To make them more accurate.
Also:
- show Visual Studio version, where missing.
- ease the formatting.
- schannel_int.h: clang-tidy fallback code.
Used: `rg -l --sort=path CERT_FIND_HAS_PRIVATE_KEY`
Closes#21621
As this function can now be invoked with only the second glob "active",
it must avoid accessing the first one if not in use.
Follow-up to 2238f0921c
Spotted by Codex Security
Closes#21586
Use parts of text from the upload filename field when that uses globbing
by giving it a name the same way we do it for URL globs. For example, if
you upload three files to a HTTP URL and want to save the corresponding
responses in separate files:
curl -T 'file{<num>1,2,3}' https://upload.example/ -o 'response-#<num>'
Verified by test 2014
Closes#21407
This now points to where the duplicate name ends, not where it starts.
Also fixes test 2410 to use a fixed hostname so that the error position
remains the same.
Reported-by: Viktor Szakats
Fixes#21567Closes#21568
Due to how the range span globbing code works, a range that ends with
9223372036854775807 (the maximum signed 63 bit value) cannot be used as
it triggers an integer overflow.
Verified in test 2092
Reported-by: Andrew Nesbit
Closes#21529
The longest header lines accepted for the -F option is now a define
instead of a magic number. I also bumped it to be an even 8K.
When fixing, I noticed that for some OOM errors curl would display two
error messages. Also fixed here.
Closes#21501
- explain the get_param_part() function
- make it parse only blanks like the rest of this code
- check for commas explicitly when scanning multiple files (to help code
understanding)
Closes#21489
Fix to create the top directory `foo` when specified as
`X:foo\bar\filename`, on Windows and MS-DOS. Add test to verify.
Caught by Codex Security
Follow-up to 787ee935ac#16566Closes#21449
- httpsrr: drop redundant checks.
Follow-up to 809dda3a37#21354
- httpsrr.h: drop obsolete comment.
Follow-up to 2b3dfb4ad4#21175
- ws: drop redundant check in `curl_ws_start_frame()`.
Follow-up to 37cecfc7b9#17683
- ws: fix typo in comment.
- tool_operate: fix VMS build. (broken since 2019-07-20, v7.66.0)
Follow-up to b889408500#3804
Pointed out by Copilot Code Quality
Closes#21393
Add "Delay-A: ms", "Delay-AAAA: ms" and "Delay-HTTPS: ms" to the test
dnsd config and implement delayed response handling.
Add test_21_09 and test_21_10 to check that delayed responses connect
using the undelayed address family.
Closes#21299
- enable three checks:
- bugprone-invalid-enum-default-initialization
- bugprone-sizeof-expression
- readability-inconsistent-declaration-parameter-name (strict)
- fix remaining discrepancies with arg names in prototypes
and implementation, in strict mode.
- document reason for some checks tested but not enabled.
Closes#20794
- examples: sync debug output printf masks.
- INSTALL-CMAKE.md: tidy up section for some options.
- curl_sha512_256: delete comment suggesting an optimization.
- vtls/keylog: scope a variable.
- vtls/openssl: make a source code URL a permalink.
- vtls/schannel: drop redundant parentheses.
- test1119.pl: robustify `$1` -> `$s`.
- sync arg names in comments to match the code.
- tidy up and minor fixes to comments.
- fix formatting/indenting/comment/newline/include nits.
- move `UNITTEST` protos next to definitions, sync their argument names.
- make variables static.
- add parentheses to Perl `open()` calls.
- drop unnecessary double quotes in Perl.
- clang-format.
Closes#21000
Add `resolv-threaded` to curlinfo to detect use of the threaded resolver
correctly even with c-ares linked to https-rr.
Run test_21_05 exactly when threaded resolver is built.
Closes#21287
- By making retry_sleep() a separate funtion that determines how long to
wait until the next retry.
- switch the retry timer to uint32 to make it uniform across platforms
Closes#21279
Verify that curl's --retry behaviour works
- test 502 in serial, works
- test 502 in parallel, hangs forver, test skipped by default
- test 401, no retries done
Fixes#20669
Reported-by: BlackFuffey on github
Closes#21206
To sync names for the same macro logic between lib and src, and to move
it to the curlx namespace, to match `curlx_free()` that it's calling.
Closes#21151
If there is no trailing file name for -O or --remote-name-all, continue
searching until there is no more to search. A URL ending with multiple
slashes would previously make it do wrong.
Add test 1639 and 1644 to verify.
Follow-up to e26eefd9ce
Reported-by: James Fuller
Closes#21165
memory allocated by libcurl (curl_maprintf) must be freed with
curl_free(), and memory allocated by the tool (curlx_strdup via
findfile) must be freed with curlx_free().
- tool_cfgable: ech_config is allocated with curl_maprintf, free it
with curl_free() instead of tool_safefree()
- config2setopts: known hosts from findfile() is allocated with
curlx_strdup, free it with curlx_free() instead of curl_free()
Follow-up to b71973c115Closes#21150
When used together with `USE_OPENSSL`. `USE_QUICHE` always implies
`USE_OPENSSL`.
Also: merge two (now identical) `#if` blocks in `openssl.c`.
Closes#21135
Introduce `toolx_ftruncate()` macro and map it to existing replacements
for non-mingw-w64 Windows and DJGPP, or to `ftruncate` otherwise.
Follow-up to 6041b9b11b#21109Closes#21130
It was wrongly previously only used in debug code for event based
transfer and not in the "normal" parallel transfer case.
Follow-up to 4654493fedCloses#21147
memory allocated by libcurl must be freed with curl_free() and vice versa,
memory allocated by the tool itself must be freed with curlx_free().
- dynbuf: free libcurl data with curl_free()
- tool_operate: make sure we get URL using the right memory
- tool_operhlp: free libcurl memory with curl_free()
- tool_operate: free curl_maprintf() pointer with curl_free
- var: data from curlx_base64_decode needs curlx_free
- tool_operate: fix memory juggling in etag handling
- tool_cb_hdr: fix memory area mixups
- tool_operate: another mixup in etag management
- tool_cb_hdr: more memory mixup fixes
- tool_cfgable.c: document some details
- tool_help: show global-mem-debug in -V output
Closes#21099
Build with "configure --enable-init-mem-debug" to make the tool use
curl_global_init_mem() and a set of private memory funtion callbacks for
libcurl's memory management.
Using this setup, memory mixups in tool code is more likely to cause
crashes and thus get discovered while running tests.
This curl_global_init_mem debug mode can only be done when building
libcurl shared (not static) and without debugging enabled - since it
needs to use the custom memory funtion callbacks.
Closes#21099
Systems without it need to provide a custom alternative just like we
have have for Windows. This adds an MSDOS version that fails if trying
to truncate a too large file.
Closes#21109
Use a thread queue and pool for asnyc threaded DNS resolves.
Add pytest test_21_* for verification.
Add `CURLMOPT_RESOLVE_THREADS_MAX` to allow applications to
resize the thread pool used.
Add `CURLMOPT_QUICK_EXIT` to allow applications to skip thread
joins when cleaning up a multi handle. Multi handles in
`curl_easy_perform()` inherit this from `CURLOPT_QUICK_EXIT`.
Add several debug environment variables for testing.
Closes#20936
Verify if lines are not longer than 192 characters. Also verify if lines
have less than 79 repeat spaces (and fix one fallout).
To improve readability by avoiding long lines and to prevent adding
overly long lines with text that may go unnoticed in an editor or diff
viewer.
In addition to pre-existing line length limits: 79 for C, 132 for CMake
sources.
Also:
- spacecheck: fix/harden allowlist regexes.
- spacecheck: tidy-up quotes and simplify escaping.
- spacecheck: allow folding strings with repeat spaces.
- GHA: fix a suppressed shellcheck warning.
- GHA/macos: simplify by dropping brew bundle.
- test1119.pl: precompile a regex.
- FAQ.md: delete very long link to a Windows 7/2008 support article
that's lost it relevance.
Closes#21087
Memory returned from curl_easy_escape() should be fred with curl_free()
to avoid surprises.
Follow-up to f37840a46e
Spotted by Codex Security
Closes#21075
Add test case 1673 to do repeated upload failures and verify there is no
leak. This proved a previous leak and now it verifies the fix.
Reported-by: James Fuller
Closes#21062
... and apply the CURLOPT_MAXFILESIZE limit (if set) on that as well.
This effectively protects the user against "zip bombs".
Test case 1618 verifies using a 14 byte brotli payload that otherwise
explodes to 102400 zero bytes.
Closes#20787
