Move out logic from a switch() expression and return error directly
instead of using goto. This also removes the odd-looking two subsequent
closing braces at the same indent level.
Closes#19509
Add new functions in `curlx/warnless.h` for controlled type
conversions:
* curlx_uitouz, convert unsigned into to size_t (should always work)
* curlx_uztoso, convert size_t to curl_off_t, capping at CURL_OFF_T_MAX
* curlx_sztouz, convert ssize_t to size_t, return TRUE when ok
* curlx_sotouz_range, convert curl_off_t to size_t interval, capping
values to interval bounds
Remove some unnecesary casts, convert some internal recv functions
to the "return result, have size_t* arg" pattern.
Closes#19495
Rename `Curl_timeleft()` to `Curl_timeleft_ms()` to make the units in
the returned `timediff_t` clear. (We used to always have ms there, but
with QUIC started to sometimes calc ns as well).
Rename some assigned vars without `_ms` suffix for clarity as well.
Closes#19486
Overhaul of the internal cookie APIs and an attempt to better return
errors for OOM and similar critical problems, separate from ordinary and
benign parsing problems.
Closes#19493
To better reject junk and detect overflows. There were already
additional precautions and protections in place, but this is cleaner.
Extended the 1614 unit tests with some more bad syntax cases.
Closes#19475
Also:
- replace `manpage` with `man page`, add to `badwords.txt`.
- badwords.pl: import `-w` feature from curl-www, syncing the two
scripts fully.
- badwords.txt: import missing items from curl-www, syncing the two
files fully.
- pyspelling.words: drop `cURL` allowed word.
Closes#19468
The CURL_FTP_HTTPSTYLE_HEAD logic was added back in 2007 with the
intention to remove that logic one day, but since we never bump the
SONAME it is not likely to happen anytime soon. Remove again for
readability.
Follow-up to 3217809294Closes#19463
Verify that wolfSSL_BIO_meth_new() actually works and handle situations
where it returns NULL.
Reported-by: Stanislav Fort (Aisle Research)
Closes#19459
Without unit, show up to 99999 "raw" (5 digits). After that, prefer to
show the number as less than 1000 per unit and use single decimal
fraction. Like '123.4M' (spending 6 characters).
This now makes the largest possible size to show 8.0E (exabytes).
Probably makes the output easier to read.
Fixes#19431
Reported-by: Fd929c2CE5fA on github
Closes#19433
When asking for the last N bytes of a file, and that size was larger
than the file size, it would miss the first byte due to a logic error.
The fixed range parser is now made a common function in the file now
renamed to vssh.c (from curl_path.c) - used by both backends.
Unit test 2605 verifies the parser.
Reported-by: Stanislav Fort (Aisle Research)
Closes#19460
In the logic called for curl_multi_fdset().
File descriptors larger than FD_SETSIZE size are simply ignored, which
of course will make things break but at least it does not trash memory.
Reported-by: Stanislav Fort (Aisle Research)
Closes#19439
A regression in curl 8.17.0 led to a customer CAPATH set by the
application (or the curl command) to be ignored unless licurl was built
with a default CAPATH.
Add test cases using `--capath` on the custom pytest CA, generated with
the help of the openssl command when available.
Fixes#19401
Reported-by: Brad King
Closes#19308
On some platforms, socket descriptors may use types larger than int.
When these values exceed INT_MAX, conversion to int can truncate to
negative values causing RTMP connection failures, and even accidentally
affect other socket when high-value descriptors map to existing
lower-value sockets after integer conversion. This check ensures socket
values are within the safe range before passing them to the RTMP
library.
Closes#19399
Resumed TLS sessions skip OCSP stapled-response verification. Force a
full handshake so verifystatus() runs.
Follow-up to 4bfd7a9615
Pointed out by ZeroPath
Some internal functions always return CURLE_OK.
- Curl_http_proxy_get_destination() does that from bb4032a, (2 years
ago) And the original inline code does not need to check the status.
- Curl_wildcard_init() does that from e60fe20. (8 years ago)
- Curl_initinfo() does that from a very beginning.
- Curl_pgrsSetDownloadCounter() did not have a return before 914e49b,
ad051e1 recovered its content (2 years ago) but did not completely
recovered the changes related to it.
- auth_digest_get_qop_values() does that from 676de7f.
This directly changes their type to void and cleaned the remaining
checks for their return value.
Closes#19386
When Curl_conn_cf_recv() returns error, the variable might not be
assigned and the tracing output may (harmlessly) use it uninitialized.
Also add a comment about the typecast from size_t to int being fine.
Pointed out by ZeroPath
Closes#19393
Both CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR would
previously return error on bad input but would wrongly still store and
keep the partial (unacceptable) result in the handle.
Closes#19389
With GnuTLS 3.8.0+ the build-time SRP feature detection always succeeds.
It's also disabled by default in these GnuTLS versions.
When using TLS-SRP without it being available in GnuTLS, report
the correct error code `CURLE_NOT_BUILT_IN`, replacing the out of memory
error reported before this patch.
Also add comments to autotools and cmake scripts about this feature
detection property.
Detecting it at build-time would need to run code which doesn't work
in cross-builds. Once curl requires 3.8.0 as minimum, the build-time
checks can be deleted.
```
# before:
curl: (27) gnutls_srp_allocate_client_cred() failed: An unimplemented or disabled feature has been requested.
# after:
curl: (4) GnuTLS: TLS-SRP support not built in: An unimplemented or disabled feature has been requested.
```
Ref: dab063fca2
Ref: a21e89edacCloses#19365
This commit does the following things:
1. Update the description of gtls_init()
2. In gtls_client_init(), check the invaild SSLVERSION at first. Note
that this part refactors the duplicate/incompatible checks and removes
the useless local variable `sni`.
3. Check the return value of gnutls_ocsp_resp_init(). Although the
original code is safe because gnutls_ocsp_resp_import() will check
the validity of `ocsp_resp`, it is better to catch the error in time
and record the proper message to output log.
Closes#19366
