Jay Satiro [Mon, 4 Oct 2021 19:52:01 +0000 (15:52 -0400)]
version_win32: use actual version instead of manifested version
- Use RtlVerifyVersionInfo instead of VerifyVersionInfo, when possible.
Later versions of Windows have normal version functions that compare and
return versions based on the way the application is manifested, instead
of the actual version of Windows the application is running on. We
prefer the actual version of Windows so we'll now call the Rtl variant
of version functions (RtlVerifyVersionInfo) which does a proper
comparison of the actual version.
Hayden Roche [Fri, 1 Oct 2021 23:06:55 +0000 (16:06 -0700)]
wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity
Prior to this commit, OpenSSL could be used for all these functions, but
not wolfSSL. This commit makes it so wolfSSL will be used if USE_WOLFSSL
is defined.
Daniel Stenberg [Tue, 28 Sep 2021 15:36:09 +0000 (17:36 +0200)]
tool_listhelp: easier to generate with gen.pl
tool_listhelp.c is now a separate file with only the command line --help
output, exactly as generated by gen.pl. This makes it easier to generate
updates according to what's in the docs/cmdline-opts docs.
cd $srcroot/docs/cmdline-opts
./gen.pl listhelp *.d > $srcroot/src/tool_listhelp.c
hostip: Move allocation to clarify there is no memleak
By just glancing at the code, it looks like there is a memleak if the
call to Curl_inet_pton() fails. Looking closer, it is clear that the
call to Curl_inet_pton() can not fail, so the code will never leak
memory. However, we can make this obvious by moving the allocation
after the if-statement.
Commit b5a434f7f0ee4d64857f8592eced5b9007d83620 inhibits the warning
on implicit fallthrough cases, since the current coding of indicating
fallthrough with comments is falling out of fashion with new compilers.
This attempts to make the issue smaller by rewriting fallthroughs to no
longer fallthrough, via either breaking the cases or turning switch
statements into if statements.
lib/content_encoding.c: the fallthrough codepath is simply copied
into the case as it's a single line.
lib/http_ntlm.c: the fallthrough case skips a state in the state-
machine and fast-forwards to NTLMSTATE_LAST. Do this before the
switch statement instead to set up the states that we actually
want.
lib/http_proxy.c: the fallthrough is just falling into exiting the
switch statement which can be done easily enough in the case.
lib/mime.c: switch statement rewritten as if statement.
lib/pop3.c: the fallthrough case skips to the next state in the
statemachine, do this explicitly instead.
lib/urlapi.c: switch statement rewritten as if statement.
lib/vssh/wolfssh.c: the fallthrough cases fast-forwards the state
machine, do this by running another iteration of the switch
statement instead.
lib/vtls/gtls.c: switch statement rewritten as if statement.
lib/vtls/nss.c: the fallthrough codepath is simply copied into the
case as it's a single line. Also twiddle a comment to not be
inside a non-brace if statement.
Closes: #7322
See-also: #7295 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Daniel Stenberg [Tue, 28 Sep 2021 09:50:07 +0000 (11:50 +0200)]
cmdline-opts: made the 'Added:' field mandatory
Since "too old" versions are no longer included in the generated man
page, this field is now mandatory so that it won't be forgotten and then
not included in the documentation.
Daniel Stenberg [Tue, 28 Sep 2021 08:30:59 +0000 (10:30 +0200)]
curl.1: remove mentions of really old version changes
To make the man page more readable, this change removes all references
to changes in support/versions etc that happened before 7.30.0 from the
curl.1 output file. 7.30.0 was released on Apr 12 2013. This particular
limit is a bit arbitrary but was fairly easy to grep for.
It is handled like this: the 'Added' keyword is only used in output if
it refers to 7.30.0 or later. All occurances of "(Added in $VERSION)" in
description will be stripped out if the mentioned $VERSION is from
before 7.30.0. It is therefore important that the "Added in..."
references are always written exactly like that - and on a single line,
not split over two.
This change removes about 80 version number references from curl.1, down
to 138 from 218.
Daniel Stenberg [Mon, 27 Sep 2021 14:08:39 +0000 (16:08 +0200)]
NTLM: use DES_set_key_unchecked with OpenSSL
... as the previously used function DES_set_key() will in some cases
reject using a key that it deems "weak" which will cause curl to
continue using the unitialized buffer content as key instead.
Assisted-by: Harry Sintonen
Fixes #7779
Closes #7781
Marc Hoersken [Mon, 27 Sep 2021 18:59:29 +0000 (20:59 +0200)]
CI: align make and test flags in various config files
1. Use Makefile target to run tests in autotools builds on AppVeyor.
2. Disable testing of SCP protocol on native Windows environments.
3. Remove redundant parameters -a -p from target test-nonflaky.
4. Don't use -vc parameter which is reserved for debugging.
Max Dymond [Thu, 22 Jul 2021 14:32:30 +0000 (15:32 +0100)]
CURLOPT_PREREQFUNCTION: add new callback
Triggered before a request is made but after a connection is set up
Changes:
- callback: Update docs and callback for pre-request callback
- Add documentation for CURLOPT_PREREQDATA and CURLOPT_PREREQFUNCTION,
- Add redirect test and callback failure test
- Note that the function may be called multiple times on a redirection
- Disable new 2086 test due to Windows weirdness
Add curl_url_strerror() to convert CURLUcode into readable string and
facilitate easier troubleshooting in programs using URL API.
Extend CURLUcode with CURLU_LAST for iteration in unit tests.
Update man pages with a mention of new function.
Update example code and tests with new functionality where it fits.
Michael Kaufmann [Wed, 22 Sep 2021 10:04:25 +0000 (12:04 +0200)]
vtls: Fix a memory leak if an SSL session cannot be added to the cache
On connection shutdown, a new TLS session ticket may arrive after the
SSL session cache has already been destructed. In this case, the new
SSL session cannot be added to the SSL session cache.
The callers of Curl_ssl_addsessionid() need to know whether the SSL
session has been added to the cache. If it has not been added, the
reference counter of the SSL session must not be incremented, or memory
used by the SSL session must be freed. This is now possible with the new
output parameter "added" of Curl_ssl_addsessionid().
Joel Depooter [Thu, 23 Sep 2021 22:54:24 +0000 (15:54 -0700)]
libssh2: Get the version at runtime if possible
Previously this code used a compile time constant, meaning that libcurl
always reported the libssh2 version that libcurl was built with. This
could differ from the libssh2 version actually being used. The new code
uses the CURL_LIBSSH2_VERSION macro, which is defined in ssh.h. The
macro calls the libssh2_version function if it is available, otherwise
it falls back to the compile time version.
Daniel Stenberg [Mon, 20 Sep 2021 08:33:26 +0000 (10:33 +0200)]
test897: verify delivery of IMAP post-body header content
The "content" is delivered as "body" by curl, but the envelope continues
after the body and the rest of it should be delivered as header.
The IMAP server can now get 'POSTFETCH' set to include more data to
include after the body and test 897 is done to verify that such "extra"
header data is in fact delivered by curl as header.
Daniel Stenberg [Fri, 17 Sep 2021 14:31:25 +0000 (16:31 +0200)]
http: fix the broken >3 digit response code detection
When the "reason phrase" in the HTTP status line starts with a digit,
that was treated as the forth response code digit and curl would claim
the response to be non-compliant.
Added test 1466 to verify this case.
Regression brought by 5dc594e44f73b17 Reported-by: Glenn de boer
Fixes #7738
Closes #7739
Daniel Stenberg [Thu, 16 Sep 2021 06:50:54 +0000 (08:50 +0200)]
Curl_http2_setup: don't change connection data on repeat invokes
Regression from 3cb8a748670ab88c (releasde in 7.79.0). That change moved
transfer oriented inits to before the check but also erroneously moved a
few connection oriented ones, which causes problems.
tests/sshserver.pl: make it work with openssh-8.7p1
... by not using options with no argument where an argument is required:
=== Start of file tests/log/ssh_server.log
curl_sshd_config line 6: no argument after keyword "DenyGroups"
curl_sshd_config line 7: no argument after keyword "AllowGroups"
curl_sshd_config line 10: Deprecated option AuthorizedKeysFile2
curl_sshd_config line 29: Deprecated option KeyRegenerationInterval
curl_sshd_config line 39: Deprecated option RhostsRSAAuthentication
curl_sshd_config line 40: Deprecated option RSAAuthentication
curl_sshd_config line 41: Deprecated option ServerKeyBits
curl_sshd_config line 45: Deprecated option UseLogin
curl_sshd_config line 56: no argument after keyword "AcceptEnv"
curl_sshd_config: terminating, 3 bad configuration options
=== End of file tests/log/ssh_server.log
=== Start of file log/sftp_server.log
curl_sftp_config line 33: Unsupported option "rhostsrsaauthentication"
curl_sftp_config line 34: Unsupported option "rsaauthentication"
curl_sftp_config line 52: no argument after keyword "sendenv"
curl_sftp_config: terminating, 1 bad configuration options
Connection closed.
Connection closed
=== End of file log/sftp_server.log
Daniel Stenberg [Tue, 14 Sep 2021 14:20:47 +0000 (16:20 +0200)]
hsts: handle unlimited expiry
When setting a blank expire string, meaning unlimited, curl would pass
TIME_T_MAX to getime_r() when creating the output, while on 64 bit
systems such a large value cannot be convetered to a tm struct making
curl to exit the loop with an error instead. It can't be converted
because the year it would represent doesn't fit in the 'int tm_year'
field!
Starting now, unlimited expiry is instead handled differently by using a
human readable expiry date spelled out as "unlimited" instead of trying
to use a distant actual date.
Test 1660 and 1915 have been updated to help verify this change.
Reported-by: Jonathan Cardoso
Fixes #7720
Closes #7721
Daniel Stenberg [Tue, 14 Sep 2021 11:03:06 +0000 (13:03 +0200)]
curl_multi_fdset: make FD_SET() not operate on sockets out of range
The VALID_SOCK() macro was made to only check for FD_SETSIZE if curl was
built to use select(), even though the curl_multi_fdset() function
always and unconditionally uses FD_SET and needs the check.
Reported-by: 0xee on github
Fixes #7718
Closes #7719
ftp,imap,pop3,smtp: reject STARTTLS server response pipelining
If a server pipelines future responses within the STARTTLS response, the
former are preserved in the pingpong cache across TLS negotiation and
used as responses to the encrypted commands.
This fix detects pipelined STARTTLS responses and rejects them with an
error.
Daniel Stenberg [Sat, 11 Sep 2021 22:20:22 +0000 (00:20 +0200)]
http_proxy: fix the User-Agent inclusion in CONNECT
It should not refer to the uagent string that is allocated and created
for the end server http request, as that pointer may be cleared on
subsequent CONNECT requests.
Added test case 1184 to verify.
Reported-by: T200proX7 on github
Fixes #7705
Closes #7707
Daniel Stenberg [Fri, 10 Sep 2021 09:39:22 +0000 (11:39 +0200)]
http2: Curl_http2_setup needs to init stream data in all invokes
Thus function was written to avoid doing multiple connection data
initializations, which is fine, but since it also initiates stream
related data it is crucial that it doesn't skip those even if called
again for the same connection. Solved by moving the stream
initializations before the "doing-it-again" check.
projects / thirdparty / curl.git / log
