Граф коммитов

12680 Коммитов

Автор SHA1 Сообщение Дата
Michael Drake 3c16697ebd
openssl: reduce CA certificate bundle reparsing by caching
Closes #9620
2022-11-08 10:06:12 +01:00
Rose f151ec6c10 lib: fix some type mismatches and remove unneeded typecasts
Many of these castings are unneeded if we change the variables to work
better with each other.

Ref: https://github.com/curl/curl/pull/9823

Closes https://github.com/curl/curl/pull/9835
2022-11-08 03:11:01 -05:00
Daniel Stenberg 14061f784c
cookie: compare cookie prefixes case insensitively
Adapted to language in rfc6265bis draft-11.

Closes #9863

Reviewed-by: Daniel Gustafsson
2022-11-08 09:08:09 +01:00
Stefan Eissing af5a22a9c1
websockets: fix handling of partial frames
buffer used and send length calculations are fixed when a partial
websocket frame has been received.

Closes #9861
2022-11-07 12:29:43 +01:00
Stefan Eissing 9ad386f85b
hyper: fix handling of hyper_task's when reusing the same address
Fixes #9840
Closes #9860
2022-11-07 12:19:36 +01:00
Jay Satiro 3cbdf4a148
ws: return CURLE_NOT_BUILT_IN when websockets not built in
- Change curl_ws_recv & curl_ws_send to return CURLE_NOT_BUILT_IN when
  websockets support is not built in.

Prior to this change they returned CURLE_OK.

Closes #9851
2022-11-07 08:02:00 +01:00
Daniel Stenberg b1953c1933
noproxy: tailmatch like in 7.85.0 and earlier
A regfression in 7.86.0 (via 1e9a538e05) made the tailmatch work
differently than before. This restores the logic to how it used to work:

All names listed in NO_PROXY are tailmatched against the used domain
name, if the lengths are identical it needs a full match.

Update the docs, update test 1614.

Reported-by: Stuart Henderson
Fixes #9842
Closes #9858
2022-11-07 08:00:38 +01:00
Eric Vigeant 6c51adeb71
cur_path: do not add '/' if homedir ends with one
When using SFTP and a path relative to the user home, do not add a
trailing '/' to the user home dir if it already ends with one.

Closes #9844
2022-11-03 09:31:43 +01:00
Viktor Szakats 3390ef0af0
windows: fail early with a missing windres in autotools
`windres` is not always auto-detected by autotools when building for
Windows. When this happened, the build failed with a confusing error due
to the empty `RC` command:

```
/bin/bash ../libtool --tag=RC --mode=compile  -I../include -DCURL_EMBED_MANIFEST  -i curl.rc -o curl.o
[...]
Usage: /sandbox/curl/libtool [OPTION]... [MODE-ARG]...
Try 'libtool --help' for more information.
libtool:   error: unrecognised option: '-I../include'
```

Improve this by verifying if `RC` is set, and fail with a clear error
otherwise.

Follow-up to 6de7322c03

Ref: https://curl.se/mail/lib-2022-10/0049.html
Reported-by: Thomas Glanzmann
Closes #9781
2022-11-01 22:45:28 +00:00
Viktor Szakats edae6c66c7
lib: sync guard for Curl_getaddrinfo_ex() definition and use
`Curl_getaddrinfo_ex()` gets _defined_ with `HAVE_GETADDRINFO` set. But,
`hostip4.c` _used_ it with `HAVE_GETADDRINFO_THREADSAFE` set alone. It
meant a build with the latter, but without the former flag could result
in calling this function but not defining it, and failing to link.

Patch this by adding an extra check for `HAVE_GETATTRINFO` around the
call.

Before this patch, build systems prevented this condition. Now they
don't need to.

While here, simplify the related CMake logic on Windows by setting
`HAVE_GETADDRINFO_THREADSAFE` to the detection result of
`HAVE_GETADDRINFO`. This expresses the following intent clearer than
the previous patch and keeps the logic in a single block of code:
When we have `getaddrinfo()` on Windows, it's always threadsafe.

Follow-up to 67d88626d4

Reviewed-by: Jay Satiro
Closes #9734
2022-11-01 22:40:36 +00:00
Viktor Szakats b563a92cd6
tidy-up: process.h detection and use
This patch aims to cleanup the use of `process.h` header and the macro
`HAVE_PROCESS_H` associated with it.

- `process.h` is always available on Windows. In curl, it is required
  only for `_beginthreadex()` in `lib/curl_threads.c`.

- `process.h` is also available in MS-DOS. In curl, its only use was in
  `lib/smb.c` for `getpid()`. But `getpid()` is in fact declared by
  `unistd.h`, which is always enabled via `lib/config-dos.h`. So the
  header is not necessary.

- `HAVE_PROCESS_H` was detected by CMake, forced to 1 on Windows and
  left to real detection for other platforms.
  It was also set to always-on in `lib/config-win32.h` and
  `lib/config-dos.h`.
  In autotools builds, there was no detection and the macro was never
  set.

Based on these observations, in this patch we:

- Rework Windows `getpid` logic in `lib/smb.c` to always use the
  equivalent direct Win32 API function `GetCurrentProcessId()`, as we
  already did for Windows UWP apps. This makes `process.h` unnecessary
  here on Windows.

- Stop #including `process.h` into files where it was not necessary.
  This is everywhere, except `lib/curl_threads.c`.

  > Strangely enough, `lib/curl_threads.c` compiled fine with autotools
  > because `process.h` is also indirecty included via `unistd.h`. This
  > might have been broken in autotools MSVC builds, where the latter
  > header is missing.

- Delete all remaining `HAVE_PROCESS_H` feature guards, for they were
  unnecessary.

- Delete `HAVE_PROCESS_H` detection from CMake and predefined values
  from `lib/config-*.h` headers.

Reviewed-by: Jay Satiro
Closes #9703
2022-11-01 22:27:28 +00:00
Daniel Stenberg 3f039dfd6f
strcase: use curl_str(n)equal for case insensitive matches
No point in having two entry points for the same functions.

Also merged the *safe* function treatment into these so that they can
also be used when one or both pointers are NULL.

Closes #9837
2022-11-01 17:01:26 +01:00
Daniel Stenberg 52cc4a85fd
style: use space after comment start and before comment end
/* like this */

/*not this*/

checksrc is updated accordingly

Closes #9828
2022-10-30 22:31:29 +01:00
Daniel Stenberg b830f9ba9e
noproxy: fix tail-matching
Also ignore trailing dots in both host name and comparison pattern.

Regression in 7.86.0 (from 1e9a538e05)

Extended test 1614 to verify better.

Reported-by: Henning Schild
Fixes #9821
Closes #9822
2022-10-28 17:54:48 +02:00
jonrumsey a3063fe014
os400: use platform socklen_t in Curl_getnameinfo_a
Curl_getnameinfo_a() is prototyped before including curl.h as an
ASCII'fied wrapper for getnameinfo(), which itself is prototyped with
socklen_t arguments, so this should use the platform socklen_t and not
curl_socklen_t too.

Update setup-os400.h

Fixes #9811
Closes #9812
2022-10-27 23:35:47 +02:00
Daniel Stenberg efc286b7a6
noproxy: also match with adjacent comma
If the host name is an IP address and the noproxy string contained that
IP address with a following comma, it would erroneously not match.

Extended test 1614 to verify this combo as well.

Reported-by: Henning Schild

Fixes #9813
Closes #9814
2022-10-27 23:31:31 +02:00
Randall S. Becker fc8d6b2370 build: fix for NonStop
- Include arpa/inet.h in all units where htonl is called.

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>

Closes https://github.com/curl/curl/pull/9816
2022-10-27 16:57:53 -04:00
Ayesh Karunaratne 4484270afc
misc: typo and grammar fixes
- Replace `Github` with `GitHub`.
- Replace `windows` with `Windows`
- Replace `advice` with `advise` where a verb is used.
- A few fixes on removing repeated words.
- Replace `a HTTP` with `an HTTP`

Closes #9802
2022-10-27 10:01:30 +02:00
Viktor Szakats b7260c4fda
windows: fix linking .rc to shared curl with autotools
`./configure --enable-shared --disable-static` fails when trying to link
a shared `curl.exe`, due to `libtool` magically changing the output
filename of `windres` to one that it doesn't find when linking:

```
/bin/sh ../libtool --tag=RC --mode=compile windres -I../../curl/include -DCURL_EMBED_MANIFEST  -i ../../curl/src/curl.rc -o curl.o
libtool: compile:  windres -I../../curl/include -DCURL_EMBED_MANIFEST -i ../../curl/src/curl.rc  -o .libs/curl.o
[...]
CCLD     curl.exe
clang: error: no such file or directory: 'curl.o'
```

Let's resolve this by skipping `libtool` and calling `windres` directly
when building `src` (aka `curl.exe`). Leave `lib` unchanged, as it does
need the `libtool` magic. This solution is compatible with building
a static `curl.exe`.

This build scenario is not CI-tested.

While here, delete an obsolete comment about a permanent `libtool`
warning that we've resolved earlier.

Regression from 6de7322c03

Reported-by: Christoph Reiter
Fixes #9803
Closes #9805
2022-10-27 06:45:32 +00:00
Viktor Szakats 811c799f2d
cmake: really enable warnings with clang
Even though `PICKY_COMPILER=ON` is the default, warnings were not
enabled when using llvm/clang, because `CMAKE_COMPILER_IS_CLANG` was
always false (in my tests at least).

This is the single use of this variable in curl, and in a different
place we already use `CMAKE_C_COMPILER_ID MATCHES "Clang"`, which works
as expected, so change the condition to use that instead.

Also fix the warnings uncovered by the above:

- lib: add casts to silence clang warnings

- schannel: add casts to silence clang warnings in ALPN code

  Assuming the code is correct, solve the warnings with a cast.
  This particular build case isn't CI tested.

  There is a chance the warning is relevant for some platforms, perhaps
  Windows 32-bit ARM7.

Closes #9783
2022-10-26 09:56:52 +00:00
Joel Depooter df77eff278
sendf: remove unnecessary if condition
At this point, the psnd->buffer will always exist. We have already
allocated a new buffer if one did not previously exist, and returned
from the function if the allocation failed.

Closes #9801
2022-10-26 11:48:59 +02:00
Viktor Szakats b51560b9ff
winidn: drop WANT_IDN_PROTOTYPES
`WANT_IDN_PROTOTYPES` was necessary to avoid using a header that came
via an optional package. MS stopped distributing this package some
years ago and the winidn definitions are part of standard headers (via
`windows.h`) since Vista.

Auto-detect Vista inside `lib/idn_win32.c` and enable the manual
definitions if building for an older Windows.

This allows to delete this manual knob from all build-systems.

Also drop the `_SAL_VERSION` sub-case:

Our manual definitions are now only enabled with old systems. We assume
that code analysis is not run on such systems, allowing us to delete the
SAL-friendly flavour of these.

Reviewed-by: Jay Satiro
Closes #9793
2022-10-26 09:45:23 +00:00
Daniel Stenberg 279834dd45
misc: remove duplicated include files
Closes #9796
2022-10-26 11:27:59 +02:00
Viktor Szakats 86c0029047
noproxy: include netinet/in.h for htonl()
Solve the Amiga build warning by including `netinet/in.h`.

`krb5.c` and `socketpair.c` are using `htonl()` too. This header is
already included in those sources.

Regression from 1e9a538e05

Reviewed-by: Daniel Stenberg
Closes #9787
2022-10-25 15:20:45 +00:00
Daniel Stenberg 55e1875729
http_proxy: restore the protocol pointer on error
Reported-by: Trail of Bits

Closes #9790
2022-10-24 15:30:25 +02:00
Daniel Stenberg 9d0869d234
multi: remove duplicate include of connect.h
Reported-by: Martin Strunz
Fixes #9794
Closes #9795
2022-10-24 13:49:22 +02:00
Daniel Stenberg 53bcf55b45
url: use IDN decoded names for HSTS checks
Reported-by: Hiroki Kurosawa

Closes #9791
2022-10-24 12:00:54 +02:00
Daniel Gustafsson 8f384577b8 cookies: optimize control character check
When checking for invalid octets the strcspn() call will return the
position of the first found invalid char or the first NULL byte.
This means that we can check the indicated position in the search-
string saving a strlen() call.

Closes: #9736
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
2022-10-24 11:31:08 +02:00
Daniel Stenberg c97ec984fb
netrc: replace fgets with Curl_get_line
Make the parser only accept complete lines and avoid problems with
overly long lines.

Reported-by: Hiroki Kurosawa

Closes #9789
2022-10-24 11:29:03 +02:00
Viktor Szakats a0d8a1aa91
Makefile.m32: reintroduce CROSSPREFIX and -W -Wall [ci skip]
- Reintroduce `CROSSPREFIX`:

  If set, we add it to the `CC` and `AR` values, and to the _default_
  value of `RC`, which is `windres`. This allows to control each of
  these individidually, while also allowing to simplify configuration
  via `CROSSPREFIX`.

  This variable worked differently earlier. Hopefully this new solution
  hits a better compromise in usefulness/complexity/flexibility.

  Follow-up to: aa970c4c08

- Enable warnings again:

  This time with an option to override it via `CFLAGS`. Warnings are
  also enabled by default in CMake, `makefile.dj` and `makefile.amiga`
  builds (not in autotools though).

  Follow-up to 10fbd8b4e3

Closes #9784
2022-10-22 23:21:03 +00:00
Viktor Szakats 9b63dda16e
noproxy: silence unused variable warnings with no ipv6
Follow-up to 36474f1050

Reviewed-by: Daniel Stenberg
Closes #9782
2022-10-22 23:20:26 +00:00
Viktor Szakats 36474f1050
noproxy: fix builds without AF_INET6
Regression from 1e9a538e05

Reviewed-by: Daniel Stenberg

Closes #9778
2022-10-21 19:06:25 +00:00
Daniel Stenberg 1e9a538e05
noproxy: support proxies specified using cidr notation
For both IPv4 and IPv6 addresses. Now also checks IPv6 addresses "correctly"
and not with string comparisons.

Split out the noproxy checks and functionality into noproxy.c

Added unit test 1614 to verify checking functions.

Reported-by: Mathieu Carbonneaux

Fixes #9773
Fixes #5745
Closes #9775
2022-10-21 13:39:20 +02:00
Daniel Stenberg b15ca64bb0
urlapi: remove two variable assigns
To please scan-build:

urlapi.c:1163:9: warning: Value stored to 'qlen' is never read
        qlen = Curl_dyn_len(&enc);
        ^      ~~~~~~~~~~~~~~~~~~
urlapi.c:1164:9: warning: Value stored to 'query' is never read
        query = u->query = Curl_dyn_ptr(&enc);
        ^       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Follow-up to 7d6cf06f57

Closes #9777
2022-10-21 11:00:18 +02:00
Jeremy Maitin-Shepard 8698825106
cmake: improve usability of CMake build as a sub-project
- Renames `uninstall` -> `curl_uninstall`
- Ensures all export rules are guarded by CURL_ENABLE_EXPORT_TARGET

Closes #9638
2022-10-21 09:29:09 +02:00
Don Olmstead 2e69df0a26
easy_lock: check for HAVE_STDATOMIC_H as well
The check for `HAVE_STDATOMIC_H` looks to see if the `stdatomic.h`
header is present.

Closes #9755
2022-10-21 09:23:02 +02:00
Viktor Szakats a20f74a16a
amiga: set SIZEOF_CURL_OFF_T=8 by default [ci skip]
Reviewed-by: Daniel Stenberg

Closes #9771
2022-10-20 09:10:15 +00:00
Viktor Szakats 3dc8f6f255
connect: fix builds without AF_INET6
Regression from 2b309560c1

Reviewed-by: Daniel Stenberg
Reviewed-by: Jay Satiro

Closes #9770
2022-10-20 09:09:36 +00:00
Daniel Stenberg 7d6cf06f57
urlapi: fix parsing URL without slash with CURLU_URLENCODE
When CURLU_URLENCODE is set, the parser would mistreat the path
component if the URL was specified without a slash like in
http://local.test:80?-123

Extended test 1560 to reproduce and verify the fix.

Reported-by: Trail of Bits

Closes #9763
2022-10-20 08:56:53 +02:00
Joel Depooter 3f5a7975a5 schannel: Don't reset recv/send function pointers on renegotiation
These function pointers will have been set when the initial TLS
handshake was completed. If they are unchanged, there is no need to set
them again. If they have been changed, as is the case with HTTP/2, we
don't want to override that change. That would result in the
http22_recv/send functions being completely bypassed.

Prior to this change a connection that uses Schannel with HTTP/2 would
fail on renegotiation with error "Received HTTP/0.9 when not allowed".

Fixes https://github.com/curl/curl/issues/9451
Closes https://github.com/curl/curl/pull/9756
2022-10-19 04:07:06 -04:00
Viktor Szakats 1c567f797b
hostip: guard PF_INET6 use
Some platforms (e.g. Amiga OS) do not have `PF_INET6`. Adjust the code
for these.

```
hostip.c: In function 'fetch_addr':
hostip.c:308:12: error: 'PF_INET6' undeclared (first use in this function)
       pf = PF_INET6;
            ^~~~~~~~
```

Regression from 1902e8fc51

Reviewed-by: Daniel Stenberg

Closes #9760
2022-10-18 18:27:59 +00:00
Viktor Szakats 05d23823d7
amiga: do not hardcode openssl/zlib into the os config [ci skip]
Enable them in `lib/makefile.amiga` and `src/makefile.amiga` instead.

This allows builds without openssl and/or zlib. E.g. with the
<https://github.com/bebbo/amiga-gcc> cross-compiler.

Reviewed-by: Daniel Stenberg

Closes #9762
2022-10-18 18:22:41 +00:00
Viktor Szakats 357649c477
amigaos: add missing curl header [ci skip]
Without it, `CURLcode` and `CURLE_*` are undefined. `lib/hostip.h` and
conditional local code need them.

Reviewed-by: Daniel Stenberg

Closes #9761
2022-10-18 18:22:09 +00:00
Daniel Stenberg dae84805de
mprintf: reject two kinds of precision for the same argument
An input like "%.*1$.9999d" would first use the precision taken as an
argument *and* then the precision specified in the string, which is
confusing and wrong. pass1 will now instead return error on this double
use.

Adjusted unit test 1398 to verify

Reported-by: Peter Goodman

Closes #9754
2022-10-18 08:43:40 +02:00
Daniel Stenberg f6b9971d73
ftp: remove redundant if
Reported-by: Trail of Bits

Closes #9753
2022-10-18 08:42:46 +02:00
Daniel Stenberg 3ccaddc9fc
mqtt: spell out CONNECT in comments
Instead of calling it 'CONN' in several comments, use the full and
correct protocol packet name.

Suggested by Trail of Bits

Closes #9751
2022-10-17 16:18:40 +02:00
Jay Satiro 6b066de488 ngtcp2: Fix build errors due to changes in ngtcp2 library
ngtcp2/ngtcp2@b0d86f60 changed:

- ngtcp2_conn_get_max_udp_payload_size =>
  ngtcp2_conn_get_max_tx_udp_payload_size

- ngtcp2_conn_get_path_max_udp_payload_size =>
  ngtcp2_conn_get_path_max_tx_udp_payload_size

ngtcp2/ngtcp2@ec59b873 changed:

- 'early_data_rejected' member added to ng_callbacks.

Assisted-by: Daniel Stenberg
Reported-by: jurisuk@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/9747
Closes https://github.com/curl/curl/pull/9748
2022-10-17 03:27:03 -04:00
Daniel Stenberg 025bad1182
curl_path: return error if given a NULL homedir
Closes #9740
2022-10-16 23:49:23 +02:00
Daniel Stenberg bdaa6dd5ba
libssh: if sftp_init fails, don't get the sftp error code
This flow extracted the wrong code (sftp code instead of ssh code), and
the code is sometimes (erroneously) returned as zero anyway, so skip
getting it and set a generic error.

Reported-by: David McLaughlin
Fixes #9737
Closes #9740
2022-10-16 23:48:50 +02:00
Daniel Stenberg 9660f23010
mqtt: return error for too long topic
Closes #9744
2022-10-16 23:47:31 +02:00