Viktor Szakats [Mon, 29 Sep 2025 23:46:33 +0000 (01:46 +0200)]
checksrc: fix possible endless loop when detecting `BANNEDFUNC`
If the source line had square brackets before the match, the stripping
of the banned function left the original line intact, and repeated the
check on it forever. E.g. with banned function `open` in `lib518.c`:
```c
t518_testfd[0] = open(DEV_NULL, O_RDONLY);
```
Viktor Szakats [Sun, 14 Sep 2025 13:34:18 +0000 (15:34 +0200)]
build: avoid overriding system symbols for fopen functions
By introducing wrappers for them in the curlx namespace:
`curlx_fopen()`, `curlx_fdopen()`, `curlx_fclose()`.
The undefine/redefine/`(function)()` methods broke on systems
implementing these functions as macros. E.g. AIX 32-bit's `fopen()`.
Also:
- rename `lib/fopen.*` to `lib/curl_fopen.*` (for `Curl_fopen()`)
to make room for the newly added `curlx/fopen.h`.
- curlx: move file-related functions from `multibyte.c` to `fopen.c`.
- tests/server: stop using the curl-specific `fopen()` implementation
on Windows. Unicode isn't used by runtests, and it isn't critical to
run tests on longs path. It can be re-enabled if this becomes
necessary, or if the wrapper receives a feature that's critical for
test servers.
Reported-by: Andrew Kirillov
Bug: https://github.com/curl/curl/issues/18510#issuecomment-3274393640
Viktor Szakats [Mon, 29 Sep 2025 20:48:55 +0000 (22:48 +0200)]
tests/server: drop unsafe `open()` override in signal handler (Windows)
Turns out the signal handler on Windows still wasn't signal safe after
the previous round of fix. There is an `open()` call made from there,
and `open` happens to be unconditionally overridden via `curl_setup.h`
on Windows, to its local implementation (`curlx_win32_open()`), which
does memory allocations and potentially other things that are not signal
safe.
This is a temporary fix, till avoiding the override of system symbols
`open` and `stat` on Windows.
FTR this did not fix the CI 2304 errors, diskspace fail or job hangs due
to 0xC0000142 fork failure (it's rare all three occurs in the same run):
https://github.com/curl/curl/actions/runs/18110523584?pr=18774
- fix to append to, not override, previously set linker options when
using `CURL_LIBCURL_VERSIONED_SYMBOLS=ON`. Before this patch, it was
overwriting linker options when using `CURL_CODE_COVERAGE=ON`.
Viktor Szakats [Tue, 16 Sep 2025 17:28:27 +0000 (19:28 +0200)]
tidy-up: miscellaneous
- GHA/checkdocs: rename `spellcheck` job to `pyspelling` to say
the exact tool used.
- GHA/checkdocs: restore a comment.
- GHA/linux: add `-B .` to a cmake configure to avoid warning, and
future breakage.
- autotools: use correct casing for `Schannel`.
- doh: update RFC URL.
- drop redundant parenthesis.
- fix indentation, whitespace.
Viktor Szakats [Wed, 24 Sep 2025 23:54:28 +0000 (01:54 +0200)]
perlcheck: add script, run in CI, fix fallouts
Add script to run all Perl sources through `perl -c` to ensure no
issues, and run this script via GHA/checksrc in CI.
Fallouts:
- fix two repeated declarations.
- move `shell_quote()` from `testutil.pm` to `pathhelp.pm`, to
avoid circular dependency in `globalconfig.pm`.
Stefan Eissing [Mon, 22 Sep 2025 13:48:07 +0000 (15:48 +0200)]
http: handle user-defined connection headers
When there is more than one user-supplied 'Connection: ' header, add
values that curl needs internally to the first one and emit all
subsequent ones thereafter.
Viktor Szakats [Thu, 25 Sep 2025 12:50:15 +0000 (14:50 +0200)]
GHA: use `pyspelling` directly
To avoid depending on Docker Hub, an Docker image and a GitHub Action.
Also to simplify running this check on a local machine.
Pending question if Dependabot and Mend/Renovate will automatically pick
up `requirements-docs.txt`.
Also:
- enable parallel spellchecking. (also to win back the time lost with
installing components directly from Debian and pip.)
- pin `pyspelling`.
- link to official `pyspelling` docs.
Viktor Szakats [Thu, 25 Sep 2025 11:14:36 +0000 (13:14 +0200)]
GHA: bump pip `cryptography`, relax `impacket` version requirement
Bump `cryptography` to a newer version that fixes two known OpenSSL
vulnerabilities reported by Dependabot.
To make it work, also allow `impacket` 0.11.0, because it allows any
pyOpenSSL version, while 0.12.0 pinned it to a single version that
happens to be incompatible with the bugfixed `cryptography` version.
Also: drop spaces from `requirements.txt` files. Bots don't add them,
though they seem to be preferred in the official documentation:
https://pip.pypa.io/en/stable/reference/requirements-file-format/
Stefan Eissing [Tue, 26 Aug 2025 13:54:32 +0000 (15:54 +0200)]
socks: rewwork, cleaning up socks state handling
Restructured the code in the following ways:
* add terminal states SUCCESS and FAILED
* split SOCK4 and SOCK5 states to be more clear
* use `bufq` for send/recv of SOCK messages
* reduce SOCKS4 states, more speaking names
* for most states, move code into static function
* reduce SOCKS5 states, more speaking names
* add helpers for traversing to FAILED state
* add helper to flush bufq
* add hepler to read minimum amount into bufq
Stefan Eissing [Fri, 8 Aug 2025 10:15:25 +0000 (12:15 +0200)]
lib: upgrade/multiplex handling
Improvements around HTTP Upgrade: and multiplex hanndling:
* add `Curl_conn_set_multiplex()` to set connection's multiplex
bit and trigger "connchanged" events
* call `Curl_conn_set_multiplex()` in filters' `CF_CTRL_CONN_INFO_UPDATE`
implementation where other connection properties are updated.
This prevents connection updates before the final filter chain
is chosen.
* rename enum `UPGR101_INIT` to `UPGR101_NONE`
* rename connection bit `asks_multiplex` to `upgrade_in_progress`
* trigger "connchanged" when `upgrade_in_progress` clears
* rename `WebSockets` to `WebSocket` as it is the common term
used in documentation
Daniel Stenberg [Thu, 25 Sep 2025 09:30:24 +0000 (11:30 +0200)]
socks_sspi: bail out on too long fields
A probably unnecessary precaution but since the field sizes are 16 bit in the
protocol this makes sure to fail if they would ever be larger as that would go
wrong.
Daniel Stenberg [Mon, 22 Sep 2025 09:27:27 +0000 (11:27 +0200)]
mbedtls: handle WANT_WRITE from mbedtls_ssl_read()
The mbedtls_ssl_read() function is documented to be able to also return
MBEDTLS_ERR_SSL_WANT_WRITE, so act on that accordingly instead of
returning error for it.
Assisted-by: Stefan Eissing
Reported in Joshua's sarif data
Closes #18682
Daniel Stenberg [Wed, 24 Sep 2025 04:52:52 +0000 (06:52 +0200)]
vssh: drop support for wolfSSH
The implementation was incomplete and lesser than the other backends. No
one ever reported a bug or requested enhancements for this, indicating
that this backend was never used.
Viktor Szakats [Wed, 24 Sep 2025 12:53:18 +0000 (14:53 +0200)]
docs: fix/tidy code fences
- INSTALL.md: fence code to avoid wrong rendering. Reported-by: rinsuki on github Fixes: https://github.com/curl/curl-www/issues/480
- use `sh` instead of `bash` as fence language, for less visual noise.
Daniel Stenberg [Mon, 22 Sep 2025 09:08:43 +0000 (11:08 +0200)]
socks_gssapi: reject too long tokens
If GSS returns a token to use that is longer than 65535 bytes, it can't
be transmitted since the length field is an unisgned 16 bit field and
thus needs to trigger an error.
Viktor Szakats [Wed, 24 Sep 2025 08:16:05 +0000 (10:16 +0200)]
GHA/distcheck: bump timeout for the cmake integration
It may take 1.5 minutes to find the C compiler on macos with old cmake.
The build is also slow due to no unity and Ninja support.
```
Wed, 24 Sep 2025 04:56:51 GMT -- Using CMake version 3.11.4
Wed, 24 Sep 2025 04:58:01 GMT -- The C compiler identification is AppleClang 17.0.0.17000013
Wed, 24 Sep 2025 04:58:02 GMT -- Check for working C compiler: /Applications/Xcode_16.4.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang
Wed, 24 Sep 2025 04:59:33 GMT -- Check for working C compiler: /Applications/Xcode_16.4.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -- works
Wed, 24 Sep 2025 04:59:33 GMT -- Detecting C compiler ABI info
Wed, 24 Sep 2025 04:59:35 GMT -- Detecting C compiler ABI info - done
```
Ref: https://github.com/curl/curl/actions/runs/17966736478/job/51100678487?pr=18700#step:10:50
Viktor Szakats [Wed, 24 Sep 2025 08:29:30 +0000 (10:29 +0200)]
GHA/dist: fix number of parallel jobs on macos runner
It was using the global parallel value in cmake integration tests, while
on macos runners, this should be lower by one, as used in other macos
jobs. Performance impact is minimal.
Viktor Szakats [Tue, 23 Sep 2025 13:45:49 +0000 (15:45 +0200)]
GHA/macos: add macos-26, llvm20, gcc15, drop macos-14, gcc14
Number of combo jobs down to 22 from 24.
Also:
- update the version matrix.
- update exclusion matrix.
- include verbose compiler configuration dump.
It makes the Apple-included, default `-I/usr/local/include` visible.
Ref: #18683
Viktor Szakats [Tue, 23 Sep 2025 09:50:23 +0000 (11:50 +0200)]
GHA/linux: fix address sanitizer error output
Same issue as seen earlier in the tsan job. Fix it the same way, by
switching to cmake to avoid autotools' libtool confusing the analyzer.
Ref: 2a46df31fdb91851895bc46d81f0065e6cafc80b #18274
Configuration remains identical. I removed libssh2 from the installed
packages, because it was unused before, but cmake enabled it by default
and libssh2 has memory leaks:
Ref: https://github.com/curl/curl/actions/runs/17941312820/job/51018425159
Fixing:
```
/usr/bin/llvm-symbolizer-18: /home/runner/work/curl/curl/bld/lib/.libs/libcurl.so.4: no version information available (required by /usr/bin/llvm-symbolizer-18)
/usr/bin/llvm-symbolizer-18: symbol lookup error: /home/runner/work/curl/curl/bld/lib/.libs/libcurl.so.4: undefined symbol: __asan_option_detect_stack_use_after_return
==33900==WARNING: Can't read from symbolizer at fd 3
[..]
==33900==WARNING: Can't write to symbolizer at fd 6
==33900==WARNING: Failed to use and restart external symbolizer
```
Ref: https://github.com/curl/curl/actions/runs/17939949191/job/51013953675?pr=18693
Viktor Szakats [Mon, 22 Sep 2025 16:02:49 +0000 (18:02 +0200)]
cmake: use modern alternatives for `get_filename_component()`
- use `cmake_path()` to query filenames, with CMake 3.20 or upper.
https://cmake.org/cmake/help/v4.1/command/cmake_path.html#query
- use `cmake_host_system_information()` to query the registry,
with CMake 3.24 or upper.
https://cmake.org/cmake/help/v4.1/command/cmake_host_system_information.html#query-windows-registry
Replacing the undocumented method.
- also quote the value passed to `get_filename_component()` where
missing. (Could not cause an actual issue as used in the code.)
Viktor Szakats [Sat, 20 Sep 2025 09:43:59 +0000 (11:43 +0200)]
GHA: enable more options in static analyzer jobs
This is an effort to pass more code through clang-tidt and scan-build
static analyzers. Following CodeQL Linux jobs.
GHA/codeql:
- also build with libssh.
- disable verbose output in build steps.
GHA/linux:
- enable more build options for the clang-tidy and scan-build jobs:
libidn2, nghttp2, ldap, kerberos, rtmp, gnutls, gsasl, rustls,
mbedtls, wolfssl
Use Linuxbrew where necessary.
- also enable ECH, gssapi in the scan-build job.
- fix 'scanbuild' to be 'scan-build' in the job name.
GHA/macos:
- build with Rustls in the clang-tidy job.
- add a new clang-tidy job to test HTTP/3 (with openssl + ngtcp2).
- build with libssh in one of the clang-tidy jobs.
- build with LibreSSL in the MultiSSL clang-tidy job.
- build with heimdal and kerberos in the clang-tidy jobs respectively.
- build with OpenLDAP in one clang-tidy job.
- add support for `skipall`, `skiprun` job options, and use it.
Viktor Szakats [Mon, 22 Sep 2025 09:27:10 +0000 (11:27 +0200)]
libssh: drop two unused assigments
Reported in macOS clang-tidy v21.1.1 build, after enabling libssh in it:
```
lib/vssh/libssh.c
lib/vssh/libssh.c:1342:9: error: Value stored to 'to_t' is never read [clang-analyzer-deadcode.DeadStores,-warnings-as-errors]
1342 | to_t = STRE_OK;
| ^
lib/vssh/libssh.c:1342:9: note: Value stored to 'to_t' is never read
lib/vssh/libssh.c:1349:9: error: Value stored to 'from_t' is never read [clang-analyzer-deadcode.DeadStores,-warnings-as-errors]
1349 | from_t = STRE_OK;
| ^
lib/vssh/libssh.c:1349:9: note: Value stored to 'from_t' is never read
2 warnings generated.
```
Ref: https://github.com/curl/curl/actions/runs/17909917954/job/50918955923?pr=18660#step:11:182
Viktor Szakats [Sun, 21 Sep 2025 19:55:30 +0000 (21:55 +0200)]
rustls: fix clang-tidy warning
Seen with v21.1.1, non-debug-enabled build:
```
lib/vtls/rustls.c:415:23: error: File position of the stream might be 'indeterminate'
after a failed operation. Can cause undefined behavior [clang-analyzer-unix.Stream,-warnings-as-errors]
415 | const size_t rr = fread(buf, 1, sizeof(buf), f);
| ^
```
Ref: https://github.com/curl/curl/actions/runs/17898248031/job/50887746633?pr=18660#step:11:174
Viktor Szakats [Sat, 20 Sep 2025 11:34:08 +0000 (13:34 +0200)]
tool_doswin: fix to use curl socket functions
Replace `WSASocketW()` with `CURL_SOCKET()`. Also replace a call
to `socketclose()` with `sclose()`. According to a comment,
`socketclose()` was chosen to silence test 1498 (and 2300) reporting
`MEMORY FAILURE`. These reports were accurate, and were caused by
calling `WSASocketW()` instead of `socket()` (now `CURL_SOCKET()`).
This also fixes the curl `sclose()` call on an error branch, which is
now correctly paired with a curl socket open. The mismatched open/close
calls caused an issue in TrackMemory-enabled (aka `CURLDEBUG`) builds.
Docs confirm that `socket()` is defaulting to overlapped I/O, matching
the replaced `WSASocketW()` call:
https://learn.microsoft.com/windows/win32/api/winsock2/nf-winsock2-socket#remarks
Also:
- checksrc: ban `WSASocket*()` functions.
- report `SOCKERRNO` instead of `GetLastError()` for socket calls,
to match the rest of the codebase.
Daniel Stenberg [Mon, 22 Sep 2025 06:33:20 +0000 (08:33 +0200)]
managen: strict protocol check
- protocols MUST match one in the accept-list
- protocols are typically all uppercase
- drop All
- use SCP and SFTP instead of SSH
- add Protocols: to some options previously missing one
Daniel Stenberg [Sun, 21 Sep 2025 09:07:31 +0000 (11:07 +0200)]
tftp: pin the first used address
Store the used remote address on the first receive call and then make
sure that it remains the same address on subsequent calls to reduce the
risk of tampering. Doesn't make the transfer secure because it is still
unauthenticated and clear text.
Daniel Stenberg [Sun, 21 Sep 2025 08:48:00 +0000 (10:48 +0200)]
telnet: refuse IAC codes in content
Ban the use of IAC (0xff) in telnet options set by the application. They
need to be escaped when sent but I can't see any valid reason for an
application to send them.
Of course, an application sending such data basically ask for trouble.
Daniel Stenberg [Sat, 20 Sep 2025 21:38:04 +0000 (23:38 +0200)]
libssh: fix range parsing error handling mistake
The range-parsing returned CURLE_RANGE_ERROR directly on one error
instead of calling myssh_to_ERROR() like it should and like it does for
all other errors.
Daniel Stenberg [Sat, 20 Sep 2025 21:23:07 +0000 (23:23 +0200)]
ftp: fix ftp_do_more returning with *completep unset
Specifically, when ftpc->wait_data_conn was true and
Curl_conn_connect(...) returned with serv_conned == false the code
called ftp_check_ctrl_on_data_wait and returned without setting
*completep.
Now set it to 0 at function start to avoid this happening again.
projects / thirdparty / curl.git / log
