Before this fix, Curl_tls_keylog_open() assigned the environment
variable result to a global keylog_file_name without freeing any prior
allocation. If the file cannot be opened (e.g., permission error)
keylog_file_fp stays NULL, so subsequent calls to Curl_tls_keylog_open
will overwrite keylog_file_name and leak the previous allocation.
Spotted by Codex Security
Closes#21427
Since we have a new struct instance for each async operation now and
async operation may happen in parallel, remove the connection bit
indicating doh is in progress.
Closes#21422
When trying to connect a pending transfer, remember the `mid` that was
last reactivated and start looking for future pending handles from the
last one forward through the pending bitset.
Background: when many pending handles exist, iterating the bitset always
from the start may become unfair to transfers that were assigned higher
`mid` values.
Fixes#21396
Reported-by: Juan Belón
Closes#21412
- unify the query and fragment separator logic
- read the bitflags directly instead of via a temp variable
- narrow the scope of a few variables
Closes#21417
Due to year-long unreliability.
The default Ubuntu mirror works as fast as the Azure one when it's
working at its normal speed. And has HTTPS.
Also:
- replac the retry hack that turn out to not solve the problem.
- add timeouts to each download step to catch slowness early.
Follow-up to a5838847c4#21181
Follow-up to 5172ba5475#21107Closes#21414
GitHub runners are getting new 3rd-party sources frequntly now, last
week `docker.list`, this week: `google-chrome.sources`. To avoid
playing catch up, allowlist the only one we use: `ubuntu.sources`. If
this is renamed, CI would break. Let's hope this happens much less
often than new sources.
Bug: https://github.com/curl/curl/pull/21414#issuecomment-4297788640
Follow-up to 3e0e2cc1ab#21344Closes#21416
When starting an c-ares query, the provided callback may be invoked
right away, leading to a decrement of `queries_ongoing`. Increment
the counter *before* call c-ares. Otherwise, the `async->done` bit
is not properly set.
Closes#21399
As 'flags' may already have been set to something when
parse_conversion() is called, make sure to only OR the new flags.
Follow-up to 4e0bfd8cf7Closes#21398
- httpsrr: drop redundant checks.
Follow-up to 809dda3a37#21354
- httpsrr.h: drop obsolete comment.
Follow-up to 2b3dfb4ad4#21175
- ws: drop redundant check in `curl_ws_start_frame()`.
Follow-up to 37cecfc7b9#17683
- ws: fix typo in comment.
- tool_operate: fix VMS build. (broken since 2019-07-20, v7.66.0)
Follow-up to b889408500#3804
Pointed out by Copilot Code Quality
Closes#21393
- introduce 'struct when' to hold the parser result
- initwhen() initializes a 'struct when'
- datestring() parses strings
- datenum() parses numbers
- datecheck() does some final checks
- tzadjust() adds the time zone offset
- convert math to 64 bit, squeeze into time_t only in the last step,
mktimet() does the time_t storing
Closes#21394
Seen with unity, H3, wolfssl with `HAVE_EX_DATA`.
Fixing:
```
lib/vtls/wolfssl.c:412:10: error: no previous prototype for function 'Curl_wssl_cache_session' [-Wmissing-prototypes]
412 | CURLcode Curl_wssl_cache_session(struct Curl_cfilter *cf,
| ^
lib/vtls/wolfssl.c:412:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
412 | CURLcode Curl_wssl_cache_session(struct Curl_cfilter *cf,
| ^
| static
1 error generated.
```
Follow-up to cc5c1553fb#19852Closes#21392
HEv3 describes conditions on when first connect attempts shall be
started.
https://www.ietf.org/archive/id/draft-ietf-happy-happyeyeballs-v3-01.html
Chapter 4.2
libcurl now waits 50ms for AAAA and HTTPS results (when requested) to
return before continuing with the connect.
Added HTTPS-RR to the "was resolved" information info message. Changed
logging of HTTPS-RR to a one-liner with RFC 9460 like formatting. This
way the user can see if/what was resolved and used in connecting.
Closes#21354
Track lock status of session cache, add DEBUGASSERT()s for proper
calling sequences. Add check of lock status.
Use lock status check to prevent reentry of import/export calls.
Deny such calls with CURLE_RECURSIVE_API_CALL.
Closes#21383
Also fix clang-tidy `readability-redundant-control-flow`.
```
lib/vtls/openssl.c:4055:46: error: unused parameter 'reason' [-Wunused-parameter]
4055 | int reason)
| ^
lib/vtls/openssl.c:4279:19: error: variable 'status' set but not used [-Wunused-but-set-variable]
4279 | const char *status = NULL;
| ^
```
Ref: https://github.com/curl/curl/actions/runs/24641388439/job/72045859306?pr=21379
```
lib/vtls/openssl.c:4092:7: error: Value stored to 'rv' is never read [clang-analyzer-deadcode.DeadStores]
4092 | rv = SSL_ech_get1_status(ssl, &inner, &outer);
| ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/vtls/openssl.c:4092:7: note: Value stored to 'rv' is never read
4092 | rv = SSL_ech_get1_status(ssl, &inner, &outer);
| ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/vtls/openssl.c:4112:3: error: redundant return statement at the end of a function with a void return type [readability-redundant-control-flow]
4111 | #endif
| ~~~~~~
4112 | return;
| ^~~~~~~
4113 | }
```
Ref: https://github.com/curl/curl/actions/runs/24642154148/job/72047919525?pr=21379#step:42:186
Cherry-picked from #21379Closes#21380
The combination of a misspelled directory name and failing to check the
result of cd leads to infinite recursion as `make check` simply invokes
itself over and over.
Follow-up to 00887aee8c#18079Closes#21378
On platforms where struct sockaddr has a length field, the current code
leaves it uninitialized, resulting in a test failure when valgrind is
used.
Closes#21377
`ssh-keygen -t ed25519` does not support PEM key format, and it
defaults to `RFC4716` which is what we want.
It affected GHA/windows tests that explicitly used ed25519 keys.
Also:
- GHA/windows: bump minimums to hopefully catch this early next time.
1701a8319e#21353
- merge two Perl lines.
Reported-by: herbenderbler on github
Fixes#21360
Follow-up to acda4eae5e#21223Closes#21374
