Commit graph

39227 commits

Author SHA1 Message Date
Viktor Szakats
1128177a6f
timeval: rename timer frequency variable
It's no longer a global variable.

Follow-up to 1027d07704 #22346

Closes #22347
2026-07-18 14:22:27 +02:00
Viktor Szakats
1027d07704
timeval: make Curl_freq variable static (Windows)
Follow-up to 64d4f5c4b6 #20852

Closes #22346
2026-07-18 03:12:41 +02:00
Graham Campbell
820c014578 cfilters: fix event-based connection shutdown
- Adjust pollset during connection shutdown.

- Separate the FIRSTSOCKET and SECONDSOCKET check so that one being in
  connect or shutdown no longer adds poll events for the other.

- Fix shutdown state evaluation (as detailed below).

- Add a unit test for Curl_conn_adjust_pollset.

- Add a client for event testing.

- Test that shutdown sockets stay with the socket callback until done.

The pollset predicate now reads the connection's own shutdown state
rather than going through data->conn, and the EXPIRE_SHUTDOWN arming in
cshutdn_perform() works again: next_expire_ms started at 0 and could
never be set, so a peer that never sends a close_notify would still park
its connection forever, timeout or not.

Reported-by: pszemus@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/22282
Closes https://github.com/curl/curl/pull/22304
2026-07-17 04:00:56 -04:00
Daniel Stenberg
33dc64fd0e
urlapi: allow URLs to not have userauth (hostname)
Verified in test 1560

Fixes #22279
Reported-by: Bill Mill
Closes #22313
2026-07-16 10:02:05 +02:00
Daniel Stenberg
4176aba5e4
tool_cb_prg: avoid integer overflows
Verify in test 2093

Fixes #22316
Reported-by: xmoezzz on github
Closes #22328
2026-07-16 08:52:16 +02:00
Daniel Stenberg
f2fda908f9
lib1560: test CURLU_DEFAULT_PORT more
Closes #22314
2026-07-16 08:51:16 +02:00
Graham Campbell
d0545d223a runtests: flush cached test parts when (re)loading a file
Force test file reload on client connect in ftpserver.

Closes #22319
2026-07-15 16:36:36 -07:00
Stefan Eissing
0dc22b690d
ssls: fix potential memory leak on import
Memory can be leaked when importing corrupted SSL session data that
carry the same data fields repeatedly.

Fixes #22323

Closes #22324
2026-07-15 22:18:04 +02:00
Graham Campbell
94fab2d210
test798: force IPv4 to avoid cross-runner port aliasing
`test798` is the only test fetching `http://localhost:%HTTPPORT` without
`-4`, since it needs the hostname for its folded `domain=localhost`
cookie. curl tries `::1` first, but the test HTTP server is IPv4-only.
On the BSDs, IPv4 and IPv6 have separate ephemeral port namespaces, so
with every test server binding port 0, another parallel runner's
IPv6-bound server can hold the same numeric port. curl then connects to
the wrong runner's server, which cannot open its own `log/N/test798` and
closes without a response, giving exit 52 and an empty `server.input`.

This PR fixes this flake by adding `-4` matches what tests 389 and 392
already do. Linux is immune because wildcard IPv6 binds occupy the IPv4
port too. Seen in
https://github.com/curl/curl/actions/runs/29229170329/job/86749470571.

Closes #22318
2026-07-15 22:06:07 +02:00
Graham Campbell
b8c061c751
ngtcp2: let verify failures win over expiry processing errors
A flaky CI failure of `test_17_05_bad_ip_addr[h3]` (GnuTLS, event-based)
had curl detect the certificate name mismatch yet exit with
`CURLE_RECV_ERROR` (56) instead of `CURLE_PEER_FAILED_VERIFICATION`
(60). `Curl_cf_ngtcp2_cmn_connect` calls `Curl_cf_ngtcp2_cmn_set_expiry`
after its `ctx->tls_vrfy_result` override and returns the error
unfiltered, so when the server's final handshake flight happens to be
processed by the ingress inside set_expiry, the verify failure surfaces
as a generic receive error.

This PR makes set_expiry prefer `ctx->tls_vrfy_result` over generic
progress errors, as the recv and send paths already do after calling it,
and also covers the `cf-ngtcp2-proxy.c` call sites that lack the
override. Completes #21712. Seen in
https://github.com/curl/curl/actions/runs/29243256619/job/86794119412.

Closes #22317
2026-07-15 22:04:38 +02:00
renovate[bot]
8b5f1809bd
GHA: update dependency cloudflare/quiche to v0.29.3
Follow-up to f369c7ba43 #22331
Follow-up to 899e2edec9 #22333

Closes #22325
2026-07-15 22:00:26 +02:00
Graham Campbell
f369c7ba43
quiche: set the max field section size
quiche 0.29.3 started enforcing a default
`SETTINGS_MAX_FIELD_SECTION_SIZE` of 32 KiB, so larger response headers
now shut down the whole connection with `CURLE_HTTP3`. curl accepts up
to 300 KiB of response headers with every other backend and HTTP
version. Tell quiche to allow what curl itself allows. This keeps
test_01_11 passing with quiche 0.29.3 and it also advertises our real
limit to servers, which the RFC encourages.

Ref: 899e2edec9 #22333
Ref: #22329
Ref: #22325
Ref: 9be0e4fa18
Ref: https://github.com/cloudflare/quiche/releases/tag/0.29.3

Closes #22331
2026-07-15 21:52:07 +02:00
Viktor Szakats
899e2edec9
INTERNALS.md: require quiche 0.20.0+
For function `quiche_h3_config_set_max_field_section_size()`.

Ref: #22331
Ref: https://github.com/curl/curl/pull/22331#issuecomment-4981647189
Ref: https://github.com/cloudflare/quiche/releases/tag/0.20.0

Closes #22333
2026-07-15 21:26:04 +02:00
Viktor Szakats
5f2a70abe3
tidy-up: TEXT() vs _TEXT() vs _T() use (Windows)
Use `_TEXT()` when interacting with CRT functions (also prefer over
synonym `_T()`), `TEXT()` for Win32 functions.

Within curl, they mean the same because CRT/Win32 Unicode mode are
always enabled in sync.

Ref: https://devblogs.microsoft.com/oldnewthing/20040212-00/?p=40643/

Closes #22334
2026-07-15 21:26:04 +02:00
Viktor Szakats
d52c7e78a3
idn: restore MultiByteToWideChar() MB_ERR_INVALID_CHARS flag
Also:
- curlx: pass this flag to the actual conversion calls, for consistency
  and robustness. (It's not stricly necessary because the initial call
  to determine size, with this flag passed, fails already on bad input.)
- schannel: unfold `MultiByteToWideChar()` line (formatting).

Ref: https://learn.microsoft.com/windows/win32/api/stringapiset/nf-stringapiset-multibytetowidechar

Follow-up to 6694a42aa0 #19798

Closes #22326
2026-07-15 17:14:08 +02:00
renovate[bot]
cb81c5f4e2
GHA: update dependency codespell to v2.4.3
Closes #22332
2026-07-15 17:07:22 +02:00
Daniel Stenberg
bc440a89d4
mime.c: avoid integer overflow in base64 size calculation
Reported-by: xmoezzz on github
Fixes #22320
Closes #22322
2026-07-15 10:59:18 +02:00
renovate[bot]
6546ffeda4
GHA: update debian:bookworm-slim Docker digest to 7b140f3
Closes #22321
2026-07-14 18:59:22 +02:00
Collin Funk
dfa444f1e5
unit3214: fix to pass on systems with >=128-bit pointers
E.g. on CHERI pointers are 128 bits [1]. This causes the unit3214 test
to fail, which was written with more traditional platforms in mind. Here
is the output of log/stderr3214:

```
URL: -
BAD: struct Curl_easy is 7984 bytes, allowed to be 5370: 2614 bytes too big
BAD: struct connectdata is 1408 bytes, allowed to be 1300: 108 bytes too big
BAD: struct Curl_multi is 1248 bytes, allowed to be 850: 398 bytes too big
BAD: struct curl_httppost is 224 bytes, allowed to be 112: 112 bytes too big
BAD: struct curl_slist is 32 bytes, allowed to be 16: 16 bytes too big
BAD: struct curl_khkey is 32 bytes, allowed to be 24: 8 bytes too big
BAD: struct curl_hstsentry is 48 bytes, allowed to be 40: 8 bytes too big
BAD: struct curl_mime is 144 bytes, allowed to be 96: 48 bytes too big
BAD: struct curl_mimepart is 592 bytes, allowed to be 440: 152 bytes too big
BAD: struct curl_certinfo is 32 bytes, allowed to be 16: 16 bytes too big
BAD: struct curl_tlssessioninfo is 32 bytes, allowed to be 16: 16 bytes too big
BAD: struct curl_blob is 32 bytes, allowed to be 24: 8 bytes too big
BAD: struct CURLMsg is 48 bytes, allowed to be 24: 24 bytes too big
BAD: struct curl_header is 80 bytes, allowed to be 48: 32 bytes too big
Test ended with result 14
```

Multiply the allowed size on systems with larger than 64-bit pointers.

[1] https://www.cl.cam.ac.uk/research/security/ctsrd/pdfs/20171017a-cheri-poster.pdf

Closes #22299
2026-07-14 03:14:49 +02:00
renovate[bot]
87704c45e8
GHA: update dependency google/boringssl to v0.20260713.0
Closes #22311
2026-07-14 03:07:21 +02:00
Daniel Stenberg
eecc273f6d
test1560: allow to build and run without LDAP support
Closes #22312
2026-07-13 22:04:43 +02:00
Daniel Stenberg
30d7440295
RELEASE-NOTES: synced
And bump to 8.22.0 for the pending release
2026-07-13 12:34:23 +02:00
Viktor Szakats
7bbcf26edf
scripts/contri*: find 'Thanks-to' references
Also any other `<word>-to:` alternatives.

Co-authored-by: Daniel Stenberg

Closes #22293
2026-07-13 12:27:40 +02:00
Stefan Eissing
34bc5b60bc
lib: ratelimit timestamps
Remove the timestamp passed for ratelimit checks. Let the limit
calculation obtain a timestamp when it needs it. Most transfers run
without active ratelimits and getting a fresh timestamp is unnecessary.

Closes #22292
2026-07-13 11:53:00 +02:00
Graham Campbell
c3ae9ef822
hostip: only cache negative resolves for authoritative answers
Closes #22302
2026-07-13 11:27:16 +02:00
Daniel Stenberg
353d05ef0c
configure: set ldap lib to no by default for non-finds
`ldap_lib_ok` is never actually set at the start, so a prior cached
autoconf result could lead to an incorrect value.

Pointed out by the GitHub AI

Closes #22308
2026-07-13 09:37:00 +02:00
Daniel Stenberg
d43d24beb1
configure: remove double check for GnuTLS
`GNUTLS_ENABLED` was checked twice in the HTTPS-proxy support block,
making the second check redundant.

- also fix the "or upper" phrasing which is hard to understand

Pointed out by the GitHub AI thing

Closes #22307
2026-07-13 09:36:21 +02:00
Alhuda Khan
9494750986
ftp: reject control bytes in ACCT and alternative-to-user
A CR or LF in the CURLOPT_FTP_ACCOUNT or CURLOPT_FTP_ALTERNATIVE_TO_USER
string split the control-channel command line and smuggled a second FTP
command. Reject a byte below 0x20 in both values before the command is
built.

Closes #22301
2026-07-13 08:46:45 +02:00
Alhuda Khan
c3f9ef13f6
mime: reject CR and LF in mail part name and filename
Closes #22247
2026-07-13 08:29:22 +02:00
Graham Campbell
02214d98f7 conncache: apply multi limits to transfers using a shared pool
- Determine max host and total connection limits from the transfer's own
  multi handle and test that it works for shared connections.

Prior to this change, since df67269 (precedes 8.13.0),
Curl_cpool_check_limits() took the limits from the multi handle that
owns the pool. A share-owned pool is not owned by any multi, so the
limit check always passed.

Prior to df67269 the limits came from the transfer's own multi handle.

Fixes https://github.com/curl/curl/issues/22265
Closes https://github.com/curl/curl/pull/22266
2026-07-12 15:08:31 -04:00
Emmanuel Ugwu
6bad3db3d5
configure: fix misleading error messages
Reported-by: Bryan Henderson
URL: https://curl.se/mail/lib-2026-07/0010.html
Closes #22300
Signed-off-by: Emmanuel Ugwu <emmanuelugwu121@gmail.com>
2026-07-12 18:14:58 +02:00
itzTanos29
fa246bf7f2
CURLOPT_HEADERFUNCTION.md: document folded header unfolding
Fixes #22296
Closes #22297
2026-07-12 18:07:37 +02:00
Stefan Eissing
b940cb1566
ws: pause/unpause write handling
Websocket frames need to be written individualy, so that applications
can access the frame meta data correctly. This worked until the write
function triggered a pause. Remaining frames accumulated in the "out"
writer's buffer and on unpaused were written in one chunk.

ws decode writer will now stop writing frames when the client writer
is paused. To handle the writing of buffered raw data after an unpause,
client writers have gotten a new "flush" method.

Add pytest test_20_12 with a new client to check handling of pauses
and websocket frames.

Reported-by: Hendrik Hübner
Fixes #22273
Closes #22283
2026-07-12 18:06:21 +02:00
Stefan Eissing
e89d5a1202
tests: remove test1701
Test 1701 did a HTTP/2 Upgrade in a HTTP/1.1 POST request. This will no
longer be supported in the upcoming nghttp2 release for security reasons
(Upgrade requests with body a re messy, error prone and can easily lead
to connection confusion).

As no other server we have supports this, remove the test.

Reported-by: firexinghe on github
Fixes #22280
Closes #22291
2026-07-12 18:03:48 +02:00
Stefan Eissing
eb73af253c
tool: fix memory use in parallel mode
The curl tool was creating a new transfer every time it checked if
it needed to add one to reach max parallelism. This led to eventually
all configured transfers to have easy handles created.

Limit the creation again to the ones needed for max parallelism.

scorecard.py: set --out-null only for curl versions that support it

Closes #22277
2026-07-12 17:50:02 +02:00
Viktor Szakats
b093d88447
tidy-up: typos, comment nits
Closes #22294
2026-07-11 13:55:45 +02:00
renovate[bot]
5c5334f831
GHA: update dependency awslabs/aws-lc to v5.1.0
Closes #22288
2026-07-10 12:14:20 +02:00
Viktor Szakats
d054f386dd
GHA/windows: enable wolfSSL in two MSYS2 mingw-w64 jobs
Number of tests went to 1919 (from 1912). Runs 30s faster.

Thanks-to: Christoph Reiter
Ref: 5c995ac098
Ref: #22252

Closes #22259
2026-07-09 21:28:04 +02:00
Viktor Szakats
50c244c74d
tests: skip test 311 for wolfSSL 5.9.2
To fix this for everyone running curl tests.

Also: drop workarounds for CI.

Refs:
https://github.com/wolfSSL/wolfssl/pull/10793
7dd269fc52

Ref: https://github.com/curl/curl/pull/22269#issuecomment-4892203666
Follow-up to 7183bec8fe #22269
Follow-up to 03f9751585 #22204

Closes #22286
2026-07-09 21:09:34 +02:00
Viktor Szakats
06a42cd8bb
GHA/linux: bump 3.x mbedTLS to 3.6.7
Follow-up to 6e5f94cd5d #22271

Closes #22285
2026-07-09 18:21:51 +02:00
Stefan Eissing
7183bec8fe
GHA/macos: ignore test 311 results for Homebrew wolfSSL
Homebrew is distributing v5.9.2 at the time of this commit, which
contains known regression failing to parse the server certificate.
The fix has been merged upstream. Till it makes it into a release
and Homebrew, ignore test results for 311.

Refs:
https://github.com/wolfSSL/wolfssl/pull/10793
7dd269fc52

Follow-up to 03f9751585 #22204 #22175 #22160
Closes #22269
2026-07-09 18:21:51 +02:00
renovate[bot]
6e5f94cd5d
GHA: update dependency Mbed-TLS/mbedtls to v4.2.0
Ref: #21178
Closes #22271
2026-07-09 14:01:15 +02:00
renovate[bot]
6841d59af6
GHA: update dependency pizlonator/fil-c to v0.681
Note: Renovate strips pre-existing quotes from the YAML version value.
This breaks the bump next time its version is ending with zero(s).
Ref: 78267398e5 #22143 #22142

Closes #22267
2026-07-06 13:29:49 +02:00
Daniel Stenberg
791f5b25d3
setopt: error for CURLOPT_SHARE when easy handle is used
Changing the share while driving would be complicated and error-prone.

URL: https://curl.se/mail/lib-2026-07/0000.html

Closes #22253
2026-07-04 22:53:52 +02:00
Stefan Eissing
e0222c0029
test2114: fix reading from stdin
The test provides an invalid username, but no ':' with password, so that
the curl tool tries to read the password from stdin. That makes the test
hang, also in CI.

The check for invalid characters is happening when the CURLOPT_USERPWD
is applied to the URL, so when the transfer is started. Maybe the check
should happen also in setopt already.

The test hangs because tool_paramhlp.c:548 `checkpasswd()` does not see
a ':' and tries to read the password from stdin.

Fix: add a ':' in the tests invalid user setting, so that the read does
not happen.

Follow-up to ecaa344a7a

Closes #22264
2026-07-04 22:53:01 +02:00
Alhuda Khan
ecaa344a7a
url: reject control codes in credentials set via CURLOPT
Closes #22236
2026-07-04 12:28:29 +02:00
Daniel Stenberg
69ac867f98
TLS: drop support for TLS-SRP
The options will simply do nothing.

Closes #21965
2026-07-04 12:20:20 +02:00
Viktor Szakats
d169ad68fa
gssapi: add support for Apple GSS Framework
Add support for the native GSS Framework on Apple targets, which is
Apple's fork of Heimdal. This option allows to drop Apple's deprecated
MIT Kerberos compatibility shim "mit-krb5/1.7-prerelease".

Source code uses different headers, other than that no source changes
are necessary.

You can enable by configuring with:
autotools: `--enable-gssapi-apple`
CMake: `-DCURL_USE_GSSAPI=ON -DCURL_GSS_FLAVOR=Apple`

These options are experimental, and may receive breaking updates till
the GSS backend selection logic settles, for Apple and also for the GNU
and MIT implementation.

Version string:
```
curl 8.21.0-DEV (aarch64-apple-darwin25.4.0) libcurl/8.21.0-DEV
  OpenSSL/3.6.2 zlib/1.2.12 AppleIDN AppleGSS OpenLDAP/2.4.28/Apple
```

Also:
- drop in-source deprecation warning suppressions when using AppleGSS.
- GHA/macos: enable Apple GSS in CI jobs.

Supported by:
iOS 5.0+, iPadOS 5.0+, Mac Catalyst 13.0+, macOS 10.14+, visionOS 1.0+

Ref: https://developer.apple.com/documentation/gss
Ref: #19109

Closes #22052
2026-07-04 01:21:57 +02:00
Daniel Stenberg
b8ceb430be
cd2nroff: stricter checks for asterisks for italics
The nroff (man page) version of the markdown docs could get asterisks
mistreated as emphasis - seen in the CURLOPT_WRITEDATA manpage. The
regex now more stricter requires a word character to follow an italics
starting asterisk and there needs to be a word character or a closing
parenthesis before the italics ending asterisk.

Also: fix CURLINFO_CERTINFO.md which used wrong italics - it was not
rendered correctly on GitHub and with other generic markdown parsers.

Reported-by: Christian Ullrich
Fixes #22257
Closes #22260
2026-07-04 00:32:58 +02:00
Joel Depooter
d23fa6e4b6
CURLOPT_UNRESTRICTED_AUTH.md: 'Authorization' instead of 'Authentication'
Closes #22256
2026-07-03 23:43:56 +02:00