The choice to continue processing incoming data although the
writeout of the headers/data failed is not obvious. Add a comment
explaining why this is done.
Closes#19093
The transfer loop used to check the socket and if no poll events
were seen, triggered a "DATA_IDLE" event into the filters to let
them schedule times/do things anyway.
Since we no longer check the socket, the filters have been called
already and the DATA_IDLE event is unnecessary work. Remove it.
Closes#19060
RFC 3617 defines two specific modes, "netascii" and "octet". This code
now checks only for those trailing ones - and not in the hostname since
they can't be there anymore.
Assisted-by: Jay Satiro
Closes#19070
Since it needs to be a trailing piece of the path avoiding strstr() is
faster and more reliable.
Also stopped checking the host name since it cannot actually be there
since quite a long while back. The URL parser doesn't allow such a
hostname.
Moved the check into its own subfunction too.
Closes#19069
In pop3_perform(), pop3->transfer was derived from the old
data->req.no_body. Then, pop3_perform_command() re-computed
data->req.no_body.
Now we instead call pop3_perform_command() first.
Reported-by: Joshua Rogers
Closes#19039
If there is lingering letters left on the right side after the paths
have been parsed, they are syntactically incorrect so returning error is
the safe thing to do.
Reported-by: Harry Sintonen
Closes#19030
Protocol handlers not flagging PROTOPT_SSL that allow reuse of existing
SSL connections now need to carry the flag PROTOPT_SSL_REUSE.
Add PROTOPT_SSL_REUSE to imap, ldap, pop3, smtp and ftp.
Add tests the http: urls do not reuse https: connections and vice versa.
Reported-by: Sakthi SK
Fixes#19006Closes#19007
Although the protocol should only run on index 0, there was a mix of
looked up sockindex and using constant 0 in tls send/recv.
Reported-by: Joshua Rogers
Closes#19004
Both the c-ares documentation and the c-ares source code contradict the
previous comment (and mentions/contains no such restriction).
Ref: #19001Closes#19014
Repeated calls to `Curl_async_is_resolved()` after a failure
returned OK and not the error that was the result of the resolve
fail.
Reported-by: Joshua Rogers
Closes#18999
When thread creation fails, the code uses `errno` to remember the cause.
But pthread_create() never sets errno and gives the error as return value.
Fix that by setting the return value into errno on failure.
Windows: I think the ifdef was the wrong way around. Also set a generic
Windows Error code on CE systems.
Reported-by: Joshua Rogers
Closes#18998
When reusing a connection, the `host` and `conn_to_host` hostname
structs are moved from the template connection onto the existing one.
There was a NULLing of a tempplate member missing in `conn_to_host`
which could then lead to a double free.
Make this struct move into a static function, doing the correct
thing for both `struct hostname` in a connection.
Reported-by: Joshua Rogers
Closes#18995
Fix edge cases around handling of pending send frames and encoding
frames with size_t/curl_off_t possible flowy things.
Reported-by: Joshua Rogers
Closes#18965
Check the result when converting the peer certificate chain
into gnutls internal x590 data structure for errors.
Reported-by: Joshua Rogers
Closes#18964
During the SOCKS connect phase, the `iobuf` is used to receive repsonses
from the server. If the server sends more bytes than expected, the code
discarded them silently.
Fix this by advancing the iobuf only with the length consumed.
Reported-by: Joshua Rogers
Closes#18938
Previous minimum was: 1.2.4 (2002-02-28)
- assume `gssapi/gssapi.h` header for MIT Kerberos.
Drop logic detecting this header, and drop alternate logic including
a bare "gssapi.h". Bare `gssapi.h` is Heimdal-specific. MIT Kerberos
added support for it for Heimdal compatibility on 2006-11-09,
redirecting to `gssapi/gssapi.h`. MIT Kerberos supported the latter
header in the 1990s already.
Ref: 40e1a016f9 (2008-03-06)
Ref: d119352001 (2006-11-09)
- configure.ac: stop using `HAVE_GSSAPI_GSSAPI_H`.
Added in 2010 to support "ancient distros such as RHEL-3" where
`gssapi/gssapi_krb5.h` did not include `gssapi/gssapi.h`.
MIT Kerberos includes it since commit:
d9e959edfa (2003-03-06)
Released in 1.3 (2003-07-08).
Bump minimum required version to avoid this issue.
Reverts cca192e58f (2010-04-16)
Ref: https://web.mit.edu/kerberos/dist/historic.html
Ref: https://sources.debian.org/src/krb5/Closes#18992
The cmake build is running runtests with valgrind. The autotools one is
running scan-build.
Also:
- ignore two memleaks with GNU GSS detected by valgrind.
- add comment on support status of `GSS_C_DELEG_POLICY_FLAG`.
Closes#19008
It's a legacy MIT Kerberos header that's no longer used by curl since:
355bf01c82 (2015-01-09)
There were still mentions of it after this patch, when using versions
<1.2.3, but those versions aren't supported since:
9918541795 (2008-06-12)
This header remains in use by autotools and cmake to detect MIT Kerberos
(vs. Heimdal, which doesn't have it.)
Ref: https://github.com/curl/curl/pull/18978#issuecomment-3387414995Closes#18990
The libssh API uses a 32 bit type for datestamp, so instead of just
force-typecast it, make sure it gets capped at UINT_MAX if the value is
larger.
Reported-by: Joshua Rogers
Closes#18989
curl requires 1.2.4 or newer.
Also:
- vms: stop defining `gss_nt_service_name`. Added in
f9cf3de70b, symbol not used in curl code
since 355bf01c82.
Closes#18978
The file size is weirdly returned in a 150 or 126 response as "XXX
bytes" mentioned somewhere in the response string. This is a rewrite of
the size scanner to replace the strange strstr() + backwards search from
before with a plain forward search until '[number] + " bytes"' is a
match.
Triggered by a report by Joshua Rogers about the previous parser.
Closes#18984
In one c-ares call the passed in pointer was used and not the new
duplicated one. This is probably fine but might as well use the new
pointer as all the other calls do, which will survive longer.
Reported-by: Joshua Rogers
Closes#18980
