- use `wmain` instead of `main` when `_UNICODE` is defined [0]
- define `argv_item_t` as `wchar_t *` in this case
- use the curl_multibyte gear to convert the command-line arguments to
UTF-8
This makes it possible to pass parameters with characters outside of
the current locale on Windows, which is required for some tests, e.g.
the IDN tests. Out of the box, this currently only works with the
Visual Studio project files, which default to Unicode, and winbuild
with the `ENABLE_UNICODE` option.
Major_Tom [Wed, 13 May 2020 19:41:27 +0000 (21:41 +0200)]
vauth/cleartext: fix theoretical integer overflow
Fix theoretical integer overflow in Curl_auth_create_plain_message.
The security impact of the overflow was discussed on hackerone. We
agreed this is more of a theoretical vulnerability, as the integer
overflow would only be triggerable on systems using 32-bits size_t with
over 4GB of available memory space for the process.
Daniel Stenberg [Tue, 12 May 2020 11:29:53 +0000 (13:29 +0200)]
docs/options-in-versions: which version added each cmdline option
Added test 971 to verify that the list is in sync with the files in
cmdline-opts. The check also verifies that .d-files that uses Added:
specify the same version number as the options-in-versions file does.
Daniel Stenberg [Tue, 12 May 2020 22:52:34 +0000 (00:52 +0200)]
url: reject too long input when parsing credentials
Since input passed to libcurl with CURLOPT_USERPWD and
CURLOPT_PROXYUSERPWD circumvents the regular string length check we have
in Curl_setstropt(), the input length limit is enforced in
Curl_parse_login_details too, separately.
James Le Cuirot [Mon, 11 May 2020 19:50:02 +0000 (20:50 +0100)]
libcurl.pc: Merge Libs.private into Libs for static-only builds
A project being built entirely statically will call pkg-config with
--static, which utilises the Libs.private field. Conversely it will
not use --static when not being built entirely statically, even if
there is only a static build of libcurl available. This will most
likely cause the build to fail due to underlinking unless we merge the
Libs fields.
Consider that this is what the Meson build system does when it
generates pkg-config files.
I have also reflected this in the --libs argument of curl-config even
though REQUIRE_LIB_DEPS always seems to be "yes" anyway.
Peter Wu [Sun, 10 May 2020 00:12:12 +0000 (02:12 +0200)]
CMake: fix runtests.pl with CMake, add new test targets
* runtests.pl:
- Fix out-of-tree build under CMake when srcdir is not set. Default
srcdir to the location of runtests.pl.
- Add a hack to allow CMake to use the TFLAGS option as documented
in tests/README and used in scripts/travis/script.sh.
* Bump CMake version to 3.2 for USES_TERMINAL, dropping Debian Jessie
support (no one should care, it is already EOL.).
* Remove CTest since it defines its own 'test' target with no tests
since all unittests are already broken and not built by default.
* Add new test targets based on the options from Makefile.am. Since
new test targets are rarely added, I opted for duplicating the
runtests.pl options as opposed to creating a new Makefile.inc file.
Use top-level target names (test-x) instead of x-test since that is
used by CI and others.
Peter Wu [Sun, 10 May 2020 00:10:20 +0000 (02:10 +0200)]
CMake: do not build test programs by default
The default target should only build libcurl and curl. Add a dedicated
'testdeps' target which will be used later when running tests. Note that
unittests are currently broken in CMake and already excluded.
Daniel Stenberg [Mon, 11 May 2020 21:18:01 +0000 (23:18 +0200)]
url: sort the protocol schemes in rough popularity order
When looking for a protocol match among supported schemes, check the
most "popular" schemes first. It has zero functionality difference and
for all practical purposes a speed difference will not be measureable
but it still think it makes sense to put the least likely matches last.
Marc Hoersken [Sun, 10 May 2020 16:40:24 +0000 (18:40 +0200)]
test1238: avoid tftpd being busy for tests shortly following
The tftpd server may still be busy if the total timeout of
25 seconds has not been reached or no sread error was received
during or after the execution of the timeout test 1238.
Once the next TFTP test comes around (eg. 1242 or 1243),
those will fail because the tftpd server is still waiting
on data from curl due to the UDP protocol being stateless
and having no connection close. On Linux this error may not
happen, because ICMP errors generated due to a swrite error
can also be returned async on the next sread call instead.
Therefore we will now just kill the tftpd server after test
1238 to make sure that the following tests are not affected.
This enables us to no longer ignore tests 1242, 1243, 2002
and 2003 on the CI platforms CirrusCI and AppVeyor.
Peter Wu [Fri, 8 May 2020 22:18:29 +0000 (00:18 +0200)]
travis: Add ngtcp2 and quiche tests for CMake
To avoid an explosion of jobs, extend the existing CMake tests with
ngtcp2 and quiche support. macOS was previously moved to GitHub actions,
so the non-Linux case can be dropped.
Peter Wu [Fri, 8 May 2020 21:13:46 +0000 (23:13 +0200)]
CMake: add HTTP/3 support (ngtcp2+nghttp3, quiche)
Add three new CMake Find modules (using the curl license, but I grant
others the right to apply the CMake BSD license instead).
This CMake config is simpler than the autotools one because it assumes
ngtcp2 and nghttp3 to be used together. Another difference is that this
CMake config checks whether QUIC is actually supported by the TLS
library (patched OpenSSL or boringssl) since this can be a common
configuration mistake that could result in build errors later.
Unlike autotools, CMake does not warn you that the features are
experimental. The user is supposed to already know that and read the
documentation. It requires a very special build environment anyway.
Tested with ngtcp2+OpenSSL+nghttp3 and quiche+boringssl, both built from
current git master. Use `LD_DEBUG=files src/curl |& grep need` to figure
out which features (libldap-2.4, libssh2) to disable due to conflicts
with boringssl.
Peter Wang [Fri, 8 May 2020 00:43:45 +0000 (10:43 +1000)]
*_sspi: fix bad uses of CURLE_NOT_BUILT_IN
Return CURLE_AUTH_ERROR instead of CURLE_NOT_BUILT_IN for other
instances of QuerySecurityPackageInfo failing, as in
commit 2a81439553286f12cd04a4bdcdf66d8e026d8201.
Daniel Stenberg [Wed, 6 May 2020 21:31:43 +0000 (23:31 +0200)]
http2: simplify and clean up trailer handling
Triggered by a crash detected by OSS-Fuzz after the dynbuf introduction in ed35d6590e72. This should make the trailer handling more straight forward and
hopefully less error-prone.
Deliver the trailer header to the callback already at receive-time. No
longer caches the trailers to get delivered at end of stream.
Marc Hoersken [Thu, 7 May 2020 04:45:26 +0000 (06:45 +0200)]
appveyor: disable flaky test 1501 and ignore broken 1056
Test 1501 is flaky on Windows CI due to being time sensitive
and the testsuite relying on taskkill.exe to check for the
existance of processes which can take to much time itself.
Test 1056 is broken in autotools-based Windows builds due
to scope ID support missing in these builds at the moment.
Marc Hoersken [Tue, 5 May 2020 20:05:49 +0000 (22:05 +0200)]
test613.pl: make tests 613 and 614 work with OpenSSH for Windows
OpenSSH for Windows shows group and other/world permissions as *,
because those concepts do not exist on Windows. It also does not
show the current or parent directory, so we just ignore those.
Daniel Stenberg [Mon, 4 May 2020 16:57:34 +0000 (17:57 +0100)]
quiche: enable qlog output
quiche has the potential to log qlog files. To enable this, you must
build quiche with the qlog feature enabled `cargo build --features
qlog`. curl then passes a file descriptor to quiche, which takes
ownership of the file. The FD transfer only works on UNIX.
The convention is to enable logging when the QLOGDIR environment is
set. This should be a path to a folder where files are written with the
naming template <SCID>.qlog.
Co-authored-by: Lucas Pardue
Replaces #5337
Closes #5341
A common set of functions instead of many separate implementations for
creating buffers that can grow when appending data to them. Existing
functionality has been ported over.
In my early basic testing, the total number of allocations seem at
roughly the same amount as before, possibly a few less.
Jay Satiro [Sat, 2 May 2020 18:53:09 +0000 (14:53 -0400)]
asyn-thread: fix cppcheck warning
- Check for NULL entry parameter before attempting to deref entry in
Curl_resolver_is_resolved, like is already done in asyn-ares.
This is to silence cppcheck which does not seem to understand that
asyn-ares and asyn-thread have separate Curl_resolver_is_resolved
and those units are mutually exclusive. Prior to this change it warned
of a scenario where asyn-thread's Curl_resolver_is_resolved is called
with a NULL entry from asyn-ares, but that couldn't happen.
Marc Hoersken [Sat, 18 Apr 2020 19:51:19 +0000 (21:51 +0200)]
tests/server/util.[ch]: add exit event to stop waiting on Windows
This commit adds a global exit event to the test servers that
Windows-specific wait routines can use to get triggered if the
program was signaled to be terminated, eg. select_ws in sockfilt.c
The exit event will be managed by the signal handling code and is
set to not reset automatically to support multiple wait routines.
Daniel Stenberg [Sat, 2 May 2020 09:55:24 +0000 (11:55 +0200)]
examples: remove asiohiper.cpp
This example has repeatedly been reported to contain bugs, and as users
copy and paste code from this into production, I now deem it better to
not provide the example at all.
Daniel Stenberg [Thu, 30 Apr 2020 15:42:18 +0000 (17:42 +0200)]
cirrus: disable SFTP and SCP tests
... as we can't seem to start the sshd server on it. Those problems
existed before d1239b50bececd (running the SSH server on a random port),
but they're more noticable now since there are more failed attempts in
the logs.
Dan Fandrich [Thu, 30 Apr 2020 14:00:31 +0000 (16:00 +0200)]
tests: Stop referring to server ports when they're not used
Several tests referred to specific server ports even when the test
didn't actually use that server or specify that it's needed. In such
cases, the test harness substitutes the text "[not running]" as the port
number which causes many such tests to fail due to the inability to
parse the URL. These tests are changed to use %NOLISTENPORT which will
always be substituted correctly.
Daniel Stenberg [Tue, 21 Apr 2020 07:57:22 +0000 (09:57 +0200)]
tests: tests: run stunnel for HTTPS and FTPS on dynamic ports
As stunnel is an external tool and it has no specific option to export
the actually used port number when asked to listen to 0, runtests
instead iterates over ten randomly picked high number ports and sticks
to the first one stunnel can listen to.
These were commented out in e9dd0998706a when Makefile.inc was included
instead. 11 years have passed since then and the commented code is of
course very outdated. Remove it to avoid confusion.
projects / thirdparty / curl.git / log
