romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-15 03:41:41 +03:00
Code Issues Projects Releases Packages Wiki Activity
curl/docs
History
Ruocco, Calvin d3594be653
ws: tests and fixes 
This started out as regression tests for the `curl_ws_recv()` and
`curl_ws_send()` implementation and ended up with a bugfix, additional
protocol validation and minor logging improvements.

- Fix reset of fragmented message decoder state when a PING/PONG is
  received in between message fragments.

- Fix undefined behavior (applying zero offset to null pointer) in
  curl_ws_send() when the given buffer is NULL.

- Detect invalid overlong PING/PONG/CLOSE frames.
- Detect invalid fragmented PING/PONG/CLOSE frames.
- Detect invalid sequences of fragmented frames.

  - a) A continuation frame (0x80...) is received without any ongoing
    fragmented message.
  - b) A new fragmented message is started (0x81/0x01/0x82/0x02...)
    before the ongoing fragmented message has terminated.

- Made logs for invalid opcodes easier to understand.
- Moved noisy logs to the `CURL_TRC_WS` log level.
- Unified the prefixes for WebSocket log messages: `[WS] ...`

- Add env var `CURL_WS_FORCE_ZERO_MASK` in debug builds.

  - If set, it forces the bit mask applied to outgoing payloads to
    0x00000000, which effectively means the payload is not masked at
    all. This drastically simplifies defining the expected `<protocol>`
    data in test cases.

- 2700: Frame types
- 2701: Invalid opcode 0x3
- 2702: Invalid opcode 0xB
- 2703: Invalid reserved bit RSV1 _(replaces 2310)_
- 2704: Invalid reserved bit RSV2
- 2705: Invalid reserved bit RSV3
- 2706: Invalid masked server message
- 2707: Peculiar frame sizes _(part. replaces 2311)_
- 2708: Automatic PONG
- 2709: No automatic PONG _(replaces 2312)_
- 2710: Unsolicited PONG
- 2711: Empty PING/PONG/CLOSE
- 2712: Max sized PING/PONG/CLOSE
- 2713: Invalid oversized PING _(replaces 2307)_
- 2714: Invalid oversized PONG
- 2715: Invalid oversized CLOSE
- 2716: Invalid fragmented PING
- 2717: Invalid fragmented PONG
- 2718: Invalid fragmented CLOSE
- 2719: Fragmented messages _(part. replaces 2311)_
- 2720: Fragmented messages with empty fragments
- 2721: Fragmented messages with interleaved pong
- 2722: Invalid fragmented message without initial frame
- 2723: Invalid fragmented message without final frame

- 2305: curl_ws_recv() loop reading three larger frames
  - This test involuntarily sent an invalid sequence of opcodes (0x01...,0x01...,0x81...) , but neither libcurl nor the test caught this! The correct sequence was tested in 2311 (0x01...,0x00...,0x80...). See below for 2311.
  - Validation of the opcode sequence was added to libcurl and is now tested in 2723.
  - Superseded by 2719 (fragmented message) and 2707 (large frames).
- 2307: overlong PING payload
  - The tested PING payload length check was actually missing, but the test didn't catch this since it involuntarily sent an invalid opcode (0x19... instead of 0x89...) so that the expected error occurred, but for the wrong reason.
  - Superseded by 2713.
- 2310: unknown reserved bit set in frame header
  - Superseded by 2703 and extended by 2704 and 2705.
- 2311: curl_ws_recv() read fragmented message
  - Superseded by 2719 (fragmented message) and 2707 (large frames).
- 2312: WebSockets no auto ping
  - Superseded by 2709.

- No tests for `CURLOPT_WRITEFUNCTION`.
- No tests for sending of invalid frames/fragments.

Closes #17136
2025-06-02 11:15:38 +02:00
..
cmdline-opts docs: fix typos 2025-05-29 10:21:52 +02:00
examples spelling: 'a' vs 'an' 2025-05-30 11:38:35 +02:00
internals spelling: call it null-terminate consistently 2025-05-30 17:29:45 +02:00
libcurl ws: tests and fixes 2025-06-02 11:15:38 +02:00
tests docs/tests: remove mention of hyper 2025-06-01 13:45:52 +02:00
.gitignore docs: add RELEASE-TOOLS.md.dist to .gitignore 2024-07-01 22:49:55 +02:00
ALTSVC.md docs: bring back ALTSVC.md and HSTS.md 2024-12-09 09:32:19 +01:00
BINDINGS.md BINDINGS: add zig binding 2024-08-07 14:51:09 +02:00
BUG-BOUNTY.md BUG-BOUNTY.md. mention the medium bounty amount in 2025 2025-05-28 08:47:26 +02:00
BUGS.md docs: use lowercase curl and libcurl 2025-01-02 17:15:54 +01:00
CIPHERS-TLS12.md docs: update CIPHERS.md 2024-08-12 23:35:56 +02:00
CIPHERS.md spacecheck.pl: drop more exceptions 2025-05-13 16:01:07 +02:00
CMakeLists.txt tests: move test docs into /docs 2025-05-28 15:00:03 +02:00
CODE_OF_CONDUCT.md reuse: add copyright + license info to individual docs/*.md files 2024-03-31 12:01:18 +02:00
CODE_REVIEW.md docs: misc language polish 2024-07-01 16:45:17 +02:00
CONTRIBUTE.md CONTRIBUTE: add project guidelines for AI use 2025-05-15 14:07:39 +02:00
curl-config.md docs: minor edits to please the new spellchecker regime 2025-02-27 13:15:21 +01:00
CURL-DISABLE.md cmake: document -D and env build options 2024-10-24 23:06:40 +02:00
CURLDOWN.md curldown: fixups 2024-07-19 17:03:25 +02:00
DEPRECATE.md DEPRECATE.md: add version numbers to old deprecated items 2025-05-23 11:01:13 +02:00
DISTROS.md docs: update distros links 2025-05-12 13:51:38 -07:00
EARLY-RELEASE.md reuse: add copyright + license info to individual docs/*.md files 2024-03-31 12:01:18 +02:00
ECH.md ECH: reference the OpenSSL ECH feature branch 2025-05-06 09:02:24 +02:00
EXPERIMENTAL.md docs/EXPERIMENTAL.md: add a mention of HTTPSRR as experimental 2025-01-16 19:41:42 +01:00
FAQ spelling: 'a' vs 'an' 2025-05-30 11:38:35 +02:00
FEATURES.md FEATURES.md: fix typo 2024-08-23 08:46:09 +02:00
GOVERNANCE.md reuse: add copyright + license info to individual docs/*.md files 2024-03-31 12:01:18 +02:00
HELP-US.md reuse: add copyright + license info to individual docs/*.md files 2024-03-31 12:01:18 +02:00
HISTORY.md docs/HISTORY: add some events from the last year 2025-03-06 16:06:17 +01:00
HSTS.md docs: bring back ALTSVC.md and HSTS.md 2024-12-09 09:32:19 +01:00
HTTP-COOKIES.md docs/HTTP-COOKIES.md: link to more information 2025-01-01 22:45:48 +01:00
HTTP3.md vquic: ngtcp2 + openssl support 2025-04-16 22:32:07 +02:00
HTTPSRR.md HTTPSRR.md: clarify somewhat 2025-04-28 09:11:48 +02:00
INFRASTRUCTURE.md INFRASTRUCTURE.md: add IRC and Matrix details 2025-03-24 15:21:59 +01:00
INSTALL INSTALL: converted to markdown => INSTALL.md 2016-10-21 15:57:29 +02:00
INSTALL-CMAKE.md build: tidy up internal feature detection variables for wolfSSL 2025-04-24 23:44:33 +02:00
INSTALL.md spelling: 'a' vs 'an' 2025-05-30 11:38:35 +02:00
INTERNALS.md zlib: bump minimum to 1.2.5.2 (was: 1.2.0.4) 2025-03-08 00:39:04 +01:00
IPFS.md reuse: add copyright + license info to individual docs/*.md files 2024-03-31 12:01:18 +02:00
KNOWN_BUGS GHA/non-native: un-ignore tests on OpenBSD, bump to -j8 for NetBSD/FreeBSD 2025-06-02 00:21:52 +02:00
MAIL-ETIQUETTE.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
Makefile.am tests: move test docs into /docs 2025-05-28 15:00:03 +02:00
MANUAL.md docs: use valid example domain names 2025-02-09 00:17:05 +01:00
mk-ca-bundle.md curldown: make 'added-in:' a mandatory header field 2024-07-18 18:04:09 +02:00
options-in-versions TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs 2025-04-30 17:47:22 +02:00
README.md reuse: add copyright + license info to individual docs/*.md files 2024-03-31 12:01:18 +02:00
RELEASE-PROCEDURE.md RELEASE-PROCEDURE: update the coming release dates 2025-05-07 14:39:18 +02:00
ROADMAP.md CI: add whitespace checker 2024-06-27 13:33:30 +02:00
runtests.md tests: move test docs into /docs 2025-05-28 15:00:03 +02:00
RUSTLS.md docs: rework RUSTLS install instructions 2025-03-27 08:47:43 +01:00
SECURITY-ADVISORY.md reuse: add copyright + license info to individual docs/*.md files 2024-03-31 12:01:18 +02:00
SPONSORS.md SPONSORS.md: clarify that we don't promise goods or services 2025-02-05 23:40:24 +01:00
SSL-PROBLEMS.md spelling: 'a' vs 'an' 2025-05-30 11:38:35 +02:00
SSLCERTS.md SSLCERTS: list support for SSL_CERT_FILE and SSL_CERT_DIR 2025-03-25 08:20:39 +01:00
testcurl.md tests: move test docs into /docs 2025-05-28 15:00:03 +02:00
THANKS docs/THANKS: updated from the 8.14.0 release 2025-05-28 07:40:54 +02:00
THANKS-filter docs/THANKS: updated from the 8.14.0 release 2025-05-28 07:40:54 +02:00
TheArtOfHttpScripting.md docs: use lowercase curl and libcurl 2025-01-02 17:15:54 +01:00
TODO spelling: 'a' vs 'an' 2025-05-30 11:38:35 +02:00
URL-SYNTAX.md spelling: 'a' vs 'an' 2025-05-30 11:38:35 +02:00
VERSIONS.md VERSIONS: 8.14.0 is pending 2025-04-16 09:39:06 +02:00
VULN-DISCLOSURE-POLICY.md VULN-DISCLOSURE-POLICY.md: the distros list wants <= 7 days embargo 2025-05-31 18:00:58 +02:00
wcurl.md wcurl: import v2025.04.20 script + docs 2025-04-21 11:06:44 +02:00

README.md

curl logo

Documentation

You find a mix of various documentation in this directory and subdirectories, using several different formats. Some of them are not ideal for reading directly in your browser.

If you would rather see the rendered version of the documentation, check out the curl website's documentation section for general curl stuff or the libcurl section for libcurl related documentation.