#
08872971 |
| 13-May-2024 |
Viktor Szakats |
lib/v*: tidy up types and casts Also add a couple of negative checks. Cherry-picked from #13489 Closes #13622
|
#
4157ccb8 |
| 25-May-2024 |
Daniel Stenberg |
libssh: remove CURLOPT_SSL_VERIFYHOST check It was never meant for SSH: it should rely on the knownhosts file (if set) in the same way libssh2 already does. Reported-by: James A
libssh: remove CURLOPT_SSL_VERIFYHOST check It was never meant for SSH: it should rely on the knownhosts file (if set) in the same way libssh2 already does. Reported-by: James Abbatiello Fixes #13767 Closes #13781
show more ...
|
#
8dd81bd5 |
| 21-Mar-2024 |
Stefan Eissing |
lib: add Curl_xfer_write_resp_hd Add method in protocol handlers to allow writing of a single, 0-terminated header line. Avoids parsing and copying these lines. Closes #13165
|
#
a586b8ca |
| 07-Mar-2024 |
Stefan Eissing |
lib: client reader polish - seek_func/seek_client, use transfer values only - remove copies held in `struct connectdata`, use only ever `data->set.seek_func` - reso
lib: client reader polish - seek_func/seek_client, use transfer values only - remove copies held in `struct connectdata`, use only ever `data->set.seek_func` - resolves possible issues in multiuse connections - new mime post reader eliminates need to ever overwriting this - websockets, remove empty Curl_ws_done() function Closes #13079
show more ...
|
#
59298221 |
| 14-Feb-2024 |
Stefan Eissing |
lib: send rework Curl_read/Curl_write clarifications - replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to 1clarify when and at what level they operate - sen
lib: send rework Curl_read/Curl_write clarifications - replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to 1clarify when and at what level they operate - send/recv of transfer related data is now done via `Curl_xfer_send()/Curl_xfer_recv()` which no longer has socket/socketindex as parameter. It decides on the transfer setup of `conn->sockfd` and `conn->writesockfd` on which connection filter chain to operate. - send/recv on a specific connection filter chain is done via `Curl_conn_send()/Curl_conn_recv()` which get the socket index as parameter. - rename `Curl_setup_transfer()` to `Curl_xfer_setup()` for naming consistency - clarify that the special CURLE_AGAIN handling to return `CURLE_OK` with length 0 only applies to `Curl_xfer_send()` and CURLE_AGAIN is returned by all other send() variants. SingleRequest reshuffling - move functions into request.[ch] - differentiate between reset and free - add Curl_req_done() to perform last actions - add a send `bufq` to SingleRequest for future use in keeping upload data Closes #12963
show more ...
|
#
f47487c2 |
| 24-Feb-2024 |
Daniel Stenberg |
libssh/libssh2: return error on too big range If trying to get the range 0 - 2^63 and the remote file is 2^63 bytes or larger. Fixes #12983 Closes #12984
|
#
6d852287 |
| 25-Jan-2024 |
Stefan Eissing |
ssh: use stack scratch buffer for seeks - instead of data->state.buffer Closes #12794
|
#
d7b6ce64 |
| 01-Dec-2023 |
Stefan Eissing |
lib: replace readwrite with write_resp This clarifies the handling of server responses by folding the code for the complicated protocols into their protocol handlers. This concerns m
lib: replace readwrite with write_resp This clarifies the handling of server responses by folding the code for the complicated protocols into their protocol handlers. This concerns mainly HTTP and its bastard sibling RTSP. The terms "read" and "write" are often used without clear context if they refer to the connect or the client/application side of a transfer. This PR uses "read/write" for operations on the client side and "send/receive" for the connection, e.g. server side. If this is considered useful, we can revisit renaming of further methods in another PR. Curl's protocol handler `readwrite()` method been changed: ```diff - CURLcode (*readwrite)(struct Curl_easy *data, struct connectdata *conn, - const char *buf, size_t blen, - size_t *pconsumed, bool *readmore); + CURLcode (*write_resp)(struct Curl_easy *data, const char *buf, size_t blen, + bool is_eos, bool *done); ``` The name was changed to clarify that this writes reponse data to the client side. The parameter changes are: * `conn` removed as it always operates on `data->conn` * `pconsumed` removed as the method needs to handle all data on success * `readmore` removed as no longer necessary * `is_eos` as indicator that this is the last call for the transfer response (end-of-stream). * `done` TRUE on return iff the transfer response is to be treated as finished This change affects many files only because of updated comments in handlers that provide no implementation. The real change is that the HTTP protocol handlers now provide an implementation. The HTTP protocol handlers `write_resp()` implementation will get passed **all** raw data of a server response for the transfer. The HTTP/1.x formatted status and headers, as well as the undecoded response body. `Curl_http_write_resp_hds()` is used internally to parse the response headers and pass them on. This method is public as the RTSP protocol handler also uses it. HTTP/1.1 "chunked" transport encoding is now part of the general *content encoding* writer stack, just like other encodings. A new flag `CLIENTWRITE_EOS` was added for the last client write. This allows writers to verify that they are in a valid end state. The chunked decoder will check if it indeed has seen the last chunk. The general response handling in `transfer.c:466` happens in function `readwrite_data()`. This mainly operates now like: ``` static CURLcode readwrite_data(data, ...) { do { Curl_xfer_recv_resp(data, buf) ... Curl_xfer_write_resp(data, buf) ... } while(interested); ... } ``` All the response data handling is implemented in `Curl_xfer_write_resp()`. It calls the protocol handler's `write_resp()` implementation if available, or does the default behaviour. All raw response data needs to pass through this function. Which also means that anyone in possession of such data may call `Curl_xfer_write_resp()`. Closes #12480
show more ...
|
#
15b09d93 |
| 17-Dec-2023 |
Viktor Szakats |
ssh: fix namespace of two local macros Avoid using the libssh and libssh2 macro namespaces by prefixing these local macro names with `CURL_`. Follow-up to 413a0fedd02c8c6df1d294
ssh: fix namespace of two local macros Avoid using the libssh and libssh2 macro namespaces by prefixing these local macro names with `CURL_`. Follow-up to 413a0fedd02c8c6df1d294534b8c6e306fcca7a2 #12346 Reviewed-by: Daniel Stenberg Closes #12544
show more ...
|
#
3829759b |
| 08-Dec-2023 |
Viktor Szakats |
build: enable missing OpenSSF-recommended warnings, with fixes https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html as of 2023-11-29 [1]
build: enable missing OpenSSF-recommended warnings, with fixes https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html as of 2023-11-29 [1]. Enable new recommended warnings (except `-Wsign-conversion`): - enable `-Wformat=2` for clang (in both cmake and autotools). - add `CURL_PRINTF()` internal attribute and mark functions accepting printf arguments with it. This is a copy of existing `CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible with redefinting the `printf` symbol: https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94 - fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for mingw-w64 and enable it on this platform. - enable `-Wimplicit-fallthrough`. - enable `-Wtrampolines`. - add `-Wsign-conversion` commented with a FIXME. - cmake: enable `-pedantic-errors` the way we do it with autotools. Follow-up to d5c0351055d5709da8f3e16c91348092fdb481aa #2747 - lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format checks. Previously it was always disabled due to the internal `printf` macro. Fix them: - fix bug where an `set_ipv6_v6only()` call was missed in builds with `--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`. - add internal `FALLTHROUGH()` macro. - replace obsolete fall-through comments with `FALLTHROUGH()`. - fix fallthrough markups: Delete redundant ones (showing up as warnings in most cases). Add missing ones. Fix indentation. - silence `-Wformat-nonliteral` warnings with llvm/clang. - fix one `-Wformat-nonliteral` warning. - fix new `-Wformat` and `-Wformat-security` warnings. - fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its definition to `lib/curl_setup.h` allowing use in `tests/server`. - lib: fix two wrongly passed string arguments in log outputs. Co-authored-by: Jay Satiro - fix new `-Wformat` warnings on mingw-w64. [1] https://github.com/ossf/wg-best-practices-os-developers/blob/56c0fde3895bfc55c8a973ef49a2572c507b2ae1/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C%2B%2B.md Closes #12489
show more ...
|
#
78a1814b |
| 14-Dec-2023 |
Daniel Stenberg |
libssh: supress warnings without version check Define unconditionally. Follow-up from d21bd2190c46ad7fa Closes #12523
|
#
d21bd219 |
| 14-Dec-2023 |
Theo |
libssh: improve the deprecation warning dismissal Previous code was compiler dependant, and dismissed all deprecation warnings indiscriminately. libssh provides a way to disable
libssh: improve the deprecation warning dismissal Previous code was compiler dependant, and dismissed all deprecation warnings indiscriminately. libssh provides a way to disable the deprecation warnings for libssh only, and naturally this is the preferred way. This commit uses that, to prevent the erroneous hiding of potential, unrelated deprecation warnings. Fixes #12519 Closes #12520
show more ...
|
#
8706b680 |
| 13-Dec-2023 |
Stefan Eissing |
lib: eliminate `conn->cselect_bits` - use `data->state.dselect_bits` everywhere instead - remove `bool *comeback` parameter as non-zero `data->state.dselect_bits` will indicate tha
lib: eliminate `conn->cselect_bits` - use `data->state.dselect_bits` everywhere instead - remove `bool *comeback` parameter as non-zero `data->state.dselect_bits` will indicate that IO is incomplete. Closes #12512
show more ...
|
#
413a0fed |
| 16-Nov-2023 |
Viktor Szakats |
autotools: stop setting `-std=gnu89` with `--enable-warnings` Do not alter the C standard when building with `--enable-warnings` when building with gcc. On one hand this alters
autotools: stop setting `-std=gnu89` with `--enable-warnings` Do not alter the C standard when building with `--enable-warnings` when building with gcc. On one hand this alters warning results compared to a default build. On the other, it may produce different binaries, which is unexpected. Also fix new warnings that appeared after removing `-std=gnu89`: - include: fix public curl headers to use the correct printf mask for `CURL_FORMAT_CURL_OFF_T` and `CURL_FORMAT_CURL_OFF_TU` with mingw-w64 and Visual Studio 2013 and newer. This fixes the printf mask warnings in examples and tests. E.g. [1] - conncache: fix printf format string [2]. - http2: fix potential null pointer dereference [3]. (seen on Slackware with gcc 11.) - libssh: fix printf format string in SFTP code [4]. Also make MSVC builds compatible with old CRT versions. - libssh2: fix printf format string in SFTP code for MSVC. Applying the same fix as for libssh above. - unit1395: fix `argument is null` and related issues [5]: - stop calling `strcmp()` with NULL to avoid undefined behaviour. - fix checking results if some of them were NULL. - do not pass NULL to printf `%s`. - ci: keep a build job with `-std=gnu89` to continue testing for C89-compliance. We can apply this to other gcc jobs as needed. Ref: b23ce2cee7329bbf425f18b49973b7a5f23dfcb4 (2022-09-23) #9542 [1] https://dev.azure.com/daniel0244/curl/_build/results?buildId=18581&view=logs&jobId=ccf9cc6d-2ef1-5cf2-2c09-30f0c14f923b [2] https://github.com/curl/curl/actions/runs/6896854263/job/18763831142?pr=12346#step:6:67 [3] https://github.com/curl/curl/actions/runs/6896854253/job/18763839238?pr=12346#step:30:214 [4] https://github.com/curl/curl/actions/runs/6896854253/job/18763838007?pr=12346#step:29:895 [5] https://github.com/curl/curl/actions/runs/6896854253/job/18763836775?pr=12346#step:33:1689 Closes #12346
show more ...
|
#
a9fd0d00 |
| 17-Nov-2023 |
Viktor Szakats |
build: always revert `#pragma GCC diagnostic` after use Before this patch some source files were overriding gcc warning options, but without restoring them at the end of the file. In CMa
build: always revert `#pragma GCC diagnostic` after use Before this patch some source files were overriding gcc warning options, but without restoring them at the end of the file. In CMake UNITY builds these options spilled over to the remainder of the source code, effecitvely disabling them for a larger portion of the codebase than intended. `#pragma clang diagnostic` didn't have such issue in the codebase. Reviewed-by: Marcel Raad Closes #12352
show more ...
|
#
ad051e1c |
| 23-Oct-2023 |
Stefan Eissing |
lib: client writer, part 2, accounting + logging This PR has these changes: Renaming of unencode_* to cwriter, e.g. client writers - documentation of sendf.h functions - mov
lib: client writer, part 2, accounting + logging This PR has these changes: Renaming of unencode_* to cwriter, e.g. client writers - documentation of sendf.h functions - move max decode stack checks back to content_encoding.c - define writer phase which was used as order before - introduce phases for monitoring inbetween decode phases - offering default implementations for init/write/close Add type paramter to client writer's do_write() - always pass all writes through the writer stack - writers who only care about BODY data will pass other writes unchanged add RAW and PROTOCOL client writers - RAW used for Curl_debug() logging of CURLINFO_DATA_IN - PROTOCOL used for updates to data->req.bytecount, max_filesize checks and Curl_pgrsSetDownloadCounter() - remove all updates of data->req.bytecount and calls to Curl_pgrsSetDownloadCounter() and Curl_debug() from other code - adjust test457 expected output to no longer see the excess write Closes #12184
show more ...
|
#
37b5cf4f |
| 26-Oct-2023 |
Stefan Eissing |
cfilter: provide call to tell connection to forget a socket - fixed libssh.c workaround for a socket being closed by the library - eliminate the terrible hack in cf-socket.c to gue
cfilter: provide call to tell connection to forget a socket - fixed libssh.c workaround for a socket being closed by the library - eliminate the terrible hack in cf-socket.c to guess when this happened and try not closing the socket again. - fixes race in eyeballing when socket could have failed to be closed for a discarded connect attempt Closes #12207
show more ...
|
#
3b6d18bb |
| 03-Oct-2023 |
Viktor Szakats |
spelling: fix codespell 2.2.6 typos Closes #12019
|
#
35eb2614 |
| 05-Sep-2023 |
Jakub Jelen |
libssh: cap SFTP packet size sent Due to libssh limitations Signed-off-by: Jakub Jelen <jjelen@redhat.com> Closes #11804
|
#
5e2beb33 |
| 23-Aug-2023 |
Daniel Stenberg |
spelling: use 'reuse' not 're-use' in code and elsewhere Unify the spelling as both versions were previously used intermittently Closes #11717
|
#
00f8f9c2 |
| 30-Jul-2023 |
Viktor Szakats |
cmake: cache more config and delete unused ones - cache more Windows config results for faster initialization. - delete unused config macros `HAVE_SYS_UTSNAME_H`, `HAVE_SSL_H`.
cmake: cache more config and delete unused ones - cache more Windows config results for faster initialization. - delete unused config macros `HAVE_SYS_UTSNAME_H`, `HAVE_SSL_H`. - delete dead references to `sys/utsname.h`. Closes #11551
show more ...
|
#
be17dc9d |
| 24-May-2023 |
Daniel Stenberg |
libssh: when keyboard-interactive auth fails, try password The state machine had a mistake in that it would not carry on to that next step. This also adds a verbose output what
libssh: when keyboard-interactive auth fails, try password The state machine had a mistake in that it would not carry on to that next step. This also adds a verbose output what methods that are available from the server and renames the macros that change to the next auth methods to try. Reported-by: 左潇峰 Fixes #11196 Closes #11197
show more ...
|
#
ff67da58 |
| 27-Apr-2023 |
Daniel Stenberg |
libssh: tell it to use SFTP non-blocking Reported-by: Andreas Huebner Fixes #11020 Closes #11039
|
#
7815647d |
| 25-Apr-2023 |
Daniel Stenberg |
lib: unify the upload/method handling By making sure we set state.upload based on the set.method value and not independently as set.upload, we reduce confusion and mixup risks, both
lib: unify the upload/method handling By making sure we set state.upload based on the set.method value and not independently as set.upload, we reduce confusion and mixup risks, both internally and externally. Closes #11017
show more ...
|
#
f7a3fae4 |
| 16-Mar-2023 |
Daniel Stenberg |
libssh: use dynbuf instead of realloc When building lines to show for SFTP directory listings. Closes #10778
|