| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Detecting headers and lib separately makes sense when headers come in
variations or with extra ones, but this wasn't the case here. These were
duplicate/parallel macros that we had to keep in sync with each other
for a working build. This patch leaves a single macro for each of these
dependencies:
- Rely on `HAVE_LIBZ`, delete parallel `HAVE_ZLIB_H`.
Also delete CMake logic making sure these two were in sync, along with
a toggle to turn off that logic, called `CURL_SPECIAL_LIBZ`.
Also delete stray `HAVE_ZLIB` defines.
There is also a `USE_ZLIB` variant in `lib/config-dos.h`. This patch
retains it for compatibility and deprecates it.
- Rely on `USE_LIBSSH2`, delete parallel `HAVE_LIBSSH2_H`.
Also delete `LIBSSH2_WIN32`, `LIBSSH2_LIBRARY` from
`winbuild/MakefileBuild.vc`, these have a role when building libssh2
itself. And `CURL_USE_LIBSSH`, which had no use at all.
Also delete stray `HAVE_LIBSSH2` defines.
- Rely on `USE_LIBSSH`, delete parallel `HAVE_LIBSSH_LIBSSH_H`.
Also delete `LIBSSH_WIN32`, `LIBSSH_LIBRARY` and `HAVE_LIBSSH` from
`winbuild/MakefileBuild.vc`, these were the result of copy-pasting the
libssh2 line, and were not having any use.
- Delete unused `HAVE_LIBPSL_H` and `HAVE_LIBPSL`.
Reviewed-by: Daniel Stenberg
Closes #9652
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The variable-sized encoding-specific storage of a struct contenc_writer
currently relies on void * alignment that may be insufficient with
regards to the specific storage fields, although having not caused any
problems yet.
In addition, gcc 11.3 issues a warning on access to fields of partially
allocated structures that can occur when the specific storage size is 0:
content_encoding.c: In function ‘Curl_build_unencoding_stack’:
content_encoding.c:980:21: warning: array subscript ‘struct contenc_writer[0]’ is partly outside array bounds of ‘unsigned char[16]’ [-Warray-bounds]
980 | writer->handler = handler;
| ~~~~~~~~~~~~~~~~^~~~~~~~~
In file included from content_encoding.c:49:
memdebug.h:115:29: note: referencing an object of size 16 allocated by ‘curl_dbg_calloc’
115 | #define calloc(nbelem,size) curl_dbg_calloc(nbelem, size, __LINE__, __FILE__)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
content_encoding.c:977:60: note: in expansion of macro ‘calloc’
977 | struct contenc_writer *writer = (struct contenc_writer *)calloc(1, sz);
To solve both these problems, the current commit replaces the
contenc_writer/params structure pairs by "subclasses" of struct
contenc_writer. These are structures that contain a contenc_writer at
offset 0. Proper field alignment is therefore handled by the compiler and
full structure allocation is performed, silencing the warnings.
Closes #9455
|
| |
|
|
|
|
|
|
|
|
|
| |
Instances of ISSPACE() use that should rather use ISBLANK(). I think
somewhat carelessly used because it sounds as if it checks for space or
whitespace, but also includes %0a to %0d.
For parsing purposes, we should only accept what we must and not be
overly liberal. It leads to surprises and surprises lead to bad things.
Closes #9432
|
| |
|
|
|
|
|
|
|
| |
The max allowed steps is arbitrarily set to 5.
Bug: https://curl.se/docs/CVE-2022-32206.html
CVE-2022-32206
Reported-by: Harry Sintonen
Closes #9049
|
| |
|
|
|
|
|
|
|
|
|
| |
Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.
This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.
Closes #8869
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit b5a434f7f0ee4d64857f8592eced5b9007d83620 inhibits the warning
on implicit fallthrough cases, since the current coding of indicating
fallthrough with comments is falling out of fashion with new compilers.
This attempts to make the issue smaller by rewriting fallthroughs to no
longer fallthrough, via either breaking the cases or turning switch
statements into if statements.
lib/content_encoding.c: the fallthrough codepath is simply copied
into the case as it's a single line.
lib/http_ntlm.c: the fallthrough case skips a state in the state-
machine and fast-forwards to NTLMSTATE_LAST. Do this before the
switch statement instead to set up the states that we actually
want.
lib/http_proxy.c: the fallthrough is just falling into exiting the
switch statement which can be done easily enough in the case.
lib/mime.c: switch statement rewritten as if statement.
lib/pop3.c: the fallthrough case skips to the next state in the
statemachine, do this explicitly instead.
lib/urlapi.c: switch statement rewritten as if statement.
lib/vssh/wolfssh.c: the fallthrough cases fast-forwards the state
machine, do this by running another iteration of the switch
statement instead.
lib/vtls/gtls.c: switch statement rewritten as if statement.
lib/vtls/nss.c: the fallthrough codepath is simply copied into the
case as it's a single line. Also twiddle a comment to not be
inside a non-brace if statement.
Closes: #7322
See-also: #7295
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
| |
|
|
| |
Closes #6954
|
| |
|
|
|
|
| |
... remove '== NULL' and '!= 0'
Closes #6912
|
| |
|
|
| |
Closes #6499
|
| |
|
|
|
|
| |
... by anchoring more functions on Curl_easy instead of connectdata
Closes #6498
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
... in most cases instead of 'struct connectdata *' but in some cases in
addition to.
- We mostly operate on transfers and not connections.
- We need the transfer handle to log, store data and more. Everything in
libcurl is driven by a transfer (the CURL * in the public API).
- This work clarifies and separates the transfers from the connections
better.
- We should avoid "conn->data". Since individual connections can be used
by many transfers when multiplexing, making sure that conn->data
points to the current and correct transfer at all times is difficult
and has been notoriously error-prone over the years. The goal is to
ultimately remove the conn->data pointer for this reason.
Closes #6425
|
| |
|
|
| |
Closes #6172
|
| |
|
|
|
|
|
|
|
| |
The OS is deprecated. I see no traces of anyone having actually built
curl for Symbian after 2012.
The public headers are unmodified.
Closes #5989
|
| |
|
|
|
|
|
|
|
| |
include zstd curl patch for Makefile.m32 from vszakats
and include Add CMake support for zstd from Peter Wu
Helped-by: Viktor Szakats
Helped-by: Peter Wu
Closes #5453
|
| |
|
|
|
|
|
|
|
|
|
| |
- Stick to a single unified way to use structs
- Make checksrc complain on 'typedef struct {'
- Allow them in tests, public headers and examples
- Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually
typedef different types/structs depending on build conditions.
Closes #5338
|
| |
|
|
|
|
|
|
|
| |
Some servers issue raw deflate data that may be followed by an undocumented
trailer. This commit makes curl tolerate such a trailer of up to 4 bytes
before considering the data is in error.
Reported-by: clbr on github
Fixes #2719
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Get rid of variable that was generating false positive warning
(unitialized)
- Fix issues in tests
- Reduce scope of several variables all over
etc
Closes #2631
|
| |
|
|
|
|
|
| |
Fallback on Z_SYNC_FLUSH when Z_BLOCK is not available.
Fixes #2606
Closes #2608
|
| |
|
|
|
|
|
|
|
|
| |
When a zeroed out allocation is required, use calloc() rather than
malloc() followed by an explicit memset(). The result will be the
same, but using calloc() everywhere increases consistency in the
codebase and avoids the risk of subtle bugs when code is injected
between malloc and memset by accident.
Closes https://github.com/curl/curl/pull/2497
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Some servers return a "content-encoding" header with a non-standard
"none" value.
Add "none" as an alias to "identity" as a work-around, to avoid
unrecognised content encoding type errors.
Signed-off-by: Mohammad AlSaleh <CE.Mohammad.AlSaleh@gmail.com>
Closes https://github.com/curl/curl/pull/2298
|
| |
|
|
|
|
|
|
|
|
| |
Decoding loop implementation did not concern the case when all
received data is consumed by Brotli decoder and the size of decoded
data internally hold by Brotli decoder is greater than CURL_MAX_WRITE_SIZE.
For content with unencoded length greater than CURL_MAX_WRITE_SIZE this
can result in the loss of data at the end of content.
Closes #2194
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- When zlib version is < 1.2.0.4, process gzip trailer before considering
extra data as an error.
- Inflate with Z_BLOCK instead of Z_SYNC_FLUSH to maximize correct data
and minimize corrupt data output.
- Do not try to restart deflate decompression in raw mode if output has
started or if the leading data is not available anymore.
- New test 232 checks inflating raw-deflated content.
Closes #2068
|
| |
|
|
|
| |
Some error codes were not yet defined in brotli 0.6.0: do not issue code
for them in this case.
|
| |
|
|
|
|
|
|
| |
There is a conflict on symbol 'free_func' between openssl/crypto.h and
zlib.h on AIX. This is an attempt to resolve it.
Bug: https://curl.haxx.se/mail/lib-2017-11/0032.html
Reported-By: Michael Felt
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Don't call zlib's inflate() when avail_in stream bytes is 0.
This is a follow up to the parent commit 19e66e5. Prior to that change
libcurl's inflate_stream could call zlib's inflate even when no bytes
were available, causing inflate to return Z_BUF_ERROR, and then
inflate_stream would treat that as a hard error and return
CURLE_BAD_CONTENT_ENCODING.
According to the zlib FAQ, Z_BUF_ERROR is not fatal.
This bug would happen randomly since packet sizes are arbitrary. A test
of 10,000 transfers had 55 fail (ie 0.55%).
Ref: https://zlib.net/zlib_faq.html#faq05
Closes https://github.com/curl/curl/pull/2060
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This uses the brotli external library (https://github.com/google/brotli).
Brotli becomes a feature: additional curl_version_info() bit and
structure fields are provided for it and CURLVERSION_NOW bumped.
Tests 314 and 315 check Brotli content unencoding with correct and
erroneous data.
Some tests are updated to accomodate with the now configuration dependent
parameters of the Accept-Encoding header.
|
| |
|
|
|
|
|
|
|
|
| |
This is implemented as an output streaming stack of unencoders, the last
calling the client write procedure.
New test 230 checks this feature.
Bug: https://github.com/curl/curl/pull/2002
Reported-By: Daniel Bankhead
|
| | |
|
| |
|
|
|
|
| |
... by removing the else branch after a return, break or continue.
Closes #1310
|
| |
|
|
|
| |
Failure to decompress is now a write error instead of the weird
"function not found".
|
| |
|
|
| |
In order to make the code style more uniform everywhere
|
| |
|
|
| |
Discussed: https://curl.haxx.se/mail/lib-2016-11/0087.html
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit renames lib/setup.h to lib/curl_setup.h and
renames lib/setup_once.h to lib/curl_setup_once.h.
Removes the need and usage of a header inclusion guard foreign
to libcurl. [1]
Removes the need and presence of an alarming notice we carried
in old setup_once.h [2]
----------------------------------------
1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard
up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H,
this single inclusion guard is enough to ensure that inclusion of
lib/setup_once.h done from lib/setup.h is only done once.
Additionally lib/setup.h has always used __SETUP_ONCE_H macro to
protect inclusion of setup_once.h even after commit ec691ca3, this
was to avoid a circular header inclusion triggered when building a
c-ares enabled version with c-ares sources available which also has
a setup_once.h header. Commit ec691ca3 exposes the real nature of
__SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard
foreign to libcurl belonging to c-ares's setup_once.h
The renaming this commit does, fixes the circular header inclusion,
and as such removes the need and usage of a header inclusion guard
foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl.
2 - Due to the circular interdependency of old lib/setup_once.h and the
c-ares setup_once.h header, old file lib/setup_once.h has carried
back from 2006 up to now days an alarming and prominent notice about
the need of keeping libcurl's and c-ares's setup_once.h in sync.
Given that this commit fixes the circular interdependency, the need
and presence of mentioned notice is removed.
All mentioned interdependencies come back from now old days when
the c-ares project lived inside a curl subdirectory. This commit
removes last traces of such fact.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts renaming and usage of lib/*.h header files done
28-12-2012, reverting 2 commits:
f871de0... build: make use of 76 lib/*.h renamed files
ffd8e12... build: rename 76 lib/*.h files
This also reverts removal of redundant include guard (redundant thanks
to changes in above commits) done 2-12-2013, reverting 1 commit:
c087374... curl_setup.h: remove redundant include guard
This also reverts renaming and usage of lib/*.c source files done
3-12-2013, reverting 3 commits:
13606bb... build: make use of 93 lib/*.c renamed files
5b6e792... build: rename 93 lib/*.c files
7d83dff... build: commit 13606bbfde follow-up 1
Start of related discussion thread:
http://curl.haxx.se/mail/lib-2013-01/0012.html
Asking for confirmation on pushing this revertion commit:
http://curl.haxx.se/mail/lib-2013-01/0048.html
Confirmation summary:
http://curl.haxx.se/mail/lib-2013-01/0079.html
NOTICE: The list of 2 files that have been modified by other
intermixed commits, while renamed, and also by at least one
of the 6 commits this one reverts follows below. These 2 files
will exhibit a hole in history unless git's '--follow' option
is used when viewing logs.
lib/curl_imap.h
lib/curl_smtp.h
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
93 lib/*.c source files renamed to use our standard naming scheme.
This commit only does the file renaming.
----------------------------------------
renamed: lib/amigaos.c -> lib/curl_amigaos.c
renamed: lib/asyn-ares.c -> lib/curl_asyn_ares.c
renamed: lib/asyn-thread.c -> lib/curl_asyn_thread.c
renamed: lib/axtls.c -> lib/curl_axtls.c
renamed: lib/base64.c -> lib/curl_base64.c
renamed: lib/bundles.c -> lib/curl_bundles.c
renamed: lib/conncache.c -> lib/curl_conncache.c
renamed: lib/connect.c -> lib/curl_connect.c
renamed: lib/content_encoding.c -> lib/curl_content_encoding.c
renamed: lib/cookie.c -> lib/curl_cookie.c
renamed: lib/cyassl.c -> lib/curl_cyassl.c
renamed: lib/dict.c -> lib/curl_dict.c
renamed: lib/easy.c -> lib/curl_easy.c
renamed: lib/escape.c -> lib/curl_escape.c
renamed: lib/file.c -> lib/curl_file.c
renamed: lib/fileinfo.c -> lib/curl_fileinfo.c
renamed: lib/formdata.c -> lib/curl_formdata.c
renamed: lib/ftp.c -> lib/curl_ftp.c
renamed: lib/ftplistparser.c -> lib/curl_ftplistparser.c
renamed: lib/getenv.c -> lib/curl_getenv.c
renamed: lib/getinfo.c -> lib/curl_getinfo.c
renamed: lib/gopher.c -> lib/curl_gopher.c
renamed: lib/gtls.c -> lib/curl_gtls.c
renamed: lib/hash.c -> lib/curl_hash.c
renamed: lib/hmac.c -> lib/curl_hmac.c
renamed: lib/hostasyn.c -> lib/curl_hostasyn.c
renamed: lib/hostcheck.c -> lib/curl_hostcheck.c
renamed: lib/hostip.c -> lib/curl_hostip.c
renamed: lib/hostip4.c -> lib/curl_hostip4.c
renamed: lib/hostip6.c -> lib/curl_hostip6.c
renamed: lib/hostsyn.c -> lib/curl_hostsyn.c
renamed: lib/http.c -> lib/curl_http.c
renamed: lib/http_chunks.c -> lib/curl_http_chunks.c
renamed: lib/http_digest.c -> lib/curl_http_digest.c
renamed: lib/http_negotiate.c -> lib/curl_http_negotiate.c
renamed: lib/http_negotiate_sspi.c -> lib/curl_http_negotiate_sspi.c
renamed: lib/http_proxy.c -> lib/curl_http_proxy.c
renamed: lib/idn_win32.c -> lib/curl_idn_win32.c
renamed: lib/if2ip.c -> lib/curl_if2ip.c
renamed: lib/imap.c -> lib/curl_imap.c
renamed: lib/inet_ntop.c -> lib/curl_inet_ntop.c
renamed: lib/inet_pton.c -> lib/curl_inet_pton.c
renamed: lib/krb4.c -> lib/curl_krb4.c
renamed: lib/krb5.c -> lib/curl_krb5.c
renamed: lib/ldap.c -> lib/curl_ldap.c
renamed: lib/llist.c -> lib/curl_llist.c
renamed: lib/md4.c -> lib/curl_md4.c
renamed: lib/md5.c -> lib/curl_md5.c
renamed: lib/memdebug.c -> lib/curl_memdebug.c
renamed: lib/mprintf.c -> lib/curl_mprintf.c
renamed: lib/multi.c -> lib/curl_multi.c
renamed: lib/netrc.c -> lib/curl_netrc.c
renamed: lib/non-ascii.c -> lib/curl_non_ascii.c
renamed: lib/curl_non-ascii.h -> lib/curl_non_ascii.h
renamed: lib/nonblock.c -> lib/curl_nonblock.c
renamed: lib/nss.c -> lib/curl_nss.c
renamed: lib/nwlib.c -> lib/curl_nwlib.c
renamed: lib/nwos.c -> lib/curl_nwos.c
renamed: lib/openldap.c -> lib/curl_openldap.c
renamed: lib/parsedate.c -> lib/curl_parsedate.c
renamed: lib/pingpong.c -> lib/curl_pingpong.c
renamed: lib/polarssl.c -> lib/curl_polarssl.c
renamed: lib/pop3.c -> lib/curl_pop3.c
renamed: lib/progress.c -> lib/curl_progress.c
renamed: lib/qssl.c -> lib/curl_qssl.c
renamed: lib/rawstr.c -> lib/curl_rawstr.c
renamed: lib/rtsp.c -> lib/curl_rtsp.c
renamed: lib/security.c -> lib/curl_security.c
renamed: lib/select.c -> lib/curl_select.c
renamed: lib/sendf.c -> lib/curl_sendf.c
renamed: lib/share.c -> lib/curl_share.c
renamed: lib/slist.c -> lib/curl_slist.c
renamed: lib/smtp.c -> lib/curl_smtp.c
renamed: lib/socks.c -> lib/curl_socks.c
renamed: lib/socks_gssapi.c -> lib/curl_socks_gssapi.c
renamed: lib/socks_sspi.c -> lib/curl_socks_sspi.c
renamed: lib/speedcheck.c -> lib/curl_speedcheck.c
renamed: lib/splay.c -> lib/curl_splay.c
renamed: lib/ssh.c -> lib/curl_ssh.c
renamed: lib/sslgen.c -> lib/curl_sslgen.c
renamed: lib/ssluse.c -> lib/curl_ssluse.c
renamed: lib/strdup.c -> lib/curl_strdup.c
renamed: lib/strequal.c -> lib/curl_strequal.c
renamed: lib/strerror.c -> lib/curl_strerror.c
renamed: lib/strtok.c -> lib/curl_strtok.c
renamed: lib/strtoofft.c -> lib/curl_strtoofft.c
renamed: lib/telnet.c -> lib/curl_telnet.c
renamed: lib/tftp.c -> lib/curl_tftp.c
renamed: lib/timeval.c -> lib/curl_timeval.c
renamed: lib/transfer.c -> lib/curl_transfer.c
renamed: lib/url.c -> lib/curl_url.c
renamed: lib/version.c -> lib/curl_version.c
renamed: lib/warnless.c -> lib/curl_warnless.c
renamed: lib/wildcard.c -> lib/curl_wildcard.c
----------------------------------------
|
| |
|
|
|
|
| |
76 private header files renamed to use our standard naming scheme.
This change affects 322 files in libcurl's source tree.
|
| |
|
|
|
|
|
| |
As a bonus, this lets our MemoryTracking subsystem track zlib operations.
And also fixes a shortcut some zlib 1.2.x versions took using malloc()
instead of calloc(), which would trigger memory debuggers warnings on
memory being used without having been initialized.
|
| | |
|
| | |
|
| |
|
|
|
| |
By the use of a the new lib/checksrc.pl script that checks that our
basic source style rules are followed.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Sebastian V reported bug #3000056 identifying a problem with
redirect following. It showed that when curl followed redirects
it didn't properly ignore the response body of the 30X response
if that response was using compressed Content-Encoding!
(http://curl.haxx.se/bug/view.cgi?id=3000056)
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
to automatically uncompress it with the CURLOPT_ENCODING option, libcurl
could wrongly provide the callback with more data than what the maximum
documented amount. An application could thus get tricked into badness if the
maximum limit was trusted to be enforced by libcurl itself (as it is
documented).
This is further detailed and explained in the libcurl security advisory
20100209 at
http://curl.haxx.se/docs/adv_20100209.html
|
| | |
|
