Jay Satiro [Wed, 11 Oct 2023 05:34:19 +0000 (07:34 +0200)]
socks: return error if hostname too long for remote resolve
Prior to this change the state machine attempted to change the remote
resolve to a local resolve if the hostname was longer than 255
characters. Unfortunately that did not work as intended and caused a
security issue.
Stefan Eissing [Tue, 10 Oct 2023 08:50:17 +0000 (10:50 +0200)]
CI: remove slowed-network tests
- remove these tests as they are currently not reliable in our CI
setups.
curl handles the test cases, but CI sometimes fails on these due to
additional conditions. Rather than mix them in, an additional CI job
will be added in the future that is specific to them.
Stefan Eissing [Mon, 9 Oct 2023 09:36:37 +0000 (11:36 +0200)]
MQTT: improve receive of ACKs
- add `mq->recvbuf` to provide buffering of incomplete
ACK responses
- continue ACK reading until sufficient bytes available
- fixes test failures on low network receives
Stefan Eissing [Mon, 9 Oct 2023 08:18:20 +0000 (10:18 +0200)]
test2302: improve reliability
- make result print collected write data, unless
change in meta flags is detected
- will show same result even when data arrives via
several writecb invocations
Viktor Szakats [Sun, 8 Oct 2023 15:37:41 +0000 (15:37 +0000)]
build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros
Syncing this up with CMake.
Source code uses the built-in `OPENSSL_IS_AWSLC` and
`OPENSSL_IS_BORINSSL` macros to detect BoringSSL and AWS-LC. No help is
necessary from the build tools.
The one use of `HAVE_BORINGSSL` in the source turned out to be no longer
necessary for warning-free BoringSSL + Schannel builds. Ref: #1610 #2634
autotools detects this anyway for display purposes.
CMake detects this to decide whether to use the BoringSSL-specific
crypto lib with ngtcp2. It detects AWS-LC, but doesn't use the detection
result just yet (planned in #12066).
Ref: #11964
Reviewed-by: Daniel Stenberg Reviewed-by: Jay Satiro
Closes #12065
Stefan Eissing [Thu, 5 Oct 2023 08:05:12 +0000 (10:05 +0200)]
cf-socket: simulate slow/blocked receives in debug
add 2 env variables for non-UDP sockets:
1. CURL_DBG_SOCK_RBLOCK: percentage of receive calls that randomly
should return EAGAIN
2. CURL_DBG_SOCK_RMAX: max amount of bytes read from socket
Jay Satiro [Thu, 5 Oct 2023 07:19:47 +0000 (03:19 -0400)]
CURLOPT_DEBUGFUNCTION.3: warn about internal handles
- Warn that the user's debug callback may be called with the handle
parameter set to an internal handle.
Without this warning the user may assume that the only handles their
debug callback receives are the easy handles on which they set
CURLOPT_DEBUGFUNCTION.
This is a follow-up to f8cee8cc which changed DoH handles to inherit
the debug callback function set in the user's easy handle. As a result
those handles are now passed to the user's debug callback function.
Daniel Stenberg [Sat, 7 Oct 2023 18:10:36 +0000 (20:10 +0200)]
multi: do CURLM_CALL_MULTI_PERFORM at two more places
... when it does a state transition but there is no particular socket or
timer activity. This was made apparent when commit b5bb84c removed a
superfluous timer expiry.
Reported-by: Dan Fandrich.
Fixes #12033
Closes #12056
Dan Fandrich [Sat, 7 Oct 2023 01:18:49 +0000 (18:18 -0700)]
tests: fix a race condition in ftp server disconnect
If a client disconnected and reconnected quickly, before the ftp server
had a chance to respond, the protocol message/ack (ping/pong) sequence
got out of sync, causing messages sent to the old client to be delivered
to the new. A disconnect must now be acknowledged and intermediate
requests thrown out until it is, which ensures that such synchronization
problems can't occur. This problem could affect ftp, pop3, imap and smtp
tests.
David Benjamin [Thu, 5 Oct 2023 16:50:55 +0000 (12:50 -0400)]
openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR
While the struct is still public in OpenSSL, there is a (somewhat
inconvenient) accessor. Use it to remain compatible if it becomes opaque
in the future.
Viktor Szakats [Thu, 5 Oct 2023 23:04:40 +0000 (23:04 +0000)]
cmake: re-add missed C89 headers for specific detections
We removed C89 `setjmp.h` and `signal.h` detections and excluded them
from the global header list we use when detecting functions [1]. Then
missed to re-add these headers to the specific functions which need
them to be detected [2]. Fix this omission in this patch.
Dan Fandrich [Thu, 5 Oct 2023 20:11:08 +0000 (13:11 -0700)]
test1903: actually verify the cookies after the test
The test otherwise could do just about anything (except leak memory in
debug mode) and its bad behaviour wouldn't be detected. Now, check the
resulting cookie file to ensure the cookies are still there.
Jay Satiro [Fri, 29 Sep 2023 07:15:19 +0000 (03:15 -0400)]
idn: fix WinIDN null ptr deref on bad host
- Return CURLE_URL_MALFORMAT if IDN hostname cannot be converted from
UTF-8 to UTF-16.
Prior to this change a failed conversion erroneously returned CURLE_OK
which meant 'decoded' pointer (what would normally point to the
punycode) would not be written to, remain NULL and be dereferenced
causing an access violation.
Daniel Stenberg [Mon, 2 Oct 2023 13:10:55 +0000 (15:10 +0200)]
base64: also build for curl
Since the tool itself now uses the base64 code using the curlx way, it
needs to build also when the tool needs it. Starting now, the tool build
defines BULDING_CURL to allow lib-side code to use it.
Eduard Strehlau [Tue, 3 Oct 2023 15:10:46 +0000 (11:10 -0400)]
tests: Fix zombie processes left behind by FTP tests.
ftpserver.pl correctly cleans up spawned server processes,
but forgets to wait for the shell used to spawn them.
This is barely noticeable during a normal testrun,
but causes process exhaustion and test failure
during a complete torture run of the FTP tests.
Dan Fandrich [Fri, 29 Sep 2023 23:32:48 +0000 (16:32 -0700)]
tests: propagate errors in libtests
Use the test macros to automatically propagate some errors, and check
and log others while running the tests. This can help in debugging
exactly why a test has failed.
Dan Fandrich [Fri, 29 Sep 2023 22:27:21 +0000 (15:27 -0700)]
tests: set --expect100-timeout to improve test reliability
On an overloaded server, the default 1 second timeout can go by without
the test server having a chance to respond with the expected headers,
causing tests to fail. Increase the 1 second timeout to 99 seconds so
this failure mode is no longer a problem on test 1129. Some other tests
already set a high value, but make them consistently 99 seconds so if
something goes wrong the test is stalled for less time.
Viktor Szakats [Tue, 3 Oct 2023 18:17:37 +0000 (18:17 +0000)]
cmake: improve OpenLDAP builds
- cmake: detect OpenLDAP based on function `ldap_init_fd`.
autotools does this. autotools also publishes this detection result
in `HAVE_LDAP_INIT_FD`. We don't mimic that with CMake as the source
doesn't use this value. (it might need to be remove-listed in
`scripts/cmp-config.pl` for future OpenLDAP test builds.)
This also deletes existing self-declaration method via the
CMake-specific `CURL_USE_OPENLDAP` configuration.
- cmake: define `LDAP_DEPRECATED=1` for OpenLDAP.
Like autotools does. This fixes a long list of these warnings:
```
/usr/local/opt/openldap/include/ldap.h:1049:5: warning: 'LDAP_DEPRECATED' is not defined, evaluates to 0 [-Wundef]
```
- cmake: delete LDAP TODO comment no longer relevant.
Also:
- autotools: replace domain name `dummy` with `0.0.0.0` in LDAP feature
detection functions.
Ref: #11964 (effort to sync cmake detections with autotools)
Daniel Stenberg [Wed, 4 Oct 2023 09:35:54 +0000 (11:35 +0200)]
tests: remove leading spaces from some tags
The threee tags `<name>`, `</name>` and `<command>` were frequently used
with a leading space that this removes. The reason this habbit is so
widespread in testcases is probably that they have been copy and pasted.
Hence, fixing them all now might curb this practice from now on.
Daniel Stenberg [Wed, 27 Sep 2023 11:35:03 +0000 (13:35 +0200)]
GHA: add workflow to compare configure vs cmake outputs
Uses scripts/cmp-config.pl two compare two curl_config.h files,
presumbly generated with configure and cmake. It displays the
differences and filters out a lot of known lines we ignore.
The script also shows the matches that were *not* used. Possibly
subjects for removal.
Viktor Szakats [Tue, 3 Oct 2023 02:27:05 +0000 (02:27 +0000)]
cmake: fix unity with Windows Unicode + TrackMemory
Found the root cause of the startup crash in unity builds with Unicode
and TrackMemory enabled at the same time.
We must make sure that the `memdebug.h` header doesn't apply to
`lib/curl_multibyte.c` (as even noted in a comment there.) In unity
builds all headers apply to all sources, including `curl_multibyte.c`.
This probably resulted in an infinite loop on startup.
Exclude this source from unity compilation with TrackMemory enabled,
in both libcurl and curl tool. Enable unity mode for a debug Unicode
CI job to keep it tested. Also delete the earlier workaround that
fully disabled unity for affected builds.
Viktor Szakats [Mon, 2 Oct 2023 01:03:43 +0000 (01:03 +0000)]
cmake: disable unity mode with Windows Unicode + TrackMemory
"TrackMemory" is `ENABLE_DEBUG=ON` (aka `ENABLE_CURLDEBUG=ON`,
aka `-DCURLDEBUG`).
There is an issue with memory tracking and Unicode when built in "unity"
mode, which results in the curl tool crashing right on startup, even
without any command-line option. Interestingly this doesn't happen under
WINE (at least on the system I tested this on), but consistenly happens
on real Windows machines. Crash is 0xC0000374 heap corruption. Both
shared and static curl executables are affected.
This limitation probably won't hit too many people, but it remains
a TODO to find and fix the root cause and drop this workaround.
Example builds and runs:
https://ci.appveyor.com/project/curlorg/curl/builds/48169111/job/17cptxhtpubd7iwj#L313 (static)
https://ci.appveyor.com/project/curlorg/curl/builds/48169111/job/76e1ge758tbyqu9c#L317 (shared)
Viktor Szakats [Sun, 1 Oct 2023 17:32:59 +0000 (17:32 +0000)]
appveyor: rewrite batch in PowerShell + CI improvements
1. Rewrite in PowerShell:
- rewrite MS-DOS batch build script in PowerShell.
- move some bash operations into native PowerShell.
- fixups for PowerShell insisting on failure when a command outputs
something to stderr.
- fix to actually run `curl -V` after every build.
(and exclude ARM64 builds.)
- also say why we skipped `curl -V` if we had to skip.
- fix CMake warnings about unused configuration variables, by adapting
these dynamically for build cases.
- dedupe OpenSSL path into a variable.
- disable `test1451` failing with a warning anyway due to missing python
impacket. (after trying and failing to install impacket)
PowerShell promotes these warnings to errors by PowerShell. We can also
suppress they wholesale if they start causing issues in the future,
like we already to with `autoreconf` and `./configure`.
PowerShell is better than MS-DOS batches, so the hope is this makes it
easier to extend and maintain the AppVeyor build logic. POSIX/bash isn't
supported inline by AppVeyor on Windows build machines, but we are okay
to keep it in an external script, so it's also an option.
2. CI improvements:
- enable tests for a "unity" build job.
- speed-up CI initialization by using shallow clones of the curl repo.
- speed-up CMake MSVC jobs with `TrackFileAccess=false`.
- enable parallelism in `VisualStudioSolution` builds.
- display CMake version before builds.
- always show the CPU in job names.
- tell which jobs are build-only in job names.
- move `TESTING:` value next to `DISABLED_TESTS:` in two jobs.
- add `config.log` (autotools) to dumped logs (need to enable manually).
3. Style:
- use single-quotes in YAML like we do in other CI YAML files.
It also allows to drop quoting characters and lighter to write/read.
(keep double quotes for PowerShell strings needing expansion.)
Viktor Szakats [Mon, 2 Oct 2023 09:57:14 +0000 (09:57 +0000)]
cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows
- set `HAVE_LDAP_URL_PARSE` if `ldap_url_parse` function exists.
Before this patch we set it based it on the presence of `stricmp`,
which correctly enabled it on e.g. Windows, but was inaccurate for
other platforms.
- always set `HAVE_LDAP_SSL` if an LDAP backend is detected and
LDAPS is not explicitly disabled. This mimics autotools behaviour.
Previously we set it only for Windows LDAP. After this fix, LDAPS is
correctly enabled in default macOS builds.
- enable LDAP[S] for a CMake macOS CI job. Target OS X 10.9 (Mavericks)
to avoid deprecation warnings for LDAP API.
- always detect `HAVE_LDAP_SSL_H`, even with LDAPS explicitly disabled.
This doesn't make much sense, but let's do it to sync behaviour with
autotools.
- fix benign typo in variable name.
Ref: #11964 (effort to sync cmake detections with autotools)
Viktor Szakats [Mon, 2 Oct 2023 11:24:14 +0000 (11:24 +0000)]
autotools: restore `HAVE_IOCTL_*` detections
This restores `CURL_CHECK_FUNC_IOCTL` detection. I deleted it in 4d73854462f30948acab12984b611e9e33ee41e6 and c3456652a0c72d1845d08df9769667db7e159949 (2022-08), because the
`HAVE_IOCTL` result it generated was unused in the source. But,
I did miss the fact that this had two dependent checks:
`CURL_CHECK_FUNC_IOCTL_FIONBIO`,
`CURL_CHECK_FUNC_IOCTL_SIOCGIFADDR` that we do actually need:
`HAVE_IOCTL_FIONBIO`, `HAVE_IOCTL_SIOCGIFADDR`.
Stefan Eissing [Fri, 29 Sep 2023 12:17:08 +0000 (14:17 +0200)]
h2: testcase and fix for pausing h2 streams
- refs #11982 where it was noted that paused transfers may
close successfully without delivering the complete data
- made sample poc into tests/http/client/h2-pausing.c and
added test_02_27 to reproduce
Closes #11989
Fixes #11982 Reported-by: Harry Sintonen
Viktor Szakats [Sat, 30 Sep 2023 11:13:27 +0000 (11:13 +0000)]
cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value
Before this patch CMake builds accepted any value and it was used at
runtime as-is. This patch make sure that the selected default backend
is also enabled in the build. It also enforces a full lowercase value.
This improves reproducibility and brings CMake in sync with autotools
which already worked like described above.
Daniel Stenberg [Fri, 29 Sep 2023 10:58:43 +0000 (12:58 +0200)]
wolfssl: ignore errors in CA path
The default wolfSSL_CTX_load_verify_locations() function is quite picky
with the certificates it loads and will for example return error if just
one of the certs has expired.
With the *_ex() function and its WOLFSSL_LOAD_FLAG_IGNORE_ERR flag, it
behaves more similar to what OpenSSL does by default.
Even the set of default certs on my Debian unstable has several expired
ones.
Assisted-by: Juliusz Sosinowicz Assisted-by: Michael Osipov
Closes #11987
Viktor Szakats [Fri, 29 Sep 2023 00:38:06 +0000 (00:38 +0000)]
cmake: detect `HAVE_GETADDRINFO_THREADSAFE`
Based on existing autotools logic.
autotools checks for old versions of the allowlisted target OSes and
disables this feature when seeing them. In CMake we assume we're running
on newer systems and enable regardless of OS version.
autotools always runs all 3 probes for non-fast-tracked systems and
enables this feature if any one of them was successful. To save
configuration time, CMake stops at the first successful check.
OpenBSD is not fast-tracked and then gets blocklisted as a generic BSD
system. I haven't double-checked if this is correct, but looks odd.
Ref: #11964 (effort to sync cmake detections with autotools)
Viktor Szakats [Thu, 28 Sep 2023 13:56:06 +0000 (13:56 +0000)]
appveyor: minor improvements
- run `curl -V` after builds to see if they run and with what features.
Except for one job where a CRT DLL is missing. And ARM64 which should
fail, but is silently not launched instead.
- copy libcurl DLL next to curl tool and tests binaries in shared mode.
This makes it possible to run the tests. (We don't run tests after
these builds yet.)
- list the DLLs and EXEs present after the builds.
- add `DEBUG` variable for CMake builds to allow disabling it, for
testing non-debug builds. (currently enabled for all)
- add commented lines that dump CMake configuration logs for debugging
build/auto-detection issues.
- add gcc version to jobs where missing.
- switch a job to the native MSYS2 mingw-w64 toolchain. This adds gcc 9
to the build mix.
- make `SHARED=OFF` and `OPENSSL=OFF` defaults global.
Dan Fandrich [Thu, 28 Sep 2023 17:41:50 +0000 (10:41 -0700)]
runtests: display the test status if tests appear hung
It sometimes happens that a test hangs during a test run and never
returns. The test harness will wait indefinitely for the results and on
CI servers the CI job will eventually be killed after an hour or two.
At the end of a test run, if results haven't come in within a couple of
minutes, display the status of all test runners and what tests they're
running to help in debugging the problem.
This feature is really only kick in with parallel testing enabled, which
is fine because without parallel testing it's usually easy to tell what
test has hung.
Michael Osipov [Fri, 29 Sep 2023 08:15:08 +0000 (10:15 +0200)]
acinclude.m4: Document proper system truststore on FreeBSD
The default system truststore on FreeBSD has been /etc/ssl/certs for many
years now. It is managed canonically through certctl(8) and contains hashed
symlinks for OpenSSL and other TLS providers.
The previous ones require security/ca_root_nss which might not be installed or
will not contain any custom CA certificates.
Viktor Szakats [Thu, 28 Sep 2023 11:50:43 +0000 (11:50 +0000)]
cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC
`basename` is present in mingw-w64, missing from MSVC. Pre-cache
accordingly to make configure faster.
Notice that `basename` has a bug so we later disable it even with
mingw-w64:
https://github.com/curl/curl/blob/781242ffa44a9f9b95b6da5ac5a1bf6372ec6257/lib/curl_setup.h#L820-L825
Daniel Stenberg [Wed, 27 Sep 2023 11:37:43 +0000 (13:37 +0200)]
cmake: add missing checks
- check for arc4random. To make rand.c use it accordingly.
- check for fcntl
- fix fseek detection
- add SIZEOF_CURL_SOCKET_T
- fix USE_UNIX_SOCKETS
- define HAVE_SNPRINTF to 1
- check for fnmatch
- check for sched_yield
- remove HAVE_GETPPID duplicate from curl_config.h
- add HAVE_SENDMSG
Daniel Stenberg [Wed, 27 Sep 2023 09:33:45 +0000 (11:33 +0200)]
manpage-syntax: verify curl man page references
1. References to curl symbols are now checked that they indeed exist as
man pages. This for \f references as well as the names referenced in the
SEE ALSO section.
Allowlist curl.1 since it is not always built in builds
2. References to curl symbols that lack section now causes warning, since that
will prevent them from getting linked properly
3. Check for "bare" references to curl functions and warn, they should be
references
Viktor Szakats [Wed, 27 Sep 2023 13:40:54 +0000 (13:40 +0000)]
cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS
With new option `CURL_DISABLE_SRP=ON` to force-disable it.
To match existing option and detection logic in autotools.
Also:
- fix detecting GnuTLS.
We assume `nettle` as a GnuTLS dependency.
- add CMake GnuTLS CI job.
- bump AppVeyor CMake OpenSSL MSVC job to OpenSSL 1.1.1 (from 1.0.2)
TLS-SRP fails to detect with 1.0.2 due to an OpenSSL header bug.
- fix compiler warning when building with GnuTLS and disabled TLS-SRP.
- fix comment typos, whitespace.
Viktor Szakats [Thu, 28 Sep 2023 10:50:07 +0000 (10:50 +0000)]
tool: use our own stderr variable
Earlier this year we changed our own stderr variable to use the standard
name `stderr` (to avoid bugs where someone is using `stderr` instead of
the curl-tool specific variable). This solution needed to override the
standard `stderr` symbol via the preprocessor. This in turn didn't play
well with unity builds and caused curl tool to crash or stay silent due
to an uninitialized stderr. This was a hard to find issue, fixed by
manually breaking out one file from the unity sources.
To avoid two these two tricks, this patch implements a different
solution: Restore using our own local variable for our stderr output and
leave `stderr` as-is. To avoid using `stderr` by mistake, add a
`checksrc` rule (based on logic we already used in lib for `strerror`)
that detects any `stderr` use in `src` and points to using our own
variable instead: `tool_stderr`.
projects / thirdparty / curl.git / log
