Natanael Copa [Fri, 22 Sep 2023 13:58:49 +0000 (13:58 +0000)]
lib: use wrapper for curl_mime_data fseek callback
fseek uses long offset which does not match with curl_off_t. This leads
to undefined behavior when calling the callback and caused failure on
arm 32 bit.
Use a wrapper to solve this and use fseeko which uses off_t instead of
long.
Thanks to the nice people at Libera IRC #musl for helping finding this
out.
Daniel Stenberg [Mon, 25 Sep 2023 07:42:12 +0000 (09:42 +0200)]
singleuse: add scan for use in other source codes
This should reduce false-positive to almost zero. Checks for presence in
unit tests if --unit is specified, which is intended for debug builds
where unit testing is enabled.
Daniel Stenberg [Mon, 25 Sep 2023 07:42:47 +0000 (09:42 +0200)]
multi: remove Curl_multi_dump
A debug-only function that is basically never used. Removed to ease the
use of the singleuse script to detect non-static functions not used
outside the file where it is defined.
Viktor Szakats [Sun, 24 Sep 2023 09:50:39 +0000 (09:50 +0000)]
tests: fix compiler warnings
Seen with llvm 17 on Windows x64.
```
.../curl/tests/server/rtspd.c:136:13: warning: no previous extern declaration for non-static variable 'logdir' [-Wmissing-variable-declarations]
136 | const char *logdir = "log";
| ^
.../curl/tests/server/rtspd.c:136:7: note: declare 'static' if the variable is not intended to be used outside of this translation unit
136 | const char *logdir = "log";
| ^
.../curl/tests/server/rtspd.c:137:6: warning: no previous extern declaration for non-static variable 'loglockfile' [-Wmissing-variable-declarations]
137 | char loglockfile[256];
| ^
.../curl/tests/server/rtspd.c:137:1: note: declare 'static' if the variable is not intended to be used outside of this translation unit
137 | char loglockfile[256];
| ^
.../curl/tests/server/fake_ntlm.c:43:13: warning: no previous extern declaration for non-static variable 'logdir' [-Wmissing-variable-declarations]
43 | const char *logdir = "log";
| ^
.../curl/tests/server/fake_ntlm.c:43:7: note: declare 'static' if the variable is not intended to be used outside of this translation unit
43 | const char *logdir = "log";
| ^
.../curl/src/tool_doswin.c:350:8: warning: possible misuse of comma operator here [-Wcomma]
350 | ++d, ++s;
| ^
.../curl/src/tool_doswin.c:350:5: note: cast expression to void to silence warning
350 | ++d, ++s;
| ^~~
| (void)( )
```
```
.../curl/tests/libtest/lib540.c:146:27: warning: result of comparison 'long' > 2147483647 is always false [-Wtautological-type-limit-compare]
146 | int itimeout = (L > (long)INT_MAX) ? INT_MAX : (int)L;
| ~ ^ ~~~~~~~~~~~~~
1 warning generated.
.../curl/tests/libtest/libntlmconnect.c:195:31: warning: result of comparison 'long' > 2147483647 is always false [-Wtautological-type-limit-compare]
195 | int itimeout = (timeout > (long)INT_MAX) ? INT_MAX : (int)timeout;
| ~~~~~~~ ^ ~~~~~~~~~~~~~
1 warning generated.
.../curl/tests/libtest/lib591.c:117:31: warning: result of comparison 'long' > 2147483647 is always false [-Wtautological-type-limit-compare]
117 | int itimeout = (timeout > (long)INT_MAX) ? INT_MAX : (int)timeout;
| ~~~~~~~ ^ ~~~~~~~~~~~~~
1 warning generated.
.../curl/tests/libtest/lib597.c:99:31: warning: result of comparison 'long' > 2147483647 is always false [-Wtautological-type-limit-compare]
99 | int itimeout = (timeout > (long)INT_MAX) ? INT_MAX : (int)timeout;
| ~~~~~~~ ^ ~~~~~~~~~~~~~
1 warning generated.
```
Seen on macOS Intel:
```
.../curl/tests/server/sws.c:440:64: warning: field precision should have type 'int', but argument has type 'size_t' (aka 'unsigned long') [-Wformat]
msnprintf(logbuf, sizeof(logbuf), "Got request: %s %.*s HTTP/%d.%d",
~~^~
1 warning generated.
```
Viktor Szakats [Tue, 8 Aug 2023 11:00:36 +0000 (11:00 +0000)]
mingw: delete support for legacy mingw.org toolchain
Drop support for "old" / "legacy" / "classic" / "v1" / "mingw32" MinGW:
https://en.wikipedia.org/wiki/MinGW, https://osdn.net/projects/mingw/
Its homepage used to be http://mingw.org/ [no HTTPS], and broken now.
It supported the x86 CPU only and used a old Windows API header and
implib set, often causing issues. It also misses most modern Windows
features, offering old versions of both binutils and gcc (no llvm/clang
support). It was last updated 2 years ago.
curl now relies on toolchains based on the mingw-w64 project:
https://www.mingw-w64.org/ https://sourceforge.net/projects/mingw-w64/
https://www.msys2.org/ https://github.com/msys2/msys2
https://github.com/mstorsjo/llvm-mingw
(Also available via Linux and macOS package managers.)
Dan Fandrich [Thu, 21 Sep 2023 17:50:49 +0000 (10:50 -0700)]
github/labeler: improve the match patterns
This includes new rules for setting the appleOS and logging labels and
matches on some example files. Also, enable dot mode for wildcard
matches in the .github directory.
Jay Satiro [Mon, 18 Sep 2023 21:58:23 +0000 (17:58 -0400)]
libssh2: fix error message on failed pubkey-from-file
- If libssh2_userauth_publickey_fromfile_ex returns -1 then show error
message "SSH public key authentication failed: Reason unknown (-1)".
When libssh2_userauth_publickey_fromfile_ex returns -1 it does so as a
generic error and therefore doesn't set an error message. AFAICT that is
not documented behavior.
Prior to this change libcurl retrieved the last set error message which
would be from a previous function failing. That resulted in misleading
auth failed error messages in verbose mode.
Stefan Eissing [Tue, 19 Sep 2023 10:31:31 +0000 (12:31 +0200)]
lib: disambiguate Curl_client_write flag semantics
- use CLIENTWRITE_BODY *only* when data is actually body data
- add CLIENTWRITE_INFO for meta data that is *not* a HEADER
- debug assertions that BODY/INFO/HEADER is not used mixed
- move `data->set.include_header` check into Curl_client_write
so protocol handlers no longer have to care
- add special in FTP for `data->set.include_header` for historic,
backward compatible reasons
- move unpausing of client writes from easy.c to sendf.c, so that
code is in one place and can forward flags correctly
Patrick Monnerat [Wed, 20 Sep 2023 12:02:05 +0000 (14:02 +0200)]
tftpd: always use curl's own tftp.h
Using the system's provided arpa/tftp.h and optimizing, GCC 12 detects
and reports a stringop-overread warning:
tftpd.c: In function ‘write_behind.isra’:
tftpd.c:485:12: warning: ‘write’ reading between 1 and 2147483647 bytes from a region of size 0 [-Wstringop-overread]
485 | return write(test->ofile, writebuf, count);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from tftpd.c:71:
/usr/include/arpa/tftp.h:58:30: note: source object ‘tu_data’ of size 0
58 | char tu_data[0]; /* data or error string */
| ^~~~~~~
This occurs because writebuf points to this field and the latter
cannot be considered as being of dynamic length because it is not
the last field in the structure. Thus it is bound to its declared
size.
This commit always uses curl's own version of tftp.h where the
target field is last in its structure, effectively avoiding the
warning.
As HAVE_ARPA_TFTP_H is not used anymore, cmake/configure checks for
arpa/tftp.h are removed.
Dan Fandrich [Wed, 20 Sep 2023 19:22:46 +0000 (12:22 -0700)]
github/labeler: switch to the 5 beta version
This version adds an important feature that will allow more PRs to be
labelled. Rather than being limited to labeling PRs with files that
match a single glob, it can now label them if multiple changed files
match any one of a number of globs.
Ryan Schmidt [Wed, 20 Sep 2023 01:36:39 +0000 (20:36 -0500)]
cmake, configure: also link with CoreServices
When linking with CoreFoundation, also link with CoreServices which is
apparently required to avoid an NSInvalidArgumentException in software
linking with libcurl on macOS Sonoma 14 and later.
Daniel Stenberg [Sat, 16 Sep 2023 09:17:45 +0000 (11:17 +0200)]
doh: inherit DEBUGFUNCTION/DATA
When creating new transfers for doing DoH, they now inherit the debug
settings from the initiating transfer, so that the application can
redirect and handle the verbose output correctly even for the DoH
transfers.
Reported-by: calvin2021y on github
Fixes #11864
Closes #11869
Dan Fandrich [Sat, 16 Sep 2023 07:08:26 +0000 (00:08 -0700)]
http_aws_sigv4: fix sorting with empty parts
When comparing with an empty part, the non-empty one is always
considered greater-than. Previously, the two would be considered equal
which would randomly place empty parts amongst non-empty ones. This
showed as a test 439 failure on Solaris as it uses a different
implementation of qsort() that compares parts differently.
Dan Fandrich [Fri, 15 Sep 2023 20:42:04 +0000 (13:42 -0700)]
CI: ignore the "flaky" and "timing-dependent" test results
CI builds will now run these tests, but will ignore the results if they
fail. The relevant tests are ones that are sensitive to timing or
have edge conditions that make them more likely to fail on CI servers,
which are often heavily overloaded and slow.
This change only adds two additional tests to be ignored, since the
others already had the flaky keyword.
Harry Sintonen [Tue, 12 Sep 2023 10:51:21 +0000 (13:51 +0300)]
misc: better random strings
Generate alphanumerical random strings.
Prior this change curl used to create random hex strings. This was
mostly okay, but having alphanumerical random strings is better: The
strings have more entropy in the same space.
The MIME multipart boundary used to be mere 64-bits of randomness due
to being 16 hex chars. With these changes the boundary is 22
alphanumerical chars, or little over 130 bits of randomness.
Daniel Stenberg [Thu, 14 Sep 2023 21:28:32 +0000 (23:28 +0200)]
cookie: remove unnecessary struct fields
Plus: reduce the hash table size from 256 to 63. It seems unlikely to
make much of a speed difference for most use cases but saves 1.5KB of
data per instance.
Dan Fandrich [Thu, 14 Sep 2023 06:36:45 +0000 (23:36 -0700)]
test2600: remove special case handling for USE_ALARM_TIMEOUT
This was originally added to handle platforms that supported only 1
second granularity in connect timeouts, but after some recent changes
the test currently permafails on several Windows platforms.
The need for this special-case was removed in commit 8627416, which
increased the connect timeout in all cases to well above 1 second.
Jay Satiro [Wed, 13 Sep 2023 18:41:51 +0000 (14:41 -0400)]
escape: replace Curl_isunreserved with ISUNRESERVED
- Use the ALLCAPS version of the macro so that it is clear a macro is
being called that evaluates the variable multiple times.
- Also capitalize macro isurlpuntcs => ISURLPUNTCS since it evaluates
a variable multiple times.
This is a follow-up to 291d225a which changed Curl_isunreserved into an
alias macro for ISUNRESERVED. The problem is the former is not easily
identified as a macro by the caller, which could lead to a bug.
For example, ISUNRESERVED(*foo++) is easily identifiable as wrong but
Curl_isunreserved(*foo++) is not even though they both are the same.
Dan Fandrich [Wed, 13 Sep 2023 07:07:25 +0000 (00:07 -0700)]
tests: increase the default server logs lock timeout
This timeout is used to wait for the server to finish writing its logs
before checking them against the expected values. An overloaded machine
could take more than the two seconds previously allocated, so increase
the timeout to 5 seconds.
Dan Fandrich [Wed, 13 Sep 2023 06:30:56 +0000 (23:30 -0700)]
tests: increase TEST_HANG_TIMEOUT in two tests
These tests had a 5 second timeout compared to 60 seconds for all other
tests. Make these consistent with the others for more reliability on
heavily-loaded machines.
Dan Fandrich [Tue, 12 Sep 2023 06:47:35 +0000 (23:47 -0700)]
test1056: disable on Windows
This test relies on the IPv6 scope field being ignored when connecting to
ipv6-localhost (i.e. [::1%259999] is treated as [::1]). Maybe this is a bit
dodgy, but it works on all our test platforms except Windows. This
test was disabled manually on all Windows CI builds already, so instead
add an incompatible feature and precheck so it's skipped on Windows
everywhere automatically.
Dan Fandrich [Mon, 11 Sep 2023 23:38:46 +0000 (16:38 -0700)]
test587: add a slight delay after test
This test is designed to connect to the server, then immediately send a
few bytes and disconnect. In some situations, such as on a loaded
server, this doesn't give the server enough time to write its lock file
before its existence is checked. The test harness then fails to find the
server's input log file (because it hasn't been written yet) and fails
the test. By adding a short delay after the test, the HTTP server has
enough time to write its lock file which gives itself more time to write
its remaining files.
Dan Fandrich [Mon, 11 Sep 2023 23:35:04 +0000 (16:35 -0700)]
tests: stop overriding the lock timeout
These tests reduce the server lock wait timeout which can increase
flakiness on loaded machines. Since this is merely an optimization,
eliminate them in favour of reliability.
Dan Fandrich [Mon, 11 Sep 2023 22:28:01 +0000 (15:28 -0700)]
tests: add some --expect100-timeout to reduce timing dependencies
These tests can fail when the test machine is so slow that the test HTTP
server didn't get a chance to complete before the client's one second
100-continue timeout triggered. Increase that 1 second to 999 seconds so
this situation doesn't happen.
Dan Fandrich [Fri, 8 Sep 2023 06:48:33 +0000 (23:48 -0700)]
tests: add the timing-dependent keyword on several tests
These are ones likely to fail on heavily-loaded machines that alter the
normal test timing. Most of these tests already had the flaky keyword
since this condition makes them more likely to fail on CI.
Dan Fandrich [Wed, 6 Sep 2023 19:00:47 +0000 (12:00 -0700)]
tests: improve SLOWDOWN test reliability by reducing sent data
These tests are run in SLOWDOWN mode which adds a 10 msec delay after
each character output, which means it takes at least 1.6 seconds (and
320 kernel calls) just to get through the long welcome banner. On an
overloaded system, this can end up taking much more than 1.6 seconds,
and even more than the 7 or 16 second curl timeout that the tests rely
on, causing them to fail. Reducing the size of the welcome banner drops
the total number of characters sent before the transfer starts by more
than half, which reduces the opportunity for test-breaking slowdowns by
the same amount.
Jay Satiro [Sat, 12 Aug 2023 19:06:08 +0000 (15:06 -0400)]
http_aws_sigv4: handle no-value user header entries
- Handle user headers in format 'name:' and 'name;' with no value.
The former is used when the user wants to remove an internal libcurl
header and the latter is used when the user actually wants to send a
no-value header in the format 'name:' (note the semi-colon is converted
by libcurl to a colon).
Prior to this change the AWS header import code did not special case
either of those and the generated AWS SignedHeaders would be incorrect.
include.d: explain headers not printed with --fail before 7.75.0
Prior to 7.75.0 response headers were not printed if -f/--fail was used
and an error was reported by server. This was fixed in ab525c0
(precedes 7.75.0).
projects / thirdparty / curl.git / log
