Marc Hoersken [Tue, 5 May 2020 19:39:39 +0000 (21:39 +0200)]
select: use timediff_t instead of time_t and int for timeout_ms
Make all functions in select.[ch] take timeout_ms as timediff_t
which should always be large enough and signed on all platforms
to take all possible timeout values and avoid type conversions.
Reviewed-by: Jay Satiro Reviewed-by: Daniel Stenberg
Replaces #5107 and partially #5262
Related to #5240 and #5286
Closes #5343
Marc Hoersken [Thu, 28 May 2020 19:04:07 +0000 (21:04 +0200)]
tests/libtest: fix undefined reference to 'curlx_win32_fopen'
Since curl_setup.h now makes use of curlx_win32_fopen for Win32
builds with USE_WIN32_LARGE_FILES or USE_WIN32_SMALL_FILES defined,
we need to include the relevant files for tests using fopen,
because the libtest sources are also including curl_setup.h
Reviewed-by: Marcel Raad Reviewed-by: Daniel Stenberg
Follow up to #3784 (ffdddb45d9)
Closes #5475
Daniel Stenberg [Thu, 28 May 2020 14:32:07 +0000 (16:32 +0200)]
configure: repair the check if argv can be written to
Due to bad escaping of the test code, the test wouldn't build and thus
result in a negative test result, which would lead to the unconditional
assumption that overwriting the arguments doesn't work and thus curl
would never hide credentials given in the command line, even when it
would otherwise be possible.
Peter Wu [Sun, 3 May 2020 23:41:46 +0000 (01:41 +0200)]
ngtcp2: use common key log routine for better thread-safety
Tested with ngtcp2 built against the OpenSSL library. Additionally
tested with MultiSSL (NSS for TLS and ngtcp2+OpenSSL for QUIC).
The TLS backend (independent of QUIC) may or may not already have opened
the keylog file before. Therefore Curl_tls_keylog_open is always called
to ensure the file is open.
Peter Wu [Sun, 3 May 2020 22:16:40 +0000 (00:16 +0200)]
wolfssl: add SSLKEYLOGFILE support
Tested following the same curl and tshark commands as in commit
"vtls: Extract and simplify key log file handling from OpenSSL" using
WolfSSL v4.4.0-stable-128-g5179503e8 from git master built with
`./configure --enable-all --enable-debug CFLAGS=-DHAVE_SECRET_CALLBACK`.
Full support for this feature requires certain wolfSSL build options,
see "Availability note" in lib/vtls/wolfssl.c for details.
Peter Wu [Sun, 3 May 2020 15:10:40 +0000 (17:10 +0200)]
vtls: Extract and simplify key log file handling from OpenSSL
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:
- Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
- Do not perform dynamic memory allocation when preparing a log entry.
Unless the TLS specifications change we can suffice with a reasonable
fixed-size buffer.
- Simplify state tracking when SSL_CTX_set_keylog_callback is
unavailable. My original sslkeylog.c code included this tracking in
order to handle multiple calls to SSL_connect and detect new keys
after renegotiation (via SSL_read/SSL_write). For curl however we can
be sure that a single master secret eventually becomes available
after SSL_connect, so a simple flag is sufficient. An alternative to
the flag is examining SSL_state(), but this seems more complex and is
not pursued. Capturing keys after server renegotiation was already
unsupported in curl and remains unsupported.
Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:
# Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
openssl s_server -www -tls1
# Likewise, but fail the server handshake.
openssl s_server -www -tls1 -Verify 2
# TLS 1.3 test. No need to test the failing server handshake.
openssl s_server -www -tls1_3
Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.
tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
-eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
-dtls.port==4433,http -ohttp.desegment_body:FALSE \
-Y 'tls.handshake.verify_data or http'
A single connection can easily be identified via the `tcp.stream` field.
Michael Kaufmann [Thu, 21 May 2020 11:10:04 +0000 (13:10 +0200)]
transfer: close connection after excess data has been read
For HTTP 1.x, it's a protocol error when the server sends more bytes
than announced. If this happens, don't reuse the connection, because the
start position of the next response is undefined.
Daniel Stenberg [Wed, 20 May 2020 11:21:00 +0000 (13:21 +0200)]
curl: remove -J "informational" written on stdout
curl would previously show "curl: Saved to filename 'name from header'"
if -J was used and a name was picked from the Content-Disposition
header. That output could interfer with other stdout output, such as -w.
This commit removes that output line.
Bug: https://curl.haxx.se/mail/archive-2020-05/0044.html Reported-by: Коваленко Анатолий Викторович
Closes #5435
Peter Wu [Wed, 20 May 2020 21:36:21 +0000 (23:36 +0200)]
configure: fix pthread check with static boringssl
A shared boringssl/OpenSSL library requires -lcrypto only for linking.
A static build additionally requires `-ldl -lpthread`. In the latter
case `-lpthread` is added to LIBS which prevented `-pthread` from being
added to CFLAGS. Clear LIBS to fix linking failures for libtest tests.
Instead mark the function call with (void). Getting the return code and
using it instead triggered Coverity warning CID 1463596 because
snprintf() can return a negative value...
Peter Wu [Sun, 10 May 2020 10:07:38 +0000 (12:07 +0200)]
travis: upgrade to bionic, clang-9, improve readability
Changes, partially to reduce build failures from external dependencies:
- Upgrade Ubuntu and drop unnecessary third-party repos.
- Properly clone apt config to ensure retries.
- Upgrade to clang-9 from the standard repos.
- Use Ubuntu 20.04 focal for the libssh build, use of ssh_get_publickey
fails on -Werror=deprecated-declarations in Ubuntu 18.04. Do not use
focal everywhere yet since Travis CI has not documented this option.
In focal, python-impacket (Py2.7) has been removed, leaving only
python3-impacket. Since it is only needed for SMB tests and not SSH,
skip it for the libssh job since it might need more work.
- apt: Remove gcc-8 and libstdc++-8-dev, already installed via g++-8.
Non-functional cleanups:
- Simplify test matrix, drop redundant os and compiler keys.
- Deprecation fixes: remove sudo, rename matrix -> jobs.
- Every job has an 'env' key, put this key first in a list item.
Daniel Stenberg [Thu, 14 May 2020 22:40:25 +0000 (00:40 +0200)]
ftp: make domore_getsock() return the secondary socket properly
Previously, after PASV and immediately after the data connection has
connected, the function would only return the control socket to wait for
which then made the data connection simply timeout and not get polled
correctly. This become obvious when running test 1631 and 1632 event-
based.
- use `wmain` instead of `main` when `_UNICODE` is defined [0]
- define `argv_item_t` as `wchar_t *` in this case
- use the curl_multibyte gear to convert the command-line arguments to
UTF-8
This makes it possible to pass parameters with characters outside of
the current locale on Windows, which is required for some tests, e.g.
the IDN tests. Out of the box, this currently only works with the
Visual Studio project files, which default to Unicode, and winbuild
with the `ENABLE_UNICODE` option.
Major_Tom [Wed, 13 May 2020 19:41:27 +0000 (21:41 +0200)]
vauth/cleartext: fix theoretical integer overflow
Fix theoretical integer overflow in Curl_auth_create_plain_message.
The security impact of the overflow was discussed on hackerone. We
agreed this is more of a theoretical vulnerability, as the integer
overflow would only be triggerable on systems using 32-bits size_t with
over 4GB of available memory space for the process.
Daniel Stenberg [Tue, 12 May 2020 11:29:53 +0000 (13:29 +0200)]
docs/options-in-versions: which version added each cmdline option
Added test 971 to verify that the list is in sync with the files in
cmdline-opts. The check also verifies that .d-files that uses Added:
specify the same version number as the options-in-versions file does.
Daniel Stenberg [Tue, 12 May 2020 22:52:34 +0000 (00:52 +0200)]
url: reject too long input when parsing credentials
Since input passed to libcurl with CURLOPT_USERPWD and
CURLOPT_PROXYUSERPWD circumvents the regular string length check we have
in Curl_setstropt(), the input length limit is enforced in
Curl_parse_login_details too, separately.
James Le Cuirot [Mon, 11 May 2020 19:50:02 +0000 (20:50 +0100)]
libcurl.pc: Merge Libs.private into Libs for static-only builds
A project being built entirely statically will call pkg-config with
--static, which utilises the Libs.private field. Conversely it will
not use --static when not being built entirely statically, even if
there is only a static build of libcurl available. This will most
likely cause the build to fail due to underlinking unless we merge the
Libs fields.
Consider that this is what the Meson build system does when it
generates pkg-config files.
I have also reflected this in the --libs argument of curl-config even
though REQUIRE_LIB_DEPS always seems to be "yes" anyway.
Peter Wu [Sun, 10 May 2020 00:12:12 +0000 (02:12 +0200)]
CMake: fix runtests.pl with CMake, add new test targets
* runtests.pl:
- Fix out-of-tree build under CMake when srcdir is not set. Default
srcdir to the location of runtests.pl.
- Add a hack to allow CMake to use the TFLAGS option as documented
in tests/README and used in scripts/travis/script.sh.
* Bump CMake version to 3.2 for USES_TERMINAL, dropping Debian Jessie
support (no one should care, it is already EOL.).
* Remove CTest since it defines its own 'test' target with no tests
since all unittests are already broken and not built by default.
* Add new test targets based on the options from Makefile.am. Since
new test targets are rarely added, I opted for duplicating the
runtests.pl options as opposed to creating a new Makefile.inc file.
Use top-level target names (test-x) instead of x-test since that is
used by CI and others.
Peter Wu [Sun, 10 May 2020 00:10:20 +0000 (02:10 +0200)]
CMake: do not build test programs by default
The default target should only build libcurl and curl. Add a dedicated
'testdeps' target which will be used later when running tests. Note that
unittests are currently broken in CMake and already excluded.
Daniel Stenberg [Mon, 11 May 2020 21:18:01 +0000 (23:18 +0200)]
url: sort the protocol schemes in rough popularity order
When looking for a protocol match among supported schemes, check the
most "popular" schemes first. It has zero functionality difference and
for all practical purposes a speed difference will not be measureable
but it still think it makes sense to put the least likely matches last.
Marc Hoersken [Sun, 10 May 2020 16:40:24 +0000 (18:40 +0200)]
test1238: avoid tftpd being busy for tests shortly following
The tftpd server may still be busy if the total timeout of
25 seconds has not been reached or no sread error was received
during or after the execution of the timeout test 1238.
Once the next TFTP test comes around (eg. 1242 or 1243),
those will fail because the tftpd server is still waiting
on data from curl due to the UDP protocol being stateless
and having no connection close. On Linux this error may not
happen, because ICMP errors generated due to a swrite error
can also be returned async on the next sread call instead.
Therefore we will now just kill the tftpd server after test
1238 to make sure that the following tests are not affected.
This enables us to no longer ignore tests 1242, 1243, 2002
and 2003 on the CI platforms CirrusCI and AppVeyor.
projects / thirdparty / curl.git / log
