- there is a risk for a nasty recursive situation
- we avoid certain risks that the pause call changes things so that when
returning from the callback, the state of some internals is undefined
and we need to reload which is easy to miss
- we can't think of legitiate use cases for doing this. This is
basically just the new favorite point for AI and security researchers
to find hypothetical problems
Closes#22179
- GHA/windows: mention `IgnoreStandardErrorWarningFormat=true`
in comment.
- cmake: fix MIT/GNU GSS order in messages.
- drop some exclamation marks from messages.
- drop redundant ending newlines from messages.
- fold/unfold where possible.
- fix indent, whitespace, typos and other nits.
Closes#22185
- Makefile.am: add root `test-quiet` target that maps to
`tests/quiet-test`, for completeness.
Ref: #22098
- tests/Makefile.am: drop unused remains of `MANFILES`.
Follow-up to fa3f889752#17463
Also replace the `distclean` target to delete `CLEANFILES`, otherwise
the CI dist job fails. (I'm not grokking why)
- tests/Makefile.am: sync up `tests` target with CMake, to pass `TFLAGS`
`-a`.
Follow-up to 904e7ecb66#19347
- tests/certs/Makefile.am: fix to clean generated certs via `CLEANFILES`
to comply with autotools documentation, which says the previously used
variable `DISTCLEANFILES` is meant for files created by `./configure`.
Ref: https://www.gnu.org/software/automake/manual/html_node/Clean.html
Follow-up to 44341e736a#16824
- tests/http/Makefile.am: add `./` prefix to glob passed to `rm -rf` on
clean, to avoid deleting unintented files, or pass unintended options.
Follow-up to 671158242d#10349
Cherry-picked from #22102
Cherry-picked from #22150Closes#22154
Where missing. To avoid passing an option by accident.
End-of-option marker (`--`) is not POSIX, but most of these scripts are
internal and/or CI-focused, where this is fine. `maketgz` and
`verify-release` are meant for public use, and I asses this is fine too,
but let us know if this causes issues in real world envs.
Also:
- maketgz: pass args with `:?` to `rm -rf`, where missing.
Cannot cause an actual issue with current code.
- verified `cp`, `rm` instances too, but none were affected.
- tests/cmake/test.sh: replace `$PWD` with `$(pwd)` for sturdiness.
- appveyor.sh: replace `$PWD` with `$(pwd)` for sturdiness.
Assisted-by: Dan Fandrich
Follow-up to 6aab1dc263#19450Closes#22150
Remove the suppression of connmon after the first disconnect event. The
connmon flag is set per-test via the 'connection-monitor' server command
and should remain active for the lifetime of that test's connections to
properly detect connection reuse failures.
The suppression was introduced in 510fdad to work around a connection
reuse regression that has since been resolved by the credentials
refactoring in 8f71d0f. With the underlying issue fixed, restoring full
disconnect logging strengthens tests like 338 to catch future
regressions in connection reuse logic.
Fixes#22158Closes#22159
If any sublabel is longer than 63 octets, abort. This then also catches
compression attempts.
Verified in test 1658
Reported-by: netspacer.research
Closes#22124
To avoid mistakes or abuse to cause problems. Many public DNS providers
cap their cache times to this.
Verify in test 1650
Reported-by: netspacer.research
Closes#22122
Fix a regression in curl 8.21.0-rc3: Check whether the host and the "connect
to host" are equal before initializing the proxy. If they are equal, switching
to tunnel mode is not necessary.
Follow-up to 73daec6Closes#22110
And the corresponding internal variable.
This option became the always-enabled default earlier, via #4035.
Reported-by: Zartaj Majeed
Ref: #22098
Follow-up to 6617db6a7e#4035Closes#22100
The header path matches these prefixes case sensitively, as 5af0165562
made it for cookie spec reasons, but the Netscape cookie-file path still
used a case-insensitive match. Align the file path so a differently
cased name like __secure-x is treated as an ordinary cookie instead of
being put through the prefix integrity checks.
Extended test 2311 to cover it.
Closes#22085
Add test 2108 covering the rejection over FTP. Drop the now-vestigial
nul bytes from test 1282; they exercised the removed Kerberos FTP
security buffer check and now trip this rejection before the 633
login-denied path is reached.
Closes#21996
Yes, we were counting the "live" transfers before, but were they
*really* alive?
When determining to add the wakeup socket to fdset/waitfds etc, we
should only do that when the multi handle is actually processing
transfers. Other wise, the application could wait on the wakeup socket
forever.
For this, we counted `multi->xfers_alive` (e.g. the "running" number
returned by `curl_multi_perform()`). This was almost correct.
The problem is that added easy handles are counted as "alive" right away
on the addition. But the processing has not started yet. They did not
trigger any DNS resolves or opened any sockets yet.
Add two fields in multi and easy handle:
* `multi->xfers_really_alive`: counts the "alive" transfers that have
passed `MSTATE_INIT` (at least once)
* `data->state.really_alive`: to track if the transfer has been counted
Add test 2412 to check that adding transfers without perform will not
trigger the wakeup socket to be added.
Fixes#22050
Reported-by: Bryan Henderson
Closes#22066
Since we have the quirky of empty credentials (the empty string for
username and password) for Negotiate reactivated, we need to check for
this when considering Basic and Digest auth.
Verify a redirect to blank user+password in test 2208
Closes#22060
- drop the old test_setopt() which did the same thing
- remove #if 0'ed macros from first.h
These macros now store results in 'result' more aggressively, but I
believe that is generally favorable.
Closes#22057
When talking to a forwarding proxy, do not start HTTPS Eyeballing.
We might support this in the future, but for now, the --httpx.x
arguments to do not apply to such a setup.
Add a test case for forward proxying without use of ALPN.
Closes#22033
`Curl_secure_context()` checked `conn->scheme` to determine if Secure
cookies may be sent. Since 73daec6, `conn->scheme` is set to the proxy's
scheme when using an HTTPS forwarding proxy, causing the function to
return TRUE for HTTP origins. This leaked Secure cookies over the
plaintext connection between proxy and origin.
Use `data->state.origin->scheme` instead, which always reflects the
origin's scheme regardless of proxy configuration.
Not an approved vulnerability because the regression was introduced
after the last release and is not present in any released version.
Verified by test 3401
Follow-up to 73daec6620
Reported-by: daviey on hackerone
URL: https://hackerone.com/reports/3803415Closes#22024
- lib650: pass `long` to `CURLFORM_NAMELENGTH` in test.
Spotted by Copilot.
https://github.com/curl/curl/pull/22011#discussion_r3412407235
Follow-up to 3620e569b3
- lib650: drop an interim variable, and interim casts.
Follow-up to 60776a0515#2747
- curl_formdata.md: document `CURLFORM_NAMELENGTH` on man page.
- curl_formdata.md: pass `long` to `CURLFORM_BUFFERLENGTH` on man page.
- formdata: pass `long` to `CURLFORM_CONTENTSLENGTH` in comment.
Closes#22017
For correctness. Did not cause an issue, because the null-terminator is
present.
Also:
- change a size type to avoid casts.
- reuse input length value.
Spotted by GitHub Code Quality
Follow-up to 1e4cb333ef#4826Closes#22027
In `bind_unix_socket()`, before retrying `bind()`.
This patch uses `ENOENT`. This was last time in source between
d25b050379 (2018) and
dffd996e3b (2023), and also earlier. Also
defined by supported Windows envs. Seems safe to use.
Reported-by CodeQL
Follow-up to 99fb36797a
Cherry-picked from #22010Closes#22028
The reason to use them seems to be that just (void) before a function
call is not enough to silence compiler warnings when return codes are
ignored and -Werror=unused-result is used.
While (void)! apparently works to silence those warnings, it is just too
weird and surprising to readers to use.
It is rather a reason to reconsider the usefulness of the warning.
Closes#22023
On Windows there is no `lstat()`, which was later substituted with
normal `stat()`, but on Windows `S_IFSOCK` is never defined, which meant
the output of stat was not actually used, reducing this to checking for
the presence of the file, and bailing out without retry if missing.
Follow-up to 30e491e5c9#7034
Follow-up to 99fb36797a
Cherry-picked from #22010Closes#22021
- `N byte` -> `N-byte` or `N bytes`.
- INTERNALS.md: language tweaks.
- schannel: language tweak in comment/error message.
- socks_gssapi, socks_sspi: simplify composing an error message.
(at a cost of 8 extra constant string bytes.)
- m4/curl-compilers.m4: fix typo in link (in comment).
- contrithanks.sh: fix indent, drop stray `;` terminator.
- lib, src, tests: drop/fix a bunch of badwords.
- fix typos in comments.
- fix indent, stray spaces.
Some of these spotted by GitHub Code Quality and Copilot
Closes#22009
- sws: fix socket error code in `select()` failure message.
Spotted by Copilot
Bug: https://github.com/curl/curl/pull/21998#discussion_r3409469444
- sws: do not call `SOCKERRNO` twice on error.
- dnsd: do not call `SOCKERRNO` twice on error.
- dnsd: replace `goto` with `while()` to sync with rest of code.
- dnsd: `sendto()` fail message fixes:
- replace `int` cast with `%zu` mask.
- drop redundant newline.
- show socket error string like rest of code.
- report not-fully-sent error separately from socket errors.
Closes#22007
Check for `!got_exit_signal` as part of the `while()` expression,
instead of doing it after calling `curlx_wait_ms()`. To simplify and
improve consistency with rest of code.
Follow-up to 0653fa107f
Follow-up to 123c92c904Closes#22006
Add `data->state.origin` as the origin the transfer is sending the
current request to/gets the response from. Use it for request specific
properties like authentication, hsts and cookie handling, etc.
Unless talking to a forwarding HTTP proxy (e.g. not tunneling),
`data->state.origin` and `conn->origin` are the same.
With a forwarding HTTP proxy in play, `conn->origin` is set to
`conn->http_proxy.peer` and `conn->bits.origin_is_proxy` (a new bit) is
set.
Remove the connection bits, now replaced with:
* `conn->bits.socksproxy` -> `conn->socks_proy.peer`
* `conn->bits.httpproxy` -> `conn->http_proy.peer`
* `conn->bits.proxy` -> `(conn->socks_proy.peer || conn->http_proy.peer`)
* `conn->bits.tunnel_proxy` -> (`conn->http_proy.peer && !conn->bits.origin_is_proxy`)
* `(conn->bits.httpproxy && !conn->bits.tunnel_proxy)` -> `conn->bits.origin_is_proxy`
Rename `noproxy.[ch]` to `proxy.[ch]`. Move the connection proxy setup
code from `url.c` to `proxy.c`.
Remove `data->info.conn_remote_port` as no one uses it.
Add test_40_02b for a SOCKS connection to a forwarding HTTPS proxy.
Update internal documentation about peers and creds.
Closes#21967