#
37551535 |
| 15-Feb-2024 |
Stefan Eissing |
lib: Curl_read/Curl_write clarifications - replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to clarify when and at what level they operate - send/recv of transfer related
lib: Curl_read/Curl_write clarifications - replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to clarify when and at what level they operate - send/recv of transfer related data is now done via `Curl_xfer_send()/Curl_xfer_recv()` which no longer has socket/socketindex as parameter. It decides on the transfer setup of `conn->sockfd` and `conn->writesockfd` on which connection filter chain to operate. - send/recv on a specific connection filter chain is done via `Curl_conn_send()/Curl_conn_recv()` which get the socket index as parameter. - rename `Curl_setup_transfer()` to `Curl_xfer_setup()` for naming consistency - clarify that the special CURLE_AGAIN hangling to return `CURLE_OK` with length 0 only applies to `Curl_xfer_send()` and CURLE_AGAIN is returned by all other send() variants. - fix a bug in websocket `curl_ws_recv()` that mixed up data when it arrived in more than a single chunk The method for sending not just raw bytes, but bytes that are either "headers" or "body". The send abstraction stack, to to bottom, now is: * `Curl_req_send()`: has parameter to indicate amount of header bytes, buffers all data. * `Curl_xfer_send()`: knows on which socket index to send, returns amount of bytes sent. * `Curl_conn_send()`: called with socket index, returns amount of bytes sent. In addition there is `Curl_req_flush()` for writing out all buffered bytes. `Curl_req_send()` is active for requests without body, `Curl_buffer_send()` still being used for others. This is because the special quirks need to be addressed in future parts: * `expect-100` handling * `Curl_fillreadbuffer()` needs to add directly to the new `data->req.sendbuf` * special body handlings, like `chunked` encodings and line end conversions will be moved into something like a Client Reader. In functions of the pattern `CURLcode xxx_send(..., ssize_t *written)`, replace the `ssize_t` with a `size_t`. It makes no sense to allow for negative values as the returned `CURLcode` already specifies error conditions. This allows easier handling of lengths without casting. Closes #12964
show more ...
|
#
59298221 |
| 14-Feb-2024 |
Stefan Eissing |
lib: send rework Curl_read/Curl_write clarifications - replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to 1clarify when and at what level they operate - sen
lib: send rework Curl_read/Curl_write clarifications - replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to 1clarify when and at what level they operate - send/recv of transfer related data is now done via `Curl_xfer_send()/Curl_xfer_recv()` which no longer has socket/socketindex as parameter. It decides on the transfer setup of `conn->sockfd` and `conn->writesockfd` on which connection filter chain to operate. - send/recv on a specific connection filter chain is done via `Curl_conn_send()/Curl_conn_recv()` which get the socket index as parameter. - rename `Curl_setup_transfer()` to `Curl_xfer_setup()` for naming consistency - clarify that the special CURLE_AGAIN handling to return `CURLE_OK` with length 0 only applies to `Curl_xfer_send()` and CURLE_AGAIN is returned by all other send() variants. SingleRequest reshuffling - move functions into request.[ch] - differentiate between reset and free - add Curl_req_done() to perform last actions - add a send `bufq` to SingleRequest for future use in keeping upload data Closes #12963
show more ...
|
#
aee4ebe5 |
| 26-Jan-2024 |
Daniel Stenberg |
krb5: add prototype to silence clang warnings on mvsnprintf() "error: format string is not a string literal" Follow-up to 09230127589eccc7 which made the warning appear Ass
krb5: add prototype to silence clang warnings on mvsnprintf() "error: format string is not a string literal" Follow-up to 09230127589eccc7 which made the warning appear Assisted-by: Viktor Szakats Closes #12803
show more ...
|
#
31db4bfa |
| 25-Jan-2024 |
Daniel Stenberg |
krb5: access the response buffer correctly As the pingpong code no longer uses the download buffer. Folllow-up to c2d973627bab12ab Pointed-out-by: Stefan Eissing Closes #127
krb5: access the response buffer correctly As the pingpong code no longer uses the download buffer. Folllow-up to c2d973627bab12ab Pointed-out-by: Stefan Eissing Closes #12796
show more ...
|
#
cfe79021 |
| 08-Jan-2024 |
Daniel Stenberg |
lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT Closes #12658
|
#
3829759b |
| 08-Dec-2023 |
Viktor Szakats |
build: enable missing OpenSSF-recommended warnings, with fixes https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html as of 2023-11-29 [1]
build: enable missing OpenSSF-recommended warnings, with fixes https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html as of 2023-11-29 [1]. Enable new recommended warnings (except `-Wsign-conversion`): - enable `-Wformat=2` for clang (in both cmake and autotools). - add `CURL_PRINTF()` internal attribute and mark functions accepting printf arguments with it. This is a copy of existing `CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible with redefinting the `printf` symbol: https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94 - fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for mingw-w64 and enable it on this platform. - enable `-Wimplicit-fallthrough`. - enable `-Wtrampolines`. - add `-Wsign-conversion` commented with a FIXME. - cmake: enable `-pedantic-errors` the way we do it with autotools. Follow-up to d5c0351055d5709da8f3e16c91348092fdb481aa #2747 - lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format checks. Previously it was always disabled due to the internal `printf` macro. Fix them: - fix bug where an `set_ipv6_v6only()` call was missed in builds with `--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`. - add internal `FALLTHROUGH()` macro. - replace obsolete fall-through comments with `FALLTHROUGH()`. - fix fallthrough markups: Delete redundant ones (showing up as warnings in most cases). Add missing ones. Fix indentation. - silence `-Wformat-nonliteral` warnings with llvm/clang. - fix one `-Wformat-nonliteral` warning. - fix new `-Wformat` and `-Wformat-security` warnings. - fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its definition to `lib/curl_setup.h` allowing use in `tests/server`. - lib: fix two wrongly passed string arguments in log outputs. Co-authored-by: Jay Satiro - fix new `-Wformat` warnings on mingw-w64. [1] https://github.com/ossf/wg-best-practices-os-developers/blob/56c0fde3895bfc55c8a973ef49a2572c507b2ae1/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C%2B%2B.md Closes #12489
show more ...
|
#
25907fd5 |
| 07-Sep-2023 |
Daniel Stenberg |
krb5: fix "implicit conversion loses integer precision" warnings conversions to/from enum and unsigned chars Closes #11814
|
#
2485547d |
| 05-Sep-2023 |
Stefan Eissing |
http: fix sending of large requests - refs #11342 where errors with git https interactions were observed - problem was caused by 1st sends of size larger than 64KB which resu
http: fix sending of large requests - refs #11342 where errors with git https interactions were observed - problem was caused by 1st sends of size larger than 64KB which resulted in later retries of 64KB only - limit sending of 1st block to 64KB - adjust h2/h3 filters to cope with parsing the HTTP/1.1 formatted request in chunks - introducing Curl_nwrite() as companion to Curl_write() for the many cases where the sockindex is already known Fixes #11342 (again) Closes #11803
show more ...
|
#
4aa64e67 |
| 17-Jul-2023 |
Daniel Stenberg |
krb5: add typecast to please Coverity
|
#
5ed7417d |
| 24-Feb-2023 |
Daniel Stenberg |
krb5: avoid sscanf for parsing Closes #10599
|
#
c1c96905 |
| 15-Feb-2023 |
Marcel Raad |
krb5: silence cast-align warning Add an intermediate cast to `void *`, as done everywhere else when casting from `sockaddr *` to `sockaddr_in *`. Closes https://github.com/curl/
krb5: silence cast-align warning Add an intermediate cast to `void *`, as done everywhere else when casting from `sockaddr *` to `sockaddr_in *`. Closes https://github.com/curl/curl/pull/10528
show more ...
|
#
5651a36d |
| 30-Jan-2023 |
Stefan Eissing |
cf-socket: improvements in socket I/O handling - Curl_write_plain/Curl_read_plain have been eliminated. Last code use now uses Curl_conn_send/recv so that requests use conn->send/revc
cf-socket: improvements in socket I/O handling - Curl_write_plain/Curl_read_plain have been eliminated. Last code use now uses Curl_conn_send/recv so that requests use conn->send/revc callbacks which defaults to cfilters use. - Curl_recv_plain/Curl_send_plain have been internalized in cf-socket.c. - USE_RECV_BEFORE_SEND_WORKAROUND (active on Windows) has been moved into cf-socket.c. The pre_recv buffer is held at the socket filter context. `postponed_data` structures have been removed from `connectdata`. - the hanger in HTTP/2 request handling was a result of read buffering on all sends and the multi handling is not prepared for this. The following happens: - multi preforms on a HTTP/2 easy handle - h2 reads and processes data - this leads to a send of h2 data - which receives and buffers before the send - h2 returns - multi selects on the socket, but no data arrives (its in the buffer already) the workaround now receives data in a loop as long as there is something in the buffer. The real fix would be for multi to change, so that `data_pending` is evaluated before deciding to wait on the socket. io_buffer, optional, in cf-socket.c, http/2 sets state.drain if lower filter have pending data. This io_buffer is only available/used when the -DUSE_RECV_BEFORE_SEND_WORKAROUND is active, e.g. on Windows configurations. It also maintains the original checks on protocol handler being HTTP and conn->send/recv not being replaced. The HTTP/2 (nghttp2) cfilter now sets data->state.drain when it finds out that the "lower" filter chain has still pending data at the end of its IO operation. This prevents the processing from becoming stalled. Closes #10280
show more ...
|
#
6a8d7ef9 |
| 03-Jan-2023 |
Stefan Eissing |
cf-socket: keep sockaddr local in the socket filters - copy `struct Curl_addrinfo` on filter setup into context - remove `struct Curl_addrinfoi *` with `struct Curl_sockaddr_ex *` in
cf-socket: keep sockaddr local in the socket filters - copy `struct Curl_addrinfo` on filter setup into context - remove `struct Curl_addrinfoi *` with `struct Curl_sockaddr_ex *` in connectdata that is set and NULLed by the socket filter - this means we have no reference to the resolver info in connectdata or its filters - trigger the CF_CTRL_CONN_INFO_UPDATE event when the complete filter chain reaches connected status - update easy handle connection information on CF_CTRL_DATA_SETUP event. Closes #10213
show more ...
|
#
2bc1d775 |
| 02-Jan-2023 |
Daniel Stenberg |
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - save
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING checksrc is updated to allow non-year using copyright statements Closes #10205
show more ...
|
#
4f42150d |
| 14-Nov-2022 |
Jay Satiro |
sendf: change Curl_read_plain to wrap Curl_recv_plain (take 2) Prior to this change Curl_read_plain would attempt to read the socket directly. On Windows that's a problem because recv da
sendf: change Curl_read_plain to wrap Curl_recv_plain (take 2) Prior to this change Curl_read_plain would attempt to read the socket directly. On Windows that's a problem because recv data may be cached by libcurl and that data is only drained using Curl_recv_plain. Rather than rewrite Curl_read_plain to handle cached recv data, I changed it to wrap Curl_recv_plain, in much the same way that Curl_write_plain already wraps Curl_send_plain. Curl_read_plain -> Curl_recv_plain Curl_write_plain -> Curl_send_plain This fixes a bug in the schannel backend where decryption of arbitrary TLS records fails because cached recv data is never drained. We send data (TLS records formed by Schannel) using Curl_write_plain, which calls Curl_send_plain, and that may do a recv-before-send ("pre-receive") to cache received data. The code calls Curl_read_plain to read data (TLS records from the server), which prior to this change did not call Curl_recv_plain and therefore cached recv data wasn't retrieved, resulting in malformed TLS records and decryption failure (SEC_E_DECRYPT_FAILURE). The bug has only been observed during Schannel TLS 1.3 handshakes. Refer to the issue and PR for more information. -- This is take 2 of the original fix. It preserves the original behavior of Curl_read_plain to write 0 to the bytes read parameter on error, since apparently some callers expect that (SOCKS tests were hanging). The original fix which landed in 12e1def5 and was later reverted in 18383fbf failed to work properly because it did not do that. Also, it changes Curl_write_plain the same way to complement Curl_read_plain, and it changes Curl_send_plain to return -1 instead of 0 on CURLE_AGAIN to complement Curl_recv_plain. Behavior on error with these changes: Curl_recv_plain returns -1 and *code receives error code. Curl_send_plain returns -1 and *code receives error code. Curl_read_plain returns error code and *n (bytes read) receives 0. Curl_write_plain returns error code and *written receives 0. -- Ref: https://github.com/curl/curl/issues/9431#issuecomment-1312420361 Assisted-by: Joel Depooter Reported-by: Egor Pugin Fixes https://github.com/curl/curl/issues/9431 Closes https://github.com/curl/curl/pull/9949
show more ...
|
#
18383fbf |
| 18-Nov-2022 |
Daniel Stenberg |
Revert "sendf: change Curl_read_plain to wrap Curl_recv_plain" This reverts commit 12e1def51a75392df62e65490416007d7e68dab9. It introduced SOCKS proxy fails, like test 700 never end
Revert "sendf: change Curl_read_plain to wrap Curl_recv_plain" This reverts commit 12e1def51a75392df62e65490416007d7e68dab9. It introduced SOCKS proxy fails, like test 700 never ending. Reopens #9431
show more ...
|
#
12e1def5 |
| 14-Nov-2022 |
Jay Satiro |
sendf: change Curl_read_plain to wrap Curl_recv_plain Prior to this change Curl_read_plain would attempt to read the socket directly. On Windows that's a problem because recv data may be
sendf: change Curl_read_plain to wrap Curl_recv_plain Prior to this change Curl_read_plain would attempt to read the socket directly. On Windows that's a problem because recv data may be cached by libcurl and that data is only drained using Curl_recv_plain. Rather than rewrite Curl_read_plain to handle cached recv data, I changed it to wrap Curl_recv_plain, in much the same way that Curl_write_plain already wraps Curl_send_plain. Curl_read_plain -> Curl_recv_plain Curl_write_plain -> Curl_send_plain This fixes a bug in the schannel backend where decryption of arbitrary TLS records fails because cached recv data is never drained. We send data (TLS records formed by Schannel) using Curl_write_plain, which calls Curl_send_plain, and that may do a recv-before-send ("pre-receive") to cache received data. The code calls Curl_read_plain to read data (TLS records from the server), which prior to this change did not call Curl_recv_plain and therefore cached recv data wasn't retrieved, resulting in malformed TLS records and decryption failure (SEC_E_DECRYPT_FAILURE). The bug has only been observed during Schannel TLS 1.3 handshakes. Refer to the issue and PR for more information. Ref: https://github.com/curl/curl/issues/9431#issuecomment-1312420361 Assisted-by: Joel Depooter Reported-by: Egor Pugin Fixes https://github.com/curl/curl/issues/9431 Closes https://github.com/curl/curl/pull/9904
show more ...
|
#
fc8d6b23 |
| 27-Oct-2022 |
Randall S. Becker |
build: fix for NonStop - Include arpa/inet.h in all units where htonl is called. Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Closes https://github.com/curl/cu
build: fix for NonStop - Include arpa/inet.h in all units where htonl is called. Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Closes https://github.com/curl/curl/pull/9816
show more ...
|
#
6ecdf513 |
| 09-Jun-2022 |
Daniel Stenberg |
krb5: return error properly on decode errors Bug: https://curl.se/docs/CVE-2022-32208.html CVE-2022-32208 Reported-by: Harry Sintonen Closes #9051
|
#
ad9bc597 |
| 17-May-2022 |
max.mehl |
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the file `.reuse/dep5`. This commit also adds a Github workflow to check pull requests and adapts copyright.pl to the changes. Closes #8869
show more ...
|
#
26101421 |
| 03-Feb-2022 |
Daniel Stenberg |
lib: remove support for CURL_DOES_CONVERSIONS TPF was the only user and support for that was dropped. Closes #8378
|
#
21248e05 |
| 25-Dec-2021 |
Daniel Stenberg |
checksrc: detect more kinds of NULL comparisons we avoid Co-authored-by: Jay Satiro Closes #8180
|
#
8e701cc9 |
| 22-Oct-2021 |
Eddie Lumpkin |
lib: fixing comment spelling typos in lib files Closes #7894 Signed-off-by: ewlumpkin <ewlumpkin@gmail.com>
|
#
e75be2c4 |
| 21-Sep-2021 |
Rikard Falkeborn |
cleanup: constify unmodified static structs Constify a number of static structs that are never modified. Make them const to show this. Closes #7759
|
#
e7416cfd |
| 06-Jul-2021 |
Daniel Stenberg |
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes info
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
show more ...
|