include: mask computed auth/proto bitmasks to 32 bits

GCC 15.2 warns when assigning computed "all" bitmask macros to 32-bit
flag types because negated masks expand to the full width of unsigned
long/long on 64-bit platforms.

Mask these macros to a 32-bit domain so they do not set high bits and
avoid -Woverflow/-Wconversion warnings in callers.

Reported-by: Patrick Monnerat
Fixes #20242
Closes #20416

diff --git a/include/curl/curl.h b/include/curl/curl.h
index 87b6344ea6fbe1c35a4b3bfa4bca0ca545b56ee0..f14f887261b4af00e74e4b499539a4d2b13639a9 100644 (file)
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -842,10 +842,13 @@ typedef enum {
 #define CURLAUTH_BEARER       (((unsigned long)1) << 6)
 #define CURLAUTH_AWS_SIGV4    (((unsigned long)1) << 7)
 #define CURLAUTH_ONLY         (((unsigned long)1) << 31)
-#define CURLAUTH_ANY          (~CURLAUTH_DIGEST_IE)
-#define CURLAUTH_ANYSAFE      (~(CURLAUTH_BASIC | CURLAUTH_DIGEST_IE))
+#define CURLAUTH_ANY          ((~CURLAUTH_DIGEST_IE) & \
+                               ((unsigned long)0xffffffff))
+#define CURLAUTH_ANYSAFE      ((~(CURLAUTH_BASIC | CURLAUTH_DIGEST_IE)) & \
+                               ((unsigned long)0xffffffff))
 
-#define CURLSSH_AUTH_ANY       ~0L       /* all types supported by server */
+/* all types supported by server */
+#define CURLSSH_AUTH_ANY       ((unsigned long)0xffffffff)
 #define CURLSSH_AUTH_NONE      0L        /* none allowed, silly but complete */
 #define CURLSSH_AUTH_PUBLICKEY (1L << 0) /* public/private key files */
 #define CURLSSH_AUTH_PASSWORD  (1L << 1) /* password */
@@ -1101,7 +1104,7 @@ typedef CURLSTScode (*curl_hstswrite_callback)(CURL *easy,
 #define CURLPROTO_MQTT    (1L << 28)
 #define CURLPROTO_GOPHERS (1L << 29)
 #define CURLPROTO_MQTTS   (1L << 30)
-#define CURLPROTO_ALL     (~0L) /* enable everything */
+#define CURLPROTO_ALL     ((unsigned long)0xffffffff) /* enable everything */
 
 /* long may be 32 or 64 bits, but we should never depend on anything else
    but 32 */

diff --git a/lib/setopt.c b/lib/setopt.c
index 5034c4a5f0b7336cc733510a920e093971851515..31b1ca01ee4b245370ab851083dbd9f8fc5c823c 100644 (file)
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -1194,7 +1194,7 @@ static CURLcode setopt_long_proto(struct Curl_easy *data, CURLoption option,
 #endif
 #ifdef USE_SSH
   case CURLOPT_SSH_AUTH_TYPES:
-    s->ssh_auth_types = (int)arg;
+    s->ssh_auth_types = (uint32_t)arg;
     break;
   case CURLOPT_NEW_DIRECTORY_PERMS:
     if((arg < 0) || (arg > 0777))

diff --git a/lib/urldata.h b/lib/urldata.h
index d5862e7b262cdfa71e339bd5970b8830d1c81cdb..71e5d6f4a11a9e69119c56d48f108bc17fff5f01 100644 (file)
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1389,7 +1389,7 @@ struct UserDefined {
 #ifdef USE_SSH
   curl_sshkeycallback ssh_keyfunc; /* key matching callback */
   void *ssh_keyfunc_userp;         /* custom pointer to callback */
-  int ssh_auth_types;    /* allowed SSH auth types */
+  uint32_t ssh_auth_types;   /* allowed SSH auth types */
   uint32_t new_directory_perms; /* when creating remote dirs */
 #endif
   uint32_t new_file_perms;      /* when creating remote files */