- de-complex Curl_gtls_verifyserver() by splitting of static
functions for parts of it.
- follow the `goto out` style with common deallocation code
Closes#17941
- rename Curl_oss_check_peer_cert() to Curl_ossl_check_peer_cert()
- leave altname match loop after the first success when the match
was an ip address
- remove static subj_alt_hostcheck() since it did not really do much
- use length based infof() output of altname, even though it does
seem always to be nul terminated
Closes#17940
Ahmad Gani intercepts the sendto syscall to simulate short send, but
curl incorrectly handles it. It keeps resending the version:
sendto(4, "\x05", 1, MSG_NOSIGNAL, NULL, 0) = 1
sendto(4, "\x05", 1, MSG_NOSIGNAL, NULL, 0) = 1
Don't restart the buffer in the `CONNECT_SOCKS_INIT` case if
`sx->outstanding` is not zero. It should continue sending the
advanced buffer.
Fixes#17942
Reported-by: Ahmad Gani <reyuki@gnuweeb.org>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
Closes#17943
To set it before checking for it while enabling `HAVE_INET_NTOP` and
`HAVE_INET_PTON` for Vista (and up) targets.
May have affected winbuild or Visual Studio IDE Project Files.
Follow-up to 68fa9bf3f5#9712Closes#17928
The `transport` to use for a transfer, e.g. TCP/QUIC/UNIX/UDP, is
initially selected by options and protocol used. This is set at the
`struct connectdata` as `transport` member.
During connection establishment, this transport may change due to
Alt-Svc or Happy-Eyeballing. Most common is the switch from TCP to QUIC.
Rename the connection member to `transport_wanted` and add a way to
query the connection for the transport in use via a new connection
filter query.
The filter query can also be used in the happy eyeballing attempts when
code needs to know which transport is used by the "filter below". This
happens in wolfssl initialization, as one example.
Closes#17923
When using winbuild or Visual Studio IDE Project Files.
To simplify and prepare for dropping support for VS2008.
Details:
- fix VS2012 default target to be Windows 8 (was Vista).
Confirmed by CI:
```
-- The C compiler identification is MSVC 17.0.61030.0
-- Found _WIN32_WINNT=0x0602
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/51594696/job/elbl0w5n7fmoos2f#L45
It also aligns with the default being Windows 7 for VS2010,
and Windows Vista for VS2008.
- bump minimum target to XP (was Windows 2000) when using VS2008.
curl requires XP.
- add Windows release names to comments for clarity.
- add hex Windows version to a comment for clarity.
- merge VS2008/VS2012 minimum/default logic and comments.
- reduce scope of local minimum/default macros.
- shorten comments to fit within line limit.
Closes#17916
In gtls.c there was a typo'd comment that I think was missing the word
"no" to indicate there's "no GnuTLS way to signal no EarlyData".
This commit fixes that typo, and also updates a copy-pasted instance
that made it into wolfssl.c where it should refer to the WolfSSL API
missing the capability, not GnuTLS.
Closes#17907
To avoid applying it to all other sources in unity mode.
This may have affected tests setting a custom time via `CURL_TIME`,
in unity builds: 446, 780, 781, 782, 783, 970, 972, 1654, 1660
Closes#17897
This callback was permanently mapped to libcurl's internal
`Curl_wcsdup()`, which always uses the customizable malloc for
allocation, thus making a custom mapping redundant anyway.
To simplify, drop the callback and map `_tcsdup()` in Unicode mode
directly to `Curl_wcsdup()`.
Also fixes:
- `curl_global_init()` which, before this patch, (re)initialized its
mapping to `_wcsdup()`, returning buffers potentially incompatible
with a custom allocator.
Bug: https://github.com/curl/curl/pull/17840#issuecomment-3044361245
Bug: https://github.com/curl/curl/pull/7540#issuecomment-2380995349
Co-reported-by: Luca Kellermann
Follow-up to 76e047fc27#7540
Assisted-by: Jay Satiro
Closes#17843
It could previously cause a memory-leak when the cleanup was not
performed because it was not set.
Reported-by: albrechtd on github
Fixes#17819Closes#17837
Replace the old Curl_ssl_get_internals() with a new connection filter
query to retrieve the information. Implement that filter query for TCP
and QUIC TLS filter types.
Add tests in client tls_session_reuse to use the info option and check
that pointers are returned.
Reported-by: Larry Campbell
Fixes#17801Closes#17809
Fixing:
- a raw `free()` in ECH code that's malloced in lib code, causing
an invalid free, also reported by valgrind (in non-unity builds).
And in unity builds adjusted to behave like non-unity via #17827:
Ref: https://github.com/curl/curl/actions/runs/16093372427/job/45421778472?pr=17827#step:39:3321
- a local pair of `malloc()`/`free()` to use curl's memory allocators,
and participate in memory tracking when enabled.
Cherry-picked from #17827Closes#17830
- hostip: fix unused variable with `CURL_DISABLE_SHUFFLE_DNS`
```
lib/hostip.c: In function 'Curl_dnscache_mk_entry':
lib/hostip.c:490:42: warning: unused parameter 'data' [-Wunused-parameter]
490 | Curl_dnscache_mk_entry(struct Curl_easy *data,
| ~~~~~~~~~~~~~~~~~~^~~~
```
- setopt: fix unused function with `CURL_DISABLE_HTTP`
```
lib/setopt.c:214:17: warning: 'httpauth' defined but not used [-Wunused-function]
214 | static CURLcode httpauth(struct Curl_easy *data, bool proxy,
| ^~~~~~~~
```
- url: fix unused function with `CURL_DISABLE_NETRC`
```
lib/url.c:2760:13: warning: 'str_has_ctrl' defined but not used [-Wunused-function]
2760 | static bool str_has_ctrl(const char *input)
| ^~~~~~~~~~~~
```
Seen with a minimal curl-for-win build:
```
CW_CONFIG=dev-x64-zero-osnotls-osnoidn-nohttp-nocurltool-linux-unity
```
Closes#17818
Commit f2ce6c46 among other things added the use of own library context
instead of the default context. Default context has access to OpenSSL
configuration file, own context doesn't have it.
Therefore if a pkcs11 provider is loaded via config file, the function
OSSL_PROVIDER_available() incorrectly detects the provider as
unavailable.
Fix this by loading the OpenSSL config to the library context according
to OpenSSL documentation:
"OSSL_LIB_CTX_load_config() loads a configuration file using the given
ctx. This can be used to associate a library context with providers that
are loaded from a configuration."
Moreover use the provider_loaded flag instead of provider pointer to
determine if a provider is available, as the latter is not set when the
provider is loaded from a configuration.
Closes#17804
Replace the `libstubgss.so`-based overload solution with one built into
libcurl at compile-time.
The previous, `LD_PRELOAD`-based, solution was non-portable, allowlisted
for Linux, BSD and Solaris. It also required non-debug builds, which
turned out to be an accidental condition:
7d342c723c. It also required a curl tool
built against a shared libcurl. Detecting this condition wasn't always
accurate, e.g. with certain cmake configurations.
The overload solution also didn't work on macOS, though it theoretically
should have:
- #17653
- #2394
Experiments on making the overload solution work in more envs:
- #17759
That revealed that it also did not work on NetBSD, in CI.
The replacement solution is overloading the necessary GSS-API functions
for test 2056 and 2057 at compile time. It requires a debug-enabled curl
build (due to its insecure nature).
This makes these tests run on all platforms. Including most GSS jobs in
CI, that are running tests. (the exception is old-linux, non-debug jobs,
where it felt overkill to enable debug for this.)
The refactored GSS stub code needs to overload less than before because
it's free to use the official GSS API. (This didn't work with
the overload solution on Alpine for example). It can also use libcurl
functions, allowing to replace `snprintf()` with `msnprintf()`.
OS/400 is also overloading GSS API functions. I haven't tested how this
works after this PR. In theory it should, because this PR doesn't rely
on preprocessor overrides.
Note that for future GSS tests, it may be necessary to stub these GSS
API functions: `gss_inquire_context()`, `gss_unwrap()`, `gss_wrap()`.
They are on codepaths not (yet) touched by tests.
Also:
- stub-gss: check for token buffer overrun.
- stub-gss: replace size macros with `sizeof()`.
- GHA: enable debug for some jobs with GSS.
- GHA/linux: ignore results for 2056 and 2057 in the valgrind job.
They leak the same way as seen with 2077 and 2078.
Ref: 7020ba7979#17462
Ref: 146759716c#14430
- GHA/linux: fix to ignore `gss_import_name()` leaks in valgrind builds.
only.
- lib/vauth/krb5_gssapi: reduce variable scope.
- lib/vauth/spnego_gssapi: reduce variable scope.
- tests/libtest: drop code and build logic dealing with `libstubgss`.
- runtests:
- drop `ld_preload` feature.
- drop special handling of `LD_PRELOAD` env in tests.
- drop logic dealing with shared curl tool detection.
- drop `LD_PRELOAD` envs from tests.
Follow-up to 56d949d31a#1687Closes#17752
In order to do unit tests for private functions, functions that are
marked UNITTEST but without a global scope in the library, functions
that do not have prototypes in their corresponding header file, unit
tests previously brought their own private prototype *copy* into the
unit test.
This was error-prone when the internal function changes but the change
might be missed in the unit test which then uses an outdated prototype
copy for testing.
This change removes the private prototypes from unit tests and instead
introduces a C file parser that parses the specific C files and extracts
the necessary unit test prototypes into a generated header file for unit
tests to use. This geneated lib/unitprotos.h header is then included by
unit tests that need private prototypes.
Assisted-by: Viktor Szakats
Closes#17750
Drop `strcasecompare` and `strncasecompare` in favor of libcurl API
calls `curl_strequal` and `curl_strnequal` respectively.
Also drop unnecessary `strcase.h` includes. Include `curl/curl.h`
instead where it wasn't included before.
Closes#17772
Eliminating the socket readability check in the socket connection
filters for the 'data_pending' callback. Improves performance of
handling of transfers, up to ~30%, depending on parallelism and response
size.
Whatever `data_pending()` once was, its semantics are now:
"Is there anything buffered in the connection filters that needs
receive?"
Any checks of the socket's readability are done via `multi_wait()`
and friends.
Fix the one place in HTTP/1 proxy code that checked `data_pending()` and
did an early return if false. Remove that check and actually try to
receive data every time.
Closes#17785
- tests/libtest: move exception to `stub_gssapi.h`.
- tests/libtest: move remaining exception to `testtrace.c`.
- tests/server: drop obsolete exception.
- docs/examples: move `BANNEDFUNC` exceptions to local files (3 lines).
- docs/examples: move `ERRNOVAR` exception to `ephiperfifo.c`.
- docs/examples: drop `typedef struct` (8 files).
- lib/curlx: add `.checksrc` with banned funcs copied from lib.
- checksrc: ban `strncpy`, `strtok_r`, `strtoul` by default.
Drop local bans. Add exception for `strtoul` to `tests/server'.
- lib, src: sync banned funcs.
Also:
- REUSE: drop `stunnel.pem`, it no longer exists.
- docs/examples: formatting.
- docs/examples: simplify some `sizeof()`s.
Closes#17764
Change the signature of `bufq` functions from
* `ssize_t Curl_bufq_*(..., CURLcode *err)` to
* `CURLcode Curl_bufq_*(..., size_t *pn)`
This allows us to write slightly less code and avoids the ssize_t/size_t
conversions in many cases. Also, it gets the function in line with all
the other send/recv signatures.
Added helper functions in `cfilters.h` for sending from/receving into
a bufq.
Fuzzer now fails to build due to these changes and its testing of
the bufq API.
Closes#17396
All arguments and local variables in `http_header_s` were unused when
both `CURL_DISABLE_COOKIES` and `CURL_DISABLE_HSTS` were defined.
Closes https://github.com/curl/curl/pull/17753
