Replacing `fopen_s()`/`_wfopen_s()`, to allow customizing share mode,
and keep the sharing mode as was with `fopen()`/`_wopen()` earlier and
as used in `_sopen_s()`/`_wsopen_s()`.
The replaced functions used `_SH_SECURE` internally. Otherwise they are
identical to the replacements.
Ref: https://learn.microsoft.com/cpp/c-runtime-library/reference/fsopen-wfsopen
Reported-by: Jay Satiro
Fixes#20155
Ref: #20156
Follow-up to 1e7d0bafc6#19643Closes#20186
- `LDAP_OPT_SUCCESS` (== 0) is missing from some LDAP implementations
and documented to use `LDAP_SUCCESS` (== 0) instead. Use literal zero
to avoid macro name differences.
- fix freeing `LDAP_OPT_API_INFO` buffers:
- docs suggest `ldapai_vendor_name` on IBMi is `const char *`.
Nothing in docs says it need to be freed.
- `ldapai_extensions` need to be freed, according to docs.
However, on IBMi there is `ldap_value_free()` function for it.
Ref: https://www.ibm.com/docs/en/svd/10.0.3?topic=settings-ldap-opt-api-info
Fixing, on OS400 (V7R4M0):
```
CZM1003: LDAP__819.c, 1028.56: CZM0045(30) Undeclared identifier LDAP_OPT_SUCCESS.
CZM1003: LDAP__819.c, 1036.21: CZM0280(30) Function argument assignment between types "char*" and "const char*" is not allowed.
CZM1001: LDAP__819.c, 1037.5: CZM0304(10) No function prototype given for "ber_memvfree".
...
CZS0601: Module LDAP is not created because statement errors occurred.
```
Follow-up to 859ce48de1#19832Fixes#20188Closes#20189
- Each time field is now 7 characters wide, so that the total width
never exceeds 79 columns so that it works correctly also in Windows
terminals. The title lines are adjusted accordingly.
This is accomplished by using h:mm:ss style up to 10 hours, and for
longer periods switch to "nnX nnY" style output. For hours, days,
months and years.
For less than one hour, the hour field is now dropped.
When no time info is provided, the field is now space-only. No more
`-:--:--`.
Also fixed the output for really long times which previously was
completely broken. The largest time now shows as ">99999y". (Becase
I can't figure out a better way).
- For sizes, the widths are now properly fixed to 6 characters. When
displaying a unit with less than 3 digits, it shows two decimal
precision like "16777215 => 15.99M" and one decmal otherwise: "262143
=> 255.9k"
Also fixes the decimal math. 131071 is 127.9k, which it previously did
not show.
- The time and size field outputs are now properly verified in test
1636.
Fixes#20122Closes#20173
fixup use only space when no time exists
Drop the hour from the display when zero
We recently allowed a larger send buffer in ngtcp2 streams. This allowed
curl to send more early data then previously when the server was slow in
performing the handshake. This led to flaky test failures when the
amount of early data was larger than expected.
Change test expectations to allow for varying amount of early data.
Ref: #20112Closes#20161
The special handling for draining server connections during a connect
attempt was only done on CURLE_RECV_ERROR. But it may also happen when
ngtcp2 errors on writing data. Check for CURLE_SEND_ERROR also.
Ref: #20112Closes#20162
The 'ma' and 'persist' keywords should be considered per list entry, not
once per header.
Expand test 1654 to verify such headers
Reported-by: Hunt Darlener
Closes#20160
Already included directly via `hostip.c`, and other header users do not
use it.
Also add comment about why `setjmp.h` is used.
Cherry-picked from #20106Closes#20132
Macros have been deleted upstream and never defined in OpenSSL 1.1.0+:
474e469bbd
BoringSSL deleted the last internals uses in 2014:
457112e197
LibreSSL refers to them internally and in two public headers, but never
set them via `openssl/opensslfeatures.h` / `openssl/opensslconf.h`.
Follow-up to 69c89bf3d3#18330Closes#20130
The macro has been deleted upstream and never defined in OpenSSL 1.1.0+:
e481f9b90b
BoringSSL and LibreSSL deleted the last uses in 2014:
6dbd73db5d7b2f3298f7
Also:
- drop internal guard `HAS_ALPN_OPENSSL`. It's always set.
Follow-up to 69c89bf3d3#18330Closes#20129
Note: This patch doesn't aim to add `timeval.h` includes missing from
local headers using `curltime` type. They remain relying on `urldata.h`
being included first. This patch also doesn't delete existing, used
includes already present in local headers (as internal users may rely
on them).
Ref: #20106Closes#20126
(Not tested in CI. Regression in 8.17.0.)
Fixing:
```
lib/vtls/openssl.c:4750:8: error: variable 'sectrust_verified' set but not used [-Werror,-Wunused-but-set-variable]
4750 | bool sectrust_verified = FALSE;
| ^
1 error generated.
```
Follow-up to b4630ed8fa#19308Closes#20128
The migration to the strparse API introduced regressions in Digest
authentication parsing where Optional Whitespace (OWS) after commas was
not skipped, and escaped quotes in values were not correctly parsed.
This change ensures whitespace is skipped before key lookups and escaped
characters are properly handled and unescaped in quoted values.
Reported-by: herdiyanitdev on hackerone
Closes#20102
Fix the pollset in perform state to not add sockets for directions
that are blocked. This otherwise will lead to busy loops for a
transfer that cannot be progressed.
Reported-by: Fizn-Ahmd on github
Fixes#20091Closes#20109
- asyn-thrdd.c: scope an include.
- apply more clang-format suggestions.
- tidy-up PP guard comments.
- delete empty line from the top of headers.
- add empty line after `curl_setup.h` include where missing.
- fix indent.
- CODE_STYLE.md: add `strcpy`.
Follow-up to 8636ad55df#20088
- lib1901.c: drop unnecessary line.
Follow-up to 436e67f65b#20076Closes#20070
- they rarely catch any problems
- we have other ways to test different send/recv problems
- the number of such calls vary much more per invoke than others, making
memdebugging harder
- reducing the total number of fallible functions per test is good
- they were not used as intended anyway
Closes#20097
The cookie flushing (saving to a cookie jar) should only be done if a
transfer has been started. This is now done by checking the
cookies->running field, which is not reset in curl_easy_reset() so the
saving works correctly even after a call to that.
Follow-up to fd6eb8d6e7
Verified by test 1920
Reported-by: Alexander Batischev
Fixes#20090Closes#20094
- drop unused `http.h` includes.
- drop unused `http1.h` include.
- drop unused `http2.h` includes.
- vssh/ssh.h: drop unused `vssh.h` include.
- urldata.h: drop unused protocol includes.
- url: include `smtp.h` directly.
- rtsp.h: include directly where used.
- imap, smtp: drop redundant include, move another from .h to .c.
Verified with an all non-unity CI run.
Closes#20093
Also:
- examples/hsts-preload: apply the same change as it's based on lib1915
in tests. Make a local clone of `curlx_strcopy()`. Then drop the
`_CRT_SECURE_NO_WARNINGS` hack, that's no longer necessary.
- curl_setup.h: delete `strcpy()` from the `_CRT_SECURE_NO_WARNINGS`
list.
Closes#20076
Update test 1941 to verify this
Remove unused code from dynhds for handling folded headers, and the
associated unit tests of those functions in test 2602 and 2603.
Closes#20080
This function REQUIRES the size of the target buffer as well as the
length of the source string. Meant to make it harder to do a bad
strcpy().
Removes 23 calls to strcpy().
Closes#20067
On versions before macOS 10.14, ios 12 and watchos 5, check the
evaluation code to return the error from evaluation.
Reported-by: Stanislav Fort
Closes#20074
