build: enable missing OpenSSF-recommended warnings, with fixes

https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
as of 2023-11-29 [1]

build: enable missing OpenSSF-recommended warnings, with fixes

https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
as of 2023-11-29 [1].

Enable new recommended warnings (except `-Wsign-conversion`):

- enable `-Wformat=2` for clang (in both cmake and autotools).
- add `CURL_PRINTF()` internal attribute and mark functions accepting
printf arguments with it. This is a copy of existing
`CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible
with redefinting the `printf` symbol:
https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94
- fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for
mingw-w64 and enable it on this platform.
- enable `-Wimplicit-fallthrough`.
- enable `-Wtrampolines`.
- add `-Wsign-conversion` commented with a FIXME.
- cmake: enable `-pedantic-errors` the way we do it with autotools.
Follow-up to d5c0351055d5709da8f3e16c91348092fdb481aa #2747
- lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format
checks. Previously it was always disabled due to the internal `printf`
macro.

Fix them:

- fix bug where an `set_ipv6_v6only()` call was missed in builds with
`--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`.
- add internal `FALLTHROUGH()` macro.
- replace obsolete fall-through comments with `FALLTHROUGH()`.
- fix fallthrough markups: Delete redundant ones (showing up as
warnings in most cases). Add missing ones. Fix indentation.
- silence `-Wformat-nonliteral` warnings with llvm/clang.
- fix one `-Wformat-nonliteral` warning.
- fix new `-Wformat` and `-Wformat-security` warnings.
- fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its
definition to `lib/curl_setup.h` allowing use in `tests/server`.
- lib: fix two wrongly passed string arguments in log outputs.
Co-authored-by: Jay Satiro
- fix new `-Wformat` warnings on mingw-w64.

[1] https://github.com/ossf/wg-best-practices-os-developers/blob/56c0fde3895bfc55c8a973ef49a2572c507b2ae1/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C%2B%2B.md

Closes #12489

show more ...

lib: eliminate `conn->cselect_bits`

- use `data->state.dselect_bits` everywhere instead
- remove `bool *comeback` parameter as non-zero
`data->state.dselect_bits` will indicate tha

lib: eliminate `conn->cselect_bits`

- use `data->state.dselect_bits` everywhere instead
- remove `bool *comeback` parameter as non-zero
`data->state.dselect_bits` will indicate that IO is
incomplete.

Closes #12512

show more ...

build: add more picky warnings and fix them

Enable more picky compiler warnings. I've found these options in the
nghttp3 project when implementing the CMake quick picky warning
funct

build: add more picky warnings and fix them

Enable more picky compiler warnings. I've found these options in the
nghttp3 project when implementing the CMake quick picky warning
functionality for it [1].

`-Wunused-macros` was too noisy to keep around, but fixed a few issues
it revealed while testing.

- autotools: reflect the more precisely-versioned clang warnings.
Follow-up to 033f8e2a08eb1d3102f08c4d8c8e85470f8b460e #12324
- autotools: sync between clang and gcc the way we set `no-multichar`.
- autotools: avoid setting `-Wstrict-aliasing=3` twice.
- autotools: disable `-Wmissing-noreturn` for MSYS gcc targets [2].
It triggers in libtool-generated stub code.

- lib/timeval: delete a redundant `!MSDOS` guard from a `WIN32` branch.

- lib/curl_setup.h: delete duplicate declaration for `fileno`.
Added in initial commit ae1912cb0d494b48d514d937826c9fe83ec96c4d
(1999-12-29). This suggests this may not be needed anymore, but if
it does, we may restore this for those specific (non-Windows) systems.
- lib: delete unused macro `FTP_BUFFER_ALLOCSIZE` since
c1d6fe2aaa5a26e49a69a4f2495b3cc7a24d9394.
- lib: delete unused macro `isxdigit_ascii` since
f65f750742068f579f4ee6d8539ed9d5f0afcb85.
- lib/mqtt: delete unused macro `MQTT_HEADER_LEN`.
- lib/multi: delete unused macro `SH_READ`/`SH_WRITE`.
- lib/hostip: add `noreturn` function attribute via new `CURL_NORETURN`
macro.
- lib/mprintf: delete duplicate declaration for `Curl_dyn_vprintf`.
- lib/rand: fix `-Wunreachable-code` and related fallouts [3].
- lib/setopt: fix `-Wunreachable-code-break`.
- lib/system_win32 and lib/timeval: fix double declarations for
`Curl_freq` and `Curl_isVistaOrGreater` in CMake UNITY mode [4].
- lib/warnless: fix double declarations in CMake UNITY mode [5].
This was due to force-disabling the header guard of `warnless.h` to
to reapply it to source code coming after `warnless.c` in UNITY
builds. This reapplied declarations too, causing the warnings.
Solved by adding a header guard for the lines that actually need
to be reapplied.
- lib/vauth/digest: fix `-Wunreachable-code-break` [6].
- lib/vssh/libssh2: fix `-Wunreachable-code-break` and delete redundant
block.
- lib/vtls/sectransp: fix `-Wunreachable-code-break` [7].
- lib/vtls/sectransp: suppress `-Wunreachable-code`.
Detected in `else` branches of dynamic feature checks, with results
known at compile-time, e.g.
```c
if(SecCertificateCopySubjectSummary) /* -> true */
```
Likely fixable as a separate micro-project, but given SecureTransport
is deprecated anyway, let's just silence these locally.
- src/tool_help: delete duplicate declaration for `helptext`.
- src/tool_xattr: fix `-Wunreachable-code`.
- tests: delete duplicate declaration for `unitfail` [8].
- tests: delete duplicate declaration for `strncasecompare`.
- tests/libtest: delete duplicate declaration for `gethostname`.
Originally added in 687df5c8c39c370a59999b9afc0917d808d978b7
(2010-08-02).
Got complicated later: c49e9683b85ba9d12cbb6eebc4ab2c8dba68fbdc
If there are still systems around with warnings, we may restore the
prototype, but limited for those systems.
- tests/lib2305: delete duplicate declaration for
`libtest_debug_config`.
- tests/h2-download: fix `-Wunreachable-code-break`.

[1] https://github.com/ngtcp2/nghttp3/blob/a70edb08e954d690e8fb2c1df999b5a056f8bf9f/cmake/PickyWarningsC.cmake
[2] https://ci.appveyor.com/project/curlorg/curl/builds/48553586/job/3qkgjauiqla5fj45?fullLog=true#L1675
[3] https://github.com/curl/curl/actions/runs/6880886309/job/18716044703?pr=12331#step:7:72
https://github.com/curl/curl/actions/runs/6883016087/job/18722707368?pr=12331#step:7:109
[4] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrriklpf1ut#L204
[5] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrriklpf1ut#L218
[6] https://github.com/curl/curl/actions/runs/6880886309/job/18716042927?pr=12331#step:7:290
[7] https://github.com/curl/curl/actions/runs/6891484996/job/18746659406?pr=12331#step:9:1193
[8] https://github.com/curl/curl/actions/runs/6882803986/job/18722082562?pr=12331#step:33:1870

Closes #12331

show more ...

autotools: stop setting `-std=gnu89` with `--enable-warnings`

Do not alter the C standard when building with `--enable-warnings` when
building with gcc.

On one hand this alters

autotools: stop setting `-std=gnu89` with `--enable-warnings`

Do not alter the C standard when building with `--enable-warnings` when
building with gcc.

On one hand this alters warning results compared to a default build.
On the other, it may produce different binaries, which is unexpected.

Also fix new warnings that appeared after removing `-std=gnu89`:

- include: fix public curl headers to use the correct printf mask for
`CURL_FORMAT_CURL_OFF_T` and `CURL_FORMAT_CURL_OFF_TU` with mingw-w64
and Visual Studio 2013 and newer. This fixes the printf mask warnings
in examples and tests. E.g. [1]

- conncache: fix printf format string [2].

- http2: fix potential null pointer dereference [3].
(seen on Slackware with gcc 11.)

- libssh: fix printf format string in SFTP code [4].
Also make MSVC builds compatible with old CRT versions.

- libssh2: fix printf format string in SFTP code for MSVC.
Applying the same fix as for libssh above.

- unit1395: fix `argument is null` and related issues [5]:
- stop calling `strcmp()` with NULL to avoid undefined behaviour.
- fix checking results if some of them were NULL.
- do not pass NULL to printf `%s`.

- ci: keep a build job with `-std=gnu89` to continue testing for
C89-compliance. We can apply this to other gcc jobs as needed.
Ref: b23ce2cee7329bbf425f18b49973b7a5f23dfcb4 (2022-09-23) #9542

[1] https://dev.azure.com/daniel0244/curl/_build/results?buildId=18581&view=logs&jobId=ccf9cc6d-2ef1-5cf2-2c09-30f0c14f923b
[2] https://github.com/curl/curl/actions/runs/6896854263/job/18763831142?pr=12346#step:6:67
[3] https://github.com/curl/curl/actions/runs/6896854253/job/18763839238?pr=12346#step:30:214
[4] https://github.com/curl/curl/actions/runs/6896854253/job/18763838007?pr=12346#step:29:895
[5] https://github.com/curl/curl/actions/runs/6896854253/job/18763836775?pr=12346#step:33:1689

Closes #12346

show more ...

lib: client writer, part 2, accounting + logging

This PR has these changes:

Renaming of unencode_* to cwriter, e.g. client writers
- documentation of sendf.h functions
- mov

lib: client writer, part 2, accounting + logging

This PR has these changes:

Renaming of unencode_* to cwriter, e.g. client writers
- documentation of sendf.h functions
- move max decode stack checks back to content_encoding.c
- define writer phase which was used as order before
- introduce phases for monitoring inbetween decode phases
- offering default implementations for init/write/close

Add type paramter to client writer's do_write()
- always pass all writes through the writer stack
- writers who only care about BODY data will pass other writes unchanged

add RAW and PROTOCOL client writers
- RAW used for Curl_debug() logging of CURLINFO_DATA_IN
- PROTOCOL used for updates to data->req.bytecount, max_filesize checks and
Curl_pgrsSetDownloadCounter()
- remove all updates of data->req.bytecount and calls to
Curl_pgrsSetDownloadCounter() and Curl_debug() from other code
- adjust test457 expected output to no longer see the excess write

Closes #12184

show more ...

spelling: fix codespell 2.2.6 typos

Closes #12019

libssh2: fix error message on failed pubkey-from-file

- If libssh2_userauth_publickey_fromfile_ex returns -1 then show error
message "SSH public key authentication failed: Reason unkno

libssh2: fix error message on failed pubkey-from-file

- If libssh2_userauth_publickey_fromfile_ex returns -1 then show error
message "SSH public key authentication failed: Reason unknown (-1)".

When libssh2_userauth_publickey_fromfile_ex returns -1 it does so as a
generic error and therefore doesn't set an error message. AFAICT that is
not documented behavior.

Prior to this change libcurl retrieved the last set error message which
would be from a previous function failing. That resulted in misleading
auth failed error messages in verbose mode.

Bug: https://github.com/curl/curl/issues/11837#issue-1891827355
Reported-by: consulion@users.noreply.github.com

Closes https://github.com/curl/curl/pull/11881

show more ...

spelling: use 'reuse' not 're-use' in code and elsewhere

Unify the spelling as both versions were previously used intermittently

Closes #11717

trace: make tracing available in non-debug builds

Add --trace-config to curl

Add curl_global_trace() to libcurl

Closes #11421

cmake: cache more config and delete unused ones

- cache more Windows config results for faster initialization.

- delete unused config macros `HAVE_SYS_UTSNAME_H`, `HAVE_SSL_H`.

cmake: cache more config and delete unused ones

- cache more Windows config results for faster initialization.

- delete unused config macros `HAVE_SYS_UTSNAME_H`, `HAVE_SSL_H`.

- delete dead references to `sys/utsname.h`.

Closes #11551

show more ...

libssh2: provide error message when setting host key type fails

Ref: https://curl.se/mail/archive-2023-06/0001.html

Closes #11240

libssh2: use custom memory functions

Because of how libssh2_userauth_keyboard_interactive_ex() works: the
libcurl callback allocates memory that is later free()d by libssh2, we
must

libssh2: use custom memory functions

Because of how libssh2_userauth_keyboard_interactive_ex() works: the
libcurl callback allocates memory that is later free()d by libssh2, we
must set the custom memory functions.

Reverts 8b5f100db388ee60118c08aa28

Ref: https://github.com/libssh2/libssh2/issues/1078
Closes #11235

show more ...

ssh: Add support for libssh2 read timeout

Hook the new (1.11.0 or newer) libssh2 support for setting a read timeout
into the SERVER_RESPONSE_TIMEOUT option. With this done, clients can

ssh: Add support for libssh2 read timeout

Hook the new (1.11.0 or newer) libssh2 support for setting a read timeout
into the SERVER_RESPONSE_TIMEOUT option. With this done, clients can use
the standard curl response timeout setting to also control the time that
libssh2 will wait for packets from a slow server. This is necessary to
enable use of very slow SFTP servers.

Signed-off-by: Daniel Silverstone <daniel.silverstone@codethink.co.uk>

Closes #10965

show more ...

libssh2: free fingerprint better

Reported-by: Wei Chong Tan
Closes #11088

libssh2: fix crash in keyboard callback

- Always set the libssh2 'abstract' user-pointer to the libcurl easy
handle associated with the ssh session, so it is always passed to the

libssh2: fix crash in keyboard callback

- Always set the libssh2 'abstract' user-pointer to the libcurl easy
handle associated with the ssh session, so it is always passed to the
ssh keyboard callback.

Prior to this change and since 8b5f100 (precedes curl 8.0.0), if libcurl
was built without CURL_DEBUG then it could crash during the ssh auth
phase due to a null dereference in the ssh keyboard callback.

Reported-by: Andreas Falkenhahn

Fixes https://github.com/curl/curl/pull/11024
Closes https://github.com/curl/curl/pull/11026

show more ...

lib: unify the upload/method handling

By making sure we set state.upload based on the set.method value and not
independently as set.upload, we reduce confusion and mixup risks, both

lib: unify the upload/method handling

By making sure we set state.upload based on the set.method value and not
independently as set.upload, we reduce confusion and mixup risks, both
internally and externally.

Closes #11017

show more ...

libssh2: remove unused variable from libssh2's struct

Closes #10777

libssh2: only set the memory callbacks when debugging

This makes us debug libssh2 less and libcurl more when for example
running torture tests that otherwise will spend a lot of time in

libssh2: only set the memory callbacks when debugging

This makes us debug libssh2 less and libcurl more when for example
running torture tests that otherwise will spend a lot of time in libssh2
functions.

We leave libssh2 to test libssh2.

Closes #10721

show more ...

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- save

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING

checksrc is updated to allow non-year using copyright statements

Closes #10205

show more ...

lib: connect/h2/h3 refactor

Refactoring of connection setup and happy eyeballing. Move
nghttp2. ngtcp2, quiche and msh3 into connection filters.

- eyeballing cfilter that uses

lib: connect/h2/h3 refactor

Refactoring of connection setup and happy eyeballing. Move
nghttp2. ngtcp2, quiche and msh3 into connection filters.

- eyeballing cfilter that uses sub-filters for performing parallel connects
- socket cfilter for all transport types, including QUIC
- QUIC implementations in cfilter, can now participate in eyeballing
- connection setup is more dynamic in order to adapt to what filter did
really connect. Relevant to see if a SSL filter needs to be added or
if SSL has already been provided
- HTTP/3 test cases similar to HTTP/2
- multiuse of parallel transfers for HTTP/3, tested for ngtcp2 and quiche

- Fix for data attach/detach in VTLS filters that could lead to crashes
during parallel transfers.
- Eliminating setup() methods in cfilters, no longer needed.
- Improving Curl_conn_is_alive() to replace Curl_connalive() and
integrated ssl alive checks into cfilter.
- Adding CF_CNTRL_CONN_INFO_UPDATE to tell filters to update
connection into and persist it at the easy handle.

- Several more cfilter related cleanups and moves:
- stream_weigth and dependency info is now wrapped in struct
Curl_data_priority
- Curl_data_priority members depend is available in HTTP2|HTTP3
- Curl_data_priority members depend on NGHTTP2 support
- handling init/reset/cleanup of priority part of url.c
- data->state.priority same struct, but shallow copy for compares only

- PROTOPT_STREAM has been removed
- Curl_conn_is_mulitplex() now available to check on capability

- Adding query method to connection filters.
- ngtcp2+quiche: implementing query for max concurrent transfers.

- Adding is_alive and keep_alive cfilter methods. Adding DATA_SETUP event.
- setting keepalive timestamp on connect
- DATA_SETUP is called after the connection has been completely
setup (but may not connected yet) to allow filters to initialize
data members they use.

- there is no socket to be had with msh3, it is unclear how select
shall work

- manual test via "curl --http3 https://curl.se" fail with "empty
reply from server".

- Various socket/conn related cleanups:
- Curl_socket is now Curl_socket_open and in cf-socket.c
- Curl_closesocket is now Curl_socket_close and in cf-socket.c
- Curl_ssl_use has been replaced with Cur_conn_is_ssl
- Curl_conn_tcp_accepted_set has been split into
Curl_conn_tcp_listen_set and Curl_conn_tcp_accepted_set
with a clearer purpose

Closes #10141

show more ...

libssh2: try sha2 algos for hostkey methods

As is supported by recent libssh2, but should just be ignored by older
versions.

Reported-by: norbertmm on github
Assisted-by: no

libssh2: try sha2 algos for hostkey methods

As is supported by recent libssh2, but should just be ignored by older
versions.

Reported-by: norbertmm on github
Assisted-by: norbertmm on github
Fixes #10143
Closes #10145

show more ...

libssh2: return error when ssh_hostkeyfunc returns error

return CURLE_PEER_FAILED_VERIFICATION if verification with the callback
return a result different than CURLKHMATCH_OK

Cl

libssh2: return error when ssh_hostkeyfunc returns error

return CURLE_PEER_FAILED_VERIFICATION if verification with the callback
return a result different than CURLKHMATCH_OK

Closes #10034

show more ...

netware: remove leftover traces

Commit 3b16575ae938dec2a29454631a12aa52b6ab9c67 removed support for
building on Novell Netware, but a few leftover traces remained. This
removes the l

netware: remove leftover traces

Commit 3b16575ae938dec2a29454631a12aa52b6ab9c67 removed support for
building on Novell Netware, but a few leftover traces remained. This
removes the last bits.

Closes: #9966
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

vtls: localization of state data in filters

- almost all backend calls pass the Curl_cfilter intance instead of
connectdata+sockindex
- ssl_connect_data is remove from struct co

vtls: localization of state data in filters

- almost all backend calls pass the Curl_cfilter intance instead of
connectdata+sockindex
- ssl_connect_data is remove from struct connectdata and made internal
to vtls
- ssl_connect_data is allocated in the added filter, kept at cf->ctx

- added function to let a ssl filter access its ssl_primary_config and
ssl_config_data this selects the propert subfields in conn and data,
for filters added as plain or proxy
- adjusted all backends to use the changed api
- adjusted all backends to access config data via the exposed
functions, no longer using conn or data directly

cfilter renames for clear purpose:

- methods `Curl_conn_*(data, conn, sockindex)` work on the complete
filter chain at `sockindex` and connection `conn`.
- methods `Curl_cf_*(cf, ...)` work on a specific Curl_cfilter
instance.
- methods `Curl_conn_cf()` work on/with filter instances at a
connection.
- rebased and resolved some naming conflicts
- hostname validation (und session lookup) on SECONDARY use the same
name as on FIRST (again).

new debug macros and removing connectdata from function signatures where not
needed.

adapting schannel for new Curl_read_plain paramter.

Closes #9919

show more ...

lib: parse numbers with fixed known base 10

... instead of using 0 argument that allows decimal, hex or octal when
the number is documented and assumed to use base 10.

Closes #9

lib: parse numbers with fixed known base 10

... instead of using 0 argument that allows decimal, hex or octal when
the number is documented and assumed to use base 10.

Closes #9933

show more ...