- cmake: disable test bundles for clang-tidy builds.
clang-tidy ignores #included .c sources, and incompatible with unity
and bundles. It caused clang-tidy ignoring all test sources. It also
means this is the first time tests sources are checked with
clang-tidy. (autotools doesn't run it on tests.)
- cmake: update description for `CURL_TEST_BUNDLES` option.
- fix tests using special `CURLE_*` enums that were missing from
`curl/curl.h`. Add them as reserved codes.
- fix about ~50 other issues detected by clang-tidy: unchecked results,
NULL derefs, memory leaks, casts to enums, unused assigments,
uninitialized `errno` uses, unchecked `open`, indent, and more.
- drop unnecessary casts (lib1533, lib3207).
- suppress a few impossible cases with detailed `NOLINT`s.
- lib/escape.c: drop `NOLINT` no longer necessary.
Follow-up to 72abf7c13a#13862 (possibly)
- extend two existing `NOLINT` comments with details.
Follow-up to fabfa8e402#15825Closes#16756
resolver may call destroy_async_data after the name is resolved and
corresponding socketpair is already closed at this point. Any following
call to Curl_resolver_getsock should not set the fd.
Fixes#16799Closes#16802
Add a DEBUGASSERT() in Curl_dyn_free() that checks that Curl_dyn_init()
has been performed before.
Fix code places that did it wrong.
Fixes#16725Closes#16775
Syncing behavior with MD5 host public keys.
libcurl implemented to force a host key type for hosts is present in
`known_hosts`, and disabled this logic when an MD5 host public key is
explicitly set. libcurl later received support for SHA256 host public
keys. This update missed to extend the `known_hosts` logic with the new
key type.
This caused test 3022 to fail if a pre-existing `known_hosts` listed
the test server IP (127.0.0.1) with a non-RSA host key algo.
Follow-up to d1e7d9197b#7646
Follow-up to 272282a054#4747Closes#16805
These attributes were causing unexplained warnings while playing with
PR #16738: In `CURLDEBUG` builds with mingw, gcc (14.2.0), and `-O3`,
while building `libcurlu`. `-O3` is required. May be related to having
the `CURLDEBUG` allocators in the same source file as their callers
(unity mode). PR #16738 moves `memdebug.c` into the main unity unit.
Unclear why it doesn't affect `libcurl`.
E.g. CI job `mingw, CM ucrt-x86_64 schannel R TrackMemory` CI job:
https://github.com/curl/curl/actions/runs/13888662354/job/38856868429
It also reproduces in an isolated example.
Drop this attribute till we learn more about it.
Ref: https://github.com/curl/curl/pull/16737#issuecomment-2727681306
Partial revert of d5b403074e#16737Closes#16740
seen with mingw-w64 gcc 14.2.0 while playing with other modifications:
```
lib/asyn-thread.c: In function 'init_resolve_thread':
lib/asyn-thread.c:447:5: warning: 'free' called on pointer 'data' with nonzero offset 3264 [-Wfree-nonheap-object]
447 | free(td);
| ^~~~~~~~
```
Where `td` is:
```c
struct thread_data *td = &data->state.async.thdata;
```
Follow-up to d9fc64d3ab#16241Closes#16734
Fix the broken implementation to have `data->state` carry pointers into
connectdata members. Always dup the memory and free when easy handle
closes.
Closes#16733
By allocating the method string as part of the struct, the previous
fixed size limit (23 bytes) can be avoided. It would previously make
"curl -X [long string]" work against http://localhost but fail against
https://curl.se with no clear error message.
Closes#16729
It was introduced in 294136b754, but not shipped in a release. It
has caused problems and after checking, the browsers don't insist on it
even if RFC 9112 says it is mandatory.
Adjust test 2 to do a response without the space.
Closes#16728
Follow-up to 00fc55677f
Ref: https://github.com/curl/curl/pull/16716#issuecomment-2724429278
> I have some tooling leftover from when I was implementing CRL support
> in the webpki crate that downloaded every CRL I could find referenced
> in ccadb (without doing any special filtering for defunct CAs/CRLs
> mind you) and found CRLs that spanned the range from very small
> (<1mb), to medium sized (11 .. 22mb) to very large (100mb).
Reported-by: Daniel McCarney
Closes#16724
Before this patch, autotools builds excluded TrackMemory sources
(`lib/memdebug.c` and `lib/curl_multibyte.c`) based on the `DEBUGBUILD`
setting. This works in most cases because its value is the same as
`CURLDEBUG` by default, but the correct condition is `CURLDEBUG`.
It should fix `--disable-debug --enable-curldebug --enable-unity`
builds. (not tested in CI)
It also syncs behavior with cmake builds.
Ref: #16705Closes#16723
It seems unnecessary and possibly unexpected to build test servers with
debug-enabled features and memory tracking whenever the tested curl is
built like that (which is a requirement for some tests, so curl is
mostly built like that when running tests.) It also makes building
servers a little bit faster with cmake for the most common cases.
You can apply debug options to `tests/server` with these new options:
- `./configure`: `--enable-server-debug`.
- cmake: `-DENABLE_SERVER_DEBUG`.
Also sync the way we pass these macros in autotools, with CMake builds.
Before this patch, autotools passed them via `curl_config.h`. After this
patch it passes them on the command-line, like cmake builds do.
This patch also make these option no longer passed to examples and
`http/client` in cmake builds, where they were no-ops anyway.
Ref: #15000Closes#16705
Sync it with cmake to:
- exclude it from all builds except Windows and Cygwin.
- exclude it from unity builds for Cygwin to avoid the included
`windows.h` header interfere with the rest of the code.
Also:
- fix to trim ending spaces from `CSOURCES` for the `tidy` target.
The solution requires a non-POSIX `-E` `sed` option. Supported by BSD
and GNU implementations.
Follow-up to 37523c91bc#16480
Follow-up to 60c3d04465#14815
Follow-up to 7860f575fe#12408Closes#16712
Allowing 4GB on a 32-bit system is just asking for problems and could in
theory cause integer overflow in the dynbuf code.
The dynbuf now has an assert to catch code trying to set a max larger
than half SIZE_T_MAX.
Reported-by: Rinku Das
Closes#16716
The condition could not happen, as the function is only called from a
single place where the caller already made sure it can't happen. This
change still removes the flawed logic.
Reported-by: Ronald Crane
Closes#16710
Add an extra guard for the function and variable declarations to avoid
redundant redeclaration warnings when including this header multiple
times. This can happen in unity builds when including it again after
`curl_memory.h`.
Fixes:
```
bld/tests/server/CMakeFiles/servers.dir/Unity/unity_0_c.c
In file included from lib/mprintf.c:32,
from bld/tests/server/CMakeFiles/servers.dir/Unity/unity_0_c.c:7:
lib/memdebug.h:52:14: error: redundant redeclaration of ‘curl_dbg_logfile’ [-Werror=redundant-decls]
52 | extern FILE *curl_dbg_logfile;
| ^~~~~~~~~~~~~~~~
In file included from tests/server/resolve.c:50,
from bld/tests/server/server_bundle.c:7,
from bld/tests/server/CMakeFiles/servers.dir/Unity/unity_0_c.c:4:
lib/memdebug.h:52:14: note: previous declaration of ‘curl_dbg_logfile’ with type ‘FILE *’
52 | extern FILE *curl_dbg_logfile;
| ^~~~~~~~~~~~~~~~
[...]
lib/memdebug.h:110:17: error: redundant redeclaration of ‘curl_dbg_fclose’ [-Werror=redundant-decls]
110 | CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *source);
| ^~~~~~~~~~~~~~~
lib/memdebug.h:110:17: note: previous declaration of ‘curl_dbg_fclose’ with type ‘int(FILE *, int, const char *)’
110 | CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *source);
| ^~~~~~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/13822010778/job/38669360980#step:39:55
Cherry-picked from #15000Closes#16696
Regression from 597ee915c4 (not shipped in a release)
Reported-by: Carlos Henrique Lima Melara
Assisted-by: Scott Talbert
Added such a cookie to test 31.
Fixes#16692Closes#16703
Before this patch, standard `E*` errno codes were redefined on Windows,
onto matching winsock2 `WSA*` error codes, which have different values.
This broke uses where using the `E*` value in non-socket context, or
other places expecting a POSIX `errno`, e.g. file I/O, threads, IDN or
interfacing with dependencies.
Fix it by introducing a curl-specific `SOCKE*` set of macros that map to
`WSA*` on Windows and standard POSIX codes on other platforms. Then
verify and update the code to use `SOCKE*` or `E*` macro depending on
context.
- Add `SOCKE*` macros that map to either winsock2 or POSIX error codes.
And use them with `SOCKERRNO` or in contexts requiring
platform-dependent socket error codes.
This fixes `E*` uses which were supposed be POSIX values, not `WSA*`
socket errors, on Windows:
- lib/curl_multibyte.c
- lib/curl_threads.c
- lib/idn.c
- lib/vtls/gtls.c
- lib/vtls/rustls.c
- src/tool_cb_wrt.c
- src/tool_dirhie.c
- Ban `E*` codes having a `SOCKE*` mapping, via checksrc.
Authored-by: Daniel Stenberg
- Add exceptions for `E*` codes used in file I/O, or other contexts
requiring POSIX error codes.
Also:
- ftp: fix missing `SOCKEACCES` mapping for Windows.
- add `SOCKENOMEM` for `Curl_getaddrinfo()` via `asyn-thread.c`.
- tests/server/sockfilt: fix to set `SOCKERRNO` in local `select()`
override on Windows.
- lib/inet_ntop: fix to return `WSAEINVAL` on Windows, where `ENOSPC` is
used on other platforms. To simulate Windows' built-in `inet_ntop()`,
as tested on a Win10 machine.
Note:
- WINE returns `STATUS_INVALID_PARAMETER` = `0xC000000D`.
- Microsoft documentation says it returns `WSA_INVALID_PARAMETER`
(= `ERROR_INVALID_PARAMETER`) 87:
https://learn.microsoft.com/windows/win32/api/ws2tcpip/nf-ws2tcpip-inet_ntop#return-value
- lib/inet_ntop: drop redundant `CURL_SETERRNO(ENOSPC)`.
`inet_ntop4()` already sets it before returning `NULL`.
- replace stray `WSAEWOULDBLOCK` with `USE_WINSOCK` macro to detect
winsock2.
- move existing `SOCKE*` mappings from `tests/server` to
`curl_setup_once.h`.
- add missing `EINTR`, `EINVAL` constants for WinCE.
Follow-up to abf80aae38#16612
Follow-up to d69425ed7d#16615
Bug: https://github.com/curl/curl/pull/16553#issuecomment-2704679377Closes#16621
Before this patch, building tests/server (or curl with winbuild) was
broken in rare builds when many features were explicitly disabled.
Fix it by enabling base64 functions unconditionally when building
for anything other than libcurl.
Closes#16691
The protocol handlers' done() function would previous get called
unconditionally in multi_done(), no matter how far the easy handle's
state machine has transitioned.
This caused problems in IMAP which in imap_connect() initializes things
that the imap_done() function assumes has occured. I think that seems
like a correct assumption and we should rather make sure that the done()
function is only called if we have reached the PROTOCONNECT state.
This problem was found using OSS-Fuzz.
Assisted-by: Catena cyber
Closes#16681
The line conversion reader, added in crfl and prefer_ascii mode was
incrementing data->state.infilesize for every line end converted. This
results in the wrong size to start a retry of an upload.
Eliminate the increment and check upload size in FTP less precise when
conversions are done.
Bug: https://issues.oss-fuzz.com/issues/402476456Closes#16683
The curl tool and tests/server used 2 parallel implementations
of libcurl's `Curl_now()` and `Curl_timediff()` functions.
Make them use the libcurl one.
Closes#16653
- if there are pending internal handles left in the list, they are
leftovers (from for example Doh) and must be freed.
- unlink_all_msgsent_handles() did not properly move all msgsent
handles over to the process list as intended
Fixes a DoH memory leak found by oss-fuzz.
Add test 2101 that can reproduce and verify.
Closes#16674
ssh's disconnect assumed that the session to the server could be
shut down successfully during disconnect. When this failed, e.g.
timed out, memory was leaked.
Closes#16668
ssh's disconnect assumed that the session to the server could be shut
down successfully during disconnect. When this failed, e.g. timed out,
memory was leaked.
Closes#16659
ssh's disconnect assumed that the session to the server could be shut
down successfully during disconnect. When this failed, e.g. timed out,
memory was leaked.
Closes#16656
The issues found fell into these categories, with the applied fixes:
- const was accidentally stripped.
Adjust code to not cast or cast with const.
- const/volatile missing from arguments, local variables.
Constify arguments or variables, adjust/delete casts. Small code
changes in a few places.
- const must be stripped because an API dependency requires it.
Strip `const` with `CURL_UNCONST()` macro to silence the warning out
of our control. These happen at API boundaries. Sometimes they depend
on dependency version, which this patch handles as necessary. Also
enable const support for the zlib API, using `ZLIB_CONST`. Supported
by zlib 1.2.5.2 and newer.
- const must be stripped because a curl API requires it.
Strip `const` with `CURL_UNCONST()` macro to silence the warning out
of our immediate control. For example we promise to send a non-const
argument to a callback, though the data is const internally.
- other cases where we may avoid const stripping by code changes.
Also silenced with `CURL_UNCONST()`.
- there are 3 places where `CURL_UNCONST()` is cast again to const.
To silence this type of warning:
```
lib/vquic/curl_osslq.c:1015:29: error: to be safe all intermediate
pointers in cast from 'unsigned char **' to 'const unsigned char **'
must be 'const' qualified [-Werror=cast-qual]
lib/cf-socket.c:734:32: error: to be safe all intermediate pointers in
cast from 'char **' to 'const char **' must be 'const' qualified
[-Werror=cast-qual]
```
There may be a better solution, but I couldn't find it.
These cases are handled in separate subcommits, but without further
markup.
If you see a `-Wcast-qual` warning in curl, we appreciate your report
about it.
Closes#16142
CURLRES_ASYNCH - is for when built to use an async name resolver; threaded or
c-ares
USE_CURL_ASYNC - is for when built to use either an async name resolver OR DoH
Reported-by: Lars Karlitski
Fixes#16645Closes#16648
It contains a series of bugfixes and updates applied to libcurl's
`Curl_wait_ms()` over the years, but missed from the copy in
`tests/server/util.c`:
- d65321f939,
52e822173a,
5912da253b
- 4a8f459837
- 1ad49feb71
It fixes `wait_ms()` to check for, and return `SOCKERRNO`. Fixing error
handling on Windows.
Also:
- tests/server: change callers to check `SOCKERRNO`.
- `wait_ms()`: fix to check for the correct error code on Windows.
Pending for `Curl_wait_ms()`: #16621.
- `Curl_wait_ms()`: tidy-up `Sleep()` argument cast (nit).
- lib/curl_trc: drop an unused header.
Closes#16627
