It's causing false-positives with clang-tidy v21, in cases in system
headers (seen in `FD_ISSET()` with macOS SDK). In some cases in
tests/server, there was no distinct source line that was triggering it.
Example:
```
/Applications/Xcode_16.4.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX15.5.sdk/usr/include/sys/_types/_fd_def.h:83:10: error: Potential out of bound access to 'fds_read.fds_bits' with tainted index [clang-analyzer-security.ArrayBound,-warnings-as-errors]
83 | return _p->fds_bits[(unsigned long)_fd / __DARWIN_NFDBITS] & ((__int32_t)(((unsigned long)1) << ((unsigned long)_fd % __DARWIN_NFDBITS)));
| ^
[...]
/Users/runner/work/curl/curl/tests/server/socksd.c:679:5: note: Taking false branch
679 | if(rc < 0) {
| ^
```
Closes#18422
- add Curl_secure_context(), to have it determined in a single place.
- tweak the Curl_cookie_getlist() proto. Move some logic into the
function - at is only called in a single place. Instead of forcing the
caller to do it.
- make 'is_ip' a const
Closes#18419
Write out 9-length frames to client's WRITEFUNCTION
Read 0-length frames from READFUNCTION *if* the function
started a new frame via `curl_ws_start_frame()`.
Fixes#18286Closes#18332
Reported-by: Andriy Druk
Applied the same workaround to the build examples as used earlier in CI.
That is, drop `<path> from `--with-ngtcp2=<path>` and configure env
`PKG_CONFIG_PATH` instead.
Till the root cause is fixed.
Ref: 99500660af#18028
Reported-by: Pavel Kropachev
Fixes#18188Closes#18415
- Move the schannel_recv renegotiation code to function
schannel_recv_renegotiate.
- Save the state of a pending renegotiation.
- Pre-empt schannel_recv and schannel_send to continue a pending
renegotation.
- Partially block during renegotiation if necessary.
Prior to this change, since a1850ad7 (precedes 8.13.0), schannel_recv
did not properly complete renegotiation before attempting to decrypt
data. In some cases that could cause an error SEC_E_CONTEXT_EXPIRED.
Most of the time though DecryptMessage would succeed by chance and
return SEC_I_RENEGOTIATE which allowed the renegotiation to continue.
Reported-by: stephannn@users.noreply.github.com
Reported-by: Dustin L. Howett
Fixes https://github.com/curl/curl/issues/18029
Closes https://github.com/curl/curl/pull/18125
- Avoid checking what's always true. The ftpcode pointer is always
passed in, so use it.
- Simplified an indent level somewhat
- Split out two functions from the state machine
Closes#18403
Every time we first run runtests with -j and then again *without* -j,
this message was shown:
"Warning: $runnerid: cleardir(log) failed"
Not anymore.
Closes#18404
This function returned error on MANY places, each with its own cleanup
sequence and by the look of it almost all of them were incomplete,
making them leak resources on errors.
This take now gotos to the error label where it cleans everything up
before returning error. This also simplifies the function a lot.
Closes#18315
If --trace-config is used to set a level before -v is used, don't reset
the state on first -v (to "-all") as it otherwise does. This way,
--trace-config can be used to set specific trace items before -v on the
command line and it still works.
Previously, the first -v use would otherwise reset and undo the earlier
--trace-config items.
Fixes#18346Closes#18361
The three projects (VC10, VC11, VC12) are identical except 5 repeated
strings in them. They also require running `generate.bat` before use,
to populate source files. Reduce the 3 almost identical projects to
a single template project and populate the repeated strings also via
`generate.bat`. This reduces the maintenance burden to a single copy of
the project files. Also saving 10000 LOCs.
Closes#18396
- schannel: apply BoringSSL workaround to AWS-LC too.
Affects Schannel + AWS-LC MultiSSL builds. (not tested in CI)
Ref: 274940d743#2643#2634
- curl_ntlm_core: deduplicate macro defines.
- curl_ntlm_core: document version thresholds for an AWS-LC-specific
workaround.
It was necessary between v1.2.0 2022-09-01 and v1.30.1 2024-06-21.
No longer necessary since v1.31.0 2024-07-01:
ba94617d99
Follow-up to 34ef4fab22#10320
- lib758: drop redundant OpenSSL version guards.
`OPENSSL_VERSION_NUMBER > 3` automatically guards against LibreSSL,
BoringSSL and AWS-LC.
Ref: https://github.com/curl/curl/pull/18288/commits/6ddd8f2c0bbfcb0847b1ee7f257fb772fa47310c
Follow-up to a5f0ab7995#18288
- dllmain, curl_sha512_256: formatting.
Closes#18387
