Also ignore trailing dots in both host name and comparison pattern.
Regression in 7.86.0 (from 1e9a538e05)
Extended test 1614 to verify better.
Reported-by: Henning Schild
Fixes#9821Closes#9822
Curl_getnameinfo_a() is prototyped before including curl.h as an
ASCII'fied wrapper for getnameinfo(), which itself is prototyped with
socklen_t arguments, so this should use the platform socklen_t and not
curl_socklen_t too.
Update setup-os400.h
Fixes#9811Closes#9812
If the host name is an IP address and the noproxy string contained that
IP address with a following comma, it would erroneously not match.
Extended test 1614 to verify this combo as well.
Reported-by: Henning Schild
Fixes#9813Closes#9814
- Include arpa/inet.h in all units where htonl is called.
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Closes https://github.com/curl/curl/pull/9816
- Replace `Github` with `GitHub`.
- Replace `windows` with `Windows`
- Replace `advice` with `advise` where a verb is used.
- A few fixes on removing repeated words.
- Replace `a HTTP` with `an HTTP`
Closes#9802
`./configure --enable-shared --disable-static` fails when trying to link
a shared `curl.exe`, due to `libtool` magically changing the output
filename of `windres` to one that it doesn't find when linking:
```
/bin/sh ../libtool --tag=RC --mode=compile windres -I../../curl/include -DCURL_EMBED_MANIFEST -i ../../curl/src/curl.rc -o curl.o
libtool: compile: windres -I../../curl/include -DCURL_EMBED_MANIFEST -i ../../curl/src/curl.rc -o .libs/curl.o
[...]
CCLD curl.exe
clang: error: no such file or directory: 'curl.o'
```
Let's resolve this by skipping `libtool` and calling `windres` directly
when building `src` (aka `curl.exe`). Leave `lib` unchanged, as it does
need the `libtool` magic. This solution is compatible with building
a static `curl.exe`.
This build scenario is not CI-tested.
While here, delete an obsolete comment about a permanent `libtool`
warning that we've resolved earlier.
Regression from 6de7322c03
Reported-by: Christoph Reiter
Fixes#9803Closes#9805
Even though `PICKY_COMPILER=ON` is the default, warnings were not
enabled when using llvm/clang, because `CMAKE_COMPILER_IS_CLANG` was
always false (in my tests at least).
This is the single use of this variable in curl, and in a different
place we already use `CMAKE_C_COMPILER_ID MATCHES "Clang"`, which works
as expected, so change the condition to use that instead.
Also fix the warnings uncovered by the above:
- lib: add casts to silence clang warnings
- schannel: add casts to silence clang warnings in ALPN code
Assuming the code is correct, solve the warnings with a cast.
This particular build case isn't CI tested.
There is a chance the warning is relevant for some platforms, perhaps
Windows 32-bit ARM7.
Closes#9783
At this point, the psnd->buffer will always exist. We have already
allocated a new buffer if one did not previously exist, and returned
from the function if the allocation failed.
Closes#9801
`WANT_IDN_PROTOTYPES` was necessary to avoid using a header that came
via an optional package. MS stopped distributing this package some
years ago and the winidn definitions are part of standard headers (via
`windows.h`) since Vista.
Auto-detect Vista inside `lib/idn_win32.c` and enable the manual
definitions if building for an older Windows.
This allows to delete this manual knob from all build-systems.
Also drop the `_SAL_VERSION` sub-case:
Our manual definitions are now only enabled with old systems. We assume
that code analysis is not run on such systems, allowing us to delete the
SAL-friendly flavour of these.
Reviewed-by: Jay Satiro
Closes#9793
Solve the Amiga build warning by including `netinet/in.h`.
`krb5.c` and `socketpair.c` are using `htonl()` too. This header is
already included in those sources.
Regression from 1e9a538e05
Reviewed-by: Daniel Stenberg
Closes#9787
When checking for invalid octets the strcspn() call will return the
position of the first found invalid char or the first NULL byte.
This means that we can check the indicated position in the search-
string saving a strlen() call.
Closes: #9736
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
- Reintroduce `CROSSPREFIX`:
If set, we add it to the `CC` and `AR` values, and to the _default_
value of `RC`, which is `windres`. This allows to control each of
these individidually, while also allowing to simplify configuration
via `CROSSPREFIX`.
This variable worked differently earlier. Hopefully this new solution
hits a better compromise in usefulness/complexity/flexibility.
Follow-up to: aa970c4c08
- Enable warnings again:
This time with an option to override it via `CFLAGS`. Warnings are
also enabled by default in CMake, `makefile.dj` and `makefile.amiga`
builds (not in autotools though).
Follow-up to 10fbd8b4e3Closes#9784
For both IPv4 and IPv6 addresses. Now also checks IPv6 addresses "correctly"
and not with string comparisons.
Split out the noproxy checks and functionality into noproxy.c
Added unit test 1614 to verify checking functions.
Reported-by: Mathieu Carbonneaux
Fixes#9773Fixes#5745Closes#9775
To please scan-build:
urlapi.c:1163:9: warning: Value stored to 'qlen' is never read
qlen = Curl_dyn_len(&enc);
^ ~~~~~~~~~~~~~~~~~~
urlapi.c:1164:9: warning: Value stored to 'query' is never read
query = u->query = Curl_dyn_ptr(&enc);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Follow-up to 7d6cf06f57Closes#9777
When CURLU_URLENCODE is set, the parser would mistreat the path
component if the URL was specified without a slash like in
http://local.test:80?-123
Extended test 1560 to reproduce and verify the fix.
Reported-by: Trail of Bits
Closes#9763
These function pointers will have been set when the initial TLS
handshake was completed. If they are unchanged, there is no need to set
them again. If they have been changed, as is the case with HTTP/2, we
don't want to override that change. That would result in the
http22_recv/send functions being completely bypassed.
Prior to this change a connection that uses Schannel with HTTP/2 would
fail on renegotiation with error "Received HTTP/0.9 when not allowed".
Fixes https://github.com/curl/curl/issues/9451
Closes https://github.com/curl/curl/pull/9756
Some platforms (e.g. Amiga OS) do not have `PF_INET6`. Adjust the code
for these.
```
hostip.c: In function 'fetch_addr':
hostip.c:308:12: error: 'PF_INET6' undeclared (first use in this function)
pf = PF_INET6;
^~~~~~~~
```
Regression from 1902e8fc51
Reviewed-by: Daniel Stenberg
Closes#9760
Enable them in `lib/makefile.amiga` and `src/makefile.amiga` instead.
This allows builds without openssl and/or zlib. E.g. with the
<https://github.com/bebbo/amiga-gcc> cross-compiler.
Reviewed-by: Daniel Stenberg
Closes#9762
An input like "%.*1$.9999d" would first use the precision taken as an
argument *and* then the precision specified in the string, which is
confusing and wrong. pass1 will now instead return error on this double
use.
Adjusted unit test 1398 to verify
Reported-by: Peter Goodman
Closes#9754
This flow extracted the wrong code (sftp code instead of ssh code), and
the code is sometimes (erroneously) returned as zero anyway, so skip
getting it and set a generic error.
Reported-by: David McLaughlin
Fixes#9737Closes#9740
autotools enables this configuration option unconditionally for Windows
[^1]. Do the same in CMake.
The above will make this work for all reasonably recent environments.
The logic present in `lib/config-win32.h` [^2] has the following
exceptions which we did not cover in this CMake update:
- Builds targeting Windows 2000 and earlier
- MS Visual C++ 5.0 (1997) and earlier
Also make sure to disable this feature when `HAVE_GETADDRINFO` isn't
set, to avoid a broken build. We might want to handle that in the C
sources in a future commit.
[^1]: 68fa9bf3f5/m4/curl-functions.m4 (L2067-L2070)
[^2]: 68fa9bf3f5/lib/config-win32.h (L511-L528)Closes#9727
TABs in name and content seem allowed by RFC 6265: "the algorithm strips
leading and trailing whitespace from the cookie name and value (but
maintains internal whitespace)"
Cookies with TABs in the names are rejected by Firefox and Chrome.
TABs in content are stripped out by Firefox, while Chrome discards the
whole cookie.
TABs in cookies also cause issues in saved netscape cookie files.
Reported-by: Trail of Bits
URL: https://curl.se/mail/lib-2022-10/0032.html
URL: https://github.com/httpwg/http-extensions/issues/2262Closes#9659
When the user name is provided in the URL it is URL encoded there, but
when used for authentication the encoded version should be used.
Regression introduced after 7.83.0
Reported-by: Jonas Haag
Fixes#9709Closes#9715
The goal is to add any flag that affect the created binary, to get in
sync with the ones built with CMake and autotools.
I took these flags from curl-for-win [0], where they've been tested with
mingw-w64 and proven to work well.
This patch brings them to curl as follows:
- Enable unconditionally those force-enabled via
`CMake/WindowsCache.cmake`:
- `HAVE_SETJMP_H`
- `HAVE_STRING_H`
- `HAVE_SIGNAL` (CMake equivalent is `HAVE_SIGNAL_FUNC`)
- Expand existing guards with mingw-w64:
- `HAVE_STDBOOL_H`
- `HAVE_BOOL_T`
- Enable Win32 API functions for Windows Vista and later:
- `HAVE_INET_NTOP`
- `HAVE_INET_PTON`
- Set sizes, if not already set:
- `SIZEOF_OFF_T = 8`
- `_FILE_OFFSET_BITS = 64` when `USE_WIN32_LARGE_FILES` is set,
and using mingw-w64.
- Add the remaining for mingw-w64 only. Feel free to expand as desired:
- `HAVE_LIBGEN_H`
- `HAVE_FTRUNCATE`
- `HAVE_BASENAME`
- `HAVE_STRTOK_R`
Future TODO:
- `HAVE_SIGNAL` has a different meaning in CMake. It's enabled when both
the `signal()` function and the `SIGALRM` macro are found. In
autotools and this header, it means the function only. For the
function alone, CMake uses `HAVE_SIGNAL_FUNC`.
[0] c9b9a5f273/curl-m32.sh (L53-L58)
Reviewed-by: Daniel Stenberg
Closes#9712
Since the date parser allows YYYYMMDD as a date format (due to it being
a bit too generic for parsing this particular header), a large integer
number could wrongly match that pattern and cause the parser to generate
a wrong value.
No date format accepted for this header starts with a decimal number, so
by reversing the check and trying a number first we can deduct that if
that works, it was not a date.
Reported-by Trail of Bits
Closes#9718
It was only defined in `lib/config-win32.h`, when building for Vista.
It was only used in `select.h`, in a condition that also included a
check for `POLLIN` which is a superior choice for this detection and
which was already used by cmake and autotools builds.
Delete both instances of this macro.
Closes#9707
This patch aimed to fix a regression [0], where `CC` initialization
moved beyond its first use. But, on closer inspection it turned out that
the `CC` initialization does not work as expected due to GNU Make
filling it with `cc` by default. So unless implicit values were
explicitly disabled via a GNU Make option, the default value of
`$CROSSPREFIX` + `gcc` was never used. At the same time the implicit
value `cc` maps to `gcc` in (most/all?) MinGW envs.
`AR` has the same issue, with a default value of `ar`.
We could reintroduce a separate variable to fix this without ill
effects, but for simplicity and flexibility, it seems better to drop
support for `CROSSPREFIX`, along with our own `CC`/`AR` init logic, and
require the caller to initialize `CC`, `AR` and `RC` to the full
(prefixed if necessary) names of these tools, as desired.
We keep `RC ?= windres` because `RC` is empty by default.
Also fix grammar in a comment.
[0] 10fbd8b4e3Closes#9698
PR #9255 aimed to fix a Cygwin/MSYS issue (#8220). It used the
`CURL_WIN32` macro, but that one is not defined here, while compiling
curl itself. This patch changes this to `WIN32`, assuming this was the
original intent.
Regression from 1c52e8a379
Reviewed-by: Marcel Raad
Closes#9701
Handle canonical headers and signed headers creation as explained here:
https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
The algo tells that signed and canonical must contain at last host and
x-amz-date.
So we check whatever thoses are present in the curl http headers list.
If they are, we use the one enter by curl user, otherwise we generate
them. then we to lower, and remove space from each http headers plus
host and x-amz-date, then sort them all by alphabetical order.
This patch also fix a bug with host header, which was ignoring the port.
Closes#7966
Daniel Stenberg
jonrumsey
Randall S. Becker
Ayesh Karunaratne
Viktor Szakats
Joel Depooter
Daniel Gustafsson
Jeremy Maitin-Shepard
Don Olmstead
Jay Satiro
Shaun Mirani
12932
Matthias Gatto