git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-11 12:01:42 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity
测试 mirror
35,224 Commits 14 Branches 229 Tags 258 MiB
C 74.4%
Perl 8.3%
Python 5.3%
M4 4.6%
CMake 2.8%
Other 4.5%
d3594be653
Go to file
Ruocco, Calvin d3594be653
ws: tests and fixes 
This started out as regression tests for the `curl_ws_recv()` and
`curl_ws_send()` implementation and ended up with a bugfix, additional
protocol validation and minor logging improvements.

- Fix reset of fragmented message decoder state when a PING/PONG is
  received in between message fragments.

- Fix undefined behavior (applying zero offset to null pointer) in
  curl_ws_send() when the given buffer is NULL.

- Detect invalid overlong PING/PONG/CLOSE frames.
- Detect invalid fragmented PING/PONG/CLOSE frames.
- Detect invalid sequences of fragmented frames.

  - a) A continuation frame (0x80...) is received without any ongoing
    fragmented message.
  - b) A new fragmented message is started (0x81/0x01/0x82/0x02...)
    before the ongoing fragmented message has terminated.

- Made logs for invalid opcodes easier to understand.
- Moved noisy logs to the `CURL_TRC_WS` log level.
- Unified the prefixes for WebSocket log messages: `[WS] ...`

- Add env var `CURL_WS_FORCE_ZERO_MASK` in debug builds.

  - If set, it forces the bit mask applied to outgoing payloads to
    0x00000000, which effectively means the payload is not masked at
    all. This drastically simplifies defining the expected `<protocol>`
    data in test cases.

- 2700: Frame types
- 2701: Invalid opcode 0x3
- 2702: Invalid opcode 0xB
- 2703: Invalid reserved bit RSV1 _(replaces 2310)_
- 2704: Invalid reserved bit RSV2
- 2705: Invalid reserved bit RSV3
- 2706: Invalid masked server message
- 2707: Peculiar frame sizes _(part. replaces 2311)_
- 2708: Automatic PONG
- 2709: No automatic PONG _(replaces 2312)_
- 2710: Unsolicited PONG
- 2711: Empty PING/PONG/CLOSE
- 2712: Max sized PING/PONG/CLOSE
- 2713: Invalid oversized PING _(replaces 2307)_
- 2714: Invalid oversized PONG
- 2715: Invalid oversized CLOSE
- 2716: Invalid fragmented PING
- 2717: Invalid fragmented PONG
- 2718: Invalid fragmented CLOSE
- 2719: Fragmented messages _(part. replaces 2311)_
- 2720: Fragmented messages with empty fragments
- 2721: Fragmented messages with interleaved pong
- 2722: Invalid fragmented message without initial frame
- 2723: Invalid fragmented message without final frame

- 2305: curl_ws_recv() loop reading three larger frames
  - This test involuntarily sent an invalid sequence of opcodes (0x01...,0x01...,0x81...) , but neither libcurl nor the test caught this! The correct sequence was tested in 2311 (0x01...,0x00...,0x80...). See below for 2311.
  - Validation of the opcode sequence was added to libcurl and is now tested in 2723.
  - Superseded by 2719 (fragmented message) and 2707 (large frames).
- 2307: overlong PING payload
  - The tested PING payload length check was actually missing, but the test didn't catch this since it involuntarily sent an invalid opcode (0x19... instead of 0x89...) so that the expected error occurred, but for the wrong reason.
  - Superseded by 2713.
- 2310: unknown reserved bit set in frame header
  - Superseded by 2703 and extended by 2704 and 2705.
- 2311: curl_ws_recv() read fragmented message
  - Superseded by 2719 (fragmented message) and 2707 (large frames).
- 2312: WebSockets no auto ping
  - Superseded by 2709.

- No tests for `CURLOPT_WRITEFUNCTION`.
- No tests for sending of invalid frames/fragments.

Closes #17136
2025-06-02 11:15:38 +02:00
.circleci GHA: update wolfSSL/wolfssl to v5.8.0 2025-04-25 22:34:32 +02:00
.github GHA/non-native: un-ignore tests on OpenBSD, bump to -j8 for NetBSD/FreeBSD 2025-06-02 00:21:52 +02:00
CMake cmake: fix missed version number for multi-pkg-config detections 2025-05-29 06:59:02 +02:00
docs ws: tests and fixes 2025-06-02 11:15:38 +02:00
include spelling: call it null-terminate consistently 2025-05-30 17:29:45 +02:00
lib ws: tests and fixes 2025-06-02 11:15:38 +02:00
LICENSES copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
m4 misc: we write *an* IPv6 address 2025-05-30 07:53:31 +02:00
packages spelling: call it null-terminate consistently 2025-05-30 17:29:45 +02:00
plan9 copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
projects curlx: move version_win32.[ch] to curlx/ 2025-05-08 17:09:32 +02:00
scripts tool_getparam: refactored, simplified 2025-05-28 14:25:32 +02:00
src spelling: call it null-terminate consistently 2025-05-30 17:29:45 +02:00
tests ws: tests and fixes 2025-06-02 11:15:38 +02:00
winbuild curlx: move version_win32.[ch] to curlx/ 2025-05-08 17:09:32 +02:00
.dir-locals.el copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
.git-blame-ignore-revs copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
.gitattributes winbuild: MS-DOS batch tidy-ups 2024-07-02 19:26:15 +02:00
.gitignore tidy-up: .gitignore lines mostly 2025-01-27 20:59:46 +01:00
.mailmap ws: tests and fixes 2025-06-02 11:15:38 +02:00
acinclude.m4 configure: fix --disable-rt 2025-04-03 11:10:47 +02:00
appveyor.sh windows: fix builds targeting WinXP, test it in CI 2025-05-22 13:04:28 +02:00
appveyor.yml windows: fix builds targeting WinXP, test it in CI 2025-05-22 13:04:28 +02:00
buildconf copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
CHANGES.md CHANGES: rename to CHANGES.md, no longer generated 2024-08-01 13:37:12 +02:00
CMakeLists.txt spacecheck.pl: check for non-ASCII chars, fix fallouts 2025-05-04 17:26:11 +02:00
configure.ac configure: suppress command not found for brew 2025-05-21 13:14:46 +02:00
COPYING COPYING: bump copyright year range to 1996 - 2025 2025-01-01 21:12:12 +01:00
curl-config.in curl-config: tidy up, optimize 2024-12-24 01:21:38 +01:00
Dockerfile Dockerfile: update debian:bookworm-slim Docker digest to 90522ee 2025-05-23 23:14:33 +02:00
GIT-INFO.md build: drop tool_hugehelp.c.cvs, tidy up macros, drop buildconf.bat 2025-01-26 14:22:49 +01:00
libcurl.pc.in configure: do not echo most inherited LDFLAGS to config files 2024-11-14 09:55:45 +01:00
Makefile.am dist: drop duplicate entry from CMAKE_DIST 2025-04-10 15:01:46 +02:00
README docs: minor grammar fixes 2022-09-29 10:44:12 +02:00
README.md spacecheck.pl: drop more exceptions 2025-05-13 16:01:07 +02:00
RELEASE-NOTES RELEASE-NOTES: synced 2025-05-31 15:12:43 +02:00
renovate.json GHA: drop "3" from openssl names and keys 2024-10-23 19:36:03 +02:00
REUSE.toml projects/Windows: remove wolfSSL from legacy projects 2024-12-22 03:10:35 -05:00
SECURITY.md docs: Clarify OpenSSF Best Practices vs Scorecard 2024-08-22 11:50:20 +02:00

README.md

curl logo

curl is a command-line tool for transferring data specified with URL syntax. Learn how to use curl by reading the manpage or everything curl.

Find out how to install curl by reading the INSTALL document.

libcurl is the library curl is using to do its job. It is readily available to be used by your software. Read the libcurl manpage to learn how.

Open Source

curl is Open Source and is distributed under an MIT-like license.

Contact

Contact us on a suitable mailing list or use GitHub issues/ pull requests/ discussions.

All contributors to the project are listed in the THANKS document.

Commercial support

For commercial support, maybe private and dedicated help with your problems or applications using (lib)curl visit the support page.

Website

Visit the curl website for the latest news and downloads.

Source code

Download the latest source from the Git server:

git clone https://github.com/curl/curl.git

Security problems

Report suspected security problems via our HackerOne page and not in public.

Notice

curl contains pieces of source code that is Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan. This notice is included here to comply with the distribution terms.

Backers

Thank you to all our backers 🙏 Become a backer.

Sponsors

Support this project by becoming a sponsor.