Commit graph

36374 commits

Author SHA1 Message Date
Viktor Szakats
ab761794c1
tests/server: drop pointless memory allocation overrides
The code was overriding system memory allocation functions to a local
jump table (declared in `curl_setup.h`). And setup that jump table
to call the original system allocation functions.

Also tested fine with cegcc/WinCE. The `_strdup` fallback was possibly
required for an MSVC WinCE toolchain.

Closes #18922
2025-10-08 12:53:49 +02:00
Joshua Rogers
38ab421f60
h3/ngtcp2: close just-opened QUIC stream when submit_request fails
Closes #18904
2025-10-07 23:59:06 +02:00
Joshua Rogers
4e77388a0b
h3/nghttp3: return NGHTTP3_ERR_CALLBACK_FAILURE from recv_header
Closes #18904
2025-10-07 23:59:00 +02:00
Joshua Rogers
4bfd7a9615
openssl: skip session resumption when verifystatus is set
Resumed TLS sessions skip OCSP stapled-response verification.
Force a full handshake so verifystatus() runs.

Closes #18902
2025-10-07 23:56:25 +02:00
Viktor Szakats
1103ccb73e
examples/sessioninfo: cast printf string mask length to int
Found via `-Wformat-signedness`:
```
docs/examples/sessioninfo.c: In function 'wrfu':
docs/examples/sessioninfo.c:75:53: error: field precision specifier '.*' expects argument of type 'int', but argument 4 has type 'unsigned int' [-Werror=format=]
  fprintf(stderr, "Certificate #%u: %.*s", i, dn.size, dn.data);
                                      ^
```
Ref: https://github.com/curl/curl/actions/runs/18320729052/job/52172864438?pr=18343#step:13:30
Ref: https://github.com/curl/curl/actions/runs/18320729095/job/52172886899?pr=18343#step:19:27

Also:
- drop unnecessary parenthesis.
- scope variables.

Ref: #18343
Closes #18918
2025-10-07 21:01:45 +02:00
Viktor Szakats
9f52458e7d
notify: use 'notify' in public header and docs
Closes #18915
2025-10-07 19:11:31 +02:00
Viktor Szakats
df70a68984
cmake: support building some complicated examples, build them in CI
Build these examples when the necessary dependencies are present:
- cacertinmem, usercertinmem (OpenSSL/fork)
- multi-uv (libuv)
- multithread, threaded-ssl (pthread)
- sessioninfo (GnuTLS)

Indicate the necessary dependency via a `Required:` comment placed in
the source file. A single dependency per source is supported as of now.
The name of the dependency should match the variable used within
the cmake scripts, which in turn matches the macro used in the config
header. E.g. for GnuTLS it's `USE_GNUTLS`.

Also:
- GHA/macos: build examples in two job to test GnuTLS and pthread ones.
- GHA/linux: enable libuv to test it with examples.

Follow-up to 6bb7714032 #18914
Closes #18909
2025-10-07 19:09:02 +02:00
Stefan Eissing
88a1ab511c
ngtcp2: fix handling of blocked stream data
The stream blocking might not be the one of the current easy handle.
Look up the stream to be marked as blocking via its stream_id in the
internal hash. Theoretically, this does not have to be one of the h3
streams, so not finding it is not an error.

Fixes #18905
Reported-by: Joshua Rogers
Closes #18906
2025-10-07 17:24:01 +02:00
Stefan Eissing
0d573969de
osslq: set out idle timeout to 0
Similar to our ngtcp2 backend, set our idle timeout for the connection
to 0, meaning we have no such timeout from our side. The effective idle
timeout is then the one announced by the peer.

Closes #18907
2025-10-07 17:23:24 +02:00
Daniel Stenberg
352d1dc6ab
CURLMOPT_NOTIFYFUNCTION.md: minor language polish
- mention the possibility of new types in the future
- s/a an/an

Closes #18913
2025-10-07 17:20:05 +02:00
Daniel Stenberg
496802fdcf
multi: use CURLMNOTIFY_ as notification id prefix
Since CURLM_ is already used as prefix for multi error codes, it makes
it easier to detect and understand the difference between identifiers -
and allows for scripts on the website and elsewhere to separate them
properly.

Follow-up to 53be8166b2
Closes #18912
2025-10-07 17:18:05 +02:00
Viktor Szakats
6bb7714032
examples: fix build issues in 'complicated' examples
- cacertinmem: build cleanly with BoringSSL/AWS-LC.
- cacertinmem: silence `-Wcast-function-type-strict`.
- multi-uv: fix callback prototypes.
- multithread, threaded-ssl: do not pass const as thread arg.
- sessioninfo: fix suppressing deprecated feature warning.
- usercertinmem: sync formatting with cacertinmem.

Follow-up to 4a6bdd5899 #18908
Cherry-picked from #18909
Closes #18914
2025-10-07 17:15:10 +02:00
Stefan Eissing
53be8166b2
multi: notify rename, remove the last stragglers
in the public API.

Follow-up to 357808f4ad

Closes #18910
2025-10-07 14:54:49 +02:00
Viktor Szakats
7ddbde4f73
cmake: build the "all" examples source list dynamically
To allow building conditional examples, and to simplify by avoiding
cmake-version dependent code.

Follow-up to fe5225b5ea #18209
Cherry-picked from #18909
Closes #18911
2025-10-07 14:37:20 +02:00
Stefan Eissing
089afd78cb
socks: handle premature close
When expecting to receive a number of bytes during socks connect,
treat an early connection close as error.

Reported-by: Joshua Rogers
Closes #18883
2025-10-07 13:14:50 +02:00
Viktor Szakats
4a6bdd5899
examples/usercertinmem: avoid stripping const
This API started accepting a const somewhere between OpenSSL 1.0.2b and
1.0.2t. It means this example, like the other similar one now works best
with those versions or newer:
```
docs/examples/usercertinmem.c💯33: error: cast from 'const char *' to 'char *' drops const qualifier [-Werror,-Wcast-qual]
  100 |   bio = BIO_new_mem_buf((char *)mypem, -1);
      |                                 ^
docs/examples/usercertinmem.c:121:34: error: cast from 'const char *' to 'char *' drops const qualifier [-Werror,-Wcast-qual]
  121 |   kbio = BIO_new_mem_buf((char *)mykey, -1);
      |                                  ^
```

Closes #18908
2025-10-07 13:12:24 +02:00
Joshua Rogers
783df22e59
vquic/ngtcp2: compare idle timeout in ms to avoid overflow
Closes #18903
2025-10-07 12:06:32 +02:00
Joshua Rogers
0061b2bfaa
vquic: fix idle-timeout checks (ngtcp2 ms<-->ns), 64-bit log & honor 0=no-timeout (osslquic)
Closes #18903
2025-10-07 12:06:26 +02:00
Stefan Eissing
357808f4ad
multi: add notifications API
Add infrastructure to colled and dispatch notifications for transfers
and the multi handle in general. Applications can register a callback
and en-/disable notification type the are interested in.

Without a callback installed, notifications are not collected. Same when
a notification type has not been enabled.

Memory allocation failures on adding notifications lead to a general
multi failure state and result in CURLM_OUT_OF_MEMORY returned from
curl_multi_perform() and curl_multi_socket*() invocations.

Closes #18432
2025-10-07 10:55:31 +02:00
Stefan Eissing
f4e83a0adc
ngtcp2: fix returns when TLS verify failed
In both send/recv functions of the ngtcp2 filter, when TLS verification
has failed, jump out by skipping ingress/egress handling.

Reported-by: Joshua Rogers
Closes #18881
2025-10-07 09:04:31 +02:00
Daniel Stenberg
752090b963
examples/synctime: make the sscanf not overflow the local buffer
If the incoming Date: header has a funky format.

Bonus: remove bad null terminator assumptions for header

Reported-by: Stanislav Fort

Closes #18890
2025-10-07 00:23:54 +02:00
Daniel Stenberg
5e3725a7af
RELEASE-NOTES: synced 2025-10-06 23:59:33 +02:00
Daniel Stenberg
33380fa214
telnet: ignore empty suboptions
To avoid printing from en empty buffer

Reported-by: Joshua Rogers
Closes #18899
2025-10-06 23:54:01 +02:00
Daniel Stenberg
3660e6da80
tftp: return error if it hits an illegal state
Reported-by: Joshua Rogers
Closes #18894
2025-10-06 23:52:57 +02:00
Daniel Stenberg
bc90f80556
tftp: default timeout per block is now 15 seconds
Down from the previous (rather ridiculous) 3600.

Reported-by: Joshua Rogers
Closes #18893
2025-10-06 23:51:43 +02:00
Daniel Stenberg
f1ed50a517
tftp: don't pin or check address if recvfrom returns error
Follow-up to c4f9977c66
Reported-by: Joshua Rogers
Closes #18892
2025-10-06 23:50:34 +02:00
Daniel Stenberg
1a3a5cb720
noproxy: fix the IPV6 network mask pattern match
It would mismatch if the network prefix length with was not divisible by
8.

Extended test 1614 to verify

Reported-by: Stanislav Fort

Closes #18891
2025-10-06 23:49:31 +02:00
Daniel Stenberg
71b5e02590
mdlinkcheck: reject URLs containing quotes
Those would be illegal anyway and would make the script misbehave

Reported-by: Stanislav Fort
Closes #18889
2025-10-06 23:38:41 +02:00
Daniel Stenberg
e214b14501
telnet: send failure logged but not returned
Return error correctly when sending fails.

Reported-by: Joshua Rogers
Closes #18887
2025-10-06 23:37:43 +02:00
Daniel Stenberg
6d9636abd1
telnet: return error if WSAEventSelect fails
Reported-by: Joshua Rogers
Closes #18886
2025-10-06 23:35:59 +02:00
Daniel Stenberg
3b18aeb8bd
managen: verify the options used in example lines
Also fix the --knownhosts typo

Follow-up to aae18c4bdc

Reported-by: Daniel Terhorst-North
URL: https://mas.to/@tastapod/115327102344617386
Closes #18884
2025-10-06 23:17:33 +02:00
Daniel Stenberg
6c7fc22f9d
pingpong: remove two old leftover debug infof() calls 2025-10-06 23:16:04 +02:00
Daniel Stenberg
66f4c5699e
test766: verify CURLOPT_SOCKOPTFUNCTION error on accept
This test does active FTP with a socketopt callback that returns error
for the CURLSOCKTYPE_ACCEPT "purpose" to make sure we test and exercise
this error path - without leaks.

Closes #18879
2025-10-06 23:16:04 +02:00
Daniel Stenberg
3517053cf7
curl_osslq: error out properly if BIO_ADDR_rawmake() fails
Reported-by: Joshua Rogers
Closes #18878
2025-10-06 23:14:55 +02:00
Daniel Stenberg
22ae8ac874
libssh2/sftp_realpath: change state consistently
Change the state in this function at a single spot independent of
success or not to simplify.

Reported-by: Joshua Rogers
Closes #18875
2025-10-06 23:13:53 +02:00
Daniel Stenberg
5090cce01c
libssh2: fix return code for EAGAIN
In disconnect

Closes #18874
2025-10-06 23:12:53 +02:00
Viktor Szakats
6f0e212f6e
tidy-up: miscellaneous (cont.)
- examples: replace magic numbers with `sizeof()`.
- typos: drop rules no longer needed after excluding tests/data.
- typos: move an exception inline.
- alpha-sort lists.
- fix indentation, whitespace.

Closes #18898
2025-10-06 22:33:38 +02:00
Viktor Szakats
b12da22db1
lib: stop overriding system printf symbols
After this patch, the codebase no longer overrides system printf
functions. Instead it explicitly calls either the curl printf functions
`curl_m*printf()` or the system ones using their original names.

Also:
- drop unused `curl_printf.h` includes.
- checksrc: ban system printf functions, allow where necessary.

Follow-up to db98daab05 #18844
Follow-up to 4deea9396b #18814

Closes #18866
2025-10-06 20:57:59 +02:00
Viktor Szakats
13f10add17
REUSE: bump reuse to v6, add more fences to fix issues
Closes #18895
Closes #18897
2025-10-06 20:54:26 +02:00
Viktor Szakats
beeb1ae762
GHA/configure-vs-cmake: reduce windows cross-toolchain apt installs
Download size: 277 MB -> 65 MB (installed: 1293 MB -> 401 MB)

Also as a workaround for Azure Ubuntu mirror slowdown issues:
https://github.com/curl/curl/actions/runs/18289326469/job/52072333582?pr=18866

Follow-up to 0455d8772a #18509

Closes #18896
2025-10-06 20:09:13 +02:00
Viktor Szakats
ef1794e50e
ldap: tidy-up types, fix error code confusion
- fix `CURLcode` vs. LDAP result code confusion.
  Return `LDAP_NO_MEMORY` when `Curl_create_sspi_identity()` fails,
  since it can only return `CURLE_OUT_OF_MEMORY` as error.
- use `ULONG` for result code on Windows. Drop casts.
- use portable `curl_ldap_num_t`. Drop casts.
- replace magic number 0 with `LDAP_SUCCESS`.
- compare with `LDAP_SUCCESS` instead of assuming non-zero.
  (where necessary.)
- add/fix `#endif` comments.
- fix indentation.

Closes #18888
2025-10-06 19:31:13 +02:00
Daniel Stenberg
92a2125684
telnet: make bad_option() consider NULL a bad option too
Follow-up to a72e1552f2
Closes #18873
2025-10-06 16:00:04 +02:00
Daniel Stenberg
2b0e7cb7c6
ftp: remove misleading comments
They indicated that sockets would not be closed but they are.

Reported-by: Joshua Rogers
Closes #18871
2025-10-06 15:58:14 +02:00
Daniel Stenberg
6ef4871f5d
ftp: improve fragile check for first digit > 3
In a case where rubbish would be sent in the line something that isn't a
digit could be first in line and treated as less than '3'. Prevent this
risk by first doing a check that the byte is a digit.

Reported-by: Joshua Rogers
Closes #18870
2025-10-06 15:56:23 +02:00
Daniel Stenberg
172e190c79
ftp: add extra buffer length check
This adds an extra check that the buffer really has data enough (at
least 4 bytes) to check for a status code before doing so. It *should*
not be necessary, but this was pointed out by an analyzer and it feels
better to make sure.

Reported-by: Joshua Rogers
Closes #18869
2025-10-06 15:48:00 +02:00
Daniel Stenberg
9e3c35a88e
ftp: fix the 213 scanner memchr buffer limit argument
Reported-by: Joshua Rogers
Closes #18867
2025-10-06 14:49:02 +02:00
Stefan Eissing
2f3cf17e33
cf-socket: check params and remove accept procondition
- creating a socket filter with NULL addrinfo fails with
  CURLE_BAD_FUNCTION_ARGUMENT
- remove getsockname use before accept call, serves no purpose
  and did not lead to proper error before

Reported-by: Joshua Rogers
Closes #18882
2025-10-06 14:48:01 +02:00
Daniel Stenberg
decd7e157c
cf-socket: always check Curl_cf_socket_peek() return code
Make it trigger a warning if not.

Reported-by: Joshua Rogers
Closes #18862
2025-10-06 14:45:53 +02:00
Viktor Szakats
51b85bdc6c
windows: use consistent format when showing error codes
For `GetLastError()` and `SECURITY_STATUS`:
0x-prefixed, 8-digit, lowercase, hex: 0x1234abcd

Also: say `GetLastError()` instead of `errno` in one message.

Closes #18877
2025-10-06 14:00:29 +02:00
Daniel Stenberg
0d68f48205
krb5_sspi: the chlg argument is NOT optional
Fix the comment, add assert.

Reported-by: Joshua Rogers
Closes #18865
2025-10-06 13:58:43 +02:00