A previous refactor made the parser more lenient and this takes it back
to making sure only ascii digits are accepted.
Added test 1684 to verify
Follow-up to 304b5183fd
Pointed out by Codex Security
Closes#21041
- Rename `Curl_resolv_unlink()` to `Curl_dns_entry_unlink()`.
- Change `Curl_dnscache_get()` to return CURLcode result. Returns
now `CURLE_COULDNT_RESOLVE_HOST` for "negative" cache entries.
- Add `Curl_dnscache_add_negative()` to put a "negative" entry
into the cache.
Closes#20864
- Split WINSOCK and POSIX code in `multi_wait()` as the ifdef'ery
was becoming unreadable
- define `ENABLE_WAKEUP` to mean the wakeup socketpair is enabled,
no additional USE_WINSOCK check needed. Under WINSOCK
`ENABLE_WAKEUP` is not defined, so it's availability is as before
under the double defined() checks
- When the multi handle has "alive" transfers, the admin handle's
pollset include the wakeup receive socket. This results in the
admin handle running when someone uses `curl_multi_wakeup()`.
- Without any "alive" transfers, the wakeup socket is removed from
the pollset. Otherwise, event based processing would never finish,
eg. leave the event loop.
- The wakeup socket was never registered for event processing before,
e.g. `curl_multi_wakeup()` never worked in that mode.
- Adjust test exepectations on socket callback invocations and
number of sockets appearing in waitfds sets.
Closes#20832
It had an 'f' too few. Also provide CURLPROTO_WS* unconditionally
internally, so that code can depend on them in all builds.
Follow-up to cd5ca80f00
Spotted by Codex Security
Test case 3219 added to catch this next time.
Closes#21031
When composing the <scheme>_proxy environment variable, we assume the
handler->scheme name is already lowercase.
This makes unit test 1627 verify that is the case.
Follow-up to c294f9cb56
Spotted by Codex Security
Closes#21033
- move defines to header file
- make bit2str require < 8 unused bits
- make bool strings stricter
- make UTime2str show + or - for custom time zones
- removed unused 'type' argument to ASN1tostr() function
- fix int2str for negative values. All values below 10000 are now shown
in decimal properly, also possibly negative values.
Add unit test 1667 to verify ASN1tostr
Closes#21013
Prior to this, -G would override the scheme set with --proto-default and
revert back to guessing the scheme based on the hostname.
Add test 2008 to verify the fix
Spotted by Codex Security
Closes#20992
- make extract-unit-protos handle multi-line prototypes - but they need
to be above the implementation
- Prototypes for static functions we use in unit tests should not be in
header files. We generate lib/unitprotos.h for this purpose
- Removed some function wrappers written for unit tests and make them
use UNITTEST function directly.
- Renamed time2str() in the tool to timebuf() since we have the same
name in lib/ and in unit tests they can both be used non-static in a
build.
This reverts commit f95fadd116.
Follow-up to #21010Closes#21014
Silencing these warnings (seen on Solaris 11 SPARC GCC 4.9.2 + OpenCSW):
```
lib1521.c: In function 'test_lib1521':
/include/curl/typecheck-gcc.h:93:13: warning: call to 'Wcurl_easy_setopt_err_conv_cb' declared with attribute warning: curl_easy_setopt expects a curl_conv_callback argument
curl_easy_setopt(curl, CURLOPT_CONV_FROM_NETWORK_FUNCTION,
curl_easy_setopt(curl, CURLOPT_CONV_TO_NETWORK_FUNCTION,
curl_easy_setopt(curl, CURLOPT_CONV_FROM_UTF8_FUNCTION,
/include/curl/typecheck-gcc.h:123:13: warning: call to 'Wcurl_easy_setopt_err_interleave_cb' declared with attribute warning: curl_easy_setopt expects a curl_interleave_callback argument
curl_easy_setopt(curl, CURLOPT_INTERLEAVEFUNCTION,
```
Ref: https://curl.se/dev/log.cgi?id=20260319160651-1785427#prob2
Follow-up to de0adda78cCloses#21017
- return error on zero length input
- return error on OOM or doing too large output
- fix full 32-bit number support
- fix the broken handling of the first and second numbers
- support up to 32-bit minus 80 for the second number
- a field with a leading 0x80 is now considered an error, since it only
works as padding and is then no longer the shortest possible version
Add unit tests in 1666
Bonus: removed the last argument to OID2str() as it was always set TRUE.
Closes#21003
Extend `#pragma diagnostic push`/`pop` guards to the whole codebase
(from tests and examples only) to disable it for GCC <4.6. Rename guard
to `CURL_HAVE_DIAG` and make it include llvm/clang to be interchangeable
with `__GNUC__ || __clang__` in this context.
The above means no longer disabling certain warnings locally, so pair
this with disabling all picky warnings for GCC <4.6.
Also:
- drop global workarounds for misbehaving GCC <4.6 compiler warnings.
Not needed with picky warnings disabled.
Reported-by: fds242 on github
Reported-by: Sergey Fedorov
Thanks-to: Orgad Shaneh
Follow-up to f07a98ae11#20366Fixes#20892Fixes#20924Closes#20902Closes#20907
A malicious or compromised FTP server could include control characters
(e.g. bare \r, or bytes 0x01-0x1f/0x7f) inside the quoted directory path
of its 257 PWD response. That string is stored verbatim as
ftpc->entrypath and later sent unescaped in a CWD command on connection
reuse via Curl_pp_sendf(), which performs no sanitization before
appending \r\n.
Reject the entire path if any control character is encountered during
extraction so that tainted data never reaches a subsequent FTP command.
Add test case 3217 and 3218 to verify. Adjusted test 1152 accordingly.
Closes#20949
Paths starting with one or two leading dots but without a following
slash were not handled correctly.
Follow-up to c31dd6631f
Extended test 1395 accordingly with a set of new test string.
Reported by Codex Security
Closes#20974
Introduce `Curl_xfer_is_secure(data)` that returns TRUE for transfers
that happen(ed) over a end-to-end secured connection, e.g. SSL.
Add test1586 to verify behaviour for http: transfers via a https: proxy.
Reported-by: lg_oled77c5pua on hackerone
Closes#20951
For cases where the user puts a double quote or backspace in the user
name.
Adjusted test 907 to verify
Reported-by: am-perip on hackerone
Closes#20940
When saving a file with --no-clobber, make sure the existing file name
remains set when creating the name fails. In a retry scenario, it comes
back and uses that variable again.
Add test 3036 to verify.
Reported-by: James Fuller
Closes#20939
To include what's actually used.
Also:
- drop unused includes.
- scope includes where possible.
- drop `curlx/curlx.h` umbrella header.
- config2setopts: include `netinet/in.h` for Cygwin/MSYS2.
Previously included by chance via an unused curlx include.
Closes#20776
Fix potential inifinite loop reading file content with `Curl_get_line()`
when a filename passed via these options are pointing to a directory
entry (on non-Windows):
- `--alt-svc` / `CURLOPT_ALTSVC`
- `-b` / `--cookie` / `CURLOPT_COOKIEFILE`
- `--hsts` / `CURLOPT_HSTS`
- `--netrc-file` / `CURLOPT_NETRC_FILE`
Fix by checking for this condition and silently skipping such filename
without attempting to read content. Add test 1713 to verify.
Mention in cookie documentation as an accepted case, also show a verbose
message when a directory is detected. Extend test 46 to verify if such
failure lets the logic continue to the next cookie file.
Reported-and-based-on-patch-by: Richard Tollerton
Fixes#20823Closes#20826 (originally-based-on)
Follow-up to 769ccb4d42#19140Closes#20873
Eliminate `conn->bits.ipv6_ip`
The bit was only correct for the first transfer using a connection. Use
`data->state.up.hostname` instead in places that need the URL hostname
in its original form.
Fix parseurlandfillconn() to not modify `data->state.up.hostname` before
copying the connection's hostname, but modify the copy instead, leaving
the URL hostname intact.
Closes#20919
- tool_getparam: revert an unnecessary/no-op C89 warning silencer.
Follow-up to 09c9afdd71#20363
- tool_writeout: add comment saying silencing is a no-op for llvm/clang.
For `strftime()` it is a GCC-specific, as of llvm/clang v22.1.0.
Follow-up to f07a98ae11#20366
- unit1652: drop always-false `!defined(__clang__)` guard.
Pointed-out-by: Orgad Shaneh
Ref: #20902
Follow-up to 7e814c8717#16062
- unit1652: document that `-Wformat` is necessary for GCC v5 to v8.
Follow-up to 71cf0d1fca#14772Closes#20908
In a -j192 build, this output used a three-digit number for the output,
thus wrapping differently and causing it to error.
Reported-by: Carlos Henrique Lima Melara
Closes#20910
Follow-up to 04289c62de. Regression shipped in 8.13.0.
- a logic error made it not loop and thus only match if the searched string
was first
- it no longer matches a substring
Adjusted test 1 to use multiple values in the Connection: response
header. Adjusted test 1542 to have a "Connection: close-not" which
should not match.
Reported-by: Henrique Pereira
Closes#20894
A logic error made the function not check the last character, which thus
could make it accept invalid schemes.
Added test 1965 to verify
Reported-by: Otis Cui Lei
Closes#20893
Previously it lacked the actual return. libssh.c uses the same function
name.
Verified by test 2007.
Reported-by: m777m0 on hackerone
Follow-up to 578706addeCloses#20883
It's mostly a filler word. I've read through each use of it in the code
base and did minor rephrasings when "simply" carried some meaning. The
overwhelming majority of cases, removing it improved the text
significantly. Inspired by #20793.
Closes#20822
