client side
and "send/receive" for the connection, e.g. server side. If this is
considered useful, we can revisit renaming of further methods in another
PR.
Curl's protocol handler `readwrite()` method been changed:
The name was changed to clarify that this writes reponse data to the
client side. The parameter changes are:
* `conn` removed as it always operates on `data->conn`
* `pconsumed` removed as the method needs to handle all data on success
* `readmore` removed as no longer necessary
* `is_eos` as indicator that this is the last call for the transfer
response (end-of-stream).
* `done` TRUE on return iff the transfer response is to be treated as
finished
This change affects many files only because of updated comments in
handlers that provide no implementation. The real change is that the
HTTP protocol handlers now provide an implementation.
The HTTP protocol handlers `write_resp()` implementation will get passed
**all** raw data of a server response for the transfer. The HTTP/1.x
formatted status and headers, as well as the undecoded response
body. `Curl_http_write_resp_hds()` is used internally to parse the
response headers and pass them on. This method is public as the RTSP
protocol handler also uses it.
HTTP/1.1 "chunked" transport encoding is now part of the general
*content encoding* writer stack, just like other encodings. A new flag
`CLIENTWRITE_EOS` was added for the last client write. This allows
writers to verify that they are in a valid end state. The chunked
decoder will check if it indeed has seen the last chunk.
The general response handling in `transfer.c:466` happens in function
`readwrite_data()`. This mainly operates now like:
All the response data handling is implemented in
`Curl_xfer_write_resp()`. It calls the protocol handler's `write_resp()`
implementation if available, or does the default behaviour.
All raw response data needs to pass through this function. Which also
means that anyone in possession of such data may call
`Curl_xfer_write_resp()`.
Daniel Stenberg [Thu, 11 Jan 2024 13:11:19 +0000 (14:11 +0100)]
configure: when enabling QUIC, check that TLS supports QUIC
Most importantly perhaps is when using OpenSSL that the used
build/flavor has the QUIC API: the vanilla OpenSSL does not, only
BoringSSL, libressl, AWS-LC and quictls do.
Sergey Markelov [Thu, 11 Jan 2024 00:23:00 +0000 (17:23 -0700)]
multi: remove total timer reset in file_do() while fetching file://
The total timer is properly reset in MSTATE_INIT. MSTATE_CONNECT starts
with resetting the timer that is a start point for further multi states.
If file://, MSTATE_DO calls file_do() that should not reset the total
timer. Otherwise, the total time is always less than the pre-transfer
and the start transfer times.
Stefan Eissing [Tue, 9 Jan 2024 08:29:34 +0000 (09:29 +0100)]
multi: pollset adjust, init with FIRSTSOCKET during connect
- `conn->sockfd` is set by `Curl_setup_transfer()`, but that
is called *after* the connection has been established
- use `conn->sock[FIRSTSOCKET]` instead
Stefan Eissing [Fri, 5 Jan 2024 11:28:09 +0000 (12:28 +0100)]
transfer: adjust_pollset improvements
- let `multi_getsock()` initialize the pollset in what the
transfer state requires in regards to SEND/RECV
- change connection filters `adjust_pollset()` implementation
to react on the presence of POLLIN/-OUT in the pollset and
no longer check CURL_WANT_SEND/CURL_WANT_RECV
- cf-socket will no longer add POLLIN on its own
- http2 and http/3 filters will only do adjustments if the
passed pollset wants to POLLIN/OUT for the transfer on
the socket. This is similar to the HTTP/2 proxy filter
and works in stacked filters.
Daniel Stenberg [Tue, 2 Jan 2024 12:32:18 +0000 (13:32 +0100)]
tool: prepend output_dir in header callback
When Content-Disposition parsing is used and an output dir is prepended,
make sure to store that new file name correctly so that it can be used
for setting the file timestamp when --remote-time is used.
Extended test 3012 to verify.
Co-Authored-by: Jay Satiro Reported-by: hgdagon on github
Fixes #12614
Closes #12617
Viktor Szakats [Mon, 1 Jan 2024 23:31:47 +0000 (23:31 +0000)]
schannel: fix `-Warith-conversion` gcc 13 warning
```
lib/vtls/schannel.c:1201:22: warning: conversion to 'unsigned int' from 'int' may change the sign of the result [-Warith-conversion]
1201 | *extension_len = *list_len +
| ^
```
Jay Satiro [Tue, 26 Dec 2023 06:55:54 +0000 (01:55 -0500)]
quiche: return CURLE_HTTP3 on send to invalid stream
Prior to this change if a send failed on a stream in an invalid state
(according to quiche) and not marked as closed (according to libcurl)
then the send function would return CURLE_SEND_ERROR.
We already have similar code for ngtcp2 to return CURLE_HTTP3 in this
case.
Caught by test test_07_upload.py: test_07_22_upload_parallel_fail.
Dan Fandrich [Fri, 29 Dec 2023 06:26:02 +0000 (22:26 -0800)]
CI: Fix use of any-glob-to-all-files in the labeler
Despite its name, this atom acts like one-glob-to-all-files and a
different syntax with braces must be used to get
any-glob-to-all-files semantics. Unfortunately, this makes the file
completely unreadable.
Jay Satiro [Thu, 28 Dec 2023 00:01:46 +0000 (19:01 -0500)]
system_win32: fix a function pointer assignment warning
- Use CURLX_FUNCTION_CAST to suppress a function pointer assignment
warning.
a6bbc87f added lookups of some Windows API functions and then cast them
like `*(FARPROC*)&Curl_funcname = address`. Some versions of gcc warn
about that as breaking strict-aliasing rules so this PR changes those
assignments to use CURLX_FUNCTION_CAST.
Jay Satiro [Sat, 23 Dec 2023 21:45:53 +0000 (16:45 -0500)]
verify-examples.pl: fail verification on unescaped backslash
- Check that all backslashes in EXAMPLE are properly escaped.
eg manpage must always use `\\n` never `\n`.
This is because the manpage requires we always double blackslash to show
a single backslash. Prior to this change an erroneous single backslash
would pass through and compile even though it would not show correctly
in the manpage.
Co-authored-by: Daniel Stenberg
Ref: https://github.com/curl/curl/pull/12588
projects / thirdparty / curl.git / log
