diff options
| author | robot-contrib <robot-contrib@yandex-team.ru> | 2022-04-28 16:36:59 +0300 |
|---|---|---|
| committer | robot-contrib <robot-contrib@yandex-team.ru> | 2022-04-28 16:36:59 +0300 |
| commit | 1d80f65d6a77d0e4c1b3a18a6a970715934ecd75 (patch) | |
| tree | e0363932ca34036e90ac4cd461092c763acb3a4d | |
| parent | 505c75794e448a38ffa0b066ccef3299aec10239 (diff) | |
| download | ydb-1d80f65d6a77d0e4c1b3a18a6a970715934ecd75.tar.gz | |
Update contrib/libs/curl to 7.83.0
ref:72dd794f7af62e3844c14f0a9bcee77e66f30a36
89 files changed, 2436 insertions, 884 deletions
diff --git a/contrib/libs/curl/.yandex_meta/devtools.copyrights.report b/contrib/libs/curl/.yandex_meta/devtools.copyrights.report index 3bb2ab2c3f..daec7ba599 100644 --- a/contrib/libs/curl/.yandex_meta/devtools.copyrights.report +++ b/contrib/libs/curl/.yandex_meta/devtools.copyrights.report @@ -143,14 +143,12 @@ BELONGS ya.make include/curl/multi.h [10:10] include/curl/typecheck-gcc.h [10:10] lib/amigaos.c [8:8] - lib/asyn-ares.c [8:8] lib/asyn-thread.c [8:8] lib/asyn.h [10:10] lib/c-hyper.h [10:10] lib/connect.h [10:10] lib/content_encoding.c [8:8] lib/content_encoding.h [10:10] - lib/cookie.c [8:8] lib/cookie.h [10:10] lib/curl_addrinfo.c [8:8] lib/curl_endian.c [8:8] @@ -159,7 +157,6 @@ BELONGS ya.make lib/curl_hmac.h [10:10] lib/curl_krb5.h [10:10] lib/curl_md5.h [10:10] - lib/curl_multibyte.c [8:8] lib/curl_multibyte.h [10:10] lib/curl_ntlm_wb.c [8:8] lib/curl_ntlm_wb.h [10:10] @@ -185,7 +182,6 @@ BELONGS ya.make lib/http_digest.h [10:10] lib/http_negotiate.h [10:10] lib/http_ntlm.h [10:10] - lib/http_proxy.h [10:10] lib/llist.c [8:8] lib/md4.c [8:8] lib/memdebug.c [8:8] @@ -195,15 +191,11 @@ BELONGS ya.make lib/pingpong.h [10:10] lib/progress.c [8:8] lib/progress.h [10:10] - lib/quic.h [10:10] - lib/rand.c [8:8] lib/rtsp.h [10:10] - lib/sendf.h [10:10] lib/setup-win32.h [10:10] lib/share.c [8:8] lib/share.h [10:10] lib/sigpipe.h [10:10] - lib/socks.h [10:10] lib/strdup.c [8:8] lib/strdup.h [10:10] lib/timeval.c [8:8] @@ -214,8 +206,6 @@ BELONGS ya.make lib/vauth/oauth2.c [8:8] lib/vssh/ssh.h [10:10] lib/vtls/gtls.h [10:10] - lib/warnless.c [8:8] - lib/warnless.h [10:10] KEEP COPYRIGHT_SERVICE_LABEL 1b9e8d9d7c9588e9a9cbcbd17572b2e4 BELONGS ya.make @@ -389,14 +379,13 @@ BELONGS ya.make KEEP COPYRIGHT_SERVICE_LABEL 4e8842dc60c6a1e15f16868c03918523 BELONGS ya.make License text: + * Copyright (C) 2014 - 2016, Steve Holme, <steve_holme@hotmail.com>. * Copyright (C) 2015 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. - * Copyright (C) 2012 - 2014, Linus Nielsen Feltzing, <linus@haxx.se> Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 Match type : COPYRIGHT Files with this license: - lib/conncache.h [10:11] lib/vauth/digest_sspi.c [8:9] lib/vauth/krb5_gssapi.c [8:9] @@ -411,17 +400,6 @@ BELONGS ya.make Files with this license: lib/curl_rtmp.h [10:10] -KEEP COPYRIGHT_SERVICE_LABEL 4fecfa225cdfca0722e56253ab54fedc -BELONGS ya.make - License text: - * Copyright (C) 2018 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. - Scancode info: - Original SPDX id: COPYRIGHT_SERVICE_LABEL - Score : 100.00 - Match type : COPYRIGHT - Files with this license: - include/curl/options.h [10:10] - KEEP COPYRIGHT_SERVICE_LABEL 520dfafb050652350468b32c3d62b5cd BELONGS ya.make License text: @@ -449,12 +427,12 @@ KEEP COPYRIGHT_SERVICE_LABEL 56bfb48b3999f5c4695de53fd33038ba BELONGS ya.make License text: * Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. - * Copyright (C) 2010, Howard Chu, <hyc@openldap.org> Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 Match type : COPYRIGHT Files with this license: + lib/curl_gssapi.c [8:8] lib/openldap.c [8:9] KEEP COPYRIGHT_SERVICE_LABEL 5e85228ecbe10b11dde942f2822e8629 @@ -481,12 +459,15 @@ BELONGS ya.make include/curl/curl.h [10:10] include/curl/curlver.h [10:10] include/curl/system.h [10:10] + lib/asyn-ares.c [8:8] lib/base64.c [8:8] lib/c-hyper.c [8:8] lib/connect.c [8:8] + lib/cookie.c [8:8] lib/curl_base64.h [10:10] lib/curl_ctype.c [8:8] lib/curl_ctype.h [10:10] + lib/curl_multibyte.c [8:8] lib/curl_ntlm_core.c [8:8] lib/curl_ntlm_core.h [10:10] lib/curl_path.c [8:8] @@ -502,6 +483,8 @@ BELONGS ya.make lib/gopher.c [8:8] lib/h2h3.c [8:8] lib/h2h3.h [10:10] + lib/headers.h [10:10] + lib/hmac.c [8:8] lib/hostip.c [8:8] lib/http.c [8:8] lib/http.h [10:10] @@ -511,6 +494,8 @@ BELONGS ya.make lib/http_negotiate.c [8:8] lib/http_ntlm.c [8:8] lib/http_proxy.c [8:8] + lib/http_proxy.h [10:10] + lib/idn_win32.c [8:8] lib/if2ip.c [8:8] lib/imap.c [8:8] lib/ldap.c [8:8] @@ -521,17 +506,24 @@ BELONGS ya.make lib/nonblock.c [8:8] lib/pingpong.c [8:8] lib/pop3.c [8:8] + lib/quic.h [10:10] + lib/rand.c [8:8] lib/rtsp.c [8:8] lib/select.c [8:8] lib/select.h [10:10] lib/sendf.c [8:8] + lib/sendf.h [10:10] lib/setopt.c [8:8] lib/smtp.c [8:8] lib/socks.c [8:8] + lib/socks.h [10:10] lib/strcase.c [8:8] lib/strcase.h [10:10] lib/telnet.c [8:8] lib/tftp.c [8:8] + lib/timediff.c [8:8] + lib/timediff.h [10:10] + lib/timeval.h [10:10] lib/transfer.c [8:8] lib/transfer.h [10:10] lib/url.c [8:8] @@ -543,6 +535,7 @@ BELONGS ya.make lib/vauth/spnego_gssapi.c [8:8] lib/vauth/spnego_sspi.c [8:8] lib/version.c [8:8] + lib/vquic/msh3.c [8:8] lib/vquic/ngtcp2.c [8:8] lib/vquic/quiche.c [8:8] lib/vquic/vquic.c [8:8] @@ -559,6 +552,8 @@ BELONGS ya.make lib/vtls/wolfssl.c [8:8] lib/vtls/x509asn1.c [8:8] lib/vtls/x509asn1.h [11:11] + lib/warnless.c [8:8] + lib/warnless.h [10:10] KEEP COPYRIGHT_SERVICE_LABEL 62e3d3c1807826946ebb38745e503228 BELONGS ya.make @@ -605,6 +600,17 @@ BELONGS ya.make Files with this license: lib/vauth/gsasl.c [8:8] +KEEP COPYRIGHT_SERVICE_LABEL 71ee53e81097c7f4dbef01e90bbb0dd6 +BELONGS ya.make + License text: + * Copyright (C) 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + Scancode info: + Original SPDX id: COPYRIGHT_SERVICE_LABEL + Score : 100.00 + Match type : COPYRIGHT + Files with this license: + lib/headers.c [8:8] + KEEP COPYRIGHT_SERVICE_LABEL 76a14b8bb4e715fa4b3e1efe01097c43 BELONGS ya.make License text: @@ -701,8 +707,6 @@ BELONGS ya.make lib/getenv.c [8:8] lib/getinfo.h [10:10] lib/gopher.h [10:10] - lib/hmac.c [8:8] - lib/idn_win32.c [8:8] lib/inet_ntop.h [10:10] lib/inet_pton.h [10:10] lib/llist.h [10:10] @@ -727,7 +731,6 @@ BELONGS ya.make lib/strtoofft.h [10:10] lib/telnet.h [10:10] lib/tftp.h [10:10] - lib/timeval.h [10:10] lib/vauth/digest.h [10:10] lib/vauth/ntlm.h [10:10] lib/vtls/gskit.h [10:10] @@ -771,7 +774,6 @@ BELONGS ya.make Files with this license: lib/socketpair.c [8:8] lib/socketpair.h [10:10] - lib/vssh/wolfssh.c [8:8] KEEP COPYRIGHT_SERVICE_LABEL 90ce0ec9551a9d561300240060256dff BELONGS ya.make @@ -785,17 +787,6 @@ BELONGS ya.make Files with this license: lib/vauth/digest_sspi.c [8:9] -KEEP COPYRIGHT_SERVICE_LABEL 917ac0ea862bde7d294f3af61b7a44d5 -BELONGS ya.make - License text: - * Copyright (C) 2011 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. - Scancode info: - Original SPDX id: COPYRIGHT_SERVICE_LABEL - Score : 100.00 - Match type : COPYRIGHT - Files with this license: - lib/curl_gssapi.c [8:8] - KEEP COPYRIGHT_SERVICE_LABEL 9d962b7054a48ee0efeaca166b582707 BELONGS ya.make License text: @@ -894,7 +885,7 @@ BELONGS ya.make KEEP COPYRIGHT_SERVICE_LABEL b9fa8adc6606591b18a8ad18fcdaf1fe BELONGS ya.make License text: - * Copyright (C) 2015 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2015 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2012 - 2014, Linus Nielsen Feltzing, <linus@haxx.se> Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL @@ -1009,6 +1000,18 @@ BELONGS ya.make Files with this license: lib/inet_pton.c [3:3] +KEEP COPYRIGHT_SERVICE_LABEL e169ecb155a1900c58e55cd82b816a79 +BELONGS ya.make + License text: + * Copyright (C) 2015 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2014, Linus Nielsen Feltzing, <linus@haxx.se> + Scancode info: + Original SPDX id: COPYRIGHT_SERVICE_LABEL + Score : 100.00 + Match type : COPYRIGHT + Files with this license: + lib/conncache.h [10:11] + KEEP COPYRIGHT_SERVICE_LABEL e32b7f2aa13d077a35593b170bfdd1d9 BELONGS ya.make License text: @@ -1089,17 +1092,19 @@ BELONGS ya.make Match type : COPYRIGHT Files with this license: lib/altsvc.c [8:8] + lib/vssh/wolfssh.c [8:8] KEEP COPYRIGHT_SERVICE_LABEL fe205fd73b9be07bd9a20b09c345f2ec BELONGS ya.make License text: - * Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com> * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 Match type : COPYRIGHT Files with this license: + include/curl/header.h [10:10] + include/curl/options.h [10:10] lib/curl_sha256.h [10:11] lib/doh.c [8:8] lib/sha256.c [8:9] diff --git a/contrib/libs/curl/.yandex_meta/devtools.licenses.report b/contrib/libs/curl/.yandex_meta/devtools.licenses.report index 7a01a7f9e6..01dc659e24 100644 --- a/contrib/libs/curl/.yandex_meta/devtools.licenses.report +++ b/contrib/libs/curl/.yandex_meta/devtools.licenses.report @@ -89,7 +89,7 @@ BELONGS ya.make KEEP curl a3ae8291721a79f582bf5823c43adb47 BELONGS ya.make -FILE_INCLUDE COPYING found in files: include/curl/curl.h at line 12, include/curl/curl.h at line 18, include/curl/curlver.h at line 12, include/curl/curlver.h at line 18, include/curl/easy.h at line 12, include/curl/easy.h at line 18, include/curl/mprintf.h at line 12, include/curl/mprintf.h at line 18, include/curl/multi.h at line 12, include/curl/multi.h at line 18, include/curl/options.h at line 12, include/curl/options.h at line 18, include/curl/stdcheaders.h at line 12, include/curl/stdcheaders.h at line 18, include/curl/system.h at line 12, include/curl/system.h at line 18, include/curl/typecheck-gcc.h at line 12, include/curl/typecheck-gcc.h at line 18, include/curl/urlapi.h at line 12, include/curl/urlapi.h at line 18, lib/altsvc.c at line 10, lib/altsvc.c at line 16, lib/altsvc.h at line 12, lib/altsvc.h at line 18, lib/amigaos.c at line 10, lib/amigaos.c at line 16, lib/amigaos.h at line 12, lib/amigaos.h at line 18, lib/arpa_telnet.h at line 12, lib/arpa_telnet.h at line 18, lib/asyn-ares.c at line 10, lib/asyn-ares.c at line 16, lib/asyn-thread.c at line 10, lib/asyn-thread.c at line 16, lib/asyn.h at line 12, lib/asyn.h at line 18, lib/base64.c at line 10, lib/base64.c at line 16, lib/bufref.c at line 10, lib/bufref.c at line 16, lib/bufref.h at line 12, lib/bufref.h at line 18, lib/conncache.c at line 11, lib/conncache.c at line 17, lib/conncache.h at line 13, lib/conncache.h at line 19, lib/connect.c at line 10, lib/connect.c at line 16, lib/connect.h at line 12, lib/connect.h at line 18, lib/content_encoding.c at line 10, lib/content_encoding.c at line 16, lib/content_encoding.h at line 12, lib/content_encoding.h at line 18, lib/cookie.c at line 10, lib/cookie.c at line 16, lib/cookie.h at line 12, lib/cookie.h at line 18, lib/curl_addrinfo.c at line 10, lib/curl_addrinfo.c at line 16, lib/curl_addrinfo.h at line 12, lib/curl_addrinfo.h at line 18, lib/curl_base64.h at line 12, lib/curl_base64.h at line 18, lib/curl_ctype.c at line 10, lib/curl_ctype.c at line 16, lib/curl_ctype.h at line 12, lib/curl_ctype.h at line 18, lib/curl_des.c at line 10, lib/curl_des.c at line 16, lib/curl_des.h at line 12, lib/curl_des.h at line 18, lib/curl_endian.c at line 10, lib/curl_endian.c at line 16, lib/curl_endian.h at line 12, lib/curl_endian.h at line 18, lib/curl_fnmatch.c at line 10, lib/curl_fnmatch.c at line 16, lib/curl_fnmatch.h at line 12, lib/curl_fnmatch.h at line 18, lib/curl_get_line.c at line 10, lib/curl_get_line.c at line 16, lib/curl_get_line.h at line 12, lib/curl_get_line.h at line 18, lib/curl_gethostname.c at line 10, lib/curl_gethostname.c at line 16, lib/curl_gethostname.h at line 12, lib/curl_gethostname.h at line 18, lib/curl_gssapi.c at line 10, lib/curl_gssapi.c at line 16, lib/curl_hmac.h at line 12, lib/curl_hmac.h at line 18, lib/curl_krb5.h at line 12, lib/curl_krb5.h at line 18, lib/curl_ldap.h at line 12, lib/curl_ldap.h at line 18, lib/curl_md4.h at line 12, lib/curl_md4.h at line 18, lib/curl_md5.h at line 12, lib/curl_md5.h at line 18, lib/curl_memory.h at line 12, lib/curl_memory.h at line 18, lib/curl_memrchr.c at line 10, lib/curl_memrchr.c at line 16, lib/curl_memrchr.h at line 12, lib/curl_memrchr.h at line 18, lib/curl_multibyte.c at line 10, lib/curl_multibyte.c at line 16, lib/curl_multibyte.h at line 12, lib/curl_multibyte.h at line 18, lib/curl_ntlm_core.c at line 10, lib/curl_ntlm_core.c at line 16, lib/curl_ntlm_core.h at line 12, lib/curl_ntlm_core.h at line 18, lib/curl_ntlm_wb.c at line 10, lib/curl_ntlm_wb.c at line 16, lib/curl_ntlm_wb.h at line 12, lib/curl_ntlm_wb.h at line 18, lib/curl_path.c at line 10, lib/curl_path.c at line 16, lib/curl_printf.h at line 12, lib/curl_printf.h at line 18, lib/curl_range.c at line 10, lib/curl_range.c at line 16, lib/curl_range.h at line 12, lib/curl_range.h at line 18, lib/curl_rtmp.c at line 11, lib/curl_rtmp.c at line 17, lib/curl_rtmp.h at line 12, lib/curl_rtmp.h at line 18, lib/curl_sasl.c at line 10, lib/curl_sasl.c at line 16, lib/curl_sasl.h at line 12, lib/curl_sasl.h at line 18, lib/curl_setup.h at line 12, lib/curl_setup.h at line 18, lib/curl_setup_once.h at line 12, lib/curl_setup_once.h at line 18, lib/curl_sha256.h at line 13, lib/curl_sha256.h at line 19, lib/curl_sspi.c at line 10, lib/curl_sspi.c at line 16, lib/curl_sspi.h at line 12, lib/curl_sspi.h at line 18, lib/curl_threads.c at line 10, lib/curl_threads.c at line 16, lib/curl_threads.h at line 12, lib/curl_threads.h at line 18, lib/curlx.h at line 12, lib/curlx.h at line 18, lib/dict.c at line 10, lib/dict.c at line 16, lib/dict.h at line 12, lib/dict.h at line 18, lib/doh.c at line 10, lib/doh.c at line 16, lib/doh.h at line 12, lib/doh.h at line 18, lib/dotdot.c at line 10, lib/dotdot.c at line 16, lib/dotdot.h at line 12, lib/dotdot.h at line 18, lib/dynbuf.c at line 10, lib/dynbuf.c at line 16, lib/dynbuf.h at line 12, lib/dynbuf.h at line 18, lib/easy.c at line 10, lib/easy.c at line 16, lib/easygetopt.c at line 10, lib/easygetopt.c at line 16, lib/easyif.h at line 12, lib/easyif.h at line 18, lib/easyoptions.c at line 10, lib/easyoptions.c at line 16, lib/easyoptions.h at line 12, lib/easyoptions.h at line 18, lib/escape.c at line 10, lib/escape.c at line 16, lib/escape.h at line 12, lib/escape.h at line 18, lib/file.c at line 10, lib/file.c at line 16, lib/file.h at line 12, lib/file.h at line 18, lib/fileinfo.c at line 10, lib/fileinfo.c at line 16, lib/fileinfo.h at line 12, lib/fileinfo.h at line 18, lib/formdata.c at line 10, lib/formdata.c at line 16, lib/formdata.h at line 12, lib/formdata.h at line 18, lib/ftp.c at line 10, lib/ftp.c at line 16, lib/ftp.h at line 12, lib/ftp.h at line 18, lib/ftplistparser.c at line 10, lib/ftplistparser.c at line 16, lib/ftplistparser.h at line 12, lib/ftplistparser.h at line 18, lib/getenv.c at line 10, lib/getenv.c at line 16, lib/getinfo.c at line 10, lib/getinfo.c at line 16, lib/getinfo.h at line 12, lib/getinfo.h at line 18, lib/gopher.c at line 10, lib/gopher.c at line 16, lib/gopher.h at line 12, lib/gopher.h at line 18, lib/h2h3.c at line 10, lib/h2h3.c at line 16, lib/h2h3.h at line 12, lib/h2h3.h at line 18, lib/hash.c at line 10, lib/hash.c at line 16, lib/hash.h at line 12, lib/hash.h at line 18, lib/hmac.c at line 10, lib/hmac.c at line 16, lib/hostasyn.c at line 10, lib/hostasyn.c at line 16, lib/hostip.c at line 10, lib/hostip.c at line 16, lib/hostip.h at line 12, lib/hostip.h at line 18, lib/hostip4.c at line 10, lib/hostip4.c at line 16, lib/hostip6.c at line 10, lib/hostip6.c at line 16, lib/hostsyn.c at line 10, lib/hostsyn.c at line 16, lib/hsts.c at line 10, lib/hsts.c at line 16, lib/hsts.h at line 12, lib/hsts.h at line 18, lib/http.c at line 10, lib/http.c at line 16, lib/http.h at line 12, lib/http.h at line 18, lib/http2.c at line 10, lib/http2.c at line 16, lib/http2.h at line 12, lib/http2.h at line 18, lib/http_chunks.c at line 10, lib/http_chunks.c at line 16, lib/http_chunks.h at line 12, lib/http_chunks.h at line 18, lib/http_digest.c at line 10, lib/http_digest.c at line 16, lib/http_digest.h at line 12, lib/http_digest.h at line 18, lib/http_negotiate.c at line 10, lib/http_negotiate.c at line 16, lib/http_negotiate.h at line 12, lib/http_negotiate.h at line 18, lib/http_ntlm.c at line 10, lib/http_ntlm.c at line 16, lib/http_ntlm.h at line 12, lib/http_ntlm.h at line 18, lib/http_proxy.c at line 10, lib/http_proxy.c at line 16, lib/http_proxy.h at line 12, lib/http_proxy.h at line 18, lib/idn_win32.c at line 10, lib/idn_win32.c at line 16, lib/if2ip.c at line 10, lib/if2ip.c at line 16, lib/if2ip.h at line 12, lib/if2ip.h at line 18, lib/imap.c at line 10, lib/imap.c at line 16, lib/imap.h at line 12, lib/imap.h at line 18, lib/inet_ntop.h at line 12, lib/inet_ntop.h at line 18, lib/inet_pton.h at line 12, lib/inet_pton.h at line 18, lib/ldap.c at line 10, lib/ldap.c at line 16, lib/llist.c at line 10, lib/llist.c at line 16, lib/llist.h at line 12, lib/llist.h at line 18, lib/md4.c at line 10, lib/md4.c at line 16, lib/md5.c at line 10, lib/md5.c at line 16, lib/memdebug.c at line 10, lib/memdebug.c at line 16, lib/memdebug.h at line 13, lib/memdebug.h at line 19, lib/mime.c at line 10, lib/mime.c at line 16, lib/mime.h at line 12, lib/mime.h at line 18, lib/mprintf.c at line 10, lib/mprintf.c at line 16, lib/mqtt.c at line 11, lib/mqtt.c at line 17, lib/mqtt.h at line 12, lib/mqtt.h at line 18, lib/multi.c at line 10, lib/multi.c at line 16, lib/multihandle.h at line 12, lib/multihandle.h at line 18, lib/multiif.h at line 12, lib/multiif.h at line 18, lib/netrc.c at line 10, lib/netrc.c at line 16, lib/netrc.h at line 12, lib/netrc.h at line 18, lib/nonblock.c at line 10, lib/nonblock.c at line 16, lib/nonblock.h at line 12, lib/nonblock.h at line 18, lib/openldap.c at line 11, lib/openldap.c at line 17, lib/parsedate.c at line 10, lib/parsedate.c at line 16, lib/parsedate.h at line 12, lib/parsedate.h at line 18, lib/pingpong.c at line 10, lib/pingpong.c at line 16, lib/pingpong.h at line 12, lib/pingpong.h at line 18, lib/pop3.c at line 10, lib/pop3.c at line 16, lib/pop3.h at line 12, lib/pop3.h at line 18, lib/progress.c at line 10, lib/progress.c at line 16, lib/progress.h at line 12, lib/progress.h at line 18, lib/psl.c at line 10, lib/psl.c at line 16, lib/psl.h at line 12, lib/psl.h at line 18, lib/quic.h at line 12, lib/quic.h at line 18, lib/rand.c at line 10, lib/rand.c at line 16, lib/rand.h at line 12, lib/rand.h at line 18, lib/rename.c at line 10, lib/rename.c at line 16, lib/rename.h at line 12, lib/rename.h at line 18, lib/rtsp.c at line 10, lib/rtsp.c at line 16, lib/rtsp.h at line 12, lib/rtsp.h at line 18, lib/select.c at line 10, lib/select.c at line 16, lib/select.h at line 12, lib/select.h at line 18, lib/sendf.c at line 10, lib/sendf.c at line 16, lib/sendf.h at line 12, lib/sendf.h at line 18, lib/setopt.c at line 10, lib/setopt.c at line 16, lib/setopt.h at line 12, lib/setopt.h at line 18, lib/setup-win32.h at line 12, lib/setup-win32.h at line 18, lib/sha256.c at line 11, lib/sha256.c at line 17, lib/share.c at line 10, lib/share.c at line 16, lib/share.h at line 12, lib/share.h at line 18, lib/sigpipe.h at line 12, lib/sigpipe.h at line 18, lib/slist.c at line 10, lib/slist.c at line 16, lib/slist.h at line 12, lib/slist.h at line 18, lib/smb.c at line 11, lib/smb.c at line 17, lib/smb.h at line 13, lib/smb.h at line 19, lib/smtp.c at line 10, lib/smtp.c at line 16, lib/smtp.h at line 12, lib/smtp.h at line 18, lib/sockaddr.h at line 12, lib/sockaddr.h at line 18, lib/socketpair.c at line 10, lib/socketpair.c at line 16, lib/socketpair.h at line 12, lib/socketpair.h at line 18, lib/socks.c at line 10, lib/socks.c at line 16, lib/socks.h at line 12, lib/socks.h at line 18, lib/socks_gssapi.c at line 11, lib/socks_gssapi.c at line 17, lib/socks_sspi.c at line 11, lib/socks_sspi.c at line 17, lib/speedcheck.c at line 10, lib/speedcheck.c at line 16, lib/speedcheck.h at line 12, lib/speedcheck.h at line 18, lib/splay.c at line 10, lib/splay.c at line 16, lib/splay.h at line 12, lib/splay.h at line 18, lib/strcase.c at line 10, lib/strcase.c at line 16, lib/strcase.h at line 12, lib/strcase.h at line 18, lib/strdup.c at line 10, lib/strdup.c at line 16, lib/strdup.h at line 12, lib/strdup.h at line 18, lib/strerror.c at line 10, lib/strerror.c at line 16, lib/strerror.h at line 12, lib/strerror.h at line 18, lib/strtok.c at line 10, lib/strtok.c at line 16, lib/strtok.h at line 12, lib/strtok.h at line 18, lib/strtoofft.c at line 10, lib/strtoofft.c at line 16, lib/strtoofft.h at line 12, lib/strtoofft.h at line 18, lib/system_win32.c at line 10, lib/system_win32.c at line 16, lib/system_win32.h at line 12, lib/system_win32.h at line 18, lib/telnet.c at line 10, lib/telnet.c at line 16, lib/telnet.h at line 12, lib/telnet.h at line 18, lib/tftp.c at line 10, lib/tftp.c at line 16, lib/tftp.h at line 12, lib/tftp.h at line 18, lib/timeval.c at line 10, lib/timeval.c at line 16, lib/timeval.h at line 12, lib/timeval.h at line 18, lib/transfer.c at line 10, lib/transfer.c at line 16, lib/transfer.h at line 12, lib/transfer.h at line 18, lib/url.c at line 10, lib/url.c at line 16, lib/url.h at line 12, lib/url.h at line 18, lib/urlapi-int.h at line 12, lib/urlapi-int.h at line 18, lib/urlapi.c at line 10, lib/urlapi.c at line 16, lib/urldata.h at line 12, lib/urldata.h at line 18, lib/vauth/cleartext.c at line 10, lib/vauth/cleartext.c at line 16, lib/vauth/cram.c at line 10, lib/vauth/cram.c at line 16, lib/vauth/digest.c at line 10, lib/vauth/digest.c at line 16, lib/vauth/digest.h at line 12, lib/vauth/digest.h at line 18, lib/vauth/digest_sspi.c at line 11, lib/vauth/digest_sspi.c at line 17, lib/vauth/gsasl.c at line 10, lib/vauth/gsasl.c at line 16, lib/vauth/krb5_gssapi.c at line 11, lib/vauth/krb5_gssapi.c at line 17, lib/vauth/krb5_sspi.c at line 10, lib/vauth/krb5_sspi.c at line 16, lib/vauth/ntlm.c at line 10, lib/vauth/ntlm.c at line 16, lib/vauth/ntlm.h at line 12, lib/vauth/ntlm.h at line 18, lib/vauth/ntlm_sspi.c at line 10, lib/vauth/ntlm_sspi.c at line 16, lib/vauth/oauth2.c at line 10, lib/vauth/oauth2.c at line 16, lib/vauth/spnego_gssapi.c at line 10, lib/vauth/spnego_gssapi.c at line 16, lib/vauth/spnego_sspi.c at line 10, lib/vauth/spnego_sspi.c at line 16, lib/vauth/vauth.c at line 10, lib/vauth/vauth.c at line 16, lib/vauth/vauth.h at line 12, lib/vauth/vauth.h at line 18, lib/version.c at line 10, lib/version.c at line 16, lib/version_win32.c at line 10, lib/version_win32.c at line 16, lib/version_win32.h at line 12, lib/version_win32.h at line 18, lib/vquic/ngtcp2.c at line 10, lib/vquic/ngtcp2.c at line 16, lib/vquic/quiche.c at line 10, lib/vquic/quiche.c at line 16, lib/vquic/vquic.c at line 10, lib/vquic/vquic.c at line 16, lib/vssh/libssh.c at line 13, lib/vssh/libssh.c at line 19, lib/vssh/libssh2.c at line 10, lib/vssh/libssh2.c at line 16, lib/vssh/ssh.h at line 12, lib/vssh/ssh.h at line 18, lib/vssh/wolfssh.c at line 10, lib/vssh/wolfssh.c at line 16, lib/vtls/bearssl.c at line 10, lib/vtls/bearssl.c at line 16, lib/vtls/bearssl.h at line 12, lib/vtls/bearssl.h at line 18, lib/vtls/gskit.c at line 10, lib/vtls/gskit.c at line 16, lib/vtls/gskit.h at line 12, lib/vtls/gskit.h at line 18, lib/vtls/gtls.c at line 10, lib/vtls/gtls.c at line 16, lib/vtls/gtls.h at line 12, lib/vtls/gtls.h at line 18, lib/vtls/hostcheck.c at line 10, lib/vtls/hostcheck.c at line 16, lib/vtls/hostcheck.h at line 12, lib/vtls/hostcheck.h at line 18, lib/vtls/keylog.c at line 10, lib/vtls/keylog.c at line 16, lib/vtls/keylog.h at line 12, lib/vtls/keylog.h at line 18, lib/vtls/mbedtls.c at line 11, lib/vtls/mbedtls.c at line 17, lib/vtls/mbedtls.h at line 13, lib/vtls/mbedtls.h at line 19, lib/vtls/mbedtls_threadlock.c at line 11, lib/vtls/mbedtls_threadlock.c at line 17, lib/vtls/nss.c at line 10, lib/vtls/nss.c at line 16, lib/vtls/nssg.h at line 12, lib/vtls/nssg.h at line 18, lib/vtls/openssl.c at line 10, lib/vtls/openssl.c at line 16, lib/vtls/openssl.h at line 12, lib/vtls/openssl.h at line 18, lib/vtls/rustls.c at line 11, lib/vtls/rustls.c at line 17, lib/vtls/rustls.h at line 11, lib/vtls/rustls.h at line 17, lib/vtls/schannel.c at line 12, lib/vtls/schannel.c at line 18, lib/vtls/schannel.h at line 13, lib/vtls/schannel.h at line 19, lib/vtls/schannel_verify.c at line 12, lib/vtls/schannel_verify.c at line 18, lib/vtls/sectransp.c at line 11, lib/vtls/sectransp.c at line 17, lib/vtls/sectransp.h at line 13, lib/vtls/sectransp.h at line 19, lib/vtls/vtls.c at line 10, lib/vtls/vtls.c at line 16, lib/vtls/vtls.h at line 12, lib/vtls/vtls.h at line 18, lib/vtls/wolfssl.c at line 10, lib/vtls/wolfssl.c at line 16, lib/vtls/wolfssl.h at line 12, lib/vtls/wolfssl.h at line 18, lib/vtls/x509asn1.c at line 10, lib/vtls/x509asn1.c at line 16, lib/vtls/x509asn1.h at line 13, lib/vtls/x509asn1.h at line 19, lib/warnless.c at line 10, lib/warnless.c at line 16, lib/warnless.h at line 12, lib/warnless.h at line 18, lib/wildcard.c at line 10, lib/wildcard.c at line 16, lib/wildcard.h at line 12, lib/wildcard.h at line 18 +FILE_INCLUDE COPYING found in files: include/curl/curl.h at line 12, include/curl/curl.h at line 18, include/curl/curlver.h at line 12, include/curl/curlver.h at line 18, include/curl/easy.h at line 12, include/curl/easy.h at line 18, include/curl/header.h at line 12, include/curl/header.h at line 18, include/curl/mprintf.h at line 12, include/curl/mprintf.h at line 18, include/curl/multi.h at line 12, include/curl/multi.h at line 18, include/curl/options.h at line 12, include/curl/options.h at line 18, include/curl/stdcheaders.h at line 12, include/curl/stdcheaders.h at line 18, include/curl/system.h at line 12, include/curl/system.h at line 18, include/curl/typecheck-gcc.h at line 12, include/curl/typecheck-gcc.h at line 18, include/curl/urlapi.h at line 12, include/curl/urlapi.h at line 18, lib/altsvc.c at line 10, lib/altsvc.c at line 16, lib/altsvc.h at line 12, lib/altsvc.h at line 18, lib/amigaos.c at line 10, lib/amigaos.c at line 16, lib/amigaos.h at line 12, lib/amigaos.h at line 18, lib/arpa_telnet.h at line 12, lib/arpa_telnet.h at line 18, lib/asyn-ares.c at line 10, lib/asyn-ares.c at line 16, lib/asyn-thread.c at line 10, lib/asyn-thread.c at line 16, lib/asyn.h at line 12, lib/asyn.h at line 18, lib/base64.c at line 10, lib/base64.c at line 16, lib/bufref.c at line 10, lib/bufref.c at line 16, lib/bufref.h at line 12, lib/bufref.h at line 18, lib/conncache.c at line 11, lib/conncache.c at line 17, lib/conncache.h at line 13, lib/conncache.h at line 19, lib/connect.c at line 10, lib/connect.c at line 16, lib/connect.h at line 12, lib/connect.h at line 18, lib/content_encoding.c at line 10, lib/content_encoding.c at line 16, lib/content_encoding.h at line 12, lib/content_encoding.h at line 18, lib/cookie.c at line 10, lib/cookie.c at line 16, lib/cookie.h at line 12, lib/cookie.h at line 18, lib/curl_addrinfo.c at line 10, lib/curl_addrinfo.c at line 16, lib/curl_addrinfo.h at line 12, lib/curl_addrinfo.h at line 18, lib/curl_base64.h at line 12, lib/curl_base64.h at line 18, lib/curl_ctype.c at line 10, lib/curl_ctype.c at line 16, lib/curl_ctype.h at line 12, lib/curl_ctype.h at line 18, lib/curl_des.c at line 10, lib/curl_des.c at line 16, lib/curl_des.h at line 12, lib/curl_des.h at line 18, lib/curl_endian.c at line 10, lib/curl_endian.c at line 16, lib/curl_endian.h at line 12, lib/curl_endian.h at line 18, lib/curl_fnmatch.c at line 10, lib/curl_fnmatch.c at line 16, lib/curl_fnmatch.h at line 12, lib/curl_fnmatch.h at line 18, lib/curl_get_line.c at line 10, lib/curl_get_line.c at line 16, lib/curl_get_line.h at line 12, lib/curl_get_line.h at line 18, lib/curl_gethostname.c at line 10, lib/curl_gethostname.c at line 16, lib/curl_gethostname.h at line 12, lib/curl_gethostname.h at line 18, lib/curl_gssapi.c at line 10, lib/curl_gssapi.c at line 16, lib/curl_hmac.h at line 12, lib/curl_hmac.h at line 18, lib/curl_krb5.h at line 12, lib/curl_krb5.h at line 18, lib/curl_ldap.h at line 12, lib/curl_ldap.h at line 18, lib/curl_md4.h at line 12, lib/curl_md4.h at line 18, lib/curl_md5.h at line 12, lib/curl_md5.h at line 18, lib/curl_memory.h at line 12, lib/curl_memory.h at line 18, lib/curl_memrchr.c at line 10, lib/curl_memrchr.c at line 16, lib/curl_memrchr.h at line 12, lib/curl_memrchr.h at line 18, lib/curl_multibyte.c at line 10, lib/curl_multibyte.c at line 16, lib/curl_multibyte.h at line 12, lib/curl_multibyte.h at line 18, lib/curl_ntlm_core.c at line 10, lib/curl_ntlm_core.c at line 16, lib/curl_ntlm_core.h at line 12, lib/curl_ntlm_core.h at line 18, lib/curl_ntlm_wb.c at line 10, lib/curl_ntlm_wb.c at line 16, lib/curl_ntlm_wb.h at line 12, lib/curl_ntlm_wb.h at line 18, lib/curl_path.c at line 10, lib/curl_path.c at line 16, lib/curl_printf.h at line 12, lib/curl_printf.h at line 18, lib/curl_range.c at line 10, lib/curl_range.c at line 16, lib/curl_range.h at line 12, lib/curl_range.h at line 18, lib/curl_rtmp.c at line 11, lib/curl_rtmp.c at line 17, lib/curl_rtmp.h at line 12, lib/curl_rtmp.h at line 18, lib/curl_sasl.c at line 10, lib/curl_sasl.c at line 16, lib/curl_sasl.h at line 12, lib/curl_sasl.h at line 18, lib/curl_setup.h at line 12, lib/curl_setup.h at line 18, lib/curl_setup_once.h at line 12, lib/curl_setup_once.h at line 18, lib/curl_sha256.h at line 13, lib/curl_sha256.h at line 19, lib/curl_sspi.c at line 10, lib/curl_sspi.c at line 16, lib/curl_sspi.h at line 12, lib/curl_sspi.h at line 18, lib/curl_threads.c at line 10, lib/curl_threads.c at line 16, lib/curl_threads.h at line 12, lib/curl_threads.h at line 18, lib/curlx.h at line 12, lib/curlx.h at line 18, lib/dict.c at line 10, lib/dict.c at line 16, lib/dict.h at line 12, lib/dict.h at line 18, lib/doh.c at line 10, lib/doh.c at line 16, lib/doh.h at line 12, lib/doh.h at line 18, lib/dotdot.c at line 10, lib/dotdot.c at line 16, lib/dotdot.h at line 12, lib/dotdot.h at line 18, lib/dynbuf.c at line 10, lib/dynbuf.c at line 16, lib/dynbuf.h at line 12, lib/dynbuf.h at line 18, lib/easy.c at line 10, lib/easy.c at line 16, lib/easygetopt.c at line 10, lib/easygetopt.c at line 16, lib/easyif.h at line 12, lib/easyif.h at line 18, lib/easyoptions.c at line 10, lib/easyoptions.c at line 16, lib/easyoptions.h at line 12, lib/easyoptions.h at line 18, lib/escape.c at line 10, lib/escape.c at line 16, lib/escape.h at line 12, lib/escape.h at line 18, lib/file.c at line 10, lib/file.c at line 16, lib/file.h at line 12, lib/file.h at line 18, lib/fileinfo.c at line 10, lib/fileinfo.c at line 16, lib/fileinfo.h at line 12, lib/fileinfo.h at line 18, lib/formdata.c at line 10, lib/formdata.c at line 16, lib/formdata.h at line 12, lib/formdata.h at line 18, lib/ftp.c at line 10, lib/ftp.c at line 16, lib/ftp.h at line 12, lib/ftp.h at line 18, lib/ftplistparser.c at line 10, lib/ftplistparser.c at line 16, lib/ftplistparser.h at line 12, lib/ftplistparser.h at line 18, lib/getenv.c at line 10, lib/getenv.c at line 16, lib/getinfo.c at line 10, lib/getinfo.c at line 16, lib/getinfo.h at line 12, lib/getinfo.h at line 18, lib/gopher.c at line 10, lib/gopher.c at line 16, lib/gopher.h at line 12, lib/gopher.h at line 18, lib/h2h3.c at line 10, lib/h2h3.c at line 16, lib/h2h3.h at line 12, lib/h2h3.h at line 18, lib/hash.c at line 10, lib/hash.c at line 16, lib/hash.h at line 12, lib/hash.h at line 18, lib/headers.c at line 10, lib/headers.c at line 16, lib/headers.h at line 12, lib/headers.h at line 18, lib/hmac.c at line 10, lib/hmac.c at line 16, lib/hostasyn.c at line 10, lib/hostasyn.c at line 16, lib/hostip.c at line 10, lib/hostip.c at line 16, lib/hostip.h at line 12, lib/hostip.h at line 18, lib/hostip4.c at line 10, lib/hostip4.c at line 16, lib/hostip6.c at line 10, lib/hostip6.c at line 16, lib/hostsyn.c at line 10, lib/hostsyn.c at line 16, lib/hsts.c at line 10, lib/hsts.c at line 16, lib/hsts.h at line 12, lib/hsts.h at line 18, lib/http.c at line 10, lib/http.c at line 16, lib/http.h at line 12, lib/http.h at line 18, lib/http2.c at line 10, lib/http2.c at line 16, lib/http2.h at line 12, lib/http2.h at line 18, lib/http_chunks.c at line 10, lib/http_chunks.c at line 16, lib/http_chunks.h at line 12, lib/http_chunks.h at line 18, lib/http_digest.c at line 10, lib/http_digest.c at line 16, lib/http_digest.h at line 12, lib/http_digest.h at line 18, lib/http_negotiate.c at line 10, lib/http_negotiate.c at line 16, lib/http_negotiate.h at line 12, lib/http_negotiate.h at line 18, lib/http_ntlm.c at line 10, lib/http_ntlm.c at line 16, lib/http_ntlm.h at line 12, lib/http_ntlm.h at line 18, lib/http_proxy.c at line 10, lib/http_proxy.c at line 16, lib/http_proxy.h at line 12, lib/http_proxy.h at line 18, lib/idn_win32.c at line 10, lib/idn_win32.c at line 16, lib/if2ip.c at line 10, lib/if2ip.c at line 16, lib/if2ip.h at line 12, lib/if2ip.h at line 18, lib/imap.c at line 10, lib/imap.c at line 16, lib/imap.h at line 12, lib/imap.h at line 18, lib/inet_ntop.h at line 12, lib/inet_ntop.h at line 18, lib/inet_pton.h at line 12, lib/inet_pton.h at line 18, lib/ldap.c at line 10, lib/ldap.c at line 16, lib/llist.c at line 10, lib/llist.c at line 16, lib/llist.h at line 12, lib/llist.h at line 18, lib/md4.c at line 10, lib/md4.c at line 16, lib/md5.c at line 10, lib/md5.c at line 16, lib/memdebug.c at line 10, lib/memdebug.c at line 16, lib/memdebug.h at line 13, lib/memdebug.h at line 19, lib/mime.c at line 10, lib/mime.c at line 16, lib/mime.h at line 12, lib/mime.h at line 18, lib/mprintf.c at line 10, lib/mprintf.c at line 16, lib/mqtt.c at line 11, lib/mqtt.c at line 17, lib/mqtt.h at line 12, lib/mqtt.h at line 18, lib/multi.c at line 10, lib/multi.c at line 16, lib/multihandle.h at line 12, lib/multihandle.h at line 18, lib/multiif.h at line 12, lib/multiif.h at line 18, lib/netrc.c at line 10, lib/netrc.c at line 16, lib/netrc.h at line 12, lib/netrc.h at line 18, lib/nonblock.c at line 10, lib/nonblock.c at line 16, lib/nonblock.h at line 12, lib/nonblock.h at line 18, lib/openldap.c at line 11, lib/openldap.c at line 17, lib/parsedate.c at line 10, lib/parsedate.c at line 16, lib/parsedate.h at line 12, lib/parsedate.h at line 18, lib/pingpong.c at line 10, lib/pingpong.c at line 16, lib/pingpong.h at line 12, lib/pingpong.h at line 18, lib/pop3.c at line 10, lib/pop3.c at line 16, lib/pop3.h at line 12, lib/pop3.h at line 18, lib/progress.c at line 10, lib/progress.c at line 16, lib/progress.h at line 12, lib/progress.h at line 18, lib/psl.c at line 10, lib/psl.c at line 16, lib/psl.h at line 12, lib/psl.h at line 18, lib/quic.h at line 12, lib/quic.h at line 18, lib/rand.c at line 10, lib/rand.c at line 16, lib/rand.h at line 12, lib/rand.h at line 18, lib/rename.c at line 10, lib/rename.c at line 16, lib/rename.h at line 12, lib/rename.h at line 18, lib/rtsp.c at line 10, lib/rtsp.c at line 16, lib/rtsp.h at line 12, lib/rtsp.h at line 18, lib/select.c at line 10, lib/select.c at line 16, lib/select.h at line 12, lib/select.h at line 18, lib/sendf.c at line 10, lib/sendf.c at line 16, lib/sendf.h at line 12, lib/sendf.h at line 18, lib/setopt.c at line 10, lib/setopt.c at line 16, lib/setopt.h at line 12, lib/setopt.h at line 18, lib/setup-win32.h at line 12, lib/setup-win32.h at line 18, lib/sha256.c at line 11, lib/sha256.c at line 17, lib/share.c at line 10, lib/share.c at line 16, lib/share.h at line 12, lib/share.h at line 18, lib/sigpipe.h at line 12, lib/sigpipe.h at line 18, lib/slist.c at line 10, lib/slist.c at line 16, lib/slist.h at line 12, lib/slist.h at line 18, lib/smb.c at line 11, lib/smb.c at line 17, lib/smb.h at line 13, lib/smb.h at line 19, lib/smtp.c at line 10, lib/smtp.c at line 16, lib/smtp.h at line 12, lib/smtp.h at line 18, lib/sockaddr.h at line 12, lib/sockaddr.h at line 18, lib/socketpair.c at line 10, lib/socketpair.c at line 16, lib/socketpair.h at line 12, lib/socketpair.h at line 18, lib/socks.c at line 10, lib/socks.c at line 16, lib/socks.h at line 12, lib/socks.h at line 18, lib/socks_gssapi.c at line 11, lib/socks_gssapi.c at line 17, lib/socks_sspi.c at line 11, lib/socks_sspi.c at line 17, lib/speedcheck.c at line 10, lib/speedcheck.c at line 16, lib/speedcheck.h at line 12, lib/speedcheck.h at line 18, lib/splay.c at line 10, lib/splay.c at line 16, lib/splay.h at line 12, lib/splay.h at line 18, lib/strcase.c at line 10, lib/strcase.c at line 16, lib/strcase.h at line 12, lib/strcase.h at line 18, lib/strdup.c at line 10, lib/strdup.c at line 16, lib/strdup.h at line 12, lib/strdup.h at line 18, lib/strerror.c at line 10, lib/strerror.c at line 16, lib/strerror.h at line 12, lib/strerror.h at line 18, lib/strtok.c at line 10, lib/strtok.c at line 16, lib/strtok.h at line 12, lib/strtok.h at line 18, lib/strtoofft.c at line 10, lib/strtoofft.c at line 16, lib/strtoofft.h at line 12, lib/strtoofft.h at line 18, lib/system_win32.c at line 10, lib/system_win32.c at line 16, lib/system_win32.h at line 12, lib/system_win32.h at line 18, lib/telnet.c at line 10, lib/telnet.c at line 16, lib/telnet.h at line 12, lib/telnet.h at line 18, lib/tftp.c at line 10, lib/tftp.c at line 16, lib/tftp.h at line 12, lib/tftp.h at line 18, lib/timediff.c at line 10, lib/timediff.c at line 16, lib/timediff.h at line 12, lib/timediff.h at line 18, lib/timeval.c at line 10, lib/timeval.c at line 16, lib/timeval.h at line 12, lib/timeval.h at line 18, lib/transfer.c at line 10, lib/transfer.c at line 16, lib/transfer.h at line 12, lib/transfer.h at line 18, lib/url.c at line 10, lib/url.c at line 16, lib/url.h at line 12, lib/url.h at line 18, lib/urlapi-int.h at line 12, lib/urlapi-int.h at line 18, lib/urlapi.c at line 10, lib/urlapi.c at line 16, lib/urldata.h at line 12, lib/urldata.h at line 18, lib/vauth/cleartext.c at line 10, lib/vauth/cleartext.c at line 16, lib/vauth/cram.c at line 10, lib/vauth/cram.c at line 16, lib/vauth/digest.c at line 10, lib/vauth/digest.c at line 16, lib/vauth/digest.h at line 12, lib/vauth/digest.h at line 18, lib/vauth/digest_sspi.c at line 11, lib/vauth/digest_sspi.c at line 17, lib/vauth/gsasl.c at line 10, lib/vauth/gsasl.c at line 16, lib/vauth/krb5_gssapi.c at line 11, lib/vauth/krb5_gssapi.c at line 17, lib/vauth/krb5_sspi.c at line 10, lib/vauth/krb5_sspi.c at line 16, lib/vauth/ntlm.c at line 10, lib/vauth/ntlm.c at line 16, lib/vauth/ntlm.h at line 12, lib/vauth/ntlm.h at line 18, lib/vauth/ntlm_sspi.c at line 10, lib/vauth/ntlm_sspi.c at line 16, lib/vauth/oauth2.c at line 10, lib/vauth/oauth2.c at line 16, lib/vauth/spnego_gssapi.c at line 10, lib/vauth/spnego_gssapi.c at line 16, lib/vauth/spnego_sspi.c at line 10, lib/vauth/spnego_sspi.c at line 16, lib/vauth/vauth.c at line 10, lib/vauth/vauth.c at line 16, lib/vauth/vauth.h at line 12, lib/vauth/vauth.h at line 18, lib/version.c at line 10, lib/version.c at line 16, lib/version_win32.c at line 10, lib/version_win32.c at line 16, lib/version_win32.h at line 12, lib/version_win32.h at line 18, lib/vquic/msh3.c at line 10, lib/vquic/msh3.c at line 16, lib/vquic/ngtcp2.c at line 10, lib/vquic/ngtcp2.c at line 16, lib/vquic/quiche.c at line 10, lib/vquic/quiche.c at line 16, lib/vquic/vquic.c at line 10, lib/vquic/vquic.c at line 16, lib/vssh/libssh.c at line 13, lib/vssh/libssh.c at line 19, lib/vssh/libssh2.c at line 10, lib/vssh/libssh2.c at line 16, lib/vssh/ssh.h at line 12, lib/vssh/ssh.h at line 18, lib/vssh/wolfssh.c at line 10, lib/vssh/wolfssh.c at line 16, lib/vtls/bearssl.c at line 10, lib/vtls/bearssl.c at line 16, lib/vtls/bearssl.h at line 12, lib/vtls/bearssl.h at line 18, lib/vtls/gskit.c at line 10, lib/vtls/gskit.c at line 16, lib/vtls/gskit.h at line 12, lib/vtls/gskit.h at line 18, lib/vtls/gtls.c at line 10, lib/vtls/gtls.c at line 16, lib/vtls/gtls.h at line 12, lib/vtls/gtls.h at line 18, lib/vtls/hostcheck.c at line 10, lib/vtls/hostcheck.c at line 16, lib/vtls/hostcheck.h at line 12, lib/vtls/hostcheck.h at line 18, lib/vtls/keylog.c at line 10, lib/vtls/keylog.c at line 16, lib/vtls/keylog.h at line 12, lib/vtls/keylog.h at line 18, lib/vtls/mbedtls.c at line 11, lib/vtls/mbedtls.c at line 17, lib/vtls/mbedtls.h at line 13, lib/vtls/mbedtls.h at line 19, lib/vtls/mbedtls_threadlock.c at line 11, lib/vtls/mbedtls_threadlock.c at line 17, lib/vtls/nss.c at line 10, lib/vtls/nss.c at line 16, lib/vtls/nssg.h at line 12, lib/vtls/nssg.h at line 18, lib/vtls/openssl.c at line 10, lib/vtls/openssl.c at line 16, lib/vtls/openssl.h at line 12, lib/vtls/openssl.h at line 18, lib/vtls/rustls.c at line 11, lib/vtls/rustls.c at line 17, lib/vtls/rustls.h at line 11, lib/vtls/rustls.h at line 17, lib/vtls/schannel.c at line 12, lib/vtls/schannel.c at line 18, lib/vtls/schannel.h at line 13, lib/vtls/schannel.h at line 19, lib/vtls/schannel_verify.c at line 12, lib/vtls/schannel_verify.c at line 18, lib/vtls/sectransp.c at line 11, lib/vtls/sectransp.c at line 17, lib/vtls/sectransp.h at line 13, lib/vtls/sectransp.h at line 19, lib/vtls/vtls.c at line 10, lib/vtls/vtls.c at line 16, lib/vtls/vtls.h at line 12, lib/vtls/vtls.h at line 18, lib/vtls/wolfssl.c at line 10, lib/vtls/wolfssl.c at line 16, lib/vtls/wolfssl.h at line 12, lib/vtls/wolfssl.h at line 18, lib/vtls/x509asn1.c at line 10, lib/vtls/x509asn1.c at line 16, lib/vtls/x509asn1.h at line 13, lib/vtls/x509asn1.h at line 19, lib/warnless.c at line 10, lib/warnless.c at line 16, lib/warnless.h at line 12, lib/warnless.h at line 18, lib/wildcard.c at line 10, lib/wildcard.c at line 16, lib/wildcard.h at line 12, lib/wildcard.h at line 18 Note: matched license text is too long. Read it in the source files. Scancode info: Original SPDX id: curl @@ -100,6 +100,7 @@ FILE_INCLUDE COPYING found in files: include/curl/curl.h at line 12, include/cur include/curl/curl.h [12:21] include/curl/curlver.h [12:21] include/curl/easy.h [12:21] + include/curl/header.h [12:21] include/curl/mprintf.h [12:21] include/curl/multi.h [12:21] include/curl/options.h [12:21] @@ -206,6 +207,8 @@ FILE_INCLUDE COPYING found in files: include/curl/curl.h at line 12, include/cur lib/h2h3.h [12:21] lib/hash.c [10:19] lib/hash.h [12:21] + lib/headers.c [10:19] + lib/headers.h [12:21] lib/hmac.c [10:19] lib/hostasyn.c [10:19] lib/hostip.c [10:19] @@ -317,6 +320,8 @@ FILE_INCLUDE COPYING found in files: include/curl/curl.h at line 12, include/cur lib/telnet.h [12:21] lib/tftp.c [10:19] lib/tftp.h [12:21] + lib/timediff.c [10:19] + lib/timediff.h [12:21] lib/timeval.c [10:19] lib/timeval.h [12:21] lib/transfer.c [10:19] @@ -345,6 +350,7 @@ FILE_INCLUDE COPYING found in files: include/curl/curl.h at line 12, include/cur lib/version.c [10:19] lib/version_win32.c [10:19] lib/version_win32.h [12:21] + lib/vquic/msh3.c [10:19] lib/vquic/ngtcp2.c [10:19] lib/vquic/quiche.c [10:19] lib/vquic/vquic.c [10:19] diff --git a/contrib/libs/curl/.yandex_meta/licenses.list.txt b/contrib/libs/curl/.yandex_meta/licenses.list.txt index 7dc5bdbb93..2fc459c916 100644 --- a/contrib/libs/curl/.yandex_meta/licenses.list.txt +++ b/contrib/libs/curl/.yandex_meta/licenses.list.txt @@ -88,7 +88,7 @@ ====================COPYRIGHT==================== - * Copyright (C) 2011 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. ====================COPYRIGHT==================== @@ -171,7 +171,7 @@ ====================COPYRIGHT==================== - * Copyright (C) 2015 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2015 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2012 - 2014, Linus Nielsen Feltzing, <linus@haxx.se> @@ -206,11 +206,11 @@ ====================COPYRIGHT==================== - * Copyright (C) 2018 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2018 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. ====================COPYRIGHT==================== - * Copyright (C) 2018 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. ====================COPYRIGHT==================== @@ -277,6 +277,10 @@ ====================COPYRIGHT==================== + * Copyright (C) 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + + +====================COPYRIGHT==================== * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * Copyright (c) 2004 - 2022 Daniel Stenberg diff --git a/contrib/libs/curl/CMakeLists.darwin.txt b/contrib/libs/curl/CMakeLists.darwin.txt index 29c86a358e..d745696e09 100644 --- a/contrib/libs/curl/CMakeLists.darwin.txt +++ b/contrib/libs/curl/CMakeLists.darwin.txt @@ -86,6 +86,7 @@ target_sources(contrib-libs-curl PRIVATE ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/gopher.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/h2h3.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hash.c + ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/headers.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hmac.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hostasyn.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hostip.c @@ -149,6 +150,7 @@ target_sources(contrib-libs-curl PRIVATE ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/system_win32.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/telnet.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/tftp.c + ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/timediff.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/timeval.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/transfer.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/url.c @@ -168,6 +170,7 @@ target_sources(contrib-libs-curl PRIVATE ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vauth/vauth.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/version.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/version_win32.c + ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vquic/msh3.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vquic/ngtcp2.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vquic/quiche.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vquic/vquic.c diff --git a/contrib/libs/curl/CMakeLists.linux.txt b/contrib/libs/curl/CMakeLists.linux.txt index 4a179f74cf..9184b02766 100644 --- a/contrib/libs/curl/CMakeLists.linux.txt +++ b/contrib/libs/curl/CMakeLists.linux.txt @@ -82,6 +82,7 @@ target_sources(contrib-libs-curl PRIVATE ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/gopher.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/h2h3.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hash.c + ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/headers.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hmac.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hostasyn.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/hostip.c @@ -145,6 +146,7 @@ target_sources(contrib-libs-curl PRIVATE ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/system_win32.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/telnet.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/tftp.c + ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/timediff.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/timeval.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/transfer.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/url.c @@ -164,6 +166,7 @@ target_sources(contrib-libs-curl PRIVATE ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vauth/vauth.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/version.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/version_win32.c + ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vquic/msh3.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vquic/ngtcp2.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vquic/quiche.c ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/vquic/vquic.c diff --git a/contrib/libs/curl/RELEASE-NOTES b/contrib/libs/curl/RELEASE-NOTES index b16e31f1eb..2a42846769 100644 --- a/contrib/libs/curl/RELEASE-NOTES +++ b/contrib/libs/curl/RELEASE-NOTES @@ -1,191 +1,147 @@ -curl and libcurl 7.82.0 +curl and libcurl 7.83.0 - Public curl releases: 206 - Command line options: 245 + Public curl releases: 207 + Command line options: 247 curl_easy_setopt() options: 295 - Public functions in libcurl: 86 - Contributors: 2597 + Public functions in libcurl: 88 + Contributors: 2625 This release includes the following changes: - o curl: add --json [67] - o mesalink: remove support [23] + o curl: add %header{name} experimental support in -w handling + o curl: add %{header_json} experimental support in -w handling + o curl: add --no-clobber [28] + o curl: add --remove-on-error [11] + o header api: add curl_easy_header and curl_easy_nextheader [56] + o msh3: add support for QUIC and HTTP/3 using msh3 [84] This release includes the following bugfixes: - o appveyor: update images from VS 2019 to 2022 - o appveyor: use VS 2017 image for the autotools builds - o azure-pipelines: add a build on Windows with libssh [154] - o bearssl: fix connect error on expired cert and no verify [132] - o bearssl: fix EXC_BAD_ACCESS on incomplete CA cert [131] - o bearssl: fix session resumption (session id) [133] - o build: enable -Warith-conversion - o build: fix -Wenum-conversion handling - o build: fix ngtcp2 crypto library detection [63] - o checkprefix: remove strlen calls [128] - o checksrc: fix typo in comment [34] - o CI: move 'distcheck' job from zuul to azure pipelines [60] - o CI: move scan-build job from Zuul to Azure Pipelines [59] - o CI: move the NSS job from zuul to GHA [84] - o ci: move the OpenSSL + c-ares job from Zuul to Circle CI [75] - o CI: move the rustls CI job to GHA from Zuul [8] - o CI: move two jobs from Zuul to Circle CI [73] - o CI: test building wolfssl with --enable-opensslextra [42] - o CI: workflows/wolfssl: install impacket [47] - o circleci: add a job using libssh [121] - o cirlceci: also run a c-ares job on arm with debug enabled [74] - o cmake: fix iOS CMake project generation error [13] - o cmdline-opts/gen.pl: fix option matching to improve references [50] - o config.d: Clarify _curlrc filename is still valid on Windows [95] - o configure.ac: use user-specified gssapi dir when using pkg-config [136] - o configure: change output for cross-compiled alt-svc support [140] - o configure: fix '--enable-code-coverage' typo [110] - o configure: remove support for "embedded ares" [82] - o configure: requires --with-nss-deprecated to build with NSS [114] - o configure: set CURL_LIBRARY_PATH for nghttp2 [58] - o configure: support specification of a nghttp2 library path [101] - o configure: use correct CFLAGS for threaded resolver with xlC on AIX [54] - o curl tool: erase some more sensitive command line arguments [22] - o curl-functions.m4: fix LIBRARY_PATH adjustment to avoid eval [5] - o curl-functions.m4: revert DYLD_LIBRARY_PATH tricks in CURL_RUN_IFELSE [9] - o curl-openssl: fix SRP check for OpenSSL 3.0 [86] - o curl-openssl: remove the OpenSSL headers and library versions check [35] - o curl.h: fix typo [129] - o curl: remove "separators" (when using globbed URLs) [32] - o curl_getdate.3: remove pointless .PP line [68] - o curl_multi_socket.3: remove callback and typical usage descriptions [7] - o curl_url_set.3: mention when CURLU_ALLOW_SPACE was added - o CURLMOPT_TIMERFUNCTION/DATA.3: fix the examples [27] - o CURLOPT_PROGRESSFUNCTION.3: fix example struct assignment [147] - o CURLOPT_RESOLVE.3: change example port to 443 - o CURLOPT_XFERINFOFUNCTION.3: fix example struct assignment [153] - o CURLOPT_XFERINFOFUNCTION.3: fix typo in example [81] - o CURLSHOPT_LOCKFUNC.3: fix typo "relased" -> "released" [71] - o des: fix compile break for OpenSSL without DES [141] - o docs/cmdline-opts: add "mutexed" options for more http versions [25] - o docs/DEPRECATE: remove NPN support in August 2022 [64] - o docs: capitalize the name 'Netscape' [77] - o docs: document HTTP/2 not insisting on TLS 1.2 [49] - o docs: fix mandoc -T lint formatting complaints [2] - o docs: update IETF links to use datatracker [41] - o examples/curlx: support building with OpenSSL 1.1.0+ [148] - o examples/multi-app.c: call curl_multi_remove_handle as well [19] - o formdata: avoid size_t => long typecast overflows [37] - o ftp: provide error message for control bytes in path [66] - o gen.pl: terminate "example" sections better [4] - o gha: add a macOS CI job with libssh [142] - o gskit: Convert to using Curl_poll [111] - o gskit: Fix errors from Curl_strerror refactor [113] - o gskit: Fix initialization of Curl_ssl_gskit struct [112] - o h2/h3: allow CURLOPT_HTTPHEADER change ":scheme" [88] - o hostcheck: fixed to not touch used input strings [38] - o hostcheck: reduce strlen calls on chained certificates [92] - o hostip: avoid unused parameter error in Curl_resolv_check [144] - o http2: move two infof calls to debug-h2-only [145] - o http: make Curl_compareheader() take string length arguments too [87] - o if2ip: make Curl_ipv6_scope a blank macro when IPv6-disabled [104] - o KNOWN_BUGS: fix typo "libpsl" - o ldap: return CURLE_URL_MALFORMAT for bad URL [24] - o lib: remove support for CURL_DOES_CONVERSIONS [96] - o libssh2: don't typecast socket to int for libssh2_session_handshake [151] - o libssh: fix include files and defines use for Windows builds [156] - o Makefile.am: Generate VS 2022 projects - o maketgz: return error if 'make dist' fails [79] - o mbedtls: enable use of mbedtls without CRL support [57] - o mbedtls: enable use of mbedtls without filesystem functions support [100] - o mbedtls: fix CURLOPT_SSLCERT_BLOB (again) - o mbedtls: fix ssl_init error with mbedTLS 3.1.0+ [12] - o mbedtls: remove #include <mbedtls/certs.h> [56] - o mbedtls: return CURLcode result instead of a mbedtls error code [1] - o md5: check md5_init_func return value - o mime: use a define instead of the magic number 24 [89] - o misc: allow curl to build with wolfssl --enable-opensslextra [43] - o misc: remove BeOS code and references [30] - o misc: remove the final watcom references [29] - o misc: remove unused data when IPv6 is not supported [80] - o mqtt: free 'sendleftovers' in disconnect [115] - o mqtt: free any send leftover data when done [36] - o multi: allow user callbacks to call curl_multi_assign [126] - o multi: grammar fix in comment [69] - o multi: remember connection_id before returning connection to pool [76] - o multi: set in_callback for multi interface callbacks [28] - o netware: remove support [72] - o next.d. remove .fi/.nf as they are handled by gen.pl [3] - o ngtcp2: adapt to changed end of headers callback proto [39] - o ngtcp2: fix declaration of ‘result’ shadows a previous local [14] - o ngtcp2: Reset dynbuf when it is fully drained [143] - o nss: handshake callback during shutdown has no conn->bundle [55] - o ntlm: remove unused feature defines [117] - o openldap: fix compiler warning when built without SSL support [70] - o openldap: implement SASL authentication [16] - o openldap: pass string length arguments to client_write() [116] - o openssl.h: avoid including OpenSSL headers here [15] - o openssl: check if sessionid flag is enabled before retrieving session [125] - o openssl: check SSL_get_ex_data to prevent potential NULL dereference [40] - o openssl: check the return value of BIO_new_mem_buf() [18] - o openssl: fix `ctx_option_t` for OpenSSL v3+ - o openssl: fix build for version < 1.1.0 [134] - o openssl: return error if TLS 1.3 is requested when not supported [45] - o os400: Add function wrapper for system command [138] - o os400: Add link to QADRT devkit to README.OS400 [137] - o os400: Default build to target current release [139] - o OS400: fix typos in rpg include file [149] - o projects: add support for Visual Studio 17 (2022) [124] - o projects: fix Visual Studio wolfSSL configurations - o projects: remove support for MSVC before VC10 (Visual Studio 2010) [123] - o quiche: after leaving h3_recving state, poll again [108] - o quiche: change qlog file extension to `.sqlog` [44] - o quiche: fix upload for bigger content-length [146] - o quiche: handle stream reset [83] - o quiche: remove two leftover debug infof() outputs - o quiche: verify the server cert on connect [33] - o quiche: when *recv_body() returns data, drain it before polling again [109] - o README.md: fix links [118] - o remote-header-name.d: clarify [10] - o runtests.pl: disable debuginfod [51] - o runtests.pl: properly print the test if it contains binary zeros - o runtests.pl: support the nonewline attribute for the data part [21] - o runtests.pl: tolerate test directories without Makefile.inc [98] - o runtests: allow client/file to specify multiple directories - o runtests: make 'rustls' a testable feature - o runtests: make 'wolfssl' a testable feature [6] - o runtests: set 'oldlibssh' for libssh versions before 0.9.5 [122] - o rustls: add CURLOPT_CAINFO_BLOB support [26] - o schannel: move the algIds array out of schannel.h [135] - o scripts/cijobs.pl: output data about all currect CI jobs [78] - o scripts/completion.pl: improve zsh completion [46] - o scripts/copyright.pl: support many provided file names on the cmdline - o scripts/delta: check the file delta for current branch - o sectransp: mark a 3DES cipher as weak [130] - o setopt: do bounds-check before strdup [99] - o setopt: fix the TLSAUTH #ifdefs for proxy-disabled builds [53] - o sha256: Fix minimum OpenSSL version [102] - o smb: pass socket for writing and reading data instead of FIRSTSOCKET [90] - o ssl: reduce allocated space for ssl backend when FTP is disabled [127] - o test3021: disable all msys2 path transformation - o test374: gif data without new line at the end [20] - o tests/disable-scan.pl: properly detect multiple symbols per line [94] - o tests/unit/Makefile.am: add NSS_LIBS to build with NSS fine [85] - o tool_findfile: check ~/.config/curlrc too [17] - o tool_getparam: DNS options that need c-ares now fail without it [31] - o TPF: drop support [97] - o unit1610: init SSL library before calling SHA256 functions [152] - o url: exclude zonefrom_url when no ipv6 is available [103] - o url: given a user in the URL, find pwd for that user in netrc [11] - o url: keep trailing dot in host name [62] - o url: make Curl_disconnect return void [48] - o urlapi: handle "redirects" smarter [119] - o urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled [52] - o urldata: remove conn->bits.user_passwd [105] - o version_win32: fix warning for `CURL_WINDOWS_APP` [93] - o vtls: fix socket check conditions [150] - o vtls: pass on the right SNI name [61] - o vxworks: drop support [65] - o winbuild: add parameter WITH_SSH [120] - o wolfssl: return CURLE_AGAIN for the SSL_ERROR_NONE case [106] - o wolfssl: when SSL_read() returns zero, check the error [107] - o write-out.d: Fix num_headers formatting - o x509asn1: toggle off functions not needed for diff tls backends [91] + o appveyor: add Cygwin build [77] + o appveyor: only add MSYS2 to PATH where required [78] + o BearSSL: add CURLOPT_SSL_CIPHER_LIST support [27] + o BearSSL: add CURLOPT_SSL_CTX_FUNCTION support [26] + o BINDINGS.md: add Hollywood binding [34] + o CI: Do not use buildconf. Instead, just use: autoreconf -fi [42] + o CI: install Python package impacket to run SMB test 1451 [5] + o configure.ac: move -pthread CFLAGS setting back where it used to be [14] + o configure: bump the copyright year range int the generated output + o conncache: include the zone id in the "bundle" hashkey [112] + o connecache: remove duplicate connc->closure_handle check [90] + o connect: make Curl_getconnectinfo work with conn cache from share handle [22] + o connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined [6] + o cookie.d: clarify when cookies are sent + o cookies: improve errorhandling for reading cookiefile [123] + o curl/system.h: update ifdef condition for MCST-LCC compiler [4] + o curl: error out if -T and -d are used for the same URL [99] + o curl: error out when options need features not present in libcurl [18] + o curl: escape '?' in generated --libcurl code [117] + o curl: fix segmentation fault for empty output file names. [60] + o curl_easy_header: fix typos in documentation [74] + o CURLINFO_PRIMARY_PORT.3: clarify which port this is [126] + o CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS [105] + o CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL + o CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs [79] + o CURLOPT_PROGRESSFUNCTION.3: fix typo in example [63] + o CURLOPT_UNRESTRICTED_AUTH.3: extended explanation [127] + o CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype [9] + o docs/HYPER.md: updated to reflect current hyper build needs + o docs/opts: Mention Schannel client cert type is P12 [50] + o docs: Fix missing semicolon in example code [102] + o docs: lots of minor language polish [51] + o English: use American spelling consistently [95] + o fail.d: tweak the description [101] + o firefox-db2pem.sh: make the shell script safer [47] + o ftp: fix error message for partial file upload [61] + o gen.pl: change wording for mutexed options [98] + o GHA: add openssl3 jobs moved over from zuul [88] + o GHA: build hyper with nightly rustc [7] + o GHA: move bearssl jobs over from zuul [85] + o gha: move the event-based test over from Zuul [59] + o gtls: fix build for disabled TLS-SRP [48] + o http2: handle DONE called for the paused stream [69] + o http2: RST the stream if we stop it on our own will [67] + o http: avoid auth/cookie on redirects same host diff port [110] + o http: close the stream (not connection) on time condition abort [68] + o http: reject header contents with nul bytes [41] + o http: return error on colon-less HTTP headers [31] + o http: streamclose "already downloaded" [57] + o hyper: fix status_line() return code [13] + o hyper: fix tests 580 and 581 for hyper [107] + o hyper: no h2c support [33] + o infof: consistent capitalization of warning messages [103] + o ipv4/6.d: clarify that they are about using IP addresses [3] + o json.d: fix typo (overriden -> overridden) [24] + o keepalive-time.d: It takes many probes to detect brokenness [29] + o lib/warnless.[ch]: only check for WIN32 and ignore _WIN32 [45] + o lib670: avoid double check result [71] + o lib: #ifdef on USE_HTTP2 better [65] + o lib: fix some misuse of curlx_convert_wchar_to_UTF8 [38] + o lib: remove exclamation marks [100] + o libssh2: compare sha256 strings case sensitively [114] + o libssh2: make the md5 comparison fail if wrong length [111] + o libssh: fix build with old libssh versions [12] + o libssh: fix double close [124] + o libssh: Improve fix for missing SSH_S_ stat macros [10] + o libssh: unstick SFTP transfers when done event-based [58] + o macos: set .plist version in autoconf [122] + o mbedtls: remove 'protocols' array from backend when ALPN is not used [66] + o mbedtls: remove server_fd from backend [91] + o mk-ca-bundle.pl: Use stricter logic to process the certificates [39] + o mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl [8] + o mlc_config.json: add file to ignore known troublesome URLs [35] + o mqtt: better handling of TCP disconnect mid-message [55] + o ngtcp2: add client certificate authentication for OpenSSL [15] + o ngtcp2: avoid busy loop in low CWND situation [119] + o ngtcp2: deal with sub-millisecond timeout [116] + o ngtcp2: disconnect the QUIC connection proper [19] + o ngtcp2: enlarge H3_SEND_SIZE [82] + o ngtcp2: fix HTTP/3 upload stall and avoid busy loop [83] + o ngtcp2: fix memory leak [80] + o ngtcp2: fix QUIC_IDLE_TIMEOUT [94] + o ngtcp2: make curl 1ms faster [93] + o ngtcp2: remove remote_addr which is not used in a meaningful way [81] + o ngtcp2: update to work after recent ngtcp2 updates [62] + o ngtcp2: use token when detecting :status header field [92] + o nonblock: restore setsockopt method to curlx_nonblock [20] + o openssl: check SSL_get_peer_cert_chain return value [1] + o openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL [23] + o openssl: fix CN check error code [21] + o options: remove mistaken space before paren in prototype + o perl: removed a double semicolon at end of line [64] + o pop3/smtp: return *WEIRD_SERVER_REPLY when not understood [43] + o projects/README: converted to markdown [76] + o projects: Update VC version names for VS2017, VS2022 [52] + o rtsp: don't let CSeq error override earlier errors [37] + o runtests: add 'bearssl' as testable feature [87] + o runtests: make 'oldlibssh' be before 0.9.4 [2] + o schannel: remove dead code that will never run [89] + o scripts/copyright.pl: ignore the new mlc_config.json file + o scripts: move three scripts from lib/ to scripts/ [44] + o test1135: sync with recent API updates [54] + o test1459: disable for oldlibssh [53] + o test375: fix line endings on Windows [40] + o test386: Fix an incorrect test markup tag + o test718: edited slightly to return better HTTP [32] + o tests/server/util.h: align WIN32 condition with util.c [46] + o tests: refactor server/socksd.c to support --unix-socket [96] + o timediff.[ch]: add curlx helper functions for timeval conversions [86] + o tls: make mbedtls and NSS check for h2, not nghttp2 [70] + o tool and tests: force flush of all buffers at end of program [17] + o tool_cb_hdr: Turn the Location: into a terminal hyperlink [30] + o tool_getparam: error out on missing -K file [115] + o tool_listhelp.c: uppercase URL + o tool_operate: fix a scan-build warning [16] + o tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3) [97] + o transfer: redirects to other protocols or ports clear auth [109] + o unit1620: call global_init before calling Curl_open [125] + o url: check sasl additional parameters for connection reuse. [113] + o vtls: provide a unified APLN-disagree string for all backends [75] + o vtls: use a backend standard message for "ALPN: offers %s" [73] + o vtls: use a generic "ALPN, server accepted" message [72] + o winbuild/README.md: fixup dead link [36] + o winbuild: Add a Visual Studio example to the README [49] + o wolfssl: fix compiler error without IPv6 [25] This release includes the following known bugs: @@ -194,179 +150,143 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - 1337vt on github, Alejandro R. Sedeño, Alessandro Ghedini, Antoine Pietri, - Bernhard Walle, Bjarni Ingi Gislason, Cameron Will, Charles Cazabon, - coralw on github, Dan Fandrich, Daniel Stenberg, Davide Cassioli, - Eric Musser, Fabian Keil, Fabian Yamaguchi, Farzin on github, Filip Lundgren, - gaoxingwang on github, Harry Sarson, Henrik Holst, Ikko Ashimine, - illusory-dream on github, Jan Ehrhardt, Jan-Piet Mens, Jan Venekamp, - Jean-Philippe Menil, jhoyla on github, Jim Beveridge, Joel Depooter, - John H. Ayad, jonny112 on github, Kantanat Wannapaka, Kevin Adler, - Kushal Das, Leah Neukirchen, Lucas Pardue, luminixinc on github, - Manfred Schwarb, Marcel Raad, Melroy van den Berg, Michael Kaufmann, - Michael Wallner, MichaÅ‚ Antoniak, Neal McBurnett, neutric on github, - Niels Martignène, Patrick Monnerat, pheiduck on github, Ray Satiro, - Rob Boeckermann, Ryan Schmidt, Samuel Henrique, Sandro Jaeckel, - Satadru Pramanik, Sebastian Sterk, siddharthchhabrap on github, Stav Nir, - Stefan Eissing, Stephen Boost, Stephen M. Coakley, Stewart Gebbie, - Tatsuhiro Tsujikawa, updatede on github, Viktor Szakats, vl409 on github, - Xiaoke Wang, æ¢¦ç»ˆæ— ç—• - (67 contributors) + Alejandro R. Sedeño, Andreas Falkenhahn, Andrey Alifanov, + anon00000000 on github, Balakrishnan Balasubramanian, Boris Verkhovskiy, + Brad Spencer, Christian Schmitz, Christopher Degawa, Colin Leroy, + Dan Fandrich, Daniel Gustafsson, Daniel Stenberg, Daniel Valenzuela, + Don J Olmstead, Emanuele Torre, Evangelos Foutras, Francisco Olarte, + Frank Meier, Gisle Vanem, Harry Sintonen, Ian Blanes, Jan Venekamp, + Jay Dommaschk, Jean-Philippe Menil, Jenny Heino, Joseph Chen, + jurisuk on github, Kristoffer Gleditsch, Kushal Das, Leandro Coutinho, + Liam Warfield, Marcel Raad, Marc Hörsken, Matteo Baccan, + Median Median Stride, mehatzri on github, Michael Kaufmann, MichaÅ‚ Antoniak, + Nick Banks, Nick Coghlan, Nick Zitzmann, Patrick Monnerat, Paul Howarth, + PaweÅ‚ Kowalski, Peter Korsgaard, pheiduck on github, r-a-sattarov on github, + Ray Satiro, Rianov Viacheslav, Robert Brose, Robert Charles Muir, + Robin A. Meade, Samuel Henrique, Sascha Zengler, Taras Kushnir, + Tatsuhiro Tsujikawa, Timothe Litt, Viktor Szakats, HexTheDragon + (60 contributors) References to bug reports and discussions on issues: - [1] = https://curl.se/bug/?i=8266 - [2] = https://curl.se/bug/?i=8228 - [3] = https://curl.se/bug/?i=8228 - [4] = https://curl.se/bug/?i=8228 - [5] = https://curl.se/bug/?i=8229 - [6] = https://curl.se/bug/?i=8252 - [7] = https://curl.se/bug/?i=8262 - [8] = https://curl.se/bug/?i=8251 - [9] = https://curl.se/bug/?i=8229 - [10] = https://curl.se/bug/?i=8249 - [11] = https://curl.se/bug/?i=8241 - [12] = https://curl.se/bug/?i=8238 - [13] = https://curl.se/bug/?i=8244 - [14] = https://curl.se/bug/?i=8245 - [15] = https://curl.se/bug/?i=8240 - [16] = https://curl.se/bug/?i=8152 - [17] = https://curl.se/bug/?i=8208 - [18] = https://curl.se/bug/?i=8233 - [19] = https://curl.se/bug/?i=8234 - [20] = https://curl.se/bug/?i=8239 - [21] = https://curl.se/bug/?i=8239 - [22] = https://curl.se/bug/?i=7964 - [23] = https://curl.se/bug/?i=8188 - [24] = https://curl.se/bug/?i=8170 - [25] = https://curl.se/bug/?i=8254 - [26] = https://curl.se/bug/?i=8255 - [27] = https://curl.se/bug/?i=8286 - [28] = https://curl.se/bug/?i=8282 - [29] = https://curl.se/bug/?i=8287 - [30] = https://curl.se/bug/?i=8288 - [31] = https://curl.se/bug/?i=8285 - [32] = https://curl.se/bug/?i=8278 - [33] = https://curl.se/bug/?i=8173 - [34] = https://curl.se/bug/?i=8281 - [35] = https://curl.se/bug/?i=8279 - [36] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43515 - [37] = https://hackerone.com/reports/1444539 - [38] = https://curl.se/bug/?i=8321 - [39] = https://curl.se/bug/?i=8322 - [40] = https://curl.se/bug/?i=8268 - [41] = https://curl.se/bug/?i=8317 - [42] = https://curl.se/bug/?i=8315 - [43] = https://curl.se/bug/?i=8292 - [44] = https://curl.se/bug/?i=8316 - [45] = https://curl.se/bug/?i=8309 - [46] = https://curl.se/bug/?i=8363 - [47] = https://curl.se/bug/?i=8307 - [48] = https://curl.se/bug/?i=8303 - [49] = https://curl.se/bug/?i=8235 - [50] = https://curl.se/bug/?i=8299 - [51] = https://curl.se/bug/?i=8291 - [52] = https://curl.se/bug/?i=8350 - [53] = https://curl.se/bug/?i=8350 - [54] = https://curl.se/bug/?i=8276 - [55] = https://curl.se/bug/?i=8341 - [56] = https://curl.se/bug/?i=8343 - [57] = https://curl.se/bug/?i=8344 - [58] = https://curl.se/bug/?i=8340 - [59] = https://curl.se/bug/?i=8338 - [60] = https://curl.se/bug/?i=8334 - [61] = https://curl.se/bug/?i=8320 - [62] = https://curl.se/bug/?i=8290 - [63] = https://curl.se/bug/?i=8372 - [64] = https://curl.se/bug/?i=8458 - [65] = https://curl.se/bug/?i=8362 - [66] = https://curl.se/bug/?i=8460 - [67] = https://curl.se/bug/?i=8314 - [68] = https://curl.se/bug/?i=8365 - [69] = https://curl.se/bug/?i=8368 - [70] = https://curl.se/bug/?i=8367 - [71] = https://curl.se/bug/?i=8364 - [72] = https://curl.se/bug/?i=8358 - [73] = https://curl.se/bug/?i=8359 - [74] = https://curl.se/bug/?i=8357 - [75] = https://curl.se/bug/?i=8357 - [76] = https://hackerone.com/reports/1463013 - [77] = https://curl.se/bug/?i=8354 - [78] = https://curl.se/bug/?i=8408 - [79] = https://curl.se/mail/lib-2022-02/0070.html - [80] = https://curl.se/bug/?i=8430 - [81] = https://curl.se/bug/?i=8487 - [82] = https://curl.se/bug/?i=8397 - [83] = https://curl.se/bug/?i=8437 - [84] = https://curl.se/bug/?i=8396 - [85] = https://curl.se/bug/?i=8396 - [86] = https://curl.se/bug/?i=8394 - [87] = https://curl.se/bug/?i=8391 - [88] = https://curl.se/bug/?i=8381 - [89] = https://curl.se/bug/?i=8441 - [90] = https://curl.se/bug/?i=8383 - [91] = https://curl.se/bug/?i=8386 - [92] = https://curl.se/bug/?i=8428 - [93] = https://curl.se/bug/?i=8385 - [94] = https://curl.se/bug/?i=8384 - [95] = https://curl.se/bug/?i=8382 - [96] = https://curl.se/bug/?i=8378 - [97] = https://curl.se/bug/?i=8378 - [98] = https://curl.se/bug/?i=8379 - [99] = https://curl.se/bug/?i=8377 - [100] = https://curl.se/bug/?i=8376 - [101] = https://curl.se/bug/?i=8375 - [102] = https://curl.se/bug/?i=8464 - [103] = https://curl.se/bug/?i=8439 - [104] = https://curl.se/bug/?i=8439 - [105] = https://curl.se/bug/?i=8449 - [106] = https://curl.se/bug/?i=8431 - [107] = https://curl.se/bug/?i=8431 - [108] = https://curl.se/bug/?i=8436 - [109] = https://curl.se/bug/?i=8429 - [110] = https://curl.se/bug/?i=8425 - [111] = https://curl.se/bug/?i=8454 - [112] = https://curl.se/bug/?i=8454 - [113] = https://curl.se/bug/?i=8454 - [114] = https://curl.se/bug/?i=8395 - [115] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43646 - [116] = https://curl.se/bug/?i=8404 - [117] = https://curl.se/bug/?i=8453 - [118] = https://curl.se/bug/?i=8448 - [119] = https://curl.se/bug/?i=8450 - [120] = https://curl.se/bug/?i=8514 - [121] = https://curl.se/bug/?i=8444 - [122] = https://curl.se/bug/?i=8444 - [123] = https://curl.se/bug/?i=8442 - [124] = https://curl.se/bug/?i=8438 - [125] = https://curl.se/bug/?i=8472 - [126] = https://curl.se/bug/?i=8480 - [127] = https://curl.se/bug/?i=8471 - [128] = https://curl.se/bug/?i=8481 - [129] = https://curl.se/bug/?i=8482 - [130] = https://curl.se/bug/?i=8479 - [131] = https://curl.se/bug/?i=8476 - [132] = https://curl.se/bug/?i=8475 - [133] = https://curl.se/bug/?i=8474 - [134] = https://curl.se/bug/?i=8470 - [135] = https://curl.se/bug/?i=8469 - [136] = https://curl.se/bug/?i=8289 - [137] = https://curl.se/bug/?i=8455 - [138] = https://curl.se/bug/?i=8455 - [139] = https://curl.se/bug/?i=8455 - [140] = https://curl.se/bug/?i=8512 - [141] = https://curl.se/bug/?i=8459 - [142] = https://curl.se/bug/?i=8513 - [143] = https://curl.se/bug/?i=7351 - [144] = https://curl.se/bug/?i=8505 - [145] = https://curl.se/bug/?i=8502 - [146] = https://curl.se/bug/?i=8421 - [147] = https://curl.se/bug/?i=8500 - [148] = https://curl.se/bug/?i=8529 - [149] = https://curl.se/bug/?i=8494 - [150] = https://curl.se/bug/?i=8493 - [151] = https://curl.se/bug/?i=8492 - [152] = https://curl.se/bug/?i=8538 - [153] = https://curl.se/bug/?i=8519 - [154] = https://curl.se/bug/?i=8511 - [156] = https://curl.se/mail/lib-2022-02/0131.html + [1] = https://curl.se/bug/?i=8579 + [2] = https://curl.se/bug/?i=8548 + [3] = https://curl.se/bug/?i=8543 + [4] = https://curl.se/bug/?i=8546 + [5] = https://curl.se/bug/?i=8544 + [6] = https://curl.se/bug/?i=8539 + [7] = https://curl.se/bug/?i=8545 + [8] = https://curl.se/bug/?i=8412 + [9] = https://curl.se/bug/?i=8573 + [10] = https://curl.se/bug/?i=8588 + [11] = https://curl.se/bug/?i=8503 + [12] = https://curl.se/bug/?i=8574 + [13] = https://curl.se/bug/?i=8572 + [14] = https://curl.se/bug/?i=8541 + [15] = https://curl.se/bug/?i=8522 + [16] = https://curl.se/bug/?i=8565 + [17] = https://curl.se/bug/?i=8516 + [18] = https://curl.se/bug/?i=8565 + [19] = https://curl.se/bug/?i=8534 + [20] = https://curl.se/bug/?i=8562 + [21] = https://curl.se/bug/?i=8559 + [22] = https://curl.se/bug/?i=8524 + [23] = https://curl.se/bug/?i=8553 + [24] = https://curl.se/bug/?i=8557 + [25] = https://curl.se/bug/?i=8550 + [26] = https://curl.se/bug/?i=8478 + [27] = https://curl.se/bug/?i=8477 + [28] = https://curl.se/bug/?i=7708 + [29] = https://curl.se/bug/?i=8570 + [30] = https://curl.se/bug/?i=7963 + [31] = https://curl.se/bug/?i=8610 + [32] = https://github.com/hyperium/hyper/issues/2783 + [33] = https://curl.se/bug/?i=8605 + [34] = https://curl.se/bug/?i=8609 + [35] = https://curl.se/bug/?i=8597 + [36] = https://curl.se/bug/?i=8597 + [37] = https://curl.se/bug/?i=8525 + [38] = https://curl.se/bug/?i=8521 + [39] = https://curl.se/bug/?i=8411 + [40] = https://curl.se/bug/?i=8599 + [41] = https://curl.se/bug/?i=8601 + [42] = https://curl.se/bug/?i=8596 + [43] = https://curl.se/bug/?i=8506 + [44] = https://curl.se/bug/?i=8625 + [45] = https://curl.se/bug/?i=8594 + [46] = https://curl.se/bug/?i=8594 + [47] = https://curl.se/bug/?i=8616 + [48] = https://curl.se/mail/lib-2022-03/0046.html + [49] = https://curl.se/bug/?i=8592 + [50] = https://curl.se/bug/?i=8587 + [51] = https://curl.se/bug/?i=8646 + [52] = https://curl.se/bug/?i=8447 + [53] = https://curl.se/bug/?i=8622 + [54] = https://curl.se/bug/?i=8620 + [55] = https://hackerone.com/reports/1521610 + [56] = https://curl.se/bug/?i=8593 + [57] = https://curl.se/bug/?i=8665 + [58] = https://curl.se/bug/?i=8490 + [59] = https://curl.se/bug/?i=8490 + [60] = https://curl.se/bug/?i=8606 + [61] = https://curl.se/bug/?i=8637 + [62] = https://curl.se/bug/?i=8638 + [63] = https://curl.se/bug/?i=8636 + [64] = https://curl.se/bug/?i=8709 + [65] = https://curl.se/bug/?i=8661 + [66] = https://curl.se/bug/?i=8663 + [67] = https://curl.se/bug/?i=8664 + [68] = https://curl.se/bug/?i=8664 + [69] = https://curl.se/bug/?i=8626 + [70] = https://curl.se/bug/?i=8656 + [71] = https://curl.se/bug/?i=8660 + [72] = https://curl.se/bug/?i=8657 + [73] = https://curl.se/bug/?i=8657 + [74] = https://curl.se/bug/?i=8694 + [75] = https://curl.se/bug/?i=8643 + [76] = https://curl.se/bug/?i=8652 + [77] = https://curl.se/bug/?i=8693 + [78] = https://curl.se/bug/?i=8693 + [79] = https://curl.se/bug/?i=8602 + [80] = https://curl.se/bug/?i=8691 + [81] = https://curl.se/bug/?i=8689 + [82] = https://curl.se/bug/?i=8690 + [83] = https://curl.se/bug/?i=8688 + [84] = https://curl.se/bug/?i=8517 + [85] = https://curl.se/bug/?i=8684 + [86] = https://curl.se/bug/?i=8595 + [87] = https://curl.se/bug/?i=8684 + [88] = https://curl.se/bug/?i=8683 + [89] = https://curl.se/bug/?i=8677 + [90] = https://curl.se/bug/?i=8676 + [91] = https://curl.se/bug/?i=8682 + [92] = https://curl.se/bug/?i=8679 + [93] = https://curl.se/bug/?i=8678 + [94] = https://curl.se/bug/?i=8678 + [95] = https://curl.se/bug/?i=8673 + [96] = https://curl.se/bug/?i=8687 + [97] = https://curl.se/bug/?i=8701 + [98] = https://curl.se/bug/?i=8716 + [99] = https://curl.se/bug/?i=8704 + [100] = https://curl.se/bug/?i=8713 + [101] = https://curl.se/bug/?i=8714 + [102] = https://curl.se/bug/?i=8697 + [103] = https://curl.se/bug/?i=8711 + [105] = https://curl.se/bug/?i=8753 + [107] = https://curl.se/bug/?i=8707 + [109] = https://curl.se/docs/CVE-2022-27774.html + [110] = https://curl.se/docs/CVE-2022-27776.html + [111] = https://hackerone.com/reports/1549461 + [112] = https://curl.se/docs/CVE-2022-27775.html + [113] = https://curl.se/docs/CVE-2022-22576.html + [114] = https://hackerone.com/reports/1549435 + [115] = https://hackerone.com/reports/1542881 + [116] = https://curl.se/bug/?i=8738 + [117] = https://hackerone.com/reports/1548535 + [119] = https://curl.se/bug/?i=8739 + [122] = https://curl.se/bug/?i=8692 + [123] = https://curl.se/bug/?i=8699 + [124] = https://curl.se/bug/?i=8708 + [125] = https://curl.se/bug/?i=8719 + [126] = https://curl.se/bug/?i=8725 + [127] = https://curl.se/bug/?i=8724 diff --git a/contrib/libs/curl/include/curl/curl.h b/contrib/libs/curl/include/curl/curl.h index 2e260d5168..3a2c2ea561 100644 --- a/contrib/libs/curl/include/curl/curl.h +++ b/contrib/libs/curl/include/curl/curl.h @@ -2049,7 +2049,7 @@ typedef enum { * (in seconds) */ CURLOPT(CURLOPT_MAXAGE_CONN, CURLOPTTYPE_LONG, 288), - /* SASL authorisation identity */ + /* SASL authorization identity */ CURLOPT(CURLOPT_SASL_AUTHZID, CURLOPTTYPE_STRINGPOINT, 289), /* allow RCPT TO command to fail for some recipients */ @@ -3069,6 +3069,7 @@ CURL_EXTERN CURLcode curl_easy_pause(CURL *handle, int bitmask); #include "multi.h" #include "urlapi.h" #include "options.h" +#include "header.h" /* the typechecker doesn't work in C++ (yet) */ #if defined(__GNUC__) && defined(__GNUC_MINOR__) && \ diff --git a/contrib/libs/curl/include/curl/curlver.h b/contrib/libs/curl/include/curl/curlver.h index 14d168e935..cb1745110f 100644 --- a/contrib/libs/curl/include/curl/curlver.h +++ b/contrib/libs/curl/include/curl/curlver.h @@ -30,12 +30,12 @@ /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "7.82.0" +#define LIBCURL_VERSION "7.83.0" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 7 -#define LIBCURL_VERSION_MINOR 82 +#define LIBCURL_VERSION_MINOR 83 #define LIBCURL_VERSION_PATCH 0 /* This is the numeric version of the libcurl version number, meant for easier @@ -57,7 +57,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x075200 +#define LIBCURL_VERSION_NUM 0x075300 /* * This is the date and time when the full source package was created. The @@ -68,7 +68,7 @@ * * "2007-11-23" */ -#define LIBCURL_TIMESTAMP "2022-03-05" +#define LIBCURL_TIMESTAMP "2022-04-27" #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z)) #define CURL_AT_LEAST_VERSION(x,y,z) \ diff --git a/contrib/libs/curl/include/curl/header.h b/contrib/libs/curl/include/curl/header.h new file mode 100644 index 0000000000..7715b61e22 --- /dev/null +++ b/contrib/libs/curl/include/curl/header.h @@ -0,0 +1,64 @@ +#ifndef CURLINC_HEADER_H +#define CURLINC_HEADER_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +struct curl_header { + char *name; /* this might not use the same case */ + char *value; + size_t amount; /* number of headers using this name */ + size_t index; /* ... of this instance, 0 or higher */ + unsigned int origin; /* see bits below */ + void *anchor; /* handle privately used by libcurl */ +}; + +/* 'origin' bits */ +#define CURLH_HEADER (1<<0) /* plain server header */ +#define CURLH_TRAILER (1<<1) /* trailers */ +#define CURLH_CONNECT (1<<2) /* CONNECT headers */ +#define CURLH_1XX (1<<3) /* 1xx headers */ +#define CURLH_PSEUDO (1<<4) /* pseudo headers */ + +typedef enum { + CURLHE_OK, + CURLHE_BADINDEX, /* header exists but not with this index */ + CURLHE_MISSING, /* no such header exists */ + CURLHE_NOHEADERS, /* no headers at all exist (yet) */ + CURLHE_NOREQUEST, /* no request with this number was used */ + CURLHE_OUT_OF_MEMORY, /* out of memory while processing */ + CURLHE_BAD_ARGUMENT, /* a function argument was not okay */ + CURLHE_NOT_BUILT_IN /* if API was disabled in the build */ +} CURLHcode; + +CURL_EXTERN CURLHcode curl_easy_header(CURL *easy, + const char *name, + size_t index, + unsigned int origin, + int request, + struct curl_header **hout); + +CURL_EXTERN struct curl_header *curl_easy_nextheader(CURL *easy, + unsigned int origin, + int request, + struct curl_header *prev); + +#endif /* CURLINC_HEADER_H */ diff --git a/contrib/libs/curl/include/curl/options.h b/contrib/libs/curl/include/curl/options.h index 14373b551c..91360b3581 100644 --- a/contrib/libs/curl/include/curl/options.h +++ b/contrib/libs/curl/include/curl/options.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2018 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -57,7 +57,7 @@ CURL_EXTERN const struct curl_easyoption * curl_easy_option_by_name(const char *name); CURL_EXTERN const struct curl_easyoption * -curl_easy_option_by_id (CURLoption id); +curl_easy_option_by_id(CURLoption id); CURL_EXTERN const struct curl_easyoption * curl_easy_option_next(const struct curl_easyoption *prev); diff --git a/contrib/libs/curl/include/curl/system.h b/contrib/libs/curl/include/curl/system.h index 038ac0b167..000fea6c75 100644 --- a/contrib/libs/curl/include/curl/system.h +++ b/contrib/libs/curl/include/curl/system.h @@ -121,7 +121,7 @@ # define CURL_TYPEOF_CURL_SOCKLEN_T int #elif defined(__LCC__) -# if defined(__e2k__) /* MCST eLbrus C Compiler */ +# if defined(__MCST__) /* MCST eLbrus Compiler Collection */ # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" diff --git a/contrib/libs/curl/lib/altsvc.c b/contrib/libs/curl/lib/altsvc.c index 242733bfd7..45929a5df7 100644 --- a/contrib/libs/curl/lib/altsvc.c +++ b/contrib/libs/curl/lib/altsvc.c @@ -54,6 +54,8 @@ #define H3VERSION "h3-29" #elif defined(USE_NGTCP2) && !defined(UNITTESTS) #define H3VERSION "h3-29" +#elif defined(USE_MSH3) && !defined(UNITTESTS) +#define H3VERSION "h3-29" #else #define H3VERSION "h3" #endif @@ -264,7 +266,7 @@ struct altsvcinfo *Curl_altsvc_init(void) /* set default behavior */ asi->flags = CURLALTSVC_H1 -#ifdef USE_NGHTTP2 +#ifdef USE_HTTP2 | CURLALTSVC_H2 #endif #ifdef ENABLE_QUIC diff --git a/contrib/libs/curl/lib/asyn-ares.c b/contrib/libs/curl/lib/asyn-ares.c index 2cedaa671e..b4e612d5e2 100644 --- a/contrib/libs/curl/lib/asyn-ares.c +++ b/contrib/libs/curl/lib/asyn-ares.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -65,6 +65,7 @@ #include "connect.h" #include "select.h" #include "progress.h" +#include "timediff.h" # if defined(CURL_STATICLIB) && !defined(CARES_STATICLIB) && \ defined(WIN32) @@ -292,7 +293,7 @@ int Curl_resolver_getsock(struct Curl_easy *data, timeout = ares_timeout((ares_channel)data->state.async.resolver, &maxtime, &timebuf); - milli = (timeout->tv_sec * 1000) + (timeout->tv_usec/1000); + milli = (long)curlx_tvtoms(timeout); if(milli == 0) milli += 10; Curl_expire(data, milli, EXPIRE_ASYNC_NAME); diff --git a/contrib/libs/curl/lib/c-hyper.c b/contrib/libs/curl/lib/c-hyper.c index 00f9d7a51d..08722ff65d 100644 --- a/contrib/libs/curl/lib/c-hyper.c +++ b/contrib/libs/curl/lib/c-hyper.c @@ -293,10 +293,8 @@ static CURLcode status_line(struct Curl_easy *data, writetype |= CLIENTWRITE_BODY; result = Curl_client_write(data, writetype, Curl_dyn_ptr(&data->state.headerb), len); - if(result) { - data->state.hresult = CURLE_ABORTED_BY_CALLBACK; - return HYPER_ITER_BREAK; - } + if(result) + return result; } data->info.header_size += (long)len; data->req.headerbytecount += (long)len; @@ -416,7 +414,7 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, else if(h->endtask == task) { /* end of transfer */ *done = TRUE; - infof(data, "hyperstream is done!"); + infof(data, "hyperstream is done"); if(!k->bodywrites) { /* hyper doesn't always call the body write callback */ bool stilldone; @@ -806,7 +804,7 @@ static void http1xx_cb(void *arg, struct hyper_response *resp) } if(data->state.hresult) - infof(data, "ERROR in 1xx, bail out!"); + infof(data, "ERROR in 1xx, bail out"); } /* @@ -906,6 +904,8 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) hyper_clientconn_options_http2(options, 1); h2 = TRUE; } + hyper_clientconn_options_set_preserve_header_case(options, 1); + hyper_clientconn_options_set_preserve_header_order(options, 1); hyper_clientconn_options_exec(options, h->exec); diff --git a/contrib/libs/curl/lib/conncache.c b/contrib/libs/curl/lib/conncache.c index cd5756ae40..aa29620fa3 100644 --- a/contrib/libs/curl/lib/conncache.c +++ b/contrib/libs/curl/lib/conncache.c @@ -132,13 +132,11 @@ void Curl_conncache_destroy(struct conncache *connc) } /* creates a key to find a bundle for this connection */ -static void hashkey(struct connectdata *conn, char *buf, - size_t len, /* something like 128 is fine */ - const char **hostp) +static void hashkey(struct connectdata *conn, char *buf, size_t len) { const char *hostname; long port = conn->remote_port; - + DEBUGASSERT(len >= HASHKEY_SIZE); #ifndef CURL_DISABLE_PROXY if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) { hostname = conn->http_proxy.host.name; @@ -151,12 +149,12 @@ static void hashkey(struct connectdata *conn, char *buf, else hostname = conn->host.name; - if(hostp) - /* report back which name we used */ - *hostp = hostname; - - /* put the number first so that the hostname gets cut off if too long */ - msnprintf(buf, len, "%ld%s", port, hostname); + /* put the numbers first so that the hostname gets cut off if too long */ +#ifdef ENABLE_IPV6 + msnprintf(buf, len, "%u/%ld/%s", conn->scope_id, port, hostname); +#else + msnprintf(buf, len, "%ld/%s", port, hostname); +#endif Curl_strntolower(buf, buf, len); } @@ -179,14 +177,13 @@ size_t Curl_conncache_size(struct Curl_easy *data) struct connectbundle * Curl_conncache_find_bundle(struct Curl_easy *data, struct connectdata *conn, - struct conncache *connc, - const char **hostp) + struct conncache *connc) { struct connectbundle *bundle = NULL; CONNCACHE_LOCK(data); if(connc) { char key[HASHKEY_SIZE]; - hashkey(conn, key, sizeof(key), hostp); + hashkey(conn, key, sizeof(key)); bundle = Curl_hash_pick(&connc->hash, key, strlen(key)); } @@ -233,8 +230,7 @@ CURLcode Curl_conncache_add_conn(struct Curl_easy *data) DEBUGASSERT(conn); /* *find_bundle() locks the connection cache */ - bundle = Curl_conncache_find_bundle(data, conn, data->state.conn_cache, - NULL); + bundle = Curl_conncache_find_bundle(data, conn, data->state.conn_cache); if(!bundle) { char key[HASHKEY_SIZE]; @@ -243,7 +239,7 @@ CURLcode Curl_conncache_add_conn(struct Curl_easy *data) goto unlock; } - hashkey(conn, key, sizeof(key), NULL); + hashkey(conn, key, sizeof(key)); if(!conncache_add_bundle(data->state.conn_cache, key, bundle)) { bundle_destroy(bundle); @@ -531,6 +527,7 @@ void Curl_conncache_close_all_connections(struct conncache *connc) { struct connectdata *conn; char buffer[READBUFFER_MIN + 1]; + SIGPIPE_VARIABLE(pipe_st); if(!connc->closure_handle) return; connc->closure_handle->state.buffer = buffer; @@ -538,7 +535,6 @@ void Curl_conncache_close_all_connections(struct conncache *connc) conn = conncache_find_first_connection(connc); while(conn) { - SIGPIPE_VARIABLE(pipe_st); sigpipe_ignore(connc->closure_handle, &pipe_st); /* This will remove the connection from the cache */ connclose(conn, "kill all"); @@ -550,15 +546,12 @@ void Curl_conncache_close_all_connections(struct conncache *connc) } connc->closure_handle->state.buffer = NULL; - if(connc->closure_handle) { - SIGPIPE_VARIABLE(pipe_st); - sigpipe_ignore(connc->closure_handle, &pipe_st); + sigpipe_ignore(connc->closure_handle, &pipe_st); - Curl_hostcache_clean(connc->closure_handle, - connc->closure_handle->dns.hostcache); - Curl_close(&connc->closure_handle); - sigpipe_restore(&pipe_st); - } + Curl_hostcache_clean(connc->closure_handle, + connc->closure_handle->dns.hostcache); + Curl_close(&connc->closure_handle); + sigpipe_restore(&pipe_st); } #if 0 diff --git a/contrib/libs/curl/lib/conncache.h b/contrib/libs/curl/lib/conncache.h index e9c1e32f87..ef11dcfd29 100644 --- a/contrib/libs/curl/lib/conncache.h +++ b/contrib/libs/curl/lib/conncache.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2015 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2015 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2012 - 2014, Linus Nielsen Feltzing, <linus@haxx.se> * * This software is licensed as described in the file COPYING, which @@ -87,8 +87,7 @@ void Curl_conncache_destroy(struct conncache *connc); /* return the correct bundle, to a host or a proxy */ struct connectbundle *Curl_conncache_find_bundle(struct Curl_easy *data, struct connectdata *conn, - struct conncache *connc, - const char **hostp); + struct conncache *connc); /* returns number of connections currently held in the connection cache */ size_t Curl_conncache_size(struct Curl_easy *data); diff --git a/contrib/libs/curl/lib/connect.c b/contrib/libs/curl/lib/connect.c index 64f951118b..9bcf525ebb 100644 --- a/contrib/libs/curl/lib/connect.c +++ b/contrib/libs/curl/lib/connect.c @@ -74,6 +74,7 @@ #include "warnless.h" #include "conncache.h" #include "multihandle.h" +#include "share.h" #include "version_win32.h" #include "quic.h" #include "socks.h" @@ -137,6 +138,14 @@ tcpkeepalive(struct Curl_easy *data, (void *)&optval, sizeof(optval)) < 0) { infof(data, "Failed to set TCP_KEEPIDLE on fd %d", sockfd); } +#elif defined(TCP_KEEPALIVE) + /* Mac OS X style */ + optval = curlx_sltosi(data->set.tcp_keepidle); + KEEPALIVE_FACTOR(optval); + if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE, + (void *)&optval, sizeof(optval)) < 0) { + infof(data, "Failed to set TCP_KEEPALIVE on fd %d", sockfd); + } #endif #ifdef TCP_KEEPINTVL optval = curlx_sltosi(data->set.tcp_keepintvl); @@ -146,15 +155,6 @@ tcpkeepalive(struct Curl_easy *data, infof(data, "Failed to set TCP_KEEPINTVL on fd %d", sockfd); } #endif -#ifdef TCP_KEEPALIVE - /* Mac OS X style */ - optval = curlx_sltosi(data->set.tcp_keepidle); - KEEPALIVE_FACTOR(optval); - if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE, - (void *)&optval, sizeof(optval)) < 0) { - infof(data, "Failed to set TCP_KEEPALIVE on fd %d", sockfd); - } -#endif #endif } } @@ -623,6 +623,7 @@ void Curl_persistconninfo(struct Curl_easy *data, struct connectdata *conn, data->info.conn_scheme = conn->handler->scheme; data->info.conn_protocol = conn->handler->protocol; data->info.conn_primary_port = conn->port; + data->info.conn_remote_port = conn->remote_port; data->info.conn_local_port = local_port; } @@ -1487,7 +1488,11 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data, find.id_tofind = data->state.lastconnect_id; find.found = NULL; - Curl_conncache_foreach(data, data->multi_easy? + Curl_conncache_foreach(data, + data->share && (data->share->specifier + & (1<< CURL_LOCK_DATA_CONNECT))? + &data->share->conn_cache: + data->multi_easy? &data->multi_easy->conn_cache: &data->multi->conn_cache, &find, conn_is_conn); diff --git a/contrib/libs/curl/lib/cookie.c b/contrib/libs/curl/lib/cookie.c index d418efa33d..451881f578 100644 --- a/contrib/libs/curl/lib/cookie.c +++ b/contrib/libs/curl/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1188,12 +1188,15 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, fp = stdin; fromfile = FALSE; } - else if(file && !*file) { - /* points to a "" string */ + else if(!file || !*file) { + /* points to an empty string or NULL */ fp = NULL; } - else - fp = file?fopen(file, FOPEN_READTEXT):NULL; + else { + fp = fopen(file, FOPEN_READTEXT); + if(!fp) + infof(data, "WARNING: failed to open cookie file \"%s\"", file); + } c->newsession = newsession; /* new session? */ @@ -1227,7 +1230,7 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, */ remove_expired(c); - if(fromfile) + if(fromfile && fp) fclose(fp); } diff --git a/contrib/libs/curl/lib/curl_config-linux.h b/contrib/libs/curl/lib/curl_config-linux.h index 0ac2bc9a4d..097f22dcf3 100644 --- a/contrib/libs/curl/lib/curl_config-linux.h +++ b/contrib/libs/curl/lib/curl_config-linux.h @@ -447,6 +447,9 @@ /* Define to 1 if you have the MSG_NOSIGNAL flag. */ #define HAVE_MSG_NOSIGNAL 1 +/* Define to 1 if you have the <msh3.h> header file. */ +/* #undef HAVE_MSH3_H */ + /* Define to 1 if you have the <netdb.h> header file. */ #define HAVE_NETDB_H 1 @@ -946,6 +949,9 @@ /* GSASL support enabled */ /* #undef USE_GSASL */ +/* enable headers-api */ +/* #undef USE_HEADERS_API */ + /* if hyper is in use */ /* #undef USE_HYPER */ @@ -967,6 +973,9 @@ /* if mbedTLS is enabled */ /* #undef USE_MBEDTLS */ +/* if msh3 is in use */ +/* #undef USE_MSH3 */ + /* if nghttp2 is in use */ #define USE_NGHTTP2 1 diff --git a/contrib/libs/curl/lib/curl_gssapi.c b/contrib/libs/curl/lib/curl_gssapi.c index 70a607f3ab..50f78866d1 100644 --- a/contrib/libs/curl/lib/curl_gssapi.c +++ b/contrib/libs/curl/lib/curl_gssapi.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2011 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -60,7 +60,7 @@ OM_uint32 Curl_gss_init_sec_context( #ifdef GSS_C_DELEG_POLICY_FLAG req_flags |= GSS_C_DELEG_POLICY_FLAG; #else - infof(data, "warning: support for CURLGSSAPI_DELEGATION_POLICY_FLAG not " + infof(data, "WARNING: support for CURLGSSAPI_DELEGATION_POLICY_FLAG not " "compiled in"); #endif } diff --git a/contrib/libs/curl/lib/curl_multibyte.c b/contrib/libs/curl/lib/curl_multibyte.c index e9d2a8cb88..32c03a5b71 100644 --- a/contrib/libs/curl/lib/curl_multibyte.c +++ b/contrib/libs/curl/lib/curl_multibyte.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -104,7 +104,7 @@ int curlx_win32_open(const char *filename, int oflag, ...) #ifdef _UNICODE if(filename_w) { result = _wopen(filename_w, oflag, pmode); - free(filename_w); + curlx_unicodefree(filename_w); } else errno = EINVAL; @@ -124,8 +124,8 @@ FILE *curlx_win32_fopen(const char *filename, const char *mode) result = _wfopen(filename_w, mode_w); else errno = EINVAL; - free(filename_w); - free(mode_w); + curlx_unicodefree(filename_w); + curlx_unicodefree(mode_w); return result; #else return (fopen)(filename, mode); @@ -143,7 +143,7 @@ int curlx_win32_stat(const char *path, struct_stat *buffer) #else result = _wstati64(path_w, buffer); #endif - free(path_w); + curlx_unicodefree(path_w); } else errno = EINVAL; @@ -164,7 +164,7 @@ int curlx_win32_access(const char *path, int mode) wchar_t *path_w = curlx_convert_UTF8_to_wchar(path); if(path_w) { result = _waccess(path_w, mode); - free(path_w); + curlx_unicodefree(path_w); } else errno = EINVAL; diff --git a/contrib/libs/curl/lib/curl_sasl.c b/contrib/libs/curl/lib/curl_sasl.c index 7e28c92fd3..48d6625ba4 100644 --- a/contrib/libs/curl/lib/curl_sasl.c +++ b/contrib/libs/curl/lib/curl_sasl.c @@ -670,7 +670,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data, #endif case SASL_OAUTH2: - /* Create the authorisation message */ + /* Create the authorization message */ if(sasl->authused == SASL_MECH_OAUTHBEARER) { result = Curl_auth_create_oauth_bearer_message(conn->user, hostname, diff --git a/contrib/libs/curl/lib/curl_setup.h b/contrib/libs/curl/lib/curl_setup.h index 0086a3d696..09ba5e286e 100644 --- a/contrib/libs/curl/lib/curl_setup.h +++ b/contrib/libs/curl/lib/curl_setup.h @@ -794,7 +794,7 @@ int getpwuid_r(uid_t uid, struct passwd *pwd, char *buf, #define USE_HTTP2 #endif -#if defined(USE_NGTCP2) || defined(USE_QUICHE) +#if defined(USE_NGTCP2) || defined(USE_QUICHE) || defined(USE_MSH3) #define ENABLE_QUIC #endif diff --git a/contrib/libs/curl/lib/doh.c b/contrib/libs/curl/lib/doh.c index 292f5dc667..4aef8b266a 100644 --- a/contrib/libs/curl/lib/doh.c +++ b/contrib/libs/curl/lib/doh.c @@ -252,7 +252,7 @@ static CURLcode dohprobe(struct Curl_easy *data, ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDS, p->dohbuffer); ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDSIZE, (long)p->dohlen); ERROR_CHECK_SETOPT(CURLOPT_HTTPHEADER, headers); -#ifdef USE_NGHTTP2 +#ifdef USE_HTTP2 ERROR_CHECK_SETOPT(CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS); #endif #ifndef CURLDEBUG diff --git a/contrib/libs/curl/lib/easy.c b/contrib/libs/curl/lib/easy.c index 0e23561376..65d74646ae 100644 --- a/contrib/libs/curl/lib/easy.c +++ b/contrib/libs/curl/lib/easy.c @@ -1102,7 +1102,7 @@ static CURLcode easy_connection(struct Curl_easy *data, /* only allow these to be called on handles with CURLOPT_CONNECT_ONLY */ if(!data->set.connect_only) { - failf(data, "CONNECT_ONLY is required!"); + failf(data, "CONNECT_ONLY is required"); return CURLE_UNSUPPORTED_PROTOCOL; } diff --git a/contrib/libs/curl/lib/ftp.c b/contrib/libs/curl/lib/ftp.c index c6efaedd3d..128cdc2f2d 100644 --- a/contrib/libs/curl/lib/ftp.c +++ b/contrib/libs/curl/lib/ftp.c @@ -591,7 +591,7 @@ static CURLcode ftp_readresp(struct Curl_easy *data, * This response code can come at any point so having it treated * generically is a good idea. */ - infof(data, "We got a 421 - timeout!"); + infof(data, "We got a 421 - timeout"); state(data, FTP_STOP); return CURLE_OPERATION_TIMEDOUT; } @@ -1165,7 +1165,7 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, /* maybe all ports were in use already*/ if(port > port_max) { - failf(data, "bind() failed, we ran out of ports!"); + failf(data, "bind() failed, we ran out of ports"); Curl_closesocket(data, conn, portsock); return CURLE_FTP_PORT_FAILED; } @@ -2702,7 +2702,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, Curl_sec_request_prot(conn, data->set.str[STRING_KRB_LEVEL]); if(Curl_sec_login(data, conn)) - infof(data, "Logging in with password in cleartext!"); + infof(data, "Logging in with password in cleartext"); else infof(data, "Authentication successful"); } @@ -3381,7 +3381,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, (ftp->transfer == PPTRANSFER_BODY)) { failf(data, "Uploaded unaligned file size (%" CURL_FORMAT_CURL_OFF_T " out of %" CURL_FORMAT_CURL_OFF_T " bytes)", - data->req.bytecount, data->state.infilesize); + data->req.writebytecount, data->state.infilesize); result = CURLE_PARTIAL_FILE; } } @@ -3404,7 +3404,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, else if(!ftpc->dont_check && !data->req.bytecount && (data->req.size>0)) { - failf(data, "No data was received!"); + failf(data, "No data was received"); result = CURLE_FTP_COULDNT_RETR_FILE; } } @@ -4235,7 +4235,7 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data) if(data->set.upload && !ftpc->file && (ftp->transfer == PPTRANSFER_BODY)) { /* We need a file name when uploading. Return error! */ - failf(data, "Uploading to a URL without a file name!"); + failf(data, "Uploading to a URL without a file name"); free(rawPath); return CURLE_URL_MALFORMAT; } diff --git a/contrib/libs/curl/lib/h2h3.c b/contrib/libs/curl/lib/h2h3.c index cf8d156945..c0ed58d37a 100644 --- a/contrib/libs/curl/lib/h2h3.c +++ b/contrib/libs/curl/lib/h2h3.c @@ -114,7 +114,7 @@ static header_instruction inspect_header(const char *name, size_t namelen, } CURLcode Curl_pseudo_headers(struct Curl_easy *data, - const char *mem, /* the requeset */ + const char *mem, /* the request */ const size_t len /* size of request */, struct h2h3req **hp) { diff --git a/contrib/libs/curl/lib/headers.c b/contrib/libs/curl/lib/headers.c new file mode 100644 index 0000000000..226c696be6 --- /dev/null +++ b/contrib/libs/curl/lib/headers.c @@ -0,0 +1,324 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "curl_setup.h" + +#include "urldata.h" +#include "strdup.h" +#include "strcase.h" +#include "headers.h" + +/* The last 3 #include files should be in this order */ +#include "curl_printf.h" +#include "curl_memory.h" +#include "memdebug.h" + +#if !defined(CURL_DISABLE_HTTP) && defined(USE_HEADERS_API) + +/* Generate the curl_header struct for the user. This function MUST assign all + struct fields in the output struct. */ +static void copy_header_external(struct Curl_easy *data, + struct Curl_header_store *hs, + size_t index, + size_t amount, + struct Curl_llist_element *e, + struct curl_header **hout) +{ + struct curl_header *h = *hout = &data->state.headerout; + h->name = hs->name; + h->value = hs->value; + h->amount = amount; + h->index = index; + /* this will randomly OR a reserved bit for the sole purpose of making it + impossible for applications to do == comparisons, as that would otherwise + be very tempting and then lead to the reserved bits not being reserved + anymore. */ + h->origin = hs->type | (1<<27); + h->anchor = e; +} + +/* public API */ +CURLHcode curl_easy_header(CURL *easy, + const char *name, + size_t nameindex, + unsigned int type, + int request, + struct curl_header **hout) +{ + struct Curl_llist_element *e; + struct Curl_llist_element *e_pick = NULL; + struct Curl_easy *data = easy; + size_t match = 0; + size_t amount = 0; + struct Curl_header_store *hs = NULL; + struct Curl_header_store *pick = NULL; + if(!name || !hout || !data || + (type > (CURLH_HEADER|CURLH_TRAILER|CURLH_CONNECT|CURLH_1XX)) || + !type || (request < -1)) + return CURLHE_BAD_ARGUMENT; + if(!Curl_llist_count(&data->state.httphdrs)) + return CURLHE_NOHEADERS; /* no headers available */ + if(request > data->state.requests) + return CURLHE_NOREQUEST; + if(request == -1) + request = data->state.requests; + + /* we need a first round to count amount of this header */ + for(e = data->state.httphdrs.head; e; e = e->next) { + hs = e->ptr; + if(strcasecompare(hs->name, name) && + (hs->type & type) && + (hs->request == request)) { + amount++; + pick = hs; + e_pick = e; + } + } + if(!amount) + return CURLHE_MISSING; + else if(nameindex >= amount) + return CURLHE_BADINDEX; + + if(nameindex == amount - 1) + /* if the last or only occurrence is what's asked for, then we know it */ + hs = pick; + else { + for(e = data->state.httphdrs.head; e; e = e->next) { + hs = e->ptr; + if(strcasecompare(hs->name, name) && + (hs->type & type) && + (hs->request == request) && + (match++ == nameindex)) { + e_pick = e; + break; + } + } + if(!e) /* this shouldn't happen */ + return CURLHE_MISSING; + } + /* this is the name we want */ + copy_header_external(data, hs, nameindex, amount, e_pick, hout); + return CURLHE_OK; +} + +/* public API */ +struct curl_header *curl_easy_nextheader(CURL *easy, + unsigned int type, + int request, + struct curl_header *prev) +{ + struct Curl_easy *data = easy; + struct Curl_llist_element *pick; + struct Curl_llist_element *e; + struct Curl_header_store *hs; + struct curl_header *hout; + size_t amount = 0; + size_t index = 0; + + if(request > data->state.requests) + return NULL; + if(request == -1) + request = data->state.requests; + + if(prev) { + pick = prev->anchor; + if(!pick) + /* something is wrong */ + return NULL; + pick = pick->next; + } + else + pick = data->state.httphdrs.head; + + if(pick) { + /* make sure it is the next header of the desired type */ + do { + hs = pick->ptr; + if((hs->type & type) && (hs->request == request)) + break; + pick = pick->next; + } while(pick); + } + + if(!pick) + /* no more headers available */ + return NULL; + + hs = pick->ptr; + + /* count number of occurrences of this name within the mask and figure out + the index for the currently selected entry */ + for(e = data->state.httphdrs.head; e; e = e->next) { + struct Curl_header_store *check = e->ptr; + if(strcasecompare(hs->name, check->name) && + (check->request == request) && + (check->type & type)) + amount++; + if(e == pick) + index = amount - 1; + } + + copy_header_external(data, hs, index, amount, pick, &hout); + return hout; +} + +static CURLcode namevalue(char *header, size_t hlen, unsigned int type, + char **name, char **value) +{ + char *end = header + hlen - 1; /* point to the last byte */ + DEBUGASSERT(hlen); + *name = header; + + if(type == CURLH_PSEUDO) { + if(*header != ':') + return CURLE_BAD_FUNCTION_ARGUMENT; + header++; + } + + /* Find the end of the header name */ + while(*header && (*header != ':')) + ++header; + + if(*header) + /* Skip over colon, null it */ + *header++ = 0; + else + return CURLE_BAD_FUNCTION_ARGUMENT; + + /* skip all leading space letters */ + while(*header && ISSPACE(*header)) + header++; + + *value = header; + + /* skip all trailing space letters */ + while((end > header) && ISSPACE(*end)) + *end-- = 0; /* nul terminate */ + return CURLE_OK; +} + +/* + * Curl_headers_push() gets passed a full HTTP header to store. It gets called + * immediately before the header callback. The header is CRLF terminated. + */ +CURLcode Curl_headers_push(struct Curl_easy *data, const char *header, + unsigned char type) +{ + char *value = NULL; + char *name = NULL; + char *end; + size_t hlen; /* length of the incoming header */ + struct Curl_header_store *hs; + CURLcode result = CURLE_OUT_OF_MEMORY; + + if((header[0] == '\r') || (header[0] == '\n')) + /* ignore the body separator */ + return CURLE_OK; + + end = strchr(header, '\r'); + if(!end) { + end = strchr(header, '\n'); + if(!end) + return CURLE_BAD_FUNCTION_ARGUMENT; + } + hlen = end - header + 1; + + hs = calloc(1, sizeof(*hs) + hlen); + if(!hs) + return CURLE_OUT_OF_MEMORY; + memcpy(hs->buffer, header, hlen); + hs->buffer[hlen] = 0; /* nul terminate */ + + result = namevalue(hs->buffer, hlen, type, &name, &value); + if(result) + goto fail; + + hs->name = name; + hs->value = value; + hs->type = type; + hs->request = data->state.requests; + + /* insert this node into the list of headers */ + Curl_llist_insert_next(&data->state.httphdrs, data->state.httphdrs.tail, + hs, &hs->node); + + return CURLE_OK; + fail: + free(hs); + return result; +} + +/* + * Curl_headers_init(). Init the headers subsystem. + */ +static void headers_init(struct Curl_easy *data) +{ + Curl_llist_init(&data->state.httphdrs, NULL); +} + +/* + * Curl_headers_cleanup(). Free all stored headers and associated memory. + */ +CURLcode Curl_headers_cleanup(struct Curl_easy *data) +{ + struct Curl_llist_element *e; + struct Curl_llist_element *n; + + for(e = data->state.httphdrs.head; e; e = n) { + struct Curl_header_store *hs = e->ptr; + n = e->next; + free(hs); + } + headers_init(data); + return CURLE_OK; +} + +#else /* HTTP-disabled builds below */ + +CURLHcode curl_easy_header(CURL *easy, + const char *name, + size_t index, + unsigned int origin, + int request, + struct curl_header **hout) +{ + (void)easy; + (void)name; + (void)index; + (void)origin; + (void)request; + (void)hout; + return CURLHE_NOT_BUILT_IN; +} + +struct curl_header *curl_easy_nextheader(CURL *easy, + unsigned int type, + int request, + struct curl_header *prev) +{ + (void)easy; + (void)type; + (void)request; + (void)prev; + return NULL; +} +#endif diff --git a/contrib/libs/curl/lib/headers.h b/contrib/libs/curl/lib/headers.h new file mode 100644 index 0000000000..48c013b04d --- /dev/null +++ b/contrib/libs/curl/lib/headers.h @@ -0,0 +1,53 @@ +#ifndef HEADER_CURL_HEADER_H +#define HEADER_CURL_HEADER_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +#include "curl_setup.h" + +#if !defined(CURL_DISABLE_HTTP) && defined(USE_HEADERS_API) + +struct Curl_header_store { + struct Curl_llist_element node; + char *name; /* points into 'buffer' */ + char *value; /* points into 'buffer */ + int request; /* 0 is the first request, then 1.. 2.. */ + unsigned char type; /* CURLH_* defines */ + char buffer[1]; /* this is the raw header blob */ +}; + +/* + * Curl_headers_push() gets passed a full header to store. + */ +CURLcode Curl_headers_push(struct Curl_easy *data, const char *header, + unsigned char type); + +/* + * Curl_headers_cleanup(). Free all stored headers and associated memory. + */ +CURLcode Curl_headers_cleanup(struct Curl_easy *data); + +#else +#define Curl_headers_push(x,y,z) CURLE_OK +#define Curl_headers_cleanup(x) Curl_nop_stmt +#endif + +#endif /* HEADER_CURL_HEADER_H */ diff --git a/contrib/libs/curl/lib/hmac.c b/contrib/libs/curl/lib/hmac.c index 590abe6d2e..85b175d45f 100644 --- a/contrib/libs/curl/lib/hmac.c +++ b/contrib/libs/curl/lib/hmac.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -39,8 +39,8 @@ * Generic HMAC algorithm. * * This module computes HMAC digests based on any hash function. Parameters - * and computing procedures are set-up dynamically at HMAC computation - * context initialisation. + * and computing procedures are set-up dynamically at HMAC computation context + * initialization. */ static const unsigned char hmac_ipad = 0x36; diff --git a/contrib/libs/curl/lib/hostip.c b/contrib/libs/curl/lib/hostip.c index 8536ec9cd3..d37eff17d9 100644 --- a/contrib/libs/curl/lib/hostip.c +++ b/contrib/libs/curl/lib/hostip.c @@ -945,7 +945,7 @@ clean_up: less than 1! */ alarm(1); rc = CURLRESOLV_TIMEDOUT; - failf(data, "Previous alarm fired off!"); + failf(data, "Previous alarm fired off"); } else alarm((unsigned int)alarm_set); @@ -1131,7 +1131,7 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data) ai = Curl_str2addr(address, port); if(!ai) { - infof(data, "Resolve address '%s' found illegal!", address); + infof(data, "Resolve address '%s' found illegal", address); goto err; } @@ -1150,7 +1150,7 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data) error = false; err: if(error) { - failf(data, "Couldn't parse CURLOPT_RESOLVE entry '%s'!", + failf(data, "Couldn't parse CURLOPT_RESOLVE entry '%s'", hostp->data); Curl_freeaddrinfo(head); return CURLE_SETOPT_OPTION_SYNTAX; @@ -1167,8 +1167,8 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data) dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1); if(dns) { - infof(data, "RESOLVE %s:%d is - old addresses discarded!", - hostname, port); + infof(data, "RESOLVE %s:%d is - old addresses discarded", + hostname, port); /* delete old entry, there are two reasons for this 1. old entry may have different addresses. 2. even if entry with correct addresses is already in the cache, diff --git a/contrib/libs/curl/lib/http.c b/contrib/libs/curl/lib/http.c index 97ab1cbd4d..7cf30bdebd 100644 --- a/contrib/libs/curl/lib/http.c +++ b/contrib/libs/curl/lib/http.c @@ -775,6 +775,21 @@ output_auth_headers(struct Curl_easy *data, return CURLE_OK; } +/* + * Curl_allow_auth_to_host() tells if authentication, cookies or other + * "sensitive data" can (still) be sent to this host. + */ +bool Curl_allow_auth_to_host(struct Curl_easy *data) +{ + struct connectdata *conn = data->conn; + return (!data->state.this_is_a_follow || + data->set.allow_auth_to_other_hosts || + (data->state.first_host && + strcasecompare(data->state.first_host, conn->host.name) && + (data->state.first_remote_port == conn->remote_port) && + (data->state.first_remote_protocol == conn->handler->protocol))); +} + /** * Curl_http_output_auth() setups the authentication headers for the * host/proxy and the correct authentication @@ -847,17 +862,14 @@ Curl_http_output_auth(struct Curl_easy *data, with it */ authproxy->done = TRUE; - /* To prevent the user+password to get sent to other than the original - host due to a location-follow, we do some weirdo checks here */ - if(!data->state.this_is_a_follow || + /* To prevent the user+password to get sent to other than the original host + due to a location-follow */ + if(Curl_allow_auth_to_host(data) #ifndef CURL_DISABLE_NETRC - conn->bits.netrc || + || conn->bits.netrc #endif - !data->state.first_host || - data->set.allow_auth_to_other_hosts || - strcasecompare(data->state.first_host, conn->host.name)) { + ) result = output_auth_headers(data, conn, authhost, request, path, FALSE); - } else authhost->done = TRUE; @@ -1767,7 +1779,7 @@ CURLcode Curl_http_compile_trailers(struct curl_slist *trailers, return result; } else - infof(handle, "Malformatted trailing header ! Skipping trailer."); + infof(handle, "Malformatted trailing header, skipping trailer"); trailers = trailers->next; } result = Curl_dyn_add(b, endofline_network); @@ -1905,10 +1917,7 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data, checkprefix("Cookie:", compare)) && /* be careful of sending this potentially sensitive header to other hosts */ - (data->state.this_is_a_follow && - data->state.first_host && - !data->set.allow_auth_to_other_hosts && - !strcasecompare(data->state.first_host, conn->host.name))) + !Curl_allow_auth_to_host(data)) ; else { #ifdef USE_HYPER @@ -2084,6 +2093,7 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn) return CURLE_OUT_OF_MEMORY; data->state.first_remote_port = conn->remote_port; + data->state.first_remote_protocol = conn->handler->protocol; } Curl_safefree(data->state.aptr.host); @@ -2927,7 +2937,7 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data, /* The resume point is at the end of file, consider this fine even if it doesn't allow resume from here. */ infof(data, "The entire document is already downloaded"); - connclose(conn, "already downloaded"); + streamclose(conn, "already downloaded"); /* Abort download */ k->keepon &= ~KEEP_RECV; *done = TRUE; @@ -2952,10 +2962,10 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data, /* We're simulating a http 304 from server so we return what should have been returned from the server */ data->info.httpcode = 304; - infof(data, "Simulate a HTTP 304 response!"); + infof(data, "Simulate a HTTP 304 response"); /* we abort the transfer before it is completed == we ruin the re-use ability. Close the connection */ - connclose(conn, "Simulated 304 handling"); + streamclose(conn, "Simulated 304 handling"); return CURLE_OK; } } /* we have a time condition */ @@ -3385,7 +3395,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, return CURLE_FILESIZE_EXCEEDED; } streamclose(conn, "overflow content-length"); - infof(data, "Overflow Content-Length: value!"); + infof(data, "Overflow Content-Length: value"); } else { /* negative or just rubbish - bad HTTP */ @@ -3419,7 +3429,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, * Default action for 1.0 is to close. */ connkeep(conn, "Proxy-Connection keep-alive"); /* don't close */ - infof(data, "HTTP/1.0 proxy connection set to keep alive!"); + infof(data, "HTTP/1.0 proxy connection set to keep alive"); } else if((conn->httpversion == 11) && conn->bits.httpproxy && @@ -3431,7 +3441,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, * close down after this transfer. */ connclose(conn, "Proxy-Connection: asked to close after done"); - infof(data, "HTTP/1.1 proxy connection set close!"); + infof(data, "HTTP/1.1 proxy connection set close"); } #endif else if((conn->httpversion == 10) && @@ -3445,7 +3455,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, * * [RFC2068, section 19.7.1] */ connkeep(conn, "Connection keep-alive"); - infof(data, "HTTP/1.0 connection set to keep alive!"); + infof(data, "HTTP/1.0 connection set to keep alive"); } else if(Curl_compareheader(headp, STRCONST("Connection:"), STRCONST("close"))) { @@ -3775,6 +3785,29 @@ CURLcode Curl_http_size(struct Curl_easy *data) return CURLE_OK; } +static CURLcode verify_header(struct Curl_easy *data) +{ + struct SingleRequest *k = &data->req; + const char *header = Curl_dyn_ptr(&data->state.headerb); + size_t hlen = Curl_dyn_len(&data->state.headerb); + char *ptr = memchr(header, 0x00, hlen); + if(ptr) { + /* this is bad, bail out */ + failf(data, "Nul byte in header"); + return CURLE_WEIRD_SERVER_REPLY; + } + if(k->headerline < 2) + /* the first "header" is the status-line and it has no colon */ + return CURLE_OK; + ptr = memchr(header, ':', hlen); + if(!ptr) { + /* this is bad, bail out */ + failf(data, "Header without colon"); + return CURLE_WEIRD_SERVER_REPLY; + } + return CURLE_OK; +} + /* * Read any HTTP header lines from the server and pass them to the client app. */ @@ -3997,9 +4030,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, /* now, only output this if the header AND body are requested: */ - writetype = CLIENTWRITE_HEADER; - if(data->set.include_header) - writetype |= CLIENTWRITE_BODY; + writetype = CLIENTWRITE_HEADER | + (data->set.include_header ? CLIENTWRITE_BODY : 0) | + ((k->httpcode/100 == 1) ? CLIENTWRITE_1XX : 0); headerlen = Curl_dyn_len(&data->state.headerb); result = Curl_client_write(data, writetype, @@ -4096,7 +4129,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, if(conn->bits.rewindaftersend) { /* We rewind after a complete send, so thus we continue sending now */ - infof(data, "Keep sending data to get tossed away!"); + infof(data, "Keep sending data to get tossed away"); k->keepon |= KEEP_SEND; } } @@ -4152,6 +4185,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, * Checks for special headers coming up. */ + writetype = CLIENTWRITE_HEADER; if(!k->headerline++) { /* This is the first header, it MUST be the error code line or else we consider this to be the body right away! */ @@ -4204,10 +4238,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, switch(httpversion) { case 10: case 11: -#if defined(USE_NGHTTP2) || defined(USE_HYPER) +#ifdef USE_HTTP2 case 20: #endif -#if defined(ENABLE_QUIC) +#ifdef ENABLE_QUIC case 30: #endif conn->httpversion = (unsigned char)httpversion; @@ -4276,6 +4310,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, result = Curl_http_statusline(data, conn); if(result) return result; + writetype |= CLIENTWRITE_STATUS; } else { k->header = FALSE; /* this is not a header line */ @@ -4283,6 +4318,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, } } + result = verify_header(data); + if(result) + return result; + result = Curl_http_header(data, conn, headp); if(result) return result; @@ -4290,10 +4329,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, /* * End of header-checks. Write them to the client. */ - - writetype = CLIENTWRITE_HEADER; if(data->set.include_header) writetype |= CLIENTWRITE_BODY; + if(k->httpcode/100 == 1) + writetype |= CLIENTWRITE_1XX; Curl_debug(data, CURLINFO_HEADER_IN, headp, Curl_dyn_len(&data->state.headerb)); diff --git a/contrib/libs/curl/lib/http.h b/contrib/libs/curl/lib/http.h index 07e963dc48..c4ab3c22de 100644 --- a/contrib/libs/curl/lib/http.h +++ b/contrib/libs/curl/lib/http.h @@ -38,6 +38,10 @@ typedef enum { #include <nghttp2/nghttp2.h> #endif +#if defined(_WIN32) && defined(ENABLE_QUIC) +#include <stdint.h> +#endif + extern const struct Curl_handler Curl_handler_http; #ifdef USE_SSL @@ -163,6 +167,29 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data); struct h3out; /* see ngtcp2 */ #endif +#ifdef USE_MSH3 +#ifdef _WIN32 +#define msh3_lock CRITICAL_SECTION +#define msh3_lock_initialize(lock) InitializeCriticalSection(lock) +#define msh3_lock_uninitialize(lock) DeleteCriticalSection(lock) +#define msh3_lock_acquire(lock) EnterCriticalSection(lock) +#define msh3_lock_release(lock) LeaveCriticalSection(lock) +#else /* !_WIN32 */ +#include <pthread.h> +#define msh3_lock pthread_mutex_t +#define msh3_lock_initialize(lock) { \ + pthread_mutexattr_t attr; \ + pthread_mutexattr_init(&attr); \ + pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE); \ + pthread_mutex_init(lock, &attr); \ + pthread_mutexattr_destroy(&attr); \ +} +#define msh3_lock_uninitialize(lock) pthread_mutex_destroy(lock) +#define msh3_lock_acquire(lock) pthread_mutex_lock(lock) +#define msh3_lock_release(lock) pthread_mutex_unlock(lock) +#endif /* _WIN32 */ +#endif /* USE_MSH3 */ + /**************************************************************************** * HTTP unique setup ***************************************************************************/ @@ -228,11 +255,13 @@ struct HTTP { #endif #ifdef ENABLE_QUIC +#ifndef USE_MSH3 /*********** for HTTP/3 we store stream-local data here *************/ int64_t stream3_id; /* stream we are interested in */ bool firstheader; /* FALSE until headers arrive */ bool firstbody; /* FALSE until body arrives */ bool h3req; /* FALSE until request is issued */ +#endif bool upload_done; #endif #ifdef USE_NGHTTP3 @@ -240,6 +269,21 @@ struct HTTP { struct h3out *h3out; /* per-stream buffers for upload */ struct dynbuf overflow; /* excess data received during a single Curl_read */ #endif +#ifdef USE_MSH3 + struct MSH3_REQUEST *req; + msh3_lock recv_lock; + /* Receive Buffer (Headers and Data) */ + uint8_t* recv_buf; + size_t recv_buf_alloc; + /* Receive Headers */ + size_t recv_header_len; + bool recv_header_complete; + /* Receive Data */ + size_t recv_data_len; + bool recv_data_complete; + /* General Receive Error */ + CURLcode recv_error; +#endif }; #ifdef USE_NGHTTP2 @@ -320,4 +364,10 @@ Curl_http_output_auth(struct Curl_easy *data, bool proxytunnel); /* TRUE if this is the request setting up the proxy tunnel */ +/* + * Curl_allow_auth_to_host() tells if authentication, cookies or other + * "sensitive data" can (still) be sent to this host. + */ +bool Curl_allow_auth_to_host(struct Curl_easy *data); + #endif /* HEADER_CURL_HTTP_H */ diff --git a/contrib/libs/curl/lib/http2.c b/contrib/libs/curl/lib/http2.c index 1254365847..0120b86311 100644 --- a/contrib/libs/curl/lib/http2.c +++ b/contrib/libs/curl/lib/http2.c @@ -39,6 +39,7 @@ #include "transfer.h" #include "dynbuf.h" #include "h2h3.h" +#include "headers.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" @@ -561,7 +562,7 @@ static int push_promise(struct Curl_easy *data, const nghttp2_push_promise *frame) { int rv; /* one of the CURL_PUSH_* defines */ - H2BUGF(infof(data, "PUSH_PROMISE received, stream %u!", + H2BUGF(infof(data, "PUSH_PROMISE received, stream %u", frame->promised_stream_id)); if(data->multi->push_cb) { struct HTTP *stream; @@ -581,11 +582,11 @@ static int push_promise(struct Curl_easy *data, heads.data = data; heads.frame = frame; /* ask the application */ - H2BUGF(infof(data, "Got PUSH_PROMISE, ask application!")); + H2BUGF(infof(data, "Got PUSH_PROMISE, ask application")); stream = data->req.p.http; if(!stream) { - failf(data, "Internal NULL stream!"); + failf(data, "Internal NULL stream"); (void)Curl_close(&newhandle); rv = CURL_PUSH_DENY; goto fail; @@ -652,7 +653,7 @@ static int push_promise(struct Curl_easy *data, Curl_dyn_init(&newstream->trailer_recvbuf, DYN_H2_TRAILERS); } else { - H2BUGF(infof(data, "Got PUSH_PROMISE, ignore it!")); + H2BUGF(infof(data, "Got PUSH_PROMISE, ignore it")); rv = CURL_PUSH_DENY; } fail: @@ -801,7 +802,7 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame, } break; default: - H2BUGF(infof(data_s, "Got frame type %x for stream %u!", + H2BUGF(infof(data_s, "Got frame type %x for stream %u", frame->hd.type, stream_id)); break; } @@ -824,10 +825,14 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags, /* get the stream from the hash based on Stream ID */ data_s = nghttp2_session_get_stream_user_data(session, stream_id); - if(!data_s) - /* Receiving a Stream ID not in the hash should not happen, this is an - internal error more than anything else! */ - return NGHTTP2_ERR_CALLBACK_FAILURE; + if(!data_s) { + /* Receiving a Stream ID not in the hash should not happen - unless + we have aborted a transfer artificially and there were more data + in the pipeline. Silently ignore. */ + H2BUGF(fprintf(stderr, "Data for stream %u but it doesn't exist\n", + stream_id)); + return 0; + } stream = data_s->req.p.http; if(!stream) @@ -908,15 +913,15 @@ static int on_stream_close(nghttp2_session *session, int32_t stream_id, /* remove the entry from the hash as the stream is now gone */ rv = nghttp2_session_set_stream_user_data(session, stream_id, 0); if(rv) { - infof(data_s, "http/2: failed to clear user_data for stream %d!", + infof(data_s, "http/2: failed to clear user_data for stream %d", stream_id); DEBUGASSERT(0); } if(stream_id == httpc->pause_stream_id) { - H2BUGF(infof(data_s, "Stopped the pause stream!")); + H2BUGF(infof(data_s, "Stopped the pause stream")); httpc->pause_stream_id = 0; } - H2BUGF(infof(data_s, "Removed stream %u hash!", stream_id)); + H2BUGF(infof(data_s, "Removed stream %u hash", stream_id)); stream->stream_id = 0; /* cleared */ } return 0; @@ -1001,7 +1006,7 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, stream = data_s->req.p.http; if(!stream) { - failf(data_s, "Internal NULL stream!"); + failf(data_s, "Internal NULL stream"); return NGHTTP2_ERR_CALLBACK_FAILURE; } @@ -1078,9 +1083,14 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, /* nghttp2 guarantees :status is received first and only once, and value is 3 digits status code, and decode_status_code always succeeds. */ + char buffer[32]; stream->status_code = decode_status_code(value, valuelen); DEBUGASSERT(stream->status_code != -1); - + msnprintf(buffer, sizeof(buffer), H2H3_PSEUDO_STATUS ":%u\r", + stream->status_code); + result = Curl_headers_push(data_s, buffer, CURLH_PSEUDO); + if(result) + return NGHTTP2_ERR_CALLBACK_FAILURE; result = Curl_dyn_addn(&stream->header_recvbuf, STRCONST("HTTP/2 ")); if(result) return NGHTTP2_ERR_CALLBACK_FAILURE; @@ -1228,17 +1238,18 @@ void Curl_http2_done(struct Curl_easy *data, bool premature) !httpc->h2) /* not HTTP/2 ? */ return; - if(premature) { + /* do this before the reset handling, as that might clear ->stream_id */ + if(http->stream_id == httpc->pause_stream_id) { + H2BUGF(infof(data, "DONE the pause stream (%x)", http->stream_id)); + httpc->pause_stream_id = 0; + } + if(premature || (!http->closed && http->stream_id)) { /* RST_STREAM */ set_transfer(httpc, data); /* set the transfer */ + H2BUGF(infof(data, "RST stream %x", http->stream_id)); if(!nghttp2_submit_rst_stream(httpc->h2, NGHTTP2_FLAG_NONE, http->stream_id, NGHTTP2_STREAM_CLOSED)) (void)nghttp2_session_send(httpc->h2); - - if(http->stream_id == httpc->pause_stream_id) { - H2BUGF(infof(data, "stopped the pause stream!")); - httpc->pause_stream_id = 0; - } } if(data->state.drain) @@ -1249,7 +1260,7 @@ void Curl_http2_done(struct Curl_easy *data, bool premature) int rv = nghttp2_session_set_stream_user_data(httpc->h2, http->stream_id, 0); if(rv) { - infof(data, "http/2: failed to clear user_data for stream %d!", + infof(data, "http/2: failed to clear user_data for stream %d", http->stream_id); DEBUGASSERT(0); } @@ -1274,7 +1285,7 @@ static CURLcode http2_init(struct Curl_easy *data, struct connectdata *conn) rc = nghttp2_session_callbacks_new(&callbacks); if(rc) { - failf(data, "Couldn't initialize nghttp2 callbacks!"); + failf(data, "Couldn't initialize nghttp2 callbacks"); return CURLE_OUT_OF_MEMORY; /* most likely at least */ } @@ -1303,7 +1314,7 @@ static CURLcode http2_init(struct Curl_easy *data, struct connectdata *conn) nghttp2_session_callbacks_del(callbacks); if(rc) { - failf(data, "Couldn't initialize nghttp2!"); + failf(data, "Couldn't initialize nghttp2"); return CURLE_OUT_OF_MEMORY; /* most likely at least */ } } @@ -1508,7 +1519,7 @@ static ssize_t http2_handle_stream_close(struct connectdata *conn, /* Reset to FALSE to prevent infinite loop in readwrite_data function. */ stream->closed = FALSE; if(stream->error == NGHTTP2_REFUSED_STREAM) { - H2BUGF(infof(data, "REFUSED_STREAM (%d), try again on a new connection!", + H2BUGF(infof(data, "REFUSED_STREAM (%d), try again on a new connection", stream->stream_id)); connclose(conn, "REFUSED_STREAM"); /* don't use this anymore */ data->state.refused_stream = TRUE; @@ -1667,7 +1678,7 @@ static ssize_t http2_recv(struct Curl_easy *data, int sockindex, )); if((data->state.drain) && stream->memlen) { - H2BUGF(infof(data, "http2_recv: DRAIN %zu bytes stream %u!! (%p => %p)", + H2BUGF(infof(data, "http2_recv: DRAIN %zu bytes stream %u (%p => %p)", stream->memlen, stream->stream_id, stream->mem, mem)); if(mem != stream->mem) { @@ -2083,7 +2094,7 @@ CURLcode Curl_http2_switched(struct Curl_easy *data, stream->stream_id, data); if(rv) { - infof(data, "http/2: failed to set user_data for stream %d!", + infof(data, "http/2: failed to set user_data for stream %d", stream->stream_id); DEBUGASSERT(0); } diff --git a/contrib/libs/curl/lib/http_chunks.c b/contrib/libs/curl/lib/http_chunks.c index 7edfd64724..6bafcd9777 100644 --- a/contrib/libs/curl/lib/http_chunks.c +++ b/contrib/libs/curl/lib/http_chunks.c @@ -221,7 +221,9 @@ CHUNKcode Curl_httpchunk_read(struct Curl_easy *data, tr = Curl_dyn_ptr(&conn->trailer); trlen = Curl_dyn_len(&conn->trailer); if(!data->set.http_te_skip) { - result = Curl_client_write(data, CLIENTWRITE_HEADER, tr, trlen); + result = Curl_client_write(data, + CLIENTWRITE_HEADER|CLIENTWRITE_TRAILER, + tr, trlen); if(result) { *extrap = result; return CHUNKE_PASSTHRU_ERROR; diff --git a/contrib/libs/curl/lib/http_proxy.c b/contrib/libs/curl/lib/http_proxy.c index e02211ca21..98473c68fb 100644 --- a/contrib/libs/curl/lib/http_proxy.c +++ b/contrib/libs/curl/lib/http_proxy.c @@ -172,7 +172,7 @@ static CURLcode connect_init(struct Curl_easy *data, bool reinit) s = calloc(1, sizeof(struct http_connect_state)); if(!s) return CURLE_OUT_OF_MEMORY; - infof(data, "allocate connect buffer!"); + infof(data, "allocate connect buffer"); conn->connect_state = s; Curl_dyn_init(&s->rcvbuf, DYN_PROXY_CONNECT_HEADERS); @@ -220,7 +220,7 @@ void Curl_connect_done(struct Curl_easy *data) #ifdef USE_HYPER data->state.hconnect = FALSE; #endif - infof(data, "CONNECT phase completed!"); + infof(data, "CONNECT phase completed"); } } @@ -345,6 +345,7 @@ static CURLcode CONNECT(struct Curl_easy *data, /* Send the connect request to the proxy */ result = Curl_buffer_send(req, data, &data->info.request_size, 0, sockindex); + s->headerlines = 0; } if(result) failf(data, "Failed sending CONNECT to proxy"); @@ -472,7 +473,7 @@ static CURLcode CONNECT(struct Curl_easy *data, } if(Curl_dyn_addn(&s->rcvbuf, &byte, 1)) { - failf(data, "CONNECT response too large!"); + failf(data, "CONNECT response too large"); return CURLE_RECV_ERROR; } @@ -480,6 +481,7 @@ static CURLcode CONNECT(struct Curl_easy *data, if(byte != 0x0a) continue; + s->headerlines++; linep = Curl_dyn_ptr(&s->rcvbuf); perline = Curl_dyn_len(&s->rcvbuf); /* amount of bytes in this line */ @@ -488,9 +490,9 @@ static CURLcode CONNECT(struct Curl_easy *data, if(!data->set.suppress_connect_headers) { /* send the header to the callback */ - int writetype = CLIENTWRITE_HEADER; - if(data->set.include_header) - writetype |= CLIENTWRITE_BODY; + int writetype = CLIENTWRITE_HEADER | CLIENTWRITE_CONNECT | + (data->set.include_header ? CLIENTWRITE_BODY : 0) | + (s->headerlines == 1 ? CLIENTWRITE_STATUS : 0); result = Curl_client_write(data, writetype, linep, perline); if(result) @@ -765,6 +767,9 @@ static CURLcode CONNECT(struct Curl_easy *data, } options = hyper_clientconn_options_new(); + hyper_clientconn_options_set_preserve_header_case(options, 1); + hyper_clientconn_options_set_preserve_header_order(options, 1); + if(!options) { failf(data, "Couldn't create hyper client options"); result = CURLE_OUT_OF_MEMORY; diff --git a/contrib/libs/curl/lib/http_proxy.h b/contrib/libs/curl/lib/http_proxy.h index 2820e11841..67543b589b 100644 --- a/contrib/libs/curl/lib/http_proxy.h +++ b/contrib/libs/curl/lib/http_proxy.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -59,6 +59,7 @@ struct http_connect_state { struct dynbuf rcvbuf; struct dynbuf req; size_t nsend; + size_t headerlines; enum keeponval { KEEPON_DONE, KEEPON_CONNECT, diff --git a/contrib/libs/curl/lib/idn_win32.c b/contrib/libs/curl/lib/idn_win32.c index 1d475a4eff..0914e1f25a 100644 --- a/contrib/libs/curl/lib/idn_win32.c +++ b/contrib/libs/curl/lib/idn_win32.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -76,11 +76,15 @@ bool curl_win32_idn_to_ascii(const char *in, char **out) if(in_w) { wchar_t punycode[IDN_MAX_LENGTH]; int chars = IdnToAscii(0, in_w, -1, punycode, IDN_MAX_LENGTH); - free(in_w); + curlx_unicodefree(in_w); if(chars) { - *out = curlx_convert_wchar_to_UTF8(punycode); - if(*out) - success = TRUE; + char *mstr = curlx_convert_wchar_to_UTF8(punycode); + if(mstr) { + *out = strdup(mstr); + curlx_unicodefree(mstr); + if(*out) + success = TRUE; + } } } @@ -97,11 +101,15 @@ bool curl_win32_ascii_to_idn(const char *in, char **out) wchar_t unicode[IDN_MAX_LENGTH]; int chars = IdnToUnicode(0, in_w, curlx_uztosi(in_len), unicode, IDN_MAX_LENGTH); - free(in_w); + curlx_unicodefree(in_w); if(chars) { - *out = curlx_convert_wchar_to_UTF8(unicode); - if(*out) - success = TRUE; + char *mstr = curlx_convert_wchar_to_UTF8(unicode); + if(mstr) { + *out = strdup(mstr); + curlx_unicodefree(mstr); + if(*out) + success = TRUE; + } } } diff --git a/contrib/libs/curl/lib/imap.c b/contrib/libs/curl/lib/imap.c index fb5a114d1d..817513becf 100644 --- a/contrib/libs/curl/lib/imap.c +++ b/contrib/libs/curl/lib/imap.c @@ -624,7 +624,7 @@ static CURLcode imap_perform_authentication(struct Curl_easy *data, result = imap_perform_login(data, conn); else { /* Other mechanisms not supported */ - infof(data, "No known authentication mechanisms supported!"); + infof(data, "No known authentication mechanisms supported"); result = CURLE_LOGIN_DENIED; } } @@ -874,7 +874,7 @@ static CURLcode imap_state_servergreet_resp(struct Curl_easy *data, /* PREAUTH */ struct imap_conn *imapc = &conn->proto.imapc; imapc->preauth = TRUE; - infof(data, "PREAUTH connection, already authenticated!"); + infof(data, "PREAUTH connection, already authenticated"); } else if(imapcode != IMAP_RESP_OK) { failf(data, "Got unexpected imap-server response"); diff --git a/contrib/libs/curl/lib/ldap.c b/contrib/libs/curl/lib/ldap.c index 6e40f41ce5..b4dfc5f44d 100644 --- a/contrib/libs/curl/lib/ldap.c +++ b/contrib/libs/curl/lib/ldap.c @@ -361,7 +361,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) (strcasecompare(data->set.ssl.cert_type, "DER"))) cert_type = LDAPSSL_CERT_FILETYPE_DER; if(!ldap_ca) { - failf(data, "LDAP local: ERROR %s CA cert not set!", + failf(data, "LDAP local: ERROR %s CA cert not set", (cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM")); result = CURLE_SSL_CERTPROBLEM; goto quit; @@ -400,12 +400,12 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) /* OpenLDAP SDK supports BASE64 files. */ if((data->set.ssl.cert_type) && (!strcasecompare(data->set.ssl.cert_type, "PEM"))) { - failf(data, "LDAP local: ERROR OpenLDAP only supports PEM cert-type!"); + failf(data, "LDAP local: ERROR OpenLDAP only supports PEM cert-type"); result = CURLE_SSL_CERTPROBLEM; goto quit; } if(!ldap_ca) { - failf(data, "LDAP local: ERROR PEM CA cert not set!"); + failf(data, "LDAP local: ERROR PEM CA cert not set"); result = CURLE_SSL_CERTPROBLEM; goto quit; } diff --git a/contrib/libs/curl/lib/mime.c b/contrib/libs/curl/lib/mime.c index cab3ef1c37..d6985d39c1 100644 --- a/contrib/libs/curl/lib/mime.c +++ b/contrib/libs/curl/lib/mime.c @@ -1563,7 +1563,7 @@ CURLcode Curl_mime_set_subparts(curl_mimepart *part, root = root->parent->parent; if(subparts == root) { if(part->easy) - failf(part->easy, "Can't add itself as a subpart!"); + failf(part->easy, "Can't add itself as a subpart"); return CURLE_BAD_FUNCTION_ARGUMENT; } } diff --git a/contrib/libs/curl/lib/mqtt.c b/contrib/libs/curl/lib/mqtt.c index e79bd3b482..9bcbaa1950 100644 --- a/contrib/libs/curl/lib/mqtt.c +++ b/contrib/libs/curl/lib/mqtt.c @@ -732,8 +732,14 @@ static CURLcode mqtt_doing(struct Curl_easy *data, bool *done) case MQTT_FIRST: /* Read the initial byte only */ result = Curl_read(data, sockfd, (char *)&mq->firstbyte, 1, &nread); - if(!nread) + if(result) + break; + else if(!nread) { + failf(data, "Connection disconnected"); + *done = TRUE; + result = CURLE_RECV_ERROR; break; + } Curl_debug(data, CURLINFO_HEADER_IN, (char *)&mq->firstbyte, 1); /* remember the first byte */ mq->npacket = 0; diff --git a/contrib/libs/curl/lib/multi.c b/contrib/libs/curl/lib/multi.c index 429d656bcf..4179d4b278 100644 --- a/contrib/libs/curl/lib/multi.c +++ b/contrib/libs/curl/lib/multi.c @@ -721,7 +721,6 @@ static CURLcode multi_done(struct Curl_easy *data, } Curl_safefree(data->state.buffer); - Curl_free_request_state(data); return result; } @@ -1796,7 +1795,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, rc = CURLM_OK; if(multi_ischanged(multi, TRUE)) { - DEBUGF(infof(data, "multi changed, check CONNECT_PEND queue!")); + DEBUGF(infof(data, "multi changed, check CONNECT_PEND queue")); process_pending_handles(multi); /* multiplexed */ } @@ -2383,7 +2382,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, CURLcode ret = Curl_retry_request(data, &newurl); if(!ret) { - infof(data, "Downgrades to HTTP/1.1!"); + infof(data, "Downgrades to HTTP/1.1"); streamclose(data->conn, "Disconnect HTTP/2 for HTTP/1"); data->state.httpwant = CURL_HTTP_VERSION_1_1; /* clear the error message bit too as we ignore the one we got */ diff --git a/contrib/libs/curl/lib/nonblock.c b/contrib/libs/curl/lib/nonblock.c index 92fb22ec22..28f6e75881 100644 --- a/contrib/libs/curl/lib/nonblock.c +++ b/contrib/libs/curl/lib/nonblock.c @@ -73,6 +73,12 @@ int curlx_nonblock(curl_socket_t sockfd, /* operate on this */ long flags = nonblock ? 1L : 0L; return IoctlSocket(sockfd, FIONBIO, (char *)&flags); +#elif defined(HAVE_SETSOCKOPT_SO_NONBLOCK) + + /* Orbis OS */ + long b = nonblock ? 1L : 0L; + return setsockopt(sockfd, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b)); + #else # error "no non-blocking method was found/used/set" #endif diff --git a/contrib/libs/curl/lib/pingpong.c b/contrib/libs/curl/lib/pingpong.c index 1453bf299a..e08c1d8663 100644 --- a/contrib/libs/curl/lib/pingpong.c +++ b/contrib/libs/curl/lib/pingpong.c @@ -293,7 +293,7 @@ CURLcode Curl_pp_readresp(struct Curl_easy *data, */ if((ptr + pp->cache_size) > (buf + data->set.buffer_size + 1)) { failf(data, "cached response data too big to handle"); - return CURLE_RECV_ERROR; + return CURLE_WEIRD_SERVER_REPLY; } memcpy(ptr, pp->cache, pp->cache_size); gotbytes = (ssize_t)pp->cache_size; diff --git a/contrib/libs/curl/lib/pop3.c b/contrib/libs/curl/lib/pop3.c index 065bdbaf51..2c1b06c07f 100644 --- a/contrib/libs/curl/lib/pop3.c +++ b/contrib/libs/curl/lib/pop3.c @@ -571,7 +571,7 @@ static CURLcode pop3_perform_authentication(struct Curl_easy *data, result = pop3_perform_user(data, conn); else { /* Other mechanisms not supported */ - infof(data, "No known authentication mechanisms supported!"); + infof(data, "No known authentication mechanisms supported"); result = CURLE_LOGIN_DENIED; } } @@ -924,7 +924,7 @@ static CURLcode pop3_state_command_resp(struct Curl_easy *data, if(pop3code != '+') { state(data, POP3_STOP); - return CURLE_RECV_ERROR; + return CURLE_WEIRD_SERVER_REPLY; } /* This 'OK' line ends with a CR LF pair which is the two first bytes of the diff --git a/contrib/libs/curl/lib/quic.h b/contrib/libs/curl/lib/quic.h index edd65807cc..a2e9fee3ac 100644 --- a/contrib/libs/curl/lib/quic.h +++ b/contrib/libs/curl/lib/quic.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -31,6 +31,9 @@ #ifdef USE_QUICHE #error #include "vquic/quiche.h" #endif +#ifdef USE_MSH3 +#error #include "vquic/msh3.h" +#endif #include "urldata.h" diff --git a/contrib/libs/curl/lib/rand.c b/contrib/libs/curl/lib/rand.c index 8f2c1ba29e..8da1e8d968 100644 --- a/contrib/libs/curl/lib/rand.c +++ b/contrib/libs/curl/lib/rand.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -87,7 +87,7 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) if(!seeded) { struct curltime now = Curl_now(); - infof(data, "WARNING: Using weak random seed"); + infof(data, "WARNING: using weak random seed"); randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec; randseed = randseed * 1103515245 + 12345; randseed = randseed * 1103515245 + 12345; diff --git a/contrib/libs/curl/lib/rtsp.c b/contrib/libs/curl/lib/rtsp.c index f16e87c12d..726bfb9ae1 100644 --- a/contrib/libs/curl/lib/rtsp.c +++ b/contrib/libs/curl/lib/rtsp.c @@ -219,7 +219,7 @@ static CURLcode rtsp_done(struct Curl_easy *data, httpStatus = Curl_http_done(data, status, premature); - if(rtsp) { + if(rtsp && !status && !httpStatus) { /* Check the sequence numbers */ long CSeq_sent = rtsp->CSeq_sent; long CSeq_recv = rtsp->CSeq_recv; diff --git a/contrib/libs/curl/lib/select.c b/contrib/libs/curl/lib/select.c index 1de207725f..a48da82bac 100644 --- a/contrib/libs/curl/lib/select.c +++ b/contrib/libs/curl/lib/select.c @@ -43,7 +43,7 @@ #include "urldata.h" #include "connect.h" #include "select.h" -#include "timeval.h" +#include "timediff.h" #include "warnless.h" /* @@ -93,26 +93,7 @@ int Curl_wait_ms(timediff_t timeout_ms) #else { struct timeval pending_tv; - timediff_t tv_sec = timeout_ms / 1000; - timediff_t tv_usec = (timeout_ms % 1000) * 1000; /* max=999999 */ -#ifdef HAVE_SUSECONDS_T -#if TIMEDIFF_T_MAX > TIME_T_MAX - /* tv_sec overflow check in case time_t is signed */ - if(tv_sec > TIME_T_MAX) - tv_sec = TIME_T_MAX; -#endif - pending_tv.tv_sec = (time_t)tv_sec; - pending_tv.tv_usec = (suseconds_t)tv_usec; -#else -#if TIMEDIFF_T_MAX > INT_MAX - /* tv_sec overflow check in case time_t is signed */ - if(tv_sec > INT_MAX) - tv_sec = INT_MAX; -#endif - pending_tv.tv_sec = (int)tv_sec; - pending_tv.tv_usec = (int)tv_usec; -#endif - r = select(0, NULL, NULL, NULL, &pending_tv); + r = select(0, NULL, NULL, NULL, curlx_mstotv(&pending_tv, timeout_ms)); } #endif /* HAVE_POLL_FINE */ #endif /* USE_WINSOCK */ @@ -152,43 +133,7 @@ static int our_select(curl_socket_t maxfd, /* highest socket number */ } #endif - ptimeout = &pending_tv; - if(timeout_ms < 0) { - ptimeout = NULL; - } - else if(timeout_ms > 0) { - timediff_t tv_sec = timeout_ms / 1000; - timediff_t tv_usec = (timeout_ms % 1000) * 1000; /* max=999999 */ -#ifdef HAVE_SUSECONDS_T -#if TIMEDIFF_T_MAX > TIME_T_MAX - /* tv_sec overflow check in case time_t is signed */ - if(tv_sec > TIME_T_MAX) - tv_sec = TIME_T_MAX; -#endif - pending_tv.tv_sec = (time_t)tv_sec; - pending_tv.tv_usec = (suseconds_t)tv_usec; -#elif defined(WIN32) /* maybe also others in the future */ -#if TIMEDIFF_T_MAX > LONG_MAX - /* tv_sec overflow check on Windows there we know it is long */ - if(tv_sec > LONG_MAX) - tv_sec = LONG_MAX; -#endif - pending_tv.tv_sec = (long)tv_sec; - pending_tv.tv_usec = (long)tv_usec; -#else -#if TIMEDIFF_T_MAX > INT_MAX - /* tv_sec overflow check in case time_t is signed */ - if(tv_sec > INT_MAX) - tv_sec = INT_MAX; -#endif - pending_tv.tv_sec = (int)tv_sec; - pending_tv.tv_usec = (int)tv_usec; -#endif - } - else { - pending_tv.tv_sec = 0; - pending_tv.tv_usec = 0; - } + ptimeout = curlx_mstotv(&pending_tv, timeout_ms); #ifdef USE_WINSOCK /* WinSock select() must not be called with an fd_set that contains zero diff --git a/contrib/libs/curl/lib/sendf.c b/contrib/libs/curl/lib/sendf.c index 220c7dd7ba..d7d4d8abd4 100644 --- a/contrib/libs/curl/lib/sendf.c +++ b/contrib/libs/curl/lib/sendf.c @@ -45,6 +45,7 @@ #include "select.h" #include "strdup.h" #include "http2.h" +#include "headers.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -565,7 +566,7 @@ static CURLcode chop_write(struct Curl_easy *data, /* Protocols that work without network cannot be paused. This is actually only FILE:// just now, and it can't pause since the transfer isn't done using the "normal" procedure. */ - failf(data, "Write callback asked for PAUSE when not supported!"); + failf(data, "Write callback asked for PAUSE when not supported"); return CURLE_WRITE_ERROR; } return pausewrite(data, type, ptr, len); @@ -580,21 +581,33 @@ static CURLcode chop_write(struct Curl_easy *data, len -= chunklen; } + /* HTTP header, but not status-line */ + if((conn->handler->protocol & PROTO_FAMILY_HTTP) && + (type & CLIENTWRITE_HEADER) && !(type & CLIENTWRITE_STATUS) ) { + CURLcode result = + Curl_headers_push(data, optr, + type & CLIENTWRITE_CONNECT ? CURLH_CONNECT : + (type & CLIENTWRITE_1XX ? CURLH_1XX : + (type & CLIENTWRITE_TRAILER ? CURLH_TRAILER : + CURLH_HEADER))); + if(result) + return result; + } + if(writeheader) { size_t wrote; - ptr = optr; - len = olen; + Curl_set_in_callback(data, true); - wrote = writeheader(ptr, 1, len, data->set.writeheader); + wrote = writeheader(optr, 1, olen, data->set.writeheader); Curl_set_in_callback(data, false); if(CURL_WRITEFUNC_PAUSE == wrote) /* here we pass in the HEADER bit only since if this was body as well then it was passed already and clearly that didn't trigger the pause, so this is saved for later with the HEADER bit only */ - return pausewrite(data, CLIENTWRITE_HEADER, ptr, len); + return pausewrite(data, CLIENTWRITE_HEADER, optr, olen); - if(wrote != len) { + if(wrote != olen) { failf(data, "Failed writing header"); return CURLE_WRITE_ERROR; } @@ -620,8 +633,6 @@ CURLcode Curl_client_write(struct Curl_easy *data, { struct connectdata *conn = data->conn; - DEBUGASSERT(!(type & ~CLIENTWRITE_BOTH)); - if(!len) return CURLE_OK; diff --git a/contrib/libs/curl/lib/sendf.h b/contrib/libs/curl/lib/sendf.h index 108a5e934a..6676003a91 100644 --- a/contrib/libs/curl/lib/sendf.h +++ b/contrib/libs/curl/lib/sendf.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -45,8 +45,12 @@ void Curl_failf(struct Curl_easy *, const char *fmt, ...); #define failf Curl_failf -#define CLIENTWRITE_BODY (1<<0) -#define CLIENTWRITE_HEADER (1<<1) +#define CLIENTWRITE_BODY (1<<0) +#define CLIENTWRITE_HEADER (1<<1) +#define CLIENTWRITE_STATUS (1<<2) /* the first "header" is the status line */ +#define CLIENTWRITE_CONNECT (1<<3) /* a CONNECT response */ +#define CLIENTWRITE_1XX (1<<4) /* a 1xx response */ +#define CLIENTWRITE_TRAILER (1<<5) /* a trailer header */ #define CLIENTWRITE_BOTH (CLIENTWRITE_BODY|CLIENTWRITE_HEADER) CURLcode Curl_client_write(struct Curl_easy *data, int type, char *ptr, diff --git a/contrib/libs/curl/lib/setopt.c b/contrib/libs/curl/lib/setopt.c index 8e1bf12791..0df1afa614 100644 --- a/contrib/libs/curl/lib/setopt.c +++ b/contrib/libs/curl/lib/setopt.c @@ -890,7 +890,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) ; else #endif -#if !defined(USE_NGHTTP2) && !defined(USE_HYPER) +#ifndef USE_HTTP2 if(arg >= CURL_HTTP_VERSION_2) return CURLE_UNSUPPORTED_PROTOCOL; #else @@ -2602,7 +2602,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #endif case CURLOPT_SASL_AUTHZID: - /* Authorisation identity (identity to act as) */ + /* Authorization identity (identity to act as) */ result = Curl_setstropt(&data->set.str[STRING_SASL_AUTHZID], va_arg(param, char *)); break; diff --git a/contrib/libs/curl/lib/smtp.c b/contrib/libs/curl/lib/smtp.c index 28aa44a49a..c736cfae19 100644 --- a/contrib/libs/curl/lib/smtp.c +++ b/contrib/libs/curl/lib/smtp.c @@ -505,7 +505,7 @@ static CURLcode smtp_perform_authentication(struct Curl_easy *data) state(data, SMTP_AUTH); else { /* Other mechanisms not supported */ - infof(data, "No known authentication mechanisms supported!"); + infof(data, "No known authentication mechanisms supported"); result = CURLE_LOGIN_DENIED; } } @@ -1037,7 +1037,7 @@ static CURLcode smtp_state_command_resp(struct Curl_easy *data, int smtpcode, if((smtp->rcpt && smtpcode/100 != 2 && smtpcode != 553 && smtpcode != 1) || (!smtp->rcpt && smtpcode/100 != 2 && smtpcode != 1)) { failf(data, "Command failed: %d", smtpcode); - result = CURLE_RECV_ERROR; + result = CURLE_WEIRD_SERVER_REPLY; } else { /* Temporarily add the LF character back and send as body to the client */ @@ -1182,7 +1182,7 @@ static CURLcode smtp_state_postdata_resp(struct Curl_easy *data, (void)instate; /* no use for this yet */ if(smtpcode != 250) - result = CURLE_RECV_ERROR; + result = CURLE_WEIRD_SERVER_REPLY; /* End of DONE phase */ state(data, SMTP_STOP); @@ -1840,7 +1840,7 @@ CURLcode Curl_smtp_escape_eob(struct Curl_easy *data, const ssize_t nread) scratch = newscratch = malloc(2 * data->set.upload_buffer_size); if(!newscratch) { - failf(data, "Failed to alloc scratch buffer!"); + failf(data, "Failed to alloc scratch buffer"); return CURLE_OUT_OF_MEMORY; } diff --git a/contrib/libs/curl/lib/socks.c b/contrib/libs/curl/lib/socks.c index a014aa6684..d614ae59c6 100644 --- a/contrib/libs/curl/lib/socks.c +++ b/contrib/libs/curl/lib/socks.c @@ -326,7 +326,7 @@ CURLproxycode Curl_SOCKS4(const char *proxy_user, if(proxy_user) { size_t plen = strlen(proxy_user); if(plen >= (size_t)data->set.buffer_size - 8) { - failf(data, "Too long SOCKS proxy user name, can't use!"); + failf(data, "Too long SOCKS proxy user name, can't use"); return CURLPX_LONG_USER; } /* copy the proxy name WITH trailing zero */ diff --git a/contrib/libs/curl/lib/socks.h b/contrib/libs/curl/lib/socks.h index b0c7f9b26b..f30c610a86 100644 --- a/contrib/libs/curl/lib/socks.h +++ b/contrib/libs/curl/lib/socks.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -69,7 +69,7 @@ CURLproxycode Curl_SOCKS5(const char *proxy_name, #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) /* - * This function handles the SOCKS5 GSS-API negotiation and initialisation + * This function handles the SOCKS5 GSS-API negotiation and initialization */ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex, struct Curl_easy *data); diff --git a/contrib/libs/curl/lib/strcase.c b/contrib/libs/curl/lib/strcase.c index dd46ca1ba0..692a3f14ae 100644 --- a/contrib/libs/curl/lib/strcase.c +++ b/contrib/libs/curl/lib/strcase.c @@ -131,6 +131,16 @@ void Curl_strntolower(char *dest, const char *src, size_t n) } while(*src++ && --n); } +/* Compare case-sensitive NUL-terminated strings, taking care of possible + * null pointers. Return true if arguments match. + */ +bool Curl_safecmp(char *a, char *b) +{ + if(a && b) + return !strcmp(a, b); + return !a && !b; +} + /* --- public functions --- */ int curl_strequal(const char *first, const char *second) diff --git a/contrib/libs/curl/lib/strcase.h b/contrib/libs/curl/lib/strcase.h index b628656b97..2635f5117e 100644 --- a/contrib/libs/curl/lib/strcase.h +++ b/contrib/libs/curl/lib/strcase.h @@ -29,6 +29,8 @@ * and only compare strings we know are safe for this. * * The function is capable of comparing a-z case insensitively. + * + * Result is 1 if text matches and 0 if not. */ #define strcasecompare(a,b) Curl_strcasecompare(a,b) @@ -47,4 +49,6 @@ char Curl_raw_toupper(char in); void Curl_strntoupper(char *dest, const char *src, size_t n); void Curl_strntolower(char *dest, const char *src, size_t n); +bool Curl_safecmp(char *a, char *b); + #endif /* HEADER_CURL_STRCASE_H */ diff --git a/contrib/libs/curl/lib/telnet.c b/contrib/libs/curl/lib/telnet.c index e709973244..2abfcd952a 100644 --- a/contrib/libs/curl/lib/telnet.c +++ b/contrib/libs/curl/lib/telnet.c @@ -687,7 +687,7 @@ static void printsub(struct Curl_easy *data, infof(data, "%s", CURL_TELCMD(j)); else infof(data, "%d", j); - infof(data, ", not IAC SE!) "); + infof(data, ", not IAC SE) "); } } length -= 2; diff --git a/contrib/libs/curl/lib/timediff.c b/contrib/libs/curl/lib/timediff.c new file mode 100644 index 0000000000..003477c63c --- /dev/null +++ b/contrib/libs/curl/lib/timediff.c @@ -0,0 +1,84 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "timediff.h" + +/* + * Converts number of milliseconds into a timeval structure. + * + * Return values: + * NULL IF tv is NULL or ms < 0 (eg. no timeout -> blocking select) + * tv with 0 in both fields IF ms == 0 (eg. 0ms timeout -> polling select) + * tv with converted fields IF ms > 0 (eg. >0ms timeout -> waiting select) + */ +struct timeval *curlx_mstotv(struct timeval *tv, timediff_t ms) +{ + if(!tv) + return NULL; + + if(ms < 0) + return NULL; + + if(ms > 0) { + timediff_t tv_sec = ms / 1000; + timediff_t tv_usec = (ms % 1000) * 1000; /* max=999999 */ +#ifdef HAVE_SUSECONDS_T +#if TIMEDIFF_T_MAX > TIME_T_MAX + /* tv_sec overflow check in case time_t is signed */ + if(tv_sec > TIME_T_MAX) + tv_sec = TIME_T_MAX; +#endif + tv->tv_sec = (time_t)tv_sec; + tv->tv_usec = (suseconds_t)tv_usec; +#elif defined(WIN32) /* maybe also others in the future */ +#if TIMEDIFF_T_MAX > LONG_MAX + /* tv_sec overflow check on Windows there we know it is long */ + if(tv_sec > LONG_MAX) + tv_sec = LONG_MAX; +#endif + tv->tv_sec = (long)tv_sec; + tv->tv_usec = (long)tv_usec; +#else +#if TIMEDIFF_T_MAX > INT_MAX + /* tv_sec overflow check in case time_t is signed */ + if(tv_sec > INT_MAX) + tv_sec = INT_MAX; +#endif + tv->tv_sec = (int)tv_sec; + tv->tv_usec = (int)tv_usec; +#endif + } + else { + tv->tv_sec = 0; + tv->tv_usec = 0; + } + + return tv; +} + +/* + * Converts a timeval structure into number of milliseconds. + */ +timediff_t curlx_tvtoms(struct timeval *tv) +{ + return (tv->tv_sec*1000) + (timediff_t)(((double)tv->tv_usec)/1000.0); +} diff --git a/contrib/libs/curl/lib/timediff.h b/contrib/libs/curl/lib/timediff.h new file mode 100644 index 0000000000..fcd5f05636 --- /dev/null +++ b/contrib/libs/curl/lib/timediff.h @@ -0,0 +1,50 @@ +#ifndef HEADER_CURL_TIMEDIFF_H +#define HEADER_CURL_TIMEDIFF_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "curl_setup.h" + +/* Use a larger type even for 32 bit time_t systems so that we can keep + microsecond accuracy in it */ +typedef curl_off_t timediff_t; +#define CURL_FORMAT_TIMEDIFF_T CURL_FORMAT_CURL_OFF_T + +#define TIMEDIFF_T_MAX CURL_OFF_T_MAX +#define TIMEDIFF_T_MIN CURL_OFF_T_MIN + +/* + * Converts number of milliseconds into a timeval structure. + * + * Return values: + * NULL IF tv is NULL or ms < 0 (eg. no timeout -> blocking select) + * tv with 0 in both fields IF ms == 0 (eg. 0ms timeout -> polling select) + * tv with converted fields IF ms > 0 (eg. >0ms timeout -> waiting select) + */ +struct timeval *curlx_mstotv(struct timeval *tv, timediff_t ms); + +/* + * Converts a timeval structure into number of milliseconds. + */ +timediff_t curlx_tvtoms(struct timeval *tv); + +#endif /* HEADER_CURL_TIMEDIFF_H */ diff --git a/contrib/libs/curl/lib/timeval.h b/contrib/libs/curl/lib/timeval.h index 685e72961d..dce32f4cde 100644 --- a/contrib/libs/curl/lib/timeval.h +++ b/contrib/libs/curl/lib/timeval.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,13 +24,7 @@ #include "curl_setup.h" -/* Use a larger type even for 32 bit time_t systems so that we can keep - microsecond accuracy in it */ -typedef curl_off_t timediff_t; -#define CURL_FORMAT_TIMEDIFF_T CURL_FORMAT_CURL_OFF_T - -#define TIMEDIFF_T_MAX CURL_OFF_T_MAX -#define TIMEDIFF_T_MIN CURL_OFF_T_MIN +#include "timediff.h" struct curltime { time_t tv_sec; /* seconds */ diff --git a/contrib/libs/curl/lib/transfer.c b/contrib/libs/curl/lib/transfer.c index 1f8019b3d0..315da876c4 100644 --- a/contrib/libs/curl/lib/transfer.c +++ b/contrib/libs/curl/lib/transfer.c @@ -79,6 +79,7 @@ #include "urlapi-int.h" #include "hsts.h" #include "setopt.h" +#include "headers.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -245,7 +246,7 @@ CURLcode Curl_fillreadbuffer(struct Curl_easy *data, size_t bytes, /* protocols that work without network cannot be paused. This is actually only FILE:// just now, and it can't pause since the transfer isn't done using the "normal" procedure. */ - failf(data, "Read callback asked for PAUSE when not supported!"); + failf(data, "Read callback asked for PAUSE when not supported"); return CURLE_READ_ERROR; } @@ -459,7 +460,7 @@ static int data_pending(const struct Curl_easy *data) /* in the case of libssh2, we can never be really sure that we have emptied its internal buffers so we MUST always try until we get EAGAIN back */ return conn->handler->protocol&(CURLPROTO_SCP|CURLPROTO_SFTP) || -#if defined(USE_NGHTTP2) +#ifdef USE_NGHTTP2 /* For HTTP/2, we may read up everything including response body with header fields in Curl_http_readwrite_headers. If no content-length is provided, curl waits for the connection @@ -542,15 +543,14 @@ static CURLcode readwrite_data(struct Curl_easy *data, if( #ifdef USE_NGHTTP2 - /* For HTTP/2, read data without caring about the content - length. This is safe because body in HTTP/2 is always - segmented thanks to its framing layer. Meanwhile, we have to - call Curl_read to ensure that http2_handle_stream_close is - called when we read all incoming bytes for a particular - stream. */ - !is_http2 && + /* For HTTP/2, read data without caring about the content length. This + is safe because body in HTTP/2 is always segmented thanks to its + framing layer. Meanwhile, we have to call Curl_read to ensure that + http2_handle_stream_close is called when we read all incoming bytes + for a particular stream. */ + !is_http2 && #endif - k->size != -1 && !k->header) { + k->size != -1 && !k->header) { /* make sure we don't read too much */ curl_off_t totalleft = k->size - k->bytecount; if(totalleft < (curl_off_t)bytestoread) @@ -571,7 +571,7 @@ static CURLcode readwrite_data(struct Curl_easy *data, else { /* read nothing but since we wanted nothing we consider this an OK situation to proceed from */ - DEBUGF(infof(data, "readwrite_data: we're done!")); + DEBUGF(infof(data, "readwrite_data: we're done")); nread = 0; } @@ -995,7 +995,7 @@ static CURLcode readwrite_upload(struct Curl_easy *data, if(!data->state.scratch) { data->state.scratch = malloc(2 * data->set.upload_buffer_size); if(!data->state.scratch) { - failf(data, "Failed to alloc scratch buffer!"); + failf(data, "Failed to alloc scratch buffer"); return CURLE_OUT_OF_MEMORY; } @@ -1360,7 +1360,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data) if(!data->state.url && !data->set.uh) { /* we can't do anything without URL */ - failf(data, "No URL set!"); + failf(data, "No URL set"); return CURLE_URL_MALFORMAT; } @@ -1377,7 +1377,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data) uc = curl_url_get(data->set.uh, CURLUPART_URL, &data->set.str[STRING_SET_URL], 0); if(uc) { - failf(data, "No URL set!"); + failf(data, "No URL set"); return CURLE_URL_MALFORMAT; } } @@ -1489,6 +1489,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data) data->set.str[STRING_PROXYPASSWORD]); data->req.headerbytecount = 0; + Curl_headers_cleanup(data); return result; } @@ -1533,6 +1534,8 @@ CURLcode Curl_follow(struct Curl_easy *data, DEBUGASSERT(type != FOLLOW_NONE); + if(type != FOLLOW_FAKE) + data->state.requests++; /* count all real follows */ if(type == FOLLOW_REDIR) { if((data->set.maxredirs != -1) && (data->state.followlocation >= data->set.maxredirs)) { @@ -1608,10 +1611,57 @@ CURLcode Curl_follow(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; } else { - uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0); if(uc) return Curl_uc_to_curlcode(uc); + + /* Clear auth if this redirects to a different port number or protocol, + unless permitted */ + if(!data->set.allow_auth_to_other_hosts && (type != FOLLOW_FAKE)) { + char *portnum; + int port; + bool clear = FALSE; + + if(data->set.use_port && data->state.allow_port) + /* a custom port is used */ + port = (int)data->set.use_port; + else { + uc = curl_url_get(data->state.uh, CURLUPART_PORT, &portnum, + CURLU_DEFAULT_PORT); + if(uc) { + free(newurl); + return Curl_uc_to_curlcode(uc); + } + port = atoi(portnum); + free(portnum); + } + if(port != data->info.conn_remote_port) { + infof(data, "Clear auth, redirects to port from %u to %u", + data->info.conn_remote_port, port); + clear = TRUE; + } + else { + char *scheme; + const struct Curl_handler *p; + uc = curl_url_get(data->state.uh, CURLUPART_SCHEME, &scheme, 0); + if(uc) { + free(newurl); + return Curl_uc_to_curlcode(uc); + } + + p = Curl_builtin_scheme(scheme); + if(p && (p->protocol != data->info.conn_protocol)) { + infof(data, "Clear auth, redirects scheme from %s to %s", + data->info.conn_scheme, scheme); + clear = TRUE; + } + free(scheme); + } + if(clear) { + Curl_safefree(data->state.aptr.user); + Curl_safefree(data->state.aptr.passwd); + } + } } if(type == FOLLOW_FAKE) { diff --git a/contrib/libs/curl/lib/url.c b/contrib/libs/curl/lib/url.c index 75f43db3d8..5b6bd2b866 100644 --- a/contrib/libs/curl/lib/url.c +++ b/contrib/libs/curl/lib/url.c @@ -130,6 +130,7 @@ bool curl_win32_idn_to_ascii(const char *in, char **out); #include "setopt.h" #include "altsvc.h" #include "dynbuf.h" +#include "headers.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -470,6 +471,7 @@ CURLcode Curl_close(struct Curl_easy **datap) /* destruct wildcard structures if it is needed */ Curl_wildcard_dtor(&data->wildcard); Curl_freeset(data); + Curl_headers_cleanup(data); free(data); return CURLE_OK; } @@ -618,7 +620,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) set->maxlifetime_conn = 0; set->http09_allowed = FALSE; set->httpwant = -#ifdef USE_NGHTTP2 +#ifdef USE_HTTP2 CURL_HTTP_VERSION_2TLS #else CURL_HTTP_VERSION_1_1 @@ -779,6 +781,7 @@ static void conn_free(struct connectdata *conn) Curl_safefree(conn->passwd); Curl_safefree(conn->sasl_authzid); Curl_safefree(conn->options); + Curl_safefree(conn->oauth_bearer); Curl_dyn_free(&conn->trailer); Curl_safefree(conn->host.rawalloc); /* host name buffer */ Curl_safefree(conn->conn_to_host.rawalloc); /* host name buffer */ @@ -1031,7 +1034,7 @@ static bool extract_if_dead(struct connectdata *conn, } if(dead) { - infof(data, "Connection %ld seems to be dead!", conn->connection_id); + infof(data, "Connection %ld seems to be dead", conn->connection_id); Curl_conncache_remove_conn(data, conn, FALSE); return TRUE; } @@ -1120,7 +1123,6 @@ ConnectionExists(struct Curl_easy *data, bool foundPendingCandidate = FALSE; bool canmultiplex = IsMultiplexingPossible(data, needle); struct connectbundle *bundle; - const char *hostbundle; #ifdef USE_NTLM bool wantNTLMhttp = ((data->state.authhost.want & @@ -1141,15 +1143,14 @@ ConnectionExists(struct Curl_easy *data, /* Look up the bundle with all the connections to this particular host. Locks the connection cache, beware of early returns! */ - bundle = Curl_conncache_find_bundle(data, needle, data->state.conn_cache, - &hostbundle); + bundle = Curl_conncache_find_bundle(data, needle, data->state.conn_cache); if(bundle) { /* Max pipe length is zero (unlimited) for multiplexed connections */ struct Curl_llist_element *curr; - infof(data, "Found bundle for host %s: %p [%s]", - hostbundle, (void *)bundle, (bundle->multiuse == BUNDLE_MULTIPLEX ? - "can multiplex" : "serially")); + infof(data, "Found bundle for host: %p [%s]", + (void *)bundle, (bundle->multiuse == BUNDLE_MULTIPLEX ? + "can multiplex" : "serially")); /* We can't multiplex if we don't know anything about the server */ if(canmultiplex) { @@ -1166,11 +1167,11 @@ ConnectionExists(struct Curl_easy *data, } if((bundle->multiuse == BUNDLE_MULTIPLEX) && !Curl_multiplex_wanted(data->multi)) { - infof(data, "Could multiplex, but not asked to!"); + infof(data, "Could multiplex, but not asked to"); canmultiplex = FALSE; } if(bundle->multiuse == BUNDLE_NO_MULTIUSE) { - infof(data, "Can not multiplex, even if we wanted to!"); + infof(data, "Can not multiplex, even if we wanted to"); canmultiplex = FALSE; } } @@ -1340,7 +1341,9 @@ ConnectionExists(struct Curl_easy *data, /* This protocol requires credentials per connection, so verify that we're using the same name and password as well */ if(strcmp(needle->user, check->user) || - strcmp(needle->passwd, check->passwd)) { + strcmp(needle->passwd, check->passwd) || + !Curl_safecmp(needle->sasl_authzid, check->sasl_authzid) || + !Curl_safecmp(needle->oauth_bearer, check->oauth_bearer)) { /* one of them was different */ continue; } @@ -1491,7 +1494,7 @@ ConnectionExists(struct Curl_easy *data, #endif /* When not multiplexed, we have a match here! */ chosen = check; - infof(data, "Multiplexed connection found!"); + infof(data, "Multiplexed connection found"); break; } else { @@ -3108,7 +3111,7 @@ static CURLcode parse_connect_to_host_port(struct Curl_easy *data, * name nor a numeric can legally start with a bracket. */ #else - failf(data, "Use of IPv6 in *_CONNECT_TO without IPv6 support built-in!"); + failf(data, "Use of IPv6 in *_CONNECT_TO without IPv6 support built-in"); result = CURLE_NOT_BUILT_IN; goto error; #endif @@ -3279,16 +3282,16 @@ static CURLcode parse_connect_to_slist(struct Curl_easy *data, bool hit; struct altsvc *as; const int allowed_versions = ( ALPN_h1 -#ifdef USE_NGHTTP2 - | ALPN_h2 +#ifdef USE_HTTP2 + | ALPN_h2 #endif #ifdef ENABLE_QUIC - | ALPN_h3 + | ALPN_h3 #endif ) & data->asi->flags; host = conn->host.rawalloc; -#ifdef USE_NGHTTP2 +#ifdef USE_HTTP2 /* with h2 support, check that first */ srcalpnid = ALPN_h2; hit = Curl_altsvc_lookup(data->asi, @@ -3635,6 +3638,14 @@ static CURLcode create_conn(struct Curl_easy *data, } } + if(data->set.str[STRING_BEARER]) { + conn->oauth_bearer = strdup(data->set.str[STRING_BEARER]); + if(!conn->oauth_bearer) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } + } + #ifdef USE_UNIX_SOCKETS if(data->set.str[STRING_UNIX_SOCKET_PATH]) { conn->unix_domain_socket = strdup(data->set.str[STRING_UNIX_SOCKET_PATH]); @@ -3911,14 +3922,14 @@ static CURLcode create_conn(struct Curl_easy *data, *in_connect = conn; #ifndef CURL_DISABLE_PROXY - infof(data, "Re-using existing connection! (#%ld) with %s %s", + infof(data, "Re-using existing connection #%ld with %s %s", conn->connection_id, conn->bits.proxy?"proxy":"host", conn->socks_proxy.host.name ? conn->socks_proxy.host.dispname : conn->http_proxy.host.name ? conn->http_proxy.host.dispname : conn->host.dispname); #else - infof(data, "Re-using existing connection! (#%ld) with host %s", + infof(data, "Re-using existing connection #%ld with host %s", conn->connection_id, conn->host.dispname); #endif } @@ -3942,10 +3953,8 @@ static CURLcode create_conn(struct Curl_easy *data, connections_available = FALSE; else { /* this gets a lock on the conncache */ - const char *bundlehost; struct connectbundle *bundle = - Curl_conncache_find_bundle(data, conn, data->state.conn_cache, - &bundlehost); + Curl_conncache_find_bundle(data, conn, data->state.conn_cache); if(max_host_connections > 0 && bundle && (bundle->num_connections >= max_host_connections)) { @@ -3958,8 +3967,8 @@ static CURLcode create_conn(struct Curl_easy *data, if(conn_candidate) Curl_disconnect(data, conn_candidate, FALSE); else { - infof(data, "No more connections allowed to host %s: %zu", - bundlehost, max_host_connections); + infof(data, "No more connections allowed to host: %zu", + max_host_connections); connections_available = FALSE; } } @@ -4009,14 +4018,14 @@ static CURLcode create_conn(struct Curl_easy *data, connection based. */ if((data->state.authhost.picked & (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) && data->state.authhost.done) { - infof(data, "NTLM picked AND auth done set, clear picked!"); + infof(data, "NTLM picked AND auth done set, clear picked"); data->state.authhost.picked = CURLAUTH_NONE; data->state.authhost.done = FALSE; } if((data->state.authproxy.picked & (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) && data->state.authproxy.done) { - infof(data, "NTLM-proxy picked AND auth done set, clear picked!"); + infof(data, "NTLM-proxy picked AND auth done set, clear picked"); data->state.authproxy.picked = CURLAUTH_NONE; data->state.authproxy.done = FALSE; } diff --git a/contrib/libs/curl/lib/urlapi.c b/contrib/libs/curl/lib/urlapi.c index ff00ee4243..99a0f69282 100644 --- a/contrib/libs/curl/lib/urlapi.c +++ b/contrib/libs/curl/lib/urlapi.c @@ -1144,7 +1144,7 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) } /* - * Parse the URL and, if successful, replace everyting in the Curl_URL struct. + * Parse the URL and, if successful, replace everything in the Curl_URL struct. */ static CURLUcode parseurl_and_replace(const char *url, CURLU *u, unsigned int flags) diff --git a/contrib/libs/curl/lib/urldata.h b/contrib/libs/curl/lib/urldata.h index ccf3c32cfe..9249c9c60e 100644 --- a/contrib/libs/curl/lib/urldata.h +++ b/contrib/libs/curl/lib/urldata.h @@ -983,7 +983,8 @@ struct connectdata { char *user; /* user name string, allocated */ char *passwd; /* password string, allocated */ char *options; /* options string, allocated */ - char *sasl_authzid; /* authorisation identity string, allocated */ + char *sasl_authzid; /* authorization identity string, allocated */ + char *oauth_bearer; /* OAUTH2 bearer, allocated */ unsigned char httpversion; /* the HTTP version*10 reported by the server */ struct curltime now; /* "current" time */ struct curltime created; /* creation time */ @@ -1159,7 +1160,11 @@ struct PureInfo { reused, in the connection cache. */ char conn_primary_ip[MAX_IPADR_LEN]; - int conn_primary_port; + int conn_primary_port; /* this is the destination port to the connection, + which might have been a proxy */ + int conn_remote_port; /* this is the "remote port", which is the port + number of the used URL, independent of proxy or + not */ char conn_local_ip[MAX_IPADR_LEN]; int conn_local_port; const char *conn_scheme; @@ -1328,14 +1333,16 @@ struct UrlState { char *ulbuf; /* allocated upload buffer or NULL */ curl_off_t current_speed; /* the ProgressShow() function sets this, bytes / second */ - char *first_host; /* host name of the first (not followed) request. - if set, this should be the host name that we will - sent authorization to, no else. Used to make Location: - following not keep sending user+password... This is - strdup() data. - */ + + /* host name, port number and protocol of the first (not followed) request. + if set, this should be the host name that we will sent authorization to, + no else. Used to make Location: following not keep sending user+password. + This is strdup()ed data. */ + char *first_host; + int first_remote_port; + unsigned int first_remote_protocol; + int retrycount; /* number of retries on a new connection */ - int first_remote_port; /* remote port of the first (not followed) request */ struct Curl_ssl_session *session; /* array of 'max_ssl_sessions' size */ long sessionage; /* number of the most recent session */ struct tempbuf tempwrite[3]; /* BOTH, HEADER, BODY */ @@ -1343,6 +1350,7 @@ struct UrlState { int os_errno; /* filled in with errno whenever an error occurs */ char *scratch; /* huge buffer[set.buffer_size*2] for upload CRLF replacing */ long followlocation; /* redirect counter */ + int requests; /* request counter: redirects + authentication retakes */ #ifdef HAVE_SIGNAL /* storage for the previous bag^H^H^HSIGPIPE signal handler :-) */ void (*prev_signal)(int sig); @@ -1414,6 +1422,8 @@ struct UrlState { size_t trailers_bytes_sent; struct dynbuf trailers_buf; /* a buffer containing the compiled trailing headers */ + struct Curl_llist httphdrs; /* received headers */ + struct curl_header headerout; /* for external purposes */ #endif trailers_state trailers_state; /* whether we are sending trailers and what stage are we at */ diff --git a/contrib/libs/curl/lib/vauth/ntlm.c b/contrib/libs/curl/lib/vauth/ntlm.c index b769e0f5d2..115f70b0e1 100644 --- a/contrib/libs/curl/lib/vauth/ntlm.c +++ b/contrib/libs/curl/lib/vauth/ntlm.c @@ -524,7 +524,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, /* Get the machine's un-qualified host name as NTLM doesn't like the fully qualified domain name */ if(Curl_gethostname(host, sizeof(host))) { - infof(data, "gethostname() failed, continuing without!"); + infof(data, "gethostname() failed, continuing without"); hostlen = 0; } else { diff --git a/contrib/libs/curl/lib/vquic/msh3.c b/contrib/libs/curl/lib/vquic/msh3.c new file mode 100644 index 0000000000..071f13e1fc --- /dev/null +++ b/contrib/libs/curl/lib/vquic/msh3.c @@ -0,0 +1,498 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "curl_setup.h" + +#ifdef USE_MSH3 + +#include "urldata.h" +#include "curl_printf.h" +#include "timeval.h" +#include "multiif.h" +#include "sendf.h" +#include "connect.h" +#include "h2h3.h" +#error #include "msh3.h" + +/* #define DEBUG_HTTP3 1 */ +#ifdef DEBUG_HTTP3 +#define H3BUGF(x) x +#else +#define H3BUGF(x) do { } while(0) +#endif + +#define MSH3_REQ_INIT_BUF_LEN 8192 + +static CURLcode msh3_do_it(struct Curl_easy *data, bool *done); +static int msh3_getsock(struct Curl_easy *data, + struct connectdata *conn, curl_socket_t *socks); +static CURLcode msh3_disconnect(struct Curl_easy *data, + struct connectdata *conn, + bool dead_connection); +static unsigned int msh3_conncheck(struct Curl_easy *data, + struct connectdata *conn, + unsigned int checks_to_perform); +static Curl_recv msh3_stream_recv; +static Curl_send msh3_stream_send; +static void MSH3_CALL msh3_header_received(MSH3_REQUEST *Request, + void *IfContext, + const MSH3_HEADER *Header); +static void MSH3_CALL msh3_data_received(MSH3_REQUEST *Request, + void *IfContext, uint32_t Length, + const uint8_t *Data); +static void MSH3_CALL msh3_complete(MSH3_REQUEST *Request, void *IfContext, + bool Aborted, uint64_t AbortError); +static void MSH3_CALL msh3_shutdown(MSH3_REQUEST *Request, void *IfContext); + +static const struct Curl_handler msh3_curl_handler_http3 = { + "HTTPS", /* scheme */ + ZERO_NULL, /* setup_connection */ + msh3_do_it, /* do_it */ + Curl_http_done, /* done */ + ZERO_NULL, /* do_more */ + ZERO_NULL, /* connect_it */ + ZERO_NULL, /* connecting */ + ZERO_NULL, /* doing */ + msh3_getsock, /* proto_getsock */ + msh3_getsock, /* doing_getsock */ + ZERO_NULL, /* domore_getsock */ + msh3_getsock, /* perform_getsock */ + msh3_disconnect, /* disconnect */ + ZERO_NULL, /* readwrite */ + msh3_conncheck, /* connection_check */ + ZERO_NULL, /* attach connection */ + PORT_HTTP, /* defport */ + CURLPROTO_HTTPS, /* protocol */ + CURLPROTO_HTTP, /* family */ + PROTOPT_SSL | PROTOPT_STREAM /* flags */ +}; + +static const MSH3_REQUEST_IF msh3_request_if = { + msh3_header_received, + msh3_data_received, + msh3_complete, + msh3_shutdown +}; + +void Curl_quic_ver(char *p, size_t len) +{ + (void)msnprintf(p, len, "msh3/%s", "0.0.1"); +} + +CURLcode Curl_quic_connect(struct Curl_easy *data, + struct connectdata *conn, + curl_socket_t sockfd, + int sockindex, + const struct sockaddr *addr, + socklen_t addrlen) +{ + struct quicsocket *qs = &conn->hequic[sockindex]; + bool unsecure = !conn->ssl_config.verifypeer; + memset(qs, 0, sizeof(*qs)); + + (void)sockfd; + (void)addr; /* TODO - Pass address along */ + (void)addrlen; + + H3BUGF(infof(data, "creating new api/connection")); + + qs->api = MsH3ApiOpen(); + if(!qs->api) { + failf(data, "can't create msh3 api"); + return CURLE_FAILED_INIT; + } + + qs->conn = MsH3ConnectionOpen(qs->api, conn->host.name, unsecure); + if(!qs->conn) { + failf(data, "can't create msh3 connection"); + if(qs->api) { + MsH3ApiClose(qs->api); + } + return CURLE_FAILED_INIT; + } + + return CURLE_OK; +} + +CURLcode Curl_quic_is_connected(struct Curl_easy *data, + struct connectdata *conn, + int sockindex, + bool *connected) +{ + struct quicsocket *qs = &conn->hequic[sockindex]; + MSH3_CONNECTION_STATE state; + + state = MsH3ConnectionGetState(qs->conn, false); + if(state == MSH3_CONN_HANDSHAKE_FAILED || state == MSH3_CONN_DISCONNECTED) { + failf(data, "failed to connect, state=%u", (uint32_t)state); + return CURLE_COULDNT_CONNECT; + } + + if(state == MSH3_CONN_CONNECTED) { + H3BUGF(infof(data, "connection connected")); + *connected = true; + conn->quic = qs; + conn->recv[sockindex] = msh3_stream_recv; + conn->send[sockindex] = msh3_stream_send; + conn->handler = &msh3_curl_handler_http3; + conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ + conn->httpversion = 30; + conn->bundle->multiuse = BUNDLE_MULTIPLEX; + /* TODO - Clean up other happy-eyeballs connection(s)? */ + } + + return CURLE_OK; +} + +static int msh3_getsock(struct Curl_easy *data, + struct connectdata *conn, curl_socket_t *socks) +{ + struct HTTP *stream = data->req.p.http; + int bitmap = GETSOCK_BLANK; + + socks[0] = conn->sock[FIRSTSOCKET]; + + if(stream->recv_error) { + bitmap |= GETSOCK_READSOCK(FIRSTSOCKET); + data->state.drain++; + } + else if(stream->recv_header_len || stream->recv_data_len) { + bitmap |= GETSOCK_READSOCK(FIRSTSOCKET); + data->state.drain++; + } + + H3BUGF(infof(data, "msh3_getsock %u", (uint32_t)data->state.drain)); + + return bitmap; +} + +static CURLcode msh3_do_it(struct Curl_easy *data, bool *done) +{ + struct HTTP *stream = data->req.p.http; + H3BUGF(infof(data, "msh3_do_it")); + stream->recv_buf = malloc(MSH3_REQ_INIT_BUF_LEN); + if(!stream->recv_buf) { + return CURLE_OUT_OF_MEMORY; + } + stream->req = ZERO_NULL; + msh3_lock_initialize(&stream->recv_lock); + stream->recv_buf_alloc = MSH3_REQ_INIT_BUF_LEN; + stream->recv_header_len = 0; + stream->recv_header_complete = false; + stream->recv_data_len = 0; + stream->recv_data_complete = false; + stream->recv_error = CURLE_OK; + return Curl_http(data, done); +} + +static unsigned int msh3_conncheck(struct Curl_easy *data, + struct connectdata *conn, + unsigned int checks_to_perform) +{ + (void)data; + (void)conn; + (void)checks_to_perform; + H3BUGF(infof(data, "msh3_conncheck")); + return CONNRESULT_NONE; +} + +static void msh3_cleanup(struct quicsocket *qs, struct HTTP *stream) +{ + if(stream && stream->recv_buf) { + free(stream->recv_buf); + stream->recv_buf = ZERO_NULL; + msh3_lock_uninitialize(&stream->recv_lock); + } + if(qs->conn) { + MsH3ConnectionClose(qs->conn); + qs->conn = ZERO_NULL; + } + if(qs->api) { + MsH3ApiClose(qs->api); + qs->api = ZERO_NULL; + } +} + +static CURLcode msh3_disconnect(struct Curl_easy *data, + struct connectdata *conn, bool dead_connection) +{ + (void)dead_connection; + H3BUGF(infof(data, "disconnecting (msh3)")); + msh3_cleanup(conn->quic, data->req.p.http); + return CURLE_OK; +} + +void Curl_quic_disconnect(struct Curl_easy *data, struct connectdata *conn, + int tempindex) +{ + if(conn->transport == TRNSPRT_QUIC) { + H3BUGF(infof(data, "disconnecting (curl)")); + msh3_cleanup(&conn->hequic[tempindex], data->req.p.http); + } +} + +/* Requires stream->recv_lock to be held */ +static bool msh3request_ensure_room(struct HTTP *stream, size_t len) +{ + uint8_t *new_recv_buf; + const size_t cur_recv_len = stream->recv_header_len + stream->recv_data_len; + if(cur_recv_len + len > stream->recv_buf_alloc) { + size_t new_recv_buf_alloc_len = stream->recv_buf_alloc; + do { + new_recv_buf_alloc_len <<= 1; /* TODO - handle overflow */ + } while(cur_recv_len + len > new_recv_buf_alloc_len); + new_recv_buf = malloc(new_recv_buf_alloc_len); + if(!new_recv_buf) { + return false; + } + if(cur_recv_len) { + memcpy(new_recv_buf, stream->recv_buf, cur_recv_len); + } + stream->recv_buf_alloc = new_recv_buf_alloc_len; + free(stream->recv_buf); + stream->recv_buf = new_recv_buf; + } + return true; +} + +static void MSH3_CALL msh3_header_received(MSH3_REQUEST *Request, + void *IfContext, + const MSH3_HEADER *Header) +{ + struct HTTP *stream = IfContext; + size_t total_len; + (void)Request; + H3BUGF(printf("* msh3_header_received\n")); + + if(stream->recv_header_complete) { + H3BUGF(printf("* ignoring header after data\n")); + return; + } + + msh3_lock_acquire(&stream->recv_lock); + + if((Header->NameLength == 7) && + !strncmp(H2H3_PSEUDO_STATUS, (char *)Header->Name, 7)) { + total_len = 9 + Header->ValueLength; + if(!msh3request_ensure_room(stream, total_len)) { + /* TODO - handle error */ + goto release_lock; + } + msnprintf((char *)stream->recv_buf + stream->recv_header_len, + stream->recv_buf_alloc - stream->recv_header_len, + "HTTP/3 %.*s\n", (int)Header->ValueLength, Header->Value); + } + else { + total_len = Header->NameLength + 4 + Header->ValueLength; + if(!msh3request_ensure_room(stream, total_len)) { + /* TODO - handle error */ + goto release_lock; + } + msnprintf((char *)stream->recv_buf + stream->recv_header_len, + stream->recv_buf_alloc - stream->recv_header_len, + "%.*s: %.*s\n", + (int)Header->NameLength, Header->Name, + (int)Header->ValueLength, Header->Value); + } + + stream->recv_header_len += total_len - 1; /* don't include null-terminator */ + +release_lock: + msh3_lock_release(&stream->recv_lock); +} + +static void MSH3_CALL msh3_data_received(MSH3_REQUEST *Request, + void *IfContext, uint32_t Length, + const uint8_t *Data) +{ + struct HTTP *stream = IfContext; + size_t cur_recv_len = stream->recv_header_len + stream->recv_data_len; + (void)Request; + H3BUGF(printf("* msh3_data_received %u. %zu buffered, %zu allocated\n", + Length, cur_recv_len, stream->recv_buf_alloc)); + msh3_lock_acquire(&stream->recv_lock); + if(!stream->recv_header_complete) { + H3BUGF(printf("* Headers complete!\n")); + if(!msh3request_ensure_room(stream, 2)) { + /* TODO - handle error */ + goto release_lock; + } + stream->recv_buf[stream->recv_header_len++] = '\r'; + stream->recv_buf[stream->recv_header_len++] = '\n'; + stream->recv_header_complete = true; + cur_recv_len += 2; + } + if(!msh3request_ensure_room(stream, Length)) { + /* TODO - handle error */ + goto release_lock; + } + memcpy(stream->recv_buf + cur_recv_len, Data, Length); + stream->recv_data_len += (size_t)Length; +release_lock: + msh3_lock_release(&stream->recv_lock); +} + +static void MSH3_CALL msh3_complete(MSH3_REQUEST *Request, void *IfContext, + bool Aborted, uint64_t AbortError) +{ + struct HTTP *stream = IfContext; + (void)Request; + (void)AbortError; + H3BUGF(printf("* msh3_complete, aborted=%hhu\n", Aborted)); + msh3_lock_acquire(&stream->recv_lock); + if(Aborted) { + stream->recv_error = CURLE_HTTP3; /* TODO - how do we pass AbortError? */ + } + stream->recv_header_complete = true; + stream->recv_data_complete = true; + msh3_lock_release(&stream->recv_lock); +} + +static void MSH3_CALL msh3_shutdown(MSH3_REQUEST *Request, void *IfContext) +{ + struct HTTP *stream = IfContext; + (void)Request; + (void)stream; +} + +static_assert(sizeof(MSH3_HEADER) == sizeof(struct h2h3pseudo), + "Sizes must match for cast below to work"); + +static ssize_t msh3_stream_send(struct Curl_easy *data, + int sockindex, + const void *mem, + size_t len, + CURLcode *curlcode) +{ + struct connectdata *conn = data->conn; + struct HTTP *stream = data->req.p.http; + struct quicsocket *qs = conn->quic; + struct h2h3req *hreq; + + (void)sockindex; + H3BUGF(infof(data, "msh3_stream_send %zu", len)); + + if(!stream->req) { + *curlcode = Curl_pseudo_headers(data, mem, len, &hreq); + if(*curlcode) { + failf(data, "Curl_pseudo_headers failed"); + return -1; + } + H3BUGF(infof(data, "starting request with %zu headers", hreq->entries)); + stream->req = MsH3RequestOpen(qs->conn, &msh3_request_if, stream, + (MSH3_HEADER*)hreq->header, hreq->entries); + Curl_pseudo_free(hreq); + if(!stream->req) { + failf(data, "request open failed"); + *curlcode = CURLE_SEND_ERROR; + return -1; + } + *curlcode = CURLE_OK; + return len; + } + H3BUGF(infof(data, "send %zd body bytes on request %p", len, + (void *)stream->req)); + *curlcode = CURLE_SEND_ERROR; + return -1; +} + +static ssize_t msh3_stream_recv(struct Curl_easy *data, + int sockindex, + char *buf, + size_t buffersize, + CURLcode *curlcode) +{ + struct HTTP *stream = data->req.p.http; + size_t outsize = 0; + (void)sockindex; + H3BUGF(infof(data, "msh3_stream_recv %zu", buffersize)); + + if(stream->recv_error) { + failf(data, "request aborted"); + *curlcode = stream->recv_error; + return -1; + } + + msh3_lock_acquire(&stream->recv_lock); + + if(stream->recv_header_len) { + outsize = buffersize; + if(stream->recv_header_len < outsize) { + outsize = stream->recv_header_len; + } + memcpy(buf, stream->recv_buf, outsize); + if(outsize < stream->recv_header_len + stream->recv_data_len) { + memmove(stream->recv_buf, stream->recv_buf + outsize, + stream->recv_header_len + stream->recv_data_len - outsize); + } + stream->recv_header_len -= outsize; + H3BUGF(infof(data, "returned %zu bytes of headers", outsize)); + } + else if(stream->recv_data_len) { + outsize = buffersize; + if(stream->recv_data_len < outsize) { + outsize = stream->recv_data_len; + } + memcpy(buf, stream->recv_buf, outsize); + if(outsize < stream->recv_data_len) { + memmove(stream->recv_buf, stream->recv_buf + outsize, + stream->recv_data_len - outsize); + } + stream->recv_data_len -= outsize; + H3BUGF(infof(data, "returned %zu bytes of data", outsize)); + } + else if(stream->recv_data_complete) { + H3BUGF(infof(data, "receive complete")); + } + + msh3_lock_release(&stream->recv_lock); + + return (ssize_t)outsize; +} + +CURLcode Curl_quic_done_sending(struct Curl_easy *data) +{ + struct connectdata *conn = data->conn; + H3BUGF(infof(data, "Curl_quic_done_sending")); + if(conn->handler == &msh3_curl_handler_http3) { + struct HTTP *stream = data->req.p.http; + stream->upload_done = TRUE; + } + + return CURLE_OK; +} + +void Curl_quic_done(struct Curl_easy *data, bool premature) +{ + (void)data; + (void)premature; + H3BUGF(infof(data, "Curl_quic_done")); +} + +bool Curl_quic_data_pending(const struct Curl_easy *data) +{ + struct HTTP *stream = data->req.p.http; + H3BUGF(infof((struct Curl_easy *)data, "Curl_quic_data_pending")); + return stream->recv_header_len || stream->recv_data_len; +} + +#endif /* USE_MSH3 */ diff --git a/contrib/libs/curl/lib/vquic/ngtcp2.c b/contrib/libs/curl/lib/vquic/ngtcp2.c index bcf3d193d3..233d7e2e4f 100644 --- a/contrib/libs/curl/lib/vquic/ngtcp2.c +++ b/contrib/libs/curl/lib/vquic/ngtcp2.c @@ -47,6 +47,7 @@ #error #include "vquic.h" #include "h2h3.h" #include "vtls/keylog.h" +#include "vtls/vtls.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -72,7 +73,7 @@ * the far end, then start over at index 0 again. */ -#define H3_SEND_SIZE (20*1024) +#define H3_SEND_SIZE (256*1024) struct h3out { uint8_t buf[H3_SEND_SIZE]; size_t used; /* number of bytes used in the buffer */ @@ -82,7 +83,7 @@ struct h3out { #define QUIC_MAX_STREAMS (256*1024) #define QUIC_MAX_DATA (1*1024*1024) -#define QUIC_IDLE_TIMEOUT 60000 /* milliseconds */ +#define QUIC_IDLE_TIMEOUT (60*NGTCP2_SECONDS) #ifdef USE_OPENSSL #define QUIC_CIPHERS \ @@ -314,6 +315,25 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) return ssl_ctx; } +static CURLcode quic_set_client_cert(struct Curl_easy *data, + struct quicsocket *qs) +{ + struct connectdata *conn = data->conn; + SSL_CTX *ssl_ctx = qs->sslctx; + char *const ssl_cert = SSL_SET_OPTION(primary.clientcert); + const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob); + const char *const ssl_cert_type = SSL_SET_OPTION(cert_type); + + if(ssl_cert || ssl_cert_blob || ssl_cert_type) { + return Curl_ossl_set_client_cert( + data, ssl_ctx, ssl_cert, ssl_cert_blob, ssl_cert_type, + SSL_SET_OPTION(key), SSL_SET_OPTION(key_blob), + SSL_SET_OPTION(key_type), SSL_SET_OPTION(key_passwd)); + } + + return CURLE_OK; +} + /** SSL callbacks ***/ static int quic_init_ssl(struct quicsocket *qs) @@ -744,7 +764,8 @@ static ngtcp2_callbacks ng_callbacks = { NULL, /* ack_datagram */ NULL, /* lost_datagram */ ngtcp2_crypto_get_path_challenge_data_cb, - cb_stream_stop_sending + cb_stream_stop_sending, + NULL, /* version_negotiation */ }; /* @@ -786,6 +807,10 @@ CURLcode Curl_quic_connect(struct Curl_easy *data, qs->sslctx = quic_ssl_ctx(data); if(!qs->sslctx) return CURLE_QUIC_CONNECT_ERROR; + + result = quic_set_client_cert(data, qs); + if(result) + return result; #endif if(quic_init_ssl(qs)) @@ -842,6 +867,8 @@ static int ng_getsock(struct Curl_easy *data, struct connectdata *conn, { struct SingleRequest *k = &data->req; int bitmap = GETSOCK_BLANK; + struct HTTP *stream = data->req.p.http; + struct quicsocket *qs = conn->quic; socks[0] = conn->sock[FIRSTSOCKET]; @@ -850,7 +877,11 @@ static int ng_getsock(struct Curl_easy *data, struct connectdata *conn, bitmap |= GETSOCK_READSOCK(FIRSTSOCKET); /* we're still uploading or the HTTP/2 layer wants to send data */ - if((k->keepon & (KEEP_SEND|KEEP_SEND_PAUSE)) == KEEP_SEND) + if((k->keepon & (KEEP_SEND|KEEP_SEND_PAUSE)) == KEEP_SEND && + (!stream->h3out || stream->h3out->used < H3_SEND_SIZE) && + ngtcp2_conn_get_cwnd_left(qs->qconn) && + ngtcp2_conn_get_max_data_left(qs->qconn) && + nghttp3_conn_is_stream_writable(qs->h3conn, stream->stream3_id)) bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET); return bitmap; @@ -858,8 +889,26 @@ static int ng_getsock(struct Curl_easy *data, struct connectdata *conn, static void qs_disconnect(struct quicsocket *qs) { + char buffer[NGTCP2_MAX_UDP_PAYLOAD_SIZE]; + ngtcp2_tstamp ts; + ngtcp2_ssize rc; + ngtcp2_connection_close_error errorcode; + if(!qs->conn) /* already closed */ return; + ngtcp2_connection_close_error_set_application_error(&errorcode, + NGHTTP3_H3_NO_ERROR, + NULL, 0); + ts = timestamp(); + rc = ngtcp2_conn_write_connection_close(qs->qconn, NULL, /* path */ + NULL, /* pkt_info */ + (uint8_t *)buffer, sizeof(buffer), + &errorcode, ts); + if(rc > 0) { + while((send(qs->conn->sock[FIRSTSOCKET], buffer, rc, 0) == -1) && + SOCKERRNO == EINTR); + } + qs->conn = NULL; if(qs->qlogfd != -1) { close(qs->qlogfd); @@ -1080,8 +1129,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id, (void)flags; (void)user_data; - if(h3name.len == sizeof(H2H3_PSEUDO_STATUS) - 1 && - !memcmp(H2H3_PSEUDO_STATUS, h3name.base, h3name.len)) { + if(token == NGHTTP3_QPACK_TOKEN__STATUS) { char line[14]; /* status line is always 13 characters long */ size_t ncopy; int status = decode_status_code(h3val.base, h3val.len); @@ -1333,6 +1381,10 @@ static ssize_t cb_h3_readfunction(nghttp3_conn *conn, int64_t stream_id, return 1; } + if(stream->upload_len && H3_SEND_SIZE <= stream->h3out->used) { + return NGHTTP3_ERR_WOULDBLOCK; + } + nread = CURLMIN(stream->upload_len, H3_SEND_SIZE - stream->h3out->used); if(nread > 0) { /* nghttp3 wants us to hold on to the data until it tells us it is okay to @@ -1367,7 +1419,7 @@ static ssize_t cb_h3_readfunction(nghttp3_conn *conn, int64_t stream_id, } if(stream->upload_done && !stream->upload_len && (stream->upload_left <= 0)) { - H3BUGF(infof(data, "!!!!!!!!! cb_h3_readfunction sets EOF")); + H3BUGF(infof(data, "cb_h3_readfunction sets EOF")); *pflags = NGHTTP3_DATA_FLAG_EOF; return nread ? 1 : 0; } @@ -1485,7 +1537,7 @@ static ssize_t ngh3_stream_send(struct Curl_easy *data, size_t len, CURLcode *curlcode) { - ssize_t sent; + ssize_t sent = 0; struct connectdata *conn = data->conn; struct quicsocket *qs = conn->quic; curl_socket_t sockfd = conn->sock[sockindex]; @@ -1497,6 +1549,9 @@ static ssize_t ngh3_stream_send(struct Curl_easy *data, *curlcode = CURLE_SEND_ERROR; return -1; } + /* Assume that mem of length len only includes HTTP/1.1 style + header fields. In other words, it does not contain request + body. */ sent = len; } else { @@ -1506,7 +1561,6 @@ static ssize_t ngh3_stream_send(struct Curl_easy *data, stream->upload_mem = mem; stream->upload_len = len; (void)nghttp3_conn_resume_stream(qs->h3conn, stream->stream3_id); - sent = len; } else { *curlcode = CURLE_AGAIN; @@ -1521,8 +1575,20 @@ static ssize_t ngh3_stream_send(struct Curl_easy *data, /* Reset post upload buffer after resumed. */ if(stream->upload_mem) { + if(data->set.postfields) { + sent = len; + } + else { + sent = len - stream->upload_len; + } + stream->upload_mem = NULL; stream->upload_len = 0; + + if(sent == 0) { + *curlcode = CURLE_AGAIN; + return -1; + } } *curlcode = CURLE_OK; @@ -1653,7 +1719,6 @@ static CURLcode ng_flush_egress(struct Curl_easy *data, uint8_t out[NGTCP2_MAX_UDP_PAYLOAD_SIZE]; ngtcp2_path_storage ps; ngtcp2_tstamp ts = timestamp(); - struct sockaddr_storage remote_addr; ngtcp2_tstamp expiry; ngtcp2_duration timeout; int64_t stream_id; @@ -1742,7 +1807,6 @@ static CURLcode ng_flush_egress(struct Curl_easy *data, } } - memcpy(&remote_addr, ps.path.remote.addr, ps.path.remote.addrlen); while((sent = send(sockfd, (const char *)out, outlen, 0)) == -1 && SOCKERRNO == EINTR) ; @@ -1763,10 +1827,13 @@ static CURLcode ng_flush_egress(struct Curl_easy *data, expiry = ngtcp2_conn_get_expiry(qs->qconn); if(expiry != UINT64_MAX) { if(expiry <= ts) { - timeout = NGTCP2_MILLISECONDS; + timeout = 0; } else { timeout = expiry - ts; + if(timeout % NGTCP2_MILLISECONDS) { + timeout += NGTCP2_MILLISECONDS; + } } Curl_expire(data, timeout / NGTCP2_MILLISECONDS, EXPIRE_QUIC); } @@ -1802,6 +1869,7 @@ void Curl_quic_done(struct Curl_easy *data, bool premature) /* only for HTTP/3 transfers */ struct HTTP *stream = data->req.p.http; Curl_dyn_free(&stream->overflow); + free(stream->h3out); } } diff --git a/contrib/libs/curl/lib/vquic/quiche.c b/contrib/libs/curl/lib/vquic/quiche.c index a545cebdcc..b4665d76db 100644 --- a/contrib/libs/curl/lib/vquic/quiche.c +++ b/contrib/libs/curl/lib/vquic/quiche.c @@ -427,7 +427,7 @@ CURLcode Curl_quic_is_connected(struct Curl_easy *data, if(quiche_conn_is_established(qs->conn)) { *done = TRUE; result = quiche_has_connected(data, conn, 0, sockindex); - DEBUGF(infof(data, "quiche established connection!")); + DEBUGF(infof(data, "quiche established connection")); } return result; @@ -781,7 +781,7 @@ static CURLcode http_request(struct Curl_easy *data, const void *mem, (uint8_t *)data->set.postfields, stream->upload_left, TRUE); if(sent <= 0) { - failf(data, "quiche_h3_send_body failed!"); + failf(data, "quiche_h3_send_body failed"); result = CURLE_SEND_ERROR; } stream->upload_left = 0; /* nothing left to send */ diff --git a/contrib/libs/curl/lib/vssh/libssh.c b/contrib/libs/curl/lib/vssh/libssh.c index 253190c276..127967bc83 100644 --- a/contrib/libs/curl/lib/vssh/libssh.c +++ b/contrib/libs/curl/lib/vssh/libssh.c @@ -105,6 +105,14 @@ } while(0) #endif +/* These stat values may not be the same as the user's S_IFMT / S_IFLNK */ +#ifndef SSH_S_IFMT +#define SSH_S_IFMT 00170000 +#endif +#ifndef SSH_S_IFLNK +#define SSH_S_IFLNK 0120000 +#endif + /* Local functions: */ static CURLcode myssh_connect(struct Curl_easy *data, bool *done); static CURLcode myssh_multi_statemach(struct Curl_easy *data, @@ -1962,6 +1970,10 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) } ssh_disconnect(sshc->ssh_session); + /* conn->sock[FIRSTSOCKET] is closed by ssh_disconnect behind our back, + explicitly mark it as closed with the memdebug macro: */ + fake_sclose(conn->sock[FIRSTSOCKET]); + conn->sock[FIRSTSOCKET] = CURL_SOCKET_BAD; SSH_STRING_FREE_CHAR(sshc->homedir); data->state.most_recent_ftp_entrypath = NULL; @@ -2055,6 +2067,9 @@ static int myssh_getsock(struct Curl_easy *data, if(conn->waitfor & KEEP_SEND) bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET); + if(!conn->waitfor) + bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET); + return bitmap; } @@ -2687,7 +2702,7 @@ static void sftp_quote(struct Curl_easy *data) */ cp = strchr(cmd, ' '); if(!cp) { - failf(data, "Syntax error in SFTP command. Supply parameter(s)!"); + failf(data, "Syntax error in SFTP command. Supply parameter(s)"); state(data, SSH_SFTP_CLOSE); sshc->nextstate = SSH_NO_STATE; sshc->actualcode = CURLE_QUOTE_ERROR; diff --git a/contrib/libs/curl/lib/vssh/libssh2.c b/contrib/libs/curl/lib/vssh/libssh2.c index 9a7b90678c..4f270809af 100644 --- a/contrib/libs/curl/lib/vssh/libssh2.c +++ b/contrib/libs/curl/lib/vssh/libssh2.c @@ -497,7 +497,7 @@ static CURLcode ssh_knownhost(struct Curl_easy *data) break; #endif default: - infof(data, "unsupported key type, can't check knownhosts!"); + infof(data, "unsupported key type, can't check knownhosts"); keybit = 0; break; } @@ -592,7 +592,7 @@ static CURLcode ssh_knownhost(struct Curl_easy *data) LIBSSH2_KNOWNHOST_KEYENC_RAW| keybit, NULL); if(addrc) - infof(data, "Warning adding the known host %s failed!", + infof(data, "WARNING: adding the known host %s failed", conn->host.name); else if(rc == CURLKHSTAT_FINE_ADD_TO_FILE || rc == CURLKHSTAT_FINE_REPLACE) { @@ -603,7 +603,7 @@ static CURLcode ssh_knownhost(struct Curl_easy *data) data->set.str[STRING_SSH_KNOWNHOSTS], LIBSSH2_KNOWNHOST_FILE_OPENSSH); if(wrc) { - infof(data, "Warning, writing %s failed!", + infof(data, "WARNING: writing %s failed", data->set.str[STRING_SSH_KNOWNHOSTS]); } } @@ -694,12 +694,12 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data) * against a known fingerprint, if available. */ if((pub_pos != b64_pos) || - Curl_strncasecompare(fingerprint_b64, pubkey_sha256, pub_pos) != 1) { + strncmp(fingerprint_b64, pubkey_sha256, pub_pos)) { free(fingerprint_b64); failf(data, - "Denied establishing ssh session: mismatch sha256 fingerprint. " - "Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256); + "Denied establishing ssh session: mismatch sha256 fingerprint. " + "Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256); state(data, SSH_SESSION_FREE); sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; return sshc->actualcode; @@ -707,7 +707,7 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data) free(fingerprint_b64); - infof(data, "SHA256 checksum match!"); + infof(data, "SHA256 checksum match"); } if(pubkey_md5) { @@ -727,27 +727,24 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data) infof(data, "SSH MD5 fingerprint: %s", md5buffer); } - /* Before we authenticate we check the hostkey's MD5 fingerprint - * against a known fingerprint, if available. - */ - if(pubkey_md5 && strlen(pubkey_md5) == 32) { - if(!fingerprint || !strcasecompare(md5buffer, pubkey_md5)) { - if(fingerprint) { - failf(data, + /* This does NOT verify the length of 'pubkey_md5' separately, which will + make the comparison below fail unless it is exactly 32 characters */ + if(!fingerprint || !strcasecompare(md5buffer, pubkey_md5)) { + if(fingerprint) { + failf(data, "Denied establishing ssh session: mismatch md5 fingerprint. " "Remote %s is not equal to %s", md5buffer, pubkey_md5); - } - else { - failf(data, + } + else { + failf(data, "Denied establishing ssh session: md5 fingerprint " "not available"); - } - state(data, SSH_SESSION_FREE); - sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; - return sshc->actualcode; } - infof(data, "MD5 checksum match!"); + state(data, SSH_SESSION_FREE); + sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; + return sshc->actualcode; } + infof(data, "MD5 checksum match"); } if(!pubkey_md5 && !pubkey_sha256) { @@ -1470,7 +1467,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) */ cp = strchr(cmd, ' '); if(!cp) { - failf(data, "Syntax error command '%s'. Missing parameter!", + failf(data, "Syntax error command '%s', missing parameter", cmd); state(data, SSH_SFTP_CLOSE); sshc->nextstate = SSH_NO_STATE; @@ -3229,7 +3226,7 @@ static CURLcode ssh_connect(struct Curl_easy *data, bool *done) sshrecv.recvptr = ssh_tls_recv; sshsend.sendptr = ssh_tls_send; - infof(data, "Uses HTTPS proxy!"); + infof(data, "Uses HTTPS proxy"); /* Setup libssh2 callbacks to make it read/write TLS from the socket. diff --git a/contrib/libs/curl/lib/vssh/wolfssh.c b/contrib/libs/curl/lib/vssh/wolfssh.c index 12cc59b2a2..c694343675 100644 --- a/contrib/libs/curl/lib/vssh/wolfssh.c +++ b/contrib/libs/curl/lib/vssh/wolfssh.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2019 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -469,7 +469,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) state(data, SSH_STOP); return CURLE_SSH; } - infof(data, "wolfssh connected!"); + infof(data, "wolfssh connected"); state(data, SSH_STOP); break; case SSH_STOP: @@ -490,7 +490,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) return CURLE_OK; } else if(rc == WS_SUCCESS) { - infof(data, "wolfssh SFTP connected!"); + infof(data, "wolfssh SFTP connected"); state(data, SSH_SFTP_REALPATH); } else { @@ -519,7 +519,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) else { memcpy(sshc->homedir, name->fName, name->fSz); sshc->homedir[name->fSz] = 0; - infof(data, "wolfssh SFTP realpath succeeded!"); + infof(data, "wolfssh SFTP realpath succeeded"); } wolfSSH_SFTPNAME_list_free(name); state(data, SSH_STOP); @@ -617,7 +617,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) return CURLE_OK; } else if(rc == WS_SUCCESS) { - infof(data, "wolfssh SFTP open succeeded!"); + infof(data, "wolfssh SFTP open succeeded"); } else { failf(data, "wolfssh SFTP upload open failed: %d", rc); @@ -728,7 +728,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) return CURLE_OK; } else if(rc == WS_SUCCESS) { - infof(data, "wolfssh SFTP open succeeded!"); + infof(data, "wolfssh SFTP open succeeded"); state(data, SSH_SFTP_DOWNLOAD_STAT); return CURLE_OK; } @@ -754,7 +754,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) return CURLE_OK; } else if(rc == WS_SUCCESS) { - infof(data, "wolfssh STAT succeeded!"); + infof(data, "wolfssh STAT succeeded"); } else { failf(data, "wolfssh SFTP open failed: %d", rc); diff --git a/contrib/libs/curl/lib/vtls/bearssl.c b/contrib/libs/curl/lib/vtls/bearssl.c index 77e22cf3e0..91f4416e8f 100644 --- a/contrib/libs/curl/lib/vtls/bearssl.c +++ b/contrib/libs/curl/lib/vtls/bearssl.c @@ -35,6 +35,7 @@ #include "multiif.h" #include "curl_printf.h" #include "curl_memory.h" +#include "strcase.h" struct x509_context { const br_x509_class *vtable; @@ -353,6 +354,216 @@ static const br_x509_class x509_vtable = { x509_get_pkey }; +struct st_cipher { + const char *name; /* Cipher suite IANA name. It starts with "TLS_" prefix */ + const char *alias_name; /* Alias name is the same as OpenSSL cipher name */ + uint16_t num; /* BearSSL cipher suite */ +}; + +/* Macro to initialize st_cipher data structure */ +#define CIPHER_DEF(num, alias) { #num, alias, BR_##num } + +static const struct st_cipher ciphertable[] = { + /* RFC 2246 TLS 1.0 */ + CIPHER_DEF(TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* 0x000A */ + "DES-CBC3-SHA"), + + /* RFC 3268 TLS 1.0 AES */ + CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA, /* 0x002F */ + "AES128-SHA"), + CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA, /* 0x0035 */ + "AES256-SHA"), + + /* RFC 5246 TLS 1.2 */ + CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA256, /* 0x003C */ + "AES128-SHA256"), + CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA256, /* 0x003D */ + "AES256-SHA256"), + + /* RFC 5288 TLS 1.2 AES GCM */ + CIPHER_DEF(TLS_RSA_WITH_AES_128_GCM_SHA256, /* 0x009C */ + "AES128-GCM-SHA256"), + CIPHER_DEF(TLS_RSA_WITH_AES_256_GCM_SHA384, /* 0x009D */ + "AES256-GCM-SHA384"), + + /* RFC 4492 TLS 1.0 ECC */ + CIPHER_DEF(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC003 */ + "ECDH-ECDSA-DES-CBC3-SHA"), + CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC004 */ + "ECDH-ECDSA-AES128-SHA"), + CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC005 */ + "ECDH-ECDSA-AES256-SHA"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC008 */ + "ECDHE-ECDSA-DES-CBC3-SHA"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC009 */ + "ECDHE-ECDSA-AES128-SHA"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC00A */ + "ECDHE-ECDSA-AES256-SHA"), + CIPHER_DEF(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC00D */ + "ECDH-RSA-DES-CBC3-SHA"), + CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, /* 0xC00E */ + "ECDH-RSA-AES128-SHA"), + CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, /* 0xC00F */ + "ECDH-RSA-AES256-SHA"), + CIPHER_DEF(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC012 */ + "ECDHE-RSA-DES-CBC3-SHA"), + CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, /* 0xC013 */ + "ECDHE-RSA-AES128-SHA"), + CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, /* 0xC014 */ + "ECDHE-RSA-AES256-SHA"), + + /* RFC 5289 TLS 1.2 ECC HMAC SHA256/384 */ + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC023 */ + "ECDHE-ECDSA-AES128-SHA256"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC024 */ + "ECDHE-ECDSA-AES256-SHA384"), + CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC025 */ + "ECDH-ECDSA-AES128-SHA256"), + CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC026 */ + "ECDH-ECDSA-AES256-SHA384"), + CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, /* 0xC027 */ + "ECDHE-RSA-AES128-SHA256"), + CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, /* 0xC028 */ + "ECDHE-RSA-AES256-SHA384"), + CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, /* 0xC029 */ + "ECDH-RSA-AES128-SHA256"), + CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, /* 0xC02A */ + "ECDH-RSA-AES256-SHA384"), + + /* RFC 5289 TLS 1.2 GCM */ + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02B */ + "ECDHE-ECDSA-AES128-GCM-SHA256"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02C */ + "ECDHE-ECDSA-AES256-GCM-SHA384"), + CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02D */ + "ECDH-ECDSA-AES128-GCM-SHA256"), + CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02E */ + "ECDH-ECDSA-AES256-GCM-SHA384"), + CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, /* 0xC02F */ + "ECDHE-RSA-AES128-GCM-SHA256"), + CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, /* 0xC030 */ + "ECDHE-RSA-AES256-GCM-SHA384"), + CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, /* 0xC031 */ + "ECDH-RSA-AES128-GCM-SHA256"), + CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, /* 0xC032 */ + "ECDH-RSA-AES256-GCM-SHA384"), +#ifdef BR_TLS_RSA_WITH_AES_128_CCM + + /* RFC 6655 TLS 1.2 CCM + Supported since BearSSL 0.6 */ + CIPHER_DEF(TLS_RSA_WITH_AES_128_CCM, /* 0xC09C */ + "AES128-CCM"), + CIPHER_DEF(TLS_RSA_WITH_AES_256_CCM, /* 0xC09D */ + "AES256-CCM"), + CIPHER_DEF(TLS_RSA_WITH_AES_128_CCM_8, /* 0xC0A0 */ + "AES128-CCM8"), + CIPHER_DEF(TLS_RSA_WITH_AES_256_CCM_8, /* 0xC0A1 */ + "AES256-CCM8"), + + /* RFC 7251 TLS 1.2 ECC CCM + Supported since BearSSL 0.6 */ + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CCM, /* 0xC0AC */ + "ECDHE-ECDSA-AES128-CCM"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CCM, /* 0xC0AD */ + "ECDHE-ECDSA-AES256-CCM"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, /* 0xC0AE */ + "ECDHE-ECDSA-AES128-CCM8"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, /* 0xC0AF */ + "ECDHE-ECDSA-AES256-CCM8"), +#endif + + /* RFC 7905 TLS 1.2 ChaCha20-Poly1305 + Supported since BearSSL 0.2 */ + CIPHER_DEF(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */ + "ECDHE-RSA-CHACHA20-POLY1305"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */ + "ECDHE-ECDSA-CHACHA20-POLY1305"), +}; + +#define NUM_OF_CIPHERS (sizeof(ciphertable) / sizeof(ciphertable[0])) +#define CIPHER_NAME_BUF_LEN 64 + +static bool is_separator(char c) +{ + /* Return whether character is a cipher list separator. */ + switch(c) { + case ' ': + case '\t': + case ':': + case ',': + case ';': + return true; + } + return false; +} + +static CURLcode bearssl_set_selected_ciphers(struct Curl_easy *data, + br_ssl_engine_context *ssl_eng, + const char *ciphers) +{ + uint16_t selected_ciphers[NUM_OF_CIPHERS]; + size_t selected_count = 0; + char cipher_name[CIPHER_NAME_BUF_LEN]; + const char *cipher_start = ciphers; + const char *cipher_end; + size_t i, j; + + if(!cipher_start) + return CURLE_SSL_CIPHER; + + while(true) { + /* Extract the next cipher name from the ciphers string */ + while(is_separator(*cipher_start)) + ++cipher_start; + if(*cipher_start == '\0') + break; + cipher_end = cipher_start; + while(*cipher_end != '\0' && !is_separator(*cipher_end)) + ++cipher_end; + j = cipher_end - cipher_start < CIPHER_NAME_BUF_LEN - 1 ? + cipher_end - cipher_start : CIPHER_NAME_BUF_LEN - 1; + strncpy(cipher_name, cipher_start, j); + cipher_name[j] = '\0'; + cipher_start = cipher_end; + + /* Lookup the cipher name in the table of available ciphers. If the cipher + name starts with "TLS_" we do the lookup by IANA name. Otherwise, we try + to match cipher name by an (OpenSSL) alias. */ + if(strncasecompare(cipher_name, "TLS_", 4)) { + for(i = 0; i < NUM_OF_CIPHERS && + !strcasecompare(cipher_name, ciphertable[i].name); ++i); + } + else { + for(i = 0; i < NUM_OF_CIPHERS && + !strcasecompare(cipher_name, ciphertable[i].alias_name); ++i); + } + if(i == NUM_OF_CIPHERS) { + infof(data, "BearSSL: unknown cipher in list: %s", cipher_name); + continue; + } + + /* No duplicates allowed */ + for(j = 0; j < selected_count && + selected_ciphers[j] != ciphertable[i].num; j++); + if(j < selected_count) { + infof(data, "BearSSL: duplicate cipher in list: %s", cipher_name); + continue; + } + + DEBUGASSERT(selected_count < NUM_OF_CIPHERS); + selected_ciphers[selected_count] = ciphertable[i].num; + ++selected_count; + } + + if(selected_count == 0) { + failf(data, "BearSSL: no supported cipher in list"); + return CURLE_SSL_CIPHER; + } + + br_ssl_engine_set_suites(ssl_eng, selected_ciphers, selected_count); + return CURLE_OK; +} + static CURLcode bearssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, int sockindex) { @@ -446,6 +657,15 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data, br_ssl_engine_set_buffer(&backend->ctx.eng, backend->buf, sizeof(backend->buf), 1); + if(SSL_CONN_CONFIG(cipher_list)) { + /* Override the ciphers as specified. For the default cipher list see the + BearSSL source code of br_ssl_client_init_full() */ + ret = bearssl_set_selected_ciphers(data, &backend->ctx.eng, + SSL_CONN_CONFIG(cipher_list)); + if(ret) + return ret; + } + /* initialize X.509 context */ backend->x509.vtable = &x509_vtable; backend->x509.verifypeer = verifypeer; @@ -478,12 +698,12 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data, #endif ) { backend->protocols[cur++] = ALPN_H2; - infof(data, "ALPN, offering %s", ALPN_H2); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2); } #endif backend->protocols[cur++] = ALPN_HTTP_1_1; - infof(data, "ALPN, offering %s", ALPN_HTTP_1_1); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); br_ssl_engine_set_protocol_names(&backend->ctx.eng, backend->protocols, cur); @@ -510,6 +730,18 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data, hostname = snihost; } + /* give application a chance to interfere with SSL set up. */ + if(data->set.ssl.fsslctx) { + Curl_set_in_callback(data, true); + ret = (*data->set.ssl.fsslctx)(data, &backend->ctx, + data->set.ssl.fsslctxp); + Curl_set_in_callback(data, false); + if(ret) { + failf(data, "BearSSL: error signaled by ssl ctx callback"); + return ret; + } + } + if(!br_ssl_client_reset(&backend->ctx, hostname, 1)) return CURLE_FAILED_INIT; backend->active = TRUE; @@ -637,7 +869,7 @@ static CURLcode bearssl_connect_step3(struct Curl_easy *data, protocol = br_ssl_engine_get_selected_protocol(&backend->ctx.eng); if(protocol) { - infof(data, "ALPN, server accepted to use %s", protocol); + infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, protocol); #ifdef USE_HTTP2 if(!strcmp(protocol, ALPN_H2)) @@ -652,7 +884,7 @@ static CURLcode bearssl_connect_step3(struct Curl_easy *data, BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); } else - infof(data, "ALPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); } if(SSL_SET_OPTION(primary.sessionid)) { @@ -950,7 +1182,7 @@ static CURLcode bearssl_sha256sum(const unsigned char *input, const struct Curl_ssl Curl_ssl_bearssl = { { CURLSSLBACKEND_BEARSSL, "bearssl" }, /* info */ - SSLSUPP_CAINFO_BLOB, + SSLSUPP_CAINFO_BLOB | SSLSUPP_SSL_CTX, sizeof(struct ssl_backend_data), Curl_none_init, /* init */ diff --git a/contrib/libs/curl/lib/vtls/gskit.c b/contrib/libs/curl/lib/vtls/gskit.c index 56d48497db..9b5fbe4dd6 100644 --- a/contrib/libs/curl/lib/vtls/gskit.c +++ b/contrib/libs/curl/lib/vtls/gskit.c @@ -74,6 +74,7 @@ #include "connect.h" /* for the connect timeout */ #include "select.h" #include "strcase.h" +#include "timediff.h" #include "x509asn1.h" #include "curl_printf.h" @@ -449,8 +450,7 @@ static CURLcode set_ciphers(struct Curl_easy *data, static int gskit_init(void) { - /* No initialisation needed. */ - + /* No initialization needed. */ return 1; } @@ -976,11 +976,12 @@ static CURLcode gskit_connect_step2(struct Curl_easy *data, for(;;) { timediff_t timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE); + stmv.tv_sec = 0; + stmv.tv_usec = 0; if(timeout_ms < 0) timeout_ms = 0; - stmv.tv_sec = timeout_ms / 1000; - stmv.tv_usec = (timeout_ms - stmv.tv_sec * 1000) * 1000; - switch(QsoWaitForIOCompletion(BACKEND->iocport, &cstat, &stmv)) { + switch(QsoWaitForIOCompletion(BACKEND->iocport, &cstat, + curlx_mstotv(&stmv, timeout_ms))) { case 1: /* Operation complete. */ break; case -1: /* An error occurred: handshake still in progress. */ @@ -1095,7 +1096,7 @@ static CURLcode gskit_connect_step3(struct Curl_easy *data, p = &x509.subjectPublicKeyInfo; result = Curl_pin_peer_pubkey(data, ptr, p->header, p->end - p->header); if(result) { - failf(data, "SSL: public key does not match pinned public key!"); + failf(data, "SSL: public key does not match pinned public key"); return result; } } diff --git a/contrib/libs/curl/lib/vtls/gtls.c b/contrib/libs/curl/lib/vtls/gtls.c index 57493767e5..0535011911 100644 --- a/contrib/libs/curl/lib/vtls/gtls.c +++ b/contrib/libs/curl/lib/vtls/gtls.c @@ -55,6 +55,14 @@ /* The last #include file should be: */ #include "memdebug.h" +#ifdef HAVE_GNUTLS_SRP +/* the function exists */ +#ifdef USE_TLS_SRP +/* the functionality is not disabled */ +#define USE_GNUTLS_SRP +#endif +#endif + /* Enable GnuTLS debugging by defining GTLSDEBUG */ /*#define GTLSDEBUG */ @@ -75,7 +83,7 @@ static bool gtls_inited = FALSE; struct ssl_backend_data { gnutls_session_t session; gnutls_certificate_credentials_t cred; -#ifdef HAVE_GNUTLS_SRP +#ifdef USE_GNUTLS_SRP gnutls_srp_client_credentials_t srp_client_cred; #endif }; @@ -436,12 +444,12 @@ gtls_connect_step1(struct Curl_easy *data, return CURLE_SSL_CONNECT_ERROR; } -#ifdef HAVE_GNUTLS_SRP - if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) { +#ifdef USE_GNUTLS_SRP + if((SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) && + Curl_allow_auth_to_host(data)) { infof(data, "Using TLS-SRP username: %s", SSL_SET_OPTION(username)); - rc = gnutls_srp_allocate_client_credentials( - &backend->srp_client_cred); + rc = gnutls_srp_allocate_client_credentials(&backend->srp_client_cred); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_srp_allocate_client_cred() failed: %s", gnutls_strerror(rc)); @@ -587,7 +595,7 @@ gtls_connect_step1(struct Curl_easy *data, if(result) return result; -#ifdef HAVE_GNUTLS_SRP +#ifdef USE_GNUTLS_SRP /* Only add SRP to the cipher list if SRP is requested. Otherwise * GnuTLS will disable TLS 1.3 support. */ if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) { @@ -609,7 +617,7 @@ gtls_connect_step1(struct Curl_easy *data, #endif infof(data, "GnuTLS ciphers: %s", prioritylist); rc = gnutls_priority_set_direct(session, prioritylist, &err); -#ifdef HAVE_GNUTLS_SRP +#ifdef USE_GNUTLS_SRP } #endif @@ -632,14 +640,14 @@ gtls_connect_step1(struct Curl_easy *data, protocols[cur].data = (unsigned char *)ALPN_H2; protocols[cur].size = ALPN_H2_LENGTH; cur++; - infof(data, "ALPN, offering %.*s", ALPN_H2_LENGTH, ALPN_H2); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2); } #endif protocols[cur].data = (unsigned char *)ALPN_HTTP_1_1; protocols[cur].size = ALPN_HTTP_1_1_LENGTH; cur++; - infof(data, "ALPN, offering %s", ALPN_HTTP_1_1); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); if(gnutls_alpn_set_protocols(session, protocols, cur, 0)) { failf(data, "failed setting ALPN"); @@ -683,7 +691,7 @@ gtls_connect_step1(struct Curl_easy *data, } } -#ifdef HAVE_GNUTLS_SRP +#ifdef USE_GNUTLS_SRP /* put the credentials to the current session */ if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) { rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP, @@ -866,7 +874,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data, if(SSL_CONN_CONFIG(verifypeer) || SSL_CONN_CONFIG(verifyhost) || SSL_CONN_CONFIG(issuercert)) { -#ifdef HAVE_GNUTLS_SRP +#ifdef USE_GNUTLS_SRP if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP && SSL_SET_OPTION(username) != NULL && !SSL_CONN_CONFIG(verifypeer) @@ -879,7 +887,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data, failf(data, "failed to get server cert"); *certverifyresult = GNUTLS_E_NO_CERTIFICATE_FOUND; return CURLE_PEER_FAILED_VERIFICATION; -#ifdef HAVE_GNUTLS_SRP +#ifdef USE_GNUTLS_SRP } #endif } @@ -1198,7 +1206,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data, if(ptr) { result = pkp_pin_peer_pubkey(data, x509_cert, ptr); if(result != CURLE_OK) { - failf(data, "SSL: public key does not match pinned public key!"); + failf(data, "SSL: public key does not match pinned public key"); gnutls_x509_crt_deinit(x509_cert); return result; } @@ -1255,8 +1263,8 @@ Curl_gtls_verifyserver(struct Curl_easy *data, if(conn->bits.tls_enable_alpn) { rc = gnutls_alpn_get_selected_protocol(session, &proto); if(rc == 0) { - infof(data, "ALPN, server accepted to use %.*s", proto.size, - proto.data); + infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, proto.size, + proto.data); #ifdef USE_HTTP2 if(proto.size == ALPN_H2_LENGTH && @@ -1272,7 +1280,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data, } } else - infof(data, "ALPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ? BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); @@ -1469,7 +1477,7 @@ static void close_one(struct ssl_connect_data *connssl) gnutls_certificate_free_credentials(backend->cred); backend->cred = NULL; } -#ifdef HAVE_GNUTLS_SRP +#ifdef USE_GNUTLS_SRP if(backend->srp_client_cred) { gnutls_srp_free_client_credentials(backend->srp_client_cred); backend->srp_client_cred = NULL; @@ -1555,7 +1563,7 @@ static int gtls_shutdown(struct Curl_easy *data, struct connectdata *conn, } gnutls_certificate_free_credentials(backend->cred); -#ifdef HAVE_GNUTLS_SRP +#ifdef USE_GNUTLS_SRP if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP && SSL_SET_OPTION(username) != NULL) gnutls_srp_free_client_credentials(backend->srp_client_cred); diff --git a/contrib/libs/curl/lib/vtls/mbedtls.c b/contrib/libs/curl/lib/vtls/mbedtls.c index d59ad92581..a1ab6b42c9 100644 --- a/contrib/libs/curl/lib/vtls/mbedtls.c +++ b/contrib/libs/curl/lib/vtls/mbedtls.c @@ -70,11 +70,18 @@ #include "curl_memory.h" #include "memdebug.h" +/* ALPN for http2 */ +#ifdef USE_HTTP2 +# undef HAS_ALPN +# ifdef MBEDTLS_SSL_ALPN +# define HAS_ALPN +# endif +#endif + struct ssl_backend_data { mbedtls_ctr_drbg_context ctr_drbg; mbedtls_entropy_context entropy; mbedtls_ssl_context ssl; - int server_fd; mbedtls_x509_crt cacert; mbedtls_x509_crt clicert; #ifdef MBEDTLS_X509_CRL_PARSE_C @@ -82,7 +89,9 @@ struct ssl_backend_data { #endif mbedtls_pk_context pk; mbedtls_ssl_config config; +#ifdef HAS_ALPN const char *protocols[3]; +#endif }; /* apply threading? */ @@ -144,15 +153,6 @@ static void mbed_debug(void *context, int level, const char *f_name, #else #endif -/* ALPN for http2? */ -#ifdef USE_NGHTTP2 -# undef HAS_ALPN -# ifdef MBEDTLS_SSL_ALPN -# define HAS_ALPN -# endif -#endif - - /* * profile */ @@ -614,9 +614,9 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, #ifdef HAS_ALPN if(conn->bits.tls_enable_alpn) { const char **p = &backend->protocols[0]; -#ifdef USE_NGHTTP2 +#ifdef USE_HTTP2 if(data->state.httpwant >= CURL_HTTP_VERSION_2) - *p++ = NGHTTP2_PROTO_VERSION_ID; + *p++ = ALPN_H2; #endif *p++ = ALPN_HTTP_1_1; *p = NULL; @@ -628,7 +628,7 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, return CURLE_SSL_CONNECT_ERROR; } for(p = &backend->protocols[0]; *p; ++p) - infof(data, "ALPN, offering %s", *p); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, *p); } #endif @@ -813,11 +813,10 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn, const char *next_protocol = mbedtls_ssl_get_alpn_protocol(&backend->ssl); if(next_protocol) { - infof(data, "ALPN, server accepted to use %s", next_protocol); -#ifdef USE_NGHTTP2 - if(!strncmp(next_protocol, NGHTTP2_PROTO_VERSION_ID, - NGHTTP2_PROTO_VERSION_ID_LEN) && - !next_protocol[NGHTTP2_PROTO_VERSION_ID_LEN]) { + infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, next_protocol); +#ifdef USE_HTTP2 + if(!strncmp(next_protocol, ALPN_H2, ALPN_H2_LEN) && + !next_protocol[ALPN_H2_LEN]) { conn->negnpn = CURL_HTTP_VERSION_2; } else @@ -828,7 +827,7 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn, } } else { - infof(data, "ALPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); } Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ? BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); diff --git a/contrib/libs/curl/lib/vtls/nss.c b/contrib/libs/curl/lib/vtls/nss.c index 558e3bed39..5b7de9f818 100644 --- a/contrib/libs/curl/lib/vtls/nss.c +++ b/contrib/libs/curl/lib/vtls/nss.c @@ -434,7 +434,7 @@ static char *dup_nickname(struct Curl_easy *data, const char *str) /* search the first slash; we require at least one slash in a file name */ n = strchr(str, '/'); if(!n) { - infof(data, "warning: certificate file name \"%s\" handled as nickname; " + infof(data, "WARNING: certificate file name \"%s\" handled as nickname; " "please use \"./%s\" to force file name", str, str); return strdup(str); } @@ -862,11 +862,11 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg) #endif case SSL_NEXT_PROTO_NO_SUPPORT: case SSL_NEXT_PROTO_NO_OVERLAP: - infof(data, "ALPN/NPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); return; #ifdef SSL_ENABLE_ALPN case SSL_NEXT_PROTO_SELECTED: - infof(data, "ALPN, server accepted to use %.*s", buflen, buf); + infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, buflen, buf); break; #endif case SSL_NEXT_PROTO_NEGOTIATED: @@ -874,7 +874,7 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg) break; } -#ifdef USE_NGHTTP2 +#ifdef USE_HTTP2 if(buflen == ALPN_H2_LENGTH && !memcmp(ALPN_H2, buf, ALPN_H2_LENGTH)) { conn->negnpn = CURL_HTTP_VERSION_2; @@ -1146,7 +1146,7 @@ static CURLcode cmp_peer_pubkey(struct ssl_connect_data *connssl, /* report the resulting status */ switch(result) { case CURLE_OK: - infof(data, "pinned public key verified successfully!"); + infof(data, "pinned public key verified successfully"); break; case CURLE_SSL_PINNEDPUBKEYNOTMATCH: failf(data, "failed to verify pinned public key"); @@ -1748,7 +1748,7 @@ static CURLcode nss_load_ca_certificates(struct Curl_easy *data, PR_CloseDir(dir); } else - infof(data, "warning: CURLOPT_CAPATH not a directory (%s)", capath); + infof(data, "WARNING: CURLOPT_CAPATH not a directory (%s)", capath); } return CURLE_OK; @@ -1985,11 +1985,11 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, /* unless the user explicitly asks to allow the protocol vulnerability, we use the work-around */ if(SSL_OptionSet(model, SSL_CBC_RANDOM_IV, ssl_cbc_random_iv) != SECSuccess) - infof(data, "warning: failed to set SSL_CBC_RANDOM_IV = %d", + infof(data, "WARNING: failed to set SSL_CBC_RANDOM_IV = %d", ssl_cbc_random_iv); #else if(ssl_cbc_random_iv) - infof(data, "warning: support for SSL_CBC_RANDOM_IV not compiled in"); + infof(data, "WARNING: support for SSL_CBC_RANDOM_IV not compiled in"); #endif if(SSL_CONN_CONFIG(cipher_list)) { @@ -2000,7 +2000,7 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, } if(!SSL_CONN_CONFIG(verifypeer) && SSL_CONN_CONFIG(verifyhost)) - infof(data, "warning: ignoring value of ssl.verifyhost"); + infof(data, "WARNING: ignoring value of ssl.verifyhost"); /* bypass the default SSL_AuthCertificate() hook in case we do not want to * verify peer */ @@ -2020,7 +2020,7 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, const CURLcode rv = nss_load_ca_certificates(data, conn, sockindex); if((rv == CURLE_SSL_CACERT_BADFILE) && !SSL_CONN_CONFIG(verifypeer)) /* not a fatal error because we are not going to verify the peer */ - infof(data, "warning: CA certificates failed to load"); + infof(data, "WARNING: CA certificates failed to load"); else if(rv) { result = rv; goto error; diff --git a/contrib/libs/curl/lib/vtls/openssl.c b/contrib/libs/curl/lib/vtls/openssl.c index d3ed3e7ba0..f15ac28a76 100644 --- a/contrib/libs/curl/lib/vtls/openssl.c +++ b/contrib/libs/curl/lib/vtls/openssl.c @@ -208,9 +208,18 @@ !defined(OPENSSL_IS_BORINGSSL)) #define HAVE_SSL_CTX_SET_CIPHERSUITES #define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH -/* SET_EC_CURVES is available under the same preconditions: see - * https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html +#endif + +/* + * Whether SSL_CTX_set1_curves_list is available. + * OpenSSL: supported since 1.0.2, see + * https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html + * BoringSSL: supported since 5fd1807d95f7 (committed 2016-09-30) + * LibreSSL: not tested. */ +#if ((OPENSSL_VERSION_NUMBER >= 0x10002000L) && \ + !defined(LIBRESSL_VERSION_NUMBER)) || \ + defined(OPENSSL_IS_BORINGSSL) #define HAVE_SSL_CTX_SET_EC_CURVES #endif @@ -548,7 +557,7 @@ static CURLcode ossl_seed(struct Curl_easy *data) } } - infof(data, "libcurl is now using a weak random seed!"); + infof(data, "libcurl is now using a weak random seed"); return (rand_enough() ? CURLE_OK : CURLE_SSL_CONNECT_ERROR /* confusing error code */); #endif @@ -1158,6 +1167,22 @@ int cert_stuff(struct Curl_easy *data, return 1; } +CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data, SSL_CTX *ctx, + char *cert_file, + const struct curl_blob *cert_blob, + const char *cert_type, char *key_file, + const struct curl_blob *key_blob, + const char *key_type, char *key_passwd) +{ + int rv = cert_stuff(data, ctx, cert_file, cert_blob, cert_type, key_file, + key_blob, key_type, key_passwd); + if(rv != 1) { + return CURLE_SSL_CERTPROBLEM; + } + + return CURLE_OK; +} + /* returns non-zero on failure */ static int x509_name_oneline(X509_NAME *a, char *buf, size_t size) { @@ -1902,6 +1927,11 @@ static CURLcode verifystatus(struct Curl_easy *data, } ch = SSL_get_peer_cert_chain(backend->handle); + if(!ch) { + failf(data, "Could not get peer certificate chain"); + result = CURLE_SSL_INVALIDCERTSTATUS; + goto end; + } st = SSL_CTX_get_cert_store(backend->ctx); #if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \ @@ -2821,14 +2851,14 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, memcpy(&protocols[cur], ALPN_H2, ALPN_H2_LENGTH); cur += ALPN_H2_LENGTH; - infof(data, "ALPN, offering %s", ALPN_H2); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2); } #endif protocols[cur++] = ALPN_HTTP_1_1_LENGTH; memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH); cur += ALPN_HTTP_1_1_LENGTH; - infof(data, "ALPN, offering %s", ALPN_HTTP_1_1); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); /* expects length prefixed preference ordered list of protocols in wire * format @@ -2894,7 +2924,8 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, #endif #ifdef USE_OPENSSL_SRP - if(ssl_authtype == CURL_TLSAUTH_SRP) { + if((ssl_authtype == CURL_TLSAUTH_SRP) && + Curl_allow_auth_to_host(data)) { char * const ssl_username = SSL_SET_OPTION(username); infof(data, "Using TLS-SRP username: %s", ssl_username); @@ -3201,7 +3232,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, SSL_free(backend->handle); backend->handle = SSL_new(backend->ctx); if(!backend->handle) { - failf(data, "SSL: couldn't create a context (handle)!"); + failf(data, "SSL: couldn't create a context (handle)"); return CURLE_OUT_OF_MEMORY; } @@ -3427,7 +3458,7 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data, unsigned int len; SSL_get0_alpn_selected(backend->handle, &neg_protocol, &len); if(len) { - infof(data, "ALPN, server accepted to use %.*s", len, neg_protocol); + infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, len, neg_protocol); #ifdef USE_HTTP2 if(len == ALPN_H2_LENGTH && @@ -3442,7 +3473,7 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data, } } else - infof(data, "ALPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ? BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); @@ -3892,7 +3923,7 @@ static CURLcode servercert(struct Curl_easy *data, if(!strict) return CURLE_OK; - failf(data, "SSL: couldn't get peer certificate!"); + failf(data, "SSL: couldn't get peer certificate"); return CURLE_PEER_FAILED_VERIFICATION; } @@ -3932,7 +3963,7 @@ static CURLcode servercert(struct Curl_easy *data, buffer, sizeof(buffer)); if(rc) { if(strict) - failf(data, "SSL: couldn't get X509-issuer name!"); + failf(data, "SSL: couldn't get X509-issuer name"); result = CURLE_PEER_FAILED_VERIFICATION; } else { @@ -4050,7 +4081,7 @@ static CURLcode servercert(struct Curl_easy *data, if(!result && ptr) { result = pkp_pin_peer_pubkey(data, backend->server_cert, ptr); if(result) - failf(data, "SSL: public key does not match pinned public key!"); + failf(data, "SSL: public key does not match pinned public key"); } X509_free(backend->server_cert); diff --git a/contrib/libs/curl/lib/vtls/openssl.h b/contrib/libs/curl/lib/vtls/openssl.h index 7df642bc9a..0a7536ea3e 100644 --- a/contrib/libs/curl/lib/vtls/openssl.h +++ b/contrib/libs/curl/lib/vtls/openssl.h @@ -43,5 +43,13 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, struct x509_st *server_cert); extern const struct Curl_ssl Curl_ssl_openssl; +struct ssl_ctx_st; +CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data, + struct ssl_ctx_st *ctx, char *cert_file, + const struct curl_blob *cert_blob, + const char *cert_type, char *key_file, + const struct curl_blob *key_blob, + const char *key_type, char *key_passwd); + #endif /* USE_OPENSSL */ #endif /* HEADER_CURL_SSLUSE_H */ diff --git a/contrib/libs/curl/lib/vtls/rustls.c b/contrib/libs/curl/lib/vtls/rustls.c index 0e651aed9d..16970b7c36 100644 --- a/contrib/libs/curl/lib/vtls/rustls.c +++ b/contrib/libs/curl/lib/vtls/rustls.c @@ -325,12 +325,12 @@ cr_init_backend(struct Curl_easy *data, struct connectdata *conn, config_builder = rustls_client_config_builder_new(); #ifdef USE_HTTP2 - infof(data, "offering ALPN for HTTP/1.1 and HTTP/2"); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2); rustls_client_config_builder_set_alpn_protocols(config_builder, alpn, 2); #else - infof(data, "offering ALPN for HTTP/1.1 only"); rustls_client_config_builder_set_alpn_protocols(config_builder, alpn, 1); #endif + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); if(!verifypeer) { rustls_client_config_builder_dangerous_set_certificate_verifier( config_builder, cr_verify_none); @@ -406,20 +406,20 @@ cr_set_negotiated_alpn(struct Curl_easy *data, struct connectdata *conn, rustls_connection_get_alpn_protocol(rconn, &protocol, &len); if(!protocol) { - infof(data, "ALPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); return; } #ifdef USE_HTTP2 if(len == ALPN_H2_LENGTH && 0 == memcmp(ALPN_H2, protocol, len)) { - infof(data, "ALPN, negotiated h2"); + infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, ALPN_H2); conn->negnpn = CURL_HTTP_VERSION_2; } else #endif if(len == ALPN_HTTP_1_1_LENGTH && 0 == memcmp(ALPN_HTTP_1_1, protocol, len)) { - infof(data, "ALPN, negotiated http/1.1"); + infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, ALPN_HTTP_1_1); conn->negnpn = CURL_HTTP_VERSION_1_1; } else { diff --git a/contrib/libs/curl/lib/vtls/schannel.c b/contrib/libs/curl/lib/vtls/schannel.c index 04c8f3b6cf..dfec66d51f 100644 --- a/contrib/libs/curl/lib/vtls/schannel.c +++ b/contrib/libs/curl/lib/vtls/schannel.c @@ -908,14 +908,14 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn, alpn_buffer[cur++] = ALPN_H2_LENGTH; memcpy(&alpn_buffer[cur], ALPN_H2, ALPN_H2_LENGTH); cur += ALPN_H2_LENGTH; - infof(data, "schannel: ALPN, offering %s", ALPN_H2); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2); } #endif alpn_buffer[cur++] = ALPN_HTTP_1_1_LENGTH; memcpy(&alpn_buffer[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH); cur += ALPN_HTTP_1_1_LENGTH; - infof(data, "schannel: ALPN, offering %s", ALPN_HTTP_1_1); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); *list_len = curlx_uitous(cur - list_start_index); *extension_len = *list_len + sizeof(unsigned int) + sizeof(unsigned short); @@ -1286,7 +1286,7 @@ schannel_connect_step2(struct Curl_easy *data, struct connectdata *conn, if(pubkey_ptr) { result = pkp_pin_peer_pubkey(data, conn, sockindex, pubkey_ptr); if(result) { - failf(data, "SSL: public key does not match pinned public key!"); + failf(data, "SSL: public key does not match pinned public key"); return result; } } @@ -1416,7 +1416,7 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn, if(alpn_result.ProtoNegoStatus == SecApplicationProtocolNegotiationStatus_Success) { - infof(data, "schannel: ALPN, server accepted to use %.*s", + infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, alpn_result.ProtocolIdSize, alpn_result.ProtocolId); #ifdef USE_HTTP2 @@ -1433,7 +1433,7 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn, } } else - infof(data, "ALPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ? BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); } @@ -2371,7 +2371,7 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, (const unsigned char *)pubkey->header, (size_t)(pubkey->end - pubkey->header)); if(result) { - failf(data, "SSL: public key does not match pinned public key!"); + failf(data, "SSL: public key does not match pinned public key"); } } while(0); diff --git a/contrib/libs/curl/lib/vtls/schannel_verify.c b/contrib/libs/curl/lib/vtls/schannel_verify.c index 202a814cd9..4dc2d14e56 100644 --- a/contrib/libs/curl/lib/vtls/schannel_verify.c +++ b/contrib/libs/curl/lib/vtls/schannel_verify.c @@ -286,7 +286,6 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store, goto cleanup; } - result = CURLE_OK; while(total_bytes_read < ca_file_bufsize) { DWORD bytes_to_read = (DWORD)(ca_file_bufsize - total_bytes_read); DWORD bytes_read = 0; @@ -313,9 +312,6 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store, /* Null terminate the buffer */ ca_file_buffer[ca_file_bufsize] = '\0'; - if(result != CURLE_OK) { - goto cleanup; - } result = add_certs_data_to_store(trust_store, ca_file_buffer, ca_file_bufsize, ca_file, diff --git a/contrib/libs/curl/lib/vtls/sectransp.c b/contrib/libs/curl/lib/vtls/sectransp.c index b2e1727278..8ee8fe997f 100644 --- a/contrib/libs/curl/lib/vtls/sectransp.c +++ b/contrib/libs/curl/lib/vtls/sectransp.c @@ -938,9 +938,9 @@ static OSStatus SocketWrite(SSLConnectionRef connection, #ifndef CURL_DISABLE_VERBOSE_STRINGS CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher) { - /* The first ciphers in the ciphertable are continuos. Here we do small + /* The first ciphers in the ciphertable are continuous. Here we do small optimization and instead of loop directly get SSL name by cipher number. - */ + */ if(cipher <= SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA) { return ciphertable[cipher].name; } @@ -1701,7 +1701,7 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data, CFRelease(backend->ssl_ctx); backend->ssl_ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType); if(!backend->ssl_ctx) { - failf(data, "SSL: couldn't create a context!"); + failf(data, "SSL: couldn't create a context"); return CURLE_OUT_OF_MEMORY; } } @@ -1851,12 +1851,12 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data, #endif ) { CFArrayAppendValue(alpnArr, CFSTR(ALPN_H2)); - infof(data, "ALPN, offering %s", ALPN_H2); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2); } #endif CFArrayAppendValue(alpnArr, CFSTR(ALPN_HTTP_1_1)); - infof(data, "ALPN, offering %s", ALPN_HTTP_1_1); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); /* expects length prefixed preference ordered list of protocols in wire * format @@ -2788,7 +2788,7 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn, pkp_pin_peer_pubkey(data, backend->ssl_ctx, data->set.str[STRING_SSL_PINNEDPUBLICKEY]); if(result) { - failf(data, "SSL: public key does not match pinned public key!"); + failf(data, "SSL: public key does not match pinned public key"); return result; } } @@ -2853,7 +2853,7 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn, conn->negnpn = CURL_HTTP_VERSION_1_1; } else - infof(data, "ALPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ? BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); diff --git a/contrib/libs/curl/lib/vtls/vtls.c b/contrib/libs/curl/lib/vtls/vtls.c index 03b85ba065..a40ac06f68 100644 --- a/contrib/libs/curl/lib/vtls/vtls.c +++ b/contrib/libs/curl/lib/vtls/vtls.c @@ -125,15 +125,6 @@ static bool blobcmp(struct curl_blob *first, struct curl_blob *second) return !memcmp(first->data, second->data, first->len); /* same data */ } -static bool safecmp(char *a, char *b) -{ - if(a && b) - return !strcmp(a, b); - else if(!a && !b) - return TRUE; /* match */ - return FALSE; /* no match */ -} - bool Curl_ssl_config_matches(struct ssl_primary_config *data, @@ -147,12 +138,12 @@ Curl_ssl_config_matches(struct ssl_primary_config *data, blobcmp(data->cert_blob, needle->cert_blob) && blobcmp(data->ca_info_blob, needle->ca_info_blob) && blobcmp(data->issuercert_blob, needle->issuercert_blob) && - safecmp(data->CApath, needle->CApath) && - safecmp(data->CAfile, needle->CAfile) && - safecmp(data->issuercert, needle->issuercert) && - safecmp(data->clientcert, needle->clientcert) && - safecmp(data->random_file, needle->random_file) && - safecmp(data->egdsocket, needle->egdsocket) && + Curl_safecmp(data->CApath, needle->CApath) && + Curl_safecmp(data->CAfile, needle->CAfile) && + Curl_safecmp(data->issuercert, needle->issuercert) && + Curl_safecmp(data->clientcert, needle->clientcert) && + Curl_safecmp(data->random_file, needle->random_file) && + Curl_safecmp(data->egdsocket, needle->egdsocket) && Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) && Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) && Curl_safe_strcasecompare(data->curves, needle->curves) && diff --git a/contrib/libs/curl/lib/vtls/vtls.h b/contrib/libs/curl/lib/vtls/vtls.h index af3b8d3c94..6bd1e0dcd3 100644 --- a/contrib/libs/curl/lib/vtls/vtls.h +++ b/contrib/libs/curl/lib/vtls/vtls.h @@ -34,6 +34,17 @@ struct ssl_connect_data; #define SSLSUPP_TLS13_CIPHERSUITES (1<<5) /* supports TLS 1.3 ciphersuites */ #define SSLSUPP_CAINFO_BLOB (1<<6) +#define ALPN_ACCEPTED "ALPN: server accepted " + +#define VTLS_INFOF_NO_ALPN \ + "ALPN: server did not agree on a protocol. Uses default." +#define VTLS_INFOF_ALPN_OFFER_1STR \ + "ALPN: offers %s" +#define VTLS_INFOF_ALPN_ACCEPTED_1STR \ + ALPN_ACCEPTED "%s" +#define VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR \ + ALPN_ACCEPTED "%.*s" + struct Curl_ssl { /* * This *must* be the first entry to allow returning the list of available diff --git a/contrib/libs/curl/lib/vtls/wolfssl.c b/contrib/libs/curl/lib/vtls/wolfssl.c index f1f786ffb6..72692b6075 100644 --- a/contrib/libs/curl/lib/vtls/wolfssl.c +++ b/contrib/libs/curl/lib/vtls/wolfssl.c @@ -324,7 +324,7 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, } if(!req_method) { - failf(data, "SSL: couldn't create a method!"); + failf(data, "SSL: couldn't create a method"); return CURLE_OUT_OF_MEMORY; } @@ -333,7 +333,7 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, backend->ctx = SSL_CTX_new(req_method); if(!backend->ctx) { - failf(data, "SSL: couldn't create a context!"); + failf(data, "SSL: couldn't create a context"); return CURLE_OUT_OF_MEMORY; } @@ -462,9 +462,9 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, const char * const hostname = SSL_HOST_NAME(); size_t hostname_len = strlen(hostname); if((hostname_len < USHRT_MAX) && - (0 == Curl_inet_pton(AF_INET, hostname, &addr4)) && + !Curl_inet_pton(AF_INET, hostname, &addr4) #ifdef ENABLE_IPV6 - (0 == Curl_inet_pton(AF_INET6, hostname, &addr6)) + && !Curl_inet_pton(AF_INET6, hostname, &addr6) #endif ) { size_t snilen; @@ -503,7 +503,7 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, SSL_free(backend->handle); backend->handle = SSL_new(backend->ctx); if(!backend->handle) { - failf(data, "SSL: couldn't create a context (handle)!"); + failf(data, "SSL: couldn't create a context"); return CURLE_OUT_OF_MEMORY; } @@ -526,12 +526,12 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, #ifdef USE_HTTP2 if(data->state.httpwant >= CURL_HTTP_VERSION_2) { strcpy(protocols + strlen(protocols), ALPN_H2 ","); - infof(data, "ALPN, offering %s", ALPN_H2); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2); } #endif strcpy(protocols + strlen(protocols), ALPN_HTTP_1_1); - infof(data, "ALPN, offering %s", ALPN_HTTP_1_1); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); if(wolfSSL_UseALPN(backend->handle, protocols, (unsigned)strlen(protocols), @@ -739,7 +739,7 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn, (const unsigned char *)pubkey->header, (size_t)(pubkey->end - pubkey->header)); if(result) { - failf(data, "SSL: public key does not match pinned public key!"); + failf(data, "SSL: public key does not match pinned public key"); return result; } #else @@ -757,8 +757,7 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn, rc = wolfSSL_ALPN_GetProtocol(backend->handle, &protocol, &protocol_len); if(rc == SSL_SUCCESS) { - infof(data, "ALPN, server accepted to use %.*s", protocol_len, - protocol); + infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, protocol_len, protocol); if(protocol_len == ALPN_HTTP_1_1_LENGTH && !memcmp(protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH)) @@ -776,7 +775,7 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn, BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); } else if(rc == SSL_ALPN_NOT_FOUND) - infof(data, "ALPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); else { failf(data, "ALPN, failure getting protocol, error %d", rc); return CURLE_SSL_CONNECT_ERROR; diff --git a/contrib/libs/curl/lib/warnless.c b/contrib/libs/curl/lib/warnless.c index 15c8156d1c..0336a41d80 100644 --- a/contrib/libs/curl/lib/warnless.c +++ b/contrib/libs/curl/lib/warnless.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -360,7 +360,7 @@ curl_socket_t curlx_sitosk(int i) #endif /* USE_WINSOCK */ -#if defined(WIN32) || defined(_WIN32) +#if defined(WIN32) ssize_t curlx_read(int fd, void *buf, size_t count) { @@ -372,7 +372,7 @@ ssize_t curlx_write(int fd, const void *buf, size_t count) return (ssize_t)write(fd, buf, curlx_uztoui(count)); } -#endif /* WIN32 || _WIN32 */ +#endif /* WIN32 */ #if defined(__INTEL_COMPILER) && defined(__unix__) diff --git a/contrib/libs/curl/lib/warnless.h b/contrib/libs/curl/lib/warnless.h index 2c619bf819..37ac5ba19f 100644 --- a/contrib/libs/curl/lib/warnless.h +++ b/contrib/libs/curl/lib/warnless.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,6 +22,8 @@ * ***************************************************************************/ +#include "curl_setup.h" + #ifdef USE_WINSOCK #include <curl/curl.h> /* for curl_socket_t */ #endif @@ -65,7 +67,7 @@ curl_socket_t curlx_sitosk(int i); #endif /* USE_WINSOCK */ -#if defined(WIN32) || defined(_WIN32) +#if defined(WIN32) ssize_t curlx_read(int fd, void *buf, size_t count); @@ -78,7 +80,7 @@ ssize_t curlx_write(int fd, const void *buf, size_t count); # define write(fd, buf, count) curlx_write(fd, buf, count) #endif -#endif /* WIN32 || _WIN32 */ +#endif /* WIN32 */ #if defined(__INTEL_COMPILER) && defined(__unix__) |