Jay Satiro [Mon, 28 Aug 2023 07:09:18 +0000 (03:09 -0400)]
ftp: fix temp write of ipv6 address
- During the check to differentiate between a port and IPv6 address
without brackets, write the binary IPv6 address to an in6_addr.
Prior to this change the binary IPv6 address was erroneously written to
a sockaddr_in6 'sa6' when it should have been written to its in6_addr
member 'sin6_addr'. There's no fallout because no members of 'sa6' are
accessed before it is later overwritten.
Jay Satiro [Sun, 20 Aug 2023 07:08:15 +0000 (03:08 -0400)]
tool: change some fopen failures from warnings to errors
- Error on missing input file for --data, --data-binary,
--data-urlencode, --header, --variable, --write-out.
Prior to this change if a user of the curl tool specified an input file
for one of the above options and that file could not be opened then it
would be treated as zero length data instead of an error. For example, a
POST using `--data @filenametypo` would cause a zero length POST which
is probably not what the user intended.
Daniel Stenberg [Fri, 18 Aug 2023 11:41:16 +0000 (13:41 +0200)]
connect: stop halving the remaining timeout when less than 600 ms left
When curl wants to connect to a host, it always has a TIMEOUT. The
maximum time it is allowed to spend until a connect is confirmed.
curl will try to connect to each of the IP adresses returned for the
host. Two loops, one for each IP family.
During the connect loop, while curl has more than one IP address left to
try within a single address family, curl has traditionally allowed (time
left/2) for *this* connect attempt. This, to not get stuck on the
initial addresses in case the timeout but still allow later addresses to
get attempted.
This has the downside that when users set a very short timeout and the
host has a large number of IP addresses, the effective result might be
that every attempt gets a little too short time.
This change stop doing the divided-by-two if the total time left is
below a threshold. This threshold is 600 milliseconds.
Jay Satiro [Wed, 23 Aug 2023 06:49:47 +0000 (02:49 -0400)]
secureserver.pl: fix stunnel version parsing
- Allow the stunnel minor-version version part to be zero.
Prior to this change with the stunnel version scheme of <major>.<minor>
if either part was 0 then version parsing would fail, causing
secureserver.pl to fail with error "No stunnel", causing tests that use
the SSL protocol to be skipped. As a practical matter this bug can only
be caused by a minor-version part of 0, since the major-version part is
always greater than 0.
Jay Satiro [Wed, 23 Aug 2023 07:37:43 +0000 (03:37 -0400)]
secureserver.pl: fix stunnel path quoting
- Store the stunnel path in the private variable $stunnel unquoted and
instead quote it in the command strings.
Prior to this change the quoted stunnel path was passed to perl's file
operators which cannot handle quoted paths. For example:
$stunnel = "\"/C/Program Files (x86)/stunnel/bin/tstunnel\"";
if(-x $stunnel or -x "$stunnel")
# false even if path exists and is executable
Our other test scripts written in perl, unlike this one, use servers.pm
which has a global $stunnel variable with the path stored unquoted and
therefore those scripts don't have this problem.
Daniel Stenberg [Mon, 28 Aug 2023 06:29:15 +0000 (08:29 +0200)]
libtest: use curl_free() to free libcurl allocated data
In several test programs. These mistakes are not detected or a problem
as long as memdebug.h is included, as that provides the debug wrappers
for all memory functions in the same style libcurl internals do it,
which makes curl_free and free effectively the same call.
Jay Satiro [Tue, 22 Aug 2023 18:48:45 +0000 (14:48 -0400)]
disable.d: explain --disable not implemented prior to 7.50.0
Option -q/--disable was added in 5.0 but only -q was actually
implemented. Later --disable was implemented in e200034 (precedes
7.49.0), but incorrectly, and fixed in 6dbc23c (precedes 7.50.0).
Some of these changes come from comparing `Curl_http` and
`start_CONNECT`, which are similar, and adding things to them that are
present in one and missing in another.
The most important changes:
- In `start_CONNECT`, add a missing `hyper_clientconn_free` call on the
happy path.
- In `start_CONNECT`, add a missing `hyper_request_free` on the error
path.
- In `bodysend`, add a missing `hyper_body_free` on an early-exit path.
- In `bodysend`, remove an unnecessary `hyper_body_free` on a different
error path that would cause a double-free.
https://docs.rs/hyper/latest/hyper/ffi/fn.hyper_request_set_body.html
says of `hyper_request_set_body`: "This takes ownership of the
hyper_body *, you must not use it or free it after setting it on the
request." This is true even if `hyper_request_set_body` returns an
error; I confirmed this by looking at the hyper source code.
Other changes are minor but make things slightly nicer.
John Hawthorn [Fri, 25 Aug 2023 18:06:28 +0000 (11:06 -0700)]
OpenSSL: clear error queue after SSL_shutdown
We've seen errors left in the OpenSSL error queue (specifically,
"shutdown while in init") by adding some logging it revealed that the
source was this file.
Since we call SSL_read and SSL_shutdown here, but don't check the return
code for an error, we should clear the OpenSSL error queue in case one
was raised.
This didn't affect curl because we call ERR_clear_error before every
write operation (a0dd9df9ab35528eb9eb669e741a5df4b1fb833c), but when
libcurl is used in a process with other OpenSSL users, they may detect
an OpenSSL error pushed by libcurl's SSL_shutdown as if it was their
own.
Co-authored-by: Satana de Sant'Ana <satana@skylittlesystem.org>
Closes #11736
A request created with `hyper_request_new` must be consumed by either
`hyper_clientconn_send` or `hyper_request_free`.
This is not terrifically clear from the hyper docs --
`hyper_request_free` is documented only with "Free an HTTP request if
not going to send it on a client" -- but a perusal of the hyper code
confirms it.
This commit adds a `hyper_request_free` to the `error:` path in
`Curl_http` so that the request is consumed when an error occurs after
the request is created but before it is sent.
Fixes the first memory leak reported by Valgrind in #10803.
Dan Fandrich [Thu, 17 Aug 2023 01:20:11 +0000 (18:20 -0700)]
runtests: slightly increase the longest log file displayed
The new limit provides enough space for a 64 KiB data block to be logged
in a trace file, plus a few lines at the start and end for context. This
happens to be the amount of data sent at a time in a PUT request.
Stefan Eissing [Fri, 18 Aug 2023 09:08:52 +0000 (11:08 +0200)]
test2600: fix flakiness on low cpu
- refs #11355 where failures to to low cpu resources in CI
are reported
- vastly extend CURLOPT_CONNECTTIMEOUT_MS and max durations
to test cases
- trigger Curl_expire() in test filter to allow re-checks before
the usual 1second interval
Emanuele Torre [Sat, 19 Aug 2023 16:51:16 +0000 (18:51 +0200)]
tool/var: also error when expansion result starts with NUL
Expansions whose output starts with NUL were being expanded to the empty
string, and not being recognised as values that contain a NUL byte, and
should error.
Daniel Stenberg [Wed, 16 Aug 2023 08:43:02 +0000 (10:43 +0200)]
lib: move mimepost data from ->req.p.http to ->state
When the legacy CURLOPT_HTTPPOST option is used, it gets converted into
the modem mimpost struct at first use. This data is (now) kept for the
entire transfer and not only per single HTTP request. This re-enables
rewind in the beginning of the second request instead of in end of the
first, as brought by 1b39731.
The request struct is per-request data only.
Extend test 650 to verify.
Fixes #11680 Reported-by: yushicheng7788 on github
Closes #11682
Patrick Monnerat [Thu, 10 Aug 2023 22:30:17 +0000 (00:30 +0200)]
test1554: check translatable string options in OS400 wrapper
This test runs a perl script that checks all string options are properly
translated by the OS400 character code conversion wrapper. It also
verifies these options are listed in alphanumeric order in the wrapper
switch statement.
Stefan Eissing [Thu, 17 Aug 2023 09:16:11 +0000 (11:16 +0200)]
bearssl: handshake fix, provide proper get_select_socks() implementation
- bring bearssl handshake times down from +200ms down to other TLS backends
- vtls: improve generic get_select_socks() implementation
- tests: provide Apache with a suitable ssl session cache
trrui-huawei [Fri, 11 Aug 2023 06:14:11 +0000 (14:14 +0800)]
quiche: enable quiche to handle timeout events
In parallel with ngtcp2, quiche also offers the `quiche_conn_on_timeout`
interface for the application to invoke upon timer
expiration. Therefore, invoking the `on_timeout` function of the
Connection is crucial to ensure seamless functionality of quiche with
timeout events.
Marin Hannache [Mon, 14 Aug 2023 08:21:46 +0000 (10:21 +0200)]
http: do not require a user name when using CURLAUTH_NEGOTIATE
In order to get Negotiate (SPNEGO) authentication to work in HTTP you
used to be required to provide a (fake) user name (this concerned both
curl and the lib) because the code wrongly only considered
authentication if there was a user name provided, as in:
curl -u : --negotiate https://example.com/
This commit leverages the `struct auth` want member to figure out if the
user enabled CURLAUTH_NEGOTIATE, effectively removing the requirement of
setting a user name both in curl and the lib.
Viktor Szakats [Fri, 11 Aug 2023 00:37:26 +0000 (00:37 +0000)]
build: streamline non-UWP wincrypt detections
- with CMake, use the variable `WINDOWS_STORE` to detect an UWP build
and disable our non-UWP-compatible use the Windows crypto API. This
allows to drop two dynamic feature checks.
`WINDOWS_STORE` is true when invoking CMake with
`CMAKE_SYSTEM_NAME` == `WindowsStore`. Introduced in CMake v3.1.
- with autotools, drop the separate feature check for `wincrypt.h`. On
one hand this header has been present for long (even Borland C 5.5 had
it from year 2000), on the other we used the check result solely to
enable another check for certain crypto functions. This fails anyway
with the header not present. We save one dynamic feature check at the
configure stage.
Jay Satiro [Thu, 8 Dec 2022 06:26:13 +0000 (01:26 -0500)]
schannel: verify hostname independent of verify cert
Prior to this change when CURLOPT_SSL_VERIFYPEER (verifypeer) was off
and CURLOPT_SSL_VERIFYHOST (verifyhost) was on we did not verify the
hostname in schannel code.
This fixes KNOWN_BUG 2.8 "Schannel disable CURLOPT_SSL_VERIFYPEER and
verify hostname". We discussed a fix several years ago in #3285 but it
went stale.
Assisted-by: Daniel Stenberg
Bug: https://curl.haxx.se/mail/lib-2018-10/0113.html Reported-by: Martin Galvan
Ref: https://github.com/curl/curl/pull/3285
projects / thirdparty / curl.git / log
