Allowing 4GB on a 32-bit system is just asking for problems and could in
theory cause integer overflow in the dynbuf code.
The dynbuf now has an assert to catch code trying to set a max larger
than half SIZE_T_MAX.
Reported-by: Rinku Das
Closes#16716
The condition could not happen, as the function is only called from a
single place where the caller already made sure it can't happen. This
change still removes the flawed logic.
Reported-by: Ronald Crane
Closes#16710
After restricting OpenSSH-Windows to a single job, and bumping it to
the pre-release version, that job started hanging then timing out with
reasonable consistency.
Since we saw similar hangs before with OpenSSH-Windows stable, in all
jobs, drop OpenSSH-Windows from CI, and replace it with MSYS openssh.
After this patch, all Windows jobs use MSYS2 or Cygwin openssh.
Follow-up to 0ec72c1ef8#16672Closes#16704
```
In file included from server_bundle.c:7:
../../../tests/server/resolve.c:110:5: error: unknown type name 'curl_socket_t'; did you mean 'curl_socklen_t'?
curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
^~~~~~~~~~~~~
curl_socklen_t
../../../include/curl/system.h:392:38: note: 'curl_socklen_t' declared here
typedef CURL_TYPEOF_CURL_SOCKLEN_T curl_socklen_t;
^
In file included from server_bundle.c:7:
../../../tests/server/resolve.c:111:13: error: use of undeclared identifier 'CURL_SOCKET_BAD'
if(s == CURL_SOCKET_BAD)
^
```
Ref: https://github.com/curl/curl/actions/runs/13825438937/job/38679418428?pr=15000#step:14:47
Cherry-picked from #15000Closes#16700
Use a namespaced macro instead. To avoid confusion when other headers
also redefine these functions. And to improve readability by making it
apparent that the code sometimes overrides these functions.
Cherry-picked from #15000Closes#16698
Add an extra guard for the function and variable declarations to avoid
redundant redeclaration warnings when including this header multiple
times. This can happen in unity builds when including it again after
`curl_memory.h`.
Fixes:
```
bld/tests/server/CMakeFiles/servers.dir/Unity/unity_0_c.c
In file included from lib/mprintf.c:32,
from bld/tests/server/CMakeFiles/servers.dir/Unity/unity_0_c.c:7:
lib/memdebug.h:52:14: error: redundant redeclaration of ‘curl_dbg_logfile’ [-Werror=redundant-decls]
52 | extern FILE *curl_dbg_logfile;
| ^~~~~~~~~~~~~~~~
In file included from tests/server/resolve.c:50,
from bld/tests/server/server_bundle.c:7,
from bld/tests/server/CMakeFiles/servers.dir/Unity/unity_0_c.c:4:
lib/memdebug.h:52:14: note: previous declaration of ‘curl_dbg_logfile’ with type ‘FILE *’
52 | extern FILE *curl_dbg_logfile;
| ^~~~~~~~~~~~~~~~
[...]
lib/memdebug.h:110:17: error: redundant redeclaration of ‘curl_dbg_fclose’ [-Werror=redundant-decls]
110 | CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *source);
| ^~~~~~~~~~~~~~~
lib/memdebug.h:110:17: note: previous declaration of ‘curl_dbg_fclose’ with type ‘int(FILE *, int, const char *)’
110 | CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *source);
| ^~~~~~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/13822010778/job/38669360980#step:39:55
Cherry-picked from #15000Closes#16696
Include more sources in unity mode to optimize libtest and tests/server
builds for non-debug-enabled builds, syncing this pattern with `lib` and
`src`.
It reduces build steps from 62 to 47 (-14, -24%) with test bundles.
Without test bundles, from 680 to 642 (-38, -6%).
Follow-up to de0693f249#16274
Follow-up to 3efba94f77#14765
Cherry-picked from #15000Closes#16695
Regression from 597ee915c4 (not shipped in a release)
Reported-by: Carlos Henrique Lima Melara
Assisted-by: Scott Talbert
Added such a cookie to test 31.
Fixes#16692Closes#16703
Before this patch, standard `E*` errno codes were redefined on Windows,
onto matching winsock2 `WSA*` error codes, which have different values.
This broke uses where using the `E*` value in non-socket context, or
other places expecting a POSIX `errno`, e.g. file I/O, threads, IDN or
interfacing with dependencies.
Fix it by introducing a curl-specific `SOCKE*` set of macros that map to
`WSA*` on Windows and standard POSIX codes on other platforms. Then
verify and update the code to use `SOCKE*` or `E*` macro depending on
context.
- Add `SOCKE*` macros that map to either winsock2 or POSIX error codes.
And use them with `SOCKERRNO` or in contexts requiring
platform-dependent socket error codes.
This fixes `E*` uses which were supposed be POSIX values, not `WSA*`
socket errors, on Windows:
- lib/curl_multibyte.c
- lib/curl_threads.c
- lib/idn.c
- lib/vtls/gtls.c
- lib/vtls/rustls.c
- src/tool_cb_wrt.c
- src/tool_dirhie.c
- Ban `E*` codes having a `SOCKE*` mapping, via checksrc.
Authored-by: Daniel Stenberg
- Add exceptions for `E*` codes used in file I/O, or other contexts
requiring POSIX error codes.
Also:
- ftp: fix missing `SOCKEACCES` mapping for Windows.
- add `SOCKENOMEM` for `Curl_getaddrinfo()` via `asyn-thread.c`.
- tests/server/sockfilt: fix to set `SOCKERRNO` in local `select()`
override on Windows.
- lib/inet_ntop: fix to return `WSAEINVAL` on Windows, where `ENOSPC` is
used on other platforms. To simulate Windows' built-in `inet_ntop()`,
as tested on a Win10 machine.
Note:
- WINE returns `STATUS_INVALID_PARAMETER` = `0xC000000D`.
- Microsoft documentation says it returns `WSA_INVALID_PARAMETER`
(= `ERROR_INVALID_PARAMETER`) 87:
https://learn.microsoft.com/windows/win32/api/ws2tcpip/nf-ws2tcpip-inet_ntop#return-value
- lib/inet_ntop: drop redundant `CURL_SETERRNO(ENOSPC)`.
`inet_ntop4()` already sets it before returning `NULL`.
- replace stray `WSAEWOULDBLOCK` with `USE_WINSOCK` macro to detect
winsock2.
- move existing `SOCKE*` mappings from `tests/server` to
`curl_setup_once.h`.
- add missing `EINTR`, `EINVAL` constants for WinCE.
Follow-up to abf80aae38#16612
Follow-up to d69425ed7d#16615
Bug: https://github.com/curl/curl/pull/16553#issuecomment-2704679377Closes#16621
Before this patch, building tests/server (or curl with winbuild) was
broken in rare builds when many features were explicitly disabled.
Fix it by enabling base64 functions unconditionally when building
for anything other than libcurl.
Closes#16691
The protocol handlers' done() function would previous get called
unconditionally in multi_done(), no matter how far the easy handle's
state machine has transitioned.
This caused problems in IMAP which in imap_connect() initializes things
that the imap_done() function assumes has occured. I think that seems
like a correct assumption and we should rather make sure that the done()
function is only called if we have reached the PROTOCONNECT state.
This problem was found using OSS-Fuzz.
Assisted-by: Catena cyber
Closes#16681
The line conversion reader, added in crfl and prefer_ascii mode was
incrementing data->state.infilesize for every line end converted. This
results in the wrong size to start a retry of an upload.
Eliminate the increment and check upload size in FTP less precise when
conversions are done.
Bug: https://issues.oss-fuzz.com/issues/402476456Closes#16683
MSVC:
- switch jobs to standard openssh server. Reduce exceptions.
- make the SCP/SFTP ignore list more specific and comment with details.
- keep using OpenSSH-Windows for the OpenSSL job, and bump to the
prerelease version.
- disable `ENABLE_DEBUG` for BoringSSL to have such build tested. (This
is the first Windows non-ENABLE_DEBUG build with test runs.)
Takeaways:
- test 612 broken on Windows.
- test 613 broken on Windows with the standard openssh server.
- test 614 broken with libssh and OpenSSH-Windows.
- test 3022 broken with libssh2 and OpenSSH-Windows.
- tests broken with OpenSSH-Windows:
601 603 617 619 621 641 665 2004.
- vcpkg `libssh2[core,zlib]` broken due to:
curl: (67) Authentication failure
MSVC prep steps:
- install base msys2 package to simplify configuration, align with other
jobs and allow to use msys2 packages for tests.
- add support for msys2 openssh server. Keep OpenSSH-Windows as per-job
option. Add support for OpenSSH prerelease versions.
Prerelease does not make a difference in test results, but, stable was
last updated in 2019 (v8.0.0.1) and it seems better to use maintained
release track, with its latest from April 2024 (v9.5.0).
https://community.chocolatey.org/packages/openssh/8.0.0.1https://community.chocolatey.org/packages/opensshhttps://github.com/PowerShell/Win32-OpenSSHhttps://github.com/PowerShell/openssh-portable
- add 'libssh' to its job name.
- make `ENABLE_DEBUG` a per-job option.
msys/mingw:
- install `openssh` later and only when necessary.
- downgrade msys2 runtime later. (to follow other jobs)
- disable `CheckSpace` earlier. Also to untie it from the runtime
downgrade step, which we would hopefully drop.
Closes#16672
The curl tool and tests/server used 2 parallel implementations
of libcurl's `Curl_now()` and `Curl_timediff()` functions.
Make them use the libcurl one.
Closes#16653
- if there are pending internal handles left in the list, they are
leftovers (from for example Doh) and must be freed.
- unlink_all_msgsent_handles() did not properly move all msgsent
handles over to the process list as intended
Fixes a DoH memory leak found by oss-fuzz.
Add test 2101 that can reproduce and verify.
Closes#16674
Two new dedicated functions for setting long and curl_off_t options with
curl_easy_setopt(). These make it easier to make sure we pass on the
right option (types) so that the --libcurl code also gets right.
Corrected a few errors.
Closes#16669
ssh's disconnect assumed that the session to the server could be
shut down successfully during disconnect. When this failed, e.g.
timed out, memory was leaked.
Closes#16668
ssh's disconnect assumed that the session to the server could be shut
down successfully during disconnect. When this failed, e.g. timed out,
memory was leaked.
Closes#16659
ssh's disconnect assumed that the session to the server could be shut
down successfully during disconnect. When this failed, e.g. timed out,
memory was leaked.
Closes#16656
The issues found fell into these categories, with the applied fixes:
- const was accidentally stripped.
Adjust code to not cast or cast with const.
- const/volatile missing from arguments, local variables.
Constify arguments or variables, adjust/delete casts. Small code
changes in a few places.
- const must be stripped because an API dependency requires it.
Strip `const` with `CURL_UNCONST()` macro to silence the warning out
of our control. These happen at API boundaries. Sometimes they depend
on dependency version, which this patch handles as necessary. Also
enable const support for the zlib API, using `ZLIB_CONST`. Supported
by zlib 1.2.5.2 and newer.
- const must be stripped because a curl API requires it.
Strip `const` with `CURL_UNCONST()` macro to silence the warning out
of our immediate control. For example we promise to send a non-const
argument to a callback, though the data is const internally.
- other cases where we may avoid const stripping by code changes.
Also silenced with `CURL_UNCONST()`.
- there are 3 places where `CURL_UNCONST()` is cast again to const.
To silence this type of warning:
```
lib/vquic/curl_osslq.c:1015:29: error: to be safe all intermediate
pointers in cast from 'unsigned char **' to 'const unsigned char **'
must be 'const' qualified [-Werror=cast-qual]
lib/cf-socket.c:734:32: error: to be safe all intermediate pointers in
cast from 'char **' to 'const char **' must be 'const' qualified
[-Werror=cast-qual]
```
There may be a better solution, but I couldn't find it.
These cases are handled in separate subcommits, but without further
markup.
If you see a `-Wcast-qual` warning in curl, we appreciate your report
about it.
Closes#16142
