diff options
| author | robot-contrib <robot-contrib@yandex-team.com> | 2022-09-21 14:47:18 +0300 |
|---|---|---|
| committer | robot-contrib <robot-contrib@yandex-team.com> | 2022-09-21 14:47:18 +0300 |
| commit | f904cb56d9b1584ffcc28e53dec706fe1dc15d6f (patch) | |
| tree | fe2764cc64c10b674559b367741a172323b52bcd /contrib | |
| parent | 37a16126ac62d0af47b33d50c786b9adc009f6f3 (diff) | |
| download | ydb-f904cb56d9b1584ffcc28e53dec706fe1dc15d6f.tar.gz | |
Update contrib/libs/curl to 7.85.0
Diffstat (limited to 'contrib')
71 files changed, 1929 insertions, 1091 deletions
diff --git a/contrib/libs/curl/RELEASE-NOTES b/contrib/libs/curl/RELEASE-NOTES index 5bc5055a48..30165420bb 100644 --- a/contrib/libs/curl/RELEASE-NOTES +++ b/contrib/libs/curl/RELEASE-NOTES @@ -1,147 +1,184 @@ -curl and libcurl 7.84.0 +curl and libcurl 7.85.0 - Public curl releases: 209 + Public curl releases: 210 Command line options: 248 - curl_easy_setopt() options: 297 + curl_easy_setopt() options: 299 Public functions in libcurl: 88 - Contributors: 2652 + Contributors: 2690 This release includes the following changes: - o curl: add --rate to set max request rate per time unit [69] - o curl: deprecate --random-file and --egd-file [12] - o curl_version_info: add CURL_VERSION_THREADSAFE [100] - o CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl [9] - o lib: make curl_global_init() threadsafe when possible [101] - o libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION [78] - o opts: deprecate RANDOM_FILE and EGDSOCKET [13] - o socks: support unix sockets for socks proxy [2] + o quic: add support via wolfSSL [142] + o schannel: Add TLS 1.3 support [96] + o setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR [30] This release includes the following bugfixes: - o aws-sigv4: fix potentional NULL pointer arithmetic [48] - o bindlocal: don't use a random port if port number would wrap [14] - o c-hyper: mark status line as status for Curl_client_write() [58] - o ci: avoid `cmake -Hpath` [114] - o CI: bump FreeBSD 13.0 to 13.1 [127] - o ci: update github actions [36] - o cmake: add libpsl support [3] - o cmake: do not add libcurl.rc to the static libcurl library [53] - o cmake: enable curl.rc for all Windows targets [55] - o cmake: fix detecting libidn2 [56] - o cmake: support adding a suffix to the OS value [54] - o configure: skip libidn2 detection when winidn is used [89] - o configure: use the SED value to invoke sed [28] - o configure: warn about rustls being experimental [103] - o content_encoding: return error on too many compression steps [106] - o cookie: address secure domain overlay [7] - o cookie: apply limits [83] - o copyright.pl: parse and use .reuse/dep5 for skips [105] - o copyright: make repository REUSE compliant [119] - o curl.1: add a few see also --tls-max [52] - o curl.1: mention exit code zero too [44] - o curl: re-enable --no-remote-name [31] - o curl_easy_pause.3: remove explanation of progress function [97] - o curl_getdate.3: document that some illegal dates pass through [34] - o Curl_parsenetrc: don't access local pwbuf outside of scope [27] - o curl_url_set.3: clarify by default using known schemes only [120] - o CURLOPT_ALTSVC.3: document the file format [118] - o CURLOPT_FILETIME.3: fix the protocols this works with - o CURLOPT_HTTPHEADER.3: improve comment in example [66] - o CURLOPT_NETRC.3: document the .netrc file format - o CURLOPT_PORT.3: We discourage using this option [92] - o CURLOPT_RANGE.3: remove ranged upload advice [99] - o digest: added detection of more syntax error in server headers [81] - o digest: tolerate missing "realm" [80] - o digest: unquote realm and nonce before processing [82] - o DISABLED: disable 1021 for hyper again - o docs/cmdline-opts: add copyright and license identifier to each file [112] - o docs/CONTRIBUTE.md: document the 'needs-votes' concept [79] - o docs: clarify data replacement policy for MIME API [16] - o doh: remove UNITTEST macro definition [67] - o examples/crawler.c: use the curl license [73] - o examples: remove fopen.c and rtsp.c [76] - o FAQ: Clarify Windows double quote usage [42] - o fopen: add Curl_fopen() for better overwriting of files [72] - o ftp: restore protocol state after http proxy CONNECT [110] - o ftp: when failing to do a secure GSSAPI login, fail hard [62] - o GHA/hyper: enable debug in the build - o gssapi: improve handling of errors from gss_display_status [45] - o gssapi: initialize gss_buffer_desc strings - o headers api: remove EXPERIMENTAL tag [35] - o http2: always debug print stream id in decimal with %u [46] - o http2: reject overly many push-promise headers [63] - o http: restore header folding behavior [64] - o hyper: use 'alt-used' [71] - o krb5: return error properly on decode errors [107] - o lib: make more protocol specific struct fields #ifdefed [84] - o libcurl-security.3: add "Secrets in memory" [30] - o libcurl-security.3: document CRLF header injection [98] - o libssh: skip the fake-close when libssh does the right thing [102] - o links: update dead links to the curl-wiki [21] - o log2changes: do not indent empty lines [ci skip] [37] - o macos9: remove partial support [22] - o Makefile.am: fix portability issues [1] - o Makefile.m32: delete obsolete options, improve -On [ci skip] [65] - o Makefile.m32: delete two obsolete OpenSSL options [ci skip] [39] - o Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip] [116] - o max-time.d: clarify max-time sets max transfer time [70] - o mprintf: ignore clang non-literal format string [19] - o netrc: check %USERPROFILE% as well on Windows [77] - o netrc: support quoted strings [33] - o ngtcp2: allow curl to send larger UDP datagrams [29] - o ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types [25] - o ngtcp2: enable Linux GSO [91] - o ngtcp2: extend QUIC transport parameters buffer [4] - o ngtcp2: fix alert_read_func return value [26] - o ngtcp2: fix typo in preprocessor condition [121] - o ngtcp2: handle error from ngtcp2_conn_submit_crypto_data [5] - o ngtcp2: send appropriate connection close error code [6] - o ngtcp2: support boringssl crypto backend [17] - o ngtcp2: use helper funcs to simplify TLS handshake integration [68] - o ntlm: provide a fixed fake host name [32] - o projects: fix third-party SSL library build paths for Visual Studio [125] - o quic: add Curl_quic_idle [18] - o quiche: support ca-fallback [49] - o rand: stop detecting /dev/urandom in cross-builds [113] - o remote-name.d: mention --output-dir [88] - o runtests.pl: add the --repeat parameter to the --help output [43] - o runtests: fix skipping tests not done event-based [95] - o runtests: skip starting the ssh server if user name is lacking [104] - o scripts/copyright.pl: fix the exclusion to not ignore man pages [75] - o sectransp: check for a function defined when __BLOCKS__ is undefined [20] - o select: return error from "lethal" poll/select errors [93] - o server/sws: support spaces in the HTTP request path - o speed-limit/time.d: mention these affect transfers in either direction [74] - o strcase: some optimisations [8] - o test 2081: add a valid reply for the second request [60] - o test 675: add missing CR so the test passes when run through Privoxy [61] - o test414: add the '--resolve' keyword [23] - o test681: verify --no-remote-name [90] - o tests 266, 116 and 1540: add a small write delay - o tests/data/test1501: kill ftp server after slow LIST response [59] - o tests/getpart: fix getpartattr to work with "data" and "data2" - o tests/server/sws.c: change the HTTP writedelay unit to milliseconds [47] - o test{440,441,493,977}: add "HTTP proxy" keywords [40] - o tool_getparam: fix --parallel-max maximum value constraint [51] - o tool_operate: make sure --fail-with-body works with --retry [24] - o transfer: fix potential NULL pointer dereference [15] - o transfer: maintain --path-as-is after redirects [96] - o transfer: upload performance; avoid tiny send [124] - o url: free old conn better on reuse [41] - o url: remove redundant #ifdefs in allocate_conn() - o url: URL encode the path when extracted, if spaces were set - o urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts [126] - o urlapi: support CURLU_URLENCODE for curl_url_get() - o urldata: reduce size of a few struct fields [86] - o urldata: remove three unused booleans from struct UserDefined [87] - o urldata: store tcp_keepidle and tcp_keepintvl as ints [85] - o version: allow stricmp() for sorting the feature list [57] - o vtls: make curl_global_sslset thread-safe [94] - o wolfssh.h: removed [10] - o wolfssl: correct the failf() message when a handle can't be made [38] - o wolfSSL: explicitly use compatibility layer [11] - o x509asn1: mark msnprintf return as unchecked [50] + o amigaos: fix threaded resolver on AmigaOS 4.x [133] + o amissl: allow AmiSSL to be used with AmigaOS 4.x builds [115] + o amissl: make AmiSSL v5 a minimum requirement [117] + o asyn-ares: make a single alloc out of hostname + async data [123] + o asyn-thread: fix socket leak on OOM [128] + o asyn-thread: make getaddrinfo_complete return CURLcode [53] + o base64: base64url encoding has no padding [41] + o BUGS.md: improve language [62] + o build: improve OS string in CMake and `config-win32.h` [15] + o cert.d: clarify that escape character works for file paths [161] + o cirrus.yml: replace py38-pip with py39-pip [63] + o cirrus/freebsd-ci: bootstrap the pip installer [104] + o cmake: add detection of threadsafe feature [163] + o cmake: do not force Windows target versions [28] + o cmake: fix build for mingw cross compile [33] + o cmake: link curl to its dependencies with PRIVATE [57] + o cmake: remove APPEND in export(TARGETS) [58] + o cmake: set feature PSL if present [168] + o cmake: support ngtcp2 boringssl backend [18] + o cmdline-opts/gen.pl: improve performance [97] + o config: remove the check for and use of SIZEOF_SHORT [129] + o configure: -pthread not available on AmigaOS 4.x [118] + o configure: check for the stdatomic.h header in configure [7] + o configure: fix --disable-headers-api [55] + o configure: fix broken m4 syntax in TLS options [145] + o configure: fixup bsdsocket detection code for AmigaOS 4.x [110] + o configure: if asked to use TLS, fail if no TLS lib was detected [156] + o configure: introduce CURL_SIZEOF [130] + o connect: add quic connection information [100] + o connect: close the happy eyeballs loser connection when using QUIC [109] + o connect: revert the use of IP*_RECVERR [102] + o connect: set socktype/protocol correctly [114] + o cookie: reject cookies with "control bytes" [152] + o cookie: treat a blank domain in Set-Cookie: as non-existing [40] + o cookie: use %zu to infof() for size_t values [26] + o curl-compilers.m4: make icc use -diag* options and disable two warnings [84] + o curl-config: quote directories with potential space [132] + o curl-confopts: remove leftover AC_REQUIREs [91] + o curl-functions.m4: check whether atomics can link [86] + o curl-wolfssl.m4: add options header when building test code [87] + o curl.h: CURLE_CONV_FAILED is obsoleted [4] + o curl.h: include <sys/select.h> on SunOS [151] + o curl: output warning when a cookie is dropped due to size [5] + o curl: writeout: fix repeated header outputs [47] + o Curl_close: call Curl_resolver_cancel to avoid memory-leak [124] + o curl_easy_header: Add CURLH_PSEUDO to sanity check [94] + o curl_mime_data.3: polish the wording [6] + o curl_multi_timeout.3: clarify usage [48] + o CURLINFO_SPEED_UPLOAD/DOWNLOAD.3: fix examples [121] + o CURLOPT_BUFFERSIZE.3: add upload buffersize to see also [159] + o CURLOPT_CONNECT_ONLY.3: clarify multi API use [64] + o CURLOPT_SERVER_RESPONSE_TIMEOUT: the new name [16] + o digest: fix memory leak, fix not quoted 'opaque' [66] + o digest: fix missing increment of 'nc' value for auth-int [39] + o digest: pass over leading spaces in qop values [119] + o digest: reject broken header with session protocol but without qop [120] + o docs/cmdline-opts/gen.pl: encode leading single and double quotes [138] + o docs/cmdline-opts: fix example and categories for --form-escape [125] + o docs/cmdline: mark fail and fail-with-body as mutually exclusive [98] + o docs: add dns category to --resolve [95] + o docs: explain curl_easy_escape/unescape curl handle is ignored [23] + o docs: remove him/her/he/she from documentation [103] + o doh: move doh related struct definitions to doh.h [45] + o doh: use https protocol by default [51] + o easy_lock.h: include sched.h if available to fix build [13] + o easy_lock.h: use __asm__ instead of asm to fix build [11] + o easy_lock: fix build for mingw [34] + o easy_lock: fix build with icc [54] + o easy_lock: fix the #ifdef conditional for ia32_pause [8] + o easy_lock: switch to using atomic_int instead of bool [9] + o easyoptions: fix icc warning [42] + o escape: remove outdated comment [25] + o examples/curlx.c: remove [150] + o file: add handling of native AmigaOS paths [108] + o file: fix icc enumerated type mixed with another type warning [92] + o ftp: use a correct expire ID for timer expiry [88] + o getinfo: return better error on NULL as first argument [21] + o GHA: add two Intel compiler CI jobs [85] + o GHA: move libressl CI from zuul to GitHub [144] + o gha: move over ngtcp2-gnutls CI job from zuul [162] + o GHA: mv CI torture test from Zuul [135] + o h2h3: fix overriding the 'TE: Trailers' header [43] + o hostip: resolve *.localhost to 127.0.0.1/::1 [127] + o HTTP3.md: update to msh3 v0.4.0 [126] + o http: typecast the httpreq assignment to avoid icc compiler warning [76] + o http_aws_sigv4.c: remove two unusued includes [36] + o http_chunks: remove an assign + typecast [82] + o hyper: customize test1274 to how hyper unfolds headers [131] + o hyper: enable obs-folded multiline headers [101] + o hyper: use wakers for curl pause/resume [2] + o imap: use ISALNUM() for alphanumeric checks [134] + o ldap: adapt to conn->port now being an 'int' [106] + o lib/curl_path.c: add ISC to license expression [1] + o lib3026: reduce the number of threads to 100 [44] + o libcurl-security.3: fix typo on macro "SH_" [12] + o libssh2: make atime/mtime date overflow return error [148] + o libssh2: provide symlink name in SFTP dir listing [155] + o libssh: ignore deprecation warnings [157] + o libssh: make atime/mtime date overflow return error [149] + o Makefile.m32: add `CURL_RC` and `CURL_STRIP` variables [ci skip] [17] + o Makefile.m32: add `NGTCP2_LIBS` option [ci skip] [38] + o makefile.m32: add support for custom ARCH [ci skip] [27] + o Makefile.m32: allow -nghttp3/-ngtcp2 without -ssl [ci skip] [141] + o Makefile.m32: do not set the libcurl.rc debug flag [ci skip] [3] + o Makefile.m32: stop trying to build libcares.a [ci skip] [46] + o memdebug: add annotation attributes [143] + o mprintf: fix *dyn_vprintf() when out-of-memory [90] + o mprintf: make dprintf_formatf never return negative [49] + o msh3: fix the QUIC disconnect function [107] + o multi: fix the return code from Curl_pgrsDone() [80] + o multi: have curl_multi_remove_handle close CONNECT_ONLY transfer [136] + o multi: use a pipe instead of a socketpair on apple platforms [154] + o multi: use larger dns hash table for multi interface [140] + o multi_wait: fix and improve Curl_poll error handling on Windows [146] + o multi_wait: fix skipping to populate revents for extra_fds [147] + o netrc.d: remove spurious quote [37] + o netrc: Use the password from lines without login [166] + o ngtcp2: Fix build error due to change in nghttp3 prototypes [61] + o ngtcp2: fix incompatible function pointer types [10] + o ngtcp2: Fix missing initialization of nghttp3_nv.flags [31] + o ngtcp2: fix stall or busy loop on STOP_SENDING with upload data [19] + o ngtcp2: implement cb_h3_stop_sending and cb_h3_reset_stream callbacks [59] + o openssl: add `CURL_BORINGSSL_VERSION` to identify BoringSSL [24] + o openssl: add cert path in error message [160] + o openssl: add details to "unable to set client certificate" error [116] + o openssl: fix BoringSSL symbol conflicts with LDAP and Schannel [52] + o quiche: fix build failure [99] + o select: do not return fatal error on EINTR from poll() [32] + o sendf: fix paused header writes since after the header API [89] + o sendf: make Curl_debug a void function [81] + o sendf: skip storing HTTP headers if HTTP disabled [73] + o sendf: store the header type in an usigned char to avoid icc warnings [79] + o splay: avoid using -1 in unsigned variable [78] + o test3026: add support for Windows using native Win32 threads [65] + o test3026: require 'threadsafe' [56] + o test44[2-4]: add '--resolve' to the keywords [122] + o tests/server/sockfilt.c: avoid race condition without a mutex [139] + o tests: fix http2 tests to use CRLF headers [153] + o tests: several enumerated type cleanups [67] + o THANKS: merged two entries for Evgeny Grin + o tidy-up: delete unused build configuration macros [93] + o tool: reintroduce set file comment code for AmigaOS [111] + o tool_cfgable: make 'synthetic_error' a plain bool [70] + o tool_formparse: fix variable may be used before its value is set [72] + o tool_getparam: make --doh-url "" switch it off [60] + o tool_getparam: repair cleanarg [22] + o tool_operate: better cleanup of easy handle in exit path [20] + o tool_paramhlp: fix "enumerated type mixed with another type" [68] + o tool_paramhlp: make check_protocol return ParameterError [71] + o tool_progress: avoid division by zero in parallel progress meter [35] + o tool_writeout: fix enumerated type mixed with another type [69] + o trace: 0x7F character is non-printable [50] + o unit1303: four tests should have TRUE for 'connecting' [158] + o url: enumerated type mixed with another type [74] + o url: really use the user provided in the url when netrc entry exists [165] + o url: reject URLs with hostnames longer than 65535 bytes [137] + o url: treat missing usernames in netrc as empty [167] + o urldata: change second proxytype field to unsigned char to match [75] + o urldata: make 'negnpn' use less storage [112] + o urldata: make state.httpreq an unsigned char [77] + o urldata: make three *_proto struct fields smaller [113] + o urldata: move smaller fields down in connectdata struct [105] + o urldata: reduce size of several struct fields [14] + o vtls: make Curl_ssl_backend() return the enum type curl_sslbackend [83] + o windows: improve random source [29] This release includes the following known bugs: @@ -150,139 +187,193 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Andrea Pappacoda, Balakrishnan Balasubramanian, Boris Verkhovskiy, - Carlo Alberto, Christian Weisgerber, Dan Fandrich, Daniel Gustafsson, - Daniel Stenberg, Egor Pugin, Emanuele Torre, Emil Engler, Evgeny Grin, - Fabian Keil, Frank Gevaerts, Frazer Smith, Gisle Vanem, Glenn Strauss, - Gregor Jasny, Harry Sintonen, Illarion Taev, ImpatientHippo on GitHub, - Jakub Bochenski, Kamil Dudka, Karlson2k on github, KotlinIsland on github, - Ladar Levison, Marcel Raad, Marc Hörsken, Marcus T, Max Mehl, michael musset, - Nick Zitzmann, Nuru on github, Patrick Monnerat, Petr Pisar, Philip H, - Pierrick Charron, Ray Satiro, Ricardo M. Correia, Simon Berger, - Stefan Eissing, Steve Holme, Tatsuhiro Tsujikawa, Thomas Guillem, Tom Eccles, - Viktor Szakats, Vincent Torri, vvb2060 on github, Willem Hoek, - Wolf Vollprecht, Elms - (51 contributors) + Adam Sampson, Alessandro Ghedini, Alexandre Bury, Andreas Sommer, + Andrew Lambert, Axel Chong, Brad Forschinger, Brian Carpenter, + Cering on github, Chris Paulson-Ellis, Chris Young, Daniel Katz, + Daniel Stenberg, David Carlier, dEajL3kA on github, Domen Kožar, + Dominik Thalhammer, Don J Olmstead, Dustin Howett, Emanuele Torre, + Emil Engler, Érico Nogueira Rolim, Even Rouault, Evgeny Grin (Karlson2k), + Fabian Fischer, Fabian Keil, Gisle Vanem, Gwen Shapira, Harry Sintonen, + highmtworks on github, Ivan Tsybulin, Jacob Tolar, Jakub Zakrzewski, + Jilayne Lovejoy, Joshua Root, jurisuk on github, jvvprasad78 on github, + Kai Pastor, Litter White, lwthiker on github, Marcel Raad, Marc Hörsken, + Marco Kamner, MasterInQuestion on github, Matthew Thompson, Maxim Ivanov, + Michael Trebilcock, Michał Antoniak, Nao Yonashiro, Nick Banks, + Oliver Roberts, opensignature on github, Orgad Shaneh, Patrick Monnerat, + Philip H, privetryan on github, Ray Satiro, rcombs on github, Rosen Penev, + Ryan Schmidt, Ryan Sleevi, rzrymiak on github, Samuel Henrique, + Sean McArthur, Sergey Ogryzkov, Somnath Kundu, Stefan Eissing, + Sukanya Hanumanthu, Tatsuhiro Tsujikawa, Ted Lyngmo, TheKnarf on github, + Thomas Weißschuh, Tobias Nygren, Viktor Szakats, vlubart on github, Wu Zheng, + Wyatt O'Day, Xiaoke Wang, yiyuaner on github + (79 contributors) References to bug reports and discussions on issues: - [1] = https://curl.se/mail/lib-2022-05/0024.html - [2] = https://curl.se/bug/?i=8668 - [3] = https://curl.se/bug/?i=8865 - [4] = https://curl.se/bug/?i=8872 - [5] = https://curl.se/bug/?i=8871 - [6] = https://curl.se/bug/?i=8870 - [7] = https://hackerone.com/reports/1560324 - [8] = https://curl.se/bug/?i=8875 - [9] = https://curl.se/bug/?i=8888 - [10] = https://curl.se/bug/?i=8863 - [11] = https://curl.se/bug/?i=8864 - [12] = https://curl.se/bug/?i=8670 - [13] = https://curl.se/bug/?i=8670 - [14] = https://curl.se/bug/?i=8862 - [15] = https://curl.se/bug/?i=8857 - [16] = https://curl.se/bug/?i=8860 - [17] = https://curl.se/bug/?i=8789 - [18] = https://curl.se/bug/?i=8698 - [19] = https://curl.se/bug/?i=8740 - [20] = https://curl.se/bug/?i=8846 - [21] = https://curl.se/bug/?i=8897 - [22] = https://curl.se/bug/?i=8836 - [23] = https://curl.se/bug/?i=8959 - [24] = https://curl.se/bug/?i=8845 - [25] = https://curl.se/bug/?i=8851 - [26] = https://curl.se/bug/?i=8852 - [27] = https://curl.se/bug/?i=8850 - [28] = https://curl.se/bug/?i=8891 - [29] = https://curl.se/bug/?i=8883 - [30] = https://curl.se/bug/?i=8881 - [31] = https://curl.se/bug/?i=8931 - [32] = https://curl.se/bug/?i=8859 - [33] = https://curl.se/bug/?i=8908 - [34] = https://curl.se/bug/?i=8938 - [35] = https://curl.se/bug/?i=8900 - [36] = https://curl.se/bug/?i=8843 - [37] = https://curl.se/bug/?i=8887 - [38] = https://curl.se/bug/?i=8885 - [39] = https://curl.se/bug/?i=8884 - [40] = https://curl.se/bug/?i=8959 - [41] = https://curl.se/bug/?i=8841 - [42] = https://curl.se/bug/?i=8823 - [43] = https://curl.se/bug/?i=8959 - [44] = https://curl.se/bug/?i=8833 - [45] = https://curl.se/bug/?i=8832 - [46] = https://curl.se/bug/?i=8808 - [47] = https://curl.se/bug/?i=8827 - [48] = https://curl.se/bug/?i=8814 - [49] = https://curl.se/bug/?i=8696 - [50] = https://curl.se/bug/?i=8831 - [51] = https://curl.se/bug/?i=8930 - [52] = https://curl.se/bug/?i=8929 - [53] = https://curl.se/bug/?i=8918 - [54] = https://curl.se/bug/?i=8919 - [55] = https://curl.se/bug/?i=8918 - [56] = https://curl.se/bug/?i=8917 - [57] = https://curl.se/bug/?i=8916 - [58] = https://curl.se/bug/?i=8894 - [59] = https://curl.se/bug/?i=8907 - [60] = https://curl.se/bug/?i=8959 - [61] = https://curl.se/bug/?i=8959 - [62] = https://hackerone.com/reports/1590102 - [63] = https://hackerone.com/reports/1589847 - [64] = https://curl.se/bug/?i=8844 - [65] = https://curl.se/bug/?i=8904 - [66] = https://curl.se/bug/?i=9025 - [67] = https://curl.se/bug/?i=8902 - [68] = https://curl.se/bug/?i=8968 - [69] = https://curl.se/bug/?i=8671 - [70] = https://curl.se/bug/?i=8877 - [71] = https://curl.se/bug/?i=8898 - [72] = https://curl.se/docs/CVE-2022-32207.html - [73] = https://curl.se/bug/?i=8950 - [74] = https://curl.se/bug/?i=8948 - [75] = https://curl.se/bug/?i=8952 - [76] = https://curl.se/bug/?i=8949 - [77] = https://curl.se/bug/?i=8855 - [78] = https://curl.se/bug/?i=7959 - [79] = https://curl.se/bug/?i=8910 - [80] = https://curl.se/bug/?i=8912 - [81] = https://curl.se/bug/?i=8912 - [82] = https://curl.se/bug/?i=8912 - [83] = https://curl.se/docs/CVE-2022-32205.html - [84] = https://curl.se/bug/?i=8944 - [85] = https://curl.se/bug/?i=8940 - [86] = https://curl.se/bug/?i=8940 - [87] = https://curl.se/bug/?i=8940 - [88] = https://curl.se/bug/?i=8945 - [89] = https://curl.se/bug/?i=8934 - [90] = https://curl.se/bug/?i=8942 - [91] = https://curl.se/bug/?i=8909 - [92] = https://curl.se/bug/?i=8941 - [93] = https://curl.se/bug/?i=8921 - [94] = https://curl.se/bug/?i=9016 - [95] = https://curl.se/bug/?i=8977 - [96] = https://curl.se/bug/?i=8974 - [97] = https://curl.se/bug/?i=9015 - [98] = https://curl.se/bug/?i=8964 - [99] = https://curl.se/bug/?i=8969 - [100] = https://curl.se/bug/?i=8680 - [101] = https://curl.se/bug/?i=8680 - [102] = https://curl.se/bug/?i=9021 - [103] = https://curl.se/bug/?i=9019 - [104] = https://curl.se/bug/?i=9013 - [105] = https://curl.se/bug/?i=9006 - [106] = https://curl.se/docs/CVE-2022-32206.html - [107] = https://curl.se/docs/CVE-2022-32208.html - [110] = https://curl.se/bug/?i=8737 - [112] = https://curl.se/bug/?i=9002 - [113] = https://curl.se/bug/?i=9038 - [114] = https://curl.se/bug/?i=9008 - [116] = https://curl.se/bug/?i=9035 - [118] = https://curl.se/bug/?i=9033 - [119] = https://curl.se/bug/?i=8869 - [120] = https://curl.se/bug/?i=8994 - [121] = https://curl.se/bug/?i=8981 - [124] = https://curl.se/bug/?i=8965 - [125] = https://curl.se/bug/?i=8991 - [126] = https://curl.se/bug/?i=9028 - [127] = https://curl.se/bug/?i=8815 + [1] = https://curl.se/bug/?i=9073 + [2] = https://curl.se/bug/?i=9070 + [3] = https://curl.se/bug/?i=9069 + [4] = https://curl.se/bug/?i=9067 + [5] = https://curl.se/bug/?i=9064 + [6] = https://curl.se/bug/?i=9063 + [7] = https://curl.se/bug/?i=9059 + [8] = https://curl.se/bug/?i=9058 + [9] = https://curl.se/bug/?i=9055 + [10] = https://curl.se/bug/?i=9056 + [11] = https://curl.se/bug/?i=9056 + [12] = https://curl.se/bug/?i=9057 + [13] = https://curl.se/bug/?i=9054 + [14] = https://curl.se/bug/?i=9106 + [15] = https://curl.se/bug/?i=9117 + [16] = https://curl.se/bug/?i=9104 + [17] = https://curl.se/bug/?i=9132 + [18] = https://curl.se/bug/?i=9065 + [19] = https://curl.se/bug/?i=9122 + [20] = https://curl.se/bug/?i=9114 + [21] = https://curl.se/bug/?i=9114 + [22] = https://curl.se/bug/?i=9128 + [23] = https://curl.se/bug/?i=9115 + [24] = https://curl.se/bug/?i=9113 + [25] = https://curl.se/bug/?i=9115 + [26] = https://curl.se/bug/?i=9095 + [27] = https://curl.se/bug/?i=9092 + [28] = https://curl.se/bug/?i=9046 + [29] = https://curl.se/bug/?i=9027 + [30] = https://curl.se/bug/?i=8992 + [31] = https://curl.se/bug/?i=9118 + [32] = https://bugs.archlinux.org/task/75201 + [33] = https://curl.se/bug/?i=9084 + [34] = https://curl.se/bug/?i=8997 + [35] = https://curl.se/bug/?i=9082 + [36] = https://curl.se/bug/?i=9080 + [37] = https://curl.se/bug/?i=9111 + [38] = https://curl.se/bug/?i=9109 + [39] = https://curl.se/bug/?i=9090 + [40] = https://curl.se/bug/?i=9164 + [41] = https://curl.se/bug/?i=9139 + [42] = https://curl.se/bug/?i=9176 + [43] = https://curl.se/bug/?i=9170 + [44] = https://curl.se/bug/?i=9172 + [45] = https://curl.se/bug/?i=9174 + [46] = https://curl.se/bug/?i=9169 + [47] = https://curl.se/bug/?i=9150 + [48] = https://curl.se/bug/?i=9155 + [49] = https://curl.se/bug/?i=9149 + [50] = https://curl.se/bug/?i=9162 + [51] = https://curl.se/bug/?i=9163 + [52] = https://curl.se/bug/?i=9110 + [53] = https://curl.se/bug/?i=9081 + [54] = https://curl.se/bug/?i=9081 + [55] = https://curl.se/bug/?i=9134 + [56] = https://curl.se/bug/?i=9141 + [57] = https://curl.se/bug/?i=9125 + [58] = https://curl.se/bug/?i=9124 + [59] = https://curl.se/bug/?i=9135 + [60] = https://curl.se/bug/?i=9207 + [61] = https://curl.se/bug/?i=9204 + [62] = https://curl.se/bug/?i=9205 + [63] = https://curl.se/bug/?i=9201 + [64] = https://curl.se/bug/?i=9244 + [65] = https://curl.se/bug/?i=9012 + [66] = https://curl.se/bug/?i=9199 + [67] = https://curl.se/bug/?i=9179 + [68] = https://curl.se/bug/?i=9179 + [69] = https://curl.se/bug/?i=9179 + [70] = https://curl.se/bug/?i=9179 + [71] = https://curl.se/bug/?i=9179 + [72] = https://curl.se/bug/?i=9179 + [73] = https://curl.se/bug/?i=9179 + [74] = https://curl.se/bug/?i=9179 + [75] = https://curl.se/bug/?i=9179 + [76] = https://curl.se/bug/?i=9179 + [77] = https://curl.se/bug/?i=9179 + [78] = https://curl.se/bug/?i=9179 + [79] = https://curl.se/bug/?i=9179 + [80] = https://curl.se/bug/?i=9179 + [81] = https://curl.se/bug/?i=9179 + [82] = https://curl.se/bug/?i=9179 + [83] = https://curl.se/bug/?i=9179 + [84] = https://curl.se/bug/?i=9179 + [85] = https://curl.se/bug/?i=9179 + [86] = https://curl.se/bug/?i=9190 + [87] = https://curl.se/bug/?i=9187 + [88] = https://curl.se/bug/?i=9184 + [89] = https://curl.se/bug/?i=9180 + [90] = https://curl.se/bug/?i=9185 + [91] = https://curl.se/bug/?i=9183 + [92] = https://curl.se/bug/?i=9181 + [93] = https://curl.se/bug/?i=9044 + [94] = https://curl.se/bug/?i=9235 + [95] = https://curl.se/bug/?i=9229 + [96] = https://curl.se/bug/?i=8419 + [97] = https://curl.se/bug/?i=9230 + [98] = https://curl.se/bug/?i=9221 + [99] = https://curl.se/bug/?i=9223 + [100] = https://curl.se/bug/?i=9286 + [101] = https://curl.se/bug/?i=9216 + [102] = https://curl.se/bug/?i=9209 + [103] = https://curl.se/bug/?i=9208 + [104] = https://curl.se/bug/?i=9213 + [105] = https://curl.se/bug/?i=9280 + [106] = https://curl.se/bug/?i=9281 + [107] = https://curl.se/bug/?i=8915 + [108] = https://curl.se/bug/?i=9259 + [109] = https://curl.se/bug/?i=9303 + [110] = https://curl.se/bug/?i=9268 + [111] = https://curl.se/bug/?i=9258 + [112] = https://curl.se/bug/?i=9279 + [113] = https://curl.se/bug/?i=9278 + [114] = https://curl.se/bug/?i=9274 + [115] = https://curl.se/bug/?i=9269 + [116] = https://curl.se/bug/?i=9228 + [117] = https://curl.se/bug/?i=9267 + [118] = https://curl.se/bug/?i=9266 + [119] = https://curl.se/bug/?i=9264 + [120] = https://curl.se/bug/?i=9077 + [121] = https://curl.se/bug/?i=9239 + [122] = https://curl.se/bug/?i=9250 + [123] = https://curl.se/bug/?i=9310 + [124] = https://curl.se/bug/?i=9310 + [125] = https://curl.se/bug/?i=9298 + [126] = https://curl.se/bug/?i=9297 + [127] = https://curl.se/bug/?i=9192 + [128] = https://curl.se/bug/?i=9310 + [129] = https://curl.se/bug/?i=9291 + [130] = https://curl.se/bug/?i=9291 + [131] = https://curl.se/bug/?i=9217 + [132] = https://curl.se/bug/?i=9253 + [133] = https://curl.se/bug/?i=9265 + [134] = https://curl.se/bug/?i=9289 + [135] = https://curl.se/bug/?i=9310 + [136] = https://curl.se/bug/?i=9335 + [137] = https://curl.se/bug/?i=9317 + [138] = https://curl.se/bug/?i=9352 + [139] = https://curl.se/bug/?i=9023 + [140] = https://curl.se/bug/?i=9376 + [141] = https://curl.se/bug/?i=9314 + [142] = https://curl.se/bug/?i=9290 + [143] = https://curl.se/bug/?i=9306 + [144] = https://curl.se/bug/?i=9309 + [145] = https://curl.se/bug/?i=9344 + [146] = https://curl.se/bug/?i=9372 + [147] = https://curl.se/bug/?i=9361 + [148] = https://curl.se/bug/?i=9328 + [149] = https://curl.se/bug/?i=9328 + [150] = https://curl.se/bug/?i=9330 + [151] = https://curl.se/bug/?i=9329 + [152] = https://curl.se/docs/CVE-2022-35252.html + [153] = https://curl.se/bug/?i=9364 + [154] = https://curl.se/bug/?i=6132 + [155] = https://curl.se/bug/?i=9369 + [156] = https://curl.se/bug/?i=9367 + [157] = https://curl.se/bug/?i=9382 + [158] = https://curl.se/bug/?i=9356 + [159] = https://curl.se/bug/?i=9354 + [160] = https://curl.se/bug/?i=9349 + [161] = https://curl.se/bug/?i=9349 + [162] = https://curl.se/bug/?i=9331 + [163] = https://curl.se/bug/?i=9312 + [165] = https://curl.se/bug/?i=9243 + [166] = https://curl.se/bug/?i=9248 + [167] = https://curl.se/bug/?i=8653 + [168] = https://curl.se/bug/?i=9391 diff --git a/contrib/libs/curl/include/curl/curl.h b/contrib/libs/curl/include/curl/curl.h index b00648e791..7a1b561961 100644 --- a/contrib/libs/curl/include/curl/curl.h +++ b/contrib/libs/curl/include/curl/curl.h @@ -75,7 +75,8 @@ defined(ANDROID) || defined(__ANDROID__) || defined(__OpenBSD__) || \ defined(__CYGWIN__) || defined(AMIGA) || defined(__NuttX__) || \ (defined(__FreeBSD_version) && (__FreeBSD_version < 800000)) || \ - (defined(__MidnightBSD_version) && (__MidnightBSD_version < 100000)) + (defined(__MidnightBSD_version) && (__MidnightBSD_version < 100000)) || \ + defined(__sun__) #include <sys/select.h> #endif @@ -577,7 +578,7 @@ typedef enum { CURLE_TFTP_UNKNOWNID, /* 72 - Unknown transfer ID */ CURLE_REMOTE_FILE_EXISTS, /* 73 - File already exists */ CURLE_TFTP_NOSUCHUSER, /* 74 - No such user */ - CURLE_CONV_FAILED, /* 75 - conversion failed */ + CURLE_OBSOLETE75, /* 75 - NOT IN USE since 7.82.0 */ CURLE_OBSOLETE76, /* 76 - NOT IN USE since 7.82.0 */ CURLE_SSL_CACERT_BADFILE, /* 77 - could not load CACERT file, missing or wrong format */ @@ -680,6 +681,7 @@ typedef enum { #define CURLE_FTP_BAD_DOWNLOAD_RESUME CURLE_BAD_DOWNLOAD_RESUME #define CURLE_LDAP_INVALID_URL CURLE_OBSOLETE62 #define CURLE_CONV_REQD CURLE_OBSOLETE76 +#define CURLE_CONV_FAILED CURLE_OBSOLETE75 /* This was the error code 50 in 7.7.3 and a few earlier versions, this is no longer used by libcurl but is instead #defined here only to not @@ -1009,7 +1011,8 @@ typedef CURLSTScode (*curl_hstswrite_callback)(CURL *easy, #define CURLHSTS_ENABLE (long)(1<<0) #define CURLHSTS_READONLYFILE (long)(1<<1) -/* CURLPROTO_ defines are for the CURLOPT_*PROTOCOLS options */ +/* The CURLPROTO_ defines below are for the **deprecated** CURLOPT_*PROTOCOLS + options. Do not use. */ #define CURLPROTO_HTTP (1<<0) #define CURLPROTO_HTTPS (1<<1) #define CURLPROTO_FTP (1<<2) @@ -1475,12 +1478,11 @@ typedef enum { Note that setting multiple bits may cause extra network round-trips. */ CURLOPT(CURLOPT_PROXYAUTH, CURLOPTTYPE_VALUES, 111), - /* FTP option that changes the timeout, in seconds, associated with - getting a response. This is different from transfer timeout time and - essentially places a demand on the FTP server to acknowledge commands - in a timely manner. */ - CURLOPT(CURLOPT_FTP_RESPONSE_TIMEOUT, CURLOPTTYPE_LONG, 112), -#define CURLOPT_SERVER_RESPONSE_TIMEOUT CURLOPT_FTP_RESPONSE_TIMEOUT + /* Option that changes the timeout, in seconds, associated with getting a + response. This is different from transfer timeout time and essentially + places a demand on the server to acknowledge commands in a timely + manner. For FTP, SMTP, IMAP and POP3. */ + CURLOPT(CURLOPT_SERVER_RESPONSE_TIMEOUT, CURLOPTTYPE_LONG, 112), /* Set this option to one of the CURL_IPRESOLVE_* defines (see below) to tell libcurl to use those IP versions only. This only has effect on @@ -2143,6 +2145,15 @@ typedef enum { /* set the SSH host key callback custom pointer */ CURLOPT(CURLOPT_SSH_HOSTKEYDATA, CURLOPTTYPE_CBPOINT, 317), + /* specify which protocols that are allowed to be used for the transfer, + which thus helps the app which takes URLs from users or other external + inputs and want to restrict what protocol(s) to deal with. Defaults to + all built-in protocols. */ + CURLOPT(CURLOPT_PROTOCOLS_STR, CURLOPTTYPE_STRINGPOINT, 318), + + /* specify which protocols that libcurl is allowed to follow directs to */ + CURLOPT(CURLOPT_REDIR_PROTOCOLS_STR, CURLOPTTYPE_STRINGPOINT, 319), + CURLOPT_LASTENTRY /* the last unused */ } CURLoption; @@ -2168,6 +2179,9 @@ typedef enum { #define CURLOPT_SSLCERTPASSWD CURLOPT_KEYPASSWD #define CURLOPT_KRB4LEVEL CURLOPT_KRBLEVEL +/* */ +#define CURLOPT_FTP_RESPONSE_TIMEOUT CURLOPT_SERVER_RESPONSE_TIMEOUT + #else /* This is set if CURL_NO_OLDIES is defined at compile-time */ #undef CURLOPT_DNS_USE_GLOBAL_CACHE /* soon obsolete */ @@ -2182,7 +2196,7 @@ typedef enum { #define CURL_IPRESOLVE_V4 1 /* uses only IPv4 addresses/connections */ #define CURL_IPRESOLVE_V6 2 /* uses only IPv6 addresses/connections */ - /* three convenient "aliases" that follow the name scheme better */ + /* Convenient "aliases" */ #define CURLOPT_RTSPHEADER CURLOPT_HTTPHEADER /* These enums are for use with the CURLOPT_HTTP_VERSION option. */ diff --git a/contrib/libs/curl/include/curl/curlver.h b/contrib/libs/curl/include/curl/curlver.h index a21446e346..33753c72f5 100644 --- a/contrib/libs/curl/include/curl/curlver.h +++ b/contrib/libs/curl/include/curl/curlver.h @@ -32,12 +32,12 @@ /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "7.84.0" +#define LIBCURL_VERSION "7.85.0" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 7 -#define LIBCURL_VERSION_MINOR 84 +#define LIBCURL_VERSION_MINOR 85 #define LIBCURL_VERSION_PATCH 0 /* This is the numeric version of the libcurl version number, meant for easier @@ -59,7 +59,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x075400 +#define LIBCURL_VERSION_NUM 0x075500 /* * This is the date and time when the full source package was created. The @@ -70,7 +70,7 @@ * * "2007-11-23" */ -#define LIBCURL_TIMESTAMP "2022-06-27" +#define LIBCURL_TIMESTAMP "2022-08-31" #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z)) #define CURL_AT_LEAST_VERSION(x,y,z) \ diff --git a/contrib/libs/curl/include/curl/typecheck-gcc.h b/contrib/libs/curl/include/curl/typecheck-gcc.h index d7c7a9a309..2dabcb4166 100644 --- a/contrib/libs/curl/include/curl/typecheck-gcc.h +++ b/contrib/libs/curl/include/curl/typecheck-gcc.h @@ -272,9 +272,9 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t, (option) == CURLOPT_DNS_SERVERS || \ (option) == CURLOPT_DOH_URL || \ (option) == CURLOPT_EGDSOCKET || \ - (option) == CURLOPT_FTPPORT || \ (option) == CURLOPT_FTP_ACCOUNT || \ (option) == CURLOPT_FTP_ALTERNATIVE_TO_USER || \ + (option) == CURLOPT_FTPPORT || \ (option) == CURLOPT_HSTS || \ (option) == CURLOPT_INTERFACE || \ (option) == CURLOPT_ISSUERCERT || \ @@ -288,10 +288,8 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t, (option) == CURLOPT_PASSWORD || \ (option) == CURLOPT_PINNEDPUBLICKEY || \ (option) == CURLOPT_PRE_PROXY || \ + (option) == CURLOPT_PROTOCOLS_STR || \ (option) == CURLOPT_PROXY || \ - (option) == CURLOPT_PROXYPASSWORD || \ - (option) == CURLOPT_PROXYUSERNAME || \ - (option) == CURLOPT_PROXYUSERPWD || \ (option) == CURLOPT_PROXY_CAINFO || \ (option) == CURLOPT_PROXY_CAPATH || \ (option) == CURLOPT_PROXY_CRLFILE || \ @@ -299,17 +297,21 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t, (option) == CURLOPT_PROXY_KEYPASSWD || \ (option) == CURLOPT_PROXY_PINNEDPUBLICKEY || \ (option) == CURLOPT_PROXY_SERVICE_NAME || \ + (option) == CURLOPT_PROXY_SSL_CIPHER_LIST || \ (option) == CURLOPT_PROXY_SSLCERT || \ (option) == CURLOPT_PROXY_SSLCERTTYPE || \ (option) == CURLOPT_PROXY_SSLKEY || \ (option) == CURLOPT_PROXY_SSLKEYTYPE || \ - (option) == CURLOPT_PROXY_SSL_CIPHER_LIST || \ (option) == CURLOPT_PROXY_TLS13_CIPHERS || \ (option) == CURLOPT_PROXY_TLSAUTH_PASSWORD || \ (option) == CURLOPT_PROXY_TLSAUTH_TYPE || \ (option) == CURLOPT_PROXY_TLSAUTH_USERNAME || \ + (option) == CURLOPT_PROXYPASSWORD || \ + (option) == CURLOPT_PROXYUSERNAME || \ + (option) == CURLOPT_PROXYUSERPWD || \ (option) == CURLOPT_RANDOM_FILE || \ (option) == CURLOPT_RANGE || \ + (option) == CURLOPT_REDIR_PROTOCOLS_STR || \ (option) == CURLOPT_REFERER || \ (option) == CURLOPT_REQUEST_TARGET || \ (option) == CURLOPT_RTSP_SESSION_ID || \ diff --git a/contrib/libs/curl/lib/amigaos.c b/contrib/libs/curl/lib/amigaos.c index 6c144095f8..c235a77f43 100644 --- a/contrib/libs/curl/lib/amigaos.c +++ b/contrib/libs/curl/lib/amigaos.c @@ -25,8 +25,14 @@ #include "curl_setup.h" #ifdef __AMIGA__ -# include "amigaos.h" -# if defined(HAVE_PROTO_BSDSOCKET_H) && !defined(USE_AMISSL) + +#include "hostip.h" +#include "amigaos.h" + +#ifdef HAVE_PROTO_BSDSOCKET_H +# if defined(__amigaos4__) +# error #include <bsdsocket/socketbasetags.h> +# elif !defined(USE_AMISSL) # include <amitcp/socketbasetags.h> # endif # ifdef __libnix__ @@ -38,8 +44,154 @@ #include "curl_memory.h" #include "memdebug.h" -#ifdef __AMIGA__ -#if defined(HAVE_PROTO_BSDSOCKET_H) && !defined(USE_AMISSL) +#ifdef HAVE_PROTO_BSDSOCKET_H + +#ifdef __amigaos4__ +/* + * AmigaOS 4.x specific code + */ + +/* + * hostip4.c - Curl_ipv4_resolve_r() replacement code + * + * Logic that needs to be considered are the following build cases: + * - newlib networking + * - clib2 networking + * - direct bsdsocket.library networking (usually AmiSSL builds) + * Each with the threaded resolver enabled or not. + * + * With the threaded resolver enabled, try to use gethostbyname_r() where + * available, otherwise (re)open bsdsocket.library and fallback to + * gethostbyname(). + */ + +#error #include <proto/bsdsocket.h> + +static struct SocketIFace *__CurlISocket = NULL; +static uint32 SocketFeatures = 0; + +#define HAVE_BSDSOCKET_GETHOSTBYNAME_R 0x01 +#define HAVE_BSDSOCKET_GETADDRINFO 0x02 + +CURLcode Curl_amiga_init(void) +{ + struct SocketIFace *ISocket; + struct Library *base = OpenLibrary("bsdsocket.library", 4); + + if(base) { + ISocket = (struct SocketIFace *)GetInterface(base, "main", 1, NULL); + if(ISocket) { + ULONG enabled = 0; + + SocketBaseTags(SBTM_SETVAL(SBTC_CAN_SHARE_LIBRARY_BASES), TRUE, + SBTM_GETREF(SBTC_HAVE_GETHOSTADDR_R_API), (ULONG)&enabled, + TAG_DONE); + + if(enabled) { + SocketFeatures |= HAVE_BSDSOCKET_GETHOSTBYNAME_R; + } + + __CurlISocket = ISocket; + + atexit(Curl_amiga_cleanup); + + return CURLE_OK; + } + CloseLibrary(base); + } + + return CURLE_FAILED_INIT; +} + +void Curl_amiga_cleanup(void) +{ + if(__CurlISocket) { + struct Library *base = __CurlISocket->Data.LibBase; + DropInterface((struct Interface *)__CurlISocket); + CloseLibrary(base); + __CurlISocket = NULL; + } +} + +#ifdef CURLRES_AMIGA +/* + * Because we need to handle the different cases in hostip4.c at run-time, + * not at compile-time, based on what was detected in Curl_amiga_init(), + * we replace it completely with our own as to not complicate the baseline + * code. Assumes malloc/calloc/free are thread safe because Curl_he2ai() + * allocates memory also. + */ + +struct Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname, + int port) +{ + struct Curl_addrinfo *ai = NULL; + struct hostent *h; + struct SocketIFace *ISocket = __CurlISocket; + + if(SocketFeatures & HAVE_BSDSOCKET_GETHOSTBYNAME_R) { + LONG h_errnop = 0; + struct hostent *buf; + + buf = calloc(1, CURL_HOSTENT_SIZE); + if(buf) { + h = gethostbyname_r((STRPTR)hostname, buf, + (char *)buf + sizeof(struct hostent), + CURL_HOSTENT_SIZE - sizeof(struct hostent), + &h_errnop); + if(h) { + ai = Curl_he2ai(h, port); + } + free(buf); + } + } + else { + #ifdef CURLRES_THREADED + /* gethostbyname() is not thread safe, so we need to reopen bsdsocket + * on the thread's context + */ + struct Library *base = OpenLibrary("bsdsocket.library", 4); + if(base) { + ISocket = (struct SocketIFace *)GetInterface(base, "main", 1, NULL); + if(ISocket) { + h = gethostbyname((STRPTR)hostname); + if(h) { + ai = Curl_he2ai(h, port); + } + DropInterface((struct Interface *)ISocket); + } + CloseLibrary(base); + } + #else + /* not using threaded resolver - safe to use this as-is */ + h = gethostbyname(hostname); + if(h) { + ai = Curl_he2ai(h, port); + } + #endif + } + + return ai; +} +#endif /* CURLRES_AMIGA */ + +#ifdef USE_AMISSL +int Curl_amiga_select(int nfds, fd_set *readfds, fd_set *writefds, + fd_set *errorfds, struct timeval *timeout) +{ + int r = WaitSelect(nfds, readfds, writefds, errorfds, timeout, 0); + /* Ensure Ctrl-C signal is actioned */ + if((r == -1) && (SOCKERRNO == EINTR)) + raise(SIGINT); + return r; +} +#endif /* USE_AMISSL */ + +#elif !defined(USE_AMISSL) /* __amigaos4__ */ +/* + * Amiga OS3 specific code + */ + struct Library *SocketBase = NULL; extern int errno, h_errno; @@ -49,7 +201,7 @@ void __request(const char *msg); # define __request(msg) Printf(msg "\n\a") #endif -void Curl_amiga_cleanup() +void Curl_amiga_cleanup(void) { if(SocketBase) { CloseLibrary(SocketBase); @@ -57,68 +209,36 @@ void Curl_amiga_cleanup() } } -bool Curl_amiga_init() +CURLcode Curl_amiga_init(void) { if(!SocketBase) SocketBase = OpenLibrary("bsdsocket.library", 4); if(!SocketBase) { __request("No TCP/IP Stack running!"); - return FALSE; + return CURLE_FAILED_INIT; } if(SocketBaseTags(SBTM_SETVAL(SBTC_ERRNOPTR(sizeof(errno))), (ULONG) &errno, SBTM_SETVAL(SBTC_LOGTAGPTR), (ULONG) "curl", TAG_DONE)) { __request("SocketBaseTags ERROR"); - return FALSE; + return CURLE_FAILED_INIT; } #ifndef __libnix__ atexit(Curl_amiga_cleanup); #endif - return TRUE; + return CURLE_OK; } #ifdef __libnix__ ADD2EXIT(Curl_amiga_cleanup, -50); #endif -#endif /* HAVE_PROTO_BSDSOCKET_H */ - -#ifdef USE_AMISSL -void Curl_amiga_X509_free(X509 *a) -{ - X509_free(a); -} - -/* AmiSSL replaces many functions with macros. Curl requires pointer - * to some of these functions. Thus, we have to encapsulate these macros. - */ - -#include "warnless.h" - -int (SHA256_Init)(SHA256_CTX *c) -{ - return SHA256_Init(c); -}; +#endif /* !USE_AMISSL */ -int (SHA256_Update)(SHA256_CTX *c, const void *data, size_t len) -{ - return SHA256_Update(c, data, curlx_uztoui(len)); -}; - -int (SHA256_Final)(unsigned char *md, SHA256_CTX *c) -{ - return SHA256_Final(md, c); -}; - -void (X509_INFO_free)(X509_INFO *a) -{ - X509_INFO_free(a); -}; +#endif /* HAVE_PROTO_BSDSOCKET_H */ -#endif /* USE_AMISSL */ #endif /* __AMIGA__ */ - diff --git a/contrib/libs/curl/lib/amigaos.h b/contrib/libs/curl/lib/amigaos.h index 8757aa8e73..9abfb59eac 100644 --- a/contrib/libs/curl/lib/amigaos.h +++ b/contrib/libs/curl/lib/amigaos.h @@ -25,22 +25,18 @@ ***************************************************************************/ #include "curl_setup.h" -#if defined(__AMIGA__) && defined(HAVE_BSDSOCKET_H) && !defined(USE_AMISSL) +#if defined(__AMIGA__) && defined(HAVE_PROTO_BSDSOCKET_H) && \ + (!defined(USE_AMISSL) || defined(__amigaos4__)) -bool Curl_amiga_init(); -void Curl_amiga_cleanup(); +CURLcode Curl_amiga_init(void); +void Curl_amiga_cleanup(void); #else -#define Curl_amiga_init() 1 +#define Curl_amiga_init() CURLE_OK #define Curl_amiga_cleanup() Curl_nop_stmt #endif -#ifdef USE_AMISSL -#include <openssl/x509v3.h> -void Curl_amiga_X509_free(X509 *a); -#endif /* USE_AMISSL */ - #endif /* HEADER_CURL_AMIGAOS_H */ diff --git a/contrib/libs/curl/lib/asyn-ares.c b/contrib/libs/curl/lib/asyn-ares.c index 1d478c7ecb..85d6d3fa05 100644 --- a/contrib/libs/curl/lib/asyn-ares.c +++ b/contrib/libs/curl/lib/asyn-ares.c @@ -117,6 +117,7 @@ struct thread_data { #ifndef HAVE_CARES_GETADDRINFO struct curltime happy_eyeballs_dns_time; /* when this timer started, or 0 */ #endif + char hostname[1]; }; /* How long we are willing to wait for additional parallel responses after @@ -254,8 +255,6 @@ void Curl_resolver_kill(struct Curl_easy *data) */ static void destroy_async_data(struct Curl_async *async) { - free(async->hostname); - if(async->tdata) { struct thread_data *res = async->tdata; if(res) { @@ -267,8 +266,6 @@ static void destroy_async_data(struct Curl_async *async) } async->tdata = NULL; } - - async->hostname = NULL; } /* @@ -760,25 +757,18 @@ struct Curl_addrinfo *Curl_resolver_getaddrinfo(struct Curl_easy *data, int port, int *waitp) { - char *bufp; - + struct thread_data *res = NULL; + size_t namelen = strlen(hostname); *waitp = 0; /* default to synchronous response */ - bufp = strdup(hostname); - if(bufp) { - struct thread_data *res = NULL; - free(data->state.async.hostname); - data->state.async.hostname = bufp; + res = calloc(sizeof(struct thread_data) + namelen, 1); + if(res) { + strcpy(res->hostname, hostname); + data->state.async.hostname = res->hostname; data->state.async.port = port; data->state.async.done = FALSE; /* not done */ data->state.async.status = 0; /* clear */ data->state.async.dns = NULL; /* clear */ - res = calloc(sizeof(struct thread_data), 1); - if(!res) { - free(data->state.async.hostname); - data->state.async.hostname = NULL; - return NULL; - } data->state.async.tdata = res; /* initial status - failed */ diff --git a/contrib/libs/curl/lib/asyn-thread.c b/contrib/libs/curl/lib/asyn-thread.c index a47aa7a653..248d63576e 100644 --- a/contrib/libs/curl/lib/asyn-thread.c +++ b/contrib/libs/curl/lib/asyn-thread.c @@ -321,23 +321,28 @@ int init_thread_sync_data(struct thread_data *td, return 1; err_exit: - /* Memory allocation failed */ +#ifndef CURL_DISABLE_SOCKETPAIR + if(tsd->sock_pair[0] != CURL_SOCKET_BAD) { + sclose(tsd->sock_pair[0]); + tsd->sock_pair[0] = CURL_SOCKET_BAD; + } +#endif destroy_thread_sync_data(tsd); return 0; } -static int getaddrinfo_complete(struct Curl_easy *data) +static CURLcode getaddrinfo_complete(struct Curl_easy *data) { struct thread_sync_data *tsd = conn_thread_sync_data(data); - int rc; + CURLcode result; - rc = Curl_addrinfo_callback(data, tsd->sock_error, tsd->res); + result = Curl_addrinfo_callback(data, tsd->sock_error, tsd->res); /* The tsd->res structure has been copied to async.dns and perhaps the DNS cache. Set our copy to NULL so destroy_thread_sync_data doesn't free it. */ tsd->res = NULL; - return rc; + return result; } diff --git a/contrib/libs/curl/lib/base64.c b/contrib/libs/curl/lib/base64.c index d5d79cf96b..53ebc3db30 100644 --- a/contrib/libs/curl/lib/base64.c +++ b/contrib/libs/curl/lib/base64.c @@ -43,8 +43,9 @@ #include "memdebug.h" /* ---- Base64 Encoding/Decoding Table --- */ +/* Padding character string starts at offset 64. */ static const char base64[]= - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; /* The Base 64 encoding with an URL and filename safe alphabet, RFC 4648 section 5 */ @@ -54,25 +55,18 @@ static const char base64url[]= static size_t decodeQuantum(unsigned char *dest, const char *src) { size_t padding = 0; - const char *s, *p; + const char *s; unsigned long i, x = 0; for(i = 0, s = src; i < 4; i++, s++) { if(*s == '=') { - x = (x << 6); + x <<= 6; padding++; } else { - unsigned long v = 0; - p = base64; - - while(*p && (*p != *s)) { - v++; - p++; - } - - if(*p == *s) - x = (x << 6) + v; + const char *p = strchr(base64, *s); + if(p) + x = (x << 6) + curlx_uztoul(p - base64); else return 0; } @@ -109,11 +103,11 @@ CURLcode Curl_base64_decode(const char *src, unsigned char **outptr, size_t *outlen) { size_t srclen = 0; - size_t length = 0; size_t padding = 0; size_t i; size_t numQuantums; size_t rawlen = 0; + const char *padptr; unsigned char *pos; unsigned char *newstr; @@ -126,19 +120,17 @@ CURLcode Curl_base64_decode(const char *src, return CURLE_BAD_CONTENT_ENCODING; /* Find the position of any = padding characters */ - while((src[length] != '=') && src[length]) - length++; - - /* A maximum of two = padding characters is allowed */ - if(src[length] == '=') { + padptr = strchr(src, '='); + if(padptr) { padding++; - if(src[length + 1] == '=') + /* A maximum of two = padding characters is allowed */ + if(padptr[1] == '=') padding++; - } - /* Check the = padding characters weren't part way through the input */ - if(length + padding != srclen) - return CURLE_BAD_CONTENT_ENCODING; + /* Check the = padding characters weren't part way through the input */ + if(padptr + padding != src + srclen) + return CURLE_BAD_CONTENT_ENCODING; + } /* Calculate the number of quantums */ numQuantums = srclen / 4; @@ -187,6 +179,7 @@ static CURLcode base64_encode(const char *table64, char *output; char *base64data; const char *indata = inputbuff; + const char *padstr = &table64[64]; /* Point to padding string. */ *outptr = NULL; *outlen = 0; @@ -224,27 +217,30 @@ static CURLcode base64_encode(const char *table64, switch(inputparts) { case 1: /* only one byte read */ - msnprintf(output, 5, "%c%c==", - table64[obuf[0]], - table64[obuf[1]]); + i = msnprintf(output, 5, "%c%c%s%s", + table64[obuf[0]], + table64[obuf[1]], + padstr, + padstr); break; case 2: /* two bytes read */ - msnprintf(output, 5, "%c%c%c=", - table64[obuf[0]], - table64[obuf[1]], - table64[obuf[2]]); + i = msnprintf(output, 5, "%c%c%c%s", + table64[obuf[0]], + table64[obuf[1]], + table64[obuf[2]], + padstr); break; default: - msnprintf(output, 5, "%c%c%c%c", - table64[obuf[0]], - table64[obuf[1]], - table64[obuf[2]], - table64[obuf[3]]); + i = msnprintf(output, 5, "%c%c%c%c", + table64[obuf[0]], + table64[obuf[1]], + table64[obuf[2]], + table64[obuf[3]]); break; } - output += 4; + output += i; } /* Zero terminate */ @@ -272,8 +268,6 @@ static CURLcode base64_encode(const char *table64, * Returns CURLE_OK on success, otherwise specific error code. Function * output shall not be considered valid unless CURLE_OK is returned. * - * When encoded data length is 0, returns NULL in *outptr. - * * @unittest: 1302 */ CURLcode Curl_base64_encode(const char *inputbuff, size_t insize, @@ -295,8 +289,6 @@ CURLcode Curl_base64_encode(const char *inputbuff, size_t insize, * Returns CURLE_OK on success, otherwise specific error code. Function * output shall not be considered valid unless CURLE_OK is returned. * - * When encoded data length is 0, returns NULL in *outptr. - * * @unittest: 1302 */ CURLcode Curl_base64url_encode(const char *inputbuff, size_t insize, diff --git a/contrib/libs/curl/lib/c-hyper.c b/contrib/libs/curl/lib/c-hyper.c index 527d7cf62e..3c9c163163 100644 --- a/contrib/libs/curl/lib/c-hyper.c +++ b/contrib/libs/curl/lib/c-hyper.c @@ -692,9 +692,18 @@ static int uploadstreamed(void *userdata, hyper_context *ctx, data->state.hresult = result; return HYPER_POLL_ERROR; } - if(!fillcount) - /* done! */ - *chunk = NULL; + if(!fillcount) { + if((data->req.keepon & KEEP_SEND_PAUSE) != KEEP_SEND_PAUSE) + /* done! */ + *chunk = NULL; + else { + /* paused, save a waker */ + if(data->hyp.send_body_waker) + hyper_waker_free(data->hyp.send_body_waker); + data->hyp.send_body_waker = hyper_context_waker(ctx); + return HYPER_POLL_PENDING; + } + } else { hyper_buf *copy = hyper_buf_copy((uint8_t *)data->state.ulbuf, fillcount); if(copy) @@ -915,6 +924,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) } hyper_clientconn_options_set_preserve_header_case(options, 1); hyper_clientconn_options_set_preserve_header_order(options, 1); + hyper_clientconn_options_http1_allow_multiline_headers(options, 1); hyper_clientconn_options_exec(options, h->exec); @@ -1004,10 +1014,8 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) /* For HTTP/2, we show the Host: header as if we sent it, to make it look like for HTTP/1 but it isn't actually sent since :authority is then used. */ - result = Curl_debug(data, CURLINFO_HEADER_OUT, data->state.aptr.host, - strlen(data->state.aptr.host)); - if(result) - goto error; + Curl_debug(data, CURLINFO_HEADER_OUT, data->state.aptr.host, + strlen(data->state.aptr.host)); } if(data->state.aptr.proxyuserpwd) { @@ -1127,9 +1135,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(result) goto error; - result = Curl_debug(data, CURLINFO_HEADER_OUT, (char *)"\r\n", 2); - if(result) - goto error; + Curl_debug(data, CURLINFO_HEADER_OUT, (char *)"\r\n", 2); data->req.upload_chunky = FALSE; sendtask = hyper_clientconn_send(client, req); diff --git a/contrib/libs/curl/lib/c-hyper.h b/contrib/libs/curl/lib/c-hyper.h index 1e7976a2da..f268222b5c 100644 --- a/contrib/libs/curl/lib/c-hyper.h +++ b/contrib/libs/curl/lib/c-hyper.h @@ -36,6 +36,7 @@ struct hyptransfer { const hyper_executor *exec; hyper_task *endtask; hyper_waker *exp100_waker; + hyper_waker *send_body_waker; }; size_t Curl_hyper_recv(void *userp, hyper_context *ctx, diff --git a/contrib/libs/curl/lib/connect.c b/contrib/libs/curl/lib/connect.c index 424197234c..be9f72117c 100644 --- a/contrib/libs/curl/lib/connect.c +++ b/contrib/libs/curl/lib/connect.c @@ -766,6 +766,13 @@ void Curl_updateconninfo(struct Curl_easy *data, struct connectdata *conn, Curl_conninfo_remote(data, conn, sockfd); Curl_conninfo_local(data, sockfd, local_ip, &local_port); } /* end of TCP-only section */ +#ifdef ENABLE_QUIC + else if(conn->transport == TRNSPRT_QUIC) { + if(!conn->bits.reuse) + Curl_conninfo_remote(data, conn, sockfd); + Curl_conninfo_local(data, sockfd, local_ip, &local_port); + } +#endif /* persist connection info in session handle */ Curl_persistconninfo(data, conn, local_ip, local_port); @@ -903,6 +910,8 @@ CURLcode Curl_is_connected(struct Curl_easy *data, conn->tempsock[i] = CURL_SOCKET_BAD; post_SOCKS(data, conn, sockindex, connected); connkeep(conn, "HTTP/3 default"); + if(conn->tempsock[other] != CURL_SOCKET_BAD) + Curl_quic_disconnect(data, conn, other); return CURLE_OK; } /* When a QUIC connect attempt fails, the better error explanation is in @@ -1604,9 +1613,20 @@ CURLcode Curl_socket(struct Curl_easy *data, */ addr->family = ai->ai_family; - addr->socktype = (conn->transport == TRNSPRT_TCP) ? SOCK_STREAM : SOCK_DGRAM; - addr->protocol = conn->transport != TRNSPRT_TCP ? IPPROTO_UDP : - ai->ai_protocol; + switch(conn->transport) { + case TRNSPRT_TCP: + addr->socktype = SOCK_STREAM; + addr->protocol = IPPROTO_TCP; + break; + case TRNSPRT_UNIX: + addr->socktype = SOCK_STREAM; + addr->protocol = IPPROTO_IP; + break; + default: /* UDP and QUIC */ + addr->socktype = SOCK_DGRAM; + addr->protocol = IPPROTO_UDP; + break; + } addr->addrlen = ai->ai_addrlen; if(addr->addrlen > sizeof(struct Curl_sockaddr_storage)) @@ -1667,20 +1687,6 @@ CURLcode Curl_socket(struct Curl_easy *data, } #endif -#if defined(__linux__) && defined(IP_RECVERR) - if(addr->socktype == SOCK_DGRAM) { - int one = 1; - switch(addr->family) { - case AF_INET: - (void)setsockopt(*sockfd, SOL_IP, IP_RECVERR, &one, sizeof(one)); - break; - case AF_INET6: - (void)setsockopt(*sockfd, SOL_IPV6, IPV6_RECVERR, &one, sizeof(one)); - break; - } - } -#endif - return CURLE_OK; } diff --git a/contrib/libs/curl/lib/cookie.c b/contrib/libs/curl/lib/cookie.c index cb57b86387..ab790a1cdb 100644 --- a/contrib/libs/curl/lib/cookie.c +++ b/contrib/libs/curl/lib/cookie.c @@ -442,6 +442,30 @@ static bool bad_domain(const char *domain) } /* + RFC 6265 section 4.1.1 says a server should accept this range: + + cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E + + But Firefox and Chrome as of June 2022 accept space, comma and double-quotes + fine. The prime reason for filtering out control bytes is that some HTTP + servers return 400 for requests that contain such. +*/ +static int invalid_octets(const char *p) +{ + /* Reject all bytes \x01 - \x1f (*except* \x09, TAB) + \x7f */ + static const char badoctets[] = { + "\x01\x02\x03\x04\x05\x06\x07\x08\x0a" + "\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14" + "\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x7f" + }; + size_t vlen, len; + /* scan for all the octets that are *not* in cookie-octet */ + len = strcspn(p, badoctets); + vlen = strlen(p); + return (len != vlen); +} + +/* * Curl_cookie_add * * Add a single cookie line to the cookie keeping object. Be aware that @@ -595,6 +619,11 @@ Curl_cookie_add(struct Curl_easy *data, badcookie = TRUE; break; } + if(invalid_octets(whatptr) || invalid_octets(name)) { + infof(data, "invalid octets in name/value, cookie dropped"); + badcookie = TRUE; + break; + } } else if(!len) { /* @@ -637,7 +666,7 @@ Curl_cookie_add(struct Curl_easy *data, break; } } - else if(strcasecompare("domain", name)) { + else if(strcasecompare("domain", name) && whatptr[0]) { bool is_ip; /* @@ -1436,7 +1465,7 @@ struct Cookie *Curl_cookie_getlist(struct Curl_easy *data, matches++; if(matches >= MAX_COOKIE_SEND_AMOUNT) { - infof(data, "Included max number of cookies (%u) in request!", + infof(data, "Included max number of cookies (%zu) in request!", matches); break; } diff --git a/contrib/libs/curl/lib/curl_config-linux.h b/contrib/libs/curl/lib/curl_config-linux.h index 65591fbefd..8d065ebdd4 100644 --- a/contrib/libs/curl/lib/curl_config-linux.h +++ b/contrib/libs/curl/lib/curl_config-linux.h @@ -142,9 +142,6 @@ /* Define to 1 if you have the alarm function. */ #define HAVE_ALARM 1 -/* Define to 1 if you have the <alloca.h> header file. */ -#define HAVE_ALLOCA_H 1 - /* Define to 1 if you have the <arpa/inet.h> header file. */ #define HAVE_ARPA_INET_H 1 @@ -341,9 +338,6 @@ /* Define to 1 if you have the <inttypes.h> header file. */ #define HAVE_INTTYPES_H 1 -/* Define to 1 if you have the ioctl function. */ -#define HAVE_IOCTL 1 - /* Define to 1 if you have the ioctlsocket function. */ /* #undef HAVE_IOCTLSOCKET */ @@ -357,27 +351,15 @@ /* Define to 1 if you have a working ioctlsocket FIONBIO function. */ /* #undef HAVE_IOCTLSOCKET_FIONBIO */ -/* Define to 1 if you have a working ioctl FIONBIO function. */ -#define HAVE_IOCTL_FIONBIO 1 - -/* Define to 1 if you have a working ioctl SIOCGIFADDR function. */ -#define HAVE_IOCTL_SIOCGIFADDR 1 - /* Define to 1 if you have the <io.h> header file. */ /* #undef HAVE_IO_H */ /* Define to 1 if you have the lber.h header file. */ /* #undef HAVE_LBER_H */ -/* Define to 1 if you have the ldapssl.h header file. */ -/* #undef HAVE_LDAPSSL_H */ - /* Define to 1 if you have the ldap.h header file. */ /* #undef HAVE_LDAP_H */ -/* Define to 1 if you have the `ldap_init_fd' function. */ -/* #undef HAVE_LDAP_INIT_FD */ - /* Use LDAPS implementation */ /* #undef HAVE_LDAP_SSL */ @@ -429,27 +411,15 @@ /* Define to 1 if you have the <linux/tcp.h> header file. */ #define HAVE_LINUX_TCP_H 1 -/* if your compiler supports LL */ -#define HAVE_LL 1 - /* Define to 1 if you have the <locale.h> header file. */ #define HAVE_LOCALE_H 1 -/* Define to 1 if you have a working localtime_r function. */ -#define HAVE_LOCALTIME_R 1 - /* Define to 1 if the compiler supports the 'long long' data type. */ #define HAVE_LONGLONG 1 /* Define to 1 if you have the `mach_absolute_time' function. */ /* #undef HAVE_MACH_ABSOLUTE_TIME */ -/* Define to 1 if you have the malloc.h header file. */ -#define HAVE_MALLOC_H 1 - -/* Define to 1 if you have the memory.h header file. */ -/* #undef HAVE_MEMORY_H */ - /* Define to 1 if you have the memrchr function or macro. */ #define HAVE_MEMRCHR 1 @@ -527,9 +497,6 @@ /* if you have the PK11_CreateManagedGenericObject function */ /* #undef HAVE_PK11_CREATEMANAGEDGENERICOBJECT */ -/* Define to 1 if you have a working poll function. */ -#define HAVE_POLL 1 - /* If you have a fine poll */ #define HAVE_POLL_FINE 1 @@ -587,12 +554,6 @@ /* Define to 1 if you have the `setrlimit' function. */ #define HAVE_SETRLIMIT 1 -/* Define to 1 if you have the setsockopt function. */ -#define HAVE_SETSOCKOPT 1 - -/* Define to 1 if you have a working setsockopt SO_NONBLOCK function. */ -/* #undef HAVE_SETSOCKOPT_SO_NONBLOCK */ - /* Define to 1 if you have the sigaction function. */ #define HAVE_SIGACTION 1 @@ -626,6 +587,9 @@ /* Define to 1 if you have the <ssl.h> header file. */ /* #undef HAVE_SSL_H */ +/* Define to 1 if you have the <stdatomic.h> header file. */ +#define HAVE_STDATOMIC_H 1 + /* Define to 1 if you have the <stdbool.h> header file. */ #define HAVE_STDBOOL_H 1 @@ -659,18 +623,6 @@ /* Define to 1 if you have the <string.h> header file. */ #define HAVE_STRING_H 1 -/* Define to 1 if you have the strncmpi function. */ -/* #undef HAVE_STRNCMPI */ - -/* Define to 1 if you have the strnicmp function. */ -/* #undef HAVE_STRNICMP */ - -/* Define to 1 if you have the <stropts.h> header file. */ -/* #undef HAVE_STROPTS_H */ - -/* Define to 1 if you have the strstr function. */ -#define HAVE_STRSTR 1 - /* Define to 1 if you have the strtok_r function. */ #define HAVE_STRTOK_R 1 @@ -746,9 +698,6 @@ /* Define to 1 if you have the <unistd.h> header file. */ #define HAVE_UNISTD_H 1 -/* Define to 1 if you have the `usleep' function. */ -#define HAVE_USLEEP 1 - /* Define to 1 if you have the `utime' function. */ #define HAVE_UTIME 1 @@ -764,9 +713,6 @@ /* Define to 1 if compiler supports old gcc variadic macro style. */ #define HAVE_VARIADIC_MACROS_GCC 1 -/* Define to 1 if you have the winber.h header file. */ -/* #undef HAVE_WINBER_H */ - /* Define to 1 if you have the wincrypt.h header file. */ /* #undef HAVE_WINCRYPT_H */ @@ -794,9 +740,6 @@ /* Define this symbol if your OS supports changing the contents of argv */ #define HAVE_WRITABLE_ARGV 1 -/* Define to 1 if you have the writev function. */ -#define HAVE_WRITEV 1 - /* Define to 1 if you have the ws2tcpip.h header file. */ /* #undef HAVE_WS2TCPIP_H */ @@ -818,12 +761,6 @@ /* Define to 1 if you need the lber.h header file even with ldap.h */ /* #undef NEED_LBER_H */ -/* Define to 1 if you need the malloc.h header file even with stdlib.h */ -/* #undef NEED_MALLOC_H */ - -/* Define to 1 if you need the memory.h header file even with stdlib.h */ -/* #undef NEED_MEMORY_H */ - /* Define to 1 if _REENTRANT preprocessor symbol must be defined. */ /* #undef NEED_REENTRANT */ @@ -911,34 +848,29 @@ /* Define to the function return type for send. */ #define SEND_TYPE_RETV ssize_t -/* The number of bytes in type curl_off_t */ +/* Size of curl_off_t in number of bytes */ #define SIZEOF_CURL_OFF_T 8 -/* The number of bytes in type int */ +/* Size of int in number of bytes */ #ifndef SIZEOF_INT #error undefined SIZEOF_INT #endif -/* The number of bytes in type long */ +/* Size of long in number of bytes */ #ifndef SIZEOF_LONG #error undefined SIZEOF_LONG #endif -/* The number of bytes in type long long */ +/* Size of long long in number of bytes */ /* #undef SIZEOF_LONG_LONG */ -/* The number of bytes in type off_t */ +/* Size of off_t in number of bytes */ #define SIZEOF_OFF_T 8 -/* The number of bytes in type short */ -#ifndef SIZEOF_SHORT -#error undefined SIZEOF_SHORT -#endif - -/* The number of bytes in type size_t */ +/* Size of size_t in number of bytes */ #define SIZEOF_SIZE_T 8 -/* The number of bytes in type time_t */ +/* Size of time_t in number of bytes */ #define SIZEOF_TIME_T SIZEOF_LONG /* Define to 1 if all of the C90 standard headers exist (not just the ones @@ -946,9 +878,6 @@ backward compatibility; new code need not use it. */ #define STDC_HEADERS 1 -/* Define to the type of arg 3 for strerror_r. */ -#define STRERROR_R_TYPE_ARG3 size_t - /* if AmiSSL is in use */ /* #undef USE_AMISSL */ @@ -1006,6 +935,9 @@ /* if ngtcp2_crypto_openssl is in use */ /* #undef USE_NGTCP2_CRYPTO_OPENSSL */ +/* if ngtcp2_crypto_wolfssl is in use */ +/* #undef USE_NGTCP2_CRYPTO_WOLFSSL */ + /* if NSS is enabled */ /* #undef USE_NSS */ diff --git a/contrib/libs/curl/lib/curl_ntlm_core.c b/contrib/libs/curl/lib/curl_ntlm_core.c index 637e7e01dc..a977c2e0af 100644 --- a/contrib/libs/curl/lib/curl_ntlm_core.c +++ b/contrib/libs/curl/lib/curl_ntlm_core.c @@ -60,17 +60,17 @@ #if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) -#ifdef USE_WOLFSSL +#if defined(USE_OPENSSL) +# include <openssl/des.h> +# include <openssl/md5.h> +# include <openssl/ssl.h> +# include <openssl/rand.h> +#else # error #include <wolfssl/options.h> # error #include <wolfssl/openssl/des.h> # error #include <wolfssl/openssl/md5.h> # error #include <wolfssl/openssl/ssl.h> # error #include <wolfssl/openssl/rand.h> -#else -# include <openssl/des.h> -# include <openssl/md5.h> -# include <openssl/ssl.h> -# include <openssl/rand.h> #endif # if (defined(OPENSSL_VERSION_NUMBER) && \ diff --git a/contrib/libs/curl/lib/curl_path.c b/contrib/libs/curl/lib/curl_path.c index 43514fa47d..92e3464956 100644 --- a/contrib/libs/curl/lib/curl_path.c +++ b/contrib/libs/curl/lib/curl_path.c @@ -18,7 +18,7 @@ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * - * SPDX-License-Identifier: curl + * SPDX-License-Identifier: curl AND ISC * ***************************************************************************/ diff --git a/contrib/libs/curl/lib/curl_setup.h b/contrib/libs/curl/lib/curl_setup.h index b0a1ba2832..16a648ef32 100644 --- a/contrib/libs/curl/lib/curl_setup.h +++ b/contrib/libs/curl/lib/curl_setup.h @@ -274,14 +274,41 @@ #endif #ifdef __AMIGA__ +# ifdef __amigaos4__ +# define __USE_INLINE__ + /* use our own resolver which uses runtime feature detection */ +# define CURLRES_AMIGA + /* getaddrinfo() currently crashes bsdsocket.library, so disable */ +# undef HAVE_GETADDRINFO +# if !(defined(__NEWLIB__) || \ + (defined(__CLIB2__) && defined(__THREAD_SAFE))) + /* disable threaded resolver with clib2 - requires newlib or clib-ts */ +# undef USE_THREADS_POSIX +# endif +# endif # include <exec/types.h> # include <exec/execbase.h> # include <proto/exec.h> # include <proto/dos.h> # include <unistd.h> -# ifdef HAVE_PROTO_BSDSOCKET_H -# error #include <proto/bsdsocket.h> /* ensure bsdsocket.library use */ -# define select(a,b,c,d,e) WaitSelect(a,b,c,d,e,0) +# if defined(HAVE_PROTO_BSDSOCKET_H) && \ + (!defined(__amigaos4__) || defined(USE_AMISSL)) + /* use bsdsocket.library directly, instead of libc networking functions */ +# error #include <proto/bsdsocket.h> +# ifdef __amigaos4__ + int Curl_amiga_select(int nfds, fd_set *readfds, fd_set *writefds, + fd_set *errorfds, struct timeval *timeout); +# define select(a,b,c,d,e) Curl_amiga_select(a,b,c,d,e) +# else +# define select(a,b,c,d,e) WaitSelect(a,b,c,d,e,0) +# endif + /* must not use libc's fcntl() on bsdsocket.library sockfds! */ +# undef HAVE_FCNTL +# undef HAVE_FCNTL_O_NONBLOCK +# else + /* use libc networking and hence close() and fnctl() */ +# undef HAVE_CLOSESOCKET_CAMEL +# undef HAVE_IOCTLSOCKET_CAMEL # endif /* * In clib2 arpa/inet.h warns that some prototypes may clash @@ -563,7 +590,6 @@ /* now undef the stock libc functions just to avoid them being used */ # undef HAVE_GETADDRINFO # undef HAVE_FREEADDRINFO -# undef HAVE_GETHOSTBYNAME #elif defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32) # define CURLRES_ASYNCH # define CURLRES_THREADED diff --git a/contrib/libs/curl/lib/curl_setup_once.h b/contrib/libs/curl/lib/curl_setup_once.h index 656dc08373..e9730c9282 100644 --- a/contrib/libs/curl/lib/curl_setup_once.h +++ b/contrib/libs/curl/lib/curl_setup_once.h @@ -204,46 +204,6 @@ struct timeval { #endif /* HAVE_SEND */ -#if 0 -#if defined(HAVE_RECVFROM) -/* - * Currently recvfrom is only used on udp sockets. - */ -#if !defined(RECVFROM_TYPE_ARG1) || \ - !defined(RECVFROM_TYPE_ARG2) || \ - !defined(RECVFROM_TYPE_ARG3) || \ - !defined(RECVFROM_TYPE_ARG4) || \ - !defined(RECVFROM_TYPE_ARG5) || \ - !defined(RECVFROM_TYPE_ARG6) || \ - !defined(RECVFROM_TYPE_RETV) - /* */ - Error Missing_definition_of_return_and_arguments_types_of_recvfrom - /* */ -#else -#define sreadfrom(s,b,bl,f,fl) (ssize_t)recvfrom((RECVFROM_TYPE_ARG1) (s), \ - (RECVFROM_TYPE_ARG2 *)(b), \ - (RECVFROM_TYPE_ARG3) (bl), \ - (RECVFROM_TYPE_ARG4) (0), \ - (RECVFROM_TYPE_ARG5 *)(f), \ - (RECVFROM_TYPE_ARG6 *)(fl)) -#endif -#else /* HAVE_RECVFROM */ -#ifndef sreadfrom - /* */ - Error Missing_definition_of_macro_sreadfrom - /* */ -#endif -#endif /* HAVE_RECVFROM */ - - -#ifdef RECVFROM_TYPE_ARG6_IS_VOID -# define RECVFROM_ARG6_T int -#else -# define RECVFROM_ARG6_T RECVFROM_TYPE_ARG6 -#endif -#endif /* if 0 */ - - /* * Function-like macro definition used to close a socket. */ diff --git a/contrib/libs/curl/lib/doh.c b/contrib/libs/curl/lib/doh.c index a21c94f880..a86e157fc0 100644 --- a/contrib/libs/curl/lib/doh.c +++ b/contrib/libs/curl/lib/doh.c @@ -243,6 +243,7 @@ static CURLcode dohprobe(struct Curl_easy *data, the gcc typecheck helpers */ struct dynbuf *resp = &p->serverdoh; ERROR_CHECK_SETOPT(CURLOPT_URL, url); + ERROR_CHECK_SETOPT(CURLOPT_DEFAULT_PROTOCOL, "https"); ERROR_CHECK_SETOPT(CURLOPT_WRITEFUNCTION, doh_write_cb); ERROR_CHECK_SETOPT(CURLOPT_WRITEDATA, resp); ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDS, p->dohbuffer); diff --git a/contrib/libs/curl/lib/doh.h b/contrib/libs/curl/lib/doh.h index f8b6435350..678e807fe4 100644 --- a/contrib/libs/curl/lib/doh.h +++ b/contrib/libs/curl/lib/doh.h @@ -29,21 +29,6 @@ #ifndef CURL_DISABLE_DOH -/* - * Curl_doh() resolve a name using DoH (DNS-over-HTTPS). It resolves a name - * and returns a 'Curl_addrinfo *' with the address information. - */ - -struct Curl_addrinfo *Curl_doh(struct Curl_easy *data, - const char *hostname, - int port, - int *waitp); - -CURLcode Curl_doh_is_resolved(struct Curl_easy *data, - struct Curl_dns_entry **dns); - -int Curl_doh_getsock(struct connectdata *conn, curl_socket_t *socks); - typedef enum { DOH_OK, DOH_DNS_BAD_LABEL, /* 1 */ @@ -69,6 +54,38 @@ typedef enum { DNS_TYPE_DNAME = 39 /* RFC6672 */ } DNStype; +/* one of these for each DoH request */ +struct dnsprobe { + CURL *easy; + DNStype dnstype; + unsigned char dohbuffer[512]; + size_t dohlen; + struct dynbuf serverdoh; +}; + +struct dohdata { + struct curl_slist *headers; + struct dnsprobe probe[DOH_PROBE_SLOTS]; + unsigned int pending; /* still outstanding requests */ + int port; + const char *host; +}; + +/* + * Curl_doh() resolve a name using DoH (DNS-over-HTTPS). It resolves a name + * and returns a 'Curl_addrinfo *' with the address information. + */ + +struct Curl_addrinfo *Curl_doh(struct Curl_easy *data, + const char *hostname, + int port, + int *waitp); + +CURLcode Curl_doh_is_resolved(struct Curl_easy *data, + struct Curl_dns_entry **dns); + +int Curl_doh_getsock(struct connectdata *conn, curl_socket_t *socks); + #define DOH_MAX_ADDR 24 #define DOH_MAX_CNAME 4 diff --git a/contrib/libs/curl/lib/easy.c b/contrib/libs/curl/lib/easy.c index 704a59df62..148b3615e3 100644 --- a/contrib/libs/curl/lib/easy.c +++ b/contrib/libs/curl/lib/easy.c @@ -82,11 +82,12 @@ #include "altsvc.h" #include "hsts.h" +#include "easy_lock.h" + /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" #include "memdebug.h" -#include "easy_lock.h" /* true globals -- for curl_global_init() and curl_global_cleanup() */ static unsigned int initialized; @@ -177,7 +178,7 @@ static CURLcode global_init(long flags, bool memoryfuncs) #endif #ifdef __AMIGA__ - if(!Curl_amiga_init()) { + if(Curl_amiga_init()) { DEBUGF(fprintf(stderr, "Error: Curl_amiga_init failed\n")); goto fail; } @@ -725,7 +726,7 @@ static CURLcode easy_perform(struct Curl_easy *data, bool events) else { /* this multi handle will only ever have a single easy handled attached to it, so make it use minimal hashes */ - multi = Curl_multi_handle(1, 3); + multi = Curl_multi_handle(1, 3, 7); if(!multi) return CURLE_OUT_OF_MEMORY; data->multi_easy = multi; @@ -1132,6 +1133,16 @@ CURLcode curl_easy_pause(struct Curl_easy *data, int action) } } +#ifdef USE_HYPER + if(!(newstate & KEEP_SEND_PAUSE)) { + /* need to wake the send body waker */ + if(data->hyp.send_body_waker) { + hyper_waker_wake(data->hyp.send_body_waker); + data->hyp.send_body_waker = NULL; + } + } +#endif + /* if there's no error and we're not pausing both directions, we want to have this handle checked soon */ if((newstate & (KEEP_RECV_PAUSE|KEEP_SEND_PAUSE)) != diff --git a/contrib/libs/curl/lib/easy_lock.h b/contrib/libs/curl/lib/easy_lock.h index 819f50ce81..4c22be5f8a 100644 --- a/contrib/libs/curl/lib/easy_lock.h +++ b/contrib/libs/curl/lib/easy_lock.h @@ -28,6 +28,19 @@ #if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 +#ifdef __MINGW32__ +#ifndef __MINGW64_VERSION_MAJOR +#if (__MINGW32_MAJOR_VERSION < 5) || \ + (__MINGW32_MAJOR_VERSION == 5 && __MINGW32_MINOR_VERSION == 0) +/* mingw >= 5.0.1 defines SRWLOCK, and slightly different from MS define */ +typedef PVOID SRWLOCK, *PSRWLOCK; +#endif +#endif +#ifndef SRWLOCK_INIT +#define SRWLOCK_INIT NULL +#endif +#endif /* __MINGW32__ */ + #define curl_simple_lock SRWLOCK #define CURL_SIMPLE_LOCK_INIT SRWLOCK_INIT @@ -36,9 +49,30 @@ #elif defined (HAVE_ATOMIC) #include <stdatomic.h> +#if defined(HAVE_SCHED_YIELD) +#include <sched.h> +#endif + +#define curl_simple_lock atomic_int +#define CURL_SIMPLE_LOCK_INIT 0 -#define curl_simple_lock atomic_bool -#define CURL_SIMPLE_LOCK_INIT false +/* a clang-thing */ +#ifndef __has_builtin +#define __has_builtin(x) 0 +#endif + +#ifndef __INTEL_COMPILER +/* The Intel compiler tries to look like GCC *and* clang *and* lies in its + __has_builtin() function, so override it. */ + +/* if GCC on i386/x86_64 or if the built-in is present */ +#if ( (defined(__GNUC__) && !defined(__clang__)) && \ + (defined(__i386__) || defined(__x86_64__))) || \ + __has_builtin(__builtin_ia32_pause) +#define HAVE_BUILTIN_IA32_PAUSE +#endif + +#endif static inline void curl_simple_lock_lock(curl_simple_lock *lock) { @@ -48,10 +82,10 @@ static inline void curl_simple_lock_lock(curl_simple_lock *lock) /* Reduce cache coherency traffic */ while(atomic_load_explicit(lock, memory_order_relaxed)) { /* Reduce load (not mandatory) */ -#if defined(__i386__) || defined(__x86_64__) +#ifdef HAVE_BUILTIN_IA32_PAUSE __builtin_ia32_pause(); #elif defined(__aarch64__) - asm volatile("yield" ::: "memory"); + __asm__ volatile("yield" ::: "memory"); #elif defined(HAVE_SCHED_YIELD) sched_yield(); #endif diff --git a/contrib/libs/curl/lib/easyoptions.c b/contrib/libs/curl/lib/easyoptions.c index c99f135ffe..412aefd990 100644 --- a/contrib/libs/curl/lib/easyoptions.c +++ b/contrib/libs/curl/lib/easyoptions.c @@ -107,7 +107,8 @@ struct curl_easyoption Curl_easyopts[] = { {"FTP_CREATE_MISSING_DIRS", CURLOPT_FTP_CREATE_MISSING_DIRS, CURLOT_LONG, 0}, {"FTP_FILEMETHOD", CURLOPT_FTP_FILEMETHOD, CURLOT_VALUES, 0}, - {"FTP_RESPONSE_TIMEOUT", CURLOPT_FTP_RESPONSE_TIMEOUT, CURLOT_LONG, 0}, + {"FTP_RESPONSE_TIMEOUT", CURLOPT_SERVER_RESPONSE_TIMEOUT, + CURLOT_LONG, CURLOT_FLAG_ALIAS}, {"FTP_SKIP_PASV_IP", CURLOPT_FTP_SKIP_PASV_IP, CURLOT_LONG, 0}, {"FTP_SSL", CURLOPT_USE_SSL, CURLOT_VALUES, CURLOT_FLAG_ALIAS}, {"FTP_SSL_CCC", CURLOPT_FTP_SSL_CCC, CURLOT_LONG, 0}, @@ -203,6 +204,7 @@ struct curl_easyoption Curl_easyopts[] = { {"PROGRESSDATA", CURLOPT_XFERINFODATA, CURLOT_CBPTR, CURLOT_FLAG_ALIAS}, {"PROGRESSFUNCTION", CURLOPT_PROGRESSFUNCTION, CURLOT_FUNCTION, 0}, {"PROTOCOLS", CURLOPT_PROTOCOLS, CURLOT_LONG, 0}, + {"PROTOCOLS_STR", CURLOPT_PROTOCOLS_STR, CURLOT_STRING, 0}, {"PROXY", CURLOPT_PROXY, CURLOT_STRING, 0}, {"PROXYAUTH", CURLOPT_PROXYAUTH, CURLOT_VALUES, 0}, {"PROXYHEADER", CURLOPT_PROXYHEADER, CURLOT_SLIST, 0}, @@ -245,6 +247,7 @@ struct curl_easyoption Curl_easyopts[] = { {"READDATA", CURLOPT_READDATA, CURLOT_CBPTR, 0}, {"READFUNCTION", CURLOPT_READFUNCTION, CURLOT_FUNCTION, 0}, {"REDIR_PROTOCOLS", CURLOPT_REDIR_PROTOCOLS, CURLOT_LONG, 0}, + {"REDIR_PROTOCOLS_STR", CURLOPT_REDIR_PROTOCOLS_STR, CURLOT_STRING, 0}, {"REFERER", CURLOPT_REFERER, CURLOT_STRING, 0}, {"REQUEST_TARGET", CURLOPT_REQUEST_TARGET, CURLOT_STRING, 0}, {"RESOLVE", CURLOPT_RESOLVE, CURLOT_SLIST, 0}, @@ -264,8 +267,8 @@ struct curl_easyoption Curl_easyopts[] = { {"SASL_IR", CURLOPT_SASL_IR, CURLOT_LONG, 0}, {"SEEKDATA", CURLOPT_SEEKDATA, CURLOT_CBPTR, 0}, {"SEEKFUNCTION", CURLOPT_SEEKFUNCTION, CURLOT_FUNCTION, 0}, - {"SERVER_RESPONSE_TIMEOUT", CURLOPT_FTP_RESPONSE_TIMEOUT, - CURLOT_LONG, CURLOT_FLAG_ALIAS}, + {"SERVER_RESPONSE_TIMEOUT", CURLOPT_SERVER_RESPONSE_TIMEOUT, + CURLOT_LONG, 0}, {"SERVICE_NAME", CURLOPT_SERVICE_NAME, CURLOT_STRING, 0}, {"SHARE", CURLOPT_SHARE, CURLOT_OBJECT, 0}, {"SOCKOPTDATA", CURLOPT_SOCKOPTDATA, CURLOT_CBPTR, 0}, @@ -275,14 +278,14 @@ struct curl_easyoption Curl_easyopts[] = { {"SOCKS5_GSSAPI_SERVICE", CURLOPT_SOCKS5_GSSAPI_SERVICE, CURLOT_STRING, 0}, {"SSH_AUTH_TYPES", CURLOPT_SSH_AUTH_TYPES, CURLOT_VALUES, 0}, {"SSH_COMPRESSION", CURLOPT_SSH_COMPRESSION, CURLOT_LONG, 0}, + {"SSH_HOSTKEYDATA", CURLOPT_SSH_HOSTKEYDATA, CURLOT_CBPTR, 0}, + {"SSH_HOSTKEYFUNCTION", CURLOPT_SSH_HOSTKEYFUNCTION, CURLOT_FUNCTION, 0}, {"SSH_HOST_PUBLIC_KEY_MD5", CURLOPT_SSH_HOST_PUBLIC_KEY_MD5, CURLOT_STRING, 0}, {"SSH_HOST_PUBLIC_KEY_SHA256", CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256, CURLOT_STRING, 0}, {"SSH_KEYDATA", CURLOPT_SSH_KEYDATA, CURLOT_CBPTR, 0}, {"SSH_KEYFUNCTION", CURLOPT_SSH_KEYFUNCTION, CURLOT_FUNCTION, 0}, - {"SSH_HOSTKEYDATA", CURLOPT_SSH_HOSTKEYDATA, CURLOT_CBPTR, 0}, - {"SSH_HOSTKEYFUNCTION", CURLOPT_SSH_HOSTKEYFUNCTION, CURLOT_FUNCTION, 0}, {"SSH_KNOWNHOSTS", CURLOPT_SSH_KNOWNHOSTS, CURLOT_STRING, 0}, {"SSH_PRIVATE_KEYFILE", CURLOPT_SSH_PRIVATE_KEYFILE, CURLOT_STRING, 0}, {"SSH_PUBLIC_KEYFILE", CURLOPT_SSH_PUBLIC_KEYFILE, CURLOT_STRING, 0}, @@ -354,7 +357,7 @@ struct curl_easyoption Curl_easyopts[] = { {"XFERINFODATA", CURLOPT_XFERINFODATA, CURLOT_CBPTR, 0}, {"XFERINFOFUNCTION", CURLOPT_XFERINFOFUNCTION, CURLOT_FUNCTION, 0}, {"XOAUTH2_BEARER", CURLOPT_XOAUTH2_BEARER, CURLOT_STRING, 0}, - {NULL, CURLOPT_LASTENTRY, 0, 0} /* end of table */ + {NULL, CURLOPT_LASTENTRY, CURLOT_LONG, 0} /* end of table */ }; #ifdef DEBUGBUILD @@ -364,6 +367,6 @@ struct curl_easyoption Curl_easyopts[] = { */ int Curl_easyopts_check(void) { - return ((CURLOPT_LASTENTRY%10000) != (317 + 1)); + return ((CURLOPT_LASTENTRY%10000) != (319 + 1)); } #endif diff --git a/contrib/libs/curl/lib/escape.c b/contrib/libs/curl/lib/escape.c index 650e40932c..da7e5524f7 100644 --- a/contrib/libs/curl/lib/escape.c +++ b/contrib/libs/curl/lib/escape.c @@ -77,6 +77,9 @@ char *curl_unescape(const char *string, int length) return curl_easy_unescape(NULL, string, length, NULL); } +/* Escapes for URL the given unescaped string of given length. + * 'data' is ignored since 7.82.0. + */ char *curl_easy_escape(struct Curl_easy *data, const char *string, int inlength) { @@ -118,8 +121,6 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string, * Returns a pointer to a malloced string in *ostring with length given in * *olen. If length == 0, the length is assumed to be strlen(string). * - * 'data' can be set to NULL - * * ctrl options: * - REJECT_NADA: accept everything * - REJECT_CTRL: rejects control characters (byte codes lower than 32) in @@ -193,6 +194,7 @@ CURLcode Curl_urldecode(const char *string, size_t length, * pointer to a malloced string with length given in *olen. * If length == 0, the length is assumed to be strlen(string). * If olen == NULL, no output length is stored. + * 'data' is ignored since 7.82.0. */ char *curl_easy_unescape(struct Curl_easy *data, const char *string, int length, int *olen) diff --git a/contrib/libs/curl/lib/file.c b/contrib/libs/curl/lib/file.c index 40a5e42fa3..d82d57b463 100644 --- a/contrib/libs/curl/lib/file.c +++ b/contrib/libs/curl/lib/file.c @@ -71,6 +71,8 @@ #if defined(WIN32) || defined(MSDOS) || defined(__EMX__) #define DOS_FILESYSTEM 1 +#elif defined(__amigaos4__) +#define AMIGA_FILESYSTEM 1 #endif #ifdef OPEN_NEEDS_ARG3 @@ -196,8 +198,33 @@ static CURLcode file_connect(struct Curl_easy *data, bool *done) return CURLE_URL_MALFORMAT; } + #ifdef AMIGA_FILESYSTEM + /* + * A leading slash in an AmigaDOS path denotes the parent + * directory, and hence we block this as it is relative. + * Absolute paths start with 'volumename:', so we check for + * this first. Failing that, we treat the path as a real unix + * path, but only if the application was compiled with -lunix. + */ + fd = -1; + file->path = real_path; + + if(real_path[0] == '/') { + extern int __unix_path_semantics; + if(strchr(real_path + 1, ':')) { + /* Amiga absolute path */ + fd = open_readonly(real_path + 1, O_RDONLY); + file->path++; + } + else if(__unix_path_semantics) { + /* -lunix fallback */ + fd = open_readonly(real_path, O_RDONLY); + } + } + #else fd = open_readonly(real_path, O_RDONLY); file->path = real_path; + #endif #endif file->freepath = real_path; /* free this when done */ @@ -236,7 +263,7 @@ static CURLcode file_disconnect(struct Curl_easy *data, { (void)dead_connection; /* not used */ (void)conn; - return file_done(data, 0, 0); + return file_done(data, CURLE_OK, FALSE); } #ifdef DOS_FILESYSTEM diff --git a/contrib/libs/curl/lib/ftp.c b/contrib/libs/curl/lib/ftp.c index e6e9821c9c..0473a8af00 100644 --- a/contrib/libs/curl/lib/ftp.c +++ b/contrib/libs/curl/lib/ftp.c @@ -518,7 +518,8 @@ static CURLcode AllowServerConnect(struct Curl_easy *data, bool *connected) /* Add timeout to multi handle and break out of the loop */ if(*connected == FALSE) { Curl_expire(data, data->set.accepttimeout > 0 ? - data->set.accepttimeout: DEFAULT_ACCEPT_TIMEOUT, 0); + data->set.accepttimeout: DEFAULT_ACCEPT_TIMEOUT, + EXPIRE_FTP_ACCEPT); } } diff --git a/contrib/libs/curl/lib/getinfo.c b/contrib/libs/curl/lib/getinfo.c index 758cf54bbe..c3556b3102 100644 --- a/contrib/libs/curl/lib/getinfo.c +++ b/contrib/libs/curl/lib/getinfo.c @@ -578,7 +578,7 @@ CURLcode Curl_getinfo(struct Curl_easy *data, CURLINFO info, ...) CURLcode result = CURLE_UNKNOWN_OPTION; if(!data) - return result; + return CURLE_BAD_FUNCTION_ARGUMENT; va_start(arg, info); diff --git a/contrib/libs/curl/lib/h2h3.c b/contrib/libs/curl/lib/h2h3.c index 9453cf55b7..5d26bf0f21 100644 --- a/contrib/libs/curl/lib/h2h3.c +++ b/contrib/libs/curl/lib/h2h3.c @@ -258,9 +258,6 @@ CURLcode Curl_pseudo_headers(struct Curl_easy *data, nva[i].valuelen = (end - hdbuf); } - nva[i].value = hdbuf; - nva[i].valuelen = (end - hdbuf); - ++i; } diff --git a/contrib/libs/curl/lib/headers.c b/contrib/libs/curl/lib/headers.c index 154623737a..d1e0ed7544 100644 --- a/contrib/libs/curl/lib/headers.c +++ b/contrib/libs/curl/lib/headers.c @@ -74,8 +74,8 @@ CURLHcode curl_easy_header(CURL *easy, struct Curl_header_store *hs = NULL; struct Curl_header_store *pick = NULL; if(!name || !hout || !data || - (type > (CURLH_HEADER|CURLH_TRAILER|CURLH_CONNECT|CURLH_1XX)) || - !type || (request < -1)) + (type > (CURLH_HEADER|CURLH_TRAILER|CURLH_CONNECT|CURLH_1XX| + CURLH_PSEUDO)) || !type || (request < -1)) return CURLHE_BAD_ARGUMENT; if(!Curl_llist_count(&data->state.httphdrs)) return CURLHE_NOHEADERS; /* no headers available */ diff --git a/contrib/libs/curl/lib/hostip.c b/contrib/libs/curl/lib/hostip.c index 372c57221b..d5224bfd45 100644 --- a/contrib/libs/curl/lib/hostip.c +++ b/contrib/libs/curl/lib/hostip.c @@ -463,12 +463,12 @@ Curl_cache_addr(struct Curl_easy *data, } #ifdef ENABLE_IPV6 -/* return a static IPv6 resolve for 'localhost' */ -static struct Curl_addrinfo *get_localhost6(int port) +/* return a static IPv6 ::1 for the name */ +static struct Curl_addrinfo *get_localhost6(int port, const char *name) { struct Curl_addrinfo *ca; const size_t ss_size = sizeof(struct sockaddr_in6); - const size_t hostlen = strlen("localhost"); + const size_t hostlen = strlen(name); struct sockaddr_in6 sa6; unsigned char ipv6[16]; unsigned short port16 = (unsigned short)(port & 0xffff); @@ -493,19 +493,19 @@ static struct Curl_addrinfo *get_localhost6(int port) ca->ai_addr = (void *)((char *)ca + sizeof(struct Curl_addrinfo)); memcpy(ca->ai_addr, &sa6, ss_size); ca->ai_canonname = (char *)ca->ai_addr + ss_size; - strcpy(ca->ai_canonname, "localhost"); + strcpy(ca->ai_canonname, name); return ca; } #else -#define get_localhost6(x) NULL +#define get_localhost6(x,y) NULL #endif -/* return a static IPv4 resolve for 'localhost' */ -static struct Curl_addrinfo *get_localhost(int port) +/* return a static IPv4 127.0.0.1 for the given name */ +static struct Curl_addrinfo *get_localhost(int port, const char *name) { struct Curl_addrinfo *ca; const size_t ss_size = sizeof(struct sockaddr_in); - const size_t hostlen = strlen("localhost"); + const size_t hostlen = strlen(name); struct sockaddr_in sa; unsigned int ipv4; unsigned short port16 = (unsigned short)(port & 0xffff); @@ -529,8 +529,8 @@ static struct Curl_addrinfo *get_localhost(int port) ca->ai_addr = (void *)((char *)ca + sizeof(struct Curl_addrinfo)); memcpy(ca->ai_addr, &sa, ss_size); ca->ai_canonname = (char *)ca->ai_addr + ss_size; - strcpy(ca->ai_canonname, "localhost"); - ca->ai_next = get_localhost6(port); + strcpy(ca->ai_canonname, name); + ca->ai_next = get_localhost6(port, name); return ca; } @@ -583,6 +583,17 @@ bool Curl_host_is_ipnum(const char *hostname) return FALSE; } + +/* return TRUE if 'part' is a case insentive tail of 'full' */ +static bool tailmatch(const char *full, const char *part) +{ + size_t plen = strlen(part); + size_t flen = strlen(full); + if(plen > flen) + return FALSE; + return strncasecompare(part, &full[flen - plen], plen); +} + /* * Curl_resolv() is the main name resolve function within libcurl. It resolves * a name and returns a pointer to the entry in the 'entry' argument (if one @@ -718,8 +729,9 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, if(conn->ip_version == CURL_IPRESOLVE_V6 && !Curl_ipv6works(data)) return CURLRESOLV_ERROR; - if(strcasecompare(hostname, "localhost")) - addr = get_localhost(port); + if(strcasecompare(hostname, "localhost") || + tailmatch(hostname, ".localhost")) + addr = get_localhost(port, hostname); #ifndef CURL_DISABLE_DOH else if(allowDOH && data->set.doh && !ipnum) addr = Curl_doh(data, hostname, port, &respwait); @@ -993,9 +1005,9 @@ static void freednsentry(void *freethis) /* * Curl_init_dnscache() inits a new DNS cache. */ -void Curl_init_dnscache(struct Curl_hash *hash) +void Curl_init_dnscache(struct Curl_hash *hash, int size) { - Curl_hash_init(hash, 7, Curl_hash_str, Curl_str_key_compare, + Curl_hash_init(hash, size, Curl_hash_str, Curl_str_key_compare, freednsentry); } diff --git a/contrib/libs/curl/lib/hostip.h b/contrib/libs/curl/lib/hostip.h index 4b603378bd..9d3170737c 100644 --- a/contrib/libs/curl/lib/hostip.h +++ b/contrib/libs/curl/lib/hostip.h @@ -132,7 +132,7 @@ void Curl_resolv_unlock(struct Curl_easy *data, struct Curl_dns_entry *dns); /* init a new dns cache */ -void Curl_init_dnscache(struct Curl_hash *hash); +void Curl_init_dnscache(struct Curl_hash *hash, int hashsize); /* prune old entries from the DNS cache */ void Curl_hostcache_prune(struct Curl_easy *data); diff --git a/contrib/libs/curl/lib/hostip4.c b/contrib/libs/curl/lib/hostip4.c index 47da6055a9..1dd54e879d 100644 --- a/contrib/libs/curl/lib/hostip4.c +++ b/contrib/libs/curl/lib/hostip4.c @@ -112,7 +112,8 @@ struct Curl_addrinfo *Curl_getaddrinfo(struct Curl_easy *data, #endif /* CURLRES_SYNCH */ #endif /* CURLRES_IPV4 */ -#if defined(CURLRES_IPV4) && !defined(CURLRES_ARES) +#if defined(CURLRES_IPV4) && \ + !defined(CURLRES_ARES) && !defined(CURLRES_AMIGA) /* * Curl_ipv4_resolve_r() - ipv4 threadsafe resolver function. @@ -297,4 +298,5 @@ struct Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname, return ai; } -#endif /* defined(CURLRES_IPV4) && !defined(CURLRES_ARES) */ +#endif /* defined(CURLRES_IPV4) && !defined(CURLRES_ARES) && + !defined(CURLRES_AMIGA) */ diff --git a/contrib/libs/curl/lib/http.c b/contrib/libs/curl/lib/http.c index a0088a1766..48571ab52c 100644 --- a/contrib/libs/curl/lib/http.c +++ b/contrib/libs/curl/lib/http.c @@ -2032,7 +2032,7 @@ CURLcode Curl_add_timecondition(struct Curl_easy *data, void Curl_http_method(struct Curl_easy *data, struct connectdata *conn, const char **method, Curl_HttpReq *reqp) { - Curl_HttpReq httpreq = data->state.httpreq; + Curl_HttpReq httpreq = (Curl_HttpReq)data->state.httpreq; const char *request; if((conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_FTP)) && data->set.upload) diff --git a/contrib/libs/curl/lib/http.h b/contrib/libs/curl/lib/http.h index 9eff6b1ff9..2ac287eca8 100644 --- a/contrib/libs/curl/lib/http.h +++ b/contrib/libs/curl/lib/http.h @@ -227,13 +227,11 @@ struct HTTP { /*********** for HTTP/2 we store stream-local data here *************/ int32_t stream_id; /* stream we are interested in */ - bool bodystarted; /* We store non-final and final response headers here, per-stream */ struct dynbuf header_recvbuf; size_t nread_header_recvbuf; /* number of bytes in header_recvbuf fed into upper layer */ struct dynbuf trailer_recvbuf; - int status_code; /* HTTP status code */ const uint8_t *pausedata; /* pointer to data received in on_data_chunk */ size_t pauselen; /* the number of bytes left in data */ bool close_handled; /* TRUE if stream closure is handled by libcurl */ @@ -244,6 +242,8 @@ struct HTTP { uint32_t error; /* HTTP/2 stream error code */ #endif #if defined(USE_NGHTTP2) || defined(USE_NGHTTP3) + bool bodystarted; + int status_code; /* HTTP status code */ bool closed; /* TRUE on HTTP2 stream close */ char *mem; /* points to a buffer in memory to store received data */ size_t len; /* size of the buffer 'mem' points to */ @@ -260,6 +260,7 @@ struct HTTP { #ifndef USE_MSH3 /*********** for HTTP/3 we store stream-local data here *************/ int64_t stream3_id; /* stream we are interested in */ + uint64_t error3; /* HTTP/3 stream error code */ bool firstheader; /* FALSE until headers arrive */ bool firstbody; /* FALSE until body arrives */ bool h3req; /* FALSE until request is issued */ diff --git a/contrib/libs/curl/lib/http_aws_sigv4.c b/contrib/libs/curl/lib/http_aws_sigv4.c index 390236bc6c..d144fb817a 100644 --- a/contrib/libs/curl/lib/http_aws_sigv4.c +++ b/contrib/libs/curl/lib/http_aws_sigv4.c @@ -29,8 +29,6 @@ #include "urldata.h" #include "strcase.h" #include "strdup.h" -#include "vauth/vauth.h" -#include "vauth/digest.h" #include "http_aws_sigv4.h" #include "curl_sha256.h" #include "transfer.h" diff --git a/contrib/libs/curl/lib/http_chunks.c b/contrib/libs/curl/lib/http_chunks.c index 2aeb753939..290dbe8faa 100644 --- a/contrib/libs/curl/lib/http_chunks.c +++ b/contrib/libs/curl/lib/http_chunks.c @@ -100,7 +100,7 @@ void Curl_httpchunk_init(struct Curl_easy *data) CHUNKcode Curl_httpchunk_read(struct Curl_easy *data, char *datap, ssize_t datalen, - ssize_t *wrotep, + ssize_t *wrote, CURLcode *extrap) { CURLcode result = CURLE_OK; @@ -109,7 +109,6 @@ CHUNKcode Curl_httpchunk_read(struct Curl_easy *data, struct SingleRequest *k = &data->req; size_t piece; curl_off_t length = (curl_off_t)datalen; - size_t *wrote = (size_t *)wrotep; *wrote = 0; /* nothing's written yet */ diff --git a/contrib/libs/curl/lib/http_proxy.c b/contrib/libs/curl/lib/http_proxy.c index 7026045332..64b2dfe08a 100644 --- a/contrib/libs/curl/lib/http_proxy.c +++ b/contrib/libs/curl/lib/http_proxy.c @@ -393,8 +393,8 @@ static CURLcode CONNECT(struct Curl_easy *data, if(!result) /* send to debug callback! */ - result = Curl_debug(data, CURLINFO_HEADER_OUT, - k->upload_fromhere, bytes_written); + Curl_debug(data, CURLINFO_HEADER_OUT, + k->upload_fromhere, bytes_written); s->nsend -= bytes_written; k->upload_fromhere += bytes_written; diff --git a/contrib/libs/curl/lib/imap.c b/contrib/libs/curl/lib/imap.c index 4b46ef1eff..12ee2a47eb 100644 --- a/contrib/libs/curl/lib/imap.c +++ b/contrib/libs/curl/lib/imap.c @@ -83,6 +83,7 @@ #include "bufref.h" #include "curl_sasl.h" #include "warnless.h" +#include "curl_ctype.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -1885,22 +1886,17 @@ static char *imap_atom(const char *str, bool escape_only) */ static bool imap_is_bchar(char ch) { + /* Peforming the alnum check with this macro is faster because of ASCII + artihmetic */ + if(ISALNUM(ch)) + return true; + switch(ch) { /* bchar */ case ':': case '@': case '/': /* bchar -> achar */ case '&': case '=': - /* bchar -> achar -> uchar -> unreserved */ - case '0': case '1': case '2': case '3': case '4': case '5': case '6': - case '7': case '8': case '9': - case 'A': case 'B': case 'C': case 'D': case 'E': case 'F': case 'G': - case 'H': case 'I': case 'J': case 'K': case 'L': case 'M': case 'N': - case 'O': case 'P': case 'Q': case 'R': case 'S': case 'T': case 'U': - case 'V': case 'W': case 'X': case 'Y': case 'Z': - case 'a': case 'b': case 'c': case 'd': case 'e': case 'f': case 'g': - case 'h': case 'i': case 'j': case 'k': case 'l': case 'm': case 'n': - case 'o': case 'p': case 'q': case 'r': case 's': case 't': case 'u': - case 'v': case 'w': case 'x': case 'y': case 'z': + /* bchar -> achar -> uchar -> unreserved (without alphanumeric) */ case '-': case '.': case '_': case '~': /* bchar -> achar -> uchar -> sub-delims-sh */ case '!': case '$': case '\'': case '(': case ')': case '*': diff --git a/contrib/libs/curl/lib/ldap.c b/contrib/libs/curl/lib/ldap.c index 6fe709047f..3b9c595051 100644 --- a/contrib/libs/curl/lib/ldap.c +++ b/contrib/libs/curl/lib/ldap.c @@ -37,6 +37,18 @@ * OpenLDAP library versions, USE_OPENLDAP shall not be defined. */ +/* Wincrypt must be included before anything that could include OpenSSL. */ +#if defined(USE_WIN32_CRYPTO) +#include <wincrypt.h> +/* Undefine wincrypt conflicting symbols for BoringSSL. */ +#undef X509_NAME +#undef X509_EXTENSIONS +#undef PKCS7_ISSUER_AND_SERIAL +#undef PKCS7_SIGNER_INFO +#undef OCSP_REQUEST +#undef OCSP_RESPONSE +#endif + #ifdef USE_WIN32_LDAP /* Use Windows LDAP implementation. */ # include <winldap.h> # ifndef LDAP_VENDOR_NAME @@ -344,7 +356,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) #ifdef HAVE_LDAP_SSL #ifdef USE_WIN32_LDAP /* Win32 LDAP SDK doesn't support insecure mode without CA! */ - server = ldap_sslinit(host, (int)conn->port, 1); + server = ldap_sslinit(host, conn->port, 1); ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON); #else int ldap_option; @@ -390,9 +402,9 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) result = CURLE_SSL_CERTPROBLEM; goto quit; } - server = ldapssl_init(host, (int)conn->port, 1); + server = ldapssl_init(host, conn->port, 1); if(!server) { - failf(data, "LDAP local: Cannot connect to %s:%ld", + failf(data, "LDAP local: Cannot connect to %s:%u", conn->host.dispname, conn->port); result = CURLE_COULDNT_CONNECT; goto quit; @@ -431,9 +443,9 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) result = CURLE_SSL_CERTPROBLEM; goto quit; } - server = ldap_init(host, (int)conn->port); + server = ldap_init(host, conn->port); if(!server) { - failf(data, "LDAP local: Cannot connect to %s:%ld", + failf(data, "LDAP local: Cannot connect to %s:%u", conn->host.dispname, conn->port); result = CURLE_COULDNT_CONNECT; goto quit; @@ -472,9 +484,9 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) goto quit; } else { - server = ldap_init(host, (int)conn->port); + server = ldap_init(host, conn->port); if(!server) { - failf(data, "LDAP local: Cannot connect to %s:%ld", + failf(data, "LDAP local: Cannot connect to %s:%u", conn->host.dispname, conn->port); result = CURLE_COULDNT_CONNECT; goto quit; diff --git a/contrib/libs/curl/lib/md4.c b/contrib/libs/curl/lib/md4.c index dcb64f2015..c03af6fe6f 100644 --- a/contrib/libs/curl/lib/md4.c +++ b/contrib/libs/curl/lib/md4.c @@ -32,7 +32,8 @@ #ifdef USE_OPENSSL #include <openssl/opensslconf.h> -#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) +#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) && \ + !defined(USE_AMISSL) /* OpenSSL 3.0.0 marks the MD4 functions as deprecated */ #define OPENSSL_NO_MD4 #endif diff --git a/contrib/libs/curl/lib/md5.c b/contrib/libs/curl/lib/md5.c index b318ccfb0b..f3231b500f 100644 --- a/contrib/libs/curl/lib/md5.c +++ b/contrib/libs/curl/lib/md5.c @@ -41,7 +41,7 @@ #endif #endif /* USE_MBEDTLS */ -#if defined(USE_OPENSSL) && !defined(USE_AMISSL) +#ifdef USE_OPENSSL #include <openssl/opensslconf.h> #if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_DEPRECATED_3_0) #define USE_OPENSSL_MD5 diff --git a/contrib/libs/curl/lib/memdebug.c b/contrib/libs/curl/lib/memdebug.c index f35a55fe22..15fb491559 100644 --- a/contrib/libs/curl/lib/memdebug.c +++ b/contrib/libs/curl/lib/memdebug.c @@ -129,7 +129,8 @@ static bool countcheck(const char *func, int line, const char *source) return FALSE; /* allow this */ } -void *curl_dbg_malloc(size_t wantedsize, int line, const char *source) +ALLOC_FUNC void *curl_dbg_malloc(size_t wantedsize, + int line, const char *source) { struct memdebug *mem; size_t size; @@ -155,8 +156,8 @@ void *curl_dbg_malloc(size_t wantedsize, int line, const char *source) return (mem ? mem->mem : NULL); } -void *curl_dbg_calloc(size_t wanted_elements, size_t wanted_size, - int line, const char *source) +ALLOC_FUNC void *curl_dbg_calloc(size_t wanted_elements, size_t wanted_size, + int line, const char *source) { struct memdebug *mem; size_t size, user_size; @@ -183,7 +184,8 @@ void *curl_dbg_calloc(size_t wanted_elements, size_t wanted_size, return (mem ? mem->mem : NULL); } -char *curl_dbg_strdup(const char *str, int line, const char *source) +ALLOC_FUNC char *curl_dbg_strdup(const char *str, + int line, const char *source) { char *mem; size_t len; @@ -207,7 +209,8 @@ char *curl_dbg_strdup(const char *str, int line, const char *source) } #if defined(WIN32) && defined(UNICODE) -wchar_t *curl_dbg_wcsdup(const wchar_t *str, int line, const char *source) +ALLOC_FUNC wchar_t *curl_dbg_wcsdup(const wchar_t *str, + int line, const char *source) { wchar_t *mem; size_t wsiz, bsiz; @@ -410,8 +413,8 @@ int curl_dbg_sclose(curl_socket_t sockfd, int line, const char *source) return res; } -FILE *curl_dbg_fopen(const char *file, const char *mode, - int line, const char *source) +ALLOC_FUNC FILE *curl_dbg_fopen(const char *file, const char *mode, + int line, const char *source) { FILE *res = fopen(file, mode); @@ -422,8 +425,8 @@ FILE *curl_dbg_fopen(const char *file, const char *mode, return res; } -FILE *curl_dbg_fdopen(int filedes, const char *mode, - int line, const char *source) +ALLOC_FUNC FILE *curl_dbg_fdopen(int filedes, const char *mode, + int line, const char *source) { FILE *res = fdopen(filedes, mode); if(source) diff --git a/contrib/libs/curl/lib/memdebug.h b/contrib/libs/curl/lib/memdebug.h index 3e41571e27..7a99e9c58a 100644 --- a/contrib/libs/curl/lib/memdebug.h +++ b/contrib/libs/curl/lib/memdebug.h @@ -30,21 +30,41 @@ * as well as the library. Do not mix with library internals! */ +#if defined(__GNUC__) && __GNUC__ >= 3 +# define ALLOC_FUNC __attribute__((malloc)) +# define ALLOC_SIZE(s) __attribute__((alloc_size(s))) +# define ALLOC_SIZE2(n, s) __attribute__((alloc_size(n, s))) +#elif defined(_MSC_VER) +# define ALLOC_FUNC __declspec(restrict) +# define ALLOC_SIZE(s) +# define ALLOC_SIZE2(n, s) +#else +# define ALLOC_FUNC +# define ALLOC_SIZE(s) +# define ALLOC_SIZE2(n, s) +#endif + #define CURL_MT_LOGFNAME_BUFSIZE 512 extern FILE *curl_dbg_logfile; /* memory functions */ -CURL_EXTERN void *curl_dbg_malloc(size_t size, int line, const char *source); -CURL_EXTERN void *curl_dbg_calloc(size_t elements, size_t size, int line, - const char *source); -CURL_EXTERN void *curl_dbg_realloc(void *ptr, size_t size, int line, - const char *source); +CURL_EXTERN ALLOC_FUNC ALLOC_SIZE(1) void *curl_dbg_malloc(size_t size, + int line, + const char *source); +CURL_EXTERN ALLOC_FUNC ALLOC_SIZE2(1, 2) void *curl_dbg_calloc(size_t elements, + size_t size, int line, const char *source); +CURL_EXTERN ALLOC_SIZE(2) void *curl_dbg_realloc(void *ptr, + size_t size, + int line, + const char *source); CURL_EXTERN void curl_dbg_free(void *ptr, int line, const char *source); -CURL_EXTERN char *curl_dbg_strdup(const char *str, int line, const char *src); +CURL_EXTERN ALLOC_FUNC char *curl_dbg_strdup(const char *str, int line, + const char *src); #if defined(WIN32) && defined(UNICODE) -CURL_EXTERN wchar_t *curl_dbg_wcsdup(const wchar_t *str, int line, - const char *source); +CURL_EXTERN ALLOC_FUNC wchar_t *curl_dbg_wcsdup(const wchar_t *str, + int line, + const char *source); #endif CURL_EXTERN void curl_dbg_memdebug(const char *logname); @@ -79,10 +99,10 @@ CURL_EXTERN RECV_TYPE_RETV curl_dbg_recv(RECV_TYPE_ARG1 sockfd, const char *source); /* FILE functions */ -CURL_EXTERN FILE *curl_dbg_fopen(const char *file, const char *mode, int line, - const char *source); -CURL_EXTERN FILE *curl_dbg_fdopen(int filedes, const char *mode, +CURL_EXTERN ALLOC_FUNC FILE *curl_dbg_fopen(const char *file, const char *mode, int line, const char *source); +CURL_EXTERN ALLOC_FUNC FILE *curl_dbg_fdopen(int filedes, const char *mode, + int line, const char *source); CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *source); diff --git a/contrib/libs/curl/lib/mprintf.c b/contrib/libs/curl/lib/mprintf.c index f0401a881a..30347de250 100644 --- a/contrib/libs/curl/lib/mprintf.c +++ b/contrib/libs/curl/lib/mprintf.c @@ -594,7 +594,7 @@ static int dprintf_formatf( /* Do the actual %-code parsing */ if(dprintf_Pass1(format, vto, endpos, ap_save)) - return -1; + return 0; end = &endpos[0]; /* the initial end-position from the list dprintf_Pass1() created for us */ @@ -1025,11 +1025,12 @@ int curl_mvsnprintf(char *buffer, size_t maxlength, const char *format, info.max = maxlength; retcode = dprintf_formatf(&info, addbyter, format, ap_save); - if((retcode != -1) && info.max) { + if(info.max) { /* we terminate this with a zero byte */ if(info.max == info.length) { /* we're at maximum, scrap the last letter */ info.buffer[-1] = 0; + DEBUGASSERT(retcode); retcode--; /* don't count the nul byte */ } else @@ -1067,13 +1068,12 @@ extern int Curl_dyn_vprintf(struct dynbuf *dyn, /* appends the formatted string, returns 0 on success, 1 on error */ int Curl_dyn_vprintf(struct dynbuf *dyn, const char *format, va_list ap_save) { - int retcode; struct asprintf info; info.b = dyn; info.fail = 0; - retcode = dprintf_formatf(&info, alloc_addbyter, format, ap_save); - if((-1 == retcode) || info.fail) { + (void)dprintf_formatf(&info, alloc_addbyter, format, ap_save); + if(info.fail) { Curl_dyn_free(info.b); return 1; } @@ -1082,15 +1082,14 @@ int Curl_dyn_vprintf(struct dynbuf *dyn, const char *format, va_list ap_save) char *curl_mvaprintf(const char *format, va_list ap_save) { - int retcode; struct asprintf info; struct dynbuf dyn; info.b = &dyn; Curl_dyn_init(info.b, DYN_APRINTF); info.fail = 0; - retcode = dprintf_formatf(&info, alloc_addbyter, format, ap_save); - if((-1 == retcode) || info.fail) { + (void)dprintf_formatf(&info, alloc_addbyter, format, ap_save); + if(info.fail) { Curl_dyn_free(info.b); return NULL; } diff --git a/contrib/libs/curl/lib/multi.c b/contrib/libs/curl/lib/multi.c index dc1c126746..f78ff72c42 100644 --- a/contrib/libs/curl/lib/multi.c +++ b/contrib/libs/curl/lib/multi.c @@ -55,6 +55,22 @@ #include "curl_memory.h" #include "memdebug.h" +#ifdef __APPLE__ + +#define wakeup_write write +#define wakeup_read read +#define wakeup_close close +#define wakeup_create pipe + +#else /* __APPLE__ */ + +#define wakeup_write swrite +#define wakeup_read sread +#define wakeup_close sclose +#define wakeup_create(p) Curl_socketpair(AF_UNIX, SOCK_STREAM, 0, p) + +#endif /* __APPLE__ */ + /* CURL_SOCKET_HASH_TABLE_SIZE should be a prime number. Increasing it from 97 to 911 takes on a 32-bit machine 4 x 804 = 3211 more bytes. Still, every @@ -68,6 +84,10 @@ #define CURL_CONNECTION_HASH_SIZE 97 #endif +#ifndef CURL_DNS_HASH_SIZE +#define CURL_DNS_HASH_SIZE 71 +#endif + #define CURL_MULTI_HANDLE 0x000bab1e #define GOOD_MULTI_HANDLE(x) \ @@ -372,7 +392,8 @@ static CURLMcode multi_addmsg(struct Curl_multi *multi, } struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */ - int chashsize) /* connection hash */ + int chashsize, /* connection hash */ + int dnssize) /* dns hash */ { struct Curl_multi *multi = calloc(1, sizeof(struct Curl_multi)); @@ -381,7 +402,7 @@ struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */ multi->magic = CURL_MULTI_HANDLE; - Curl_init_dnscache(&multi->hostcache); + Curl_init_dnscache(&multi->hostcache, dnssize); sh_init(&multi->sockhash, hashsize); @@ -404,14 +425,14 @@ struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */ goto error; #else #ifdef ENABLE_WAKEUP - if(Curl_socketpair(AF_UNIX, SOCK_STREAM, 0, multi->wakeup_pair) < 0) { + if(wakeup_create(multi->wakeup_pair) < 0) { multi->wakeup_pair[0] = CURL_SOCKET_BAD; multi->wakeup_pair[1] = CURL_SOCKET_BAD; } else if(curlx_nonblock(multi->wakeup_pair[0], TRUE) < 0 || curlx_nonblock(multi->wakeup_pair[1], TRUE) < 0) { - sclose(multi->wakeup_pair[0]); - sclose(multi->wakeup_pair[1]); + wakeup_close(multi->wakeup_pair[0]); + wakeup_close(multi->wakeup_pair[1]); multi->wakeup_pair[0] = CURL_SOCKET_BAD; multi->wakeup_pair[1] = CURL_SOCKET_BAD; } @@ -435,7 +456,8 @@ struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */ struct Curl_multi *curl_multi_init(void) { return Curl_multi_handle(CURL_SOCKET_HASH_TABLE_SIZE, - CURL_CONNECTION_HASH_SIZE); + CURL_CONNECTION_HASH_SIZE, + CURL_DNS_HASH_SIZE); } CURLMcode curl_multi_add_handle(struct Curl_multi *multi, @@ -631,7 +653,7 @@ static CURLcode multi_done(struct Curl_easy *data, if(CURLE_ABORTED_BY_CALLBACK != result) { /* avoid this if we already aborted by callback to avoid this calling another callback */ - CURLcode rc = Curl_pgrsDone(data); + int rc = Curl_pgrsDone(data); if(!result && rc) result = CURLE_ABORTED_BY_CALLBACK; } @@ -830,6 +852,24 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, /* Remove the association between the connection and the handle */ Curl_detach_connection(data); + if(data->set.connect_only && !data->multi_easy) { + /* This removes a handle that was part the multi inteface that used + CONNECT_ONLY, that connection is now left alive but since this handle + has bits.close set nothing can use that transfer anymore and it is + forbidden from reuse. And this easy handle cannot find the connection + anymore once removed from the multi handle + + Better close the connection here, at once. + */ + struct connectdata *c; + curl_socket_t s; + s = Curl_getconnectinfo(data, &c); + if((s != CURL_SOCKET_BAD) && c) { + Curl_conncache_remove_conn(data, c, TRUE); + Curl_disconnect(data, c, TRUE); + } + } + if(data->state.lastconnect_id != -1) { /* Mark any connect-only connection for closure */ Curl_conncache_foreach(data, data->state.conn_cache, @@ -1311,8 +1351,6 @@ static CURLMcode multi_wait(struct Curl_multi *multi, pollrc = Curl_poll(ufds, nfds, 0); /* just pre-check with WinSock */ else pollrc = 0; - if(pollrc <= 0) /* now wait... if not ready during the pre-check above */ - WSAWaitForMultipleEvents(1, &multi->wsa_event, FALSE, timeout_ms, FALSE); #else pollrc = Curl_poll(ufds, nfds, timeout_ms); /* wait... */ #endif @@ -1323,6 +1361,9 @@ static CURLMcode multi_wait(struct Curl_multi *multi, retcode = pollrc; #ifdef USE_WINSOCK } + else { /* now wait... if not ready during the pre-check (pollrc == 0) */ + WSAWaitForMultipleEvents(1, &multi->wsa_event, FALSE, timeout_ms, FALSE); + } /* With WinSock, we have to run the following section unconditionally to call WSAEventSelect(fd, event, 0) on all the sockets */ { @@ -1334,20 +1375,23 @@ static CURLMcode multi_wait(struct Curl_multi *multi, unsigned r = ufds[curlfds + i].revents; unsigned short mask = 0; #ifdef USE_WINSOCK + curl_socket_t s = extra_fds[i].fd; wsa_events.lNetworkEvents = 0; - if(WSAEnumNetworkEvents(extra_fds[i].fd, NULL, &wsa_events) == 0) { + if(WSAEnumNetworkEvents(s, NULL, &wsa_events) == 0) { if(wsa_events.lNetworkEvents & (FD_READ|FD_ACCEPT|FD_CLOSE)) mask |= CURL_WAIT_POLLIN; if(wsa_events.lNetworkEvents & (FD_WRITE|FD_CONNECT|FD_CLOSE)) mask |= CURL_WAIT_POLLOUT; if(wsa_events.lNetworkEvents & FD_OOB) mask |= CURL_WAIT_POLLPRI; - if(ret && pollrc <= 0 && wsa_events.lNetworkEvents) + if(ret && !pollrc && wsa_events.lNetworkEvents) retcode++; } - WSAEventSelect(extra_fds[i].fd, multi->wsa_event, 0); - if(pollrc <= 0) + WSAEventSelect(s, multi->wsa_event, 0); + if(!pollrc) { + extra_fds[i].revents = mask; continue; + } #endif if(r & POLLIN) mask |= CURL_WAIT_POLLIN; @@ -1370,7 +1414,7 @@ static CURLMcode multi_wait(struct Curl_multi *multi, if(bitmap & (GETSOCK_READSOCK(i) | GETSOCK_WRITESOCK(i))) { wsa_events.lNetworkEvents = 0; if(WSAEnumNetworkEvents(sockbunch[i], NULL, &wsa_events) == 0) { - if(ret && pollrc <= 0 && wsa_events.lNetworkEvents) + if(ret && !pollrc && wsa_events.lNetworkEvents) retcode++; } WSAEventSelect(sockbunch[i], multi->wsa_event, 0); @@ -1397,7 +1441,7 @@ static CURLMcode multi_wait(struct Curl_multi *multi, data from it until it receives an error (except EINTR). In normal cases it will get EAGAIN or EWOULDBLOCK when there is no more data, breaking the loop. */ - nread = sread(multi->wakeup_pair[0], buf, sizeof(buf)); + nread = wakeup_read(multi->wakeup_pair[0], buf, sizeof(buf)); if(nread <= 0) { if(nread < 0 && EINTR == SOCKERRNO) continue; @@ -1490,7 +1534,7 @@ CURLMcode curl_multi_wakeup(struct Curl_multi *multi) that will call curl_multi_wait(). If swrite() returns that it would block, it's considered successful because it means that previous calls to this function will wake up the poll(). */ - if(swrite(multi->wakeup_pair[1], buf, sizeof(buf)) < 0) { + if(wakeup_write(multi->wakeup_pair[1], buf, sizeof(buf)) < 0) { int err = SOCKERRNO; int return_success; #ifdef USE_WINSOCK @@ -2726,8 +2770,8 @@ CURLMcode curl_multi_cleanup(struct Curl_multi *multi) WSACloseEvent(multi->wsa_event); #else #ifdef ENABLE_WAKEUP - sclose(multi->wakeup_pair[0]); - sclose(multi->wakeup_pair[1]); + wakeup_close(multi->wakeup_pair[0]); + wakeup_close(multi->wakeup_pair[1]); #endif #endif free(multi); diff --git a/contrib/libs/curl/lib/multiif.h b/contrib/libs/curl/lib/multiif.h index e0aa00b05e..0cb9d4f7f2 100644 --- a/contrib/libs/curl/lib/multiif.h +++ b/contrib/libs/curl/lib/multiif.h @@ -42,8 +42,9 @@ bool Curl_is_in_callback(struct Curl_easy *easy); CURLcode Curl_preconnect(struct Curl_easy *data); /* Internal version of curl_multi_init() accepts size parameters for the - socket and connection hashes */ -struct Curl_multi *Curl_multi_handle(int hashsize, int chashsize); + socket, connection and dns hashes */ +struct Curl_multi *Curl_multi_handle(int hashsize, int chashsize, + int dnssize); /* the write bits start at bit 16 for the *getsock() bitmap */ #define GETSOCK_WRITEBITSTART 16 diff --git a/contrib/libs/curl/lib/netrc.c b/contrib/libs/curl/lib/netrc.c index 83fe6a7e09..62a6a10df8 100644 --- a/contrib/libs/curl/lib/netrc.c +++ b/contrib/libs/curl/lib/netrc.c @@ -73,8 +73,8 @@ static int parsenetrc(const char *host, char state_login = 0; /* Found a login keyword */ char state_password = 0; /* Found a password keyword */ - int state_our_login = FALSE; /* With specific_login, found *our* login - name */ + int state_our_login = TRUE; /* With specific_login, found *our* login + name (or login-less line) */ DEBUGASSERT(netrcfile); diff --git a/contrib/libs/curl/lib/pingpong.c b/contrib/libs/curl/lib/pingpong.c index cd55173261..74a678a1a4 100644 --- a/contrib/libs/curl/lib/pingpong.c +++ b/contrib/libs/curl/lib/pingpong.c @@ -398,7 +398,8 @@ CURLcode Curl_pp_readresp(struct Curl_easy *data, } else if(keepon) { - if((perline == gotbytes) && (gotbytes > data->set.buffer_size/2)) { + if((perline == gotbytes) && + (gotbytes > (ssize_t)data->set.buffer_size/2)) { /* We got an excessive line without newlines and we need to deal with it. We keep the first bytes of the line then we throw away the rest. */ diff --git a/contrib/libs/curl/lib/rand.c b/contrib/libs/curl/lib/rand.c index dd02f52680..c6fd47e7f6 100644 --- a/contrib/libs/curl/lib/rand.c +++ b/contrib/libs/curl/lib/rand.c @@ -38,6 +38,64 @@ #include "curl_memory.h" #include "memdebug.h" +#ifdef WIN32 + +#if defined(__MINGW32__) && !defined(__MINGW64_VERSION_MAJOR) +# define HAVE_MINGW_ORIGINAL +#endif + +#if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 && \ + !defined(HAVE_MINGW_ORIGINAL) +# define HAVE_WIN_BCRYPTGENRANDOM +# include <bcrypt.h> +# ifdef _MSC_VER +# pragma comment(lib, "bcrypt.lib") +# endif +# ifndef BCRYPT_USE_SYSTEM_PREFERRED_RNG +# define BCRYPT_USE_SYSTEM_PREFERRED_RNG 0x00000002 +# endif +# ifndef STATUS_SUCCESS +# define STATUS_SUCCESS ((NTSTATUS)0x00000000L) +# endif +#elif defined(USE_WIN32_CRYPTO) +# include <wincrypt.h> +# ifdef _MSC_VER +# pragma comment(lib, "advapi32.lib") +# endif +#endif + +CURLcode Curl_win32_random(unsigned char *entropy, size_t length) +{ + memset(entropy, 0, length); + +#if defined(HAVE_WIN_BCRYPTGENRANDOM) + if(BCryptGenRandom(NULL, entropy, (ULONG)length, + BCRYPT_USE_SYSTEM_PREFERRED_RNG) != STATUS_SUCCESS) + return CURLE_FAILED_INIT; + + return CURLE_OK; +#elif defined(USE_WIN32_CRYPTO) + { + HCRYPTPROV hCryptProv = 0; + + if(!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) + return CURLE_FAILED_INIT; + + if(!CryptGenRandom(hCryptProv, (DWORD)length, entropy)) { + CryptReleaseContext(hCryptProv, 0UL); + return CURLE_FAILED_INIT; + } + + CryptReleaseContext(hCryptProv, 0UL); + } + return CURLE_OK; +#else + return CURLE_NOT_BUILT_IN; +#endif +} +#endif + static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) { unsigned int r; @@ -73,6 +131,14 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) /* ---- non-cryptographic version following ---- */ +#ifdef WIN32 + if(!seeded) { + result = Curl_win32_random((unsigned char *)rnd, sizeof(*rnd)); + if(result != CURLE_NOT_BUILT_IN) + return result; + } +#endif + #if defined(RANDOM_FILE) && !defined(WIN32) if(!seeded) { /* if there's a random file to read a seed from, use it */ diff --git a/contrib/libs/curl/lib/rand.h b/contrib/libs/curl/lib/rand.h index 2f442f5816..99f25b94e1 100644 --- a/contrib/libs/curl/lib/rand.h +++ b/contrib/libs/curl/lib/rand.h @@ -48,4 +48,10 @@ CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num); CURLcode Curl_rand_hex(struct Curl_easy *data, unsigned char *rnd, size_t num); +#ifdef WIN32 +/* Random generator shared between the Schannel vtls and Curl_rand*() + functions */ +CURLcode Curl_win32_random(unsigned char *entropy, size_t length); +#endif + #endif /* HEADER_CURL_RAND_H */ diff --git a/contrib/libs/curl/lib/select.c b/contrib/libs/curl/lib/select.c index c16358d56c..2ac0746772 100644 --- a/contrib/libs/curl/lib/select.c +++ b/contrib/libs/curl/lib/select.c @@ -310,8 +310,12 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, timediff_t timeout_ms) else pending_ms = 0; r = poll(ufds, nfds, pending_ms); - if(r <= 0) + if(r <= 0) { + if((r == -1) && (SOCKERRNO == EINTR)) + /* make EINTR from select or poll not a "lethal" error */ + r = 0; return r; + } for(i = 0; i < nfds; i++) { if(ufds[i].fd == CURL_SOCKET_BAD) diff --git a/contrib/libs/curl/lib/sendf.c b/contrib/libs/curl/lib/sendf.c index a210284579..2fe7169dd2 100644 --- a/contrib/libs/curl/lib/sendf.c +++ b/contrib/libs/curl/lib/sendf.c @@ -245,7 +245,7 @@ void Curl_infof(struct Curl_easy *data, const char *fmt, ...) DEBUGASSERT(!strchr(fmt, '\n')); if(data && data->set.verbose) { va_list ap; - size_t len; + int len; char buffer[MAXINFO + 2]; va_start(ap, fmt); len = mvsnprintf(buffer, MAXINFO, fmt, ap); @@ -265,7 +265,7 @@ void Curl_failf(struct Curl_easy *data, const char *fmt, ...) DEBUGASSERT(!strchr(fmt, '\n')); if(data->set.verbose || data->set.errorbuffer) { va_list ap; - size_t len; + int len; char error[CURL_ERROR_SIZE + 2]; va_start(ap, fmt); len = mvsnprintf(error, CURL_ERROR_SIZE, fmt, ap); @@ -496,6 +496,9 @@ static CURLcode pausewrite(struct Curl_easy *data, } } DEBUGASSERT(i < 3); + if(i >= 3) + /* There are more types to store than what fits: very bad */ + return CURLE_OUT_OF_MEMORY; } else i = 0; @@ -583,18 +586,20 @@ static CURLcode chop_write(struct Curl_easy *data, len -= chunklen; } +#ifndef CURL_DISABLE_HTTP /* HTTP header, but not status-line */ if((conn->handler->protocol & PROTO_FAMILY_HTTP) && (type & CLIENTWRITE_HEADER) && !(type & CLIENTWRITE_STATUS) ) { - CURLcode result = - Curl_headers_push(data, optr, - type & CLIENTWRITE_CONNECT ? CURLH_CONNECT : - (type & CLIENTWRITE_1XX ? CURLH_1XX : - (type & CLIENTWRITE_TRAILER ? CURLH_TRAILER : - CURLH_HEADER))); + unsigned char htype = (unsigned char) + (type & CLIENTWRITE_CONNECT ? CURLH_CONNECT : + (type & CLIENTWRITE_1XX ? CURLH_1XX : + (type & CLIENTWRITE_TRAILER ? CURLH_TRAILER : + CURLH_HEADER))); + CURLcode result = Curl_headers_push(data, optr, htype); if(result) return result; } +#endif if(writeheader) { size_t wrote; @@ -607,8 +612,10 @@ static CURLcode chop_write(struct Curl_easy *data, /* here we pass in the HEADER bit only since if this was body as well then it was passed already and clearly that didn't trigger the pause, so this is saved for later with the HEADER bit only */ - return pausewrite(data, CLIENTWRITE_HEADER, optr, olen); - + return pausewrite(data, CLIENTWRITE_HEADER | + (type & (CLIENTWRITE_STATUS|CLIENTWRITE_CONNECT| + CLIENTWRITE_1XX|CLIENTWRITE_TRAILER)), + optr, olen); if(wrote != olen) { failf(data, "Failed writing header"); return CURLE_WRITE_ERROR; @@ -709,16 +716,15 @@ CURLcode Curl_read(struct Curl_easy *data, /* transfer */ } /* return 0 on success */ -int Curl_debug(struct Curl_easy *data, curl_infotype type, - char *ptr, size_t size) +void Curl_debug(struct Curl_easy *data, curl_infotype type, + char *ptr, size_t size) { - int rc = 0; if(data->set.verbose) { static const char s_infotype[CURLINFO_END][3] = { "* ", "< ", "> ", "{ ", "} ", "{ ", "} " }; if(data->set.fdebug) { Curl_set_in_callback(data, true); - rc = (*data->set.fdebug)(data, type, ptr, size, data->set.debugdata); + (void)(*data->set.fdebug)(data, type, ptr, size, data->set.debugdata); Curl_set_in_callback(data, false); } else { @@ -734,5 +740,4 @@ int Curl_debug(struct Curl_easy *data, curl_infotype type, } } } - return rc; } diff --git a/contrib/libs/curl/lib/sendf.h b/contrib/libs/curl/lib/sendf.h index 075d70eaad..7c4c1280a0 100644 --- a/contrib/libs/curl/lib/sendf.h +++ b/contrib/libs/curl/lib/sendf.h @@ -89,8 +89,8 @@ CURLcode Curl_write_plain(struct Curl_easy *data, ssize_t *written); /* the function used to output verbose information */ -int Curl_debug(struct Curl_easy *data, curl_infotype type, - char *ptr, size_t size); +void Curl_debug(struct Curl_easy *data, curl_infotype type, + char *ptr, size_t size); #endif /* HEADER_CURL_SENDF_H */ diff --git a/contrib/libs/curl/lib/setopt.c b/contrib/libs/curl/lib/setopt.c index 6b16e1c7c8..d5e3b50c82 100644 --- a/contrib/libs/curl/lib/setopt.c +++ b/contrib/libs/curl/lib/setopt.c @@ -148,6 +148,85 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp) #define C_SSLVERSION_VALUE(x) (x & 0xffff) #define C_SSLVERSION_MAX_VALUE(x) (x & 0xffff0000) +static CURLcode protocol2num(char *str, curl_off_t *val) +{ + bool found_comma = FALSE; + static struct scheme { + const char *name; + long bit; + } const protos[] = { + { "dict", CURLPROTO_DICT }, + { "file", CURLPROTO_FILE }, + { "ftp", CURLPROTO_FTP }, + { "ftps", CURLPROTO_FTPS }, + { "gopher", CURLPROTO_GOPHER }, + { "gophers", CURLPROTO_GOPHERS }, + { "http", CURLPROTO_HTTP }, + { "https", CURLPROTO_HTTPS }, + { "imap", CURLPROTO_IMAP }, + { "imaps", CURLPROTO_IMAPS }, + { "ldap", CURLPROTO_LDAP }, + { "ldaps", CURLPROTO_LDAPS }, + { "mqtt", CURLPROTO_MQTT }, + { "pop3", CURLPROTO_POP3 }, + { "pop3s", CURLPROTO_POP3S }, + { "rtmp", CURLPROTO_RTMP }, + { "rtmpe", CURLPROTO_RTMPE }, + { "rtmps", CURLPROTO_RTMPS }, + { "rtmpt", CURLPROTO_RTMPT }, + { "rtmpte", CURLPROTO_RTMPTE }, + { "rtmpts", CURLPROTO_RTMPTS }, + { "rtsp", CURLPROTO_RTSP }, + { "scp", CURLPROTO_SCP }, + { "sftp", CURLPROTO_SFTP }, + { "smb", CURLPROTO_SMB }, + { "smbs", CURLPROTO_SMBS }, + { "smtp", CURLPROTO_SMTP }, + { "smtps", CURLPROTO_SMTPS }, + { "telnet", CURLPROTO_TELNET }, + { "tftp", CURLPROTO_TFTP }, + { NULL, 0 } + }; + + if(!str) + return CURLE_BAD_FUNCTION_ARGUMENT; + else if(curl_strequal(str, "all")) { + *val = ~0; + return CURLE_OK; + } + + *val = 0; + + do { + size_t tlen; + struct scheme const *pp; + char *token; + token = strchr(str, ','); + found_comma = token ? TRUE : FALSE; + if(!token) + token = strchr(str, '\0'); + tlen = token - str; + if(tlen) { + for(pp = protos; pp->name; pp++) { + if((strlen(pp->name) == tlen) && + curl_strnequal(str, pp->name, tlen)) { + *val |= pp->bit; + break; + } + } + if(!(pp->name)) + /* protocol name didn't match */ + return CURLE_BAD_FUNCTION_ARGUMENT; + } + if(found_comma) + str = token + 1; + } while(found_comma); + if(!*val) + /* no matching protocol */ + return CURLE_BAD_FUNCTION_ARGUMENT; + return CURLE_OK; +} + /* * Do not make Curl_vsetopt() static: it is called from * packages/OS400/ccsidcurl.c. @@ -157,9 +236,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) char *argptr; CURLcode result = CURLE_OK; long arg; -#ifdef ENABLE_IPV6 unsigned long uarg; -#endif curl_off_t bigsize; switch(option) { @@ -167,7 +244,10 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) arg = va_arg(param, long); if(arg < -1) return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.dns_cache_timeout = arg; + else if(arg > INT_MAX) + arg = INT_MAX; + + data->set.dns_cache_timeout = (int)arg; break; case CURLOPT_DNS_USE_GLOBAL_CACHE: /* deprecated */ @@ -314,7 +394,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) */ arg = va_arg(param, long); if((arg >= 0) && (arg <= (INT_MAX/1000))) - data->set.server_response_timeout = arg * 1000; + data->set.server_response_timeout = (unsigned int)arg * 1000; else return CURLE_BAD_FUNCTION_ARGUMENT; break; @@ -344,7 +424,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) arg = va_arg(param, long); if((arg < CURL_NETRC_IGNORED) || (arg >= CURL_NETRC_LAST)) return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.use_netrc = (enum CURL_NETRC_OPTION)arg; + data->set.use_netrc = (unsigned char)arg; break; case CURLOPT_NETRC_FILE: /* @@ -1262,7 +1342,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) (arg > CURLFTP_CREATE_DIR_RETRY)) result = CURLE_BAD_FUNCTION_ARGUMENT; else - data->set.ftp_create_missing_dirs = (int)arg; + data->set.ftp_create_missing_dirs = (unsigned char)arg; break; case CURLOPT_READDATA: /* @@ -1352,12 +1432,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; case CURLOPT_PORT: /* - * The port number to use when getting the URL + * The port number to use when getting the URL. 0 disables it. */ arg = va_arg(param, long); if((arg < 0) || (arg > 65535)) return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.use_port = arg; + data->set.use_port = (unsigned short)arg; break; case CURLOPT_TIMEOUT: /* @@ -1366,16 +1446,16 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) */ arg = va_arg(param, long); if((arg >= 0) && (arg <= (INT_MAX/1000))) - data->set.timeout = arg * 1000; + data->set.timeout = (unsigned int)arg * 1000; else return CURLE_BAD_FUNCTION_ARGUMENT; break; case CURLOPT_TIMEOUT_MS: - arg = va_arg(param, long); - if(arg < 0) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.timeout = arg; + uarg = va_arg(param, unsigned long); + if(uarg >= UINT_MAX) + uarg = UINT_MAX; + data->set.timeout = (unsigned int)uarg; break; case CURLOPT_CONNECTTIMEOUT: @@ -1384,16 +1464,16 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) */ arg = va_arg(param, long); if((arg >= 0) && (arg <= (INT_MAX/1000))) - data->set.connecttimeout = arg * 1000; + data->set.connecttimeout = (unsigned int)arg * 1000; else return CURLE_BAD_FUNCTION_ARGUMENT; break; case CURLOPT_CONNECTTIMEOUT_MS: - arg = va_arg(param, long); - if(arg < 0) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.connecttimeout = arg; + uarg = va_arg(param, unsigned long); + if(uarg >= UINT_MAX) + uarg = UINT_MAX; + data->set.connecttimeout = (unsigned int)uarg; break; #ifndef CURL_DISABLE_FTP @@ -1401,10 +1481,10 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* * The maximum time for curl to wait for FTP server connect */ - arg = va_arg(param, long); - if(arg < 0) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.accepttimeout = arg; + uarg = va_arg(param, unsigned long); + if(uarg >= UINT_MAX) + uarg = UINT_MAX; + data->set.accepttimeout = (unsigned int)uarg; break; #endif @@ -2156,7 +2236,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) else if(arg < READBUFFER_MIN) arg = READBUFFER_MIN; - data->set.buffer_size = arg; + data->set.buffer_size = (int)arg; break; case CURLOPT_UPLOAD_BUFFERSIZE: @@ -2560,14 +2640,30 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) transfer, which thus helps the app which takes URLs from users or other external inputs and want to restrict what protocol(s) to deal with. Defaults to CURLPROTO_ALL. */ - data->set.allowed_protocols = (unsigned int)va_arg(param, long); + data->set.allowed_protocols = (curl_off_t)va_arg(param, long); break; case CURLOPT_REDIR_PROTOCOLS: /* set the bitmask for the protocols that libcurl is allowed to follow to, as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs to be set in both bitmasks to be allowed to get redirected to. */ - data->set.redir_protocols = (unsigned int)va_arg(param, long); + data->set.redir_protocols = (curl_off_t)va_arg(param, long); + break; + + case CURLOPT_PROTOCOLS_STR: + argptr = va_arg(param, char *); + result = protocol2num(argptr, &bigsize); + if(result) + return result; + data->set.allowed_protocols = bigsize; + break; + + case CURLOPT_REDIR_PROTOCOLS_STR: + argptr = va_arg(param, char *); + result = protocol2num(argptr, &bigsize); + if(result) + return result; + data->set.redir_protocols = bigsize; break; case CURLOPT_DEFAULT_PROTOCOL: @@ -2912,10 +3008,10 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) data->set.suppress_connect_headers = (0 != va_arg(param, long))?TRUE:FALSE; break; case CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS: - arg = va_arg(param, long); - if(arg < 0) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.happy_eyeballs_timeout = arg; + uarg = va_arg(param, unsigned long); + if(uarg >= UINT_MAX) + uarg = UINT_MAX; + data->set.happy_eyeballs_timeout = (unsigned int)uarg; break; #ifndef CURL_DISABLE_SHUFFLE_DNS case CURLOPT_DNS_SHUFFLE_ADDRESSES: diff --git a/contrib/libs/curl/lib/share.c b/contrib/libs/curl/lib/share.c index 8b18360624..1a083e72a0 100644 --- a/contrib/libs/curl/lib/share.c +++ b/contrib/libs/curl/lib/share.c @@ -41,7 +41,7 @@ curl_share_init(void) if(share) { share->magic = CURL_GOOD_SHARE; share->specifier |= (1<<CURL_LOCK_DATA_SHARE); - Curl_init_dnscache(&share->hostcache); + Curl_init_dnscache(&share->hostcache, 23); } return share; diff --git a/contrib/libs/curl/lib/splay.c b/contrib/libs/curl/lib/splay.c index e7d86f1aac..33b44aa1c6 100644 --- a/contrib/libs/curl/lib/splay.c +++ b/contrib/libs/curl/lib/splay.c @@ -103,7 +103,7 @@ struct Curl_tree *Curl_splayinsert(struct curltime i, struct Curl_tree *node) { static const struct curltime KEY_NOTUSED = { - (time_t)-1, (unsigned int)-1 + ~0, -1 }; /* will *NEVER* appear */ if(!node) @@ -213,7 +213,7 @@ int Curl_splayremove(struct Curl_tree *t, struct Curl_tree **newroot) { static const struct curltime KEY_NOTUSED = { - (time_t)-1, (unsigned int)-1 + ~0, -1 }; /* will *NEVER* appear */ struct Curl_tree *x; diff --git a/contrib/libs/curl/lib/strerror.c b/contrib/libs/curl/lib/strerror.c index 82e1977822..02f8986d18 100644 --- a/contrib/libs/curl/lib/strerror.c +++ b/contrib/libs/curl/lib/strerror.c @@ -265,9 +265,6 @@ curl_easy_strerror(CURLcode error) case CURLE_TFTP_NOSUCHUSER: return "TFTP: No such user"; - case CURLE_CONV_FAILED: - return "Conversion failed"; - case CURLE_REMOTE_FILE_NOT_FOUND: return "Remote file not found"; @@ -334,6 +331,7 @@ curl_easy_strerror(CURLcode error) case CURLE_OBSOLETE51: case CURLE_OBSOLETE57: case CURLE_OBSOLETE62: + case CURLE_OBSOLETE75: case CURLE_OBSOLETE76: case CURL_LAST: break; diff --git a/contrib/libs/curl/lib/transfer.c b/contrib/libs/curl/lib/transfer.c index 1720b24b12..6560d9607d 100644 --- a/contrib/libs/curl/lib/transfer.c +++ b/contrib/libs/curl/lib/transfer.c @@ -539,6 +539,13 @@ static CURLcode readwrite_data(struct Curl_easy *data, bool is_http2 = ((conn->handler->protocol & PROTO_FAMILY_HTTP) && (conn->httpversion == 20)); #endif + bool is_http3 = +#ifdef ENABLE_QUIC + ((conn->handler->protocol & PROTO_FAMILY_HTTP) && + (conn->httpversion == 30)); +#else + FALSE; +#endif if( #ifdef USE_NGHTTP2 @@ -549,6 +556,7 @@ static CURLcode readwrite_data(struct Curl_easy *data, for a particular stream. */ !is_http2 && #endif + !is_http3 && /* Same reason mentioned above. */ k->size != -1 && !k->header) { /* make sure we don't read too much */ curl_off_t totalleft = k->size - k->bytecount; @@ -596,6 +604,9 @@ static CURLcode readwrite_data(struct Curl_easy *data, DEBUGF(infof(data, "nread == 0, stream closed, bailing")); else #endif + if(is_http3 && !nread) + DEBUGF(infof(data, "nread == 0, stream closed, bailing")); + else DEBUGF(infof(data, "nread <= 0, server closed connection, bailing")); k->keepon &= ~KEEP_RECV; break; @@ -753,7 +764,13 @@ static CURLcode readwrite_data(struct Curl_easy *data, if(nread < 0) /* this should be unusual */ nread = 0; - k->keepon &= ~KEEP_RECV; /* we're done reading */ + /* HTTP/3 over QUIC should keep reading until QUIC connection + is closed. In contrast to HTTP/2 which can stop reading + from TCP connection, HTTP/3 over QUIC needs ACK from server + to ensure stream closure. It should keep reading. */ + if(!is_http3) { + k->keepon &= ~KEEP_RECV; /* we're done reading */ + } } k->bytecount += nread; diff --git a/contrib/libs/curl/lib/url.c b/contrib/libs/curl/lib/url.c index c099c16a0c..ec3fb77b01 100644 --- a/contrib/libs/curl/lib/url.c +++ b/contrib/libs/curl/lib/url.c @@ -77,6 +77,7 @@ bool curl_win32_idn_to_ascii(const char *in, char **out); #endif /* USE_LIBIDN2 */ +#include "doh.h" #include "urldata.h" #include "netrc.h" @@ -153,6 +154,9 @@ static void conn_free(struct connectdata *conn); #define UNIX_SOCKET_PREFIX "localhost" #endif +/* Reject URLs exceeding this length */ +#define MAX_URL_LEN 0xffff + /* * get_protocol_family() * @@ -439,6 +443,7 @@ CURLcode Curl_close(struct Curl_easy **datap) Curl_safefree(data->info.wouldredirect); /* this destroys the channel and we cannot use it anymore after this */ + Curl_resolver_cancel(data); Curl_resolver_cleanup(data->state.async.resolver); Curl_http2_cleanup_dependencies(data); @@ -2024,6 +2029,10 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, if(!strcasecompare("file", data->state.up.scheme)) return CURLE_OUT_OF_MEMORY; } + else if(strlen(data->state.up.hostname) > MAX_URL_LEN) { + failf(data, "Too long host name (maximum is %d)", MAX_URL_LEN); + return CURLE_URL_MALFORMAT; + } #ifndef CURL_DISABLE_HSTS if(data->hsts && strcasecompare("http", data->state.up.scheme)) { @@ -2128,7 +2137,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, unsigned long port = strtoul(data->state.up.port, NULL, 10); conn->port = conn->remote_port = (data->set.use_port && data->state.allow_port) ? - (int)data->set.use_port : curlx_ultous(port); + data->set.use_port : curlx_ultous(port); } (void)curl_url_get(uh, CURLUPART_QUERY, &data->state.up.query, 0); @@ -2734,16 +2743,16 @@ static CURLcode create_conn_helper_init_proxy(struct Curl_easy *data, * connection that may exist registered to the same proxy host. ***********************************************************************/ if(proxy || socksproxy) { + curl_proxytype ptype = (curl_proxytype)conn->http_proxy.proxytype; if(proxy) { - result = parse_proxy(data, conn, proxy, conn->http_proxy.proxytype); + result = parse_proxy(data, conn, proxy, ptype); Curl_safefree(proxy); /* parse_proxy copies the proxy string */ if(result) goto out; } if(socksproxy) { - result = parse_proxy(data, conn, socksproxy, - conn->socks_proxy.proxytype); + result = parse_proxy(data, conn, socksproxy, ptype); /* parse_proxy copies the socks proxy string */ Curl_safefree(socksproxy); if(result) @@ -2964,7 +2973,7 @@ static CURLcode parse_remote_port(struct Curl_easy *data, /* if set, we use this instead of the port possibly given in the URL */ char portbuf[16]; CURLUcode uc; - conn->remote_port = (unsigned short)data->set.use_port; + conn->remote_port = data->set.use_port; msnprintf(portbuf, sizeof(portbuf), "%d", conn->remote_port); uc = curl_url_set(data->state.uh, CURLUPART_PORT, portbuf, 0); if(uc) @@ -3038,29 +3047,31 @@ static CURLcode override_login(struct Curl_easy *data, conn->user = strdup(*userp); if(!conn->user) return CURLE_OUT_OF_MEMORY; - /* don't update the user name below */ - userp = NULL; + } + /* no user was set but a password, set a blank user */ + if(userp && !*userp && *passwdp) { + *userp = strdup(""); + if(!*userp) + return CURLE_OUT_OF_MEMORY; } } #endif /* for updated strings, we update them in the URL */ - if(userp) { - if(*userp) { - CURLcode result = Curl_setstropt(&data->state.aptr.user, *userp); - if(result) - return result; - } - if(data->state.aptr.user) { - uc = curl_url_set(data->state.uh, CURLUPART_USER, data->state.aptr.user, - CURLU_URLENCODE); - if(uc) - return Curl_uc_to_curlcode(uc); - if(!*userp) { - *userp = strdup(data->state.aptr.user); - if(!*userp) - return CURLE_OUT_OF_MEMORY; - } + if(*userp) { + CURLcode result = Curl_setstropt(&data->state.aptr.user, *userp); + if(result) + return result; + } + if(data->state.aptr.user) { + uc = curl_url_set(data->state.uh, CURLUPART_USER, data->state.aptr.user, + CURLU_URLENCODE); + if(uc) + return Curl_uc_to_curlcode(uc); + if(!*userp) { + *userp = strdup(data->state.aptr.user); + if(!*userp) + return CURLE_OUT_OF_MEMORY; } } if(*passwdp) { @@ -3413,141 +3424,166 @@ static CURLcode parse_connect_to_slist(struct Curl_easy *data, return result; } -/************************************************************* - * Resolve the address of the server or proxy - *************************************************************/ -static CURLcode resolve_server(struct Curl_easy *data, - struct connectdata *conn, - bool *async) +#ifdef USE_UNIX_SOCKETS +static CURLcode resolve_unix(struct Curl_easy *data, + struct connectdata *conn, + char *unix_path) { - CURLcode result = CURLE_OK; - timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE); + struct Curl_dns_entry *hostaddr = NULL; + bool longpath = FALSE; - DEBUGASSERT(conn); - DEBUGASSERT(data); - /************************************************************* - * Resolve the name of the server or proxy - *************************************************************/ - if(conn->bits.reuse) - /* We're reusing the connection - no need to resolve anything, and - idnconvert_hostname() was called already in create_conn() for the re-use - case. */ - *async = FALSE; + DEBUGASSERT(unix_path); + DEBUGASSERT(conn->dns_entry == NULL); - else { - /* this is a fresh connect */ - int rc; - struct Curl_dns_entry *hostaddr = NULL; + /* Unix domain sockets are local. The host gets ignored, just use the + * specified domain socket address. Do not cache "DNS entries". There is + * no DNS involved and we already have the filesystem path available. */ + hostaddr = calloc(1, sizeof(struct Curl_dns_entry)); + if(!hostaddr) + return CURLE_OUT_OF_MEMORY; -#ifdef USE_UNIX_SOCKETS - char *unix_path = NULL; + hostaddr->addr = Curl_unix2addr(unix_path, &longpath, + conn->bits.abstract_unix_socket); + if(!hostaddr->addr) { + if(longpath) + /* Long paths are not supported for now */ + failf(data, "Unix socket path too long: '%s'", unix_path); + free(hostaddr); + return longpath ? CURLE_COULDNT_RESOLVE_HOST : CURLE_OUT_OF_MEMORY; + } - if(conn->unix_domain_socket) - unix_path = conn->unix_domain_socket; -#ifndef CURL_DISABLE_PROXY - else if(conn->socks_proxy.host.name - && !strncmp(UNIX_SOCKET_PREFIX"/", - conn->socks_proxy.host.name, sizeof(UNIX_SOCKET_PREFIX))) - unix_path = conn->socks_proxy.host.name + sizeof(UNIX_SOCKET_PREFIX) - 1; + hostaddr->inuse++; + conn->dns_entry = hostaddr; + return CURLE_OK; +} #endif - if(unix_path) { - /* Unix domain sockets are local. The host gets ignored, just use the - * specified domain socket address. Do not cache "DNS entries". There is - * no DNS involved and we already have the filesystem path available */ +#ifndef CURL_DISABLE_PROXY +static CURLcode resolve_proxy(struct Curl_easy *data, + struct connectdata *conn, + bool *async) +{ + struct Curl_dns_entry *hostaddr = NULL; + struct hostname *host; + timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE); + int rc; - hostaddr = calloc(1, sizeof(struct Curl_dns_entry)); - if(!hostaddr) - result = CURLE_OUT_OF_MEMORY; - else { - bool longpath = FALSE; - hostaddr->addr = Curl_unix2addr(unix_path, &longpath, - conn->bits.abstract_unix_socket); - if(hostaddr->addr) - hostaddr->inuse++; - else { - /* Long paths are not supported for now */ - if(longpath) { - failf(data, "Unix socket path too long: '%s'", unix_path); - result = CURLE_COULDNT_RESOLVE_HOST; - } - else - result = CURLE_OUT_OF_MEMORY; - free(hostaddr); - hostaddr = NULL; - } - } - } - else + DEBUGASSERT(conn->dns_entry == NULL); + + host = conn->bits.socksproxy ? &conn->socks_proxy.host : + &conn->http_proxy.host; + + conn->hostname_resolve = strdup(host->name); + if(!conn->hostname_resolve) + return CURLE_OUT_OF_MEMORY; + + rc = Curl_resolv_timeout(data, conn->hostname_resolve, (int)conn->port, + &hostaddr, timeout_ms); + conn->dns_entry = hostaddr; + if(rc == CURLRESOLV_PENDING) + *async = TRUE; + else if(rc == CURLRESOLV_TIMEDOUT) + return CURLE_OPERATION_TIMEDOUT; + else if(!hostaddr) { + failf(data, "Couldn't resolve proxy '%s'", host->dispname); + return CURLE_COULDNT_RESOLVE_PROXY; + } + + return CURLE_OK; +} #endif - if(!CONN_IS_PROXIED(conn)) { - struct hostname *connhost; - if(conn->bits.conn_to_host) - connhost = &conn->conn_to_host; - else - connhost = &conn->host; +static CURLcode resolve_ip(struct Curl_easy *data, + struct connectdata *conn, + bool *async) +{ + struct Curl_dns_entry *hostaddr = NULL; + struct hostname *connhost; + timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE); + int rc; - /* If not connecting via a proxy, extract the port from the URL, if it is - * there, thus overriding any defaults that might have been set above. */ - if(conn->bits.conn_to_port) - conn->port = conn->conn_to_port; - else - conn->port = conn->remote_port; + DEBUGASSERT(conn->dns_entry == NULL); - /* Resolve target host right on */ - conn->hostname_resolve = strdup(connhost->name); - if(!conn->hostname_resolve) - return CURLE_OUT_OF_MEMORY; - rc = Curl_resolv_timeout(data, conn->hostname_resolve, (int)conn->port, - &hostaddr, timeout_ms); - if(rc == CURLRESOLV_PENDING) - *async = TRUE; - - else if(rc == CURLRESOLV_TIMEDOUT) { - failf(data, "Failed to resolve host '%s' with timeout after %ld ms", - connhost->dispname, - Curl_timediff(Curl_now(), data->progress.t_startsingle)); - result = CURLE_OPERATION_TIMEDOUT; - } - else if(!hostaddr) { - failf(data, "Could not resolve host: %s", connhost->dispname); - result = CURLE_COULDNT_RESOLVE_HOST; - /* don't return yet, we need to clean up the timeout first */ - } - } -#ifndef CURL_DISABLE_PROXY - else { - /* This is a proxy that hasn't been resolved yet. */ + connhost = conn->bits.conn_to_host ? &conn->conn_to_host : &conn->host; - struct hostname * const host = conn->bits.socksproxy ? - &conn->socks_proxy.host : &conn->http_proxy.host; + /* If not connecting via a proxy, extract the port from the URL, if it is + * there, thus overriding any defaults that might have been set above. */ + conn->port = conn->bits.conn_to_port ? conn->conn_to_port : + conn->remote_port; - /* resolve proxy */ - conn->hostname_resolve = strdup(host->name); - if(!conn->hostname_resolve) - return CURLE_OUT_OF_MEMORY; - rc = Curl_resolv_timeout(data, conn->hostname_resolve, (int)conn->port, - &hostaddr, timeout_ms); + /* Resolve target host right on */ + conn->hostname_resolve = strdup(connhost->name); + if(!conn->hostname_resolve) + return CURLE_OUT_OF_MEMORY; - if(rc == CURLRESOLV_PENDING) - *async = TRUE; + rc = Curl_resolv_timeout(data, conn->hostname_resolve, (int)conn->port, + &hostaddr, timeout_ms); + conn->dns_entry = hostaddr; + if(rc == CURLRESOLV_PENDING) + *async = TRUE; + else if(rc == CURLRESOLV_TIMEDOUT) { + failf(data, "Failed to resolve host '%s' with timeout after %ld ms", + connhost->dispname, + Curl_timediff(Curl_now(), data->progress.t_startsingle)); + return CURLE_OPERATION_TIMEDOUT; + } + else if(!hostaddr) { + failf(data, "Could not resolve host: %s", connhost->dispname); + return CURLE_COULDNT_RESOLVE_HOST; + } - else if(rc == CURLRESOLV_TIMEDOUT) - result = CURLE_OPERATION_TIMEDOUT; + return CURLE_OK; +} - else if(!hostaddr) { - failf(data, "Couldn't resolve proxy '%s'", host->dispname); - result = CURLE_COULDNT_RESOLVE_PROXY; - /* don't return yet, we need to clean up the timeout first */ - } - } +/* Perform a fresh resolve */ +static CURLcode resolve_fresh(struct Curl_easy *data, + struct connectdata *conn, + bool *async) +{ +#ifdef USE_UNIX_SOCKETS + char *unix_path = conn->unix_domain_socket; + +#ifndef CURL_DISABLE_PROXY + if(!unix_path && conn->socks_proxy.host.name && + !strncmp(UNIX_SOCKET_PREFIX"/", + conn->socks_proxy.host.name, sizeof(UNIX_SOCKET_PREFIX))) + unix_path = conn->socks_proxy.host.name + sizeof(UNIX_SOCKET_PREFIX) - 1; #endif - DEBUGASSERT(conn->dns_entry == NULL); - conn->dns_entry = hostaddr; + + if(unix_path) { + conn->transport = TRNSPRT_UNIX; + return resolve_unix(data, conn, unix_path); } +#endif - return result; +#ifndef CURL_DISABLE_PROXY + if(CONN_IS_PROXIED(conn)) + return resolve_proxy(data, conn, async); +#endif + + return resolve_ip(data, conn, async); +} + +/************************************************************* + * Resolve the address of the server or proxy + *************************************************************/ +static CURLcode resolve_server(struct Curl_easy *data, + struct connectdata *conn, + bool *async) +{ + DEBUGASSERT(conn); + DEBUGASSERT(data); + + /* Resolve the name of the server or proxy */ + if(conn->bits.reuse) { + /* We're reusing the connection - no need to resolve anything, and + idnconvert_hostname() was called already in create_conn() for the re-use + case. */ + *async = FALSE; + return CURLE_OK; + } + + return resolve_fresh(data, conn, async); } /* diff --git a/contrib/libs/curl/lib/urldata.h b/contrib/libs/curl/lib/urldata.h index c972847ba5..a9aee8f303 100644 --- a/contrib/libs/curl/lib/urldata.h +++ b/contrib/libs/curl/lib/urldata.h @@ -318,11 +318,11 @@ struct digestdata { char *nonce; char *cnonce; char *realm; - int algo; char *opaque; char *qop; char *algorithm; int nc; /* nonce count */ + unsigned char algo; BIT(stale); /* set true for re-negotiation */ BIT(userhash); #endif @@ -598,23 +598,6 @@ enum doh_slots { DOH_PROBE_SLOTS }; -/* one of these for each DoH request */ -struct dnsprobe { - CURL *easy; - int dnstype; - unsigned char dohbuffer[512]; - size_t dohlen; - struct dynbuf serverdoh; -}; - -struct dohdata { - struct curl_slist *headers; - struct dnsprobe probe[DOH_PROBE_SLOTS]; - unsigned int pending; /* still outstanding requests */ - int port; - const char *host; -}; - /* * Request specific data in the easy handle (Curl_easy). Previously, * these members were on the connectdata struct but since a conn struct may @@ -856,7 +839,8 @@ struct postponed_data { struct proxy_info { struct hostname host; long port; - curl_proxytype proxytype; /* what kind of proxy that is in use */ + unsigned char proxytype; /* curl_proxytype: what kind of proxy that is in + use */ char *user; /* proxy user name string, allocated */ char *passwd; /* proxy password string, allocated */ }; @@ -895,6 +879,11 @@ struct connstate { unsigned char *outp; /* send from this pointer */ }; +#define TRNSPRT_TCP 3 +#define TRNSPRT_UDP 4 +#define TRNSPRT_QUIC 5 +#define TRNSPRT_UNIX 6 + /* * The connectdata struct contains all fields and variables that should be * unique for an entire connection. @@ -932,15 +921,6 @@ struct connectdata { cache entry remains locked. It gets unlocked in multi_done() */ struct Curl_addrinfo *ip_addr; struct Curl_addrinfo *tempaddr[2]; /* for happy eyeballs */ -#ifdef ENABLE_IPV6 - unsigned int scope_id; /* Scope id for IPv6 */ -#endif - - enum { - TRNSPRT_TCP = 3, - TRNSPRT_UDP = 4, - TRNSPRT_QUIC = 5 - } transport; #ifdef ENABLE_QUIC struct quicsocket hequic[2]; /* two, for happy eyeballs! */ @@ -956,13 +936,6 @@ struct connectdata { struct proxy_info socks_proxy; struct proxy_info http_proxy; #endif - int port; /* which port to use locally - to connect to */ - int remote_port; /* the remote port, not the proxy port! */ - int conn_to_port; /* the remote port to connect to. valid only if - bits.conn_to_port is set */ - unsigned short secondary_port; /* secondary socket remote port to connect to - (ftp) */ - /* 'primary_ip' and 'primary_port' get filled with peer's numerical ip address and port number whenever an outgoing connection is *attempted* from the primary socket to a remote address. When more @@ -971,14 +944,11 @@ struct connectdata { these are updated with data which comes directly from the socket. */ char primary_ip[MAX_IPADR_LEN]; - unsigned char ip_version; /* copied from the Curl_easy at creation time */ - char *user; /* user name string, allocated */ char *passwd; /* password string, allocated */ char *options; /* options string, allocated */ char *sasl_authzid; /* authorization identity string, allocated */ char *oauth_bearer; /* OAUTH2 bearer, allocated */ - unsigned char httpversion; /* the HTTP version*10 reported by the server */ struct curltime now; /* "current" time */ struct curltime created; /* creation time */ struct curltime lastused; /* when returned to the connection cache */ @@ -1005,8 +975,6 @@ struct connectdata { #endif struct ConnectBits bits; /* various state-flags for this connection */ - /* The field below gets set in Curl_connecthost */ - int num_addr; /* number of addresses to try to connect to */ /* connecttime: when connect() is called on the current IP address. Used to be able to track when to move on to try next IP - but only when the multi interface is used. */ @@ -1034,9 +1002,9 @@ struct connectdata { #ifdef HAVE_GSSAPI BIT(sec_complete); /* if Kerberos is enabled for this connection */ - enum protection_level command_prot; - enum protection_level data_prot; - enum protection_level request_data_prot; + unsigned char command_prot; /* enum protection_level */ + unsigned char data_prot; /* enum protection_level */ + unsigned char request_data_prot; /* enum protection_level */ size_t buffer_size; struct krb5buffer in_buffer; void *app_data; @@ -1135,12 +1103,26 @@ struct connectdata { int localportrange; int cselect_bits; /* bitmask of socket events */ int waitfor; /* current READ/WRITE bits to wait for */ - int negnpn; /* APLN or NPN TLS negotiated protocol, CURL_HTTP_VERSION* */ - #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) int socks5_gssapi_enctype; #endif + /* The field below gets set in Curl_connecthost */ + int num_addr; /* number of addresses to try to connect to */ + int port; /* which port to use locally - to connect to */ + int remote_port; /* the remote port, not the proxy port! */ + int conn_to_port; /* the remote port to connect to. valid only if + bits.conn_to_port is set */ +#ifdef ENABLE_IPV6 + unsigned int scope_id; /* Scope id for IPv6 */ +#endif unsigned short localport; + unsigned short secondary_port; /* secondary socket remote port to connect to + (ftp) */ + unsigned char negnpn; /* APLN or NPN TLS negotiated protocol, + a CURL_HTTP_VERSION* value */ + unsigned char transport; /* one of the TRNSPRT_* defines */ + unsigned char ip_version; /* copied from the Curl_easy at creation time */ + unsigned char httpversion; /* the HTTP version*10 reported by the server */ }; /* The end of connectdata. */ @@ -1300,6 +1282,7 @@ typedef enum { EXPIRE_TIMEOUT, EXPIRE_TOOFAST, EXPIRE_QUIC, + EXPIRE_FTP_ACCEPT, EXPIRE_LAST /* not an actual timer, used as a marker only */ } expire_id; @@ -1429,7 +1412,8 @@ struct UrlState { #endif CURLU *uh; /* URL handle for the current parsed URL */ struct urlpieces up; - Curl_HttpReq httpreq; /* what kind of HTTP request (if any) is this */ + unsigned char httpreq; /* Curl_HttpReq; what kind of HTTP request (if any) + is this */ char *url; /* work URL, copied from UserDefined */ char *referer; /* referer string */ #ifndef CURL_DISABLE_COOKIES @@ -1649,7 +1633,7 @@ struct UserDefined { void *out; /* CURLOPT_WRITEDATA */ void *in_set; /* CURLOPT_READDATA */ void *writeheader; /* write the header to this if non-NULL */ - long use_port; /* which port to use (when not using default) */ + unsigned short use_port; /* which port to use (when not using default) */ unsigned long httpauth; /* kind of HTTP authentication to use (bitmask) */ unsigned long proxyauth; /* kind of proxy authentication to use (bitmask) */ #ifndef CURL_DISABLE_PROXY @@ -1695,10 +1679,10 @@ struct UserDefined { #endif void *progress_client; /* pointer to pass to the progress callback */ void *ioctl_client; /* pointer to pass to the ioctl callback */ - long timeout; /* in milliseconds, 0 means no timeout */ - long connecttimeout; /* in milliseconds, 0 means no timeout */ - long happy_eyeballs_timeout; /* in milliseconds, 0 is a valid value */ - long server_response_timeout; /* in milliseconds, 0 means no timeout */ + unsigned int timeout; /* ms, 0 means no timeout */ + unsigned int connecttimeout; /* ms, 0 means no timeout */ + unsigned int happy_eyeballs_timeout; /* ms, 0 is a valid value */ + unsigned int server_response_timeout; /* ms, 0 means no timeout */ long maxage_conn; /* in seconds, max idle time to allow a connection that is to be reused */ long maxlifetime_conn; /* in seconds, max time since creation to allow a @@ -1732,10 +1716,10 @@ struct UserDefined { DNS cache */ struct curl_slist *connect_to; /* list of host:port mappings to override the hostname and port to connect to */ - curl_TimeCond timecondition; /* kind of time/date comparison */ - curl_proxytype proxytype; /* what kind of proxy that is in use */ time_t timevalue; /* what time to compare with */ - Curl_HttpReq method; /* what kind of HTTP request (if any) is this */ + unsigned char timecondition; /* kind of time comparison: curl_TimeCond */ + unsigned char proxytype; /* what kind of proxy: curl_proxytype */ + unsigned char method; /* what kind of HTTP request: Curl_HttpReq */ unsigned char httpwant; /* when non-zero, a specific HTTP version requested to be used in the library's request(s) */ struct ssl_config_data ssl; /* user defined SSL stuff */ @@ -1743,8 +1727,8 @@ struct UserDefined { struct ssl_config_data proxy_ssl; /* user defined SSL stuff for proxy */ #endif struct ssl_general_config general_ssl; /* general user defined SSL stuff */ - long dns_cache_timeout; /* DNS cache timeout */ - long buffer_size; /* size of receive buffer to use */ + int dns_cache_timeout; /* DNS cache timeout (seconds) */ + unsigned int buffer_size; /* size of receive buffer to use */ unsigned int upload_buffer_size; /* size of upload buffer to use, keep it >= CURL_MAX_WRITE_SIZE */ void *private_data; /* application-private data */ @@ -1753,14 +1737,16 @@ struct UserDefined { file 0 - whatever, 1 - v2, 2 - v6 */ curl_off_t max_filesize; /* Maximum file size to download */ #ifndef CURL_DISABLE_FTP - curl_ftpfile ftp_filemethod; /* how to get to a file when FTP is used */ - curl_ftpauth ftpsslauth; /* what AUTH XXX to be attempted */ - curl_ftpccc ftp_ccc; /* FTP CCC options */ - long accepttimeout; /* in milliseconds, 0 means no timeout */ -#endif - int ftp_create_missing_dirs; /* 1 - create directories that don't exist - 2 - the same but also allow MKD to fail once - */ + unsigned char ftp_filemethod; /* how to get to a file: curl_ftpfile */ + unsigned char ftpsslauth; /* what AUTH XXX to try: curl_ftpauth */ + unsigned char ftp_ccc; /* FTP CCC options: curl_ftpccc */ + unsigned int accepttimeout; /* in milliseconds, 0 means no timeout */ +#endif + /* Desppie the name ftp_create_missing_dirs is for FTP(S) and SFTP + 1 - create directories that don't exist + 2 - the same but also allow MKD to fail once + */ + unsigned char ftp_create_missing_dirs; #ifdef USE_LIBSSH2 curl_sshhostkeycallback ssh_hostkeyfunc; /* hostkey check callback */ void *ssh_hostkeyfunc_userp; /* custom pointer to callback */ @@ -1769,8 +1755,7 @@ struct UserDefined { curl_sshkeycallback ssh_keyfunc; /* key matching callback */ void *ssh_keyfunc_userp; /* custom pointer to callback */ #ifndef CURL_DISABLE_NETRC - enum CURL_NETRC_OPTION - use_netrc; /* defined in include/curl.h */ + unsigned char use_netrc; /* enum CURL_NETRC_OPTION values */ #endif curl_usessl use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or IMAP or POP3 or others! */ @@ -1782,15 +1767,14 @@ struct UserDefined { #ifdef ENABLE_IPV6 unsigned int scope_id; /* Scope id for IPv6 */ #endif - unsigned int allowed_protocols; - unsigned int redir_protocols; + curl_off_t allowed_protocols; + curl_off_t redir_protocols; unsigned int mime_options; /* Mime option flags. */ #ifndef CURL_DISABLE_RTSP void *rtp_out; /* write RTP to this if non-NULL */ /* Common RTSP header options */ Curl_RtspReq rtspreq; /* RTSP request type */ - long rtspversion; /* like httpversion, for RTSP */ #endif #ifndef CURL_DISABLE_FTP curl_chunk_bgn_callback chunk_bgn; /* called before part of transfer diff --git a/contrib/libs/curl/lib/vauth/digest.c b/contrib/libs/curl/lib/vauth/digest.c index 355cd74a6e..962aa624a3 100644 --- a/contrib/libs/curl/lib/vauth/digest.c +++ b/contrib/libs/curl/lib/vauth/digest.c @@ -49,6 +49,15 @@ #include "curl_memory.h" #include "memdebug.h" +#define SESSION_ALGO 1 /* for algos with this bit set */ + +#define ALGO_MD5 0 +#define ALGO_MD5SESS (ALGO_MD5 | SESSION_ALGO) +#define ALGO_SHA256 2 +#define ALGO_SHA256SESS (ALGO_SHA256 | SESSION_ALGO) +#define ALGO_SHA512_256 4 +#define ALGO_SHA512_256SESS (ALGO_SHA512_256 | SESSION_ALGO) + #if !defined(USE_WINDOWS_SSPI) #define DIGEST_QOP_VALUE_AUTH (1 << 0) #define DIGEST_QOP_VALUE_AUTH_INT (1 << 1) @@ -551,6 +560,9 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg, token = strtok_r(tmp, ",", &tok_buf); while(token) { + /* Pass additional spaces here */ + while(*token && ISSPACE(*token)) + token++; if(strcasecompare(token, DIGEST_QOP_VALUE_STRING_AUTH)) { foundAuth = TRUE; } @@ -583,17 +595,17 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg, return CURLE_OUT_OF_MEMORY; if(strcasecompare(content, "MD5-sess")) - digest->algo = CURLDIGESTALGO_MD5SESS; + digest->algo = ALGO_MD5SESS; else if(strcasecompare(content, "MD5")) - digest->algo = CURLDIGESTALGO_MD5; + digest->algo = ALGO_MD5; else if(strcasecompare(content, "SHA-256")) - digest->algo = CURLDIGESTALGO_SHA256; + digest->algo = ALGO_SHA256; else if(strcasecompare(content, "SHA-256-SESS")) - digest->algo = CURLDIGESTALGO_SHA256SESS; + digest->algo = ALGO_SHA256SESS; else if(strcasecompare(content, "SHA-512-256")) - digest->algo = CURLDIGESTALGO_SHA512_256; + digest->algo = ALGO_SHA512_256; else if(strcasecompare(content, "SHA-512-256-SESS")) - digest->algo = CURLDIGESTALGO_SHA512_256SESS; + digest->algo = ALGO_SHA512_256SESS; else return CURLE_BAD_CONTENT_ENCODING; } @@ -628,6 +640,10 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg, if(!digest->nonce) return CURLE_BAD_CONTENT_ENCODING; + /* "<algo>-sess" protocol versions require "auth" or "auth-int" qop */ + if(!digest->qop && (digest->algo & SESSION_ALGO)) + return CURLE_BAD_CONTENT_ENCODING; + return CURLE_OK; } @@ -726,9 +742,7 @@ static CURLcode auth_create_digest_http_message( free(hashthis); convert_to_ascii(hashbuf, ha1); - if(digest->algo == CURLDIGESTALGO_MD5SESS || - digest->algo == CURLDIGESTALGO_SHA256SESS || - digest->algo == CURLDIGESTALGO_SHA512_256SESS) { + if(digest->algo & SESSION_ALGO) { /* nonce and cnonce are OUTSIDE the hash */ tmp = aprintf("%s:%s:%s", ha1, digest->nonce, digest->cnonce); if(!tmp) @@ -843,10 +857,8 @@ static CURLcode auth_create_digest_http_message( digest->qop, request_digest); - if(strcasecompare(digest->qop, "auth")) - digest->nc++; /* The nc (from RFC) has to be a 8 hex digit number 0 - padded which tells to the server how many times you are - using the same nonce in the qop=auth mode */ + /* Increment nonce-count to use another nc value for the next request */ + digest->nc++; } else { response = aprintf("username=\"%s\", " @@ -875,8 +887,9 @@ static CURLcode auth_create_digest_http_message( free(response); return CURLE_OUT_OF_MEMORY; } - tmp = aprintf("%s, opaque=\"%s\"", response, digest->opaque); + tmp = aprintf("%s, opaque=\"%s\"", response, opaque_quoted); free(response); + free(opaque_quoted); if(!tmp) return CURLE_OUT_OF_MEMORY; @@ -938,28 +951,18 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, struct digestdata *digest, char **outptr, size_t *outlen) { - switch(digest->algo) { - case CURLDIGESTALGO_MD5: - case CURLDIGESTALGO_MD5SESS: + if(digest->algo <= ALGO_MD5SESS) return auth_create_digest_http_message(data, userp, passwdp, request, uripath, digest, outptr, outlen, auth_digest_md5_to_ascii, Curl_md5it); - - case CURLDIGESTALGO_SHA256: - case CURLDIGESTALGO_SHA256SESS: - case CURLDIGESTALGO_SHA512_256: - case CURLDIGESTALGO_SHA512_256SESS: - return auth_create_digest_http_message(data, userp, passwdp, - request, uripath, digest, - outptr, outlen, - auth_digest_sha256_to_ascii, - Curl_sha256it); - - default: - return CURLE_UNSUPPORTED_PROTOCOL; - } + DEBUGASSERT(digest->algo <= ALGO_SHA512_256SESS); + return auth_create_digest_http_message(data, userp, passwdp, + request, uripath, digest, + outptr, outlen, + auth_digest_sha256_to_ascii, + Curl_sha256it); } /* @@ -982,7 +985,7 @@ void Curl_auth_digest_cleanup(struct digestdata *digest) Curl_safefree(digest->algorithm); digest->nc = 0; - digest->algo = CURLDIGESTALGO_MD5; /* default algorithm */ + digest->algo = ALGO_MD5; /* default algorithm */ digest->stale = FALSE; /* default means normal, not stale */ digest->userhash = FALSE; } diff --git a/contrib/libs/curl/lib/vauth/digest.h b/contrib/libs/curl/lib/vauth/digest.h index 6a2f565894..d785bdd91b 100644 --- a/contrib/libs/curl/lib/vauth/digest.h +++ b/contrib/libs/curl/lib/vauth/digest.h @@ -31,15 +31,6 @@ #define DIGEST_MAX_VALUE_LENGTH 256 #define DIGEST_MAX_CONTENT_LENGTH 1024 -enum { - CURLDIGESTALGO_MD5, - CURLDIGESTALGO_MD5SESS, - CURLDIGESTALGO_SHA256, - CURLDIGESTALGO_SHA256SESS, - CURLDIGESTALGO_SHA512_256, - CURLDIGESTALGO_SHA512_256SESS -}; - /* This is used to extract the realm from a challenge message */ bool Curl_auth_digest_get_pair(const char *str, char *value, char *content, const char **endptr); diff --git a/contrib/libs/curl/lib/vquic/msh3.c b/contrib/libs/curl/lib/vquic/msh3.c index c546e0b624..8f66bcf493 100644 --- a/contrib/libs/curl/lib/vquic/msh3.c +++ b/contrib/libs/curl/lib/vquic/msh3.c @@ -27,7 +27,6 @@ #ifdef USE_MSH3 #include "urldata.h" -#include "curl_printf.h" #include "timeval.h" #include "multiif.h" #include "sendf.h" @@ -35,6 +34,11 @@ #include "h2h3.h" #error #include "msh3.h" +/* The last 3 #include files should be in this order */ +#include "curl_printf.h" +#include "curl_memory.h" +#include "memdebug.h" + /* #define DEBUG_HTTP3 1 */ #ifdef DEBUG_HTTP3 #define H3BUGF(x) x @@ -222,13 +226,8 @@ static unsigned int msh3_conncheck(struct Curl_easy *data, return CONNRESULT_NONE; } -static void msh3_cleanup(struct quicsocket *qs, struct HTTP *stream) +static void disconnect(struct quicsocket *qs) { - if(stream && stream->recv_buf) { - free(stream->recv_buf); - stream->recv_buf = ZERO_NULL; - msh3_lock_uninitialize(&stream->recv_lock); - } if(qs->conn) { MsH3ConnectionClose(qs->conn); qs->conn = ZERO_NULL; @@ -242,18 +241,20 @@ static void msh3_cleanup(struct quicsocket *qs, struct HTTP *stream) static CURLcode msh3_disconnect(struct Curl_easy *data, struct connectdata *conn, bool dead_connection) { + (void)data; (void)dead_connection; H3BUGF(infof(data, "disconnecting (msh3)")); - msh3_cleanup(conn->quic, data->req.p.http); + disconnect(conn->quic); return CURLE_OK; } void Curl_quic_disconnect(struct Curl_easy *data, struct connectdata *conn, int tempindex) { + (void)data; if(conn->transport == TRNSPRT_QUIC) { - H3BUGF(infof(data, "disconnecting (curl)")); - msh3_cleanup(&conn->hequic[tempindex], data->req.p.http); + H3BUGF(infof(data, "disconnecting QUIC index %u", tempindex)); + disconnect(&conn->hequic[tempindex]); } } @@ -288,7 +289,6 @@ static void MSH3_CALL msh3_header_received(MSH3_REQUEST *Request, struct HTTP *stream = IfContext; size_t total_len; (void)Request; - H3BUGF(printf("* msh3_header_received\n")); if(stream->recv_header_complete) { H3BUGF(printf("* ignoring header after data\n")); @@ -490,9 +490,19 @@ CURLcode Curl_quic_done_sending(struct Curl_easy *data) void Curl_quic_done(struct Curl_easy *data, bool premature) { - (void)data; + struct HTTP *stream = data->req.p.http; (void)premature; H3BUGF(infof(data, "Curl_quic_done")); + if(stream) { + if(stream->recv_buf) { + Curl_safefree(stream->recv_buf); + msh3_lock_uninitialize(&stream->recv_lock); + } + if(stream->req) { + MsH3RequestClose(stream->req); + stream->req = ZERO_NULL; + } + } } bool Curl_quic_data_pending(const struct Curl_easy *data) diff --git a/contrib/libs/curl/lib/vquic/ngtcp2.c b/contrib/libs/curl/lib/vquic/ngtcp2.c index c236d93b0b..11787cee5f 100644 --- a/contrib/libs/curl/lib/vquic/ngtcp2.c +++ b/contrib/libs/curl/lib/vquic/ngtcp2.c @@ -38,6 +38,9 @@ #elif defined(USE_GNUTLS) #error #include <ngtcp2/ngtcp2_crypto_gnutls.h> #include "vtls/gtls.h" +#elif defined(USE_WOLFSSL) +#error #include <ngtcp2/ngtcp2_crypto_wolfssl.h> +#include "vtls/wolfssl.h" #endif #include "urldata.h" #include "sendf.h" @@ -101,6 +104,11 @@ struct h3out { "+CHACHA20-POLY1305:+AES-128-CCM:-GROUP-ALL:+GROUP-SECP256R1:" \ "+GROUP-X25519:+GROUP-SECP384R1:+GROUP-SECP521R1:" \ "%DISABLE_TLS13_COMPAT_MODE" +#elif defined(USE_WOLFSSL) +#define QUIC_CIPHERS \ + "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_" \ + "POLY1305_SHA256:TLS_AES_128_CCM_SHA256" +#define QUIC_GROUPS "P-256:P-384:P-521" #endif /* ngtcp2 default congestion controller does not perform pacing. Limit @@ -113,7 +121,7 @@ static CURLcode ng_process_ingress(struct Curl_easy *data, static CURLcode ng_flush_egress(struct Curl_easy *data, int sockfd, struct quicsocket *qs); static int cb_h3_acked_stream_data(nghttp3_conn *conn, int64_t stream_id, - size_t datalen, void *user_data, + uint64_t datalen, void *user_data, void *stream_user_data); static ngtcp2_conn *get_conn(ngtcp2_crypto_conn_ref *conn_ref) @@ -202,6 +210,14 @@ static int keylog_callback(gnutls_session_t session, const char *label, Curl_tls_keylog_write(label, crandom.data, secret->data, secret->size); return 0; } +#elif defined(USE_WOLFSSL) +#if defined(HAVE_SECRET_CALLBACK) +static void keylog_callback(const WOLFSSL *ssl, const char *line) +{ + (void)ssl; + Curl_tls_keylog_write_line(line); +} +#endif #endif static int init_ngh3_conn(struct quicsocket *qs); @@ -395,7 +411,105 @@ static int quic_init_ssl(struct quicsocket *qs) gnutls_server_name_set(qs->ssl, GNUTLS_NAME_DNS, hostname, strlen(hostname)); return 0; } +#elif defined(USE_WOLFSSL) + +static WOLFSSL_CTX *quic_ssl_ctx(struct Curl_easy *data) +{ + struct connectdata *conn = data->conn; + WOLFSSL_CTX *ssl_ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); + + if(ngtcp2_crypto_wolfssl_configure_client_context(ssl_ctx) != 0) { + failf(data, "ngtcp2_crypto_wolfssl_configure_client_context failed"); + return NULL; + } + + wolfSSL_CTX_set_default_verify_paths(ssl_ctx); + + if(wolfSSL_CTX_set_cipher_list(ssl_ctx, QUIC_CIPHERS) != 1) { + char error_buffer[256]; + ERR_error_string_n(ERR_get_error(), error_buffer, sizeof(error_buffer)); + failf(data, "SSL_CTX_set_ciphersuites: %s", error_buffer); + return NULL; + } + + if(wolfSSL_CTX_set1_groups_list(ssl_ctx, (char *)QUIC_GROUPS) != 1) { + failf(data, "SSL_CTX_set1_groups_list failed"); + return NULL; + } + + /* Open the file if a TLS or QUIC backend has not done this before. */ + Curl_tls_keylog_open(); + if(Curl_tls_keylog_enabled()) { +#if defined(HAVE_SECRET_CALLBACK) + wolfSSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback); +#else + failf(data, "wolfSSL was built without keylog callback"); + return NULL; #endif + } + + if(conn->ssl_config.verifypeer) { + const char * const ssl_cafile = conn->ssl_config.CAfile; + const char * const ssl_capath = conn->ssl_config.CApath; + + if(ssl_cafile || ssl_capath) { + wolfSSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); + /* tell wolfSSL where to find CA certificates that are used to verify + the server's certificate. */ + if(!wolfSSL_CTX_load_verify_locations(ssl_ctx, ssl_cafile, ssl_capath)) { + /* Fail if we insist on successfully verifying the server. */ + failf(data, "error setting certificate verify locations:" + " CAfile: %s CApath: %s", + ssl_cafile ? ssl_cafile : "none", + ssl_capath ? ssl_capath : "none"); + return NULL; + } + infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); + infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); + } +#ifdef CURL_CA_FALLBACK + else { + /* verifying the peer without any CA certificates won't work so + use wolfssl's built-in default as fallback */ + wolfSSL_CTX_set_default_verify_paths(ssl_ctx); + } +#endif + } + else { + wolfSSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL); + } + + return ssl_ctx; +} + +/** SSL callbacks ***/ + +static int quic_init_ssl(struct quicsocket *qs) +{ + const uint8_t *alpn = NULL; + size_t alpnlen = 0; + /* this will need some attention when HTTPS proxy over QUIC get fixed */ + const char * const hostname = qs->conn->host.name; + + DEBUGASSERT(!qs->ssl); + qs->ssl = SSL_new(qs->sslctx); + + wolfSSL_set_app_data(qs->ssl, &qs->conn_ref); + wolfSSL_set_connect_state(qs->ssl); + wolfSSL_set_quic_use_legacy_codepoint(qs->ssl, 0); + + alpn = (const uint8_t *)H3_ALPN_H3_29 H3_ALPN_H3; + alpnlen = sizeof(H3_ALPN_H3_29) - 1 + sizeof(H3_ALPN_H3) - 1; + if(alpn) + wolfSSL_set_alpn_protos(qs->ssl, alpn, (int)alpnlen); + + /* set SNI */ + wolfSSL_UseSNI(qs->ssl, WOLFSSL_SNI_HOST_NAME, + hostname, (unsigned short)strlen(hostname)); + + return 0; +} +#endif /* defined(USE_WOLFSSL) */ static int cb_handshake_completed(ngtcp2_conn *tconn, void *user_data) { @@ -691,6 +805,10 @@ CURLcode Curl_quic_connect(struct Curl_easy *data, result = quic_set_client_cert(data, qs); if(result) return result; +#elif defined(USE_WOLFSSL) + qs->sslctx = quic_ssl_ctx(data); + if(!qs->sslctx) + return CURLE_QUIC_CONNECT_ERROR; #endif if(quic_init_ssl(qs)) @@ -818,6 +936,8 @@ static void qs_disconnect(struct quicsocket *qs) SSL_free(qs->ssl); #elif defined(USE_GNUTLS) gnutls_deinit(qs->ssl); +#elif defined(USE_WOLFSSL) + wolfSSL_free(qs->ssl); #endif qs->ssl = NULL; #ifdef USE_GNUTLS @@ -831,6 +951,8 @@ static void qs_disconnect(struct quicsocket *qs) ngtcp2_conn_del(qs->qconn); #ifdef USE_OPENSSL SSL_CTX_free(qs->sslctx); +#elif defined(USE_WOLFSSL) + wolfSSL_CTX_free(qs->sslctx); #endif } @@ -899,6 +1021,7 @@ static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id, H3BUGF(infof(data, "cb_h3_stream_close CALLED")); stream->closed = TRUE; + stream->error3 = app_error_code; Curl_expire(data, 0, EXPIRE_QUIC); /* make sure that ngh3_stream_recv is called again to complete the transfer even if there are no more packets to be received from the server. */ @@ -1010,6 +1133,10 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id, return -1; } } + + if(stream->status_code / 100 != 1) { + stream->bodystarted = TRUE; + } return 0; } @@ -1032,9 +1159,10 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id, if(token == NGHTTP3_QPACK_TOKEN__STATUS) { char line[14]; /* status line is always 13 characters long */ size_t ncopy; - int status = decode_status_code(h3val.base, h3val.len); - DEBUGASSERT(status != -1); - ncopy = msnprintf(line, sizeof(line), "HTTP/3 %03d \r\n", status); + stream->status_code = decode_status_code(h3val.base, h3val.len); + DEBUGASSERT(stream->status_code != -1); + ncopy = msnprintf(line, sizeof(line), "HTTP/3 %03d \r\n", + stream->status_code); result = write_data(stream, line, ncopy); if(result) { return -1; @@ -1064,16 +1192,36 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id, return 0; } -static int cb_h3_send_stop_sending(nghttp3_conn *conn, int64_t stream_id, - uint64_t app_error_code, - void *user_data, - void *stream_user_data) +static int cb_h3_stop_sending(nghttp3_conn *conn, int64_t stream_id, + uint64_t app_error_code, void *user_data, + void *stream_user_data) { + struct quicsocket *qs = user_data; + int rv; + (void)conn; + (void)stream_user_data; + + rv = ngtcp2_conn_shutdown_stream_read(qs->qconn, stream_id, app_error_code); + if(rv && rv != NGTCP2_ERR_STREAM_NOT_FOUND) { + return NGTCP2_ERR_CALLBACK_FAILURE; + } + + return 0; +} + +static int cb_h3_reset_stream(nghttp3_conn *conn, int64_t stream_id, + uint64_t app_error_code, void *user_data, + void *stream_user_data) { + struct quicsocket *qs = user_data; + int rv; (void)conn; - (void)stream_id; - (void)app_error_code; - (void)user_data; (void)stream_user_data; + + rv = ngtcp2_conn_shutdown_stream_write(qs->qconn, stream_id, app_error_code); + if(rv && rv != NGTCP2_ERR_STREAM_NOT_FOUND) { + return NGTCP2_ERR_CALLBACK_FAILURE; + } + return 0; } @@ -1088,9 +1236,9 @@ static nghttp3_callbacks ngh3_callbacks = { NULL, /* begin_trailers */ cb_h3_recv_header, NULL, /* end_trailers */ - cb_h3_send_stop_sending, + cb_h3_stop_sending, NULL, /* end_stream */ - NULL, /* reset_stream */ + cb_h3_reset_stream, NULL /* shutdown */ }; @@ -1226,6 +1374,24 @@ static ssize_t ngh3_stream_recv(struct Curl_easy *data, } if(stream->closed) { + if(stream->error3 != NGHTTP3_H3_NO_ERROR) { + failf(data, + "HTTP/3 stream %" PRId64 " was not closed cleanly: (err %" PRIu64 + ")", + stream->stream3_id, stream->error3); + *curlcode = CURLE_HTTP3; + return -1; + } + + if(!stream->bodystarted) { + failf(data, + "HTTP/3 stream %" PRId64 " was closed cleanly, but before getting" + " all response header fields, treated as error", + stream->stream3_id); + *curlcode = CURLE_HTTP3; + return -1; + } + *curlcode = CURLE_OK; return 0; } @@ -1237,7 +1403,7 @@ static ssize_t ngh3_stream_recv(struct Curl_easy *data, /* this amount of data has now been acked on this stream */ static int cb_h3_acked_stream_data(nghttp3_conn *conn, int64_t stream_id, - size_t datalen, void *user_data, + uint64_t datalen, void *user_data, void *stream_user_data) { struct Curl_easy *data = stream_user_data; @@ -1375,6 +1541,7 @@ static CURLcode http_request(struct Curl_easy *data, const void *mem, nva[i].namelen = hreq->header[i].namelen; nva[i].value = (unsigned char *)hreq->header[i].value; nva[i].valuelen = hreq->header[i].valuelen; + nva[i].flags = NGHTTP3_NV_FLAG_NONE; } } @@ -1443,6 +1610,11 @@ static ssize_t ngh3_stream_send(struct Curl_easy *data, curl_socket_t sockfd = conn->sock[sockindex]; struct HTTP *stream = data->req.p.http; + if(stream->closed) { + *curlcode = CURLE_HTTP3; + return -1; + } + if(!stream->h3req) { CURLcode result = http_request(data, mem, len); if(result) { @@ -1519,8 +1691,14 @@ static CURLcode ng_has_connected(struct Curl_easy *data, if(result) return result; infof(data, "Verified certificate just fine"); -#else +#elif defined(USE_GNUTLS) result = Curl_gtls_verifyserver(data, conn, conn->quic->ssl, FIRSTSOCKET); +#elif defined(USE_WOLFSSL) + char *snihost = Curl_ssl_snihost(data, SSL_HOST_NAME(), NULL); + if(!snihost || + (wolfSSL_check_domain_name(conn->quic->ssl, snihost) == SSL_FAILURE)) + return CURLE_PEER_FAILED_VERIFICATION; + infof(data, "Verified certificate just fine"); #endif } else @@ -1889,22 +2067,11 @@ static CURLcode ng_flush_egress(struct Curl_easy *data, switch(outlen) { case NGTCP2_ERR_STREAM_DATA_BLOCKED: assert(ndatalen == -1); - rv = nghttp3_conn_block_stream(qs->h3conn, stream_id); - if(rv) { - failf(data, "nghttp3_conn_block_stream returned error: %s\n", - nghttp3_strerror(rv)); - return CURLE_SEND_ERROR; - } + nghttp3_conn_block_stream(qs->h3conn, stream_id); continue; case NGTCP2_ERR_STREAM_SHUT_WR: assert(ndatalen == -1); - rv = nghttp3_conn_shutdown_stream_write(qs->h3conn, stream_id); - if(rv) { - failf(data, - "nghttp3_conn_shutdown_stream_write returned error: %s\n", - nghttp3_strerror(rv)); - return CURLE_SEND_ERROR; - } + nghttp3_conn_shutdown_stream_write(qs->h3conn, stream_id); continue; case NGTCP2_ERR_WRITE_MORE: assert(ndatalen >= 0); diff --git a/contrib/libs/curl/lib/vquic/quiche.c b/contrib/libs/curl/lib/vquic/quiche.c index 0755cf566a..034794f8e7 100644 --- a/contrib/libs/curl/lib/vquic/quiche.c +++ b/contrib/libs/curl/lib/vquic/quiche.c @@ -258,6 +258,7 @@ CURLcode Curl_quic_connect(struct Curl_easy *data, struct quicsocket *qs = &conn->hequic[sockindex]; char ipbuf[40]; int port; + int rv; #ifdef DEBUG_QUICHE /* initialize debug log callback only once */ @@ -303,8 +304,16 @@ CURLcode Curl_quic_connect(struct Curl_easy *data, if(result) return result; + qs->local_addrlen = sizeof(qs->local_addr); + rv = getsockname(sockfd, (struct sockaddr *)&qs->local_addr, + &qs->local_addrlen); + if(rv == -1) + return CURLE_QUIC_CONNECT_ERROR; + qs->conn = quiche_conn_new_with_tls((const uint8_t *) qs->scid, - sizeof(qs->scid), NULL, 0, addr, addrlen, + sizeof(qs->scid), NULL, 0, + (struct sockaddr *)&qs->local_addr, + qs->local_addrlen, addr, addrlen, qs->cfg, qs->ssl, false); if(!qs->conn) { failf(data, "can't create quiche connection"); @@ -478,6 +487,8 @@ static CURLcode process_ingress(struct Curl_easy *data, int sockfd, recv_info.from = (struct sockaddr *) &from; recv_info.from_len = from_len; + recv_info.to = (struct sockaddr *) &qs->local_addr; + recv_info.to_len = qs->local_addrlen; recvd = quiche_conn_recv(qs->conn, buf, recvd, &recv_info); if(recvd == QUICHE_ERR_DONE) diff --git a/contrib/libs/curl/lib/vssh/libssh.c b/contrib/libs/curl/lib/vssh/libssh.c index 14fd945ed0..331aef366b 100644 --- a/contrib/libs/curl/lib/vssh/libssh.c +++ b/contrib/libs/curl/lib/vssh/libssh.c @@ -96,6 +96,13 @@ #include "curl_memory.h" #include "memdebug.h" +/* in 0.10.0 or later, ignore deprecated warnings */ +#if defined(__GNUC__) && \ + (LIBSSH_VERSION_MINOR >= 10) || \ + (LIBSSH_VERSION_MAJOR > 0) +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" +#endif + /* A recent macro provided by libssh. Or make our own. */ #ifndef SSH_STRING_FREE_CHAR #define SSH_STRING_FREE_CHAR(x) \ @@ -2911,32 +2918,33 @@ static void sftp_quote_stat(struct Curl_easy *data) } sshc->quote_attrs->flags |= SSH_FILEXFER_ATTR_UIDGID; } - else if(strncasecompare(cmd, "atime", 5)) { + else if(strncasecompare(cmd, "atime", 5) || + strncasecompare(cmd, "mtime", 5)) { time_t date = Curl_getdate_capped(sshc->quote_path1); + bool fail = FALSE; if(date == -1) { - Curl_safefree(sshc->quote_path1); - Curl_safefree(sshc->quote_path2); - failf(data, "Syntax error: incorrect access date format"); - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = CURLE_QUOTE_ERROR; - return; + failf(data, "incorrect date format for %.*s", 5, cmd); + fail = TRUE; } - sshc->quote_attrs->atime = (uint32_t)date; - sshc->quote_attrs->flags |= SSH_FILEXFER_ATTR_ACMODTIME; - } - else if(strncasecompare(cmd, "mtime", 5)) { - time_t date = Curl_getdate_capped(sshc->quote_path1); - if(date == -1) { +#if SIZEOF_TIME_T > 4 + else if(date > 0xffffffff) { + failf(data, "date overflow"); + fail = TRUE; /* avoid setting a capped time */ + } +#endif + if(fail) { Curl_safefree(sshc->quote_path1); Curl_safefree(sshc->quote_path2); - failf(data, "Syntax error: incorrect modification date format"); state(data, SSH_SFTP_CLOSE); sshc->nextstate = SSH_NO_STATE; sshc->actualcode = CURLE_QUOTE_ERROR; return; } - sshc->quote_attrs->mtime = (uint32_t)date; + if(strncasecompare(cmd, "atime", 5)) + sshc->quote_attrs->atime = (uint32_t)date; + else /* mtime */ + sshc->quote_attrs->mtime = (uint32_t)date; + sshc->quote_attrs->flags |= SSH_FILEXFER_ATTR_ACMODTIME; } diff --git a/contrib/libs/curl/lib/vssh/libssh2.c b/contrib/libs/curl/lib/vssh/libssh2.c index 65bd26ebba..7632888b9f 100644 --- a/contrib/libs/curl/lib/vssh/libssh2.c +++ b/contrib/libs/curl/lib/vssh/libssh2.c @@ -1755,32 +1755,35 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; } } - else if(strncasecompare(cmd, "atime", 5)) { + else if(strncasecompare(cmd, "atime", 5) || + strncasecompare(cmd, "mtime", 5)) { time_t date = Curl_getdate_capped(sshc->quote_path1); + bool fail = FALSE; + if(date == -1) { - Curl_safefree(sshc->quote_path1); - Curl_safefree(sshc->quote_path2); - failf(data, "Syntax error: incorrect access date format"); - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = CURLE_QUOTE_ERROR; - break; + failf(data, "incorrect date format for %.*s", 5, cmd); + fail = TRUE; } - sshp->quote_attrs.atime = (unsigned long)date; - sshp->quote_attrs.flags = LIBSSH2_SFTP_ATTR_ACMODTIME; - } - else if(strncasecompare(cmd, "mtime", 5)) { - time_t date = Curl_getdate_capped(sshc->quote_path1); - if(date == -1) { +#if SIZEOF_TIME_T > SIZEOF_LONG + if(date > 0xffffffff) { + /* if 'long' can't old >32bit, this date cannot be sent */ + failf(data, "date overflow"); + fail = TRUE; + } +#endif + if(fail) { Curl_safefree(sshc->quote_path1); Curl_safefree(sshc->quote_path2); - failf(data, "Syntax error: incorrect modification date format"); state(data, SSH_SFTP_CLOSE); sshc->nextstate = SSH_NO_STATE; sshc->actualcode = CURLE_QUOTE_ERROR; break; } - sshp->quote_attrs.mtime = (unsigned long)date; + if(strncasecompare(cmd, "atime", 5)) + sshp->quote_attrs.atime = (unsigned long)date; + else /* mtime */ + sshp->quote_attrs.mtime = (unsigned long)date; + sshp->quote_attrs.flags = LIBSSH2_SFTP_ATTR_ACMODTIME; } @@ -2335,7 +2338,8 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) ((sshp->readdir_attrs.permissions & LIBSSH2_SFTP_S_IFMT) == LIBSSH2_SFTP_S_IFLNK)) { Curl_dyn_init(&sshp->readdir_link, PATH_MAX); - result = Curl_dyn_add(&sshp->readdir_link, sshp->path); + result = Curl_dyn_addf(&sshp->readdir_link, "%s%s", sshp->path, + sshp->readdir_filename); state(data, SSH_SFTP_READDIR_LINK); if(!result) break; diff --git a/contrib/libs/curl/lib/vtls/openssl.c b/contrib/libs/curl/lib/vtls/openssl.c index 677cfea7b3..4daae3788e 100644 --- a/contrib/libs/curl/lib/vtls/openssl.c +++ b/contrib/libs/curl/lib/vtls/openssl.c @@ -78,10 +78,6 @@ #include <openssl/buffer.h> #include <openssl/pkcs12.h> -#ifdef USE_AMISSL -#include "amigaos.h" -#endif - #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP) #include <openssl/ocsp.h> #endif @@ -797,9 +793,10 @@ int cert_stuff(struct Curl_easy *data, SSL_CTX_use_certificate_chain_file(ctx, cert_file); if(cert_use_result != 1) { failf(data, - "could not load PEM client certificate, " OSSL_PACKAGE + "could not load PEM client certificate from %s, " OSSL_PACKAGE " error %s, " "(no key found, wrong pass phrase, or wrong file format?)", + (cert_blob ? "CURLOPT_SSLCERT_BLOB" : cert_file), ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)) ); return 0; @@ -817,9 +814,10 @@ int cert_stuff(struct Curl_easy *data, SSL_CTX_use_certificate_file(ctx, cert_file, file_type); if(cert_use_result != 1) { failf(data, - "could not load ASN1 client certificate, " OSSL_PACKAGE + "could not load ASN1 client certificate from %s, " OSSL_PACKAGE " error %s, " "(no key found, wrong pass phrase, or wrong file format?)", + (cert_blob ? "CURLOPT_SSLCERT_BLOB" : cert_file), ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)) ); return 0; @@ -872,8 +870,9 @@ int cert_stuff(struct Curl_easy *data, } if(SSL_CTX_use_certificate(ctx, params.cert) != 1) { - failf(data, "unable to set client certificate"); - X509_free(params.cert); + failf(data, "unable to set client certificate [%s]", + ossl_strerror(ERR_get_error(), error_buffer, + sizeof(error_buffer))); return 0; } X509_free(params.cert); /* we don't need the handle any more... */ @@ -996,11 +995,7 @@ int cert_stuff(struct Curl_easy *data, fail: EVP_PKEY_free(pri); X509_free(x509); -#ifdef USE_AMISSL - sk_X509_pop_free(ca, Curl_amiga_X509_free); -#else sk_X509_pop_free(ca, X509_free); -#endif if(!cert_done) return 0; /* failure! */ break; @@ -4454,7 +4449,13 @@ static size_t ossl_version(char *buffer, size_t size) (LIBRESSL_VERSION_NUMBER>>12)&0xff); #endif #elif defined(OPENSSL_IS_BORINGSSL) +#ifdef CURL_BORINGSSL_VERSION + return msnprintf(buffer, size, "%s/%s", + OSSL_PACKAGE, + CURL_BORINGSSL_VERSION); +#else return msnprintf(buffer, size, OSSL_PACKAGE); +#endif #elif defined(HAVE_OPENSSL_VERSION) && defined(OPENSSL_VERSION_STRING) return msnprintf(buffer, size, "%s/%s", OSSL_PACKAGE, OpenSSL_version(OPENSSL_VERSION_STRING)); diff --git a/contrib/libs/curl/lib/vtls/schannel.h b/contrib/libs/curl/lib/vtls/schannel.h index 0b4c4d9344..e6dc0e9359 100644 --- a/contrib/libs/curl/lib/vtls/schannel.h +++ b/contrib/libs/curl/lib/vtls/schannel.h @@ -28,6 +28,28 @@ #ifdef USE_SCHANNEL +#define SCHANNEL_USE_BLACKLISTS 1 + +#ifdef _MSC_VER +#pragma warning(push) +#pragma warning(disable: 4201) +#endif +#error #include <subauth.h> +#ifdef _MSC_VER +#pragma warning(pop) +#endif +/* Wincrypt must be included before anything that could include OpenSSL. */ +#if defined(USE_WIN32_CRYPTO) +#include <wincrypt.h> +/* Undefine wincrypt conflicting symbols for BoringSSL. */ +#undef X509_NAME +#undef X509_EXTENSIONS +#undef PKCS7_ISSUER_AND_SERIAL +#undef PKCS7_SIGNER_INFO +#undef OCSP_REQUEST +#undef OCSP_RESPONSE +#endif + #include <schnlsp.h> #include <schannel.h> #include "curl_sspi.h" @@ -72,6 +94,63 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data, #endif #endif +#ifndef SCH_CREDENTIALS_VERSION + +#define SCH_CREDENTIALS_VERSION 0x00000005 + +typedef enum _eTlsAlgorithmUsage +{ + TlsParametersCngAlgUsageKeyExchange, + TlsParametersCngAlgUsageSignature, + TlsParametersCngAlgUsageCipher, + TlsParametersCngAlgUsageDigest, + TlsParametersCngAlgUsageCertSig +} eTlsAlgorithmUsage; + +typedef struct _CRYPTO_SETTINGS +{ + eTlsAlgorithmUsage eAlgorithmUsage; + UNICODE_STRING strCngAlgId; + DWORD cChainingModes; + PUNICODE_STRING rgstrChainingModes; + DWORD dwMinBitLength; + DWORD dwMaxBitLength; +} CRYPTO_SETTINGS, * PCRYPTO_SETTINGS; + +typedef struct _TLS_PARAMETERS +{ + DWORD cAlpnIds; + PUNICODE_STRING rgstrAlpnIds; + DWORD grbitDisabledProtocols; + DWORD cDisabledCrypto; + PCRYPTO_SETTINGS pDisabledCrypto; + DWORD dwFlags; +} TLS_PARAMETERS, * PTLS_PARAMETERS; + +typedef struct _SCH_CREDENTIALS +{ + DWORD dwVersion; + DWORD dwCredFormat; + DWORD cCreds; + PCCERT_CONTEXT* paCred; + HCERTSTORE hRootStore; + + DWORD cMappers; + struct _HMAPPER **aphMappers; + + DWORD dwSessionLifespan; + DWORD dwFlags; + DWORD cTlsParameters; + PTLS_PARAMETERS pTlsParameters; +} SCH_CREDENTIALS, * PSCH_CREDENTIALS; + +#define SCH_CRED_MAX_SUPPORTED_PARAMETERS 16 +#define SCH_CRED_MAX_SUPPORTED_ALPN_IDS 16 +#define SCH_CRED_MAX_SUPPORTED_CRYPTO_SETTINGS 16 +#define SCH_CRED_MAX_SUPPORTED_CHAINING_MODES 16 + +#endif + struct Curl_schannel_cred { CredHandle cred_handle; TimeStamp time_stamp; diff --git a/contrib/libs/curl/lib/vtls/vtls.c b/contrib/libs/curl/lib/vtls/vtls.c index faa1b51417..8048ba7a41 100644 --- a/contrib/libs/curl/lib/vtls/vtls.c +++ b/contrib/libs/curl/lib/vtls/vtls.c @@ -219,13 +219,13 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc) static int multissl_setup(const struct Curl_ssl *backend); #endif -int Curl_ssl_backend(void) +curl_sslbackend Curl_ssl_backend(void) { #ifdef USE_SSL multissl_setup(NULL); return Curl_ssl->info.id; #else - return (int)CURLSSLBACKEND_NONE; + return CURLSSLBACKEND_NONE; #endif } @@ -899,7 +899,7 @@ char *Curl_ssl_snihost(struct Curl_easy *data, const char *host, size_t *olen) size_t len = strlen(host); if(len && (host[len-1] == '.')) len--; - if((long)len >= data->set.buffer_size) + if(len >= data->set.buffer_size) return NULL; Curl_strntolower(data->state.buffer, host, len); diff --git a/contrib/libs/curl/lib/vtls/vtls.h b/contrib/libs/curl/lib/vtls/vtls.h index e1e58f4215..50c53b3fbd 100644 --- a/contrib/libs/curl/lib/vtls/vtls.h +++ b/contrib/libs/curl/lib/vtls/vtls.h @@ -200,7 +200,7 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc); ssl_connect_2_writing. */ int Curl_ssl_getsock(struct connectdata *conn, curl_socket_t *socks); -int Curl_ssl_backend(void); +curl_sslbackend Curl_ssl_backend(void); #ifdef USE_SSL int Curl_ssl_init(void); |