A previous refactor made the parser more lenient and this takes it back
to making sure only ascii digits are accepted.
Added test 1684 to verify
Follow-up to 304b5183fd
Pointed out by Codex Security
Closes#21041
- Rename `Curl_resolv_unlink()` to `Curl_dns_entry_unlink()`.
- Change `Curl_dnscache_get()` to return CURLcode result. Returns
now `CURLE_COULDNT_RESOLVE_HOST` for "negative" cache entries.
- Add `Curl_dnscache_add_negative()` to put a "negative" entry
into the cache.
Closes#20864
Use an alternate OpenSSL API to get the digest algorithm tied
to a certificate signature to compute the channel binding.
Fixes#20590
Reported-by: Rob Crittenden
Closes#20734
- Split WINSOCK and POSIX code in `multi_wait()` as the ifdef'ery
was becoming unreadable
- define `ENABLE_WAKEUP` to mean the wakeup socketpair is enabled,
no additional USE_WINSOCK check needed. Under WINSOCK
`ENABLE_WAKEUP` is not defined, so it's availability is as before
under the double defined() checks
- When the multi handle has "alive" transfers, the admin handle's
pollset include the wakeup receive socket. This results in the
admin handle running when someone uses `curl_multi_wakeup()`.
- Without any "alive" transfers, the wakeup socket is removed from
the pollset. Otherwise, event based processing would never finish,
eg. leave the event loop.
- The wakeup socket was never registered for event processing before,
e.g. `curl_multi_wakeup()` never worked in that mode.
- Adjust test exepectations on socket callback invocations and
number of sockets appearing in waitfds sets.
Closes#20832
A closed connection without TLS notify shutdowns, has been reported as a
correct EOF instead of an error. Fix the error handling in wolfSSL
backend receive handling.
Spotted by Codex Security
Closes#21002
`http_ignorecustom` is set on redirect handling but was not reset
between transfers, so once a redirect occurs in the new follow modes,
custom request methods were ignored for later transfers on the same
handle.
Follow-up to fb13923dd6
Detected by Codex Security
Closes#21037
It had an 'f' too few. Also provide CURLPROTO_WS* unconditionally
internally, so that code can depend on them in all builds.
Follow-up to cd5ca80f00
Spotted by Codex Security
Test case 3219 added to catch this next time.
Closes#21031
When composing the <scheme>_proxy environment variable, we assume the
handler->scheme name is already lowercase.
This makes unit test 1627 verify that is the case.
Follow-up to c294f9cb56
Spotted by Codex Security
Closes#21033
- move defines to header file
- make bit2str require < 8 unused bits
- make bool strings stricter
- make UTime2str show + or - for custom time zones
- removed unused 'type' argument to ASN1tostr() function
- fix int2str for negative values. All values below 10000 are now shown
in decimal properly, also possibly negative values.
Add unit test 1667 to verify ASN1tostr
Closes#21013
- make extract-unit-protos handle multi-line prototypes - but they need
to be above the implementation
- Prototypes for static functions we use in unit tests should not be in
header files. We generate lib/unitprotos.h for this purpose
- Removed some function wrappers written for unit tests and make them
use UNITTEST function directly.
- Renamed time2str() in the tool to timebuf() since we have the same
name in lib/ and in unit tests they can both be used non-static in a
build.
This reverts commit f95fadd116.
Follow-up to #21010Closes#21014
- return error on zero length input
- return error on OOM or doing too large output
- fix full 32-bit number support
- fix the broken handling of the first and second numbers
- support up to 32-bit minus 80 for the second number
- a field with a leading 0x80 is now considered an error, since it only
works as padding and is then no longer the shortest possible version
Add unit tests in 1666
Bonus: removed the last argument to OID2str() as it was always set TRUE.
Closes#21003
Curl_1st_err() does not return the second error if the first result is
CURLE_AGAIN. This may cause errors to not become noticeable when they
should be.
Replace all use of Curl_1st_err() with Curl_1st_fatal(), which handles
CURLE_AGAIN as a not-a-real-error case.
Closes#20980
Extend `#pragma diagnostic push`/`pop` guards to the whole codebase
(from tests and examples only) to disable it for GCC <4.6. Rename guard
to `CURL_HAVE_DIAG` and make it include llvm/clang to be interchangeable
with `__GNUC__ || __clang__` in this context.
The above means no longer disabling certain warnings locally, so pair
this with disabling all picky warnings for GCC <4.6.
Also:
- drop global workarounds for misbehaving GCC <4.6 compiler warnings.
Not needed with picky warnings disabled.
Reported-by: fds242 on github
Reported-by: Sergey Fedorov
Thanks-to: Orgad Shaneh
Follow-up to f07a98ae11#20366Fixes#20892Fixes#20924Closes#20902Closes#20907
A malicious or compromised FTP server could include control characters
(e.g. bare \r, or bytes 0x01-0x1f/0x7f) inside the quoted directory path
of its 257 PWD response. That string is stored verbatim as
ftpc->entrypath and later sent unescaped in a CWD command on connection
reuse via Curl_pp_sendf(), which performs no sanitization before
appending \r\n.
Reject the entire path if any control character is encountered during
extraction so that tainted data never reaches a subsequent FTP command.
Add test case 3217 and 3218 to verify. Adjusted test 1152 accordingly.
Closes#20949
Paths starting with one or two leading dots but without a following
slash were not handled correctly.
Follow-up to c31dd6631f
Extended test 1395 accordingly with a set of new test string.
Reported by Codex Security
Closes#20974
uidvalidity_set and mb_uidvalidity_set flags were never reset, leaving a
risk for stale UIDVALIDITY state across transfers and mailbox switches.
Follow-up to fb6a4802d7
Spotted by Codex Security
Closes#20962
Missing ferror handling in Curl_get_line causes infinite loops on I/O
errors, leading to denial-of-service hangs for config/cache file loads.
Follow-up to 769ccb4d42
Pointed out by Codex Security
Closes#20958
Introduce `Curl_xfer_is_secure(data)` that returns TRUE for transfers
that happen(ed) over a end-to-end secured connection, e.g. SSL.
Add test1586 to verify behaviour for http: transfers via a https: proxy.
Reported-by: lg_oled77c5pua on hackerone
Closes#20951
In curlx_strerror on Windows, the condition checks `!strerror_s(...)`
(true on success) and therefore always evaluates the fallback block.
Even when strerror_s successfully produced a valid errno message.
Follow-up to 1eca08a541
Pointed out by Codex Security
Closes#20955
The `ISLOWHEXALHA` and `ISUPHEXALHA` macros were introduced in commit
f65f750 and seem to be only referenced locally by the `ISXDIGIT` macro.
Judging by the `ISALPHA` macro defined in the same file, it seems like
the intention was to spell them as `IS.*HEXALPHA`.
I noticed this while reading through the code and decided to open a PR,
even if it is only a tiny change, just because I was already looking at
it and it might be useful. If there is any reason not to merge this,
please do close the PR.
Closes#20810
For cases where the user puts a double quote or backspace in the user
name.
Adjusted test 907 to verify
Reported-by: am-perip on hackerone
Closes#20940
Already set after `ldap_sslinit()`/`ldap_init()` and before
`ldap_ssl`-specific initialization.
Follow-up to 39d1976b7f#19830
Follow-up to b41e65a8e3
Follow-up to b91421b107Closes#20930
To include what's actually used.
Also:
- drop unused includes.
- scope includes where possible.
- drop `curlx/curlx.h` umbrella header.
- config2setopts: include `netinet/in.h` for Cygwin/MSYS2.
Previously included by chance via an unused curlx include.
Closes#20776
Fix potential inifinite loop reading file content with `Curl_get_line()`
when a filename passed via these options are pointing to a directory
entry (on non-Windows):
- `--alt-svc` / `CURLOPT_ALTSVC`
- `-b` / `--cookie` / `CURLOPT_COOKIEFILE`
- `--hsts` / `CURLOPT_HSTS`
- `--netrc-file` / `CURLOPT_NETRC_FILE`
Fix by checking for this condition and silently skipping such filename
without attempting to read content. Add test 1713 to verify.
Mention in cookie documentation as an accepted case, also show a verbose
message when a directory is detected. Extend test 46 to verify if such
failure lets the logic continue to the next cookie file.
Reported-and-based-on-patch-by: Richard Tollerton
Fixes#20823Closes#20826 (originally-based-on)
Follow-up to 769ccb4d42#19140Closes#20873
Add protocol.h and protocol.c containing all about libcurl's
known URI schemes and their protocol handlers (so they exist).
Moves the scheme definitions from the various sources files into
protocol.c. Schemes are known and used, even of the protocol
handler is not build or just not implemented at all.
Closes#20906
