Unless it is identical to the previous one.
Follow-up to dbcaa00657
Adjusted test 580, added test 772 and 773
Fixes#19130
Reported-by: Jakub Stasiak
Closes#19134
It was mistakenly removed in 8dab7465a5 (shipped in 8.9.0)
Also fix test 1139 which should have detected this but didn't due to a
bad regex check.
Reported-by: Jonathan Cardoso
Fixes#19151Closes#119152
In init_config_builder_verifier() the call to
rustls_root_cert_store_builder_build() set result on failure but did not
return.
Pointed out by ZeroPath
Closes#19125
In src/tool_operate.c inside the Windows safe-search branch (#ifdef
CURL_CA_SEARCH_SAFE), the code assigns config->cacert = strdup(cacert);
at line 2076 without checking whether strdup returned NULL.
This would allow the code to continue with the wrong value set, causing
possible confusion.
Pointed out by ZeroPath
Closes#19145
For all network related protocols there must be a non-blank hostname
used. This change adds a few asserts in some places to make debug/tests
catch mistakes if any such would slip in.
Closes#19146
CI works without it now. For an inexplicable reason, this single `git`
command took 9 seconds per job, making this patch save more than
2 minutes per workflow run. It was also the only step using PowerShell.
Closes#19150
This function could previously accidentally return true and a NULL path
if only whitespace was provided as argument.
Also, make it stricter and do not allow CR or LF within the string.
Use more strparse parsing.
Drop the comment saying this is from OpenSSH as it has now been
rewritten since then.
Closes#19141
To make sure callers can properly differentiate between errors and know
cleanly when EOF happens. Updated all users and unit test 3200.
Triggered by a remark by ZeroPath
Closes#19140
- honor request id (`id=<number>`) in `curltest/put` and
`curltest/sslinfo` handlers.
- do not truncate `max_upload` input parameter.
- delete unused variables.
- formatting.
Inspired by Joshua's report on tests.
Closes#19061
The code obtained a pointer resp via Curl_bufq_peek(), but called
Curl_bufq_skip() before it would access them in the failf() call.
The Curl_bufq_skip() call can trigger prune_head which may free or
recycle the chunk that resp points into.
Pointed out by ZeroPath
Closes#19139
Use LDAP_OPT_SUCCESS for ldap_get_option, as done in the other calls.
ber_sockbuf_ctrl returns 1 on success so reverse the logic.
Follow-up to f91be14bfbCloses#19138
Adopt ngtcp2_conn_get_stream_user_data which has been available since
ngtcp2 v1.17.0. This improves the time complexity of searching
h3_stream_ctx from O(n) to O(1) where n is the number of stream.
Closes#19132
- Do not leak memory on failed setting algorithm cipher list.
Discovered by ZeroPath.
- Do not free backend->cred after failed AcquireCredentialsHandle.
backend->cred is always freed later, during cleanup.
Closes https://github.com/curl/curl/pull/19118
- do not pre-fill `HAVE_LINUX_TCP_H` on Linux.
`linux/tcp.h` is a Linux kernel userspace header. It's likely
installed when using glibc and likely missing by default when using
something else, e.g. MUSL (e.g. on Alpine).
Therefore always detect it for Linux targets, and only pre-fill it for
non-Linux ones.
- do not pre-fill `HAVE_GLIBC_STRERROR_R` on Linux.
To fix it for non-glibc envs, e.g. MUSL (e.g. on Alpine).
Note, the pre-fill option is a disabled by default, internal option and
strongly not recommended outside of curl development.
Closes#19116
In providercheck(), when failing to open the "store", the exit path
would not previously free the created UI_METHOD and instead leak this
resource.
Pointed out by ZeroPath
Closes#19114
The -F option allows users to provide a file with a set of headers for a
specific formpost section. This code used old handcrafted parsing logic
that potentially could do wrong.
Rewrite to use my_get_line() and dynbuf. Supports longer lines and
should be more solid parsing code.
Gets somewhat complicated by the (unwise) feature that allows "folding"
of header lines in the file: if a line starts with a space it should be
appended to the previous.
The previous code trimmed spurious CR characters wherever they would
occur in a line but this version does not. It does not seem like
something we want or that users would expect.
Test 646 uses this feature.
Closes#19113
- tool_formparse: replace truncated `fseek` with `curlx_fseek`.
- tool_operate: replace truncated `fseek` with `curlx_fseek`.
- tool_paramhlp: replace local duplicate `myfseek`, with `curlx_fseek`.
Follow-up to 4fb12f2891#19100Closes#19107
Before this patch system `malloc()`/`free()` were used to allocate
the buffer returned in the `output_token` object from the debug stub
of `gss_init_sec_context()` when enabled via `CURL_STUB_GSS_CREDS` in
debug-enabled libcurl builds. This object is later released via stock
`gss_release_buffer()`, which, in the Windows builds of MIT Kerberos,
doesn't use the system `free()`, but the Win32 `HeapFree()`.
Fix it by using the GSS alloc/free macros: `gssalloc_malloc()` and
`gssalloc_free()` from `gssapi_alloc.h`.
To make this work without MIT Kerberos feature detection, use a canary
macro to detect a version which installs `gssapi_alloc.h` for Windows.
For <1.15 (2016-11-30) releases, that do not install it, disable the GSS
debug stub in libcurl.
Strictly speaking, non-Windows builds would also need to use GSS
allocators, but, detecting support for `gssapi_alloc.h` is impossible
without build-level logic. Built-level logic is complex and overkill,
and MIT Kerberos, as of 1.22.1, uses standard malloc/free on
non-Windows platforms anyway. (except in GSS debug builds.)
Follow-up to 73840836a5#17752Closes#19064
For files with sizes using an exact multiple of 256 bytes, the final
successful read(s) filled the buffer(s) and the subsequent fread
returned 0 for EOF, which caused read_file_into to fail.
Now, it needs to return 0 and not be EOF to be an error.
Follow-up to dd95a49d49
Pointed out by ZeroPath
Closes#19104
A bit more minimal build than the one used for trurl. To stress test
a build with most features disabled.
Costs 40 seconds, of which 6 is the build, rest is installing tools.
Ref: 5b385001d5
Ref: 3ee10692c7
Follow-up to 5af2457848#17818Closes#17961
