The header buffer size calculation can from static analysis seem to
overlow as it performs an addition between two size_t variables and
stores the result in a size_t variable. Overflow is however guarded
against elsewhere since the input to the addition is regulated by
the maximum read buffer size. Clarify this with a comment since the
question was asked.
Stephan Szabo [Wed, 19 Jun 2019 22:54:18 +0000 (15:54 -0700)]
tests: support non-localhost HOSTIP for dict/smb servers
smbserver.py/dictserver.py were explicitly using localhost/127.0.0.1 for
binding the server which when we were running the tests with a separate
HOSTIP and CLIENTIP had failures verifying the server from the device we
were testing.
This changes them to take the address from runtests.py and default to
localhost/127.0.0.1 if none is given.
Daniel Stenberg [Mon, 17 Jun 2019 12:20:51 +0000 (14:20 +0200)]
runtests: keep logfiles around by default
Make '-k' a no-op. The singletest function now clears the log directory
BEFORE each individual test and not after, which makes it possible to
always keep the logfiles around after a test has been run. No need to
specify -k anymore. Keeping the option parsing around to work with users
of old habits.
Some tests also didn't work properly when -k was used (since the old
logs would be kep when a new test starts) which this change also fixes.
Daniel Stenberg [Mon, 10 Jun 2019 06:17:16 +0000 (08:17 +0200)]
tests: have runtests figure out disabled features
... so that runtests can skip individual test cases that test features
that are explicitly disabled in this build. This new logic is intended
for disabled features that aren't otherwise easily visible through the
curl_version_info() or other API calls.
tests/server/disabled is a newly built executable that will output a
list of disabled features. Outputs nothing for a default build.
OpenSSL used to call exit(1) on syntax errors in OPENSSL_config(),
which is why we switched to CONF_modules_load_file() and introduced
a comment stating why. This behavior was however changed in OpenSSL
commit abdd677125f3a9e3082f8c5692203590fdb9b860, so remove the now
outdated and incorrect comment. The mentioned commit also declares
OPENSSL_config() deprecated so keep the current coding.
Closes #4033 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Daniel Stenberg [Tue, 11 Jun 2019 21:50:26 +0000 (23:50 +0200)]
multi: fix the transfer hashes in the socket hash entries
- The transfer hashes weren't using the correct keys so removing entries
failed.
- Simplified the iteration logic over transfers sharing the same socket and
they now simply are set to expire and thus get handled in the "regular"
timer loop instead.
Reported-by: Tom van der Woerdt
Fixes #4012
Closes #4014
Cliff Crosland [Tue, 11 Jun 2019 21:17:30 +0000 (14:17 -0700)]
url: Fix CURLOPT_MAXAGE_CONN time comparison
Old connections are meant to expire from the connection cache after
CURLOPT_MAXAGE_CONN seconds. However, they actually expire after 1000x
that value. This occurs because a time value measured in milliseconds is
accidentally divided by 1M instead of by 1,000.
Daniel Stenberg [Mon, 10 Jun 2019 07:10:14 +0000 (09:10 +0200)]
CURLOPT_CAINFO.3: polished wording
Clarify the functionality when built to use Schannel and Secure
Transport and stop calling it the "recommended" or "preferred" way and
instead rather call it the default.
Removed the reference to the ssl comparison table as it isn't necessary.
Reported-by: Richard Alcock
Bug: https://curl.haxx.se/mail/lib-2019-06/0019.html
Closes #4005
Commit 61faa0b420c236480bc9ef6fd52b4ecc1e0f8d17 fixed the progress bar
width calculation to avoid integer overflow, but failed to account for
the fact that initial_size is initialized to -1 when the file size is
retrieved from the remote on an upload, causing another signed integer
overflow. Fix by separately checking for this case before the width
calculation.
Closes #3984 Reported-by: Brian Carpenter (Geeknik Labs) Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Daniel Stenberg [Sun, 2 Jun 2019 14:55:05 +0000 (16:55 +0200)]
wolfssl: refer to it as wolfSSL only
Remove support for, references to and use of "cyaSSL" from the source
and docs. wolfSSL is the current name and there's no point in keeping
references to ancient history.
Daniel Stenberg [Wed, 5 Jun 2019 13:50:49 +0000 (15:50 +0200)]
multi: make sure 'data' can present in several sockhash entries
Since more than one socket can be used by each transfer at a given time,
each sockhash entry how has its own hash table with transfers using that
socket.
In addition, the sockhash entry can now be marked 'blocked = TRUE'"
which then makes the delete function just set 'removed = TRUE' instead
of removing it "for real", as a way to not rip out the carpet under the
feet of a parent function that iterates over the transfers of that same
sockhash entry.
Reported-by: Tom van der Woerdt
Fixes #3961
Fixes #3986
Fixes #3995
Fixes #4004
Closes #3997
Daniel Stenberg [Sat, 8 Jun 2019 21:03:03 +0000 (23:03 +0200)]
unpause: trigger a timeout for event-based transfers
... so that timeouts or other state machine actions get going again
after a changing pause state. For example, if the last delivery was
paused there's no pending socket activity.
Reported-by: sstruchtrup on github
Fixes #3994
Closes #4001
Marcel Raad [Sat, 25 May 2019 17:24:13 +0000 (19:24 +0200)]
examples/fopen: fix comparison
As want is size_t, (file->buffer_pos - want) is unsigned, so checking
if it's less than zero makes no sense.
Check if file->buffer_pos is less than want instead to avoid the
unsigned integer wraparound.
Daniel Stenberg [Fri, 31 May 2019 21:00:06 +0000 (23:00 +0200)]
singlesocket: use separate variable for inner loop
An inner loop within the singlesocket() function wrongly re-used the
variable for the outer loop which then could cause an infinite
loop. Change to using a separate variable!
Josie Huddleston [Wed, 29 May 2019 14:21:26 +0000 (15:21 +0100)]
http2: Stop drain from being permanently set on
Various functions called within Curl_http2_done() can have the
side-effect of setting the Easy connection into drain mode (by calling
drain_this()). However, the last time we unset this for a transfer (by
calling drained_transfer()) is at the beginning of Curl_http2_done().
If the Curl_easy is reused for another transfer, it is then stuck in
drain mode permanently, which in practice makes it unable to write any
data in the new transfer.
This fix moves the last call to drained_transfer() to later in
Curl_http2_done(), after the functions that could potentially call for a
drain.
Daniel Stenberg [Tue, 28 May 2019 06:23:43 +0000 (08:23 +0200)]
multi: track users of a socket better
They need to be removed from the socket hash linked list with more care.
When sh_delentry() is called to remove a sockethash entry, remove all
individual transfers from the list first. To enable this, each Curl_easy struct
now stores a pointer to the sockethash entry to know how to remove itself.
Reported-by: Tom van der Woerdt and Kunal Ekawde
Fixes #3952
Fixes #3904
Closes #3953
Steve Holme [Fri, 24 May 2019 06:02:06 +0000 (07:02 +0100)]
curl-win32.h: Enable Unix Domain Sockets based on the Windows SDK version
Microsoft added support for Unix Domain Sockets in Windows 10 1803
(RS4). Rather than expect the user to enable Unix Domain Sockets by
uncommenting the #define that was added in 0fd6221f we use the RS4
pre-processor variable that is present in newer versions of the
Windows SDK.
projects / curl / log