Curl_1st_err() does not return the second error if the first result is
CURLE_AGAIN. This may cause errors to not become noticeable when they
should be.
Replace all use of Curl_1st_err() with Curl_1st_fatal(), which handles
CURLE_AGAIN as a not-a-real-error case.
Closes#20980
Extend `#pragma diagnostic push`/`pop` guards to the whole codebase
(from tests and examples only) to disable it for GCC <4.6. Rename guard
to `CURL_HAVE_DIAG` and make it include llvm/clang to be interchangeable
with `__GNUC__ || __clang__` in this context.
The above means no longer disabling certain warnings locally, so pair
this with disabling all picky warnings for GCC <4.6.
Also:
- drop global workarounds for misbehaving GCC <4.6 compiler warnings.
Not needed with picky warnings disabled.
Reported-by: fds242 on github
Reported-by: Sergey Fedorov
Thanks-to: Orgad Shaneh
Follow-up to f07a98ae11#20366Fixes#20892Fixes#20924Closes#20902Closes#20907
A malicious or compromised FTP server could include control characters
(e.g. bare \r, or bytes 0x01-0x1f/0x7f) inside the quoted directory path
of its 257 PWD response. That string is stored verbatim as
ftpc->entrypath and later sent unescaped in a CWD command on connection
reuse via Curl_pp_sendf(), which performs no sanitization before
appending \r\n.
Reject the entire path if any control character is encountered during
extraction so that tainted data never reaches a subsequent FTP command.
Add test case 3217 and 3218 to verify. Adjusted test 1152 accordingly.
Closes#20949
Paths starting with one or two leading dots but without a following
slash were not handled correctly.
Follow-up to c31dd6631f
Extended test 1395 accordingly with a set of new test string.
Reported by Codex Security
Closes#20974
When errorf()/warnf() is used early on, before the global pointer is
setup, curl would previosly deref the null pointer.
Follow-up to 3b40128b0f
Found by Codex Security
Closes#20967
The read_field_headers() function would return "ok" even if the
underlying file read returned error, thus would the parent not become
aware of the problem.
Follow-up to f847d2ed02
Found by Codex Security
Closes#20963
The extra % translates to nothing, so this did not break anything they
are just superfluous.
Follow-up to 57d349fe0e
Assisted-by: Viktor Szakats
Found by Codex Security
uidvalidity_set and mb_uidvalidity_set flags were never reset, leaving a
risk for stale UIDVALIDITY state across transfers and mailbox switches.
Follow-up to fb6a4802d7
Spotted by Codex Security
Closes#20962
Missing ferror handling in Curl_get_line causes infinite loops on I/O
errors, leading to denial-of-service hangs for config/cache file loads.
Follow-up to 769ccb4d42
Pointed out by Codex Security
Closes#20958
Introduce `Curl_xfer_is_secure(data)` that returns TRUE for transfers
that happen(ed) over a end-to-end secured connection, e.g. SSL.
Add test1586 to verify behaviour for http: transfers via a https: proxy.
Reported-by: lg_oled77c5pua on hackerone
Closes#20951
When .curlrc is parsed successfully but the tool exits early before
parse_args() executes; the allocated path was not freed.
Spotted by Codex Security
Closes#20954
In curlx_strerror on Windows, the condition checks `!strerror_s(...)`
(true on success) and therefore always evaluates the fallback block.
Even when strerror_s successfully produced a valid errno message.
Follow-up to 1eca08a541
Pointed out by Codex Security
Closes#20955
ngtcp2 1.14.0 added module dependencies to `ngtcp2_crypto_*.pc` files.
This broke certain build cases in curl, because configure was is
querying pkg-config modules by setting `PKG_CONFIG_LIBDIR` to the
directory specified via `--with-*=` options, including `--with-ngtcp2=`.
Setting `PKG_CONFIG_LIBDIR` tells pkg-config (and pkgconf) to ignore
system locations. This caused that `ngtcp2_crypto_gnutls.pc` could no
longer find its indirect dependencies, if those were present at system
locations (where they typically are). Another fallout was BoringSSL,
because it does not provide `openssl.pc` on its own, and successful
detection relied on finding a non-BoringSSL copy, typically at a system
location (also fixed in ngtcp2 main branch).
Fix `ngtcp2_crypto_*` detections to not touch `PKG_CONFIG_LIBDIR` and
instead prepend `<path>` set via `--with-ngtcp2=` to `PKG_CONFIG_PATH`.
This ensures to pick up any dependent modules from system locations.
Note the side-effect is that potentially undesired modules may be
detected this way from system locations, i.e. it makes this particular
detection less "hermetic" than the rest used in curl configure.
(Configurations using a bare `--with-ngtcp2` with no path were not
affected, and served as a workaround before this patch. It remains a
valid way of configuration after.)
Both `pkgconf` and `pkg-config` use this logic to calculate their search
directory list:
```pseudo
search = {}
if PKG_CONFIG_PATH is set
search += PKG_CONFIG_PATH
endif
if PKG_CONFIG_LIBDIR is set (even if empty)
search += PKG_CONFIG_LIBDIR
else
search += built-in-pkg-config-dirs
endif
```
Refs:
https://github.com/curl/curl/pull/18028/commits (earlier attempt. Failed due to using `PKG_CONFIG_DIR` instead of the correct `PKG_CONFIG_PATH`)
https://github.com/curl/curl/pull/18028/commits/c0874ce8242d42a1ae1d570d6b70b8360da56482https://man.archlinux.org/man/pkgconf.1.enhttps://manpages.debian.org/unstable/pkgconf/pkgconf.1.en.htmlhttps://manpages.debian.org/unstable/pkg-config/pkg-config.1.en.html10e27fd63c
Bug: https://github.com/curl/curl/pull/18022#issuecomment-3120587041
Bug: https://github.com/ngtcp2/ngtcp2/pull/1689#issuecomment-3120593664
Follow-up to 04d90b5deb#20931
Follow-up to 3c64ffaff4#18415#18188
Follow-up to 99500660af#18028#18022Closes#20920
The `ISLOWHEXALHA` and `ISUPHEXALHA` macros were introduced in commit
f65f750 and seem to be only referenced locally by the `ISXDIGIT` macro.
Judging by the `ISALPHA` macro defined in the same file, it seems like
the intention was to spell them as `IS.*HEXALPHA`.
I noticed this while reading through the code and decided to open a PR,
even if it is only a tiny change, just because I was already looking at
it and it might be useful. If there is any reason not to merge this,
please do close the PR.
Closes#20810
- document building curl with CMake.
- mention all supported forks in the OpenSSL section. Delete dedicated
quictls section.
- add TLS-backend pkgconfig dir to `PKG_CONFIG_PATH` for correctness.
OpenSSL-based ones often work without this, by finding system
`openssl.pc`. For GnuTLS and wolfSSL this has a lesser chance. Best to
point to them explicitly. (configure may technically be able to do
this automatically, but it isn't implemented.)
- use `--with-ngtcp2=<path>` again, where possible.
GnuTLS is the exception, pending fix in #20910.
Same for BoringSSL, but not documented in `HTTP3.md`.
- replace `<somewhereN>` with `/path/to/depname` for clarity.
- move `LDFLAGS` after `./configure` for curl, to match dep builds.
- move `--with-ngtcp2` next to the TLS-backend option.
Follow-up to 1e3c2bec7e#20926
Follow-up to 3c64ffaff4#18415#18188
Cherry-picked from #20920Closes#20947
Configure LibreSSL autotools job with `--with-ngtcp=<path>` instead of
adding ngtcp2 to `PKG_CONFIG_PATH`. To test this way of configuration in
CI and test for the regression reported in #20889.
Turns out this way of configuration isn't affected by the detection
issue in this particular case.
It also works for other backends except for these two, subject to
separate fixes:
- BoringSSL fix: https://github.com/ngtcp2/ngtcp2/pull/2070
- GnuTLS fix and BoringSSL workaround: #20920
Follow-up to 666db80196#20891
Follow-up to 8db0e286b3#18189
Follow-up to 99500660af#18028#18022Closes#20926
For cases where the user puts a double quote or backspace in the user
name.
Adjusted test 907 to verify
Reported-by: am-perip on hackerone
Closes#20940
Before this patch the `$withval` variable may have contained `yes` or
other unrelated values, instead of the wolfSSL directory configured via
`--with-wolfssl=`.
Fixing:
```
checking for wolfssl options with pkg-config... found
configure: pkg-config --exists wolfssl trace:
---- begin
PKG_CONFIG_PATH: |/home/runner/wolfssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig|
PKG_CONFIG_LIBDIR: |yes/lib/pkgconfig| <=============== 'yes' used as base directory
trying path: /home/runner/wolfssl/build/lib/pkgconfig for wolfssl
---- end
```
Ref: https://github.com/curl/curl/actions/runs/23146424326/job/67235762794?pr=20920#step:18:245
Cherry-picked from #20920Closes#20943
`PKG_CONFIG_LIBDIR` and `PKG_CONFIG_PATH`.
To help debugging dependency issues. Example:
```
configure: pkg-config --exists openssl trace:
---- begin
PKG_CONFIG_LIBDIR: '/home/runner/libressl/build/lib/pkgconfig'
PKG_CONFIG_PATH: '/home/runner/libressl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig'
trying path: /home/runner/libressl/build/lib/pkgconfig for openssl
trying path: /home/runner/libressl/build/lib/pkgconfig for libssl
trying path: /home/runner/libressl/build/lib/pkgconfig for libcrypto
---- end
```
Cherry-picked from #20920
Follow-up to 04d90b5deb#20931Closes#20942
When saving a file with --no-clobber, make sure the existing file name
remains set when creating the name fails. In a retry scenario, it comes
back and uses that variable again.
Add test 3036 to verify.
Reported-by: James Fuller
Closes#20939
Instead hook up the upstream target name as-is to the local wrapper
target.
To:
- make the hack work regardless of how the upstream target was created.
- make it work the same way in `curl-config.cmake`.
Before this patch it had no guard for `IMPORTED` targets even though
`find_dependencies()` is not guaranteed to create the target expected
if it already existed and was potentially created differently.
Depends-on: #20840
Follow-up to 4f1646ef8a#20486#20419Closes#20839
