Commit graph

7658 commits

Author SHA1 Message Date
Stefan Eissing
cfc7922377
altsvc: use Curl_peer in processing
Use `data->state.origin` when processing alt-avc information.

Decomplexify parsing function.

Closes #22184
2026-06-26 14:12:53 +02:00
Daniel Stenberg
a6af50c484
multi: forbid curl_easy_pause from within multi socket callback
- there is a risk for a nasty recursive situation

- we avoid certain risks that the pause call changes things so that when
  returning from the callback, the state of some internals is undefined
  and we need to reload which is easy to miss

- we can't think of legitiate use cases for doing this. This is
  basically just the new favorite point for AI and security researchers
  to find hypothetical problems

Closes #22179
2026-06-26 13:43:48 +02:00
Viktor Szakats
397b8f0ec6
tidy-up: docs, comments, typos, whitespace
- GHA/windows: mention `IgnoreStandardErrorWarningFormat=true`
  in comment.
- cmake: fix MIT/GNU GSS order in messages.
- drop some exclamation marks from messages.
- drop redundant ending newlines from messages.
- fold/unfold where possible.
- fix indent, whitespace, typos and other nits.

Closes #22185
2026-06-26 11:36:09 +02:00
Viktor Szakats
d2fe26cfe2
runtests: exit with error on -k option
Ref: https://github.com/curl/curl/pull/22157#discussion_r3473254887
Follow-up to 481e10160f #22157
2026-06-25 11:35:06 +02:00
Viktor Szakats
481e10160f
runtests: restore -k option and actively process as no-op
Restore processing this option to avoid falling it through and
misinterpreted as something else, which in turn disables tests.

Exit with an error instead. We delete completely in December 2026.

Reported-by: Sam James
Bug: https://github.com/curl/curl/pull/22100#issuecomment-4789828929
Follow-up to 04305a3e40 #22100
Follow-up to 6617db6a7e #4035

Closes #22157
2026-06-25 11:32:36 +02:00
Viktor Szakats
2f4d3221aa
autotools: minor fixes and improvements
- Makefile.am: add root `test-quiet` target that maps to
  `tests/quiet-test`, for completeness.
  Ref: #22098

- tests/Makefile.am: drop unused remains of `MANFILES`.
  Follow-up to fa3f889752 #17463
  Also replace the `distclean` target to delete `CLEANFILES`, otherwise
  the CI dist job fails. (I'm not grokking why)

- tests/Makefile.am: sync up `tests` target with CMake, to pass `TFLAGS`
  `-a`.
  Follow-up to 904e7ecb66 #19347

- tests/certs/Makefile.am: fix to clean generated certs via `CLEANFILES`
  to comply with autotools documentation, which says the previously used
  variable `DISTCLEANFILES` is meant for files created by `./configure`.
  Ref: https://www.gnu.org/software/automake/manual/html_node/Clean.html
  Follow-up to 44341e736a #16824

- tests/http/Makefile.am: add `./` prefix to glob passed to `rm -rf` on
  clean, to avoid deleting unintented files, or pass unintended options.
  Follow-up to 671158242d #10349

Cherry-picked from #22102
Cherry-picked from #22150

Closes #22154
2026-06-25 11:32:36 +02:00
Viktor Szakats
ccf19d59e7
scripts: use end-of-options marker in cd, mkdir, mv, sha256sum commands
Where missing. To avoid passing an option by accident.

End-of-option marker (`--`) is not POSIX, but most of these scripts are
internal and/or CI-focused, where this is fine. `maketgz` and
`verify-release` are meant for public use, and I asses this is fine too,
but let us know if this causes issues in real world envs.

Also:
- maketgz: pass args with `:?` to `rm -rf`, where missing.
  Cannot cause an actual issue with current code.
- verified `cp`, `rm` instances too, but none were affected.
- tests/cmake/test.sh: replace `$PWD` with `$(pwd)` for sturdiness.
- appveyor.sh: replace `$PWD` with `$(pwd)` for sturdiness.

Assisted-by: Dan Fandrich
Follow-up to 6aab1dc263 #19450

Closes #22150
2026-06-25 11:32:36 +02:00
Daniel Stenberg
c6c4c6a16d
test 1560: test RFC4291 style IPv6 IPv4-mapped addresses
Closes #22136
2026-06-25 11:03:18 +02:00
alhudz
f746780a1e
mqtt: reject control bytes in the topic
Closes #22112
2026-06-25 09:35:01 +02:00
Samuel Dainard
5232c16208
sws: allow connection-monitor to log all disconnects
Remove the suppression of connmon after the first disconnect event. The
connmon flag is set per-test via the 'connection-monitor' server command
and should remain active for the lifetime of that test's connections to
properly detect connection reuse failures.

The suppression was introduced in 510fdad to work around a connection
reuse regression that has since been resolved by the credentials
refactoring in 8f71d0f. With the underlying issue fixed, restoring full
disconnect logging strengthens tests like 338 to catch future
regressions in connection reuse logic.

Fixes #22158
Closes #22159
2026-06-25 08:37:19 +02:00
Daniel Stenberg
9adc32a6e2
test 679: add a quoted string name in a netrc test
By using quotes a user name can have a space in netrc

Closes #22147
2026-06-23 17:23:11 +02:00
Stefan Eissing
be1d976a2a
peer: fix ipv6 detection
When trying to detect ipv6 addresses, ipv4 addresses were also
flagged as ipv6.

Add test2413 to check.

Closes #22134
2026-06-22 17:16:07 +02:00
Daniel Stenberg
ab779d4e4a
doh: stricter HTTPS RNAME parsing
If any sublabel is longer than 63 octets, abort. This then also catches
compression attempts.

Verified in test 1658

Reported-by: netspacer.research
Closes #22124
2026-06-22 09:53:14 +02:00
Daniel Stenberg
e8e3af2abb
doh: cap the maximum TTL to 24 hours
To avoid mistakes or abuse to cause problems. Many public DNS providers
cap their cache times to this.

Verify in test 1650

Reported-by: netspacer.research
Closes #22122
2026-06-22 09:12:55 +02:00
Michael Kaufmann
810d9535e1
proxy: fix automatic tunnel mode with "connect to host"
Fix a regression in curl 8.21.0-rc3: Check whether the host and the "connect
to host" are equal before initializing the proxy. If they are equal, switching
to tunnel mode is not necessary.

Follow-up to 73daec6

Closes #22110
2026-06-22 08:53:31 +02:00
Viktor Szakats
04305a3e40
runtests: drop orphaned, no-op -k option
And the corresponding internal variable.

This option became the always-enabled default earlier, via #4035.

Reported-by: Zartaj Majeed
Ref: #22098
Follow-up to 6617db6a7e #4035

Closes #22100
2026-06-19 14:46:49 +02:00
alhudz
fdd6ba3580
cookie: check __Secure- and __Host- case sensitively when read from file
The header path matches these prefixes case sensitively, as 5af0165562
made it for cookie spec reasons, but the Netscape cookie-file path still
used a case-insensitive match. Align the file path so a differently
cased name like __secure-x is treated as an ordinary cookie instead of
being put through the prefix integrity checks.

Extended test 2311 to cover it.

Closes #22085
2026-06-18 23:58:07 +02:00
alhudz
2f8fb98c5f
pingpong: reject nul byte in server response line
Add test 2108 covering the rejection over FTP. Drop the now-vestigial
nul bytes from test 1282; they exercised the removed Kerberos FTP
security buffer check and now trip this rejection before the 633
login-denied path is reached.

Closes #21996
2026-06-18 14:17:27 +02:00
Stefan Eissing
f0be417635
multi: xfers_really_alive
Yes, we were counting the "live" transfers before, but were they
*really* alive?

When determining to add the wakeup socket to fdset/waitfds etc, we
should only do that when the multi handle is actually processing
transfers. Other wise, the application could wait on the wakeup socket
forever.

For this, we counted `multi->xfers_alive` (e.g. the "running" number
returned by `curl_multi_perform()`). This was almost correct.

The problem is that added easy handles are counted as "alive" right away
on the addition. But the processing has not started yet. They did not
trigger any DNS resolves or opened any sockets yet.

Add two fields in multi and easy handle:

* `multi->xfers_really_alive`: counts the "alive" transfers that have
  passed `MSTATE_INIT` (at least once)
* `data->state.really_alive`: to track if the transfer has been counted

Add test 2412 to check that adding transfers without perform will not
trigger the wakeup socket to be added.

Fixes #22050
Reported-by: Bryan Henderson
Closes #22066
2026-06-18 10:31:40 +02:00
alhudz
4a86af9940
cookie: reject control octets in file-loaded cookies
Verified by test 2311

Closes #22070
2026-06-18 08:04:24 +02:00
Viktor Szakats
60381b2046
first.h reflow 2026-06-17 14:37:14 +02:00
Stefan Eissing
d2886c5ac4
http: for basic+digest auth, do not engage on empty user+passwd
Since we have the quirky of empty credentials (the empty string for
username and password) for Negotiate reactivated, we need to check for
this when considering Basic and Digest auth.

Verify a redirect to blank user+password in test 2208

Closes #22060
2026-06-17 14:05:03 +02:00
Daniel Stenberg
39caaff7b3
libtest: unify on easy_setopt macro
- drop the old test_setopt() which did the same thing
- remove #if 0'ed macros from first.h

These macros now store results in 'result' more aggressively, but I
believe that is generally favorable.

Closes #22057
2026-06-17 12:03:41 +02:00
dependabot[bot]
73d060950e
GHA: bump pip cryptography from 46.0.7 to 48.0.1
Closes #22055
2026-06-16 22:18:43 +02:00
Viktor Szakats
be8f24323e
perl: open... || -> open... or (cont.)
Also: unfold a few lines, fix a space, add a missing parentheses.

Follow-up to 678e63934c #22036

Closes #22047
2026-06-16 19:11:15 +02:00
Viktor Szakats
c2b050e4e4
servers: deduplicate storerequest() across two servers
Closes #22041
2026-06-16 12:42:59 +02:00
Daniel Stenberg
e0c6f4d4d6
tool_writeout: fix %time{} output for %s
Now testing both %s and %% in test 1981

Reported-by: wulin-nudt on github
Fixes #22038
Closes #22039
2026-06-16 10:17:43 +02:00
Viktor Szakats
678e63934c
perl: || die -> or die
Usage was fifty-fifty between these syntaxes before this patch.

Closes #22036
2026-06-16 00:41:29 +02:00
Stefan Eissing
bb72413b03
cf-https-connect: do not engage on proxy origin
When talking to a forwarding proxy, do not start HTTPS Eyeballing.
We might support this in the future, but for now, the --httpx.x
arguments to do not apply to such a setup.

Add a test case for forward proxying without use of ALPN.

Closes #22033
2026-06-15 22:32:15 +02:00
Dave Walker
b9702f8c48
cookie: use origin scheme for secure context check
`Curl_secure_context()` checked `conn->scheme` to determine if Secure
cookies may be sent. Since 73daec6, `conn->scheme` is set to the proxy's
scheme when using an HTTPS forwarding proxy, causing the function to
return TRUE for HTTP origins. This leaked Secure cookies over the
plaintext connection between proxy and origin.

Use `data->state.origin->scheme` instead, which always reflects the
origin's scheme regardless of proxy configuration.

Not an approved vulnerability because the regression was introduced
after the last release and is not present in any released version.

Verified by test 3401

Follow-up to 73daec6620
Reported-by: daviey on hackerone
URL: https://hackerone.com/reports/3803415
Closes #22024
2026-06-15 22:30:14 +02:00
Viktor Szakats
526d3b8a53
servers: silence -Wunused-result with pragma
In some configurations the `write()` functions gets the
`warn_unused_result` attribute, that makes casting to `(void)`
ineffective to silence this warning. Seen with glibc, in 5 CI jobs.
The warning option appeared in GCC 4.5 and comes enabled by default.

```
tests/server/util.c:329:5: error: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result]
  329 |     write(STDERR_FILENO, msg, sizeof(msg) - 1);
      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/27548333990/job/81427544632

Refs:
https://github.com/curl/curl/pull/22023#issuecomment-4708455631
https://gcc.gnu.org/onlinedocs/gcc-16.1.0/gcc/Warning-Options.html#index-Wunused-result
https://gcc.gnu.org/onlinedocs/gcc-16.1.0/gcc/Common-Attributes.html#index-warn_005funused_005fresult
https://stackoverflow.com/questions/40576003/ignoring-warning-wunused-result

Follow-up to c8d8f081fd #22023
Follow-up to e95f509c66 #16852

Closes #22034
2026-06-15 22:04:39 +02:00
Viktor Szakats
5687d211c4
servers: fix off-by-3 OOB write for large loghex() inputs
Spotted by GitHub Code Quality

Closes #22031
2026-06-15 18:38:29 +02:00
Viktor Szakats
adb606eae7
curl_formdata: fix to pass long where missing, document CURLFORM_NAMELENGTH
- lib650: pass `long` to `CURLFORM_NAMELENGTH` in test.
  Spotted by Copilot.
  https://github.com/curl/curl/pull/22011#discussion_r3412407235
  Follow-up to 3620e569b3

- lib650: drop an interim variable, and interim casts.
  Follow-up to 60776a0515 #2747

- curl_formdata.md: document `CURLFORM_NAMELENGTH` on man page.

- curl_formdata.md: pass `long` to `CURLFORM_BUFFERLENGTH` on man page.

- formdata: pass `long` to `CURLFORM_CONTENTSLENGTH` in comment.

Closes #22017
2026-06-15 16:57:21 +02:00
Viktor Szakats
0dae3b2690
servers: accept lstat() failing due to the file missing
In `bind_unix_socket()`, before retrying `bind()`.

Before this patch the code wanted to check if the to-be-deleted unix
socket path was indeed a socket, before deleting it and retrying to
bind. If `lstat()` failed for any reason, it skipped retry. Fix to retry
if `lstat()` failed because of the file missing.

Ref: https://pubs.opengroup.org/onlinepubs/9799919799/functions/lstat.html

Follow-up to 0882e3951d #22026
Follow-up to 03bc93bd32 #22021
Follow-up to e70f8ebd34 #22020
Follow-up to 30e491e5c9 #7034
Follow-up to 99fb36797a

Closes #22010
2026-06-15 16:43:21 +02:00
Viktor Szakats
8932063828
lib668: do not assume null-terminator in test input data
For correctness. Did not cause an issue, because the null-terminator is
present.

Also:
- change a size type to avoid casts.
- reuse input length value.

Spotted by GitHub Code Quality

Follow-up to 1e4cb333ef #4826

Closes #22027
2026-06-15 15:55:29 +02:00
Viktor Szakats
7d09426187
servers: accept unlink() failing due to the file missing
In `bind_unix_socket()`, before retrying `bind()`.

This patch uses `ENOENT`. This was last time in source between
d25b050379 (2018) and
dffd996e3b (2023), and also earlier. Also
defined by supported Windows envs. Seems safe to use.

Reported-by CodeQL
Follow-up to 99fb36797a
Cherry-picked from #22010

Closes #22028
2026-06-15 15:52:28 +02:00
Stefan Eissing
7333f6674c
cf-capsule: complete filter
Make the capsule filter complete, implement:

- pollset handling
- flush handling and querying
- shutdown handling
- replace allocated send buffer with a bufq

Closes #22019
2026-06-15 15:42:22 +02:00
Daniel Stenberg
c8d8f081fd
src/test: avoid (void)! constructs
The reason to use them seems to be that just (void) before a function
call is not enough to silence compiler warnings when return codes are
ignored and -Werror=unused-result is used.

While (void)! apparently works to silence those warnings, it is just too
weird and surprising to readers to use.

It is rather a reason to reconsider the usefulness of the warning.

Closes #22023
2026-06-15 14:43:09 +02:00
Viktor Szakats
0882e3951d
servers: mask to S_IFMT in unix socket path attribute check
Instead of `S_IFSOCK` before this patch. For correctness; it is probably
not an issue in most environments.

Spotted by Copilot
Bug: https://github.com/curl/curl/pull/22021#discussion_r3413049506
Follow-up to 99fb36797a

Closes #22026
2026-06-15 14:27:07 +02:00
Viktor Szakats
03bc93bd32
servers: drop unix socket path attribute check on Windows
On Windows there is no `lstat()`, which was later substituted with
normal `stat()`, but on Windows `S_IFSOCK` is never defined, which meant
the output of stat was not actually used, reducing this to checking for
the presence of the file, and bailing out without retry if missing.

Follow-up to 30e491e5c9 #7034
Follow-up to 99fb36797a

Cherry-picked from #22010

Closes #22021
2026-06-15 13:36:46 +02:00
Viktor Szakats
e70f8ebd34
servers: fix error message if unix socket path is not a socket
Follow-up to 99fb36797a
Cherry-picked from #22010

Closes #22020
2026-06-15 13:07:08 +02:00
Viktor Szakats
a6d9783894
libtests: prefer sizeof() over strlen(), fix potential OOB read in 1591
- test1591: fix potential OOB read.
  Spotted by GitHub Code Quality
  Follow-up to f464535bfd #3350

Closes #22011
2026-06-15 11:24:19 +02:00
Viktor Szakats
0ffab25b6c
tidy-up: miscellaneous
- `N byte` -> `N-byte` or `N bytes`.
- INTERNALS.md: language tweaks.
- schannel: language tweak in comment/error message.
- socks_gssapi, socks_sspi: simplify composing an error message.
  (at a cost of 8 extra constant string bytes.)
- m4/curl-compilers.m4: fix typo in link (in comment).
- contrithanks.sh: fix indent, drop stray `;` terminator.
- lib, src, tests: drop/fix a bunch of badwords.
- fix typos in comments.
- fix indent, stray spaces.

Some of these spotted by GitHub Code Quality and Copilot

Closes #22009
2026-06-14 20:10:28 +02:00
Viktor Szakats
f1b1919bd0
servers: drop single-use interim result variables
Closes #22008
2026-06-14 17:49:33 +02:00
Viktor Szakats
9002d3350c
servers: minor socket error handling fixes
- sws: fix socket error code in `select()` failure message.
  Spotted by Copilot
  Bug: https://github.com/curl/curl/pull/21998#discussion_r3409469444
- sws: do not call `SOCKERRNO` twice on error.
- dnsd: do not call `SOCKERRNO` twice on error.
- dnsd: replace `goto` with `while()` to sync with rest of code.
- dnsd: `sendto()` fail message fixes:
  - replace `int` cast with `%zu` mask.
  - drop redundant newline.
  - show socket error string like rest of code.
  - report not-fully-sent error separately from socket errors.

Closes #22007
2026-06-14 16:16:25 +02:00
Viktor Szakats
945938de10
rtspd: sync up sleep loop with sws
Check for `!got_exit_signal` as part of the `while()` expression,
instead of doing it after calling `curlx_wait_ms()`. To simplify and
improve consistency with rest of code.

Follow-up to 0653fa107f
Follow-up to 123c92c904

Closes #22006
2026-06-14 16:16:25 +02:00
Viktor Szakats
d9ea8cdcfa
tests/servers: do not interpret unlink() retval as errno
In `socksd` and `sws` error messages.

Also:
- show the messages only if `unlink()` failed.
- rename a return code variable and sync a message text for consistency.

Ref: https://pubs.opengroup.org/onlinepubs/9699919799/functions/unlink.html

Spotted by Copilot in `socksd.c`
Bug: https://github.com/curl/curl/pull/21998#discussion_r3409395013
Follow-up to 80eb71a3f5 #8687

Closes #22005
2026-06-14 14:25:02 +02:00
Viktor Szakats
9972f700a8
perl: switch from backticks to qx()
To make it easier to find external command invocation in the source.

Also drop backticks from a comment.

To find external command invocations in Perl code use:
```sh
git grep -E "((exec|qx|open2|open3|system)\(|open\(.+-\|)" $(<perlfiles>)
```

Refs:
https://perldoc.perl.org/functions/qx
https://perldoc.perl.org/perlop#Simpler-Quote-Like-Operators

Closes #21994
2026-06-14 14:25:02 +02:00
Viktor Szakats
fe2df80a5a
socket: use name sockerr for socket error variables
Also:
- add comment explaining a `sockerr = errno` (vs. `SOCKERRNO`)
  assigment.

Closes #21998
2026-06-14 14:17:07 +02:00
Stefan Eissing
73daec6620
lib: transfer origin and proxy handling
Add `data->state.origin` as the origin the transfer is sending the
current request to/gets the response from. Use it for request specific
properties like authentication, hsts and cookie handling, etc.

Unless talking to a forwarding HTTP proxy (e.g. not tunneling),
`data->state.origin` and `conn->origin` are the same.

With a forwarding HTTP proxy in play, `conn->origin` is set to
`conn->http_proxy.peer` and `conn->bits.origin_is_proxy` (a new bit) is
set.

Remove the connection bits, now replaced with:

* `conn->bits.socksproxy` -> `conn->socks_proy.peer`
* `conn->bits.httpproxy` -> `conn->http_proy.peer`
* `conn->bits.proxy` -> `(conn->socks_proy.peer || conn->http_proy.peer`)
* `conn->bits.tunnel_proxy` -> (`conn->http_proy.peer && !conn->bits.origin_is_proxy`)
* `(conn->bits.httpproxy && !conn->bits.tunnel_proxy)` -> `conn->bits.origin_is_proxy`

Rename `noproxy.[ch]` to `proxy.[ch]`. Move the connection proxy setup
code from `url.c` to `proxy.c`.

Remove `data->info.conn_remote_port` as no one uses it.

Add test_40_02b for a SOCKS connection to a forwarding HTTPS proxy.

Update internal documentation about peers and creds.

Closes #21967
2026-06-12 23:52:00 +02:00