- make extract-unit-protos handle multi-line prototypes - but they need
to be above the implementation
- Prototypes for static functions we use in unit tests should not be in
header files. We generate lib/unitprotos.h for this purpose
- Removed some function wrappers written for unit tests and make them
use UNITTEST function directly.
- Renamed time2str() in the tool to timebuf() since we have the same
name in lib/ and in unit tests they can both be used non-static in a
build.
This reverts commit f95fadd116.
Follow-up to #21010Closes#21014
- return error on zero length input
- return error on OOM or doing too large output
- fix full 32-bit number support
- fix the broken handling of the first and second numbers
- support up to 32-bit minus 80 for the second number
- a field with a leading 0x80 is now considered an error, since it only
works as padding and is then no longer the shortest possible version
Add unit tests in 1666
Bonus: removed the last argument to OID2str() as it was always set TRUE.
Closes#21003
Curl_1st_err() does not return the second error if the first result is
CURLE_AGAIN. This may cause errors to not become noticeable when they
should be.
Replace all use of Curl_1st_err() with Curl_1st_fatal(), which handles
CURLE_AGAIN as a not-a-real-error case.
Closes#20980
Extend `#pragma diagnostic push`/`pop` guards to the whole codebase
(from tests and examples only) to disable it for GCC <4.6. Rename guard
to `CURL_HAVE_DIAG` and make it include llvm/clang to be interchangeable
with `__GNUC__ || __clang__` in this context.
The above means no longer disabling certain warnings locally, so pair
this with disabling all picky warnings for GCC <4.6.
Also:
- drop global workarounds for misbehaving GCC <4.6 compiler warnings.
Not needed with picky warnings disabled.
Reported-by: fds242 on github
Reported-by: Sergey Fedorov
Thanks-to: Orgad Shaneh
Follow-up to f07a98ae11#20366Fixes#20892Fixes#20924Closes#20902Closes#20907
A malicious or compromised FTP server could include control characters
(e.g. bare \r, or bytes 0x01-0x1f/0x7f) inside the quoted directory path
of its 257 PWD response. That string is stored verbatim as
ftpc->entrypath and later sent unescaped in a CWD command on connection
reuse via Curl_pp_sendf(), which performs no sanitization before
appending \r\n.
Reject the entire path if any control character is encountered during
extraction so that tainted data never reaches a subsequent FTP command.
Add test case 3217 and 3218 to verify. Adjusted test 1152 accordingly.
Closes#20949
Paths starting with one or two leading dots but without a following
slash were not handled correctly.
Follow-up to c31dd6631f
Extended test 1395 accordingly with a set of new test string.
Reported by Codex Security
Closes#20974
uidvalidity_set and mb_uidvalidity_set flags were never reset, leaving a
risk for stale UIDVALIDITY state across transfers and mailbox switches.
Follow-up to fb6a4802d7
Spotted by Codex Security
Closes#20962
Missing ferror handling in Curl_get_line causes infinite loops on I/O
errors, leading to denial-of-service hangs for config/cache file loads.
Follow-up to 769ccb4d42
Pointed out by Codex Security
Closes#20958
Introduce `Curl_xfer_is_secure(data)` that returns TRUE for transfers
that happen(ed) over a end-to-end secured connection, e.g. SSL.
Add test1586 to verify behaviour for http: transfers via a https: proxy.
Reported-by: lg_oled77c5pua on hackerone
Closes#20951
In curlx_strerror on Windows, the condition checks `!strerror_s(...)`
(true on success) and therefore always evaluates the fallback block.
Even when strerror_s successfully produced a valid errno message.
Follow-up to 1eca08a541
Pointed out by Codex Security
Closes#20955
The `ISLOWHEXALHA` and `ISUPHEXALHA` macros were introduced in commit
f65f750 and seem to be only referenced locally by the `ISXDIGIT` macro.
Judging by the `ISALPHA` macro defined in the same file, it seems like
the intention was to spell them as `IS.*HEXALPHA`.
I noticed this while reading through the code and decided to open a PR,
even if it is only a tiny change, just because I was already looking at
it and it might be useful. If there is any reason not to merge this,
please do close the PR.
Closes#20810
For cases where the user puts a double quote or backspace in the user
name.
Adjusted test 907 to verify
Reported-by: am-perip on hackerone
Closes#20940
Already set after `ldap_sslinit()`/`ldap_init()` and before
`ldap_ssl`-specific initialization.
Follow-up to 39d1976b7f#19830
Follow-up to b41e65a8e3
Follow-up to b91421b107Closes#20930
To include what's actually used.
Also:
- drop unused includes.
- scope includes where possible.
- drop `curlx/curlx.h` umbrella header.
- config2setopts: include `netinet/in.h` for Cygwin/MSYS2.
Previously included by chance via an unused curlx include.
Closes#20776
Fix potential inifinite loop reading file content with `Curl_get_line()`
when a filename passed via these options are pointing to a directory
entry (on non-Windows):
- `--alt-svc` / `CURLOPT_ALTSVC`
- `-b` / `--cookie` / `CURLOPT_COOKIEFILE`
- `--hsts` / `CURLOPT_HSTS`
- `--netrc-file` / `CURLOPT_NETRC_FILE`
Fix by checking for this condition and silently skipping such filename
without attempting to read content. Add test 1713 to verify.
Mention in cookie documentation as an accepted case, also show a verbose
message when a directory is detected. Extend test 46 to verify if such
failure lets the logic continue to the next cookie file.
Reported-and-based-on-patch-by: Richard Tollerton
Fixes#20823Closes#20826 (originally-based-on)
Follow-up to 769ccb4d42#19140Closes#20873
Add protocol.h and protocol.c containing all about libcurl's
known URI schemes and their protocol handlers (so they exist).
Moves the scheme definitions from the various sources files into
protocol.c. Schemes are known and used, even of the protocol
handler is not build or just not implemented at all.
Closes#20906
Improve the name, type and handling of `data->req.keepon`:
- Rename `keepon` to `io_flags`
- make `io_flags` and `uint8_t` and reposition in struct
- Rename `KEEP_*` defines to `REQ_IO_*`, move to request.h
- Replace all direct bit tests to `CURL_REQ_WANT_*` use
- Replace all direct bit manipulations with new macros
Closes#20905
Convert more `int port` to `uint16_t` port types. Reshuffle ports in
connectdata to save some bytes. Change `conn->destination` format to
- make it more readable and thus usable in tracing
- add the IPv6 scope_id only when not default (global)
and make it resemble more the textual format for IPv6
(e.g. suffix '%<scope_id>')
Closes#20918
Eliminate `conn->bits.ipv6_ip`
The bit was only correct for the first transfer using a connection. Use
`data->state.up.hostname` instead in places that need the URL hostname
in its original form.
Fix parseurlandfillconn() to not modify `data->state.up.hostname` before
copying the connection's hostname, but modify the copy instead, leaving
the URL hostname intact.
Closes#20919
To help understanding what's happening on systems where native CA misses
to verify legitimate public websites.
Also:
- drop a superfluous, hanging, `else`.
Ref: #20897Closes#20899
As the struct is now always unconditionally memset with zeros, we
can remove two zero assigns.
Follow-up to 015f1c7de4
Pointed out by CodeSonar
Closes#20900
Follow-up to 04289c62de. Regression shipped in 8.13.0.
- a logic error made it not loop and thus only match if the searched string
was first
- it no longer matches a substring
Adjusted test 1 to use multiple values in the Connection: response
header. Adjusted test 1542 to have a "Connection: close-not" which
should not match.
Reported-by: Henrique Pereira
Closes#20894
Also:
- support per-directory and per-upper-directory whitelist entries.
- convert badlist input grep tweak into the above format.
(except for 'And' which had just a few hits.)
- fix many code exceptions, but do not enforce.
(there also remain about 350 'will' uses in lib)
- fix badwords in example code, drop exceptions.
- badwords-all: convert to Perl.
To make it usable from CMake.
- FAQ: reword to not use 'will'. Drop exception.
Closes#20886
A logic error made the function not check the last character, which thus
could make it accept invalid schemes.
Added test 1965 to verify
Reported-by: Otis Cui Lei
Closes#20893
- Move `RESP_TIMEOUT` from urldata.h to pingpong.h as
`PINGPONG_TIMEOUT_MS`.
- Rename `Curl_pp_state_timeout()` to `Curl_pp_state_timeleft_ms()` as
the function returns the time left, not the timout..
- Update implementation comments and variable names
Closes#20888
