diff --git a/ChangeLog b/ChangeLog index 65fe6bd3..e4c997c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,7 +9,7 @@ dd.mm.yy hh:mm - smooth alpha 0.9.11 - upgraded fribidi to version 1.0.16 - upgraded libcpuid to version 0.6.4 - upgraded libxml2 to version 2.13.5 -- upgraded libcurl to version 8.9.1 +- upgraded libcurl to version 8.11.0 - upgraded libpng to version 1.6.44 - upgraded libwebp to version 1.4.0 - upgraded zlib to version 1.3.1 diff --git a/include/support/curl/curl.h b/include/support/curl/curl.h index 6da44ce9..21a552bc 100644 --- a/include/support/curl/curl.h +++ b/include/support/curl/curl.h @@ -30,14 +30,15 @@ */ #ifdef CURL_NO_OLDIES -#define CURL_STRICTER +#define CURL_STRICTER /* not used since 8.11.0 */ #endif /* Compile-time deprecation macros. */ -#if (defined(__GNUC__) && \ - ((__GNUC__ > 12) || ((__GNUC__ == 12) && (__GNUC_MINOR__ >= 1 ))) || \ - defined(__IAR_SYSTEMS_ICC__)) && \ - !defined(__INTEL_COMPILER) && \ +#if (defined(__GNUC__) && \ + ((__GNUC__ > 12) || ((__GNUC__ == 12) && (__GNUC_MINOR__ >= 1))) || \ + (defined(__clang__) && __clang_major__ >= 3) || \ + defined(__IAR_SYSTEMS_ICC__)) && \ + !defined(__INTEL_COMPILER) && \ !defined(CURL_DISABLE_DEPRECATION) && !defined(BUILDING_LIBCURL) #define CURL_DEPRECATED(version, message) \ __attribute__((deprecated("since " # version ". " message))) @@ -76,7 +77,7 @@ #if defined(_WIN32) && !defined(_WIN32_WCE) && !defined(__CYGWIN__) #if !(defined(_WINSOCKAPI_) || defined(_WINSOCK_H) || \ defined(__LWIP_OPT_H__) || defined(LWIP_HDR_OPT_H)) -/* The check above prevents the winsock2 inclusion if winsock.h already was +/* The check above prevents the winsock2.h inclusion if winsock.h already was included, since they cannot co-exist without problems */ #include #include @@ -113,13 +114,8 @@ extern "C" { #endif -#if defined(BUILDING_LIBCURL) || defined(CURL_STRICTER) -typedef struct Curl_easy CURL; -typedef struct Curl_share CURLSH; -#else typedef void CURL; typedef void CURLSH; -#endif /* * libcurl external API function linkage decorations. @@ -253,12 +249,12 @@ typedef int (*curl_xferinfo_callback)(void *clientp, #endif #ifndef CURL_MAX_WRITE_SIZE - /* Tests have proven that 20K is a very bad buffer size for uploads on - Windows, while 16K for some odd reason performed a lot better. - We do the ifndef check to allow this value to easier be changed at build - time for those who feel adventurous. The practical minimum is about - 400 bytes since libcurl uses a buffer of this size as a scratch area - (unrelated to network send operations). */ + /* Tests have proven that 20K is a bad buffer size for uploads on Windows, + while 16K for some odd reason performed a lot better. We do the ifndef + check to allow this value to easier be changed at build time for those + who feel adventurous. The practical minimum is about 400 bytes since + libcurl uses a buffer of this size as a scratch area (unrelated to + network send operations). */ #define CURL_MAX_WRITE_SIZE 16384 #endif @@ -721,6 +717,8 @@ typedef enum { with them. */ #define CURLOPT_WRITEINFO CURLOPT_OBSOLETE40 #define CURLOPT_CLOSEPOLICY CURLOPT_OBSOLETE72 +#define CURLOPT_OBSOLETE72 9999 +#define CURLOPT_OBSOLETE40 9999 #endif /* !CURL_NO_OLDIES */ @@ -940,6 +938,9 @@ typedef enum { a client certificate for authentication. (Schannel) */ #define CURLSSLOPT_AUTO_CLIENT_CERT (1<<5) +/* If possible, send data using TLS 1.3 early data */ +#define CURLSSLOPT_EARLYDATA (1<<6) + /* The default connection attempt delay in milliseconds for happy eyeballs. CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3 and happy-eyeballs-timeout-ms.d document this value, keep them in sync. */ @@ -1250,8 +1251,7 @@ typedef enum { /* send linked-list of post-transfer QUOTE commands */ CURLOPT(CURLOPT_POSTQUOTE, CURLOPTTYPE_SLISTPOINT, 39), - /* OBSOLETE, do not use! */ - CURLOPT(CURLOPT_OBSOLETE40, CURLOPTTYPE_OBJECTPOINT, 40), + /* 40 is not used */ /* talk a lot */ CURLOPT(CURLOPT_VERBOSE, CURLOPTTYPE_LONG, 41), @@ -1352,9 +1352,7 @@ typedef enum { /* Max amount of cached alive connections */ CURLOPT(CURLOPT_MAXCONNECTS, CURLOPTTYPE_LONG, 71), - /* OBSOLETE, do not use! */ - CURLOPT(CURLOPT_OBSOLETE72, CURLOPTTYPE_LONG, 72), - + /* 72 = OBSOLETE */ /* 73 = OBSOLETE */ /* Set to explicitly use a new connection for the upcoming transfer. @@ -1398,7 +1396,7 @@ typedef enum { operation. Set filename to "-" (dash) to make it go to stdout. */ CURLOPT(CURLOPT_COOKIEJAR, CURLOPTTYPE_STRINGPOINT, 82), - /* Specify which SSL ciphers to use */ + /* Specify which TLS 1.2 (1.1, 1.0) ciphers to use */ CURLOPT(CURLOPT_SSL_CIPHER_LIST, CURLOPTTYPE_STRINGPOINT, 83), /* Specify which HTTP version to use! This must be set to one of the @@ -2022,7 +2020,7 @@ typedef enum { /* password for the SSL private key for proxy */ CURLOPT(CURLOPT_PROXY_KEYPASSWD, CURLOPTTYPE_STRINGPOINT, 258), - /* Specify which SSL ciphers to use for proxy */ + /* Specify which TLS 1.2 (1.1, 1.0) ciphers to use for proxy */ CURLOPT(CURLOPT_PROXY_SSL_CIPHER_LIST, CURLOPTTYPE_STRINGPOINT, 259), /* CRL file for proxy */ @@ -2203,7 +2201,7 @@ typedef enum { /* specify which protocols that libcurl is allowed to follow directs to */ CURLOPT(CURLOPT_REDIR_PROTOCOLS_STR, CURLOPTTYPE_STRINGPOINT, 319), - /* websockets options */ + /* WebSockets options */ CURLOPT(CURLOPT_WS_OPTIONS, CURLOPTTYPE_LONG, 320), /* CA cache timeout */ @@ -2645,7 +2643,7 @@ CURL_EXTERN char *curl_getenv(const char *variable); * * DESCRIPTION * - * Returns a static ascii string of the libcurl version. + * Returns a static ASCII string of the libcurl version. */ CURL_EXTERN char *curl_version(void); @@ -2953,7 +2951,9 @@ typedef enum { CURLINFO_CONN_ID = CURLINFO_OFF_T + 64, CURLINFO_QUEUE_TIME_T = CURLINFO_OFF_T + 65, CURLINFO_USED_PROXY = CURLINFO_LONG + 66, - CURLINFO_LASTONE = 66 + CURLINFO_POSTTRANSFER_TIME_T = CURLINFO_OFF_T + 67, + CURLINFO_EARLYDATA_SENT_T = CURLINFO_OFF_T + 68, + CURLINFO_LASTONE = 68 } CURLINFO; /* CURLINFO_RESPONSE_CODE is the new name for the option previously known as @@ -3236,7 +3236,9 @@ CURL_EXTERN CURLcode curl_easy_pause(CURL *handle, int bitmask); #include "options.h" #include "header.h" #include "websockets.h" +#ifndef CURL_SKIP_INCLUDE_MPRINTF #include "mprintf.h" +#endif /* the typechecker does not work in C++ (yet) */ #if defined(__GNUC__) && defined(__GNUC_MINOR__) && \ diff --git a/include/support/curl/curlver.h b/include/support/curl/curlver.h index dbee9bd4..bcfe3b08 100644 --- a/include/support/curl/curlver.h +++ b/include/support/curl/curlver.h @@ -32,13 +32,13 @@ /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "8.9.1" +#define LIBCURL_VERSION "8.11.0" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 8 -#define LIBCURL_VERSION_MINOR 9 -#define LIBCURL_VERSION_PATCH 1 +#define LIBCURL_VERSION_MINOR 11 +#define LIBCURL_VERSION_PATCH 0 /* This is the numeric version of the libcurl version number, meant for easier parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will @@ -59,7 +59,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x080901 +#define LIBCURL_VERSION_NUM 0x080b00 /* * This is the date and time when the full source package was created. The @@ -70,7 +70,7 @@ * * "2007-11-23" */ -#define LIBCURL_TIMESTAMP "2024-07-31" +#define LIBCURL_TIMESTAMP "2024-11-06" #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z)) #define CURL_AT_LEAST_VERSION(x,y,z) \ diff --git a/include/support/curl/mprintf.h b/include/support/curl/mprintf.h index e6bc5bca..88059c85 100644 --- a/include/support/curl/mprintf.h +++ b/include/support/curl/mprintf.h @@ -32,13 +32,18 @@ extern "C" { #endif +#ifndef CURL_TEMP_PRINTF #if (defined(__GNUC__) || defined(__clang__) || \ defined(__IAR_SYSTEMS_ICC__)) && \ defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ !defined(CURL_NO_FMT_CHECKS) #if defined(__MINGW32__) && !defined(__clang__) +#if defined(__MINGW_PRINTF_FORMAT) /* mingw-w64 3.0.0+. Needs stdio.h. */ #define CURL_TEMP_PRINTF(fmt, arg) \ - __attribute__((format(gnu_printf, fmt, arg))) + __attribute__((format(__MINGW_PRINTF_FORMAT, fmt, arg))) +#else +#define CURL_TEMP_PRINTF(fmt, arg) +#endif #else #define CURL_TEMP_PRINTF(fmt, arg) \ __attribute__((format(printf, fmt, arg))) @@ -46,6 +51,7 @@ extern "C" { #else #define CURL_TEMP_PRINTF(fmt, arg) #endif +#endif CURL_EXTERN int curl_mprintf(const char *format, ...) CURL_TEMP_PRINTF(1, 2); diff --git a/include/support/curl/multi.h b/include/support/curl/multi.h index 7b6c351a..42469bb5 100644 --- a/include/support/curl/multi.h +++ b/include/support/curl/multi.h @@ -54,11 +54,7 @@ extern "C" { #endif -#if defined(BUILDING_LIBCURL) || defined(CURL_STRICTER) -typedef struct Curl_multi CURLM; -#else typedef void CURLM; -#endif typedef enum { CURLM_CALL_MULTI_PERFORM = -1, /* please call curl_multi_perform() or @@ -248,13 +244,13 @@ CURL_EXTERN CURLMcode curl_multi_cleanup(CURLM *multi_handle); * The data the returned pointer points to will not survive calling * curl_multi_cleanup(). * - * The 'CURLMsg' struct is meant to be very simple and only contain - * very basic information. If more involved information is wanted, - * we will provide the particular "transfer handle" in that struct - * and that should/could/would be used in subsequent - * curl_easy_getinfo() calls (or similar). The point being that we - * must never expose complex structs to applications, as then we will - * undoubtably get backwards compatibility problems in the future. + * The 'CURLMsg' struct is meant to be simple and only contain basic + * information. If more involved information is wanted, we will + * provide the particular "transfer handle" in that struct and that + * should/could/would be used in subsequent curl_easy_getinfo() calls + * (or similar). The point being that we must never expose complex + * structs to applications, as then we will undoubtably get backwards + * compatibility problems in the future. * * Returns: A pointer to a filled-in struct, or NULL if it failed or ran out * of structs. It also writes the number of messages left in the diff --git a/include/support/curl/system.h b/include/support/curl/system.h index 363914f2..e5be2568 100644 --- a/include/support/curl/system.h +++ b/include/support/curl/system.h @@ -31,7 +31,7 @@ * changed. * * In order to differentiate between platforms/compilers/architectures use - * only compiler built in predefined preprocessor symbols. + * only compiler built-in predefined preprocessor symbols. * * curl_off_t * ---------- diff --git a/libraries/libcurl/Makefile b/libraries/libcurl/Makefile index 7d412c64..2ba828ee 100644 --- a/libraries/libcurl/Makefile +++ b/libraries/libcurl/Makefile @@ -18,7 +18,7 @@ ifeq ($(BUILD_OSX),True) endif # Enter object files here: -OBJECTS = altsvc.o asyn-ares.o asyn-thread.o base64.o bufq.o bufref.o c-hyper.o cf-h1-proxy.o cf-h2-proxy.o cf-haproxy.o cf-https-connect.o cf-socket.o cfilters.o conncache.o connect.o content_encoding.o cookie.o curl_addrinfo.o curl_des.o curl_endian.o curl_fnmatch.o curl_get_line.o curl_gethostname.o curl_gssapi.o curl_memrchr.o curl_multibyte.o curl_ntlm_core.o curl_path.o curl_range.o curl_rtmp.o curl_sasl.o curl_sha512_256.o curl_sspi.o curl_threads.o curl_trc.o cw-out.o dict.o doh.o dynbuf.o dynhds.o easy.o easygetopt.o easyoptions.o escape.o file.o fileinfo.o fopen.o formdata.o ftp.o ftplistparser.o getenv.o getinfo.o gopher.o hash.o headers.o hmac.o hostasyn.o hostip.o hostip4.o hostip6.o hostsyn.o hsts.o http.o http_aws_sigv4.o http_chunks.o http_digest.o http_negotiate.o http_ntlm.o http_proxy.o http1.o http2.o idn.o if2ip.o imap.o inet_ntop.o inet_pton.o krb5.o ldap.o llist.o md4.o md5.o memdebug.o mime.o mprintf.o mqtt.o multi.o netrc.o nonblock.o noproxy.o openldap.o parsedate.o pingpong.o pop3.o progress.o psl.o rand.o rename.o request.o rtsp.o select.o sendf.o setopt.o sha256.o share.o slist.o smb.o smtp.o socks.o socks_gssapi.o socks_sspi.o speedcheck.o socketpair.o splay.o strcase.o strdup.o strerror.o strtok.o strtoofft.o telnet.o tftp.o timediff.o timeval.o transfer.o url.o urlapi.o version.o warnless.o ws.o +OBJECTS = altsvc.o asyn-ares.o asyn-thread.o base64.o bufq.o bufref.o c-hyper.o cf-h1-proxy.o cf-h2-proxy.o cf-haproxy.o cf-https-connect.o cf-socket.o cfilters.o conncache.o connect.o content_encoding.o cookie.o curl_addrinfo.o curl_des.o curl_endian.o curl_fnmatch.o curl_get_line.o curl_gethostname.o curl_gssapi.o curl_memrchr.o curl_multibyte.o curl_ntlm_core.o curl_range.o curl_rtmp.o curl_sasl.o curl_sha512_256.o curl_sspi.o curl_threads.o curl_trc.o cw-out.o dict.o doh.o dynbuf.o dynhds.o easy.o easygetopt.o easyoptions.o escape.o file.o fileinfo.o fopen.o formdata.o ftp.o ftplistparser.o getenv.o getinfo.o gopher.o hash.o headers.o hmac.o hostasyn.o hostip.o hostip4.o hostip6.o hostsyn.o hsts.o http.o http_aws_sigv4.o http_chunks.o http_digest.o http_negotiate.o http_ntlm.o http_proxy.o http1.o http2.o idn.o if2ip.o imap.o inet_ntop.o inet_pton.o krb5.o ldap.o llist.o md4.o md5.o memdebug.o mime.o mprintf.o mqtt.o multi.o netrc.o nonblock.o noproxy.o openldap.o parsedate.o pingpong.o pop3.o progress.o psl.o rand.o rename.o request.o rtsp.o select.o sendf.o setopt.o sha256.o share.o slist.o smb.o smtp.o socks.o socks_gssapi.o socks_sspi.o speedcheck.o socketpair.o splay.o strcase.o strdup.o strerror.o strtok.o strtoofft.o telnet.o tftp.o timediff.o timeval.o transfer.o url.o urlapi.o version.o warnless.o ws.o ifeq ($(BUILD_WIN32),True) OBJECTS += system_win32.o version_win32.o @@ -30,7 +30,7 @@ endif OBJECTS += vauth/cleartext.o vauth/cram.o vauth/digest.o vauth/digest_sspi.o vauth/gsasl.o vauth/krb5_gssapi.o vauth/krb5_sspi.o vauth/ntlm.o vauth/ntlm_sspi.o vauth/oauth2.o vauth/spnego_gssapi.o vauth/spnego_sspi.o vauth/vauth.o OBJECTS += vquic/curl_msh3.o vquic/curl_ngtcp2.o vquic/curl_osslq.o vquic/curl_quiche.o vquic/vquic.o vquic/vquic-tls.o -OBJECTS += vssh/libssh.o vssh/libssh2.o vssh/wolfssh.o +OBJECTS += vssh/curl_path.o vssh/libssh.o vssh/libssh2.o vssh/wolfssh.o OBJECTS += vtls/bearssl.o vtls/cipher_suite.o vtls/gtls.o vtls/hostcheck.o vtls/keylog.o vtls/mbedtls.o vtls/mbedtls_threadlock.o vtls/openssl.o vtls/rustls.o vtls/vtls.o vtls/wolfssl.o vtls/x509asn1.o ifeq ($(BUILD_WIN32),True) diff --git a/libraries/libcurl/altsvc.c b/libraries/libcurl/altsvc.c index db9749c2..ea37b0af 100644 --- a/libraries/libcurl/altsvc.c +++ b/libraries/libcurl/altsvc.c @@ -64,6 +64,8 @@ static enum alpnid alpn2alpnid(char *name) return ALPN_h2; if(strcasecompare(name, H3VERSION)) return ALPN_h3; + if(strcasecompare(name, "http/1.1")) + return ALPN_h1; return ALPN_none; /* unknown, probably rubbish input */ } @@ -92,6 +94,7 @@ static void altsvc_free(struct altsvc *as) static struct altsvc *altsvc_createid(const char *srchost, const char *dsthost, + size_t dlen, /* dsthost length */ enum alpnid srcalpnid, enum alpnid dstalpnid, unsigned int srcport, @@ -99,11 +102,9 @@ static struct altsvc *altsvc_createid(const char *srchost, { struct altsvc *as = calloc(1, sizeof(struct altsvc)); size_t hlen; - size_t dlen; if(!as) return NULL; hlen = strlen(srchost); - dlen = strlen(dsthost); DEBUGASSERT(hlen); DEBUGASSERT(dlen); if(!hlen || !dlen) { @@ -155,7 +156,8 @@ static struct altsvc *altsvc_create(char *srchost, enum alpnid srcalpnid = alpn2alpnid(srcalpn); if(!srcalpnid || !dstalpnid) return NULL; - return altsvc_createid(srchost, dsthost, srcalpnid, dstalpnid, + return altsvc_createid(srchost, dsthost, strlen(dsthost), + srcalpnid, dstalpnid, srcport, dstport); } @@ -315,10 +317,8 @@ struct altsvcinfo *Curl_altsvc_init(void) */ CURLcode Curl_altsvc_load(struct altsvcinfo *asi, const char *file) { - CURLcode result; DEBUGASSERT(asi); - result = altsvc_load(asi, file); - return result; + return altsvc_load(asi, file); } /* @@ -337,13 +337,13 @@ CURLcode Curl_altsvc_ctrl(struct altsvcinfo *asi, const long ctrl) */ void Curl_altsvc_cleanup(struct altsvcinfo **altsvcp) { - struct Curl_llist_element *e; - struct Curl_llist_element *n; if(*altsvcp) { + struct Curl_llist_node *e; + struct Curl_llist_node *n; struct altsvcinfo *altsvc = *altsvcp; - for(e = altsvc->list.head; e; e = n) { - struct altsvc *as = e->ptr; - n = e->next; + for(e = Curl_llist_head(&altsvc->list); e; e = n) { + struct altsvc *as = Curl_node_elem(e); + n = Curl_node_next(e); altsvc_free(as); } free(altsvc->filename); @@ -358,8 +358,6 @@ void Curl_altsvc_cleanup(struct altsvcinfo **altsvcp) CURLcode Curl_altsvc_save(struct Curl_easy *data, struct altsvcinfo *altsvc, const char *file) { - struct Curl_llist_element *e; - struct Curl_llist_element *n; CURLcode result = CURLE_OK; FILE *out; char *tempstore = NULL; @@ -378,12 +376,14 @@ CURLcode Curl_altsvc_save(struct Curl_easy *data, result = Curl_fopen(data, file, &out, &tempstore); if(!result) { + struct Curl_llist_node *e; + struct Curl_llist_node *n; fputs("# Your alt-svc cache. https://curl.se/docs/alt-svc.html\n" "# This file was generated by libcurl! Edit at your own risk.\n", out); - for(e = altsvc->list.head; e; e = n) { - struct altsvc *as = e->ptr; - n = e->next; + for(e = Curl_llist_head(&altsvc->list); e; e = n) { + struct altsvc *as = Curl_node_elem(e); + n = Curl_node_next(e); result = altsvc_out(as, out); if(result) break; @@ -440,15 +440,15 @@ static bool hostcompare(const char *host, const char *check) static void altsvc_flush(struct altsvcinfo *asi, enum alpnid srcalpnid, const char *srchost, unsigned short srcport) { - struct Curl_llist_element *e; - struct Curl_llist_element *n; - for(e = asi->list.head; e; e = n) { - struct altsvc *as = e->ptr; - n = e->next; + struct Curl_llist_node *e; + struct Curl_llist_node *n; + for(e = Curl_llist_head(&asi->list); e; e = n) { + struct altsvc *as = Curl_node_elem(e); + n = Curl_node_next(e); if((srcalpnid == as->src.alpnid) && (srcport == as->src.port) && hostcompare(srchost, as->src.host)) { - Curl_llist_remove(&asi->list, e, NULL); + Curl_node_remove(e); altsvc_free(as); } } @@ -490,8 +490,6 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data, unsigned short srcport) { const char *p = value; - size_t len; - char namebuf[MAX_ALTSVC_HOSTLEN] = ""; char alpnbuf[MAX_ALTSVC_ALPNLEN] = ""; struct altsvc *as; unsigned short dstport = srcport; /* the same by default */ @@ -521,6 +519,7 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data, p++; if(*p == '\"') { const char *dsthost = ""; + size_t dstlen = 0; /* destination hostname length */ const char *value_ptr; char option[32]; unsigned long num; @@ -535,32 +534,31 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data, const char *hostp = p; if(*p == '[') { /* pass all valid IPv6 letters - does not handle zone id */ - len = strspn(++p, "0123456789abcdefABCDEF:."); - if(p[len] != ']') + dstlen = strspn(++p, "0123456789abcdefABCDEF:."); + if(p[dstlen] != ']') /* invalid host syntax, bail out */ break; /* we store the IPv6 numerical address *with* brackets */ - len += 2; - p = &p[len-1]; + dstlen += 2; + p = &p[dstlen-1]; } else { while(*p && (ISALNUM(*p) || (*p == '.') || (*p == '-'))) p++; - len = p - hostp; + dstlen = p - hostp; } - if(!len || (len >= MAX_ALTSVC_HOSTLEN)) { + if(!dstlen || (dstlen >= MAX_ALTSVC_HOSTLEN)) { infof(data, "Excessive alt-svc hostname, ignoring."); valid = FALSE; } else { - memcpy(namebuf, hostp, len); - namebuf[len] = 0; - dsthost = namebuf; + dsthost = hostp; } } else { /* no destination name, use source host */ dsthost = srchost; + dstlen = strlen(srchost); } if(*p == ':') { unsigned long port = 0; @@ -635,7 +633,7 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data, this is the first entry of the line. */ altsvc_flush(asi, srcalpnid, srchost, srcport); - as = altsvc_createid(srchost, dsthost, + as = altsvc_createid(srchost, dsthost, dstlen, srcalpnid, dstalpnid, srcport, dstport); if(as) { @@ -677,19 +675,19 @@ bool Curl_altsvc_lookup(struct altsvcinfo *asi, struct altsvc **dstentry, const int versions) /* one or more bits */ { - struct Curl_llist_element *e; - struct Curl_llist_element *n; + struct Curl_llist_node *e; + struct Curl_llist_node *n; time_t now = time(NULL); DEBUGASSERT(asi); DEBUGASSERT(srchost); DEBUGASSERT(dstentry); - for(e = asi->list.head; e; e = n) { - struct altsvc *as = e->ptr; - n = e->next; + for(e = Curl_llist_head(&asi->list); e; e = n) { + struct altsvc *as = Curl_node_elem(e); + n = Curl_node_next(e); if(as->expires < now) { /* an expired entry, remove */ - Curl_llist_remove(&asi->list, e, NULL); + Curl_node_remove(e); altsvc_free(as); continue; } diff --git a/libraries/libcurl/altsvc.h b/libraries/libcurl/altsvc.h index 58f1905d..48999efb 100644 --- a/libraries/libcurl/altsvc.h +++ b/libraries/libcurl/altsvc.h @@ -48,7 +48,7 @@ struct altsvc { time_t expires; bool persist; unsigned int prio; - struct Curl_llist_element node; + struct Curl_llist_node node; }; struct altsvcinfo { diff --git a/libraries/libcurl/asyn-ares.c b/libraries/libcurl/asyn-ares.c index 782e3ac6..ae436f23 100644 --- a/libraries/libcurl/asyn-ares.c +++ b/libraries/libcurl/asyn-ares.c @@ -290,23 +290,14 @@ static void destroy_async_data(struct Curl_async *async) int Curl_resolver_getsock(struct Curl_easy *data, curl_socket_t *socks) { - struct timeval maxtime; + struct timeval maxtime = { CURL_TIMEOUT_RESOLVE, 0 }; struct timeval timebuf; - struct timeval *timeout; - long milli; int max = ares_getsock((ares_channel)data->state.async.resolver, (ares_socket_t *)socks, MAX_SOCKSPEREASYHANDLE); - - maxtime.tv_sec = CURL_TIMEOUT_RESOLVE; - maxtime.tv_usec = 0; - - timeout = ares_timeout((ares_channel)data->state.async.resolver, &maxtime, - &timebuf); - milli = (long)curlx_tvtoms(timeout); - if(milli == 0) - milli += 10; + struct timeval *timeout = + ares_timeout((ares_channel)data->state.async.resolver, &maxtime, &timebuf); + timediff_t milli = curlx_tvtoms(timeout); Curl_expire(data, milli, EXPIRE_ASYNC_NAME); - return max; } @@ -366,10 +357,10 @@ static int waitperform(struct Curl_easy *data, timediff_t timeout_ms) /* move through the descriptors and ask for processing on them */ for(i = 0; i < num; i++) ares_process_fd((ares_channel)data->state.async.resolver, - (pfd[i].revents & (POLLRDNORM|POLLIN))? - pfd[i].fd:ARES_SOCKET_BAD, - (pfd[i].revents & (POLLWRNORM|POLLOUT))? - pfd[i].fd:ARES_SOCKET_BAD); + (pfd[i].revents & (POLLRDNORM|POLLIN)) ? + pfd[i].fd : ARES_SOCKET_BAD, + (pfd[i].revents & (POLLWRNORM|POLLOUT)) ? + pfd[i].fd : ARES_SOCKET_BAD); } return nfds; } @@ -801,7 +792,7 @@ struct Curl_addrinfo *Curl_resolver_getaddrinfo(struct Curl_easy *data, } #endif /* CURLRES_IPV6 */ hints.ai_family = pf; - hints.ai_socktype = (data->conn->transport == TRNSPRT_TCP)? + hints.ai_socktype = (data->conn->transport == TRNSPRT_TCP) ? SOCK_STREAM : SOCK_DGRAM; /* Since the service is a numerical one, set the hint flags * accordingly to save a call to getservbyname in inside C-Ares diff --git a/libraries/libcurl/asyn-thread.c b/libraries/libcurl/asyn-thread.c index d91152fd..a58e4b79 100644 --- a/libraries/libcurl/asyn-thread.c +++ b/libraries/libcurl/asyn-thread.c @@ -54,7 +54,6 @@ # define RESOLVER_ENOMEM ENOMEM #endif -#include "system_win32.h" #include "urldata.h" #include "sendf.h" #include "hostip.h" @@ -145,22 +144,9 @@ static bool init_resolve_thread(struct Curl_easy *data, const char *hostname, int port, const struct addrinfo *hints); -#ifdef _WIN32 -/* Thread sync data used by GetAddrInfoExW for win8+ */ -struct thread_sync_data_w8 -{ - OVERLAPPED overlapped; - ADDRINFOEXW_ *res; - HANDLE cancel_ev; - ADDRINFOEXW_ hints; -}; -#endif /* Data for synchronization between resolver thread and its parent */ struct thread_sync_data { -#ifdef _WIN32 - struct thread_sync_data_w8 w8; -#endif curl_mutex_t *mtx; int done; int port; @@ -179,9 +165,6 @@ struct thread_sync_data { }; struct thread_data { -#ifdef _WIN32 - HANDLE complete_ev; -#endif curl_thread_t thread_hnd; unsigned int poll_interval; timediff_t interval_end; @@ -293,162 +276,6 @@ static CURLcode getaddrinfo_complete(struct Curl_easy *data) return result; } -#ifdef _WIN32 -static VOID WINAPI -query_complete(DWORD err, DWORD bytes, LPWSAOVERLAPPED overlapped) -{ - size_t ss_size; - const ADDRINFOEXW_ *ai; - struct Curl_addrinfo *ca; - struct Curl_addrinfo *cafirst = NULL; - struct Curl_addrinfo *calast = NULL; -#ifndef CURL_DISABLE_SOCKETPAIR -#ifdef USE_EVENTFD - const void *buf; - const uint64_t val = 1; -#else - char buf[1]; -#endif -#endif -#ifdef __clang__ -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wcast-align" -#endif - struct thread_sync_data *tsd = - CONTAINING_RECORD(overlapped, struct thread_sync_data, w8.overlapped); -#ifdef __clang__ -#pragma clang diagnostic pop -#endif - struct thread_data *td = tsd->td; - const ADDRINFOEXW_ *res = tsd->w8.res; - int error = (int)err; - (void)bytes; - - if(error == ERROR_SUCCESS) { - /* traverse the addrinfo list */ - - for(ai = res; ai != NULL; ai = ai->ai_next) { - size_t namelen = ai->ai_canonname ? wcslen(ai->ai_canonname) + 1 : 0; - /* ignore elements with unsupported address family, */ - /* settle family-specific sockaddr structure size. */ - if(ai->ai_family == AF_INET) - ss_size = sizeof(struct sockaddr_in); -#ifdef USE_IPV6 - else if(ai->ai_family == AF_INET6) - ss_size = sizeof(struct sockaddr_in6); -#endif - else - continue; - - /* ignore elements without required address info */ - if(!ai->ai_addr || !(ai->ai_addrlen > 0)) - continue; - - /* ignore elements with bogus address size */ - if((size_t)ai->ai_addrlen < ss_size) - continue; - - ca = malloc(sizeof(struct Curl_addrinfo) + ss_size + namelen); - if(!ca) { - error = EAI_MEMORY; - break; - } - - /* copy each structure member individually, member ordering, */ - /* size, or padding might be different for each platform. */ - ca->ai_flags = ai->ai_flags; - ca->ai_family = ai->ai_family; - ca->ai_socktype = ai->ai_socktype; - ca->ai_protocol = ai->ai_protocol; - ca->ai_addrlen = (curl_socklen_t)ss_size; - ca->ai_addr = NULL; - ca->ai_canonname = NULL; - ca->ai_next = NULL; - - ca->ai_addr = (void *)((char *)ca + sizeof(struct Curl_addrinfo)); - memcpy(ca->ai_addr, ai->ai_addr, ss_size); - - if(namelen) { - size_t i; - ca->ai_canonname = (void *)((char *)ca->ai_addr + ss_size); - for(i = 0; i < namelen; ++i) /* convert wide string to ascii */ - ca->ai_canonname[i] = (char)ai->ai_canonname[i]; - ca->ai_canonname[namelen] = '\0'; - } - - /* if the return list is empty, this becomes the first element */ - if(!cafirst) - cafirst = ca; - - /* add this element last in the return list */ - if(calast) - calast->ai_next = ca; - calast = ca; - } - - /* if we failed, also destroy the Curl_addrinfo list */ - if(error) { - Curl_freeaddrinfo(cafirst); - cafirst = NULL; - } - else if(!cafirst) { -#ifdef EAI_NONAME - /* rfc3493 conformant */ - error = EAI_NONAME; -#else - /* rfc3493 obsoleted */ - error = EAI_NODATA; -#endif -#ifdef USE_WINSOCK - SET_SOCKERRNO(error); -#endif - } - tsd->res = cafirst; - } - - if(tsd->w8.res) { - Curl_FreeAddrInfoExW(tsd->w8.res); - tsd->w8.res = NULL; - } - - if(error) { - tsd->sock_error = SOCKERRNO?SOCKERRNO:error; - if(tsd->sock_error == 0) - tsd->sock_error = RESOLVER_ENOMEM; - } - else { - Curl_addrinfo_set_port(tsd->res, tsd->port); - } - - Curl_mutex_acquire(tsd->mtx); - if(tsd->done) { - /* too late, gotta clean up the mess */ - Curl_mutex_release(tsd->mtx); - destroy_thread_sync_data(tsd); - free(td); - } - else { -#ifndef CURL_DISABLE_SOCKETPAIR - if(tsd->sock_pair[1] != CURL_SOCKET_BAD) { -#ifdef USE_EVENTFD - buf = &val; -#else - buf[0] = 1; -#endif - /* DNS has been resolved, signal client task */ - if(wakeup_write(tsd->sock_pair[1], buf, sizeof(buf)) < 0) { - /* update sock_erro to errno */ - tsd->sock_error = SOCKERRNO; - } - } -#endif - tsd->done = 1; - Curl_mutex_release(tsd->mtx); - if(td->complete_ev) - SetEvent(td->complete_ev); /* Notify caller that the query completed */ - } -} -#endif #ifdef HAVE_GETADDRINFO @@ -459,7 +286,7 @@ query_complete(DWORD err, DWORD bytes, LPWSAOVERLAPPED overlapped) * and wait on it. */ static -#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) +#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_UWP) DWORD #else unsigned int @@ -484,7 +311,7 @@ CURL_STDCALL getaddrinfo_thread(void *arg) rc = Curl_getaddrinfo_ex(tsd->hostname, service, &tsd->hints, &tsd->res); if(rc) { - tsd->sock_error = SOCKERRNO?SOCKERRNO:rc; + tsd->sock_error = SOCKERRNO ? SOCKERRNO : rc; if(tsd->sock_error == 0) tsd->sock_error = RESOLVER_ENOMEM; } @@ -527,7 +354,7 @@ CURL_STDCALL getaddrinfo_thread(void *arg) * gethostbyname_thread() resolves a name and then exits. */ static -#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) +#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_UWP) DWORD #else unsigned int @@ -585,26 +412,9 @@ static void destroy_async_data(struct Curl_async *async) Curl_mutex_release(td->tsd.mtx); if(!done) { -#ifdef _WIN32 - if(td->complete_ev) { - CloseHandle(td->complete_ev); - td->complete_ev = NULL; - } -#endif - if(td->thread_hnd != curl_thread_t_null) { - Curl_thread_destroy(td->thread_hnd); - td->thread_hnd = curl_thread_t_null; - } + Curl_thread_destroy(td->thread_hnd); } else { -#ifdef _WIN32 - if(td->complete_ev) { - Curl_GetAddrInfoExCancel(&td->tsd.w8.cancel_ev); - WaitForSingleObject(td->complete_ev, INFINITE); - CloseHandle(td->complete_ev); - td->complete_ev = NULL; - } -#endif if(td->thread_hnd != curl_thread_t_null) Curl_thread_join(&td->thread_hnd); @@ -650,9 +460,6 @@ static bool init_resolve_thread(struct Curl_easy *data, asp->status = 0; asp->dns = NULL; td->thread_hnd = curl_thread_t_null; -#ifdef _WIN32 - td->complete_ev = NULL; -#endif if(!init_thread_sync_data(td, hostname, port, hints)) { asp->tdata = NULL; @@ -668,42 +475,6 @@ static bool init_resolve_thread(struct Curl_easy *data, /* The thread will set this to 1 when complete. */ td->tsd.done = 0; -#ifdef _WIN32 - if(Curl_isWindows8OrGreater && Curl_FreeAddrInfoExW && - Curl_GetAddrInfoExCancel && Curl_GetAddrInfoExW && - !Curl_win32_impersonating()) { -#define MAX_NAME_LEN 256 /* max domain name is 253 chars */ -#define MAX_PORT_LEN 8 - WCHAR namebuf[MAX_NAME_LEN]; - WCHAR portbuf[MAX_PORT_LEN]; - /* calculate required length */ - int w_len = MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, hostname, - -1, NULL, 0); - if((w_len > 0) && (w_len < MAX_NAME_LEN)) { - /* do utf8 conversion */ - w_len = MultiByteToWideChar(CP_UTF8, 0, hostname, -1, namebuf, w_len); - if((w_len > 0) && (w_len < MAX_NAME_LEN)) { - swprintf(portbuf, MAX_PORT_LEN, L"%d", port); - td->tsd.w8.hints.ai_family = hints->ai_family; - td->tsd.w8.hints.ai_socktype = hints->ai_socktype; - td->complete_ev = CreateEvent(NULL, TRUE, FALSE, NULL); - if(!td->complete_ev) { - /* failed to start, mark it as done here for proper cleanup. */ - td->tsd.done = 1; - goto err_exit; - } - err = Curl_GetAddrInfoExW(namebuf, portbuf, NS_DNS, - NULL, &td->tsd.w8.hints, &td->tsd.w8.res, - NULL, &td->tsd.w8.overlapped, - &query_complete, &td->tsd.w8.cancel_ev); - if(err != WSA_IO_PENDING) - query_complete((DWORD)err, 0, &td->tsd.w8.overlapped); - return TRUE; - } - } - } -#endif - #ifdef HAVE_GETADDRINFO td->thread_hnd = Curl_thread_create(getaddrinfo_thread, &td->tsd); #else @@ -740,23 +511,9 @@ static CURLcode thread_wait_resolv(struct Curl_easy *data, DEBUGASSERT(data); td = data->state.async.tdata; DEBUGASSERT(td); -#ifdef _WIN32 - DEBUGASSERT(td->complete_ev || td->thread_hnd != curl_thread_t_null); -#else DEBUGASSERT(td->thread_hnd != curl_thread_t_null); -#endif /* wait for the thread to resolve the name */ -#ifdef _WIN32 - if(td->complete_ev) { - WaitForSingleObject(td->complete_ev, INFINITE); - CloseHandle(td->complete_ev); - td->complete_ev = NULL; - if(entry) - result = getaddrinfo_complete(data); - } - else -#endif if(Curl_thread_join(&td->thread_hnd)) { if(entry) result = getaddrinfo_complete(data); @@ -793,13 +550,6 @@ void Curl_resolver_kill(struct Curl_easy *data) /* If we are still resolving, we must wait for the threads to fully clean up, unfortunately. Otherwise, we can simply cancel to clean up any resolver data. */ -#ifdef _WIN32 - if(td && td->complete_ev) { - Curl_GetAddrInfoExCancel(&td->tsd.w8.cancel_ev); - (void)thread_wait_resolv(data, NULL, FALSE); - } - else -#endif if(td && td->thread_hnd != curl_thread_t_null && (data->set.quick_exit != 1L)) (void)thread_wait_resolv(data, NULL, FALSE); @@ -978,7 +728,7 @@ struct Curl_addrinfo *Curl_resolver_getaddrinfo(struct Curl_easy *data, memset(&hints, 0, sizeof(hints)); hints.ai_family = pf; - hints.ai_socktype = (data->conn->transport == TRNSPRT_TCP)? + hints.ai_socktype = (data->conn->transport == TRNSPRT_TCP) ? SOCK_STREAM : SOCK_DGRAM; reslv->start = Curl_now(); diff --git a/libraries/libcurl/bufq.c b/libraries/libcurl/bufq.c index c3245516..547d4d37 100644 --- a/libraries/libcurl/bufq.c +++ b/libraries/libcurl/bufq.c @@ -91,6 +91,23 @@ static size_t chunk_read(struct buf_chunk *chunk, } } +static size_t chunk_unwrite(struct buf_chunk *chunk, size_t len) +{ + size_t n = chunk->w_offset - chunk->r_offset; + DEBUGASSERT(chunk->w_offset >= chunk->r_offset); + if(!n) { + return 0; + } + else if(n <= len) { + chunk->r_offset = chunk->w_offset = 0; + return n; + } + else { + chunk->w_offset -= len; + return len; + } +} + static ssize_t chunk_slurpn(struct buf_chunk *chunk, size_t max_len, Curl_bufq_reader *reader, void *reader_ctx, CURLcode *err) @@ -363,6 +380,49 @@ static void prune_head(struct bufq *q) } } +static struct buf_chunk *chunk_prev(struct buf_chunk *head, + struct buf_chunk *chunk) +{ + while(head) { + if(head == chunk) + return NULL; + if(head->next == chunk) + return head; + head = head->next; + } + return NULL; +} + +static void prune_tail(struct bufq *q) +{ + struct buf_chunk *chunk; + + while(q->tail && chunk_is_empty(q->tail)) { + chunk = q->tail; + q->tail = chunk_prev(q->head, chunk); + if(q->tail) + q->tail->next = NULL; + if(q->head == chunk) + q->head = q->tail; + if(q->pool) { + bufcp_put(q->pool, chunk); + --q->chunk_count; + } + else if((q->chunk_count > q->max_chunks) || + (q->opts & BUFQ_OPT_NO_SPARES)) { + /* SOFT_LIMIT allowed us more than max. free spares until + * we are at max again. Or free them if we are configured + * to not use spares. */ + free(chunk); + --q->chunk_count; + } + else { + chunk->next = q->spare; + q->spare = chunk; + } + } +} + static struct buf_chunk *get_non_full_tail(struct bufq *q) { struct buf_chunk *chunk; @@ -424,10 +484,19 @@ CURLcode Curl_bufq_cwrite(struct bufq *q, ssize_t n; CURLcode result; n = Curl_bufq_write(q, (const unsigned char *)buf, len, &result); - *pnwritten = (n < 0)? 0 : (size_t)n; + *pnwritten = (n < 0) ? 0 : (size_t)n; return result; } +CURLcode Curl_bufq_unwrite(struct bufq *q, size_t len) +{ + while(len && q->tail) { + len -= chunk_unwrite(q->tail, len); + prune_tail(q); + } + return len ? CURLE_AGAIN : CURLE_OK; +} + ssize_t Curl_bufq_read(struct bufq *q, unsigned char *buf, size_t len, CURLcode *err) { @@ -457,7 +526,7 @@ CURLcode Curl_bufq_cread(struct bufq *q, char *buf, size_t len, ssize_t n; CURLcode result; n = Curl_bufq_read(q, (unsigned char *)buf, len, &result); - *pnread = (n < 0)? 0 : (size_t)n; + *pnread = (n < 0) ? 0 : (size_t)n; return result; } diff --git a/libraries/libcurl/bufq.h b/libraries/libcurl/bufq.h index 87ffa45d..ec415648 100644 --- a/libraries/libcurl/bufq.h +++ b/libraries/libcurl/bufq.h @@ -182,6 +182,12 @@ CURLcode Curl_bufq_cwrite(struct bufq *q, const char *buf, size_t len, size_t *pnwritten); +/** + * Remove `len` bytes from the end of the buffer queue again. + * Returns CURLE_AGAIN if less than `len` bytes were in the queue. + */ +CURLcode Curl_bufq_unwrite(struct bufq *q, size_t len); + /** * Read buf from the start of the buffer queue. The buf is copied * and the amount of copied bytes is returned. diff --git a/libraries/libcurl/c-hyper.c b/libraries/libcurl/c-hyper.c index 3008d9a1..2b8eb957 100644 --- a/libraries/libcurl/c-hyper.c +++ b/libraries/libcurl/c-hyper.c @@ -119,7 +119,7 @@ size_t Curl_hyper_send(void *userp, hyper_context *ctx, DEBUGF(infof(data, "Curl_hyper_send(%zu)", buflen)); result = Curl_conn_send(data, io_ctx->sockindex, - (void *)buf, buflen, &nwrote); + (void *)buf, buflen, FALSE, &nwrote); if(result == CURLE_AGAIN) { DEBUGF(infof(data, "Curl_hyper_send(%zu) -> EAGAIN", buflen)); /* would block, register interest */ @@ -274,7 +274,7 @@ static CURLcode status_line(struct Curl_easy *data, /* We need to set 'httpcodeq' for functions that check the response code in a single place. */ data->req.httpcode = http_status; - data->req.httpversion = http_version == HYPER_HTTP_VERSION_1_1? 11 : + data->req.httpversion = http_version == HYPER_HTTP_VERSION_1_1 ? 11 : (http_version == HYPER_HTTP_VERSION_2 ? 20 : 10); if(data->state.hconnect) /* CONNECT */ @@ -352,6 +352,8 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, (void)conn; if(data->hyp.send_body_waker) { + /* If there is still something to upload, wake it to give it + * another try. */ hyper_waker_wake(data->hyp.send_body_waker); data->hyp.send_body_waker = NULL; } @@ -367,7 +369,7 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, h->write_waker = NULL; } - do { + while(1) { hyper_task_return_type t; task = hyper_executor_poll(h->exec); if(!task) { @@ -391,22 +393,22 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, switch(code) { case HYPERE_ABORTED_BY_CALLBACK: result = CURLE_OK; - break; + goto out; case HYPERE_UNEXPECTED_EOF: if(!data->req.bytecount) result = CURLE_GOT_NOTHING; else result = CURLE_RECV_ERROR; - break; + goto out; case HYPERE_INVALID_PEER_MESSAGE: /* bump headerbytecount to avoid the count remaining at zero and appearing to not having read anything from the peer at all */ data->req.headerbytecount++; result = CURLE_UNSUPPORTED_PROTOCOL; /* maybe */ - break; + goto out; default: result = CURLE_RECV_ERROR; - break; + goto out; } } data->req.done = TRUE; @@ -416,7 +418,7 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, else if(t == HYPER_TASK_EMPTY) { void *userdata = hyper_task_userdata(task); hyper_task_free(task); - if((userdata_t)userdata == USERDATA_RESP_BODY) { + if(userdata == (void *)USERDATA_RESP_BODY) { /* end of transfer */ data->req.done = TRUE; infof(data, "hyperstream is done"); @@ -428,103 +430,115 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, } else { /* A background task for hyper; ignore */ + DEBUGF(infof(data, "hyper: some background task done")); continue; } } + else if(t == HYPER_TASK_RESPONSE) { + resp = hyper_task_value(task); + hyper_task_free(task); - DEBUGASSERT(HYPER_TASK_RESPONSE); - - resp = hyper_task_value(task); - hyper_task_free(task); + *didwhat = KEEP_RECV; + if(!resp) { + failf(data, "hyperstream: could not get response"); + result = CURLE_RECV_ERROR; + goto out; + } - *didwhat = KEEP_RECV; - if(!resp) { - failf(data, "hyperstream: could not get response"); - return CURLE_RECV_ERROR; - } + http_status = hyper_response_status(resp); + http_version = hyper_response_version(resp); + reasonp = hyper_response_reason_phrase(resp); + reason_len = hyper_response_reason_phrase_len(resp); - http_status = hyper_response_status(resp); - http_version = hyper_response_version(resp); - reasonp = hyper_response_reason_phrase(resp); - reason_len = hyper_response_reason_phrase_len(resp); + if(http_status == 417 && Curl_http_exp100_is_selected(data)) { + infof(data, "Got 417 while waiting for a 100"); + data->state.disableexpect = TRUE; + data->req.newurl = strdup(data->state.url); + Curl_req_abort_sending(data); + } - if(http_status == 417 && Curl_http_exp100_is_selected(data)) { - infof(data, "Got 417 while waiting for a 100"); - data->state.disableexpect = TRUE; - data->req.newurl = strdup(data->state.url); - Curl_req_abort_sending(data); - } + result = status_line(data, conn, + http_status, http_version, reasonp, reason_len); + if(result) + goto out; - result = status_line(data, conn, - http_status, http_version, reasonp, reason_len); - if(result) - break; + headers = hyper_response_headers(resp); + if(!headers) { + failf(data, "hyperstream: could not get response headers"); + result = CURLE_RECV_ERROR; + goto out; + } - headers = hyper_response_headers(resp); - if(!headers) { - failf(data, "hyperstream: could not get response headers"); - result = CURLE_RECV_ERROR; - break; - } + /* the headers are already received */ + hyper_headers_foreach(headers, hyper_each_header, data); + if(data->state.hresult) { + result = data->state.hresult; + goto out; + } - /* the headers are already received */ - hyper_headers_foreach(headers, hyper_each_header, data); - if(data->state.hresult) { - result = data->state.hresult; - break; - } + result = empty_header(data); + if(result) + goto out; + + k->deductheadercount = + (100 <= http_status && 199 >= http_status) ? k->headerbytecount : 0; +#ifndef CURL_DISABLE_WEBSOCKETS + if(k->upgr101 == UPGR101_WS) { + if(http_status == 101) { + /* verify the response */ + result = Curl_ws_accept(data, NULL, 0); + if(result) + goto out; + } + else { + failf(data, "Expected 101, got %u", k->httpcode); + result = CURLE_HTTP_RETURNED_ERROR; + goto out; + } + } +#endif - result = empty_header(data); - if(result) - break; + /* Curl_http_auth_act() checks what authentication methods that are + * available and decides which one (if any) to use. It will set 'newurl' + * if an auth method was picked. */ + result = Curl_http_auth_act(data); + if(result) + goto out; - k->deductheadercount = - (100 <= http_status && 199 >= http_status)?k->headerbytecount:0; -#ifdef USE_WEBSOCKETS - if(k->upgr101 == UPGR101_WS) { - if(http_status == 101) { - /* verify the response */ - result = Curl_ws_accept(data, NULL, 0); - if(result) - return result; + resp_body = hyper_response_body(resp); + if(!resp_body) { + failf(data, "hyperstream: could not get response body"); + result = CURLE_RECV_ERROR; + goto out; } - else { - failf(data, "Expected 101, got %u", k->httpcode); - result = CURLE_HTTP_RETURNED_ERROR; - break; + foreach = hyper_body_foreach(resp_body, hyper_body_chunk, data); + if(!foreach) { + failf(data, "hyperstream: body foreach failed"); + result = CURLE_OUT_OF_MEMORY; + goto out; + } + hyper_task_set_userdata(foreach, (void *)USERDATA_RESP_BODY); + if(HYPERE_OK != hyper_executor_push(h->exec, foreach)) { + failf(data, "Couldn't hyper_executor_push the body-foreach"); + result = CURLE_OUT_OF_MEMORY; + goto out; } - } -#endif - - /* Curl_http_auth_act() checks what authentication methods that are - * available and decides which one (if any) to use. It will set 'newurl' - * if an auth method was picked. */ - result = Curl_http_auth_act(data); - if(result) - break; - resp_body = hyper_response_body(resp); - if(!resp_body) { - failf(data, "hyperstream: could not get response body"); - result = CURLE_RECV_ERROR; - break; + hyper_response_free(resp); + resp = NULL; } - foreach = hyper_body_foreach(resp_body, hyper_body_chunk, data); - if(!foreach) { - failf(data, "hyperstream: body foreach failed"); - result = CURLE_OUT_OF_MEMORY; - break; - } - hyper_task_set_userdata(foreach, (void *)USERDATA_RESP_BODY); - if(HYPERE_OK != hyper_executor_push(h->exec, foreach)) { - failf(data, "Couldn't hyper_executor_push the body-foreach"); - result = CURLE_OUT_OF_MEMORY; - break; + else { + DEBUGF(infof(data, "hyper: unhandled tasktype %x", t)); } + } /* while(1) */ - hyper_response_free(resp); - resp = NULL; - } while(1); + if(!result && Curl_xfer_needs_flush(data)) { + DEBUGF(infof(data, "Curl_hyper_stream(), connection needs flush")); + result = Curl_xfer_flush(data); + } + +out: + DEBUGF(infof(data, "Curl_hyper_stream() -> %d", result)); if(resp) hyper_response_free(resp); return result; @@ -671,10 +685,13 @@ static int uploadstreamed(void *userdata, hyper_context *ctx, /* increasing the writebytecount here is a little premature but we do not know exactly when the body is sent */ data->req.writebytecount += fillcount; + if(eos) + data->req.eos_read = TRUE; Curl_pgrsSetUploadCounter(data, data->req.writebytecount); rc = HYPER_POLL_READY; } else if(eos) { + data->req.eos_read = TRUE; *chunk = NULL; rc = HYPER_POLL_READY; } @@ -686,9 +703,15 @@ static int uploadstreamed(void *userdata, hyper_context *ctx, rc = HYPER_POLL_PENDING; } + if(!data->req.upload_done && data->req.eos_read) { + DEBUGF(infof(data, "hyper: uploadstreamed(), upload is done")); + result = Curl_req_set_upload_done(data); + } + out: Curl_multi_xfer_ulbuf_release(data, xfer_ulbuf); data->state.hresult = result; + DEBUGF(infof(data, "hyper: uploadstreamed() -> %d", result)); return rc; } @@ -702,8 +725,9 @@ static CURLcode finalize_request(struct Curl_easy *data, { CURLcode result = CURLE_OK; struct dynbuf req; - if((httpreq == HTTPREQ_GET) || (httpreq == HTTPREQ_HEAD)) + if((httpreq == HTTPREQ_GET) || (httpreq == HTTPREQ_HEAD)) { Curl_pgrsSetUploadSize(data, 0); /* no request body */ + } else { hyper_body *body; Curl_dyn_init(&req, DYN_HTTP_REQUEST); @@ -821,21 +845,21 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) *done = TRUE; result = Curl_client_start(data); if(result) - return result; + goto out; /* Add collecting of headers written to client. For a new connection, * we might have done that already, but reuse * or multiplex needs it here as well. */ result = Curl_headers_init(data); if(result) - return result; + goto out; infof(data, "Time for the Hyper dance"); memset(h, 0, sizeof(struct hyptransfer)); result = Curl_http_host(data, conn); if(result) - return result; + goto out; Curl_http_method(data, conn, &method, &httpreq); @@ -846,33 +870,35 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) char *pq = NULL; if(data->state.up.query) { pq = aprintf("%s?%s", data->state.up.path, data->state.up.query); - if(!pq) - return CURLE_OUT_OF_MEMORY; + if(!pq) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } } result = Curl_http_output_auth(data, conn, method, httpreq, (pq ? pq : data->state.up.path), FALSE); free(pq); if(result) - return result; + goto out; } result = Curl_http_req_set_reader(data, httpreq, &te); if(result) - goto error; + goto out; result = Curl_http_range(data, httpreq); if(result) - return result; + goto out; result = Curl_http_useragent(data); if(result) - return result; + goto out; io = hyper_io_new(); if(!io) { failf(data, "Couldn't create hyper IO"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } /* tell Hyper how to read/write network data */ h->io_ctx.data = data; @@ -887,7 +913,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(!h->exec) { failf(data, "Couldn't create hyper executor"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } } @@ -895,12 +921,12 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(!options) { failf(data, "Couldn't create hyper client options"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } if(conn->alpn == CURL_HTTP_VERSION_2) { failf(data, "ALPN protocol h2 not supported with Hyper"); result = CURLE_UNSUPPORTED_PROTOCOL; - goto error; + goto out; } hyper_clientconn_options_set_preserve_header_case(options, 1); hyper_clientconn_options_set_preserve_header_order(options, 1); @@ -913,7 +939,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(!handshake) { failf(data, "Couldn't create hyper client handshake"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } io = NULL; options = NULL; @@ -921,7 +947,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(HYPERE_OK != hyper_executor_push(h->exec, handshake)) { failf(data, "Couldn't hyper_executor_push the handshake"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } handshake = NULL; /* ownership passed on */ @@ -929,7 +955,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(!task) { failf(data, "Couldn't hyper_executor_poll the handshake"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } client = hyper_task_value(task); @@ -939,7 +965,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(!req) { failf(data, "Couldn't hyper_request_new"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } if(!Curl_use_http_1_1plus(data, conn)) { @@ -947,57 +973,57 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) HYPER_HTTP_VERSION_1_0)) { failf(data, "error setting HTTP version"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } } if(hyper_request_set_method(req, (uint8_t *)method, strlen(method))) { failf(data, "error setting method"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } result = request_target(data, conn, method, req); if(result) - goto error; + goto out; headers = hyper_request_headers(req); if(!headers) { failf(data, "hyper_request_headers"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } rc = hyper_request_on_informational(req, http1xx_cb, data); if(rc) { result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } if(data->state.aptr.host) { result = Curl_hyper_header(data, headers, data->state.aptr.host); if(result) - goto error; + goto out; } #ifndef CURL_DISABLE_PROXY if(data->state.aptr.proxyuserpwd) { result = Curl_hyper_header(data, headers, data->state.aptr.proxyuserpwd); if(result) - goto error; + goto out; } #endif if(data->state.aptr.userpwd) { result = Curl_hyper_header(data, headers, data->state.aptr.userpwd); if(result) - goto error; + goto out; } if((data->state.use_range && data->state.aptr.rangeline)) { result = Curl_hyper_header(data, headers, data->state.aptr.rangeline); if(result) - goto error; + goto out; } if(data->set.str[STRING_USERAGENT] && @@ -1005,20 +1031,20 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) data->state.aptr.uagent) { result = Curl_hyper_header(data, headers, data->state.aptr.uagent); if(result) - goto error; + goto out; } p_accept = Curl_checkheaders(data, - STRCONST("Accept"))?NULL:"Accept: */*\r\n"; + STRCONST("Accept")) ? NULL : "Accept: */*\r\n"; if(p_accept) { result = Curl_hyper_header(data, headers, p_accept); if(result) - goto error; + goto out; } if(te) { result = Curl_hyper_header(data, headers, te); if(result) - goto error; + goto out; } #ifndef CURL_DISABLE_ALTSVC @@ -1027,11 +1053,11 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) conn->conn_to_host.name, conn->conn_to_port); if(!altused) { result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } result = Curl_hyper_header(data, headers, altused); if(result) - goto error; + goto out; free(altused); } #endif @@ -1042,7 +1068,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) !Curl_checkProxyheaders(data, conn, STRCONST("Proxy-Connection"))) { result = Curl_hyper_header(data, headers, "Proxy-Connection: Keep-Alive"); if(result) - goto error; + goto out; } #endif @@ -1054,17 +1080,17 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) else result = Curl_hyper_header(data, headers, data->state.aptr.ref); if(result) - goto error; + goto out; } #ifdef HAVE_LIBZ /* we only consider transfer-encoding magic if libz support is built-in */ result = Curl_transferencode(data); if(result) - goto error; + goto out; result = Curl_hyper_header(data, headers, data->state.aptr.te); if(result) - goto error; + goto out; #endif if(!Curl_checkheaders(data, STRCONST("Accept-Encoding")) && @@ -1078,29 +1104,29 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) result = Curl_hyper_header(data, headers, data->state.aptr.accept_encoding); if(result) - goto error; + goto out; } else Curl_safefree(data->state.aptr.accept_encoding); result = cookies(data, conn, headers); if(result) - goto error; + goto out; if(!result && conn->handler->protocol&(CURLPROTO_WS|CURLPROTO_WSS)) result = Curl_ws_request(data, headers); result = Curl_add_timecondition(data, headers); if(result) - goto error; + goto out; result = Curl_add_custom_headers(data, FALSE, headers); if(result) - goto error; + goto out; result = finalize_request(data, headers, req, httpreq); if(result) - goto error; + goto out; Curl_debug(data, CURLINFO_HEADER_OUT, (char *)"\r\n", 2); @@ -1114,14 +1140,14 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(!sendtask) { failf(data, "hyper_clientconn_send"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } req = NULL; if(HYPERE_OK != hyper_executor_push(h->exec, sendtask)) { failf(data, "Couldn't hyper_executor_push the send"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } sendtask = NULL; /* ownership passed on */ @@ -1131,6 +1157,9 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if((httpreq == HTTPREQ_GET) || (httpreq == HTTPREQ_HEAD)) { /* HTTP GET/HEAD download */ Curl_pgrsSetUploadSize(data, 0); /* nothing */ + result = Curl_req_set_upload_done(data); + if(result) + goto out; } Curl_xfer_setup1(data, CURL_XFER_SENDRECV, -1, TRUE); @@ -1142,24 +1171,20 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) #ifndef CURL_DISABLE_PROXY Curl_safefree(data->state.aptr.proxyuserpwd); #endif - return CURLE_OK; -error: - DEBUGASSERT(result); - if(io) - hyper_io_free(io); - - if(options) - hyper_clientconn_options_free(options); - - if(handshake) - hyper_task_free(handshake); - - if(client) - hyper_clientconn_free(client); - - if(req) - hyper_request_free(req); +out: + if(result) { + if(io) + hyper_io_free(io); + if(options) + hyper_clientconn_options_free(options); + if(handshake) + hyper_task_free(handshake); + if(client) + hyper_clientconn_free(client); + if(req) + hyper_request_free(req); + } return result; } diff --git a/libraries/libcurl/cf-h1-proxy.c b/libraries/libcurl/cf-h1-proxy.c index 6656b4dd..6b7f9831 100644 --- a/libraries/libcurl/cf-h1-proxy.c +++ b/libraries/libcurl/cf-h1-proxy.c @@ -266,7 +266,7 @@ static CURLcode send_CONNECT(struct Curl_cfilter *cf, blen -= ts->nsent; buf += ts->nsent; - nwritten = cf->next->cft->do_send(cf->next, data, buf, blen, &result); + nwritten = cf->next->cft->do_send(cf->next, data, buf, blen, FALSE, &result); if(nwritten < 0) { if(result == CURLE_AGAIN) { result = CURLE_OK; @@ -299,7 +299,7 @@ static CURLcode on_resp_header(struct Curl_cfilter *cf, (checkprefix("Proxy-authenticate:", header) && (407 == k->httpcode))) { - bool proxy = (k->httpcode == 407) ? TRUE : FALSE; + bool proxy = (k->httpcode == 407); char *auth = Curl_copy_header_value(header); if(!auth) return CURLE_OUT_OF_MEMORY; @@ -489,8 +489,7 @@ static CURLcode recv_CONNECT_resp(struct Curl_cfilter *cf, ts->keepon = KEEPON_IGNORE; if(ts->cl) { - infof(data, "Ignore %" CURL_FORMAT_CURL_OFF_T - " bytes of response-body", ts->cl); + infof(data, "Ignore %" FMT_OFF_T " bytes of response-body", ts->cl); } else if(ts->chunked_encoding) { infof(data, "Ignore chunked response-body"); @@ -548,8 +547,8 @@ static CURLcode CONNECT_host(struct Curl_cfilter *cf, if(result) return result; - authority = aprintf("%s%s%s:%d", ipv6_ip?"[":"", hostname, ipv6_ip?"]":"", - port); + authority = aprintf("%s%s%s:%d", ipv6_ip ? "[":"", hostname, + ipv6_ip ? "]" : "", port); if(!authority) return CURLE_OUT_OF_MEMORY; diff --git a/libraries/libcurl/cf-h2-proxy.c b/libraries/libcurl/cf-h2-proxy.c index 7613b782..038952d6 100644 --- a/libraries/libcurl/cf-h2-proxy.c +++ b/libraries/libcurl/cf-h2-proxy.c @@ -73,7 +73,6 @@ struct tunnel_stream { char *authority; int32_t stream_id; uint32_t error; - size_t upload_blocked_len; h2_tunnel_state state; BIT(has_final_response); BIT(closed); @@ -99,7 +98,8 @@ static CURLcode tunnel_stream_init(struct Curl_cfilter *cf, return result; ts->authority = /* host:port with IPv6 support */ - aprintf("%s%s%s:%d", ipv6_ip?"[":"", hostname, ipv6_ip?"]":"", port); + aprintf("%s%s%s:%d", ipv6_ip ? "[":"", hostname, + ipv6_ip ? "]" : "", port); if(!ts->authority) return CURLE_OUT_OF_MEMORY; @@ -217,11 +217,13 @@ static void drain_tunnel(struct Curl_cfilter *cf, struct Curl_easy *data, struct tunnel_stream *tunnel) { + struct cf_h2_proxy_ctx *ctx = cf->ctx; unsigned char bits; (void)cf; bits = CURL_CSELECT_IN; - if(!tunnel->closed && !tunnel->reset && tunnel->upload_blocked_len) + if(!tunnel->closed && !tunnel->reset && + !Curl_bufq_is_empty(&ctx->tunnel.sendbuf)) bits |= CURL_CSELECT_OUT; if(data->state.select_bits != bits) { CURL_TRC_CF(data, cf, "[%d] DRAIN select_bits=%x", @@ -260,7 +262,7 @@ static ssize_t proxy_h2_nw_out_writer(void *writer_ctx, if(cf) { struct Curl_easy *data = CF_DATA_CURRENT(cf); nwritten = Curl_conn_cf_send(cf->next, data, (const char *)buf, buflen, - err); + FALSE, err); CURL_TRC_CF(data, cf, "[0] nw_out_writer(len=%zu) -> %zd, %d", buflen, nwritten, *err); } @@ -428,7 +430,7 @@ static CURLcode proxy_h2_nw_out_flush(struct Curl_cfilter *cf, return result; } CURL_TRC_CF(data, cf, "[0] nw send buffer flushed"); - return Curl_bufq_is_empty(&ctx->outbufq)? CURLE_OK: CURLE_AGAIN; + return Curl_bufq_is_empty(&ctx->outbufq) ? CURLE_OK : CURLE_AGAIN; } /* @@ -603,29 +605,27 @@ static int proxy_h2_fr_print(const nghttp2_frame *frame, return msnprintf(buffer, blen, "FRAME[SETTINGS, len=%d]", (int)frame->hd.length); } - case NGHTTP2_PUSH_PROMISE: { + case NGHTTP2_PUSH_PROMISE: return msnprintf(buffer, blen, "FRAME[PUSH_PROMISE, len=%d, hend=%d]", (int)frame->hd.length, !!(frame->hd.flags & NGHTTP2_FLAG_END_HEADERS)); - } - case NGHTTP2_PING: { + case NGHTTP2_PING: return msnprintf(buffer, blen, "FRAME[PING, len=%d, ack=%d]", (int)frame->hd.length, - frame->hd.flags&NGHTTP2_FLAG_ACK); - } + frame->hd.flags & NGHTTP2_FLAG_ACK); case NGHTTP2_GOAWAY: { char scratch[128]; size_t s_len = sizeof(scratch)/sizeof(scratch[0]); - size_t len = (frame->goaway.opaque_data_len < s_len)? - frame->goaway.opaque_data_len : s_len-1; - if(len) - memcpy(scratch, frame->goaway.opaque_data, len); - scratch[len] = '\0'; - return msnprintf(buffer, blen, "FRAME[GOAWAY, error=%d, reason='%s', " - "last_stream=%d]", frame->goaway.error_code, - scratch, frame->goaway.last_stream_id); + size_t len = (frame->goaway.opaque_data_len < s_len) ? + frame->goaway.opaque_data_len : s_len-1; + if(len) + memcpy(scratch, frame->goaway.opaque_data, len); + scratch[len] = '\0'; + return msnprintf(buffer, blen, "FRAME[GOAWAY, error=%d, reason='%s', " + "last_stream=%d]", frame->goaway.error_code, + scratch, frame->goaway.last_stream_id); } case NGHTTP2_WINDOW_UPDATE: { return msnprintf(buffer, blen, @@ -1079,7 +1079,7 @@ static CURLcode H2_CONNECT(struct Curl_cfilter *cf, } while(ts->state == H2_TUNNEL_INIT); out: - if(result || ctx->tunnel.closed) + if((result && (result != CURLE_AGAIN)) || ctx->tunnel.closed) h2_tunnel_go_state(cf, ts, H2_TUNNEL_FAILED, data); return result; } @@ -1185,7 +1185,8 @@ static CURLcode cf_h2_proxy_shutdown(struct Curl_cfilter *cf, if(!ctx->sent_goaway) { rv = nghttp2_submit_goaway(ctx->h2, NGHTTP2_FLAG_NONE, 0, 0, - (const uint8_t *)"shutown", sizeof("shutown")); + (const uint8_t *)"shutdown", + sizeof("shutdown")); if(rv) { failf(data, "nghttp2_submit_goaway() failed: %s(%d)", nghttp2_strerror(rv), rv); @@ -1218,7 +1219,7 @@ static bool cf_h2_proxy_data_pending(struct Curl_cfilter *cf, (ctx && ctx->tunnel.state == H2_TUNNEL_ESTABLISHED && !Curl_bufq_is_empty(&ctx->tunnel.recvbuf))) return TRUE; - return cf->next? cf->next->cft->has_data_pending(cf->next, data) : FALSE; + return cf->next ? cf->next->cft->has_data_pending(cf->next, data) : FALSE; } static void cf_h2_proxy_adjust_pollset(struct Curl_cfilter *cf, @@ -1231,7 +1232,9 @@ static void cf_h2_proxy_adjust_pollset(struct Curl_cfilter *cf, bool want_recv, want_send; if(!cf->connected && ctx->h2) { - want_send = nghttp2_session_want_write(ctx->h2); + want_send = nghttp2_session_want_write(ctx->h2) || + !Curl_bufq_is_empty(&ctx->outbufq) || + !Curl_bufq_is_empty(&ctx->tunnel.sendbuf); want_recv = nghttp2_session_want_read(ctx->h2); } else @@ -1247,17 +1250,25 @@ static void cf_h2_proxy_adjust_pollset(struct Curl_cfilter *cf, ctx->h2, ctx->tunnel.stream_id); want_recv = (want_recv || c_exhaust || s_exhaust); want_send = (!s_exhaust && want_send) || - (!c_exhaust && nghttp2_session_want_write(ctx->h2)); + (!c_exhaust && nghttp2_session_want_write(ctx->h2)) || + !Curl_bufq_is_empty(&ctx->outbufq) || + !Curl_bufq_is_empty(&ctx->tunnel.sendbuf); Curl_pollset_set(data, ps, sock, want_recv, want_send); + CURL_TRC_CF(data, cf, "adjust_pollset, want_recv=%d want_send=%d", + want_recv, want_send); CF_DATA_RESTORE(cf, save); } else if(ctx->sent_goaway && !cf->shutdown) { /* shutdown in progress */ CF_DATA_SAVE(save, cf, data); - want_send = nghttp2_session_want_write(ctx->h2); + want_send = nghttp2_session_want_write(ctx->h2) || + !Curl_bufq_is_empty(&ctx->outbufq) || + !Curl_bufq_is_empty(&ctx->tunnel.sendbuf); want_recv = nghttp2_session_want_read(ctx->h2); Curl_pollset_set(data, ps, sock, want_recv, want_send); + CURL_TRC_CF(data, cf, "adjust_pollset, want_recv=%d want_send=%d", + want_recv, want_send); CF_DATA_RESTORE(cf, save); } } @@ -1364,16 +1375,7 @@ static ssize_t cf_h2_proxy_recv(struct Curl_cfilter *cf, } result = proxy_h2_progress_egress(cf, data); - if(result == CURLE_AGAIN) { - /* pending data to send, need to be called again. Ideally, we would - * monitor the socket for POLLOUT, but we might not be in SENDING - * transfer state any longer and are unable to make this happen. - */ - CURL_TRC_CF(data, cf, "[%d] egress blocked, DRAIN", - ctx->tunnel.stream_id); - drain_tunnel(cf, data, &ctx->tunnel); - } - else if(result) { + if(result && (result != CURLE_AGAIN)) { *err = result; nread = -1; } @@ -1393,15 +1395,16 @@ static ssize_t cf_h2_proxy_recv(struct Curl_cfilter *cf, static ssize_t cf_h2_proxy_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { struct cf_h2_proxy_ctx *ctx = cf->ctx; struct cf_call_data save; int rv; ssize_t nwritten; CURLcode result; - int blocked = 0; + (void)eos; /* TODO, maybe useful for blocks? */ if(ctx->tunnel.state != H2_TUNNEL_ESTABLISHED) { *err = CURLE_SEND_ERROR; return -1; @@ -1413,29 +1416,10 @@ static ssize_t cf_h2_proxy_send(struct Curl_cfilter *cf, *err = CURLE_SEND_ERROR; goto out; } - else if(ctx->tunnel.upload_blocked_len) { - /* the data in `buf` has already been submitted or added to the - * buffers, but have been EAGAINed on the last invocation. */ - DEBUGASSERT(len >= ctx->tunnel.upload_blocked_len); - if(len < ctx->tunnel.upload_blocked_len) { - /* Did we get called again with a smaller `len`? This should not - * happen. We are not prepared to handle that. */ - failf(data, "HTTP/2 proxy, send again with decreased length"); - *err = CURLE_HTTP2; - nwritten = -1; - goto out; - } - nwritten = (ssize_t)ctx->tunnel.upload_blocked_len; - ctx->tunnel.upload_blocked_len = 0; - *err = CURLE_OK; - } else { nwritten = Curl_bufq_write(&ctx->tunnel.sendbuf, buf, len, err); - if(nwritten < 0) { - if(*err != CURLE_AGAIN) - goto out; - nwritten = 0; - } + if(nwritten < 0 && (*err != CURLE_AGAIN)) + goto out; } if(!Curl_bufq_is_empty(&ctx->tunnel.sendbuf)) { @@ -1458,52 +1442,13 @@ static ssize_t cf_h2_proxy_send(struct Curl_cfilter *cf, /* Call the nghttp2 send loop and flush to write ALL buffered data, * headers and/or request body completely out to the network */ result = proxy_h2_progress_egress(cf, data); - if(result == CURLE_AGAIN) { - blocked = 1; - } - else if(result) { + if(result && (result != CURLE_AGAIN)) { *err = result; nwritten = -1; goto out; } - else if(!Curl_bufq_is_empty(&ctx->tunnel.sendbuf)) { - /* although we wrote everything that nghttp2 wants to send now, - * there is data left in our stream send buffer unwritten. This may - * be due to the stream's HTTP/2 flow window being exhausted. */ - blocked = 1; - } - - if(blocked) { - /* Unable to send all data, due to connection blocked or H2 window - * exhaustion. Data is left in our stream buffer, or nghttp2's internal - * frame buffer or our network out buffer. */ - size_t rwin = (size_t)nghttp2_session_get_stream_remote_window_size( - ctx->h2, ctx->tunnel.stream_id); - if(rwin == 0) { - /* H2 flow window exhaustion. - * FIXME: there is no way to HOLD all transfers that use this - * proxy connection AND to UNHOLD all of them again when the - * window increases. - * We *could* iterate over all data on this conn maybe? */ - CURL_TRC_CF(data, cf, "[%d] remote flow " - "window is exhausted", ctx->tunnel.stream_id); - } - /* Whatever the cause, we need to return CURL_EAGAIN for this call. - * We have unwritten state that needs us being invoked again and EAGAIN - * is the only way to ensure that. */ - ctx->tunnel.upload_blocked_len = nwritten; - CURL_TRC_CF(data, cf, "[%d] cf_send(len=%zu) BLOCK: win %u/%zu " - "blocked_len=%zu", - ctx->tunnel.stream_id, len, - nghttp2_session_get_remote_window_size(ctx->h2), rwin, - nwritten); - drain_tunnel(cf, data, &ctx->tunnel); - *err = CURLE_AGAIN; - nwritten = -1; - goto out; - } - else if(proxy_h2_should_close_session(ctx)) { + if(proxy_h2_should_close_session(ctx)) { /* nghttp2 thinks this session is done. If the stream has not been * closed, this is an error state for out transfer */ if(ctx->tunnel.closed) { @@ -1536,6 +1481,38 @@ static ssize_t cf_h2_proxy_send(struct Curl_cfilter *cf, return nwritten; } +static CURLcode cf_h2_proxy_flush(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct cf_h2_proxy_ctx *ctx = cf->ctx; + struct cf_call_data save; + CURLcode result = CURLE_OK; + + CF_DATA_SAVE(save, cf, data); + if(!Curl_bufq_is_empty(&ctx->tunnel.sendbuf)) { + /* resume the potentially suspended tunnel */ + int rv = nghttp2_session_resume_data(ctx->h2, ctx->tunnel.stream_id); + if(nghttp2_is_fatal(rv)) { + result = CURLE_SEND_ERROR; + goto out; + } + } + + result = proxy_h2_progress_egress(cf, data); + +out: + CURL_TRC_CF(data, cf, "[%d] flush -> %d, " + "h2 windows %d-%d (stream-conn), buffers %zu-%zu (stream-conn)", + ctx->tunnel.stream_id, result, + nghttp2_session_get_stream_remote_window_size( + ctx->h2, ctx->tunnel.stream_id), + nghttp2_session_get_remote_window_size(ctx->h2), + Curl_bufq_len(&ctx->tunnel.sendbuf), + Curl_bufq_len(&ctx->outbufq)); + CF_DATA_RESTORE(cf, save); + return result; +} + static bool proxy_h2_connisalive(struct Curl_cfilter *cf, struct Curl_easy *data, bool *input_pending) @@ -1589,6 +1566,52 @@ static bool cf_h2_proxy_is_alive(struct Curl_cfilter *cf, return result; } +static CURLcode cf_h2_proxy_query(struct Curl_cfilter *cf, + struct Curl_easy *data, + int query, int *pres1, void *pres2) +{ + struct cf_h2_proxy_ctx *ctx = cf->ctx; + + switch(query) { + case CF_QUERY_NEED_FLUSH: { + if(!Curl_bufq_is_empty(&ctx->outbufq) || + !Curl_bufq_is_empty(&ctx->tunnel.sendbuf)) { + CURL_TRC_CF(data, cf, "needs flush"); + *pres1 = TRUE; + return CURLE_OK; + } + break; + } + default: + break; + } + return cf->next ? + cf->next->cft->query(cf->next, data, query, pres1, pres2) : + CURLE_UNKNOWN_OPTION; +} + +static CURLcode cf_h2_proxy_cntrl(struct Curl_cfilter *cf, + struct Curl_easy *data, + int event, int arg1, void *arg2) +{ + CURLcode result = CURLE_OK; + struct cf_call_data save; + + (void)arg1; + (void)arg2; + + switch(event) { + case CF_CTRL_FLUSH: + CF_DATA_SAVE(save, cf, data); + result = cf_h2_proxy_flush(cf, data); + CF_DATA_RESTORE(cf, save); + break; + default: + break; + } + return result; +} + struct Curl_cftype Curl_cft_h2_proxy = { "H2-PROXY", CF_TYPE_IP_CONNECT|CF_TYPE_PROXY, @@ -1602,10 +1625,10 @@ struct Curl_cftype Curl_cft_h2_proxy = { cf_h2_proxy_data_pending, cf_h2_proxy_send, cf_h2_proxy_recv, - Curl_cf_def_cntrl, + cf_h2_proxy_cntrl, cf_h2_proxy_is_alive, Curl_cf_def_conn_keep_alive, - Curl_cf_def_query, + cf_h2_proxy_query, }; CURLcode Curl_cf_h2_proxy_insert_after(struct Curl_cfilter *cf, diff --git a/libraries/libcurl/cf-haproxy.c b/libraries/libcurl/cf-haproxy.c index 200c1395..ae2402f2 100644 --- a/libraries/libcurl/cf-haproxy.c +++ b/libraries/libcurl/cf-haproxy.c @@ -70,8 +70,9 @@ static CURLcode cf_haproxy_date_out_set(struct Curl_cfilter*cf, { struct cf_haproxy_ctx *ctx = cf->ctx; CURLcode result; - const char *tcp_version; const char *client_ip; + struct ip_quadruple ipquad; + int is_ipv6; DEBUGASSERT(ctx); DEBUGASSERT(ctx->state == HAPROXY_INIT); @@ -81,19 +82,20 @@ static CURLcode cf_haproxy_date_out_set(struct Curl_cfilter*cf, result = Curl_dyn_addn(&ctx->data_out, STRCONST("PROXY UNKNOWN\r\n")); else { #endif /* USE_UNIX_SOCKETS */ + result = Curl_conn_cf_get_ip_info(cf->next, data, &is_ipv6, &ipquad); + if(result) + return result; + /* Emit the correct prefix for IPv6 */ - tcp_version = cf->conn->bits.ipv6 ? "TCP6" : "TCP4"; if(data->set.str[STRING_HAPROXY_CLIENT_IP]) client_ip = data->set.str[STRING_HAPROXY_CLIENT_IP]; else - client_ip = data->info.primary.local_ip; + client_ip = ipquad.local_ip; result = Curl_dyn_addf(&ctx->data_out, "PROXY %s %s %s %i %i\r\n", - tcp_version, - client_ip, - data->info.primary.remote_ip, - data->info.primary.local_port, - data->info.primary.remote_port); + is_ipv6 ? "TCP6" : "TCP4", + client_ip, ipquad.remote_ip, + ipquad.local_port, ipquad.remote_port); #ifdef USE_UNIX_SOCKETS } @@ -129,17 +131,17 @@ static CURLcode cf_haproxy_connect(struct Curl_cfilter *cf, case HAPROXY_SEND: len = Curl_dyn_len(&ctx->data_out); if(len > 0) { - size_t written; - result = Curl_conn_send(data, cf->sockindex, - Curl_dyn_ptr(&ctx->data_out), - len, &written); - if(result == CURLE_AGAIN) { + ssize_t nwritten; + nwritten = Curl_conn_cf_send(cf->next, data, + Curl_dyn_ptr(&ctx->data_out), len, FALSE, + &result); + if(nwritten < 0) { + if(result != CURLE_AGAIN) + goto out; result = CURLE_OK; - written = 0; + nwritten = 0; } - else if(result) - goto out; - Curl_dyn_tail(&ctx->data_out, len - written); + Curl_dyn_tail(&ctx->data_out, len - (size_t)nwritten); if(Curl_dyn_len(&ctx->data_out) > 0) { result = CURLE_OK; goto out; @@ -229,7 +231,7 @@ static CURLcode cf_haproxy_create(struct Curl_cfilter **pcf, out: cf_haproxy_ctx_free(ctx); - *pcf = result? NULL : cf; + *pcf = result ? NULL : cf; return result; } diff --git a/libraries/libcurl/cf-https-connect.c b/libraries/libcurl/cf-https-connect.c index 7a6bd97e..dd7cdcb0 100644 --- a/libraries/libcurl/cf-https-connect.c +++ b/libraries/libcurl/cf-https-connect.c @@ -96,6 +96,21 @@ static bool cf_hc_baller_data_pending(struct cf_hc_baller *b, return b->cf && !b->result && b->cf->cft->has_data_pending(b->cf, data); } +static bool cf_hc_baller_needs_flush(struct cf_hc_baller *b, + struct Curl_easy *data) +{ + return b->cf && !b->result && Curl_conn_cf_needs_flush(b->cf, data); +} + +static CURLcode cf_hc_baller_cntrl(struct cf_hc_baller *b, + struct Curl_easy *data, + int event, int arg1, void *arg2) +{ + if(b->cf && !b->result) + return Curl_conn_cf_cntrl(b->cf, data, FALSE, event, arg1, arg2); + return CURLE_OK; +} + struct cf_hc_ctx { cf_hc_state state; const struct Curl_dns_entry *remotehost; @@ -159,6 +174,7 @@ static CURLcode baller_connected(struct Curl_cfilter *cf, { struct cf_hc_ctx *ctx = cf->ctx; CURLcode result = CURLE_OK; + int reply_ms; DEBUGASSERT(winner->cf); if(winner != &ctx->h3_baller) @@ -166,15 +182,20 @@ static CURLcode baller_connected(struct Curl_cfilter *cf, if(winner != &ctx->h21_baller) cf_hc_baller_reset(&ctx->h21_baller, data); - CURL_TRC_CF(data, cf, "connect+handshake %s: %dms, 1st data: %dms", - winner->name, (int)Curl_timediff(Curl_now(), winner->started), - cf_hc_baller_reply_ms(winner, data)); + reply_ms = cf_hc_baller_reply_ms(winner, data); + if(reply_ms >= 0) + CURL_TRC_CF(data, cf, "connect+handshake %s: %dms, 1st data: %dms", + winner->name, (int)Curl_timediff(Curl_now(), winner->started), + reply_ms); + else + CURL_TRC_CF(data, cf, "deferred handshake %s: %dms", + winner->name, (int)Curl_timediff(Curl_now(), winner->started)); + cf->next = winner->cf; winner->cf = NULL; switch(cf->conn->alpn) { case CURL_HTTP_VERSION_3: - infof(data, "using HTTP/3"); break; case CURL_HTTP_VERSION_2: #ifdef USE_NGHTTP2 @@ -187,16 +208,12 @@ static CURLcode baller_connected(struct Curl_cfilter *cf, return result; } #endif - infof(data, "using HTTP/2"); break; default: - infof(data, "using HTTP/1.x"); break; } ctx->state = CF_HC_SUCCESS; cf->connected = TRUE; - Curl_conn_cf_cntrl(cf->next, data, TRUE, - CF_CTRL_CONN_INFO_UPDATE, 0, NULL); return result; } @@ -265,7 +282,7 @@ static CURLcode cf_hc_connect(struct Curl_cfilter *cf, } else if(ctx->h21_baller.enabled) cf_hc_baller_init(&ctx->h21_baller, cf, data, "h21", - cf->conn->transport); + cf->conn->transport); ctx->state = CF_HC_CONNECT; FALLTHROUGH(); @@ -296,8 +313,8 @@ static CURLcode cf_hc_connect(struct Curl_cfilter *cf, (!ctx->h21_baller.enabled || ctx->h21_baller.result)) { /* both failed or disabled. we give up */ CURL_TRC_CF(data, cf, "connect, all failed"); - result = ctx->result = ctx->h3_baller.enabled? - ctx->h3_baller.result : ctx->h21_baller.result; + result = ctx->result = ctx->h3_baller.enabled ? + ctx->h3_baller.result : ctx->h21_baller.result; ctx->state = CF_HC_FAILURE; goto out; } @@ -410,13 +427,13 @@ static struct curltime cf_get_max_baller_time(struct Curl_cfilter *cf, memset(&tmax, 0, sizeof(tmax)); memset(&t, 0, sizeof(t)); - cfb = ctx->h21_baller.enabled? ctx->h21_baller.cf : NULL; + cfb = ctx->h21_baller.enabled ? ctx->h21_baller.cf : NULL; if(cfb && !cfb->cft->query(cfb, data, query, NULL, &t)) { if((t.tv_sec || t.tv_usec) && Curl_timediff_us(t, tmax) > 0) tmax = t; } memset(&t, 0, sizeof(t)); - cfb = ctx->h3_baller.enabled? ctx->h3_baller.cf : NULL; + cfb = ctx->h3_baller.enabled ? ctx->h3_baller.cf : NULL; if(cfb && !cfb->cft->query(cfb, data, query, NULL, &t)) { if((t.tv_sec || t.tv_usec) && Curl_timediff_us(t, tmax) > 0) tmax = t; @@ -428,6 +445,8 @@ static CURLcode cf_hc_query(struct Curl_cfilter *cf, struct Curl_easy *data, int query, int *pres1, void *pres2) { + struct cf_hc_ctx *ctx = cf->ctx; + if(!cf->connected) { switch(query) { case CF_QUERY_TIMER_CONNECT: { @@ -440,15 +459,40 @@ static CURLcode cf_hc_query(struct Curl_cfilter *cf, *when = cf_get_max_baller_time(cf, data, CF_QUERY_TIMER_APPCONNECT); return CURLE_OK; } + case CF_QUERY_NEED_FLUSH: { + if(cf_hc_baller_needs_flush(&ctx->h3_baller, data) + || cf_hc_baller_needs_flush(&ctx->h21_baller, data)) { + *pres1 = TRUE; + return CURLE_OK; + } + break; + } default: break; } } - return cf->next? + return cf->next ? cf->next->cft->query(cf->next, data, query, pres1, pres2) : CURLE_UNKNOWN_OPTION; } +static CURLcode cf_hc_cntrl(struct Curl_cfilter *cf, + struct Curl_easy *data, + int event, int arg1, void *arg2) +{ + struct cf_hc_ctx *ctx = cf->ctx; + CURLcode result = CURLE_OK; + + if(!cf->connected) { + result = cf_hc_baller_cntrl(&ctx->h3_baller, data, event, arg1, arg2); + if(!result || (result == CURLE_AGAIN)) + result = cf_hc_baller_cntrl(&ctx->h21_baller, data, event, arg1, arg2); + if(result == CURLE_AGAIN) + result = CURLE_OK; + } + return result; +} + static void cf_hc_close(struct Curl_cfilter *cf, struct Curl_easy *data) { CURL_TRC_CF(data, cf, "close"); @@ -484,7 +528,7 @@ struct Curl_cftype Curl_cft_http_connect = { cf_hc_data_pending, Curl_cf_def_send, Curl_cf_def_recv, - Curl_cf_def_cntrl, + cf_hc_cntrl, Curl_cf_def_conn_is_alive, Curl_cf_def_conn_keep_alive, cf_hc_query, @@ -516,7 +560,7 @@ static CURLcode cf_hc_create(struct Curl_cfilter **pcf, cf_hc_reset(cf, data); out: - *pcf = result? NULL : cf; + *pcf = result ? NULL : cf; free(ctx); return result; } diff --git a/libraries/libcurl/cf-socket.c b/libraries/libcurl/cf-socket.c index 2e92db29..b4840f7e 100644 --- a/libraries/libcurl/cf-socket.c +++ b/libraries/libcurl/cf-socket.c @@ -124,7 +124,7 @@ static void tcpnodelay(struct Curl_easy *data, curl_socket_t sockfd) } #ifdef SO_NOSIGPIPE -/* The preferred method on Mac OS X (10.2 and later) to prevent SIGPIPEs when +/* The preferred method on macOS (10.2 and later) to prevent SIGPIPEs when sending data to a dead peer (instead of relying on the 4th argument to send being MSG_NOSIGNAL). Possibly also existing and in use on other BSD systems? */ @@ -146,7 +146,13 @@ static void nosigpipe(struct Curl_easy *data, #define nosigpipe(x,y) Curl_nop_stmt #endif -#if defined(USE_WINSOCK) || \ +#if defined(USE_WINSOCK) && \ + defined(TCP_KEEPIDLE) && defined(TCP_KEEPINTVL) && defined(TCP_KEEPCNT) +/* Win 10, v 1709 (10.0.16299) and later can use SetSockOpt TCP_KEEP____ + * so should use seconds */ +#define CURL_WINSOCK_KEEP_SSO +#define KEEPALIVE_FACTOR(x) +#elif defined(USE_WINSOCK) || \ (defined(__sun) && !defined(TCP_KEEPIDLE)) || \ (defined(__DragonFly__) && __DragonFly_version < 500702) || \ (defined(_WIN32) && !defined(TCP_KEEPIDLE)) @@ -171,25 +177,25 @@ static void tcpkeepalive(struct Curl_easy *data, curl_socket_t sockfd) { - int optval = data->set.tcp_keepalive?1:0; + int optval = data->set.tcp_keepalive ? 1 : 0; /* only set IDLE and INTVL if setting KEEPALIVE is successful */ if(setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (void *)&optval, sizeof(optval)) < 0) { infof(data, "Failed to set SO_KEEPALIVE on fd " - "%" CURL_FORMAT_SOCKET_T ": errno %d", + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); } else { #if defined(SIO_KEEPALIVE_VALS) /* Windows */ /* Windows 10, version 1709 (10.0.16299) and later versions */ -#if defined(TCP_KEEPIDLE) && defined(TCP_KEEPINTVL) && defined(TCP_KEEPCNT) +#if defined(CURL_WINSOCK_KEEP_SSO) optval = curlx_sltosi(data->set.tcp_keepidle); KEEPALIVE_FACTOR(optval); if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPIDLE, (const char *)&optval, sizeof(optval)) < 0) { infof(data, "Failed to set TCP_KEEPIDLE on fd " - "%" CURL_FORMAT_SOCKET_T ": errno %d", + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); } optval = curlx_sltosi(data->set.tcp_keepintvl); @@ -197,14 +203,14 @@ tcpkeepalive(struct Curl_easy *data, if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPINTVL, (const char *)&optval, sizeof(optval)) < 0) { infof(data, "Failed to set TCP_KEEPINTVL on fd " - "%" CURL_FORMAT_SOCKET_T ": errno %d", + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); } optval = curlx_sltosi(data->set.tcp_keepcnt); if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPCNT, (const char *)&optval, sizeof(optval)) < 0) { infof(data, "Failed to set TCP_KEEPCNT on fd " - "%" CURL_FORMAT_SOCKET_T ": errno %d", + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); } #else /* Windows < 10.0.16299 */ @@ -220,8 +226,7 @@ tcpkeepalive(struct Curl_easy *data, if(WSAIoctl(sockfd, SIO_KEEPALIVE_VALS, (LPVOID) &vals, sizeof(vals), NULL, 0, &dummy, NULL, NULL) != 0) { infof(data, "Failed to set SIO_KEEPALIVE_VALS on fd " - "%" CURL_FORMAT_SOCKET_T ": errno %d", - sockfd, SOCKERRNO); + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); } #endif #else /* !Windows */ @@ -231,17 +236,17 @@ tcpkeepalive(struct Curl_easy *data, if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPIDLE, (void *)&optval, sizeof(optval)) < 0) { infof(data, "Failed to set TCP_KEEPIDLE on fd " - "%" CURL_FORMAT_SOCKET_T ": errno %d", + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); } #elif defined(TCP_KEEPALIVE) - /* Mac OS X style */ + /* macOS style */ optval = curlx_sltosi(data->set.tcp_keepidle); KEEPALIVE_FACTOR(optval); if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE, (void *)&optval, sizeof(optval)) < 0) { infof(data, "Failed to set TCP_KEEPALIVE on fd " - "%" CURL_FORMAT_SOCKET_T ": errno %d", + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); } #elif defined(TCP_KEEPALIVE_THRESHOLD) @@ -251,7 +256,7 @@ tcpkeepalive(struct Curl_easy *data, if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE_THRESHOLD, (void *)&optval, sizeof(optval)) < 0) { infof(data, "Failed to set TCP_KEEPALIVE_THRESHOLD on fd " - "%" CURL_FORMAT_SOCKET_T ": errno %d", + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); } #endif @@ -261,7 +266,7 @@ tcpkeepalive(struct Curl_easy *data, if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPINTVL, (void *)&optval, sizeof(optval)) < 0) { infof(data, "Failed to set TCP_KEEPINTVL on fd " - "%" CURL_FORMAT_SOCKET_T ": errno %d", + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); } #elif defined(TCP_KEEPALIVE_ABORT_THRESHOLD) @@ -282,8 +287,7 @@ tcpkeepalive(struct Curl_easy *data, if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE_ABORT_THRESHOLD, (void *)&optval, sizeof(optval)) < 0) { infof(data, "Failed to set TCP_KEEPALIVE_ABORT_THRESHOLD on fd " - "%" CURL_FORMAT_SOCKET_T ": errno %d", - sockfd, SOCKERRNO); + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); } #endif #ifdef TCP_KEEPCNT @@ -291,8 +295,7 @@ tcpkeepalive(struct Curl_easy *data, if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPCNT, (void *)&optval, sizeof(optval)) < 0) { infof(data, "Failed to set TCP_KEEPCNT on fd " - "%" CURL_FORMAT_SOCKET_T ": errno %d", - sockfd, SOCKERRNO); + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); } #endif #endif @@ -333,7 +336,7 @@ void Curl_sock_assign_addr(struct Curl_sockaddr_ex *dest, if(dest->addrlen > sizeof(struct Curl_sockaddr_storage)) dest->addrlen = sizeof(struct Curl_sockaddr_storage); - memcpy(&dest->sa_addr, ai->ai_addr, dest->addrlen); + memcpy(&dest->curl_sa_addr, ai->ai_addr, dest->addrlen); } static CURLcode socket_open(struct Curl_easy *data, @@ -352,11 +355,11 @@ static CURLcode socket_open(struct Curl_easy *data, * might have been changed and this 'new' address will actually be used * here to connect. */ - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); *sockfd = data->set.fopensocket(data->set.opensocket_client, CURLSOCKTYPE_IPCXN, (struct curl_sockaddr *)addr); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); } else { /* opensocket callback not set, so simply create the socket now */ @@ -369,7 +372,7 @@ static CURLcode socket_open(struct Curl_easy *data, #if defined(USE_IPV6) && defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID) if(data->conn->scope_id && (addr->family == AF_INET6)) { - struct sockaddr_in6 * const sa6 = (void *)&addr->sa_addr; + struct sockaddr_in6 * const sa6 = (void *)&addr->curl_sa_addr; sa6->sin6_scope_id = data->conn->scope_id; } #endif @@ -404,12 +407,15 @@ CURLcode Curl_socket_open(struct Curl_easy *data, static int socket_close(struct Curl_easy *data, struct connectdata *conn, int use_callback, curl_socket_t sock) { + if(CURL_SOCKET_BAD == sock) + return 0; + if(use_callback && conn && conn->fclosesocket) { int rc; Curl_multi_closed(data, sock); - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); rc = conn->fclosesocket(conn->closesocket_client, sock); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); return rc; } @@ -502,32 +508,37 @@ void Curl_sndbuf_init(curl_socket_t sockfd) * * Returns CURLE_OK on success. */ -CURLcode Curl_parse_interface(const char *input, size_t len, +CURLcode Curl_parse_interface(const char *input, char **dev, char **iface, char **host) { static const char if_prefix[] = "if!"; static const char host_prefix[] = "host!"; static const char if_host_prefix[] = "ifhost!"; + size_t len; DEBUGASSERT(dev); DEBUGASSERT(iface); DEBUGASSERT(host); - if(strncmp(if_prefix, input, strlen(if_prefix)) == 0) { + len = strlen(input); + if(len > 512) + return CURLE_BAD_FUNCTION_ARGUMENT; + + if(!strncmp(if_prefix, input, strlen(if_prefix))) { input += strlen(if_prefix); if(!*input) return CURLE_BAD_FUNCTION_ARGUMENT; *iface = Curl_memdup0(input, len - strlen(if_prefix)); return *iface ? CURLE_OK : CURLE_OUT_OF_MEMORY; } - if(strncmp(host_prefix, input, strlen(host_prefix)) == 0) { + else if(!strncmp(host_prefix, input, strlen(host_prefix))) { input += strlen(host_prefix); if(!*input) return CURLE_BAD_FUNCTION_ARGUMENT; *host = Curl_memdup0(input, len - strlen(host_prefix)); return *host ? CURLE_OK : CURLE_OUT_OF_MEMORY; } - if(strncmp(if_host_prefix, input, strlen(if_host_prefix)) == 0) { + else if(!strncmp(if_host_prefix, input, strlen(if_host_prefix))) { const char *host_part; input += strlen(if_host_prefix); len -= strlen(if_host_prefix); @@ -592,7 +603,7 @@ static CURLcode bindlocal(struct Curl_easy *data, struct connectdata *conn, memset(&sa, 0, sizeof(struct Curl_sockaddr_storage)); - if(iface && (strlen(iface)<255) ) { + if(iface && (strlen(iface) < 255) ) { char myhost[256] = ""; int done = 0; /* -1 for error, 1 for address found */ if2ip_result_t if2ip_result = IF2IP_NOT_FOUND; @@ -679,12 +690,13 @@ static CURLcode bindlocal(struct Curl_easy *data, struct connectdata *conn, conn->ip_version = ipver; if(h) { + int h_af = h->addr->ai_family; /* convert the resolved address, sizeof myhost >= INET_ADDRSTRLEN */ Curl_printable_address(h->addr, myhost, sizeof(myhost)); infof(data, "Name '%s' family %i resolved to '%s' family %i", - host, af, myhost, h->addr->ai_family); - Curl_resolv_unlock(data, h); - if(af != h->addr->ai_family) { + host, af, myhost, h_af); + Curl_resolv_unlink(data, &h); /* this will NULL, potential free h */ + if(af != h_af) { /* bad IP version combo, signal the caller to try another address family if available */ return CURLE_UNSUPPORTED_PROTOCOL; @@ -694,7 +706,7 @@ static CURLcode bindlocal(struct Curl_easy *data, struct connectdata *conn, else { /* * provided dev was no interface (or interfaces are not supported - * e.g. solaris) no ip address and no domain we fail here + * e.g. Solaris) no ip address and no domain we fail here */ done = -1; } @@ -843,7 +855,7 @@ static bool verifyconnect(curl_socket_t sockfd, int *error) if(0 != getsockopt(sockfd, SOL_SOCKET, SO_ERROR, (void *)&err, &errSize)) err = SOCKERRNO; #ifdef _WIN32_WCE - /* Old WinCE versions do not support SO_ERROR */ + /* Old Windows CE versions do not support SO_ERROR */ if(WSAENOPROTOOPT == err) { SET_SOCKERRNO(0); err = 0; @@ -938,6 +950,7 @@ struct cf_socket_ctx { size_t recv_max; /* max enforced read size */ #endif BIT(got_first_byte); /* if first byte was received */ + BIT(listening); /* socket is listening */ BIT(accepted); /* socket was accepted, not connected */ BIT(sock_connected); /* socket is "connected", e.g. in UDP */ BIT(active); @@ -986,8 +999,7 @@ static void cf_socket_close(struct Curl_cfilter *cf, struct Curl_easy *data) struct cf_socket_ctx *ctx = cf->ctx; if(ctx && CURL_SOCKET_BAD != ctx->sock) { - CURL_TRC_CF(data, cf, "cf_socket_close(%" CURL_FORMAT_SOCKET_T - ")", ctx->sock); + CURL_TRC_CF(data, cf, "cf_socket_close(%" FMT_SOCKET_T ")", ctx->sock); if(ctx->sock == cf->conn->sock[cf->sockindex]) cf->conn->sock[cf->sockindex] = CURL_SOCKET_BAD; socket_close(data, cf->conn, !ctx->accepted, ctx->sock); @@ -1009,8 +1021,7 @@ static CURLcode cf_socket_shutdown(struct Curl_cfilter *cf, if(cf->connected) { struct cf_socket_ctx *ctx = cf->ctx; - CURL_TRC_CF(data, cf, "cf_socket_shutdown(%" CURL_FORMAT_SOCKET_T - ")", ctx->sock); + CURL_TRC_CF(data, cf, "cf_socket_shutdown(%" FMT_SOCKET_T ")", ctx->sock); /* On TCP, and when the socket looks well and non-blocking mode * can be enabled, receive dangling bytes before close to avoid * entering RST states unnecessarily. */ @@ -1077,13 +1088,14 @@ static CURLcode set_remote_ip(struct Curl_cfilter *cf, struct cf_socket_ctx *ctx = cf->ctx; /* store remote address and port used in this connection attempt */ - if(!Curl_addr2string(&ctx->addr.sa_addr, (curl_socklen_t)ctx->addr.addrlen, + if(!Curl_addr2string(&ctx->addr.curl_sa_addr, + (curl_socklen_t)ctx->addr.addrlen, ctx->ip.remote_ip, &ctx->ip.remote_port)) { char buffer[STRERROR_LEN]; ctx->error = errno; /* malformed address or bug in inet_ntop, try next address */ - failf(data, "sa_addr inet_ntop() failed with errno %d: %s", + failf(data, "curl_sa_addr inet_ntop() failed with errno %d: %s", errno, Curl_strerror(errno, buffer, sizeof(buffer))); return CURLE_FAILED_INIT; } @@ -1152,11 +1164,11 @@ static CURLcode cf_socket_open(struct Curl_cfilter *cf, if(data->set.fsockopt) { /* activate callback for setting socket options */ - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); error = data->set.fsockopt(data->set.sockopt_client, ctx->sock, CURLSOCKTYPE_IPCXN); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); if(error == CURL_SOCKOPT_ALREADY_CONNECTED) isconnected = TRUE; @@ -1174,7 +1186,7 @@ static CURLcode cf_socket_open(struct Curl_cfilter *cf, #endif ) { result = bindlocal(data, cf->conn, ctx->sock, ctx->addr.family, - Curl_ipv6_scope(&ctx->addr.sa_addr)); + Curl_ipv6_scope(&ctx->addr.curl_sa_addr)); if(result) { if(result == CURLE_UNSUPPORTED_PROTOCOL) { /* The address family is not supported on this interface. @@ -1220,7 +1232,7 @@ static CURLcode cf_socket_open(struct Curl_cfilter *cf, ctx->connected_at = Curl_now(); cf->connected = TRUE; } - CURL_TRC_CF(data, cf, "cf_socket_open() -> %d, fd=%" CURL_FORMAT_SOCKET_T, + CURL_TRC_CF(data, cf, "cf_socket_open() -> %d, fd=%" FMT_SOCKET_T, result, ctx->sock); return result; } @@ -1246,7 +1258,7 @@ static int do_connect(struct Curl_cfilter *cf, struct Curl_easy *data, endpoints.sae_srcif = 0; endpoints.sae_srcaddr = NULL; endpoints.sae_srcaddrlen = 0; - endpoints.sae_dstaddr = &ctx->addr.sa_addr; + endpoints.sae_dstaddr = &ctx->addr.curl_sa_addr; endpoints.sae_dstaddrlen = ctx->addr.addrlen; rc = connectx(ctx->sock, &endpoints, SAE_ASSOCID_ANY, @@ -1254,27 +1266,27 @@ static int do_connect(struct Curl_cfilter *cf, struct Curl_easy *data, NULL, 0, NULL, NULL); } else { - rc = connect(ctx->sock, &ctx->addr.sa_addr, ctx->addr.addrlen); + rc = connect(ctx->sock, &ctx->addr.curl_sa_addr, ctx->addr.addrlen); } # else - rc = connect(ctx->sock, &ctx->addr.sa_addr, ctx->addr.addrlen); + rc = connect(ctx->sock, &ctx->addr.curl_sa_addr, ctx->addr.addrlen); # endif /* HAVE_BUILTIN_AVAILABLE */ #elif defined(TCP_FASTOPEN_CONNECT) /* Linux >= 4.11 */ if(setsockopt(ctx->sock, IPPROTO_TCP, TCP_FASTOPEN_CONNECT, (void *)&optval, sizeof(optval)) < 0) - infof(data, "Failed to enable TCP Fast Open on fd %" - CURL_FORMAT_SOCKET_T, ctx->sock); + infof(data, "Failed to enable TCP Fast Open on fd %" FMT_SOCKET_T, + ctx->sock); - rc = connect(ctx->sock, &ctx->addr.sa_addr, ctx->addr.addrlen); + rc = connect(ctx->sock, &ctx->addr.curl_sa_addr, ctx->addr.addrlen); #elif defined(MSG_FASTOPEN) /* old Linux */ if(cf->conn->given->flags & PROTOPT_SSL) - rc = connect(ctx->sock, &ctx->addr.sa_addr, ctx->addr.addrlen); + rc = connect(ctx->sock, &ctx->addr.curl_sa_addr, ctx->addr.addrlen); else rc = 0; /* Do nothing */ #endif } else { - rc = connect(ctx->sock, &ctx->addr.sa_addr, + rc = connect(ctx->sock, &ctx->addr.curl_sa_addr, (curl_socklen_t)ctx->addr.addrlen); } return rc; @@ -1298,7 +1310,7 @@ static CURLcode cf_tcp_connect(struct Curl_cfilter *cf, if(blocking) return CURLE_UNSUPPORTED_PROTOCOL; - *done = FALSE; /* a very negative world view is best */ + *done = FALSE; /* a negative world view is best */ if(ctx->sock == CURL_SOCKET_BAD) { int error; @@ -1398,15 +1410,24 @@ static void cf_socket_adjust_pollset(struct Curl_cfilter *cf, struct cf_socket_ctx *ctx = cf->ctx; if(ctx->sock != CURL_SOCKET_BAD) { - if(!cf->connected) { + /* A listening socket filter needs to be connected before the accept + * for some weird FTP interaction. This should be rewritten, so that + * FTP no longer does the socket checks and accept calls and delegates + * all that to the filter. TODO. */ + if(ctx->listening) { + Curl_pollset_set_in_only(data, ps, ctx->sock); + CURL_TRC_CF(data, cf, "adjust_pollset, listening, POLLIN fd=%" + FMT_SOCKET_T, ctx->sock); + } + else if(!cf->connected) { Curl_pollset_set_out_only(data, ps, ctx->sock); CURL_TRC_CF(data, cf, "adjust_pollset, !connected, POLLOUT fd=%" - CURL_FORMAT_SOCKET_T, ctx->sock); + FMT_SOCKET_T, ctx->sock); } else if(!ctx->active) { Curl_pollset_add_in(data, ps, ctx->sock); CURL_TRC_CF(data, cf, "adjust_pollset, !active, POLLIN fd=%" - CURL_FORMAT_SOCKET_T, ctx->sock); + FMT_SOCKET_T, ctx->sock); } } } @@ -1449,13 +1470,15 @@ static void win_update_sndbuf_size(struct cf_socket_ctx *ctx) #endif /* USE_WINSOCK */ static ssize_t cf_socket_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { struct cf_socket_ctx *ctx = cf->ctx; curl_socket_t fdsave; ssize_t nwritten; size_t orig_len = len; + (void)eos; /* unused */ *err = CURLE_OK; fdsave = cf->conn->sock[cf->sockindex]; cf->conn->sock[cf->sockindex] = ctx->sock; @@ -1464,7 +1487,7 @@ static ssize_t cf_socket_send(struct Curl_cfilter *cf, struct Curl_easy *data, /* simulate network blocking/partial writes */ if(ctx->wblock_percent > 0) { unsigned char c = 0; - Curl_rand(data, &c, 1); + Curl_rand_bytes(data, FALSE, &c, 1); if(c >= ((100-ctx->wblock_percent)*256/100)) { CURL_TRC_CF(data, cf, "send(len=%zu) SIMULATE EWOULDBLOCK", orig_len); *err = CURLE_AGAIN; @@ -1485,7 +1508,7 @@ static ssize_t cf_socket_send(struct Curl_cfilter *cf, struct Curl_easy *data, #if defined(MSG_FASTOPEN) && !defined(TCP_FASTOPEN_CONNECT) /* Linux */ if(cf->conn->bits.tcp_fastopen) { nwritten = sendto(ctx->sock, buf, len, MSG_FASTOPEN, - &cf->conn->remote_addr->sa_addr, + &cf->conn->remote_addr->curl_sa_addr, cf->conn->remote_addr->addrlen); cf->conn->bits.tcp_fastopen = FALSE; } @@ -1597,6 +1620,18 @@ static ssize_t cf_socket_recv(struct Curl_cfilter *cf, struct Curl_easy *data, return nread; } +static void cf_socket_update_data(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + /* Update the IP info held in the transfer, if we have that. */ + if(cf->connected && (cf->sockindex == FIRSTSOCKET)) { + struct cf_socket_ctx *ctx = cf->ctx; + data->info.primary = ctx->ip; + /* not sure if this is redundant... */ + data->info.conn_remote_port = cf->conn->remote_port; + } +} + static void cf_socket_active(struct Curl_cfilter *cf, struct Curl_easy *data) { struct cf_socket_ctx *ctx = cf->ctx; @@ -1604,17 +1639,15 @@ static void cf_socket_active(struct Curl_cfilter *cf, struct Curl_easy *data) /* use this socket from now on */ cf->conn->sock[cf->sockindex] = ctx->sock; set_local_ip(cf, data); - if(cf->sockindex == SECONDARYSOCKET) - cf->conn->secondary = ctx->ip; - else - cf->conn->primary = ctx->ip; - /* the first socket info gets some specials */ if(cf->sockindex == FIRSTSOCKET) { + cf->conn->primary = ctx->ip; cf->conn->remote_addr = &ctx->addr; #ifdef USE_IPV6 - cf->conn->bits.ipv6 = (ctx->addr.family == AF_INET6)? TRUE : FALSE; + cf->conn->bits.ipv6 = (ctx->addr.family == AF_INET6); #endif - Curl_persistconninfo(data, cf->conn, &ctx->ip); + } + else { + cf->conn->secondary = ctx->ip; } ctx->active = TRUE; } @@ -1630,9 +1663,10 @@ static CURLcode cf_socket_cntrl(struct Curl_cfilter *cf, switch(event) { case CF_CTRL_CONN_INFO_UPDATE: cf_socket_active(cf, data); + cf_socket_update_data(cf, data); break; case CF_CTRL_DATA_SETUP: - Curl_persistconninfo(data, cf->conn, &ctx->ip); + cf_socket_update_data(cf, data); break; case CF_CTRL_FORGET_SOCKET: ctx->sock = CURL_SOCKET_BAD; @@ -1692,7 +1726,7 @@ static CURLcode cf_socket_query(struct Curl_cfilter *cf, case CF_QUERY_CONNECT_REPLY_MS: if(ctx->got_first_byte) { timediff_t ms = Curl_timediff(ctx->first_byte_at, ctx->started_at); - *pres1 = (ms < INT_MAX)? (int)ms : INT_MAX; + *pres1 = (ms < INT_MAX) ? (int)ms : INT_MAX; } else *pres1 = -1; @@ -1715,10 +1749,18 @@ static CURLcode cf_socket_query(struct Curl_cfilter *cf, } return CURLE_OK; } + case CF_QUERY_IP_INFO: +#ifdef USE_IPV6 + *pres1 = (ctx->addr.family == AF_INET6); +#else + *pres1 = FALSE; +#endif + *(struct ip_quadruple *)pres2 = ctx->ip; + return CURLE_OK; default: break; } - return cf->next? + return cf->next ? cf->next->cft->query(cf->next, data, query, pres1, pres2) : CURLE_UNKNOWN_OPTION; } @@ -1765,7 +1807,7 @@ CURLcode Curl_cf_tcp_create(struct Curl_cfilter **pcf, result = Curl_cf_create(&cf, &Curl_cft_tcp, ctx); out: - *pcf = (!result)? cf : NULL; + *pcf = (!result) ? cf : NULL; if(result) { Curl_safefree(cf); Curl_safefree(ctx); @@ -1786,16 +1828,16 @@ static CURLcode cf_udp_setup_quic(struct Curl_cfilter *cf, /* QUIC needs a connected socket, nonblocking */ DEBUGASSERT(ctx->sock != CURL_SOCKET_BAD); - rc = connect(ctx->sock, &ctx->addr.sa_addr, + rc = connect(ctx->sock, &ctx->addr.curl_sa_addr, (curl_socklen_t)ctx->addr.addrlen); if(-1 == rc) { return socket_connect_result(data, ctx->ip.remote_ip, SOCKERRNO); } ctx->sock_connected = TRUE; set_local_ip(cf, data); - CURL_TRC_CF(data, cf, "%s socket %" CURL_FORMAT_SOCKET_T + CURL_TRC_CF(data, cf, "%s socket %" FMT_SOCKET_T " connected: [%s:%d] -> [%s:%d]", - (ctx->transport == TRNSPRT_QUIC)? "QUIC" : "UDP", + (ctx->transport == TRNSPRT_QUIC) ? "QUIC" : "UDP", ctx->sock, ctx->ip.local_ip, ctx->ip.local_port, ctx->ip.remote_ip, ctx->ip.remote_port); @@ -1858,12 +1900,12 @@ static CURLcode cf_udp_connect(struct Curl_cfilter *cf, if(result) goto out; CURL_TRC_CF(data, cf, "cf_udp_connect(), opened socket=%" - CURL_FORMAT_SOCKET_T " (%s:%d)", + FMT_SOCKET_T " (%s:%d)", ctx->sock, ctx->ip.local_ip, ctx->ip.local_port); } else { CURL_TRC_CF(data, cf, "cf_udp_connect(), opened socket=%" - CURL_FORMAT_SOCKET_T " (unconnected)", ctx->sock); + FMT_SOCKET_T " (unconnected)", ctx->sock); } *done = TRUE; cf->connected = TRUE; @@ -1914,7 +1956,7 @@ CURLcode Curl_cf_udp_create(struct Curl_cfilter **pcf, result = Curl_cf_create(&cf, &Curl_cft_udp, ctx); out: - *pcf = (!result)? cf : NULL; + *pcf = (!result) ? cf : NULL; if(result) { Curl_safefree(cf); Curl_safefree(ctx); @@ -1966,7 +2008,7 @@ CURLcode Curl_cf_unix_create(struct Curl_cfilter **pcf, result = Curl_cf_create(&cf, &Curl_cft_unix, ctx); out: - *pcf = (!result)? cf : NULL; + *pcf = (!result) ? cf : NULL; if(result) { Curl_safefree(cf); Curl_safefree(ctx); @@ -1975,10 +2017,84 @@ CURLcode Curl_cf_unix_create(struct Curl_cfilter **pcf, return result; } +static timediff_t cf_tcp_accept_timeleft(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct cf_socket_ctx *ctx = cf->ctx; + timediff_t timeout_ms = DEFAULT_ACCEPT_TIMEOUT; + timediff_t other; + struct curltime now; + +#ifndef CURL_DISABLE_FTP + if(data->set.accepttimeout > 0) + timeout_ms = data->set.accepttimeout; +#endif + + now = Curl_now(); + /* check if the generic timeout possibly is set shorter */ + other = Curl_timeleft(data, &now, FALSE); + if(other && (other < timeout_ms)) + /* note that this also works fine for when other happens to be negative + due to it already having elapsed */ + timeout_ms = other; + else { + /* subtract elapsed time */ + timeout_ms -= Curl_timediff(now, ctx->started_at); + if(!timeout_ms) + /* avoid returning 0 as that means no timeout! */ + timeout_ms = -1; + } + return timeout_ms; +} + +static void cf_tcp_set_accepted_remote_ip(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct cf_socket_ctx *ctx = cf->ctx; +#ifdef HAVE_GETPEERNAME + char buffer[STRERROR_LEN]; + struct Curl_sockaddr_storage ssrem; + curl_socklen_t plen; + + ctx->ip.remote_ip[0] = 0; + ctx->ip.remote_port = 0; + plen = sizeof(ssrem); + memset(&ssrem, 0, plen); + if(getpeername(ctx->sock, (struct sockaddr*) &ssrem, &plen)) { + int error = SOCKERRNO; + failf(data, "getpeername() failed with errno %d: %s", + error, Curl_strerror(error, buffer, sizeof(buffer))); + return; + } + if(!Curl_addr2string((struct sockaddr*)&ssrem, plen, + ctx->ip.remote_ip, &ctx->ip.remote_port)) { + failf(data, "ssrem inet_ntop() failed with errno %d: %s", + errno, Curl_strerror(errno, buffer, sizeof(buffer))); + return; + } +#else + ctx->ip.remote_ip[0] = 0; + ctx->ip.remote_port = 0; + (void)data; +#endif +} + static CURLcode cf_tcp_accept_connect(struct Curl_cfilter *cf, struct Curl_easy *data, bool blocking, bool *done) { + struct cf_socket_ctx *ctx = cf->ctx; +#ifdef USE_IPV6 + struct Curl_sockaddr_storage add; +#else + struct sockaddr_in add; +#endif + curl_socklen_t size = (curl_socklen_t) sizeof(add); + curl_socket_t s_accepted = CURL_SOCKET_BAD; + timediff_t timeout_ms; + int socketstate = 0; + bool incoming = FALSE; + /* we start accepted, if we ever close, we cannot go on */ (void)data; (void)blocking; @@ -1986,7 +2102,79 @@ static CURLcode cf_tcp_accept_connect(struct Curl_cfilter *cf, *done = TRUE; return CURLE_OK; } - return CURLE_FAILED_INIT; + + timeout_ms = cf_tcp_accept_timeleft(cf, data); + if(timeout_ms < 0) { + /* if a timeout was already reached, bail out */ + failf(data, "Accept timeout occurred while waiting server connect"); + return CURLE_FTP_ACCEPT_TIMEOUT; + } + + CURL_TRC_CF(data, cf, "Checking for incoming on fd=%" FMT_SOCKET_T + " ip=%s:%d", ctx->sock, ctx->ip.local_ip, ctx->ip.local_port); + socketstate = Curl_socket_check(ctx->sock, CURL_SOCKET_BAD, + CURL_SOCKET_BAD, 0); + CURL_TRC_CF(data, cf, "socket_check -> %x", socketstate); + switch(socketstate) { + case -1: /* error */ + /* let's die here */ + failf(data, "Error while waiting for server connect"); + return CURLE_FTP_ACCEPT_FAILED; + default: + if(socketstate & CURL_CSELECT_IN) { + infof(data, "Ready to accept data connection from server"); + incoming = TRUE; + } + break; + } + + if(!incoming) { + CURL_TRC_CF(data, cf, "nothing heard from the server yet"); + *done = FALSE; + return CURLE_OK; + } + + if(0 == getsockname(ctx->sock, (struct sockaddr *) &add, &size)) { + size = sizeof(add); + s_accepted = accept(ctx->sock, (struct sockaddr *) &add, &size); + } + + if(CURL_SOCKET_BAD == s_accepted) { + failf(data, "Error accept()ing server connect"); + return CURLE_FTP_PORT_FAILED; + } + + infof(data, "Connection accepted from server"); + (void)curlx_nonblock(s_accepted, TRUE); /* enable non-blocking */ + /* Replace any filter on SECONDARY with one listening on this socket */ + ctx->listening = FALSE; + ctx->accepted = TRUE; + socket_close(data, cf->conn, TRUE, ctx->sock); + ctx->sock = s_accepted; + + cf->conn->sock[cf->sockindex] = ctx->sock; + cf_tcp_set_accepted_remote_ip(cf, data); + set_local_ip(cf, data); + ctx->active = TRUE; + ctx->connected_at = Curl_now(); + cf->connected = TRUE; + CURL_TRC_CF(data, cf, "accepted_set(sock=%" FMT_SOCKET_T + ", remote=%s port=%d)", + ctx->sock, ctx->ip.remote_ip, ctx->ip.remote_port); + + if(data->set.fsockopt) { + int error = 0; + + /* activate callback for setting socket options */ + Curl_set_in_callback(data, true); + error = data->set.fsockopt(data->set.sockopt_client, + ctx->sock, CURLSOCKTYPE_ACCEPT); + Curl_set_in_callback(data, false); + + if(error) + return CURLE_ABORTED_BY_CALLBACK; + } + return CURLE_OK; } struct Curl_cftype Curl_cft_tcp_accept = { @@ -2027,19 +2215,19 @@ CURLcode Curl_conn_tcp_listen_set(struct Curl_easy *data, } ctx->transport = conn->transport; ctx->sock = *s; + ctx->listening = TRUE; ctx->accepted = FALSE; result = Curl_cf_create(&cf, &Curl_cft_tcp_accept, ctx); if(result) goto out; Curl_conn_cf_add(data, conn, sockindex, cf); + ctx->started_at = Curl_now(); conn->sock[sockindex] = ctx->sock; set_local_ip(cf, data); - ctx->active = TRUE; - ctx->connected_at = Curl_now(); - cf->connected = TRUE; - CURL_TRC_CF(data, cf, "Curl_conn_tcp_listen_set(%" - CURL_FORMAT_SOCKET_T ")", ctx->sock); + CURL_TRC_CF(data, cf, "set filter for listen socket fd=%" FMT_SOCKET_T + " ip=%s:%d", ctx->sock, + ctx->ip.local_ip, ctx->ip.local_port); out: if(result) { @@ -2049,65 +2237,16 @@ CURLcode Curl_conn_tcp_listen_set(struct Curl_easy *data, return result; } -static void set_accepted_remote_ip(struct Curl_cfilter *cf, - struct Curl_easy *data) +bool Curl_conn_is_tcp_listen(struct Curl_easy *data, + int sockindex) { - struct cf_socket_ctx *ctx = cf->ctx; -#ifdef HAVE_GETPEERNAME - char buffer[STRERROR_LEN]; - struct Curl_sockaddr_storage ssrem; - curl_socklen_t plen; - - ctx->ip.remote_ip[0] = 0; - ctx->ip.remote_port = 0; - plen = sizeof(ssrem); - memset(&ssrem, 0, plen); - if(getpeername(ctx->sock, (struct sockaddr*) &ssrem, &plen)) { - int error = SOCKERRNO; - failf(data, "getpeername() failed with errno %d: %s", - error, Curl_strerror(error, buffer, sizeof(buffer))); - return; - } - if(!Curl_addr2string((struct sockaddr*)&ssrem, plen, - ctx->ip.remote_ip, &ctx->ip.remote_port)) { - failf(data, "ssrem inet_ntop() failed with errno %d: %s", - errno, Curl_strerror(errno, buffer, sizeof(buffer))); - return; + struct Curl_cfilter *cf = data->conn->cfilter[sockindex]; + while(cf) { + if(cf->cft == &Curl_cft_tcp_accept) + return TRUE; + cf = cf->next; } -#else - ctx->ip.remote_ip[0] = 0; - ctx->ip.remote_port = 0; - (void)data; -#endif -} - -CURLcode Curl_conn_tcp_accepted_set(struct Curl_easy *data, - struct connectdata *conn, - int sockindex, curl_socket_t *s) -{ - struct Curl_cfilter *cf = NULL; - struct cf_socket_ctx *ctx = NULL; - - cf = conn->cfilter[sockindex]; - if(!cf || cf->cft != &Curl_cft_tcp_accept) - return CURLE_FAILED_INIT; - - ctx = cf->ctx; - /* discard the listen socket */ - socket_close(data, conn, TRUE, ctx->sock); - ctx->sock = *s; - conn->sock[sockindex] = ctx->sock; - set_accepted_remote_ip(cf, data); - set_local_ip(cf, data); - ctx->active = TRUE; - ctx->accepted = TRUE; - ctx->connected_at = Curl_now(); - cf->connected = TRUE; - CURL_TRC_CF(data, cf, "accepted_set(sock=%" CURL_FORMAT_SOCKET_T - ", remote=%s port=%d)", - ctx->sock, ctx->ip.remote_ip, ctx->ip.remote_port); - - return CURLE_OK; + return FALSE; } /** diff --git a/libraries/libcurl/cf-socket.h b/libraries/libcurl/cf-socket.h index 6040058b..65103490 100644 --- a/libraries/libcurl/cf-socket.h +++ b/libraries/libcurl/cf-socket.h @@ -52,12 +52,12 @@ struct Curl_sockaddr_ex { struct Curl_sockaddr_storage buff; } _sa_ex_u; }; -#define sa_addr _sa_ex_u.addr +#define curl_sa_addr _sa_ex_u.addr /* * Parse interface option, and return the interface name and the host part. */ -CURLcode Curl_parse_interface(const char *input, size_t len, +CURLcode Curl_parse_interface(const char *input, char **dev, char **iface, char **host); /* @@ -147,12 +147,11 @@ CURLcode Curl_conn_tcp_listen_set(struct Curl_easy *data, curl_socket_t *s); /** - * Replace the listen socket with the accept()ed one. + * Return TRUE iff the last filter at `sockindex` was set via + * Curl_conn_tcp_listen_set(). */ -CURLcode Curl_conn_tcp_accepted_set(struct Curl_easy *data, - struct connectdata *conn, - int sockindex, - curl_socket_t *s); +bool Curl_conn_is_tcp_listen(struct Curl_easy *data, + int sockindex); /** * Peek at the socket and remote ip/port the socket filter is using. diff --git a/libraries/libcurl/cfilters.c b/libraries/libcurl/cfilters.c index 9a5c3578..ca1d7b33 100644 --- a/libraries/libcurl/cfilters.c +++ b/libraries/libcurl/cfilters.c @@ -45,6 +45,9 @@ #define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) #endif +static void cf_cntrl_update_info(struct Curl_easy *data, + struct connectdata *conn); + #ifdef UNITTESTS /* used by unit2600.c */ void Curl_cf_def_close(struct Curl_cfilter *cf, struct Curl_easy *data) @@ -93,22 +96,23 @@ void Curl_cf_def_adjust_pollset(struct Curl_cfilter *cf, bool Curl_cf_def_data_pending(struct Curl_cfilter *cf, const struct Curl_easy *data) { - return cf->next? + return cf->next ? cf->next->cft->has_data_pending(cf->next, data) : FALSE; } ssize_t Curl_cf_def_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { - return cf->next? - cf->next->cft->do_send(cf->next, data, buf, len, err) : + return cf->next ? + cf->next->cft->do_send(cf->next, data, buf, len, eos, err) : CURLE_RECV_ERROR; } ssize_t Curl_cf_def_recv(struct Curl_cfilter *cf, struct Curl_easy *data, char *buf, size_t len, CURLcode *err) { - return cf->next? + return cf->next ? cf->next->cft->do_recv(cf->next, data, buf, len, err) : CURLE_SEND_ERROR; } @@ -117,7 +121,7 @@ bool Curl_cf_def_conn_is_alive(struct Curl_cfilter *cf, struct Curl_easy *data, bool *input_pending) { - return cf->next? + return cf->next ? cf->next->cft->is_alive(cf->next, data, input_pending) : FALSE; /* pessimistic in absence of data */ } @@ -125,7 +129,7 @@ bool Curl_cf_def_conn_is_alive(struct Curl_cfilter *cf, CURLcode Curl_cf_def_conn_keep_alive(struct Curl_cfilter *cf, struct Curl_easy *data) { - return cf->next? + return cf->next ? cf->next->cft->keep_alive(cf->next, data) : CURLE_OK; } @@ -134,7 +138,7 @@ CURLcode Curl_cf_def_query(struct Curl_cfilter *cf, struct Curl_easy *data, int query, int *pres1, void *pres2) { - return cf->next? + return cf->next ? cf->next->cft->query(cf->next, data, query, pres1, pres2) : CURLE_UNKNOWN_OPTION; } @@ -200,13 +204,14 @@ CURLcode Curl_conn_shutdown(struct Curl_easy *data, int sockindex, bool *done) now = Curl_now(); if(!Curl_shutdown_started(data, sockindex)) { DEBUGF(infof(data, "shutdown start on%s connection", - sockindex? " secondary" : "")); + sockindex ? " secondary" : "")); Curl_shutdown_start(data, sockindex, &now); } else { timeout_ms = Curl_shutdown_timeleft(data->conn, sockindex, &now); if(timeout_ms < 0) { - failf(data, "SSL shutdown timeout"); + /* info message, since this might be regarded as acceptable */ + infof(data, "shutdown timeout"); return CURLE_OPERATION_TIMEDOUT; } } @@ -256,7 +261,8 @@ ssize_t Curl_cf_recv(struct Curl_easy *data, int num, char *buf, } ssize_t Curl_cf_send(struct Curl_easy *data, int num, - const void *mem, size_t len, CURLcode *code) + const void *mem, size_t len, bool eos, + CURLcode *code) { struct Curl_cfilter *cf; @@ -268,7 +274,7 @@ ssize_t Curl_cf_send(struct Curl_easy *data, int num, cf = cf->next; } if(cf) { - ssize_t nwritten = cf->cft->do_send(cf, data, mem, len, code); + ssize_t nwritten = cf->cft->do_send(cf, data, mem, len, eos, code); DEBUGASSERT(nwritten >= 0 || *code); DEBUGASSERT(nwritten < 0 || !*code || !len); return nwritten; @@ -379,10 +385,11 @@ void Curl_conn_cf_close(struct Curl_cfilter *cf, struct Curl_easy *data) } ssize_t Curl_conn_cf_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { if(cf) - return cf->cft->do_send(cf, data, buf, len, err); + return cf->cft->do_send(cf, data, buf, len, eos, err); *err = CURLE_SEND_ERROR; return -1; } @@ -416,11 +423,22 @@ CURLcode Curl_conn_connect(struct Curl_easy *data, *done = cf->connected; if(!*done) { + if(Curl_conn_needs_flush(data, sockindex)) { + DEBUGF(infof(data, "Curl_conn_connect(index=%d), flush", sockindex)); + result = Curl_conn_flush(data, sockindex); + if(result && (result != CURLE_AGAIN)) + return result; + } + result = cf->cft->do_connect(cf, data, blocking, done); if(!result && *done) { - Curl_conn_ev_update_info(data, data->conn); + /* Now that the complete filter chain is connected, let all filters + * persist information at the connection. E.g. cf-socket sets the + * socket and ip related information. */ + cf_cntrl_update_info(data, data->conn); conn_report_connect_stats(data, data->conn); data->conn->keepalive = Curl_now(); + Curl_verboseconnect(data, data->conn, sockindex); } else if(result) { conn_report_connect_stats(data, data->conn); @@ -466,12 +484,12 @@ bool Curl_conn_cf_is_ssl(struct Curl_cfilter *cf) bool Curl_conn_is_ssl(struct connectdata *conn, int sockindex) { - return conn? Curl_conn_cf_is_ssl(conn->cfilter[sockindex]) : FALSE; + return conn ? Curl_conn_cf_is_ssl(conn->cfilter[sockindex]) : FALSE; } bool Curl_conn_is_multiplex(struct connectdata *conn, int sockindex) { - struct Curl_cfilter *cf = conn? conn->cfilter[sockindex] : NULL; + struct Curl_cfilter *cf = conn ? conn->cfilter[sockindex] : NULL; for(; cf; cf = cf->next) { if(cf->cft->flags & CF_TYPE_MULTIPLEX) @@ -501,6 +519,21 @@ bool Curl_conn_data_pending(struct Curl_easy *data, int sockindex) return FALSE; } +bool Curl_conn_cf_needs_flush(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + CURLcode result; + int pending = 0; + result = cf ? cf->cft->query(cf, data, CF_QUERY_NEED_FLUSH, + &pending, NULL) : CURLE_UNKNOWN_OPTION; + return (result || !pending) ? FALSE : TRUE; +} + +bool Curl_conn_needs_flush(struct Curl_easy *data, int sockindex) +{ + return Curl_conn_cf_needs_flush(data->conn->cfilter[sockindex], data); +} + void Curl_conn_cf_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, struct easy_pollset *ps) @@ -627,17 +660,26 @@ curl_socket_t Curl_conn_cf_get_socket(struct Curl_cfilter *cf, return CURL_SOCKET_BAD; } +CURLcode Curl_conn_cf_get_ip_info(struct Curl_cfilter *cf, + struct Curl_easy *data, + int *is_ipv6, struct ip_quadruple *ipquad) +{ + if(cf) + return cf->cft->query(cf, data, CF_QUERY_IP_INFO, is_ipv6, ipquad); + return CURLE_UNKNOWN_OPTION; +} + curl_socket_t Curl_conn_get_socket(struct Curl_easy *data, int sockindex) { struct Curl_cfilter *cf; - cf = data->conn? data->conn->cfilter[sockindex] : NULL; + cf = data->conn ? data->conn->cfilter[sockindex] : NULL; /* if the top filter has not connected, ask it (and its sub-filters) * for the socket. Otherwise conn->sock[sockindex] should have it. */ if(cf && !cf->connected) return Curl_conn_cf_get_socket(cf, data); - return data->conn? data->conn->sock[sockindex] : CURL_SOCKET_BAD; + return data->conn ? data->conn->sock[sockindex] : CURL_SOCKET_BAD; } void Curl_conn_forget_socket(struct Curl_easy *data, int sockindex) @@ -693,6 +735,13 @@ CURLcode Curl_conn_ev_data_idle(struct Curl_easy *data) CF_CTRL_DATA_IDLE, 0, NULL); } + +CURLcode Curl_conn_flush(struct Curl_easy *data, int sockindex) +{ + return Curl_conn_cf_cntrl(data->conn->cfilter[sockindex], data, FALSE, + CF_CTRL_FLUSH, 0, NULL); +} + /** * Notify connection filters that the transfer represented by `data` * is done with sending data (e.g. has uploaded everything). @@ -717,8 +766,8 @@ CURLcode Curl_conn_ev_data_pause(struct Curl_easy *data, bool do_pause) CF_CTRL_DATA_PAUSE, do_pause, NULL); } -void Curl_conn_ev_update_info(struct Curl_easy *data, - struct connectdata *conn) +static void cf_cntrl_update_info(struct Curl_easy *data, + struct connectdata *conn) { cf_cntrl_all(conn, data, TRUE, CF_CTRL_CONN_INFO_UPDATE, 0, NULL); } @@ -759,7 +808,7 @@ CURLcode Curl_conn_keep_alive(struct Curl_easy *data, int sockindex) { struct Curl_cfilter *cf = conn->cfilter[sockindex]; - return cf? cf->cft->keep_alive(cf, data) : CURLE_OK; + return cf ? cf->cft->keep_alive(cf, data) : CURLE_OK; } size_t Curl_conn_get_max_concurrent(struct Curl_easy *data, @@ -770,9 +819,9 @@ size_t Curl_conn_get_max_concurrent(struct Curl_easy *data, int n = 0; struct Curl_cfilter *cf = conn->cfilter[sockindex]; - result = cf? cf->cft->query(cf, data, CF_QUERY_MAX_CONCURRENT, - &n, NULL) : CURLE_UNKNOWN_OPTION; - return (result || n <= 0)? 1 : (size_t)n; + result = cf ? cf->cft->query(cf, data, CF_QUERY_MAX_CONCURRENT, + &n, NULL) : CURLE_UNKNOWN_OPTION; + return (result || n <= 0) ? 1 : (size_t)n; } int Curl_conn_get_stream_error(struct Curl_easy *data, @@ -783,9 +832,9 @@ int Curl_conn_get_stream_error(struct Curl_easy *data, int n = 0; struct Curl_cfilter *cf = conn->cfilter[sockindex]; - result = cf? cf->cft->query(cf, data, CF_QUERY_STREAM_ERROR, - &n, NULL) : CURLE_UNKNOWN_OPTION; - return (result || n < 0)? 0 : n; + result = cf ? cf->cft->query(cf, data, CF_QUERY_STREAM_ERROR, + &n, NULL) : CURLE_UNKNOWN_OPTION; + return (result || n < 0) ? 0 : n; } int Curl_conn_sockindex(struct Curl_easy *data, curl_socket_t sockfd) @@ -806,14 +855,15 @@ CURLcode Curl_conn_recv(struct Curl_easy *data, int sockindex, nread = data->conn->recv[sockindex](data, sockindex, buf, blen, &result); DEBUGASSERT(nread >= 0 || result); DEBUGASSERT(nread < 0 || !result); - *n = (nread >= 0)? (size_t)nread : 0; + *n = (nread >= 0) ? (size_t)nread : 0; return result; } CURLcode Curl_conn_send(struct Curl_easy *data, int sockindex, - const void *buf, size_t blen, + const void *buf, size_t blen, bool eos, size_t *pnwritten) { + size_t write_len = blen; ssize_t nwritten; CURLcode result = CURLE_OK; struct connectdata *conn; @@ -831,13 +881,16 @@ CURLcode Curl_conn_send(struct Curl_easy *data, int sockindex, if(p) { size_t altsize = (size_t)strtoul(p, NULL, 10); if(altsize) - blen = CURLMIN(blen, altsize); + write_len = CURLMIN(write_len, altsize); } } #endif - nwritten = conn->send[sockindex](data, sockindex, buf, blen, &result); + if(write_len != blen) + eos = FALSE; + nwritten = conn->send[sockindex](data, sockindex, buf, write_len, eos, + &result); DEBUGASSERT((nwritten >= 0) || result); - *pnwritten = (nwritten < 0)? 0 : (size_t)nwritten; + *pnwritten = (nwritten < 0) ? 0 : (size_t)nwritten; return result; } @@ -847,7 +900,7 @@ void Curl_pollset_reset(struct Curl_easy *data, size_t i; (void)data; memset(ps, 0, sizeof(*ps)); - for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++) + for(i = 0; i < MAX_SOCKSPEREASYHANDLE; i++) ps->sockets[i] = CURL_SOCKET_BAD; } @@ -909,8 +962,10 @@ void Curl_pollset_set(struct Curl_easy *data, bool do_in, bool do_out) { Curl_pollset_change(data, ps, sock, - (do_in?CURL_POLL_IN:0)|(do_out?CURL_POLL_OUT:0), - (!do_in?CURL_POLL_IN:0)|(!do_out?CURL_POLL_OUT:0)); + (do_in ? CURL_POLL_IN : 0)| + (do_out ? CURL_POLL_OUT : 0), + (!do_in ? CURL_POLL_IN : 0)| + (!do_out ? CURL_POLL_OUT : 0)); } static void ps_add(struct Curl_easy *data, struct easy_pollset *ps, diff --git a/libraries/libcurl/cfilters.h b/libraries/libcurl/cfilters.h index 7d53607f..af696f52 100644 --- a/libraries/libcurl/cfilters.h +++ b/libraries/libcurl/cfilters.h @@ -30,6 +30,7 @@ struct Curl_cfilter; struct Curl_easy; struct Curl_dns_entry; struct connectdata; +struct ip_quadruple; /* Callback to destroy resources held by this filter instance. * Implementations MUST NOT chain calls to cf->next. @@ -105,6 +106,7 @@ typedef ssize_t Curl_cft_send(struct Curl_cfilter *cf, struct Curl_easy *data, /* transfer */ const void *buf, /* data to write */ size_t len, /* amount to write */ + bool eos, /* last chunk */ CURLcode *err); /* error to return */ typedef ssize_t Curl_cft_recv(struct Curl_cfilter *cf, @@ -140,6 +142,7 @@ typedef CURLcode Curl_cft_conn_keep_alive(struct Curl_cfilter *cf, /* update conn info at connection and data */ #define CF_CTRL_CONN_INFO_UPDATE (256+0) /* 0 NULL ignored */ #define CF_CTRL_FORGET_SOCKET (256+1) /* 0 NULL ignored */ +#define CF_CTRL_FLUSH (256+2) /* 0 NULL first fail */ /** * Handle event/control for the filter. @@ -162,6 +165,9 @@ typedef CURLcode Curl_cft_cntrl(struct Curl_cfilter *cf, * were received. * -1 if not determined yet. * - CF_QUERY_SOCKET: the socket used by the filter chain + * - CF_QUERY_NEED_FLUSH: TRUE iff any of the filters have unsent data + * - CF_QUERY_IP_INFO: res1 says if connection used IPv6, res2 is the + * ip quadruple */ /* query res1 res2 */ #define CF_QUERY_MAX_CONCURRENT 1 /* number - */ @@ -170,6 +176,8 @@ typedef CURLcode Curl_cft_cntrl(struct Curl_cfilter *cf, #define CF_QUERY_TIMER_CONNECT 4 /* - struct curltime */ #define CF_QUERY_TIMER_APPCONNECT 5 /* - struct curltime */ #define CF_QUERY_STREAM_ERROR 6 /* error code - */ +#define CF_QUERY_NEED_FLUSH 7 /* TRUE/FALSE - */ +#define CF_QUERY_IP_INFO 8 /* TRUE/FALSE struct ip_quadruple */ /** * Query the cfilter for properties. Filters ignorant of a query will @@ -241,7 +249,8 @@ void Curl_cf_def_adjust_pollset(struct Curl_cfilter *cf, bool Curl_cf_def_data_pending(struct Curl_cfilter *cf, const struct Curl_easy *data); ssize_t Curl_cf_def_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err); + const void *buf, size_t len, bool eos, + CURLcode *err); ssize_t Curl_cf_def_recv(struct Curl_cfilter *cf, struct Curl_easy *data, char *buf, size_t len, CURLcode *err); CURLcode Curl_cf_def_cntrl(struct Curl_cfilter *cf, @@ -317,7 +326,8 @@ CURLcode Curl_conn_cf_connect(struct Curl_cfilter *cf, bool blocking, bool *done); void Curl_conn_cf_close(struct Curl_cfilter *cf, struct Curl_easy *data); ssize_t Curl_conn_cf_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err); + const void *buf, size_t len, bool eos, + CURLcode *err); ssize_t Curl_conn_cf_recv(struct Curl_cfilter *cf, struct Curl_easy *data, char *buf, size_t len, CURLcode *err); CURLcode Curl_conn_cf_cntrl(struct Curl_cfilter *cf, @@ -338,6 +348,12 @@ bool Curl_conn_cf_is_ssl(struct Curl_cfilter *cf); curl_socket_t Curl_conn_cf_get_socket(struct Curl_cfilter *cf, struct Curl_easy *data); +CURLcode Curl_conn_cf_get_ip_info(struct Curl_cfilter *cf, + struct Curl_easy *data, + int *is_ipv6, struct ip_quadruple *ipquad); + +bool Curl_conn_cf_needs_flush(struct Curl_cfilter *cf, + struct Curl_easy *data); #define CURL_CF_SSL_DEFAULT -1 #define CURL_CF_SSL_DISABLE 0 @@ -398,6 +414,17 @@ CURLcode Curl_conn_shutdown(struct Curl_easy *data, int sockindex, bool *done); bool Curl_conn_data_pending(struct Curl_easy *data, int sockindex); +/** + * Return TRUE if any of the connection filters at chain `sockindex` + * have data still to send. + */ +bool Curl_conn_needs_flush(struct Curl_easy *data, int sockindex); + +/** + * Flush any pending data on the connection filters at chain `sockindex`. + */ +CURLcode Curl_conn_flush(struct Curl_easy *data, int sockindex); + /** * Return the socket used on data's connection for the index. * Returns CURL_SOCKET_BAD if not available. @@ -447,7 +474,7 @@ ssize_t Curl_cf_recv(struct Curl_easy *data, int sockindex, char *buf, * The error code is placed into `*code`. */ ssize_t Curl_cf_send(struct Curl_easy *data, int sockindex, - const void *buf, size_t len, CURLcode *code); + const void *buf, size_t len, bool eos, CURLcode *code); /** * The easy handle `data` is being attached to `conn`. This does @@ -496,12 +523,6 @@ void Curl_conn_ev_data_done(struct Curl_easy *data, bool premature); */ CURLcode Curl_conn_ev_data_pause(struct Curl_easy *data, bool do_pause); -/** - * Inform connection filters to update their info in `conn`. - */ -void Curl_conn_ev_update_info(struct Curl_easy *data, - struct connectdata *conn); - /** * Check if FIRSTSOCKET's cfilter chain deems connection alive. */ @@ -557,7 +578,7 @@ CURLcode Curl_conn_recv(struct Curl_easy *data, int sockindex, * Will return CURLE_AGAIN iff blocked on sending. */ CURLcode Curl_conn_send(struct Curl_easy *data, int sockindex, - const void *buf, size_t blen, + const void *buf, size_t blen, bool eos, size_t *pnwritten); diff --git a/libraries/libcurl/config-win32.h b/libraries/libcurl/config-win32.h index d1341933..e6abf062 100644 --- a/libraries/libcurl/config-win32.h +++ b/libraries/libcurl/config-win32.h @@ -155,6 +155,9 @@ /* Define if you have the setmode function. */ #define HAVE_SETMODE 1 +/* Define if you have the _setmode function. */ +#define HAVE__SETMODE 1 + /* Define if you have the socket function. */ #define HAVE_SOCKET 1 @@ -475,7 +478,7 @@ Vista #endif /* Define to use the Windows crypto library. */ -#if !defined(CURL_WINDOWS_APP) +#if !defined(CURL_WINDOWS_UWP) #define USE_WIN32_CRYPTO #endif @@ -487,19 +490,19 @@ Vista /* ---------------------------------------------------------------- */ /* Define cpu-machine-OS */ -#ifndef OS +#ifndef CURL_OS #if defined(_M_IX86) || defined(__i386__) /* x86 (MSVC or gcc) */ -#define OS "i386-pc-win32" +#define CURL_OS "i386-pc-win32" #elif defined(_M_X64) || defined(__x86_64__) /* x86_64 (MSVC >=2005 or gcc) */ -#define OS "x86_64-pc-win32" +#define CURL_OS "x86_64-pc-win32" #elif defined(_M_IA64) || defined(__ia64__) /* Itanium */ -#define OS "ia64-pc-win32" +#define CURL_OS "ia64-pc-win32" #elif defined(_M_ARM_NT) || defined(__arm__) /* ARMv7-Thumb2 (Windows RT) */ -#define OS "thumbv7a-pc-win32" +#define CURL_OS "thumbv7a-pc-win32" #elif defined(_M_ARM64) || defined(__aarch64__) /* ARM64 (Windows 10) */ -#define OS "aarch64-pc-win32" +#define CURL_OS "aarch64-pc-win32" #else -#define OS "unknown-pc-win32" +#define CURL_OS "unknown-pc-win32" #endif #endif diff --git a/libraries/libcurl/conncache.c b/libraries/libcurl/conncache.c index 92fd60c4..589205bc 100644 --- a/libraries/libcurl/conncache.c +++ b/libraries/libcurl/conncache.c @@ -47,424 +47,483 @@ #include "curl_memory.h" #include "memdebug.h" -#define HASHKEY_SIZE 128 -static void connc_discard_conn(struct conncache *connc, - struct Curl_easy *last_data, +#define CPOOL_IS_LOCKED(c) ((c) && (c)->locked) + +#define CPOOL_LOCK(c) \ + do { \ + if((c)) { \ + if(CURL_SHARE_KEEP_CONNECT((c)->share)) \ + Curl_share_lock(((c)->idata), CURL_LOCK_DATA_CONNECT, \ + CURL_LOCK_ACCESS_SINGLE); \ + DEBUGASSERT(!(c)->locked); \ + (c)->locked = TRUE; \ + } \ + } while(0) + +#define CPOOL_UNLOCK(c) \ + do { \ + if((c)) { \ + DEBUGASSERT((c)->locked); \ + (c)->locked = FALSE; \ + if(CURL_SHARE_KEEP_CONNECT((c)->share)) \ + Curl_share_unlock((c)->idata, CURL_LOCK_DATA_CONNECT); \ + } \ + } while(0) + + +/* A list of connections to the same destination. */ +struct cpool_bundle { + struct Curl_llist conns; /* connections in the bundle */ + size_t dest_len; /* total length of destination, including NUL */ + char *dest[1]; /* destination of bundle, allocated to keep dest_len bytes */ +}; + + +static void cpool_discard_conn(struct cpool *cpool, + struct Curl_easy *data, struct connectdata *conn, bool aborted); -static void connc_disconnect(struct Curl_easy *data, - struct connectdata *conn, - struct conncache *connc, - bool do_shutdown); -static void connc_run_conn_shutdown(struct Curl_easy *data, +static void cpool_close_and_destroy(struct cpool *cpool, + struct connectdata *conn, + struct Curl_easy *data, + bool do_shutdown); +static void cpool_run_conn_shutdown(struct Curl_easy *data, struct connectdata *conn, bool *done); -static void connc_run_conn_shutdown_handler(struct Curl_easy *data, +static void cpool_run_conn_shutdown_handler(struct Curl_easy *data, struct connectdata *conn); -static CURLMcode connc_update_shutdown_ev(struct Curl_multi *multi, +static CURLMcode cpool_update_shutdown_ev(struct Curl_multi *multi, struct Curl_easy *data, struct connectdata *conn); -static void connc_shutdown_all(struct conncache *connc, int timeout_ms); +static void cpool_shutdown_all(struct cpool *cpool, + struct Curl_easy *data, int timeout_ms); +static void cpool_close_and_destroy_all(struct cpool *cpool); +static struct connectdata *cpool_get_oldest_idle(struct cpool *cpool); -static CURLcode bundle_create(struct connectbundle **bundlep) +static struct cpool_bundle *cpool_bundle_create(const char *dest, + size_t dest_len) { - DEBUGASSERT(*bundlep == NULL); - *bundlep = malloc(sizeof(struct connectbundle)); - if(!*bundlep) - return CURLE_OUT_OF_MEMORY; - - (*bundlep)->num_connections = 0; - (*bundlep)->multiuse = BUNDLE_UNKNOWN; - - Curl_llist_init(&(*bundlep)->conn_list, NULL); - return CURLE_OK; + struct cpool_bundle *bundle; + bundle = calloc(1, sizeof(*bundle) + dest_len); + if(!bundle) + return NULL; + Curl_llist_init(&bundle->conns, NULL); + bundle->dest_len = dest_len; + memcpy(bundle->dest, dest, dest_len); + return bundle; } -static void bundle_destroy(struct connectbundle *bundle) +static void cpool_bundle_destroy(struct cpool_bundle *bundle) { + DEBUGASSERT(!Curl_llist_count(&bundle->conns)); free(bundle); } /* Add a connection to a bundle */ -static void bundle_add_conn(struct connectbundle *bundle, - struct connectdata *conn) +static void cpool_bundle_add(struct cpool_bundle *bundle, + struct connectdata *conn) { - Curl_llist_append(&bundle->conn_list, conn, &conn->bundle_node); - conn->bundle = bundle; - bundle->num_connections++; + DEBUGASSERT(!Curl_node_llist(&conn->cpool_node)); + Curl_llist_append(&bundle->conns, conn, &conn->cpool_node); + conn->bits.in_cpool = TRUE; } /* Remove a connection from a bundle */ -static int bundle_remove_conn(struct connectbundle *bundle, - struct connectdata *conn) +static void cpool_bundle_remove(struct cpool_bundle *bundle, + struct connectdata *conn) { - struct Curl_llist_element *curr; - - curr = bundle->conn_list.head; - while(curr) { - if(curr->ptr == conn) { - Curl_llist_remove(&bundle->conn_list, curr, NULL); - bundle->num_connections--; - conn->bundle = NULL; - return 1; /* we removed a handle */ - } - curr = curr->next; - } - DEBUGASSERT(0); - return 0; + (void)bundle; + DEBUGASSERT(Curl_node_llist(&conn->cpool_node) == &bundle->conns); + Curl_node_remove(&conn->cpool_node); + conn->bits.in_cpool = FALSE; } -static void free_bundle_hash_entry(void *freethis) +static void cpool_bundle_free_entry(void *freethis) { - struct connectbundle *b = (struct connectbundle *) freethis; - - bundle_destroy(b); + cpool_bundle_destroy((struct cpool_bundle *)freethis); } -int Curl_conncache_init(struct conncache *connc, - struct Curl_multi *multi, size_t size) +int Curl_cpool_init(struct cpool *cpool, + Curl_cpool_disconnect_cb *disconnect_cb, + struct Curl_multi *multi, + struct Curl_share *share, + size_t size) { + DEBUGASSERT(!!multi != !!share); /* either one */ + Curl_hash_init(&cpool->dest2bundle, size, Curl_hash_str, + Curl_str_key_compare, cpool_bundle_free_entry); + Curl_llist_init(&cpool->shutdowns, NULL); + + DEBUGASSERT(disconnect_cb); + if(!disconnect_cb) + return 1; + /* allocate a new easy handle to use when closing cached connections */ - connc->closure_handle = curl_easy_init(); - if(!connc->closure_handle) + cpool->idata = curl_easy_init(); + if(!cpool->idata) return 1; /* bad */ - connc->closure_handle->state.internal = true; - #ifdef DEBUGBUILD + cpool->idata->state.internal = TRUE; + /* TODO: this is quirky. We need an internal handle for certain + * operations, but we do not add it to the multi (if there is one). + * But we give it the multi so that socket event operations can work. + * Probably better to have an internal handle owned by the multi that + * can be used for cpool operations. */ + cpool->idata->multi = multi; +#ifdef DEBUGBUILD if(getenv("CURL_DEBUG")) - connc->closure_handle->set.verbose = true; + cpool->idata->set.verbose = TRUE; #endif - Curl_hash_init(&connc->hash, size, Curl_hash_str, - Curl_str_key_compare, free_bundle_hash_entry); - connc->closure_handle->state.conn_cache = connc; - connc->multi = multi; - Curl_llist_init(&connc->shutdowns.conn_list, NULL); + cpool->disconnect_cb = disconnect_cb; + cpool->idata->multi = cpool->multi = multi; + cpool->idata->share = cpool->share = share; return 0; /* good */ } -void Curl_conncache_destroy(struct conncache *connc) +void Curl_cpool_destroy(struct cpool *cpool) { - if(connc) { - Curl_hash_destroy(&connc->hash); - connc->multi = NULL; - DEBUGASSERT(!Curl_llist_count(&connc->shutdowns.conn_list)); + if(cpool) { + if(cpool->idata) { + cpool_close_and_destroy_all(cpool); + /* The internal closure handle is special and we need to + * disconnect it from multi/share before closing it down. */ + cpool->idata->multi = NULL; + cpool->idata->share = NULL; + Curl_close(&cpool->idata); + } + Curl_hash_destroy(&cpool->dest2bundle); + cpool->multi = NULL; } } -/* creates a key to find a bundle for this connection */ -static void hashkey(struct connectdata *conn, char *buf, size_t len) +static struct cpool *cpool_get_instance(struct Curl_easy *data) { - const char *hostname; - long port = conn->remote_port; - DEBUGASSERT(len >= HASHKEY_SIZE); -#ifndef CURL_DISABLE_PROXY - if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) { - hostname = conn->http_proxy.host.name; - port = conn->primary.remote_port; + if(data) { + if(CURL_SHARE_KEEP_CONNECT(data->share)) + return &data->share->cpool; + else if(data->multi_easy) + return &data->multi_easy->cpool; + else if(data->multi) + return &data->multi->cpool; } - else -#endif - if(conn->bits.conn_to_host) - hostname = conn->conn_to_host.name; - else - hostname = conn->host.name; - - /* put the numbers first so that the hostname gets cut off if too long */ -#ifdef USE_IPV6 - msnprintf(buf, len, "%u/%ld/%s", conn->scope_id, port, hostname); -#else - msnprintf(buf, len, "%ld/%s", port, hostname); -#endif - Curl_strntolower(buf, buf, len); + return NULL; } -/* Returns number of connections currently held in the connection cache. - Locks/unlocks the cache itself! -*/ -size_t Curl_conncache_size(struct Curl_easy *data) +void Curl_cpool_xfer_init(struct Curl_easy *data) { - size_t num; - CONNCACHE_LOCK(data); - num = data->state.conn_cache->num_conn; - CONNCACHE_UNLOCK(data); - return num; + struct cpool *cpool = cpool_get_instance(data); + + DEBUGASSERT(cpool); + if(cpool) { + CPOOL_LOCK(cpool); + /* the identifier inside the connection cache */ + data->id = cpool->next_easy_id++; + if(cpool->next_easy_id <= 0) + cpool->next_easy_id = 0; + data->state.lastconnect_id = -1; + + /* The closure handle only ever has default timeouts set. To improve the + state somewhat we clone the timeouts from each added handle so that the + closure handle always has the same timeouts as the most recently added + easy handle. */ + cpool->idata->set.timeout = data->set.timeout; + cpool->idata->set.server_response_timeout = + data->set.server_response_timeout; + cpool->idata->set.no_signal = data->set.no_signal; + + CPOOL_UNLOCK(cpool); + } + else { + /* We should not get here, but in a non-debug build, do something */ + data->id = 0; + data->state.lastconnect_id = -1; + } } -/* Look up the bundle with all the connections to the same host this - connectdata struct is setup to use. +static struct cpool_bundle *cpool_find_bundle(struct cpool *cpool, + struct connectdata *conn) +{ + return Curl_hash_pick(&cpool->dest2bundle, + conn->destination, conn->destination_len); +} - **NOTE**: When it returns, it holds the connection cache lock! */ -struct connectbundle * -Curl_conncache_find_bundle(struct Curl_easy *data, - struct connectdata *conn, - struct conncache *connc) +static struct cpool_bundle * +cpool_add_bundle(struct cpool *cpool, struct connectdata *conn) { - struct connectbundle *bundle = NULL; - CONNCACHE_LOCK(data); - if(connc) { - char key[HASHKEY_SIZE]; - hashkey(conn, key, sizeof(key)); - bundle = Curl_hash_pick(&connc->hash, key, strlen(key)); - } + struct cpool_bundle *bundle; + bundle = cpool_bundle_create(conn->destination, conn->destination_len); + if(!bundle) + return NULL; + + if(!Curl_hash_add(&cpool->dest2bundle, + bundle->dest, bundle->dest_len, bundle)) { + cpool_bundle_destroy(bundle); + return NULL; + } return bundle; } -static void *connc_add_bundle(struct conncache *connc, - char *key, struct connectbundle *bundle) +static void cpool_remove_bundle(struct cpool *cpool, + struct cpool_bundle *bundle) { - return Curl_hash_add(&connc->hash, key, strlen(key), bundle); -} + if(!cpool) + return; -static void connc_remove_bundle(struct conncache *connc, - struct connectbundle *bundle) -{ - struct Curl_hash_iterator iter; - struct Curl_hash_element *he; + Curl_hash_delete(&cpool->dest2bundle, bundle->dest, bundle->dest_len); +} - if(!connc) - return; +static struct connectdata * +cpool_bundle_get_oldest_idle(struct cpool_bundle *bundle); - Curl_hash_start_iterate(&connc->hash, &iter); +int Curl_cpool_check_limits(struct Curl_easy *data, + struct connectdata *conn) +{ + struct cpool *cpool = cpool_get_instance(data); + struct cpool_bundle *bundle; + size_t dest_limit = 0; + size_t total_limit = 0; + int result = CPOOL_LIMIT_OK; + + if(!cpool) + return CPOOL_LIMIT_OK; + + if(data && data->multi) { + dest_limit = data->multi->max_host_connections; + total_limit = data->multi->max_total_connections; + } - he = Curl_hash_next_element(&iter); - while(he) { - if(he->ptr == bundle) { - /* The bundle is destroyed by the hash destructor function, - free_bundle_hash_entry() */ - Curl_hash_delete(&connc->hash, he->key, he->key_len); - return; + if(!dest_limit && !total_limit) + return CPOOL_LIMIT_OK; + + CPOOL_LOCK(cpool); + if(dest_limit) { + bundle = cpool_find_bundle(cpool, conn); + while(bundle && (Curl_llist_count(&bundle->conns) >= dest_limit)) { + struct connectdata *oldest_idle = NULL; + /* The bundle is full. Extract the oldest connection that may + * be removed now, if there is one. */ + oldest_idle = cpool_bundle_get_oldest_idle(bundle); + if(!oldest_idle) + break; + /* disconnect the old conn and continue */ + DEBUGF(infof(data, "Discarding connection #%" + FMT_OFF_T " from %zu to reach destination " + "limit of %zu", oldest_idle->connection_id, + Curl_llist_count(&bundle->conns), dest_limit)); + Curl_cpool_disconnect(data, oldest_idle, FALSE); + + /* in case the bundle was destroyed in disconnect, look it up again */ + bundle = cpool_find_bundle(cpool, conn); + } + if(bundle && (Curl_llist_count(&bundle->conns) >= dest_limit)) { + result = CPOOL_LIMIT_DEST; + goto out; } + } - he = Curl_hash_next_element(&iter); + if(total_limit) { + while(cpool->num_conn >= total_limit) { + struct connectdata *oldest_idle = cpool_get_oldest_idle(cpool); + if(!oldest_idle) + break; + /* disconnect the old conn and continue */ + DEBUGF(infof(data, "Discarding connection #%" + FMT_OFF_T " from %zu to reach total " + "limit of %zu", + oldest_idle->connection_id, cpool->num_conn, total_limit)); + Curl_cpool_disconnect(data, oldest_idle, FALSE); + } + if(cpool->num_conn >= total_limit) { + result = CPOOL_LIMIT_TOTAL; + goto out; + } } + +out: + CPOOL_UNLOCK(cpool); + return result; } -CURLcode Curl_conncache_add_conn(struct Curl_easy *data) +CURLcode Curl_cpool_add_conn(struct Curl_easy *data, + struct connectdata *conn) { CURLcode result = CURLE_OK; - struct connectbundle *bundle = NULL; - struct connectdata *conn = data->conn; - struct conncache *connc = data->state.conn_cache; + struct cpool_bundle *bundle = NULL; + struct cpool *cpool = cpool_get_instance(data); DEBUGASSERT(conn); - /* *find_bundle() locks the connection cache */ - bundle = Curl_conncache_find_bundle(data, conn, data->state.conn_cache); - if(!bundle) { - char key[HASHKEY_SIZE]; - - result = bundle_create(&bundle); - if(result) { - goto unlock; - } - - hashkey(conn, key, sizeof(key)); + DEBUGASSERT(cpool); + if(!cpool) + return CURLE_FAILED_INIT; - if(!connc_add_bundle(data->state.conn_cache, key, bundle)) { - bundle_destroy(bundle); + CPOOL_LOCK(cpool); + bundle = cpool_find_bundle(cpool, conn); + if(!bundle) { + bundle = cpool_add_bundle(cpool, conn); + if(!bundle) { result = CURLE_OUT_OF_MEMORY; - goto unlock; + goto out; } } - bundle_add_conn(bundle, conn); - conn->connection_id = connc->next_connection_id++; - connc->num_conn++; - - DEBUGF(infof(data, "Added connection %" CURL_FORMAT_CURL_OFF_T ". " + cpool_bundle_add(bundle, conn); + conn->connection_id = cpool->next_connection_id++; + cpool->num_conn++; + DEBUGF(infof(data, "Added connection %" FMT_OFF_T ". " "The cache now contains %zu members", - conn->connection_id, connc->num_conn)); - -unlock: - CONNCACHE_UNLOCK(data); + conn->connection_id, cpool->num_conn)); +out: + CPOOL_UNLOCK(cpool); return result; } -static void connc_remove_conn(struct conncache *connc, +static void cpool_remove_conn(struct cpool *cpool, struct connectdata *conn) { - struct connectbundle *bundle = conn->bundle; - - /* The bundle pointer can be NULL, since this function can be called - due to a failed connection attempt, before being added to a bundle */ - if(bundle) { - bundle_remove_conn(bundle, conn); - if(connc && bundle->num_connections == 0) - connc_remove_bundle(connc, bundle); - conn->bundle = NULL; /* removed from it */ - if(connc) - connc->num_conn--; + struct Curl_llist *list = Curl_node_llist(&conn->cpool_node); + DEBUGASSERT(cpool); + if(list) { + /* The connection is certainly in the pool, but where? */ + struct cpool_bundle *bundle = cpool_find_bundle(cpool, conn); + if(bundle && (list == &bundle->conns)) { + cpool_bundle_remove(bundle, conn); + if(!Curl_llist_count(&bundle->conns)) + cpool_remove_bundle(cpool, bundle); + conn->bits.in_cpool = FALSE; + cpool->num_conn--; + } + else { + /* Not in a bundle, already in the shutdown list? */ + DEBUGASSERT(list == &cpool->shutdowns); + } } } -/* - * Removes the connectdata object from the connection cache, but the transfer - * still owns this connection. - * - * Pass TRUE/FALSE in the 'lock' argument depending on if the parent function - * already holds the lock or not. - */ -void Curl_conncache_remove_conn(struct Curl_easy *data, - struct connectdata *conn, bool lock) -{ - struct conncache *connc = data->state.conn_cache; - - if(lock) - CONNCACHE_LOCK(data); - connc_remove_conn(connc, conn); - if(lock) - CONNCACHE_UNLOCK(data); - if(connc) - DEBUGF(infof(data, "The cache now contains %zu members", - connc->num_conn)); -} - -/* This function iterates the entire connection cache and calls the function +/* This function iterates the entire connection pool and calls the function func() with the connection pointer as the first argument and the supplied 'param' argument as the other. - The conncache lock is still held when the callback is called. It needs it, + The cpool lock is still held when the callback is called. It needs it, so that it can safely continue traversing the lists once the callback returns. - Returns 1 if the loop was aborted due to the callback's return code. + Returns TRUE if the loop was aborted due to the callback's return code. Return 0 from func() to continue the loop, return 1 to abort it. */ -bool Curl_conncache_foreach(struct Curl_easy *data, - struct conncache *connc, - void *param, - int (*func)(struct Curl_easy *data, - struct connectdata *conn, void *param)) +static bool cpool_foreach(struct Curl_easy *data, + struct cpool *cpool, + void *param, + int (*func)(struct Curl_easy *data, + struct connectdata *conn, void *param)) { struct Curl_hash_iterator iter; - struct Curl_llist_element *curr; struct Curl_hash_element *he; - if(!connc) + if(!cpool) return FALSE; - CONNCACHE_LOCK(data); - Curl_hash_start_iterate(&connc->hash, &iter); + Curl_hash_start_iterate(&cpool->dest2bundle, &iter); he = Curl_hash_next_element(&iter); while(he) { - struct connectbundle *bundle; - - bundle = he->ptr; + struct Curl_llist_node *curr; + struct cpool_bundle *bundle = he->ptr; he = Curl_hash_next_element(&iter); - curr = bundle->conn_list.head; + curr = Curl_llist_head(&bundle->conns); while(curr) { /* Yes, we need to update curr before calling func(), because func() might decide to remove the connection */ - struct connectdata *conn = curr->ptr; - curr = curr->next; + struct connectdata *conn = Curl_node_elem(curr); + curr = Curl_node_next(curr); if(1 == func(data, conn, param)) { - CONNCACHE_UNLOCK(data); return TRUE; } } } - CONNCACHE_UNLOCK(data); return FALSE; } -/* Return the first connection found in the cache. Used when closing all - connections. - - NOTE: no locking is done here as this is presumably only done when cleaning - up a cache! -*/ -static struct connectdata * -connc_find_first_connection(struct conncache *connc) +/* Return a live connection in the pool or NULL. */ +static struct connectdata *cpool_get_live_conn(struct cpool *cpool) { struct Curl_hash_iterator iter; struct Curl_hash_element *he; - struct connectbundle *bundle; - - Curl_hash_start_iterate(&connc->hash, &iter); + struct cpool_bundle *bundle; + struct Curl_llist_node *conn_node; - he = Curl_hash_next_element(&iter); - while(he) { - struct Curl_llist_element *curr; + Curl_hash_start_iterate(&cpool->dest2bundle, &iter); + for(he = Curl_hash_next_element(&iter); he; + he = Curl_hash_next_element(&iter)) { bundle = he->ptr; - - curr = bundle->conn_list.head; - if(curr) { - return curr->ptr; - } - - he = Curl_hash_next_element(&iter); + conn_node = Curl_llist_head(&bundle->conns); + if(conn_node) + return Curl_node_elem(conn_node); } - return NULL; } /* - * Give ownership of a connection back to the connection cache. Might - * disconnect the oldest existing in there to make space. + * A connection (already in the pool) has become idle. Do any + * cleanups in regard to the pool's limits. * - * Return TRUE if stored, FALSE if closed. + * Return TRUE if idle connection kept in pool, FALSE if closed. */ -bool Curl_conncache_return_conn(struct Curl_easy *data, - struct connectdata *conn) +bool Curl_cpool_conn_now_idle(struct Curl_easy *data, + struct connectdata *conn) { unsigned int maxconnects = !data->multi->maxconnects ? - data->multi->num_easy * 4: data->multi->maxconnects; - struct connectdata *conn_candidate = NULL; + data->multi->num_easy * 4 : data->multi->maxconnects; + struct connectdata *oldest_idle = NULL; + struct cpool *cpool = cpool_get_instance(data); + bool kept = TRUE; conn->lastused = Curl_now(); /* it was used up until now */ - if(maxconnects && Curl_conncache_size(data) > maxconnects) { - infof(data, "Connection cache is full, closing the oldest one"); - - conn_candidate = Curl_conncache_extract_oldest(data); - if(conn_candidate) { - /* Use the closure handle for this disconnect so that anything that - happens during the disconnect is not stored and associated with the - 'data' handle which already just finished a transfer and it is - important that details from this (unrelated) disconnect does not - taint meta-data in the data handle. */ - struct conncache *connc = data->state.conn_cache; - connc_disconnect(NULL, conn_candidate, connc, TRUE); + if(cpool && maxconnects) { + /* may be called form a callback already under lock */ + bool do_lock = !CPOOL_IS_LOCKED(cpool); + if(do_lock) + CPOOL_LOCK(cpool); + if(cpool->num_conn > maxconnects) { + infof(data, "Connection pool is full, closing the oldest one"); + + oldest_idle = cpool_get_oldest_idle(cpool); + kept = (oldest_idle != conn); + if(oldest_idle) { + Curl_cpool_disconnect(cpool->idata, oldest_idle, FALSE); + } } + if(do_lock) + CPOOL_UNLOCK(cpool); } - return (conn_candidate == conn) ? FALSE : TRUE; - + return kept; } /* * This function finds the connection in the connection bundle that has been * unused for the longest time. - * - * Does not lock the connection cache! - * - * Returns the pointer to the oldest idle connection, or NULL if none was - * found. */ -struct connectdata * -Curl_conncache_extract_bundle(struct Curl_easy *data, - struct connectbundle *bundle) +static struct connectdata * +cpool_bundle_get_oldest_idle(struct cpool_bundle *bundle) { - struct Curl_llist_element *curr; + struct Curl_llist_node *curr; timediff_t highscore = -1; timediff_t score; struct curltime now; - struct connectdata *conn_candidate = NULL; + struct connectdata *oldest_idle = NULL; struct connectdata *conn; - (void)data; - now = Curl_now(); - - curr = bundle->conn_list.head; + curr = Curl_llist_head(&bundle->conns); while(curr) { - conn = curr->ptr; + conn = Curl_node_elem(curr); if(!CONN_INUSE(conn)) { /* Set higher score for the age passed since the connection was used */ @@ -472,130 +531,126 @@ Curl_conncache_extract_bundle(struct Curl_easy *data, if(score > highscore) { highscore = score; - conn_candidate = conn; + oldest_idle = conn; } } - curr = curr->next; - } - if(conn_candidate) { - /* remove it to prevent another thread from nicking it */ - bundle_remove_conn(bundle, conn_candidate); - data->state.conn_cache->num_conn--; - DEBUGF(infof(data, "The cache now contains %zu members", - data->state.conn_cache->num_conn)); + curr = Curl_node_next(curr); } - - return conn_candidate; + return oldest_idle; } -/* - * This function finds the connection in the connection cache that has been - * unused for the longest time and extracts that from the bundle. - * - * Returns the pointer to the connection, or NULL if none was found. - */ -struct connectdata * -Curl_conncache_extract_oldest(struct Curl_easy *data) +static struct connectdata *cpool_get_oldest_idle(struct cpool *cpool) { - struct conncache *connc = data->state.conn_cache; struct Curl_hash_iterator iter; - struct Curl_llist_element *curr; + struct Curl_llist_node *curr; struct Curl_hash_element *he; + struct connectdata *oldest_idle = NULL; + struct cpool_bundle *bundle; + struct curltime now; timediff_t highscore =- 1; timediff_t score; - struct curltime now; - struct connectdata *conn_candidate = NULL; - struct connectbundle *bundle; - struct connectbundle *bundle_candidate = NULL; now = Curl_now(); + Curl_hash_start_iterate(&cpool->dest2bundle, &iter); - CONNCACHE_LOCK(data); - Curl_hash_start_iterate(&connc->hash, &iter); - - he = Curl_hash_next_element(&iter); - while(he) { + for(he = Curl_hash_next_element(&iter); he; + he = Curl_hash_next_element(&iter)) { struct connectdata *conn; - bundle = he->ptr; - curr = bundle->conn_list.head; - while(curr) { - conn = curr->ptr; - - if(!CONN_INUSE(conn) && !conn->bits.close && - !conn->connect_only) { - /* Set higher score for the age passed since the connection was used */ - score = Curl_timediff(now, conn->lastused); - - if(score > highscore) { - highscore = score; - conn_candidate = conn; - bundle_candidate = bundle; - } + for(curr = Curl_llist_head(&bundle->conns); curr; + curr = Curl_node_next(curr)) { + conn = Curl_node_elem(curr); + if(CONN_INUSE(conn) || conn->bits.close || conn->connect_only) + continue; + /* Set higher score for the age passed since the connection was used */ + score = Curl_timediff(now, conn->lastused); + if(score > highscore) { + highscore = score; + oldest_idle = conn; } - curr = curr->next; } - - he = Curl_hash_next_element(&iter); } - if(conn_candidate) { - /* remove it to prevent another thread from nicking it */ - bundle_remove_conn(bundle_candidate, conn_candidate); - connc->num_conn--; - DEBUGF(infof(data, "The cache now contains %zu members", - connc->num_conn)); + return oldest_idle; +} + +bool Curl_cpool_find(struct Curl_easy *data, + const char *destination, size_t dest_len, + Curl_cpool_conn_match_cb *conn_cb, + Curl_cpool_done_match_cb *done_cb, + void *userdata) +{ + struct cpool *cpool = cpool_get_instance(data); + struct cpool_bundle *bundle; + bool result = FALSE; + + DEBUGASSERT(cpool); + DEBUGASSERT(conn_cb); + if(!cpool) + return FALSE; + + CPOOL_LOCK(cpool); + bundle = Curl_hash_pick(&cpool->dest2bundle, (void *)destination, dest_len); + if(bundle) { + struct Curl_llist_node *curr = Curl_llist_head(&bundle->conns); + while(curr) { + struct connectdata *conn = Curl_node_elem(curr); + /* Get next node now. callback might discard current */ + curr = Curl_node_next(curr); + + if(conn_cb(conn, userdata)) { + result = TRUE; + break; + } + } } - CONNCACHE_UNLOCK(data); - return conn_candidate; + if(done_cb) { + result = done_cb(result, userdata); + } + CPOOL_UNLOCK(cpool); + return result; } -static void connc_shutdown_discard_all(struct conncache *connc) +static void cpool_shutdown_discard_all(struct cpool *cpool) { - struct Curl_llist_element *e = connc->shutdowns.conn_list.head; + struct Curl_llist_node *e = Curl_llist_head(&cpool->shutdowns); struct connectdata *conn; if(!e) return; - DEBUGF(infof(connc->closure_handle, "conncache_shutdown_discard_all")); - DEBUGASSERT(!connc->shutdowns.iter_locked); - connc->shutdowns.iter_locked = TRUE; + DEBUGF(infof(cpool->idata, "cpool_shutdown_discard_all")); while(e) { - conn = e->ptr; - Curl_llist_remove(&connc->shutdowns.conn_list, e, NULL); - DEBUGF(infof(connc->closure_handle, "discard connection #%" - CURL_FORMAT_CURL_OFF_T, conn->connection_id)); - connc_disconnect(NULL, conn, connc, FALSE); - e = connc->shutdowns.conn_list.head; + conn = Curl_node_elem(e); + Curl_node_remove(e); + DEBUGF(infof(cpool->idata, "discard connection #%" FMT_OFF_T, + conn->connection_id)); + cpool_close_and_destroy(cpool, conn, NULL, FALSE); + e = Curl_llist_head(&cpool->shutdowns); } - connc->shutdowns.iter_locked = FALSE; } -static void connc_close_all(struct conncache *connc) +static void cpool_close_and_destroy_all(struct cpool *cpool) { - struct Curl_easy *data = connc->closure_handle; struct connectdata *conn; int timeout_ms = 0; SIGPIPE_VARIABLE(pipe_st); - if(!data) - return; - + DEBUGASSERT(cpool); /* Move all connections to the shutdown list */ sigpipe_init(&pipe_st); - conn = connc_find_first_connection(connc); + CPOOL_LOCK(cpool); + conn = cpool_get_live_conn(cpool); while(conn) { - connc_remove_conn(connc, conn); - sigpipe_apply(data, &pipe_st); - /* This will remove the connection from the cache */ + cpool_remove_conn(cpool, conn); + sigpipe_apply(cpool->idata, &pipe_st); connclose(conn, "kill all"); - Curl_conncache_remove_conn(connc->closure_handle, conn, TRUE); - connc_discard_conn(connc, connc->closure_handle, conn, FALSE); + cpool_discard_conn(cpool, cpool->idata, conn, FALSE); - conn = connc_find_first_connection(connc); + conn = cpool_get_live_conn(cpool); } + CPOOL_UNLOCK(cpool); /* Just for testing, run graceful shutdown */ #ifdef DEBUGBUILD @@ -608,73 +663,53 @@ static void connc_close_all(struct conncache *connc) } } #endif - connc_shutdown_all(connc, timeout_ms); + sigpipe_apply(cpool->idata, &pipe_st); + cpool_shutdown_all(cpool, cpool->idata, timeout_ms); /* discard all connections in the shutdown list */ - connc_shutdown_discard_all(connc); + cpool_shutdown_discard_all(cpool); - sigpipe_apply(data, &pipe_st); - Curl_hostcache_clean(data, data->dns.hostcache); - Curl_close(&data); + Curl_hostcache_clean(cpool->idata, cpool->idata->dns.hostcache); sigpipe_restore(&pipe_st); } -void Curl_conncache_close_all_connections(struct conncache *connc) -{ - connc_close_all(connc); -} -static void connc_shutdown_discard_oldest(struct conncache *connc) +static void cpool_shutdown_destroy_oldest(struct cpool *cpool) { - struct Curl_llist_element *e; + struct Curl_llist_node *e; struct connectdata *conn; - DEBUGASSERT(!connc->shutdowns.iter_locked); - if(connc->shutdowns.iter_locked) - return; - - e = connc->shutdowns.conn_list.head; + e = Curl_llist_head(&cpool->shutdowns); if(e) { SIGPIPE_VARIABLE(pipe_st); - conn = e->ptr; - Curl_llist_remove(&connc->shutdowns.conn_list, e, NULL); + conn = Curl_node_elem(e); + Curl_node_remove(e); sigpipe_init(&pipe_st); - sigpipe_apply(connc->closure_handle, &pipe_st); - connc_disconnect(NULL, conn, connc, FALSE); + sigpipe_apply(cpool->idata, &pipe_st); + cpool_close_and_destroy(cpool, conn, NULL, FALSE); sigpipe_restore(&pipe_st); } } -static void connc_discard_conn(struct conncache *connc, - struct Curl_easy *last_data, +static void cpool_discard_conn(struct cpool *cpool, + struct Curl_easy *data, struct connectdata *conn, bool aborted) { - /* `last_data`, if present, is the transfer that last worked with - * the connection. It is present when the connection is being shut down - * via `Curl_conncache_discard_conn()`, e.g. when the transfer failed - * or does not allow connection reuse. - * Using the original handle is necessary for shutting down the protocol - * handler belonging to the connection. Protocols like 'file:' rely on - * being invoked to clean up their allocations in the easy handle. - * When a connection comes from the cache, the transfer is no longer - * there and we use the cache is own closure handle. - */ - struct Curl_easy *data = last_data? last_data : connc->closure_handle; bool done = FALSE; DEBUGASSERT(data); - DEBUGASSERT(connc); - DEBUGASSERT(!conn->bundle); + DEBUGASSERT(cpool); + DEBUGASSERT(!conn->bits.in_cpool); /* * If this connection is not marked to force-close, leave it open if there * are other users of it */ if(CONN_INUSE(conn) && !aborted) { - DEBUGF(infof(data, "[CCACHE] not discarding #%" CURL_FORMAT_CURL_OFF_T - " still in use by %zu transfers", conn->connection_id, - CONN_INUSE(conn))); + DEBUGF(infof(data, "[CCACHE] not discarding #%" FMT_OFF_T + " still in use by %zu transfers", conn->connection_id, + CONN_INUSE(conn))); return; } @@ -694,22 +729,14 @@ static void connc_discard_conn(struct conncache *connc, if(!done) { /* Attempt to shutdown the connection right away. */ Curl_attach_connection(data, conn); - connc_run_conn_shutdown(data, conn, &done); - DEBUGF(infof(data, "[CCACHE] shutdown #%" CURL_FORMAT_CURL_OFF_T - ", done=%d",conn->connection_id, done)); + cpool_run_conn_shutdown(data, conn, &done); + DEBUGF(infof(data, "[CCACHE] shutdown #%" FMT_OFF_T ", done=%d", + conn->connection_id, done)); Curl_detach_connection(data); } if(done) { - connc_disconnect(data, conn, connc, FALSE); - return; - } - - DEBUGASSERT(!connc->shutdowns.iter_locked); - if(connc->shutdowns.iter_locked) { - DEBUGF(infof(data, "[CCACHE] discarding #%" CURL_FORMAT_CURL_OFF_T - ", list locked", conn->connection_id)); - connc_disconnect(data, conn, connc, FALSE); + cpool_close_and_destroy(cpool, conn, data, FALSE); return; } @@ -717,65 +744,89 @@ static void connc_discard_conn(struct conncache *connc, * during multi processing. */ if(data->multi && data->multi->max_shutdown_connections > 0 && (data->multi->max_shutdown_connections >= - (long)Curl_llist_count(&connc->shutdowns.conn_list))) { + (long)Curl_llist_count(&cpool->shutdowns))) { DEBUGF(infof(data, "[CCACHE] discarding oldest shutdown connection " "due to limit of %ld", data->multi->max_shutdown_connections)); - connc_shutdown_discard_oldest(connc); + cpool_shutdown_destroy_oldest(cpool); } if(data->multi && data->multi->socket_cb) { - DEBUGASSERT(connc == &data->multi->conn_cache); + DEBUGASSERT(cpool == &data->multi->cpool); /* Start with an empty shutdown pollset, so out internal closure handle * is added to the sockets. */ memset(&conn->shutdown_poll, 0, sizeof(conn->shutdown_poll)); - if(connc_update_shutdown_ev(data->multi, connc->closure_handle, conn)) { + if(cpool_update_shutdown_ev(data->multi, cpool->idata, conn)) { DEBUGF(infof(data, "[CCACHE] update events for shutdown failed, " - "discarding #%" CURL_FORMAT_CURL_OFF_T, - conn->connection_id)); - connc_disconnect(data, conn, connc, FALSE); + "discarding #%" FMT_OFF_T, + conn->connection_id)); + cpool_close_and_destroy(cpool, conn, data, FALSE); return; } } - Curl_llist_append(&connc->shutdowns.conn_list, conn, &conn->bundle_node); - DEBUGF(infof(data, "[CCACHE] added #%" CURL_FORMAT_CURL_OFF_T - " to shutdown list of length %zu", conn->connection_id, - Curl_llist_count(&connc->shutdowns.conn_list))); + Curl_llist_append(&cpool->shutdowns, conn, &conn->cpool_node); + DEBUGF(infof(data, "[CCACHE] added #%" FMT_OFF_T + " to shutdown list of length %zu", conn->connection_id, + Curl_llist_count(&cpool->shutdowns))); } -void Curl_conncache_disconnect(struct Curl_easy *data, - struct connectdata *conn, - bool aborted) +void Curl_cpool_disconnect(struct Curl_easy *data, + struct connectdata *conn, + bool aborted) { - DEBUGASSERT(data); - /* Connection must no longer be in and connection cache */ - DEBUGASSERT(!conn->bundle); + struct cpool *cpool = cpool_get_instance(data); + bool do_lock; + + DEBUGASSERT(cpool); + DEBUGASSERT(data && !data->conn); + if(!cpool) + return; + + /* If this connection is not marked to force-close, leave it open if there + * are other users of it */ + if(CONN_INUSE(conn) && !aborted) { + DEBUGASSERT(0); /* does this ever happen? */ + DEBUGF(infof(data, "Curl_disconnect when inuse: %zu", CONN_INUSE(conn))); + return; + } + + /* This method may be called while we are under lock, e.g. from a + * user callback in find. */ + do_lock = !CPOOL_IS_LOCKED(cpool); + if(do_lock) + CPOOL_LOCK(cpool); + + if(conn->bits.in_cpool) { + cpool_remove_conn(cpool, conn); + DEBUGASSERT(!conn->bits.in_cpool); + } + + /* Run the callback to let it clean up anything it wants to. */ + aborted = cpool->disconnect_cb(data, conn, aborted); if(data->multi) { - /* Add it to the multi's conncache for shutdown handling */ - infof(data, "%s connection #%" CURL_FORMAT_CURL_OFF_T, - aborted? "closing" : "shutting down", conn->connection_id); - connc_discard_conn(&data->multi->conn_cache, data, conn, aborted); + /* Add it to the multi's cpool for shutdown handling */ + infof(data, "%s connection #%" FMT_OFF_T, + aborted ? "closing" : "shutting down", conn->connection_id); + cpool_discard_conn(&data->multi->cpool, data, conn, aborted); } else { /* No multi available. Make a best-effort shutdown + close */ - infof(data, "closing connection #%" CURL_FORMAT_CURL_OFF_T, - conn->connection_id); - DEBUGASSERT(!conn->bundle); - connc_run_conn_shutdown_handler(data, conn); - connc_disconnect(data, conn, NULL, !aborted); + infof(data, "closing connection #%" FMT_OFF_T, conn->connection_id); + cpool_close_and_destroy(NULL, conn, data, !aborted); } + + if(do_lock) + CPOOL_UNLOCK(cpool); } -static void connc_run_conn_shutdown_handler(struct Curl_easy *data, +static void cpool_run_conn_shutdown_handler(struct Curl_easy *data, struct connectdata *conn) { if(!conn->bits.shutdown_handler) { - if(conn->dns_entry) { - Curl_resolv_unlock(data, conn->dns_entry); - conn->dns_entry = NULL; - } + if(conn->dns_entry) + Curl_resolv_unlink(data, &conn->dns_entry); /* Cleanup NTLM connection-related data */ Curl_http_auth_cleanup_ntlm(conn); @@ -785,9 +836,10 @@ static void connc_run_conn_shutdown_handler(struct Curl_easy *data, if(conn->handler && conn->handler->disconnect) { /* This is set if protocol-specific cleanups should be made */ - DEBUGF(infof(data, "connection #%" CURL_FORMAT_CURL_OFF_T + DEBUGF(infof(data, "connection #%" FMT_OFF_T ", shutdown protocol handler (aborted=%d)", conn->connection_id, conn->bits.aborted)); + conn->handler->disconnect(data, conn, conn->bits.aborted); } @@ -798,7 +850,7 @@ static void connc_run_conn_shutdown_handler(struct Curl_easy *data, } } -static void connc_run_conn_shutdown(struct Curl_easy *data, +static void cpool_run_conn_shutdown(struct Curl_easy *data, struct connectdata *conn, bool *done) { @@ -808,7 +860,7 @@ static void connc_run_conn_shutdown(struct Curl_easy *data, /* We expect to be attached when called */ DEBUGASSERT(data->conn == conn); - connc_run_conn_shutdown_handler(data, conn); + cpool_run_conn_shutdown_handler(data, conn); if(conn->bits.shutdown_filters) { *done = TRUE; @@ -835,24 +887,23 @@ static void connc_run_conn_shutdown(struct Curl_easy *data, conn->bits.shutdown_filters = TRUE; } -CURLcode Curl_conncache_add_pollfds(struct conncache *connc, - struct curl_pollfds *cpfds) +static CURLcode cpool_add_pollfds(struct cpool *cpool, + struct curl_pollfds *cpfds) { CURLcode result = CURLE_OK; - DEBUGASSERT(!connc->shutdowns.iter_locked); - connc->shutdowns.iter_locked = TRUE; - if(connc->shutdowns.conn_list.head) { - struct Curl_llist_element *e; + if(Curl_llist_head(&cpool->shutdowns)) { + struct Curl_llist_node *e; struct easy_pollset ps; struct connectdata *conn; - for(e = connc->shutdowns.conn_list.head; e; e = e->next) { - conn = e->ptr; + for(e = Curl_llist_head(&cpool->shutdowns); e; + e = Curl_node_next(e)) { + conn = Curl_node_elem(e); memset(&ps, 0, sizeof(ps)); - Curl_attach_connection(connc->closure_handle, conn); - Curl_conn_adjust_pollset(connc->closure_handle, &ps); - Curl_detach_connection(connc->closure_handle); + Curl_attach_connection(cpool->idata, conn); + Curl_conn_adjust_pollset(cpool->idata, &ps); + Curl_detach_connection(cpool->idata); result = Curl_pollfds_add_ps(cpfds, &ps); if(result) { @@ -862,28 +913,37 @@ CURLcode Curl_conncache_add_pollfds(struct conncache *connc, } } out: - connc->shutdowns.iter_locked = FALSE; return result; } -CURLcode Curl_conncache_add_waitfds(struct conncache *connc, - struct curl_waitfds *cwfds) +CURLcode Curl_cpool_add_pollfds(struct cpool *cpool, + struct curl_pollfds *cpfds) +{ + CURLcode result; + CPOOL_LOCK(cpool); + result = cpool_add_pollfds(cpool, cpfds); + CPOOL_UNLOCK(cpool); + return result; +} + +CURLcode Curl_cpool_add_waitfds(struct cpool *cpool, + struct curl_waitfds *cwfds) { CURLcode result = CURLE_OK; - DEBUGASSERT(!connc->shutdowns.iter_locked); - connc->shutdowns.iter_locked = TRUE; - if(connc->shutdowns.conn_list.head) { - struct Curl_llist_element *e; + CPOOL_LOCK(cpool); + if(Curl_llist_head(&cpool->shutdowns)) { + struct Curl_llist_node *e; struct easy_pollset ps; struct connectdata *conn; - for(e = connc->shutdowns.conn_list.head; e; e = e->next) { - conn = e->ptr; + for(e = Curl_llist_head(&cpool->shutdowns); e; + e = Curl_node_next(e)) { + conn = Curl_node_elem(e); memset(&ps, 0, sizeof(ps)); - Curl_attach_connection(connc->closure_handle, conn); - Curl_conn_adjust_pollset(connc->closure_handle, &ps); - Curl_detach_connection(connc->closure_handle); + Curl_attach_connection(cpool->idata, conn); + Curl_conn_adjust_pollset(cpool->idata, &ps); + Curl_detach_connection(cpool->idata); result = Curl_waitfds_add_ps(cwfds, &ps); if(result) @@ -891,15 +951,15 @@ CURLcode Curl_conncache_add_waitfds(struct conncache *connc, } } out: - connc->shutdowns.iter_locked = FALSE; + CPOOL_UNLOCK(cpool); return result; } -static void connc_perform(struct conncache *connc) +static void cpool_perform(struct cpool *cpool) { - struct Curl_easy *data = connc->closure_handle; - struct Curl_llist_element *e = connc->shutdowns.conn_list.head; - struct Curl_llist_element *enext; + struct Curl_easy *data = cpool->idata; + struct Curl_llist_node *e = Curl_llist_head(&cpool->shutdowns); + struct Curl_llist_node *enext; struct connectdata *conn; struct curltime *nowp = NULL; struct curltime now; @@ -910,21 +970,19 @@ static void connc_perform(struct conncache *connc) return; DEBUGASSERT(data); - DEBUGASSERT(!connc->shutdowns.iter_locked); DEBUGF(infof(data, "[CCACHE] perform, %zu connections being shutdown", - Curl_llist_count(&connc->shutdowns.conn_list))); - connc->shutdowns.iter_locked = TRUE; + Curl_llist_count(&cpool->shutdowns))); while(e) { - enext = e->next; - conn = e->ptr; + enext = Curl_node_next(e); + conn = Curl_node_elem(e); Curl_attach_connection(data, conn); - connc_run_conn_shutdown(data, conn, &done); - DEBUGF(infof(data, "[CCACHE] shutdown #%" CURL_FORMAT_CURL_OFF_T - ", done=%d", conn->connection_id, done)); + cpool_run_conn_shutdown(data, conn, &done); + DEBUGF(infof(data, "[CCACHE] shutdown #%" FMT_OFF_T ", done=%d", + conn->connection_id, done)); Curl_detach_connection(data); if(done) { - Curl_llist_remove(&connc->shutdowns.conn_list, e, NULL); - connc_disconnect(NULL, conn, connc, FALSE); + Curl_node_remove(e); + cpool_close_and_destroy(cpool, conn, NULL, FALSE); } else { /* Not done, when does this connection time out? */ @@ -938,72 +996,56 @@ static void connc_perform(struct conncache *connc) } e = enext; } - connc->shutdowns.iter_locked = FALSE; if(next_from_now_ms) Curl_expire(data, next_from_now_ms, EXPIRE_RUN_NOW); } -void Curl_conncache_multi_perform(struct Curl_multi *multi) +void Curl_cpool_multi_perform(struct Curl_multi *multi) { - connc_perform(&multi->conn_cache); + CPOOL_LOCK(&multi->cpool); + cpool_perform(&multi->cpool); + CPOOL_UNLOCK(&multi->cpool); } /* - * Disconnects the given connection. Note the connection may not be the - * primary connection, like when freeing room in the connection cache or - * killing of a dead old connection. - * - * A connection needs an easy handle when closing down. We support this passed - * in separately since the connection to get closed here is often already - * disassociated from an easy handle. - * - * This function MUST NOT reset state in the Curl_easy struct if that - * is not strictly bound to the life-time of *this* particular connection. - * + * Close and destroy the connection. Run the shutdown sequence once, + * of so requested. */ -static void connc_disconnect(struct Curl_easy *data, - struct connectdata *conn, - struct conncache *connc, - bool do_shutdown) +static void cpool_close_and_destroy(struct cpool *cpool, + struct connectdata *conn, + struct Curl_easy *data, + bool do_shutdown) { bool done; /* there must be a connection to close */ DEBUGASSERT(conn); - /* it must be removed from the connection cache */ - DEBUGASSERT(!conn->bundle); + /* it must be removed from the connection pool */ + DEBUGASSERT(!conn->bits.in_cpool); /* there must be an associated transfer */ - DEBUGASSERT(data || connc); + DEBUGASSERT(data || cpool); if(!data) - data = connc->closure_handle; + data = cpool->idata; /* the transfer must be detached from the connection */ DEBUGASSERT(data && !data->conn); Curl_attach_connection(data, conn); - if(connc && connc->multi && connc->multi->socket_cb) { - struct easy_pollset ps; - /* With an empty pollset, all previously polled sockets will be removed - * via the multi_socket API callback. */ - memset(&ps, 0, sizeof(ps)); - (void)Curl_multi_pollset_ev(connc->multi, data, &ps, &conn->shutdown_poll); - } - - connc_run_conn_shutdown_handler(data, conn); + cpool_run_conn_shutdown_handler(data, conn); if(do_shutdown) { /* Make a last attempt to shutdown handlers and filters, if * not done so already. */ - connc_run_conn_shutdown(data, conn, &done); + cpool_run_conn_shutdown(data, conn, &done); } - if(connc) - DEBUGF(infof(data, "[CCACHE] closing #%" CURL_FORMAT_CURL_OFF_T, + if(cpool) + DEBUGF(infof(data, "[CCACHE] closing #%" FMT_OFF_T, conn->connection_id)); else - DEBUGF(infof(data, "closing connection #%" CURL_FORMAT_CURL_OFF_T, + DEBUGF(infof(data, "closing connection #%" FMT_OFF_T, conn->connection_id)); Curl_conn_close(data, SECONDARYSOCKET); Curl_conn_close(data, FIRSTSOCKET); @@ -1013,7 +1055,7 @@ static void connc_disconnect(struct Curl_easy *data, } -static CURLMcode connc_update_shutdown_ev(struct Curl_multi *multi, +static CURLMcode cpool_update_shutdown_ev(struct Curl_multi *multi, struct Curl_easy *data, struct connectdata *conn) { @@ -1036,49 +1078,41 @@ static CURLMcode connc_update_shutdown_ev(struct Curl_multi *multi, return mresult; } -void Curl_conncache_multi_socket(struct Curl_multi *multi, - curl_socket_t s, int ev_bitmask) +void Curl_cpool_multi_socket(struct Curl_multi *multi, + curl_socket_t s, int ev_bitmask) { - struct conncache *connc = &multi->conn_cache; - struct Curl_easy *data = connc->closure_handle; - struct Curl_llist_element *e = connc->shutdowns.conn_list.head; + struct cpool *cpool = &multi->cpool; + struct Curl_easy *data = cpool->idata; + struct Curl_llist_node *e; struct connectdata *conn; bool done; (void)ev_bitmask; DEBUGASSERT(multi->socket_cb); - if(!e) - return; - - connc->shutdowns.iter_locked = TRUE; + CPOOL_LOCK(cpool); + e = Curl_llist_head(&cpool->shutdowns); while(e) { - conn = e->ptr; + conn = Curl_node_elem(e); if(s == conn->sock[FIRSTSOCKET] || s == conn->sock[SECONDARYSOCKET]) { Curl_attach_connection(data, conn); - connc_run_conn_shutdown(data, conn, &done); - DEBUGF(infof(data, "[CCACHE] shutdown #%" CURL_FORMAT_CURL_OFF_T - ", done=%d", conn->connection_id, done)); + cpool_run_conn_shutdown(data, conn, &done); + DEBUGF(infof(data, "[CCACHE] shutdown #%" FMT_OFF_T ", done=%d", + conn->connection_id, done)); Curl_detach_connection(data); - if(done || connc_update_shutdown_ev(multi, data, conn)) { - Curl_llist_remove(&connc->shutdowns.conn_list, e, NULL); - connc_disconnect(NULL, conn, connc, FALSE); + if(done || cpool_update_shutdown_ev(multi, data, conn)) { + Curl_node_remove(e); + cpool_close_and_destroy(cpool, conn, NULL, FALSE); } break; } - e = e->next; + e = Curl_node_next(e); } - connc->shutdowns.iter_locked = FALSE; + CPOOL_UNLOCK(cpool); } -void Curl_conncache_multi_close_all(struct Curl_multi *multi) -{ - connc_close_all(&multi->conn_cache); -} - - #define NUM_POLLS_ON_STACK 10 -static CURLcode connc_shutdown_wait(struct conncache *connc, int timeout_ms) +static CURLcode cpool_shutdown_wait(struct cpool *cpool, int timeout_ms) { struct pollfd a_few_on_stack[NUM_POLLS_ON_STACK]; struct curl_pollfds cpfds; @@ -1086,7 +1120,7 @@ static CURLcode connc_shutdown_wait(struct conncache *connc, int timeout_ms) Curl_pollfds_init(&cpfds, a_few_on_stack, NUM_POLLS_ON_STACK); - result = Curl_conncache_add_pollfds(connc, &cpfds); + result = cpool_add_pollfds(cpool, &cpfds); if(result) goto out; @@ -1097,9 +1131,9 @@ static CURLcode connc_shutdown_wait(struct conncache *connc, int timeout_ms) return result; } -static void connc_shutdown_all(struct conncache *connc, int timeout_ms) +static void cpool_shutdown_all(struct cpool *cpool, + struct Curl_easy *data, int timeout_ms) { - struct Curl_easy *data = connc->closure_handle; struct connectdata *conn; struct curltime started = Curl_now(); @@ -1107,79 +1141,226 @@ static void connc_shutdown_all(struct conncache *connc, int timeout_ms) return; (void)data; - DEBUGF(infof(data, "conncache shutdown all")); + DEBUGF(infof(data, "cpool shutdown all")); /* Move all connections into the shutdown queue */ - conn = connc_find_first_connection(connc); - while(conn) { - /* This will remove the connection from the cache */ - DEBUGF(infof(data, "moving connection %" CURL_FORMAT_CURL_OFF_T + for(conn = cpool_get_live_conn(cpool); conn; + conn = cpool_get_live_conn(cpool)) { + /* Move conn from live set to shutdown or destroy right away */ + DEBUGF(infof(data, "moving connection #%" FMT_OFF_T " to shutdown queue", conn->connection_id)); - connc_remove_conn(connc, conn); - connc_discard_conn(connc, NULL, conn, FALSE); - conn = connc_find_first_connection(connc); + cpool_remove_conn(cpool, conn); + cpool_discard_conn(cpool, data, conn, FALSE); } - DEBUGASSERT(!connc->shutdowns.iter_locked); - while(connc->shutdowns.conn_list.head) { + while(Curl_llist_head(&cpool->shutdowns)) { timediff_t timespent; int remain_ms; - connc_perform(connc); + cpool_perform(cpool); - if(!connc->shutdowns.conn_list.head) { - DEBUGF(infof(data, "conncache shutdown ok")); + if(!Curl_llist_head(&cpool->shutdowns)) { + DEBUGF(infof(data, "cpool shutdown ok")); break; } /* wait for activity, timeout or "nothing" */ timespent = Curl_timediff(Curl_now(), started); if(timespent >= (timediff_t)timeout_ms) { - DEBUGF(infof(data, "conncache shutdown %s", - (timeout_ms > 0)? "timeout" : "best effort done")); + DEBUGF(infof(data, "cpool shutdown %s", + (timeout_ms > 0) ? "timeout" : "best effort done")); break; } remain_ms = timeout_ms - (int)timespent; - if(connc_shutdown_wait(connc, remain_ms)) { - DEBUGF(infof(data, "conncache shutdown all, abort")); + if(cpool_shutdown_wait(cpool, remain_ms)) { + DEBUGF(infof(data, "cpool shutdown all, abort")); break; } } - /* Due to errors/timeout, we might come here without being full ydone. */ - connc_shutdown_discard_all(connc); + /* Due to errors/timeout, we might come here without being done. */ + cpool_shutdown_discard_all(cpool); +} + +struct cpool_reaper_ctx { + struct curltime now; +}; + +static int cpool_reap_dead_cb(struct Curl_easy *data, + struct connectdata *conn, void *param) +{ + struct cpool_reaper_ctx *rctx = param; + if(Curl_conn_seems_dead(conn, data, &rctx->now)) { + /* stop the iteration here, pass back the connection that was pruned */ + Curl_cpool_disconnect(data, conn, FALSE); + return 1; + } + return 0; /* continue iteration */ +} + +/* + * This function scans the data's connection pool for half-open/dead + * connections, closes and removes them. + * The cleanup is done at most once per second. + * + * When called, this transfer has no connection attached. + */ +void Curl_cpool_prune_dead(struct Curl_easy *data) +{ + struct cpool *cpool = cpool_get_instance(data); + struct cpool_reaper_ctx rctx; + timediff_t elapsed; + + if(!cpool) + return; + + rctx.now = Curl_now(); + CPOOL_LOCK(cpool); + elapsed = Curl_timediff(rctx.now, cpool->last_cleanup); + + if(elapsed >= 1000L) { + while(cpool_foreach(data, cpool, &rctx, cpool_reap_dead_cb)) + ; + cpool->last_cleanup = rctx.now; + } + CPOOL_UNLOCK(cpool); +} + +static int conn_upkeep(struct Curl_easy *data, + struct connectdata *conn, + void *param) +{ + struct curltime *now = param; + /* TODO, shall we reap connections that return an error here? */ + Curl_conn_upkeep(data, conn, now); + return 0; /* continue iteration */ +} + +CURLcode Curl_cpool_upkeep(void *data) +{ + struct cpool *cpool = cpool_get_instance(data); + struct curltime now = Curl_now(); + + if(!cpool) + return CURLE_OK; + + CPOOL_LOCK(cpool); + cpool_foreach(data, cpool, &now, conn_upkeep); + CPOOL_UNLOCK(cpool); + return CURLE_OK; +} + +struct cpool_find_ctx { + curl_off_t id; + struct connectdata *conn; +}; + +static int cpool_find_conn(struct Curl_easy *data, + struct connectdata *conn, void *param) +{ + struct cpool_find_ctx *fctx = param; + (void)data; + if(conn->connection_id == fctx->id) { + fctx->conn = conn; + return 1; + } + return 0; +} + +struct connectdata *Curl_cpool_get_conn(struct Curl_easy *data, + curl_off_t conn_id) +{ + struct cpool *cpool = cpool_get_instance(data); + struct cpool_find_ctx fctx; + + if(!cpool) + return NULL; + fctx.id = conn_id; + fctx.conn = NULL; + CPOOL_LOCK(cpool); + cpool_foreach(cpool->idata, cpool, &fctx, cpool_find_conn); + CPOOL_UNLOCK(cpool); + return fctx.conn; +} + +struct cpool_do_conn_ctx { + curl_off_t id; + Curl_cpool_conn_do_cb *cb; + void *cbdata; +}; + +static int cpool_do_conn(struct Curl_easy *data, + struct connectdata *conn, void *param) +{ + struct cpool_do_conn_ctx *dctx = param; + (void)data; + if(conn->connection_id == dctx->id) { + dctx->cb(conn, data, dctx->cbdata); + return 1; + } + return 0; +} + +void Curl_cpool_do_by_id(struct Curl_easy *data, curl_off_t conn_id, + Curl_cpool_conn_do_cb *cb, void *cbdata) +{ + struct cpool *cpool = cpool_get_instance(data); + struct cpool_do_conn_ctx dctx; + + if(!cpool) + return; + dctx.id = conn_id; + dctx.cb = cb; + dctx.cbdata = cbdata; + CPOOL_LOCK(cpool); + cpool_foreach(data, cpool, &dctx, cpool_do_conn); + CPOOL_UNLOCK(cpool); +} + +void Curl_cpool_do_locked(struct Curl_easy *data, + struct connectdata *conn, + Curl_cpool_conn_do_cb *cb, void *cbdata) +{ + struct cpool *cpool = cpool_get_instance(data); + if(cpool) { + CPOOL_LOCK(cpool); + cb(conn, data, cbdata); + CPOOL_UNLOCK(cpool); + } + else + cb(conn, data, cbdata); } #if 0 -/* Useful for debugging the connection cache */ -void Curl_conncache_print(struct conncache *connc) +/* Useful for debugging the connection pool */ +void Curl_cpool_print(struct cpool *cpool) { struct Curl_hash_iterator iter; - struct Curl_llist_element *curr; + struct Curl_llist_node *curr; struct Curl_hash_element *he; - if(!connc) + if(!cpool) return; fprintf(stderr, "=Bundle cache=\n"); - Curl_hash_start_iterate(connc->hash, &iter); + Curl_hash_start_iterate(cpool->dest2bundle, &iter); he = Curl_hash_next_element(&iter); while(he) { - struct connectbundle *bundle; + struct cpool_bundle *bundle; struct connectdata *conn; bundle = he->ptr; fprintf(stderr, "%s -", he->key); - curr = bundle->conn_list->head; + curr = Curl_llist_head(bundle->conns); while(curr) { - conn = curr->ptr; + conn = Curl_node_elem(curr); - fprintf(stderr, " [%p %d]", (void *)conn, conn->inuse); - curr = curr->next; + fprintf(stderr, " [%p %d]", (void *)conn, conn->refcount); + curr = Curl_node_next(curr); } fprintf(stderr, "\n"); diff --git a/libraries/libcurl/conncache.h b/libraries/libcurl/conncache.h index 30cc2e25..a379ee74 100644 --- a/libraries/libcurl/conncache.h +++ b/libraries/libcurl/conncache.h @@ -25,140 +25,177 @@ * ***************************************************************************/ -/* - * All accesses to struct fields and changing of data in the connection cache - * and connectbundles must be done with the conncache LOCKED. The cache might - * be shared. - */ - #include #include "timeval.h" struct connectdata; +struct Curl_easy; struct curl_pollfds; struct curl_waitfds; struct Curl_multi; +struct Curl_share; -struct connshutdowns { - struct Curl_llist conn_list; /* The connectdata to shut down */ - BIT(iter_locked); /* TRUE while iterating the list */ -}; - -struct conncache { - struct Curl_hash hash; +/** + * Callback invoked when disconnecting connections. + * @param data transfer last handling the connection, not attached + * @param conn the connection to discard + * @param aborted if the connection is being aborted + * @return if the connection is being aborted, e.g. should NOT perform + * a shutdown and just close. + **/ +typedef bool Curl_cpool_disconnect_cb(struct Curl_easy *data, + struct connectdata *conn, + bool aborted); + +struct cpool { + /* the pooled connections, bundled per destination */ + struct Curl_hash dest2bundle; size_t num_conn; curl_off_t next_connection_id; curl_off_t next_easy_id; struct curltime last_cleanup; - struct connshutdowns shutdowns; - /* handle used for closing cached connections */ - struct Curl_easy *closure_handle; - struct Curl_multi *multi; /* Optional, set if cache belongs to multi */ + struct Curl_llist shutdowns; /* The connections being shut down */ + struct Curl_easy *idata; /* internal handle used for discard */ + struct Curl_multi *multi; /* != NULL iff pool belongs to multi */ + struct Curl_share *share; /* != NULL iff pool belongs to share */ + Curl_cpool_disconnect_cb *disconnect_cb; + BIT(locked); }; -#define BUNDLE_NO_MULTIUSE -1 -#define BUNDLE_UNKNOWN 0 /* initial value */ -#define BUNDLE_MULTIPLEX 2 - -#ifdef DEBUGBUILD -/* the debug versions of these macros make extra certain that the lock is - never doubly locked or unlocked */ -#define CONNCACHE_LOCK(x) \ - do { \ - if((x)->share) { \ - Curl_share_lock((x), CURL_LOCK_DATA_CONNECT, \ - CURL_LOCK_ACCESS_SINGLE); \ - DEBUGASSERT(!(x)->state.conncache_lock); \ - (x)->state.conncache_lock = TRUE; \ - } \ - } while(0) - -#define CONNCACHE_UNLOCK(x) \ - do { \ - if((x)->share) { \ - DEBUGASSERT((x)->state.conncache_lock); \ - (x)->state.conncache_lock = FALSE; \ - Curl_share_unlock((x), CURL_LOCK_DATA_CONNECT); \ - } \ - } while(0) -#else -#define CONNCACHE_LOCK(x) if((x)->share) \ - Curl_share_lock((x), CURL_LOCK_DATA_CONNECT, CURL_LOCK_ACCESS_SINGLE) -#define CONNCACHE_UNLOCK(x) if((x)->share) \ - Curl_share_unlock((x), CURL_LOCK_DATA_CONNECT) -#endif - -struct connectbundle { - int multiuse; /* supports multi-use */ - size_t num_connections; /* Number of connections in the bundle */ - struct Curl_llist conn_list; /* The connectdata members of the bundle */ -}; - -/* Init the cache, pass multi only if cache is owned by it. +/* Init the pool, pass multi only if pool is owned by it. * returns 1 on error, 0 is fine. */ -int Curl_conncache_init(struct conncache *, - struct Curl_multi *multi, - size_t size); -void Curl_conncache_destroy(struct conncache *connc); - -/* return the correct bundle, to a host or a proxy */ -struct connectbundle *Curl_conncache_find_bundle(struct Curl_easy *data, - struct connectdata *conn, - struct conncache *connc); -/* returns number of connections currently held in the connection cache */ -size_t Curl_conncache_size(struct Curl_easy *data); - -bool Curl_conncache_return_conn(struct Curl_easy *data, - struct connectdata *conn); -CURLcode Curl_conncache_add_conn(struct Curl_easy *data) WARN_UNUSED_RESULT; -void Curl_conncache_remove_conn(struct Curl_easy *data, - struct connectdata *conn, - bool lock); -bool Curl_conncache_foreach(struct Curl_easy *data, - struct conncache *connc, - void *param, - int (*func)(struct Curl_easy *data, - struct connectdata *conn, - void *param)); - -struct connectdata * -Curl_conncache_find_first_connection(struct conncache *connc); - -struct connectdata * -Curl_conncache_extract_bundle(struct Curl_easy *data, - struct connectbundle *bundle); -struct connectdata * -Curl_conncache_extract_oldest(struct Curl_easy *data); -void Curl_conncache_close_all_connections(struct conncache *connc); -void Curl_conncache_print(struct conncache *connc); +int Curl_cpool_init(struct cpool *cpool, + Curl_cpool_disconnect_cb *disconnect_cb, + struct Curl_multi *multi, + struct Curl_share *share, + size_t size); + +/* Destroy all connections and free all members */ +void Curl_cpool_destroy(struct cpool *connc); + +/* Init the transfer to be used within its connection pool. + * Assigns `data->id`. */ +void Curl_cpool_xfer_init(struct Curl_easy *data); /** - * Tear down the connection. If `aborted` is FALSE, the connection - * will be shut down first before discarding. If the shutdown - * is not immediately complete, the connection - * will be placed into the cache is shutdown queue. + * Get the connection with the given id from the transfer's pool. */ -void Curl_conncache_disconnect(struct Curl_easy *data, - struct connectdata *conn, - bool aborted); +struct connectdata *Curl_cpool_get_conn(struct Curl_easy *data, + curl_off_t conn_id); + +CURLcode Curl_cpool_add_conn(struct Curl_easy *data, + struct connectdata *conn) WARN_UNUSED_RESULT; /** - * Add sockets and POLLIN/OUT flags for connections handled by the cache. + * Return if the pool has reached its configured limits for adding + * the given connection. Will try to discard the oldest, idle + * connections to make space. */ -CURLcode Curl_conncache_add_pollfds(struct conncache *connc, - struct curl_pollfds *cpfds); -CURLcode Curl_conncache_add_waitfds(struct conncache *connc, - struct curl_waitfds *cwfds); +#define CPOOL_LIMIT_OK 0 +#define CPOOL_LIMIT_DEST 1 +#define CPOOL_LIMIT_TOTAL 2 +int Curl_cpool_check_limits(struct Curl_easy *data, + struct connectdata *conn); + +/* Return of conn is suitable. If so, stops iteration. */ +typedef bool Curl_cpool_conn_match_cb(struct connectdata *conn, + void *userdata); + +/* Act on the result of the find, may override it. */ +typedef bool Curl_cpool_done_match_cb(bool result, void *userdata); + +/** + * Find a connection in the pool matching `destination`. + * All callbacks are invoked while the pool's lock is held. + * @param data current transfer + * @param destination match agaonst `conn->destination` in pool + * @param dest_len destination length, including terminating NUL + * @param conn_cb must be present, called for each connection in the + * bundle until it returns TRUE + * @param result_cb if not NULL, is called at the end with the result + * of the `conn_cb` or FALSE if never called. + * @return combined result of last conn_db and result_cb or FALSE if no + connections were present. + */ +bool Curl_cpool_find(struct Curl_easy *data, + const char *destination, size_t dest_len, + Curl_cpool_conn_match_cb *conn_cb, + Curl_cpool_done_match_cb *done_cb, + void *userdata); + +/* + * A connection (already in the pool) is now idle. Do any + * cleanups in regard to the pool's limits. + * + * Return TRUE if idle connection kept in pool, FALSE if closed. + */ +bool Curl_cpool_conn_now_idle(struct Curl_easy *data, + struct connectdata *conn); /** - * Perform maintenance on connections in the cache. Specifically, + * Remove the connection from the pool and tear it down. + * If `aborted` is FALSE, the connection will be shut down first + * before closing and destroying it. + * If the shutdown is not immediately complete, the connection + * will be placed into the pool's shutdown queue. + */ +void Curl_cpool_disconnect(struct Curl_easy *data, + struct connectdata *conn, + bool aborted); + +/** + * This function scans the data's connection pool for half-open/dead + * connections, closes and removes them. + * The cleanup is done at most once per second. + * + * When called, this transfer has no connection attached. + */ +void Curl_cpool_prune_dead(struct Curl_easy *data); + +/** + * Perform upkeep actions on connections in the transfer's pool. + */ +CURLcode Curl_cpool_upkeep(void *data); + +typedef void Curl_cpool_conn_do_cb(struct connectdata *conn, + struct Curl_easy *data, + void *cbdata); + +/** + * Invoke the callback on the pool's connection with the + * given connection id (if it exists). + */ +void Curl_cpool_do_by_id(struct Curl_easy *data, + curl_off_t conn_id, + Curl_cpool_conn_do_cb *cb, void *cbdata); + +/** + * Invoked the callback for the given data + connection under the + * connection pool's lock. + * The callback is always invoked, even if the transfer has no connection + * pool associated. + */ +void Curl_cpool_do_locked(struct Curl_easy *data, + struct connectdata *conn, + Curl_cpool_conn_do_cb *cb, void *cbdata); + +/** + * Add sockets and POLLIN/OUT flags for connections handled by the pool. + */ +CURLcode Curl_cpool_add_pollfds(struct cpool *connc, + struct curl_pollfds *cpfds); +CURLcode Curl_cpool_add_waitfds(struct cpool *connc, + struct curl_waitfds *cwfds); + +/** + * Perform maintenance on connections in the pool. Specifically, * progress the shutdown of connections in the queue. */ -void Curl_conncache_multi_perform(struct Curl_multi *multi); +void Curl_cpool_multi_perform(struct Curl_multi *multi); + +void Curl_cpool_multi_socket(struct Curl_multi *multi, + curl_socket_t s, int ev_bitmask); -void Curl_conncache_multi_socket(struct Curl_multi *multi, - curl_socket_t s, int ev_bitmask); -void Curl_conncache_multi_close_all(struct Curl_multi *multi); #endif /* HEADER_CURL_CONNCACHE_H */ diff --git a/libraries/libcurl/connect.c b/libraries/libcurl/connect.c index 9b68f15d..ee3b4c8a 100644 --- a/libraries/libcurl/connect.c +++ b/libraries/libcurl/connect.c @@ -139,7 +139,7 @@ timediff_t Curl_timeleft(struct Curl_easy *data, return ctimeleft_ms; /* no general timeout, this is it */ } /* return minimal time left or max amount already expired */ - return (ctimeleft_ms < timeleft_ms)? ctimeleft_ms : timeleft_ms; + return (ctimeleft_ms < timeleft_ms) ? ctimeleft_ms : timeleft_ms; } void Curl_shutdown_start(struct Curl_easy *data, int sockindex, @@ -172,7 +172,7 @@ timediff_t Curl_shutdown_timeleft(struct connectdata *conn, int sockindex, } left_ms = conn->shutdown.timeout_ms - Curl_timediff(*nowp, conn->shutdown.start[sockindex]); - return left_ms? left_ms : -1; + return left_ms ? left_ms : -1; } timediff_t Curl_conn_shutdown_timeleft(struct connectdata *conn, @@ -208,31 +208,6 @@ bool Curl_shutdown_started(struct Curl_easy *data, int sockindex) return (pt->tv_sec > 0) || (pt->tv_usec > 0); } -/* Copies connection info into the transfer handle to make it available when - the transfer handle is no longer associated with the connection. */ -void Curl_persistconninfo(struct Curl_easy *data, struct connectdata *conn, - struct ip_quadruple *ip) -{ - if(ip) - data->info.primary = *ip; - else { - memset(&data->info.primary, 0, sizeof(data->info.primary)); - data->info.primary.remote_port = -1; - data->info.primary.local_port = -1; - } - data->info.conn_scheme = conn->handler->scheme; - /* conn_protocol can only provide "old" protocols */ - data->info.conn_protocol = (conn->handler->protocol) & CURLPROTO_MASK; - data->info.conn_remote_port = conn->remote_port; - data->info.used_proxy = -#ifdef CURL_DISABLE_PROXY - 0 -#else - conn->bits.proxy -#endif - ; -} - static const struct Curl_addrinfo * addr_first_match(const struct Curl_addrinfo *addr, int family) { @@ -312,23 +287,6 @@ bool Curl_addr2string(struct sockaddr *sa, curl_socklen_t salen, return FALSE; } -struct connfind { - curl_off_t id_tofind; - struct connectdata *found; -}; - -static int conn_is_conn(struct Curl_easy *data, - struct connectdata *conn, void *param) -{ - struct connfind *f = (struct connfind *)param; - (void)data; - if(conn->connection_id == f->id_tofind) { - f->found = conn; - return 1; - } - return 0; -} - /* * Used to extract socket and connectdata struct for the most recent * transfer on the given Curl_easy. @@ -345,30 +303,19 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data, * - that is associated with a multi handle, and whose connection * was detached with CURLOPT_CONNECT_ONLY */ - if((data->state.lastconnect_id != -1) && (data->multi_easy || data->multi)) { - struct connectdata *c; - struct connfind find; - find.id_tofind = data->state.lastconnect_id; - find.found = NULL; - - Curl_conncache_foreach(data, - data->share && (data->share->specifier - & (1<< CURL_LOCK_DATA_CONNECT))? - &data->share->conn_cache: - data->multi_easy? - &data->multi_easy->conn_cache: - &data->multi->conn_cache, &find, conn_is_conn); - - if(!find.found) { + if(data->state.lastconnect_id != -1) { + struct connectdata *conn; + + conn = Curl_cpool_get_conn(data, data->state.lastconnect_id); + if(!conn) { data->state.lastconnect_id = -1; return CURL_SOCKET_BAD; } - c = find.found; if(connp) /* only store this if the caller cares for it */ - *connp = c; - return c->sock[FIRSTSOCKET]; + *connp = conn; + return conn->sock[FIRSTSOCKET]; } return CURL_SOCKET_BAD; } @@ -467,9 +414,9 @@ static CURLcode eyeballer_new(struct eyeballer **pballer, if(!baller) return CURLE_OUT_OF_MEMORY; - baller->name = ((ai_family == AF_INET)? "ipv4" : ( + baller->name = ((ai_family == AF_INET) ? "ipv4" : ( #ifdef USE_IPV6 - (ai_family == AF_INET6)? "ipv6" : + (ai_family == AF_INET6) ? "ipv6" : #endif "ip")); baller->cf_create = cf_create; @@ -477,7 +424,7 @@ static CURLcode eyeballer_new(struct eyeballer **pballer, baller->ai_family = ai_family; baller->primary = primary; baller->delay_ms = delay_ms; - baller->timeoutms = addr_next_match(baller->addr, baller->ai_family)? + baller->timeoutms = addr_next_match(baller->addr, baller->ai_family) ? USETIME(timeout_ms) : timeout_ms; baller->timeout_id = timeout_id; baller->result = CURLE_COULDNT_CONNECT; @@ -600,9 +547,11 @@ static CURLcode baller_start_next(struct Curl_cfilter *cf, { if(cf->sockindex == FIRSTSOCKET) { baller_next_addr(baller); - /* If we get inconclusive answers from the server(s), we make - * a second iteration over the address list */ - if(!baller->addr && baller->inconclusive && !baller->rewinded) + /* If we get inconclusive answers from the server(s), we start + * again until this whole thing times out. This allows us to + * connect to servers that are gracefully restarting and the + * packet routing to the new instance has not happened yet (e.g. QUIC). */ + if(!baller->addr && baller->inconclusive) baller_rewind(baller); baller_start(cf, data, baller, timeoutms); } @@ -634,7 +583,7 @@ static CURLcode baller_connect(struct Curl_cfilter *cf, baller->is_done = TRUE; } else if(Curl_timediff(*now, baller->started) >= baller->timeoutms) { - infof(data, "%s connect timeout after %" CURL_FORMAT_TIMEDIFF_T + infof(data, "%s connect timeout after %" FMT_TIMEDIFF_T "ms, move on!", baller->name, baller->timeoutms); #if defined(ETIMEDOUT) baller->error = ETIMEDOUT; @@ -670,7 +619,7 @@ static CURLcode is_connected(struct Curl_cfilter *cf, * If transport is QUIC, we need to shutdown the ongoing 'other' * cot ballers in a QUIC appropriate way. */ evaluate: - *connected = FALSE; /* a very negative world view is best */ + *connected = FALSE; /* a negative world view is best */ now = Curl_now(); ongoing = not_started = 0; for(i = 0; i < ARRAYSIZE(ctx->baller); i++) { @@ -725,7 +674,7 @@ static CURLcode is_connected(struct Curl_cfilter *cf, /* Nothing connected, check the time before we might * start new ballers or return ok. */ if((ongoing || not_started) && Curl_timeleft(data, &now, TRUE) < 0) { - failf(data, "Connection timeout after %" CURL_FORMAT_CURL_OFF_T " ms", + failf(data, "Connection timeout after %" FMT_OFF_T " ms", Curl_timediff(now, data->progress.t_startsingle)); return CURLE_OPERATION_TIMEDOUT; } @@ -748,8 +697,7 @@ static CURLcode is_connected(struct Curl_cfilter *cf, CURL_TRC_CF(data, cf, "%s done", baller->name); } else { - CURL_TRC_CF(data, cf, "%s starting (timeout=%" - CURL_FORMAT_TIMEDIFF_T "ms)", + CURL_TRC_CF(data, cf, "%s starting (timeout=%" FMT_TIMEDIFF_T "ms)", baller->name, baller->timeoutms); ++ongoing; ++added; @@ -794,7 +742,7 @@ static CURLcode is_connected(struct Curl_cfilter *cf, hostname = conn->host.name; failf(data, "Failed to connect to %s port %u after " - "%" CURL_FORMAT_TIMEDIFF_T " ms: %s", + "%" FMT_TIMEDIFF_T " ms: %s", hostname, conn->primary.remote_port, Curl_timediff(now, data->progress.t_startsingle), curl_easy_strerror(result)); @@ -821,9 +769,9 @@ static CURLcode start_connect(struct Curl_cfilter *cf, struct cf_he_ctx *ctx = cf->ctx; struct connectdata *conn = cf->conn; CURLcode result = CURLE_COULDNT_CONNECT; - int ai_family0, ai_family1; + int ai_family0 = 0, ai_family1 = 0; timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE); - const struct Curl_addrinfo *addr0, *addr1; + const struct Curl_addrinfo *addr0 = NULL, *addr1 = NULL; if(timeout_ms < 0) { /* a precaution, no need to continue if time already is up */ @@ -842,33 +790,33 @@ static CURLcode start_connect(struct Curl_cfilter *cf, * the 2 connect attempt ballers to try different families, if possible. * */ - if(conn->ip_version == CURL_IPRESOLVE_WHATEVER) { - /* any IP version is allowed */ - ai_family0 = remotehost->addr? - remotehost->addr->ai_family : 0; + if(conn->ip_version == CURL_IPRESOLVE_V6) { #ifdef USE_IPV6 - ai_family1 = ai_family0 == AF_INET6 ? - AF_INET : AF_INET6; -#else - ai_family1 = AF_UNSPEC; + ai_family0 = AF_INET6; + addr0 = addr_first_match(remotehost->addr, ai_family0); #endif } + else if(conn->ip_version == CURL_IPRESOLVE_V4) { + ai_family0 = AF_INET; + addr0 = addr_first_match(remotehost->addr, ai_family0); + } else { - /* only one IP version is allowed */ - ai_family0 = (conn->ip_version == CURL_IPRESOLVE_V4) ? - AF_INET : + /* no user preference, we try ipv6 always first when available */ #ifdef USE_IPV6 - AF_INET6; -#else - AF_UNSPEC; + ai_family0 = AF_INET6; + addr0 = addr_first_match(remotehost->addr, ai_family0); #endif - ai_family1 = AF_UNSPEC; + /* next candidate is ipv4 */ + ai_family1 = AF_INET; + addr1 = addr_first_match(remotehost->addr, ai_family1); + /* no ip address families, probably AF_UNIX or something, use the + * address family given to us */ + if(!addr1 && !addr0 && remotehost->addr) { + ai_family0 = remotehost->addr->ai_family; + addr0 = addr_first_match(remotehost->addr, ai_family0); + } } - /* Get the first address in the list that matches the family, - * this might give NULL, if we do not have any matches. */ - addr0 = addr_first_match(remotehost->addr, ai_family0); - addr1 = addr_first_match(remotehost->addr, ai_family1); if(!addr0 && addr1) { /* switch around, so a single baller always uses addr0 */ addr0 = addr1; @@ -887,8 +835,7 @@ static CURLcode start_connect(struct Curl_cfilter *cf, timeout_ms, EXPIRE_DNS_PER_NAME); if(result) return result; - CURL_TRC_CF(data, cf, "created %s (timeout %" - CURL_FORMAT_TIMEDIFF_T "ms)", + CURL_TRC_CF(data, cf, "created %s (timeout %" FMT_TIMEDIFF_T "ms)", ctx->baller[0]->name, ctx->baller[0]->timeoutms); if(addr1) { /* second one gets a delayed start */ @@ -899,8 +846,7 @@ static CURLcode start_connect(struct Curl_cfilter *cf, timeout_ms, EXPIRE_DNS_PER_NAME2); if(result) return result; - CURL_TRC_CF(data, cf, "created %s (timeout %" - CURL_FORMAT_TIMEDIFF_T "ms)", + CURL_TRC_CF(data, cf, "created %s (timeout %" FMT_TIMEDIFF_T "ms)", ctx->baller[1]->name, ctx->baller[1]->timeoutms); Curl_expire(data, data->set.happy_eyeballs_timeout, EXPIRE_HAPPY_EYEBALLS); @@ -1020,12 +966,20 @@ static CURLcode cf_he_connect(struct Curl_cfilter *cf, cf->next = ctx->winner->cf; ctx->winner->cf = NULL; cf_he_ctx_clear(cf, data); - Curl_conn_cf_cntrl(cf->next, data, TRUE, - CF_CTRL_CONN_INFO_UPDATE, 0, NULL); if(cf->conn->handler->protocol & PROTO_FAMILY_SSH) Curl_pgrsTime(data, TIMER_APPCONNECT); /* we are connected already */ - Curl_verboseconnect(data, cf->conn, cf->sockindex); + if(Curl_trc_cf_is_verbose(cf, data)) { + struct ip_quadruple ipquad; + int is_ipv6; + if(!Curl_conn_cf_get_ip_info(cf->next, data, &is_ipv6, &ipquad)) { + const char *host, *disphost; + int port; + cf->next->cft->get_host(cf->next, data, &host, &disphost, &port); + CURL_TRC_CF(data, cf, "Connected to %s (%s) port %u", + disphost, ipquad.remote_ip, ipquad.remote_port); + } + } data->info.numconnects++; /* to track the # of connections made */ } break; @@ -1135,7 +1089,7 @@ static CURLcode cf_he_query(struct Curl_cfilter *cf, } } - return cf->next? + return cf->next ? cf->next->cft->query(cf->next, data, query, pres1, pres2) : CURLE_UNKNOWN_OPTION; } @@ -1463,7 +1417,7 @@ static CURLcode cf_setup_create(struct Curl_cfilter **pcf, ctx = NULL; out: - *pcf = result? NULL : cf; + *pcf = result ? NULL : cf; free(ctx); return result; } diff --git a/libraries/libcurl/connect.h b/libraries/libcurl/connect.h index e9a4f9c5..160db942 100644 --- a/libraries/libcurl/connect.h +++ b/libraries/libcurl/connect.h @@ -72,9 +72,6 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data, bool Curl_addr2string(struct sockaddr *sa, curl_socklen_t salen, char *addr, int *port); -void Curl_persistconninfo(struct Curl_easy *data, struct connectdata *conn, - struct ip_quadruple *ip); - /* * Curl_conncontrol() marks the end of a connection/stream. The 'closeit' * argument specifies if it is the end of a connection or a stream. diff --git a/libraries/libcurl/content_encoding.c b/libraries/libcurl/content_encoding.c index 4dae41a8..a4b16dda 100644 --- a/libraries/libcurl/content_encoding.c +++ b/libraries/libcurl/content_encoding.c @@ -33,13 +33,13 @@ #endif #ifdef HAVE_BROTLI -#if defined(__GNUC__) +#if defined(__GNUC__) || defined(__clang__) /* Ignore -Wvla warnings in brotli headers */ #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wvla" #endif #include -#if defined(__GNUC__) +#if defined(__GNUC__) || defined(__clang__) #pragma GCC diagnostic pop #endif #endif @@ -79,7 +79,7 @@ #define GZIP_MAGIC_1 0x8b /* gzip flag byte */ -#define ASCII_FLAG 0x01 /* bit 0 set: file probably ascii text */ +#define ASCII_FLAG 0x01 /* bit 0 set: file probably ASCII text */ #define HEAD_CRC 0x02 /* bit 1 set: header CRC present */ #define EXTRA_FIELD 0x04 /* bit 2 set: extra field present */ #define ORIG_NAME 0x08 /* bit 3 set: original filename present */ @@ -154,7 +154,7 @@ static CURLcode process_trailer(struct Curl_easy *data, { z_stream *z = &zp->z; CURLcode result = CURLE_OK; - uInt len = z->avail_in < zp->trailerlen? z->avail_in: zp->trailerlen; + uInt len = z->avail_in < zp->trailerlen ? z->avail_in : zp->trailerlen; /* Consume expected trailer bytes. Terminate stream if exhausted. Issue an error if unexpected bytes follow. */ @@ -654,7 +654,7 @@ static CURLcode brotli_do_init(struct Curl_easy *data, (void) data; bp->br = BrotliDecoderCreateInstance(NULL, NULL, NULL); - return bp->br? CURLE_OK: CURLE_OUT_OF_MEMORY; + return bp->br ? CURLE_OK : CURLE_OUT_OF_MEMORY; } static CURLcode brotli_do_write(struct Curl_easy *data, @@ -909,18 +909,18 @@ static CURLcode error_do_write(struct Curl_easy *data, struct Curl_cwriter *writer, int type, const char *buf, size_t nbytes) { - char all[256]; - (void)Curl_all_content_encodings(all, sizeof(all)); - (void) writer; (void) buf; (void) nbytes; if(!(type & CLIENTWRITE_BODY) || !nbytes) return Curl_cwriter_write(data, writer->next, type, buf, nbytes); - - failf(data, "Unrecognized content encoding type. " - "libcurl understands %s content encodings.", all); + else { + char all[256]; + (void)Curl_all_content_encodings(all, sizeof(all)); + failf(data, "Unrecognized content encoding type. " + "libcurl understands %s content encodings.", all); + } return CURLE_BAD_CONTENT_ENCODING; } @@ -971,8 +971,8 @@ static const struct Curl_cwtype *find_unencode_writer(const char *name, CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, const char *enclist, int is_transfer) { - Curl_cwriter_phase phase = is_transfer? - CURL_CW_TRANSFER_DECODE:CURL_CW_CONTENT_DECODE; + Curl_cwriter_phase phase = is_transfer ? + CURL_CW_TRANSFER_DECODE : CURL_CW_CONTENT_DECODE; CURLcode result; do { @@ -995,7 +995,7 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, struct Curl_cwriter *writer; CURL_TRC_WRITE(data, "looking for %s decoder: %.*s", - is_transfer? "transfer" : "content", (int)namelen, name); + is_transfer ? "transfer" : "content", (int)namelen, name); is_chunked = (is_transfer && (namelen == 7) && strncasecompare(name, "chunked", 7)); /* if we skip the decoding in this phase, do not look further. @@ -1046,7 +1046,7 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, result = Curl_cwriter_create(&writer, data, cwt, phase); CURL_TRC_WRITE(data, "added %s decoder %s -> %d", - is_transfer? "transfer" : "content", cwt->name, result); + is_transfer ? "transfer" : "content", cwt->name, result); if(result) return result; diff --git a/libraries/libcurl/cookie.c b/libraries/libcurl/cookie.c index b0d8d84b..ca8c3c59 100644 --- a/libraries/libcurl/cookie.c +++ b/libraries/libcurl/cookie.c @@ -28,33 +28,20 @@ RECEIVING COOKIE INFORMATION ============================ -struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, - const char *file, struct CookieInfo *inc, bool newsession); +Curl_cookie_init() Inits a cookie struct to store data in a local file. This is always called before any cookies are set. -struct Cookie *Curl_cookie_add(struct Curl_easy *data, - struct CookieInfo *c, bool httpheader, bool noexpire, - char *lineptr, const char *domain, const char *path, - bool secure); - - The 'lineptr' parameter is a full "Set-cookie:" line as - received from a server. - - The function need to replace previously stored lines that this new - line supersedes. +Curl_cookie_add() - It may remove lines that are expired. - - It should return an indication of success/error. + Adds a cookie to the in-memory cookie jar. SENDING COOKIE INFORMATION ========================== -struct Cookies *Curl_cookie_getlist(struct CookieInfo *cookie, - char *host, char *path, bool secure); +Curl_cookie_getlist() For a given host and path, return a linked list of cookies that the client should send to the server if used now. The secure @@ -63,7 +50,6 @@ struct Cookies *Curl_cookie_getlist(struct CookieInfo *cookie, It shall only return cookies that have not expired. - Example set of cookies: Set-cookie: PRODUCTINFO=webxpress; domain=.fidelity.com; path=/; secure @@ -102,6 +88,7 @@ Example set of cookies: #include "rename.h" #include "fopen.h" #include "strdup.h" +#include "llist.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -245,7 +232,7 @@ static const char *get_top_domain(const char * const domain, size_t *outlen) if(outlen) *outlen = len; - return first? first: domain; + return first ? first : domain; } /* Avoid C1001, an "internal error" with MSVC14 */ @@ -335,17 +322,17 @@ void Curl_cookie_loadfiles(struct Curl_easy *data) if(list) { Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); while(list) { - struct CookieInfo *newcookies = + struct CookieInfo *ci = Curl_cookie_init(data, list->data, data->cookies, data->set.cookiesession); - if(!newcookies) + if(!ci) /* * Failure may be due to OOM or a bad cookie; both are ignored * but only the first should be */ infof(data, "ignoring failed cookie_init for %s", list->data); else - data->cookies = newcookies; + data->cookies = ci; list = list->next; } Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); @@ -378,9 +365,9 @@ static void strstore(char **str, const char *newstr, size_t len) * more cookies expire, then processing will exit early in case this timestamp * is in the future. */ -static void remove_expired(struct CookieInfo *cookies) +static void remove_expired(struct CookieInfo *ci) { - struct Cookie *co, *nx; + struct Cookie *co; curl_off_t now = (curl_off_t)time(NULL); unsigned int i; @@ -392,37 +379,32 @@ static void remove_expired(struct CookieInfo *cookies) * recorded first expiration is the max offset, then perform the safe * fallback of checking all cookies. */ - if(now < cookies->next_expiration && - cookies->next_expiration != CURL_OFF_T_MAX) + if(now < ci->next_expiration && + ci->next_expiration != CURL_OFF_T_MAX) return; else - cookies->next_expiration = CURL_OFF_T_MAX; + ci->next_expiration = CURL_OFF_T_MAX; for(i = 0; i < COOKIE_HASH_SIZE; i++) { - struct Cookie *pv = NULL; - co = cookies->cookies[i]; - while(co) { - nx = co->next; + struct Curl_llist_node *n; + struct Curl_llist_node *e = NULL; + + for(n = Curl_llist_head(&ci->cookielist[i]); n; n = e) { + co = Curl_node_elem(n); + e = Curl_node_next(n); if(co->expires && co->expires < now) { - if(!pv) { - cookies->cookies[i] = co->next; - } - else { - pv->next = co->next; - } - cookies->numcookies--; + Curl_node_remove(n); freecookie(co); + ci->numcookies--; } else { /* - * If this cookie has an expiration timestamp earlier than what we have - * seen so far then record it for the next round of expirations. + * If this cookie has an expiration timestamp earlier than what we + * have seen so far then record it for the next round of expirations. */ - if(co->expires && co->expires < cookies->next_expiration) - cookies->next_expiration = co->expires; - pv = co; + if(co->expires && co->expires < ci->next_expiration) + ci->next_expiration = co->expires; } - co = nx; } } } @@ -470,564 +452,495 @@ static int invalid_octets(const char *p) return (p[len] != '\0'); } -/* - * Curl_cookie_add - * - * Add a single cookie line to the cookie keeping object. Be aware that - * sometimes we get an IP-only hostname, and that might also be a numerical - * IPv6 address. - * - * Returns NULL on out of memory or invalid cookie. This is suboptimal, - * as they should be treated separately. - */ -struct Cookie * -Curl_cookie_add(struct Curl_easy *data, - struct CookieInfo *c, - bool httpheader, /* TRUE if HTTP header-style line */ - bool noexpire, /* if TRUE, skip remove_expired() */ - const char *lineptr, /* first character of the line */ - const char *domain, /* default domain */ - const char *path, /* full path used when this cookie is set, - used to get default path for the cookie - unless set */ - bool secure) /* TRUE if connection is over secure origin */ +#define CERR_OK 0 +#define CERR_TOO_LONG 1 /* input line too long */ +#define CERR_TAB 2 /* in a wrong place */ +#define CERR_TOO_BIG 3 /* name/value too large */ +#define CERR_BAD 4 /* deemed incorrect */ +#define CERR_NO_SEP 5 /* semicolon problem */ +#define CERR_NO_NAME_VALUE 6 /* name or value problem */ +#define CERR_INVALID_OCTET 7 /* bad content */ +#define CERR_BAD_SECURE 8 /* secure in a bad place */ +#define CERR_OUT_OF_MEMORY 9 +#define CERR_NO_TAILMATCH 10 +#define CERR_COMMENT 11 /* a commented line */ +#define CERR_RANGE 12 /* expire range problem */ +#define CERR_FIELDS 13 /* incomplete netscape line */ +#define CERR_PSL 14 /* a public suffix */ +#define CERR_LIVE_WINS 15 + +static int +parse_cookie_header(struct Curl_easy *data, + struct Cookie *co, + struct CookieInfo *ci, + const char *ptr, + const char *domain, /* default domain */ + const char *path, /* full path used when this cookie is + set, used to get default path for + the cookie unless set */ + bool secure) /* TRUE if connection is over secure + origin */ { - struct Cookie *clist; - struct Cookie *co; - struct Cookie *lastc = NULL; - struct Cookie *replace_co = NULL; - struct Cookie *replace_clist = NULL; - time_t now = time(NULL); - bool replace_old = FALSE; - bool badcookie = FALSE; /* cookies are good by default. mmmmm yummy */ - size_t myhash; - - DEBUGASSERT(data); - DEBUGASSERT(MAX_SET_COOKIE_AMOUNT <= 255); /* counter is an unsigned char */ - if(data->req.setcookies >= MAX_SET_COOKIE_AMOUNT) - return NULL; - - /* First, alloc and init a new struct for it */ - co = calloc(1, sizeof(struct Cookie)); - if(!co) - return NULL; /* bail out if we are this low on memory */ - - if(httpheader) { - /* This line was read off an HTTP-header */ - const char *ptr; + /* This line was read off an HTTP-header */ + time_t now; + size_t linelength = strlen(ptr); + if(linelength > MAX_COOKIE_LINE) + /* discard overly long lines at once */ + return CERR_TOO_LONG; + + now = time(NULL); + do { + size_t vlen; + size_t nlen; + + while(*ptr && ISBLANK(*ptr)) + ptr++; + + /* we have a = pair or a stand-alone word here */ + nlen = strcspn(ptr, ";\t\r\n="); + if(nlen) { + bool done = FALSE; + bool sep = FALSE; + const char *namep = ptr; + const char *valuep; + + ptr += nlen; + + /* trim trailing spaces and tabs after name */ + while(nlen && ISBLANK(namep[nlen - 1])) + nlen--; + + if(*ptr == '=') { + vlen = strcspn(++ptr, ";\r\n"); + valuep = ptr; + sep = TRUE; + ptr = &valuep[vlen]; + + /* Strip off trailing whitespace from the value */ + while(vlen && ISBLANK(valuep[vlen-1])) + vlen--; + + /* Skip leading whitespace from the value */ + while(vlen && ISBLANK(*valuep)) { + valuep++; + vlen--; + } - size_t linelength = strlen(lineptr); - if(linelength > MAX_COOKIE_LINE) { - /* discard overly long lines at once */ - free(co); - return NULL; - } + /* Reject cookies with a TAB inside the value */ + if(memchr(valuep, '\t', vlen)) { + infof(data, "cookie contains TAB, dropping"); + return CERR_TAB; + } + } + else { + valuep = NULL; + vlen = 0; + } - ptr = lineptr; - do { - size_t vlen; - size_t nlen; + /* + * Check for too long individual name or contents, or too long + * combination of name + contents. Chrome and Firefox support 4095 or + * 4096 bytes combo + */ + if(nlen >= (MAX_NAME-1) || vlen >= (MAX_NAME-1) || + ((nlen + vlen) > MAX_NAME)) { + infof(data, "oversized cookie dropped, name/val %zu + %zu bytes", + nlen, vlen); + return CERR_TOO_BIG; + } - while(*ptr && ISBLANK(*ptr)) - ptr++; + /* + * Check if we have a reserved prefix set before anything else, as we + * otherwise have to test for the prefix in both the cookie name and + * "the rest". Prefixes must start with '__' and end with a '-', so + * only test for names where that can possibly be true. + */ + if(nlen >= 7 && namep[0] == '_' && namep[1] == '_') { + if(strncasecompare("__Secure-", namep, 9)) + co->prefix_secure = TRUE; + else if(strncasecompare("__Host-", namep, 7)) + co->prefix_host = TRUE; + } - /* we have a = pair or a stand-alone word here */ - nlen = strcspn(ptr, ";\t\r\n="); - if(nlen) { - bool done = FALSE; - bool sep = FALSE; - const char *namep = ptr; - const char *valuep; - - ptr += nlen; - - /* trim trailing spaces and tabs after name */ - while(nlen && ISBLANK(namep[nlen - 1])) - nlen--; - - if(*ptr == '=') { - vlen = strcspn(++ptr, ";\r\n"); - valuep = ptr; - sep = TRUE; - ptr = &valuep[vlen]; - - /* Strip off trailing whitespace from the value */ - while(vlen && ISBLANK(valuep[vlen-1])) - vlen--; - - /* Skip leading whitespace from the value */ - while(vlen && ISBLANK(*valuep)) { - valuep++; - vlen--; - } + /* + * Use strstore() below to properly deal with received cookie + * headers that have the same string property set more than once, + * and then we use the last one. + */ - /* Reject cookies with a TAB inside the value */ - if(memchr(valuep, '\t', vlen)) { - freecookie(co); - infof(data, "cookie contains TAB, dropping"); - return NULL; - } + if(!co->name) { + /* The very first name/value pair is the actual cookie name */ + if(!sep) + /* Bad name/value pair. */ + return CERR_NO_SEP; + + strstore(&co->name, namep, nlen); + strstore(&co->value, valuep, vlen); + done = TRUE; + if(!co->name || !co->value) + return CERR_NO_NAME_VALUE; + + if(invalid_octets(co->value) || invalid_octets(co->name)) { + infof(data, "invalid octets in name/value, cookie dropped"); + return CERR_INVALID_OCTET; } - else { - valuep = NULL; - vlen = 0; - } - + } + else if(!vlen) { + /* + * this was a "=" with no content, and we must allow + * 'secure' and 'httponly' specified this weirdly + */ + done = TRUE; /* - * Check for too long individual name or contents, or too long - * combination of name + contents. Chrome and Firefox support 4095 or - * 4096 bytes combo + * secure cookies are only allowed to be set when the connection is + * using a secure protocol, or when the cookie is being set by + * reading from file */ - if(nlen >= (MAX_NAME-1) || vlen >= (MAX_NAME-1) || - ((nlen + vlen) > MAX_NAME)) { - freecookie(co); - infof(data, "oversized cookie dropped, name/val %zu + %zu bytes", - nlen, vlen); - return NULL; + if((nlen == 6) && strncasecompare("secure", namep, 6)) { + if(secure || !ci->running) { + co->secure = TRUE; + } + else { + return CERR_BAD_SECURE; + } } + else if((nlen == 8) && strncasecompare("httponly", namep, 8)) + co->httponly = TRUE; + else if(sep) + /* there was a '=' so we are not done parsing this field */ + done = FALSE; + } + if(done) + ; + else if((nlen == 4) && strncasecompare("path", namep, 4)) { + strstore(&co->path, valuep, vlen); + if(!co->path) + return CERR_OUT_OF_MEMORY; + free(co->spath); /* if this is set again */ + co->spath = sanitize_cookie_path(co->path); + if(!co->spath) + return CERR_OUT_OF_MEMORY; + } + else if((nlen == 6) && + strncasecompare("domain", namep, 6) && vlen) { + bool is_ip; /* - * Check if we have a reserved prefix set before anything else, as we - * otherwise have to test for the prefix in both the cookie name and - * "the rest". Prefixes must start with '__' and end with a '-', so - * only test for names where that can possibly be true. + * Now, we make sure that our host is within the given domain, or + * the given domain is not valid and thus cannot be set. */ - if(nlen >= 7 && namep[0] == '_' && namep[1] == '_') { - if(strncasecompare("__Secure-", namep, 9)) - co->prefix |= COOKIE_PREFIX__SECURE; - else if(strncasecompare("__Host-", namep, 7)) - co->prefix |= COOKIE_PREFIX__HOST; + + if('.' == valuep[0]) { + valuep++; /* ignore preceding dot */ + vlen--; } +#ifndef USE_LIBPSL /* - * Use strstore() below to properly deal with received cookie - * headers that have the same string property set more than once, - * and then we use the last one. + * Without PSL we do not know when the incoming cookie is set on a + * TLD or otherwise "protected" suffix. To reduce risk, we require a + * dot OR the exact hostname being "localhost". */ + if(bad_domain(valuep, vlen)) + domain = ":"; +#endif - if(!co->name) { - /* The very first name/value pair is the actual cookie name */ - if(!sep) { - /* Bad name/value pair. */ - badcookie = TRUE; - break; - } - strstore(&co->name, namep, nlen); - strstore(&co->value, valuep, vlen); - done = TRUE; - if(!co->name || !co->value) { - badcookie = TRUE; - break; - } - if(invalid_octets(co->value) || invalid_octets(co->name)) { - infof(data, "invalid octets in name/value, cookie dropped"); - badcookie = TRUE; - break; - } + is_ip = Curl_host_is_ipnum(domain ? domain : valuep); + + if(!domain + || (is_ip && !strncmp(valuep, domain, vlen) && + (vlen == strlen(domain))) + || (!is_ip && cookie_tailmatch(valuep, vlen, domain))) { + strstore(&co->domain, valuep, vlen); + if(!co->domain) + return CERR_OUT_OF_MEMORY; + + if(!is_ip) + co->tailmatch = TRUE; /* we always do that if the domain name was + given */ } - else if(!vlen) { - /* - * this was a "=" with no content, and we must allow - * 'secure' and 'httponly' specified this weirdly - */ - done = TRUE; + else { /* - * secure cookies are only allowed to be set when the connection is - * using a secure protocol, or when the cookie is being set by - * reading from file + * We did not get a tailmatch and then the attempted set domain is + * not a domain to which the current host belongs. Mark as bad. */ - if((nlen == 6) && strncasecompare("secure", namep, 6)) { - if(secure || !c->running) { - co->secure = TRUE; - } - else { - badcookie = TRUE; - break; - } - } - else if((nlen == 8) && strncasecompare("httponly", namep, 8)) - co->httponly = TRUE; - else if(sep) - /* there was a '=' so we are not done parsing this field */ - done = FALSE; + infof(data, "skipped cookie with bad tailmatch domain: %s", + valuep); + return CERR_NO_TAILMATCH; } - if(done) - ; - else if((nlen == 4) && strncasecompare("path", namep, 4)) { - strstore(&co->path, valuep, vlen); - if(!co->path) { - badcookie = TRUE; /* out of memory bad */ - break; - } - free(co->spath); /* if this is set again */ - co->spath = sanitize_cookie_path(co->path); - if(!co->spath) { - badcookie = TRUE; /* out of memory bad */ - break; - } + } + else if((nlen == 7) && strncasecompare("version", namep, 7)) { + /* just ignore */ + } + else if((nlen == 7) && strncasecompare("max-age", namep, 7)) { + /* + * Defined in RFC2109: + * + * Optional. The Max-Age attribute defines the lifetime of the + * cookie, in seconds. The delta-seconds value is a decimal non- + * negative integer. After delta-seconds seconds elapse, the + * client should discard the cookie. A value of zero means the + * cookie should be discarded immediately. + */ + CURLofft offt; + const char *maxage = valuep; + offt = curlx_strtoofft((*maxage == '\"') ? + &maxage[1] : &maxage[0], NULL, 10, + &co->expires); + switch(offt) { + case CURL_OFFT_FLOW: + /* overflow, used max value */ + co->expires = CURL_OFF_T_MAX; + break; + case CURL_OFFT_INVAL: + /* negative or otherwise bad, expire */ + co->expires = 1; + break; + case CURL_OFFT_OK: + if(!co->expires) + /* already expired */ + co->expires = 1; + else if(CURL_OFF_T_MAX - now < co->expires) + /* would overflow */ + co->expires = CURL_OFF_T_MAX; + else + co->expires += now; + break; } - else if((nlen == 6) && - strncasecompare("domain", namep, 6) && vlen) { - bool is_ip; - - /* - * Now, we make sure that our host is within the given domain, or - * the given domain is not valid and thus cannot be set. - */ - - if('.' == valuep[0]) { - valuep++; /* ignore preceding dot */ - vlen--; - } - -#ifndef USE_LIBPSL + } + else if((nlen == 7) && strncasecompare("expires", namep, 7)) { + if(!co->expires) { /* - * Without PSL we do not know when the incoming cookie is set on a - * TLD or otherwise "protected" suffix. To reduce risk, we require a - * dot OR the exact hostname being "localhost". + * Let max-age have priority. + * + * If the date cannot get parsed for whatever reason, the cookie + * will be treated as a session cookie */ - if(bad_domain(valuep, vlen)) - domain = ":"; -#endif + co->expires = Curl_getdate_capped(valuep); - is_ip = Curl_host_is_ipnum(domain ? domain : valuep); - - if(!domain - || (is_ip && !strncmp(valuep, domain, vlen) && - (vlen == strlen(domain))) - || (!is_ip && cookie_tailmatch(valuep, vlen, domain))) { - strstore(&co->domain, valuep, vlen); - if(!co->domain) { - badcookie = TRUE; - break; - } - if(!is_ip) - co->tailmatch = TRUE; /* we always do that if the domain name was - given */ - } - else { - /* - * We did not get a tailmatch and then the attempted set domain is - * not a domain to which the current host belongs. Mark as bad. - */ - badcookie = TRUE; - infof(data, "skipped cookie with bad tailmatch domain: %s", - valuep); - } - } - else if((nlen == 7) && strncasecompare("version", namep, 7)) { - /* just ignore */ - } - else if((nlen == 7) && strncasecompare("max-age", namep, 7)) { /* - * Defined in RFC2109: - * - * Optional. The Max-Age attribute defines the lifetime of the - * cookie, in seconds. The delta-seconds value is a decimal non- - * negative integer. After delta-seconds seconds elapse, the - * client should discard the cookie. A value of zero means the - * cookie should be discarded immediately. + * Session cookies have expires set to 0 so if we get that back + * from the date parser let's add a second to make it a + * non-session cookie */ - CURLofft offt; - const char *maxage = valuep; - offt = curlx_strtoofft((*maxage == '\"')? - &maxage[1]:&maxage[0], NULL, 10, - &co->expires); - switch(offt) { - case CURL_OFFT_FLOW: - /* overflow, used max value */ - co->expires = CURL_OFF_T_MAX; - break; - case CURL_OFFT_INVAL: - /* negative or otherwise bad, expire */ + if(co->expires == 0) co->expires = 1; - break; - case CURL_OFFT_OK: - if(!co->expires) - /* already expired */ - co->expires = 1; - else if(CURL_OFF_T_MAX - now < co->expires) - /* would overflow */ - co->expires = CURL_OFF_T_MAX; - else - co->expires += now; - break; - } + else if(co->expires < 0) + co->expires = 0; } - else if((nlen == 7) && strncasecompare("expires", namep, 7)) { - char date[128]; - if(!co->expires && (vlen < sizeof(date))) { - /* copy the date so that it can be null terminated */ - memcpy(date, valuep, vlen); - date[vlen] = 0; - /* - * Let max-age have priority. - * - * If the date cannot get parsed for whatever reason, the cookie - * will be treated as a session cookie - */ - co->expires = Curl_getdate_capped(date); - - /* - * Session cookies have expires set to 0 so if we get that back - * from the date parser let's add a second to make it a - * non-session cookie - */ - if(co->expires == 0) - co->expires = 1; - else if(co->expires < 0) - co->expires = 0; - } - } - - /* - * Else, this is the second (or more) name we do not know about! - */ - } - else { - /* this is an "illegal" = pair */ } - while(*ptr && ISBLANK(*ptr)) - ptr++; - if(*ptr == ';') - ptr++; - else - break; - } while(1); - - if(!badcookie && !co->domain) { - if(domain) { - /* no domain was given in the header line, set the default */ - co->domain = strdup(domain); - if(!co->domain) - badcookie = TRUE; - } - } - - if(!badcookie && !co->path && path) { - /* - * No path was given in the header line, set the default. Note that the - * passed-in path to this function MAY have a '?' and following part that - * MUST NOT be stored as part of the path. - */ - char *queryp = strchr(path, '?'); - /* - * queryp is where the interesting part of the path ends, so now we - * want to the find the last + * Else, this is the second (or more) name we do not know about! */ - char *endslash; - if(!queryp) - endslash = strrchr(path, '/'); - else - endslash = memrchr(path, '/', (queryp - path)); - if(endslash) { - size_t pathlen = (endslash-path + 1); /* include end slash */ - co->path = Curl_memdup0(path, pathlen); - if(co->path) { - co->spath = sanitize_cookie_path(co->path); - if(!co->spath) - badcookie = TRUE; /* out of memory bad */ - } - else - badcookie = TRUE; - } } - - /* - * If we did not get a cookie name, or a bad one, the this is an illegal - * line so bail out. - */ - if(badcookie || !co->name) { - freecookie(co); - return NULL; + else { + /* this is an "illegal" = pair */ } - data->req.setcookies++; + + while(*ptr && ISBLANK(*ptr)) + ptr++; + if(*ptr == ';') + ptr++; + else + break; + } while(1); + + if(!co->domain && domain) { + /* no domain was given in the header line, set the default */ + co->domain = strdup(domain); + if(!co->domain) + return CERR_OUT_OF_MEMORY; } - else { - /* - * This line is NOT an HTTP header style line, we do offer support for - * reading the odd netscape cookies-file format here - */ - char *ptr; - char *firstptr; - char *tok_buf = NULL; - int fields; + if(!co->path && path) { /* - * IE introduced HTTP-only cookies to prevent XSS attacks. Cookies marked - * with httpOnly after the domain name are not accessible from javascripts, - * but since curl does not operate at javascript level, we include them - * anyway. In Firefox's cookie files, these lines are preceded with - * #HttpOnly_ and then everything is as usual, so we skip 10 characters of - * the line.. + * No path was given in the header line, set the default. Note that the + * passed-in path to this function MAY have a '?' and following part that + * MUST NOT be stored as part of the path. */ - if(strncmp(lineptr, "#HttpOnly_", 10) == 0) { - lineptr += 10; - co->httponly = TRUE; - } - - if(lineptr[0]=='#') { - /* do not even try the comments */ - free(co); - return NULL; - } - /* strip off the possible end-of-line characters */ - ptr = strchr(lineptr, '\r'); - if(ptr) - *ptr = 0; /* clear it */ - ptr = strchr(lineptr, '\n'); - if(ptr) - *ptr = 0; /* clear it */ - - firstptr = strtok_r((char *)lineptr, "\t", &tok_buf); /* tokenize on TAB */ + char *queryp = strchr(path, '?'); /* - * Now loop through the fields and init the struct we already have - * allocated + * queryp is where the interesting part of the path ends, so now we + * want to the find the last */ - fields = 0; - for(ptr = firstptr; ptr && !badcookie; - ptr = strtok_r(NULL, "\t", &tok_buf), fields++) { - switch(fields) { - case 0: - if(ptr[0]=='.') /* skip preceding dots */ - ptr++; - co->domain = strdup(ptr); - if(!co->domain) - badcookie = TRUE; - break; - case 1: - /* - * flag: A TRUE/FALSE value indicating if all machines within a given - * domain can access the variable. Set TRUE when the cookie says - * .domain.com and to false when the domain is complete www.domain.com - */ - co->tailmatch = strcasecompare(ptr, "TRUE")?TRUE:FALSE; - break; - case 2: - /* The file format allows the path field to remain not filled in */ - if(strcmp("TRUE", ptr) && strcmp("FALSE", ptr)) { - /* only if the path does not look like a boolean option! */ - co->path = strdup(ptr); - if(!co->path) - badcookie = TRUE; - else { - co->spath = sanitize_cookie_path(co->path); - if(!co->spath) { - badcookie = TRUE; /* out of memory bad */ - } - } - break; - } - /* this does not look like a path, make one up! */ - co->path = strdup("/"); - if(!co->path) - badcookie = TRUE; - co->spath = strdup("/"); + char *endslash; + if(!queryp) + endslash = strrchr(path, '/'); + else + endslash = memrchr(path, '/', (queryp - path)); + if(endslash) { + size_t pathlen = (endslash-path + 1); /* include end slash */ + co->path = Curl_memdup0(path, pathlen); + if(co->path) { + co->spath = sanitize_cookie_path(co->path); if(!co->spath) - badcookie = TRUE; - fields++; /* add a field and fall down to secure */ - FALLTHROUGH(); - case 3: - co->secure = FALSE; - if(strcasecompare(ptr, "TRUE")) { - if(secure || c->running) - co->secure = TRUE; - else - badcookie = TRUE; - } - break; - case 4: - if(curlx_strtoofft(ptr, NULL, 10, &co->expires)) - badcookie = TRUE; - break; - case 5: - co->name = strdup(ptr); - if(!co->name) - badcookie = TRUE; - else { - /* For Netscape file format cookies we check prefix on the name */ - if(strncasecompare("__Secure-", co->name, 9)) - co->prefix |= COOKIE_PREFIX__SECURE; - else if(strncasecompare("__Host-", co->name, 7)) - co->prefix |= COOKIE_PREFIX__HOST; - } - break; - case 6: - co->value = strdup(ptr); - if(!co->value) - badcookie = TRUE; - break; + return CERR_OUT_OF_MEMORY; } - } - if(6 == fields) { - /* we got a cookie with blank contents, fix it */ - co->value = strdup(""); - if(!co->value) - badcookie = TRUE; else - fields++; + return CERR_OUT_OF_MEMORY; } + } - if(!badcookie && (7 != fields)) - /* we did not find the sufficient number of fields */ - badcookie = TRUE; + /* + * If we did not get a cookie name, or a bad one, the this is an illegal + * line so bail out. + */ + if(!co->name) + return CERR_BAD; - if(badcookie) { - freecookie(co); - return NULL; - } + data->req.setcookies++; + return CERR_OK; +} - } +static int +parse_netscape(struct Cookie *co, + struct CookieInfo *ci, + const char *lineptr, + bool secure) /* TRUE if connection is over secure + origin */ +{ + /* + * This line is NOT an HTTP header style line, we do offer support for + * reading the odd netscape cookies-file format here + */ + char *ptr; + char *firstptr; + char *tok_buf = NULL; + int fields; - if(co->prefix & COOKIE_PREFIX__SECURE) { - /* The __Secure- prefix only requires that the cookie be set secure */ - if(!co->secure) { - freecookie(co); - return NULL; - } - } - if(co->prefix & COOKIE_PREFIX__HOST) { - /* - * The __Host- prefix requires the cookie to be secure, have a "/" path - * and not have a domain set. - */ - if(co->secure && co->path && strcmp(co->path, "/") == 0 && !co->tailmatch) - ; - else { - freecookie(co); - return NULL; - } + /* + * In 2008, Internet Explorer introduced HTTP-only cookies to prevent XSS + * attacks. Cookies marked httpOnly are not accessible to JavaScript. In + * Firefox's cookie files, they are prefixed #HttpOnly_ and the rest + * remains as usual, so we skip 10 characters of the line. + */ + if(strncmp(lineptr, "#HttpOnly_", 10) == 0) { + lineptr += 10; + co->httponly = TRUE; } - if(!c->running && /* read from a file */ - c->newsession && /* clean session cookies */ - !co->expires) { /* this is a session cookie since it does not expire! */ - freecookie(co); - return NULL; - } + if(lineptr[0]=='#') + /* do not even try the comments */ + return CERR_COMMENT; + + /* strip off the possible end-of-line characters */ + ptr = strchr(lineptr, '\r'); + if(ptr) + *ptr = 0; /* clear it */ + ptr = strchr(lineptr, '\n'); + if(ptr) + *ptr = 0; /* clear it */ - co->livecookie = c->running; - co->creationtime = ++c->lastct; + firstptr = strtok_r((char *)lineptr, "\t", &tok_buf); /* tokenize on TAB */ /* - * Now we have parsed the incoming line, we must now check if this supersedes - * an already existing cookie, which it may if the previous have the same - * domain and path as this. + * Now loop through the fields and init the struct we already have + * allocated */ + fields = 0; + for(ptr = firstptr; ptr; ptr = strtok_r(NULL, "\t", &tok_buf), fields++) { + switch(fields) { + case 0: + if(ptr[0]=='.') /* skip preceding dots */ + ptr++; + co->domain = strdup(ptr); + if(!co->domain) + return CERR_OUT_OF_MEMORY; + break; + case 1: + /* + * flag: A TRUE/FALSE value indicating if all machines within a given + * domain can access the variable. Set TRUE when the cookie says + * .domain.com and to false when the domain is complete www.domain.com + */ + co->tailmatch = !!strcasecompare(ptr, "TRUE"); + break; + case 2: + /* The file format allows the path field to remain not filled in */ + if(strcmp("TRUE", ptr) && strcmp("FALSE", ptr)) { + /* only if the path does not look like a boolean option! */ + co->path = strdup(ptr); + if(!co->path) + return CERR_OUT_OF_MEMORY; + else { + co->spath = sanitize_cookie_path(co->path); + if(!co->spath) + return CERR_OUT_OF_MEMORY; + } + break; + } + /* this does not look like a path, make one up! */ + co->path = strdup("/"); + if(!co->path) + return CERR_OUT_OF_MEMORY; + co->spath = strdup("/"); + if(!co->spath) + return CERR_OUT_OF_MEMORY; + fields++; /* add a field and fall down to secure */ + FALLTHROUGH(); + case 3: + co->secure = FALSE; + if(strcasecompare(ptr, "TRUE")) { + if(secure || ci->running) + co->secure = TRUE; + else + return CERR_BAD_SECURE; + } + break; + case 4: + if(curlx_strtoofft(ptr, NULL, 10, &co->expires)) + return CERR_RANGE; + break; + case 5: + co->name = strdup(ptr); + if(!co->name) + return CERR_OUT_OF_MEMORY; + else { + /* For Netscape file format cookies we check prefix on the name */ + if(strncasecompare("__Secure-", co->name, 9)) + co->prefix_secure = TRUE; + else if(strncasecompare("__Host-", co->name, 7)) + co->prefix_host = TRUE; + } + break; + case 6: + co->value = strdup(ptr); + if(!co->value) + return CERR_OUT_OF_MEMORY; + break; + } + } + if(6 == fields) { + /* we got a cookie with blank contents, fix it */ + co->value = strdup(""); + if(!co->value) + return CERR_OUT_OF_MEMORY; + else + fields++; + } - /* at first, remove expired cookies */ - if(!noexpire) - remove_expired(c); + if(7 != fields) + /* we did not find the sufficient number of fields */ + return CERR_FIELDS; + + return CERR_OK; +} +static int +is_public_suffix(struct Curl_easy *data, + struct Cookie *co, + const char *domain) +{ #ifdef USE_LIBPSL /* * Check if the domain is a Public Suffix and if yes, ignore the cookie. We * must also check that the data handle is not NULL since the psl code will * dereference it. */ + DEBUGF(infof(data, "PSL check set-cookie '%s' for domain=%s in %s", + co->name, co->domain, domain)); if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) { bool acceptable = FALSE; char lcase[256]; @@ -1049,17 +962,33 @@ Curl_cookie_add(struct Curl_easy *data, if(!acceptable) { infof(data, "cookie '%s' dropped, domain '%s' must not " - "set cookies for '%s'", co->name, domain, co->domain); - freecookie(co); - return NULL; + "set cookies for '%s'", co->name, domain, co->domain); + return CERR_PSL; } } +#else + (void)data; + (void)co; + (void)domain; + DEBUGF(infof(data, "NO PSL to check set-cookie '%s' for domain=%s in %s", + co->name, co->domain, domain)); #endif + return CERR_OK; +} - /* A non-secure cookie may not overlay an existing secure cookie. */ - myhash = cookiehash(co->domain); - clist = c->cookies[myhash]; - while(clist) { +static int +replace_existing(struct Curl_easy *data, + struct Cookie *co, + struct CookieInfo *ci, + bool secure, + bool *replacep) +{ + bool replace_old = FALSE; + struct Curl_llist_node *replace_n = NULL; + struct Curl_llist_node *n; + size_t myhash = cookiehash(co->domain); + for(n = Curl_llist_head(&ci->cookielist[myhash]); n; n = Curl_node_next(n)) { + struct Cookie *clist = Curl_node_elem(n); if(strcasecompare(clist->name, co->name)) { /* the names are identical */ bool matching_domains = FALSE; @@ -1095,13 +1024,12 @@ Curl_cookie_add(struct Curl_easy *data, if(strncasecompare(clist->spath, co->spath, cllen)) { infof(data, "cookie '%s' for domain '%s' dropped, would " "overlay an existing cookie", co->name, co->domain); - freecookie(co); - return NULL; + return CERR_BAD_SECURE; } } } - if(!replace_co && strcasecompare(clist->name, co->name)) { + if(!replace_n && strcasecompare(clist->name, co->name)) { /* the names are identical */ if(clist->domain && co->domain) { @@ -1130,62 +1058,137 @@ Curl_cookie_add(struct Curl_easy *data, * was read from a file and thus is not "live". "live" cookies are * preferred so the new cookie is freed. */ - freecookie(co); - return NULL; - } - if(replace_old) { - replace_co = co; - replace_clist = clist; + return CERR_LIVE_WINS; } + if(replace_old) + replace_n = n; } - lastc = clist; - clist = clist->next; } - if(replace_co) { - co = replace_co; - clist = replace_clist; - co->next = clist->next; /* get the next-pointer first */ + if(replace_n) { + struct Cookie *repl = Curl_node_elem(replace_n); /* when replacing, creationtime is kept from old */ - co->creationtime = clist->creationtime; + co->creationtime = repl->creationtime; + + /* unlink the old */ + Curl_node_remove(replace_n); + + /* free the old cookie */ + freecookie(repl); + } + *replacep = replace_old; + return CERR_OK; +} + +/* + * Curl_cookie_add + * + * Add a single cookie line to the cookie keeping object. Be aware that + * sometimes we get an IP-only hostname, and that might also be a numerical + * IPv6 address. + * + * Returns NULL on out of memory or invalid cookie. This is suboptimal, + * as they should be treated separately. + */ +struct Cookie * +Curl_cookie_add(struct Curl_easy *data, + struct CookieInfo *ci, + bool httpheader, /* TRUE if HTTP header-style line */ + bool noexpire, /* if TRUE, skip remove_expired() */ + const char *lineptr, /* first character of the line */ + const char *domain, /* default domain */ + const char *path, /* full path used when this cookie is set, + used to get default path for the cookie + unless set */ + bool secure) /* TRUE if connection is over secure origin */ +{ + struct Cookie *co; + size_t myhash; + int rc; + bool replaces = FALSE; + + DEBUGASSERT(data); + DEBUGASSERT(MAX_SET_COOKIE_AMOUNT <= 255); /* counter is an unsigned char */ + if(data->req.setcookies >= MAX_SET_COOKIE_AMOUNT) + return NULL; + + /* First, alloc and init a new struct for it */ + co = calloc(1, sizeof(struct Cookie)); + if(!co) + return NULL; /* bail out if we are this low on memory */ + + if(httpheader) + rc = parse_cookie_header(data, co, ci, lineptr, domain, path, secure); + else + rc = parse_netscape(co, ci, lineptr, secure); - /* then free all the old pointers */ - free(clist->name); - free(clist->value); - free(clist->domain); - free(clist->path); - free(clist->spath); + if(rc) + goto fail; - *clist = *co; /* then store all the new data */ + if(co->prefix_secure && !co->secure) + /* The __Secure- prefix only requires that the cookie be set secure */ + goto fail; - free(co); /* free the newly allocated memory */ - co = clist; + if(co->prefix_host) { + /* + * The __Host- prefix requires the cookie to be secure, have a "/" path + * and not have a domain set. + */ + if(co->secure && co->path && strcmp(co->path, "/") == 0 && !co->tailmatch) + ; + else + goto fail; } - if(c->running) + if(!ci->running && /* read from a file */ + ci->newsession && /* clean session cookies */ + !co->expires) /* this is a session cookie since it does not expire */ + goto fail; + + co->livecookie = ci->running; + co->creationtime = ++ci->lastct; + + /* + * Now we have parsed the incoming line, we must now check if this supersedes + * an already existing cookie, which it may if the previous have the same + * domain and path as this. + */ + + /* remove expired cookies */ + if(!noexpire) + remove_expired(ci); + + if(is_public_suffix(data, co, domain)) + goto fail; + + if(replace_existing(data, co, ci, secure, &replaces)) + goto fail; + + /* add this cookie to the list */ + myhash = cookiehash(co->domain); + Curl_llist_append(&ci->cookielist[myhash], co, &co->node); + + if(ci->running) /* Only show this when NOT reading the cookies from a file */ infof(data, "%s cookie %s=\"%s\" for domain %s, path %s, " - "expire %" CURL_FORMAT_CURL_OFF_T, - replace_old?"Replaced":"Added", co->name, co->value, + "expire %" FMT_OFF_T, + replaces ? "Replaced":"Added", co->name, co->value, co->domain, co->path, co->expires); - if(!replace_old) { - /* then make the last item point on this new one */ - if(lastc) - lastc->next = co; - else - c->cookies[myhash] = co; - c->numcookies++; /* one more cookie in the jar */ - } + if(!replaces) + ci->numcookies++; /* one more cookie in the jar */ /* * Now that we have added a new cookie to the jar, update the expiration * tracker in case it is the next one to expire. */ - if(co->expires && (co->expires < c->next_expiration)) - c->next_expiration = co->expires; + if(co->expires && (co->expires < ci->next_expiration)) + ci->next_expiration = co->expires; return co; +fail: + freecookie(co); + return NULL; } @@ -1205,28 +1208,30 @@ Curl_cookie_add(struct Curl_easy *data, */ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, const char *file, - struct CookieInfo *inc, + struct CookieInfo *ci, bool newsession) { - struct CookieInfo *c; FILE *handle = NULL; - if(!inc) { + if(!ci) { + int i; + /* we did not get a struct, create one */ - c = calloc(1, sizeof(struct CookieInfo)); - if(!c) + ci = calloc(1, sizeof(struct CookieInfo)); + if(!ci) return NULL; /* failed to get memory */ + + /* This does not use the destructor callback since we want to add + and remove to lists while keeping the cookie struct intact */ + for(i = 0; i < COOKIE_HASH_SIZE; i++) + Curl_llist_init(&ci->cookielist[i], NULL); /* * Initialize the next_expiration time to signal that we do not have enough * information yet. */ - c->next_expiration = CURL_OFF_T_MAX; + ci->next_expiration = CURL_OFF_T_MAX; } - else { - /* we got an already existing one, use that */ - c = inc; - } - c->newsession = newsession; /* new session? */ + ci->newsession = newsession; /* new session? */ if(data) { FILE *fp = NULL; @@ -1242,7 +1247,7 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, } } - c->running = FALSE; /* this is not running, this is init */ + ci->running = FALSE; /* this is not running, this is init */ if(fp) { struct dynbuf buf; Curl_dyn_init(&buf, MAX_COOKIE_LINE); @@ -1257,7 +1262,7 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, lineptr++; } - Curl_cookie_add(data, c, headerline, TRUE, lineptr, NULL, NULL, TRUE); + Curl_cookie_add(data, ci, headerline, TRUE, lineptr, NULL, NULL, TRUE); } Curl_dyn_free(&buf); /* free the line buffer */ @@ -1265,16 +1270,16 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, * Remove expired cookies from the hash. We must make sure to run this * after reading the file, and not on every cookie. */ - remove_expired(c); + remove_expired(ci); if(handle) fclose(handle); } data->state.cookie_engine = TRUE; } - c->running = TRUE; /* now, we are running */ + ci->running = TRUE; /* now, we are running */ - return c; + return ci; } /* @@ -1329,38 +1334,6 @@ static int cookie_sort_ct(const void *p1, const void *p2) return (c2->creationtime > c1->creationtime) ? 1 : -1; } -#define CLONE(field) \ - do { \ - if(src->field) { \ - d->field = strdup(src->field); \ - if(!d->field) \ - goto fail; \ - } \ - } while(0) - -static struct Cookie *dup_cookie(struct Cookie *src) -{ - struct Cookie *d = calloc(1, sizeof(struct Cookie)); - if(d) { - CLONE(domain); - CLONE(path); - CLONE(spath); - CLONE(name); - CLONE(value); - d->expires = src->expires; - d->tailmatch = src->tailmatch; - d->secure = src->secure; - d->livecookie = src->livecookie; - d->httponly = src->httponly; - d->creationtime = src->creationtime; - } - return d; - -fail: - freecookie(d); - return NULL; -} - /* * Curl_cookie_getlist * @@ -1369,33 +1342,37 @@ static struct Cookie *dup_cookie(struct Cookie *src) * if a secure connection is achieved or not. * * It shall only return cookies that have not expired. + * + * Returns 0 when there is a list returned. Otherwise non-zero. */ -struct Cookie *Curl_cookie_getlist(struct Curl_easy *data, - struct CookieInfo *c, - const char *host, const char *path, - bool secure) +int Curl_cookie_getlist(struct Curl_easy *data, + struct CookieInfo *ci, + const char *host, const char *path, + bool secure, + struct Curl_llist *list) { - struct Cookie *newco; - struct Cookie *co; - struct Cookie *mainco = NULL; size_t matches = 0; bool is_ip; const size_t myhash = cookiehash(host); + struct Curl_llist_node *n; - if(!c || !c->cookies[myhash]) - return NULL; /* no cookie struct or no cookies in the struct */ + Curl_llist_init(list, NULL); + + if(!ci || !Curl_llist_count(&ci->cookielist[myhash])) + return 1; /* no cookie struct or no cookies in the struct */ /* at first, remove expired cookies */ - remove_expired(c); + remove_expired(ci); /* check if host is an IP(v4|v6) address */ is_ip = Curl_host_is_ipnum(host); - co = c->cookies[myhash]; + for(n = Curl_llist_head(&ci->cookielist[myhash]); + n; n = Curl_node_next(n)) { + struct Cookie *co = Curl_node_elem(n); - while(co) { /* if the cookie requires we are secure we must only continue if we are! */ - if(co->secure?secure:TRUE) { + if(co->secure ? secure : TRUE) { /* now check if the domain is correct */ if(!co->domain || @@ -1414,31 +1391,18 @@ struct Cookie *Curl_cookie_getlist(struct Curl_easy *data, if(!co->spath || pathmatch(co->spath, path) ) { /* - * and now, we know this is a match and we should create an - * entry for the return-linked-list + * This is a match and we add it to the return-linked-list */ - - newco = dup_cookie(co); - if(newco) { - /* then modify our next */ - newco->next = mainco; - - /* point the main to us */ - mainco = newco; - - matches++; - if(matches >= MAX_COOKIE_SEND_AMOUNT) { - infof(data, "Included max number of cookies (%zu) in request!", - matches); - break; - } + Curl_llist_append(list, co, &co->getnode); + matches++; + if(matches >= MAX_COOKIE_SEND_AMOUNT) { + infof(data, "Included max number of cookies (%zu) in request!", + matches); + break; } - else - goto fail; } } } - co = co->next; } if(matches) { @@ -1455,30 +1419,29 @@ struct Cookie *Curl_cookie_getlist(struct Curl_easy *data, if(!array) goto fail; - co = mainco; + n = Curl_llist_head(list); - for(i = 0; co; co = co->next) - array[i++] = co; + for(i = 0; n; n = Curl_node_next(n)) + array[i++] = Curl_node_elem(n); /* now sort the cookie pointers in path length order */ qsort(array, matches, sizeof(struct Cookie *), cookie_sort); /* remake the linked list order according to the new order */ + Curl_llist_destroy(list, NULL); - mainco = array[0]; /* start here */ - for(i = 0; inext = array[i + 1]; - array[matches-1]->next = NULL; /* terminate the list */ + for(i = 0; i < matches; i++) + Curl_llist_append(list, array[i], &array[i]->getnode); free(array); /* remove the temporary data again */ } - return mainco; /* return the new list */ + return 0; /* success */ fail: /* failure, clear up the allocated chain and return NULL */ - Curl_cookie_freelist(mainco); - return NULL; + Curl_llist_destroy(list, NULL); + return 2; /* error */ } /* @@ -1486,30 +1449,21 @@ struct Cookie *Curl_cookie_getlist(struct Curl_easy *data, * * Clear all existing cookies and reset the counter. */ -void Curl_cookie_clearall(struct CookieInfo *cookies) +void Curl_cookie_clearall(struct CookieInfo *ci) { - if(cookies) { + if(ci) { unsigned int i; for(i = 0; i < COOKIE_HASH_SIZE; i++) { - Curl_cookie_freelist(cookies->cookies[i]); - cookies->cookies[i] = NULL; + struct Curl_llist_node *n; + for(n = Curl_llist_head(&ci->cookielist[i]); n;) { + struct Cookie *c = Curl_node_elem(n); + struct Curl_llist_node *e = Curl_node_next(n); + Curl_node_remove(n); + freecookie(c); + n = e; + } } - cookies->numcookies = 0; - } -} - -/* - * Curl_cookie_freelist - * - * Free a list of cookies previously returned by Curl_cookie_getlist(); - */ -void Curl_cookie_freelist(struct Cookie *co) -{ - struct Cookie *next; - while(co) { - next = co->next; - freecookie(co); - co = next; + ci->numcookies = 0; } } @@ -1518,39 +1472,26 @@ void Curl_cookie_freelist(struct Cookie *co) * * Free all session cookies in the cookies list. */ -void Curl_cookie_clearsess(struct CookieInfo *cookies) +void Curl_cookie_clearsess(struct CookieInfo *ci) { - struct Cookie *first, *curr, *next, *prev = NULL; unsigned int i; - if(!cookies) + if(!ci) return; for(i = 0; i < COOKIE_HASH_SIZE; i++) { - if(!cookies->cookies[i]) - continue; - - first = curr = prev = cookies->cookies[i]; + struct Curl_llist_node *n = Curl_llist_head(&ci->cookielist[i]); + struct Curl_llist_node *e = NULL; - for(; curr; curr = next) { - next = curr->next; + for(; n; n = e) { + struct Cookie *curr = Curl_node_elem(n); + e = Curl_node_next(n); /* in case the node is removed, get it early */ if(!curr->expires) { - if(first == curr) - first = next; - - if(prev == curr) - prev = next; - else - prev->next = next; - + Curl_node_remove(n); freecookie(curr); - cookies->numcookies--; + ci->numcookies--; } - else - prev = curr; } - - cookies->cookies[i] = first; } } @@ -1559,13 +1500,11 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies) * * Free a "cookie object" previous created with Curl_cookie_init(). */ -void Curl_cookie_cleanup(struct CookieInfo *c) +void Curl_cookie_cleanup(struct CookieInfo *ci) { - if(c) { - unsigned int i; - for(i = 0; i < COOKIE_HASH_SIZE; i++) - Curl_cookie_freelist(c->cookies[i]); - free(c); /* free the base struct as well */ + if(ci) { + Curl_cookie_clearall(ci); + free(ci); /* free the base struct as well */ } } @@ -1584,22 +1523,22 @@ static char *get_netscape_format(const struct Cookie *co) "%s\t" /* tailmatch */ "%s\t" /* path */ "%s\t" /* secure */ - "%" CURL_FORMAT_CURL_OFF_T "\t" /* expires */ + "%" FMT_OFF_T "\t" /* expires */ "%s\t" /* name */ "%s", /* value */ - co->httponly?"#HttpOnly_":"", + co->httponly ? "#HttpOnly_" : "", /* * Make sure all domains are prefixed with a dot if they allow * tailmatching. This is Mozilla-style. */ - (co->tailmatch && co->domain && co->domain[0] != '.')? ".":"", - co->domain?co->domain:"unknown", - co->tailmatch?"TRUE":"FALSE", - co->path?co->path:"/", - co->secure?"TRUE":"FALSE", + (co->tailmatch && co->domain && co->domain[0] != '.') ? "." : "", + co->domain ? co->domain : "unknown", + co->tailmatch ? "TRUE" : "FALSE", + co->path ? co->path : "/", + co->secure ? "TRUE" : "FALSE", co->expires, co->name, - co->value?co->value:""); + co->value ? co->value : ""); } /* @@ -1611,20 +1550,20 @@ static char *get_netscape_format(const struct Cookie *co) * The function returns non-zero on write failure. */ static CURLcode cookie_output(struct Curl_easy *data, - struct CookieInfo *c, const char *filename) + struct CookieInfo *ci, + const char *filename) { - struct Cookie *co; FILE *out = NULL; bool use_stdout = FALSE; char *tempstore = NULL; CURLcode error = CURLE_OK; - if(!c) + if(!ci) /* no cookie engine alive */ return CURLE_OK; /* at first, remove expired cookies */ - remove_expired(c); + remove_expired(ci); if(!strcmp("-", filename)) { /* use stdout */ @@ -1642,12 +1581,13 @@ static CURLcode cookie_output(struct Curl_easy *data, "# This file was generated by libcurl! Edit at your own risk.\n\n", out); - if(c->numcookies) { + if(ci->numcookies) { unsigned int i; size_t nvalid = 0; struct Cookie **array; + struct Curl_llist_node *n; - array = calloc(1, sizeof(struct Cookie *) * c->numcookies); + array = calloc(1, sizeof(struct Cookie *) * ci->numcookies); if(!array) { error = CURLE_OUT_OF_MEMORY; goto error; @@ -1655,7 +1595,9 @@ static CURLcode cookie_output(struct Curl_easy *data, /* only sort the cookies with a domain property */ for(i = 0; i < COOKIE_HASH_SIZE; i++) { - for(co = c->cookies[i]; co; co = co->next) { + for(n = Curl_llist_head(&ci->cookielist[i]); n; + n = Curl_node_next(n)) { + struct Cookie *co = Curl_node_elem(n); if(!co->domain) continue; array[nvalid++] = co; @@ -1707,15 +1649,17 @@ static struct curl_slist *cookie_list(struct Curl_easy *data) { struct curl_slist *list = NULL; struct curl_slist *beg; - struct Cookie *c; - char *line; unsigned int i; + struct Curl_llist_node *n; if(!data->cookies || (data->cookies->numcookies == 0)) return NULL; for(i = 0; i < COOKIE_HASH_SIZE; i++) { - for(c = data->cookies->cookies[i]; c; c = c->next) { + for(n = Curl_llist_head(&data->cookies->cookielist[i]); n; + n = Curl_node_next(n)) { + struct Cookie *c = Curl_node_elem(n); + char *line; if(!c->domain) continue; line = get_netscape_format(c); diff --git a/libraries/libcurl/cookie.h b/libraries/libcurl/cookie.h index 838d74d8..c98f3602 100644 --- a/libraries/libcurl/cookie.h +++ b/libraries/libcurl/cookie.h @@ -27,20 +27,24 @@ #include +#include "llist.h" + struct Cookie { - struct Cookie *next; /* next in the chain */ - char *name; /* = value */ - char *value; /* name = */ + struct Curl_llist_node node; /* for the main cookie list */ + struct Curl_llist_node getnode; /* for getlist */ + char *name; /* = value */ + char *value; /* name = */ char *path; /* path = which is in Set-Cookie: */ char *spath; /* sanitized cookie path */ - char *domain; /* domain = */ - curl_off_t expires; /* expires = */ - bool tailmatch; /* whether we do tail-matching of the domain name */ - bool secure; /* whether the 'secure' keyword was used */ - bool livecookie; /* updated from a server, not a stored file */ - bool httponly; /* true if the httponly directive is present */ - int creationtime; /* time when the cookie was written */ - unsigned char prefix; /* bitmap fields indicating which prefix are set */ + char *domain; /* domain = */ + curl_off_t expires; /* expires = */ + int creationtime; /* time when the cookie was written */ + BIT(tailmatch); /* tail-match the domain name */ + BIT(secure); /* the 'secure' keyword was used */ + BIT(livecookie); /* updated from a server, not a stored file */ + BIT(httponly); /* the httponly directive is present */ + BIT(prefix_secure); /* secure prefix is set */ + BIT(prefix_host); /* host prefix is set */ }; /* @@ -53,8 +57,8 @@ struct Cookie { #define COOKIE_HASH_SIZE 63 struct CookieInfo { - /* linked list of cookies we know of */ - struct Cookie *cookies[COOKIE_HASH_SIZE]; + /* linked lists of cookies we know of */ + struct Curl_llist cookielist[COOKIE_HASH_SIZE]; curl_off_t next_expiration; /* the next time at which expiration happens */ int numcookies; /* number of cookies in the "jar" */ int lastct; /* last creation-time used in the jar */ @@ -112,10 +116,10 @@ struct Cookie *Curl_cookie_add(struct Curl_easy *data, const char *domain, const char *path, bool secure); -struct Cookie *Curl_cookie_getlist(struct Curl_easy *data, - struct CookieInfo *c, const char *host, - const char *path, bool secure); -void Curl_cookie_freelist(struct Cookie *cookies); +int Curl_cookie_getlist(struct Curl_easy *data, + struct CookieInfo *c, const char *host, + const char *path, bool secure, + struct Curl_llist *list); void Curl_cookie_clearall(struct CookieInfo *cookies); void Curl_cookie_clearsess(struct CookieInfo *cookies); diff --git a/libraries/libcurl/curl_addrinfo.c b/libraries/libcurl/curl_addrinfo.c index d290d7da..a08caf33 100644 --- a/libraries/libcurl/curl_addrinfo.c +++ b/libraries/libcurl/curl_addrinfo.c @@ -252,6 +252,7 @@ Curl_getaddrinfo_ex(const char *nodename, * #define h_addr h_addr_list[0] */ +#if !(defined(HAVE_GETADDRINFO) && defined(HAVE_GETADDRINFO_THREADSAFE)) struct Curl_addrinfo * Curl_he2ai(const struct hostent *he, int port) { @@ -350,19 +351,7 @@ Curl_he2ai(const struct hostent *he, int port) return firstai; } - - -struct namebuff { - struct hostent hostentry; - union { - struct in_addr ina4; -#ifdef USE_IPV6 - struct in6_addr ina6; #endif - } addrentry; - char *h_addr_list[2]; -}; - /* * Curl_ip2addr() @@ -377,71 +366,68 @@ struct Curl_addrinfo * Curl_ip2addr(int af, const void *inaddr, const char *hostname, int port) { struct Curl_addrinfo *ai; - -#if defined(__VMS) && \ - defined(__INITIAL_POINTER_SIZE) && (__INITIAL_POINTER_SIZE == 64) -#pragma pointer_size save -#pragma pointer_size short -#pragma message disable PTRMISMATCH -#endif - - struct hostent *h; - struct namebuff *buf; - char *addrentry; - char *hoststr; size_t addrsize; + size_t namelen; + struct sockaddr_in *addr; +#ifdef USE_IPV6 + struct sockaddr_in6 *addr6; +#endif DEBUGASSERT(inaddr && hostname); - buf = malloc(sizeof(struct namebuff)); - if(!buf) + namelen = strlen(hostname) + 1; + + if(af == AF_INET) + addrsize = sizeof(struct sockaddr_in); +#ifdef USE_IPV6 + else if(af == AF_INET6) + addrsize = sizeof(struct sockaddr_in6); +#endif + else return NULL; - hoststr = strdup(hostname); - if(!hoststr) { - free(buf); + /* allocate memory to hold the struct, the address and the name */ + ai = calloc(1, sizeof(struct Curl_addrinfo) + addrsize + namelen); + if(!ai) return NULL; - } + /* put the address after the struct */ + ai->ai_addr = (void *)((char *)ai + sizeof(struct Curl_addrinfo)); + /* then put the name after the address */ + ai->ai_canonname = (char *)ai->ai_addr + addrsize; + memcpy(ai->ai_canonname, hostname, namelen); + ai->ai_family = af; + ai->ai_socktype = SOCK_STREAM; + ai->ai_addrlen = (curl_socklen_t)addrsize; + /* leave the rest of the struct filled with zero */ switch(af) { case AF_INET: - addrsize = sizeof(struct in_addr); - addrentry = (void *)&buf->addrentry.ina4; - memcpy(addrentry, inaddr, sizeof(struct in_addr)); + addr = (void *)ai->ai_addr; /* storage area for this info */ + + memcpy(&addr->sin_addr, inaddr, sizeof(struct in_addr)); +#ifdef __MINGW32__ + addr->sin_family = (short)af; +#else + addr->sin_family = (CURL_SA_FAMILY_T)af; +#endif + addr->sin_port = htons((unsigned short)port); break; + #ifdef USE_IPV6 case AF_INET6: - addrsize = sizeof(struct in6_addr); - addrentry = (void *)&buf->addrentry.ina6; - memcpy(addrentry, inaddr, sizeof(struct in6_addr)); + addr6 = (void *)ai->ai_addr; /* storage area for this info */ + + memcpy(&addr6->sin6_addr, inaddr, sizeof(struct in6_addr)); +#ifdef __MINGW32__ + addr6->sin6_family = (short)af; +#else + addr6->sin6_family = (CURL_SA_FAMILY_T)af; +#endif + addr6->sin6_port = htons((unsigned short)port); break; #endif - default: - free(hoststr); - free(buf); - return NULL; } - h = &buf->hostentry; - h->h_name = hoststr; - h->h_aliases = NULL; - h->h_addrtype = (short)af; - h->h_length = (short)addrsize; - h->h_addr_list = &buf->h_addr_list[0]; - h->h_addr_list[0] = addrentry; - h->h_addr_list[1] = NULL; /* terminate list of entries */ - -#if defined(__VMS) && \ - defined(__INITIAL_POINTER_SIZE) && (__INITIAL_POINTER_SIZE == 64) -#pragma pointer_size restore -#pragma message enable PTRMISMATCH -#endif - - ai = Curl_he2ai(h, port); - - free(hoststr); - free(buf); - return ai; } @@ -571,7 +557,7 @@ curl_dbg_getaddrinfo(const char *hostname, #if defined(HAVE_GETADDRINFO) && defined(USE_RESOLVE_ON_IPS) /* - * Work-arounds the sin6_port is always zero bug on iOS 9.3.2 and Mac OS X + * Work-arounds the sin6_port is always zero bug on iOS 9.3.2 and macOS * 10.11.5. */ void Curl_addrinfo_set_port(struct Curl_addrinfo *addrinfo, int port) diff --git a/libraries/libcurl/curl_addrinfo.h b/libraries/libcurl/curl_addrinfo.h index 9ceac997..2303e95e 100644 --- a/libraries/libcurl/curl_addrinfo.h +++ b/libraries/libcurl/curl_addrinfo.h @@ -71,8 +71,10 @@ Curl_getaddrinfo_ex(const char *nodename, struct Curl_addrinfo **result); #endif +#if !(defined(HAVE_GETADDRINFO) && defined(HAVE_GETADDRINFO_THREADSAFE)) struct Curl_addrinfo * Curl_he2ai(const struct hostent *he, int port); +#endif struct Curl_addrinfo * Curl_ip2addr(int af, const void *inaddr, const char *hostname, int port); diff --git a/libraries/libcurl/curl_des.c b/libraries/libcurl/curl_des.c index 9662ba39..15836f58 100644 --- a/libraries/libcurl/curl_des.c +++ b/libraries/libcurl/curl_des.c @@ -24,10 +24,10 @@ #include "curl_setup.h" -#if defined(USE_CURL_NTLM_CORE) && !defined(USE_WOLFSSL) && \ - (defined(USE_GNUTLS) || \ - defined(USE_SECTRANSP) || \ - defined(USE_OS400CRYPTO) || \ +#if defined(USE_CURL_NTLM_CORE) && \ + (defined(USE_GNUTLS) || \ + defined(USE_SECTRANSP) || \ + defined(USE_OS400CRYPTO) || \ defined(USE_WIN32_CRYPTO)) #include "curl_des.h" diff --git a/libraries/libcurl/curl_des.h b/libraries/libcurl/curl_des.h index 66525ab4..2dd498da 100644 --- a/libraries/libcurl/curl_des.h +++ b/libraries/libcurl/curl_des.h @@ -26,10 +26,10 @@ #include "curl_setup.h" -#if defined(USE_CURL_NTLM_CORE) && !defined(USE_WOLFSSL) && \ - (defined(USE_GNUTLS) || \ - defined(USE_SECTRANSP) || \ - defined(USE_OS400CRYPTO) || \ +#if defined(USE_CURL_NTLM_CORE) && \ + (defined(USE_GNUTLS) || \ + defined(USE_SECTRANSP) || \ + defined(USE_OS400CRYPTO) || \ defined(USE_WIN32_CRYPTO)) /* Applies odd parity to the given byte array */ diff --git a/libraries/libcurl/curl_fnmatch.c b/libraries/libcurl/curl_fnmatch.c index ab848e8f..ffac8048 100644 --- a/libraries/libcurl/curl_fnmatch.c +++ b/libraries/libcurl/curl_fnmatch.c @@ -161,7 +161,7 @@ static void setcharorrange(unsigned char **pp, unsigned char *charset) } } -/* returns 1 (true) if pattern is OK, 0 if is bad ("p" is pattern pointer) */ +/* returns 1 (TRUE) if pattern is OK, 0 if is bad ("p" is pattern pointer) */ static int setcharset(unsigned char **p, unsigned char *charset) { setcharset_state state = CURLFNM_SCHS_DEFAULT; @@ -293,7 +293,7 @@ static int loop(const unsigned char *pattern, const unsigned char *string, p++; break; case '\0': - return *s? CURL_FNMATCH_NOMATCH: CURL_FNMATCH_MATCH; + return *s ? CURL_FNMATCH_NOMATCH : CURL_FNMATCH_MATCH; case '\\': if(p[1]) p++; @@ -303,7 +303,7 @@ static int loop(const unsigned char *pattern, const unsigned char *string, case '[': pp = p + 1; /* Copy in case of syntax error in set. */ if(setcharset(&pp, charset)) { - int found = FALSE; + bool found = FALSE; if(!*s) return CURL_FNMATCH_NOMATCH; if(charset[(unsigned int)*s]) diff --git a/libraries/libcurl/curl_fnmatch.h b/libraries/libcurl/curl_fnmatch.h index 595646ff..b8c2a435 100644 --- a/libraries/libcurl/curl_fnmatch.h +++ b/libraries/libcurl/curl_fnmatch.h @@ -31,7 +31,7 @@ /* default pattern matching function * ================================= * Implemented with recursive backtracking, if you want to use Curl_fnmatch, - * please note that there is not implemented UTF/UNICODE support. + * please note that there is not implemented UTF/Unicode support. * * Implemented features: * '?' notation, does not match UTF characters diff --git a/libraries/libcurl/curl_gethostname.c b/libraries/libcurl/curl_gethostname.c index cd111231..617a8ad5 100644 --- a/libraries/libcurl/curl_gethostname.c +++ b/libraries/libcurl/curl_gethostname.c @@ -39,15 +39,6 @@ * * Note: The function always returns the un-qualified hostname rather * than being provider dependent. - * - * For libcurl shared library release builds the test suite preloads - * another shared library named libhostname using the LD_PRELOAD - * mechanism which intercepts, and might override, the gethostname() - * function call. In this case a given platform must support the - * LD_PRELOAD mechanism and additionally have environment variable - * CURL_GETHOSTNAME set in order to override the returned hostname. - * - * For libcurl static library release builds no overriding takes place. */ int Curl_gethostname(char * const name, GETHOSTNAME_TYPE_ARG2 namelen) @@ -68,7 +59,10 @@ int Curl_gethostname(char * const name, GETHOSTNAME_TYPE_ARG2 namelen) /* Override hostname when environment variable CURL_GETHOSTNAME is set */ const char *force_hostname = getenv("CURL_GETHOSTNAME"); if(force_hostname) { - strncpy(name, force_hostname, namelen - 1); + if(strlen(force_hostname) < (size_t)namelen) + strcpy(name, force_hostname); + else + return 1; /* can't do it */ err = 0; } else { @@ -78,9 +72,6 @@ int Curl_gethostname(char * const name, GETHOSTNAME_TYPE_ARG2 namelen) #else /* DEBUGBUILD */ - /* The call to system's gethostname() might get intercepted by the - libhostname library when libcurl is built as a non-debug shared - library when running the test suite. */ name[0] = '\0'; err = gethostname(name, namelen); diff --git a/libraries/libcurl/curl_gssapi.c b/libraries/libcurl/curl_gssapi.c index c6fe1256..b7e774ce 100644 --- a/libraries/libcurl/curl_gssapi.c +++ b/libraries/libcurl/curl_gssapi.c @@ -35,7 +35,7 @@ #include "memdebug.h" #if defined(__GNUC__) -#define CURL_ALIGN8 __attribute__ ((aligned(8))) +#define CURL_ALIGN8 __attribute__((aligned(8))) #else #define CURL_ALIGN8 #endif diff --git a/libraries/libcurl/curl_hmac.h b/libraries/libcurl/curl_hmac.h index 7a5387a9..ed5035ca 100644 --- a/libraries/libcurl/curl_hmac.h +++ b/libraries/libcurl/curl_hmac.h @@ -32,30 +32,28 @@ #define HMAC_MD5_LENGTH 16 -typedef CURLcode (* HMAC_hinit_func)(void *context); -typedef void (* HMAC_hupdate_func)(void *context, - const unsigned char *data, - unsigned int len); -typedef void (* HMAC_hfinal_func)(unsigned char *result, void *context); - +typedef CURLcode (*HMAC_hinit)(void *context); +typedef void (*HMAC_hupdate)(void *context, + const unsigned char *data, + unsigned int len); +typedef void (*HMAC_hfinal)(unsigned char *result, void *context); /* Per-hash function HMAC parameters. */ struct HMAC_params { - HMAC_hinit_func - hmac_hinit; /* Initialize context procedure. */ - HMAC_hupdate_func hmac_hupdate; /* Update context with data. */ - HMAC_hfinal_func hmac_hfinal; /* Get final result procedure. */ - unsigned int hmac_ctxtsize; /* Context structure size. */ - unsigned int hmac_maxkeylen; /* Maximum key length (bytes). */ - unsigned int hmac_resultlen; /* Result length (bytes). */ + HMAC_hinit hinit; /* Initialize context procedure. */ + HMAC_hupdate hupdate; /* Update context with data. */ + HMAC_hfinal hfinal; /* Get final result procedure. */ + unsigned int ctxtsize; /* Context structure size. */ + unsigned int maxkeylen; /* Maximum key length (bytes). */ + unsigned int resultlen; /* Result length (bytes). */ }; /* HMAC computation context. */ struct HMAC_context { - const struct HMAC_params *hmac_hash; /* Hash function definition. */ - void *hmac_hashctxt1; /* Hash function context 1. */ - void *hmac_hashctxt2; /* Hash function context 2. */ + const struct HMAC_params *hash; /* Hash function definition. */ + void *hashctxt1; /* Hash function context 1. */ + void *hashctxt2; /* Hash function context 2. */ }; diff --git a/libraries/libcurl/curl_md5.h b/libraries/libcurl/curl_md5.h index 61671c30..ec27503b 100644 --- a/libraries/libcurl/curl_md5.h +++ b/libraries/libcurl/curl_md5.h @@ -31,11 +31,11 @@ #define MD5_DIGEST_LEN 16 -typedef CURLcode (* Curl_MD5_init_func)(void *context); -typedef void (* Curl_MD5_update_func)(void *context, - const unsigned char *data, - unsigned int len); -typedef void (* Curl_MD5_final_func)(unsigned char *result, void *context); +typedef CURLcode (*Curl_MD5_init_func)(void *context); +typedef void (*Curl_MD5_update_func)(void *context, + const unsigned char *data, + unsigned int len); +typedef void (*Curl_MD5_final_func)(unsigned char *result, void *context); struct MD5_params { Curl_MD5_init_func md5_init_func; /* Initialize context procedure */ @@ -50,8 +50,8 @@ struct MD5_context { void *md5_hashctx; /* Hash function context */ }; -extern const struct MD5_params Curl_DIGEST_MD5[1]; -extern const struct HMAC_params Curl_HMAC_MD5[1]; +extern const struct MD5_params Curl_DIGEST_MD5; +extern const struct HMAC_params Curl_HMAC_MD5; CURLcode Curl_md5it(unsigned char *output, const unsigned char *input, const size_t len); diff --git a/libraries/libcurl/curl_memory.h b/libraries/libcurl/curl_memory.h index 714ad71c..7f110dab 100644 --- a/libraries/libcurl/curl_memory.h +++ b/libraries/libcurl/curl_memory.h @@ -84,6 +84,7 @@ #undef socketpair #endif +#ifndef CURL_NO_GETADDRINFO_OVERRIDE #ifdef HAVE_GETADDRINFO #if defined(getaddrinfo) && defined(__osf__) #undef ogetaddrinfo @@ -95,6 +96,7 @@ #ifdef HAVE_FREEADDRINFO #undef freeaddrinfo #endif /* HAVE_FREEADDRINFO */ +#endif /* !CURL_NO_GETADDRINFO_OVERRIDE */ /* sclose is probably already defined, redefine it! */ #undef sclose diff --git a/libraries/libcurl/curl_memrchr.c b/libraries/libcurl/curl_memrchr.c index 3f3dc6de..c6d55f10 100644 --- a/libraries/libcurl/curl_memrchr.c +++ b/libraries/libcurl/curl_memrchr.c @@ -33,6 +33,9 @@ #include "memdebug.h" #ifndef HAVE_MEMRCHR +#if (!defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)) || \ + defined(USE_OPENSSL) || \ + defined(USE_SCHANNEL) /* * Curl_memrchr() @@ -61,4 +64,5 @@ Curl_memrchr(const void *s, int c, size_t n) return NULL; } +#endif #endif /* HAVE_MEMRCHR */ diff --git a/libraries/libcurl/curl_memrchr.h b/libraries/libcurl/curl_memrchr.h index 45bb38c6..67a21ef3 100644 --- a/libraries/libcurl/curl_memrchr.h +++ b/libraries/libcurl/curl_memrchr.h @@ -34,11 +34,15 @@ #endif #else /* HAVE_MEMRCHR */ +#if (!defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)) || \ + defined(USE_OPENSSL) || \ + defined(USE_SCHANNEL) void *Curl_memrchr(const void *s, int c, size_t n); #define memrchr(x,y,z) Curl_memrchr((x),(y),(z)) +#endif #endif /* HAVE_MEMRCHR */ #endif /* HEADER_CURL_MEMRCHR_H */ diff --git a/libraries/libcurl/curl_multibyte.h b/libraries/libcurl/curl_multibyte.h index 2d31c28f..dec384e2 100644 --- a/libraries/libcurl/curl_multibyte.h +++ b/libraries/libcurl/curl_multibyte.h @@ -39,12 +39,12 @@ char *curlx_convert_wchar_to_UTF8(const wchar_t *str_w); * Macros curlx_convert_UTF8_to_tchar(), curlx_convert_tchar_to_UTF8() * and curlx_unicodefree() main purpose is to minimize the number of * preprocessor conditional directives needed by code using these - * to differentiate UNICODE from non-UNICODE builds. + * to differentiate Unicode from non-Unicode builds. * - * In the case of a non-UNICODE build the tchar strings are char strings that + * In the case of a non-Unicode build the tchar strings are char strings that * are duplicated via strdup and remain in whatever the passed in encoding is, * which is assumed to be UTF-8 but may be other encoding. Therefore the - * significance of the conversion functions is primarily for UNICODE builds. + * significance of the conversion functions is primarily for Unicode builds. * * Allocated memory should be free'd with curlx_unicodefree(). * diff --git a/libraries/libcurl/curl_ntlm_core.c b/libraries/libcurl/curl_ntlm_core.c index 62628c04..3cc885e0 100644 --- a/libraries/libcurl/curl_ntlm_core.c +++ b/libraries/libcurl/curl_ntlm_core.c @@ -57,9 +57,14 @@ #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) #define USE_OPENSSL_DES #endif +#elif defined(USE_WOLFSSL) + #include + #if !defined(NO_DES3) + #define USE_OPENSSL_DES + #endif #endif -#if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) +#if defined(USE_OPENSSL_DES) #if defined(USE_OPENSSL) # include @@ -67,7 +72,6 @@ # include # include #else -# include # include # include # include @@ -148,7 +152,7 @@ static void extend_key_56_to_64(const unsigned char *key_56, char *key) } #endif -#if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) +#if defined(USE_OPENSSL_DES) /* * Turns a 56-bit key into a 64-bit, odd parity key and sets the key. The * key schedule ks is also set. @@ -313,7 +317,7 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys, const unsigned char *plaintext, unsigned char *results) { -#if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) +#if defined(USE_OPENSSL_DES) DES_key_schedule ks; setup_des_key(keys, DESKEY(ks)); @@ -367,7 +371,7 @@ CURLcode Curl_ntlm_core_mk_lm_hash(const char *password, { /* Create LanManager hashed password. */ -#if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) +#if defined(USE_OPENSSL_DES) DES_key_schedule ks; setup_des_key(pw, DESKEY(ks)); @@ -479,7 +483,7 @@ static void time2filetime(struct ms_filetime *ft, time_t t) 134774 days = 11644473600 seconds = 0x2B6109100 */ r = ft->dwLowDateTime; ft->dwLowDateTime = (ft->dwLowDateTime + 0xB6109100U) & 0xFFFFFFFF; - ft->dwHighDateTime += ft->dwLowDateTime < r? 0x03: 0x02; + ft->dwHighDateTime += ft->dwLowDateTime < r ? 0x03 : 0x02; /* Convert to tenths of microseconds. */ ft->dwHighDateTime *= 10000000; @@ -524,7 +528,7 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen, ascii_uppercase_to_unicode_le(identity, user, userlen); ascii_to_unicode_le(identity + (userlen << 1), domain, domlen); - result = Curl_hmacit(Curl_HMAC_MD5, ntlmhash, 16, identity, identity_len, + result = Curl_hmacit(&Curl_HMAC_MD5, ntlmhash, 16, identity, identity_len, ntlmv2hash); free(identity); @@ -534,13 +538,13 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen, /* * Curl_ntlm_core_mk_ntlmv2_resp() * - * This creates the NTLMv2 response as set in the ntlm type-3 message. + * This creates the NTLMv2 response as set in the NTLM type-3 message. * * Parameters: * - * ntlmv2hash [in] - The ntlmv2 hash (16 bytes) + * ntlmv2hash [in] - The NTLMv2 hash (16 bytes) * challenge_client [in] - The client nonce (8 bytes) - * ntlm [in] - The ntlm data struct being used to read TargetInfo + * ntlm [in] - The NTLM data struct being used to read TargetInfo and Server challenge received in the type-2 message * ntresp [out] - The address where a pointer to newly allocated * memory holding the NTLMv2 response. @@ -609,7 +613,7 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash, /* Concatenate the Type 2 challenge with the BLOB and do HMAC MD5 */ memcpy(ptr + 8, &ntlm->nonce[0], 8); - result = Curl_hmacit(Curl_HMAC_MD5, ntlmv2hash, HMAC_MD5_LENGTH, ptr + 8, + result = Curl_hmacit(&Curl_HMAC_MD5, ntlmv2hash, HMAC_MD5_LENGTH, ptr + 8, NTLMv2_BLOB_LEN + 8, hmac_output); if(result) { free(ptr); @@ -629,11 +633,11 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash, /* * Curl_ntlm_core_mk_lmv2_resp() * - * This creates the LMv2 response as used in the ntlm type-3 message. + * This creates the LMv2 response as used in the NTLM type-3 message. * * Parameters: * - * ntlmv2hash [in] - The ntlmv2 hash (16 bytes) + * ntlmv2hash [in] - The NTLMv2 hash (16 bytes) * challenge_client [in] - The client nonce (8 bytes) * challenge_client [in] - The server challenge (8 bytes) * lmresp [out] - The LMv2 response (24 bytes) @@ -652,12 +656,12 @@ CURLcode Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash, memcpy(&data[0], challenge_server, 8); memcpy(&data[8], challenge_client, 8); - result = Curl_hmacit(Curl_HMAC_MD5, ntlmv2hash, 16, &data[0], 16, + result = Curl_hmacit(&Curl_HMAC_MD5, ntlmv2hash, 16, &data[0], 16, hmac_output); if(result) return result; - /* Concatenate the HMAC MD5 output with the client nonce */ + /* Concatenate the HMAC MD5 output with the client nonce */ memcpy(lmresp, hmac_output, 16); memcpy(lmresp + 16, challenge_client, 8); diff --git a/libraries/libcurl/curl_printf.h b/libraries/libcurl/curl_printf.h index c2457d2a..e851b14a 100644 --- a/libraries/libcurl/curl_printf.h +++ b/libraries/libcurl/curl_printf.h @@ -29,6 +29,10 @@ * *rintf() functions. */ +#ifndef CURL_TEMP_PRINTF +#error "CURL_TEMP_PRINTF must be set before including curl/mprintf.h" +#endif + #include #define MERR_OK 0 @@ -40,7 +44,6 @@ # undef msnprintf # undef vprintf # undef vfprintf -# undef vsnprintf # undef mvsnprintf # undef aprintf # undef vaprintf diff --git a/libraries/libcurl/curl_range.c b/libraries/libcurl/curl_range.c index d499953c..49fb5f07 100644 --- a/libraries/libcurl/curl_range.c +++ b/libraries/libcurl/curl_range.c @@ -55,15 +55,13 @@ CURLcode Curl_range(struct Curl_easy *data) if((to_t == CURL_OFFT_INVAL) && !from_t) { /* X - */ data->state.resume_from = from; - DEBUGF(infof(data, "RANGE %" CURL_FORMAT_CURL_OFF_T " to end of file", - from)); + DEBUGF(infof(data, "RANGE %" FMT_OFF_T " to end of file", from)); } else if((from_t == CURL_OFFT_INVAL) && !to_t) { /* -Y */ data->req.maxdownload = to; data->state.resume_from = -to; - DEBUGF(infof(data, "RANGE the last %" CURL_FORMAT_CURL_OFF_T " bytes", - to)); + DEBUGF(infof(data, "RANGE the last %" FMT_OFF_T " bytes", to)); } else { /* X-Y */ @@ -79,13 +77,12 @@ CURLcode Curl_range(struct Curl_easy *data) data->req.maxdownload = totalsize + 1; /* include last byte */ data->state.resume_from = from; - DEBUGF(infof(data, "RANGE from %" CURL_FORMAT_CURL_OFF_T - " getting %" CURL_FORMAT_CURL_OFF_T " bytes", + DEBUGF(infof(data, "RANGE from %" FMT_OFF_T + " getting %" FMT_OFF_T " bytes", from, data->req.maxdownload)); } - DEBUGF(infof(data, "range-download from %" CURL_FORMAT_CURL_OFF_T - " to %" CURL_FORMAT_CURL_OFF_T ", totally %" - CURL_FORMAT_CURL_OFF_T " bytes", + DEBUGF(infof(data, "range-download from %" FMT_OFF_T + " to %" FMT_OFF_T ", totally %" FMT_OFF_T " bytes", from, to, data->req.maxdownload)); } else diff --git a/libraries/libcurl/curl_rtmp.c b/libraries/libcurl/curl_rtmp.c index 54d4f979..59fcc4e1 100644 --- a/libraries/libcurl/curl_rtmp.c +++ b/libraries/libcurl/curl_rtmp.c @@ -255,7 +255,7 @@ static CURLcode rtmp_connect(struct Curl_easy *data, bool *done) return CURLE_FAILED_INIT; /* Clients must send a periodic BytesReceived report to the server */ - r->m_bSendCounter = true; + r->m_bSendCounter = TRUE; *done = TRUE; conn->recv[FIRSTSOCKET] = rtmp_recv; @@ -329,13 +329,14 @@ static ssize_t rtmp_recv(struct Curl_easy *data, int sockindex, char *buf, } static ssize_t rtmp_send(struct Curl_easy *data, int sockindex, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, CURLcode *err) { struct connectdata *conn = data->conn; RTMP *r = conn->proto.rtmp; ssize_t num; (void)sockindex; /* unused */ + (void)eos; /* unused */ num = RTMP_Write(r, (char *)buf, curlx_uztosi(len)); if(num < 0) diff --git a/libraries/libcurl/curl_setup.h b/libraries/libcurl/curl_setup.h index c8dba5e2..cfab1408 100644 --- a/libraries/libcurl/curl_setup.h +++ b/libraries/libcurl/curl_setup.h @@ -28,9 +28,12 @@ #define CURL_NO_OLDIES #endif +/* Tell "curl/curl.h" not to include "curl/mprintf.h" */ +#define CURL_SKIP_INCLUDE_MPRINTF + /* FIXME: Delete this once the warnings have been fixed. */ #if !defined(CURL_WARN_SIGN_CONVERSION) -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__clang__) #pragma GCC diagnostic ignored "-Wsign-conversion" #endif #endif @@ -42,8 +45,8 @@ /* Workaround for Homebrew gcc 12.4.0, 13.3.0, 14.1.0 and newer (as of 14.1.0) that started advertising the `availability` attribute, which then gets used - by Apple SDK, but, in a way incompatible with gcc, resulting in a misc - errors inside SDK headers, e.g.: + by Apple SDK, but, in a way incompatible with gcc, resulting in misc errors + inside SDK headers, e.g.: error: attributes should be specified before the declarator in a function definition error: expected ',' or '}' before @@ -106,7 +109,7 @@ # include # if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \ !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) -# define CURL_WINDOWS_APP +# define CURL_WINDOWS_UWP # endif # endif #endif @@ -205,6 +208,11 @@ /* please, do it beyond the point further indicated in this file. */ /* ================================================================ */ +/* Give calloc a chance to be dragging in early, so we do not redefine */ +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) +# include +#endif + /* * Disable other protocols when http is the only one desired. */ @@ -319,7 +327,7 @@ /* curl uses its own printf() function internally. It understands the GNU * format. Use this format, so that is matches the GNU format attribute we - * use with the mingw compiler, allowing it to verify them at compile-time. + * use with the MinGW compiler, allowing it to verify them at compile-time. */ #ifdef __MINGW32__ # undef CURL_FORMAT_CURL_OFF_T @@ -345,6 +353,9 @@ #define CURL_PRINTF(fmt, arg) #endif +/* Override default printf mask check rules in "curl/mprintf.h" */ +#define CURL_TEMP_PRINTF CURL_PRINTF + /* Workaround for mainline llvm v16 and earlier missing a built-in macro expected by macOS SDK v14 / Xcode v15 (2023) and newer. gcc (as of v14) is also missing it. */ @@ -444,7 +455,7 @@ #endif /* - * Large file (>2Gb) support using WIN32 functions. + * Large file (>2Gb) support using Win32 functions. */ #ifdef USE_WIN32_LARGE_FILES @@ -467,7 +478,7 @@ #endif /* - * Small file (<2Gb) support using WIN32 functions. + * Small file (<2Gb) support using Win32 functions. */ #ifdef USE_WIN32_SMALL_FILES @@ -513,11 +524,11 @@ #endif #if SIZEOF_CURL_SOCKET_T < 8 -# define CURL_FORMAT_SOCKET_T "d" +# define FMT_SOCKET_T "d" #elif defined(__MINGW32__) -# define CURL_FORMAT_SOCKET_T "zd" +# define FMT_SOCKET_T "zd" #else -# define CURL_FORMAT_SOCKET_T "qd" +# define FMT_SOCKET_T "qd" #endif /* @@ -565,10 +576,13 @@ # endif # define CURL_UINT64_SUFFIX CURL_SUFFIX_CURL_OFF_TU # define CURL_UINT64_C(val) CURL_CONC_MACROS(val,CURL_UINT64_SUFFIX) -# define CURL_PRId64 CURL_FORMAT_CURL_OFF_T -# define CURL_PRIu64 CURL_FORMAT_CURL_OFF_TU +# define FMT_PRId64 CURL_FORMAT_CURL_OFF_T +# define FMT_PRIu64 CURL_FORMAT_CURL_OFF_TU #endif +#define FMT_OFF_T CURL_FORMAT_CURL_OFF_T +#define FMT_OFF_TU CURL_FORMAT_CURL_OFF_TU + #if (SIZEOF_TIME_T == 4) # ifdef HAVE_TIME_T_UNSIGNED # define TIME_T_MAX UINT_MAX @@ -715,6 +729,11 @@ #define USE_SSL /* SSL support has been enabled */ #endif +#if defined(USE_WOLFSSL) && defined(USE_GNUTLS) +/* Avoid defining unprefixed wolfSSL SHA macros colliding with nettle ones */ +#define NO_OLD_WC_NAMES +#endif + /* Single point where USE_SPNEGO definition might be defined */ #if !defined(CURL_DISABLE_NEGOTIATE_AUTH) && \ (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)) @@ -816,7 +835,7 @@ #if defined(__LWIP_OPT_H__) || defined(LWIP_HDR_OPT_H) # if defined(SOCKET) || defined(USE_WINSOCK) -# error "WinSock and lwIP TCP/IP stack definitions shall not coexist!" +# error "Winsock and lwIP TCP/IP stack definitions shall not coexist!" # endif #endif @@ -854,7 +873,7 @@ Therefore we specify it explicitly. https://github.com/curl/curl/pull/258 #define FOPEN_WRITETEXT "wt" #define FOPEN_APPENDTEXT "at" #elif defined(__CYGWIN__) -/* Cygwin has specific behavior we need to address when WIN32 is not defined. +/* Cygwin has specific behavior we need to address when _WIN32 is not defined. https://cygwin.com/cygwin-ug-net/using-textbinary.html For write we want our output to have line endings of LF and be compatible with other Cygwin utilities. For read we want to handle input that may have line diff --git a/libraries/libcurl/curl_sha256.h b/libraries/libcurl/curl_sha256.h index d99f958f..00e5b74c 100644 --- a/libraries/libcurl/curl_sha256.h +++ b/libraries/libcurl/curl_sha256.h @@ -31,15 +31,10 @@ #include #include "curl_hmac.h" -extern const struct HMAC_params Curl_HMAC_SHA256[1]; +extern const struct HMAC_params Curl_HMAC_SHA256; -#ifdef USE_WOLFSSL -/* SHA256_DIGEST_LENGTH is an enum value in wolfSSL. Need to import it from - * sha.h */ -#include -#include -#else -#define SHA256_DIGEST_LENGTH 32 +#ifndef CURL_SHA256_DIGEST_LENGTH +#define CURL_SHA256_DIGEST_LENGTH 32 /* fixed size */ #endif CURLcode Curl_sha256it(unsigned char *outbuffer, const unsigned char *input, diff --git a/libraries/libcurl/curl_sha512_256.c b/libraries/libcurl/curl_sha512_256.c index e3533d8f..80fd8cf1 100644 --- a/libraries/libcurl/curl_sha512_256.c +++ b/libraries/libcurl/curl_sha512_256.c @@ -34,10 +34,10 @@ * * GnuTLS * * wolfSSL * * Schannel SSPI - * * SecureTransport (Darwin) + * * Secure Transport (Darwin) * * mbedTLS * * BearSSL - * * rustls + * * Rustls * Skip the backend if it does not support the required algorithm */ #if defined(USE_OPENSSL) @@ -93,13 +93,13 @@ /** * Size of the SHA-512/256 single processing block in bytes. */ -#define SHA512_256_BLOCK_SIZE 128 +#define CURL_SHA512_256_BLOCK_SIZE 128 /** * Size of the SHA-512/256 resulting digest in bytes. * This is the final digest size, not intermediate hash. */ -#define SHA512_256_DIGEST_SIZE SHA512_256_DIGEST_LENGTH +#define CURL_SHA512_256_DIGEST_SIZE CURL_SHA512_256_DIGEST_LENGTH /** * Context type used for SHA-512/256 calculations @@ -124,9 +124,9 @@ Curl_sha512_256_init(void *context) if(EVP_DigestInit_ex(*ctx, EVP_sha512_256(), NULL)) { /* Check whether the header and this file use the same numbers */ - DEBUGASSERT(EVP_MD_CTX_size(*ctx) == SHA512_256_DIGEST_SIZE); + DEBUGASSERT(EVP_MD_CTX_size(*ctx) == CURL_SHA512_256_DIGEST_SIZE); /* Check whether the block size is correct */ - DEBUGASSERT(EVP_MD_CTX_block_size(*ctx) == SHA512_256_BLOCK_SIZE); + DEBUGASSERT(EVP_MD_CTX_block_size(*ctx) == CURL_SHA512_256_BLOCK_SIZE); return CURLE_OK; /* Success */ } @@ -163,7 +163,8 @@ Curl_sha512_256_update(void *context, * Finalise SHA-512/256 calculation, return digest. * * @param context the calculation context - * @param[out] digest set to the hash, must be #SHA512_256_DIGEST_SIZE bytes + * @param[out] digest set to the hash, must be #CURL_SHA512_256_DIGEST_SIZE + # bytes * @return CURLE_OK if succeed, * error code otherwise */ @@ -177,11 +178,11 @@ Curl_sha512_256_finish(unsigned char *digest, #ifdef NEED_NETBSD_SHA512_256_WORKAROUND /* Use a larger buffer to work around a bug in NetBSD: https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=58039 */ - unsigned char tmp_digest[SHA512_256_DIGEST_SIZE * 2]; + unsigned char tmp_digest[CURL_SHA512_256_DIGEST_SIZE * 2]; ret = EVP_DigestFinal_ex(*ctx, tmp_digest, NULL) ? CURLE_OK : CURLE_SSL_CIPHER; if(ret == CURLE_OK) - memcpy(digest, tmp_digest, SHA512_256_DIGEST_SIZE); + memcpy(digest, tmp_digest, CURL_SHA512_256_DIGEST_SIZE); explicit_memset(tmp_digest, 0, sizeof(tmp_digest)); #else /* ! NEED_NETBSD_SHA512_256_WORKAROUND */ ret = EVP_DigestFinal_ex(*ctx, digest, NULL) ? CURLE_OK : CURLE_SSL_CIPHER; @@ -195,6 +196,9 @@ Curl_sha512_256_finish(unsigned char *digest, #elif defined(USE_GNUTLS_SHA512_256) +#define CURL_SHA512_256_BLOCK_SIZE SHA512_256_BLOCK_SIZE +#define CURL_SHA512_256_DIGEST_SIZE SHA512_256_DIGEST_SIZE + /** * Context type used for SHA-512/256 calculations */ @@ -212,7 +216,7 @@ Curl_sha512_256_init(void *context) Curl_sha512_256_ctx *const ctx = (Curl_sha512_256_ctx *)context; /* Check whether the header and this file use the same numbers */ - DEBUGASSERT(SHA512_256_DIGEST_LENGTH == SHA512_256_DIGEST_SIZE); + DEBUGASSERT(CURL_SHA512_256_DIGEST_LENGTH == CURL_SHA512_256_DIGEST_SIZE); sha512_256_init(ctx); @@ -247,7 +251,8 @@ Curl_sha512_256_update(void *context, * Finalise SHA-512/256 calculation, return digest. * * @param context the calculation context - * @param[out] digest set to the hash, must be #SHA512_256_DIGEST_SIZE bytes + * @param[out] digest set to the hash, must be #CURL_SHA512_256_DIGEST_SIZE + # bytes * @return always CURLE_OK */ static CURLcode @@ -256,7 +261,8 @@ Curl_sha512_256_finish(unsigned char *digest, { Curl_sha512_256_ctx *const ctx = (Curl_sha512_256_ctx *)context; - sha512_256_digest(ctx, (size_t)SHA512_256_DIGEST_SIZE, (uint8_t *)digest); + sha512_256_digest(ctx, + (size_t)CURL_SHA512_256_DIGEST_SIZE, (uint8_t *)digest); return CURLE_OK; } @@ -360,7 +366,7 @@ MHDx_rotr64(curl_uint64_t value, unsigned int bits) * Size of the SHA-512/256 resulting digest in bytes * This is the final digest size, not intermediate hash. */ -#define SHA512_256_DIGEST_SIZE \ +#define CURL_SHA512_256_DIGEST_SIZE \ (SHA512_256_DIGEST_SIZE_WORDS * SHA512_256_BYTES_IN_WORD) /** @@ -371,7 +377,7 @@ MHDx_rotr64(curl_uint64_t value, unsigned int bits) /** * Size of the SHA-512/256 single processing block in bytes. */ -#define SHA512_256_BLOCK_SIZE (SHA512_256_BLOCK_SIZE_BITS / 8) +#define CURL_SHA512_256_BLOCK_SIZE (SHA512_256_BLOCK_SIZE_BITS / 8) /** * Size of the SHA-512/256 single processing block in words. @@ -425,7 +431,7 @@ MHDx_sha512_256_init(void *context) struct mhdx_sha512_256ctx *const ctx = (struct mhdx_sha512_256ctx *) context; /* Check whether the header and this file use the same numbers */ - DEBUGASSERT(SHA512_256_DIGEST_LENGTH == SHA512_256_DIGEST_SIZE); + DEBUGASSERT(CURL_SHA512_256_DIGEST_LENGTH == CURL_SHA512_256_DIGEST_SIZE); DEBUGASSERT(sizeof(curl_uint64_t) == 8); @@ -453,7 +459,7 @@ MHDx_sha512_256_init(void *context) * Base of the SHA-512/256 transformation. * Gets a full 128 bytes block of data and updates hash values; * @param H hash values - * @param data the data buffer with #SHA512_256_BLOCK_SIZE bytes block + * @param data the data buffer with #CURL_SHA512_256_BLOCK_SIZE bytes block */ static void MHDx_sha512_256_transform(curl_uint64_t H[SHA512_256_HASH_SIZE_WORDS], @@ -636,9 +642,9 @@ MHDx_sha512_256_update(void *context, if(0 == length) return CURLE_OK; /* Shortcut, do nothing */ - /* Note: (count & (SHA512_256_BLOCK_SIZE-1)) - equals (count % SHA512_256_BLOCK_SIZE) for this block size. */ - bytes_have = (unsigned int) (ctx->count & (SHA512_256_BLOCK_SIZE - 1)); + /* Note: (count & (CURL_SHA512_256_BLOCK_SIZE-1)) + equals (count % CURL_SHA512_256_BLOCK_SIZE) for this block size. */ + bytes_have = (unsigned int) (ctx->count & (CURL_SHA512_256_BLOCK_SIZE - 1)); ctx->count += length; if(length > ctx->count) ctx->count_bits_hi += 1U << 3; /* Value wrap */ @@ -646,7 +652,7 @@ MHDx_sha512_256_update(void *context, ctx->count &= CURL_UINT64_C(0x1FFFFFFFFFFFFFFF); if(0 != bytes_have) { - unsigned int bytes_left = SHA512_256_BLOCK_SIZE - bytes_have; + unsigned int bytes_left = CURL_SHA512_256_BLOCK_SIZE - bytes_have; if(length >= bytes_left) { /* Combine new data with data in the buffer and process the full block. */ @@ -660,12 +666,12 @@ MHDx_sha512_256_update(void *context, } } - while(SHA512_256_BLOCK_SIZE <= length) { + while(CURL_SHA512_256_BLOCK_SIZE <= length) { /* Process any full blocks of new data directly, without copying to the buffer. */ MHDx_sha512_256_transform(ctx->H, data); - data += SHA512_256_BLOCK_SIZE; - length -= SHA512_256_BLOCK_SIZE; + data += CURL_SHA512_256_BLOCK_SIZE; + length -= CURL_SHA512_256_BLOCK_SIZE; } if(0 != length) { @@ -694,7 +700,8 @@ MHDx_sha512_256_update(void *context, * Finalise SHA-512/256 calculation, return digest. * * @param context the calculation context - * @param[out] digest set to the hash, must be #SHA512_256_DIGEST_SIZE bytes + * @param[out] digest set to the hash, must be #CURL_SHA512_256_DIGEST_SIZE + # bytes * @return always CURLE_OK */ static CURLcode @@ -712,9 +719,9 @@ MHDx_sha512_256_finish(unsigned char *digest, not change the amount of hashed data. */ num_bits = ctx->count << 3; - /* Note: (count & (SHA512_256_BLOCK_SIZE-1)) - equals (count % SHA512_256_BLOCK_SIZE) for this block size. */ - bytes_have = (unsigned int) (ctx->count & (SHA512_256_BLOCK_SIZE - 1)); + /* Note: (count & (CURL_SHA512_256_BLOCK_SIZE-1)) + equals (count % CURL_SHA512_256_BLOCK_SIZE) for this block size. */ + bytes_have = (unsigned int) (ctx->count & (CURL_SHA512_256_BLOCK_SIZE - 1)); /* Input data must be padded with a single bit "1", then with zeros and the finally the length of data in bits must be added as the final bytes @@ -728,12 +735,12 @@ MHDx_sha512_256_finish(unsigned char *digest, processed when formed). */ ((unsigned char *) ctx_buf)[bytes_have++] = 0x80U; - if(SHA512_256_BLOCK_SIZE - bytes_have < SHA512_256_SIZE_OF_LEN_ADD) { + if(CURL_SHA512_256_BLOCK_SIZE - bytes_have < SHA512_256_SIZE_OF_LEN_ADD) { /* No space in the current block to put the total length of message. Pad the current block with zeros and process it. */ - if(bytes_have < SHA512_256_BLOCK_SIZE) + if(bytes_have < CURL_SHA512_256_BLOCK_SIZE) memset(((unsigned char *) ctx_buf) + bytes_have, 0, - SHA512_256_BLOCK_SIZE - bytes_have); + CURL_SHA512_256_BLOCK_SIZE - bytes_have); /* Process the full block. */ MHDx_sha512_256_transform(ctx->H, ctx->buffer); /* Start the new block. */ @@ -742,17 +749,17 @@ MHDx_sha512_256_finish(unsigned char *digest, /* Pad the rest of the buffer with zeros. */ memset(((unsigned char *) ctx_buf) + bytes_have, 0, - SHA512_256_BLOCK_SIZE - SHA512_256_SIZE_OF_LEN_ADD - bytes_have); + CURL_SHA512_256_BLOCK_SIZE - SHA512_256_SIZE_OF_LEN_ADD - bytes_have); /* Put high part of number of bits in processed message and then lower part of number of bits as big-endian values. See FIPS PUB 180-4 section 5.1.2. */ /* Note: the target location is predefined and buffer is always aligned */ MHDX_PUT_64BIT_BE(((unsigned char *) ctx_buf) \ - + SHA512_256_BLOCK_SIZE \ + + CURL_SHA512_256_BLOCK_SIZE \ - SHA512_256_SIZE_OF_LEN_ADD, \ ctx->count_bits_hi); MHDX_PUT_64BIT_BE(((unsigned char *) ctx_buf) \ - + SHA512_256_BLOCK_SIZE \ + + CURL_SHA512_256_BLOCK_SIZE \ - SHA512_256_SIZE_OF_LEN_ADD \ + SHA512_256_BYTES_IN_WORD, \ num_bits); @@ -841,9 +848,9 @@ const struct HMAC_params Curl_HMAC_SHA512_256[] = { /* Context structure size. */ sizeof(Curl_sha512_256_ctx), /* Maximum key length (bytes). */ - SHA512_256_BLOCK_SIZE, + CURL_SHA512_256_BLOCK_SIZE, /* Result length (bytes). */ - SHA512_256_DIGEST_SIZE + CURL_SHA512_256_DIGEST_SIZE } }; diff --git a/libraries/libcurl/curl_sha512_256.h b/libraries/libcurl/curl_sha512_256.h index 30a9f140..a84e77bc 100644 --- a/libraries/libcurl/curl_sha512_256.h +++ b/libraries/libcurl/curl_sha512_256.h @@ -33,7 +33,7 @@ extern const struct HMAC_params Curl_HMAC_SHA512_256[1]; -#define SHA512_256_DIGEST_LENGTH 32 +#define CURL_SHA512_256_DIGEST_LENGTH 32 CURLcode Curl_sha512_256it(unsigned char *output, const unsigned char *input, diff --git a/libraries/libcurl/curl_sspi.c b/libraries/libcurl/curl_sspi.c index 2c9e38d9..680bb661 100644 --- a/libraries/libcurl/curl_sspi.c +++ b/libraries/libcurl/curl_sspi.c @@ -52,10 +52,10 @@ typedef PSecurityFunctionTable (APIENTRY *INITSECURITYINTERFACE_FN)(VOID); #endif /* Handle of security.dll or secur32.dll, depending on Windows version */ -HMODULE s_hSecDll = NULL; +HMODULE Curl_hSecDll = NULL; /* Pointer to SSPI dispatch table */ -PSecurityFunctionTable s_pSecFn = NULL; +PSecurityFunctionTable Curl_pSecFn = NULL; /* * Curl_sspi_global_init() @@ -79,29 +79,29 @@ CURLcode Curl_sspi_global_init(void) INITSECURITYINTERFACE_FN pInitSecurityInterface; /* If security interface is not yet initialized try to do this */ - if(!s_hSecDll) { + if(!Curl_hSecDll) { /* Security Service Provider Interface (SSPI) functions are located in * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP * have both these DLLs (security.dll forwards calls to secur32.dll) */ /* Load SSPI dll into the address space of the calling process */ if(curlx_verify_windows_version(4, 0, 0, PLATFORM_WINNT, VERSION_EQUAL)) - s_hSecDll = Curl_load_library(TEXT("security.dll")); + Curl_hSecDll = Curl_load_library(TEXT("security.dll")); else - s_hSecDll = Curl_load_library(TEXT("secur32.dll")); - if(!s_hSecDll) + Curl_hSecDll = Curl_load_library(TEXT("secur32.dll")); + if(!Curl_hSecDll) return CURLE_FAILED_INIT; /* Get address of the InitSecurityInterfaceA function from the SSPI dll */ pInitSecurityInterface = CURLX_FUNCTION_CAST(INITSECURITYINTERFACE_FN, - (GetProcAddress(s_hSecDll, SECURITYENTRYPOINT))); + (GetProcAddress(Curl_hSecDll, SECURITYENTRYPOINT))); if(!pInitSecurityInterface) return CURLE_FAILED_INIT; /* Get pointer to Security Service Provider Interface dispatch table */ - s_pSecFn = pInitSecurityInterface(); - if(!s_pSecFn) + Curl_pSecFn = pInitSecurityInterface(); + if(!Curl_pSecFn) return CURLE_FAILED_INIT; } @@ -119,10 +119,10 @@ CURLcode Curl_sspi_global_init(void) */ void Curl_sspi_global_cleanup(void) { - if(s_hSecDll) { - FreeLibrary(s_hSecDll); - s_hSecDll = NULL; - s_pSecFn = NULL; + if(Curl_hSecDll) { + FreeLibrary(Curl_hSecDll); + Curl_hSecDll = NULL; + Curl_pSecFn = NULL; } } diff --git a/libraries/libcurl/curl_sspi.h b/libraries/libcurl/curl_sspi.h index b26c3915..535a1ff6 100644 --- a/libraries/libcurl/curl_sspi.h +++ b/libraries/libcurl/curl_sspi.h @@ -57,8 +57,8 @@ CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp, void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity); /* Forward-declaration of global variables defined in curl_sspi.c */ -extern HMODULE s_hSecDll; -extern PSecurityFunctionTable s_pSecFn; +extern HMODULE Curl_hSecDll; +extern PSecurityFunctionTable Curl_pSecFn; /* Provide some definitions missing in old headers */ #define SP_NAME_DIGEST "WDigest" diff --git a/libraries/libcurl/curl_threads.c b/libraries/libcurl/curl_threads.c index fb4af73d..fbbbf9b2 100644 --- a/libraries/libcurl/curl_threads.c +++ b/libraries/libcurl/curl_threads.c @@ -35,7 +35,9 @@ #endif #include "curl_threads.h" +#ifdef BUILDING_LIBCURL #include "curl_memory.h" +#endif /* The last #include file should be: */ #include "memdebug.h" @@ -101,7 +103,7 @@ int Curl_thread_join(curl_thread_t *hnd) #elif defined(USE_THREADS_WIN32) curl_thread_t Curl_thread_create( -#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) +#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_UWP) DWORD #else unsigned int @@ -109,14 +111,14 @@ curl_thread_t Curl_thread_create( (CURL_STDCALL *func) (void *), void *arg) { -#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) +#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_UWP) typedef HANDLE curl_win_thread_handle_t; #else typedef uintptr_t curl_win_thread_handle_t; #endif curl_thread_t t; curl_win_thread_handle_t thread_handle; -#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) +#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_UWP) thread_handle = CreateThread(NULL, 0, func, arg, 0, NULL); #else thread_handle = _beginthreadex(NULL, 0, func, arg, 0, NULL); diff --git a/libraries/libcurl/curl_threads.h b/libraries/libcurl/curl_threads.h index be22352d..c9f18a4e 100644 --- a/libraries/libcurl/curl_threads.h +++ b/libraries/libcurl/curl_threads.h @@ -53,7 +53,7 @@ #if defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32) curl_thread_t Curl_thread_create( -#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) +#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_UWP) DWORD #else unsigned int diff --git a/libraries/libcurl/curl_trc.c b/libraries/libcurl/curl_trc.c index f017e21a..8f1be07e 100644 --- a/libraries/libcurl/curl_trc.c +++ b/libraries/libcurl/curl_trc.c @@ -53,6 +53,9 @@ #include "curl_memory.h" #include "memdebug.h" +#ifndef ARRAYSIZE +#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) +#endif void Curl_debug(struct Curl_easy *data, curl_infotype type, char *ptr, size_t size) @@ -62,7 +65,7 @@ void Curl_debug(struct Curl_easy *data, curl_infotype type, "* ", "< ", "> ", "{ ", "} ", "{ ", "} " }; if(data->set.fdebug) { bool inCallback = Curl_is_in_callback(data); - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); (void)(*data->set.fdebug)(data, type, ptr, size, data->set.debugdata); Curl_set_in_callback(data, inCallback); } @@ -118,10 +121,16 @@ static void trc_infof(struct Curl_easy *data, struct curl_trc_feat *feat, const char * const fmt, va_list ap) { int len = 0; - char buffer[MAXINFO + 2]; + char buffer[MAXINFO + 5]; if(feat) - len = msnprintf(buffer, MAXINFO, "[%s] ", feat->name); - len += mvsnprintf(buffer + len, MAXINFO - len, fmt, ap); + len = msnprintf(buffer, (MAXINFO + 1), "[%s] ", feat->name); + len += mvsnprintf(buffer + len, (MAXINFO + 1) - len, fmt, ap); + if(len >= MAXINFO) { /* too long, shorten with '...' */ + --len; + buffer[len++] = '.'; + buffer[len++] = '.'; + buffer[len++] = '.'; + } buffer[len++] = '\n'; buffer[len] = '\0'; Curl_debug(data, CURLINFO_TEXT, buffer, len); @@ -212,58 +221,144 @@ void Curl_trc_ftp(struct Curl_easy *data, const char *fmt, ...) } #endif /* !CURL_DISABLE_FTP */ -static struct curl_trc_feat *trc_feats[] = { - &Curl_trc_feat_read, - &Curl_trc_feat_write, +#ifndef CURL_DISABLE_SMTP +struct curl_trc_feat Curl_trc_feat_smtp = { + "SMTP", + CURL_LOG_LVL_NONE, +}; + +void Curl_trc_smtp(struct Curl_easy *data, const char *fmt, ...) +{ + DEBUGASSERT(!strchr(fmt, '\n')); + if(Curl_trc_ft_is_verbose(data, &Curl_trc_feat_smtp)) { + va_list ap; + va_start(ap, fmt); + trc_infof(data, &Curl_trc_feat_smtp, fmt, ap); + va_end(ap); + } +} +#endif /* !CURL_DISABLE_SMTP */ + +#if !defined(CURL_DISABLE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) +struct curl_trc_feat Curl_trc_feat_ws = { + "WS", + CURL_LOG_LVL_NONE, +}; + +void Curl_trc_ws(struct Curl_easy *data, const char *fmt, ...) +{ + DEBUGASSERT(!strchr(fmt, '\n')); + if(Curl_trc_ft_is_verbose(data, &Curl_trc_feat_ws)) { + va_list ap; + va_start(ap, fmt); + trc_infof(data, &Curl_trc_feat_ws, fmt, ap); + va_end(ap); + } +} +#endif /* !CURL_DISABLE_WEBSOCKETS && !CURL_DISABLE_HTTP */ + +#define TRC_CT_NONE (0) +#define TRC_CT_PROTOCOL (1<<(0)) +#define TRC_CT_NETWORK (1<<(1)) +#define TRC_CT_PROXY (1<<(2)) + +struct trc_feat_def { + struct curl_trc_feat *feat; + unsigned int category; +}; + +static struct trc_feat_def trc_feats[] = { + { &Curl_trc_feat_read, TRC_CT_NONE }, + { &Curl_trc_feat_write, TRC_CT_NONE }, #ifndef CURL_DISABLE_FTP - &Curl_trc_feat_ftp, + { &Curl_trc_feat_ftp, TRC_CT_PROTOCOL }, #endif #ifndef CURL_DISABLE_DOH - &Curl_doh_trc, + { &Curl_doh_trc, TRC_CT_NETWORK }, +#endif +#ifndef CURL_DISABLE_SMTP + { &Curl_trc_feat_smtp, TRC_CT_PROTOCOL }, #endif - NULL, +#if !defined(CURL_DISABLE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) + { &Curl_trc_feat_ws, TRC_CT_PROTOCOL }, +#endif +}; + +struct trc_cft_def { + struct Curl_cftype *cft; + unsigned int category; }; -static struct Curl_cftype *cf_types[] = { - &Curl_cft_tcp, - &Curl_cft_udp, - &Curl_cft_unix, - &Curl_cft_tcp_accept, - &Curl_cft_happy_eyeballs, - &Curl_cft_setup, +static struct trc_cft_def trc_cfts[] = { + { &Curl_cft_tcp, TRC_CT_NETWORK }, + { &Curl_cft_udp, TRC_CT_NETWORK }, + { &Curl_cft_unix, TRC_CT_NETWORK }, + { &Curl_cft_tcp_accept, TRC_CT_NETWORK }, + { &Curl_cft_happy_eyeballs, TRC_CT_NETWORK }, + { &Curl_cft_setup, TRC_CT_PROTOCOL }, #ifdef USE_NGHTTP2 - &Curl_cft_nghttp2, + { &Curl_cft_nghttp2, TRC_CT_PROTOCOL }, #endif #ifdef USE_SSL - &Curl_cft_ssl, + { &Curl_cft_ssl, TRC_CT_NETWORK }, #ifndef CURL_DISABLE_PROXY - &Curl_cft_ssl_proxy, + { &Curl_cft_ssl_proxy, TRC_CT_PROXY }, #endif #endif #if !defined(CURL_DISABLE_PROXY) #if !defined(CURL_DISABLE_HTTP) - &Curl_cft_h1_proxy, + { &Curl_cft_h1_proxy, TRC_CT_PROXY }, #ifdef USE_NGHTTP2 - &Curl_cft_h2_proxy, + { &Curl_cft_h2_proxy, TRC_CT_PROXY }, #endif - &Curl_cft_http_proxy, + { &Curl_cft_http_proxy, TRC_CT_PROXY }, #endif /* !CURL_DISABLE_HTTP */ - &Curl_cft_haproxy, - &Curl_cft_socks_proxy, + { &Curl_cft_haproxy, TRC_CT_PROXY }, + { &Curl_cft_socks_proxy, TRC_CT_PROXY }, #endif /* !CURL_DISABLE_PROXY */ #ifdef USE_HTTP3 - &Curl_cft_http3, + { &Curl_cft_http3, TRC_CT_PROTOCOL }, #endif #if !defined(CURL_DISABLE_HTTP) && !defined(USE_HYPER) - &Curl_cft_http_connect, + { &Curl_cft_http_connect, TRC_CT_PROTOCOL }, #endif - NULL, }; -CURLcode Curl_trc_opt(const char *config) +static void trc_apply_level_by_name(const char * const token, int lvl) +{ + size_t i; + + for(i = 0; i < ARRAYSIZE(trc_cfts); ++i) { + if(strcasecompare(token, trc_cfts[i].cft->name)) { + trc_cfts[i].cft->log_level = lvl; + break; + } + } + for(i = 0; i < ARRAYSIZE(trc_feats); ++i) { + if(strcasecompare(token, trc_feats[i].feat->name)) { + trc_feats[i].feat->log_level = lvl; + break; + } + } +} + +static void trc_apply_level_by_category(int category, int lvl) { - char *token, *tok_buf, *tmp; size_t i; + + for(i = 0; i < ARRAYSIZE(trc_cfts); ++i) { + if(!category || (trc_cfts[i].category & category)) + trc_cfts[i].cft->log_level = lvl; + } + for(i = 0; i < ARRAYSIZE(trc_feats); ++i) { + if(!category || (trc_feats[i].category & category)) + trc_feats[i].feat->log_level = lvl; + } +} + +static CURLcode trc_opt(const char *config) +{ + char *token, *tok_buf, *tmp; int lvl; tmp = strdup(config); @@ -285,42 +380,46 @@ CURLcode Curl_trc_opt(const char *config) lvl = CURL_LOG_LVL_INFO; break; } - for(i = 0; cf_types[i]; ++i) { - if(strcasecompare(token, "all")) { - cf_types[i]->log_level = lvl; - } - else if(strcasecompare(token, cf_types[i]->name)) { - cf_types[i]->log_level = lvl; - break; - } - } - for(i = 0; trc_feats[i]; ++i) { - if(strcasecompare(token, "all")) { - trc_feats[i]->log_level = lvl; - } - else if(strcasecompare(token, trc_feats[i]->name)) { - trc_feats[i]->log_level = lvl; - break; - } - } + if(strcasecompare(token, "all")) + trc_apply_level_by_category(TRC_CT_NONE, lvl); + else if(strcasecompare(token, "protocol")) + trc_apply_level_by_category(TRC_CT_PROTOCOL, lvl); + else if(strcasecompare(token, "network")) + trc_apply_level_by_category(TRC_CT_NETWORK, lvl); + else if(strcasecompare(token, "proxy")) + trc_apply_level_by_category(TRC_CT_PROXY, lvl); + else + trc_apply_level_by_name(token, lvl); + token = strtok_r(NULL, ", ", &tok_buf); } free(tmp); return CURLE_OK; } -CURLcode Curl_trc_init(void) +CURLcode Curl_trc_opt(const char *config) { + CURLcode result = config ? trc_opt(config) : CURLE_OK; #ifdef DEBUGBUILD - /* WIP: we use the auto-init from an env var only in DEBUG builds for - * convenience. */ - const char *config = getenv("CURL_DEBUG"); - if(config) { - return Curl_trc_opt(config); + /* CURL_DEBUG can override anything */ + if(!result) { + const char *dbg_config = getenv("CURL_DEBUG"); + if(dbg_config) + result = trc_opt(dbg_config); } #endif /* DEBUGBUILD */ + return result; +} + +CURLcode Curl_trc_init(void) +{ +#ifdef DEBUGBUILD + return Curl_trc_opt(NULL); +#else return CURLE_OK; +#endif } + #else /* defined(CURL_DISABLE_VERBOSE_STRINGS) */ CURLcode Curl_trc_init(void) diff --git a/libraries/libcurl/curl_trc.h b/libraries/libcurl/curl_trc.h index 3d380183..67a7f4aa 100644 --- a/libraries/libcurl/curl_trc.h +++ b/libraries/libcurl/curl_trc.h @@ -89,6 +89,16 @@ void Curl_failf(struct Curl_easy *data, do { if(Curl_trc_ft_is_verbose(data, &Curl_trc_feat_ftp)) \ Curl_trc_ftp(data, __VA_ARGS__); } while(0) #endif /* !CURL_DISABLE_FTP */ +#ifndef CURL_DISABLE_SMTP +#define CURL_TRC_SMTP(data, ...) \ + do { if(Curl_trc_ft_is_verbose(data, &Curl_trc_feat_smtp)) \ + Curl_trc_smtp(data, __VA_ARGS__); } while(0) +#endif /* !CURL_DISABLE_SMTP */ +#if !defined(CURL_DISABLE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) +#define CURL_TRC_WS(data, ...) \ + do { if(Curl_trc_ft_is_verbose(data, &Curl_trc_feat_ws)) \ + Curl_trc_ws(data, __VA_ARGS__); } while(0) +#endif /* !CURL_DISABLE_WEBSOCKETS && !CURL_DISABLE_HTTP */ #else /* CURL_HAVE_C99 */ @@ -100,6 +110,12 @@ void Curl_failf(struct Curl_easy *data, #ifndef CURL_DISABLE_FTP #define CURL_TRC_FTP Curl_trc_ftp #endif +#ifndef CURL_DISABLE_SMTP +#define CURL_TRC_SMTP Curl_trc_smtp +#endif +#if !defined(CURL_DISABLE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) +#define CURL_TRC_WS Curl_trc_ws +#endif #endif /* !CURL_HAVE_C99 */ @@ -136,8 +152,6 @@ void Curl_infof(struct Curl_easy *data, */ void Curl_trc_cf_infof(struct Curl_easy *data, struct Curl_cfilter *cf, const char *fmt, ...) CURL_PRINTF(3, 4); -void Curl_trc_ft_infof(struct Curl_easy *data, struct curl_trc_feat *ft, - const char *fmt, ...) CURL_PRINTF(3, 4); void Curl_trc_write(struct Curl_easy *data, const char *fmt, ...) CURL_PRINTF(2, 3); void Curl_trc_read(struct Curl_easy *data, @@ -148,6 +162,16 @@ extern struct curl_trc_feat Curl_trc_feat_ftp; void Curl_trc_ftp(struct Curl_easy *data, const char *fmt, ...) CURL_PRINTF(2, 3); #endif +#ifndef CURL_DISABLE_SMTP +extern struct curl_trc_feat Curl_trc_feat_smtp; +void Curl_trc_smtp(struct Curl_easy *data, + const char *fmt, ...) CURL_PRINTF(2, 3); +#endif +#if !defined(CURL_DISABLE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) +extern struct curl_trc_feat Curl_trc_feat_ws; +void Curl_trc_ws(struct Curl_easy *data, + const char *fmt, ...) CURL_PRINTF(2, 3); +#endif #else /* defined(CURL_DISABLE_VERBOSE_STRINGS) */ @@ -171,13 +195,6 @@ static void Curl_trc_cf_infof(struct Curl_easy *data, struct curl_trc_feat; -static void Curl_trc_ft_infof(struct Curl_easy *data, - struct curl_trc_feat *ft, - const char *fmt, ...) -{ - (void)data; (void)ft; (void)fmt; -} - static void Curl_trc_write(struct Curl_easy *data, const char *fmt, ...) { (void)data; (void)fmt; @@ -194,6 +211,18 @@ static void Curl_trc_ftp(struct Curl_easy *data, const char *fmt, ...) (void)data; (void)fmt; } #endif +#ifndef CURL_DISABLE_SMTP +static void Curl_trc_smtp(struct Curl_easy *data, const char *fmt, ...) +{ + (void)data; (void)fmt; +} +#endif +#if !defined(CURL_DISABLE_WEBSOCKETS) || !defined(CURL_DISABLE_HTTP) +static void Curl_trc_ws(struct Curl_easy *data, const char *fmt, ...) +{ + (void)data; (void)fmt; +} +#endif #endif /* !defined(CURL_DISABLE_VERBOSE_STRINGS) */ diff --git a/libraries/libcurl/curlx.h b/libraries/libcurl/curlx.h index 54e42795..f0e4e647 100644 --- a/libraries/libcurl/curlx.h +++ b/libraries/libcurl/curlx.h @@ -31,10 +31,8 @@ * be. */ -#include -/* this is still a public header file that provides the curl_mprintf() - functions while they still are offered publicly. They will be made library- - private one day */ +/* map standard printf functions to curl implementations */ +#include "curl_printf.h" #include "strcase.h" /* "strcase.h" provides the strcasecompare protos */ @@ -68,50 +66,4 @@ #include "version_win32.h" /* "version_win32.h" provides curlx_verify_windows_version() */ -/* Now setup curlx_ * names for the functions that are to become curlx_ and - be removed from a future libcurl official API: - curlx_getenv - curlx_mprintf (and its variations) - curlx_strcasecompare - curlx_strncasecompare - -*/ - -#define curlx_mvsnprintf curl_mvsnprintf -#define curlx_msnprintf curl_msnprintf -#define curlx_maprintf curl_maprintf -#define curlx_mvaprintf curl_mvaprintf -#define curlx_msprintf curl_msprintf -#define curlx_mprintf curl_mprintf -#define curlx_mfprintf curl_mfprintf -#define curlx_mvsprintf curl_mvsprintf -#define curlx_mvprintf curl_mvprintf -#define curlx_mvfprintf curl_mvfprintf - -#ifdef ENABLE_CURLX_PRINTF -/* If this define is set, we define all "standard" printf() functions to use - the curlx_* version instead. It makes the source code transparent and - easier to understand/patch. Undefine them first. */ -# undef printf -# undef fprintf -# undef sprintf -# undef msnprintf -# undef vprintf -# undef vfprintf -# undef vsprintf -# undef mvsnprintf -# undef aprintf -# undef vaprintf - -# define printf curlx_mprintf -# define fprintf curlx_mfprintf -# define sprintf curlx_msprintf -# define msnprintf curlx_msnprintf -# define vprintf curlx_mvprintf -# define vfprintf curlx_mvfprintf -# define mvsnprintf curlx_mvsnprintf -# define aprintf curlx_maprintf -# define vaprintf curlx_mvaprintf -#endif /* ENABLE_CURLX_PRINTF */ - #endif /* HEADER_CURL_CURLX_H */ diff --git a/libraries/libcurl/cw-out.c b/libraries/libcurl/cw-out.c index 56ec4162..4d3df0a6 100644 --- a/libraries/libcurl/cw-out.c +++ b/libraries/libcurl/cw-out.c @@ -177,8 +177,8 @@ static void cw_get_writefunc(struct Curl_easy *data, cw_out_type otype, *pmin_write = 0; break; case CW_OUT_HDS: - *pwcb = data->set.fwrite_header? data->set.fwrite_header : - (data->set.writeheader? data->set.fwrite_func : NULL); + *pwcb = data->set.fwrite_header ? data->set.fwrite_header : + (data->set.writeheader ? data->set.fwrite_func : NULL); *pwcb_data = data->set.writeheader; *pmax_write = 0; /* do not chunk-write headers, write them as they are */ *pmin_write = 0; @@ -218,12 +218,12 @@ static CURLcode cw_out_ptr_flush(struct cw_out_ctx *ctx, while(blen && !ctx->paused) { if(!flush_all && blen < min_write) break; - wlen = max_write? CURLMIN(blen, max_write) : blen; + wlen = max_write ? CURLMIN(blen, max_write) : blen; Curl_set_in_callback(data, TRUE); nwritten = wcb((char *)buf, 1, wlen, wcb_data); Curl_set_in_callback(data, FALSE); CURL_TRC_WRITE(data, "cw_out, wrote %zu %s bytes -> %zu", - wlen, (otype == CW_OUT_BODY)? "body" : "header", + wlen, (otype == CW_OUT_BODY) ? "body" : "header", nwritten); if(CURL_WRITEFUNC_PAUSE == nwritten) { if(data->conn && data->conn->handler->flags & PROTOPT_NONETWORK) { @@ -402,9 +402,8 @@ static CURLcode cw_out_write(struct Curl_easy *data, { struct cw_out_ctx *ctx = writer->ctx; CURLcode result; - bool flush_all; + bool flush_all = !!(type & CLIENTWRITE_EOS); - flush_all = (type & CLIENTWRITE_EOS)? TRUE:FALSE; if((type & CLIENTWRITE_BODY) || ((type & CLIENTWRITE_HEADER) && data->set.include_header)) { result = cw_out_do_write(ctx, data, CW_OUT_BODY, flush_all, buf, blen); @@ -431,7 +430,7 @@ bool Curl_cw_out_is_paused(struct Curl_easy *data) return FALSE; ctx = (struct cw_out_ctx *)cw_out; - CURL_TRC_WRITE(data, "cw-out is%spaused", ctx->paused? "" : " not"); + CURL_TRC_WRITE(data, "cw-out is%spaused", ctx->paused ? "" : " not"); return ctx->paused; } diff --git a/libraries/libcurl/dict.c b/libraries/libcurl/dict.c index 35331ce2..7d9c18dc 100644 --- a/libraries/libcurl/dict.c +++ b/libraries/libcurl/dict.c @@ -146,7 +146,7 @@ static CURLcode sendf(struct Curl_easy *data, const char *fmt, ...) for(;;) { /* Write the buffer to the socket */ - result = Curl_xfer_send(data, sptr, write_len, &bytes_written); + result = Curl_xfer_send(data, sptr, write_len, FALSE, &bytes_written); if(result) break; diff --git a/libraries/libcurl/doh.c b/libraries/libcurl/doh.c index 0dcca17c..8769372e 100644 --- a/libraries/libcurl/doh.c +++ b/libraries/libcurl/doh.c @@ -46,7 +46,7 @@ #define DNS_CLASS_IN 0x01 -/* local_print_buf truncates if the hex string will be more than this */ +/* doh_print_buf truncates if the hex string will be more than this */ #define LOCAL_PB_HEXMAX 400 #ifndef CURL_DISABLE_VERBOSE_STRINGS @@ -82,11 +82,11 @@ struct curl_trc_feat Curl_doh_trc = { /* @unittest 1655 */ -UNITTEST DOHcode doh_encode(const char *host, - DNStype dnstype, - unsigned char *dnsp, /* buffer */ - size_t len, /* buffer size */ - size_t *olen) /* output length */ +UNITTEST DOHcode doh_req_encode(const char *host, + DNStype dnstype, + unsigned char *dnsp, /* buffer */ + size_t len, /* buffer size */ + size_t *olen) /* output length */ { const size_t hostlen = strlen(host); unsigned char *orig = dnsp; @@ -165,7 +165,7 @@ UNITTEST DOHcode doh_encode(const char *host, *dnsp++ = 0; /* append zero-length label for root */ /* There are assigned TYPE codes beyond 255: use range [1..65535] */ - *dnsp++ = (unsigned char)(255 & (dnstype>>8)); /* upper 8 bit TYPE */ + *dnsp++ = (unsigned char)(255 & (dnstype >> 8)); /* upper 8 bit TYPE */ *dnsp++ = (unsigned char)(255 & dnstype); /* lower 8 bit TYPE */ *dnsp++ = '\0'; /* upper 8 bit CLASS */ @@ -180,7 +180,7 @@ UNITTEST DOHcode doh_encode(const char *host, } static size_t -doh_write_cb(const void *contents, size_t size, size_t nmemb, void *userp) +doh_write_cb(char *contents, size_t size, size_t nmemb, void *userp) { size_t realsize = size * nmemb; struct dynbuf *mem = (struct dynbuf *)userp; @@ -192,16 +192,16 @@ doh_write_cb(const void *contents, size_t size, size_t nmemb, void *userp) } #if defined(USE_HTTPSRR) && defined(DEBUGBUILD) -static void local_print_buf(struct Curl_easy *data, - const char *prefix, - unsigned char *buf, size_t len) +static void doh_print_buf(struct Curl_easy *data, + const char *prefix, + unsigned char *buf, size_t len) { unsigned char hexstr[LOCAL_PB_HEXMAX]; size_t hlen = LOCAL_PB_HEXMAX; - bool truncated = false; + bool truncated = FALSE; if(len > (LOCAL_PB_HEXMAX / 2)) - truncated = true; + truncated = TRUE; Curl_hexencode(buf, len, hexstr, hlen); if(!truncated) infof(data, "%s: len=%d, val=%s", prefix, (int)len, hexstr); @@ -214,50 +214,57 @@ static void local_print_buf(struct Curl_easy *data, /* called from multi.c when this DoH transfer is complete */ static int doh_done(struct Curl_easy *doh, CURLcode result) { - struct Curl_easy *data = doh->set.dohfor; - struct dohdata *dohp = data->req.doh; - /* so one of the DoH request done for the 'data' transfer is now complete! */ - dohp->pending--; - infof(doh, "a DoH request is completed, %u to go", dohp->pending); - if(result) - infof(doh, "DoH request %s", curl_easy_strerror(result)); + struct Curl_easy *data; /* the transfer that asked for the DoH probe */ - if(!dohp->pending) { - /* DoH completed */ - curl_slist_free_all(dohp->headers); - dohp->headers = NULL; - Curl_expire(data, 0, EXPIRE_RUN_NOW); + data = Curl_multi_get_handle(doh->multi, doh->set.dohfor_mid); + if(!data) { + DEBUGF(infof(doh, "doh_done: xfer for mid=%" FMT_OFF_T + " not found", doh->set.dohfor_mid)); + DEBUGASSERT(0); + } + else { + struct doh_probes *dohp = data->req.doh; + /* one of the DoH request done for the 'data' transfer is now complete! */ + dohp->pending--; + infof(doh, "a DoH request is completed, %u to go", dohp->pending); + if(result) + infof(doh, "DoH request %s", curl_easy_strerror(result)); + + if(!dohp->pending) { + /* DoH completed, run the transfer picking up the results */ + Curl_expire(data, 0, EXPIRE_RUN_NOW); + } } return 0; } -#define ERROR_CHECK_SETOPT(x,y) \ -do { \ - result = curl_easy_setopt(doh, x, y); \ - if(result && \ - result != CURLE_NOT_BUILT_IN && \ - result != CURLE_UNKNOWN_OPTION) \ - goto error; \ -} while(0) - -static CURLcode dohprobe(struct Curl_easy *data, - struct dnsprobe *p, DNStype dnstype, - const char *host, - const char *url, CURLM *multi, - struct curl_slist *headers) +#define ERROR_CHECK_SETOPT(x,y) \ + do { \ + result = curl_easy_setopt((CURL *)doh, x, y); \ + if(result && \ + result != CURLE_NOT_BUILT_IN && \ + result != CURLE_UNKNOWN_OPTION) \ + goto error; \ + } while(0) + +static CURLcode doh_run_probe(struct Curl_easy *data, + struct doh_probe *p, DNStype dnstype, + const char *host, + const char *url, CURLM *multi, + struct curl_slist *headers) { struct Curl_easy *doh = NULL; CURLcode result = CURLE_OK; timediff_t timeout_ms; - DOHcode d = doh_encode(host, dnstype, p->dohbuffer, sizeof(p->dohbuffer), - &p->dohlen); + DOHcode d = doh_req_encode(host, dnstype, p->req_body, sizeof(p->req_body), + &p->req_body_len); if(d) { failf(data, "Failed to encode DoH packet [%d]", d); return CURLE_OUT_OF_MEMORY; } p->dnstype = dnstype; - Curl_dyn_init(&p->serverdoh, DYN_DOH_RESPONSE); + Curl_dyn_init(&p->resp_body, DYN_DOH_RESPONSE); timeout_ms = Curl_timeleft(data, NULL, TRUE); if(timeout_ms <= 0) { @@ -266,126 +273,126 @@ static CURLcode dohprobe(struct Curl_easy *data, } /* Curl_open() is the internal version of curl_easy_init() */ result = Curl_open(&doh); - if(!result) { - /* pass in the struct pointer via a local variable to please coverity and - the gcc typecheck helpers */ - struct dynbuf *resp = &p->serverdoh; - doh->state.internal = true; + if(result) + goto error; + + /* pass in the struct pointer via a local variable to please coverity and + the gcc typecheck helpers */ + doh->state.internal = TRUE; #ifndef CURL_DISABLE_VERBOSE_STRINGS - doh->state.feat = &Curl_doh_trc; + doh->state.feat = &Curl_doh_trc; #endif - ERROR_CHECK_SETOPT(CURLOPT_URL, url); - ERROR_CHECK_SETOPT(CURLOPT_DEFAULT_PROTOCOL, "https"); - ERROR_CHECK_SETOPT(CURLOPT_WRITEFUNCTION, doh_write_cb); - ERROR_CHECK_SETOPT(CURLOPT_WRITEDATA, resp); - ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDS, p->dohbuffer); - ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDSIZE, (long)p->dohlen); - ERROR_CHECK_SETOPT(CURLOPT_HTTPHEADER, headers); + ERROR_CHECK_SETOPT(CURLOPT_URL, url); + ERROR_CHECK_SETOPT(CURLOPT_DEFAULT_PROTOCOL, "https"); + ERROR_CHECK_SETOPT(CURLOPT_WRITEFUNCTION, doh_write_cb); + ERROR_CHECK_SETOPT(CURLOPT_WRITEDATA, &p->resp_body); + ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDS, p->req_body); + ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDSIZE, (long)p->req_body_len); + ERROR_CHECK_SETOPT(CURLOPT_HTTPHEADER, headers); #ifdef USE_HTTP2 - ERROR_CHECK_SETOPT(CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS); - ERROR_CHECK_SETOPT(CURLOPT_PIPEWAIT, 1L); + ERROR_CHECK_SETOPT(CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS); + ERROR_CHECK_SETOPT(CURLOPT_PIPEWAIT, 1L); #endif #ifndef DEBUGBUILD - /* enforce HTTPS if not debug */ - ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTPS); + /* enforce HTTPS if not debug */ + ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTPS); #else - /* in debug mode, also allow http */ - ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS); + /* in debug mode, also allow http */ + ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS); #endif - ERROR_CHECK_SETOPT(CURLOPT_TIMEOUT_MS, (long)timeout_ms); - ERROR_CHECK_SETOPT(CURLOPT_SHARE, data->share); - if(data->set.err && data->set.err != stderr) - ERROR_CHECK_SETOPT(CURLOPT_STDERR, data->set.err); - if(Curl_trc_ft_is_verbose(data, &Curl_doh_trc)) - ERROR_CHECK_SETOPT(CURLOPT_VERBOSE, 1L); - if(data->set.no_signal) - ERROR_CHECK_SETOPT(CURLOPT_NOSIGNAL, 1L); - - ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYHOST, - data->set.doh_verifyhost ? 2L : 0L); - ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYPEER, - data->set.doh_verifypeer ? 1L : 0L); - ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYSTATUS, - data->set.doh_verifystatus ? 1L : 0L); - - /* Inherit *some* SSL options from the user's transfer. This is a - best-guess as to which options are needed for compatibility. #3661 - - Note DoH does not inherit the user's proxy server so proxy SSL settings - have no effect and are not inherited. If that changes then two new - options should be added to check doh proxy insecure separately, - CURLOPT_DOH_PROXY_SSL_VERIFYHOST and CURLOPT_DOH_PROXY_SSL_VERIFYPEER. - */ - if(data->set.ssl.falsestart) - ERROR_CHECK_SETOPT(CURLOPT_SSL_FALSESTART, 1L); - if(data->set.str[STRING_SSL_CAFILE]) { - ERROR_CHECK_SETOPT(CURLOPT_CAINFO, - data->set.str[STRING_SSL_CAFILE]); - } - if(data->set.blobs[BLOB_CAINFO]) { - ERROR_CHECK_SETOPT(CURLOPT_CAINFO_BLOB, - data->set.blobs[BLOB_CAINFO]); - } - if(data->set.str[STRING_SSL_CAPATH]) { - ERROR_CHECK_SETOPT(CURLOPT_CAPATH, - data->set.str[STRING_SSL_CAPATH]); - } - if(data->set.str[STRING_SSL_CRLFILE]) { - ERROR_CHECK_SETOPT(CURLOPT_CRLFILE, - data->set.str[STRING_SSL_CRLFILE]); - } - if(data->set.ssl.certinfo) - ERROR_CHECK_SETOPT(CURLOPT_CERTINFO, 1L); - if(data->set.ssl.fsslctx) - ERROR_CHECK_SETOPT(CURLOPT_SSL_CTX_FUNCTION, data->set.ssl.fsslctx); - if(data->set.ssl.fsslctxp) - ERROR_CHECK_SETOPT(CURLOPT_SSL_CTX_DATA, data->set.ssl.fsslctxp); - if(data->set.fdebug) - ERROR_CHECK_SETOPT(CURLOPT_DEBUGFUNCTION, data->set.fdebug); - if(data->set.debugdata) - ERROR_CHECK_SETOPT(CURLOPT_DEBUGDATA, data->set.debugdata); - if(data->set.str[STRING_SSL_EC_CURVES]) { - ERROR_CHECK_SETOPT(CURLOPT_SSL_EC_CURVES, - data->set.str[STRING_SSL_EC_CURVES]); - } + ERROR_CHECK_SETOPT(CURLOPT_TIMEOUT_MS, (long)timeout_ms); + ERROR_CHECK_SETOPT(CURLOPT_SHARE, (CURLSH *)data->share); + if(data->set.err && data->set.err != stderr) + ERROR_CHECK_SETOPT(CURLOPT_STDERR, data->set.err); + if(Curl_trc_ft_is_verbose(data, &Curl_doh_trc)) + ERROR_CHECK_SETOPT(CURLOPT_VERBOSE, 1L); + if(data->set.no_signal) + ERROR_CHECK_SETOPT(CURLOPT_NOSIGNAL, 1L); + + ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYHOST, + data->set.doh_verifyhost ? 2L : 0L); + ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYPEER, + data->set.doh_verifypeer ? 1L : 0L); + ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYSTATUS, + data->set.doh_verifystatus ? 1L : 0L); + + /* Inherit *some* SSL options from the user's transfer. This is a + best-guess as to which options are needed for compatibility. #3661 + + Note DoH does not inherit the user's proxy server so proxy SSL settings + have no effect and are not inherited. If that changes then two new + options should be added to check doh proxy insecure separately, + CURLOPT_DOH_PROXY_SSL_VERIFYHOST and CURLOPT_DOH_PROXY_SSL_VERIFYPEER. + */ + if(data->set.ssl.falsestart) + ERROR_CHECK_SETOPT(CURLOPT_SSL_FALSESTART, 1L); + if(data->set.str[STRING_SSL_CAFILE]) { + ERROR_CHECK_SETOPT(CURLOPT_CAINFO, + data->set.str[STRING_SSL_CAFILE]); + } + if(data->set.blobs[BLOB_CAINFO]) { + ERROR_CHECK_SETOPT(CURLOPT_CAINFO_BLOB, + data->set.blobs[BLOB_CAINFO]); + } + if(data->set.str[STRING_SSL_CAPATH]) { + ERROR_CHECK_SETOPT(CURLOPT_CAPATH, + data->set.str[STRING_SSL_CAPATH]); + } + if(data->set.str[STRING_SSL_CRLFILE]) { + ERROR_CHECK_SETOPT(CURLOPT_CRLFILE, + data->set.str[STRING_SSL_CRLFILE]); + } + if(data->set.ssl.certinfo) + ERROR_CHECK_SETOPT(CURLOPT_CERTINFO, 1L); + if(data->set.ssl.fsslctx) + ERROR_CHECK_SETOPT(CURLOPT_SSL_CTX_FUNCTION, data->set.ssl.fsslctx); + if(data->set.ssl.fsslctxp) + ERROR_CHECK_SETOPT(CURLOPT_SSL_CTX_DATA, data->set.ssl.fsslctxp); + if(data->set.fdebug) + ERROR_CHECK_SETOPT(CURLOPT_DEBUGFUNCTION, data->set.fdebug); + if(data->set.debugdata) + ERROR_CHECK_SETOPT(CURLOPT_DEBUGDATA, data->set.debugdata); + if(data->set.str[STRING_SSL_EC_CURVES]) { + ERROR_CHECK_SETOPT(CURLOPT_SSL_EC_CURVES, + data->set.str[STRING_SSL_EC_CURVES]); + } - { - long mask = - (data->set.ssl.enable_beast ? - CURLSSLOPT_ALLOW_BEAST : 0) | - (data->set.ssl.no_revoke ? - CURLSSLOPT_NO_REVOKE : 0) | - (data->set.ssl.no_partialchain ? - CURLSSLOPT_NO_PARTIALCHAIN : 0) | - (data->set.ssl.revoke_best_effort ? - CURLSSLOPT_REVOKE_BEST_EFFORT : 0) | - (data->set.ssl.native_ca_store ? - CURLSSLOPT_NATIVE_CA : 0) | - (data->set.ssl.auto_client_cert ? - CURLSSLOPT_AUTO_CLIENT_CERT : 0); - - (void)curl_easy_setopt(doh, CURLOPT_SSL_OPTIONS, mask); - } + { + long mask = + (data->set.ssl.enable_beast ? + CURLSSLOPT_ALLOW_BEAST : 0) | + (data->set.ssl.no_revoke ? + CURLSSLOPT_NO_REVOKE : 0) | + (data->set.ssl.no_partialchain ? + CURLSSLOPT_NO_PARTIALCHAIN : 0) | + (data->set.ssl.revoke_best_effort ? + CURLSSLOPT_REVOKE_BEST_EFFORT : 0) | + (data->set.ssl.native_ca_store ? + CURLSSLOPT_NATIVE_CA : 0) | + (data->set.ssl.auto_client_cert ? + CURLSSLOPT_AUTO_CLIENT_CERT : 0); + + (void)curl_easy_setopt(doh, CURLOPT_SSL_OPTIONS, mask); + } - doh->set.fmultidone = doh_done; - doh->set.dohfor = data; /* identify for which transfer this is done */ - p->easy = doh; + doh->set.fmultidone = doh_done; + doh->set.dohfor_mid = data->mid; /* for which transfer this is done */ - /* DoH handles must not inherit private_data. The handles may be passed to - the user via callbacks and the user will be able to identify them as - internal handles because private data is not set. The user can then set - private_data via CURLOPT_PRIVATE if they so choose. */ - DEBUGASSERT(!doh->set.private_data); + /* DoH handles must not inherit private_data. The handles may be passed to + the user via callbacks and the user will be able to identify them as + internal handles because private data is not set. The user can then set + private_data via CURLOPT_PRIVATE if they so choose. */ + DEBUGASSERT(!doh->set.private_data); - if(curl_multi_add_handle(multi, doh)) - goto error; - } - else + if(curl_multi_add_handle(multi, doh)) goto error; + + p->easy_mid = doh->mid; return CURLE_OK; error: Curl_close(&doh); + p->easy_mid = -1; return result; } @@ -400,8 +407,9 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data, int *waitp) { CURLcode result = CURLE_OK; - struct dohdata *dohp; + struct doh_probes *dohp; struct connectdata *conn = data->conn; + size_t i; #ifdef USE_HTTPSRR /* for now, this is only used when ECH is enabled */ # ifdef USE_ECH @@ -416,23 +424,27 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data, DEBUGASSERT(conn); /* start clean, consider allocating this struct on demand */ - dohp = data->req.doh = calloc(1, sizeof(struct dohdata)); + dohp = data->req.doh = calloc(1, sizeof(struct doh_probes)); if(!dohp) return NULL; + for(i = 0; i < DOH_SLOT_COUNT; ++i) { + dohp->probe[i].easy_mid = -1; + } + conn->bits.doh = TRUE; dohp->host = hostname; dohp->port = port; - dohp->headers = + dohp->req_hds = curl_slist_append(NULL, "Content-Type: application/dns-message"); - if(!dohp->headers) + if(!dohp->req_hds) goto error; /* create IPv4 DoH request */ - result = dohprobe(data, &dohp->probe[DOH_PROBE_SLOT_IPADDR_V4], - DNS_TYPE_A, hostname, data->set.str[STRING_DOH], - data->multi, dohp->headers); + result = doh_run_probe(data, &dohp->probe[DOH_SLOT_IPV4], + DNS_TYPE_A, hostname, data->set.str[STRING_DOH], + data->multi, dohp->req_hds); if(result) goto error; dohp->pending++; @@ -440,9 +452,9 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data, #ifdef USE_IPV6 if((conn->ip_version != CURL_IPRESOLVE_V4) && Curl_ipv6works(data)) { /* create IPv6 DoH request */ - result = dohprobe(data, &dohp->probe[DOH_PROBE_SLOT_IPADDR_V6], - DNS_TYPE_AAAA, hostname, data->set.str[STRING_DOH], - data->multi, dohp->headers); + result = doh_run_probe(data, &dohp->probe[DOH_SLOT_IPV6], + DNS_TYPE_AAAA, hostname, data->set.str[STRING_DOH], + data->multi, dohp->req_hds); if(result) goto error; dohp->pending++; @@ -469,9 +481,9 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data, qname = aprintf("_%d._https.%s", port, hostname); if(!qname) goto error; - result = dohprobe(data, &dohp->probe[DOH_PROBE_SLOT_HTTPS], - DNS_TYPE_HTTPS, qname, data->set.str[STRING_DOH], - data->multi, dohp->headers); + result = doh_run_probe(data, &dohp->probe[DOH_SLOT_HTTPS_RR], + DNS_TYPE_HTTPS, qname, data->set.str[STRING_DOH], + data->multi, dohp->req_hds); Curl_safefree(qname); if(result) goto error; @@ -487,8 +499,8 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data, return NULL; } -static DOHcode skipqname(const unsigned char *doh, size_t dohlen, - unsigned int *indexp) +static DOHcode doh_skipqname(const unsigned char *doh, size_t dohlen, + unsigned int *indexp) { unsigned char length; do { @@ -511,12 +523,13 @@ static DOHcode skipqname(const unsigned char *doh, size_t dohlen, return DOH_OK; } -static unsigned short get16bit(const unsigned char *doh, unsigned int index) +static unsigned short doh_get16bit(const unsigned char *doh, + unsigned int index) { return (unsigned short)((doh[index] << 8) | doh[index + 1]); } -static unsigned int get32bit(const unsigned char *doh, unsigned int index) +static unsigned int doh_get32bit(const unsigned char *doh, unsigned int index) { /* make clang and gcc optimize this to bswap by incrementing the pointer first. */ @@ -529,7 +542,8 @@ static unsigned int get32bit(const unsigned char *doh, unsigned int index) ((unsigned)doh[2] << 8) | doh[3]; } -static DOHcode store_a(const unsigned char *doh, int index, struct dohentry *d) +static void doh_store_a(const unsigned char *doh, int index, + struct dohentry *d) { /* silently ignore addresses over the limit */ if(d->numaddr < DOH_MAX_ADDR) { @@ -538,12 +552,10 @@ static DOHcode store_a(const unsigned char *doh, int index, struct dohentry *d) memcpy(&a->ip.v4, &doh[index], 4); d->numaddr++; } - return DOH_OK; } -static DOHcode store_aaaa(const unsigned char *doh, - int index, - struct dohentry *d) +static void doh_store_aaaa(const unsigned char *doh, int index, + struct dohentry *d) { /* silently ignore addresses over the limit */ if(d->numaddr < DOH_MAX_ADDR) { @@ -552,14 +564,11 @@ static DOHcode store_aaaa(const unsigned char *doh, memcpy(&a->ip.v6, &doh[index], 16); d->numaddr++; } - return DOH_OK; } #ifdef USE_HTTPSRR -static DOHcode store_https(const unsigned char *doh, - int index, - struct dohentry *d, - uint16_t len) +static DOHcode doh_store_https(const unsigned char *doh, int index, + struct dohentry *d, uint16_t len) { /* silently ignore RRs over the limit */ if(d->numhttps_rrs < DOH_MAX_HTTPS) { @@ -574,10 +583,8 @@ static DOHcode store_https(const unsigned char *doh, } #endif -static DOHcode store_cname(const unsigned char *doh, - size_t dohlen, - unsigned int index, - struct dohentry *d) +static DOHcode doh_store_cname(const unsigned char *doh, size_t dohlen, + unsigned int index, struct dohentry *d) { struct dynbuf *c; unsigned int loop = 128; /* a valid DNS name can never loop this much */ @@ -626,12 +633,12 @@ static DOHcode store_cname(const unsigned char *doh, return DOH_OK; } -static DOHcode rdata(const unsigned char *doh, - size_t dohlen, - unsigned short rdlength, - unsigned short type, - int index, - struct dohentry *d) +static DOHcode doh_rdata(const unsigned char *doh, + size_t dohlen, + unsigned short rdlength, + unsigned short type, + int index, + struct dohentry *d) { /* RDATA - A (TYPE 1): 4 bytes @@ -644,26 +651,22 @@ static DOHcode rdata(const unsigned char *doh, case DNS_TYPE_A: if(rdlength != 4) return DOH_DNS_RDATA_LEN; - rc = store_a(doh, index, d); - if(rc) - return rc; + doh_store_a(doh, index, d); break; case DNS_TYPE_AAAA: if(rdlength != 16) return DOH_DNS_RDATA_LEN; - rc = store_aaaa(doh, index, d); - if(rc) - return rc; + doh_store_aaaa(doh, index, d); break; #ifdef USE_HTTPSRR case DNS_TYPE_HTTPS: - rc = store_https(doh, index, d, rdlength); + rc = doh_store_https(doh, index, d, rdlength); if(rc) return rc; break; #endif case DNS_TYPE_CNAME: - rc = store_cname(doh, dohlen, (unsigned int)index, d); + rc = doh_store_cname(doh, dohlen, (unsigned int)index, d); if(rc) return rc; break; @@ -687,10 +690,10 @@ UNITTEST void de_init(struct dohentry *de) } -UNITTEST DOHcode doh_decode(const unsigned char *doh, - size_t dohlen, - DNStype dnstype, - struct dohentry *d) +UNITTEST DOHcode doh_resp_decode(const unsigned char *doh, + size_t dohlen, + DNStype dnstype, + struct dohentry *d) { unsigned char rcode; unsigned short qdcount; @@ -710,9 +713,9 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, if(rcode) return DOH_DNS_BAD_RCODE; /* bad rcode */ - qdcount = get16bit(doh, 4); + qdcount = doh_get16bit(doh, 4); while(qdcount) { - rc = skipqname(doh, dohlen, &index); + rc = doh_skipqname(doh, dohlen, &index); if(rc) return rc; /* bad qname */ if(dohlen < (index + 4)) @@ -721,19 +724,19 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, qdcount--; } - ancount = get16bit(doh, 6); + ancount = doh_get16bit(doh, 6); while(ancount) { unsigned short class; unsigned int ttl; - rc = skipqname(doh, dohlen, &index); + rc = doh_skipqname(doh, dohlen, &index); if(rc) return rc; /* bad qname */ if(dohlen < (index + 2)) return DOH_DNS_OUT_OF_RANGE; - type = get16bit(doh, index); + type = doh_get16bit(doh, index); if((type != DNS_TYPE_CNAME) /* may be synthesized from DNAME */ && (type != DNS_TYPE_DNAME) /* if present, accept and ignore */ && (type != dnstype)) @@ -743,7 +746,7 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, if(dohlen < (index + 2)) return DOH_DNS_OUT_OF_RANGE; - class = get16bit(doh, index); + class = doh_get16bit(doh, index); if(DNS_CLASS_IN != class) return DOH_DNS_UNEXPECTED_CLASS; /* unsupported */ index += 2; @@ -751,7 +754,7 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, if(dohlen < (index + 4)) return DOH_DNS_OUT_OF_RANGE; - ttl = get32bit(doh, index); + ttl = doh_get32bit(doh, index); if(ttl < d->ttl) d->ttl = ttl; index += 4; @@ -759,21 +762,21 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, if(dohlen < (index + 2)) return DOH_DNS_OUT_OF_RANGE; - rdlength = get16bit(doh, index); + rdlength = doh_get16bit(doh, index); index += 2; if(dohlen < (index + rdlength)) return DOH_DNS_OUT_OF_RANGE; - rc = rdata(doh, dohlen, rdlength, type, (int)index, d); + rc = doh_rdata(doh, dohlen, rdlength, type, (int)index, d); if(rc) - return rc; /* bad rdata */ + return rc; /* bad doh_rdata */ index += rdlength; ancount--; } - nscount = get16bit(doh, 8); + nscount = doh_get16bit(doh, 8); while(nscount) { - rc = skipqname(doh, dohlen, &index); + rc = doh_skipqname(doh, dohlen, &index); if(rc) return rc; /* bad qname */ @@ -785,7 +788,7 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, if(dohlen < (index + 2)) return DOH_DNS_OUT_OF_RANGE; - rdlength = get16bit(doh, index); + rdlength = doh_get16bit(doh, index); index += 2; if(dohlen < (index + rdlength)) return DOH_DNS_OUT_OF_RANGE; @@ -793,9 +796,9 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, nscount--; } - arcount = get16bit(doh, 10); + arcount = doh_get16bit(doh, 10); while(arcount) { - rc = skipqname(doh, dohlen, &index); + rc = doh_skipqname(doh, dohlen, &index); if(rc) return rc; /* bad qname */ @@ -807,7 +810,7 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, if(dohlen < (index + 2)) return DOH_DNS_OUT_OF_RANGE; - rdlength = get16bit(doh, index); + rdlength = doh_get16bit(doh, index); index += 2; if(dohlen < (index + rdlength)) return DOH_DNS_OUT_OF_RANGE; @@ -830,8 +833,8 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, } #ifndef CURL_DISABLE_VERBOSE_STRINGS -static void showdoh(struct Curl_easy *data, - const struct dohentry *d) +static void doh_show(struct Curl_easy *data, + const struct dohentry *d) { int i; infof(data, "[DoH] TTL: %u seconds", d->ttl); @@ -844,15 +847,13 @@ static void showdoh(struct Curl_easy *data, } else if(a->type == DNS_TYPE_AAAA) { int j; - char buffer[128]; - char *ptr; - size_t len; - len = msnprintf(buffer, 128, "[DoH] AAAA: "); - ptr = &buffer[len]; + char buffer[128] = "[DoH] AAAA: "; + size_t len = strlen(buffer); + char *ptr = &buffer[len]; len = sizeof(buffer) - len; for(j = 0; j < 16; j += 2) { size_t l; - msnprintf(ptr, len, "%s%02x%02x", j?":":"", d->addr[i].ip.v6[j], + msnprintf(ptr, len, "%s%02x%02x", j ? ":" : "", d->addr[i].ip.v6[j], d->addr[i].ip.v6[j + 1]); l = strlen(ptr); len -= l; @@ -864,8 +865,8 @@ static void showdoh(struct Curl_easy *data, #ifdef USE_HTTPSRR for(i = 0; i < d->numhttps_rrs; i++) { # ifdef DEBUGBUILD - local_print_buf(data, "DoH HTTPS", - d->https_rrs[i].val, d->https_rrs[i].len); + doh_print_buf(data, "DoH HTTPS", + d->https_rrs[i].val, d->https_rrs[i].len); # else infof(data, "DoH HTTPS RR: length %d", d->https_rrs[i].len); # endif @@ -876,7 +877,7 @@ static void showdoh(struct Curl_easy *data, } } #else -#define showdoh(x,y) +#define doh_show(x,y) #endif /* @@ -996,7 +997,7 @@ static CURLcode doh2ai(const struct dohentry *de, const char *hostname, } #ifndef CURL_DISABLE_VERBOSE_STRINGS -static const char *type2name(DNStype dnstype) +static const char *doh_type2name(DNStype dnstype) { switch(dnstype) { case DNS_TYPE_A: @@ -1041,8 +1042,8 @@ UNITTEST void de_cleanup(struct dohentry *d) * just after the end of the DNS name encoding on output. (And * that is why it is an "unsigned char **" :-) */ -static CURLcode local_decode_rdata_name(unsigned char **buf, size_t *remaining, - char **dnsname) +static CURLcode doh_decode_rdata_name(unsigned char **buf, size_t *remaining, + char **dnsname) { unsigned char *cp = NULL; int rem = 0; @@ -1088,8 +1089,8 @@ static CURLcode local_decode_rdata_name(unsigned char **buf, size_t *remaining, return CURLE_OK; } -static CURLcode local_decode_rdata_alpn(unsigned char *rrval, size_t len, - char **alpns) +static CURLcode doh_decode_rdata_alpn(unsigned char *rrval, size_t len, + char **alpns) { /* * spec here is as per draft-ietf-dnsop-svcb-https, section-7.1.1 @@ -1145,7 +1146,7 @@ static CURLcode local_decode_rdata_alpn(unsigned char *rrval, size_t len, } #ifdef DEBUGBUILD -static CURLcode test_alpn_escapes(void) +static CURLcode doh_test_alpn_escapes(void) { /* we will use an example from draft-ietf-dnsop-svcb, figure 10 */ static unsigned char example[] = { @@ -1158,7 +1159,7 @@ static CURLcode test_alpn_escapes(void) char *aval = NULL; static const char *expected = "f\\\\oo\\,bar,h2"; - if(local_decode_rdata_alpn(example, example_len, &aval) != CURLE_OK) + if(doh_decode_rdata_alpn(example, example_len, &aval) != CURLE_OK) return CURLE_BAD_CONTENT_ENCODING; if(strlen(aval) != strlen(expected)) return CURLE_BAD_CONTENT_ENCODING; @@ -1168,7 +1169,7 @@ static CURLcode test_alpn_escapes(void) } #endif -static CURLcode Curl_doh_decode_httpsrr(unsigned char *rrval, size_t len, +static CURLcode doh_resp_decode_httpsrr(unsigned char *rrval, size_t len, struct Curl_https_rrinfo **hrr) { size_t remaining = len; @@ -1179,7 +1180,7 @@ static CURLcode Curl_doh_decode_httpsrr(unsigned char *rrval, size_t len, #ifdef DEBUGBUILD /* a few tests of escaping, should not be here but ok for now */ - if(test_alpn_escapes() != CURLE_OK) + if(doh_test_alpn_escapes() != CURLE_OK) return CURLE_OUT_OF_MEMORY; #endif lhrr = calloc(1, sizeof(struct Curl_https_rrinfo)); @@ -1194,7 +1195,7 @@ static CURLcode Curl_doh_decode_httpsrr(unsigned char *rrval, size_t len, lhrr->priority = (uint16_t)((cp[0] << 8) + cp[1]); cp += 2; remaining -= (uint16_t)2; - if(local_decode_rdata_name(&cp, &remaining, &dnsname) != CURLE_OK) + if(doh_decode_rdata_name(&cp, &remaining, &dnsname) != CURLE_OK) goto err; lhrr->target = dnsname; while(remaining >= 4) { @@ -1204,7 +1205,7 @@ static CURLcode Curl_doh_decode_httpsrr(unsigned char *rrval, size_t len, cp += 2; remaining -= 4; if(pcode == HTTPS_RR_CODE_ALPN) { - if(local_decode_rdata_alpn(cp, plen, &lhrr->alpns) != CURLE_OK) + if(doh_decode_rdata_alpn(cp, plen, &lhrr->alpns) != CURLE_OK) goto err; } if(pcode == HTTPS_RR_CODE_NO_DEF_ALPN) @@ -1253,8 +1254,8 @@ static CURLcode Curl_doh_decode_httpsrr(unsigned char *rrval, size_t len, } # ifdef DEBUGBUILD -static void local_print_httpsrr(struct Curl_easy *data, - struct Curl_https_rrinfo *hrr) +static void doh_print_httpsrr(struct Curl_easy *data, + struct Curl_https_rrinfo *hrr) { DEBUGASSERT(hrr); infof(data, "HTTPS RR: priority %d, target: %s", @@ -1268,20 +1269,20 @@ static void local_print_httpsrr(struct Curl_easy *data, else infof(data, "HTTPS RR: no_def_alpn not set"); if(hrr->ipv4hints) { - local_print_buf(data, "HTTPS RR: ipv4hints", - hrr->ipv4hints, hrr->ipv4hints_len); + doh_print_buf(data, "HTTPS RR: ipv4hints", + hrr->ipv4hints, hrr->ipv4hints_len); } else infof(data, "HTTPS RR: no ipv4hints"); if(hrr->echconfiglist) { - local_print_buf(data, "HTTPS RR: ECHConfigList", - hrr->echconfiglist, hrr->echconfiglist_len); + doh_print_buf(data, "HTTPS RR: ECHConfigList", + hrr->echconfiglist, hrr->echconfiglist_len); } else infof(data, "HTTPS RR: no ECHConfigList"); if(hrr->ipv6hints) { - local_print_buf(data, "HTTPS RR: ipv6hint", - hrr->ipv6hints, hrr->ipv6hints_len); + doh_print_buf(data, "HTTPS RR: ipv6hint", + hrr->ipv6hints, hrr->ipv6hints_len); } else infof(data, "HTTPS RR: no ipv6hints"); @@ -1294,52 +1295,45 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data, struct Curl_dns_entry **dnsp) { CURLcode result; - struct dohdata *dohp = data->req.doh; + struct doh_probes *dohp = data->req.doh; *dnsp = NULL; /* defaults to no response */ if(!dohp) return CURLE_OUT_OF_MEMORY; - if(!dohp->probe[DOH_PROBE_SLOT_IPADDR_V4].easy && - !dohp->probe[DOH_PROBE_SLOT_IPADDR_V6].easy) { + if(dohp->probe[DOH_SLOT_IPV4].easy_mid < 0 && + dohp->probe[DOH_SLOT_IPV6].easy_mid < 0) { failf(data, "Could not DoH-resolve: %s", data->state.async.hostname); - return CONN_IS_PROXIED(data->conn)?CURLE_COULDNT_RESOLVE_PROXY: + return CONN_IS_PROXIED(data->conn) ? CURLE_COULDNT_RESOLVE_PROXY : CURLE_COULDNT_RESOLVE_HOST; } else if(!dohp->pending) { -#ifndef USE_HTTPSRR - DOHcode rc[DOH_PROBE_SLOTS] = { - DOH_OK, DOH_OK - }; -#else - DOHcode rc[DOH_PROBE_SLOTS] = { - DOH_OK, DOH_OK, DOH_OK - }; -#endif + DOHcode rc[DOH_SLOT_COUNT]; struct dohentry de; int slot; + + memset(rc, 0, sizeof(rc)); /* remove DoH handles from multi handle and close them */ Curl_doh_close(data); /* parse the responses, create the struct and return it! */ de_init(&de); - for(slot = 0; slot < DOH_PROBE_SLOTS; slot++) { - struct dnsprobe *p = &dohp->probe[slot]; + for(slot = 0; slot < DOH_SLOT_COUNT; slot++) { + struct doh_probe *p = &dohp->probe[slot]; if(!p->dnstype) continue; - rc[slot] = doh_decode(Curl_dyn_uptr(&p->serverdoh), - Curl_dyn_len(&p->serverdoh), - p->dnstype, - &de); - Curl_dyn_free(&p->serverdoh); + rc[slot] = doh_resp_decode(Curl_dyn_uptr(&p->resp_body), + Curl_dyn_len(&p->resp_body), + p->dnstype, &de); + Curl_dyn_free(&p->resp_body); #ifndef CURL_DISABLE_VERBOSE_STRINGS if(rc[slot]) { infof(data, "DoH: %s type %s for %s", doh_strerror(rc[slot]), - type2name(p->dnstype), dohp->host); + doh_type2name(p->dnstype), dohp->host); } #endif } /* next slot */ result = CURLE_COULDNT_RESOLVE_HOST; /* until we know better */ - if(!rc[DOH_PROBE_SLOT_IPADDR_V4] || !rc[DOH_PROBE_SLOT_IPADDR_V6]) { + if(!rc[DOH_SLOT_IPV4] || !rc[DOH_SLOT_IPV6]) { /* we have an address, of one kind or other */ struct Curl_dns_entry *dns; struct Curl_addrinfo *ai; @@ -1347,7 +1341,7 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data, if(Curl_trc_ft_is_verbose(data, &Curl_doh_trc)) { infof(data, "[DoH] hostname: %s", dohp->host); - showdoh(data, &de); + doh_show(data, &de); } result = doh2ai(&de, dohp->host, dohp->port, &ai); @@ -1360,7 +1354,7 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data, Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE); /* we got a response, store it in the cache */ - dns = Curl_cache_addr(data, ai, dohp->host, 0, dohp->port); + dns = Curl_cache_addr(data, ai, dohp->host, 0, dohp->port, FALSE); if(data->share) Curl_share_unlock(data, CURL_LOCK_DATA_DNS); @@ -1380,7 +1374,7 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data, #ifdef USE_HTTPSRR if(de.numhttps_rrs > 0 && result == CURLE_OK && *dnsp) { struct Curl_https_rrinfo *hrr = NULL; - result = Curl_doh_decode_httpsrr(de.https_rrs->val, de.https_rrs->len, + result = doh_resp_decode_httpsrr(de.https_rrs->val, de.https_rrs->len, &hrr); if(result) { infof(data, "Failed to decode HTTPS RR"); @@ -1388,7 +1382,7 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data, } infof(data, "Some HTTPS RR to process"); # ifdef DEBUGBUILD - local_print_httpsrr(data, hrr); + doh_print_httpsrr(data, hrr); # endif (*dnsp)->hinfo = hrr; } @@ -1396,7 +1390,7 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data, /* All done */ de_cleanup(&de); - Curl_safefree(data->req.doh); + Curl_doh_cleanup(data); return result; } /* !dohp->pending */ @@ -1407,28 +1401,40 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data, void Curl_doh_close(struct Curl_easy *data) { - struct dohdata *doh = data->req.doh; - if(doh) { + struct doh_probes *doh = data->req.doh; + if(doh && data->multi) { + struct Curl_easy *probe_data; + curl_off_t mid; size_t slot; - for(slot = 0; slot < DOH_PROBE_SLOTS; slot++) { - if(!doh->probe[slot].easy) + for(slot = 0; slot < DOH_SLOT_COUNT; slot++) { + mid = doh->probe[slot].easy_mid; + if(mid < 0) continue; + doh->probe[slot].easy_mid = -1; + /* should have been called before data is removed from multi handle */ + DEBUGASSERT(data->multi); + probe_data = data->multi ? Curl_multi_get_handle(data->multi, mid) : + NULL; + if(!probe_data) { + DEBUGF(infof(data, "Curl_doh_close: xfer for mid=%" + FMT_OFF_T " not found!", + doh->probe[slot].easy_mid)); + continue; + } /* data->multi might already be reset at this time */ - if(doh->probe[slot].easy->multi) - curl_multi_remove_handle(doh->probe[slot].easy->multi, - doh->probe[slot].easy); - Curl_close(&doh->probe[slot].easy); + curl_multi_remove_handle(data->multi, probe_data); + Curl_close(&probe_data); } } } void Curl_doh_cleanup(struct Curl_easy *data) { - struct dohdata *doh = data->req.doh; + struct doh_probes *doh = data->req.doh; if(doh) { Curl_doh_close(data); - curl_slist_free_all(doh->headers); - data->req.doh->headers = NULL; + curl_slist_free_all(doh->req_hds); + data->req.doh->req_hds = NULL; Curl_safefree(data->req.doh); } } diff --git a/libraries/libcurl/doh.h b/libraries/libcurl/doh.h index 5e86bf44..aae32a65 100644 --- a/libraries/libcurl/doh.h +++ b/libraries/libcurl/doh.h @@ -59,18 +59,39 @@ typedef enum { } DNStype; /* one of these for each DoH request */ -struct dnsprobe { - CURL *easy; +struct doh_probe { + curl_off_t easy_mid; /* multi id of easy handle doing the lookup */ DNStype dnstype; - unsigned char dohbuffer[512]; - size_t dohlen; - struct dynbuf serverdoh; + unsigned char req_body[512]; + size_t req_body_len; + struct dynbuf resp_body; }; -struct dohdata { - struct curl_slist *headers; - struct dnsprobe probe[DOH_PROBE_SLOTS]; - unsigned int pending; /* still outstanding requests */ +enum doh_slot_num { + /* Explicit values for first two symbols so as to match hard-coded + * constants in existing code + */ + DOH_SLOT_IPV4 = 0, /* make 'V4' stand out for readability */ + DOH_SLOT_IPV6 = 1, /* 'V6' likewise */ + + /* Space here for (possibly build-specific) additional slot definitions */ +#ifdef USE_HTTPSRR + DOH_SLOT_HTTPS_RR = 2, /* for HTTPS RR */ +#endif + + /* for example */ + /* #ifdef WANT_DOH_FOOBAR_TXT */ + /* DOH_PROBE_SLOT_FOOBAR_TXT, */ + /* #endif */ + + /* AFTER all slot definitions, establish how many we have */ + DOH_SLOT_COUNT +}; + +struct doh_probes { + struct curl_slist *req_hds; + struct doh_probe probe[DOH_SLOT_COUNT]; + unsigned int pending; /* still outstanding probes */ int port; const char *host; }; @@ -116,7 +137,7 @@ struct dohaddr { #define HTTPS_RR_CODE_IPV6 0x06 /* - * These may need escaping when found within an alpn string + * These may need escaping when found within an ALPN string * value. */ #define COMMA_CHAR ',' @@ -144,15 +165,15 @@ void Curl_doh_close(struct Curl_easy *data); void Curl_doh_cleanup(struct Curl_easy *data); #ifdef UNITTESTS -UNITTEST DOHcode doh_encode(const char *host, - DNStype dnstype, - unsigned char *dnsp, /* buffer */ - size_t len, /* buffer size */ - size_t *olen); /* output length */ -UNITTEST DOHcode doh_decode(const unsigned char *doh, - size_t dohlen, - DNStype dnstype, - struct dohentry *d); +UNITTEST DOHcode doh_req_encode(const char *host, + DNStype dnstype, + unsigned char *dnsp, /* buffer */ + size_t len, /* buffer size */ + size_t *olen); /* output length */ +UNITTEST DOHcode doh_resp_decode(const unsigned char *doh, + size_t dohlen, + DNStype dnstype, + struct dohentry *d); UNITTEST void de_init(struct dohentry *d); UNITTEST void de_cleanup(struct dohentry *d); diff --git a/libraries/libcurl/dynhds.c b/libraries/libcurl/dynhds.c index 9153838e..2c92ca63 100644 --- a/libraries/libcurl/dynhds.c +++ b/libraries/libcurl/dynhds.c @@ -141,7 +141,7 @@ void Curl_dynhds_set_opts(struct dynhds *dynhds, int opts) struct dynhds_entry *Curl_dynhds_getn(struct dynhds *dynhds, size_t n) { DEBUGASSERT(dynhds); - return (n < dynhds->hds_len)? dynhds->hds[n] : NULL; + return (n < dynhds->hds_len) ? dynhds->hds[n] : NULL; } struct dynhds_entry *Curl_dynhds_get(struct dynhds *dynhds, const char *name, @@ -272,7 +272,7 @@ CURLcode Curl_dynhds_h1_add_line(struct dynhds *dynhds, CURLcode Curl_dynhds_h1_cadd_line(struct dynhds *dynhds, const char *line) { - return Curl_dynhds_h1_add_line(dynhds, line, line? strlen(line) : 0); + return Curl_dynhds_h1_add_line(dynhds, line, line ? strlen(line) : 0); } #ifdef UNITTESTS diff --git a/libraries/libcurl/easy.c b/libraries/libcurl/easy.c index 2ba9af0b..d16fa8c0 100644 --- a/libraries/libcurl/easy.c +++ b/libraries/libcurl/easy.c @@ -113,6 +113,7 @@ static curl_simple_lock s_lock = CURL_SIMPLE_LOCK_INIT; #endif #if defined(_MSC_VER) && defined(_DLL) +# pragma warning(push) # pragma warning(disable:4232) /* MSVC extension, dllimport identity */ #endif @@ -130,7 +131,7 @@ curl_wcsdup_callback Curl_cwcsdup = Curl_wcsdup; #endif #if defined(_MSC_VER) && defined(_DLL) -# pragma warning(default:4232) /* MSVC extension, dllimport identity */ +# pragma warning(pop) #endif #ifdef DEBUGBUILD @@ -346,7 +347,7 @@ CURLsslset curl_global_sslset(curl_sslbackend id, const char *name, * curl_easy_init() is the external interface to alloc, setup and init an * easy handle that is returned. If anything goes wrong, NULL is returned. */ -struct Curl_easy *curl_easy_init(void) +CURL *curl_easy_init(void) { CURLcode result; struct Curl_easy *data; @@ -390,25 +391,22 @@ struct events { int running_handles; /* store the returned number */ }; +#define DEBUG_EV_POLL 0 + /* events_timer * * Callback that gets called with a new value when the timeout should be * updated. */ - -static int events_timer(struct Curl_multi *multi, /* multi handle */ +static int events_timer(CURLM *multi, /* multi handle */ long timeout_ms, /* see above */ - void *userp) /* private callback pointer */ + void *userp) /* private callback pointer */ { struct events *ev = userp; (void)multi; - if(timeout_ms == -1) - /* timeout removed */ - timeout_ms = 0; - else if(timeout_ms == 0) - /* timeout is already reached! */ - timeout_ms = 1; /* trigger asap */ - +#if DEBUG_EV_POLL + fprintf(stderr, "events_timer: set timeout %ldms\n", timeout_ms); +#endif ev->ms = timeout_ms; ev->msbump = TRUE; return 0; @@ -451,7 +449,7 @@ static short socketcb2poll(int pollmask) * Callback that gets called with information about socket activity to * monitor. */ -static int events_socket(struct Curl_easy *easy, /* easy handle */ +static int events_socket(CURL *easy, /* easy handle */ curl_socket_t s, /* socket */ int what, /* see above */ void *userp, /* private callback @@ -462,6 +460,8 @@ static int events_socket(struct Curl_easy *easy, /* easy handle */ struct events *ev = userp; struct socketmonitor *m; struct socketmonitor *prev = NULL; + bool found = FALSE; + struct Curl_easy *data = easy; #if defined(CURL_DISABLE_VERBOSE_STRINGS) (void) easy; @@ -471,7 +471,7 @@ static int events_socket(struct Curl_easy *easy, /* easy handle */ m = ev->list; while(m) { if(m->socket.fd == s) { - + found = TRUE; if(what == CURL_POLL_REMOVE) { struct socketmonitor *nxt = m->next; /* remove this node from the list of monitored sockets */ @@ -480,30 +480,29 @@ static int events_socket(struct Curl_easy *easy, /* easy handle */ else ev->list = nxt; free(m); - m = nxt; - infof(easy, "socket cb: socket %" CURL_FORMAT_SOCKET_T - " REMOVED", s); + infof(data, "socket cb: socket %" FMT_SOCKET_T " REMOVED", s); } else { /* The socket 's' is already being monitored, update the activity mask. Convert from libcurl bitmask to the poll one. */ m->socket.events = socketcb2poll(what); - infof(easy, "socket cb: socket %" CURL_FORMAT_SOCKET_T + infof(data, "socket cb: socket %" FMT_SOCKET_T " UPDATED as %s%s", s, - (what&CURL_POLL_IN)?"IN":"", - (what&CURL_POLL_OUT)?"OUT":""); + (what&CURL_POLL_IN) ? "IN" : "", + (what&CURL_POLL_OUT) ? "OUT" : ""); } break; } prev = m; m = m->next; /* move to next node */ } - if(!m) { + + if(!found) { if(what == CURL_POLL_REMOVE) { - /* this happens a bit too often, libcurl fix perhaps? */ - /* fprintf(stderr, - "%s: socket %d asked to be REMOVED but not present!\n", - __func__, s); */ + /* should not happen if our logic is correct, but is no drama. */ + DEBUGF(infof(data, "socket cb: asked to REMOVE socket %" + FMT_SOCKET_T "but not present!", s)); + DEBUGASSERT(0); } else { m = malloc(sizeof(struct socketmonitor)); @@ -513,10 +512,9 @@ static int events_socket(struct Curl_easy *easy, /* easy handle */ m->socket.events = socketcb2poll(what); m->socket.revents = 0; ev->list = m; - infof(easy, "socket cb: socket %" CURL_FORMAT_SOCKET_T - " ADDED as %s%s", s, - (what&CURL_POLL_IN)?"IN":"", - (what&CURL_POLL_OUT)?"OUT":""); + infof(data, "socket cb: socket %" FMT_SOCKET_T " ADDED as %s%s", s, + (what&CURL_POLL_IN) ? "IN" : "", + (what&CURL_POLL_OUT) ? "OUT" : ""); } else return CURLE_OUT_OF_MEMORY; @@ -564,14 +562,15 @@ static CURLcode wait_or_timeout(struct Curl_multi *multi, struct events *ev) int pollrc; int i; struct curltime before; - struct curltime after; /* populate the fds[] array */ for(m = ev->list, f = &fds[0]; m; m = m->next) { f->fd = m->socket.fd; f->events = m->socket.events; f->revents = 0; - /* fprintf(stderr, "poll() %d check socket %d\n", numfds, f->fd); */ +#if DEBUG_EV_POLL + fprintf(stderr, "poll() %d check socket %d\n", numfds, f->fd); +#endif f++; numfds++; } @@ -579,12 +578,27 @@ static CURLcode wait_or_timeout(struct Curl_multi *multi, struct events *ev) /* get the time stamp to use to figure out how long poll takes */ before = Curl_now(); - /* wait for activity or timeout */ - pollrc = Curl_poll(fds, (unsigned int)numfds, ev->ms); - if(pollrc < 0) - return CURLE_UNRECOVERABLE_POLL; - - after = Curl_now(); + if(numfds) { + /* wait for activity or timeout */ +#if DEBUG_EV_POLL + fprintf(stderr, "poll(numfds=%d, timeout=%ldms)\n", numfds, ev->ms); +#endif + pollrc = Curl_poll(fds, (unsigned int)numfds, ev->ms); +#if DEBUG_EV_POLL + fprintf(stderr, "poll(numfds=%d, timeout=%ldms) -> %d\n", + numfds, ev->ms, pollrc); +#endif + if(pollrc < 0) + return CURLE_UNRECOVERABLE_POLL; + } + else { +#if DEBUG_EV_POLL + fprintf(stderr, "poll, but no fds, wait timeout=%ldms\n", ev->ms); +#endif + pollrc = 0; + if(ev->ms > 0) + Curl_wait_ms(ev->ms); + } ev->msbump = FALSE; /* reset here */ @@ -597,26 +611,37 @@ static CURLcode wait_or_timeout(struct Curl_multi *multi, struct events *ev) } else { /* here pollrc is > 0 */ + struct Curl_llist_node *e = Curl_llist_head(&multi->process); + struct Curl_easy *data; + DEBUGASSERT(e); + data = Curl_node_elem(e); + DEBUGASSERT(data); /* loop over the monitored sockets to see which ones had activity */ - for(i = 0; i< numfds; i++) { + for(i = 0; i < numfds; i++) { if(fds[i].revents) { /* socket activity, tell libcurl */ int act = poll2cselect(fds[i].revents); /* convert */ - infof(multi->easyp, - "call curl_multi_socket_action(socket " - "%" CURL_FORMAT_SOCKET_T ")", fds[i].fd); + + /* sending infof "randomly" to the first easy handle */ + infof(data, "call curl_multi_socket_action(socket " + "%" FMT_SOCKET_T ")", (curl_socket_t)fds[i].fd); mcode = curl_multi_socket_action(multi, fds[i].fd, act, &ev->running_handles); } } - if(!ev->msbump) { + + if(!ev->msbump && ev->ms >= 0) { /* If nothing updated the timeout, we decrease it by the spent time. * If it was updated, it has the new timeout time stored already. */ - timediff_t timediff = Curl_timediff(after, before); + timediff_t timediff = Curl_timediff(Curl_now(), before); if(timediff > 0) { +#if DEBUG_EV_POLL + fprintf(stderr, "poll timeout %ldms not updated, decrease by " + "time spent %ldms\n", ev->ms, (long)timediff); +#endif if(timediff > ev->ms) ev->ms = 0; else @@ -649,7 +674,7 @@ static CURLcode easy_events(struct Curl_multi *multi) { /* this struct is made static to allow it to be used after this function returns and curl_multi_remove_handle() is called */ - static struct events evs = {2, FALSE, 0, NULL, 0}; + static struct events evs = {-1, FALSE, 0, NULL, 0}; /* if running event-based, do some further multi inits */ events_setup(multi, &evs); @@ -785,7 +810,7 @@ static CURLcode easy_perform(struct Curl_easy *data, bool events) * curl_easy_perform() is the external interface that performs a blocking * transfer as previously setup. */ -CURLcode curl_easy_perform(struct Curl_easy *data) +CURLcode curl_easy_perform(CURL *data) { return easy_perform(data, FALSE); } @@ -806,8 +831,9 @@ CURLcode curl_easy_perform_ev(struct Curl_easy *data) * curl_easy_cleanup() is the external interface to cleaning/freeing the given * easy handle. */ -void curl_easy_cleanup(struct Curl_easy *data) +void curl_easy_cleanup(CURL *ptr) { + struct Curl_easy *data = ptr; if(GOOD_EASY_HANDLE(data)) { SIGPIPE_VARIABLE(pipe_st); sigpipe_ignore(data, &pipe_st); @@ -821,7 +847,7 @@ void curl_easy_cleanup(struct Curl_easy *data) * information from a performed transfer and similar. */ #undef curl_easy_getinfo -CURLcode curl_easy_getinfo(struct Curl_easy *data, CURLINFO info, ...) +CURLcode curl_easy_getinfo(CURL *data, CURLINFO info, ...) { va_list arg; void *paramp; @@ -853,7 +879,7 @@ static CURLcode dupset(struct Curl_easy *dst, struct Curl_easy *src) memset(dst->set.blobs, 0, BLOB_LAST * sizeof(struct curl_blob *)); /* duplicate all strings */ - for(i = (enum dupstring)0; i< STRING_LASTZEROTERMINATED; i++) { + for(i = (enum dupstring)0; i < STRING_LASTZEROTERMINATED; i++) { result = Curl_setstropt(&dst->set.str[i], src->set.str[i]); if(result) return result; @@ -895,8 +921,9 @@ static CURLcode dupset(struct Curl_easy *dst, struct Curl_easy *src) * given input easy handle. The returned handle will be a new working handle * with all options set exactly as the input source handle. */ -struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) +CURL *curl_easy_duphandle(CURL *d) { + struct Curl_easy *data = d; struct Curl_easy *outcurl = calloc(1, sizeof(struct Curl_easy)); if(!outcurl) goto fail; @@ -914,8 +941,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) Curl_dyn_init(&outcurl->state.headerb, CURL_MAX_HTTP_HEADER); - /* the connection cache is setup on demand */ - outcurl->state.conn_cache = NULL; + /* the connection pool is setup on demand */ outcurl->state.lastconnect_id = -1; outcurl->state.recent_conn_id = -1; outcurl->id = -1; @@ -1012,7 +1038,9 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) goto fail; } #endif /* USE_ARES */ - +#ifndef CURL_DISABLE_HTTP + Curl_llist_init(&outcurl->state.httphdrs, NULL); +#endif Curl_initinfo(outcurl); outcurl->magic = CURLEASY_MAGIC_NUMBER; @@ -1041,8 +1069,9 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) * curl_easy_reset() is an external interface that allows an app to re- * initialize a session handle to the default values. */ -void curl_easy_reset(struct Curl_easy *data) +void curl_easy_reset(CURL *d) { + struct Curl_easy *data = d; Curl_req_hard_reset(&data->req, data); /* zero out UserDefined data: */ @@ -1082,7 +1111,7 @@ void curl_easy_reset(struct Curl_easy *data) * NOTE: This is one of few API functions that are allowed to be called from * within a callback. */ -CURLcode curl_easy_pause(struct Curl_easy *data, int action) +CURLcode curl_easy_pause(CURL *d, int action) { struct SingleRequest *k; CURLcode result = CURLE_OK; @@ -1090,6 +1119,7 @@ CURLcode curl_easy_pause(struct Curl_easy *data, int action) int newstate; bool recursive = FALSE; bool keep_changed, unpause_read, not_all_paused; + struct Curl_easy *data = d; if(!GOOD_EASY_HANDLE(data) || !data->conn) /* crazy input, do not continue */ @@ -1102,8 +1132,8 @@ CURLcode curl_easy_pause(struct Curl_easy *data, int action) /* first switch off both pause bits then set the new pause bits */ newstate = (k->keepon &~ (KEEP_RECV_PAUSE| KEEP_SEND_PAUSE)) | - ((action & CURLPAUSE_RECV)?KEEP_RECV_PAUSE:0) | - ((action & CURLPAUSE_SEND)?KEEP_SEND_PAUSE:0); + ((action & CURLPAUSE_RECV) ? KEEP_RECV_PAUSE : 0) | + ((action & CURLPAUSE_SEND) ? KEEP_SEND_PAUSE : 0); keep_changed = ((newstate & (KEEP_RECV_PAUSE| KEEP_SEND_PAUSE)) != oldstate); not_all_paused = (newstate & (KEEP_RECV_PAUSE|KEEP_SEND_PAUSE)) != @@ -1112,7 +1142,7 @@ CURLcode curl_easy_pause(struct Curl_easy *data, int action) (data->mstate == MSTATE_PERFORMING || data->mstate == MSTATE_RATELIMITING)); /* Unpausing writes is detected on the next run in - * transfer.c:Curl_readwrite(). This is because this may result + * transfer.c:Curl_sendrecv(). This is because this may result * in a transfer error if the application's callbacks fail */ /* Set the new keepon state, so it takes effect no matter what error @@ -1193,12 +1223,12 @@ static CURLcode easy_connection(struct Curl_easy *data, * curl_easy_perform() with CURLOPT_CONNECT_ONLY option. * Returns CURLE_OK on success, error code on error. */ -CURLcode curl_easy_recv(struct Curl_easy *data, void *buffer, size_t buflen, - size_t *n) +CURLcode curl_easy_recv(CURL *d, void *buffer, size_t buflen, size_t *n) { CURLcode result; ssize_t n1; struct connectdata *c; + struct Curl_easy *data = d; if(Curl_is_in_callback(data)) return CURLE_RECURSIVE_API_CALL; @@ -1222,7 +1252,7 @@ CURLcode curl_easy_recv(struct Curl_easy *data, void *buffer, size_t buflen, return CURLE_OK; } -#ifdef USE_WEBSOCKETS +#ifndef CURL_DISABLE_WEBSOCKETS CURLcode Curl_connect_only_attach(struct Curl_easy *data) { CURLcode result; @@ -1239,7 +1269,7 @@ CURLcode Curl_connect_only_attach(struct Curl_easy *data) return CURLE_OK; } -#endif /* USE_WEBSOCKETS */ +#endif /* !CURL_DISABLE_WEBSOCKETS */ /* * Sends data over the connected socket. @@ -1264,7 +1294,7 @@ CURLcode Curl_senddata(struct Curl_easy *data, const void *buffer, Curl_attach_connection(data, c); sigpipe_ignore(data, &pipe_st); - result = Curl_conn_send(data, FIRSTSOCKET, buffer, buflen, n); + result = Curl_conn_send(data, FIRSTSOCKET, buffer, buflen, FALSE, n); sigpipe_restore(&pipe_st); if(result && result != CURLE_AGAIN) @@ -1276,11 +1306,11 @@ CURLcode Curl_senddata(struct Curl_easy *data, const void *buffer, * Sends data over the connected socket. Use after successful * curl_easy_perform() with CURLOPT_CONNECT_ONLY option. */ -CURLcode curl_easy_send(struct Curl_easy *data, const void *buffer, - size_t buflen, size_t *n) +CURLcode curl_easy_send(CURL *d, const void *buffer, size_t buflen, size_t *n) { size_t written = 0; CURLcode result; + struct Curl_easy *data = d; if(Curl_is_in_callback(data)) return CURLE_RECURSIVE_API_CALL; @@ -1289,62 +1319,19 @@ CURLcode curl_easy_send(struct Curl_easy *data, const void *buffer, return result; } -/* - * Wrapper to call functions in Curl_conncache_foreach() - * - * Returns always 0. - */ -static int conn_upkeep(struct Curl_easy *data, - struct connectdata *conn, - void *param) -{ - struct curltime *now = param; - - if(Curl_timediff(*now, conn->keepalive) <= data->set.upkeep_interval_ms) - return 0; - - /* briefly attach for action */ - Curl_attach_connection(data, conn); - if(conn->handler->connection_check) { - /* Do a protocol-specific keepalive check on the connection. */ - conn->handler->connection_check(data, conn, CONNCHECK_KEEPALIVE); - } - else { - /* Do the generic action on the FIRSTSOCKET filter chain */ - Curl_conn_keep_alive(data, conn, FIRSTSOCKET); - } - Curl_detach_connection(data); - - conn->keepalive = *now; - return 0; /* continue iteration */ -} - -static CURLcode upkeep(struct conncache *conn_cache, void *data) -{ - struct curltime now = Curl_now(); - /* Loop over every connection and make connection alive. */ - Curl_conncache_foreach(data, - conn_cache, - &now, - conn_upkeep); - return CURLE_OK; -} - /* * Performs connection upkeep for the given session handle. */ -CURLcode curl_easy_upkeep(struct Curl_easy *data) +CURLcode curl_easy_upkeep(CURL *d) { + struct Curl_easy *data = d; /* Verify that we got an easy handle we can work with. */ if(!GOOD_EASY_HANDLE(data)) return CURLE_BAD_FUNCTION_ARGUMENT; - if(data->multi_easy) { - /* Use the common function to keep connections alive. */ - return upkeep(&data->multi_easy->conn_cache, data); - } - else { - /* No connections, so just return success */ - return CURLE_OK; - } + if(Curl_is_in_callback(data)) + return CURLE_RECURSIVE_API_CALL; + + /* Use the common function to keep connections alive. */ + return Curl_cpool_upkeep(data); } diff --git a/libraries/libcurl/easyif.h b/libraries/libcurl/easyif.h index d77bb98f..181ce38f 100644 --- a/libraries/libcurl/easyif.h +++ b/libraries/libcurl/easyif.h @@ -30,7 +30,7 @@ CURLcode Curl_senddata(struct Curl_easy *data, const void *buffer, size_t buflen, size_t *n); -#ifdef USE_WEBSOCKETS +#ifndef CURL_DISABLE_WEBSOCKETS CURLcode Curl_connect_only_attach(struct Curl_easy *data); #endif diff --git a/libraries/libcurl/escape.c b/libraries/libcurl/escape.c index 1633c2da..eaad6d33 100644 --- a/libraries/libcurl/escape.c +++ b/libraries/libcurl/escape.c @@ -29,6 +29,8 @@ #include +struct Curl_easy; + #include "urldata.h" #include "warnless.h" #include "escape.h" @@ -53,7 +55,7 @@ char *curl_unescape(const char *string, int length) /* Escapes for URL the given unescaped string of given length. * 'data' is ignored since 7.82.0. */ -char *curl_easy_escape(struct Curl_easy *data, const char *string, +char *curl_easy_escape(CURL *data, const char *string, int inlength) { size_t length; @@ -63,12 +65,12 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string, if(!string || (inlength < 0)) return NULL; - Curl_dyn_init(&d, CURL_MAX_INPUT_LENGTH * 3); - - length = (inlength?(size_t)inlength:strlen(string)); + length = (inlength ? (size_t)inlength : strlen(string)); if(!length) return strdup(""); + Curl_dyn_init(&d, length * 3 + 1); + while(length--) { /* treat the characters unsigned */ unsigned char in = (unsigned char)*string++; @@ -82,7 +84,7 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string, /* encode it */ const char hex[] = "0123456789ABCDEF"; char out[3]={'%'}; - out[1] = hex[in>>4]; + out[1] = hex[in >> 4]; out[2] = hex[in & 0xf]; if(Curl_dyn_addn(&d, out, 3)) return NULL; @@ -128,7 +130,7 @@ CURLcode Curl_urldecode(const char *string, size_t length, DEBUGASSERT(string); DEBUGASSERT(ctrl >= REJECT_NADA); /* crash on TRUE/FALSE */ - alloc = (length?length:strlen(string)); + alloc = (length ? length : strlen(string)); ns = malloc(alloc + 1); if(!ns) @@ -176,7 +178,7 @@ CURLcode Curl_urldecode(const char *string, size_t length, * If olen == NULL, no output length is stored. * 'data' is ignored since 7.82.0. */ -char *curl_easy_unescape(struct Curl_easy *data, const char *string, +char *curl_easy_unescape(CURL *data, const char *string, int length, int *olen) { char *str = NULL; @@ -223,7 +225,7 @@ void Curl_hexencode(const unsigned char *src, size_t len, /* input length */ while(len-- && (olen >= 3)) { /* clang-tidy warns on this line without this comment: */ /* NOLINTNEXTLINE(clang-analyzer-core.UndefinedBinaryOperatorResult) */ - *out++ = (unsigned char)hex[(*src & 0xF0)>>4]; + *out++ = (unsigned char)hex[(*src & 0xF0) >> 4]; *out++ = (unsigned char)hex[*src & 0x0F]; ++src; olen -= 2; diff --git a/libraries/libcurl/file.c b/libraries/libcurl/file.c index 82ff151b..4cd8d0ff 100644 --- a/libraries/libcurl/file.c +++ b/libraries/libcurl/file.c @@ -223,7 +223,7 @@ static CURLcode file_connect(struct Curl_easy *data, bool *done) * A leading slash in an AmigaDOS path denotes the parent * directory, and hence we block this as it is relative. * Absolute paths start with 'volumename:', so we check for - * this first. Failing that, we treat the path as a real unix + * this first. Failing that, we treat the path as a real Unix * path, but only if the application was compiled with -lunix. */ fd = -1; @@ -468,8 +468,7 @@ static CURLcode file_do(struct Curl_easy *data, bool *done) static const char accept_ranges[]= { "Accept-ranges: bytes\r\n" }; if(expected_size >= 0) { headerlen = - msnprintf(header, sizeof(header), - "Content-Length: %" CURL_FORMAT_CURL_OFF_T "\r\n", + msnprintf(header, sizeof(header), "Content-Length: %" FMT_OFF_T "\r\n", expected_size); result = Curl_client_write(data, CLIENTWRITE_HEADER, header, headerlen); if(result) @@ -490,7 +489,7 @@ static CURLcode file_do(struct Curl_easy *data, bool *done) headerlen = msnprintf(header, sizeof(header), "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n", - Curl_wkday[tm->tm_wday?tm->tm_wday-1:6], + Curl_wkday[tm->tm_wday ? tm->tm_wday-1 : 6], tm->tm_mday, Curl_month[tm->tm_mon], tm->tm_year + 1900, diff --git a/libraries/libcurl/fileinfo.h b/libraries/libcurl/fileinfo.h index ce009da0..0b3f56d9 100644 --- a/libraries/libcurl/fileinfo.h +++ b/libraries/libcurl/fileinfo.h @@ -30,7 +30,7 @@ struct fileinfo { struct curl_fileinfo info; - struct Curl_llist_element list; + struct Curl_llist_node list; struct dynbuf buf; }; diff --git a/libraries/libcurl/formdata.c b/libraries/libcurl/formdata.c index 7a282bdd..cea61b22 100644 --- a/libraries/libcurl/formdata.c +++ b/libraries/libcurl/formdata.c @@ -26,6 +26,8 @@ #include +struct Curl_easy; + #include "formdata.h" #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_FORM_API) @@ -282,8 +284,8 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, if(current_form->name) return_value = CURL_FORMADD_OPTION_TWICE; else { - char *name = array_state? - array_value:va_arg(params, char *); + char *name = array_state ? + array_value : va_arg(params, char *); if(name) current_form->name = name; /* store for the moment */ else @@ -295,7 +297,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, return_value = CURL_FORMADD_OPTION_TWICE; else current_form->namelength = - array_state?(size_t)array_value:(size_t)va_arg(params, long); + array_state ? (size_t)array_value : (size_t)va_arg(params, long); break; /* @@ -309,7 +311,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, return_value = CURL_FORMADD_OPTION_TWICE; else { char *value = - array_state?array_value:va_arg(params, char *); + array_state ? array_value : va_arg(params, char *); if(value) current_form->value = value; /* store for the moment */ else @@ -318,13 +320,14 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, break; case CURLFORM_CONTENTSLENGTH: current_form->contentslength = - array_state?(size_t)array_value:(size_t)va_arg(params, long); + array_state ? (size_t)array_value : (size_t)va_arg(params, long); break; case CURLFORM_CONTENTLEN: current_form->flags |= CURL_HTTPPOST_LARGE; current_form->contentslength = - array_state?(curl_off_t)(size_t)array_value:va_arg(params, curl_off_t); + array_state ? (curl_off_t)(size_t)array_value : + va_arg(params, curl_off_t); break; /* Get contents from a given filename */ @@ -332,8 +335,8 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, if(current_form->flags & (HTTPPOST_PTRCONTENTS|HTTPPOST_READFILE)) return_value = CURL_FORMADD_OPTION_TWICE; else { - const char *filename = array_state? - array_value:va_arg(params, char *); + const char *filename = array_state ? + array_value : va_arg(params, char *); if(filename) { current_form->value = strdup(filename); if(!current_form->value) @@ -351,7 +354,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, /* We upload a file */ case CURLFORM_FILE: { - const char *filename = array_state?array_value: + const char *filename = array_state ? array_value : va_arg(params, char *); if(current_form->value) { @@ -401,7 +404,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, return_value = CURL_FORMADD_OPTION_TWICE; else { char *buffer = - array_state?array_value:va_arg(params, char *); + array_state ? array_value : va_arg(params, char *); if(buffer) { current_form->buffer = buffer; /* store for the moment */ current_form->value = buffer; /* make it non-NULL to be accepted @@ -417,7 +420,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, return_value = CURL_FORMADD_OPTION_TWICE; else current_form->bufferlength = - array_state?(size_t)array_value:(size_t)va_arg(params, long); + array_state ? (size_t)array_value : (size_t)va_arg(params, long); break; case CURLFORM_STREAM: @@ -426,7 +429,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, return_value = CURL_FORMADD_OPTION_TWICE; else { char *userp = - array_state?array_value:va_arg(params, char *); + array_state ? array_value : va_arg(params, char *); if(userp) { current_form->userp = userp; current_form->value = userp; /* this is not strictly true but we @@ -442,7 +445,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, case CURLFORM_CONTENTTYPE: { const char *contenttype = - array_state?array_value:va_arg(params, char *); + array_state ? array_value : va_arg(params, char *); if(current_form->contenttype) { if(current_form->flags & HTTPPOST_FILENAME) { if(contenttype) { @@ -485,8 +488,8 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, { /* this "cast increases required alignment of target type" but we consider it OK anyway */ - struct curl_slist *list = array_state? - (struct curl_slist *)(void *)array_value: + struct curl_slist *list = array_state ? + (struct curl_slist *)(void *)array_value : va_arg(params, struct curl_slist *); if(current_form->contentheader) @@ -499,7 +502,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, case CURLFORM_FILENAME: case CURLFORM_BUFFER: { - const char *filename = array_state?array_value: + const char *filename = array_state ? array_value : va_arg(params, char *); if(current_form->showfilename) return_value = CURL_FORMADD_OPTION_TWICE; @@ -569,7 +572,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, if(((form->flags & HTTPPOST_FILENAME) || (form->flags & HTTPPOST_BUFFER)) && !form->contenttype) { - char *f = (form->flags & HTTPPOST_BUFFER)? + char *f = (form->flags & HTTPPOST_BUFFER) ? form->showfilename : form->value; char const *type; type = Curl_mime_contenttype(f); @@ -603,8 +606,8 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, app passed in a bad combo, so we better check for that first. */ if(form->name) { /* copy name (without strdup; possibly not null-terminated) */ - form->name = Curl_memdup0(form->name, form->namelength? - form->namelength: + form->name = Curl_memdup0(form->name, form->namelength ? + form->namelength : strlen(form->name)); } if(!form->name) { @@ -790,10 +793,10 @@ static CURLcode setname(curl_mimepart *part, const char *name, size_t len) /* wrap call to fseeko so it matches the calling convention of callback */ static int fseeko_wrapper(void *stream, curl_off_t offset, int whence) { -#if defined(HAVE_FSEEKO) && defined(HAVE_DECL_FSEEKO) - return fseeko(stream, (off_t)offset, whence); -#elif defined(HAVE__FSEEKI64) +#if defined(HAVE__FSEEKI64) return _fseeki64(stream, (__int64)offset, whence); +#elif defined(HAVE_FSEEKO) && defined(HAVE_DECL_FSEEKO) + return fseeko(stream, (off_t)offset, whence); #else if(offset > LONG_MAX) return -1; @@ -811,7 +814,7 @@ static int fseeko_wrapper(void *stream, curl_off_t offset, int whence) * a NULL pointer in the 'data' argument. */ -CURLcode Curl_getformdata(struct Curl_easy *data, +CURLcode Curl_getformdata(CURL *data, curl_mimepart *finalform, struct curl_httppost *post, curl_read_callback fread_func) @@ -896,7 +899,8 @@ CURLcode Curl_getformdata(struct Curl_easy *data, } else if(post->flags & HTTPPOST_BUFFER) result = curl_mime_data(part, post->buffer, - post->bufferlength? post->bufferlength: -1); + post->bufferlength ? + post->bufferlength : -1); else if(post->flags & HTTPPOST_CALLBACK) { /* the contents should be read with the callback and the size is set with the contentslength */ diff --git a/libraries/libcurl/formdata.h b/libraries/libcurl/formdata.h index 2ed96ffc..0e35e189 100644 --- a/libraries/libcurl/formdata.h +++ b/libraries/libcurl/formdata.h @@ -49,7 +49,7 @@ struct FormInfo { bool showfilename_alloc; }; -CURLcode Curl_getformdata(struct Curl_easy *data, +CURLcode Curl_getformdata(CURL *data, curl_mimepart *, struct curl_httppost *post, curl_read_callback fread_func); diff --git a/libraries/libcurl/ftp.c b/libraries/libcurl/ftp.c index ae340c44..16ab0af0 100644 --- a/libraries/libcurl/ftp.c +++ b/libraries/libcurl/ftp.c @@ -188,7 +188,7 @@ static CURLcode ftp_regular_transfer(struct Curl_easy *data, bool *done); #ifndef CURL_DISABLE_VERBOSE_STRINGS static void ftp_pasv_verbose(struct Curl_easy *data, struct Curl_addrinfo *ai, - char *newhost, /* ascii version */ + char *newhost, /* ASCII version */ int port); #endif static CURLcode ftp_state_prepare_transfer(struct Curl_easy *data); @@ -302,10 +302,10 @@ static void close_secondarysocket(struct Curl_easy *data) * requests on files respond with headers passed to the client/stdout that * looked like HTTP ones. * - * This approach is not very elegant, it causes confusion and is error-prone. - * It is subject for removal at the next (or at least a future) soname bump. - * Until then you can test the effects of the removal by undefining the - * following define named CURL_FTP_HTTPSTYLE_HEAD. + * This approach is not elegant, it causes confusion and is error-prone. It is + * subject for removal at the next (or at least a future) soname bump. Until + * then you can test the effects of the removal by undefining the following + * define named CURL_FTP_HTTPSTYLE_HEAD. */ #define CURL_FTP_HTTPSTYLE_HEAD 1 @@ -327,7 +327,7 @@ static void freedirs(struct ftp_conn *ftpc) Curl_safefree(ftpc->newhost); } -#ifdef CURL_DO_LINEEND_CONV +#ifdef CURL_PREFER_LF_LINEENDS /*********************************************************************** * * Lineend Conversions @@ -369,7 +369,6 @@ static CURLcode ftp_cw_lc_write(struct Curl_easy *data, } /* either we just wrote the newline or it is part of the next * chunk of bytes we write. */ - data->state.crlf_conversions++; ctx->newline_pending = FALSE; } @@ -400,7 +399,6 @@ static CURLcode ftp_cw_lc_write(struct Curl_easy *data, /* EndOfStream, if we have a trailing cr, now is the time to write it */ if(ctx->newline_pending) { ctx->newline_pending = FALSE; - data->state.crlf_conversions++; return Curl_cwriter_write(data, writer->next, type, &nl, 1); } /* Always pass on the EOS type indicator */ @@ -418,141 +416,22 @@ static const struct Curl_cwtype ftp_cw_lc = { sizeof(struct ftp_cw_lc_ctx) }; -#endif /* CURL_DO_LINEEND_CONV */ +#endif /* CURL_PREFER_LF_LINEENDS */ /*********************************************************************** * - * AcceptServerConnect() - * - * After connection request is received from the server this function is - * called to accept the connection and close the listening socket + * ftp_check_ctrl_on_data_wait() * */ -static CURLcode AcceptServerConnect(struct Curl_easy *data) -{ - struct connectdata *conn = data->conn; - curl_socket_t sock = conn->sock[SECONDARYSOCKET]; - curl_socket_t s = CURL_SOCKET_BAD; -#ifdef USE_IPV6 - struct Curl_sockaddr_storage add; -#else - struct sockaddr_in add; -#endif - curl_socklen_t size = (curl_socklen_t) sizeof(add); - CURLcode result; - - if(0 == getsockname(sock, (struct sockaddr *) &add, &size)) { - size = sizeof(add); - - s = accept(sock, (struct sockaddr *) &add, &size); - } - - if(CURL_SOCKET_BAD == s) { - failf(data, "Error accept()ing server connect"); - return CURLE_FTP_PORT_FAILED; - } - infof(data, "Connection accepted from server"); - /* when this happens within the DO state it is important that we mark us as - not needing DO_MORE anymore */ - conn->bits.do_more = FALSE; - - (void)curlx_nonblock(s, TRUE); /* enable non-blocking */ - /* Replace any filter on SECONDARY with one listening on this socket */ - result = Curl_conn_tcp_accepted_set(data, conn, SECONDARYSOCKET, &s); - if(result) { - sclose(s); - return result; - } - - if(data->set.fsockopt) { - int error = 0; - - /* activate callback for setting socket options */ - Curl_set_in_callback(data, true); - error = data->set.fsockopt(data->set.sockopt_client, - s, - CURLSOCKTYPE_ACCEPT); - Curl_set_in_callback(data, false); - - if(error) { - close_secondarysocket(data); - return CURLE_ABORTED_BY_CALLBACK; - } - } - - return CURLE_OK; - -} - -/* - * ftp_timeleft_accept() returns the amount of milliseconds left allowed for - * waiting server to connect. If the value is negative, the timeout time has - * already elapsed. - * - * The start time is stored in progress.t_acceptdata - as set with - * Curl_pgrsTime(..., TIMER_STARTACCEPT); - * - */ -static timediff_t ftp_timeleft_accept(struct Curl_easy *data) -{ - timediff_t timeout_ms = DEFAULT_ACCEPT_TIMEOUT; - timediff_t other; - struct curltime now; - - if(data->set.accepttimeout > 0) - timeout_ms = data->set.accepttimeout; - - now = Curl_now(); - - /* check if the generic timeout possibly is set shorter */ - other = Curl_timeleft(data, &now, FALSE); - if(other && (other < timeout_ms)) - /* note that this also works fine for when other happens to be negative - due to it already having elapsed */ - timeout_ms = other; - else { - /* subtract elapsed time */ - timeout_ms -= Curl_timediff(now, data->progress.t_acceptdata); - if(!timeout_ms) - /* avoid returning 0 as that means no timeout! */ - return -1; - } - - return timeout_ms; -} - - -/*********************************************************************** - * - * ReceivedServerConnect() - * - * After allowing server to connect to us from data port, this function - * checks both data connection for connection establishment and ctrl - * connection for a negative response regarding a failure in connecting - * - */ -static CURLcode ReceivedServerConnect(struct Curl_easy *data, bool *received) +static CURLcode ftp_check_ctrl_on_data_wait(struct Curl_easy *data) { struct connectdata *conn = data->conn; curl_socket_t ctrl_sock = conn->sock[FIRSTSOCKET]; - curl_socket_t data_sock = conn->sock[SECONDARYSOCKET]; struct ftp_conn *ftpc = &conn->proto.ftpc; struct pingpong *pp = &ftpc->pp; - int socketstate = 0; - timediff_t timeout_ms; ssize_t nread; int ftpcode; bool response = FALSE; - *received = FALSE; - - timeout_ms = ftp_timeleft_accept(data); - infof(data, "Checking for server connect"); - if(timeout_ms < 0) { - /* if a timeout was already reached, bail out */ - failf(data, "Accept timeout occurred while waiting server connect"); - return CURLE_FTP_ACCEPT_TIMEOUT; - } - /* First check whether there is a cached response from server */ if(Curl_dyn_len(&pp->recvbuf) && (*Curl_dyn_ptr(&pp->recvbuf) > '3')) { /* Data connection could not be established, let's return */ @@ -564,26 +443,22 @@ static CURLcode ReceivedServerConnect(struct Curl_easy *data, bool *received) if(pp->overflow) /* there is pending control data still in the buffer to read */ response = TRUE; - else - socketstate = Curl_socket_check(ctrl_sock, data_sock, CURL_SOCKET_BAD, 0); - - /* see if the connection request is already here */ - switch(socketstate) { - case -1: /* error */ - /* let's die here */ - failf(data, "Error while waiting for server connect"); - return CURLE_FTP_ACCEPT_FAILED; - case 0: /* Server connect is not received yet */ - break; /* loop */ - default: - if(socketstate & CURL_CSELECT_IN2) { - infof(data, "Ready to accept data connection from server"); - *received = TRUE; + else { + int socketstate = Curl_socket_check(ctrl_sock, CURL_SOCKET_BAD, + CURL_SOCKET_BAD, 0); + /* see if the connection request is already here */ + switch(socketstate) { + case -1: /* error */ + /* let's die here */ + failf(data, "Error while waiting for server connect"); + return CURLE_FTP_ACCEPT_FAILED; + default: + if(socketstate & CURL_CSELECT_IN) + response = TRUE; + break; } - else if(socketstate & CURL_CSELECT_IN) - response = TRUE; - break; } + if(response) { infof(data, "Ctrl conn has data while waiting for data conn"); if(pp->overflow > 3) { @@ -602,7 +477,6 @@ static CURLcode ReceivedServerConnect(struct Curl_easy *data, bool *received) noticed. Leave the 226 in there and use this as a trigger to read the data socket. */ infof(data, "Got 226 before data activity"); - *received = TRUE; return CURLE_OK; } } @@ -621,7 +495,6 @@ static CURLcode ReceivedServerConnect(struct Curl_easy *data, bool *received) return CURLE_OK; } - /*********************************************************************** * * InitiateTransfer() @@ -637,12 +510,6 @@ static CURLcode InitiateTransfer(struct Curl_easy *data) bool connected; CURL_TRC_FTP(data, "InitiateTransfer()"); - if(conn->bits.ftp_use_data_ssl && data->set.ftp_use_port && - !Curl_conn_is_ssl(conn, SECONDARYSOCKET)) { - result = Curl_ssl_cfilter_add(data, conn, SECONDARYSOCKET); - if(result) - return result; - } result = Curl_conn_connect(data, SECONDARYSOCKET, TRUE, &connected); if(result || !connected) return result; @@ -655,12 +522,14 @@ static CURLcode InitiateTransfer(struct Curl_easy *data) /* set the SO_SNDBUF for the secondary socket for those who need it */ Curl_sndbuf_init(conn->sock[SECONDARYSOCKET]); - Curl_xfer_setup2(data, CURL_XFER_SEND, -1, TRUE); + /* FTP upload, shutdown DATA, ignore shutdown errors, as we rely + * on the server response on the CONTROL connection. */ + Curl_xfer_setup2(data, CURL_XFER_SEND, -1, TRUE, TRUE); } else { - /* FTP download: */ + /* FTP download, shutdown, do not ignore errors */ Curl_xfer_setup2(data, CURL_XFER_RECV, - conn->proto.ftpc.retr_size_saved, TRUE); + conn->proto.ftpc.retr_size_saved, TRUE, FALSE); } conn->proto.ftpc.pp.pending_resp = TRUE; /* expect server response */ @@ -669,60 +538,6 @@ static CURLcode InitiateTransfer(struct Curl_easy *data) return CURLE_OK; } -/*********************************************************************** - * - * AllowServerConnect() - * - * When we have issue the PORT command, we have told the server to connect to - * us. This function checks whether data connection is established if so it is - * accepted. - * - */ -static CURLcode AllowServerConnect(struct Curl_easy *data, bool *connected) -{ - timediff_t timeout_ms; - CURLcode result = CURLE_OK; - - *connected = FALSE; - infof(data, "Preparing for accepting server on data port"); - - /* Save the time we start accepting server connect */ - Curl_pgrsTime(data, TIMER_STARTACCEPT); - - timeout_ms = ftp_timeleft_accept(data); - if(timeout_ms < 0) { - /* if a timeout was already reached, bail out */ - failf(data, "Accept timeout occurred while waiting server connect"); - result = CURLE_FTP_ACCEPT_TIMEOUT; - goto out; - } - - /* see if the connection request is already here */ - result = ReceivedServerConnect(data, connected); - if(result) - goto out; - - if(*connected) { - result = AcceptServerConnect(data); - if(result) - goto out; - - result = InitiateTransfer(data); - if(result) - goto out; - } - else { - /* Add timeout to multi handle and break out of the loop */ - Curl_expire(data, data->set.accepttimeout ? - data->set.accepttimeout: DEFAULT_ACCEPT_TIMEOUT, - EXPIRE_FTP_ACCEPT); - } - -out: - CURL_TRC_FTP(data, "AllowServerConnect() -> %d", result); - return result; -} - static bool ftp_endofresp(struct Curl_easy *data, struct connectdata *conn, char *line, size_t len, int *code) { @@ -819,6 +634,8 @@ CURLcode Curl_GetFTPResponse(struct Curl_easy *data, int cache_skip = 0; int value_to_be_ignored = 0; + CURL_TRC_FTP(data, "getFTPResponse start"); + if(ftpcode) *ftpcode = 0; /* 0 for errors */ else @@ -864,21 +681,27 @@ CURLcode Curl_GetFTPResponse(struct Curl_easy *data, */ } else if(!Curl_conn_data_pending(data, FIRSTSOCKET)) { - switch(SOCKET_READABLE(sockfd, interval_ms)) { - case -1: /* select() error, stop reading */ + curl_socket_t wsock = Curl_pp_needs_flush(data, pp) ? + sockfd : CURL_SOCKET_BAD; + int ev = Curl_socket_check(sockfd, CURL_SOCKET_BAD, wsock, interval_ms); + if(ev < 0) { failf(data, "FTP response aborted due to select/poll error: %d", SOCKERRNO); return CURLE_RECV_ERROR; - - case 0: /* timeout */ + } + else if(ev == 0) { if(Curl_pgrsUpdate(data)) return CURLE_ABORTED_BY_CALLBACK; continue; /* just continue in our loop for the timeout duration */ + } + } - default: /* for clarity */ + if(Curl_pp_needs_flush(data, pp)) { + result = Curl_pp_flushsend(data, pp); + if(result) break; - } } + result = ftp_readresp(data, FIRSTSOCKET, pp, ftpcode, &nread); if(result) break; @@ -897,6 +720,8 @@ CURLcode Curl_GetFTPResponse(struct Curl_easy *data, } /* while there is buffer left and loop is requested */ pp->pending_resp = FALSE; + CURL_TRC_FTP(data, "getFTPResponse -> result=%d, nread=%zd, ftpcode=%d", + result, *nreadp, *ftpcode); return result; } @@ -906,7 +731,7 @@ static CURLcode ftp_state_user(struct Curl_easy *data, { CURLcode result = Curl_pp_sendf(data, &conn->proto.ftpc.pp, "USER %s", - conn->user?conn->user:""); + conn->user ? conn->user : ""); if(!result) { struct ftp_conn *ftpc = &conn->proto.ftpc; ftpc->ftp_trying_alternative = FALSE; @@ -1042,7 +867,7 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, int error; char *host = NULL; char *string_ftpport = data->set.str[STRING_FTPPORT]; - struct Curl_dns_entry *h = NULL; + struct Curl_dns_entry *dns_entry = NULL; unsigned short port_min = 0; unsigned short port_max = 0; unsigned short port; @@ -1130,7 +955,7 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, /* attempt to get the address of the given interface name */ switch(Curl_if2ip(conn->remote_addr->family, #ifdef USE_IPV6 - Curl_ipv6_scope(&conn->remote_addr->sa_addr), + Curl_ipv6_scope(&conn->remote_addr->curl_sa_addr), conn->scope_id, #endif ipstr, hbuf, sizeof(hbuf))) { @@ -1178,15 +1003,12 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, } /* resolv ip/host to ip */ - rc = Curl_resolv(data, host, 0, FALSE, &h); + rc = Curl_resolv(data, host, 0, FALSE, &dns_entry); if(rc == CURLRESOLV_PENDING) - (void)Curl_resolver_wait_resolv(data, &h); - if(h) { - res = h->addr; - /* when we return from this function, we can forget about this entry - to we can unlock it now already */ - Curl_resolv_unlock(data, h); - } /* (h) */ + (void)Curl_resolver_wait_resolv(data, &dns_entry); + if(dns_entry) { + res = dns_entry->addr; + } else res = NULL; /* failure! */ @@ -1299,12 +1121,6 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, conn->bits.ftp_use_eprt = TRUE; #endif - /* Replace any filter on SECONDARY with one listening on this socket */ - result = Curl_conn_tcp_listen_set(data, conn, SECONDARYSOCKET, &portsock); - if(result) - goto out; - portsock = CURL_SOCKET_BAD; /* now held in filter */ - for(; fcmd != DONE; fcmd++) { if(!conn->bits.ftp_use_eprt && (EPRT == fcmd)) @@ -1338,7 +1154,7 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, */ result = Curl_pp_sendf(data, &ftpc->pp, "%s |%d|%s|%hu|", mode[fcmd], - sa->sa_family == AF_INET?1:2, + sa->sa_family == AF_INET ? 1 : 2, myhost, port); if(result) { failf(data, "Failure sending EPRT command: %s", @@ -1363,7 +1179,7 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, source++; } *dest = 0; - msnprintf(dest, 20, ",%d,%d", (int)(port>>8), (int)(port&0xff)); + msnprintf(dest, 20, ",%d,%d", (int)(port >> 8), (int)(port & 0xff)); result = Curl_pp_sendf(data, &ftpc->pp, "%s %s", mode[fcmd], target); if(result) { @@ -1377,13 +1193,32 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, /* store which command was sent */ ftpc->count1 = fcmd; - ftp_state(data, FTP_PORT); + /* Replace any filter on SECONDARY with one listening on this socket */ + result = Curl_conn_tcp_listen_set(data, conn, SECONDARYSOCKET, &portsock); + if(!result) + portsock = CURL_SOCKET_BAD; /* now held in filter */ + out: + /* If we looked up a dns_entry, now is the time to safely release it */ + if(dns_entry) + Curl_resolv_unlink(data, &dns_entry); if(result) { ftp_state(data, FTP_STOP); } + else { + /* successfully setup the list socket filter. Do we need more? */ + if(conn->bits.ftp_use_data_ssl && data->set.ftp_use_port && + !Curl_conn_is_ssl(conn, SECONDARYSOCKET)) { + result = Curl_ssl_cfilter_add(data, conn, SECONDARYSOCKET); + } + data->conn->bits.do_more = FALSE; + Curl_pgrsTime(data, TIMER_STARTACCEPT); + Curl_expire(data, data->set.accepttimeout ? + data->set.accepttimeout: DEFAULT_ACCEPT_TIMEOUT, + EXPIRE_FTP_ACCEPT); + } if(portsock != CURL_SOCKET_BAD) Curl_socket_close(data, conn, portsock); return result; @@ -1418,7 +1253,7 @@ static CURLcode ftp_state_use_pasv(struct Curl_easy *data, conn->bits.ftp_use_epsv = TRUE; #endif - modeoff = conn->bits.ftp_use_epsv?0:1; + modeoff = conn->bits.ftp_use_epsv ? 0 : 1; result = Curl_pp_sendf(data, &ftpc->pp, "%s", mode[modeoff]); if(!result) { @@ -1461,9 +1296,9 @@ static CURLcode ftp_state_prepare_transfer(struct Curl_easy *data) struct ftp_conn *ftpc = &conn->proto.ftpc; if(!conn->proto.ftpc.file) result = Curl_pp_sendf(data, &ftpc->pp, "PRET %s", - data->set.str[STRING_CUSTOMREQUEST]? - data->set.str[STRING_CUSTOMREQUEST]: - (data->state.list_only?"NLST":"LIST")); + data->set.str[STRING_CUSTOMREQUEST] ? + data->set.str[STRING_CUSTOMREQUEST] : + (data->state.list_only ? "NLST" : "LIST")); else if(data->state.upload) result = Curl_pp_sendf(data, &ftpc->pp, "PRET STOR %s", conn->proto.ftpc.file); @@ -1568,11 +1403,11 @@ static CURLcode ftp_state_list(struct Curl_easy *data) } cmd = aprintf("%s%s%s", - data->set.str[STRING_CUSTOMREQUEST]? - data->set.str[STRING_CUSTOMREQUEST]: - (data->state.list_only?"NLST":"LIST"), - lstArg? " ": "", - lstArg? lstArg: ""); + data->set.str[STRING_CUSTOMREQUEST] ? + data->set.str[STRING_CUSTOMREQUEST] : + (data->state.list_only ? "NLST" : "LIST"), + lstArg ? " " : "", + lstArg ? lstArg : ""); free(lstArg); if(!cmd) @@ -1694,10 +1529,10 @@ static CURLcode ftp_state_ul_setup(struct Curl_easy *data, /* Let's read off the proper amount of bytes from the input. */ if(data->set.seek_func) { - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); seekerr = data->set.seek_func(data->set.seek_client, data->state.resume_from, SEEK_SET); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); } if(seekerr != CURL_SEEKFUNC_OK) { @@ -1728,7 +1563,7 @@ static CURLcode ftp_state_ul_setup(struct Curl_easy *data, } while(passed < data->state.resume_from); } /* now, decrease the size of the read */ - if(data->state.infilesize>0) { + if(data->state.infilesize > 0) { data->state.infilesize -= data->state.resume_from; if(data->state.infilesize <= 0) { @@ -1748,7 +1583,7 @@ static CURLcode ftp_state_ul_setup(struct Curl_easy *data, /* we have passed, proceed as normal */ } /* resume_from */ - result = Curl_pp_sendf(data, &ftpc->pp, append?"APPE %s":"STOR %s", + result = Curl_pp_sendf(data, &ftpc->pp, append ? "APPE %s" : "STOR %s", ftpc->file); if(!result) ftp_state(data, FTP_STOR); @@ -1796,7 +1631,7 @@ static CURLcode ftp_state_quote(struct Curl_easy *data, int i = 0; /* Skip count1 items in the linked list */ - while((i< ftpc->count1) && item) { + while((i < ftpc->count1) && item) { item = item->next; i++; } @@ -2030,7 +1865,7 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data, if(!ftpc->newhost) return CURLE_OUT_OF_MEMORY; - ftpc->newport = (unsigned short)(((ip[4]<<8) + ip[5]) & 0xffff); + ftpc->newport = (unsigned short)(((ip[4] << 8) + ip[5]) & 0xffff); } else if(ftpc->count1 == 0) { /* EPSV failed, move on to PASV */ @@ -2072,7 +1907,6 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data, /* postponed address resolution in case of tcp fastopen */ if(conn->bits.tcp_fastopen && !conn->bits.reuse && !ftpc->newhost[0]) { - Curl_conn_ev_update_info(data, conn); Curl_safefree(ftpc->newhost); ftpc->newhost = strdup(control_address(conn)); if(!ftpc->newhost) @@ -2094,11 +1928,11 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data, } result = Curl_conn_setup(data, conn, SECONDARYSOCKET, addr, - conn->bits.ftp_use_data_ssl? + conn->bits.ftp_use_data_ssl ? CURL_CF_SSL_ENABLE : CURL_CF_SSL_DISABLE); if(result) { - Curl_resolv_unlock(data, addr); /* we are done using this address */ + Curl_resolv_unlink(data, &addr); /* we are done using this address */ if(ftpc->count1 == 0 && ftpcode == 229) return ftp_epsv_disable(data, conn); @@ -2116,7 +1950,7 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data, /* this just dumps information about this second connection */ ftp_pasv_verbose(data, addr->addr, ftpc->newhost, connectport); - Curl_resolv_unlock(data, addr); /* we are done using this address */ + Curl_resolv_unlink(data, &addr); /* we are done using this address */ Curl_safefree(conn->secondaryhostname); conn->secondary_port = ftpc->newport; @@ -2208,10 +2042,10 @@ static CURLcode client_write_header(struct Curl_easy *data, * headers from CONNECT should not automatically be part of the * output. */ CURLcode result; - int save = data->set.include_header; + bool save = data->set.include_header; data->set.include_header = TRUE; result = Curl_client_write(data, CLIENTWRITE_HEADER, buf, blen); - data->set.include_header = save? TRUE:FALSE; + data->set.include_header = save; return result; } @@ -2260,15 +2094,16 @@ static CURLcode ftp_state_mdtm_resp(struct Curl_easy *data, return result; /* format: "Tue, 15 Nov 1994 12:45:26" */ - headerbuflen = msnprintf(headerbuf, sizeof(headerbuf), - "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n", - Curl_wkday[tm->tm_wday?tm->tm_wday-1:6], - tm->tm_mday, - Curl_month[tm->tm_mon], - tm->tm_year + 1900, - tm->tm_hour, - tm->tm_min, - tm->tm_sec); + headerbuflen = + msnprintf(headerbuf, sizeof(headerbuf), + "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n", + Curl_wkday[tm->tm_wday ? tm->tm_wday-1 : 6], + tm->tm_mday, + Curl_month[tm->tm_mon], + tm->tm_year + 1900, + tm->tm_hour, + tm->tm_min, + tm->tm_sec); result = client_write_header(data, headerbuf, headerbuflen); if(result) return result; @@ -2380,11 +2215,11 @@ static CURLcode ftp_state_retr(struct Curl_easy *data, else { /* We got a file size report, so we check that there actually is a part of the file left to get, or else we go home. */ - if(data->state.resume_from< 0) { + if(data->state.resume_from < 0) { /* We are supposed to download the last abs(from) bytes */ if(filesize < -data->state.resume_from) { - failf(data, "Offset (%" CURL_FORMAT_CURL_OFF_T - ") was beyond file size (%" CURL_FORMAT_CURL_OFF_T ")", + failf(data, "Offset (%" FMT_OFF_T + ") was beyond file size (%" FMT_OFF_T ")", data->state.resume_from, filesize); return CURLE_BAD_DOWNLOAD_RESUME; } @@ -2395,8 +2230,8 @@ static CURLcode ftp_state_retr(struct Curl_easy *data, } else { if(filesize < data->state.resume_from) { - failf(data, "Offset (%" CURL_FORMAT_CURL_OFF_T - ") was beyond file size (%" CURL_FORMAT_CURL_OFF_T ")", + failf(data, "Offset (%" FMT_OFF_T + ") was beyond file size (%" FMT_OFF_T ")", data->state.resume_from, filesize); return CURLE_BAD_DOWNLOAD_RESUME; } @@ -2418,10 +2253,10 @@ static CURLcode ftp_state_retr(struct Curl_easy *data, } /* Set resume file transfer offset */ - infof(data, "Instructs server to resume from offset %" - CURL_FORMAT_CURL_OFF_T, data->state.resume_from); + infof(data, "Instructs server to resume from offset %" FMT_OFF_T, + data->state.resume_from); - result = Curl_pp_sendf(data, &ftpc->pp, "REST %" CURL_FORMAT_CURL_OFF_T, + result = Curl_pp_sendf(data, &ftpc->pp, "REST %" FMT_OFF_T, data->state.resume_from); if(!result) ftp_state(data, FTP_RETR_REST); @@ -2479,7 +2314,7 @@ static CURLcode ftp_state_size_resp(struct Curl_easy *data, if(-1 != filesize) { char clbuf[128]; int clbuflen = msnprintf(clbuf, sizeof(clbuf), - "Content-Length: %" CURL_FORMAT_CURL_OFF_T "\r\n", filesize); + "Content-Length: %" FMT_OFF_T "\r\n", filesize); result = client_write_header(data, clbuf, clbuflen); if(result) return result; @@ -2555,21 +2390,21 @@ static CURLcode ftp_state_stor_resp(struct Curl_easy *data, /* PORT means we are now awaiting the server to connect to us. */ if(data->set.ftp_use_port) { + struct ftp_conn *ftpc = &conn->proto.ftpc; bool connected; ftp_state(data, FTP_STOP); /* no longer in STOR state */ - result = AllowServerConnect(data, &connected); + result = Curl_conn_connect(data, SECONDARYSOCKET, FALSE, &connected); if(result) return result; if(!connected) { - struct ftp_conn *ftpc = &conn->proto.ftpc; infof(data, "Data conn was not available immediately"); ftpc->wait_data_conn = TRUE; + return ftp_check_ctrl_on_data_wait(data); } - - return CURLE_OK; + ftpc->wait_data_conn = FALSE; } return InitiateTransfer(data); } @@ -2619,10 +2454,10 @@ static CURLcode ftp_state_get_resp(struct Curl_easy *data, !data->set.ignorecl && (ftp->downloadsize < 1)) { /* - * It seems directory listings either do not show the size or very - * often uses size 0 anyway. ASCII transfers may very well turn out - * that the transferred amount of data is not the same as this line - * tells, why using this number in those cases only confuses us. + * It seems directory listings either do not show the size or often uses + * size 0 anyway. ASCII transfers may cause that the transferred amount + * of data is not the same as this line tells, why using this number in + * those cases only confuses us. * * Example D above makes this parsing a little tricky */ char *bytes; @@ -2659,33 +2494,32 @@ static CURLcode ftp_state_get_resp(struct Curl_easy *data, else if((instate != FTP_LIST) && (data->state.prefer_ascii)) size = -1; /* kludge for servers that understate ASCII mode file size */ - infof(data, "Maxdownload = %" CURL_FORMAT_CURL_OFF_T, - data->req.maxdownload); + infof(data, "Maxdownload = %" FMT_OFF_T, data->req.maxdownload); if(instate != FTP_LIST) - infof(data, "Getting file with size: %" CURL_FORMAT_CURL_OFF_T, - size); + infof(data, "Getting file with size: %" FMT_OFF_T, size); /* FTP download: */ conn->proto.ftpc.state_saved = instate; conn->proto.ftpc.retr_size_saved = size; if(data->set.ftp_use_port) { + struct ftp_conn *ftpc = &conn->proto.ftpc; bool connected; - result = AllowServerConnect(data, &connected); + result = Curl_conn_connect(data, SECONDARYSOCKET, FALSE, &connected); if(result) return result; if(!connected) { - struct ftp_conn *ftpc = &conn->proto.ftpc; infof(data, "Data conn was not available immediately"); ftp_state(data, FTP_STOP); ftpc->wait_data_conn = TRUE; + return ftp_check_ctrl_on_data_wait(data); } + ftpc->wait_data_conn = FALSE; } - else - return InitiateTransfer(data); + return InitiateTransfer(data); } else { if((instate == FTP_LIST) && (ftpcode == 450)) { @@ -2695,8 +2529,8 @@ static CURLcode ftp_state_get_resp(struct Curl_easy *data, } else { failf(data, "RETR response: %03d", ftpcode); - return instate == FTP_RETR && ftpcode == 550? - CURLE_REMOTE_FILE_NOT_FOUND: + return instate == FTP_RETR && ftpcode == 550 ? + CURLE_REMOTE_FILE_NOT_FOUND : CURLE_FTP_COULDNT_RETR_FILE; } } @@ -2748,7 +2582,7 @@ static CURLcode ftp_state_user_resp(struct Curl_easy *data, /* 331 Password required for ... (the server requires to send the user's password too) */ result = Curl_pp_sendf(data, &ftpc->pp, "PASS %s", - conn->passwd?conn->passwd:""); + conn->passwd ? conn->passwd : ""); if(!result) ftp_state(data, FTP_PASS); } @@ -2959,7 +2793,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, if(ftpcode/100 == 2) /* We have enabled SSL for the data connection! */ conn->bits.ftp_use_data_ssl = - (data->set.use_ssl != CURLUSESSL_CONTROL) ? TRUE : FALSE; + (data->set.use_ssl != CURLUSESSL_CONTROL); /* FTP servers typically responds with 500 if they decide to reject our 'P' request */ else if(data->set.use_ssl > CURLUSESSL_CONTROL) @@ -3276,7 +3110,7 @@ static CURLcode ftp_multi_statemach(struct Curl_easy *data, /* Check for the state outside of the Curl_socket_check() return code checks since at times we are in fact already in this state when this function gets called. */ - *done = (ftpc->state == FTP_STOP) ? TRUE : FALSE; + *done = (ftpc->state == FTP_STOP); return result; } @@ -3398,9 +3232,9 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, if(data->state.wildcardmatch) { if(data->set.chunk_end && ftpc->file) { - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); data->set.chunk_end(data->set.wildcardptr); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); } ftpc->known_filesize = -1; } @@ -3427,7 +3261,8 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, if(data->set.ftp_filemethod == FTPFILE_NOCWD) pathLen = 0; /* relative path => working directory is FTP home */ else - pathLen -= ftpc->file?strlen(ftpc->file):0; /* file is url-decoded */ + /* file is url-decoded */ + pathLen -= ftpc->file ? strlen(ftpc->file) : 0; rawPath[pathLen] = '\0'; ftpc->prevpath = rawPath; @@ -3529,8 +3364,8 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, (data->state.infilesize != data->req.writebytecount) && !data->set.crlf && (ftp->transfer == PPTRANSFER_BODY)) { - failf(data, "Uploaded unaligned file size (%" CURL_FORMAT_CURL_OFF_T - " out of %" CURL_FORMAT_CURL_OFF_T " bytes)", + failf(data, "Uploaded unaligned file size (%" FMT_OFF_T + " out of %" FMT_OFF_T " bytes)", data->req.writebytecount, data->state.infilesize); result = CURLE_PARTIAL_FILE; } @@ -3538,22 +3373,14 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, else { if((-1 != data->req.size) && (data->req.size != data->req.bytecount) && -#ifdef CURL_DO_LINEEND_CONV - /* Most FTP servers do not adjust their file SIZE response for CRLFs, - * so we will check to see if the discrepancy can be explained by the - * number of CRLFs we have changed to LFs. - */ - ((data->req.size + data->state.crlf_conversions) != - data->req.bytecount) && -#endif /* CURL_DO_LINEEND_CONV */ (data->req.maxdownload != data->req.bytecount)) { - failf(data, "Received only partial file: %" CURL_FORMAT_CURL_OFF_T - " bytes", data->req.bytecount); + failf(data, "Received only partial file: %" FMT_OFF_T " bytes", + data->req.bytecount); result = CURLE_PARTIAL_FILE; } else if(!ftpc->dont_check && !data->req.bytecount && - (data->req.size>0)) { + (data->req.size > 0)) { failf(data, "No data was received"); result = CURLE_FTP_COULDNT_RETR_FILE; } @@ -3637,7 +3464,7 @@ CURLcode ftp_sendquote(struct Curl_easy *data, static int ftp_need_type(struct connectdata *conn, bool ascii_wanted) { - return conn->proto.ftpc.transfertype != (ascii_wanted?'A':'I'); + return conn->proto.ftpc.transfertype != (ascii_wanted ? 'A' : 'I'); } /*********************************************************************** @@ -3654,7 +3481,7 @@ static CURLcode ftp_nb_type(struct Curl_easy *data, { struct ftp_conn *ftpc = &conn->proto.ftpc; CURLcode result; - char want = (char)(ascii?'A':'I'); + char want = (char)(ascii ? 'A' : 'I'); if(ftpc->transfertype == want) { ftp_state(data, newstate); @@ -3684,7 +3511,7 @@ static CURLcode ftp_nb_type(struct Curl_easy *data, static void ftp_pasv_verbose(struct Curl_easy *data, struct Curl_addrinfo *ai, - char *newhost, /* ascii version */ + char *newhost, /* ASCII version */ int port) { char buf[256]; @@ -3717,20 +3544,25 @@ static CURLcode ftp_do_more(struct Curl_easy *data, int *completep) * complete */ struct FTP *ftp = NULL; - /* if the second connection is not done yet, wait for it to have - * connected to the remote host. When using proxy tunneling, this - * means the tunnel needs to have been establish. However, we - * can not expect the remote host to talk to us in any way yet. - * So, when using ftps: the SSL handshake will not start until we - * tell the remote server that we are there. */ + /* if the second connection has been set up, try to connect it fully + * to the remote host. This may not complete at this time, for several + * reasons: + * - we do EPTR and the server will not connect to our listen socket + * until we send more FTP commands + * - an SSL filter is in place and the server will not start the TLS + * handshake until we send more FTP commands + */ if(conn->cfilter[SECONDARYSOCKET]) { + bool is_eptr = Curl_conn_is_tcp_listen(data, SECONDARYSOCKET); result = Curl_conn_connect(data, SECONDARYSOCKET, FALSE, &connected); - if(result || !Curl_conn_is_ip_connected(data, SECONDARYSOCKET)) { - if(result && (ftpc->count1 == 0)) { + if(result || (!connected && !is_eptr && + !Curl_conn_is_ip_connected(data, SECONDARYSOCKET))) { + if(result && !is_eptr && (ftpc->count1 == 0)) { *completep = -1; /* go back to DOING please */ /* this is a EPSV connect failing, try PASV instead */ return ftp_epsv_disable(data, conn); } + *completep = (int)complete; return result; } } @@ -3763,16 +3595,14 @@ static CURLcode ftp_do_more(struct Curl_easy *data, int *completep) if(ftpc->wait_data_conn) { bool serv_conned; - result = ReceivedServerConnect(data, &serv_conned); + result = Curl_conn_connect(data, SECONDARYSOCKET, TRUE, &serv_conned); if(result) return result; /* Failed to accept data connection */ if(serv_conned) { /* It looks data connection is established */ - result = AcceptServerConnect(data); ftpc->wait_data_conn = FALSE; - if(!result) - result = InitiateTransfer(data); + result = InitiateTransfer(data); if(result) return result; @@ -3780,6 +3610,11 @@ static CURLcode ftp_do_more(struct Curl_easy *data, int *completep) *completep = 1; /* this state is now complete when the server has connected back to us */ } + else { + result = ftp_check_ctrl_on_data_wait(data); + if(result) + return result; + } } else if(data->state.upload) { result = ftp_nb_type(data, conn, data->state.prefer_ascii, @@ -3915,8 +3750,7 @@ static CURLcode init_wc_data(struct Curl_easy *data) last_slash++; if(last_slash[0] == '\0') { wildcard->state = CURLWC_CLEAN; - result = ftp_parse_url_path(data); - return result; + return ftp_parse_url_path(data); } wildcard->pattern = strdup(last_slash); if(!wildcard->pattern) @@ -3932,8 +3766,7 @@ static CURLcode init_wc_data(struct Curl_easy *data) } else { /* only list */ wildcard->state = CURLWC_CLEAN; - result = ftp_parse_url_path(data); - return result; + return ftp_parse_url_path(data); } } @@ -4027,7 +3860,7 @@ static CURLcode wc_statemach(struct Curl_easy *data) wildcard->state = CURLWC_CLEAN; continue; } - if(wildcard->filelist.size == 0) { + if(Curl_llist_count(&wildcard->filelist) == 0) { /* no corresponding file */ wildcard->state = CURLWC_CLEAN; return CURLE_REMOTE_FILE_NOT_FOUND; @@ -4038,7 +3871,8 @@ static CURLcode wc_statemach(struct Curl_easy *data) case CURLWC_DOWNLOADING: { /* filelist has at least one file, lets get first one */ struct ftp_conn *ftpc = &conn->proto.ftpc; - struct curl_fileinfo *finfo = wildcard->filelist.head->ptr; + struct Curl_llist_node *head = Curl_llist_head(&wildcard->filelist); + struct curl_fileinfo *finfo = Curl_node_elem(head); struct FTP *ftp = data->req.p.ftp; char *tmp_path = aprintf("%s%s", wildcard->path, finfo->filename); @@ -4052,10 +3886,11 @@ static CURLcode wc_statemach(struct Curl_easy *data) infof(data, "Wildcard - START of \"%s\"", finfo->filename); if(data->set.chunk_bgn) { long userresponse; - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); userresponse = data->set.chunk_bgn( - finfo, data->set.wildcardptr, (int)wildcard->filelist.size); - Curl_set_in_callback(data, false); + finfo, data->set.wildcardptr, + (int)Curl_llist_count(&wildcard->filelist)); + Curl_set_in_callback(data, FALSE); switch(userresponse) { case CURL_CHUNK_BGN_FUNC_SKIP: infof(data, "Wildcard - \"%s\" skipped by user", @@ -4080,9 +3915,10 @@ static CURLcode wc_statemach(struct Curl_easy *data) return result; /* we do not need the Curl_fileinfo of first file anymore */ - Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL); + Curl_node_remove(Curl_llist_head(&wildcard->filelist)); - if(wildcard->filelist.size == 0) { /* remains only one file to down. */ + if(Curl_llist_count(&wildcard->filelist) == 0) { + /* remains only one file to down. */ wildcard->state = CURLWC_CLEAN; /* after that will be ftp_do called once again and no transfer will be done because of CURLWC_CLEAN state */ @@ -4093,12 +3929,12 @@ static CURLcode wc_statemach(struct Curl_easy *data) case CURLWC_SKIP: { if(data->set.chunk_end) { - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); data->set.chunk_end(data->set.wildcardptr); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); } - Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL); - wildcard->state = (wildcard->filelist.size == 0) ? + Curl_node_remove(Curl_llist_head(&wildcard->filelist)); + wildcard->state = (Curl_llist_count(&wildcard->filelist) == 0) ? CURLWC_CLEAN : CURLWC_DOWNLOADING; continue; } @@ -4144,7 +3980,7 @@ static CURLcode ftp_do(struct Curl_easy *data, bool *done) *done = FALSE; /* default to false */ ftpc->wait_data_conn = FALSE; /* default to no such wait */ -#ifdef CURL_DO_LINEEND_CONV +#ifdef CURL_PREFER_LF_LINEENDS { /* FTP data may need conversion. */ struct Curl_cwriter *ftp_lc_writer; @@ -4160,7 +3996,7 @@ static CURLcode ftp_do(struct Curl_easy *data, bool *done) return result; } } -#endif /* CURL_DO_LINEEND_CONV */ +#endif /* CURL_PREFER_LF_LINEENDS */ if(data->state.wildcardmatch) { result = wc_statemach(data); @@ -4406,7 +4242,7 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data) if(data->set.ftp_filemethod == FTPFILE_NOCWD) n = 0; /* CWD to entry for relative paths */ else - n -= ftpc->file?strlen(ftpc->file):0; + n -= ftpc->file ? strlen(ftpc->file) : 0; if((strlen(oldPath) == n) && !strncmp(rawPath, oldPath, n)) { infof(data, "Request has same path as previous transfer"); diff --git a/libraries/libcurl/ftplistparser.c b/libraries/libcurl/ftplistparser.c index 448f3a43..3088470a 100644 --- a/libraries/libcurl/ftplistparser.c +++ b/libraries/libcurl/ftplistparser.c @@ -334,7 +334,7 @@ static CURLcode ftp_pl_insert_finfo(struct Curl_easy *data, compare = Curl_fnmatch; /* filter pattern-corresponding filenames */ - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); if(compare(data->set.fnmatch_data, wc->pattern, finfo->filename) == 0) { /* discard symlink which is containing multiple " -> " */ @@ -346,7 +346,7 @@ static CURLcode ftp_pl_insert_finfo(struct Curl_easy *data, else { add = FALSE; } - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); if(add) { Curl_llist_append(llist, finfo, &infop->list); diff --git a/libraries/libcurl/getenv.c b/libraries/libcurl/getenv.c index 49a2e50f..63eaeda0 100644 --- a/libraries/libcurl/getenv.c +++ b/libraries/libcurl/getenv.c @@ -31,7 +31,7 @@ static char *GetEnv(const char *variable) { -#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) || \ +#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_UWP) || \ defined(__ORBIS__) || defined(__PROSPERO__) /* PlayStation 4 and 5 */ (void)variable; return NULL; @@ -70,7 +70,7 @@ static char *GetEnv(const char *variable) } #else char *env = getenv(variable); - return (env && env[0])?strdup(env):NULL; + return (env && env[0]) ? strdup(env) : NULL; #endif } diff --git a/libraries/libcurl/getinfo.c b/libraries/libcurl/getinfo.c index 9ca02889..9144ad71 100644 --- a/libraries/libcurl/getinfo.c +++ b/libraries/libcurl/getinfo.c @@ -53,10 +53,11 @@ CURLcode Curl_initinfo(struct Curl_easy *data) pro->t_connect = 0; pro->t_appconnect = 0; pro->t_pretransfer = 0; + pro->t_posttransfer = 0; pro->t_starttransfer = 0; pro->timespent = 0; pro->t_redirect = 0; - pro->is_t_startransfer_set = false; + pro->is_t_startransfer_set = FALSE; info->httpcode = 0; info->httpproxycode = 0; @@ -76,10 +77,9 @@ CURLcode Curl_initinfo(struct Curl_easy *data) free(info->wouldredirect); info->wouldredirect = NULL; - info->primary.remote_ip[0] = '\0'; - info->primary.local_ip[0] = '\0'; - info->primary.remote_port = 0; - info->primary.local_port = 0; + memset(&info->primary, 0, sizeof(info->primary)); + info->primary.remote_port = -1; + info->primary.local_port = -1; info->retry_after = 0; info->conn_scheme = 0; @@ -96,7 +96,7 @@ static CURLcode getinfo_char(struct Curl_easy *data, CURLINFO info, { switch(info) { case CURLINFO_EFFECTIVE_URL: - *param_charp = data->state.url?data->state.url:(char *)""; + *param_charp = data->state.url ? data->state.url : (char *)""; break; case CURLINFO_EFFECTIVE_METHOD: { const char *m = data->set.str[STRING_CUSTOMREQUEST]; @@ -252,11 +252,13 @@ static CURLcode getinfo_long(struct Curl_easy *data, CURLINFO info, case CURLINFO_SSL_VERIFYRESULT: *param_longp = data->set.ssl.certverifyresult; break; -#ifndef CURL_DISABLE_PROXY case CURLINFO_PROXY_SSL_VERIFYRESULT: +#ifndef CURL_DISABLE_PROXY *param_longp = data->set.proxy_ssl.certverifyresult; - break; +#else + *param_longp = 0; #endif + break; case CURLINFO_REDIRECT_COUNT: *param_longp = data->state.followlocation; break; @@ -314,6 +316,12 @@ static CURLcode getinfo_long(struct Curl_easy *data, CURLINFO info, case CURLINFO_RTSP_CSEQ_RECV: *param_longp = data->state.rtsp_CSeq_recv; break; +#else + case CURLINFO_RTSP_CLIENT_CSEQ: + case CURLINFO_RTSP_SERVER_CSEQ: + case CURLINFO_RTSP_CSEQ_RECV: + *param_longp = 0; + break; #endif case CURLINFO_HTTP_VERSION: switch(data->info.httpversion) { @@ -368,6 +376,7 @@ static CURLcode getinfo_offt(struct Curl_easy *data, CURLINFO info, case CURLINFO_CONNECT_TIME_T: case CURLINFO_APPCONNECT_TIME_T: case CURLINFO_PRETRANSFER_TIME_T: + case CURLINFO_POSTTRANSFER_TIME_T: case CURLINFO_STARTTRANSFER_TIME_T: case CURLINFO_REDIRECT_TIME_T: case CURLINFO_SPEED_DOWNLOAD_T: @@ -384,24 +393,24 @@ static CURLcode getinfo_offt(struct Curl_easy *data, CURLINFO info, *param_offt = (curl_off_t)data->info.filetime; break; case CURLINFO_SIZE_UPLOAD_T: - *param_offt = data->progress.uploaded; + *param_offt = data->progress.ul.cur_size; break; case CURLINFO_SIZE_DOWNLOAD_T: - *param_offt = data->progress.downloaded; + *param_offt = data->progress.dl.cur_size; break; case CURLINFO_SPEED_DOWNLOAD_T: - *param_offt = data->progress.dlspeed; + *param_offt = data->progress.dl.speed; break; case CURLINFO_SPEED_UPLOAD_T: - *param_offt = data->progress.ulspeed; + *param_offt = data->progress.ul.speed; break; case CURLINFO_CONTENT_LENGTH_DOWNLOAD_T: - *param_offt = (data->progress.flags & PGRS_DL_SIZE_KNOWN)? - data->progress.size_dl:-1; + *param_offt = (data->progress.flags & PGRS_DL_SIZE_KNOWN) ? + data->progress.dl.total_size : -1; break; case CURLINFO_CONTENT_LENGTH_UPLOAD_T: - *param_offt = (data->progress.flags & PGRS_UL_SIZE_KNOWN)? - data->progress.size_ul:-1; + *param_offt = (data->progress.flags & PGRS_UL_SIZE_KNOWN) ? + data->progress.ul.total_size : -1; break; case CURLINFO_TOTAL_TIME_T: *param_offt = data->progress.timespent; @@ -418,6 +427,9 @@ static CURLcode getinfo_offt(struct Curl_easy *data, CURLINFO info, case CURLINFO_PRETRANSFER_TIME_T: *param_offt = data->progress.t_pretransfer; break; + case CURLINFO_POSTTRANSFER_TIME_T: + *param_offt = data->progress.t_posttransfer; + break; case CURLINFO_STARTTRANSFER_TIME_T: *param_offt = data->progress.t_starttransfer; break; @@ -434,9 +446,12 @@ static CURLcode getinfo_offt(struct Curl_easy *data, CURLINFO info, *param_offt = data->id; break; case CURLINFO_CONN_ID: - *param_offt = data->conn? + *param_offt = data->conn ? data->conn->connection_id : data->state.recent_conn_id; break; + case CURLINFO_EARLYDATA_SENT_T: + *param_offt = data->progress.earlydata_sent; + break; default: return CURLE_UNKNOWN_OPTION; } @@ -488,24 +503,24 @@ static CURLcode getinfo_double(struct Curl_easy *data, CURLINFO info, *param_doublep = DOUBLE_SECS(data->progress.t_starttransfer); break; case CURLINFO_SIZE_UPLOAD: - *param_doublep = (double)data->progress.uploaded; + *param_doublep = (double)data->progress.ul.cur_size; break; case CURLINFO_SIZE_DOWNLOAD: - *param_doublep = (double)data->progress.downloaded; + *param_doublep = (double)data->progress.dl.cur_size; break; case CURLINFO_SPEED_DOWNLOAD: - *param_doublep = (double)data->progress.dlspeed; + *param_doublep = (double)data->progress.dl.speed; break; case CURLINFO_SPEED_UPLOAD: - *param_doublep = (double)data->progress.ulspeed; + *param_doublep = (double)data->progress.ul.speed; break; case CURLINFO_CONTENT_LENGTH_DOWNLOAD: - *param_doublep = (data->progress.flags & PGRS_DL_SIZE_KNOWN)? - (double)data->progress.size_dl:-1; + *param_doublep = (data->progress.flags & PGRS_DL_SIZE_KNOWN) ? + (double)data->progress.dl.total_size : -1; break; case CURLINFO_CONTENT_LENGTH_UPLOAD: - *param_doublep = (data->progress.flags & PGRS_UL_SIZE_KNOWN)? - (double)data->progress.size_ul:-1; + *param_doublep = (data->progress.flags & PGRS_UL_SIZE_KNOWN) ? + (double)data->progress.ul.total_size : -1; break; case CURLINFO_REDIRECT_TIME: *param_doublep = DOUBLE_SECS(data->progress.t_redirect); diff --git a/libraries/libcurl/gopher.c b/libraries/libcurl/gopher.c index ecea3263..051e6e7a 100644 --- a/libraries/libcurl/gopher.c +++ b/libraries/libcurl/gopher.c @@ -187,7 +187,7 @@ static CURLcode gopher_do(struct Curl_easy *data, bool *done) if(strlen(sel) < 1) break; - result = Curl_xfer_send(data, sel, k, &amount); + result = Curl_xfer_send(data, sel, k, FALSE, &amount); if(!result) { /* Which may not have written it all! */ result = Curl_client_write(data, CLIENTWRITE_HEADER, sel, amount); if(result) @@ -229,7 +229,7 @@ static CURLcode gopher_do(struct Curl_easy *data, bool *done) free(sel_org); if(!result) - result = Curl_xfer_send(data, "\r\n", 2, &amount); + result = Curl_xfer_send(data, "\r\n", 2, FALSE, &amount); if(result) { failf(data, "Failed sending Gopher request"); return result; diff --git a/libraries/libcurl/hash.c b/libraries/libcurl/hash.c index df8e2abf..1910ac5d 100644 --- a/libraries/libcurl/hash.c +++ b/libraries/libcurl/hash.c @@ -33,6 +33,10 @@ /* The last #include file should be: */ #include "memdebug.h" +/* random patterns for API verification */ +#define HASHINIT 0x7017e781 +#define ITERINIT 0x5FEDCBA9 + static void hash_element_dtor(void *user, void *element) { @@ -77,6 +81,9 @@ Curl_hash_init(struct Curl_hash *h, h->dtor = dtor; h->size = 0; h->slots = slots; +#ifdef DEBUGBUILD + h->init = HASHINIT; +#endif } static struct Curl_hash_element * @@ -102,11 +109,12 @@ void *Curl_hash_add2(struct Curl_hash *h, void *key, size_t key_len, void *p, Curl_hash_elem_dtor dtor) { struct Curl_hash_element *he; - struct Curl_llist_element *le; + struct Curl_llist_node *le; struct Curl_llist *l; DEBUGASSERT(h); DEBUGASSERT(h->slots); + DEBUGASSERT(h->init == HASHINIT); if(!h->table) { size_t i; h->table = malloc(h->slots * sizeof(struct Curl_llist)); @@ -118,10 +126,10 @@ void *Curl_hash_add2(struct Curl_hash *h, void *key, size_t key_len, void *p, l = FETCH_LIST(h, key, key_len); - for(le = l->head; le; le = le->next) { - he = (struct Curl_hash_element *) le->ptr; + for(le = Curl_llist_head(l); le; le = Curl_node_next(le)) { + he = (struct Curl_hash_element *) Curl_node_elem(le); if(h->comp_func(he->key, he->key_len, key, key_len)) { - Curl_llist_remove(l, le, (void *)h); + Curl_node_uremove(le, (void *)h); --h->size; break; } @@ -158,18 +166,17 @@ Curl_hash_add(struct Curl_hash *h, void *key, size_t key_len, void *p) */ int Curl_hash_delete(struct Curl_hash *h, void *key, size_t key_len) { - struct Curl_llist_element *le; - struct Curl_llist *l; - DEBUGASSERT(h); DEBUGASSERT(h->slots); + DEBUGASSERT(h->init == HASHINIT); if(h->table) { - l = FETCH_LIST(h, key, key_len); + struct Curl_llist_node *le; + struct Curl_llist *l = FETCH_LIST(h, key, key_len); - for(le = l->head; le; le = le->next) { - struct Curl_hash_element *he = le->ptr; + for(le = Curl_llist_head(l); le; le = Curl_node_next(le)) { + struct Curl_hash_element *he = Curl_node_elem(le); if(h->comp_func(he->key, he->key_len, key, key_len)) { - Curl_llist_remove(l, le, (void *) h); + Curl_node_uremove(le, (void *) h); --h->size; return 0; } @@ -185,15 +192,15 @@ int Curl_hash_delete(struct Curl_hash *h, void *key, size_t key_len) void * Curl_hash_pick(struct Curl_hash *h, void *key, size_t key_len) { - struct Curl_llist_element *le; - struct Curl_llist *l; - DEBUGASSERT(h); + DEBUGASSERT(h->init == HASHINIT); if(h->table) { + struct Curl_llist_node *le; + struct Curl_llist *l; DEBUGASSERT(h->slots); l = FETCH_LIST(h, key, key_len); - for(le = l->head; le; le = le->next) { - struct Curl_hash_element *he = le->ptr; + for(le = Curl_llist_head(l); le; le = Curl_node_next(le)) { + struct Curl_hash_element *he = Curl_node_elem(le); if(h->comp_func(he->key, he->key_len, key, key_len)) { return he->ptr; } @@ -213,6 +220,7 @@ Curl_hash_pick(struct Curl_hash *h, void *key, size_t key_len) void Curl_hash_destroy(struct Curl_hash *h) { + DEBUGASSERT(h->init == HASHINIT); if(h->table) { size_t i; for(i = 0; i < h->slots; ++i) { @@ -234,28 +242,33 @@ Curl_hash_clean(struct Curl_hash *h) Curl_hash_clean_with_criterium(h, NULL, NULL); } +size_t Curl_hash_count(struct Curl_hash *h) +{ + DEBUGASSERT(h->init == HASHINIT); + return h->size; +} + /* Cleans all entries that pass the comp function criteria. */ void Curl_hash_clean_with_criterium(struct Curl_hash *h, void *user, int (*comp)(void *, void *)) { - struct Curl_llist_element *le; - struct Curl_llist_element *lnext; - struct Curl_llist *list; size_t i; if(!h || !h->table) return; + DEBUGASSERT(h->init == HASHINIT); for(i = 0; i < h->slots; ++i) { - list = &h->table[i]; - le = list->head; /* get first list entry */ + struct Curl_llist *list = &h->table[i]; + struct Curl_llist_node *le = + Curl_llist_head(list); /* get first list entry */ while(le) { - struct Curl_hash_element *he = le->ptr; - lnext = le->next; + struct Curl_hash_element *he = Curl_node_elem(le); + struct Curl_llist_node *lnext = Curl_node_next(le); /* ask the callback function if we shall remove this entry or not */ if(!comp || comp(user, he->ptr)) { - Curl_llist_remove(list, le, (void *) h); + Curl_node_uremove(le, (void *) h); --h->size; /* one less entry in the hash now */ } le = lnext; @@ -290,29 +303,34 @@ size_t Curl_str_key_compare(void *k1, size_t key1_len, void Curl_hash_start_iterate(struct Curl_hash *hash, struct Curl_hash_iterator *iter) { + DEBUGASSERT(hash->init == HASHINIT); iter->hash = hash; iter->slot_index = 0; iter->current_element = NULL; +#ifdef DEBUGBUILD + iter->init = ITERINIT; +#endif } struct Curl_hash_element * Curl_hash_next_element(struct Curl_hash_iterator *iter) { - struct Curl_hash *h = iter->hash; - + struct Curl_hash *h; + DEBUGASSERT(iter->init == ITERINIT); + h = iter->hash; if(!h->table) return NULL; /* empty hash, nothing to return */ /* Get the next element in the current list, if any */ if(iter->current_element) - iter->current_element = iter->current_element->next; + iter->current_element = Curl_node_next(iter->current_element); /* If we have reached the end of the list, find the next one */ if(!iter->current_element) { size_t i; for(i = iter->slot_index; i < h->slots; i++) { - if(h->table[i].head) { - iter->current_element = h->table[i].head; + if(Curl_llist_head(&h->table[i])) { + iter->current_element = Curl_llist_head(&h->table[i]); iter->slot_index = i + 1; break; } @@ -320,7 +338,7 @@ Curl_hash_next_element(struct Curl_hash_iterator *iter) } if(iter->current_element) { - struct Curl_hash_element *he = iter->current_element->ptr; + struct Curl_hash_element *he = Curl_node_elem(iter->current_element); return he; } return NULL; diff --git a/libraries/libcurl/hash.h b/libraries/libcurl/hash.h index 1cf78752..b1603950 100644 --- a/libraries/libcurl/hash.h +++ b/libraries/libcurl/hash.h @@ -56,22 +56,31 @@ struct Curl_hash { Curl_hash_dtor dtor; size_t slots; size_t size; +#ifdef DEBUGBUILD + int init; +#endif }; typedef void (*Curl_hash_elem_dtor)(void *key, size_t key_len, void *p); struct Curl_hash_element { - struct Curl_llist_element list; + struct Curl_llist_node list; void *ptr; Curl_hash_elem_dtor dtor; size_t key_len; +#ifdef DEBUGBUILD + int init; +#endif char key[1]; /* allocated memory following the struct */ }; struct Curl_hash_iterator { struct Curl_hash *hash; size_t slot_index; - struct Curl_llist_element *current_element; + struct Curl_llist_node *current_element; +#ifdef DEBUGBUILD + int init; +#endif }; void Curl_hash_init(struct Curl_hash *h, @@ -85,8 +94,9 @@ void *Curl_hash_add2(struct Curl_hash *h, void *key, size_t key_len, void *p, Curl_hash_elem_dtor dtor); int Curl_hash_delete(struct Curl_hash *h, void *key, size_t key_len); void *Curl_hash_pick(struct Curl_hash *, void *key, size_t key_len); -#define Curl_hash_count(h) ((h)->size) + void Curl_hash_destroy(struct Curl_hash *h); +size_t Curl_hash_count(struct Curl_hash *h); void Curl_hash_clean(struct Curl_hash *h); void Curl_hash_clean_with_criterium(struct Curl_hash *h, void *user, int (*comp)(void *, void *)); diff --git a/libraries/libcurl/headers.c b/libraries/libcurl/headers.c index 59ac4222..2985e1e1 100644 --- a/libraries/libcurl/headers.c +++ b/libraries/libcurl/headers.c @@ -42,7 +42,7 @@ static void copy_header_external(struct Curl_header_store *hs, size_t index, size_t amount, - struct Curl_llist_element *e, + struct Curl_llist_node *e, struct curl_header *hout) { struct curl_header *h = hout; @@ -54,7 +54,7 @@ static void copy_header_external(struct Curl_header_store *hs, impossible for applications to do == comparisons, as that would otherwise be very tempting and then lead to the reserved bits not being reserved anymore. */ - h->origin = (unsigned int)(hs->type | (1<<27)); + h->origin = (unsigned int)(hs->type | (1 << 27)); h->anchor = e; } @@ -66,8 +66,8 @@ CURLHcode curl_easy_header(CURL *easy, int request, struct curl_header **hout) { - struct Curl_llist_element *e; - struct Curl_llist_element *e_pick = NULL; + struct Curl_llist_node *e; + struct Curl_llist_node *e_pick = NULL; struct Curl_easy *data = easy; size_t match = 0; size_t amount = 0; @@ -85,8 +85,8 @@ CURLHcode curl_easy_header(CURL *easy, request = data->state.requests; /* we need a first round to count amount of this header */ - for(e = data->state.httphdrs.head; e; e = e->next) { - hs = e->ptr; + for(e = Curl_llist_head(&data->state.httphdrs); e; e = Curl_node_next(e)) { + hs = Curl_node_elem(e); if(strcasecompare(hs->name, name) && (hs->type & type) && (hs->request == request)) { @@ -104,8 +104,8 @@ CURLHcode curl_easy_header(CURL *easy, /* if the last or only occurrence is what's asked for, then we know it */ hs = pick; else { - for(e = data->state.httphdrs.head; e; e = e->next) { - hs = e->ptr; + for(e = Curl_llist_head(&data->state.httphdrs); e; e = Curl_node_next(e)) { + hs = Curl_node_elem(e); if(strcasecompare(hs->name, name) && (hs->type & type) && (hs->request == request) && @@ -131,8 +131,8 @@ struct curl_header *curl_easy_nextheader(CURL *easy, struct curl_header *prev) { struct Curl_easy *data = easy; - struct Curl_llist_element *pick; - struct Curl_llist_element *e; + struct Curl_llist_node *pick; + struct Curl_llist_node *e; struct Curl_header_store *hs; size_t amount = 0; size_t index = 0; @@ -147,18 +147,18 @@ struct curl_header *curl_easy_nextheader(CURL *easy, if(!pick) /* something is wrong */ return NULL; - pick = pick->next; + pick = Curl_node_next(pick); } else - pick = data->state.httphdrs.head; + pick = Curl_llist_head(&data->state.httphdrs); if(pick) { /* make sure it is the next header of the desired type */ do { - hs = pick->ptr; + hs = Curl_node_elem(pick); if((hs->type & type) && (hs->request == request)) break; - pick = pick->next; + pick = Curl_node_next(pick); } while(pick); } @@ -166,12 +166,12 @@ struct curl_header *curl_easy_nextheader(CURL *easy, /* no more headers available */ return NULL; - hs = pick->ptr; + hs = Curl_node_elem(pick); /* count number of occurrences of this name within the mask and figure out the index for the currently selected entry */ - for(e = data->state.httphdrs.head; e; e = e->next) { - struct Curl_header_store *check = e->ptr; + for(e = Curl_llist_head(&data->state.httphdrs); e; e = Curl_node_next(e)) { + struct Curl_header_store *check = Curl_node_elem(e); if(strcasecompare(hs->name, check->name) && (check->request == request) && (check->type & type)) @@ -247,7 +247,7 @@ static CURLcode unfold_value(struct Curl_easy *data, const char *value, /* since this header block might move in the realloc below, it needs to first be unlinked from the list and then re-added again after the realloc */ - Curl_llist_remove(&data->state.httphdrs, &hs->node, NULL); + Curl_node_remove(&hs->node); /* new size = struct + new value length + old name+value length */ newhs = Curl_saferealloc(hs, sizeof(*hs) + vlen + oalloc + 1); @@ -405,12 +405,12 @@ CURLcode Curl_headers_init(struct Curl_easy *data) */ CURLcode Curl_headers_cleanup(struct Curl_easy *data) { - struct Curl_llist_element *e; - struct Curl_llist_element *n; + struct Curl_llist_node *e; + struct Curl_llist_node *n; - for(e = data->state.httphdrs.head; e; e = n) { - struct Curl_header_store *hs = e->ptr; - n = e->next; + for(e = Curl_llist_head(&data->state.httphdrs); e; e = n) { + struct Curl_header_store *hs = Curl_node_elem(e); + n = Curl_node_next(e); free(hs); } headers_reset(data); diff --git a/libraries/libcurl/headers.h b/libraries/libcurl/headers.h index d9813388..e11fe980 100644 --- a/libraries/libcurl/headers.h +++ b/libraries/libcurl/headers.h @@ -28,7 +28,7 @@ #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_HEADERS_API) struct Curl_header_store { - struct Curl_llist_element node; + struct Curl_llist_node node; char *name; /* points into 'buffer' */ char *value; /* points into 'buffer */ int request; /* 0 is the first request, then 1.. 2.. */ diff --git a/libraries/libcurl/hmac.c b/libraries/libcurl/hmac.c index 90f37f0b..088c9bdc 100644 --- a/libraries/libcurl/hmac.c +++ b/libraries/libcurl/hmac.c @@ -49,8 +49,6 @@ static const unsigned char hmac_ipad = 0x36; static const unsigned char hmac_opad = 0x5C; - - struct HMAC_context * Curl_HMAC_init(const struct HMAC_params *hashparams, const unsigned char *key, @@ -62,42 +60,40 @@ Curl_HMAC_init(const struct HMAC_params *hashparams, unsigned char b; /* Create HMAC context. */ - i = sizeof(*ctxt) + 2 * hashparams->hmac_ctxtsize + - hashparams->hmac_resultlen; + i = sizeof(*ctxt) + 2 * hashparams->ctxtsize + hashparams->resultlen; ctxt = malloc(i); if(!ctxt) return ctxt; - ctxt->hmac_hash = hashparams; - ctxt->hmac_hashctxt1 = (void *) (ctxt + 1); - ctxt->hmac_hashctxt2 = (void *) ((char *) ctxt->hmac_hashctxt1 + - hashparams->hmac_ctxtsize); + ctxt->hash = hashparams; + ctxt->hashctxt1 = (void *) (ctxt + 1); + ctxt->hashctxt2 = (void *) ((char *) ctxt->hashctxt1 + hashparams->ctxtsize); /* If the key is too long, replace it by its hash digest. */ - if(keylen > hashparams->hmac_maxkeylen) { - (*hashparams->hmac_hinit)(ctxt->hmac_hashctxt1); - (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, key, keylen); - hkey = (unsigned char *) ctxt->hmac_hashctxt2 + hashparams->hmac_ctxtsize; - (*hashparams->hmac_hfinal)(hkey, ctxt->hmac_hashctxt1); + if(keylen > hashparams->maxkeylen) { + hashparams->hinit(ctxt->hashctxt1); + hashparams->hupdate(ctxt->hashctxt1, key, keylen); + hkey = (unsigned char *) ctxt->hashctxt2 + hashparams->ctxtsize; + hashparams->hfinal(hkey, ctxt->hashctxt1); key = hkey; - keylen = hashparams->hmac_resultlen; + keylen = hashparams->resultlen; } /* Prime the two hash contexts with the modified key. */ - (*hashparams->hmac_hinit)(ctxt->hmac_hashctxt1); - (*hashparams->hmac_hinit)(ctxt->hmac_hashctxt2); + hashparams->hinit(ctxt->hashctxt1); + hashparams->hinit(ctxt->hashctxt2); for(i = 0; i < keylen; i++) { b = (unsigned char)(*key ^ hmac_ipad); - (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, &b, 1); + hashparams->hupdate(ctxt->hashctxt1, &b, 1); b = (unsigned char)(*key++ ^ hmac_opad); - (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2, &b, 1); + hashparams->hupdate(ctxt->hashctxt2, &b, 1); } - for(; i < hashparams->hmac_maxkeylen; i++) { - (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt1, &hmac_ipad, 1); - (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2, &hmac_opad, 1); + for(; i < hashparams->maxkeylen; i++) { + hashparams->hupdate(ctxt->hashctxt1, &hmac_ipad, 1); + hashparams->hupdate(ctxt->hashctxt2, &hmac_opad, 1); } /* Done, return pointer to HMAC context. */ @@ -105,31 +101,29 @@ Curl_HMAC_init(const struct HMAC_params *hashparams, } int Curl_HMAC_update(struct HMAC_context *ctxt, - const unsigned char *data, + const unsigned char *ptr, unsigned int len) { /* Update first hash calculation. */ - (*ctxt->hmac_hash->hmac_hupdate)(ctxt->hmac_hashctxt1, data, len); + ctxt->hash->hupdate(ctxt->hashctxt1, ptr, len); return 0; } -int Curl_HMAC_final(struct HMAC_context *ctxt, unsigned char *result) +int Curl_HMAC_final(struct HMAC_context *ctxt, unsigned char *output) { - const struct HMAC_params *hashparams = ctxt->hmac_hash; + const struct HMAC_params *hashparams = ctxt->hash; - /* Do not get result if called with a null parameter: only release + /* Do not get output if called with a null parameter: only release storage. */ - if(!result) - result = (unsigned char *) ctxt->hmac_hashctxt2 + - ctxt->hmac_hash->hmac_ctxtsize; + if(!output) + output = (unsigned char *) ctxt->hashctxt2 + ctxt->hash->ctxtsize; - (*hashparams->hmac_hfinal)(result, ctxt->hmac_hashctxt1); - (*hashparams->hmac_hupdate)(ctxt->hmac_hashctxt2, - result, hashparams->hmac_resultlen); - (*hashparams->hmac_hfinal)(result, ctxt->hmac_hashctxt2); - free((char *) ctxt); + hashparams->hfinal(output, ctxt->hashctxt1); + hashparams->hupdate(ctxt->hashctxt2, output, hashparams->resultlen); + hashparams->hfinal(output, ctxt->hashctxt2); + free(ctxt); return 0; } @@ -144,15 +138,15 @@ int Curl_HMAC_final(struct HMAC_context *ctxt, unsigned char *result) * hashparams [in] - The hash function (Curl_HMAC_MD5). * key [in] - The key to use. * keylen [in] - The length of the key. - * data [in] - The data to encrypt. - * datalen [in] - The length of the data. + * buf [in] - The data to encrypt. + * buflen [in] - The length of the data. * output [in/out] - The output buffer. * * Returns CURLE_OK on success. */ CURLcode Curl_hmacit(const struct HMAC_params *hashparams, const unsigned char *key, const size_t keylen, - const unsigned char *data, const size_t datalen, + const unsigned char *buf, const size_t buflen, unsigned char *output) { struct HMAC_context *ctxt = @@ -162,7 +156,7 @@ CURLcode Curl_hmacit(const struct HMAC_params *hashparams, return CURLE_OUT_OF_MEMORY; /* Update the digest with the given challenge */ - Curl_HMAC_update(ctxt, data, curlx_uztoui(datalen)); + Curl_HMAC_update(ctxt, buf, curlx_uztoui(buflen)); /* Finalise the digest */ Curl_HMAC_final(ctxt, output); diff --git a/libraries/libcurl/hostasyn.c b/libraries/libcurl/hostasyn.c index 2f6762ca..4d6a8e85 100644 --- a/libraries/libcurl/hostasyn.c +++ b/libraries/libcurl/hostasyn.c @@ -79,7 +79,7 @@ CURLcode Curl_addrinfo_callback(struct Curl_easy *data, dns = Curl_cache_addr(data, ai, data->state.async.hostname, 0, - data->state.async.port); + data->state.async.port, FALSE); if(data->share) Curl_share_unlock(data, CURL_LOCK_DATA_DNS); diff --git a/libraries/libcurl/hostip.c b/libraries/libcurl/hostip.c index 2c1f08e7..fe8cc5cb 100644 --- a/libraries/libcurl/hostip.c +++ b/libraries/libcurl/hostip.c @@ -115,7 +115,7 @@ * CURLRES_* defines based on the config*.h and curl_setup.h defines. */ -static void freednsentry(void *freethis); +static void hostcache_unlink_entry(void *entry); #ifndef CURL_DISABLE_VERBOSE_STRINGS static void show_resolve_info(struct Curl_easy *data, @@ -178,7 +178,7 @@ create_hostcache_id(const char *name, struct hostcache_prune_data { time_t now; time_t oldest; /* oldest time in cache not pruned. */ - int cache_timeout; + int max_age_sec; }; /* @@ -189,16 +189,16 @@ struct hostcache_prune_data { * cache. */ static int -hostcache_timestamp_remove(void *datap, void *hc) +hostcache_entry_is_stale(void *datap, void *hc) { struct hostcache_prune_data *prune = (struct hostcache_prune_data *) datap; - struct Curl_dns_entry *c = (struct Curl_dns_entry *) hc; + struct Curl_dns_entry *dns = (struct Curl_dns_entry *) hc; - if(c->timestamp) { + if(dns->timestamp) { /* age in seconds */ - time_t age = prune->now - c->timestamp; - if(age >= prune->cache_timeout) + time_t age = prune->now - dns->timestamp; + if(age >= prune->max_age_sec) return TRUE; if(age > prune->oldest) prune->oldest = age; @@ -216,13 +216,13 @@ hostcache_prune(struct Curl_hash *hostcache, int cache_timeout, { struct hostcache_prune_data user; - user.cache_timeout = cache_timeout; + user.max_age_sec = cache_timeout; user.now = now; user.oldest = 0; Curl_hash_clean_with_criterium(hostcache, (void *) &user, - hostcache_timestamp_remove); + hostcache_entry_is_stale); return user.oldest; } @@ -257,7 +257,8 @@ void Curl_hostcache_prune(struct Curl_easy *data) /* if the cache size is still too big, use the oldest age as new prune limit */ - } while(timeout && (data->dns.hostcache->size > MAX_DNS_CACHE_SIZE)); + } while(timeout && + (Curl_hash_count(data->dns.hostcache) > MAX_DNS_CACHE_SIZE)); if(data->share) Curl_share_unlock(data, CURL_LOCK_DATA_DNS); @@ -299,10 +300,10 @@ static struct Curl_dns_entry *fetch_addr(struct Curl_easy *data, struct hostcache_prune_data user; user.now = time(NULL); - user.cache_timeout = data->set.dns_cache_timeout; + user.max_age_sec = data->set.dns_cache_timeout; user.oldest = 0; - if(hostcache_timestamp_remove(&user, dns)) { + if(hostcache_entry_is_stale(&user, dns)) { infof(data, "Hostname in DNS cache was stale, zapped"); dns = NULL; /* the memory deallocation is being handled by the hash */ Curl_hash_delete(data->dns.hostcache, entry_id, entry_len + 1); @@ -312,7 +313,7 @@ static struct Curl_dns_entry *fetch_addr(struct Curl_easy *data, /* See if the returned entry matches the required resolve mode */ if(dns && data->conn->ip_version != CURL_IPRESOLVE_WHATEVER) { int pf = PF_INET; - bool found = false; + bool found = FALSE; struct Curl_addrinfo *addr = dns->addr; #ifdef PF_INET6 @@ -322,7 +323,7 @@ static struct Curl_dns_entry *fetch_addr(struct Curl_easy *data, while(addr) { if(addr->ai_family == pf) { - found = true; + found = TRUE; break; } addr = addr->ai_next; @@ -348,7 +349,7 @@ static struct Curl_dns_entry *fetch_addr(struct Curl_easy *data, * * Returns the Curl_dns_entry entry pointer or NULL if not in the cache. * - * The returned data *MUST* be "unlocked" with Curl_resolv_unlock() after + * The returned data *MUST* be "released" with Curl_resolv_unlink() after * use, or we will leak memory! */ struct Curl_dns_entry * @@ -364,7 +365,7 @@ Curl_fetch_addr(struct Curl_easy *data, dns = fetch_addr(data, hostname, port); if(dns) - dns->inuse++; /* we use it! */ + dns->refcount++; /* we use it! */ if(data->share) Curl_share_unlock(data, CURL_LOCK_DATA_DNS); @@ -468,7 +469,8 @@ Curl_cache_addr(struct Curl_easy *data, struct Curl_addrinfo *addr, const char *hostname, size_t hostlen, /* length or zero */ - int port) + int port, + bool permanent) { char entry_id[MAX_HOSTCACHE_LEN]; size_t entry_len; @@ -496,11 +498,15 @@ Curl_cache_addr(struct Curl_easy *data, entry_len = create_hostcache_id(hostname, hostlen, port, entry_id, sizeof(entry_id)); - dns->inuse = 1; /* the cache has the first reference */ + dns->refcount = 1; /* the cache has the first reference */ dns->addr = addr; /* this is the address(es) */ - time(&dns->timestamp); - if(dns->timestamp == 0) - dns->timestamp = 1; /* zero indicates permanent CURLOPT_RESOLVE entry */ + if(permanent) + dns->timestamp = 0; /* an entry that never goes stale */ + else { + dns->timestamp = time(NULL); + if(dns->timestamp == 0) + dns->timestamp = 1; + } dns->hostport = port; if(hostlen) memcpy(dns->hostname, hostname, hostlen); @@ -514,7 +520,7 @@ Curl_cache_addr(struct Curl_easy *data, } dns = dns2; - dns->inuse++; /* mark entry as in-use */ + dns->refcount++; /* mark entry as in-use */ return dns; } @@ -624,7 +630,7 @@ bool Curl_ipv6works(struct Curl_easy *data) ipv6_works = 1; sclose(s); } - return (ipv6_works>0)?TRUE:FALSE; + return (ipv6_works > 0); } } #endif /* USE_IPV6 */ @@ -666,8 +672,8 @@ static bool tailmatch(const char *full, const char *part) * resolves. See the return codes. * * The cache entry we return will get its 'inuse' counter increased when this - * function is used. You MUST call Curl_resolv_unlock() later (when you are - * done using this struct) to decrease the counter again. + * function is used. You MUST call Curl_resolv_unlink() later (when you are + * done using this struct) to decrease the reference counter again. * * Return codes: * @@ -708,7 +714,7 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, if(dns) { infof(data, "Hostname %s was found in DNS cache", hostname); - dns->inuse++; /* we use it! */ + dns->refcount++; /* we use it! */ rc = CURLRESOLV_RESOLVED; } @@ -733,7 +739,7 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, /* notify the resolver start callback */ if(data->set.resolver_start) { int st; - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); st = data->set.resolver_start( #ifdef USE_CURL_ASYNC data->state.async.resolver, @@ -742,7 +748,7 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, #endif NULL, data->set.resolver_start_client); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); if(st) return CURLRESOLV_ERROR; } @@ -828,7 +834,7 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE); /* we got a response, store it in the cache */ - dns = Curl_cache_addr(data, addr, hostname, 0, port); + dns = Curl_cache_addr(data, addr, hostname, 0, port, FALSE); if(data->share) Curl_share_unlock(data, CURL_LOCK_DATA_DNS); @@ -868,8 +874,8 @@ void alarmfunc(int sig) * resolves. See the return codes. * * The cache entry we return will get its 'inuse' counter increased when this - * function is used. You MUST call Curl_resolv_unlock() later (when you are - * done using this struct) to decrease the counter again. + * function is used. You MUST call Curl_resolv_unlink() later (when you are + * done using this struct) to decrease the reference counter again. * * If built with a synchronous resolver and use of signals is not * disabled by the application, then a nonzero timeout will cause a @@ -955,7 +961,7 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data, keep_copysig = TRUE; /* yes, we have a copy */ sigact.sa_handler = alarmfunc; #ifdef SA_RESTART - /* HPUX does not have SA_RESTART but defaults to that behavior! */ + /* HP-UX does not have SA_RESTART but defaults to that behavior! */ sigact.sa_flags &= ~SA_RESTART; #endif /* now set the new struct */ @@ -1037,18 +1043,20 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data, } /* - * Curl_resolv_unlock() unlocks the given cached DNS entry. When this has been - * made, the struct may be destroyed due to pruning. It is important that only - * one unlock is made for each Curl_resolv() call. + * Curl_resolv_unlink() releases a reference to the given cached DNS entry. + * When the reference count reaches 0, the entry is destroyed. It is important + * that only one unlink is made for each Curl_resolv() call. * * May be called with 'data' == NULL for global cache. */ -void Curl_resolv_unlock(struct Curl_easy *data, struct Curl_dns_entry *dns) +void Curl_resolv_unlink(struct Curl_easy *data, struct Curl_dns_entry **pdns) { + struct Curl_dns_entry *dns = *pdns; + *pdns = NULL; if(data && data->share) Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE); - freednsentry(dns); + hostcache_unlink_entry(dns); if(data && data->share) Curl_share_unlock(data, CURL_LOCK_DATA_DNS); @@ -1057,13 +1065,13 @@ void Curl_resolv_unlock(struct Curl_easy *data, struct Curl_dns_entry *dns) /* * File-internal: release cache dns entry reference, free if inuse drops to 0 */ -static void freednsentry(void *freethis) +static void hostcache_unlink_entry(void *entry) { - struct Curl_dns_entry *dns = (struct Curl_dns_entry *) freethis; - DEBUGASSERT(dns && (dns->inuse>0)); + struct Curl_dns_entry *dns = (struct Curl_dns_entry *) entry; + DEBUGASSERT(dns && (dns->refcount > 0)); - dns->inuse--; - if(dns->inuse == 0) { + dns->refcount--; + if(dns->refcount == 0) { Curl_freeaddrinfo(dns->addr); #ifdef USE_HTTPSRR if(dns->hinfo) { @@ -1092,7 +1100,7 @@ static void freednsentry(void *freethis) void Curl_init_dnscache(struct Curl_hash *hash, size_t size) { Curl_hash_init(hash, size, Curl_hash_str, Curl_str_key_compare, - freednsentry); + hostcache_unlink_entry); } /* @@ -1121,7 +1129,7 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data) char *host_end; /* Default is no wildcard found */ - data->state.wildcard_resolve = false; + data->state.wildcard_resolve = FALSE; for(hostp = data->state.resolve; hostp; hostp = hostp->next) { char entry_id[MAX_HOSTCACHE_LEN]; @@ -1171,7 +1179,7 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data) char *end_ptr; bool permanent = TRUE; unsigned long tmp_port; - bool error = true; + bool error = TRUE; char *host_begin = hostp->data; size_t hlen = 0; @@ -1248,7 +1256,7 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data) if(!head) goto err; - error = false; + error = FALSE; err: if(error) { failf(data, "Couldn't parse CURLOPT_RESOLVE entry '%s'", @@ -1285,13 +1293,11 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data) } /* put this new host in the cache */ - dns = Curl_cache_addr(data, head, host_begin, hlen, port); + dns = Curl_cache_addr(data, head, host_begin, hlen, port, permanent); if(dns) { - if(permanent) - dns->timestamp = 0; /* mark as permanent */ /* release the returned reference; the cache itself will keep the * entry alive: */ - dns->inuse--; + dns->refcount--; } if(data->share) @@ -1310,7 +1316,7 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data) /* Wildcard hostname */ if((hlen == 1) && (host_begin[0] == '*')) { infof(data, "RESOLVE *:%d using wildcard", port); - data->state.wildcard_resolve = true; + data->state.wildcard_resolve = TRUE; } } } @@ -1443,8 +1449,7 @@ CURLcode Curl_once_resolved(struct Curl_easy *data, bool *protocol_done) if(result) { Curl_detach_connection(data); - Curl_conncache_remove_conn(data, conn, TRUE); - Curl_disconnect(data, conn, TRUE); + Curl_cpool_disconnect(data, conn, TRUE); } return result; } diff --git a/libraries/libcurl/hostip.h b/libraries/libcurl/hostip.h index c85a688d..b1c5ecb2 100644 --- a/libraries/libcurl/hostip.h +++ b/libraries/libcurl/hostip.h @@ -99,11 +99,11 @@ struct Curl_dns_entry { #endif /* timestamp == 0 -- permanent CURLOPT_RESOLVE entry (does not time out) */ time_t timestamp; - /* use-counter, use Curl_resolv_unlock to release reference */ - long inuse; + /* reference counter, entry is freed on reaching 0 */ + size_t refcount; /* hostname port number that resolved to addr. */ int hostport; - /* hostname that resolved to addr. may be NULL (unix domain sockets). */ + /* hostname that resolved to addr. may be NULL (Unix domain sockets). */ char hostname[1]; }; @@ -113,7 +113,7 @@ bool Curl_host_is_ipnum(const char *hostname); * Curl_resolv() returns an entry with the info for the specified host * and port. * - * The returned data *MUST* be "unlocked" with Curl_resolv_unlock() after + * The returned data *MUST* be "released" with Curl_resolv_unlink() after * use, or we will leak memory! */ /* return codes */ @@ -161,9 +161,9 @@ struct Curl_addrinfo *Curl_getaddrinfo(struct Curl_easy *data, int *waitp); -/* unlock a previously resolved dns entry */ -void Curl_resolv_unlock(struct Curl_easy *data, - struct Curl_dns_entry *dns); +/* unlink a dns entry, potentially shared with a cache */ +void Curl_resolv_unlink(struct Curl_easy *data, + struct Curl_dns_entry **pdns); /* init a new dns cache */ void Curl_init_dnscache(struct Curl_hash *hash, size_t hashsize); @@ -199,7 +199,7 @@ void Curl_printable_address(const struct Curl_addrinfo *ip, * * Returns the Curl_dns_entry entry pointer or NULL if not in the cache. * - * The returned data *MUST* be "unlocked" with Curl_resolv_unlock() after + * The returned data *MUST* be "released" with Curl_resolv_unlink() after * use, or we will leak memory! */ struct Curl_dns_entry * @@ -209,12 +209,13 @@ Curl_fetch_addr(struct Curl_easy *data, /* * Curl_cache_addr() stores a 'Curl_addrinfo' struct in the DNS cache. - * + * @param permanent iff TRUE, entry will never become stale * Returns the Curl_dns_entry entry pointer or NULL if the storage failed. */ struct Curl_dns_entry * Curl_cache_addr(struct Curl_easy *data, struct Curl_addrinfo *addr, - const char *hostname, size_t hostlen, int port); + const char *hostname, size_t hostlen, int port, + bool permanent); #ifndef INADDR_NONE #define CURL_INADDR_NONE (in_addr_t) ~0 diff --git a/libraries/libcurl/hostip4.c b/libraries/libcurl/hostip4.c index 8da809db..58333fbc 100644 --- a/libraries/libcurl/hostip4.c +++ b/libraries/libcurl/hostip4.c @@ -82,7 +82,7 @@ bool Curl_ipvalid(struct Curl_easy *data, struct connectdata *conn) * detect which one this platform supports in the configure script and set up * the HAVE_GETHOSTBYNAME_R_3, HAVE_GETHOSTBYNAME_R_5 or * HAVE_GETHOSTBYNAME_R_6 defines accordingly. Note that HAVE_GETADDRBYNAME - * has the corresponding rules. This is primarily on *nix. Note that some unix + * has the corresponding rules. This is primarily on *nix. Note that some Unix * flavours have thread-safe versions of the plain gethostbyname() etc. * */ @@ -126,8 +126,10 @@ struct Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname, int res; #endif struct Curl_addrinfo *ai = NULL; +#if !(defined(HAVE_GETADDRINFO) && defined(HAVE_GETADDRINFO_THREADSAFE)) struct hostent *h = NULL; struct hostent *buf = NULL; +#endif #if defined(HAVE_GETADDRINFO) && defined(HAVE_GETADDRINFO_THREADSAFE) struct addrinfo hints; @@ -221,7 +223,7 @@ struct Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname, if(!h) /* failure */ #elif defined(HAVE_GETHOSTBYNAME_R_3) - /* AIX, Digital Unix/Tru64, HPUX 10, more? */ + /* AIX, Digital UNIX/Tru64, HP-UX 10, more? */ /* For AIX 4.3 or later, we do not use gethostbyname_r() at all, because of * the plain fact that it does not return unique full buffers on each @@ -288,12 +290,14 @@ struct Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname, #endif /* (HAVE_GETADDRINFO && HAVE_GETADDRINFO_THREADSAFE) || HAVE_GETHOSTBYNAME_R */ +#if !(defined(HAVE_GETADDRINFO) && defined(HAVE_GETADDRINFO_THREADSAFE)) if(h) { ai = Curl_he2ai(h, port); if(buf) /* used a *_r() function */ free(buf); } +#endif return ai; } diff --git a/libraries/libcurl/hostip6.c b/libraries/libcurl/hostip6.c index 18969a7a..c16ddfe5 100644 --- a/libraries/libcurl/hostip6.c +++ b/libraries/libcurl/hostip6.c @@ -124,7 +124,7 @@ struct Curl_addrinfo *Curl_getaddrinfo(struct Curl_easy *data, #ifndef USE_RESOLVE_ON_IPS /* * The AI_NUMERICHOST must not be set to get synthesized IPv6 address from - * an IPv4 address on iOS and Mac OS X. + * an IPv4 address on iOS and macOS. */ if((1 == Curl_inet_pton(AF_INET, hostname, addrbuf)) || (1 == Curl_inet_pton(AF_INET6, hostname, addrbuf))) { diff --git a/libraries/libcurl/hsts.c b/libraries/libcurl/hsts.c index 8cd77ae3..5b013726 100644 --- a/libraries/libcurl/hsts.c +++ b/libraries/libcurl/hsts.c @@ -94,11 +94,11 @@ void Curl_hsts_cleanup(struct hsts **hp) { struct hsts *h = *hp; if(h) { - struct Curl_llist_element *e; - struct Curl_llist_element *n; - for(e = h->list.head; e; e = n) { - struct stsentry *sts = e->ptr; - n = e->next; + struct Curl_llist_node *e; + struct Curl_llist_node *n; + for(e = Curl_llist_head(&h->list); e; e = n) { + struct stsentry *sts = Curl_node_elem(e); + n = Curl_node_next(e); hsts_free(sts); } free(h->filename); @@ -159,7 +159,7 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname, do { while(*p && ISBLANK(*p)) p++; - if(strncasecompare("max-age=", p, 8)) { + if(strncasecompare("max-age", p, 7)) { bool quoted = FALSE; CURLofft offt; char *endp; @@ -167,9 +167,14 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname, if(gotma) return CURLE_BAD_FUNCTION_ARGUMENT; - p += 8; + p += 7; while(*p && ISBLANK(*p)) p++; + if(*p++ != '=') + return CURLE_BAD_FUNCTION_ARGUMENT; + while(*p && ISBLANK(*p)) + p++; + if(*p == '\"') { p++; quoted = TRUE; @@ -215,7 +220,7 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname, /* remove the entry if present verbatim (without subdomain match) */ sts = Curl_hsts(h, hostname, FALSE); if(sts) { - Curl_llist_remove(&h->list, &sts->node, NULL); + Curl_node_remove(&sts->node); hsts_free(sts); } return CURLE_OK; @@ -249,45 +254,47 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname, struct stsentry *Curl_hsts(struct hsts *h, const char *hostname, bool subdomain) { + struct stsentry *bestsub = NULL; if(h) { - char buffer[MAX_HSTS_HOSTLEN + 1]; time_t now = time(NULL); size_t hlen = strlen(hostname); - struct Curl_llist_element *e; - struct Curl_llist_element *n; + struct Curl_llist_node *e; + struct Curl_llist_node *n; + size_t blen = 0; if((hlen > MAX_HSTS_HOSTLEN) || !hlen) return NULL; - memcpy(buffer, hostname, hlen); if(hostname[hlen-1] == '.') /* remove the trailing dot */ --hlen; - buffer[hlen] = 0; - hostname = buffer; - for(e = h->list.head; e; e = n) { - struct stsentry *sts = e->ptr; - n = e->next; + for(e = Curl_llist_head(&h->list); e; e = n) { + struct stsentry *sts = Curl_node_elem(e); + size_t ntail; + n = Curl_node_next(e); if(sts->expires <= now) { /* remove expired entries */ - Curl_llist_remove(&h->list, &sts->node, NULL); + Curl_node_remove(&sts->node); hsts_free(sts); continue; } - if(subdomain && sts->includeSubDomains) { - size_t ntail = strlen(sts->host); - if(ntail < hlen) { - size_t offs = hlen - ntail; - if((hostname[offs-1] == '.') && - strncasecompare(&hostname[offs], sts->host, ntail)) - return sts; + ntail = strlen(sts->host); + if((subdomain && sts->includeSubDomains) && (ntail < hlen)) { + size_t offs = hlen - ntail; + if((hostname[offs-1] == '.') && + strncasecompare(&hostname[offs], sts->host, ntail) && + (ntail > blen)) { + /* save the tail match with the longest tail */ + bestsub = sts; + blen = ntail; } } - if(strcasecompare(hostname, sts->host)) + /* avoid strcasecompare because the host name is not null terminated */ + if((hlen == ntail) && strncasecompare(hostname, sts->host, hlen)) return sts; } } - return NULL; /* no match */ + return bestsub; } /* @@ -353,8 +360,8 @@ static CURLcode hsts_out(struct stsentry *sts, FILE *fp) CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h, const char *file) { - struct Curl_llist_element *e; - struct Curl_llist_element *n; + struct Curl_llist_node *e; + struct Curl_llist_node *n; CURLcode result = CURLE_OK; FILE *out; char *tempstore = NULL; @@ -376,9 +383,9 @@ CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h, fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n" "# This file was generated by libcurl! Edit at your own risk.\n", out); - for(e = h->list.head; e; e = n) { - struct stsentry *sts = e->ptr; - n = e->next; + for(e = Curl_llist_head(&h->list); e; e = n) { + struct stsentry *sts = Curl_node_elem(e); + n = Curl_node_next(e); result = hsts_out(sts, out); if(result) break; @@ -395,12 +402,12 @@ CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h, if(data->set.hsts_write) { /* if there is a write callback */ struct curl_index i; /* count */ - i.total = h->list.size; + i.total = Curl_llist_count(&h->list); i.index = 0; - for(e = h->list.head; e; e = n) { - struct stsentry *sts = e->ptr; + for(e = Curl_llist_head(&h->list); e; e = n) { + struct stsentry *sts = Curl_node_elem(e); bool stop; - n = e->next; + n = Curl_node_next(e); result = hsts_push(data, &i, sts, &stop); if(result || stop) break; @@ -439,7 +446,7 @@ static CURLcode hsts_add(struct hsts *h, char *line) e = Curl_hsts(h, p, subdomain); if(!e) result = hsts_create(h, p, subdomain, expires); - else { + else if(strcasecompare(p, e->host)) { /* the same hostname, use the largest expire time */ if(expires > e->expires) e->expires = expires; diff --git a/libraries/libcurl/hsts.h b/libraries/libcurl/hsts.h index 21e53a34..1c544f97 100644 --- a/libraries/libcurl/hsts.h +++ b/libraries/libcurl/hsts.h @@ -34,7 +34,7 @@ extern time_t deltatime; #endif struct stsentry { - struct Curl_llist_element node; + struct Curl_llist_node node; const char *host; bool includeSubDomains; curl_off_t expires; /* the timestamp of this entry's expiry */ diff --git a/libraries/libcurl/http.c b/libraries/libcurl/http.c index cb379e7f..a94edd61 100644 --- a/libraries/libcurl/http.c +++ b/libraries/libcurl/http.c @@ -407,7 +407,7 @@ static CURLcode http_perhapsrewind(struct Curl_easy *data, { curl_off_t bytessent = data->req.writebytecount; curl_off_t expectsend = Curl_creader_total_length(data); - curl_off_t upload_remain = (expectsend >= 0)? (expectsend - bytessent) : -1; + curl_off_t upload_remain = (expectsend >= 0) ? (expectsend - bytessent) : -1; bool little_upload_remains = (upload_remain >= 0 && upload_remain < 2000); bool needs_rewind = Curl_creader_needs_rewind(data); /* By default, we would like to abort the transfer when little or unknown @@ -462,16 +462,15 @@ static CURLcode http_perhapsrewind(struct Curl_easy *data, if(abort_upload) { if(upload_remain >= 0) - infof(data, "%s%sclose instead of sending %" - CURL_FORMAT_CURL_OFF_T " more bytes", - ongoing_auth? ongoing_auth : "", - ongoing_auth? " send, " : "", - upload_remain); + infof(data, "%s%sclose instead of sending %" FMT_OFF_T " more bytes", + ongoing_auth ? ongoing_auth : "", + ongoing_auth ? " send, " : "", + upload_remain); else infof(data, "%s%sclose instead of sending unknown amount " - "of more bytes", - ongoing_auth? ongoing_auth : "", - ongoing_auth? " send, " : ""); + "of more bytes", + ongoing_auth ? ongoing_auth : "", + ongoing_auth ? " send, " : ""); /* We decided to abort the ongoing transfer */ streamclose(conn, "Mid-auth HTTP and much data left to send"); /* FIXME: questionable manipulation here, can we do this differently? */ @@ -503,7 +502,7 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data) return CURLE_OK; if(data->state.authproblem) - return data->set.http_fail_on_error?CURLE_HTTP_RETURNED_ERROR:CURLE_OK; + return data->set.http_fail_on_error ? CURLE_HTTP_RETURNED_ERROR : CURLE_OK; if((data->state.aptr.user || data->set.str[STRING_BEARER]) && ((data->req.httpcode == 401) || @@ -678,7 +677,7 @@ output_auth_headers(struct Curl_easy *data, auth, data->state.aptr.user ? data->state.aptr.user : ""); #endif - authstatus->multipass = (!authstatus->done) ? TRUE : FALSE; + authstatus->multipass = !authstatus->done; } else authstatus->multipass = FALSE; @@ -1262,8 +1261,8 @@ CURLcode Curl_dynhds_add_custom(struct Curl_easy *data, if(is_connect) proxy = HEADER_CONNECT; else - proxy = conn->bits.httpproxy && !conn->bits.tunnel_proxy? - HEADER_PROXY:HEADER_SERVER; + proxy = conn->bits.httpproxy && !conn->bits.tunnel_proxy ? + HEADER_PROXY : HEADER_SERVER; switch(proxy) { case HEADER_SERVER: @@ -1409,8 +1408,8 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data, if(is_connect) proxy = HEADER_CONNECT; else - proxy = conn->bits.httpproxy && !conn->bits.tunnel_proxy? - HEADER_PROXY:HEADER_SERVER; + proxy = conn->bits.httpproxy && !conn->bits.tunnel_proxy ? + HEADER_PROXY : HEADER_SERVER; switch(proxy) { case HEADER_SERVER: @@ -1603,7 +1602,7 @@ CURLcode Curl_add_timecondition(struct Curl_easy *data, msnprintf(datestr, sizeof(datestr), "%s: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n", condp, - Curl_wkday[tm->tm_wday?tm->tm_wday-1:6], + Curl_wkday[tm->tm_wday ? tm->tm_wday-1 : 6], tm->tm_mday, Curl_month[tm->tm_mon], tm->tm_year + 1900, @@ -1756,11 +1755,12 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn) (conn->remote_port == PORT_HTTP)) ) /* if(HTTPS on port 443) OR (HTTP on port 80) then do not include the port number in the host string */ - aptr->host = aprintf("Host: %s%s%s\r\n", conn->bits.ipv6_ip?"[":"", - host, conn->bits.ipv6_ip?"]":""); + aptr->host = aprintf("Host: %s%s%s\r\n", conn->bits.ipv6_ip ? "[" : "", + host, conn->bits.ipv6_ip ? "]" : ""); else - aptr->host = aprintf("Host: %s%s%s:%d\r\n", conn->bits.ipv6_ip?"[":"", - host, conn->bits.ipv6_ip?"]":"", + aptr->host = aprintf("Host: %s%s%s:%d\r\n", + conn->bits.ipv6_ip ? "[" : "", + host, conn->bits.ipv6_ip ? "]" : "", conn->remote_port); if(!aptr->host) @@ -1837,8 +1837,8 @@ CURLcode Curl_http_target(struct Curl_easy *data, curl_url_cleanup(h); /* target or URL */ - result = Curl_dyn_add(r, data->set.str[STRING_TARGET]? - data->set.str[STRING_TARGET]:url); + result = Curl_dyn_add(r, data->set.str[STRING_TARGET] ? + data->set.str[STRING_TARGET] : url); free(url); if(result) return (result); @@ -1974,11 +1974,8 @@ static CURLcode set_reader(struct Curl_easy *data, Curl_HttpReq httpreq) switch(httpreq) { case HTTPREQ_PUT: /* Let's PUT the data to the server! */ - if(!postsize) - result = Curl_creader_set_null(data); - else - result = Curl_creader_set_fread(data, postsize); - return result; + return postsize ? Curl_creader_set_fread(data, postsize) : + Curl_creader_set_null(data); #if !defined(CURL_DISABLE_MIME) || !defined(CURL_DISABLE_FORM_API) case HTTPREQ_POST_FORM: @@ -2011,7 +2008,7 @@ static CURLcode set_reader(struct Curl_easy *data, Curl_HttpReq httpreq) chunked = Curl_compareheader(ptr, STRCONST("Transfer-Encoding:"), STRCONST("chunked")); } - result = Curl_creader_set_fread(data, chunked? -1 : postsize); + result = Curl_creader_set_fread(data, chunked ? -1 : postsize); } return result; @@ -2049,7 +2046,7 @@ static CURLcode http_resume(struct Curl_easy *data, Curl_HttpReq httpreq) CURLcode result; result = Curl_creader_resume_from(data, data->state.resume_from); if(result) { - failf(data, "Unable to resume from offset %" CURL_FORMAT_CURL_OFF_T, + failf(data, "Unable to resume from offset %" FMT_OFF_T, data->state.resume_from); return result; } @@ -2186,9 +2183,8 @@ CURLcode Curl_http_req_complete(struct Curl_easy *data, !Curl_checkheaders(data, STRCONST("Content-Length")))) { /* we allow replacing this header if not during auth negotiation, although it is not very wise to actually set your own */ - result = Curl_dyn_addf(r, - "Content-Length: %" CURL_FORMAT_CURL_OFF_T - "\r\n", req_clen); + result = Curl_dyn_addf(r, "Content-Length: %" FMT_OFF_T "\r\n", + req_clen); } if(result) goto out; @@ -2252,8 +2248,9 @@ CURLcode Curl_http_cookies(struct Curl_easy *data, addcookies = data->set.str[STRING_COOKIE]; if(data->cookies || addcookies) { - struct Cookie *co = NULL; /* no cookies from start */ + struct Curl_llist list; int count = 0; + int rc = 1; if(data->cookies && data->state.cookie_engine) { const char *host = data->state.aptr.cookiehost ? @@ -2262,17 +2259,19 @@ CURLcode Curl_http_cookies(struct Curl_easy *data, conn->handler->protocol&(CURLPROTO_HTTPS|CURLPROTO_WSS) || strcasecompare("localhost", host) || !strcmp(host, "127.0.0.1") || - !strcmp(host, "::1") ? TRUE : FALSE; + !strcmp(host, "::1"); Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); - co = Curl_cookie_getlist(data, data->cookies, host, data->state.up.path, - secure_context); + rc = Curl_cookie_getlist(data, data->cookies, host, data->state.up.path, + secure_context, &list); Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); } - if(co) { - struct Cookie *store = co; + if(!rc) { + struct Curl_llist_node *n; size_t clen = 8; /* hold the size of the generated Cookie: header */ - /* now loop through all cookies that matched */ - while(co) { + + /* loop through all cookies that matched */ + for(n = Curl_llist_head(&list); n; n = Curl_node_next(n)) { + struct Cookie *co = Curl_node_elem(n); if(co->value) { size_t add; if(!count) { @@ -2287,22 +2286,21 @@ CURLcode Curl_http_cookies(struct Curl_easy *data, linecap = TRUE; break; } - result = Curl_dyn_addf(r, "%s%s=%s", count?"; ":"", + result = Curl_dyn_addf(r, "%s%s=%s", count ? "; " : "", co->name, co->value); if(result) break; clen += add + (count ? 2 : 0); count++; } - co = co->next; /* next cookie please */ } - Curl_cookie_freelist(store); + Curl_llist_destroy(&list, NULL); } if(addcookies && !result && !linecap) { if(!count) result = Curl_dyn_addn(r, STRCONST("Cookie: ")); if(!result) { - result = Curl_dyn_addf(r, "%s%s", count?"; ":"", addcookies); + result = Curl_dyn_addf(r, "%s%s", count ? "; " : "", addcookies); count++; } } @@ -2343,8 +2341,7 @@ CURLcode Curl_http_range(struct Curl_easy *data, remote part so we tell the server (and act accordingly) that we upload the whole file (again) */ data->state.aptr.rangeline = - aprintf("Content-Range: bytes 0-%" CURL_FORMAT_CURL_OFF_T - "/%" CURL_FORMAT_CURL_OFF_T "\r\n", + aprintf("Content-Range: bytes 0-%" FMT_OFF_T "/%" FMT_OFF_T "\r\n", req_clen - 1, req_clen); } @@ -2353,19 +2350,18 @@ CURLcode Curl_http_range(struct Curl_easy *data, /* TODO: not sure if we want to send this header during authentication * negotiation, but test1084 checks for it. In which case we have a * "null" client reader installed that gives an unexpected length. */ - curl_off_t total_len = data->req.authneg? + curl_off_t total_len = data->req.authneg ? data->state.infilesize : (data->state.resume_from + req_clen); data->state.aptr.rangeline = - aprintf("Content-Range: bytes %s%" CURL_FORMAT_CURL_OFF_T - "/%" CURL_FORMAT_CURL_OFF_T "\r\n", + aprintf("Content-Range: bytes %s%" FMT_OFF_T "/%" FMT_OFF_T "\r\n", data->state.range, total_len-1, total_len); } else { /* Range was selected and then we just pass the incoming range and append total size */ data->state.aptr.rangeline = - aprintf("Content-Range: bytes %s/%" CURL_FORMAT_CURL_OFF_T "\r\n", + aprintf("Content-Range: bytes %s/%" FMT_OFF_T "\r\n", data->state.range, req_clen); } if(!data->state.aptr.rangeline) @@ -2586,7 +2582,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) goto fail; p_accept = Curl_checkheaders(data, - STRCONST("Accept"))?NULL:"Accept: */*\r\n"; + STRCONST("Accept")) ? NULL : "Accept: */*\r\n"; result = Curl_http_range(data, httpreq); if(result) @@ -2638,35 +2634,34 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) "%s",/* Alt-Used */ httpstring, - (data->state.aptr.host?data->state.aptr.host:""), + (data->state.aptr.host ? data->state.aptr.host : ""), #ifndef CURL_DISABLE_PROXY - data->state.aptr.proxyuserpwd? - data->state.aptr.proxyuserpwd:"", + data->state.aptr.proxyuserpwd ? + data->state.aptr.proxyuserpwd : "", #else "", #endif - data->state.aptr.userpwd?data->state.aptr.userpwd:"", - (data->state.use_range && data->state.aptr.rangeline)? - data->state.aptr.rangeline:"", + data->state.aptr.userpwd ? data->state.aptr.userpwd : "", + (data->state.use_range && data->state.aptr.rangeline) ? + data->state.aptr.rangeline : "", (data->set.str[STRING_USERAGENT] && *data->set.str[STRING_USERAGENT] && - data->state.aptr.uagent)? - data->state.aptr.uagent:"", - p_accept?p_accept:"", - data->state.aptr.te?data->state.aptr.te:"", + data->state.aptr.uagent) ? + data->state.aptr.uagent : "", + p_accept ? p_accept : "", + data->state.aptr.te ? data->state.aptr.te : "", (data->set.str[STRING_ENCODING] && *data->set.str[STRING_ENCODING] && - data->state.aptr.accept_encoding)? - data->state.aptr.accept_encoding:"", - (data->state.referer && data->state.aptr.ref)? - data->state.aptr.ref:"" /* Referer: */, + data->state.aptr.accept_encoding) ? + data->state.aptr.accept_encoding : "", + (data->state.referer && data->state.aptr.ref) ? + data->state.aptr.ref : "" /* Referer: */, #ifndef CURL_DISABLE_PROXY (conn->bits.httpproxy && !conn->bits.tunnel_proxy && !Curl_checkheaders(data, STRCONST("Proxy-Connection")) && - !Curl_checkProxyheaders(data, - conn, - STRCONST("Proxy-Connection")))? + !Curl_checkProxyheaders(data, conn, + STRCONST("Proxy-Connection"))) ? "Proxy-Connection: Keep-Alive\r\n":"", #else "", @@ -2701,7 +2696,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) } result = Curl_http_cookies(data, conn, &req); -#ifdef USE_WEBSOCKETS +#ifndef CURL_DISABLE_WEBSOCKETS if(!result && conn->handler->protocol&(CURLPROTO_WS|CURLPROTO_WSS)) result = Curl_ws_request(data, &req); #endif @@ -2758,7 +2753,7 @@ checkhttpprefix(struct Curl_easy *data, { struct curl_slist *head = data->set.http200aliases; statusline rc = STATUS_BAD; - statusline onmatch = len >= 5? STATUS_DONE : STATUS_UNKNOWN; + statusline onmatch = len >= 5 ? STATUS_DONE : STATUS_UNKNOWN; while(head) { if(checkprefixmax(head->data, s, len)) { @@ -2780,7 +2775,7 @@ checkrtspprefix(struct Curl_easy *data, const char *s, size_t len) { statusline result = STATUS_BAD; - statusline onmatch = len >= 5? STATUS_DONE : STATUS_UNKNOWN; + statusline onmatch = len >= 5 ? STATUS_DONE : STATUS_UNKNOWN; (void)data; /* unused */ if(checkprefixmax("RTSP/", s, len)) result = onmatch; @@ -2841,10 +2836,10 @@ CURLcode Curl_http_header(struct Curl_easy *data, #else 0 #endif - ))? HD_VAL(hd, hdlen, "Alt-Svc:") : NULL; + )) ? HD_VAL(hd, hdlen, "Alt-Svc:") : NULL; if(v) { /* the ALPN of the current request */ - enum alpnid id = (conn->httpversion == 30)? ALPN_h3 : + enum alpnid id = (conn->httpversion == 30) ? ALPN_h3 : (conn->httpversion == 20) ? ALPN_h2 : ALPN_h1; return Curl_altsvc_parse(data, data->asi, v, id, conn->host.name, curlx_uitous((unsigned int)conn->remote_port)); @@ -2854,8 +2849,8 @@ CURLcode Curl_http_header(struct Curl_easy *data, case 'c': case 'C': /* Check for Content-Length: header lines to get size */ - v = (!k->http_bodyless && !data->set.ignorecl)? - HD_VAL(hd, hdlen, "Content-Length:") : NULL; + v = (!k->http_bodyless && !data->set.ignorecl) ? + HD_VAL(hd, hdlen, "Content-Length:") : NULL; if(v) { curl_off_t contentlength; CURLofft offt = curlx_strtoofft(v, NULL, 10, &contentlength); @@ -2880,8 +2875,8 @@ CURLcode Curl_http_header(struct Curl_easy *data, } return CURLE_OK; } - v = (!k->http_bodyless && data->set.str[STRING_ENCODING])? - HD_VAL(hd, hdlen, "Content-Encoding:") : NULL; + v = (!k->http_bodyless && data->set.str[STRING_ENCODING]) ? + HD_VAL(hd, hdlen, "Content-Encoding:") : NULL; if(v) { /* * Process Content-Encoding. Look for the values: identity, @@ -2929,7 +2924,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, infof(data, "HTTP/1.0 connection set to keep alive"); return CURLE_OK; } - v = !k->http_bodyless? HD_VAL(hd, hdlen, "Content-Range:") : NULL; + v = !k->http_bodyless ? HD_VAL(hd, hdlen, "Content-Range:") : NULL; if(v) { /* Content-Range: bytes [num]- Content-Range: bytes: [num]- @@ -2963,7 +2958,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, case 'l': case 'L': v = (!k->http_bodyless && - (data->set.timecondition || data->set.get_filetime))? + (data->set.timecondition || data->set.get_filetime)) ? HD_VAL(hd, hdlen, "Last-Modified:") : NULL; if(v) { k->timeofdoc = Curl_getdate_capped(v); @@ -3046,8 +3041,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, char *persistentauth = Curl_copy_header_value(hd); if(!persistentauth) return CURLE_OUT_OF_MEMORY; - negdata->noauthpersist = checkprefix("false", persistentauth)? - TRUE:FALSE; + negdata->noauthpersist = !!checkprefix("false", persistentauth); negdata->havenoauthpersist = TRUE; infof(data, "Negotiate: noauthpersist -> %d, header part: %s", negdata->noauthpersist, persistentauth); @@ -3077,18 +3071,18 @@ CURLcode Curl_http_header(struct Curl_easy *data, case 's': case 'S': #if !defined(CURL_DISABLE_COOKIES) - v = (data->cookies && data->state.cookie_engine)? + v = (data->cookies && data->state.cookie_engine) ? HD_VAL(hd, hdlen, "Set-Cookie:") : NULL; if(v) { /* If there is a custom-set Host: name, use it here, or else use * real peer hostname. */ - const char *host = data->state.aptr.cookiehost? - data->state.aptr.cookiehost:conn->host.name; + const char *host = data->state.aptr.cookiehost ? + data->state.aptr.cookiehost : conn->host.name; const bool secure_context = conn->handler->protocol&(CURLPROTO_HTTPS|CURLPROTO_WSS) || strcasecompare("localhost", host) || !strcmp(host, "127.0.0.1") || - !strcmp(host, "::1") ? TRUE : FALSE; + !strcmp(host, "::1"); Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); @@ -3109,7 +3103,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, 0 #endif ) - )? HD_VAL(hd, hdlen, "Strict-Transport-Security:") : NULL; + ) ? HD_VAL(hd, hdlen, "Strict-Transport-Security:") : NULL; if(v) { CURLcode check = Curl_hsts_parse(data->hsts, conn->host.name, v); @@ -3118,7 +3112,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, #ifdef DEBUGBUILD else infof(data, "Parsed STS header fine (%zu entries)", - data->hsts->list.size); + Curl_llist_count(&data->hsts->list)); #endif } #endif @@ -3137,8 +3131,8 @@ CURLcode Curl_http_header(struct Curl_easy *data, */ v = (!k->http_bodyless && (data->state.httpreq != HTTPREQ_HEAD) && - (k->httpcode != 304))? - HD_VAL(hd, hdlen, "Transfer-Encoding:") : NULL; + (k->httpcode != 304)) ? + HD_VAL(hd, hdlen, "Transfer-Encoding:") : NULL; if(v) { /* One or more encodings. We check for chunked and/or a compression algorithm. */ @@ -3154,6 +3148,11 @@ CURLcode Curl_http_header(struct Curl_easy *data, } return CURLE_OK; } + v = HD_VAL(hd, hdlen, "Trailer:"); + if(v) { + data->req.resp_trailer = TRUE; + return CURLE_OK; + } break; case 'w': case 'W': @@ -3241,9 +3240,6 @@ CURLcode Curl_http_statusline(struct Curl_easy *data, else if(k->httpversion == 20 || (k->upgr101 == UPGR101_H2 && k->httpcode == 101)) { DEBUGF(infof(data, "HTTP/2 found, allow multiplexing")); - /* HTTP/2 cannot avoid multiplexing since it is a core functionality - of the protocol */ - conn->bundle->multiuse = BUNDLE_MULTIPLEX; } k->http_bodyless = k->httpcode >= 100 && k->httpcode < 200; @@ -3285,10 +3281,13 @@ CURLcode Curl_http_size(struct Curl_easy *data) } else if(k->size != -1) { if(data->set.max_filesize && - k->size > data->set.max_filesize) { + !k->ignorebody && + (k->size > data->set.max_filesize)) { failf(data, "Maximum file size exceeded"); return CURLE_FILESIZE_EXCEEDED; } + if(k->ignorebody) + infof(data, "setting size while ignoring"); Curl_pgrsSetDownloadSize(data, k->size); k->maxdownload = k->size; } @@ -3371,8 +3370,8 @@ static CURLcode http_write_header(struct Curl_easy *data, return result; data->req.deductheadercount = (100 <= data->req.httpcode && - 199 >= data->req.httpcode)? - data->req.headerbytecount:0; + 199 >= data->req.httpcode) ? + data->req.headerbytecount : 0; return result; } @@ -3393,9 +3392,6 @@ static CURLcode http_on_response(struct Curl_easy *data, if(conn->httpversion != 20) infof(data, "Lying server, not serving HTTP/2"); } - if(conn->httpversion < 20) { - conn->bundle->multiuse = BUNDLE_NO_MULTIUSE; - } if(k->httpcode < 200 && last_hd) { /* Intermediate responses might trigger processing of more @@ -3440,6 +3436,7 @@ static CURLcode http_on_response(struct Curl_easy *data, /* Switching to HTTP/2, where we will get more responses */ infof(data, "Received 101, Switching to HTTP/2"); k->upgr101 = UPGR101_RECEIVED; + data->conn->bits.asks_multiplex = FALSE; /* We expect more response from HTTP/2 later */ k->header = TRUE; k->headerline = 0; /* restart the header line counter */ @@ -3450,7 +3447,7 @@ static CURLcode http_on_response(struct Curl_easy *data, goto out; *pconsumed += blen; } -#ifdef USE_WEBSOCKETS +#ifndef CURL_DISABLE_WEBSOCKETS else if(k->upgr101 == UPGR101_WS) { /* verify the response. Any passed `buf` bytes are already in * WebSockets format and taken in by the protocol handler. */ @@ -3486,6 +3483,7 @@ static CURLcode http_on_response(struct Curl_easy *data, if(k->upgr101 == UPGR101_H2) { /* A requested upgrade was denied, poke the multi handle to possibly allow a pending pipewait to continue */ + data->conn->bits.asks_multiplex = FALSE; Curl_multi_connchanged(data->multi); } @@ -3534,8 +3532,8 @@ static CURLcode http_on_response(struct Curl_easy *data, } #endif -#ifdef USE_WEBSOCKETS - /* All >=200 HTTP status codes are errors when wanting websockets */ +#ifndef CURL_DISABLE_WEBSOCKETS + /* All >=200 HTTP status codes are errors when wanting WebSockets */ if(data->req.upgr101 == UPGR101_WS) { failf(data, "Refused WebSockets upgrade: %d", k->httpcode); result = CURLE_HTTP_RETURNED_ERROR; @@ -3628,13 +3626,6 @@ static CURLcode http_on_response(struct Curl_easy *data, } - /* This is the last response that we will got for the current request. - * Check on the body size and determine if the response is complete. - */ - result = Curl_http_size(data); - if(result) - goto out; - /* If we requested a "no body", this is a good time to get * out and return home. */ @@ -3654,6 +3645,12 @@ static CURLcode http_on_response(struct Curl_easy *data, /* final response without error, prepare to receive the body */ result = Curl_http_firstwrite(data); + if(!result) + /* This is the last response that we get for the current request. + * Check on the body size and determine if the response is complete. + */ + result = Curl_http_size(data); + out: if(last_hd) { /* if not written yet, write it now */ @@ -4053,7 +4050,7 @@ CURLcode Curl_http_decode_status(int *pstatus, const char *s, size_t len) } result = CURLE_OK; out: - *pstatus = result? -1 : status; + *pstatus = result ? -1 : status; return result; } @@ -4096,7 +4093,7 @@ CURLcode Curl_http_req_make(struct httpreq **preq, out: if(result && req) Curl_http_req_free(req); - *preq = result? NULL : req; + *preq = result ? NULL : req; return result; } @@ -4254,7 +4251,7 @@ CURLcode Curl_http_req_make2(struct httpreq **preq, out: if(result && req) Curl_http_req_free(req); - *preq = result? NULL : req; + *preq = result ? NULL : req; return result; } @@ -4320,8 +4317,8 @@ CURLcode Curl_http_req_to_h2(struct dynhds *h2_headers, infof(data, "set pseudo header %s to %s", HTTP_PSEUDO_SCHEME, scheme); } else { - scheme = (data->conn && data->conn->handler->flags & PROTOPT_SSL)? - "https" : "http"; + scheme = (data->conn && data->conn->handler->flags & PROTOPT_SSL) ? + "https" : "http"; } } @@ -4385,7 +4382,7 @@ CURLcode Curl_http_resp_make(struct http_resp **presp, out: if(result && resp) Curl_http_resp_free(resp); - *presp = result? NULL : resp; + *presp = result ? NULL : resp; return result; } @@ -4431,9 +4428,18 @@ static CURLcode cr_exp100_read(struct Curl_easy *data, switch(ctx->state) { case EXP100_SENDING_REQUEST: + if(!Curl_req_sendbuf_empty(data)) { + /* The initial request data has not been fully sent yet. Do + * not start the timer yet. */ + DEBUGF(infof(data, "cr_exp100_read, request not full sent yet")); + *nread = 0; + *eos = FALSE; + return CURLE_OK; + } /* We are now waiting for a reply from the server or - * a timeout on our side */ - DEBUGF(infof(data, "cr_exp100_read, start AWAITING_CONTINUE")); + * a timeout on our side IFF the request has been fully sent. */ + DEBUGF(infof(data, "cr_exp100_read, start AWAITING_CONTINUE, " + "timeout %ldms", data->set.expect_100_timeout)); ctx->state = EXP100_AWAITING_CONTINUE; ctx->start = Curl_now(); Curl_expire(data, data->set.expect_100_timeout, EXPIRE_100_TIMEOUT); @@ -4471,7 +4477,7 @@ static void cr_exp100_done(struct Curl_easy *data, struct Curl_creader *reader, int premature) { struct cr_exp100_ctx *ctx = reader->ctx; - ctx->state = premature? EXP100_FAILED : EXP100_SEND_DATA; + ctx->state = premature ? EXP100_FAILED : EXP100_SEND_DATA; data->req.keepon &= ~KEEP_SEND_TIMED; Curl_expire_done(data, EXPIRE_100_TIMEOUT); } @@ -4537,7 +4543,7 @@ static void http_exp100_send_anyway(struct Curl_easy *data) bool Curl_http_exp100_is_selected(struct Curl_easy *data) { struct Curl_creader *r = Curl_creader_get_by_type(data, &cr_exp100); - return r? TRUE : FALSE; + return !!r; } #endif /* CURL_DISABLE_HTTP */ diff --git a/libraries/libcurl/http1.c b/libraries/libcurl/http1.c index d7e21fdc..f135b207 100644 --- a/libraries/libcurl/http1.c +++ b/libraries/libcurl/http1.c @@ -128,7 +128,7 @@ static ssize_t next_line(struct h1_req_parser *parser, else if(*err == CURLE_AGAIN) { /* no line end in `buf`, add it to our scratch */ *err = Curl_dyn_addn(&parser->scratch, (const unsigned char *)buf, buflen); - nread = (*err)? -1 : (ssize_t)buflen; + nread = (*err) ? -1 : (ssize_t)buflen; } return nread; } @@ -325,10 +325,10 @@ CURLcode Curl_h1_req_write_head(struct httpreq *req, int http_minor, result = Curl_dyn_addf(dbuf, "%s %s%s%s%s HTTP/1.%d\r\n", req->method, - req->scheme? req->scheme : "", - req->scheme? "://" : "", - req->authority? req->authority : "", - req->path? req->path : "", + req->scheme ? req->scheme : "", + req->scheme ? "://" : "", + req->authority ? req->authority : "", + req->path ? req->path : "", http_minor); if(result) goto out; diff --git a/libraries/libcurl/http2.c b/libraries/libcurl/http2.c index 6a979c13..f1ee0cf9 100644 --- a/libraries/libcurl/http2.c +++ b/libraries/libcurl/http2.c @@ -69,25 +69,32 @@ /* buffer dimensioning: * use 16K as chunk size, as that fits H2 DATA frames well */ #define H2_CHUNK_SIZE (16 * 1024) -/* this is how much we want "in flight" for a stream */ -#define H2_STREAM_WINDOW_SIZE (10 * 1024 * 1024) +/* connection window size */ +#define H2_CONN_WINDOW_SIZE (10 * 1024 * 1024) /* on receiving from TLS, we prep for holding a full stream window */ -#define H2_NW_RECV_CHUNKS (H2_STREAM_WINDOW_SIZE / H2_CHUNK_SIZE) +#define H2_NW_RECV_CHUNKS (H2_CONN_WINDOW_SIZE / H2_CHUNK_SIZE) /* on send into TLS, we just want to accumulate small frames */ #define H2_NW_SEND_CHUNKS 1 -/* stream recv/send chunks are a result of window / chunk sizes */ -#define H2_STREAM_RECV_CHUNKS (H2_STREAM_WINDOW_SIZE / H2_CHUNK_SIZE) +/* this is how much we want "in flight" for a stream, unthrottled */ +#define H2_STREAM_WINDOW_SIZE_MAX (10 * 1024 * 1024) +/* this is how much we want "in flight" for a stream, initially, IFF + * nghttp2 allows us to tweak the local window size. */ +#if NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE +#define H2_STREAM_WINDOW_SIZE_INITIAL (64 * 1024) +#else +#define H2_STREAM_WINDOW_SIZE_INITIAL H2_STREAM_WINDOW_SIZE_MAX +#endif /* keep smaller stream upload buffer (default h2 window size) to have * our progress bars and "upload done" reporting closer to reality */ #define H2_STREAM_SEND_CHUNKS ((64 * 1024) / H2_CHUNK_SIZE) /* spare chunks we keep for a full window */ -#define H2_STREAM_POOL_SPARES (H2_STREAM_WINDOW_SIZE / H2_CHUNK_SIZE) +#define H2_STREAM_POOL_SPARES (H2_CONN_WINDOW_SIZE / H2_CHUNK_SIZE) /* We need to accommodate the max number of streams with their window sizes on * the overall connection. Streams might become PAUSED which will block their * received QUOTA in the connection window. If we run out of space, the server * is blocked from sending us any data. See #10988 for an issue with this. */ -#define HTTP2_HUGE_WINDOW_SIZE (100 * H2_STREAM_WINDOW_SIZE) +#define HTTP2_HUGE_WINDOW_SIZE (100 * H2_STREAM_WINDOW_SIZE_MAX) #define H2_SETTINGS_IV_LEN 3 #define H2_BINSETTINGS_LEN 80 @@ -99,7 +106,7 @@ static size_t populate_settings(nghttp2_settings_entry *iv, iv[0].value = Curl_multi_max_concurrent_streams(data->multi); iv[1].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE; - iv[1].value = H2_STREAM_WINDOW_SIZE; + iv[1].value = H2_STREAM_WINDOW_SIZE_INITIAL; iv[2].settings_id = NGHTTP2_SETTINGS_ENABLE_PUSH; iv[2].value = data->multi->push_cb != NULL; @@ -129,12 +136,14 @@ struct cf_h2_ctx { struct bufc_pool stream_bufcp; /* spares for stream buffers */ struct dynbuf scratch; /* scratch buffer for temp use */ - struct Curl_hash streams; /* hash of `data->id` to `h2_stream_ctx` */ + struct Curl_hash streams; /* hash of `data->mid` to `h2_stream_ctx` */ size_t drain_total; /* sum of all stream's UrlState drain */ uint32_t max_concurrent_streams; uint32_t goaway_error; /* goaway error code from server */ int32_t remote_max_sid; /* max id processed by server */ int32_t local_max_sid; /* max id processed by us */ + BIT(initialized); + BIT(via_h1_upgrade); BIT(conn_closed); BIT(rcvd_goaway); BIT(sent_goaway); @@ -147,28 +156,38 @@ struct cf_h2_ctx { #define CF_CTX_CALL_DATA(cf) \ ((struct cf_h2_ctx *)(cf)->ctx)->call_data -static void cf_h2_ctx_clear(struct cf_h2_ctx *ctx) +static void h2_stream_hash_free(void *stream); + +static void cf_h2_ctx_init(struct cf_h2_ctx *ctx, bool via_h1_upgrade) { - struct cf_call_data save = ctx->call_data; + Curl_bufcp_init(&ctx->stream_bufcp, H2_CHUNK_SIZE, H2_STREAM_POOL_SPARES); + Curl_bufq_initp(&ctx->inbufq, &ctx->stream_bufcp, H2_NW_RECV_CHUNKS, 0); + Curl_bufq_initp(&ctx->outbufq, &ctx->stream_bufcp, H2_NW_SEND_CHUNKS, 0); + Curl_dyn_init(&ctx->scratch, CURL_MAX_HTTP_HEADER); + Curl_hash_offt_init(&ctx->streams, 63, h2_stream_hash_free); + ctx->remote_max_sid = 2147483647; + ctx->via_h1_upgrade = via_h1_upgrade; + ctx->initialized = TRUE; +} - if(ctx->h2) { - nghttp2_session_del(ctx->h2); +static void cf_h2_ctx_free(struct cf_h2_ctx *ctx) +{ + if(ctx && ctx->initialized) { + Curl_bufq_free(&ctx->inbufq); + Curl_bufq_free(&ctx->outbufq); + Curl_bufcp_free(&ctx->stream_bufcp); + Curl_dyn_free(&ctx->scratch); + Curl_hash_clean(&ctx->streams); + Curl_hash_destroy(&ctx->streams); + memset(ctx, 0, sizeof(*ctx)); } - Curl_bufq_free(&ctx->inbufq); - Curl_bufq_free(&ctx->outbufq); - Curl_bufcp_free(&ctx->stream_bufcp); - Curl_dyn_free(&ctx->scratch); - Curl_hash_clean(&ctx->streams); - Curl_hash_destroy(&ctx->streams); - memset(ctx, 0, sizeof(*ctx)); - ctx->call_data = save; + free(ctx); } -static void cf_h2_ctx_free(struct cf_h2_ctx *ctx) +static void cf_h2_ctx_close(struct cf_h2_ctx *ctx) { - if(ctx) { - cf_h2_ctx_clear(ctx); - free(ctx); + if(ctx->h2) { + nghttp2_session_del(ctx->h2); } } @@ -184,8 +203,6 @@ struct h2_stream_ctx { struct h1_req_parser h1; /* parsing the request */ struct dynhds resp_trailers; /* response trailer fields */ size_t resp_hds_len; /* amount of response header bytes in recvbuf */ - size_t upload_blocked_len; - curl_off_t upload_left; /* number of request bytes left to upload */ curl_off_t nrcvd_data; /* number of DATA bytes received */ char **push_headers; /* allocated array */ @@ -195,19 +212,19 @@ struct h2_stream_ctx { int status_code; /* HTTP response status code */ uint32_t error; /* stream error code */ CURLcode xfer_result; /* Result of writing out response */ - uint32_t local_window_size; /* the local recv window size */ + int32_t local_window_size; /* the local recv window size */ int32_t id; /* HTTP/2 protocol identifier for stream */ BIT(resp_hds_complete); /* we have a complete, final response */ BIT(closed); /* TRUE on stream close */ BIT(reset); /* TRUE on stream reset */ BIT(close_handled); /* TRUE if stream closure is handled by libcurl */ BIT(bodystarted); - BIT(send_closed); /* transfer is done sending, we might have still - buffered data in stream->sendbuf to upload. */ + BIT(body_eos); /* the complete body has been added to `sendbuf` and + * is being/has been processed from there. */ }; #define H2_STREAM_CTX(ctx,data) ((struct h2_stream_ctx *)(\ - data? Curl_hash_offt_get(&(ctx)->streams, (data)->id) : NULL)) + data? Curl_hash_offt_get(&(ctx)->streams, (data)->mid) : NULL)) static struct h2_stream_ctx *h2_stream_ctx_create(struct cf_h2_ctx *ctx) { @@ -229,8 +246,7 @@ static struct h2_stream_ctx *h2_stream_ctx_create(struct cf_h2_ctx *ctx) stream->closed = FALSE; stream->close_handled = FALSE; stream->error = NGHTTP2_NO_ERROR; - stream->local_window_size = H2_STREAM_WINDOW_SIZE; - stream->upload_left = 0; + stream->local_window_size = H2_STREAM_WINDOW_SIZE_INITIAL; stream->nrcvd_data = 0; return stream; } @@ -238,7 +254,7 @@ static struct h2_stream_ctx *h2_stream_ctx_create(struct cf_h2_ctx *ctx) static void free_push_headers(struct h2_stream_ctx *stream) { size_t i; - for(i = 0; ipush_headers_used; i++) + for(i = 0; i < stream->push_headers_used; i++) free(stream->push_headers[i]); Curl_safefree(stream->push_headers); stream->push_headers_used = 0; @@ -259,6 +275,77 @@ static void h2_stream_hash_free(void *stream) h2_stream_ctx_free((struct h2_stream_ctx *)stream); } +#ifdef NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE +static int32_t cf_h2_get_desired_local_win(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + (void)cf; + if(data->set.max_recv_speed && data->set.max_recv_speed < INT32_MAX) { + /* The transfer should only receive `max_recv_speed` bytes per second. + * We restrict the stream's local window size, so that the server cannot + * send us "too much" at a time. + * This gets less precise the higher the latency. */ + return (int32_t)data->set.max_recv_speed; + } + return H2_STREAM_WINDOW_SIZE_MAX; +} + +static CURLcode cf_h2_update_local_win(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct h2_stream_ctx *stream, + bool paused) +{ + struct cf_h2_ctx *ctx = cf->ctx; + int32_t dwsize; + int rv; + + dwsize = paused ? 0 : cf_h2_get_desired_local_win(cf, data); + if(dwsize != stream->local_window_size) { + int32_t wsize = nghttp2_session_get_stream_effective_local_window_size( + ctx->h2, stream->id); + if(dwsize > wsize) { + rv = nghttp2_submit_window_update(ctx->h2, NGHTTP2_FLAG_NONE, + stream->id, dwsize - wsize); + if(rv) { + failf(data, "[%d] nghttp2_submit_window_update() failed: " + "%s(%d)", stream->id, nghttp2_strerror(rv), rv); + return CURLE_HTTP2; + } + stream->local_window_size = dwsize; + CURL_TRC_CF(data, cf, "[%d] local window update by %d", + stream->id, dwsize - wsize); + } + else { + rv = nghttp2_session_set_local_window_size(ctx->h2, NGHTTP2_FLAG_NONE, + stream->id, dwsize); + if(rv) { + failf(data, "[%d] nghttp2_session_set_local_window_size() failed: " + "%s(%d)", stream->id, nghttp2_strerror(rv), rv); + return CURLE_HTTP2; + } + stream->local_window_size = dwsize; + CURL_TRC_CF(data, cf, "[%d] local window size now %d", + stream->id, dwsize); + } + } + return CURLE_OK; +} + +#else /* NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE */ + +static CURLcode cf_h2_update_local_win(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct h2_stream_ctx *stream, + bool paused) +{ + (void)cf; + (void)data; + (void)stream; + (void)paused; + return CURLE_OK; +} +#endif /* !NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE */ + /* * Mark this transfer to get "drained". */ @@ -270,10 +357,10 @@ static void drain_stream(struct Curl_cfilter *cf, (void)cf; bits = CURL_CSELECT_IN; - if(!stream->send_closed && - (stream->upload_left || stream->upload_blocked_len)) + if(!stream->closed && + (!stream->body_eos || !Curl_bufq_is_empty(&stream->sendbuf))) bits |= CURL_CSELECT_OUT; - if(data->state.select_bits != bits) { + if(stream->closed || (data->state.select_bits != bits)) { CURL_TRC_CF(data, cf, "[%d] DRAIN select_bits=%x", stream->id, bits); data->state.select_bits = bits; @@ -300,7 +387,7 @@ static CURLcode http2_data_setup(struct Curl_cfilter *cf, if(!stream) return CURLE_OUT_OF_MEMORY; - if(!Curl_hash_offt_set(&ctx->streams, data->id, stream)) { + if(!Curl_hash_offt_set(&ctx->streams, data->mid, stream)) { h2_stream_ctx_free(stream); return CURLE_OUT_OF_MEMORY; } @@ -315,7 +402,7 @@ static void http2_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) struct h2_stream_ctx *stream = H2_STREAM_CTX(ctx, data); DEBUGASSERT(ctx); - if(!stream) + if(!stream || !ctx->initialized) return; if(ctx->h2) { @@ -329,7 +416,6 @@ static void http2_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) stream->id); stream->closed = TRUE; stream->reset = TRUE; - stream->send_closed = TRUE; nghttp2_submit_rst_stream(ctx->h2, NGHTTP2_FLAG_NONE, stream->id, NGHTTP2_STREAM_CLOSED); flush_egress = TRUE; @@ -339,7 +425,7 @@ static void http2_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) nghttp2_session_send(ctx->h2); } - Curl_hash_offt_remove(&ctx->streams, data->id); + Curl_hash_offt_remove(&ctx->streams, data->mid); } static int h2_client_new(struct Curl_cfilter *cf, @@ -382,8 +468,8 @@ static ssize_t nw_out_writer(void *writer_ctx, struct Curl_easy *data = CF_DATA_CURRENT(cf); if(data) { - ssize_t nwritten = Curl_conn_cf_send(cf->next, data, - (const char *)buf, buflen, err); + ssize_t nwritten = Curl_conn_cf_send(cf->next, data, (const char *)buf, + buflen, FALSE, err); if(nwritten > 0) CURL_TRC_CF(data, cf, "[0] egress: wrote %zd bytes", nwritten); return nwritten; @@ -412,15 +498,12 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, const uint8_t *value, size_t valuelen, uint8_t flags, void *userp); +#if !defined(CURL_DISABLE_VERBOSE_STRINGS) static int error_callback(nghttp2_session *session, const char *msg, size_t len, void *userp); - -/* - * Initialize the cfilter context - */ -static CURLcode cf_h2_ctx_init(struct Curl_cfilter *cf, - struct Curl_easy *data, - bool via_h1_upgrade) +#endif +static CURLcode cf_h2_ctx_open(struct Curl_cfilter *cf, + struct Curl_easy *data) { struct cf_h2_ctx *ctx = cf->ctx; struct h2_stream_ctx *stream; @@ -429,12 +512,7 @@ static CURLcode cf_h2_ctx_init(struct Curl_cfilter *cf, nghttp2_session_callbacks *cbs = NULL; DEBUGASSERT(!ctx->h2); - Curl_bufcp_init(&ctx->stream_bufcp, H2_CHUNK_SIZE, H2_STREAM_POOL_SPARES); - Curl_bufq_initp(&ctx->inbufq, &ctx->stream_bufcp, H2_NW_RECV_CHUNKS, 0); - Curl_bufq_initp(&ctx->outbufq, &ctx->stream_bufcp, H2_NW_SEND_CHUNKS, 0); - Curl_dyn_init(&ctx->scratch, CURL_MAX_HTTP_HEADER); - Curl_hash_offt_init(&ctx->streams, 63, h2_stream_hash_free); - ctx->remote_max_sid = 2147483647; + DEBUGASSERT(ctx->initialized); rc = nghttp2_session_callbacks_new(&cbs); if(rc) { @@ -453,7 +531,9 @@ static CURLcode cf_h2_ctx_init(struct Curl_cfilter *cf, nghttp2_session_callbacks_set_on_begin_headers_callback( cbs, on_begin_headers); nghttp2_session_callbacks_set_on_header_callback(cbs, on_header); +#if !defined(CURL_DISABLE_VERBOSE_STRINGS) nghttp2_session_callbacks_set_error_callback(cbs, error_callback); +#endif /* The nghttp2 session is not yet setup, do it */ rc = h2_client_new(cf, cbs); @@ -463,7 +543,7 @@ static CURLcode cf_h2_ctx_init(struct Curl_cfilter *cf, } ctx->max_concurrent_streams = DEFAULT_MAX_CONCURRENT_STREAMS; - if(via_h1_upgrade) { + if(ctx->via_h1_upgrade) { /* HTTP/1.1 Upgrade issued. H2 Settings have already been submitted * in the H1 request and we upgrade from there. This stream * is opened implicitly as #1. */ @@ -529,7 +609,7 @@ static CURLcode cf_h2_ctx_init(struct Curl_cfilter *cf, /* all set, traffic will be send on connect */ result = CURLE_OK; CURL_TRC_CF(data, cf, "[0] created h2 session%s", - via_h1_upgrade? " (via h1 upgrade)" : ""); + ctx->via_h1_upgrade ? " (via h1 upgrade)" : ""); out: if(cbs) @@ -687,7 +767,7 @@ static CURLcode nw_out_flush(struct Curl_cfilter *cf, } return result; } - return Curl_bufq_is_empty(&ctx->outbufq)? CURLE_OK: CURLE_AGAIN; + return Curl_bufq_is_empty(&ctx->outbufq) ? CURLE_OK : CURLE_AGAIN; } /* @@ -709,8 +789,11 @@ static ssize_t send_callback(nghttp2_session *h2, (void)flags; DEBUGASSERT(data); - nwritten = Curl_bufq_write_pass(&ctx->outbufq, buf, blen, - nw_out_writer, cf, &result); + if(!cf->connected) + nwritten = Curl_bufq_write(&ctx->outbufq, buf, blen, &result); + else + nwritten = Curl_bufq_write_pass(&ctx->outbufq, buf, blen, + nw_out_writer, cf, &result); if(nwritten < 0) { if(result == CURLE_AGAIN) { ctx->nw_out_blocked = 1; @@ -775,7 +858,7 @@ char *curl_pushheader_byname(struct curl_pushheaders *h, const char *header) return NULL; len = strlen(header); - for(i = 0; ipush_headers_used; i++) { + for(i = 0; i < stream->push_headers_used; i++) { if(!strncmp(header, stream->push_headers[i], len)) { /* sub-match, make sure that it is followed by a colon */ if(stream->push_headers[i][len] != ':') @@ -913,11 +996,11 @@ static int push_promise(struct Curl_cfilter *cf, } DEBUGASSERT(stream); - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); rv = data->multi->push_cb(data, newhandle, stream->push_headers_used, &heads, data->multi->push_userp); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); /* free the headers again */ free_push_headers(stream); @@ -975,6 +1058,8 @@ static void h2_xfer_write_resp_hd(struct Curl_cfilter *cf, /* If we already encountered an error, skip further writes */ if(!stream->xfer_result) { stream->xfer_result = Curl_xfer_write_resp_hd(data, buf, blen, eos); + if(!stream->xfer_result && !eos) + stream->xfer_result = cf_h2_update_local_win(cf, data, stream, FALSE); if(stream->xfer_result) CURL_TRC_CF(data, cf, "[%d] error %d writing %zu bytes of headers", stream->id, stream->xfer_result, blen); @@ -990,6 +1075,8 @@ static void h2_xfer_write_resp(struct Curl_cfilter *cf, /* If we already encountered an error, skip further writes */ if(!stream->xfer_result) stream->xfer_result = Curl_xfer_write_resp(data, buf, blen, eos); + if(!stream->xfer_result && !eos) + stream->xfer_result = cf_h2_update_local_win(cf, data, stream, FALSE); /* If the transfer write is errored, we do not want any more data */ if(stream->xfer_result) { struct cf_h2_ctx *ctx = cf->ctx; @@ -1032,9 +1119,6 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf, return CURLE_RECV_ERROR; } } - if(frame->hd.flags & NGHTTP2_FLAG_END_STREAM) { - drain_stream(cf, data, stream); - } break; case NGHTTP2_HEADERS: if(stream->bodystarted) { @@ -1050,10 +1134,10 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf, return CURLE_RECV_ERROR; /* Only final status code signals the end of header */ - if(stream->status_code / 100 != 1) { + if(stream->status_code / 100 != 1) stream->bodystarted = TRUE; + else stream->status_code = -1; - } h2_xfer_write_resp_hd(cf, data, stream, STRCONST("\r\n"), stream->closed); @@ -1083,17 +1167,39 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf, if(frame->rst_stream.error_code) { stream->reset = TRUE; } - stream->send_closed = TRUE; drain_stream(cf, data, stream); break; case NGHTTP2_WINDOW_UPDATE: - if(CURL_WANT_SEND(data)) { + if(CURL_WANT_SEND(data) && Curl_bufq_is_empty(&stream->sendbuf)) { + /* need more data, force processing of transfer */ drain_stream(cf, data, stream); } + else if(!Curl_bufq_is_empty(&stream->sendbuf)) { + /* resume the potentially suspended stream */ + rv = nghttp2_session_resume_data(ctx->h2, stream->id); + if(nghttp2_is_fatal(rv)) + return CURLE_SEND_ERROR; + } break; default: break; } + + if(frame->hd.flags & NGHTTP2_FLAG_END_STREAM) { + if(!stream->closed && !stream->body_eos && + ((stream->status_code >= 400) || (stream->status_code < 200))) { + /* The server did not give us a positive response and we are not + * done uploading the request body. We need to stop doing that and + * also inform the server that we aborted our side. */ + CURL_TRC_CF(data, cf, "[%d] EOS frame with unfinished upload and " + "HTTP status %d, abort upload by RST", + stream_id, stream->status_code); + nghttp2_submit_rst_stream(ctx->h2, NGHTTP2_FLAG_NONE, + stream->id, NGHTTP2_STREAM_CLOSED); + stream->closed = TRUE; + } + drain_stream(cf, data, stream); + } return CURLE_OK; } @@ -1148,14 +1254,14 @@ static int fr_print(const nghttp2_frame *frame, char *buffer, size_t blen) case NGHTTP2_GOAWAY: { char scratch[128]; size_t s_len = sizeof(scratch)/sizeof(scratch[0]); - size_t len = (frame->goaway.opaque_data_len < s_len)? - frame->goaway.opaque_data_len : s_len-1; - if(len) - memcpy(scratch, frame->goaway.opaque_data, len); - scratch[len] = '\0'; - return msnprintf(buffer, blen, "FRAME[GOAWAY, error=%d, reason='%s', " - "last_stream=%d]", frame->goaway.error_code, - scratch, frame->goaway.last_stream_id); + size_t len = (frame->goaway.opaque_data_len < s_len) ? + frame->goaway.opaque_data_len : s_len-1; + if(len) + memcpy(scratch, frame->goaway.opaque_data, len); + scratch[len] = '\0'; + return msnprintf(buffer, blen, "FRAME[GOAWAY, error=%d, reason='%s', " + "last_stream=%d]", frame->goaway.error_code, + scratch, frame->goaway.last_stream_id); } case NGHTTP2_WINDOW_UPDATE: { return msnprintf(buffer, blen, @@ -1263,7 +1369,7 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame, return 0; } - return on_stream_frame(cf, data_s, frame)? NGHTTP2_ERR_CALLBACK_FAILURE : 0; + return on_stream_frame(cf, data_s, frame) ? NGHTTP2_ERR_CALLBACK_FAILURE : 0; } static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags, @@ -1300,9 +1406,6 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags, nghttp2_session_consume(ctx->h2, stream_id, len); stream->nrcvd_data += (curl_off_t)len; - - /* if we receive data for another handle, wake that up */ - drain_stream(cf, data_s, stream); return 0; } @@ -1317,10 +1420,9 @@ static int on_stream_close(nghttp2_session *session, int32_t stream_id, (void)session; DEBUGASSERT(call_data); - /* get the stream from the hash based on Stream ID, stream ID zero is for - connection-oriented stuff */ - data_s = stream_id? - nghttp2_session_get_stream_user_data(session, stream_id) : NULL; + /* stream id 0 is the connection, do not look there for streams. */ + data_s = stream_id ? + nghttp2_session_get_stream_user_data(session, stream_id) : NULL; if(!data_s) { CURL_TRC_CF(call_data, cf, "[%d] on_stream_close, no easy set on stream", stream_id); @@ -1346,7 +1448,6 @@ static int on_stream_close(nghttp2_session *session, int32_t stream_id, stream->error = error_code; if(stream->error) { stream->reset = TRUE; - stream->send_closed = TRUE; } if(stream->error) @@ -1572,22 +1673,21 @@ static ssize_t req_body_read_callback(nghttp2_session *session, (void)source; (void)cf; - if(stream_id) { - /* get the stream from the hash based on Stream ID, stream ID zero is for - connection-oriented stuff */ - data_s = nghttp2_session_get_stream_user_data(session, stream_id); - if(!data_s) - /* Receiving a Stream ID not in the hash should not happen, this is an - internal error more than anything else! */ - return NGHTTP2_ERR_CALLBACK_FAILURE; - - stream = H2_STREAM_CTX(ctx, data_s); - if(!stream) - return NGHTTP2_ERR_CALLBACK_FAILURE; - } - else + if(!stream_id) return NGHTTP2_ERR_INVALID_ARGUMENT; + /* get the stream from the hash based on Stream ID, stream ID zero is for + connection-oriented stuff */ + data_s = nghttp2_session_get_stream_user_data(session, stream_id); + if(!data_s) + /* Receiving a Stream ID not in the hash should not happen, this is an + internal error more than anything else! */ + return NGHTTP2_ERR_CALLBACK_FAILURE; + + stream = H2_STREAM_CTX(ctx, data_s); + if(!stream) + return NGHTTP2_ERR_CALLBACK_FAILURE; + nread = Curl_bufq_read(&stream->sendbuf, buf, length, &result); if(nread < 0) { if(result != CURLE_AGAIN) @@ -1595,19 +1695,14 @@ static ssize_t req_body_read_callback(nghttp2_session *session, nread = 0; } - if(nread > 0 && stream->upload_left != -1) - stream->upload_left -= nread; - - CURL_TRC_CF(data_s, cf, "[%d] req_body_read(len=%zu) left=%" - CURL_FORMAT_CURL_OFF_T " -> %zd, %d", - stream_id, length, stream->upload_left, nread, result); + CURL_TRC_CF(data_s, cf, "[%d] req_body_read(len=%zu) eos=%d -> %zd, %d", + stream_id, length, stream->body_eos, nread, result); - if(stream->upload_left == 0) + if(stream->body_eos && Curl_bufq_is_empty(&stream->sendbuf)) { *data_flags = NGHTTP2_DATA_FLAG_EOF; - else if(nread == 0) - return NGHTTP2_ERR_DEFERRED; - - return nread; + return nread; + } + return (nread == 0) ? NGHTTP2_ERR_DEFERRED : nread; } #if !defined(CURL_DISABLE_VERBOSE_STRINGS) @@ -1659,37 +1754,11 @@ CURLcode Curl_http2_request_upgrade(struct dynbuf *req, free(base64); k->upgr101 = UPGR101_H2; + data->conn->bits.asks_multiplex = TRUE; return result; } -static CURLcode http2_data_done_send(struct Curl_cfilter *cf, - struct Curl_easy *data) -{ - struct cf_h2_ctx *ctx = cf->ctx; - CURLcode result = CURLE_OK; - struct h2_stream_ctx *stream = H2_STREAM_CTX(ctx, data); - - if(!ctx || !ctx->h2 || !stream) - goto out; - - CURL_TRC_CF(data, cf, "[%d] data done send", stream->id); - if(!stream->send_closed) { - stream->send_closed = TRUE; - if(stream->upload_left) { - /* we now know that everything that is buffered is all there is. */ - stream->upload_left = Curl_bufq_len(&stream->sendbuf); - /* resume sending here to trigger the callback to get called again so - that it can signal EOF to nghttp2 */ - (void)nghttp2_session_resume_data(ctx->h2, stream->id); - drain_stream(cf, data, stream); - } - } - -out: - return result; -} - static ssize_t http2_handle_stream_close(struct Curl_cfilter *cf, struct Curl_easy *data, struct h2_stream_ctx *stream, @@ -1723,7 +1792,7 @@ static ssize_t http2_handle_stream_close(struct Curl_cfilter *cf, } else if(stream->reset) { failf(data, "HTTP/2 stream %u was reset", stream->id); - *err = data->req.bytecount? CURLE_PARTIAL_FILE : CURLE_HTTP2; + *err = data->req.bytecount ? CURLE_PARTIAL_FILE : CURLE_HTTP2; return -1; } @@ -1776,14 +1845,14 @@ static ssize_t http2_handle_stream_close(struct Curl_cfilter *cf, static int sweight_wanted(const struct Curl_easy *data) { /* 0 weight is not set by user and we take the nghttp2 default one */ - return data->set.priority.weight? + return data->set.priority.weight ? data->set.priority.weight : NGHTTP2_DEFAULT_WEIGHT; } static int sweight_in_effect(const struct Curl_easy *data) { /* 0 weight is not set by user and we take the nghttp2 default one */ - return data->state.priority.weight? + return data->state.priority.weight ? data->state.priority.weight : NGHTTP2_DEFAULT_WEIGHT; } @@ -1799,7 +1868,7 @@ static void h2_pri_spec(struct cf_h2_ctx *ctx, { struct Curl_data_priority *prio = &data->set.priority; struct h2_stream_ctx *depstream = H2_STREAM_CTX(ctx, prio->parent); - int32_t depstream_id = depstream? depstream->id:0; + int32_t depstream_id = depstream ? depstream->id : 0; nghttp2_priority_spec_init(pri_spec, depstream_id, sweight_wanted(data), data->set.priority.exclusive); @@ -1845,6 +1914,11 @@ static CURLcode h2_progress_egress(struct Curl_cfilter *cf, nghttp2_strerror(rv), rv); return CURLE_SEND_ERROR; } + /* Defer flushing during the connect phase so that the SETTINGS and + * other initial frames are sent together with the first request. + * Unless we are 'connect_only' where the request will never come. */ + if(!cf->connected && !cf->conn->connect_only) + return CURLE_OK; return nw_out_flush(cf, data); } @@ -1870,7 +1944,7 @@ static ssize_t stream_recv(struct Curl_cfilter *cf, struct Curl_easy *data, (ctx->conn_closed && Curl_bufq_is_empty(&ctx->inbufq)) || (ctx->rcvd_goaway && ctx->remote_max_sid < stream->id)) { CURL_TRC_CF(data, cf, "[%d] returning ERR", stream->id); - *err = data->req.bytecount? CURLE_PARTIAL_FILE : CURLE_HTTP2; + *err = data->req.bytecount ? CURLE_PARTIAL_FILE : CURLE_HTTP2; nread = -1; } @@ -1928,18 +2002,21 @@ static CURLcode h2_progress_ingress(struct Curl_cfilter *cf, } else { CURL_TRC_CF(data, cf, "[0] ingress: read %zd bytes", nread); - data_max_bytes = (data_max_bytes > (size_t)nread)? - (data_max_bytes - (size_t)nread) : 0; + data_max_bytes = (data_max_bytes > (size_t)nread) ? + (data_max_bytes - (size_t)nread) : 0; } if(h2_process_pending_input(cf, data, &result)) return result; + CURL_TRC_CF(data, cf, "[0] progress ingress: inbufg=%zu", + Curl_bufq_len(&ctx->inbufq)); } if(ctx->conn_closed && Curl_bufq_is_empty(&ctx->inbufq)) { connclose(cf->conn, "GOAWAY received"); } + CURL_TRC_CF(data, cf, "[0] progress ingress: done"); return CURLE_OK; } @@ -1957,9 +2034,8 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, * (unlikely) or the transfer has been done, cleaned up its resources, but * a read() is called anyway. It is not clear what the calling sequence * is for such a case. */ - failf(data, "[%zd-%zd], http/2 recv on a transfer never opened " - "or already cleared", (ssize_t)data->id, - (ssize_t)cf->conn->connection_id); + failf(data, "http/2 recv on a transfer never opened " + "or already cleared, mid=%" FMT_OFF_T, data->mid); *err = CURLE_HTTP2; return -1; } @@ -2005,11 +2081,11 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, out: result = h2_progress_egress(cf, data); if(result == CURLE_AGAIN) { - /* pending data to send, need to be called again. Ideally, we would - * monitor the socket for POLLOUT, but we might not be in SENDING - * transfer state any longer and are unable to make this happen. - */ - drain_stream(cf, data, stream); + /* pending data to send, need to be called again. Ideally, we + * monitor the socket for POLLOUT, but when not SENDING + * any more, we force processing of the transfer. */ + if(!CURL_WANT_SEND(data)) + drain_stream(cf, data, stream); } else if(result) { *err = result; @@ -2029,10 +2105,57 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, return nread; } +static ssize_t cf_h2_body_send(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct h2_stream_ctx *stream, + const void *buf, size_t blen, bool eos, + CURLcode *err) +{ + struct cf_h2_ctx *ctx = cf->ctx; + ssize_t nwritten; + + if(stream->closed) { + if(stream->resp_hds_complete) { + /* Server decided to close the stream after having sent us a final + * response. This is valid if it is not interested in the request + * body. This happens on 30x or 40x responses. + * We silently discard the data sent, since this is not a transport + * error situation. */ + CURL_TRC_CF(data, cf, "[%d] discarding data" + "on closed stream with response", stream->id); + if(eos) + stream->body_eos = TRUE; + *err = CURLE_OK; + return (ssize_t)blen; + } + /* Server closed before we got a response, this is an error */ + infof(data, "stream %u closed", stream->id); + *err = CURLE_SEND_ERROR; + return -1; + } + + nwritten = Curl_bufq_write(&stream->sendbuf, buf, blen, err); + if(nwritten < 0) + return -1; + + if(eos && (blen == (size_t)nwritten)) + stream->body_eos = TRUE; + + if(eos || !Curl_bufq_is_empty(&stream->sendbuf)) { + /* resume the potentially suspended stream */ + int rv = nghttp2_session_resume_data(ctx->h2, stream->id); + if(nghttp2_is_fatal(rv)) { + *err = CURLE_SEND_ERROR; + return -1; + } + } + return nwritten; +} + static ssize_t h2_submit(struct h2_stream_ctx **pstream, struct Curl_cfilter *cf, struct Curl_easy *data, const void *buf, size_t len, - size_t *phdslen, CURLcode *err) + bool eos, CURLcode *err) { struct cf_h2_ctx *ctx = cf->ctx; struct h2_stream_ctx *stream = NULL; @@ -2045,7 +2168,6 @@ static ssize_t h2_submit(struct h2_stream_ctx **pstream, nghttp2_priority_spec pri_spec; ssize_t nwritten; - *phdslen = 0; Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST); *err = http2_data_setup(cf, data, &stream); @@ -2057,7 +2179,6 @@ static ssize_t h2_submit(struct h2_stream_ctx **pstream, nwritten = Curl_h1_req_parse_read(&stream->h1, buf, len, NULL, 0, err); if(nwritten < 0) goto out; - *phdslen = (size_t)nwritten; if(!stream->h1.done) { /* need more data */ goto out; @@ -2088,19 +2209,12 @@ static ssize_t h2_submit(struct h2_stream_ctx **pstream, case HTTPREQ_POST_FORM: case HTTPREQ_POST_MIME: case HTTPREQ_PUT: - if(data->state.infilesize != -1) - stream->upload_left = data->state.infilesize; - else - /* data sending without specifying the data amount up front */ - stream->upload_left = -1; /* unknown */ - data_prd.read_callback = req_body_read_callback; data_prd.source.ptr = NULL; stream_id = nghttp2_submit_request(ctx->h2, &pri_spec, nva, nheader, &data_prd, data); break; default: - stream->upload_left = 0; /* no request body */ stream_id = nghttp2_submit_request(ctx->h2, &pri_spec, nva, nheader, NULL, data); } @@ -2135,37 +2249,26 @@ static ssize_t h2_submit(struct h2_stream_ctx **pstream, } stream->id = stream_id; - stream->local_window_size = H2_STREAM_WINDOW_SIZE; - if(data->set.max_recv_speed) { - /* We are asked to only receive `max_recv_speed` bytes per second. - * Let's limit our stream window size around that, otherwise the server - * will send in large bursts only. We make the window 50% larger to - * allow for data in flight and avoid stalling. */ - curl_off_t n = (((data->set.max_recv_speed - 1) / H2_CHUNK_SIZE) + 1); - n += CURLMAX((n/2), 1); - if(n < (H2_STREAM_WINDOW_SIZE / H2_CHUNK_SIZE) && - n < (UINT_MAX / H2_CHUNK_SIZE)) { - stream->local_window_size = (uint32_t)n * H2_CHUNK_SIZE; - } - } body = (const char *)buf + nwritten; bodylen = len - nwritten; - if(bodylen) { - /* We have request body to send in DATA frame */ - ssize_t n = Curl_bufq_write(&stream->sendbuf, body, bodylen, err); - if(n < 0) { + if(bodylen || eos) { + ssize_t n = cf_h2_body_send(cf, data, stream, body, bodylen, eos, err); + if(n >= 0) + nwritten += n; + else if(*err == CURLE_AGAIN) + *err = CURLE_OK; + else if(*err != CURLE_AGAIN) { *err = CURLE_SEND_ERROR; nwritten = -1; goto out; } - nwritten += n; } out: CURL_TRC_CF(data, cf, "[%d] submit -> %zd, %d", - stream? stream->id : -1, nwritten, *err); + stream ? stream->id : -1, nwritten, *err); Curl_safefree(nva); *pstream = stream; Curl_dynhds_free(&h2_headers); @@ -2173,139 +2276,63 @@ static ssize_t h2_submit(struct h2_stream_ctx **pstream, } static ssize_t cf_h2_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { struct cf_h2_ctx *ctx = cf->ctx; struct h2_stream_ctx *stream = H2_STREAM_CTX(ctx, data); struct cf_call_data save; - int rv; ssize_t nwritten; - size_t hdslen = 0; CURLcode result; - int blocked = 0, was_blocked = 0; CF_DATA_SAVE(save, cf, data); - if(stream && stream->id != -1) { - if(stream->upload_blocked_len) { - /* the data in `buf` has already been submitted or added to the - * buffers, but have been EAGAINed on the last invocation. */ - /* TODO: this assertion triggers in OSSFuzz runs and it is not - * clear why. Disable for now to let OSSFuzz continue its tests. */ - DEBUGASSERT(len >= stream->upload_blocked_len); - if(len < stream->upload_blocked_len) { - /* Did we get called again with a smaller `len`? This should not - * happen. We are not prepared to handle that. */ - failf(data, "HTTP/2 send again with decreased length (%zd vs %zd)", - len, stream->upload_blocked_len); - *err = CURLE_HTTP2; - nwritten = -1; - goto out; - } - nwritten = (ssize_t)stream->upload_blocked_len; - stream->upload_blocked_len = 0; - was_blocked = 1; - } - else if(stream->closed) { - if(stream->resp_hds_complete) { - /* Server decided to close the stream after having sent us a findl - * response. This is valid if it is not interested in the request - * body. This happens on 30x or 40x responses. - * We silently discard the data sent, since this is not a transport - * error situation. */ - CURL_TRC_CF(data, cf, "[%d] discarding data" - "on closed stream with response", stream->id); - *err = CURLE_OK; - nwritten = (ssize_t)len; - goto out; - } - infof(data, "stream %u closed", stream->id); - *err = CURLE_SEND_ERROR; - nwritten = -1; + if(!stream || stream->id == -1) { + nwritten = h2_submit(&stream, cf, data, buf, len, eos, err); + if(nwritten < 0) { goto out; } - else { - /* If stream_id != -1, we have dispatched request HEADERS and - * optionally request body, and now are going to send or sending - * more request body in DATA frame */ - nwritten = Curl_bufq_write(&stream->sendbuf, buf, len, err); - if(nwritten < 0 && *err != CURLE_AGAIN) - goto out; - } - - if(!Curl_bufq_is_empty(&stream->sendbuf)) { - /* req body data is buffered, resume the potentially suspended stream */ - rv = nghttp2_session_resume_data(ctx->h2, stream->id); - if(nghttp2_is_fatal(rv)) { - *err = CURLE_SEND_ERROR; - nwritten = -1; - goto out; - } - } + DEBUGASSERT(stream); } - else { - nwritten = h2_submit(&stream, cf, data, buf, len, &hdslen, err); + else if(stream->body_eos) { + /* We already wrote this, but CURLE_AGAINed the call due to not + * being able to flush stream->sendbuf. Make a 0-length write + * to trigger flushing again. + * If this works, we report to have written `len` bytes. */ + DEBUGASSERT(eos); + nwritten = cf_h2_body_send(cf, data, stream, buf, 0, eos, err); + CURL_TRC_CF(data, cf, "[%d] cf_body_send last CHUNK -> %zd, %d, eos=%d", + stream->id, nwritten, *err, eos); if(nwritten < 0) { goto out; } - DEBUGASSERT(stream); - DEBUGASSERT(hdslen <= (size_t)nwritten); + nwritten = len; + } + else { + nwritten = cf_h2_body_send(cf, data, stream, buf, len, eos, err); + CURL_TRC_CF(data, cf, "[%d] cf_body_send(len=%zu) -> %zd, %d, eos=%d", + stream->id, len, nwritten, *err, eos); } /* Call the nghttp2 send loop and flush to write ALL buffered data, * headers and/or request body completely out to the network */ result = h2_progress_egress(cf, data); + /* if the stream has been closed in egress handling (nghttp2 does that * when it does not like the headers, for example */ - if(stream && stream->closed && !was_blocked) { + if(stream && stream->closed) { infof(data, "stream %u closed", stream->id); *err = CURLE_SEND_ERROR; nwritten = -1; goto out; } - else if(result == CURLE_AGAIN) { - blocked = 1; - } - else if(result) { + else if(result && (result != CURLE_AGAIN)) { *err = result; nwritten = -1; goto out; } - else if(stream && !Curl_bufq_is_empty(&stream->sendbuf)) { - /* although we wrote everything that nghttp2 wants to send now, - * there is data left in our stream send buffer unwritten. This may - * be due to the stream's HTTP/2 flow window being exhausted. */ - blocked = 1; - } - - if(stream && blocked && nwritten > 0) { - /* Unable to send all data, due to connection blocked or H2 window - * exhaustion. Data is left in our stream buffer, or nghttp2's internal - * frame buffer or our network out buffer. */ - size_t rwin = (size_t)nghttp2_session_get_stream_remote_window_size( - ctx->h2, stream->id); - /* At the start of a stream, we are called with request headers - * and, possibly, parts of the body. Later, only body data. - * If we cannot send pure body data, we EAGAIN. If there had been - * header, we return that *they* have been written and remember the - * block on the data length only. */ - stream->upload_blocked_len = ((size_t)nwritten) - hdslen; - CURL_TRC_CF(data, cf, "[%d] cf_send(len=%zu) BLOCK: win %u/%zu " - "hds_len=%zu blocked_len=%zu", - stream->id, len, - nghttp2_session_get_remote_window_size(ctx->h2), rwin, - hdslen, stream->upload_blocked_len); - if(hdslen) { - *err = CURLE_OK; - nwritten = hdslen; - } - else { - *err = CURLE_AGAIN; - nwritten = -1; - goto out; - } - } - else if(should_close_session(ctx)) { + + if(should_close_session(ctx)) { /* nghttp2 thinks this session is done. If the stream has not been * closed, this is an error state for out transfer */ if(stream->closed) { @@ -2321,11 +2348,10 @@ static ssize_t cf_h2_send(struct Curl_cfilter *cf, struct Curl_easy *data, out: if(stream) { CURL_TRC_CF(data, cf, "[%d] cf_send(len=%zu) -> %zd, %d, " - "upload_left=%" CURL_FORMAT_CURL_OFF_T ", " - "h2 windows %d-%d (stream-conn), " + "eos=%d, h2 windows %d-%d (stream-conn), " "buffers %zu-%zu (stream-conn)", stream->id, len, nwritten, *err, - stream->upload_left, + stream->body_eos, nghttp2_session_get_stream_remote_window_size( ctx->h2, stream->id), nghttp2_session_get_remote_window_size(ctx->h2), @@ -2343,6 +2369,48 @@ static ssize_t cf_h2_send(struct Curl_cfilter *cf, struct Curl_easy *data, return nwritten; } +static CURLcode cf_h2_flush(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct cf_h2_ctx *ctx = cf->ctx; + struct h2_stream_ctx *stream = H2_STREAM_CTX(ctx, data); + struct cf_call_data save; + CURLcode result = CURLE_OK; + + CF_DATA_SAVE(save, cf, data); + if(stream && !Curl_bufq_is_empty(&stream->sendbuf)) { + /* resume the potentially suspended stream */ + int rv = nghttp2_session_resume_data(ctx->h2, stream->id); + if(nghttp2_is_fatal(rv)) { + result = CURLE_SEND_ERROR; + goto out; + } + } + + result = h2_progress_egress(cf, data); + +out: + if(stream) { + CURL_TRC_CF(data, cf, "[%d] flush -> %d, " + "h2 windows %d-%d (stream-conn), " + "buffers %zu-%zu (stream-conn)", + stream->id, result, + nghttp2_session_get_stream_remote_window_size( + ctx->h2, stream->id), + nghttp2_session_get_remote_window_size(ctx->h2), + Curl_bufq_len(&stream->sendbuf), + Curl_bufq_len(&ctx->outbufq)); + } + else { + CURL_TRC_CF(data, cf, "flush -> %d, " + "connection-window=%d, nw_send_buffer(%zu)", + result, nghttp2_session_get_remote_window_size(ctx->h2), + Curl_bufq_len(&ctx->outbufq)); + } + CF_DATA_RESTORE(cf, save); + return result; +} + static void cf_h2_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, struct easy_pollset *ps) @@ -2368,7 +2436,8 @@ static void cf_h2_adjust_pollset(struct Curl_cfilter *cf, stream->id); want_recv = (want_recv || c_exhaust || s_exhaust); want_send = (!s_exhaust && want_send) || - (!c_exhaust && nghttp2_session_want_write(ctx->h2)); + (!c_exhaust && nghttp2_session_want_write(ctx->h2)) || + !Curl_bufq_is_empty(&ctx->outbufq); Curl_pollset_set(data, ps, sock, want_recv, want_send); CF_DATA_RESTORE(cf, save); @@ -2376,7 +2445,8 @@ static void cf_h2_adjust_pollset(struct Curl_cfilter *cf, else if(ctx->sent_goaway && !cf->shutdown) { /* shutdown in progress */ CF_DATA_SAVE(save, cf, data); - want_send = nghttp2_session_want_write(ctx->h2); + want_send = nghttp2_session_want_write(ctx->h2) || + !Curl_bufq_is_empty(&ctx->outbufq); want_recv = nghttp2_session_want_read(ctx->h2); Curl_pollset_set(data, ps, sock, want_recv, want_send); CF_DATA_RESTORE(cf, save); @@ -2390,6 +2460,7 @@ static CURLcode cf_h2_connect(struct Curl_cfilter *cf, struct cf_h2_ctx *ctx = cf->ctx; CURLcode result = CURLE_OK; struct cf_call_data save; + bool first_time = FALSE; if(cf->connected) { *done = TRUE; @@ -2406,15 +2477,19 @@ static CURLcode cf_h2_connect(struct Curl_cfilter *cf, *done = FALSE; CF_DATA_SAVE(save, cf, data); + DEBUGASSERT(ctx->initialized); if(!ctx->h2) { - result = cf_h2_ctx_init(cf, data, FALSE); + result = cf_h2_ctx_open(cf, data); if(result) goto out; + first_time = TRUE; } - result = h2_progress_ingress(cf, data, H2_CHUNK_SIZE); - if(result) - goto out; + if(!first_time) { + result = h2_progress_ingress(cf, data, H2_CHUNK_SIZE); + if(result) + goto out; + } /* Send out our SETTINGS and ACKs and such. If that blocks, we * have it buffered and can count this filter as being connected */ @@ -2442,7 +2517,7 @@ static void cf_h2_close(struct Curl_cfilter *cf, struct Curl_easy *data) struct cf_call_data save; CF_DATA_SAVE(save, cf, data); - cf_h2_ctx_clear(ctx); + cf_h2_ctx_close(ctx); CF_DATA_RESTORE(cf, save); cf->connected = FALSE; } @@ -2479,7 +2554,8 @@ static CURLcode cf_h2_shutdown(struct Curl_cfilter *cf, if(!ctx->sent_goaway) { rv = nghttp2_submit_goaway(ctx->h2, NGHTTP2_FLAG_NONE, ctx->local_max_sid, 0, - (const uint8_t *)"shutown", sizeof("shutown")); + (const uint8_t *)"shutdown", + sizeof("shutdown")); if(rv) { failf(data, "nghttp2_submit_goaway() failed: %s(%d)", nghttp2_strerror(rv), rv); @@ -2490,14 +2566,19 @@ static CURLcode cf_h2_shutdown(struct Curl_cfilter *cf, } /* GOAWAY submitted, process egress and ingress until nghttp2 is done. */ result = CURLE_OK; - if(nghttp2_session_want_write(ctx->h2)) + if(nghttp2_session_want_write(ctx->h2) || + !Curl_bufq_is_empty(&ctx->outbufq)) result = h2_progress_egress(cf, data); if(!result && nghttp2_session_want_read(ctx->h2)) result = h2_progress_ingress(cf, data, 0); + if(result == CURLE_AGAIN) + result = CURLE_OK; + *done = (ctx->conn_closed || (!result && !nghttp2_session_want_write(ctx->h2) && - !nghttp2_session_want_read(ctx->h2))); + !nghttp2_session_want_read(ctx->h2) && + Curl_bufq_is_empty(&ctx->outbufq))); out: CF_DATA_RESTORE(cf, save); @@ -2509,26 +2590,14 @@ static CURLcode http2_data_pause(struct Curl_cfilter *cf, struct Curl_easy *data, bool pause) { -#ifdef NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE struct cf_h2_ctx *ctx = cf->ctx; struct h2_stream_ctx *stream = H2_STREAM_CTX(ctx, data); DEBUGASSERT(data); if(ctx && ctx->h2 && stream) { - uint32_t window = pause? 0 : stream->local_window_size; - - int rv = (int)nghttp2_session_set_local_window_size(ctx->h2, - NGHTTP2_FLAG_NONE, - stream->id, - (int32_t)window); - if(rv) { - failf(data, "nghttp2_session_set_local_window_size() failed: %s(%d)", - nghttp2_strerror(rv), rv); - return CURLE_HTTP2; - } - - if(!pause) - drain_stream(cf, data, stream); + CURLcode result = cf_h2_update_local_win(cf, data, stream, pause); + if(result) + return result; /* attempt to send the window update */ (void)h2_progress_egress(cf, data); @@ -2542,21 +2611,9 @@ static CURLcode http2_data_pause(struct Curl_cfilter *cf, drain_stream(cf, data, stream); Curl_expire(data, 0, EXPIRE_RUN_NOW); } - DEBUGF(infof(data, "Set HTTP/2 window size to %u for stream %u", - window, stream->id)); - -#ifdef DEBUGBUILD - { - /* read out the stream local window again */ - uint32_t window2 = (uint32_t) - nghttp2_session_get_stream_local_window_size(ctx->h2, - stream->id); - DEBUGF(infof(data, "HTTP/2 window size is now %u for stream %u", - window2, stream->id)); - } -#endif + CURL_TRC_CF(data, cf, "[%d] stream now %spaused", stream->id, + pause ? "" : "un"); } -#endif return CURLE_OK; } @@ -2576,8 +2633,8 @@ static CURLcode cf_h2_cntrl(struct Curl_cfilter *cf, case CF_CTRL_DATA_PAUSE: result = http2_data_pause(cf, data, (arg1 != 0)); break; - case CF_CTRL_DATA_DONE_SEND: - result = http2_data_done_send(cf, data); + case CF_CTRL_FLUSH: + result = cf_h2_flush(cf, data); break; case CF_CTRL_DATA_DETACH: http2_data_done(cf, data); @@ -2601,7 +2658,7 @@ static bool cf_h2_data_pending(struct Curl_cfilter *cf, if(ctx && (!Curl_bufq_is_empty(&ctx->inbufq) || (stream && !Curl_bufq_is_empty(&stream->sendbuf)))) return TRUE; - return cf->next? cf->next->cft->has_data_pending(cf->next, data) : FALSE; + return cf->next ? cf->next->cft->has_data_pending(cf->next, data) : FALSE; } static bool cf_h2_is_alive(struct Curl_cfilter *cf, @@ -2652,18 +2709,27 @@ static CURLcode cf_h2_query(struct Curl_cfilter *cf, else { effective_max = ctx->max_concurrent_streams; } - *pres1 = (effective_max > INT_MAX)? INT_MAX : (int)effective_max; + *pres1 = (effective_max > INT_MAX) ? INT_MAX : (int)effective_max; CF_DATA_RESTORE(cf, save); return CURLE_OK; case CF_QUERY_STREAM_ERROR: { struct h2_stream_ctx *stream = H2_STREAM_CTX(ctx, data); - *pres1 = stream? (int)stream->error : 0; + *pres1 = stream ? (int)stream->error : 0; return CURLE_OK; } + case CF_QUERY_NEED_FLUSH: { + struct h2_stream_ctx *stream = H2_STREAM_CTX(ctx, data); + if(!Curl_bufq_is_empty(&ctx->outbufq) || + (stream && !Curl_bufq_is_empty(&stream->sendbuf))) { + *pres1 = TRUE; + return CURLE_OK; + } + break; + } default: break; } - return cf->next? + return cf->next ? cf->next->cft->query(cf->next, data, query, pres1, pres2) : CURLE_UNKNOWN_OPTION; } @@ -2701,6 +2767,7 @@ static CURLcode http2_cfilter_add(struct Curl_cfilter **pcf, ctx = calloc(1, sizeof(*ctx)); if(!ctx) goto out; + cf_h2_ctx_init(ctx, via_h1_upgrade); result = Curl_cf_create(&cf, &Curl_cft_nghttp2, ctx); if(result) @@ -2708,12 +2775,11 @@ static CURLcode http2_cfilter_add(struct Curl_cfilter **pcf, ctx = NULL; Curl_conn_cf_add(data, conn, sockindex, cf); - result = cf_h2_ctx_init(cf, data, via_h1_upgrade); out: if(result) cf_h2_ctx_free(ctx); - *pcf = result? NULL : cf; + *pcf = result ? NULL : cf; return result; } @@ -2729,6 +2795,7 @@ static CURLcode http2_cfilter_insert_after(struct Curl_cfilter *cf, ctx = calloc(1, sizeof(*ctx)); if(!ctx) goto out; + cf_h2_ctx_init(ctx, via_h1_upgrade); result = Curl_cf_create(&cf_h2, &Curl_cft_nghttp2, ctx); if(result) @@ -2736,7 +2803,6 @@ static CURLcode http2_cfilter_insert_after(struct Curl_cfilter *cf, ctx = NULL; Curl_conn_cf_insert_after(cf, cf_h2); - result = cf_h2_ctx_init(cf_h2, data, via_h1_upgrade); out: if(result) @@ -2744,8 +2810,8 @@ static CURLcode http2_cfilter_insert_after(struct Curl_cfilter *cf, return result; } -static bool Curl_cf_is_http2(struct Curl_cfilter *cf, - const struct Curl_easy *data) +static bool cf_is_http2(struct Curl_cfilter *cf, + const struct Curl_easy *data) { (void)data; for(; cf; cf = cf->next) { @@ -2761,7 +2827,7 @@ bool Curl_conn_is_http2(const struct Curl_easy *data, const struct connectdata *conn, int sockindex) { - return conn? Curl_cf_is_http2(conn->cfilter[sockindex], data) : FALSE; + return conn ? cf_is_http2(conn->cfilter[sockindex], data) : FALSE; } bool Curl_http2_may_switch(struct Curl_easy *data, @@ -2791,15 +2857,14 @@ CURLcode Curl_http2_switch(struct Curl_easy *data, CURLcode result; DEBUGASSERT(!Curl_conn_is_http2(data, conn, sockindex)); - DEBUGF(infof(data, "switching to HTTP/2")); result = http2_cfilter_add(&cf, data, conn, sockindex, FALSE); if(result) return result; + CURL_TRC_CF(data, cf, "switching connection to HTTP/2"); conn->httpversion = 20; /* we know we are on HTTP/2 now */ conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ - conn->bundle->multiuse = BUNDLE_MULTIPLEX; Curl_multi_connchanged(data->multi); if(cf->next) { @@ -2814,7 +2879,7 @@ CURLcode Curl_http2_switch_at(struct Curl_cfilter *cf, struct Curl_easy *data) struct Curl_cfilter *cf_h2; CURLcode result; - DEBUGASSERT(!Curl_cf_is_http2(cf, data)); + DEBUGASSERT(!cf_is_http2(cf, data)); result = http2_cfilter_insert_after(cf, data, FALSE); if(result) @@ -2823,7 +2888,6 @@ CURLcode Curl_http2_switch_at(struct Curl_cfilter *cf, struct Curl_easy *data) cf_h2 = cf->next; cf->conn->httpversion = 20; /* we know we are on HTTP/2 now */ cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ - cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX; Curl_multi_connchanged(data->multi); if(cf_h2->next) { @@ -2842,12 +2906,12 @@ CURLcode Curl_http2_upgrade(struct Curl_easy *data, CURLcode result; DEBUGASSERT(!Curl_conn_is_http2(data, conn, sockindex)); - DEBUGF(infof(data, "upgrading to HTTP/2")); DEBUGASSERT(data->req.upgr101 == UPGR101_RECEIVED); result = http2_cfilter_add(&cf, data, conn, sockindex, TRUE); if(result) return result; + CURL_TRC_CF(data, cf, "upgrading connection to HTTP/2"); DEBUGASSERT(cf->cft == &Curl_cft_nghttp2); ctx = cf->ctx; @@ -2876,7 +2940,6 @@ CURLcode Curl_http2_upgrade(struct Curl_easy *data, conn->httpversion = 20; /* we know we are on HTTP/2 now */ conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ - conn->bundle->multiuse = BUNDLE_MULTIPLEX; Curl_multi_connchanged(data->multi); if(cf->next) { diff --git a/libraries/libcurl/http_aws_sigv4.c b/libraries/libcurl/http_aws_sigv4.c index 9e4f7201..5d4848fe 100644 --- a/libraries/libcurl/http_aws_sigv4.c +++ b/libraries/libcurl/http_aws_sigv4.c @@ -47,7 +47,7 @@ #define HMAC_SHA256(k, kl, d, dl, o) \ do { \ - result = Curl_hmacit(Curl_HMAC_SHA256, \ + result = Curl_hmacit(&Curl_HMAC_SHA256, \ (unsigned char *)k, \ kl, \ (unsigned char *)d, \ @@ -60,11 +60,11 @@ #define TIMESTAMP_SIZE 17 /* hex-encoded with trailing null */ -#define SHA256_HEX_LENGTH (2 * SHA256_DIGEST_LENGTH + 1) +#define SHA256_HEX_LENGTH (2 * CURL_SHA256_DIGEST_LENGTH + 1) static void sha256_to_hex(char *dst, unsigned char *sha) { - Curl_hexencode(sha, SHA256_DIGEST_LENGTH, + Curl_hexencode(sha, CURL_SHA256_DIGEST_LENGTH, (unsigned char *)dst, SHA256_HEX_LENGTH); } @@ -122,13 +122,40 @@ static void trim_headers(struct curl_slist *head) #define DATE_HDR_KEY_LEN (MAX_SIGV4_LEN + sizeof("X--Date")) -#define MAX_HOST_LEN 255 -/* FQDN + host: */ -#define FULL_HOST_LEN (MAX_HOST_LEN + sizeof("host:")) - /* string been x-PROVIDER-date:TIMESTAMP, I need +1 for ':' */ #define DATE_FULL_HDR_LEN (DATE_HDR_KEY_LEN + TIMESTAMP_SIZE + 1) +/* alphabetically compare two headers by their name, expecting + headers to use ':' at this point */ +static int compare_header_names(const char *a, const char *b) +{ + const char *colon_a; + const char *colon_b; + size_t len_a; + size_t len_b; + size_t min_len; + int cmp; + + colon_a = strchr(a, ':'); + colon_b = strchr(b, ':'); + + DEBUGASSERT(colon_a); + DEBUGASSERT(colon_b); + + len_a = colon_a ? (size_t)(colon_a - a) : strlen(a); + len_b = colon_b ? (size_t)(colon_b - b) : strlen(b); + + min_len = (len_a < len_b) ? len_a : len_b; + + cmp = strncmp(a, b, min_len); + + /* return the shorter of the two if one is shorter */ + if(!cmp) + return (int)(len_a - len_b); + + return cmp; +} + /* timestamp should point to a buffer of at last TIMESTAMP_SIZE bytes */ static CURLcode make_headers(struct Curl_easy *data, const char *hostname, @@ -145,7 +172,7 @@ static CURLcode make_headers(struct Curl_easy *data, struct curl_slist *tmp_head = NULL; CURLcode ret = CURLE_OUT_OF_MEMORY; struct curl_slist *l; - int again = 1; + bool again = TRUE; /* provider1 mid */ Curl_strntolower(provider1, provider1, strlen(provider1)); @@ -159,31 +186,22 @@ static CURLcode make_headers(struct Curl_easy *data, "x-%s-date:%s", provider1, timestamp); if(!Curl_checkheaders(data, STRCONST("Host"))) { - char full_host[FULL_HOST_LEN + 1]; + char *fullhost; if(data->state.aptr.host) { - size_t pos; - - if(strlen(data->state.aptr.host) > FULL_HOST_LEN) { - ret = CURLE_URL_MALFORMAT; - goto fail; - } - strcpy(full_host, data->state.aptr.host); /* remove /r/n as the separator for canonical request must be '\n' */ - pos = strcspn(full_host, "\n\r"); - full_host[pos] = 0; - } - else { - if(strlen(hostname) > MAX_HOST_LEN) { - ret = CURLE_URL_MALFORMAT; - goto fail; - } - msnprintf(full_host, FULL_HOST_LEN, "host:%s", hostname); + size_t pos = strcspn(data->state.aptr.host, "\n\r"); + fullhost = Curl_memdup0(data->state.aptr.host, pos); } + else + fullhost = aprintf("host:%s", hostname); - head = curl_slist_append(NULL, full_host); - if(!head) + if(fullhost) + head = Curl_slist_append_nodup(NULL, fullhost); + if(!head) { + free(fullhost); goto fail; + } } @@ -240,7 +258,7 @@ static CURLcode make_headers(struct Curl_easy *data, if(!tmp_head) goto fail; head = tmp_head; - *date_header = curl_maprintf("%s: %s\r\n", date_hdr_key, timestamp); + *date_header = aprintf("%s: %s\r\n", date_hdr_key, timestamp); } else { char *value; @@ -267,18 +285,18 @@ static CURLcode make_headers(struct Curl_easy *data, *date_header = NULL; } - /* alpha-sort in a case sensitive manner */ + /* alpha-sort by header name in a case sensitive manner */ do { - again = 0; + again = FALSE; for(l = head; l; l = l->next) { struct curl_slist *next = l->next; - if(next && strcmp(l->data, next->data) > 0) { + if(next && compare_header_names(l->data, next->data) > 0) { char *tmp = l->data; l->data = next->data; next->data = tmp; - again = 1; + again = TRUE; } } } while(again); @@ -476,12 +494,12 @@ static CURLcode canon_string(const char *q, size_t len, /* allowed as-is */ if(*q == '=') { result = Curl_dyn_addn(dq, q, 1); - *found_equals = true; + *found_equals = TRUE; break; } } /* URL encode */ - out[1] = hex[((unsigned char)*q)>>4]; + out[1] = hex[((unsigned char)*q) >> 4]; out[2] = hex[*q & 0xf]; result = Curl_dyn_addn(dq, out, 3); break; @@ -531,7 +549,7 @@ static CURLcode canon_query(struct Curl_easy *data, ap = &array[0]; for(i = 0; !result && (i < entry); i++, ap++) { const char *q = ap->p; - bool found_equals = false; + bool found_equals = FALSE; if(!ap->len) continue; result = canon_string(q, ap->len, dq, &found_equals); @@ -558,7 +576,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) char provider1[MAX_SIGV4_LEN + 1]=""; char region[MAX_SIGV4_LEN + 1]=""; char service[MAX_SIGV4_LEN + 1]=""; - bool sign_as_s3 = false; + bool sign_as_s3 = FALSE; const char *hostname = conn->host.name; time_t clock; struct tm tm; @@ -573,7 +591,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) const char *method = NULL; char *payload_hash = NULL; size_t payload_hash_len = 0; - unsigned char sha_hash[SHA256_DIGEST_LENGTH]; + unsigned char sha_hash[CURL_SHA256_DIGEST_LENGTH]; char sha_hex[SHA256_HEX_LENGTH]; char content_sha256_hdr[CONTENT_SHA256_HDR_LEN + 2] = ""; /* add \r\n */ char *canonical_request = NULL; @@ -582,8 +600,8 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) char *str_to_sign = NULL; const char *user = data->state.aptr.user ? data->state.aptr.user : ""; char *secret = NULL; - unsigned char sign0[SHA256_DIGEST_LENGTH] = {0}; - unsigned char sign1[SHA256_DIGEST_LENGTH] = {0}; + unsigned char sign0[CURL_SHA256_DIGEST_LENGTH] = {0}; + unsigned char sign1[CURL_SHA256_DIGEST_LENGTH] = {0}; char *auth_headers = NULL; DEBUGASSERT(!proxy); @@ -735,19 +753,19 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) result = CURLE_OUT_OF_MEMORY; canonical_request = - curl_maprintf("%s\n" /* HTTPRequestMethod */ - "%s\n" /* CanonicalURI */ - "%s\n" /* CanonicalQueryString */ - "%s\n" /* CanonicalHeaders */ - "%s\n" /* SignedHeaders */ - "%.*s", /* HashedRequestPayload in hex */ - method, - Curl_dyn_ptr(&canonical_path), - Curl_dyn_ptr(&canonical_query) ? - Curl_dyn_ptr(&canonical_query) : "", - Curl_dyn_ptr(&canonical_headers), - Curl_dyn_ptr(&signed_headers), - (int)payload_hash_len, payload_hash); + aprintf("%s\n" /* HTTPRequestMethod */ + "%s\n" /* CanonicalURI */ + "%s\n" /* CanonicalQueryString */ + "%s\n" /* CanonicalHeaders */ + "%s\n" /* SignedHeaders */ + "%.*s", /* HashedRequestPayload in hex */ + method, + Curl_dyn_ptr(&canonical_path), + Curl_dyn_ptr(&canonical_query) ? + Curl_dyn_ptr(&canonical_query) : "", + Curl_dyn_ptr(&canonical_headers), + Curl_dyn_ptr(&signed_headers), + (int)payload_hash_len, payload_hash); if(!canonical_request) goto fail; @@ -755,12 +773,12 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) /* provider 0 lowercase */ Curl_strntolower(provider0, provider0, strlen(provider0)); - request_type = curl_maprintf("%s4_request", provider0); + request_type = aprintf("%s4_request", provider0); if(!request_type) goto fail; - credential_scope = curl_maprintf("%s/%s/%s/%s", - date, region, service, request_type); + credential_scope = aprintf("%s/%s/%s/%s", + date, region, service, request_type); if(!credential_scope) goto fail; @@ -777,22 +795,22 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) * Google allows using RSA key instead of HMAC, so this code might change * in the future. For now we only support HMAC. */ - str_to_sign = curl_maprintf("%s4-HMAC-SHA256\n" /* Algorithm */ - "%s\n" /* RequestDateTime */ - "%s\n" /* CredentialScope */ - "%s", /* HashedCanonicalRequest in hex */ - provider0, - timestamp, - credential_scope, - sha_hex); + str_to_sign = aprintf("%s4-HMAC-SHA256\n" /* Algorithm */ + "%s\n" /* RequestDateTime */ + "%s\n" /* CredentialScope */ + "%s", /* HashedCanonicalRequest in hex */ + provider0, + timestamp, + credential_scope, + sha_hex); if(!str_to_sign) { goto fail; } /* provider 0 uppercase */ - secret = curl_maprintf("%s4%s", provider0, - data->state.aptr.passwd ? - data->state.aptr.passwd : ""); + secret = aprintf("%s4%s", provider0, + data->state.aptr.passwd ? + data->state.aptr.passwd : ""); if(!secret) goto fail; @@ -805,24 +823,24 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) sha256_to_hex(sha_hex, sign0); /* provider 0 uppercase */ - auth_headers = curl_maprintf("Authorization: %s4-HMAC-SHA256 " - "Credential=%s/%s, " - "SignedHeaders=%s, " - "Signature=%s\r\n" - /* - * date_header is added here, only if it was not - * user-specified (using CURLOPT_HTTPHEADER). - * date_header includes \r\n - */ - "%s" - "%s", /* optional sha256 header includes \r\n */ - provider0, - user, - credential_scope, - Curl_dyn_ptr(&signed_headers), - sha_hex, - date_header ? date_header : "", - content_sha256_hdr); + auth_headers = aprintf("Authorization: %s4-HMAC-SHA256 " + "Credential=%s/%s, " + "SignedHeaders=%s, " + "Signature=%s\r\n" + /* + * date_header is added here, only if it was not + * user-specified (using CURLOPT_HTTPHEADER). + * date_header includes \r\n + */ + "%s" + "%s", /* optional sha256 header includes \r\n */ + provider0, + user, + credential_scope, + Curl_dyn_ptr(&signed_headers), + sha_hex, + date_header ? date_header : "", + content_sha256_hdr); if(!auth_headers) { goto fail; } diff --git a/libraries/libcurl/http_chunks.c b/libraries/libcurl/http_chunks.c index 001185da..aea84be9 100644 --- a/libraries/libcurl/http_chunks.c +++ b/libraries/libcurl/http_chunks.c @@ -189,7 +189,7 @@ static CURLcode httpchunk_readwrite(struct Curl_easy *data, else { ch->state = CHUNK_DATA; CURL_TRC_WRITE(data, "http_chunked, chunk start of %" - CURL_FORMAT_CURL_OFF_T " bytes", ch->datasize); + FMT_OFF_T " bytes", ch->datasize); } } @@ -226,7 +226,7 @@ static CURLcode httpchunk_readwrite(struct Curl_easy *data, buf += piece; /* move read pointer forward */ blen -= piece; /* decrease space left in this round */ CURL_TRC_WRITE(data, "http_chunked, write %zu body bytes, %" - CURL_FORMAT_CURL_OFF_T " bytes in chunk remain", + FMT_OFF_T " bytes in chunk remain", piece, ch->datasize); if(0 == ch->datasize) @@ -516,9 +516,9 @@ static CURLcode add_last_chunk(struct Curl_easy *data, if(result) goto out; - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); rc = data->set.trailer_callback(&trailers, data->set.trailer_data); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); if(rc != CURL_TRAILERFUNC_OK) { failf(data, "operation aborted by trailing headers callback"); diff --git a/libraries/libcurl/http_digest.c b/libraries/libcurl/http_digest.c index 2db3125a..a3ba17a5 100644 --- a/libraries/libcurl/http_digest.c +++ b/libraries/libcurl/http_digest.c @@ -121,9 +121,9 @@ CURLcode Curl_output_digest(struct Curl_easy *data, passwdp = ""; #if defined(USE_WINDOWS_SSPI) - have_chlg = digest->input_token ? TRUE : FALSE; + have_chlg = !!digest->input_token; #else - have_chlg = digest->nonce ? TRUE : FALSE; + have_chlg = !!digest->nonce; #endif if(!have_chlg) { diff --git a/libraries/libcurl/http_negotiate.c b/libraries/libcurl/http_negotiate.c index 629de834..5dda4750 100644 --- a/libraries/libcurl/http_negotiate.c +++ b/libraries/libcurl/http_negotiate.c @@ -30,6 +30,7 @@ #include "sendf.h" #include "http_negotiate.h" #include "vauth/vauth.h" +#include "vtls/vtls.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -106,11 +107,27 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn, #if defined(USE_WINDOWS_SSPI) && defined(SECPKG_ATTR_ENDPOINT_BINDINGS) neg_ctx->sslContext = conn->sslContext; #endif + /* Check if the connection is using SSL and get the channel binding data */ +#if defined(USE_SSL) && defined(HAVE_GSSAPI) + if(conn->handler->flags & PROTOPT_SSL) { + Curl_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE); + result = Curl_ssl_get_channel_binding( + data, FIRSTSOCKET, &neg_ctx->channel_binding_data); + if(result) { + Curl_http_auth_cleanup_negotiate(conn); + return result; + } + } +#endif /* Initialize the security context and decode our challenge */ result = Curl_auth_decode_spnego_message(data, userp, passwdp, service, host, header, neg_ctx); +#if defined(USE_SSL) && defined(HAVE_GSSAPI) + Curl_dyn_free(&neg_ctx->channel_binding_data); +#endif + if(result) Curl_http_auth_cleanup_negotiate(conn); diff --git a/libraries/libcurl/http_ntlm.c b/libraries/libcurl/http_ntlm.c index 95c138d4..49230bc1 100644 --- a/libraries/libcurl/http_ntlm.c +++ b/libraries/libcurl/http_ntlm.c @@ -123,7 +123,7 @@ CURLcode Curl_input_ntlm(struct Curl_easy *data, } /* - * This is for creating ntlm header output + * This is for creating NTLM header output */ CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy) { @@ -187,10 +187,10 @@ CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy) passwdp = ""; #ifdef USE_WINDOWS_SSPI - if(!s_hSecDll) { + if(!Curl_hSecDll) { /* not thread safe and leaks - use curl_global_init() to avoid */ CURLcode err = Curl_sspi_global_init(); - if(!s_hSecDll) + if(!Curl_hSecDll) return err; } #ifdef SECPKG_ATTR_ENDPOINT_BINDINGS diff --git a/libraries/libcurl/http_ntlm.h b/libraries/libcurl/http_ntlm.h index f37572ba..c1cf0570 100644 --- a/libraries/libcurl/http_ntlm.h +++ b/libraries/libcurl/http_ntlm.h @@ -28,11 +28,11 @@ #if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) -/* this is for ntlm header input */ +/* this is for NTLM header input */ CURLcode Curl_input_ntlm(struct Curl_easy *data, bool proxy, const char *header); -/* this is for creating ntlm header output */ +/* this is for creating NTLM header output */ CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy); void Curl_http_auth_cleanup_ntlm(struct connectdata *conn); diff --git a/libraries/libcurl/http_proxy.c b/libraries/libcurl/http_proxy.c index a5f27f5c..1ec08d0d 100644 --- a/libraries/libcurl/http_proxy.c +++ b/libraries/libcurl/http_proxy.c @@ -97,8 +97,8 @@ CURLcode Curl_http_proxy_create_CONNECT(struct httpreq **preq, if(result) goto out; - authority = aprintf("%s%s%s:%d", ipv6_ip?"[":"", hostname, - ipv6_ip?"]":"", port); + authority = aprintf("%s%s%s:%d", ipv6_ip ? "[" : "", hostname, + ipv6_ip ?"]" : "", port); if(!authority) { result = CURLE_OUT_OF_MEMORY; goto out; @@ -185,7 +185,7 @@ static CURLcode http_proxy_cf_connect(struct Curl_cfilter *cf, *done = FALSE; if(!ctx->cf_protocol) { struct Curl_cfilter *cf_protocol = NULL; - int alpn = Curl_conn_cf_is_ssl(cf->next)? + int alpn = Curl_conn_cf_is_ssl(cf->next) ? cf->conn->proxy_alpn : CURL_HTTP_VERSION_1_1; /* First time call after the subchain connected */ @@ -195,7 +195,7 @@ static CURLcode http_proxy_cf_connect(struct Curl_cfilter *cf, case CURL_HTTP_VERSION_1_1: CURL_TRC_CF(data, cf, "installing subfilter for HTTP/1.1"); infof(data, "CONNECT tunnel: HTTP/1.%d negotiated", - (alpn == CURL_HTTP_VERSION_1_0)? 0 : 1); + (alpn == CURL_HTTP_VERSION_1_0) ? 0 : 1); result = Curl_cf_h1_proxy_insert_after(cf, data); if(result) goto out; diff --git a/libraries/libcurl/idn.c b/libraries/libcurl/idn.c index ef55ddfe..ed20cdc1 100644 --- a/libraries/libcurl/idn.c +++ b/libraries/libcurl/idn.c @@ -53,30 +53,70 @@ /* for macOS and iOS targets */ #if defined(USE_APPLE_IDN) #include +#include +#include #define MAX_HOST_LENGTH 512 +static CURLcode iconv_to_utf8(const char *in, size_t inlen, + char **out, size_t *outlen) +{ + iconv_t cd = iconv_open("UTF-8", nl_langinfo(CODESET)); + if(cd != (iconv_t)-1) { + size_t iconv_outlen = *outlen; + char *iconv_in = (char *)in; + size_t iconv_inlen = inlen; + size_t iconv_result = iconv(cd, &iconv_in, &iconv_inlen, + out, &iconv_outlen); + *outlen -= iconv_outlen; + iconv_close(cd); + if(iconv_result == (size_t)-1) { + if(errno == ENOMEM) + return CURLE_OUT_OF_MEMORY; + else + return CURLE_URL_MALFORMAT; + } + + return CURLE_OK; + } + else { + if(errno == ENOMEM) + return CURLE_OUT_OF_MEMORY; + else + return CURLE_FAILED_INIT; + } +} + static CURLcode mac_idn_to_ascii(const char *in, char **out) { size_t inlen = strlen(in); if(inlen < MAX_HOST_LENGTH) { - UErrorCode err = U_ZERO_ERROR; - UIDNA* idna = uidna_openUTS46( - UIDNA_CHECK_BIDI|UIDNA_NONTRANSITIONAL_TO_ASCII, &err); - if(!U_FAILURE(err)) { - UIDNAInfo info = UIDNA_INFO_INITIALIZER; - char buffer[MAX_HOST_LENGTH] = {0}; - (void)uidna_nameToASCII_UTF8(idna, in, -1, buffer, - sizeof(buffer) - 1, &info, &err); - uidna_close(idna); + char iconv_buffer[MAX_HOST_LENGTH] = {0}; + char *iconv_outptr = iconv_buffer; + size_t iconv_outlen = sizeof(iconv_buffer); + CURLcode iconv_result = iconv_to_utf8(in, inlen, + &iconv_outptr, &iconv_outlen); + if(!iconv_result) { + UErrorCode err = U_ZERO_ERROR; + UIDNA* idna = uidna_openUTS46( + UIDNA_CHECK_BIDI|UIDNA_NONTRANSITIONAL_TO_ASCII, &err); if(!U_FAILURE(err)) { - *out = strdup(buffer); - if(*out) - return CURLE_OK; - else - return CURLE_OUT_OF_MEMORY; + UIDNAInfo info = UIDNA_INFO_INITIALIZER; + char buffer[MAX_HOST_LENGTH] = {0}; + (void)uidna_nameToASCII_UTF8(idna, iconv_buffer, (int)iconv_outlen, + buffer, sizeof(buffer) - 1, &info, &err); + uidna_close(idna); + if(!U_FAILURE(err) && !info.errors) { + *out = strdup(buffer); + if(*out) + return CURLE_OK; + else + return CURLE_OUT_OF_MEMORY; + } } } + else + return iconv_result; } return CURLE_URL_MALFORMAT; } @@ -110,7 +150,8 @@ static CURLcode mac_ascii_to_idn(const char *in, char **out) #ifdef USE_WIN32_IDN /* using Windows kernel32 and normaliz libraries. */ -#if !defined(_WIN32_WINNT) || _WIN32_WINNT < 0x600 +#if (!defined(_WIN32_WINNT) || _WIN32_WINNT < 0x600) && \ + (!defined(WINVER) || WINVER < 0x600) WINBASEAPI int WINAPI IdnToAscii(DWORD dwFlags, const WCHAR *lpUnicodeCharStr, int cchUnicodeChar, diff --git a/libraries/libcurl/if2ip.c b/libraries/libcurl/if2ip.c index 42e14500..55afd553 100644 --- a/libraries/libcurl/if2ip.c +++ b/libraries/libcurl/if2ip.c @@ -216,7 +216,15 @@ if2ip_result_t Curl_if2ip(int af, memcpy(req.ifr_name, interf, len + 1); req.ifr_addr.sa_family = AF_INET; +#if defined(__GNUC__) && defined(_AIX) +/* Suppress warning inside system headers */ +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wshift-sign-overflow" +#endif if(ioctl(dummy, SIOCGIFADDR, &req) < 0) { +#if defined(__GNUC__) && defined(_AIX) +#pragma GCC diagnostic pop +#endif sclose(dummy); /* With SIOCGIFADDR, we cannot tell the difference between an interface that does not exist and an interface that has no address of the diff --git a/libraries/libcurl/imap.c b/libraries/libcurl/imap.c index efe91b14..e424cdb0 100644 --- a/libraries/libcurl/imap.c +++ b/libraries/libcurl/imap.c @@ -520,8 +520,8 @@ static CURLcode imap_perform_login(struct Curl_easy *data, } /* Make sure the username and password are in the correct atom format */ - user = imap_atom(conn->user, false); - passwd = imap_atom(conn->passwd, false); + user = imap_atom(conn->user, FALSE); + passwd = imap_atom(conn->passwd, FALSE); /* Send the LOGIN command */ result = imap_sendf(data, "LOGIN %s %s", user ? user : "", @@ -655,7 +655,7 @@ static CURLcode imap_perform_list(struct Curl_easy *data) imap->custom_params ? imap->custom_params : ""); else { /* Make sure the mailbox is in the correct atom format if necessary */ - char *mailbox = imap->mailbox ? imap_atom(imap->mailbox, true) + char *mailbox = imap->mailbox ? imap_atom(imap->mailbox, TRUE) : strdup(""); if(!mailbox) return CURLE_OUT_OF_MEMORY; @@ -697,7 +697,7 @@ static CURLcode imap_perform_select(struct Curl_easy *data) } /* Make sure the mailbox is in the correct atom format */ - mailbox = imap_atom(imap->mailbox, false); + mailbox = imap_atom(imap->mailbox, FALSE); if(!mailbox) return CURLE_OUT_OF_MEMORY; @@ -809,13 +809,12 @@ static CURLcode imap_perform_append(struct Curl_easy *data) } /* Make sure the mailbox is in the correct atom format */ - mailbox = imap_atom(imap->mailbox, false); + mailbox = imap_atom(imap->mailbox, FALSE); if(!mailbox) return CURLE_OUT_OF_MEMORY; /* Send the APPEND command */ - result = imap_sendf(data, - "APPEND %s (\\Seen) {%" CURL_FORMAT_CURL_OFF_T "}", + result = imap_sendf(data, "APPEND %s (\\Seen) {%" FMT_OFF_T "}", mailbox, data->state.infilesize); free(mailbox); @@ -1168,8 +1167,7 @@ static CURLcode imap_state_fetch_resp(struct Curl_easy *data, } if(parsed) { - infof(data, "Found %" CURL_FORMAT_CURL_OFF_T " bytes to download", - size); + infof(data, "Found %" FMT_OFF_T " bytes to download", size); Curl_pgrsSetDownloadSize(data, size); if(pp->overflow) { @@ -1196,7 +1194,7 @@ static CURLcode imap_state_fetch_resp(struct Curl_easy *data, if(result) return result; - infof(data, "Written %zu bytes, %" CURL_FORMAT_CURL_OFF_TU + infof(data, "Written %zu bytes, %" FMT_OFF_TU " bytes are left for transfer", chunk, size - chunk); /* Have we used the entire overflow or just part of it?*/ @@ -1401,7 +1399,7 @@ static CURLcode imap_multi_statemach(struct Curl_easy *data, bool *done) } result = Curl_pp_statemach(data, &imapc->pp, FALSE, FALSE); - *done = (imapc->state == IMAP_STOP) ? TRUE : FALSE; + *done = (imapc->state == IMAP_STOP); return result; } @@ -1861,7 +1859,7 @@ static bool imap_is_bchar(char ch) /* Performing the alnum check with this macro is faster because of ASCII arithmetic */ if(ISALNUM(ch)) - return true; + return TRUE; switch(ch) { /* bchar */ @@ -1875,10 +1873,10 @@ static bool imap_is_bchar(char ch) case '+': case ',': /* bchar -> achar -> uchar -> pct-encoded */ case '%': /* HEXDIG chars are already included above */ - return true; + return TRUE; default: - return false; + return FALSE; } } @@ -1893,7 +1891,7 @@ static CURLcode imap_parse_url_options(struct connectdata *conn) CURLcode result = CURLE_OK; struct imap_conn *imapc = &conn->proto.imapc; const char *ptr = conn->options; - bool prefer_login = false; + bool prefer_login = FALSE; while(!result && ptr && *ptr) { const char *key = ptr; @@ -1909,16 +1907,16 @@ static CURLcode imap_parse_url_options(struct connectdata *conn) if(strncasecompare(key, "AUTH=+LOGIN", 11)) { /* User prefers plaintext LOGIN over any SASL, including SASL LOGIN */ - prefer_login = true; + prefer_login = TRUE; imapc->sasl.prefmech = SASL_AUTH_NONE; } else if(strncasecompare(key, "AUTH=", 5)) { - prefer_login = false; + prefer_login = FALSE; result = Curl_sasl_parse_url_auth_option(&imapc->sasl, value, ptr - value); } else { - prefer_login = false; + prefer_login = FALSE; result = CURLE_URL_MALFORMAT; } diff --git a/libraries/libcurl/inet_ntop.c b/libraries/libcurl/inet_ntop.c index 3a81eef6..a2812cf8 100644 --- a/libraries/libcurl/inet_ntop.c +++ b/libraries/libcurl/inet_ntop.c @@ -185,8 +185,8 @@ static char *inet_ntop6(const unsigned char *src, char *dst, size_t size) * Returns NULL on error and errno set with the specific * error, EAFNOSUPPORT or ENOSPC. * - * On Windows we store the error in the thread errno, not in the winsock error - * code. This is to avoid losing the actual last winsock error. When this + * On Windows we store the error in the thread errno, not in the Winsock error + * code. This is to avoid losing the actual last Winsock error. When this * function returns NULL, check errno not SOCKERRNO. */ char *Curl_inet_ntop(int af, const void *src, char *buf, size_t size) diff --git a/libraries/libcurl/inet_pton.c b/libraries/libcurl/inet_pton.c index 49b923f1..97e6f80d 100644 --- a/libraries/libcurl/inet_pton.c +++ b/libraries/libcurl/inet_pton.c @@ -65,8 +65,8 @@ static int inet_pton6(const char *src, unsigned char *dst); * -1 if some other error occurred (`dst' is untouched in this case, too) * notice: * On Windows we store the error in the thread errno, not - * in the winsock error code. This is to avoid losing the - * actual last winsock error. When this function returns + * in the Winsock error code. This is to avoid losing the + * actual last Winsock error. When this function returns * -1, check errno not SOCKERRNO. * author: * Paul Vixie, 1996. diff --git a/libraries/libcurl/krb5.c b/libraries/libcurl/krb5.c index 45944cef..c953da60 100644 --- a/libraries/libcurl/krb5.c +++ b/libraries/libcurl/krb5.c @@ -91,7 +91,7 @@ static CURLcode ftpsend(struct Curl_easy *data, struct connectdata *conn, #ifdef HAVE_GSSAPI conn->data_prot = PROT_CMD; #endif - result = Curl_xfer_send(data, sptr, write_len, &bytes_written); + result = Curl_xfer_send(data, sptr, write_len, FALSE, &bytes_written); #ifdef HAVE_GSSAPI DEBUGASSERT(data_sec > PROT_NONE && data_sec < PROT_LAST); conn->data_prot = data_sec; @@ -209,7 +209,7 @@ krb5_auth(void *app_data, struct Curl_easy *data, struct connectdata *conn) struct gss_channel_bindings_struct chan; size_t base64_sz = 0; struct sockaddr_in *remote_addr = - (struct sockaddr_in *)(void *)&conn->remote_addr->sa_addr; + (struct sockaddr_in *)(void *)&conn->remote_addr->curl_sa_addr; char *stringp; if(getsockname(conn->sock[FIRSTSOCKET], @@ -336,17 +336,20 @@ krb5_auth(void *app_data, struct Curl_easy *data, struct connectdata *conn) } _gssresp.value = NULL; /* make sure it is initialized */ + _gssresp.length = 0; p += 4; /* over '789 ' */ p = strstr(p, "ADAT="); if(p) { - result = Curl_base64_decode(p + 5, - (unsigned char **)&_gssresp.value, - &_gssresp.length); + unsigned char *outptr; + size_t outlen; + result = Curl_base64_decode(p + 5, &outptr, &outlen); if(result) { failf(data, "base64-decoding: %s", curl_easy_strerror(result)); ret = AUTH_CONTINUE; break; } + _gssresp.value = outptr; + _gssresp.length = outlen; } gssresp = &_gssresp; @@ -497,7 +500,7 @@ socket_write(struct Curl_easy *data, int sockindex, const void *to, size_t written; while(len > 0) { - result = Curl_conn_send(data, sockindex, to_p, len, &written); + result = Curl_conn_send(data, sockindex, to_p, len, FALSE, &written); if(!result && written > 0) { len -= written; to_p += written; @@ -620,7 +623,7 @@ static void do_sec_send(struct Curl_easy *data, struct connectdata *conn, size_t cmd_size = 0; CURLcode error; enum protection_level prot_level = conn->data_prot; - bool iscmd = (prot_level == PROT_CMD)?TRUE:FALSE; + bool iscmd = (prot_level == PROT_CMD); DEBUGASSERT(prot_level > PROT_NONE && prot_level < PROT_LAST); @@ -652,7 +655,7 @@ static void do_sec_send(struct Curl_easy *data, struct connectdata *conn, socket_write(data, fd, cmd_buffer, cmd_size); socket_write(data, fd, "\r\n", 2); - infof(data, "Send: %s%s", prot_level == PROT_PRIVATE?enc:mic, + infof(data, "Send: %s%s", prot_level == PROT_PRIVATE ? enc : mic, cmd_buffer); free(cmd_buffer); } @@ -686,10 +689,12 @@ static ssize_t sec_write(struct Curl_easy *data, struct connectdata *conn, /* Matches Curl_send signature */ static ssize_t sec_send(struct Curl_easy *data, int sockindex, - const void *buffer, size_t len, CURLcode *err) + const void *buffer, size_t len, bool eos, + CURLcode *err) { struct connectdata *conn = data->conn; curl_socket_t fd = conn->sock[sockindex]; + (void)eos; /* unused */ *err = CURLE_OK; return sec_write(data, conn, fd, buffer, len); } diff --git a/libraries/libcurl/ldap.c b/libraries/libcurl/ldap.c index addb9b35..01429ba7 100644 --- a/libraries/libcurl/ldap.c +++ b/libraries/libcurl/ldap.c @@ -143,7 +143,7 @@ static void _ldap_free_urldesc(LDAPURLDesc *ludp); #endif #if defined(USE_WIN32_LDAP) && defined(ldap_err2string) -/* Use ansi error strings in UNICODE builds */ +/* Use ANSI error strings in Unicode builds */ #undef ldap_err2string #define ldap_err2string ldap_err2stringA #endif diff --git a/libraries/libcurl/llist.c b/libraries/libcurl/llist.c index 716f0cd5..e5c65fb9 100644 --- a/libraries/libcurl/llist.c +++ b/libraries/libcurl/llist.c @@ -32,16 +32,34 @@ /* this must be the last include file */ #include "memdebug.h" +#define LLISTINIT 0x100cc001 /* random pattern */ +#define NODEINIT 0x12344321 /* random pattern */ +#define NODEREM 0x54321012 /* random pattern */ + + +#ifdef DEBUGBUILD +#define VERIFYNODE(x) verifynode(x) +static struct Curl_llist_node *verifynode(struct Curl_llist_node *n) +{ + DEBUGASSERT(!n || (n->_init == NODEINIT)); + return n; +} +#else +#define VERIFYNODE(x) x +#endif /* * @unittest: 1300 */ void Curl_llist_init(struct Curl_llist *l, Curl_llist_dtor dtor) { - l->size = 0; - l->dtor = dtor; - l->head = NULL; - l->tail = NULL; + l->_size = 0; + l->_dtor = dtor; + l->_head = NULL; + l->_tail = NULL; +#ifdef DEBUGBUILD + l->_init = LLISTINIT; +#endif } /* @@ -56,36 +74,45 @@ Curl_llist_init(struct Curl_llist *l, Curl_llist_dtor dtor) * @unittest: 1300 */ void -Curl_llist_insert_next(struct Curl_llist *list, struct Curl_llist_element *e, +Curl_llist_insert_next(struct Curl_llist *list, + struct Curl_llist_node *e, /* may be NULL */ const void *p, - struct Curl_llist_element *ne) + struct Curl_llist_node *ne) { - ne->ptr = (void *) p; - if(list->size == 0) { - list->head = ne; - list->head->prev = NULL; - list->head->next = NULL; - list->tail = ne; + DEBUGASSERT(list); + DEBUGASSERT(list->_init == LLISTINIT); + DEBUGASSERT(ne); + +#ifdef DEBUGBUILD + ne->_init = NODEINIT; +#endif + ne->_ptr = (void *) p; + ne->_list = list; + if(list->_size == 0) { + list->_head = ne; + list->_head->_prev = NULL; + list->_head->_next = NULL; + list->_tail = ne; } else { /* if 'e' is NULL here, we insert the new element first in the list */ - ne->next = e?e->next:list->head; - ne->prev = e; + ne->_next = e ? e->_next : list->_head; + ne->_prev = e; if(!e) { - list->head->prev = ne; - list->head = ne; + list->_head->_prev = ne; + list->_head = ne; } - else if(e->next) { - e->next->prev = ne; + else if(e->_next) { + e->_next->_prev = ne; } else { - list->tail = ne; + list->_tail = ne; } if(e) - e->next = ne; + e->_next = ne; } - ++list->size; + ++list->_size; } /* @@ -99,64 +126,141 @@ Curl_llist_insert_next(struct Curl_llist *list, struct Curl_llist_element *e, */ void Curl_llist_append(struct Curl_llist *list, const void *p, - struct Curl_llist_element *ne) + struct Curl_llist_node *ne) { - Curl_llist_insert_next(list, list->tail, p, ne); + DEBUGASSERT(list); + DEBUGASSERT(list->_init == LLISTINIT); + DEBUGASSERT(ne); + Curl_llist_insert_next(list, list->_tail, p, ne); } /* * @unittest: 1300 */ void -Curl_llist_remove(struct Curl_llist *list, struct Curl_llist_element *e, - void *user) +Curl_node_uremove(struct Curl_llist_node *e, void *user) { void *ptr; - if(!e || list->size == 0) + struct Curl_llist *list; + if(!e) return; - if(e == list->head) { - list->head = e->next; + list = e->_list; + DEBUGASSERT(list); + DEBUGASSERT(list->_init == LLISTINIT); + DEBUGASSERT(list->_size); + DEBUGASSERT(e->_init == NODEINIT); + if(e == list->_head) { + list->_head = e->_next; - if(!list->head) - list->tail = NULL; + if(!list->_head) + list->_tail = NULL; else - e->next->prev = NULL; + e->_next->_prev = NULL; } else { - if(e->prev) - e->prev->next = e->next; + if(e->_prev) + e->_prev->_next = e->_next; - if(!e->next) - list->tail = e->prev; + if(!e->_next) + list->_tail = e->_prev; else - e->next->prev = e->prev; + e->_next->_prev = e->_prev; } - ptr = e->ptr; + ptr = e->_ptr; - e->ptr = NULL; - e->prev = NULL; - e->next = NULL; + e->_list = NULL; + e->_ptr = NULL; + e->_prev = NULL; + e->_next = NULL; +#ifdef DEBUGBUILD + e->_init = NODEREM; /* specific pattern on remove - not zero */ +#endif - --list->size; + --list->_size; /* call the dtor() last for when it actually frees the 'e' memory itself */ - if(list->dtor) - list->dtor(user, ptr); + if(list->_dtor) + list->_dtor(user, ptr); +} + +void Curl_node_remove(struct Curl_llist_node *e) +{ + Curl_node_uremove(e, NULL); } void Curl_llist_destroy(struct Curl_llist *list, void *user) { if(list) { - while(list->size > 0) - Curl_llist_remove(list, list->tail, user); + DEBUGASSERT(list->_init == LLISTINIT); + while(list->_size > 0) + Curl_node_uremove(list->_tail, user); } } -size_t -Curl_llist_count(struct Curl_llist *list) +/* Curl_llist_head() returns the first 'struct Curl_llist_node *', which + might be NULL */ +struct Curl_llist_node *Curl_llist_head(struct Curl_llist *list) +{ + DEBUGASSERT(list); + DEBUGASSERT(list->_init == LLISTINIT); + return VERIFYNODE(list->_head); +} + +#ifdef UNITTESTS +/* Curl_llist_tail() returns the last 'struct Curl_llist_node *', which + might be NULL */ +struct Curl_llist_node *Curl_llist_tail(struct Curl_llist *list) +{ + DEBUGASSERT(list); + DEBUGASSERT(list->_init == LLISTINIT); + return VERIFYNODE(list->_tail); +} +#endif + +/* Curl_llist_count() returns a size_t the number of nodes in the list */ +size_t Curl_llist_count(struct Curl_llist *list) +{ + DEBUGASSERT(list); + DEBUGASSERT(list->_init == LLISTINIT); + return list->_size; +} + +/* Curl_node_elem() returns the custom data from a Curl_llist_node */ +void *Curl_node_elem(struct Curl_llist_node *n) +{ + DEBUGASSERT(n); + DEBUGASSERT(n->_init == NODEINIT); + return n->_ptr; +} + +/* Curl_node_next() returns the next element in a list from a given + Curl_llist_node */ +struct Curl_llist_node *Curl_node_next(struct Curl_llist_node *n) +{ + DEBUGASSERT(n); + DEBUGASSERT(n->_init == NODEINIT); + return VERIFYNODE(n->_next); +} + +#ifdef UNITTESTS + +/* Curl_node_prev() returns the previous element in a list from a given + Curl_llist_node */ +struct Curl_llist_node *Curl_node_prev(struct Curl_llist_node *n) +{ + DEBUGASSERT(n); + DEBUGASSERT(n->_init == NODEINIT); + return VERIFYNODE(n->_prev); +} + +#endif + +struct Curl_llist *Curl_node_llist(struct Curl_llist_node *n) { - return list->size; + DEBUGASSERT(n); + DEBUGASSERT(!n->_list || n->_init == NODEINIT); + return n->_list; } diff --git a/libraries/libcurl/llist.h b/libraries/libcurl/llist.h index d75582fa..26581869 100644 --- a/libraries/libcurl/llist.h +++ b/libraries/libcurl/llist.h @@ -27,28 +27,63 @@ #include "curl_setup.h" #include -typedef void (*Curl_llist_dtor)(void *, void *); +typedef void (*Curl_llist_dtor)(void *user, void *elem); -struct Curl_llist_element { - void *ptr; - struct Curl_llist_element *prev; - struct Curl_llist_element *next; -}; +/* none of these struct members should be referenced directly, use the + dedicated functions */ struct Curl_llist { - struct Curl_llist_element *head; - struct Curl_llist_element *tail; - Curl_llist_dtor dtor; - size_t size; + struct Curl_llist_node *_head; + struct Curl_llist_node *_tail; + Curl_llist_dtor _dtor; + size_t _size; +#ifdef DEBUGBUILD + int _init; /* detect API usage mistakes */ +#endif +}; + +struct Curl_llist_node { + struct Curl_llist *_list; /* the list where this belongs */ + void *_ptr; + struct Curl_llist_node *_prev; + struct Curl_llist_node *_next; +#ifdef DEBUGBUILD + int _init; /* detect API usage mistakes */ +#endif }; void Curl_llist_init(struct Curl_llist *, Curl_llist_dtor); -void Curl_llist_insert_next(struct Curl_llist *, struct Curl_llist_element *, - const void *, struct Curl_llist_element *node); +void Curl_llist_insert_next(struct Curl_llist *, struct Curl_llist_node *, + const void *, struct Curl_llist_node *node); void Curl_llist_append(struct Curl_llist *, - const void *, struct Curl_llist_element *node); -void Curl_llist_remove(struct Curl_llist *, struct Curl_llist_element *, - void *); -size_t Curl_llist_count(struct Curl_llist *); + const void *, struct Curl_llist_node *node); +void Curl_node_uremove(struct Curl_llist_node *, void *); +void Curl_node_remove(struct Curl_llist_node *); void Curl_llist_destroy(struct Curl_llist *, void *); + +/* Curl_llist_head() returns the first 'struct Curl_llist_node *', which + might be NULL */ +struct Curl_llist_node *Curl_llist_head(struct Curl_llist *list); + +/* Curl_llist_tail() returns the last 'struct Curl_llist_node *', which + might be NULL */ +struct Curl_llist_node *Curl_llist_tail(struct Curl_llist *list); + +/* Curl_llist_count() returns a size_t the number of nodes in the list */ +size_t Curl_llist_count(struct Curl_llist *list); + +/* Curl_node_elem() returns the custom data from a Curl_llist_node */ +void *Curl_node_elem(struct Curl_llist_node *n); + +/* Curl_node_next() returns the next element in a list from a given + Curl_llist_node */ +struct Curl_llist_node *Curl_node_next(struct Curl_llist_node *n); + +/* Curl_node_prev() returns the previous element in a list from a given + Curl_llist_node */ +struct Curl_llist_node *Curl_node_prev(struct Curl_llist_node *n); + +/* Curl_node_llist() return the list the node is in or NULL. */ +struct Curl_llist *Curl_node_llist(struct Curl_llist_node *n); + #endif /* HEADER_CURL_LLIST_H */ diff --git a/libraries/libcurl/macos.c b/libraries/libcurl/macos.c index 205d30db..e4662be1 100644 --- a/libraries/libcurl/macos.c +++ b/libraries/libcurl/macos.c @@ -34,21 +34,19 @@ CURLcode Curl_macos_init(void) { - { - /* - * The automagic conversion from IPv4 literals to IPv6 literals only - * works if the SCDynamicStoreCopyProxies system function gets called - * first. As Curl currently does not support system-wide HTTP proxies, we - * therefore do not use any value this function might return. - * - * This function is only available on macOS and is not needed for - * IPv4-only builds, hence the conditions for defining - * CURL_MACOS_CALL_COPYPROXIES in curl_setup.h. - */ - CFDictionaryRef dict = SCDynamicStoreCopyProxies(NULL); - if(dict) - CFRelease(dict); - } + /* + * The automagic conversion from IPv4 literals to IPv6 literals only + * works if the SCDynamicStoreCopyProxies system function gets called + * first. As Curl currently does not support system-wide HTTP proxies, we + * therefore do not use any value this function might return. + * + * This function is only available on macOS and is not needed for + * IPv4-only builds, hence the conditions for defining + * CURL_MACOS_CALL_COPYPROXIES in curl_setup.h. + */ + CFDictionaryRef dict = SCDynamicStoreCopyProxies(NULL); + if(dict) + CFRelease(dict); return CURLE_OK; } diff --git a/libraries/libcurl/md5.c b/libraries/libcurl/md5.c index 7b51429b..73e04e37 100644 --- a/libraries/libcurl/md5.c +++ b/libraries/libcurl/md5.c @@ -88,20 +88,20 @@ typedef struct md5_ctx my_md5_ctx; -static CURLcode my_md5_init(my_md5_ctx *ctx) +static CURLcode my_md5_init(void *ctx) { md5_init(ctx); return CURLE_OK; } -static void my_md5_update(my_md5_ctx *ctx, +static void my_md5_update(void *ctx, const unsigned char *input, unsigned int inputLen) { md5_update(ctx, inputLen, input); } -static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) +static void my_md5_final(unsigned char *digest, void *ctx) { md5_digest(ctx, 16, digest); } @@ -110,7 +110,7 @@ static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) typedef MD5_CTX my_md5_ctx; -static CURLcode my_md5_init(my_md5_ctx *ctx) +static CURLcode my_md5_init(void *ctx) { if(!MD5_Init(ctx)) return CURLE_OUT_OF_MEMORY; @@ -118,14 +118,14 @@ static CURLcode my_md5_init(my_md5_ctx *ctx) return CURLE_OK; } -static void my_md5_update(my_md5_ctx *ctx, +static void my_md5_update(void *ctx, const unsigned char *input, unsigned int len) { (void)MD5_Update(ctx, input, len); } -static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) +static void my_md5_final(unsigned char *digest, void *ctx) { (void)MD5_Final(digest, ctx); } @@ -134,7 +134,7 @@ static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) typedef mbedtls_md5_context my_md5_ctx; -static CURLcode my_md5_init(my_md5_ctx *ctx) +static CURLcode my_md5_init(void *ctx) { #if (MBEDTLS_VERSION_NUMBER >= 0x03000000) if(mbedtls_md5_starts(ctx)) @@ -148,7 +148,7 @@ static CURLcode my_md5_init(my_md5_ctx *ctx) return CURLE_OK; } -static void my_md5_update(my_md5_ctx *ctx, +static void my_md5_update(void *ctx, const unsigned char *data, unsigned int length) { @@ -159,7 +159,7 @@ static void my_md5_update(my_md5_ctx *ctx, #endif } -static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) +static void my_md5_final(unsigned char *digest, void *ctx) { #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) (void) mbedtls_md5_finish(ctx, digest); @@ -178,7 +178,7 @@ static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) reliable than defining COMMON_DIGEST_FOR_OPENSSL on older cats. */ # define my_md5_ctx CC_MD5_CTX -static CURLcode my_md5_init(my_md5_ctx *ctx) +static CURLcode my_md5_init(void *ctx) { if(!CC_MD5_Init(ctx)) return CURLE_OUT_OF_MEMORY; @@ -186,14 +186,14 @@ static CURLcode my_md5_init(my_md5_ctx *ctx) return CURLE_OK; } -static void my_md5_update(my_md5_ctx *ctx, +static void my_md5_update(void *ctx, const unsigned char *input, unsigned int inputLen) { CC_MD5_Update(ctx, input, inputLen); } -static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) +static void my_md5_final(unsigned char *digest, void *ctx) { CC_MD5_Final(digest, ctx); } @@ -206,8 +206,9 @@ struct md5_ctx { }; typedef struct md5_ctx my_md5_ctx; -static CURLcode my_md5_init(my_md5_ctx *ctx) +static CURLcode my_md5_init(void *in) { + my_md5_ctx *ctx = (my_md5_ctx *)in; if(!CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) return CURLE_OUT_OF_MEMORY; @@ -221,15 +222,17 @@ static CURLcode my_md5_init(my_md5_ctx *ctx) return CURLE_OK; } -static void my_md5_update(my_md5_ctx *ctx, +static void my_md5_update(void *in, const unsigned char *input, unsigned int inputLen) { + my_md5_ctx *ctx = in; CryptHashData(ctx->hHash, (unsigned char *)input, inputLen, 0); } -static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) +static void my_md5_final(unsigned char *digest, void *in) { + my_md5_ctx *ctx = (my_md5_ctx *)in; unsigned long length = 0; CryptGetHashParam(ctx->hHash, HP_HASHVAL, NULL, &length, 0); if(length == 16) @@ -292,10 +295,10 @@ struct md5_ctx { }; typedef struct md5_ctx my_md5_ctx; -static CURLcode my_md5_init(my_md5_ctx *ctx); -static void my_md5_update(my_md5_ctx *ctx, const void *data, - unsigned long size); -static void my_md5_final(unsigned char *result, my_md5_ctx *ctx); +static CURLcode my_md5_init(void *ctx); +static void my_md5_update(void *ctx, const unsigned char *data, + unsigned int size); +static void my_md5_final(unsigned char *result, void *ctx); /* * The basic MD5 functions. @@ -455,8 +458,9 @@ static const void *my_md5_body(my_md5_ctx *ctx, return ptr; } -static CURLcode my_md5_init(my_md5_ctx *ctx) +static CURLcode my_md5_init(void *in) { + my_md5_ctx *ctx = (my_md5_ctx *)in; ctx->a = 0x67452301; ctx->b = 0xefcdab89; ctx->c = 0x98badcfe; @@ -468,11 +472,12 @@ static CURLcode my_md5_init(my_md5_ctx *ctx) return CURLE_OK; } -static void my_md5_update(my_md5_ctx *ctx, const void *data, - unsigned long size) +static void my_md5_update(void *in, const unsigned char *data, + unsigned int size) { MD5_u32plus saved_lo; - unsigned long used; + unsigned int used; + my_md5_ctx *ctx = (my_md5_ctx *)in; saved_lo = ctx->lo; ctx->lo = (saved_lo + size) & 0x1fffffff; @@ -483,7 +488,7 @@ static void my_md5_update(my_md5_ctx *ctx, const void *data, used = saved_lo & 0x3f; if(used) { - unsigned long available = 64 - used; + unsigned int available = 64 - used; if(size < available) { memcpy(&ctx->buffer[used], data, size); @@ -504,9 +509,10 @@ static void my_md5_update(my_md5_ctx *ctx, const void *data, memcpy(ctx->buffer, data, size); } -static void my_md5_final(unsigned char *result, my_md5_ctx *ctx) +static void my_md5_final(unsigned char *result, void *in) { - unsigned long used, available; + unsigned int used, available; + my_md5_ctx *ctx = (my_md5_ctx *)in; used = ctx->lo & 0x3f; @@ -557,36 +563,21 @@ static void my_md5_final(unsigned char *result, my_md5_ctx *ctx) #endif /* CRYPTO LIBS */ -const struct HMAC_params Curl_HMAC_MD5[] = { - { - /* Hash initialization function. */ - CURLX_FUNCTION_CAST(HMAC_hinit_func, my_md5_init), - /* Hash update function. */ - CURLX_FUNCTION_CAST(HMAC_hupdate_func, my_md5_update), - /* Hash computation end function. */ - CURLX_FUNCTION_CAST(HMAC_hfinal_func, my_md5_final), - /* Size of hash context structure. */ - sizeof(my_md5_ctx), - /* Maximum key length. */ - 64, - /* Result size. */ - 16 - } +const struct HMAC_params Curl_HMAC_MD5 = { + my_md5_init, /* Hash initialization function. */ + my_md5_update, /* Hash update function. */ + my_md5_final, /* Hash computation end function. */ + sizeof(my_md5_ctx), /* Size of hash context structure. */ + 64, /* Maximum key length. */ + 16 /* Result size. */ }; -const struct MD5_params Curl_DIGEST_MD5[] = { - { - /* Digest initialization function */ - CURLX_FUNCTION_CAST(Curl_MD5_init_func, my_md5_init), - /* Digest update function */ - CURLX_FUNCTION_CAST(Curl_MD5_update_func, my_md5_update), - /* Digest computation end function */ - CURLX_FUNCTION_CAST(Curl_MD5_final_func, my_md5_final), - /* Size of digest context struct */ - sizeof(my_md5_ctx), - /* Result size */ - 16 - } +const struct MD5_params Curl_DIGEST_MD5 = { + my_md5_init, /* Digest initialization function */ + my_md5_update, /* Digest update function */ + my_md5_final, /* Digest computation end function */ + sizeof(my_md5_ctx), /* Size of digest context struct */ + 16 /* Result size */ }; /* diff --git a/libraries/libcurl/memdebug.c b/libraries/libcurl/memdebug.c index 57fe591e..02612c2a 100644 --- a/libraries/libcurl/memdebug.c +++ b/libraries/libcurl/memdebug.c @@ -49,9 +49,9 @@ struct memdebug { }; /* - * Note that these debug functions are very simple and they are meant to - * remain so. For advanced analysis, record a log file and write perl scripts - * to analyze them! + * Note that these debug functions are simple and they are meant to remain so. + * For advanced analysis, record a log file and write perl scripts to analyze + * them! * * Do not use these with multithreaded test programs! */ @@ -312,7 +312,7 @@ curl_socket_t curl_dbg_socket(int domain, int type, int protocol, sockfd = socket(domain, type, protocol); if(source && (sockfd != CURL_SOCKET_BAD)) - curl_dbg_log("FD %s:%d socket() = %" CURL_FORMAT_SOCKET_T "\n", + curl_dbg_log("FD %s:%d socket() = %" FMT_SOCKET_T "\n", source, line, sockfd); return sockfd; @@ -356,8 +356,8 @@ int curl_dbg_socketpair(int domain, int type, int protocol, if(source && (0 == res)) curl_dbg_log("FD %s:%d socketpair() = " - "%" CURL_FORMAT_SOCKET_T " %" CURL_FORMAT_SOCKET_T "\n", - source, line, socket_vector[0], socket_vector[1]); + "%" FMT_SOCKET_T " %" FMT_SOCKET_T "\n", + source, line, socket_vector[0], socket_vector[1]); return res; } @@ -372,7 +372,7 @@ curl_socket_t curl_dbg_accept(curl_socket_t s, void *saddr, void *saddrlen, curl_socket_t sockfd = accept(s, addr, addrlen); if(source && (sockfd != CURL_SOCKET_BAD)) - curl_dbg_log("FD %s:%d accept() = %" CURL_FORMAT_SOCKET_T "\n", + curl_dbg_log("FD %s:%d accept() = %" FMT_SOCKET_T "\n", source, line, sockfd); return sockfd; @@ -382,7 +382,7 @@ curl_socket_t curl_dbg_accept(curl_socket_t s, void *saddr, void *saddrlen, void curl_dbg_mark_sclose(curl_socket_t sockfd, int line, const char *source) { if(source) - curl_dbg_log("FD %s:%d sclose(%" CURL_FORMAT_SOCKET_T ")\n", + curl_dbg_log("FD %s:%d sclose(%" FMT_SOCKET_T ")\n", source, line, sockfd); } diff --git a/libraries/libcurl/memdebug.h b/libraries/libcurl/memdebug.h index fd5cc2c9..80f3374e 100644 --- a/libraries/libcurl/memdebug.h +++ b/libraries/libcurl/memdebug.h @@ -34,9 +34,9 @@ #include "functypes.h" #if defined(__GNUC__) && __GNUC__ >= 3 -# define ALLOC_FUNC __attribute__((malloc)) -# define ALLOC_SIZE(s) __attribute__((alloc_size(s))) -# define ALLOC_SIZE2(n, s) __attribute__((alloc_size(n, s))) +# define ALLOC_FUNC __attribute__((__malloc__)) +# define ALLOC_SIZE(s) __attribute__((__alloc_size__(s))) +# define ALLOC_SIZE2(n, s) __attribute__((__alloc_size__(n, s))) #elif defined(_MSC_VER) # define ALLOC_FUNC __declspec(restrict) # define ALLOC_SIZE(s) @@ -114,11 +114,17 @@ CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *source); /* Set this symbol on the command-line, recompile all lib-sources */ #undef strdup #define strdup(ptr) curl_dbg_strdup(ptr, __LINE__, __FILE__) +#undef malloc #define malloc(size) curl_dbg_malloc(size, __LINE__, __FILE__) +#undef calloc #define calloc(nbelem,size) curl_dbg_calloc(nbelem, size, __LINE__, __FILE__) +#undef realloc #define realloc(ptr,size) curl_dbg_realloc(ptr, size, __LINE__, __FILE__) +#undef free #define free(ptr) curl_dbg_free(ptr, __LINE__, __FILE__) +#undef send #define send(a,b,c,d) curl_dbg_send(a,b,c,d, __LINE__, __FILE__) +#undef recv #define recv(a,b,c,d) curl_dbg_recv(a,b,c,d, __LINE__, __FILE__) #ifdef _WIN32 @@ -147,6 +153,7 @@ CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *source); __LINE__, __FILE__) #endif +#ifndef CURL_NO_GETADDRINFO_OVERRIDE #ifdef HAVE_GETADDRINFO #if defined(getaddrinfo) && defined(__osf__) /* OSF/1 and Tru64 have getaddrinfo as a define already, so we cannot define @@ -166,6 +173,7 @@ CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *source); #define freeaddrinfo(data) \ curl_dbg_freeaddrinfo(data, __LINE__, __FILE__) #endif /* HAVE_FREEADDRINFO */ +#endif /* !CURL_NO_GETADDRINFO_OVERRIDE */ /* sclose is probably already defined, redefine it! */ #undef sclose diff --git a/libraries/libcurl/mime.c b/libraries/libcurl/mime.c index e9eeb1bf..70286069 100644 --- a/libraries/libcurl/mime.c +++ b/libraries/libcurl/mime.c @@ -26,6 +26,8 @@ #include +struct Curl_easy; + #include "mime.h" #include "warnless.h" #include "urldata.h" @@ -92,7 +94,7 @@ static const char base64enc[] = /* Quoted-printable character class table. * * We cannot rely on ctype functions since quoted-printable input data - * is assumed to be ascii-compatible, even on non-ascii platforms. */ + * is assumed to be ASCII-compatible, even on non-ASCII platforms. */ #define QP_OK 1 /* Can be represented by itself. */ #define QP_SP 2 /* Space or tab. */ #define QP_CR 3 /* Carriage return. */ @@ -259,7 +261,7 @@ static char *Curl_basename(char *path) s2 = strrchr(path, '\\'); if(s1 && s2) { - path = (s1 > s2? s1 : s2) + 1; + path = (s1 > s2 ? s1 : s2) + 1; } else if(s1) path = s1 + 1; @@ -424,7 +426,7 @@ static size_t encoder_7bit_read(char *buffer, size_t size, bool ateof, for(cursize = 0; cursize < size; cursize++) { *buffer = st->buf[st->bufbeg]; if(*buffer++ & 0x80) - return cursize? cursize: READ_ERROR; + return cursize ? cursize : READ_ERROR; st->bufbeg++; } @@ -538,7 +540,7 @@ static int qp_lookahead_eol(struct mime_encoder_state *st, int ateof, size_t n) if(n >= st->bufend && ateof) return 1; if(n + 2 > st->bufend) - return ateof? 0: -1; + return ateof ? 0 : -1; if(qp_class[st->buf[n] & 0xFF] == QP_CR && qp_class[st->buf[n + 1] & 0xFF] == QP_LF) return 1; @@ -557,7 +559,7 @@ static size_t encoder_qp_read(char *buffer, size_t size, bool ateof, /* On all platforms, input is supposed to be ASCII compatible: for this reason, we use hexadecimal ASCII codes in this function rather than - character constants that can be interpreted as non-ascii on some + character constants that can be interpreted as non-ASCII on some platforms. Preserve ASCII encoding on output too. */ while(st->bufbeg < st->bufend) { size_t len = 1; @@ -651,7 +653,7 @@ static curl_off_t encoder_qp_size(curl_mimepart *part) { /* Determining the size can only be done by reading the data: unless the data size is 0, we return it as unknown (-1). */ - return part->datasize? -1: 0; + return part->datasize ? -1 : 0; } @@ -711,7 +713,7 @@ static int mime_open_file(curl_mimepart *part) if(part->fp) return 0; part->fp = fopen_read(part->data, "rb"); - return part->fp? 0: -1; + return part->fp ? 0 : -1; } static size_t mime_file_read(char *buffer, size_t size, size_t nitems, @@ -738,8 +740,8 @@ static int mime_file_seek(void *instream, curl_off_t offset, int whence) if(mime_open_file(part)) return CURL_SEEKFUNC_FAIL; - return fseek(part->fp, (long) offset, whence)? - CURL_SEEKFUNC_CANTSEEK: CURL_SEEKFUNC_OK; + return fseek(part->fp, (long) offset, whence) ? + CURL_SEEKFUNC_CANTSEEK : CURL_SEEKFUNC_OK; } static void mime_file_free(void *ptr) @@ -871,7 +873,7 @@ static size_t read_encoded_part_content(curl_mimepart *part, char *buffer, break; case READ_ERROR: case STOP_FILLING: - return cursize? cursize: sz; + return cursize ? cursize : sz; default: cursize += sz; buffer += sz; @@ -890,7 +892,7 @@ static size_t read_encoded_part_content(curl_mimepart *part, char *buffer, st->bufend = len; } if(st->bufend >= sizeof(st->buf)) - return cursize? cursize: READ_ERROR; /* Buffer full. */ + return cursize ? cursize : READ_ERROR; /* Buffer full. */ sz = read_part_content(part, st->buf + st->bufend, sizeof(st->buf) - st->bufend, hasread); switch(sz) { @@ -901,7 +903,7 @@ static size_t read_encoded_part_content(curl_mimepart *part, char *buffer, case CURL_READFUNC_PAUSE: case READ_ERROR: case STOP_FILLING: - return cursize? cursize: sz; + return cursize ? cursize : sz; default: st->bufend += sz; break; @@ -925,8 +927,8 @@ static size_t readback_part(curl_mimepart *part, switch(part->state.state) { case MIMESTATE_BEGIN: mimesetstate(&part->state, - (part->flags & MIME_BODY_ONLY)? - MIMESTATE_BODY: MIMESTATE_CURLHEADERS, + (part->flags & MIME_BODY_ONLY) ? + MIMESTATE_BODY : MIMESTATE_CURLHEADERS, part->curlheaders); break; case MIMESTATE_USERHEADERS: @@ -977,7 +979,7 @@ static size_t readback_part(curl_mimepart *part, case CURL_READFUNC_PAUSE: case READ_ERROR: case STOP_FILLING: - return cursize? cursize: sz; + return cursize ? cursize : sz; } break; case MIMESTATE_END: @@ -1043,7 +1045,7 @@ static size_t mime_subparts_read(char *buffer, size_t size, size_t nitems, case CURL_READFUNC_PAUSE: case READ_ERROR: case STOP_FILLING: - return cursize? cursize: sz; + return cursize ? cursize : sz; case 0: mimesetstate(&mime->state, MIMESTATE_BOUNDARY1, part->nextpart); break; @@ -1228,12 +1230,12 @@ CURLcode Curl_mime_duppart(struct Curl_easy *data, /* No one knows about the cloned subparts, thus always attach ownership to the part. */ mime = curl_mime_init(data); - res = mime? curl_mime_subparts(dst, mime): CURLE_OUT_OF_MEMORY; + res = mime ? curl_mime_subparts(dst, mime) : CURLE_OUT_OF_MEMORY; /* Duplicate subparts. */ for(s = ((curl_mime *) src->arg)->firstpart; !res && s; s = s->nextpart) { d = curl_mime_addpart(mime); - res = d? Curl_mime_duppart(data, d, s): CURLE_OUT_OF_MEMORY; + res = d ? Curl_mime_duppart(data, d, s) : CURLE_OUT_OF_MEMORY; } break; default: /* Invalid kind: should not occur. */ @@ -1279,7 +1281,7 @@ CURLcode Curl_mime_duppart(struct Curl_easy *data, */ /* Create a mime handle. */ -curl_mime *curl_mime_init(struct Curl_easy *easy) +curl_mime *curl_mime_init(void *easy) { curl_mime *mime; @@ -1562,7 +1564,8 @@ CURLcode Curl_mime_set_subparts(curl_mimepart *part, subparts->parent = part; /* Subparts are processed internally: no read callback. */ part->seekfunc = mime_subparts_seek; - part->freefunc = take_ownership? mime_subparts_free: mime_subparts_unbind; + part->freefunc = take_ownership ? mime_subparts_free : + mime_subparts_unbind; part->arg = subparts; part->datasize = -1; part->kind = MIMEKIND_MULTIPART; @@ -1587,6 +1590,8 @@ size_t Curl_mime_read(char *buffer, size_t size, size_t nitems, void *instream) (void) size; /* Always 1. */ + /* TODO: this loop is broken. If `nitems` is <= 4, some encoders will + * return STOP_FILLING without adding any data and this loops infinitely. */ do { hasread = FALSE; ret = readback_part(part, buffer, nitems, &hasread); @@ -1604,8 +1609,8 @@ size_t Curl_mime_read(char *buffer, size_t size, size_t nitems, void *instream) /* Rewind mime stream. */ static CURLcode mime_rewind(curl_mimepart *part) { - return mime_part_rewind(part) == CURL_SEEKFUNC_OK? - CURLE_OK: CURLE_SEND_FAIL_REWIND; + return mime_part_rewind(part) == CURL_SEEKFUNC_OK ? + CURLE_OK : CURLE_SEND_FAIL_REWIND; } /* Compute header list size. */ @@ -1678,7 +1683,7 @@ CURLcode Curl_mime_add_header(struct curl_slist **slp, const char *fmt, ...) va_list ap; va_start(ap, fmt); - s = curl_mvaprintf(fmt, ap); + s = vaprintf(fmt, ap); va_end(ap); if(s) { @@ -1689,7 +1694,7 @@ CURLcode Curl_mime_add_header(struct curl_slist **slp, const char *fmt, ...) free(s); } - return hdr? CURLE_OK: CURLE_OUT_OF_MEMORY; + return hdr ? CURLE_OK : CURLE_OUT_OF_MEMORY; } /* Add a content type header. */ @@ -1697,8 +1702,8 @@ static CURLcode add_content_type(struct curl_slist **slp, const char *type, const char *boundary) { return Curl_mime_add_header(slp, "Content-Type: %s%s%s", type, - boundary? "; boundary=": "", - boundary? boundary: ""); + boundary ? "; boundary=" : "", + boundary ? boundary : ""); } const char *Curl_mime_contenttype(const char *filename) @@ -1838,12 +1843,12 @@ CURLcode Curl_mime_prepare_headers(struct Curl_easy *data, ret = Curl_mime_add_header(&part->curlheaders, "Content-Disposition: %s%s%s%s%s%s%s", disposition, - name? "; name=\"": "", - name? name: "", - name? "\"": "", - filename? "; filename=\"": "", - filename? filename: "", - filename? "\"": ""); + name ? "; name=\"" : "", + name ? name : "", + name ? "\"" : "", + filename ? "; filename=\"" : "", + filename ? filename : "", + filename ? "\"" : ""); Curl_safefree(name); Curl_safefree(filename); if(ret) @@ -1944,13 +1949,17 @@ static CURLcode cr_mime_read(struct Curl_easy *data, struct cr_mime_ctx *ctx = reader->ctx; size_t nread; + /* Once we have errored, we will return the same error forever */ if(ctx->errored) { + CURL_TRC_READ(data, "cr_mime_read(len=%zu) is errored -> %d, eos=0", + blen, ctx->error_result); *pnread = 0; *peos = FALSE; return ctx->error_result; } if(ctx->seen_eos) { + CURL_TRC_READ(data, "cr_mime_read(len=%zu) seen eos -> 0, eos=1", blen); *pnread = 0; *peos = TRUE; return CURLE_OK; @@ -1963,16 +1972,27 @@ static CURLcode cr_mime_read(struct Curl_easy *data, else if(remain < (curl_off_t)blen) blen = (size_t)remain; } - nread = 0; - if(blen) { - nread = Curl_mime_read(buf, 1, blen, ctx->part); + + if(blen <= 4) { + /* TODO: Curl_mime_read() may go into an infinite loop when reading + * such small lengths. Returning 0 bytes read is a fix that only works + * as request upload buffers will get flushed eventually and larger + * reads will happen again. */ + CURL_TRC_READ(data, "cr_mime_read(len=%zu), too small, return", blen); + *pnread = 0; + *peos = FALSE; + goto out; } + nread = Curl_mime_read(buf, 1, blen, ctx->part); + CURL_TRC_READ(data, "cr_mime_read(len=%zu), mime_read() -> %zd", + blen, nread); + switch(nread) { case 0: if((ctx->total_len >= 0) && (ctx->read_len < ctx->total_len)) { failf(data, "client mime read EOF fail, " - "only %"CURL_FORMAT_CURL_OFF_T"/%"CURL_FORMAT_CURL_OFF_T + "only %"FMT_OFF_T"/%"FMT_OFF_T " of needed bytes read", ctx->read_len, ctx->total_len); return CURLE_READ_ERROR; } @@ -1991,11 +2011,21 @@ static CURLcode cr_mime_read(struct Curl_easy *data, case CURL_READFUNC_PAUSE: /* CURL_READFUNC_PAUSE pauses read callbacks that feed socket writes */ + CURL_TRC_READ(data, "cr_mime_read(len=%zu), paused by callback", blen); data->req.keepon |= KEEP_SEND_PAUSE; /* mark socket send as paused */ *pnread = 0; *peos = FALSE; break; /* nothing was read */ + case STOP_FILLING: + case READ_ERROR: + failf(data, "read error getting mime data"); + *pnread = 0; + *peos = FALSE; + ctx->errored = TRUE; + ctx->error_result = CURLE_READ_ERROR; + return CURLE_READ_ERROR; + default: if(nread > blen) { /* the read function returned a too large value */ @@ -2013,9 +2043,11 @@ static CURLcode cr_mime_read(struct Curl_easy *data, *peos = ctx->seen_eos; break; } - DEBUGF(infof(data, "cr_mime_read(len=%zu, total=%"CURL_FORMAT_CURL_OFF_T - ", read=%"CURL_FORMAT_CURL_OFF_T") -> %d, %zu, %d", - blen, ctx->total_len, ctx->read_len, CURLE_OK, *pnread, *peos)); + +out: + CURL_TRC_READ(data, "cr_mime_read(len=%zu, total=%" FMT_OFF_T + ", read=%"FMT_OFF_T") -> %d, %zu, %d", + blen, ctx->total_len, ctx->read_len, CURLE_OK, *pnread, *peos); return CURLE_OK; } @@ -2057,7 +2089,7 @@ static CURLcode cr_mime_resume_from(struct Curl_easy *data, if((nread == 0) || (nread > readthisamountnow)) { /* this checks for greater-than only to make sure that the CURL_READFUNC_ABORT return code still aborts */ - failf(data, "Could only read %" CURL_FORMAT_CURL_OFF_T + failf(data, "Could only read %" FMT_OFF_T " bytes from the mime post", passed); return CURLE_READ_ERROR; } diff --git a/libraries/libcurl/mprintf.c b/libraries/libcurl/mprintf.c index 89cbb87c..6576f3eb 100644 --- a/libraries/libcurl/mprintf.c +++ b/libraries/libcurl/mprintf.c @@ -25,7 +25,6 @@ #include "curl_setup.h" #include "dynbuf.h" #include "curl_printf.h" -#include #include "curl_memory.h" /* The last #include file should be: */ @@ -102,27 +101,27 @@ typedef enum { /* conversion and display flags */ enum { - FLAGS_SPACE = 1<<0, - FLAGS_SHOWSIGN = 1<<1, - FLAGS_LEFT = 1<<2, - FLAGS_ALT = 1<<3, - FLAGS_SHORT = 1<<4, - FLAGS_LONG = 1<<5, - FLAGS_LONGLONG = 1<<6, - FLAGS_LONGDOUBLE = 1<<7, - FLAGS_PAD_NIL = 1<<8, - FLAGS_UNSIGNED = 1<<9, - FLAGS_OCTAL = 1<<10, - FLAGS_HEX = 1<<11, - FLAGS_UPPER = 1<<12, - FLAGS_WIDTH = 1<<13, /* '*' or '*$' used */ - FLAGS_WIDTHPARAM = 1<<14, /* width PARAMETER was specified */ - FLAGS_PREC = 1<<15, /* precision was specified */ - FLAGS_PRECPARAM = 1<<16, /* precision PARAMETER was specified */ - FLAGS_CHAR = 1<<17, /* %c story */ - FLAGS_FLOATE = 1<<18, /* %e or %E */ - FLAGS_FLOATG = 1<<19, /* %g or %G */ - FLAGS_SUBSTR = 1<<20 /* no input, only substring */ + FLAGS_SPACE = 1 << 0, + FLAGS_SHOWSIGN = 1 << 1, + FLAGS_LEFT = 1 << 2, + FLAGS_ALT = 1 << 3, + FLAGS_SHORT = 1 << 4, + FLAGS_LONG = 1 << 5, + FLAGS_LONGLONG = 1 << 6, + FLAGS_LONGDOUBLE = 1 << 7, + FLAGS_PAD_NIL = 1 << 8, + FLAGS_UNSIGNED = 1 << 9, + FLAGS_OCTAL = 1 << 10, + FLAGS_HEX = 1 << 11, + FLAGS_UPPER = 1 << 12, + FLAGS_WIDTH = 1 << 13, /* '*' or '*$' used */ + FLAGS_WIDTHPARAM = 1 << 14, /* width PARAMETER was specified */ + FLAGS_PREC = 1 << 15, /* precision was specified */ + FLAGS_PRECPARAM = 1 << 16, /* precision PARAMETER was specified */ + FLAGS_CHAR = 1 << 17, /* %c story */ + FLAGS_FLOATE = 1 << 18, /* %e or %E */ + FLAGS_FLOATG = 1 << 19, /* %g or %G */ + FLAGS_SUBSTR = 1 << 20 /* no input, only substring */ }; enum { @@ -456,15 +455,30 @@ static int parsefmt(const char *format, flags |= FLAGS_UNSIGNED; break; case 'o': - type = FORMAT_INT; - flags |= FLAGS_OCTAL; + if(flags & FLAGS_LONGLONG) + type = FORMAT_LONGLONGU; + else if(flags & FLAGS_LONG) + type = FORMAT_LONGU; + else + type = FORMAT_INTU; + flags |= FLAGS_OCTAL|FLAGS_UNSIGNED; break; case 'x': - type = FORMAT_INTU; + if(flags & FLAGS_LONGLONG) + type = FORMAT_LONGLONGU; + else if(flags & FLAGS_LONG) + type = FORMAT_LONGU; + else + type = FORMAT_INTU; flags |= FLAGS_HEX|FLAGS_UNSIGNED; break; case 'X': - type = FORMAT_INTU; + if(flags & FLAGS_LONGLONG) + type = FORMAT_LONGLONGU; + else if(flags & FLAGS_LONG) + type = FORMAT_LONGU; + else + type = FORMAT_INTU; flags |= FLAGS_HEX|FLAGS_UPPER|FLAGS_UNSIGNED; break; case 'c': @@ -669,7 +683,7 @@ static int formatf( char work[BUFFSIZE]; /* 'workend' points to the final buffer byte position, but with an extra - byte as margin to avoid the (false?) warning Coverity gives us + byte as margin to avoid the (FALSE?) warning Coverity gives us otherwise */ char *workend = &work[sizeof(work) - 2]; @@ -761,7 +775,7 @@ static int formatf( } else if(flags & FLAGS_HEX) { /* Hexadecimal unsigned integer */ - digits = (flags & FLAGS_UPPER)? upper_digits : lower_digits; + digits = (flags & FLAGS_UPPER) ? upper_digits : lower_digits; base = 16; is_neg = FALSE; } @@ -907,7 +921,7 @@ static int formatf( if(iptr->val.ptr) { /* If the pointer is not NULL, write it as a %#x spec. */ base = 16; - digits = (flags & FLAGS_UPPER)? upper_digits : lower_digits; + digits = (flags & FLAGS_UPPER) ? upper_digits : lower_digits; is_alt = TRUE; num = (size_t) iptr->val.ptr; is_neg = FALSE; @@ -985,7 +999,7 @@ static int formatf( *fptr++ = 'l'; if(flags & FLAGS_FLOATE) - *fptr++ = (char)((flags & FLAGS_UPPER) ? 'E':'e'); + *fptr++ = (char)((flags & FLAGS_UPPER) ? 'E' : 'e'); else if(flags & FLAGS_FLOATG) *fptr++ = (char)((flags & FLAGS_UPPER) ? 'G' : 'g'); else diff --git a/libraries/libcurl/mqtt.c b/libraries/libcurl/mqtt.c index 8c461e16..69eaf344 100644 --- a/libraries/libcurl/mqtt.c +++ b/libraries/libcurl/mqtt.c @@ -121,7 +121,7 @@ static CURLcode mqtt_send(struct Curl_easy *data, CURLcode result = CURLE_OK; struct MQTT *mq = data->req.p.mqtt; size_t n; - result = Curl_xfer_send(data, buf, len, &n); + result = Curl_xfer_send(data, buf, len, FALSE, &n); if(result) return result; Curl_debug(data, CURLINFO_HEADER_OUT, buf, (size_t)n); @@ -156,7 +156,7 @@ static int mqtt_encode_len(char *buf, size_t len) { int i; - for(i = 0; (len > 0) && (i<4); i++) { + for(i = 0; (len > 0) && (i < 4); i++) { unsigned char encoded; encoded = len % 0x80; len /= 0x80; @@ -375,7 +375,7 @@ static CURLcode mqtt_recv_atleast(struct Curl_easy *data, size_t nbytes) return CURLE_OUT_OF_MEMORY; rlen = Curl_dyn_len(&mq->recvbuf); } - return (rlen >= nbytes)? CURLE_OK : CURLE_AGAIN; + return (rlen >= nbytes) ? CURLE_OK : CURLE_AGAIN; } static void mqtt_recv_consume(struct Curl_easy *data, size_t nbytes) @@ -610,7 +610,7 @@ static void mqstate(struct Curl_easy *data, infof(data, "%s (from %s) (next is %s)", statenames[state], statenames[mqtt->state], - (state == MQTT_FIRST)? statenames[nextstate] : ""); + (state == MQTT_FIRST) ? statenames[nextstate] : ""); #endif mqtt->state = state; if(state == MQTT_FIRST) diff --git a/libraries/libcurl/multi.c b/libraries/libcurl/multi.c index 896f7304..263b396d 100644 --- a/libraries/libcurl/multi.c +++ b/libraries/libcurl/multi.c @@ -50,6 +50,7 @@ #include "http2.h" #include "socketpair.h" #include "socks.h" +#include "urlapi-int.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" @@ -79,7 +80,7 @@ * are not NULL, but no longer have the MAGIC touch. This gives * us early warning on things only discovered by valgrind otherwise. */ #define GOOD_MULTI_HANDLE(x) \ - (((x) && (x)->magic == CURL_MULTI_HANDLE)? TRUE: \ + (((x) && (x)->magic == CURL_MULTI_HANDLE)? TRUE: \ (DEBUGASSERT(!(x)), FALSE)) #else #define GOOD_MULTI_HANDLE(x) \ @@ -94,11 +95,14 @@ static CURLMcode add_next_timeout(struct curltime now, struct Curl_multi *multi, struct Curl_easy *d); static CURLMcode multi_timeout(struct Curl_multi *multi, + struct curltime *expire_time, long *timeout_ms); static void process_pending_handles(struct Curl_multi *multi); static void multi_xfer_bufs_free(struct Curl_multi *multi); +static void expire_ex(struct Curl_easy *data, const struct curltime *nowp, + timediff_t milli, expire_id id); -#ifdef DEBUGBUILD +#if defined( DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) static const char * const multi_statename[]={ "INIT", "PENDING", @@ -237,20 +241,19 @@ static struct Curl_sh_entry *sh_getentry(struct Curl_hash *sh, } #define TRHASH_SIZE 13 + +/* the given key here is a struct Curl_easy pointer */ static size_t trhash(void *key, size_t key_length, size_t slots_num) { - size_t keyval = (size_t)*(struct Curl_easy **)key; - (void) key_length; - - return (keyval % slots_num); + unsigned char bytes = ((unsigned char *)key)[key_length - 1] ^ + ((unsigned char *)key)[0]; + return (bytes % slots_num); } static size_t trhash_compare(void *k1, size_t k1_len, void *k2, size_t k2_len) { - (void)k1_len; (void)k2_len; - - return *(struct Curl_easy **)k1 == *(struct Curl_easy **)k2; + return !memcmp(k1, k2, k1_len); } static void trhash_dtor(void *nada) @@ -410,15 +413,18 @@ struct Curl_multi *Curl_multi_handle(size_t hashsize, /* socket hash */ Curl_hash_init(&multi->proto_hash, 23, Curl_hash_str, Curl_str_key_compare, ph_freeentry); - if(Curl_conncache_init(&multi->conn_cache, multi, chashsize)) + if(Curl_cpool_init(&multi->cpool, Curl_on_disconnect, + multi, NULL, chashsize)) goto error; Curl_llist_init(&multi->msglist, NULL); + Curl_llist_init(&multi->process, NULL); Curl_llist_init(&multi->pending, NULL); Curl_llist_init(&multi->msgsent, NULL); multi->multiplexing = TRUE; multi->max_concurrent_streams = 100; + multi->last_timeout_ms = -1; #ifdef USE_WINSOCK multi->wsa_event = WSACreateEvent(); @@ -440,12 +446,12 @@ struct Curl_multi *Curl_multi_handle(size_t hashsize, /* socket hash */ sockhash_destroy(&multi->sockhash); Curl_hash_destroy(&multi->proto_hash); Curl_hash_destroy(&multi->hostcache); - Curl_conncache_destroy(&multi->conn_cache); + Curl_cpool_destroy(&multi->cpool); free(multi); return NULL; } -struct Curl_multi *curl_multi_init(void) +CURLM *curl_multi_init(void) { return Curl_multi_handle(CURL_SOCKET_HASH_TABLE_SIZE, CURL_CONNECTION_HASH_SIZE, @@ -459,63 +465,18 @@ static void multi_warn_debug(struct Curl_multi *multi, struct Curl_easy *data) infof(data, "!!! WARNING !!!"); infof(data, "This is a debug build of libcurl, " "do not use in production."); - multi->warned = true; + multi->warned = TRUE; } } #else #define multi_warn_debug(x,y) Curl_nop_stmt #endif -/* returns TRUE if the easy handle is supposed to be present in the main link - list */ -static bool in_main_list(struct Curl_easy *data) -{ - return ((data->mstate != MSTATE_PENDING) && - (data->mstate != MSTATE_MSGSENT)); -} - -static void link_easy(struct Curl_multi *multi, - struct Curl_easy *data) -{ - /* We add the new easy entry last in the list. */ - data->next = NULL; /* end of the line */ - if(multi->easyp) { - struct Curl_easy *last = multi->easylp; - last->next = data; - data->prev = last; - multi->easylp = data; /* the new last node */ - } - else { - /* first node, make prev NULL! */ - data->prev = NULL; - multi->easylp = multi->easyp = data; /* both first and last */ - } -} - -/* unlink the given easy handle from the linked list of easy handles */ -static void unlink_easy(struct Curl_multi *multi, - struct Curl_easy *data) -{ - /* make the previous node point to our next */ - if(data->prev) - data->prev->next = data->next; - else - multi->easyp = data->next; /* point to first node */ - - /* make our next point to our previous node */ - if(data->next) - data->next->prev = data->prev; - else - multi->easylp = data->prev; /* point to last node */ - - data->prev = data->next = NULL; -} - - -CURLMcode curl_multi_add_handle(struct Curl_multi *multi, - struct Curl_easy *data) +CURLMcode curl_multi_add_handle(CURLM *m, CURL *d) { CURLMcode rc; + struct Curl_multi *multi = m; + struct Curl_easy *data = d; /* First, make some basic checks that the CURLM handle is a good handle */ if(!GOOD_MULTI_HANDLE(multi)) return CURLM_BAD_HANDLE; @@ -554,7 +515,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, /* * No failure allowed in this function beyond this point. No modification of * easy nor multi handle allowed before this except for potential multi's - * connection cache growing which will not be undone in this function no + * connection pool growing which will not be undone in this function no * matter what. */ if(data->set.errorbuffer) @@ -574,21 +535,11 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, happen. */ Curl_expire(data, 0, EXPIRE_RUN_NOW); - /* A somewhat crude work-around for a little glitch in Curl_update_timer() - that happens if the lastcall time is set to the same time when the handle - is removed as when the next handle is added, as then the check in - Curl_update_timer() that prevents calling the application multiple times - with the same timer info will not trigger and then the new handle's - timeout will not be notified to the app. - - The work-around is thus simply to clear the 'lastcall' variable to force - Curl_update_timer() to always trigger a callback to the app when a new - easy handle is added */ - memset(&multi->timer_lastcall, 0, sizeof(multi->timer_lastcall)); - rc = Curl_update_timer(multi); - if(rc) + if(rc) { + data->multi = NULL; /* not anymore */ return rc; + } /* set the easy handle */ multistate(data, MSTATE_INIT); @@ -601,13 +552,6 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, data->dns.hostcachetype = HCACHE_MULTI; } - /* Point to the shared or multi handle connection cache */ - if(data->share && (data->share->specifier & (1<< CURL_LOCK_DATA_CONNECT))) - data->state.conn_cache = &data->share->conn_cache; - else - data->state.conn_cache = &multi->conn_cache; - data->state.lastconnect_id = -1; - #ifdef USE_LIBPSL /* Do the same for PSL. */ if(data->share && (data->share->specifier & (1 << CURL_LOCK_DATA_PSL))) @@ -616,7 +560,8 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, data->psl = &multi->psl; #endif - link_easy(multi, data); + /* add the easy handle to the process list */ + Curl_llist_append(&multi->process, data, &data->multi_queue); /* increase the node-counter */ multi->num_easy++; @@ -624,21 +569,12 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, /* increase the alive-counter */ multi->num_alive++; - CONNCACHE_LOCK(data); - /* The closure handle only ever has default timeouts set. To improve the - state somewhat we clone the timeouts from each added handle so that the - closure handle always has the same timeouts as the most recently added - easy handle. */ - data->state.conn_cache->closure_handle->set.timeout = data->set.timeout; - data->state.conn_cache->closure_handle->set.server_response_timeout = - data->set.server_response_timeout; - data->state.conn_cache->closure_handle->set.no_signal = - data->set.no_signal; - data->id = data->state.conn_cache->next_easy_id++; - if(data->state.conn_cache->next_easy_id <= 0) - data->state.conn_cache->next_easy_id = 0; - CONNCACHE_UNLOCK(data); + /* the identifier inside the multi instance */ + data->mid = multi->next_easy_mid++; + if(multi->next_easy_mid <= 0) + multi->next_easy_mid = 0; + Curl_cpool_xfer_init(data); multi_warn_debug(multi, data); return CURLM_OK; @@ -660,6 +596,91 @@ static void debug_print_sock_hash(void *p) } #endif +struct multi_done_ctx { + BIT(premature); +}; + +static void multi_done_locked(struct connectdata *conn, + struct Curl_easy *data, + void *userdata) +{ + struct multi_done_ctx *mdctx = userdata; + + Curl_detach_connection(data); + + if(CONN_INUSE(conn)) { + /* Stop if still used. */ + DEBUGF(infof(data, "Connection still in use %zu, " + "no more multi_done now!", + Curl_llist_count(&conn->easyq))); + return; + } + + data->state.done = TRUE; /* called just now! */ + data->state.recent_conn_id = conn->connection_id; + + if(conn->dns_entry) + Curl_resolv_unlink(data, &conn->dns_entry); /* done with this */ + Curl_hostcache_prune(data); + + /* if data->set.reuse_forbid is TRUE, it means the libcurl client has + forced us to close this connection. This is ignored for requests taking + place in a NTLM/NEGOTIATE authentication handshake + + if conn->bits.close is TRUE, it means that the connection should be + closed in spite of all our efforts to be nice, due to protocol + restrictions in our or the server's end + + if premature is TRUE, it means this connection was said to be DONE before + the entire request operation is complete and thus we cannot know in what + state it is for reusing, so we are forced to close it. In a perfect world + we can add code that keep track of if we really must close it here or not, + but currently we have no such detail knowledge. + */ + + if((data->set.reuse_forbid +#if defined(USE_NTLM) + && !(conn->http_ntlm_state == NTLMSTATE_TYPE2 || + conn->proxy_ntlm_state == NTLMSTATE_TYPE2) +#endif +#if defined(USE_SPNEGO) + && !(conn->http_negotiate_state == GSS_AUTHRECV || + conn->proxy_negotiate_state == GSS_AUTHRECV) +#endif + ) || conn->bits.close + || (mdctx->premature && !Curl_conn_is_multiplex(conn, FIRSTSOCKET))) { + DEBUGF(infof(data, "multi_done, not reusing connection=%" + FMT_OFF_T ", forbid=%d" + ", close=%d, premature=%d, conn_multiplex=%d", + conn->connection_id, data->set.reuse_forbid, + conn->bits.close, mdctx->premature, + Curl_conn_is_multiplex(conn, FIRSTSOCKET))); + connclose(conn, "disconnecting"); + Curl_cpool_disconnect(data, conn, mdctx->premature); + } + else { + /* the connection is no longer in use by any transfer */ + if(Curl_cpool_conn_now_idle(data, conn)) { + /* connection kept in the cpool */ + const char *host = +#ifndef CURL_DISABLE_PROXY + conn->bits.socksproxy ? + conn->socks_proxy.host.dispname : + conn->bits.httpproxy ? conn->http_proxy.host.dispname : +#endif + conn->bits.conn_to_host ? conn->conn_to_host.dispname : + conn->host.dispname; + data->state.lastconnect_id = conn->connection_id; + infof(data, "Connection #%" FMT_OFF_T " to host %s left intact", + conn->connection_id, host); + } + else { + /* connection was removed from the cpool and destroyed. */ + data->state.lastconnect_id = -1; + } + } +} + static CURLcode multi_done(struct Curl_easy *data, CURLcode status, /* an error if this is called after an error was detected */ @@ -667,6 +688,9 @@ static CURLcode multi_done(struct Curl_easy *data, { CURLcode result, r2; struct connectdata *conn = data->conn; + struct multi_done_ctx mdctx; + + memset(&mdctx, 0, sizeof(mdctx)); #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) DEBUGF(infof(data, "multi_done[%s]: status: %d prem: %d done: %d", @@ -729,122 +753,41 @@ static CURLcode multi_done(struct Curl_easy *data, if(!result) result = Curl_req_done(&data->req, data, premature); - CONNCACHE_LOCK(data); - Curl_detach_connection(data); - if(CONN_INUSE(conn)) { - /* Stop if still used. */ - CONNCACHE_UNLOCK(data); - DEBUGF(infof(data, "Connection still in use %zu, " - "no more multi_done now!", - conn->easyq.size)); - return CURLE_OK; - } - - data->state.done = TRUE; /* called just now! */ - - if(conn->dns_entry) { - Curl_resolv_unlock(data, conn->dns_entry); /* done with this */ - conn->dns_entry = NULL; - } - Curl_hostcache_prune(data); - - /* if data->set.reuse_forbid is TRUE, it means the libcurl client has - forced us to close this connection. This is ignored for requests taking - place in a NTLM/NEGOTIATE authentication handshake - - if conn->bits.close is TRUE, it means that the connection should be - closed in spite of all our efforts to be nice, due to protocol - restrictions in our or the server's end - - if premature is TRUE, it means this connection was said to be DONE before - the entire request operation is complete and thus we cannot know in what - state it is for reusing, so we are forced to close it. In a perfect world - we can add code that keep track of if we really must close it here or not, - but currently we have no such detail knowledge. - */ - - data->state.recent_conn_id = conn->connection_id; - if((data->set.reuse_forbid -#if defined(USE_NTLM) - && !(conn->http_ntlm_state == NTLMSTATE_TYPE2 || - conn->proxy_ntlm_state == NTLMSTATE_TYPE2) -#endif -#if defined(USE_SPNEGO) - && !(conn->http_negotiate_state == GSS_AUTHRECV || - conn->proxy_negotiate_state == GSS_AUTHRECV) -#endif - ) || conn->bits.close - || (premature && !Curl_conn_is_multiplex(conn, FIRSTSOCKET))) { - DEBUGF(infof(data, "multi_done, not reusing connection=%" - CURL_FORMAT_CURL_OFF_T ", forbid=%d" - ", close=%d, premature=%d, conn_multiplex=%d", - conn->connection_id, - data->set.reuse_forbid, conn->bits.close, premature, - Curl_conn_is_multiplex(conn, FIRSTSOCKET))); - connclose(conn, "disconnecting"); - Curl_conncache_remove_conn(data, conn, FALSE); - CONNCACHE_UNLOCK(data); - Curl_disconnect(data, conn, premature); - } - else { - char buffer[256]; - const char *host = -#ifndef CURL_DISABLE_PROXY - conn->bits.socksproxy ? - conn->socks_proxy.host.dispname : - conn->bits.httpproxy ? conn->http_proxy.host.dispname : -#endif - conn->bits.conn_to_host ? conn->conn_to_host.dispname : - conn->host.dispname; - /* create string before returning the connection */ - curl_off_t connection_id = conn->connection_id; - msnprintf(buffer, sizeof(buffer), - "Connection #%" CURL_FORMAT_CURL_OFF_T " to host %s left intact", - connection_id, host); - /* the connection is no longer in use by this transfer */ - CONNCACHE_UNLOCK(data); - if(Curl_conncache_return_conn(data, conn)) { - /* remember the most recently used connection */ - data->state.lastconnect_id = connection_id; - data->state.recent_conn_id = connection_id; - infof(data, "%s", buffer); - } - else - data->state.lastconnect_id = -1; - } + /* Under the potential connection pool's share lock, decide what to + * do with the transfer's connection. */ + mdctx.premature = premature; + Curl_cpool_do_locked(data, data->conn, multi_done_locked, &mdctx); + /* flush the netrc cache */ + Curl_netrc_cleanup(&data->state.netrc); return result; } -static int close_connect_only(struct Curl_easy *data, - struct connectdata *conn, void *param) +static void close_connect_only(struct connectdata *conn, + struct Curl_easy *data, + void *userdata) { - (void)param; - if(data->state.lastconnect_id != conn->connection_id) - return 0; - - if(!conn->connect_only) - return 1; - - connclose(conn, "Removing connect-only easy handle"); - - return 1; + (void)userdata; + (void)data; + if(conn->connect_only) + connclose(conn, "Removing connect-only easy handle"); } -CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, - struct Curl_easy *data) +CURLMcode curl_multi_remove_handle(CURLM *m, CURL *d) { - struct Curl_easy *easy = data; + struct Curl_multi *multi = m; + struct Curl_easy *data = d; bool premature; - struct Curl_llist_element *e; + struct Curl_llist_node *e; CURLMcode rc; + bool removed_timer = FALSE; /* First, make some basic checks that the CURLM handle is a good handle */ if(!GOOD_MULTI_HANDLE(multi)) return CURLM_BAD_HANDLE; /* Verify that we got a somewhat good easy handle too */ - if(!GOOD_EASY_HANDLE(data)) + if(!GOOD_EASY_HANDLE(data) || !multi->num_easy) return CURLM_BAD_EASY_HANDLE; /* Prevent users from trying to remove same easy handle more than once */ @@ -858,7 +801,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; - premature = (data->mstate < MSTATE_COMPLETED) ? TRUE : FALSE; + premature = (data->mstate < MSTATE_COMPLETED); /* If the 'state' is not INIT or COMPLETED, we might need to do something nice to put the easy_handle in a good known state when this returns. */ @@ -888,18 +831,10 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, /* The timer must be shut down before data->multi is set to NULL, else the timenode will remain in the splay tree after curl_easy_cleanup is called. Do it after multi_done() in case that sets another time! */ - Curl_expire_clear(data); + removed_timer = Curl_expire_clear(data); - if(data->connect_queue.ptr) { - /* the handle is in the pending or msgsent lists, so go ahead and remove - it */ - if(data->mstate == MSTATE_PENDING) - Curl_llist_remove(&multi->pending, &data->connect_queue, NULL); - else - Curl_llist_remove(&multi->msgsent, &data->connect_queue, NULL); - } - if(in_main_list(data)) - unlink_easy(multi, data); + /* the handle is in a list, remove it from whichever it is */ + Curl_node_remove(&data->multi_queue); if(data->dns.hostcachetype == HCACHE_MULTI) { /* stop using the multi handle's DNS cache, *after* the possible @@ -916,7 +851,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, /* This ignores the return code even in case of problems because there is nothing more to do about that, here */ - (void)singlesocket(multi, easy); /* to let the application know what sockets + (void)singlesocket(multi, data); /* to let the application know what sockets that vanish with this handle */ /* Remove the association between the connection and the handle */ @@ -935,15 +870,14 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, curl_socket_t s; s = Curl_getconnectinfo(data, &c); if((s != CURL_SOCKET_BAD) && c) { - Curl_conncache_remove_conn(data, c, TRUE); - Curl_disconnect(data, c, TRUE); + Curl_cpool_disconnect(data, c, TRUE); } } if(data->state.lastconnect_id != -1) { /* Mark any connect-only connection for closure */ - Curl_conncache_foreach(data, data->state.conn_cache, - NULL, close_connect_only); + Curl_cpool_do_by_id(data, data->state.lastconnect_id, + close_connect_only, NULL); } #ifdef USE_LIBPSL @@ -952,33 +886,31 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, data->psl = NULL; #endif - /* as this was using a shared connection cache we clear the pointer to that - since we are not part of that multi handle anymore */ - data->state.conn_cache = NULL; - - data->multi = NULL; /* clear the association to this multi handle */ - /* make sure there is no pending message in the queue sent from this easy handle */ - for(e = multi->msglist.head; e; e = e->next) { - struct Curl_message *msg = e->ptr; + for(e = Curl_llist_head(&multi->msglist); e; e = Curl_node_next(e)) { + struct Curl_message *msg = Curl_node_elem(e); - if(msg->extmsg.easy_handle == easy) { - Curl_llist_remove(&multi->msglist, e, NULL); + if(msg->extmsg.easy_handle == data) { + Curl_node_remove(e); /* there can only be one from this specific handle */ break; } } + data->multi = NULL; /* clear the association to this multi handle */ + data->mid = -1; + /* NOTE NOTE NOTE We do not touch the easy handle here! */ multi->num_easy--; /* one less to care about now */ - process_pending_handles(multi); - rc = Curl_update_timer(multi); - if(rc) - return rc; + if(removed_timer) { + rc = Curl_update_timer(multi); + if(rc) + return rc; + } return CURLM_OK; } @@ -999,7 +931,7 @@ void Curl_detach_connection(struct Curl_easy *data) struct connectdata *conn = data->conn; if(conn) { Curl_conn_ev_data_detach(conn, data); - Curl_llist_remove(&conn->easyq, &data->conn_queue, NULL); + Curl_node_remove(&data->conn_queue); } data->conn = NULL; } @@ -1103,7 +1035,7 @@ static int perform_getsock(struct Curl_easy *data, curl_socket_t *sock) sock[sockindex] = conn->sockfd; } - if(CURL_WANT_SEND(data)) { + if(Curl_req_want_send(data)) { if((conn->sockfd != conn->writesockfd) || bitmap == GETSOCK_BLANK) { /* only if they are not the same socket and we have a readable @@ -1198,24 +1130,28 @@ static void multi_getsock(struct Curl_easy *data, } if(expect_sockets && !ps->num && - !(data->req.keepon & (KEEP_RECV_PAUSE|KEEP_SEND_PAUSE)) && + !Curl_llist_count(&data->state.timeoutlist) && + !Curl_cwriter_is_paused(data) && !Curl_creader_is_paused(data) && Curl_conn_is_ip_connected(data, FIRSTSOCKET)) { - infof(data, "WARNING: no socket in pollset, transfer may stall!"); + /* We expected sockets for POLL monitoring, but none are set. + * We are not waiting on any timer. + * None of the READ/WRITE directions are paused. + * We are connected to the server on IP level, at least. */ + infof(data, "WARNING: no socket in pollset or timer, transfer may stall!"); DEBUGASSERT(0); } } -CURLMcode curl_multi_fdset(struct Curl_multi *multi, +CURLMcode curl_multi_fdset(CURLM *m, fd_set *read_fd_set, fd_set *write_fd_set, fd_set *exc_fd_set, int *max_fd) { /* Scan through all the easy handles to get the file descriptors set. Some easy handles may not have connected to the remote host yet, and then we must make sure that is done. */ - struct Curl_easy *data; int this_max_fd = -1; - struct easy_pollset ps; - unsigned int i; + struct Curl_llist_node *e; + struct Curl_multi *multi = m; (void)exc_fd_set; /* not used */ if(!GOOD_MULTI_HANDLE(multi)) @@ -1224,20 +1160,22 @@ CURLMcode curl_multi_fdset(struct Curl_multi *multi, if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; - memset(&ps, 0, sizeof(ps)); - for(data = multi->easyp; data; data = data->next) { - multi_getsock(data, &ps); + for(e = Curl_llist_head(&multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *data = Curl_node_elem(e); + unsigned int i; - for(i = 0; i < ps.num; i++) { - if(!FDSET_SOCK(ps.sockets[i])) + multi_getsock(data, &data->last_poll); + + for(i = 0; i < data->last_poll.num; i++) { + if(!FDSET_SOCK(data->last_poll.sockets[i])) /* pretend it does not exist */ continue; - if(ps.actions[i] & CURL_POLL_IN) - FD_SET(ps.sockets[i], read_fd_set); - if(ps.actions[i] & CURL_POLL_OUT) - FD_SET(ps.sockets[i], write_fd_set); - if((int)ps.sockets[i] > this_max_fd) - this_max_fd = (int)ps.sockets[i]; + if(data->last_poll.actions[i] & CURL_POLL_IN) + FD_SET(data->last_poll.sockets[i], read_fd_set); + if(data->last_poll.actions[i] & CURL_POLL_OUT) + FD_SET(data->last_poll.sockets[i], write_fd_set); + if((int)data->last_poll.sockets[i] > this_max_fd) + this_max_fd = (int)data->last_poll.sockets[i]; } } @@ -1246,15 +1184,15 @@ CURLMcode curl_multi_fdset(struct Curl_multi *multi, return CURLM_OK; } -CURLMcode curl_multi_waitfds(struct Curl_multi *multi, +CURLMcode curl_multi_waitfds(CURLM *m, struct curl_waitfd *ufds, unsigned int size, unsigned int *fd_count) { - struct Curl_easy *data; struct curl_waitfds cwfds; - struct easy_pollset ps; CURLMcode result = CURLM_OK; + struct Curl_llist_node *e; + struct Curl_multi *multi = m; if(!ufds) return CURLM_BAD_FUNCTION_ARGUMENT; @@ -1266,16 +1204,16 @@ CURLMcode curl_multi_waitfds(struct Curl_multi *multi, return CURLM_RECURSIVE_API_CALL; Curl_waitfds_init(&cwfds, ufds, size); - memset(&ps, 0, sizeof(ps)); - for(data = multi->easyp; data; data = data->next) { - multi_getsock(data, &ps); - if(Curl_waitfds_add_ps(&cwfds, &ps)) { + for(e = Curl_llist_head(&multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *data = Curl_node_elem(e); + multi_getsock(data, &data->last_poll); + if(Curl_waitfds_add_ps(&cwfds, &data->last_poll)) { result = CURLM_OUT_OF_MEMORY; goto out; } } - if(Curl_conncache_add_waitfds(&multi->conn_cache, &cwfds)) { + if(Curl_cpool_add_waitfds(&multi->cpool, &cwfds)) { result = CURLM_OUT_OF_MEMORY; goto out; } @@ -1312,15 +1250,16 @@ static CURLMcode multi_wait(struct Curl_multi *multi, bool extrawait, /* when no socket, wait */ bool use_wakeup) { - struct Curl_easy *data; - struct easy_pollset ps; size_t i; + struct curltime expire_time; long timeout_internal; int retcode = 0; struct pollfd a_few_on_stack[NUM_POLLS_ON_STACK]; struct curl_pollfds cpfds; unsigned int curl_nfds = 0; /* how many pfds are for curl transfers */ CURLMcode result = CURLM_OK; + struct Curl_llist_node *e; + #ifdef USE_WINSOCK WSANETWORKEVENTS wsa_events; DEBUGASSERT(multi->wsa_event != WSA_INVALID_EVENT); @@ -1339,18 +1278,19 @@ static CURLMcode multi_wait(struct Curl_multi *multi, return CURLM_BAD_FUNCTION_ARGUMENT; Curl_pollfds_init(&cpfds, a_few_on_stack, NUM_POLLS_ON_STACK); - memset(&ps, 0, sizeof(ps)); /* Add the curl handles to our pollfds first */ - for(data = multi->easyp; data; data = data->next) { - multi_getsock(data, &ps); - if(Curl_pollfds_add_ps(&cpfds, &ps)) { + for(e = Curl_llist_head(&multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *data = Curl_node_elem(e); + + multi_getsock(data, &data->last_poll); + if(Curl_pollfds_add_ps(&cpfds, &data->last_poll)) { result = CURLM_OUT_OF_MEMORY; goto out; } } - if(Curl_conncache_add_pollfds(&multi->conn_cache, &cpfds)) { + if(Curl_cpool_add_pollfds(&multi->cpool, &cpfds)) { result = CURLM_OUT_OF_MEMORY; goto out; } @@ -1407,7 +1347,7 @@ static CURLMcode multi_wait(struct Curl_multi *multi, * poll. Collecting the sockets may install new timers by protocols * and connection filters. * Use the shorter one of the internal and the caller requested timeout. */ - (void)multi_timeout(multi, &timeout_internal); + (void)multi_timeout(multi, &expire_time, &timeout_internal); if((timeout_internal >= 0) && (timeout_internal < (long)timeout_ms)) timeout_ms = (int)timeout_internal; @@ -1418,7 +1358,7 @@ static CURLMcode multi_wait(struct Curl_multi *multi, #endif int pollrc; #ifdef USE_WINSOCK - if(cpfds.n) /* just pre-check with WinSock */ + if(cpfds.n) /* just pre-check with Winsock */ pollrc = Curl_poll(cpfds.pfds, cpfds.n, 0); else pollrc = 0; @@ -1438,7 +1378,7 @@ static CURLMcode multi_wait(struct Curl_multi *multi, WSAWaitForMultipleEvents(1, &multi->wsa_event, FALSE, (DWORD)timeout_ms, FALSE); } - /* With WinSock, we have to run the following section unconditionally + /* With Winsock, we have to run the following section unconditionally to call WSAEventSelect(fd, event, 0) on all the sockets */ { #endif @@ -1480,18 +1420,18 @@ static CURLMcode multi_wait(struct Curl_multi *multi, /* Count up all our own sockets that had activity, and remove them from the event. */ if(curl_nfds) { + for(e = Curl_llist_head(&multi->process); e && !result; + e = Curl_node_next(e)) { + struct Curl_easy *data = Curl_node_elem(e); - for(data = multi->easyp; data; data = data->next) { - multi_getsock(data, &ps); - - for(i = 0; i < ps.num; i++) { + for(i = 0; i < data->last_poll.num; i++) { wsa_events.lNetworkEvents = 0; - if(WSAEnumNetworkEvents(ps.sockets[i], NULL, + if(WSAEnumNetworkEvents(data->last_poll.sockets[i], NULL, &wsa_events) == 0) { if(ret && !pollrc && wsa_events.lNetworkEvents) retcode++; } - WSAEventSelect(ps.sockets[i], multi->wsa_event, 0); + WSAEventSelect(data->last_poll.sockets[i], multi->wsa_event, 0); } } } @@ -1550,7 +1490,7 @@ static CURLMcode multi_wait(struct Curl_multi *multi, return result; } -CURLMcode curl_multi_wait(struct Curl_multi *multi, +CURLMcode curl_multi_wait(CURLM *multi, struct curl_waitfd extra_fds[], unsigned int extra_nfds, int timeout_ms, @@ -1560,7 +1500,7 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi, FALSE); } -CURLMcode curl_multi_poll(struct Curl_multi *multi, +CURLMcode curl_multi_poll(CURLM *multi, struct curl_waitfd extra_fds[], unsigned int extra_nfds, int timeout_ms, @@ -1570,11 +1510,12 @@ CURLMcode curl_multi_poll(struct Curl_multi *multi, TRUE); } -CURLMcode curl_multi_wakeup(struct Curl_multi *multi) +CURLMcode curl_multi_wakeup(CURLM *m) { /* this function is usually called from another thread, it has to be careful only to access parts of the Curl_multi struct that are constant */ + struct Curl_multi *multi = m; #if defined(ENABLE_WAKEUP) && !defined(USE_WINSOCK) #ifdef USE_EVENTFD @@ -1729,9 +1670,9 @@ static CURLcode multi_do_more(struct Curl_easy *data, int *complete) static bool multi_handle_timeout(struct Curl_easy *data, struct curltime *now, bool *stream_error, - CURLcode *result, - bool connect_timeout) + CURLcode *result) { + bool connect_timeout = data->mstate < MSTATE_DO; timediff_t timeout_ms = Curl_timeleft(data, now, connect_timeout); if(timeout_ms < 0) { /* Handle timed out */ @@ -1741,23 +1682,23 @@ static bool multi_handle_timeout(struct Curl_easy *data, else since = data->progress.t_startop; if(data->mstate == MSTATE_RESOLVING) - failf(data, "Resolving timed out after %" CURL_FORMAT_TIMEDIFF_T + failf(data, "Resolving timed out after %" FMT_TIMEDIFF_T " milliseconds", Curl_timediff(*now, since)); else if(data->mstate == MSTATE_CONNECTING) - failf(data, "Connection timed out after %" CURL_FORMAT_TIMEDIFF_T + failf(data, "Connection timed out after %" FMT_TIMEDIFF_T " milliseconds", Curl_timediff(*now, since)); else { struct SingleRequest *k = &data->req; if(k->size != -1) { - failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T - " milliseconds with %" CURL_FORMAT_CURL_OFF_T " out of %" - CURL_FORMAT_CURL_OFF_T " bytes received", + failf(data, "Operation timed out after %" FMT_TIMEDIFF_T + " milliseconds with %" FMT_OFF_T " out of %" + FMT_OFF_T " bytes received", Curl_timediff(*now, since), k->bytecount, k->size); } else { - failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T - " milliseconds with %" CURL_FORMAT_CURL_OFF_T - " bytes received", Curl_timediff(*now, since), k->bytecount); + failf(data, "Operation timed out after %" FMT_TIMEDIFF_T + " milliseconds with %" FMT_OFF_T " bytes received", + Curl_timediff(*now, since), k->bytecount); } } *result = CURLE_OPERATION_TIMEDOUT; @@ -1883,220 +1824,871 @@ static void multi_posttransfer(struct Curl_easy *data) #endif } -static CURLMcode multi_runsingle(struct Curl_multi *multi, - struct curltime *nowp, - struct Curl_easy *data) +/* + * multi_follow() handles the URL redirect magic. Pass in the 'newurl' string + * as given by the remote server and set up the new URL to request. + * + * This function DOES NOT FREE the given url. + */ +static CURLcode multi_follow(struct Curl_easy *data, + char *newurl, /* the Location: string */ + followtype type) /* see transfer.h */ { - struct Curl_message *msg = NULL; - bool connected; - bool async; - bool protocol_connected = FALSE; - bool dophase_done = FALSE; - CURLMcode rc; - CURLcode result = CURLE_OK; - timediff_t recv_timeout_ms; - timediff_t send_timeout_ms; - int control; +#ifdef CURL_DISABLE_HTTP + (void)data; + (void)newurl; + (void)type; + /* Location: following will not happen when HTTP is disabled */ + return CURLE_TOO_MANY_REDIRECTS; +#else - if(!GOOD_EASY_HANDLE(data)) - return CURLM_BAD_EASY_HANDLE; + /* Location: redirect */ + bool disallowport = FALSE; + bool reachedmax = FALSE; + CURLUcode uc; + + DEBUGASSERT(type != FOLLOW_NONE); + + if(type != FOLLOW_FAKE) + data->state.requests++; /* count all real follows */ + if(type == FOLLOW_REDIR) { + if((data->set.maxredirs != -1) && + (data->state.followlocation >= data->set.maxredirs)) { + reachedmax = TRUE; + type = FOLLOW_FAKE; /* switch to fake to store the would-be-redirected + to URL */ + } + else { + data->state.followlocation++; /* count redirect-followings, including + auth reloads */ - if(multi->dead) { - /* a multi-level callback returned error before, meaning every individual - transfer now has failed */ - result = CURLE_ABORTED_BY_CALLBACK; - multi_posttransfer(data); - multi_done(data, result, FALSE); - multistate(data, MSTATE_COMPLETED); - } + if(data->set.http_auto_referer) { + CURLU *u; + char *referer = NULL; - multi_warn_debug(multi, data); + /* We are asked to automatically set the previous URL as the referer + when we get the next URL. We pick the ->url field, which may or may + not be 100% correct */ - do { - /* A "stream" here is a logical stream if the protocol can handle that - (HTTP/2), or the full connection for older protocols */ - bool stream_error = FALSE; - rc = CURLM_OK; + if(data->state.referer_alloc) { + Curl_safefree(data->state.referer); + data->state.referer_alloc = FALSE; + } - if(multi_ischanged(multi, TRUE)) { - DEBUGF(infof(data, "multi changed, check CONNECT_PEND queue")); - process_pending_handles(multi); /* multiplexed */ - } + /* Make a copy of the URL without credentials and fragment */ + u = curl_url(); + if(!u) + return CURLE_OUT_OF_MEMORY; - if(data->mstate > MSTATE_CONNECT && - data->mstate < MSTATE_COMPLETED) { - /* Make sure we set the connection's current owner */ - DEBUGASSERT(data->conn); - if(!data->conn) - return CURLM_INTERNAL_ERROR; - } + uc = curl_url_set(u, CURLUPART_URL, data->state.url, 0); + if(!uc) + uc = curl_url_set(u, CURLUPART_FRAGMENT, NULL, 0); + if(!uc) + uc = curl_url_set(u, CURLUPART_USER, NULL, 0); + if(!uc) + uc = curl_url_set(u, CURLUPART_PASSWORD, NULL, 0); + if(!uc) + uc = curl_url_get(u, CURLUPART_URL, &referer, 0); - /* Wait for the connect state as only then is the start time stored, but - we must not check already completed handles */ - if((data->mstate >= MSTATE_CONNECT) && (data->mstate < MSTATE_COMPLETED) && - multi_handle_timeout(data, nowp, &stream_error, &result, FALSE)) - /* Skip the statemachine and go directly to error handling section. */ - goto statemachine_end; + curl_url_cleanup(u); - switch(data->mstate) { - case MSTATE_INIT: - /* Transitional state. init this transfer. A handle never comes - back to this state. */ - result = Curl_pretransfer(data); - if(result) - break; + if(uc || !referer) + return CURLE_OUT_OF_MEMORY; - /* after init, go SETUP */ - multistate(data, MSTATE_SETUP); - (void)Curl_pgrsTime(data, TIMER_STARTOP); - FALLTHROUGH(); + data->state.referer = referer; + data->state.referer_alloc = TRUE; /* yes, free this later */ + } + } + } - case MSTATE_SETUP: - /* Transitional state. Setup things for a new transfer. The handle - can come back to this state on a redirect. */ - *nowp = Curl_pgrsTime(data, TIMER_STARTSINGLE); - if(data->set.timeout) - Curl_expire(data, data->set.timeout, EXPIRE_TIMEOUT); - if(data->set.connecttimeout) - /* Since a connection might go to pending and back to CONNECT several - times before it actually takes off, we need to set the timeout once - in SETUP before we enter CONNECT the first time. */ - Curl_expire(data, data->set.connecttimeout, EXPIRE_CONNECTTIMEOUT); + if((type != FOLLOW_RETRY) && + (data->req.httpcode != 401) && (data->req.httpcode != 407) && + Curl_is_absolute_url(newurl, NULL, 0, FALSE)) { + /* If this is not redirect due to a 401 or 407 response and an absolute + URL: do not allow a custom port number */ + disallowport = TRUE; + } - multistate(data, MSTATE_CONNECT); - FALLTHROUGH(); + DEBUGASSERT(data->state.uh); + uc = curl_url_set(data->state.uh, CURLUPART_URL, newurl, (unsigned int) + ((type == FOLLOW_FAKE) ? CURLU_NON_SUPPORT_SCHEME : + ((type == FOLLOW_REDIR) ? CURLU_URLENCODE : 0) | + CURLU_ALLOW_SPACE | + (data->set.path_as_is ? CURLU_PATH_AS_IS : 0))); + if(uc) { + if(type != FOLLOW_FAKE) { + failf(data, "The redirect target URL could not be parsed: %s", + curl_url_strerror(uc)); + return Curl_uc_to_curlcode(uc); + } - case MSTATE_CONNECT: - /* Connect. We want to get a connection identifier filled in. This state - can be entered from SETUP and from PENDING. */ - result = Curl_connect(data, &async, &connected); - if(CURLE_NO_CONNECTION_AVAILABLE == result) { - /* There was no connection available. We will go to the pending - state and wait for an available connection. */ - multistate(data, MSTATE_PENDING); - - /* add this handle to the list of connect-pending handles */ - Curl_llist_append(&multi->pending, data, &data->connect_queue); - /* unlink from the main list */ - unlink_easy(multi, data); - result = CURLE_OK; - break; + /* the URL could not be parsed for some reason, but since this is FAKE + mode, just duplicate the field as-is */ + newurl = strdup(newurl); + if(!newurl) + return CURLE_OUT_OF_MEMORY; + } + else { + uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0); + if(uc) + return Curl_uc_to_curlcode(uc); + + /* Clear auth if this redirects to a different port number or protocol, + unless permitted */ + if(!data->set.allow_auth_to_other_hosts && (type != FOLLOW_FAKE)) { + char *portnum; + int port; + bool clear = FALSE; + + if(data->set.use_port && data->state.allow_port) + /* a custom port is used */ + port = (int)data->set.use_port; + else { + uc = curl_url_get(data->state.uh, CURLUPART_PORT, &portnum, + CURLU_DEFAULT_PORT); + if(uc) { + free(newurl); + return Curl_uc_to_curlcode(uc); + } + port = atoi(portnum); + free(portnum); } - else - process_pending_handles(data->multi); - - if(!result) { - *nowp = Curl_pgrsTime(data, TIMER_POSTQUEUE); - if(async) - /* We are now waiting for an asynchronous name lookup */ - multistate(data, MSTATE_RESOLVING); - else { - /* after the connect has been sent off, go WAITCONNECT unless the - protocol connect is already done and we can go directly to - WAITDO or DO! */ - rc = CURLM_CALL_MULTI_PERFORM; + if(port != data->info.conn_remote_port) { + infof(data, "Clear auth, redirects to port from %u to %u", + data->info.conn_remote_port, port); + clear = TRUE; + } + else { + char *scheme; + const struct Curl_handler *p; + uc = curl_url_get(data->state.uh, CURLUPART_SCHEME, &scheme, 0); + if(uc) { + free(newurl); + return Curl_uc_to_curlcode(uc); + } - if(connected) - multistate(data, MSTATE_PROTOCONNECT); - else { - multistate(data, MSTATE_CONNECTING); - } + p = Curl_get_scheme_handler(scheme); + if(p && (p->protocol != data->info.conn_protocol)) { + infof(data, "Clear auth, redirects scheme from %s to %s", + data->info.conn_scheme, scheme); + clear = TRUE; } + free(scheme); } - break; - - case MSTATE_RESOLVING: - /* awaiting an asynch name resolve to complete */ - { - struct Curl_dns_entry *dns = NULL; - struct connectdata *conn = data->conn; - const char *hostname; + if(clear) { + Curl_safefree(data->state.aptr.user); + Curl_safefree(data->state.aptr.passwd); + } + } + } - DEBUGASSERT(conn); -#ifndef CURL_DISABLE_PROXY - if(conn->bits.httpproxy) - hostname = conn->http_proxy.host.name; - else -#endif - if(conn->bits.conn_to_host) - hostname = conn->conn_to_host.name; + if(type == FOLLOW_FAKE) { + /* we are only figuring out the new URL if we would have followed locations + but now we are done so we can get out! */ + data->info.wouldredirect = newurl; + + if(reachedmax) { + failf(data, "Maximum (%ld) redirects followed", data->set.maxredirs); + return CURLE_TOO_MANY_REDIRECTS; + } + return CURLE_OK; + } + + if(disallowport) + data->state.allow_port = FALSE; + + if(data->state.url_alloc) + Curl_safefree(data->state.url); + + data->state.url = newurl; + data->state.url_alloc = TRUE; + Curl_req_soft_reset(&data->req, data); + infof(data, "Issue another request to this URL: '%s'", data->state.url); + + /* + * We get here when the HTTP code is 300-399 (and 401). We need to perform + * differently based on exactly what return code there was. + * + * News from 7.10.6: we can also get here on a 401 or 407, in case we act on + * an HTTP (proxy-) authentication scheme other than Basic. + */ + switch(data->info.httpcode) { + /* 401 - Act on a WWW-Authenticate, we keep on moving and do the + Authorization: XXXX header in the HTTP request code snippet */ + /* 407 - Act on a Proxy-Authenticate, we keep on moving and do the + Proxy-Authorization: XXXX header in the HTTP request code snippet */ + /* 300 - Multiple Choices */ + /* 306 - Not used */ + /* 307 - Temporary Redirect */ + default: /* for all above (and the unknown ones) */ + /* Some codes are explicitly mentioned since I have checked RFC2616 and + * they seem to be OK to POST to. + */ + break; + case 301: /* Moved Permanently */ + /* (quote from RFC7231, section 6.4.2) + * + * Note: For historical reasons, a user agent MAY change the request + * method from POST to GET for the subsequent request. If this + * behavior is undesired, the 307 (Temporary Redirect) status code + * can be used instead. + * + * ---- + * + * Many webservers expect this, so these servers often answers to a POST + * request with an error page. To be sure that libcurl gets the page that + * most user agents would get, libcurl has to force GET. + * + * This behavior is forbidden by RFC1945 and the obsolete RFC2616, and + * can be overridden with CURLOPT_POSTREDIR. + */ + if((data->state.httpreq == HTTPREQ_POST + || data->state.httpreq == HTTPREQ_POST_FORM + || data->state.httpreq == HTTPREQ_POST_MIME) + && !(data->set.keep_post & CURL_REDIR_POST_301)) { + infof(data, "Switch from POST to GET"); + data->state.httpreq = HTTPREQ_GET; + Curl_creader_set_rewind(data, FALSE); + } + break; + case 302: /* Found */ + /* (quote from RFC7231, section 6.4.3) + * + * Note: For historical reasons, a user agent MAY change the request + * method from POST to GET for the subsequent request. If this + * behavior is undesired, the 307 (Temporary Redirect) status code + * can be used instead. + * + * ---- + * + * Many webservers expect this, so these servers often answers to a POST + * request with an error page. To be sure that libcurl gets the page that + * most user agents would get, libcurl has to force GET. + * + * This behavior is forbidden by RFC1945 and the obsolete RFC2616, and + * can be overridden with CURLOPT_POSTREDIR. + */ + if((data->state.httpreq == HTTPREQ_POST + || data->state.httpreq == HTTPREQ_POST_FORM + || data->state.httpreq == HTTPREQ_POST_MIME) + && !(data->set.keep_post & CURL_REDIR_POST_302)) { + infof(data, "Switch from POST to GET"); + data->state.httpreq = HTTPREQ_GET; + Curl_creader_set_rewind(data, FALSE); + } + break; + + case 303: /* See Other */ + /* 'See Other' location is not the resource but a substitute for the + * resource. In this case we switch the method to GET/HEAD, unless the + * method is POST and the user specified to keep it as POST. + * https://github.com/curl/curl/issues/5237#issuecomment-614641049 + */ + if(data->state.httpreq != HTTPREQ_GET && + ((data->state.httpreq != HTTPREQ_POST && + data->state.httpreq != HTTPREQ_POST_FORM && + data->state.httpreq != HTTPREQ_POST_MIME) || + !(data->set.keep_post & CURL_REDIR_POST_303))) { + data->state.httpreq = HTTPREQ_GET; + infof(data, "Switch to %s", + data->req.no_body ? "HEAD" : "GET"); + } + break; + case 304: /* Not Modified */ + /* 304 means we did a conditional request and it was "Not modified". + * We should not get any Location: header in this response! + */ + break; + case 305: /* Use Proxy */ + /* (quote from RFC2616, section 10.3.6): + * "The requested resource MUST be accessed through the proxy given + * by the Location field. The Location field gives the URI of the + * proxy. The recipient is expected to repeat this single request + * via the proxy. 305 responses MUST only be generated by origin + * servers." + */ + break; + } + Curl_pgrsTime(data, TIMER_REDIRECT); + Curl_pgrsResetTransferSizes(data); + + return CURLE_OK; +#endif /* CURL_DISABLE_HTTP */ +} + +static CURLMcode state_performing(struct Curl_easy *data, + struct curltime *nowp, + bool *stream_errorp, + CURLcode *resultp) +{ + char *newurl = NULL; + bool retry = FALSE; + timediff_t recv_timeout_ms = 0; + timediff_t send_timeout_ms = 0; + CURLMcode rc = CURLM_OK; + CURLcode result = *resultp = CURLE_OK; + *stream_errorp = FALSE; + + /* check if over send speed */ + if(data->set.max_send_speed) + send_timeout_ms = Curl_pgrsLimitWaitTime(&data->progress.ul, + data->set.max_send_speed, + *nowp); + + /* check if over recv speed */ + if(data->set.max_recv_speed) + recv_timeout_ms = Curl_pgrsLimitWaitTime(&data->progress.dl, + data->set.max_recv_speed, + *nowp); + + if(send_timeout_ms || recv_timeout_ms) { + Curl_ratelimit(data, *nowp); + multistate(data, MSTATE_RATELIMITING); + if(send_timeout_ms >= recv_timeout_ms) + Curl_expire(data, send_timeout_ms, EXPIRE_TOOFAST); + else + Curl_expire(data, recv_timeout_ms, EXPIRE_TOOFAST); + return CURLM_OK; + } + + /* read/write data if it is ready to do so */ + result = Curl_sendrecv(data, nowp); + + if(data->req.done || (result == CURLE_RECV_ERROR)) { + /* If CURLE_RECV_ERROR happens early enough, we assume it was a race + * condition and the server closed the reused connection exactly when we + * wanted to use it, so figure out if that is indeed the case. + */ + CURLcode ret = Curl_retry_request(data, &newurl); + if(!ret) + retry = !!newurl; + else if(!result) + result = ret; + + if(retry) { + /* if we are to retry, set the result to OK and consider the + request as done */ + result = CURLE_OK; + data->req.done = TRUE; + } + } + else if((CURLE_HTTP2_STREAM == result) && + Curl_h2_http_1_1_error(data)) { + CURLcode ret = Curl_retry_request(data, &newurl); + + if(!ret) { + infof(data, "Downgrades to HTTP/1.1"); + streamclose(data->conn, "Disconnect HTTP/2 for HTTP/1"); + data->state.httpwant = CURL_HTTP_VERSION_1_1; + /* clear the error message bit too as we ignore the one we got */ + data->state.errorbuf = FALSE; + if(!newurl) + /* typically for HTTP_1_1_REQUIRED error on first flight */ + newurl = strdup(data->state.url); + /* if we are to retry, set the result to OK and consider the request + as done */ + retry = TRUE; + result = CURLE_OK; + data->req.done = TRUE; + } + else + result = ret; + } + + if(result) { + /* + * The transfer phase returned error, we mark the connection to get closed + * to prevent being reused. This is because we cannot possibly know if the + * connection is in a good shape or not now. Unless it is a protocol which + * uses two "channels" like FTP, as then the error happened in the data + * connection. + */ + + if(!(data->conn->handler->flags & PROTOPT_DUAL) && + result != CURLE_HTTP2_STREAM) + streamclose(data->conn, "Transfer returned error"); + + multi_posttransfer(data); + multi_done(data, result, TRUE); + } + else if(data->req.done && !Curl_cwriter_is_paused(data)) { + + /* call this even if the readwrite function returned error */ + multi_posttransfer(data); + + /* When we follow redirects or is set to retry the connection, we must to + go back to the CONNECT state */ + if(data->req.newurl || retry) { + followtype follow = FOLLOW_NONE; + if(!retry) { + /* if the URL is a follow-location and not just a retried request then + figure out the URL here */ + free(newurl); + newurl = data->req.newurl; + data->req.newurl = NULL; + follow = FOLLOW_REDIR; + } else - hostname = conn->host.name; + follow = FOLLOW_RETRY; + (void)multi_done(data, CURLE_OK, FALSE); + /* multi_done() might return CURLE_GOT_NOTHING */ + result = multi_follow(data, newurl, follow); + if(!result) { + multistate(data, MSTATE_SETUP); + rc = CURLM_CALL_MULTI_PERFORM; + } + } + else { + /* after the transfer is done, go DONE */ + + /* but first check to see if we got a location info even though we are + not following redirects */ + if(data->req.location) { + free(newurl); + newurl = data->req.location; + data->req.location = NULL; + result = multi_follow(data, newurl, FOLLOW_FAKE); + if(result) { + *stream_errorp = TRUE; + result = multi_done(data, result, TRUE); + } + } - /* check if we have the name resolved by now */ - dns = Curl_fetch_addr(data, hostname, conn->primary.remote_port); + if(!result) { + multistate(data, MSTATE_DONE); + rc = CURLM_CALL_MULTI_PERFORM; + } + } + } + else if(data->state.select_bits && !Curl_xfer_is_blocked(data)) { + /* This avoids CURLM_CALL_MULTI_PERFORM so that a very fast transfer does + not get stuck on this transfer at the expense of other concurrent + transfers */ + Curl_expire(data, 0, EXPIRE_RUN_NOW); + } + free(newurl); + *resultp = result; + return rc; +} - if(dns) { -#ifdef CURLRES_ASYNCH - data->state.async.dns = dns; - data->state.async.done = TRUE; +static CURLMcode state_do(struct Curl_easy *data, + bool *stream_errorp, + CURLcode *resultp) +{ + CURLMcode rc = CURLM_OK; + CURLcode result = CURLE_OK; + if(data->set.fprereq) { + int prereq_rc; + + /* call the prerequest callback function */ + Curl_set_in_callback(data, TRUE); + prereq_rc = data->set.fprereq(data->set.prereq_userp, + data->info.primary.remote_ip, + data->info.primary.local_ip, + data->info.primary.remote_port, + data->info.primary.local_port); + Curl_set_in_callback(data, FALSE); + if(prereq_rc != CURL_PREREQFUNC_OK) { + failf(data, "operation aborted by pre-request callback"); + /* failure in pre-request callback - do not do any other processing */ + result = CURLE_ABORTED_BY_CALLBACK; + multi_posttransfer(data); + multi_done(data, result, FALSE); + *stream_errorp = TRUE; + goto end; + } + } + + if(data->set.connect_only == 1) { + /* keep connection open for application to use the socket */ + connkeep(data->conn, "CONNECT_ONLY"); + multistate(data, MSTATE_DONE); + rc = CURLM_CALL_MULTI_PERFORM; + } + else { + bool dophase_done = FALSE; + /* Perform the protocol's DO action */ + result = multi_do(data, &dophase_done); + + /* When multi_do() returns failure, data->conn might be NULL! */ + + if(!result) { + if(!dophase_done) { +#ifndef CURL_DISABLE_FTP + /* some steps needed for wildcard matching */ + if(data->state.wildcardmatch) { + struct WildcardData *wc = data->wildcard; + if(wc->state == CURLWC_DONE || wc->state == CURLWC_SKIP) { + /* skip some states if it is important */ + multi_done(data, CURLE_OK, FALSE); + + /* if there is no connection left, skip the DONE state */ + multistate(data, data->conn ? + MSTATE_DONE : MSTATE_COMPLETED); + rc = CURLM_CALL_MULTI_PERFORM; + goto end; + } + } #endif - result = CURLE_OK; - infof(data, "Hostname '%s' was found in DNS cache", hostname); + /* DO was not completed in one function call, we must continue + DOING... */ + multistate(data, MSTATE_DOING); + rc = CURLM_CALL_MULTI_PERFORM; } - if(!dns) - result = Curl_resolv_check(data, &dns); - - /* Update sockets here, because the socket(s) may have been - closed and the application thus needs to be told, even if it - is likely that the same socket(s) will again be used further - down. If the name has not yet been resolved, it is likely - that new sockets have been opened in an attempt to contact - another resolver. */ - rc = singlesocket(multi, data); - if(rc) - return rc; - - if(dns) { - /* Perform the next step in the connection phase, and then move on - to the WAITCONNECT state */ - result = Curl_once_resolved(data, &connected); - - if(result) - /* if Curl_once_resolved() returns failure, the connection struct - is already freed and gone */ - data->conn = NULL; /* no more connection */ - else { - /* call again please so that we get the next socket setup */ - rc = CURLM_CALL_MULTI_PERFORM; - if(connected) - multistate(data, MSTATE_PROTOCONNECT); + /* after DO, go DO_DONE... or DO_MORE */ + else if(data->conn->bits.do_more) { + /* we are supposed to do more, but we need to sit down, relax and wait + a little while first */ + multistate(data, MSTATE_DOING_MORE); + rc = CURLM_CALL_MULTI_PERFORM; + } + else { + /* we are done with the DO, now DID */ + multistate(data, MSTATE_DID); + rc = CURLM_CALL_MULTI_PERFORM; + } + } + else if((CURLE_SEND_ERROR == result) && + data->conn->bits.reuse) { + /* + * In this situation, a connection that we were trying to use may have + * unexpectedly died. If possible, send the connection back to the + * CONNECT phase so we can try again. + */ + char *newurl = NULL; + followtype follow = FOLLOW_NONE; + CURLcode drc; + + drc = Curl_retry_request(data, &newurl); + if(drc) { + /* a failure here pretty much implies an out of memory */ + result = drc; + *stream_errorp = TRUE; + } + + multi_posttransfer(data); + drc = multi_done(data, result, FALSE); + + /* When set to retry the connection, we must go back to the CONNECT + * state */ + if(newurl) { + if(!drc || (drc == CURLE_SEND_ERROR)) { + follow = FOLLOW_RETRY; + drc = multi_follow(data, newurl, follow); + if(!drc) { + multistate(data, MSTATE_SETUP); + rc = CURLM_CALL_MULTI_PERFORM; + result = CURLE_OK; + } else { - multistate(data, MSTATE_CONNECTING); + /* Follow failed */ + result = drc; } } + else { + /* done did not return OK or SEND_ERROR */ + result = drc; + } + } + else { + /* Have error handler disconnect conn if we cannot retry */ + *stream_errorp = TRUE; } + free(newurl); + } + else { + /* failure detected */ + multi_posttransfer(data); + if(data->conn) + multi_done(data, result, FALSE); + *stream_errorp = TRUE; + } + } +end: + *resultp = result; + return rc; +} - if(result) { - /* failure detected */ - stream_error = TRUE; - break; +static CURLMcode state_ratelimiting(struct Curl_easy *data, + struct curltime *nowp, + CURLcode *resultp) +{ + CURLcode result = CURLE_OK; + CURLMcode rc = CURLM_OK; + DEBUGASSERT(data->conn); + /* if both rates are within spec, resume transfer */ + if(Curl_pgrsUpdate(data)) + result = CURLE_ABORTED_BY_CALLBACK; + else + result = Curl_speedcheck(data, *nowp); + + if(result) { + if(!(data->conn->handler->flags & PROTOPT_DUAL) && + result != CURLE_HTTP2_STREAM) + streamclose(data->conn, "Transfer returned error"); + + multi_posttransfer(data); + multi_done(data, result, TRUE); + } + else { + timediff_t recv_timeout_ms = 0; + timediff_t send_timeout_ms = 0; + if(data->set.max_send_speed) + send_timeout_ms = + Curl_pgrsLimitWaitTime(&data->progress.ul, + data->set.max_send_speed, + *nowp); + + if(data->set.max_recv_speed) + recv_timeout_ms = + Curl_pgrsLimitWaitTime(&data->progress.dl, + data->set.max_recv_speed, + *nowp); + + if(!send_timeout_ms && !recv_timeout_ms) { + multistate(data, MSTATE_PERFORMING); + Curl_ratelimit(data, *nowp); + /* start performing again right away */ + rc = CURLM_CALL_MULTI_PERFORM; + } + else if(send_timeout_ms >= recv_timeout_ms) + Curl_expire(data, send_timeout_ms, EXPIRE_TOOFAST); + else + Curl_expire(data, recv_timeout_ms, EXPIRE_TOOFAST); + } + *resultp = result; + return rc; +} + +static CURLMcode state_resolving(struct Curl_multi *multi, + struct Curl_easy *data, + bool *stream_errorp, + CURLcode *resultp) +{ + struct Curl_dns_entry *dns = NULL; + struct connectdata *conn = data->conn; + const char *hostname; + CURLcode result = CURLE_OK; + CURLMcode rc = CURLM_OK; + + DEBUGASSERT(conn); +#ifndef CURL_DISABLE_PROXY + if(conn->bits.httpproxy) + hostname = conn->http_proxy.host.name; + else +#endif + if(conn->bits.conn_to_host) + hostname = conn->conn_to_host.name; + else + hostname = conn->host.name; + + /* check if we have the name resolved by now */ + dns = Curl_fetch_addr(data, hostname, conn->primary.remote_port); + + if(dns) { +#ifdef CURLRES_ASYNCH + data->state.async.dns = dns; + data->state.async.done = TRUE; +#endif + result = CURLE_OK; + infof(data, "Hostname '%s' was found in DNS cache", hostname); + } + + if(!dns) + result = Curl_resolv_check(data, &dns); + + /* Update sockets here, because the socket(s) may have been closed and the + application thus needs to be told, even if it is likely that the same + socket(s) will again be used further down. If the name has not yet been + resolved, it is likely that new sockets have been opened in an attempt to + contact another resolver. */ + rc = singlesocket(multi, data); + if(rc) + return rc; + + if(dns) { + bool connected; + /* Perform the next step in the connection phase, and then move on to the + WAITCONNECT state */ + result = Curl_once_resolved(data, &connected); + + if(result) + /* if Curl_once_resolved() returns failure, the connection struct is + already freed and gone */ + data->conn = NULL; /* no more connection */ + else { + /* call again please so that we get the next socket setup */ + rc = CURLM_CALL_MULTI_PERFORM; + if(connected) + multistate(data, MSTATE_PROTOCONNECT); + else { + multistate(data, MSTATE_CONNECTING); } } - break; + } + + if(result) + /* failure detected */ + *stream_errorp = TRUE; + + *resultp = result; + return rc; +} + +static CURLMcode state_connect(struct Curl_multi *multi, + struct Curl_easy *data, + struct curltime *nowp, + CURLcode *resultp) +{ + /* Connect. We want to get a connection identifier filled in. This state can + be entered from SETUP and from PENDING. */ + bool connected; + bool async; + CURLMcode rc = CURLM_OK; + CURLcode result = Curl_connect(data, &async, &connected); + if(CURLE_NO_CONNECTION_AVAILABLE == result) { + /* There was no connection available. We will go to the pending state and + wait for an available connection. */ + multistate(data, MSTATE_PENDING); + /* unlink from process list */ + Curl_node_remove(&data->multi_queue); + /* add handle to pending list */ + Curl_llist_append(&multi->pending, data, &data->multi_queue); + *resultp = CURLE_OK; + return rc; + } + else + process_pending_handles(data->multi); + + if(!result) { + *nowp = Curl_pgrsTime(data, TIMER_POSTQUEUE); + if(async) + /* We are now waiting for an asynchronous name lookup */ + multistate(data, MSTATE_RESOLVING); + else { + /* after the connect has been sent off, go WAITCONNECT unless the + protocol connect is already done and we can go directly to WAITDO or + DO! */ + rc = CURLM_CALL_MULTI_PERFORM; + + if(connected) { + if(!data->conn->bits.reuse && + Curl_conn_is_multiplex(data->conn, FIRSTSOCKET)) { + /* new connection, can multiplex, wake pending handles */ + process_pending_handles(data->multi); + } + multistate(data, MSTATE_PROTOCONNECT); + } + else { + multistate(data, MSTATE_CONNECTING); + } + } + } + *resultp = result; + return rc; +} + +static CURLMcode multi_runsingle(struct Curl_multi *multi, + struct curltime *nowp, + struct Curl_easy *data) +{ + struct Curl_message *msg = NULL; + bool connected; + bool protocol_connected = FALSE; + bool dophase_done = FALSE; + CURLMcode rc; + CURLcode result = CURLE_OK; + int control; + + if(!GOOD_EASY_HANDLE(data)) + return CURLM_BAD_EASY_HANDLE; + + if(multi->dead) { + /* a multi-level callback returned error before, meaning every individual + transfer now has failed */ + result = CURLE_ABORTED_BY_CALLBACK; + multi_posttransfer(data); + multi_done(data, result, FALSE); + multistate(data, MSTATE_COMPLETED); + } + + multi_warn_debug(multi, data); + + do { + /* A "stream" here is a logical stream if the protocol can handle that + (HTTP/2), or the full connection for older protocols */ + bool stream_error = FALSE; + rc = CURLM_OK; + + if(multi_ischanged(multi, TRUE)) { + DEBUGF(infof(data, "multi changed, check CONNECT_PEND queue")); + process_pending_handles(multi); /* multiplexed */ + } + + if(data->mstate > MSTATE_CONNECT && + data->mstate < MSTATE_COMPLETED) { + /* Make sure we set the connection's current owner */ + DEBUGASSERT(data->conn); + if(!data->conn) + return CURLM_INTERNAL_ERROR; + } + + /* Wait for the connect state as only then is the start time stored, but + we must not check already completed handles */ + if((data->mstate >= MSTATE_CONNECT) && (data->mstate < MSTATE_COMPLETED) && + multi_handle_timeout(data, nowp, &stream_error, &result)) + /* Skip the statemachine and go directly to error handling section. */ + goto statemachine_end; + + switch(data->mstate) { + case MSTATE_INIT: + /* Transitional state. init this transfer. A handle never comes back to + this state. */ + result = Curl_pretransfer(data); + if(result) + break; + + /* after init, go SETUP */ + multistate(data, MSTATE_SETUP); + (void)Curl_pgrsTime(data, TIMER_STARTOP); + FALLTHROUGH(); + + case MSTATE_SETUP: + /* Transitional state. Setup things for a new transfer. The handle + can come back to this state on a redirect. */ + *nowp = Curl_pgrsTime(data, TIMER_STARTSINGLE); + if(data->set.timeout) + Curl_expire(data, data->set.timeout, EXPIRE_TIMEOUT); + if(data->set.connecttimeout) + /* Since a connection might go to pending and back to CONNECT several + times before it actually takes off, we need to set the timeout once + in SETUP before we enter CONNECT the first time. */ + Curl_expire(data, data->set.connecttimeout, EXPIRE_CONNECTTIMEOUT); + + multistate(data, MSTATE_CONNECT); + FALLTHROUGH(); + + case MSTATE_CONNECT: + rc = state_connect(multi, data, nowp, &result); + break; + + case MSTATE_RESOLVING: + /* awaiting an asynch name resolve to complete */ + rc = state_resolving(multi, data, &stream_error, &result); + break; #ifndef CURL_DISABLE_HTTP case MSTATE_TUNNELING: /* this is HTTP-specific, but sending CONNECT to a proxy is HTTP... */ DEBUGASSERT(data->conn); result = Curl_http_connect(data, &protocol_connected); -#ifndef CURL_DISABLE_PROXY - if(data->conn->bits.proxy_connect_closed) { + if(!result) { rc = CURLM_CALL_MULTI_PERFORM; - /* connect back to proxy again */ - result = CURLE_OK; - multi_done(data, CURLE_OK, FALSE); - multistate(data, MSTATE_CONNECT); + /* initiate protocol connect phase */ + multistate(data, MSTATE_PROTOCONNECT); } else -#endif - if(!result) { - rc = CURLM_CALL_MULTI_PERFORM; - /* initiate protocol connect phase */ - multistate(data, MSTATE_PROTOCONNECT); - } - else stream_error = TRUE; break; #endif @@ -2106,6 +2698,11 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, DEBUGASSERT(data->conn); result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &connected); if(connected && !result) { + if(!data->conn->bits.reuse && + Curl_conn_is_multiplex(data->conn, FIRSTSOCKET)) { + /* new connection, can multiplex, wake pending handles */ + process_pending_handles(data->multi); + } rc = CURLM_CALL_MULTI_PERFORM; multistate(data, MSTATE_PROTOCONNECT); } @@ -2120,9 +2717,10 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, case MSTATE_PROTOCONNECT: if(!result && data->conn->bits.reuse) { - /* ftp seems to hang when protoconnect on reused connection - * since we handle PROTOCONNECT in general inside the filers, it - * seems wrong to restart this on a reused connection. */ + /* ftp seems to hang when protoconnect on reused connection since we + * handle PROTOCONNECT in general inside the filers, it seems wrong to + * restart this on a reused connection. + */ multistate(data, MSTATE_DO); rc = CURLM_CALL_MULTI_PERFORM; break; @@ -2164,135 +2762,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, break; case MSTATE_DO: - if(data->set.fprereq) { - int prereq_rc; - - /* call the prerequest callback function */ - Curl_set_in_callback(data, true); - prereq_rc = data->set.fprereq(data->set.prereq_userp, - data->info.primary.remote_ip, - data->info.primary.local_ip, - data->info.primary.remote_port, - data->info.primary.local_port); - Curl_set_in_callback(data, false); - if(prereq_rc != CURL_PREREQFUNC_OK) { - failf(data, "operation aborted by pre-request callback"); - /* failure in pre-request callback - do not do any other - processing */ - result = CURLE_ABORTED_BY_CALLBACK; - multi_posttransfer(data); - multi_done(data, result, FALSE); - stream_error = TRUE; - break; - } - } - - if(data->set.connect_only == 1) { - /* keep connection open for application to use the socket */ - connkeep(data->conn, "CONNECT_ONLY"); - multistate(data, MSTATE_DONE); - result = CURLE_OK; - rc = CURLM_CALL_MULTI_PERFORM; - } - else { - /* Perform the protocol's DO action */ - result = multi_do(data, &dophase_done); - - /* When multi_do() returns failure, data->conn might be NULL! */ - - if(!result) { - if(!dophase_done) { -#ifndef CURL_DISABLE_FTP - /* some steps needed for wildcard matching */ - if(data->state.wildcardmatch) { - struct WildcardData *wc = data->wildcard; - if(wc->state == CURLWC_DONE || wc->state == CURLWC_SKIP) { - /* skip some states if it is important */ - multi_done(data, CURLE_OK, FALSE); - - /* if there is no connection left, skip the DONE state */ - multistate(data, data->conn ? - MSTATE_DONE : MSTATE_COMPLETED); - rc = CURLM_CALL_MULTI_PERFORM; - break; - } - } -#endif - /* DO was not completed in one function call, we must continue - DOING... */ - multistate(data, MSTATE_DOING); - rc = CURLM_CALL_MULTI_PERFORM; - } - - /* after DO, go DO_DONE... or DO_MORE */ - else if(data->conn->bits.do_more) { - /* we are supposed to do more, but we need to sit down, relax - and wait a little while first */ - multistate(data, MSTATE_DOING_MORE); - rc = CURLM_CALL_MULTI_PERFORM; - } - else { - /* we are done with the DO, now DID */ - multistate(data, MSTATE_DID); - rc = CURLM_CALL_MULTI_PERFORM; - } - } - else if((CURLE_SEND_ERROR == result) && - data->conn->bits.reuse) { - /* - * In this situation, a connection that we were trying to use - * may have unexpectedly died. If possible, send the connection - * back to the CONNECT phase so we can try again. - */ - char *newurl = NULL; - followtype follow = FOLLOW_NONE; - CURLcode drc; - - drc = Curl_retry_request(data, &newurl); - if(drc) { - /* a failure here pretty much implies an out of memory */ - result = drc; - stream_error = TRUE; - } - - multi_posttransfer(data); - drc = multi_done(data, result, FALSE); - - /* When set to retry the connection, we must go back to the CONNECT - * state */ - if(newurl) { - if(!drc || (drc == CURLE_SEND_ERROR)) { - follow = FOLLOW_RETRY; - drc = Curl_follow(data, newurl, follow); - if(!drc) { - multistate(data, MSTATE_SETUP); - rc = CURLM_CALL_MULTI_PERFORM; - result = CURLE_OK; - } - else { - /* Follow failed */ - result = drc; - } - } - else { - /* done did not return OK or SEND_ERROR */ - result = drc; - } - } - else { - /* Have error handler disconnect conn if we cannot retry */ - stream_error = TRUE; - } - free(newurl); - } - else { - /* failure detected */ - multi_posttransfer(data); - if(data->conn) - multi_done(data, result, FALSE); - stream_error = TRUE; - } - } + rc = state_do(data, &stream_error, &result); break; case MSTATE_DOING: @@ -2302,7 +2772,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, if(!result) { if(dophase_done) { /* after DO, go DO_DONE or DO_MORE */ - multistate(data, data->conn->bits.do_more? + multistate(data, data->conn->bits.do_more ? MSTATE_DOING_MORE : MSTATE_DID); rc = CURLM_CALL_MULTI_PERFORM; } /* dophase_done */ @@ -2326,7 +2796,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, if(control) { /* if positive, advance to DO_DONE if negative, go back to DOING */ - multistate(data, control == 1? + multistate(data, control == 1 ? MSTATE_DID : MSTATE_DOING); rc = CURLM_CALL_MULTI_PERFORM; } @@ -2359,207 +2829,18 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, data->wildcard->state = CURLWC_DONE; } #endif - multistate(data, MSTATE_DONE); - } - rc = CURLM_CALL_MULTI_PERFORM; - break; - - case MSTATE_RATELIMITING: /* limit-rate exceeded in either direction */ - DEBUGASSERT(data->conn); - /* if both rates are within spec, resume transfer */ - if(Curl_pgrsUpdate(data)) - result = CURLE_ABORTED_BY_CALLBACK; - else - result = Curl_speedcheck(data, *nowp); - - if(result) { - if(!(data->conn->handler->flags & PROTOPT_DUAL) && - result != CURLE_HTTP2_STREAM) - streamclose(data->conn, "Transfer returned error"); - - multi_posttransfer(data); - multi_done(data, result, TRUE); - } - else { - send_timeout_ms = 0; - if(data->set.max_send_speed) - send_timeout_ms = - Curl_pgrsLimitWaitTime(data->progress.uploaded, - data->progress.ul_limit_size, - data->set.max_send_speed, - data->progress.ul_limit_start, - *nowp); - - recv_timeout_ms = 0; - if(data->set.max_recv_speed) - recv_timeout_ms = - Curl_pgrsLimitWaitTime(data->progress.downloaded, - data->progress.dl_limit_size, - data->set.max_recv_speed, - data->progress.dl_limit_start, - *nowp); - - if(!send_timeout_ms && !recv_timeout_ms) { - multistate(data, MSTATE_PERFORMING); - Curl_ratelimit(data, *nowp); - } - else if(send_timeout_ms >= recv_timeout_ms) - Curl_expire(data, send_timeout_ms, EXPIRE_TOOFAST); - else - Curl_expire(data, recv_timeout_ms, EXPIRE_TOOFAST); - } - break; - - case MSTATE_PERFORMING: - { - char *newurl = NULL; - bool retry = FALSE; - /* check if over send speed */ - send_timeout_ms = 0; - if(data->set.max_send_speed) - send_timeout_ms = Curl_pgrsLimitWaitTime(data->progress.uploaded, - data->progress.ul_limit_size, - data->set.max_send_speed, - data->progress.ul_limit_start, - *nowp); - - /* check if over recv speed */ - recv_timeout_ms = 0; - if(data->set.max_recv_speed) - recv_timeout_ms = Curl_pgrsLimitWaitTime(data->progress.downloaded, - data->progress.dl_limit_size, - data->set.max_recv_speed, - data->progress.dl_limit_start, - *nowp); - - if(send_timeout_ms || recv_timeout_ms) { - Curl_ratelimit(data, *nowp); - multistate(data, MSTATE_RATELIMITING); - if(send_timeout_ms >= recv_timeout_ms) - Curl_expire(data, send_timeout_ms, EXPIRE_TOOFAST); - else - Curl_expire(data, recv_timeout_ms, EXPIRE_TOOFAST); - break; - } - - /* read/write data if it is ready to do so */ - result = Curl_readwrite(data); - - if(data->req.done || (result == CURLE_RECV_ERROR)) { - /* If CURLE_RECV_ERROR happens early enough, we assume it was a race - * condition and the server closed the reused connection exactly when - * we wanted to use it, so figure out if that is indeed the case. - */ - CURLcode ret = Curl_retry_request(data, &newurl); - if(!ret) - retry = (newurl)?TRUE:FALSE; - else if(!result) - result = ret; - - if(retry) { - /* if we are to retry, set the result to OK and consider the - request as done */ - result = CURLE_OK; - data->req.done = TRUE; - } - } - else if((CURLE_HTTP2_STREAM == result) && - Curl_h2_http_1_1_error(data)) { - CURLcode ret = Curl_retry_request(data, &newurl); - - if(!ret) { - infof(data, "Downgrades to HTTP/1.1"); - streamclose(data->conn, "Disconnect HTTP/2 for HTTP/1"); - data->state.httpwant = CURL_HTTP_VERSION_1_1; - /* clear the error message bit too as we ignore the one we got */ - data->state.errorbuf = FALSE; - if(!newurl) - /* typically for HTTP_1_1_REQUIRED error on first flight */ - newurl = strdup(data->state.url); - /* if we are to retry, set the result to OK and consider the request - as done */ - retry = TRUE; - result = CURLE_OK; - data->req.done = TRUE; - } - else - result = ret; - } - - if(result) { - /* - * The transfer phase returned error, we mark the connection to get - * closed to prevent being reused. This is because we cannot possibly - * know if the connection is in a good shape or not now. Unless it is - * a protocol which uses two "channels" like FTP, as then the error - * happened in the data connection. - */ - - if(!(data->conn->handler->flags & PROTOPT_DUAL) && - result != CURLE_HTTP2_STREAM) - streamclose(data->conn, "Transfer returned error"); - - multi_posttransfer(data); - multi_done(data, result, TRUE); + multistate(data, MSTATE_DONE); } - else if(data->req.done && !Curl_cwriter_is_paused(data)) { - - /* call this even if the readwrite function returned error */ - multi_posttransfer(data); + rc = CURLM_CALL_MULTI_PERFORM; + break; - /* When we follow redirects or is set to retry the connection, we must - to go back to the CONNECT state */ - if(data->req.newurl || retry) { - followtype follow = FOLLOW_NONE; - if(!retry) { - /* if the URL is a follow-location and not just a retried request - then figure out the URL here */ - free(newurl); - newurl = data->req.newurl; - data->req.newurl = NULL; - follow = FOLLOW_REDIR; - } - else - follow = FOLLOW_RETRY; - (void)multi_done(data, CURLE_OK, FALSE); - /* multi_done() might return CURLE_GOT_NOTHING */ - result = Curl_follow(data, newurl, follow); - if(!result) { - multistate(data, MSTATE_SETUP); - rc = CURLM_CALL_MULTI_PERFORM; - } - } - else { - /* after the transfer is done, go DONE */ - - /* but first check to see if we got a location info even though we - are not following redirects */ - if(data->req.location) { - free(newurl); - newurl = data->req.location; - data->req.location = NULL; - result = Curl_follow(data, newurl, FOLLOW_FAKE); - if(result) { - stream_error = TRUE; - result = multi_done(data, result, TRUE); - } - } + case MSTATE_RATELIMITING: /* limit-rate exceeded in either direction */ + rc = state_ratelimiting(data, nowp, &result); + break; - if(!result) { - multistate(data, MSTATE_DONE); - rc = CURLM_CALL_MULTI_PERFORM; - } - } - } - else if(data->state.select_bits && !Curl_xfer_is_blocked(data)) { - /* This avoids CURLM_CALL_MULTI_PERFORM so that a very fast transfer - will not get stuck on this transfer at the expense of other - concurrent transfers */ - Curl_expire(data, 0, EXPIRE_RUN_NOW); - } - free(newurl); + case MSTATE_PERFORMING: + rc = state_performing(data, nowp, &stream_error, &result); break; - } case MSTATE_DONE: /* this state is highly transient, so run another loop after this */ @@ -2568,10 +2849,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, if(data->conn) { CURLcode res; - if(data->conn->bits.multiplex) - /* Check if we can move pending requests to connection */ - process_pending_handles(multi); /* multiplexing */ - /* post-transfer command */ res = multi_done(data, result, FALSE); @@ -2611,14 +2888,14 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, if(data->mstate >= MSTATE_CONNECT && data->mstate < MSTATE_DO && rc != CURLM_CALL_MULTI_PERFORM && - !multi_ischanged(multi, false)) { + !multi_ischanged(multi, FALSE)) { /* We now handle stream timeouts if and only if this will be the last * loop iteration. We only check this on the last iteration to ensure * that if we know we have additional work to do immediately * (i.e. CURLM_CALL_MULTI_PERFORM == TRUE) then we should do that before * declaring the connection timed out as we may almost have a completed * connection. */ - multi_handle_timeout(data, nowp, &stream_error, &result, FALSE); + multi_handle_timeout(data, nowp, &stream_error, &result); } statemachine_end: @@ -2646,12 +2923,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, We do not have to do this in every case block above where a failure is detected */ Curl_detach_connection(data); - - /* remove connection from cache */ - Curl_conncache_remove_conn(data, conn, TRUE); - - /* disconnect properly */ - Curl_disconnect(data, conn, dead_connection); + Curl_cpool_disconnect(data, conn, dead_connection); } } else if(data->mstate == MSTATE_CONNECT) { @@ -2671,8 +2943,8 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, streamclose(data->conn, "Aborted by callback"); /* if not yet in DONE state, go there, otherwise COMPLETED */ - multistate(data, (data->mstate < MSTATE_DONE)? - MSTATE_DONE: MSTATE_COMPLETED); + multistate(data, (data->mstate < MSTATE_DONE) ? + MSTATE_DONE : MSTATE_COMPLETED); rc = CURLM_CALL_MULTI_PERFORM; } } @@ -2695,10 +2967,10 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } multistate(data, MSTATE_MSGSENT); - /* add this handle to the list of msgsent handles */ - Curl_llist_append(&multi->msgsent, data, &data->connect_queue); - /* unlink from the main list */ - unlink_easy(multi, data); + /* unlink from the process list */ + Curl_node_remove(&data->multi_queue); + /* add this handle msgsent list */ + Curl_llist_append(&multi->msgsent, data, &data->multi_queue); return CURLM_OK; } } while((rc == CURLM_CALL_MULTI_PERFORM) || multi_ischanged(multi, FALSE)); @@ -2708,12 +2980,14 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } -CURLMcode curl_multi_perform(struct Curl_multi *multi, int *running_handles) +CURLMcode curl_multi_perform(CURLM *m, int *running_handles) { - struct Curl_easy *data; CURLMcode returncode = CURLM_OK; - struct Curl_tree *t; + struct Curl_tree *t = NULL; struct curltime now = Curl_now(); + struct Curl_llist_node *e; + struct Curl_llist_node *n = NULL; + struct Curl_multi *multi = m; SIGPIPE_VARIABLE(pipe_st); if(!GOOD_MULTI_HANDLE(multi)) @@ -2723,30 +2997,27 @@ CURLMcode curl_multi_perform(struct Curl_multi *multi, int *running_handles) return CURLM_RECURSIVE_API_CALL; sigpipe_init(&pipe_st); - data = multi->easyp; - if(data) { + for(e = Curl_llist_head(&multi->process); e; e = n) { + struct Curl_easy *data = Curl_node_elem(e); CURLMcode result; /* Do the loop and only alter the signal ignore state if the next handle has a different NO_SIGNAL state than the previous */ - do { - /* the current node might be unlinked in multi_runsingle(), get the next - pointer now */ - struct Curl_easy *datanext = data->next; - - if(data != multi->conn_cache.closure_handle) { - /* connection cache handle is processed below */ - sigpipe_apply(data, &pipe_st); - result = multi_runsingle(multi, &now, data); - if(result) - returncode = result; - } - data = datanext; /* operate on next handle */ - } while(data); + /* the current node might be unlinked in multi_runsingle(), get the next + pointer now */ + n = Curl_node_next(e); + + if(data != multi->cpool.idata) { + /* connection pool handle is processed below */ + sigpipe_apply(data, &pipe_st); + result = multi_runsingle(multi, &now, data); + if(result) + returncode = result; + } } - sigpipe_apply(multi->conn_cache.closure_handle, &pipe_st); - Curl_conncache_multi_perform(multi); + sigpipe_apply(multi->cpool.idata, &pipe_st); + Curl_cpool_multi_perform(multi); sigpipe_restore(&pipe_st); @@ -2764,17 +3035,16 @@ CURLMcode curl_multi_perform(struct Curl_multi *multi, int *running_handles) multi->timetree = Curl_splaygetbest(now, multi->timetree, &t); if(t) { /* the removed may have another timeout in queue */ - data = t->payload; + struct Curl_easy *data = Curl_splayget(t); if(data->mstate == MSTATE_PENDING) { bool stream_unused; CURLcode result_unused; - if(multi_handle_timeout(data, &now, &stream_unused, &result_unused, - FALSE)) { + if(multi_handle_timeout(data, &now, &stream_unused, &result_unused)) { infof(data, "PENDING handle timeout"); move_pending_to_connect(multi, data); } } - (void)add_next_timeout(now, multi, t->payload); + (void)add_next_timeout(now, multi, Curl_splayget(t)); } } while(t); @@ -2787,38 +3057,44 @@ CURLMcode curl_multi_perform(struct Curl_multi *multi, int *running_handles) return returncode; } -/* unlink_all_msgsent_handles() detaches all those easy handles from this - multi handle */ +/* unlink_all_msgsent_handles() moves all nodes back from the msgsent list to + the process list */ static void unlink_all_msgsent_handles(struct Curl_multi *multi) { - struct Curl_llist_element *e = multi->msgsent.head; - if(e) { - struct Curl_easy *data = e->ptr; - DEBUGASSERT(data->mstate == MSTATE_MSGSENT); - data->multi = NULL; + struct Curl_llist_node *e; + for(e = Curl_llist_head(&multi->msgsent); e; e = Curl_node_next(e)) { + struct Curl_easy *data = Curl_node_elem(e); + if(data) { + DEBUGASSERT(data->mstate == MSTATE_MSGSENT); + Curl_node_remove(&data->multi_queue); + /* put it into the process list */ + Curl_llist_append(&multi->process, data, &data->multi_queue); + } } } -CURLMcode curl_multi_cleanup(struct Curl_multi *multi) +CURLMcode curl_multi_cleanup(CURLM *m) { - struct Curl_easy *data; - struct Curl_easy *nextdata; - + struct Curl_multi *multi = m; if(GOOD_MULTI_HANDLE(multi)) { + struct Curl_llist_node *e; + struct Curl_llist_node *n; if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; - multi->magic = 0; /* not good anymore */ - + /* move the pending and msgsent entries back to process + so that there is just one list to iterate over */ unlink_all_msgsent_handles(multi); process_pending_handles(multi); + /* First remove all remaining easy handles */ - data = multi->easyp; - while(data) { + for(e = Curl_llist_head(&multi->process); e; e = n) { + struct Curl_easy *data = Curl_node_elem(e); + if(!GOOD_EASY_HANDLE(data)) return CURLM_BAD_HANDLE; - nextdata = data->next; + n = Curl_node_next(e); if(!data->state.done && data->conn) /* if DONE was never called for this handle */ (void)multi_done(data, CURLE_OK, TRUE); @@ -2829,24 +3105,20 @@ CURLMcode curl_multi_cleanup(struct Curl_multi *multi) data->dns.hostcachetype = HCACHE_NONE; } - /* Clear the pointer to the connection cache */ - data->state.conn_cache = NULL; data->multi = NULL; /* clear the association */ #ifdef USE_LIBPSL if(data->psl == &multi->psl) data->psl = NULL; #endif - - data = nextdata; } - /* Close all the connections in the connection cache */ - Curl_conncache_multi_close_all(multi); + Curl_cpool_destroy(&multi->cpool); + + multi->magic = 0; /* not good anymore */ sockhash_destroy(&multi->sockhash); Curl_hash_destroy(&multi->proto_hash); - Curl_conncache_destroy(&multi->conn_cache); Curl_hash_destroy(&multi->hostcache); Curl_psl_destroy(&multi->psl); @@ -2879,9 +3151,10 @@ CURLMcode curl_multi_cleanup(struct Curl_multi *multi) * beyond. The current design is fully O(1). */ -CURLMsg *curl_multi_info_read(struct Curl_multi *multi, int *msgs_in_queue) +CURLMsg *curl_multi_info_read(CURLM *m, int *msgs_in_queue) { struct Curl_message *msg; + struct Curl_multi *multi = m; *msgs_in_queue = 0; /* default to none */ @@ -2889,15 +3162,15 @@ CURLMsg *curl_multi_info_read(struct Curl_multi *multi, int *msgs_in_queue) !multi->in_callback && Curl_llist_count(&multi->msglist)) { /* there is one or more messages in the list */ - struct Curl_llist_element *e; + struct Curl_llist_node *e; /* extract the head of the list to return */ - e = multi->msglist.head; + e = Curl_llist_head(&multi->msglist); - msg = e->ptr; + msg = Curl_node_elem(e); /* remove the extracted entry */ - Curl_llist_remove(&multi->msglist, e, NULL); + Curl_node_remove(e); *msgs_in_queue = curlx_uztosi(Curl_llist_count(&multi->msglist)); @@ -2954,7 +3227,7 @@ CURLMcode Curl_multi_pollset_ev(struct Curl_multi *multi, if(entry) { /* check if new for this transfer */ unsigned int j; - for(j = 0; j< last_ps->num; j++) { + for(j = 0; j < last_ps->num; j++) { if(s == last_ps->sockets[j]) { last_action = last_ps->actions[j]; break; @@ -2970,18 +3243,24 @@ CURLMcode Curl_multi_pollset_ev(struct Curl_multi *multi, } if(last_action && (last_action != cur_action)) { /* Socket was used already, but different action now */ - if(last_action & CURL_POLL_IN) + if(last_action & CURL_POLL_IN) { + DEBUGASSERT(entry->readers); entry->readers--; - if(last_action & CURL_POLL_OUT) + } + if(last_action & CURL_POLL_OUT) { + DEBUGASSERT(entry->writers); entry->writers--; - if(cur_action & CURL_POLL_IN) + } + if(cur_action & CURL_POLL_IN) { entry->readers++; + } if(cur_action & CURL_POLL_OUT) entry->writers++; } else if(!last_action && !Curl_hash_pick(&entry->transfers, (char *)&data, /* hash key */ sizeof(struct Curl_easy *))) { + DEBUGASSERT(entry->users < 100000); /* detect weird values */ /* a new transfer using this socket */ entry->users++; if(cur_action & CURL_POLL_IN) @@ -3043,23 +3322,27 @@ CURLMcode Curl_multi_pollset_ev(struct Curl_multi *multi, if(entry) { unsigned char oldactions = last_ps->actions[i]; /* this socket has been removed. Decrease user count */ + DEBUGASSERT(entry->users); entry->users--; if(oldactions & CURL_POLL_OUT) entry->writers--; if(oldactions & CURL_POLL_IN) entry->readers--; if(!entry->users) { + bool dead = FALSE; if(multi->socket_cb) { set_in_callback(multi, TRUE); rc = multi->socket_cb(data, s, CURL_POLL_REMOVE, multi->socket_userp, entry->socketp); set_in_callback(multi, FALSE); - if(rc == -1) { - multi->dead = TRUE; - return CURLM_ABORTED_BY_CALLBACK; - } + if(rc == -1) + dead = TRUE; } sh_delentry(entry, &multi->sockhash, s); + if(dead) { + multi->dead = TRUE; + return CURLM_ABORTED_BY_CALLBACK; + } } else { /* still users, but remove this handle as a user of this socket */ @@ -3097,11 +3380,15 @@ void Curl_multi_closed(struct Curl_easy *data, curl_socket_t s) if(data) { /* if there is still an easy handle associated with this connection */ struct Curl_multi *multi = data->multi; + DEBUGF(infof(data, "Curl_multi_closed, fd=%" FMT_SOCKET_T + " multi is %p", s, (void *)multi)); if(multi) { /* this is set if this connection is part of a handle that is added to a multi handle, and only then this is necessary */ struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s); + DEBUGF(infof(data, "Curl_multi_closed, fd=%" FMT_SOCKET_T + " entry is %p", s, (void *)entry)); if(entry) { int rc = 0; if(multi->socket_cb) { @@ -3141,26 +3428,24 @@ static CURLMcode add_next_timeout(struct curltime now, { struct curltime *tv = &d->state.expiretime; struct Curl_llist *list = &d->state.timeoutlist; - struct Curl_llist_element *e; - struct time_node *node = NULL; + struct Curl_llist_node *e; /* move over the timeout list for this specific handle and remove all timeouts that are now passed tense and store the next pending timeout in *tv */ - for(e = list->head; e;) { - struct Curl_llist_element *n = e->next; - timediff_t diff; - node = (struct time_node *)e->ptr; - diff = Curl_timediff_us(node->time, now); + for(e = Curl_llist_head(list); e;) { + struct Curl_llist_node *n = Curl_node_next(e); + struct time_node *node = Curl_node_elem(e); + timediff_t diff = Curl_timediff_us(node->time, now); if(diff <= 0) /* remove outdated entry */ - Curl_llist_remove(list, e, NULL); + Curl_node_remove(e); else /* the list is sorted so get out on the first mismatch */ break; e = n; } - e = list->head; + e = Curl_llist_head(list); if(!e) { /* clear the expire times within the handles that we remove from the splay tree */ @@ -3168,6 +3453,7 @@ static CURLMcode add_next_timeout(struct curltime now, tv->tv_usec = 0; } else { + struct time_node *node = Curl_node_elem(e); /* copy the first entry to 'tv' */ memcpy(tv, &node->time, sizeof(*tv)); @@ -3179,6 +3465,59 @@ static CURLMcode add_next_timeout(struct curltime now, return CURLM_OK; } +struct multi_run_ctx { + struct Curl_multi *multi; + struct curltime now; + size_t run_xfers; + SIGPIPE_MEMBER(pipe_st); + bool run_cpool; +}; + +static CURLMcode multi_run_expired(struct multi_run_ctx *mrc) +{ + struct Curl_multi *multi = mrc->multi; + struct Curl_easy *data = NULL; + struct Curl_tree *t = NULL; + CURLMcode result = CURLM_OK; + + /* + * The loop following here will go on as long as there are expire-times left + * to process (compared to mrc->now) in the splay and 'data' will be + * re-assigned for every expired handle we deal with. + */ + while(1) { + /* Check if there is one (more) expired timer to deal with! This function + extracts a matching node if there is one */ + multi->timetree = Curl_splaygetbest(mrc->now, multi->timetree, &t); + if(!t) + goto out; + + data = Curl_splayget(t); /* assign this for next loop */ + if(!data) + continue; + + (void)add_next_timeout(mrc->now, multi, data); + if(data == multi->cpool.idata) { + mrc->run_cpool = TRUE; + continue; + } + + mrc->run_xfers++; + sigpipe_apply(data, &mrc->pipe_st); + result = multi_runsingle(multi, &mrc->now, data); + + if(CURLM_OK >= result) { + /* get the socket(s) and check if the state has been changed since + last */ + result = singlesocket(multi, data); + if(result) + goto out; + } + } + +out: + return result; +} static CURLMcode multi_socket(struct Curl_multi *multi, bool checkall, curl_socket_t s, @@ -3187,28 +3526,31 @@ static CURLMcode multi_socket(struct Curl_multi *multi, { CURLMcode result = CURLM_OK; struct Curl_easy *data = NULL; - struct Curl_tree *t; - struct curltime now = Curl_now(); - bool run_conn_cache = FALSE; - SIGPIPE_VARIABLE(pipe_st); + struct multi_run_ctx mrc; + + (void)ev_bitmask; + memset(&mrc, 0, sizeof(mrc)); + mrc.multi = multi; + mrc.now = Curl_now(); + sigpipe_init(&mrc.pipe_st); if(checkall) { + struct Curl_llist_node *e; /* *perform() deals with running_handles on its own */ result = curl_multi_perform(multi, running_handles); /* walk through each easy handle and do the socket state change magic and callbacks */ if(result != CURLM_BAD_HANDLE) { - data = multi->easyp; - while(data && !result) { - result = singlesocket(multi, data); - data = data->next; + for(e = Curl_llist_head(&multi->process); e && !result; + e = Curl_node_next(e)) { + result = singlesocket(multi, Curl_node_elem(e)); } } - - /* or should we fall-through and do the timer-based stuff? */ - return result; + mrc.run_cpool = TRUE; + goto out; } + if(s != CURL_SOCKET_TIMEOUT) { struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s); @@ -3219,8 +3561,8 @@ static CURLMcode multi_socket(struct Curl_multi *multi, asked to get removed, so thus we better survive stray socket actions and just move on. */ /* The socket might come from a connection that is being shut down - * by the multi's conncache. */ - Curl_conncache_multi_socket(multi, s, ev_bitmask); + * by the multi's connection pool. */ + Curl_cpool_multi_socket(multi, s, ev_bitmask); } else { struct Curl_hash_iterator iter; @@ -3234,89 +3576,54 @@ static CURLMcode multi_socket(struct Curl_multi *multi, DEBUGASSERT(data); DEBUGASSERT(data->magic == CURLEASY_MAGIC_NUMBER); - if(data == multi->conn_cache.closure_handle) - run_conn_cache = TRUE; + if(data == multi->cpool.idata) + mrc.run_cpool = TRUE; else { - if(data->conn && !(data->conn->handler->flags & PROTOPT_DIRLOCK)) - /* set socket event bitmask if they are not locked */ - data->state.select_bits |= (unsigned char)ev_bitmask; - - Curl_expire(data, 0, EXPIRE_RUN_NOW); + /* Expire with out current now, so we will get it below when + * asking the splaytree for expired transfers. */ + expire_ex(data, &mrc.now, 0, EXPIRE_RUN_NOW); } } - - /* Now we fall-through and do the timer-based stuff, since we do not want - to force the user to have to deal with timeouts as long as at least - one connection in fact has traffic. */ - - data = NULL; /* set data to NULL again to avoid calling - multi_runsingle() in case there is no need to */ - now = Curl_now(); /* get a newer time since the multi_runsingle() loop - may have taken some time */ } } - else { - /* Asked to run due to time-out. Clear the 'lastcall' variable to force - Curl_update_timer() to trigger a callback to the app again even if the - same timeout is still the one to run after this call. That handles the - case when the application asks libcurl to run the timeout - prematurely. */ - memset(&multi->timer_lastcall, 0, sizeof(multi->timer_lastcall)); - } - - /* - * The loop following here will go on as long as there are expire-times left - * to process in the splay and 'data' will be re-assigned for every expired - * handle we deal with. - */ - sigpipe_init(&pipe_st); - do { - if(data == multi->conn_cache.closure_handle) - run_conn_cache = TRUE; - /* the first loop lap 'data' can be NULL */ - else if(data) { - sigpipe_apply(data, &pipe_st); - result = multi_runsingle(multi, &now, data); - if(CURLM_OK >= result) { - /* get the socket(s) and check if the state has been changed since - last */ - result = singlesocket(multi, data); - if(result) - break; - } - } - - /* Check if there is one (more) expired timer to deal with! This function - extracts a matching node if there is one */ - - multi->timetree = Curl_splaygetbest(now, multi->timetree, &t); - if(t) { - data = t->payload; /* assign this for next loop */ - (void)add_next_timeout(now, multi, t->payload); - } - - } while(t); + result = multi_run_expired(&mrc); + if(result) + goto out; - if(run_conn_cache) { - sigpipe_apply(multi->conn_cache.closure_handle, &pipe_st); - Curl_conncache_multi_perform(multi); + if(mrc.run_xfers) { + /* Running transfers takes time. With a new timestamp, we might catch + * other expires which are due now. Instead of telling the application + * to set a 0 timeout and call us again, we run them here. + * Do that only once or it might be unfair to transfers on other + * sockets. */ + mrc.now = Curl_now(); + result = multi_run_expired(&mrc); } - sigpipe_restore(&pipe_st); +out: + if(mrc.run_cpool) { + sigpipe_apply(multi->cpool.idata, &mrc.pipe_st); + Curl_cpool_multi_perform(multi); + } + sigpipe_restore(&mrc.pipe_st); if(running_handles) *running_handles = (int)multi->num_alive; + + if(CURLM_OK >= result) + result = Curl_update_timer(multi); return result; } #undef curl_multi_setopt -CURLMcode curl_multi_setopt(struct Curl_multi *multi, +CURLMcode curl_multi_setopt(CURLM *m, CURLMoption option, ...) { CURLMcode res = CURLM_OK; va_list param; unsigned long uarg; + struct Curl_multi *multi = m; if(!GOOD_MULTI_HANDLE(multi)) return CURLM_BAD_HANDLE; @@ -3392,42 +3699,33 @@ CURLMcode curl_multi_setopt(struct Curl_multi *multi, /* we define curl_multi_socket() in the public multi.h header */ #undef curl_multi_socket -CURLMcode curl_multi_socket(struct Curl_multi *multi, curl_socket_t s, - int *running_handles) +CURLMcode curl_multi_socket(CURLM *m, curl_socket_t s, int *running_handles) { - CURLMcode result; + struct Curl_multi *multi = m; if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; - result = multi_socket(multi, FALSE, s, 0, running_handles); - if(CURLM_OK >= result) - result = Curl_update_timer(multi); - return result; + return multi_socket(multi, FALSE, s, 0, running_handles); } -CURLMcode curl_multi_socket_action(struct Curl_multi *multi, curl_socket_t s, +CURLMcode curl_multi_socket_action(CURLM *m, curl_socket_t s, int ev_bitmask, int *running_handles) { - CURLMcode result; + struct Curl_multi *multi = m; if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; - result = multi_socket(multi, FALSE, s, ev_bitmask, running_handles); - if(CURLM_OK >= result) - result = Curl_update_timer(multi); - return result; + return multi_socket(multi, FALSE, s, ev_bitmask, running_handles); } -CURLMcode curl_multi_socket_all(struct Curl_multi *multi, int *running_handles) +CURLMcode curl_multi_socket_all(CURLM *m, int *running_handles) { - CURLMcode result; + struct Curl_multi *multi = m; if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; - result = multi_socket(multi, TRUE, CURL_SOCKET_BAD, 0, running_handles); - if(CURLM_OK >= result) - result = Curl_update_timer(multi); - return result; + return multi_socket(multi, TRUE, CURL_SOCKET_BAD, 0, running_handles); } static CURLMcode multi_timeout(struct Curl_multi *multi, + struct curltime *expire_time, long *timeout_ms) { static const struct curltime tv_zero = {0, 0}; @@ -3443,27 +3741,39 @@ static CURLMcode multi_timeout(struct Curl_multi *multi, /* splay the lowest to the bottom */ multi->timetree = Curl_splay(tv_zero, multi->timetree); - - if(Curl_splaycomparekeys(multi->timetree->key, now) > 0) { + /* this will not return NULL from a non-emtpy tree, but some compilers + * are not convinced of that. Analyzers are hard. */ + *expire_time = multi->timetree ? multi->timetree->key : tv_zero; + + /* 'multi->timetree' will be non-NULL here but the compilers sometimes + yell at us if we assume so */ + if(multi->timetree && + Curl_timediff_us(multi->timetree->key, now) > 0) { /* some time left before expiration */ timediff_t diff = Curl_timediff_ceil(multi->timetree->key, now); /* this should be safe even on 32-bit archs, as we do not use that overly long timeouts */ *timeout_ms = (long)diff; } - else + else { /* 0 means immediately */ *timeout_ms = 0; + } } - else + else { + *expire_time = tv_zero; *timeout_ms = -1; + } return CURLM_OK; } -CURLMcode curl_multi_timeout(struct Curl_multi *multi, +CURLMcode curl_multi_timeout(CURLM *m, long *timeout_ms) { + struct curltime expire_time; + struct Curl_multi *multi = m; + /* First, make some basic checks that the CURLM handle is a good handle */ if(!GOOD_MULTI_HANDLE(multi)) return CURLM_BAD_HANDLE; @@ -3471,56 +3781,79 @@ CURLMcode curl_multi_timeout(struct Curl_multi *multi, if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; - return multi_timeout(multi, timeout_ms); + return multi_timeout(multi, &expire_time, timeout_ms); } +#define DEBUG_UPDATE_TIMER 0 + /* * Tell the application it should update its timers, if it subscribes to the * update timer callback. */ CURLMcode Curl_update_timer(struct Curl_multi *multi) { + struct curltime expire_ts; long timeout_ms; int rc; + bool set_value = FALSE; if(!multi->timer_cb || multi->dead) return CURLM_OK; - if(multi_timeout(multi, &timeout_ms)) { - return CURLM_OK; - } - if(timeout_ms < 0) { - static const struct curltime none = {0, 0}; - if(Curl_splaycomparekeys(none, multi->timer_lastcall)) { - multi->timer_lastcall = none; - /* there is no timeout now but there was one previously, tell the app to - disable it */ - set_in_callback(multi, TRUE); - rc = multi->timer_cb(multi, -1, multi->timer_userp); - set_in_callback(multi, FALSE); - if(rc == -1) { - multi->dead = TRUE; - return CURLM_ABORTED_BY_CALLBACK; - } - return CURLM_OK; - } + if(multi_timeout(multi, &expire_ts, &timeout_ms)) { return CURLM_OK; } - /* When multi_timeout() is done, multi->timetree points to the node with the - * timeout we got the (relative) time-out time for. We can thus easily check - * if this is the same (fixed) time as we got in a previous call and then - * avoid calling the callback again. */ - if(Curl_splaycomparekeys(multi->timetree->key, multi->timer_lastcall) == 0) - return CURLM_OK; - - multi->timer_lastcall = multi->timetree->key; + if(timeout_ms < 0 && multi->last_timeout_ms < 0) { +#if DEBUG_UPDATE_TIMER + fprintf(stderr, "Curl_update_timer(), still no timeout, no change\n"); +#endif + } + else if(timeout_ms < 0) { + /* there is no timeout now but there was one previously */ +#if DEBUG_UPDATE_TIMER + fprintf(stderr, "Curl_update_timer(), remove timeout, " + " last_timeout=%ldms\n", multi->last_timeout_ms); +#endif + timeout_ms = -1; /* normalize */ + set_value = TRUE; + } + else if(multi->last_timeout_ms < 0) { +#if DEBUG_UPDATE_TIMER + fprintf(stderr, "Curl_update_timer(), had no timeout, set now\n"); +#endif + set_value = TRUE; + } + else if(Curl_timediff_us(multi->last_expire_ts, expire_ts)) { + /* We had a timeout before and have one now, the absolute timestamp + * differs. The relative timeout_ms may be the same, but the starting + * point differs. Let the application restart its timer. */ +#if DEBUG_UPDATE_TIMER + fprintf(stderr, "Curl_update_timer(), expire timestamp changed\n"); +#endif + set_value = TRUE; + } + else { + /* We have same expire time as previously. Our relative 'timeout_ms' + * may be different now, but the application has the timer running + * and we do not to tell it to start this again. */ +#if DEBUG_UPDATE_TIMER + fprintf(stderr, "Curl_update_timer(), same expire timestamp, no change\n"); +#endif + } - set_in_callback(multi, TRUE); - rc = multi->timer_cb(multi, timeout_ms, multi->timer_userp); - set_in_callback(multi, FALSE); - if(rc == -1) { - multi->dead = TRUE; - return CURLM_ABORTED_BY_CALLBACK; + if(set_value) { +#if DEBUG_UPDATE_TIMER + fprintf(stderr, "Curl_update_timer(), set timeout %ldms\n", timeout_ms); +#endif + multi->last_expire_ts = expire_ts; + multi->last_timeout_ms = timeout_ms; + set_in_callback(multi, TRUE); + rc = multi->timer_cb(multi, timeout_ms, multi->timer_userp); + set_in_callback(multi, FALSE); + if(rc == -1) { + multi->dead = TRUE; + return CURLM_ABORTED_BY_CALLBACK; + } } return CURLM_OK; } @@ -3533,13 +3866,13 @@ CURLMcode Curl_update_timer(struct Curl_multi *multi) static void multi_deltimeout(struct Curl_easy *data, expire_id eid) { - struct Curl_llist_element *e; + struct Curl_llist_node *e; struct Curl_llist *timeoutlist = &data->state.timeoutlist; /* find and remove the specific node from the list */ - for(e = timeoutlist->head; e; e = e->next) { - struct time_node *n = (struct time_node *)e->ptr; + for(e = Curl_llist_head(timeoutlist); e; e = Curl_node_next(e)) { + struct time_node *n = Curl_node_elem(e); if(n->eid == eid) { - Curl_llist_remove(timeoutlist, e, NULL); + Curl_node_remove(e); return; } } @@ -3557,9 +3890,9 @@ multi_addtimeout(struct Curl_easy *data, struct curltime *stamp, expire_id eid) { - struct Curl_llist_element *e; + struct Curl_llist_node *e; struct time_node *node; - struct Curl_llist_element *prev = NULL; + struct Curl_llist_node *prev = NULL; size_t n; struct Curl_llist *timeoutlist = &data->state.timeoutlist; @@ -3572,8 +3905,8 @@ multi_addtimeout(struct Curl_easy *data, n = Curl_llist_count(timeoutlist); if(n) { /* find the correct spot in the list */ - for(e = timeoutlist->head; e; e = e->next) { - struct time_node *check = (struct time_node *)e->ptr; + for(e = Curl_llist_head(timeoutlist); e; e = Curl_node_next(e)) { + struct time_node *check = Curl_node_elem(e); timediff_t diff = Curl_timediff(check->time, node->time); if(diff > 0) break; @@ -3588,21 +3921,12 @@ multi_addtimeout(struct Curl_easy *data, return CURLM_OK; } -/* - * Curl_expire() - * - * given a number of milliseconds from now to use to set the 'act before - * this'-time for the transfer, to be extracted by curl_multi_timeout() - * - * The timeout will be added to a queue of timeouts if it defines a moment in - * time that is later than the current head of queue. - * - * Expire replaces a former timeout using the same id if already set. - */ -void Curl_expire(struct Curl_easy *data, timediff_t milli, expire_id id) +static void expire_ex(struct Curl_easy *data, + const struct curltime *nowp, + timediff_t milli, expire_id id) { struct Curl_multi *multi = data->multi; - struct curltime *nowp = &data->state.expiretime; + struct curltime *curr_expire = &data->state.expiretime; struct curltime set; /* this is only interesting while there is still an associated multi struct @@ -3612,7 +3936,7 @@ void Curl_expire(struct Curl_easy *data, timediff_t milli, expire_id id) DEBUGASSERT(id < EXPIRE_LAST); - set = Curl_now(); + set = *nowp; set.tv_sec += (time_t)(milli/1000); /* might be a 64 to 32 bits conversion */ set.tv_usec += (int)(milli%1000)*1000; @@ -3628,11 +3952,11 @@ void Curl_expire(struct Curl_easy *data, timediff_t milli, expire_id id) in case we need to recompute the minimum timer later. */ multi_addtimeout(data, &set, id); - if(nowp->tv_sec || nowp->tv_usec) { + if(curr_expire->tv_sec || curr_expire->tv_usec) { /* This means that the struct is added as a node in the splay tree. Compare if the new time is earlier, and only remove-old/add-new if it is. */ - timediff_t diff = Curl_timediff(set, *nowp); + timediff_t diff = Curl_timediff(set, *curr_expire); int rc; if(diff > 0) { @@ -3651,12 +3975,29 @@ void Curl_expire(struct Curl_easy *data, timediff_t milli, expire_id id) /* Indicate that we are in the splay tree and insert the new timer expiry value since it is our local minimum. */ - *nowp = set; - data->state.timenode.payload = data; - multi->timetree = Curl_splayinsert(*nowp, multi->timetree, + *curr_expire = set; + Curl_splayset(&data->state.timenode, data); + multi->timetree = Curl_splayinsert(*curr_expire, multi->timetree, &data->state.timenode); } +/* + * Curl_expire() + * + * given a number of milliseconds from now to use to set the 'act before + * this'-time for the transfer, to be extracted by curl_multi_timeout() + * + * The timeout will be added to a queue of timeouts if it defines a moment in + * time that is later than the current head of queue. + * + * Expire replaces a former timeout using the same id if already set. + */ +void Curl_expire(struct Curl_easy *data, timediff_t milli, expire_id id) +{ + struct curltime now = Curl_now(); + expire_ex(data, &now, milli, id); +} + /* * Curl_expire_done() * @@ -3674,7 +4015,7 @@ void Curl_expire_done(struct Curl_easy *data, expire_id id) * * Clear ALL timeout values for this handle. */ -void Curl_expire_clear(struct Curl_easy *data) +bool Curl_expire_clear(struct Curl_easy *data) { struct Curl_multi *multi = data->multi; struct curltime *nowp = &data->state.expiretime; @@ -3682,7 +4023,7 @@ void Curl_expire_clear(struct Curl_easy *data) /* this is only interesting while there is still an associated multi struct remaining! */ if(!multi) - return; + return FALSE; if(nowp->tv_sec || nowp->tv_usec) { /* Since this is an cleared time, we must remove the previous entry from @@ -3695,26 +4036,26 @@ void Curl_expire_clear(struct Curl_easy *data) if(rc) infof(data, "Internal error clearing splay node = %d", rc); - /* flush the timeout list too */ - while(list->size > 0) { - Curl_llist_remove(list, list->tail, NULL); - } + /* clear the timeout list too */ + Curl_llist_destroy(list, NULL); #ifdef DEBUGBUILD infof(data, "Expire cleared"); #endif nowp->tv_sec = 0; nowp->tv_usec = 0; + return TRUE; } + return FALSE; } - - - -CURLMcode curl_multi_assign(struct Curl_multi *multi, curl_socket_t s, +CURLMcode curl_multi_assign(CURLM *m, curl_socket_t s, void *hashp) { struct Curl_sh_entry *there = NULL; + struct Curl_multi *multi = m; + if(!GOOD_MULTI_HANDLE(multi)) + return CURLM_BAD_HANDLE; there = sh_getentry(&multi->sockhash, s); @@ -3726,52 +4067,24 @@ CURLMcode curl_multi_assign(struct Curl_multi *multi, curl_socket_t s, return CURLM_OK; } -size_t Curl_multi_max_host_connections(struct Curl_multi *multi) -{ - return multi ? (size_t)multi->max_host_connections : 0; -} - -size_t Curl_multi_max_total_connections(struct Curl_multi *multi) -{ - return multi ? (size_t)multi->max_total_connections : 0; -} - -/* - * When information about a connection has appeared, call this! - */ - -void Curl_multiuse_state(struct Curl_easy *data, - int bundlestate) /* use BUNDLE_* defines */ -{ - struct connectdata *conn; - DEBUGASSERT(data); - DEBUGASSERT(data->multi); - conn = data->conn; - DEBUGASSERT(conn); - DEBUGASSERT(conn->bundle); - - conn->bundle->multiuse = bundlestate; - process_pending_handles(data->multi); -} - static void move_pending_to_connect(struct Curl_multi *multi, struct Curl_easy *data) { DEBUGASSERT(data->mstate == MSTATE_PENDING); - /* put it back into the main list */ - link_easy(multi, data); + /* Remove this node from the pending list */ + Curl_node_remove(&data->multi_queue); + + /* put it into the process list */ + Curl_llist_append(&multi->process, data, &data->multi_queue); multistate(data, MSTATE_CONNECT); - /* Remove this node from the pending list */ - Curl_llist_remove(&multi->pending, &data->connect_queue, NULL); - /* Make sure that the handle will be processed soonish. */ Curl_expire(data, 0, EXPIRE_RUN_NOW); } -/* process_pending_handles() moves a handle from PENDING back into the main +/* process_pending_handles() moves a handle from PENDING back into the process list and change state to CONNECT. We do not move all transfers because that can be a significant amount. @@ -3787,9 +4100,9 @@ static void move_pending_to_connect(struct Curl_multi *multi, */ static void process_pending_handles(struct Curl_multi *multi) { - struct Curl_llist_element *e = multi->pending.head; + struct Curl_llist_node *e = Curl_llist_head(&multi->pending); if(e) { - struct Curl_easy *data = e->ptr; + struct Curl_easy *data = Curl_node_elem(e); move_pending_to_connect(multi, data); } } @@ -3811,18 +4124,18 @@ unsigned int Curl_multi_max_concurrent_streams(struct Curl_multi *multi) return multi->max_concurrent_streams; } -struct Curl_easy **curl_multi_get_handles(struct Curl_multi *multi) +CURL **curl_multi_get_handles(CURLM *m) { - struct Curl_easy **a = malloc(sizeof(struct Curl_easy *) * - (multi->num_easy + 1)); + struct Curl_multi *multi = m; + CURL **a = malloc(sizeof(struct Curl_easy *) * (multi->num_easy + 1)); if(a) { unsigned int i = 0; - struct Curl_easy *e = multi->easyp; - while(e) { + struct Curl_llist_node *e; + for(e = Curl_llist_head(&multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *data = Curl_node_elem(e); DEBUGASSERT(i < multi->num_easy); - if(!e->state.internal) - a[i++] = e; - e = e->next; + if(!data->state.internal) + a[i++] = data; } a[i] = NULL; /* last entry is a NULL */ } @@ -3935,6 +4248,51 @@ void Curl_multi_xfer_ulbuf_release(struct Curl_easy *data, char *buf) data->multi->xfer_ulbuf_borrowed = FALSE; } +CURLcode Curl_multi_xfer_sockbuf_borrow(struct Curl_easy *data, + size_t blen, char **pbuf) +{ + DEBUGASSERT(data); + DEBUGASSERT(data->multi); + *pbuf = NULL; + if(!data->multi) { + failf(data, "transfer has no multi handle"); + return CURLE_FAILED_INIT; + } + if(data->multi->xfer_sockbuf_borrowed) { + failf(data, "attempt to borrow xfer_sockbuf when already borrowed"); + return CURLE_AGAIN; + } + + if(data->multi->xfer_sockbuf && blen > data->multi->xfer_sockbuf_len) { + /* not large enough, get a new one */ + free(data->multi->xfer_sockbuf); + data->multi->xfer_sockbuf = NULL; + data->multi->xfer_sockbuf_len = 0; + } + + if(!data->multi->xfer_sockbuf) { + data->multi->xfer_sockbuf = malloc(blen); + if(!data->multi->xfer_sockbuf) { + failf(data, "could not allocate xfer_sockbuf of %zu bytes", blen); + return CURLE_OUT_OF_MEMORY; + } + data->multi->xfer_sockbuf_len = blen; + } + + data->multi->xfer_sockbuf_borrowed = TRUE; + *pbuf = data->multi->xfer_sockbuf; + return CURLE_OK; +} + +void Curl_multi_xfer_sockbuf_release(struct Curl_easy *data, char *buf) +{ + (void)buf; + DEBUGASSERT(data); + DEBUGASSERT(data->multi); + DEBUGASSERT(!buf || data->multi->xfer_sockbuf == buf); + data->multi->xfer_sockbuf_borrowed = FALSE; +} + static void multi_xfer_bufs_free(struct Curl_multi *multi) { DEBUGASSERT(multi); @@ -3944,4 +4302,36 @@ static void multi_xfer_bufs_free(struct Curl_multi *multi) Curl_safefree(multi->xfer_ulbuf); multi->xfer_ulbuf_len = 0; multi->xfer_ulbuf_borrowed = FALSE; + Curl_safefree(multi->xfer_sockbuf); + multi->xfer_sockbuf_len = 0; + multi->xfer_sockbuf_borrowed = FALSE; +} + +struct Curl_easy *Curl_multi_get_handle(struct Curl_multi *multi, + curl_off_t mid) +{ + + if(mid >= 0) { + struct Curl_easy *data; + struct Curl_llist_node *e; + + for(e = Curl_llist_head(&multi->process); e; e = Curl_node_next(e)) { + data = Curl_node_elem(e); + if(data->mid == mid) + return data; + } + /* may be in msgsent queue */ + for(e = Curl_llist_head(&multi->msgsent); e; e = Curl_node_next(e)) { + data = Curl_node_elem(e); + if(data->mid == mid) + return data; + } + /* may be in pending queue */ + for(e = Curl_llist_head(&multi->pending); e; e = Curl_node_next(e)) { + data = Curl_node_elem(e); + if(data->mid == mid) + return data; + } + } + return NULL; } diff --git a/libraries/libcurl/multihandle.h b/libraries/libcurl/multihandle.h index 9b80beab..9225d2d3 100644 --- a/libraries/libcurl/multihandle.h +++ b/libraries/libcurl/multihandle.h @@ -33,7 +33,7 @@ struct connectdata; struct Curl_message { - struct Curl_llist_element list; + struct Curl_llist_node list; /* the 'CURLMsg' is the part that is visible to the external user */ struct CURLMsg extmsg; }; @@ -86,20 +86,17 @@ struct Curl_multi { this multi handle with an easy handle. Set this to CURL_MULTI_HANDLE. */ unsigned int magic; - /* We have a doubly-linked list with easy handles */ - struct Curl_easy *easyp; - struct Curl_easy *easylp; /* last node */ - unsigned int num_easy; /* amount of entries in the linked list above. */ unsigned int num_alive; /* amount of easy handles that are added but have not yet reached COMPLETE state */ struct Curl_llist msglist; /* a list of messages from completed transfers */ - struct Curl_llist pending; /* Curl_easys that are in the - MSTATE_PENDING state */ - struct Curl_llist msgsent; /* Curl_easys that are in the - MSTATE_MSGSENT state */ + /* Each added easy handle is added to ONE of these three lists */ + struct Curl_llist process; /* not in PENDING or MSGSENT */ + struct Curl_llist pending; /* in PENDING */ + struct Curl_llist msgsent; /* in MSGSENT */ + curl_off_t next_easy_mid; /* next multi-id for easy handle added */ /* callback function and user data pointer for the *socket() API */ curl_socket_callback socket_cb; @@ -127,6 +124,9 @@ struct Curl_multi { /* buffer used for upload data, lazy initialized */ char *xfer_ulbuf; /* the actual buffer */ size_t xfer_ulbuf_len; /* the allocated length */ + /* buffer used for socket I/O operations, lazy initialized */ + char *xfer_sockbuf; /* the actual buffer */ + size_t xfer_sockbuf_len; /* the allocated length */ /* 'sockhash' is the lookup hash for socket descriptor => easy handles (note the pluralis form, there can be more than one easy handle waiting on the @@ -141,7 +141,7 @@ struct Curl_multi { struct Curl_hash proto_hash; /* Shared connection cache (bundles)*/ - struct conncache conn_cache; + struct cpool cpool; long max_host_connections; /* if >0, a fixed limit of the maximum number of connections per host */ @@ -154,10 +154,11 @@ struct Curl_multi { /* timer callback and user data pointer for the *socket() API */ curl_multi_timer_callback timer_cb; void *timer_userp; - struct curltime timer_lastcall; /* the fixed time for the timeout for the - previous callback */ + long last_timeout_ms; /* the last timeout value set via timer_cb */ + struct curltime last_expire_ts; /* timestamp of last expiry */ + #ifdef USE_WINSOCK - WSAEVENT wsa_event; /* winsock event used for waits */ + WSAEVENT wsa_event; /* Winsock event used for waits */ #else #ifdef ENABLE_WAKEUP curl_socket_t wakeup_pair[2]; /* eventfd()/pipe()/socketpair() used for @@ -183,6 +184,7 @@ struct Curl_multi { burn */ BIT(xfer_buf_borrowed); /* xfer_buf is currently being borrowed */ BIT(xfer_ulbuf_borrowed); /* xfer_ulbuf is currently being borrowed */ + BIT(xfer_sockbuf_borrowed); /* xfer_sockbuf is currently being borrowed */ #ifdef DEBUGBUILD BIT(warned); /* true after user warned of DEBUGBUILD */ #endif diff --git a/libraries/libcurl/multiif.h b/libraries/libcurl/multiif.h index d3c12bae..fd0e2151 100644 --- a/libraries/libcurl/multiif.h +++ b/libraries/libcurl/multiif.h @@ -30,7 +30,7 @@ CURLcode Curl_updatesocket(struct Curl_easy *data); void Curl_expire(struct Curl_easy *data, timediff_t milli, expire_id); -void Curl_expire_clear(struct Curl_easy *data); +bool Curl_expire_clear(struct Curl_easy *data); void Curl_expire_done(struct Curl_easy *data, expire_id id); CURLMcode Curl_update_timer(struct Curl_multi *multi) WARN_UNUSED_RESULT; void Curl_attach_connection(struct Curl_easy *data, @@ -63,15 +63,6 @@ struct Curl_multi *Curl_multi_handle(size_t hashsize, /* mask for checking if read and/or write is set for index x */ #define GETSOCK_MASK_RW(x) (GETSOCK_READSOCK(x)|GETSOCK_WRITESOCK(x)) -/* Return the value of the CURLMOPT_MAX_HOST_CONNECTIONS option */ -size_t Curl_multi_max_host_connections(struct Curl_multi *multi); - -/* Return the value of the CURLMOPT_MAX_TOTAL_CONNECTIONS option */ -size_t Curl_multi_max_total_connections(struct Curl_multi *multi); - -void Curl_multiuse_state(struct Curl_easy *data, - int bundlestate); /* use BUNDLE_* defines */ - /* * Curl_multi_closed() * @@ -153,4 +144,34 @@ CURLcode Curl_multi_xfer_ulbuf_borrow(struct Curl_easy *data, */ void Curl_multi_xfer_ulbuf_release(struct Curl_easy *data, char *buf); +/** + * Borrow the socket scratch buffer from the multi, suitable + * for the given transfer `data`. The buffer may only be used for + * direct socket I/O operation by one connection at a time and MUST be + * returned to the multi before the I/O call returns. + * Pointers into the buffer remain only valid as long as it is borrowed. + * + * @param data the easy handle + * @param blen requested length of the buffer + * @param pbuf on return, the buffer to use or NULL on error + * @return CURLE_OK when buffer is available and is returned. + * CURLE_OUT_OF_MEMORy on failure to allocate the buffer, + * CURLE_FAILED_INIT if the easy handle is without multi. + * CURLE_AGAIN if the buffer is borrowed already. + */ +CURLcode Curl_multi_xfer_sockbuf_borrow(struct Curl_easy *data, + size_t blen, char **pbuf); +/** + * Release the borrowed buffer. All references into the buffer become + * invalid after this. + * @param buf the buffer pointer borrowed for coding error checks. + */ +void Curl_multi_xfer_sockbuf_release(struct Curl_easy *data, char *buf); + +/** + * Get the transfer handle for the given id. Returns NULL if not found. + */ +struct Curl_easy *Curl_multi_get_handle(struct Curl_multi *multi, + curl_off_t id); + #endif /* HEADER_CURL_MULTIIF_H */ diff --git a/libraries/libcurl/netrc.c b/libraries/libcurl/netrc.c index 571fc735..c23f927c 100644 --- a/libraries/libcurl/netrc.c +++ b/libraries/libcurl/netrc.c @@ -31,7 +31,6 @@ #include #include "netrc.h" -#include "strtok.h" #include "strcase.h" #include "curl_get_line.h" @@ -49,21 +48,56 @@ enum host_lookup_state { MACDEF }; +enum found_state { + NONE, + LOGIN, + PASSWORD +}; + #define NETRC_FILE_MISSING 1 #define NETRC_FAILED -1 #define NETRC_SUCCESS 0 #define MAX_NETRC_LINE 4096 +#define MAX_NETRC_FILE (64*1024) +#define MAX_NETRC_TOKEN 128 + +static CURLcode file2memory(const char *filename, struct dynbuf *filebuf) +{ + CURLcode result = CURLE_OK; + FILE *file = fopen(filename, FOPEN_READTEXT); + struct dynbuf linebuf; + Curl_dyn_init(&linebuf, MAX_NETRC_LINE); + + if(file) { + while(Curl_get_line(&linebuf, file)) { + const char *line = Curl_dyn_ptr(&linebuf); + /* skip comments on load */ + while(ISBLANK(*line)) + line++; + if(*line == '#') + continue; + result = Curl_dyn_add(filebuf, line); + if(result) + goto done; + } + } +done: + Curl_dyn_free(&linebuf); + if(file) + fclose(file); + return result; +} /* * Returns zero on success. */ -static int parsenetrc(const char *host, +static int parsenetrc(struct store_netrc *store, + const char *host, char **loginp, char **passwordp, - char *netrcfile) + const char *netrcfile) { - FILE *file; int retcode = NETRC_FILE_MISSING; char *login = *loginp; char *password = *passwordp; @@ -71,204 +105,212 @@ static int parsenetrc(const char *host, bool login_alloc = FALSE; bool password_alloc = FALSE; enum host_lookup_state state = NOTHING; + enum found_state found = NONE; + bool our_login = TRUE; /* With specific_login, found *our* login name (or + login-less line) */ + bool done = FALSE; + char *netrcbuffer; + struct dynbuf token; + struct dynbuf *filebuf = &store->filebuf; + Curl_dyn_init(&token, MAX_NETRC_TOKEN); - char state_login = 0; /* Found a login keyword */ - char state_password = 0; /* Found a password keyword */ - int state_our_login = TRUE; /* With specific_login, found *our* login - name (or login-less line) */ - - DEBUGASSERT(netrcfile); + if(!store->loaded) { + if(file2memory(netrcfile, filebuf)) + return NETRC_FAILED; + store->loaded = TRUE; + } - file = fopen(netrcfile, FOPEN_READTEXT); - if(file) { - bool done = FALSE; - struct dynbuf buf; - Curl_dyn_init(&buf, MAX_NETRC_LINE); + netrcbuffer = Curl_dyn_ptr(filebuf); - while(!done && Curl_get_line(&buf, file)) { - char *tok; + while(!done) { + char *tok = netrcbuffer; + while(tok) { char *tok_end; bool quoted; - char *netrcbuffer = Curl_dyn_ptr(&buf); + Curl_dyn_reset(&token); + while(ISBLANK(*tok)) + tok++; + /* tok is first non-space letter */ if(state == MACDEF) { - if((netrcbuffer[0] == '\n') || (netrcbuffer[0] == '\r')) - state = NOTHING; - else - continue; + if((*tok == '\n') || (*tok == '\r')) + state = NOTHING; /* end of macro definition */ } - tok = netrcbuffer; - while(tok) { - while(ISBLANK(*tok)) - tok++; - /* tok is first non-space letter */ - if(!*tok || (*tok == '#')) - /* end of line or the rest is a comment */ - break; - /* leading double-quote means quoted string */ - quoted = (*tok == '\"'); + if(!*tok || (*tok == '\n')) + /* end of line */ + break; - tok_end = tok; - if(!quoted) { - while(!ISSPACE(*tok_end)) - tok_end++; - *tok_end = 0; + /* leading double-quote means quoted string */ + quoted = (*tok == '\"'); + + tok_end = tok; + if(!quoted) { + size_t len = 0; + while(!ISSPACE(*tok_end)) { + tok_end++; + len++; } - else { - bool escape = FALSE; - bool endquote = FALSE; - char *store = tok; - tok_end++; /* pass the leading quote */ - while(*tok_end) { - char s = *tok_end; - if(escape) { - escape = FALSE; - switch(s) { - case 'n': - s = '\n'; - break; - case 'r': - s = '\r'; - break; - case 't': - s = '\t'; - break; - } - } - else if(s == '\\') { - escape = TRUE; - tok_end++; - continue; - } - else if(s == '\"') { - tok_end++; /* pass the ending quote */ - endquote = TRUE; + if(!len || Curl_dyn_addn(&token, tok, len)) { + retcode = NETRC_FAILED; + goto out; + } + } + else { + bool escape = FALSE; + bool endquote = FALSE; + tok_end++; /* pass the leading quote */ + while(*tok_end) { + char s = *tok_end; + if(escape) { + escape = FALSE; + switch(s) { + case 'n': + s = '\n'; + break; + case 'r': + s = '\r'; + break; + case 't': + s = '\t'; break; } - *store++ = s; + } + else if(s == '\\') { + escape = TRUE; tok_end++; + continue; + } + else if(s == '\"') { + tok_end++; /* pass the ending quote */ + endquote = TRUE; + break; } - *store = 0; - if(escape || !endquote) { - /* bad syntax, get out */ + if(Curl_dyn_addn(&token, &s, 1)) { retcode = NETRC_FAILED; goto out; } + tok_end++; } - - if((login && *login) && (password && *password)) { - done = TRUE; - break; + if(escape || !endquote) { + /* bad syntax, get out */ + retcode = NETRC_FAILED; + goto out; } + } - switch(state) { - case NOTHING: - if(strcasecompare("macdef", tok)) { - /* Define a macro. A macro is defined with the specified name; its - contents begin with the next .netrc line and continue until a - null line (consecutive new-line characters) is encountered. */ - state = MACDEF; - } - else if(strcasecompare("machine", tok)) { - /* the next tok is the machine name, this is in itself the - delimiter that starts the stuff entered for this machine, - after this we need to search for 'login' and - 'password'. */ - state = HOSTFOUND; - } - else if(strcasecompare("default", tok)) { - state = HOSTVALID; - retcode = NETRC_SUCCESS; /* we did find our host */ - } - break; - case MACDEF: - if(!strlen(tok)) { - state = NOTHING; - } - break; - case HOSTFOUND: - if(strcasecompare(host, tok)) { - /* and yes, this is our host! */ - state = HOSTVALID; - retcode = NETRC_SUCCESS; /* we did find our host */ + if((login && *login) && (password && *password)) { + done = TRUE; + break; + } + + tok = Curl_dyn_ptr(&token); + + switch(state) { + case NOTHING: + if(strcasecompare("macdef", tok)) + /* Define a macro. A macro is defined with the specified name; its + contents begin with the next .netrc line and continue until a + null line (consecutive new-line characters) is encountered. */ + state = MACDEF; + else if(strcasecompare("machine", tok)) + /* the next tok is the machine name, this is in itself the delimiter + that starts the stuff entered for this machine, after this we + need to search for 'login' and 'password'. */ + state = HOSTFOUND; + else if(strcasecompare("default", tok)) { + state = HOSTVALID; + retcode = NETRC_SUCCESS; /* we did find our host */ + } + break; + case MACDEF: + if(!*tok) + state = NOTHING; + break; + case HOSTFOUND: + if(strcasecompare(host, tok)) { + /* and yes, this is our host! */ + state = HOSTVALID; + retcode = NETRC_SUCCESS; /* we did find our host */ + } + else + /* not our host */ + state = NOTHING; + break; + case HOSTVALID: + /* we are now parsing sub-keywords concerning "our" host */ + if(found == LOGIN) { + if(specific_login) { + our_login = !Curl_timestrcmp(login, tok); } - else - /* not our host */ - state = NOTHING; - break; - case HOSTVALID: - /* we are now parsing sub-keywords concerning "our" host */ - if(state_login) { - if(specific_login) { - state_our_login = !Curl_timestrcmp(login, tok); + else if(!login || Curl_timestrcmp(login, tok)) { + if(login_alloc) + free(login); + login = strdup(tok); + if(!login) { + retcode = NETRC_FAILED; /* allocation failed */ + goto out; } - else if(!login || Curl_timestrcmp(login, tok)) { - if(login_alloc) { - free(login); - login_alloc = FALSE; - } - login = strdup(tok); - if(!login) { - retcode = NETRC_FAILED; /* allocation failed */ - goto out; - } - login_alloc = TRUE; - } - state_login = 0; + login_alloc = TRUE; } - else if(state_password) { - if((state_our_login || !specific_login) - && (!password || Curl_timestrcmp(password, tok))) { - if(password_alloc) { - free(password); - password_alloc = FALSE; - } - password = strdup(tok); - if(!password) { - retcode = NETRC_FAILED; /* allocation failed */ - goto out; - } - password_alloc = TRUE; + found = NONE; + } + else if(found == PASSWORD) { + if((our_login || !specific_login) && + (!password || Curl_timestrcmp(password, tok))) { + if(password_alloc) + free(password); + password = strdup(tok); + if(!password) { + retcode = NETRC_FAILED; /* allocation failed */ + goto out; } - state_password = 0; - } - else if(strcasecompare("login", tok)) - state_login = 1; - else if(strcasecompare("password", tok)) - state_password = 1; - else if(strcasecompare("machine", tok)) { - /* ok, there is machine here go => */ - state = HOSTFOUND; - state_our_login = FALSE; + password_alloc = TRUE; } - break; - } /* switch (state) */ - tok = ++tok_end; - } - } /* while Curl_get_line() */ + found = NONE; + } + else if(strcasecompare("login", tok)) + found = LOGIN; + else if(strcasecompare("password", tok)) + found = PASSWORD; + else if(strcasecompare("machine", tok)) { + /* ok, there is machine here go => */ + state = HOSTFOUND; + found = NONE; + } + break; + } /* switch (state) */ + tok = ++tok_end; + } + if(!done) { + char *nl = NULL; + if(tok) + nl = strchr(tok, '\n'); + if(!nl) + break; + /* point to next line */ + netrcbuffer = &nl[1]; + } + } /* while !done */ out: - Curl_dyn_free(&buf); - if(!retcode) { - /* success */ - if(login_alloc) { - if(*loginp) - free(*loginp); - *loginp = login; - } - if(password_alloc) { - if(*passwordp) - free(*passwordp); - *passwordp = password; - } + Curl_dyn_free(&token); + if(!retcode) { + /* success */ + if(login_alloc) { + free(*loginp); + *loginp = login; } - else { - if(login_alloc) - free(login); - if(password_alloc) - free(password); + if(password_alloc) { + free(*passwordp); + *passwordp = password; } - fclose(file); + } + else { + Curl_dyn_free(filebuf); + if(login_alloc) + free(login); + if(password_alloc) + free(password); } return retcode; @@ -280,7 +322,8 @@ static int parsenetrc(const char *host, * *loginp and *passwordp MUST be allocated if they are not NULL when passed * in. */ -int Curl_parsenetrc(const char *host, char **loginp, char **passwordp, +int Curl_parsenetrc(struct store_netrc *store, const char *host, + char **loginp, char **passwordp, char *netrcfile) { int retcode = 1; @@ -324,30 +367,40 @@ int Curl_parsenetrc(const char *host, char **loginp, char **passwordp, return retcode; /* no home directory found (or possibly out of memory) */ - filealloc = curl_maprintf("%s%s.netrc", home, DIR_CHAR); + filealloc = aprintf("%s%s.netrc", home, DIR_CHAR); if(!filealloc) { free(homea); return -1; } - retcode = parsenetrc(host, loginp, passwordp, filealloc); + retcode = parsenetrc(store, host, loginp, passwordp, filealloc); free(filealloc); #ifdef _WIN32 if(retcode == NETRC_FILE_MISSING) { /* fallback to the old-style "_netrc" file */ - filealloc = curl_maprintf("%s%s_netrc", home, DIR_CHAR); + filealloc = aprintf("%s%s_netrc", home, DIR_CHAR); if(!filealloc) { free(homea); return -1; } - retcode = parsenetrc(host, loginp, passwordp, filealloc); + retcode = parsenetrc(store, host, loginp, passwordp, filealloc); free(filealloc); } #endif free(homea); } else - retcode = parsenetrc(host, loginp, passwordp, netrcfile); + retcode = parsenetrc(store, host, loginp, passwordp, netrcfile); return retcode; } +void Curl_netrc_init(struct store_netrc *s) +{ + Curl_dyn_init(&s->filebuf, MAX_NETRC_FILE); + s->loaded = FALSE; +} +void Curl_netrc_cleanup(struct store_netrc *s) +{ + Curl_dyn_free(&s->filebuf); + s->loaded = FALSE; +} #endif diff --git a/libraries/libcurl/netrc.h b/libraries/libcurl/netrc.h index 37c95db5..0ef9ff78 100644 --- a/libraries/libcurl/netrc.h +++ b/libraries/libcurl/netrc.h @@ -26,9 +26,19 @@ #include "curl_setup.h" #ifndef CURL_DISABLE_NETRC +#include "dynbuf.h" + +struct store_netrc { + struct dynbuf filebuf; + char *filename; + BIT(loaded); +}; + +void Curl_netrc_init(struct store_netrc *s); +void Curl_netrc_cleanup(struct store_netrc *s); /* returns -1 on failure, 0 if the host is found, 1 is the host is not found */ -int Curl_parsenetrc(const char *host, char **loginp, +int Curl_parsenetrc(struct store_netrc *s, const char *host, char **loginp, char **passwordp, char *filename); /* Assume: (*passwordp)[0]=0, host[0] != 0. * If (*loginp)[0] = 0, search for login and password within a machine @@ -38,6 +48,8 @@ int Curl_parsenetrc(const char *host, char **loginp, #else /* disabled */ #define Curl_parsenetrc(a,b,c,d,e,f) 1 +#define Curl_netrc_init(x) +#define Curl_netrc_cleanup(x) #endif #endif /* HEADER_CURL_NETRC_H */ diff --git a/libraries/libcurl/nonblock.c b/libraries/libcurl/nonblock.c index 9ee93db2..6dcf42a7 100644 --- a/libraries/libcurl/nonblock.c +++ b/libraries/libcurl/nonblock.c @@ -47,7 +47,7 @@ int curlx_nonblock(curl_socket_t sockfd, /* operate on this */ int nonblock /* TRUE or FALSE */) { #if defined(HAVE_FCNTL_O_NONBLOCK) - /* most recent unix versions */ + /* most recent Unix versions */ int flags; flags = sfcntl(sockfd, F_GETFL, 0); if(flags < 0) @@ -65,7 +65,7 @@ int curlx_nonblock(curl_socket_t sockfd, /* operate on this */ #elif defined(HAVE_IOCTL_FIONBIO) - /* older unix versions */ + /* older Unix versions */ int flags = nonblock ? 1 : 0; return ioctl(sockfd, FIONBIO, &flags); diff --git a/libraries/libcurl/openldap.c b/libraries/libcurl/openldap.c index 1b35ba0d..8c4af22b 100644 --- a/libraries/libcurl/openldap.c +++ b/libraries/libcurl/openldap.c @@ -236,17 +236,13 @@ static CURLcode oldap_map_error(int rc, CURLcode result) { switch(rc) { case LDAP_NO_MEMORY: - result = CURLE_OUT_OF_MEMORY; - break; + return CURLE_OUT_OF_MEMORY; case LDAP_INVALID_CREDENTIALS: - result = CURLE_LOGIN_DENIED; - break; + return CURLE_LOGIN_DENIED; case LDAP_PROTOCOL_ERROR: - result = CURLE_UNSUPPORTED_PROTOCOL; - break; + return CURLE_UNSUPPORTED_PROTOCOL; case LDAP_INSUFFICIENT_ACCESS: - result = CURLE_REMOTE_ACCESS_DENIED; - break; + return CURLE_REMOTE_ACCESS_DENIED; } return result; } @@ -276,7 +272,8 @@ static CURLcode oldap_url_parse(struct Curl_easy *data, LDAPURLDesc **ludp) if(rc != LDAP_URL_SUCCESS) { const char *msg = "url parsing problem"; - result = rc == LDAP_URL_ERR_MEM? CURLE_OUT_OF_MEMORY: CURLE_URL_MALFORMAT; + result = rc == LDAP_URL_ERR_MEM ? CURLE_OUT_OF_MEMORY : + CURLE_URL_MALFORMAT; rc -= LDAP_URL_SUCCESS; if((size_t) rc < sizeof(url_errs) / sizeof(url_errs[0])) msg = url_errs[rc]; @@ -313,7 +310,7 @@ static CURLcode oldap_parse_login_options(struct connectdata *conn) ptr++; } - return result == CURLE_URL_MALFORMAT? CURLE_SETOPT_OPTION_SYNTAX: result; + return result == CURLE_URL_MALFORMAT ? CURLE_SETOPT_OPTION_SYNTAX : result; } static CURLcode oldap_setup_connection(struct Curl_easy *data, @@ -351,7 +348,6 @@ static CURLcode oldap_perform_auth(struct Curl_easy *data, const char *mech, { struct connectdata *conn = data->conn; struct ldapconninfo *li = conn->proto.ldapc; - CURLcode result = CURLE_OK; struct berval cred; struct berval *pcred = &cred; int rc; @@ -362,8 +358,8 @@ static CURLcode oldap_perform_auth(struct Curl_easy *data, const char *mech, pcred = NULL; rc = ldap_sasl_bind(li->ld, NULL, mech, pcred, NULL, NULL, &li->msgid); if(rc != LDAP_SUCCESS) - result = oldap_map_error(rc, CURLE_LDAP_CANNOT_BIND); - return result; + return oldap_map_error(rc, CURLE_LDAP_CANNOT_BIND); + return CURLE_OK; } /* @@ -374,7 +370,6 @@ static CURLcode oldap_continue_auth(struct Curl_easy *data, const char *mech, { struct connectdata *conn = data->conn; struct ldapconninfo *li = conn->proto.ldapc; - CURLcode result = CURLE_OK; struct berval cred; struct berval *pcred = &cred; int rc; @@ -385,8 +380,8 @@ static CURLcode oldap_continue_auth(struct Curl_easy *data, const char *mech, pcred = NULL; rc = ldap_sasl_bind(li->ld, NULL, mech, pcred, NULL, NULL, &li->msgid); if(rc != LDAP_SUCCESS) - result = oldap_map_error(rc, CURLE_LDAP_CANNOT_BIND); - return result; + return oldap_map_error(rc, CURLE_LDAP_CANNOT_BIND); + return CURLE_OK; } /* @@ -395,20 +390,18 @@ static CURLcode oldap_continue_auth(struct Curl_easy *data, const char *mech, static CURLcode oldap_cancel_auth(struct Curl_easy *data, const char *mech) { struct ldapconninfo *li = data->conn->proto.ldapc; - CURLcode result = CURLE_OK; int rc = ldap_sasl_bind(li->ld, NULL, LDAP_SASL_NULL, NULL, NULL, NULL, &li->msgid); (void)mech; if(rc != LDAP_SUCCESS) - result = oldap_map_error(rc, CURLE_LDAP_CANNOT_BIND); - return result; + return oldap_map_error(rc, CURLE_LDAP_CANNOT_BIND); + return CURLE_OK; } /* Starts LDAP simple bind. */ static CURLcode oldap_perform_bind(struct Curl_easy *data, ldapstate newstate) { - CURLcode result = CURLE_OK; struct connectdata *conn = data->conn; struct ldapconninfo *li = conn->proto.ldapc; char *binddn = NULL; @@ -426,19 +419,17 @@ static CURLcode oldap_perform_bind(struct Curl_easy *data, ldapstate newstate) rc = ldap_sasl_bind(li->ld, binddn, LDAP_SASL_SIMPLE, &passwd, NULL, NULL, &li->msgid); - if(rc == LDAP_SUCCESS) - oldap_state(data, newstate); - else - result = oldap_map_error(rc, - data->state.aptr.user? - CURLE_LOGIN_DENIED: CURLE_LDAP_CANNOT_BIND); - return result; + if(rc != LDAP_SUCCESS) + return oldap_map_error(rc, + data->state.aptr.user ? + CURLE_LOGIN_DENIED : CURLE_LDAP_CANNOT_BIND); + oldap_state(data, newstate); + return CURLE_OK; } /* Query the supported SASL authentication mechanisms. */ static CURLcode oldap_perform_mechs(struct Curl_easy *data) { - CURLcode result = CURLE_OK; struct ldapconninfo *li = data->conn->proto.ldapc; int rc; static const char * const supportedSASLMechanisms[] = { @@ -449,11 +440,10 @@ static CURLcode oldap_perform_mechs(struct Curl_easy *data) rc = ldap_search_ext(li->ld, "", LDAP_SCOPE_BASE, "(objectclass=*)", (char **) supportedSASLMechanisms, 0, NULL, NULL, NULL, 0, &li->msgid); - if(rc == LDAP_SUCCESS) - oldap_state(data, OLDAP_MECHS); - else - result = oldap_map_error(rc, CURLE_LOGIN_DENIED); - return result; + if(rc != LDAP_SUCCESS) + return oldap_map_error(rc, CURLE_LOGIN_DENIED); + oldap_state(data, OLDAP_MECHS); + return CURLE_OK; } /* Starts SASL bind. */ @@ -479,12 +469,10 @@ static bool ssl_installed(struct connectdata *conn) static CURLcode oldap_ssl_connect(struct Curl_easy *data, ldapstate newstate) { - CURLcode result = CURLE_OK; struct connectdata *conn = data->conn; struct ldapconninfo *li = conn->proto.ldapc; - bool ssldone = 0; - - result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssldone); + bool ssldone = FALSE; + CURLcode result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssldone); if(!result) { oldap_state(data, newstate); @@ -505,15 +493,13 @@ static CURLcode oldap_ssl_connect(struct Curl_easy *data, ldapstate newstate) /* Send the STARTTLS request */ static CURLcode oldap_perform_starttls(struct Curl_easy *data) { - CURLcode result = CURLE_OK; struct ldapconninfo *li = data->conn->proto.ldapc; int rc = ldap_start_tls(li->ld, NULL, NULL, &li->msgid); - if(rc == LDAP_SUCCESS) - oldap_state(data, OLDAP_STARTTLS); - else - result = oldap_map_error(rc, CURLE_USE_SSL_FAILED); - return result; + if(rc != LDAP_SUCCESS) + return oldap_map_error(rc, CURLE_USE_SSL_FAILED); + oldap_state(data, OLDAP_STARTTLS); + return CURLE_OK; } #endif @@ -552,9 +538,9 @@ static CURLcode oldap_connect(struct Curl_easy *data, bool *done) hosturl = aprintf("%s://%s%s%s:%d", conn->handler->scheme, - conn->bits.ipv6_ip? "[": "", + conn->bits.ipv6_ip ? "[" : "", conn->host.name, - conn->bits.ipv6_ip? "]": "", + conn->bits.ipv6_ip ? "]" : "", conn->remote_port); if(!hosturl) return CURLE_OUT_OF_MEMORY; @@ -986,7 +972,7 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, BerElement *ber = NULL; struct timeval tv = {0, 0}; struct berval bv, *bvals; - int binary = 0; + bool binary = FALSE; CURLcode result = CURLE_AGAIN; int code; char *info = NULL; @@ -1069,10 +1055,10 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, } binary = bv.bv_len > 7 && - !strncmp(bv.bv_val + bv.bv_len - 7, ";binary", 7); + !strncmp(bv.bv_val + bv.bv_len - 7, ";binary", 7); for(i = 0; bvals[i].bv_val != NULL; i++) { - int binval = 0; + bool binval = FALSE; result = client_write(data, STRCONST("\t"), bv.bv_val, bv.bv_len, STRCONST(":")); @@ -1083,13 +1069,13 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, /* check for leading or trailing whitespace */ if(ISBLANK(bvals[i].bv_val[0]) || ISBLANK(bvals[i].bv_val[bvals[i].bv_len - 1])) - binval = 1; + binval = TRUE; else { /* check for unprintable characters */ unsigned int j; for(j = 0; j < bvals[i].bv_len; j++) if(!ISPRINT(bvals[i].bv_val[j])) { - binval = 1; + binval = TRUE; break; } } @@ -1134,7 +1120,7 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, ldap_msgfree(msg); *err = result; - return result? -1: 0; + return result ? -1 : 0; } #ifdef USE_SSL @@ -1201,7 +1187,7 @@ ldapsb_tls_write(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len) if(conn) { struct ldapconninfo *li = conn->proto.ldapc; CURLcode err = CURLE_SEND_ERROR; - ret = (li->send)(data, FIRSTSOCKET, buf, len, &err); + ret = (li->send)(data, FIRSTSOCKET, buf, len, FALSE, &err); if(ret < 0 && err == CURLE_AGAIN) { SET_SOCKERRNO(EWOULDBLOCK); } diff --git a/libraries/libcurl/parsedate.c b/libraries/libcurl/parsedate.c index d35b58b0..4d0a221f 100644 --- a/libraries/libcurl/parsedate.c +++ b/libraries/libcurl/parsedate.c @@ -218,7 +218,7 @@ static int checkday(const char *check, size_t len) what = &Curl_wkday[0]; else return -1; /* too short */ - for(i = 0; i<7; i++) { + for(i = 0; i < 7; i++) { size_t ilen = strlen(what[0]); if((ilen == len) && strncasecompare(check, what[0], len)) @@ -235,7 +235,7 @@ static int checkmonth(const char *check, size_t len) if(len != 3) return -1; /* not a month */ - for(i = 0; i<12; i++) { + for(i = 0; i < 12; i++) { if(strncasecompare(check, what[0], 3)) return i; what++; @@ -253,7 +253,7 @@ static int checktz(const char *check, size_t len) if(len > 4) /* longer than any valid timezone */ return -1; - for(i = 0; i< sizeof(tz)/sizeof(tz[0]); i++) { + for(i = 0; i < sizeof(tz)/sizeof(tz[0]); i++) { size_t ilen = strlen(what->name); if((ilen == len) && strncasecompare(check, what->name, len)) @@ -441,7 +441,7 @@ static int parsedate(const char *date, time_t *output) if((tzoff == -1) && ((end - date) == 4) && (val <= 1400) && - (indate< date) && + (indate < date) && ((date[-1] == '+' || date[-1] == '-'))) { /* four digits and a value less than or equal to 1400 (to take into account all sorts of funny time zone diffs) and it is preceded @@ -456,7 +456,7 @@ static int parsedate(const char *date, time_t *output) /* the + and - prefix indicates the local time compared to GMT, this we need their reversed math to get what we want */ - tzoff = date[-1]=='+'?-tzoff:tzoff; + tzoff = date[-1]=='+' ? -tzoff : tzoff; } if(((end - date) == 8) && @@ -471,7 +471,7 @@ static int parsedate(const char *date, time_t *output) } if(!found && (dignext == DATE_MDAY) && (mdaynum == -1)) { - if((val > 0) && (val<32)) { + if((val > 0) && (val < 32)) { mdaynum = val; found = TRUE; } diff --git a/libraries/libcurl/pingpong.c b/libraries/libcurl/pingpong.c index 7ce81e8a..bd0d3e3a 100644 --- a/libraries/libcurl/pingpong.c +++ b/libraries/libcurl/pingpong.c @@ -52,8 +52,8 @@ timediff_t Curl_pp_state_timeout(struct Curl_easy *data, { struct connectdata *conn = data->conn; timediff_t timeout_ms; /* in milliseconds */ - timediff_t response_time = (data->set.server_response_timeout)? - data->set.server_response_timeout: pp->response_time; + timediff_t response_time = (data->set.server_response_timeout) ? + data->set.server_response_timeout : pp->response_time; /* if CURLOPT_SERVER_RESPONSE_TIMEOUT is set, use that to determine remaining time, or use pp->response because SERVER_RESPONSE_TIMEOUT is @@ -113,9 +113,9 @@ CURLcode Curl_pp_statemach(struct Curl_easy *data, /* We are receiving and there is data ready in the SSL library */ rc = 1; else - rc = Curl_socket_check(pp->sendleft?CURL_SOCKET_BAD:sock, /* reading */ + rc = Curl_socket_check(pp->sendleft ? CURL_SOCKET_BAD : sock, /* reading */ CURL_SOCKET_BAD, - pp->sendleft?sock:CURL_SOCKET_BAD, /* writing */ + pp->sendleft ? sock : CURL_SOCKET_BAD, /* writing */ interval_ms); if(block) { @@ -199,7 +199,8 @@ CURLcode Curl_pp_vsendf(struct Curl_easy *data, #ifdef HAVE_GSSAPI conn->data_prot = PROT_CMD; #endif - result = Curl_conn_send(data, FIRSTSOCKET, s, write_len, &bytes_written); + result = Curl_conn_send(data, FIRSTSOCKET, s, write_len, FALSE, + &bytes_written); if(result == CURLE_AGAIN) { bytes_written = 0; } @@ -285,94 +286,99 @@ CURLcode Curl_pp_readresp(struct Curl_easy *data, { struct connectdata *conn = data->conn; CURLcode result = CURLE_OK; + ssize_t gotbytes; + char buffer[900]; *code = 0; /* 0 for errors or not done */ *size = 0; - if(pp->nfinal) { - /* a previous call left this many bytes in the beginning of the buffer as - that was the final line; now ditch that */ - size_t full = Curl_dyn_len(&pp->recvbuf); + do { + gotbytes = 0; + if(pp->nfinal) { + /* a previous call left this many bytes in the beginning of the buffer as + that was the final line; now ditch that */ + size_t full = Curl_dyn_len(&pp->recvbuf); - /* trim off the "final" leading part */ - Curl_dyn_tail(&pp->recvbuf, full - pp->nfinal); + /* trim off the "final" leading part */ + Curl_dyn_tail(&pp->recvbuf, full - pp->nfinal); - pp->nfinal = 0; /* now gone */ - } - if(!pp->overflow) { - ssize_t gotbytes = 0; - char buffer[900]; + pp->nfinal = 0; /* now gone */ + } + if(!pp->overflow) { + result = pingpong_read(data, sockindex, buffer, sizeof(buffer), + &gotbytes); + if(result == CURLE_AGAIN) + return CURLE_OK; - result = pingpong_read(data, sockindex, buffer, sizeof(buffer), &gotbytes); - if(result == CURLE_AGAIN) - return CURLE_OK; + if(result) + return result; - if(result) - return result; + if(gotbytes <= 0) { + failf(data, "response reading failed (errno: %d)", SOCKERRNO); + return CURLE_RECV_ERROR; + } - if(gotbytes <= 0) { - failf(data, "response reading failed (errno: %d)", SOCKERRNO); - return CURLE_RECV_ERROR; - } + result = Curl_dyn_addn(&pp->recvbuf, buffer, gotbytes); + if(result) + return result; - result = Curl_dyn_addn(&pp->recvbuf, buffer, gotbytes); - if(result) - return result; + data->req.headerbytecount += (unsigned int)gotbytes; - data->req.headerbytecount += (unsigned int)gotbytes; + pp->nread_resp += gotbytes; + } - pp->nread_resp += gotbytes; - } + do { + char *line = Curl_dyn_ptr(&pp->recvbuf); + char *nl = memchr(line, '\n', Curl_dyn_len(&pp->recvbuf)); + if(nl) { + /* a newline is CRLF in pp-talk, so the CR is ignored as + the line is not really terminated until the LF comes */ + size_t length = nl - line + 1; - do { - char *line = Curl_dyn_ptr(&pp->recvbuf); - char *nl = memchr(line, '\n', Curl_dyn_len(&pp->recvbuf)); - if(nl) { - /* a newline is CRLF in pp-talk, so the CR is ignored as - the line is not really terminated until the LF comes */ - size_t length = nl - line + 1; - - /* output debug output if that is requested */ + /* output debug output if that is requested */ #ifdef HAVE_GSSAPI - if(!conn->sec_complete) + if(!conn->sec_complete) #endif - Curl_debug(data, CURLINFO_HEADER_IN, line, length); - - /* - * Pass all response-lines to the callback function registered for - * "headers". The response lines can be seen as a kind of headers. - */ - result = Curl_client_write(data, CLIENTWRITE_INFO, line, length); - if(result) - return result; - - if(pp->endofresp(data, conn, line, length, code)) { - /* When at "end of response", keep the endofresp line first in the - buffer since it will be accessed outside (by pingpong - parsers). Store the overflow counter to inform about additional - data in this buffer after the endofresp line. */ - pp->nfinal = length; + Curl_debug(data, CURLINFO_HEADER_IN, line, length); + + /* + * Pass all response-lines to the callback function registered for + * "headers". The response lines can be seen as a kind of headers. + */ + result = Curl_client_write(data, CLIENTWRITE_INFO, line, length); + if(result) + return result; + + if(pp->endofresp(data, conn, line, length, code)) { + /* When at "end of response", keep the endofresp line first in the + buffer since it will be accessed outside (by pingpong + parsers). Store the overflow counter to inform about additional + data in this buffer after the endofresp line. */ + pp->nfinal = length; + if(Curl_dyn_len(&pp->recvbuf) > length) + pp->overflow = Curl_dyn_len(&pp->recvbuf) - length; + else + pp->overflow = 0; + *size = pp->nread_resp; /* size of the response */ + pp->nread_resp = 0; /* restart */ + gotbytes = 0; /* force break out of outer loop */ + break; + } if(Curl_dyn_len(&pp->recvbuf) > length) - pp->overflow = Curl_dyn_len(&pp->recvbuf) - length; + /* keep the remaining piece */ + Curl_dyn_tail((&pp->recvbuf), Curl_dyn_len(&pp->recvbuf) - length); else - pp->overflow = 0; - *size = pp->nread_resp; /* size of the response */ - pp->nread_resp = 0; /* restart */ + Curl_dyn_reset(&pp->recvbuf); + } + else { + /* without a newline, there is no overflow */ + pp->overflow = 0; break; } - if(Curl_dyn_len(&pp->recvbuf) > length) - /* keep the remaining piece */ - Curl_dyn_tail((&pp->recvbuf), Curl_dyn_len(&pp->recvbuf) - length); - else - Curl_dyn_reset(&pp->recvbuf); - } - else { - /* without a newline, there is no overflow */ - pp->overflow = 0; - break; - } - } while(1); /* while there is buffer left to scan */ + } while(1); /* while there is buffer left to scan */ + + } while(gotbytes == sizeof(buffer)); pp->pending_resp = FALSE; @@ -394,6 +400,13 @@ int Curl_pp_getsock(struct Curl_easy *data, return GETSOCK_READSOCK(0); } +bool Curl_pp_needs_flush(struct Curl_easy *data, + struct pingpong *pp) +{ + (void)data; + return pp->sendleft > 0; +} + CURLcode Curl_pp_flushsend(struct Curl_easy *data, struct pingpong *pp) { @@ -401,9 +414,12 @@ CURLcode Curl_pp_flushsend(struct Curl_easy *data, size_t written; CURLcode result; + if(!Curl_pp_needs_flush(data, pp)) + return CURLE_OK; + result = Curl_conn_send(data, FIRSTSOCKET, pp->sendthis + pp->sendsize - pp->sendleft, - pp->sendleft, &written); + pp->sendleft, FALSE, &written); if(result == CURLE_AGAIN) { result = CURLE_OK; written = 0; diff --git a/libraries/libcurl/pingpong.h b/libraries/libcurl/pingpong.h index 62f2467f..72239ff0 100644 --- a/libraries/libcurl/pingpong.h +++ b/libraries/libcurl/pingpong.h @@ -137,6 +137,8 @@ CURLcode Curl_pp_readresp(struct Curl_easy *data, int *code, /* return the server code if done */ size_t *size); /* size of the response */ +bool Curl_pp_needs_flush(struct Curl_easy *data, + struct pingpong *pp); CURLcode Curl_pp_flushsend(struct Curl_easy *data, struct pingpong *pp); diff --git a/libraries/libcurl/pop3.c b/libraries/libcurl/pop3.c index 4cf1782a..db6ec04c 100644 --- a/libraries/libcurl/pop3.c +++ b/libraries/libcurl/pop3.c @@ -83,6 +83,10 @@ #include "curl_memory.h" #include "memdebug.h" +#ifndef ARRAYSIZE +#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) +#endif + /* Local API functions */ static CURLcode pop3_regular_transfer(struct Curl_easy *data, bool *done); static CURLcode pop3_do(struct Curl_easy *data, bool *done); @@ -107,6 +111,11 @@ static CURLcode pop3_continue_auth(struct Curl_easy *data, const char *mech, static CURLcode pop3_cancel_auth(struct Curl_easy *data, const char *mech); static CURLcode pop3_get_message(struct Curl_easy *data, struct bufref *out); +/* This function scans the body after the end-of-body and writes everything + * until the end is found */ +static CURLcode pop3_write(struct Curl_easy *data, + const char *str, size_t nread, bool is_eos); + /* * POP3 protocol handler. */ @@ -125,7 +134,7 @@ const struct Curl_handler Curl_handler_pop3 = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ pop3_disconnect, /* disconnect */ - ZERO_NULL, /* write_resp */ + pop3_write, /* write_resp */ ZERO_NULL, /* write_resp_hd */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ @@ -155,7 +164,7 @@ const struct Curl_handler Curl_handler_pop3s = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ pop3_disconnect, /* disconnect */ - ZERO_NULL, /* write_resp */ + pop3_write, /* write_resp */ ZERO_NULL, /* write_resp_hd */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ @@ -194,6 +203,53 @@ static void pop3_to_pop3s(struct connectdata *conn) #define pop3_to_pop3s(x) Curl_nop_stmt #endif +struct pop3_cmd { + const char *name; + unsigned short nlen; + BIT(multiline); /* response is multi-line with last '.' line */ + BIT(multiline_with_args); /* is multi-line when command has args */ +}; + +static const struct pop3_cmd pop3cmds[] = { + { "APOP", 4, FALSE, FALSE }, + { "AUTH", 4, FALSE, FALSE }, + { "CAPA", 4, TRUE, TRUE }, + { "DELE", 4, FALSE, FALSE }, + { "LIST", 4, TRUE, FALSE }, + { "MSG", 3, TRUE, TRUE }, + { "NOOP", 4, FALSE, FALSE }, + { "PASS", 4, FALSE, FALSE }, + { "QUIT", 4, FALSE, FALSE }, + { "RETR", 4, TRUE, TRUE }, + { "RSET", 4, FALSE, FALSE }, + { "STAT", 4, FALSE, FALSE }, + { "STLS", 4, FALSE, FALSE }, + { "TOP", 3, TRUE, TRUE }, + { "UIDL", 4, TRUE, FALSE }, + { "USER", 4, FALSE, FALSE }, + { "UTF8", 4, FALSE, FALSE }, + { "XTND", 4, TRUE, TRUE }, +}; + +/* Return iff a command is defined as "multi-line" (RFC 1939), + * has a response terminated by a last line with a '.'. + */ +static bool pop3_is_multiline(const char *cmdline) +{ + size_t i; + for(i = 0; i < ARRAYSIZE(pop3cmds); ++i) { + if(strncasecompare(pop3cmds[i].name, cmdline, pop3cmds[i].nlen)) { + if(!cmdline[pop3cmds[i].nlen]) + return pop3cmds[i].multiline; + else if(cmdline[pop3cmds[i].nlen] == ' ') + return pop3cmds[i].multiline_with_args; + } + } + /* Unknown command, assume multi-line for backward compatibility with + * earlier curl versions that only could do multi-line responses. */ + return TRUE; +} + /*********************************************************************** * * pop3_endofresp() @@ -448,7 +504,7 @@ static CURLcode pop3_perform_apop(struct Curl_easy *data, } /* Create the digest */ - ctxt = Curl_MD5_init(Curl_DIGEST_MD5); + ctxt = Curl_MD5_init(&Curl_DIGEST_MD5); if(!ctxt) return CURLE_OUT_OF_MEMORY; @@ -609,18 +665,20 @@ static CURLcode pop3_perform_command(struct Curl_easy *data) else command = "RETR"; + if(pop3->custom && pop3->custom[0] != '\0') + command = pop3->custom; + /* Send the command */ if(pop3->id[0] != '\0') result = Curl_pp_sendf(data, &conn->proto.pop3c.pp, "%s %s", - (pop3->custom && pop3->custom[0] != '\0' ? - pop3->custom : command), pop3->id); + command, pop3->id); else - result = Curl_pp_sendf(data, &conn->proto.pop3c.pp, "%s", - (pop3->custom && pop3->custom[0] != '\0' ? - pop3->custom : command)); + result = Curl_pp_sendf(data, &conn->proto.pop3c.pp, "%s", command); - if(!result) + if(!result) { pop3_state(data, POP3_COMMAND); + data->req.no_body = !pop3_is_multiline(command); + } return result; } @@ -948,8 +1006,8 @@ static CURLcode pop3_state_command_resp(struct Curl_easy *data, pp->nfinal = 0; /* done */ if(!data->req.no_body) { - result = Curl_pop3_write(data, Curl_dyn_ptr(&pp->recvbuf), - Curl_dyn_len(&pp->recvbuf)); + result = pop3_write(data, Curl_dyn_ptr(&pp->recvbuf), + Curl_dyn_len(&pp->recvbuf), FALSE); if(result) return result; } @@ -1061,7 +1119,7 @@ static CURLcode pop3_multi_statemach(struct Curl_easy *data, bool *done) } result = Curl_pp_statemach(data, &pop3c->pp, FALSE, FALSE); - *done = (pop3c->state == POP3_STOP) ? TRUE : FALSE; + *done = (pop3c->state == POP3_STOP); return result; } @@ -1447,12 +1505,13 @@ static CURLcode pop3_parse_custom_request(struct Curl_easy *data) /*********************************************************************** * - * Curl_pop3_write() + * pop3_write() * * This function scans the body after the end-of-body and writes everything * until the end is found. */ -CURLcode Curl_pop3_write(struct Curl_easy *data, const char *str, size_t nread) +static CURLcode pop3_write(struct Curl_easy *data, const char *str, + size_t nread, bool is_eos) { /* This code could be made into a special function in the handler struct */ CURLcode result = CURLE_OK; @@ -1462,6 +1521,7 @@ CURLcode Curl_pop3_write(struct Curl_easy *data, const char *str, size_t nread) bool strip_dot = FALSE; size_t last = 0; size_t i; + (void)is_eos; /* Search through the buffer looking for the end-of-body marker which is 5 bytes (0d 0a 2e 0d 0a). Note that a line starting with a dot matches diff --git a/libraries/libcurl/pop3.h b/libraries/libcurl/pop3.h index e8e98db0..3d08dafa 100644 --- a/libraries/libcurl/pop3.h +++ b/libraries/libcurl/pop3.h @@ -90,9 +90,4 @@ extern const struct Curl_handler Curl_handler_pop3s; #define POP3_EOB "\x0d\x0a\x2e\x0d\x0a" #define POP3_EOB_LEN 5 -/* This function scans the body after the end-of-body and writes everything - * until the end is found */ -CURLcode Curl_pop3_write(struct Curl_easy *data, - const char *str, size_t nread); - #endif /* HEADER_CURL_POP3_H */ diff --git a/libraries/libcurl/progress.c b/libraries/libcurl/progress.c index 34c29a27..d3a1b9ac 100644 --- a/libraries/libcurl/progress.c +++ b/libraries/libcurl/progress.c @@ -48,8 +48,7 @@ static void time2str(char *r, curl_off_t seconds) if(h <= CURL_OFF_T_C(99)) { curl_off_t m = (seconds - (h*CURL_OFF_T_C(3600))) / CURL_OFF_T_C(60); curl_off_t s = (seconds - (h*CURL_OFF_T_C(3600))) - (m*CURL_OFF_T_C(60)); - msnprintf(r, 9, "%2" CURL_FORMAT_CURL_OFF_T ":%02" CURL_FORMAT_CURL_OFF_T - ":%02" CURL_FORMAT_CURL_OFF_T, h, m, s); + msnprintf(r, 9, "%2" FMT_OFF_T ":%02" FMT_OFF_T ":%02" FMT_OFF_T, h, m, s); } else { /* this equals to more than 99 hours, switch to a more suitable output @@ -57,10 +56,9 @@ static void time2str(char *r, curl_off_t seconds) curl_off_t d = seconds / CURL_OFF_T_C(86400); h = (seconds - (d*CURL_OFF_T_C(86400))) / CURL_OFF_T_C(3600); if(d <= CURL_OFF_T_C(999)) - msnprintf(r, 9, "%3" CURL_FORMAT_CURL_OFF_T - "d %02" CURL_FORMAT_CURL_OFF_T "h", d, h); + msnprintf(r, 9, "%3" FMT_OFF_T "d %02" FMT_OFF_T "h", d, h); else - msnprintf(r, 9, "%7" CURL_FORMAT_CURL_OFF_T "d", d); + msnprintf(r, 9, "%7" FMT_OFF_T "d", d); } } @@ -76,38 +74,38 @@ static char *max5data(curl_off_t bytes, char *max5) #define ONE_PETABYTE (CURL_OFF_T_C(1024) * ONE_TERABYTE) if(bytes < CURL_OFF_T_C(100000)) - msnprintf(max5, 6, "%5" CURL_FORMAT_CURL_OFF_T, bytes); + msnprintf(max5, 6, "%5" FMT_OFF_T, bytes); else if(bytes < CURL_OFF_T_C(10000) * ONE_KILOBYTE) - msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "k", bytes/ONE_KILOBYTE); + msnprintf(max5, 6, "%4" FMT_OFF_T "k", bytes/ONE_KILOBYTE); else if(bytes < CURL_OFF_T_C(100) * ONE_MEGABYTE) /* 'XX.XM' is good as long as we are less than 100 megs */ - msnprintf(max5, 6, "%2" CURL_FORMAT_CURL_OFF_T ".%0" - CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE, + msnprintf(max5, 6, "%2" FMT_OFF_T ".%0" + FMT_OFF_T "M", bytes/ONE_MEGABYTE, (bytes%ONE_MEGABYTE) / (ONE_MEGABYTE/CURL_OFF_T_C(10)) ); else if(bytes < CURL_OFF_T_C(10000) * ONE_MEGABYTE) /* 'XXXXM' is good until we are at 10000MB or above */ - msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE); + msnprintf(max5, 6, "%4" FMT_OFF_T "M", bytes/ONE_MEGABYTE); else if(bytes < CURL_OFF_T_C(100) * ONE_GIGABYTE) /* 10000 MB - 100 GB, we show it as XX.XG */ - msnprintf(max5, 6, "%2" CURL_FORMAT_CURL_OFF_T ".%0" - CURL_FORMAT_CURL_OFF_T "G", bytes/ONE_GIGABYTE, + msnprintf(max5, 6, "%2" FMT_OFF_T ".%0" + FMT_OFF_T "G", bytes/ONE_GIGABYTE, (bytes%ONE_GIGABYTE) / (ONE_GIGABYTE/CURL_OFF_T_C(10)) ); else if(bytes < CURL_OFF_T_C(10000) * ONE_GIGABYTE) /* up to 10000GB, display without decimal: XXXXG */ - msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "G", bytes/ONE_GIGABYTE); + msnprintf(max5, 6, "%4" FMT_OFF_T "G", bytes/ONE_GIGABYTE); else if(bytes < CURL_OFF_T_C(10000) * ONE_TERABYTE) /* up to 10000TB, display without decimal: XXXXT */ - msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "T", bytes/ONE_TERABYTE); + msnprintf(max5, 6, "%4" FMT_OFF_T "T", bytes/ONE_TERABYTE); else /* up to 10000PB, display without decimal: XXXXP */ - msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "P", bytes/ONE_PETABYTE); + msnprintf(max5, 6, "%4" FMT_OFF_T "P", bytes/ONE_PETABYTE); /* 16384 petabytes (16 exabytes) is the maximum a 64-bit unsigned number can hold, but our data type is signed so 8192PB will be the maximum. */ @@ -176,7 +174,7 @@ void Curl_pgrsTimeWas(struct Curl_easy *data, timerid timer, case TIMER_STARTSINGLE: /* This is set at the start of each single transfer */ data->progress.t_startsingle = timestamp; - data->progress.is_t_startransfer_set = false; + data->progress.is_t_startransfer_set = FALSE; break; case TIMER_POSTQUEUE: /* Set when the transfer starts (after potentially having been brought @@ -213,11 +211,11 @@ void Curl_pgrsTimeWas(struct Curl_easy *data, timerid timer, return; } else { - data->progress.is_t_startransfer_set = true; + data->progress.is_t_startransfer_set = TRUE; break; } case TIMER_POSTRANSFER: - /* this is the normal end-of-transfer thing */ + delta = &data->progress.t_posttransfer; break; case TIMER_REDIRECT: data->progress.t_redirect = Curl_timediff_us(timestamp, @@ -251,13 +249,13 @@ void Curl_pgrsStartNow(struct Curl_easy *data) { data->progress.speeder_c = 0; /* reset the progress meter display */ data->progress.start = Curl_now(); - data->progress.is_t_startransfer_set = false; - data->progress.ul_limit_start = data->progress.start; - data->progress.dl_limit_start = data->progress.start; - data->progress.ul_limit_size = 0; - data->progress.dl_limit_size = 0; - data->progress.downloaded = 0; - data->progress.uploaded = 0; + data->progress.is_t_startransfer_set = FALSE; + data->progress.ul.limit.start = data->progress.start; + data->progress.dl.limit.start = data->progress.start; + data->progress.ul.limit.start_size = 0; + data->progress.dl.limit.start_size = 0; + data->progress.dl.cur_size = 0; + data->progress.ul.cur_size = 0; /* clear all bits except HIDE and HEADERS_OUT */ data->progress.flags &= PGRS_HIDE|PGRS_HEADERS_OUT; Curl_ratelimit(data, data->progress.start); @@ -281,17 +279,15 @@ void Curl_pgrsStartNow(struct Curl_easy *data) * starting point should be reset (to current); or the number of milliseconds * to wait to get back under the speed limit. */ -timediff_t Curl_pgrsLimitWaitTime(curl_off_t cursize, - curl_off_t startsize, - curl_off_t limit, - struct curltime start, +timediff_t Curl_pgrsLimitWaitTime(struct pgrs_dir *d, + curl_off_t speed_limit, struct curltime now) { - curl_off_t size = cursize - startsize; + curl_off_t size = d->cur_size - d->limit.start_size; timediff_t minimum; timediff_t actual; - if(!limit || !size) + if(!speed_limit || !size) return 0; /* @@ -299,9 +295,9 @@ timediff_t Curl_pgrsLimitWaitTime(curl_off_t cursize, * stay below 'limit'. */ if(size < CURL_OFF_T_MAX/1000) - minimum = (timediff_t) (CURL_OFF_T_C(1000) * size / limit); + minimum = (timediff_t) (CURL_OFF_T_C(1000) * size / speed_limit); else { - minimum = (timediff_t) (size / limit); + minimum = (timediff_t) (size / speed_limit); if(minimum < TIMEDIFF_T_MAX/1000) minimum *= 1000; else @@ -312,7 +308,7 @@ timediff_t Curl_pgrsLimitWaitTime(curl_off_t cursize, * 'actual' is the time in milliseconds it took to actually download the * last 'size' bytes. */ - actual = Curl_timediff_ceil(now, start); + actual = Curl_timediff_ceil(now, d->limit.start); if(actual < minimum) { /* if it downloaded the data faster than the limit, make it wait the difference */ @@ -327,7 +323,7 @@ timediff_t Curl_pgrsLimitWaitTime(curl_off_t cursize, */ CURLcode Curl_pgrsSetDownloadCounter(struct Curl_easy *data, curl_off_t size) { - data->progress.downloaded = size; + data->progress.dl.cur_size = size; return CURLE_OK; } @@ -338,17 +334,17 @@ void Curl_ratelimit(struct Curl_easy *data, struct curltime now) { /* do not set a new stamp unless the time since last update is long enough */ if(data->set.max_recv_speed) { - if(Curl_timediff(now, data->progress.dl_limit_start) >= + if(Curl_timediff(now, data->progress.dl.limit.start) >= MIN_RATE_LIMIT_PERIOD) { - data->progress.dl_limit_start = now; - data->progress.dl_limit_size = data->progress.downloaded; + data->progress.dl.limit.start = now; + data->progress.dl.limit.start_size = data->progress.dl.cur_size; } } if(data->set.max_send_speed) { - if(Curl_timediff(now, data->progress.ul_limit_start) >= + if(Curl_timediff(now, data->progress.ul.limit.start) >= MIN_RATE_LIMIT_PERIOD) { - data->progress.ul_limit_start = now; - data->progress.ul_limit_size = data->progress.uploaded; + data->progress.ul.limit.start = now; + data->progress.ul.limit.start_size = data->progress.ul.cur_size; } } } @@ -358,17 +354,17 @@ void Curl_ratelimit(struct Curl_easy *data, struct curltime now) */ void Curl_pgrsSetUploadCounter(struct Curl_easy *data, curl_off_t size) { - data->progress.uploaded = size; + data->progress.ul.cur_size = size; } void Curl_pgrsSetDownloadSize(struct Curl_easy *data, curl_off_t size) { if(size >= 0) { - data->progress.size_dl = size; + data->progress.dl.total_size = size; data->progress.flags |= PGRS_DL_SIZE_KNOWN; } else { - data->progress.size_dl = 0; + data->progress.dl.total_size = 0; data->progress.flags &= ~PGRS_DL_SIZE_KNOWN; } } @@ -376,15 +372,20 @@ void Curl_pgrsSetDownloadSize(struct Curl_easy *data, curl_off_t size) void Curl_pgrsSetUploadSize(struct Curl_easy *data, curl_off_t size) { if(size >= 0) { - data->progress.size_ul = size; + data->progress.ul.total_size = size; data->progress.flags |= PGRS_UL_SIZE_KNOWN; } else { - data->progress.size_ul = 0; + data->progress.ul.total_size = 0; data->progress.flags &= ~PGRS_UL_SIZE_KNOWN; } } +void Curl_pgrsEarlyData(struct Curl_easy *data, curl_off_t sent) +{ + data->progress.earlydata_sent = sent; +} + /* returns the average speed in bytes / second */ static curl_off_t trspeed(curl_off_t size, /* number of bytes */ curl_off_t us) /* microseconds */ @@ -407,8 +408,8 @@ static bool progress_calc(struct Curl_easy *data, struct curltime now) /* The time spent so far (from the start) in microseconds */ p->timespent = Curl_timediff_us(now, p->start); - p->dlspeed = trspeed(p->downloaded, p->timespent); - p->ulspeed = trspeed(p->uploaded, p->timespent); + p->dl.speed = trspeed(p->dl.cur_size, p->timespent); + p->ul.speed = trspeed(p->ul.cur_size, p->timespent); /* Calculations done at most once a second, unless end is reached */ if(p->lastshow != now.tv_sec) { @@ -419,7 +420,7 @@ static bool progress_calc(struct Curl_easy *data, struct curltime now) /* Let's do the "current speed" thing, with the dl + ul speeds combined. Store the speed at entry 'nowindex'. */ - p->speeder[ nowindex ] = p->downloaded + p->uploaded; + p->speeder[ nowindex ] = p->dl.cur_size + p->ul.cur_size; /* remember the exact time for this moment */ p->speeder_time [ nowindex ] = now; @@ -432,7 +433,7 @@ static bool progress_calc(struct Curl_easy *data, struct curltime now) array. With N_ENTRIES filled in, we have about N_ENTRIES-1 seconds of transfer. Imagine, after one second we have filled in two entries, after two seconds we have filled in three entries etc. */ - countindex = ((p->speeder_c >= CURR_TIME)? CURR_TIME:p->speeder_c) - 1; + countindex = ((p->speeder_c >= CURR_TIME) ? CURR_TIME : p->speeder_c) - 1; /* first of all, we do not do this if there is no counted seconds yet */ if(countindex) { @@ -443,7 +444,7 @@ static bool progress_calc(struct Curl_easy *data, struct curltime now) /* Get the index position to compare with the 'nowindex' position. Get the oldest entry possible. While we have less than CURR_TIME entries, the first entry will remain the oldest. */ - checkindex = (p->speeder_c >= CURR_TIME)? p->speeder_c%CURR_TIME:0; + checkindex = (p->speeder_c >= CURR_TIME) ? p->speeder_c%CURR_TIME : 0; /* Figure out the exact time for the time span */ span_ms = Curl_timediff(now, p->speeder_time[checkindex]); @@ -465,113 +466,107 @@ static bool progress_calc(struct Curl_easy *data, struct curltime now) } else /* the first second we use the average */ - p->current_speed = p->ulspeed + p->dlspeed; + p->current_speed = p->ul.speed + p->dl.speed; } /* Calculations end */ return timetoshow; } #ifndef CURL_DISABLE_PROGRESS_METER + +struct pgrs_estimate { + curl_off_t secs; + curl_off_t percent; +}; + +static curl_off_t pgrs_est_percent(curl_off_t total, curl_off_t cur) +{ + if(total > CURL_OFF_T_C(10000)) + return cur / (total/CURL_OFF_T_C(100)); + else if(total > CURL_OFF_T_C(0)) + return (cur*100) / total; + return 0; +} + +static void pgrs_estimates(struct pgrs_dir *d, + bool total_known, + struct pgrs_estimate *est) +{ + est->secs = 0; + est->percent = 0; + if(total_known && (d->speed > CURL_OFF_T_C(0))) { + est->secs = d->total_size / d->speed; + est->percent = pgrs_est_percent(d->total_size, d->cur_size); + } +} + static void progress_meter(struct Curl_easy *data) { + struct Progress *p = &data->progress; char max5[6][10]; - curl_off_t dlpercen = 0; - curl_off_t ulpercen = 0; - curl_off_t total_percen = 0; - curl_off_t total_transfer; - curl_off_t total_expected_transfer; + struct pgrs_estimate dl_estm; + struct pgrs_estimate ul_estm; + struct pgrs_estimate total_estm; + curl_off_t total_cur_size; + curl_off_t total_expected_size; char time_left[10]; char time_total[10]; char time_spent[10]; - curl_off_t ulestimate = 0; - curl_off_t dlestimate = 0; - curl_off_t total_estimate; - curl_off_t timespent = - (curl_off_t)data->progress.timespent/1000000; /* seconds */ + curl_off_t cur_secs = (curl_off_t)p->timespent/1000000; /* seconds */ - if(!(data->progress.flags & PGRS_HEADERS_OUT)) { + if(!(p->flags & PGRS_HEADERS_OUT)) { if(data->state.resume_from) { fprintf(data->set.err, - "** Resuming transfer from byte position %" - CURL_FORMAT_CURL_OFF_T "\n", data->state.resume_from); + "** Resuming transfer from byte position %" FMT_OFF_T "\n", + data->state.resume_from); } fprintf(data->set.err, " %% Total %% Received %% Xferd Average Speed " "Time Time Time Current\n" " Dload Upload " "Total Spent Left Speed\n"); - data->progress.flags |= PGRS_HEADERS_OUT; /* headers are shown */ - } - - /* Figure out the estimated time of arrival for the upload */ - if((data->progress.flags & PGRS_UL_SIZE_KNOWN) && - (data->progress.ulspeed > CURL_OFF_T_C(0))) { - ulestimate = data->progress.size_ul / data->progress.ulspeed; - - if(data->progress.size_ul > CURL_OFF_T_C(10000)) - ulpercen = data->progress.uploaded / - (data->progress.size_ul/CURL_OFF_T_C(100)); - else if(data->progress.size_ul > CURL_OFF_T_C(0)) - ulpercen = (data->progress.uploaded*100) / - data->progress.size_ul; - } - - /* ... and the download */ - if((data->progress.flags & PGRS_DL_SIZE_KNOWN) && - (data->progress.dlspeed > CURL_OFF_T_C(0))) { - dlestimate = data->progress.size_dl / data->progress.dlspeed; - - if(data->progress.size_dl > CURL_OFF_T_C(10000)) - dlpercen = data->progress.downloaded / - (data->progress.size_dl/CURL_OFF_T_C(100)); - else if(data->progress.size_dl > CURL_OFF_T_C(0)) - dlpercen = (data->progress.downloaded*100) / - data->progress.size_dl; + p->flags |= PGRS_HEADERS_OUT; /* headers are shown */ } - /* Now figure out which of them is slower and use that one for the - total estimate! */ - total_estimate = ulestimate>dlestimate?ulestimate:dlestimate; + /* Figure out the estimated time of arrival for upload and download */ + pgrs_estimates(&p->ul, (p->flags & PGRS_UL_SIZE_KNOWN), &ul_estm); + pgrs_estimates(&p->dl, (p->flags & PGRS_DL_SIZE_KNOWN), &dl_estm); + /* Since both happen at the same time, total expected duration is max. */ + total_estm.secs = CURLMAX(ul_estm.secs, dl_estm.secs); /* create the three time strings */ - time2str(time_left, total_estimate > 0?(total_estimate - timespent):0); - time2str(time_total, total_estimate); - time2str(time_spent, timespent); + time2str(time_left, total_estm.secs > 0 ? (total_estm.secs - cur_secs) : 0); + time2str(time_total, total_estm.secs); + time2str(time_spent, cur_secs); /* Get the total amount of data expected to get transferred */ - total_expected_transfer = - ((data->progress.flags & PGRS_UL_SIZE_KNOWN)? - data->progress.size_ul:data->progress.uploaded)+ - ((data->progress.flags & PGRS_DL_SIZE_KNOWN)? - data->progress.size_dl:data->progress.downloaded); + total_expected_size = + ((p->flags & PGRS_UL_SIZE_KNOWN) ? p->ul.total_size : p->ul.cur_size) + + ((p->flags & PGRS_DL_SIZE_KNOWN) ? p->dl.total_size : p->dl.cur_size); /* We have transferred this much so far */ - total_transfer = data->progress.downloaded + data->progress.uploaded; + total_cur_size = p->dl.cur_size + p->ul.cur_size; /* Get the percentage of data transferred so far */ - if(total_expected_transfer > CURL_OFF_T_C(10000)) - total_percen = total_transfer / - (total_expected_transfer/CURL_OFF_T_C(100)); - else if(total_expected_transfer > CURL_OFF_T_C(0)) - total_percen = (total_transfer*100) / total_expected_transfer; + total_estm.percent = pgrs_est_percent(total_expected_size, total_cur_size); fprintf(data->set.err, "\r" - "%3" CURL_FORMAT_CURL_OFF_T " %s " - "%3" CURL_FORMAT_CURL_OFF_T " %s " - "%3" CURL_FORMAT_CURL_OFF_T " %s %s %s %s %s %s %s", - total_percen, /* 3 letters */ /* total % */ - max5data(total_expected_transfer, max5[2]), /* total size */ - dlpercen, /* 3 letters */ /* rcvd % */ - max5data(data->progress.downloaded, max5[0]), /* rcvd size */ - ulpercen, /* 3 letters */ /* xfer % */ - max5data(data->progress.uploaded, max5[1]), /* xfer size */ - max5data(data->progress.dlspeed, max5[3]), /* avrg dl speed */ - max5data(data->progress.ulspeed, max5[4]), /* avrg ul speed */ + "%3" FMT_OFF_T " %s " + "%3" FMT_OFF_T " %s " + "%3" FMT_OFF_T " %s %s %s %s %s %s %s", + total_estm.percent, /* 3 letters */ /* total % */ + max5data(total_expected_size, max5[2]), /* total size */ + dl_estm.percent, /* 3 letters */ /* rcvd % */ + max5data(p->dl.cur_size, max5[0]), /* rcvd size */ + ul_estm.percent, /* 3 letters */ /* xfer % */ + max5data(p->ul.cur_size, max5[1]), /* xfer size */ + max5data(p->dl.speed, max5[3]), /* avrg dl speed */ + max5data(p->ul.speed, max5[4]), /* avrg ul speed */ time_total, /* 8 letters */ /* total time */ time_spent, /* 8 letters */ /* time spent */ time_left, /* 8 letters */ /* time left */ - max5data(data->progress.current_speed, max5[5]) + max5data(p->current_speed, max5[5]) ); /* we flush the output stream to make it appear as soon as possible */ @@ -593,13 +588,13 @@ static int pgrsupdate(struct Curl_easy *data, bool showprogress) if(data->set.fxferinfo) { int result; /* There is a callback set, call that */ - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); result = data->set.fxferinfo(data->set.progress_client, - data->progress.size_dl, - data->progress.downloaded, - data->progress.size_ul, - data->progress.uploaded); - Curl_set_in_callback(data, false); + data->progress.dl.total_size, + data->progress.dl.cur_size, + data->progress.ul.total_size, + data->progress.ul.cur_size); + Curl_set_in_callback(data, FALSE); if(result != CURL_PROGRESSFUNC_CONTINUE) { if(result) failf(data, "Callback aborted"); @@ -609,13 +604,13 @@ static int pgrsupdate(struct Curl_easy *data, bool showprogress) else if(data->set.fprogress) { int result; /* The older deprecated callback is set, call that */ - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); result = data->set.fprogress(data->set.progress_client, - (double)data->progress.size_dl, - (double)data->progress.downloaded, - (double)data->progress.size_ul, - (double)data->progress.uploaded); - Curl_set_in_callback(data, false); + (double)data->progress.dl.total_size, + (double)data->progress.dl.cur_size, + (double)data->progress.ul.total_size, + (double)data->progress.ul.cur_size); + Curl_set_in_callback(data, FALSE); if(result != CURL_PROGRESSFUNC_CONTINUE) { if(result) failf(data, "Callback aborted"); diff --git a/libraries/libcurl/progress.h b/libraries/libcurl/progress.h index 86025742..326271ef 100644 --- a/libraries/libcurl/progress.h +++ b/libraries/libcurl/progress.h @@ -58,10 +58,8 @@ void Curl_pgrsUpdate_nometer(struct Curl_easy *data); void Curl_pgrsResetTransferSizes(struct Curl_easy *data); struct curltime Curl_pgrsTime(struct Curl_easy *data, timerid timer); -timediff_t Curl_pgrsLimitWaitTime(curl_off_t cursize, - curl_off_t startsize, - curl_off_t limit, - struct curltime start, +timediff_t Curl_pgrsLimitWaitTime(struct pgrs_dir *d, + curl_off_t speed_limit, struct curltime now); /** * Update progress timer with the elapsed time from its start to `timestamp`. @@ -71,6 +69,8 @@ timediff_t Curl_pgrsLimitWaitTime(curl_off_t cursize, void Curl_pgrsTimeWas(struct Curl_easy *data, timerid timer, struct curltime timestamp); +void Curl_pgrsEarlyData(struct Curl_easy *data, curl_off_t sent); + #define PGRS_HIDE (1<<4) #define PGRS_UL_SIZE_KNOWN (1<<5) #define PGRS_DL_SIZE_KNOWN (1<<6) diff --git a/libraries/libcurl/psl.c b/libraries/libcurl/psl.c index 626a203a..0b88b05b 100644 --- a/libraries/libcurl/psl.c +++ b/libraries/libcurl/psl.c @@ -81,7 +81,7 @@ const psl_ctx_t *Curl_psl_use(struct Curl_easy *easy) psl = psl_latest(NULL); dynamic = psl != NULL; /* Take care of possible time computation overflow. */ - expires = now < TIME_T_MAX - PSL_TTL? now + PSL_TTL: TIME_T_MAX; + expires = now < TIME_T_MAX - PSL_TTL ? now + PSL_TTL : TIME_T_MAX; /* Only get the built-in PSL if we do not already have the "latest". */ if(!psl && !pslcache->dynamic) diff --git a/libraries/libcurl/psl.h b/libraries/libcurl/psl.h index 23cfa921..dd5bee21 100644 --- a/libraries/libcurl/psl.h +++ b/libraries/libcurl/psl.h @@ -27,6 +27,8 @@ #ifdef USE_LIBPSL #include +struct Curl_easy; + #define PSL_TTL (72 * 3600) /* PSL time to live before a refresh. */ struct PslCache { diff --git a/libraries/libcurl/rand.c b/libraries/libcurl/rand.c index 4ee96fbb..8d55e260 100644 --- a/libraries/libcurl/rand.c +++ b/libraries/libcurl/rand.c @@ -49,7 +49,7 @@ #ifdef _WIN32 #if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 && \ - !defined(CURL_WINDOWS_APP) + !defined(CURL_WINDOWS_UWP) # define HAVE_WIN_BCRYPTGENRANDOM # include # ifdef _MSC_VER @@ -100,86 +100,91 @@ CURLcode Curl_win32_random(unsigned char *entropy, size_t length) } #endif -static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) +#if !defined(USE_SSL) +/* ---- possibly non-cryptographic version following ---- */ +static CURLcode weak_random(struct Curl_easy *data, + unsigned char *entropy, + size_t length) /* always 4, size of int */ { - CURLcode result = CURLE_OK; - static unsigned int randseed; - static bool seeded = FALSE; - -#ifdef DEBUGBUILD - char *force_entropy = getenv("CURL_ENTROPY"); - if(force_entropy) { - if(!seeded) { - unsigned int seed = 0; - size_t elen = strlen(force_entropy); - size_t clen = sizeof(seed); - size_t min = elen < clen ? elen : clen; - memcpy((char *)&seed, force_entropy, min); - randseed = ntohl(seed); - seeded = TRUE; - } - else - randseed++; - *rnd = randseed; - return CURLE_OK; - } -#endif - - /* data may be NULL! */ - result = Curl_ssl_random(data, (unsigned char *)rnd, sizeof(*rnd)); - if(result != CURLE_NOT_BUILT_IN) - /* only if there is no random function in the TLS backend do the non crypto - version, otherwise return result */ - return result; - - /* ---- non-cryptographic version following ---- */ + unsigned int r; + DEBUGASSERT(length == sizeof(int)); + /* Trying cryptographically secure functions first */ #ifdef _WIN32 - if(!seeded) { - result = Curl_win32_random((unsigned char *)rnd, sizeof(*rnd)); + (void)data; + { + CURLcode result = Curl_win32_random(entropy, length); if(result != CURLE_NOT_BUILT_IN) return result; } #endif -#if defined(HAVE_ARC4RANDOM) && !defined(USE_OPENSSL) - if(!seeded) { - *rnd = (unsigned int)arc4random(); - return CURLE_OK; +#if defined(HAVE_ARC4RANDOM) + (void)data; + r = (unsigned int)arc4random(); + memcpy(entropy, &r, length); +#else + infof(data, "WARNING: using weak random seed"); + { + static unsigned int randseed; + static bool seeded = FALSE; + unsigned int rnd; + if(!seeded) { + struct curltime now = Curl_now(); + randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec; + randseed = randseed * 1103515245 + 12345; + randseed = randseed * 1103515245 + 12345; + randseed = randseed * 1103515245 + 12345; + seeded = TRUE; + } + + /* Return an unsigned 32-bit pseudo-random number. */ + r = randseed = randseed * 1103515245 + 12345; + rnd = (r << 16) | ((r >> 16) & 0xFFFF); + memcpy(entropy, &rnd, length); } +#endif + return CURLE_OK; +} +#endif + +#ifdef USE_SSL +#define _random(x,y,z) Curl_ssl_random(x,y,z) +#else +#define _random(x,y,z) weak_random(x,y,z) #endif -#if defined(RANDOM_FILE) && !defined(_WIN32) - if(!seeded) { - /* if there is a random file to read a seed from, use it */ - int fd = open(RANDOM_FILE, O_RDONLY); - if(fd > -1) { - /* read random data into the randseed variable */ - ssize_t nread = read(fd, &randseed, sizeof(randseed)); - if(nread == sizeof(randseed)) +static CURLcode randit(struct Curl_easy *data, unsigned int *rnd, + bool env_override) +{ +#ifdef DEBUGBUILD + if(env_override) { + char *force_entropy = getenv("CURL_ENTROPY"); + if(force_entropy) { + static unsigned int randseed; + static bool seeded = FALSE; + + if(!seeded) { + unsigned int seed = 0; + size_t elen = strlen(force_entropy); + size_t clen = sizeof(seed); + size_t min = elen < clen ? elen : clen; + memcpy((char *)&seed, force_entropy, min); + randseed = ntohl(seed); seeded = TRUE; - close(fd); + } + else + randseed++; + *rnd = randseed; + return CURLE_OK; } } +#else + (void)env_override; #endif - if(!seeded) { - struct curltime now = Curl_now(); - infof(data, "WARNING: using weak random seed"); - randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec; - randseed = randseed * 1103515245 + 12345; - randseed = randseed * 1103515245 + 12345; - randseed = randseed * 1103515245 + 12345; - seeded = TRUE; - } - - { - unsigned int r; - /* Return an unsigned 32-bit pseudo-random number. */ - r = randseed = randseed * 1103515245 + 12345; - *rnd = (r << 16) | ((r >> 16) & 0xFFFF); - } - return CURLE_OK; + /* data may be NULL! */ + return _random(data, (unsigned char *)rnd, sizeof(*rnd)); } /* @@ -187,7 +192,7 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) * 'rnd' points to. * * If libcurl is built without TLS support or with a TLS backend that lacks a - * proper random API (rustls or mbedTLS), this function will use "weak" + * proper random API (Rustls or mbedTLS), this function will use "weak" * random. * * When built *with* TLS support and a backend that offers strong random, it @@ -198,9 +203,16 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) * */ -CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num) +CURLcode Curl_rand_bytes(struct Curl_easy *data, +#ifdef DEBUGBUILD + bool env_override, +#endif + unsigned char *rnd, size_t num) { CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT; +#ifndef DEBUGBUILD + const bool env_override = FALSE; +#endif DEBUGASSERT(num); @@ -208,7 +220,7 @@ CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num) unsigned int r; size_t left = num < sizeof(unsigned int) ? num : sizeof(unsigned int); - result = randit(data, &r); + result = randit(data, &r, env_override); if(result) return result; @@ -278,7 +290,7 @@ CURLcode Curl_rand_alnum(struct Curl_easy *data, unsigned char *rnd, while(num) { do { - result = randit(data, &r); + result = randit(data, &r, TRUE); if(result) return result; } while(r >= (UINT_MAX - UINT_MAX % alnumspace)); diff --git a/libraries/libcurl/rand.h b/libraries/libcurl/rand.h index bc05239e..2ba60e72 100644 --- a/libraries/libcurl/rand.h +++ b/libraries/libcurl/rand.h @@ -24,7 +24,17 @@ * ***************************************************************************/ -CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num); +CURLcode Curl_rand_bytes(struct Curl_easy *data, +#ifdef DEBUGBUILD + bool allow_env_override, +#endif + unsigned char *rnd, size_t num); + +#ifdef DEBUGBUILD +#define Curl_rand(a,b,c) Curl_rand_bytes((a), TRUE, (b), (c)) +#else +#define Curl_rand(a,b,c) Curl_rand_bytes((a), (b), (c)) +#endif /* * Curl_rand_hex() fills the 'rnd' buffer with a given 'num' size with random diff --git a/libraries/libcurl/request.c b/libraries/libcurl/request.c index 5c8d52f6..310e4eac 100644 --- a/libraries/libcurl/request.c +++ b/libraries/libcurl/request.c @@ -52,7 +52,11 @@ CURLcode Curl_req_soft_reset(struct SingleRequest *req, req->done = FALSE; req->upload_done = FALSE; + req->upload_aborted = FALSE; req->download_done = FALSE; + req->eos_written = FALSE; + req->eos_read = FALSE; + req->eos_sent = FALSE; req->ignorebody = FALSE; req->shutdown = FALSE; req->bytecount = 0; @@ -100,6 +104,9 @@ CURLcode Curl_req_done(struct SingleRequest *req, if(!aborted) (void)req_flush(data); Curl_client_reset(data); +#ifndef CURL_DISABLE_DOH + Curl_doh_close(data); +#endif return CURLE_OK; } @@ -143,6 +150,7 @@ void Curl_req_hard_reset(struct SingleRequest *req, struct Curl_easy *data) req->download_done = FALSE; req->eos_written = FALSE; req->eos_read = FALSE; + req->eos_sent = FALSE; req->upload_done = FALSE; req->upload_aborted = FALSE; req->ignorebody = FALSE; @@ -179,18 +187,20 @@ static CURLcode xfer_send(struct Curl_easy *data, size_t hds_len, size_t *pnwritten) { CURLcode result = CURLE_OK; + bool eos = FALSE; *pnwritten = 0; + DEBUGASSERT(hds_len <= blen); #ifdef DEBUGBUILD { /* Allow debug builds to override this logic to force short initial - sends - */ + sends */ + size_t body_len = blen - hds_len; char *p = getenv("CURL_SMALLREQSEND"); if(p) { - size_t altsize = (size_t)strtoul(p, NULL, 10); - if(altsize && altsize < blen) - blen = altsize; + size_t body_small = (size_t)strtoul(p, NULL, 10); + if(body_small && body_small < body_len) + blen = hds_len + body_small; } } #endif @@ -202,16 +212,26 @@ static CURLcode xfer_send(struct Curl_easy *data, blen = hds_len + (size_t)data->set.max_send_speed; } - result = Curl_xfer_send(data, buf, blen, pnwritten); - if(!result && *pnwritten) { - if(hds_len) - Curl_debug(data, CURLINFO_HEADER_OUT, (char *)buf, - CURLMIN(hds_len, *pnwritten)); - if(*pnwritten > hds_len) { - size_t body_len = *pnwritten - hds_len; - Curl_debug(data, CURLINFO_DATA_OUT, (char *)buf + hds_len, body_len); - data->req.writebytecount += body_len; - Curl_pgrsSetUploadCounter(data, data->req.writebytecount); + if(data->req.eos_read && + (Curl_bufq_is_empty(&data->req.sendbuf) || + Curl_bufq_len(&data->req.sendbuf) == blen)) { + DEBUGF(infof(data, "sending last upload chunk of %zu bytes", blen)); + eos = TRUE; + } + result = Curl_xfer_send(data, buf, blen, eos, pnwritten); + if(!result) { + if(eos && (blen == *pnwritten)) + data->req.eos_sent = TRUE; + if(*pnwritten) { + if(hds_len) + Curl_debug(data, CURLINFO_HEADER_OUT, (char *)buf, + CURLMIN(hds_len, *pnwritten)); + if(*pnwritten > hds_len) { + size_t body_len = *pnwritten - hds_len; + Curl_debug(data, CURLINFO_DATA_OUT, (char *)buf + hds_len, body_len); + data->req.writebytecount += body_len; + Curl_pgrsSetUploadCounter(data, data->req.writebytecount); + } } } return result; @@ -241,28 +261,32 @@ static CURLcode req_send_buffer_flush(struct Curl_easy *data) return result; } -static CURLcode req_set_upload_done(struct Curl_easy *data) +CURLcode Curl_req_set_upload_done(struct Curl_easy *data) { DEBUGASSERT(!data->req.upload_done); data->req.upload_done = TRUE; data->req.keepon &= ~(KEEP_SEND|KEEP_SEND_TIMED); /* we are done sending */ + Curl_pgrsTime(data, TIMER_POSTRANSFER); Curl_creader_done(data, data->req.upload_aborted); if(data->req.upload_aborted) { + Curl_bufq_reset(&data->req.sendbuf); if(data->req.writebytecount) - infof(data, "abort upload after having sent %" CURL_FORMAT_CURL_OFF_T - " bytes", data->req.writebytecount); + infof(data, "abort upload after having sent %" FMT_OFF_T " bytes", + data->req.writebytecount); else infof(data, "abort upload"); } else if(data->req.writebytecount) - infof(data, "upload completely sent off: %" CURL_FORMAT_CURL_OFF_T - " bytes", data->req.writebytecount); - else if(!data->req.download_done) - infof(data, Curl_creader_total_length(data)? - "We are completely uploaded and fine" : - "Request completely sent off"); + infof(data, "upload completely sent off: %" FMT_OFF_T " bytes", + data->req.writebytecount); + else if(!data->req.download_done) { + DEBUGASSERT(Curl_bufq_is_empty(&data->req.sendbuf)); + infof(data, Curl_creader_total_length(data) ? + "We are completely uploaded and fine" : + "Request completely sent off"); + } return Curl_xfer_send_close(data); } @@ -279,21 +303,43 @@ static CURLcode req_flush(struct Curl_easy *data) if(result) return result; if(!Curl_bufq_is_empty(&data->req.sendbuf)) { + DEBUGF(infof(data, "Curl_req_flush(len=%zu) -> EAGAIN", + Curl_bufq_len(&data->req.sendbuf))); return CURLE_AGAIN; } } + else if(Curl_xfer_needs_flush(data)) { + DEBUGF(infof(data, "Curl_req_flush(), xfer send_pending")); + return Curl_xfer_flush(data); + } - if(!data->req.upload_done && data->req.eos_read && - Curl_bufq_is_empty(&data->req.sendbuf)) { + if(data->req.eos_read && !data->req.eos_sent) { + char tmp; + size_t nwritten; + result = xfer_send(data, &tmp, 0, 0, &nwritten); + if(result) + return result; + DEBUGASSERT(data->req.eos_sent); + } + + if(!data->req.upload_done && data->req.eos_read && data->req.eos_sent) { + DEBUGASSERT(Curl_bufq_is_empty(&data->req.sendbuf)); if(data->req.shutdown) { bool done; result = Curl_xfer_send_shutdown(data, &done); + if(result && data->req.shutdown_err_ignore) { + infof(data, "Shutdown send direction error: %d. Broken server? " + "Proceeding as if everything is ok.", result); + result = CURLE_OK; + done = TRUE; + } + if(result) return result; if(!done) return CURLE_AGAIN; } - return req_set_upload_done(data); + return Curl_req_set_upload_done(data); } return CURLE_OK; } @@ -367,18 +413,26 @@ CURLcode Curl_req_send(struct Curl_easy *data, struct dynbuf *req) } #endif /* !USE_HYPER */ +bool Curl_req_sendbuf_empty(struct Curl_easy *data) +{ + return !data->req.sendbuf_init || Curl_bufq_is_empty(&data->req.sendbuf); +} + bool Curl_req_want_send(struct Curl_easy *data) { - return data->req.sendbuf_init && !Curl_bufq_is_empty(&data->req.sendbuf); + /* Not done and + * - KEEP_SEND and not PAUSEd. + * - or request has buffered data to send + * - or transfer connection has pending data to send */ + return !data->req.done && + (((data->req.keepon & KEEP_SENDBITS) == KEEP_SEND) || + !Curl_req_sendbuf_empty(data) || + Curl_xfer_needs_flush(data)); } bool Curl_req_done_sending(struct Curl_easy *data) { - if(data->req.upload_done) { - DEBUGASSERT(Curl_bufq_is_empty(&data->req.sendbuf)); - return TRUE; - } - return FALSE; + return data->req.upload_done && !Curl_req_want_send(data); } CURLcode Curl_req_send_more(struct Curl_easy *data) @@ -386,7 +440,10 @@ CURLcode Curl_req_send_more(struct Curl_easy *data) CURLcode result; /* Fill our send buffer if more from client can be read. */ - if(!data->req.eos_read && !Curl_bufq_is_full(&data->req.sendbuf)) { + if(!data->req.upload_aborted && + !data->req.eos_read && + !(data->req.keepon & KEEP_SEND_PAUSE) && + !Curl_bufq_is_full(&data->req.sendbuf)) { ssize_t nread = Curl_bufq_sipn(&data->req.sendbuf, 0, add_from_client, data, &result); if(nread < 0 && result != CURLE_AGAIN) @@ -405,7 +462,18 @@ CURLcode Curl_req_abort_sending(struct Curl_easy *data) if(!data->req.upload_done) { Curl_bufq_reset(&data->req.sendbuf); data->req.upload_aborted = TRUE; - return req_set_upload_done(data); + /* no longer KEEP_SEND and KEEP_SEND_PAUSE */ + data->req.keepon &= ~KEEP_SENDBITS; + return Curl_req_set_upload_done(data); } return CURLE_OK; } + +CURLcode Curl_req_stop_send_recv(struct Curl_easy *data) +{ + /* stop receiving and ALL sending as well, including PAUSE and HOLD. + * We might still be paused on receive client writes though, so + * keep those bits around. */ + data->req.keepon &= ~(KEEP_RECV|KEEP_SENDBITS); + return Curl_req_abort_sending(data); +} diff --git a/libraries/libcurl/request.h b/libraries/libcurl/request.h index 413dacaa..bb722477 100644 --- a/libraries/libcurl/request.h +++ b/libraries/libcurl/request.h @@ -32,6 +32,9 @@ /* forward declarations */ struct UserDefined; +#ifndef CURL_DISABLE_DOH +struct doh_probes; +#endif enum expect100 { EXP100_SEND_DATA, /* enough waiting, just send the body now */ @@ -114,7 +117,7 @@ struct SingleRequest { struct TELNET *telnet; } p; #ifndef CURL_DISABLE_DOH - struct dohdata *doh; /* DoH specific data for this request */ + struct doh_probes *doh; /* DoH specific data for this request */ #endif #ifndef CURL_DISABLE_COOKIES unsigned char setcookies; @@ -127,6 +130,7 @@ struct SingleRequest { BIT(download_done); /* set to TRUE when download is complete */ BIT(eos_written); /* iff EOS has been written to client */ BIT(eos_read); /* iff EOS has been read from the client */ + BIT(eos_sent); /* iff EOS has been sent to the server */ BIT(rewind_read); /* iff reader needs rewind at next start */ BIT(upload_done); /* set to TRUE when all request data has been sent */ BIT(upload_aborted); /* set to TRUE when upload was aborted. Will also @@ -135,6 +139,7 @@ struct SingleRequest { BIT(http_bodyless); /* HTTP response status code is between 100 and 199, 204 or 304 */ BIT(chunk); /* if set, this is a chunked transfer-encoding */ + BIT(resp_trailer); /* response carried 'Trailer:' header field */ BIT(ignore_cl); /* ignore content-length */ BIT(upload_chunky); /* set TRUE if we are doing chunked transfer-encoding on upload */ @@ -146,6 +151,7 @@ struct SingleRequest { negotiation. */ BIT(sendbuf_init); /* sendbuf is initialized */ BIT(shutdown); /* request end will shutdown connection */ + BIT(shutdown_err_ignore); /* errors in shutdown will not fail request */ #ifdef USE_HYPER BIT(bodywritten); #endif @@ -220,10 +226,26 @@ CURLcode Curl_req_send_more(struct Curl_easy *data); */ bool Curl_req_want_send(struct Curl_easy *data); +/** + * TRUE iff the request has no buffered bytes yet to send. + */ +bool Curl_req_sendbuf_empty(struct Curl_easy *data); + /** * Stop sending any more request data to the server. * Will clear the send buffer and mark request sending as done. */ CURLcode Curl_req_abort_sending(struct Curl_easy *data); +/** + * Stop sending and receiving any more request data. + * Will abort sending if not done. + */ +CURLcode Curl_req_stop_send_recv(struct Curl_easy *data); + +/** + * Invoked when all request data has been uploaded. + */ +CURLcode Curl_req_set_upload_done(struct Curl_easy *data); + #endif /* HEADER_CURL_REQUEST_H */ diff --git a/libraries/libcurl/rtsp.c b/libraries/libcurl/rtsp.c index a9050806..0bd6ad62 100644 --- a/libraries/libcurl/rtsp.c +++ b/libraries/libcurl/rtsp.c @@ -359,8 +359,8 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) /* Accept Headers for DESCRIBE requests */ if(rtspreq == RTSPREQ_DESCRIBE) { /* Accept Header */ - p_accept = Curl_checkheaders(data, STRCONST("Accept"))? - NULL:"Accept: application/sdp\r\n"; + p_accept = Curl_checkheaders(data, STRCONST("Accept")) ? + NULL : "Accept: application/sdp\r\n"; /* Accept-Encoding header */ if(!Curl_checkheaders(data, STRCONST("Accept-Encoding")) && @@ -533,8 +533,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) * actually set a custom Content-Length in the headers */ if(!Curl_checkheaders(data, STRCONST("Content-Length"))) { result = - Curl_dyn_addf(&req_buffer, - "Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n", + Curl_dyn_addf(&req_buffer, "Content-Length: %" FMT_OFF_T"\r\n", req_clen); if(result) goto out; @@ -616,7 +615,7 @@ static CURLcode rtp_write_body_junk(struct Curl_easy *data, in_body = (data->req.headerline && !rtspc->in_header) && (data->req.size >= 0) && (data->req.bytecount < data->req.size); - body_remain = in_body? (data->req.size - data->req.bytecount) : 0; + body_remain = in_body ? (data->req.size - data->req.bytecount) : 0; DEBUGASSERT(body_remain >= 0); if(body_remain) { if((curl_off_t)blen > body_remain) @@ -854,12 +853,12 @@ static CURLcode rtsp_rtp_write_resp(struct Curl_easy *data, * In which case we write out the left over bytes, letting the client * writer deal with it (it will report EXCESS and fail the transfer). */ DEBUGF(infof(data, "rtsp_rtp_write_resp(len=%zu, in_header=%d, done=%d " - " rtspc->state=%d, req.size=%" CURL_FORMAT_CURL_OFF_T ")", + " rtspc->state=%d, req.size=%" FMT_OFF_T ")", blen, rtspc->in_header, data->req.done, rtspc->state, data->req.size)); if(!result && (is_eos || blen)) { result = Curl_client_write(data, CLIENTWRITE_BODY| - (is_eos? CLIENTWRITE_EOS:0), + (is_eos ? CLIENTWRITE_EOS : 0), (char *)buf, blen); } @@ -899,9 +898,9 @@ CURLcode rtp_client_write(struct Curl_easy *data, const char *ptr, size_t len) user_ptr = data->set.out; } - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); wrote = writeit((char *)ptr, 1, len, user_ptr); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); if(CURL_WRITEFUNC_PAUSE == wrote) { failf(data, "Cannot pause RTP"); diff --git a/libraries/libcurl/select.c b/libraries/libcurl/select.c index 96b0632f..c1779ad1 100644 --- a/libraries/libcurl/select.c +++ b/libraries/libcurl/select.c @@ -24,6 +24,10 @@ #include "curl_setup.h" +#if !defined(HAVE_SELECT) && !defined(HAVE_POLL) +#error "We cannot compile without select() or poll() support." +#endif + #include #ifdef HAVE_SYS_SELECT_H @@ -32,10 +36,6 @@ #include #endif -#if !defined(HAVE_SELECT) && !defined(HAVE_POLL_FINE) -#error "We cannot compile without select() or poll() support." -#endif - #ifdef MSDOS #include /* delay() */ #endif @@ -53,16 +53,15 @@ #include "memdebug.h" /* - * Internal function used for waiting a specific amount of ms - * in Curl_socket_check() and Curl_poll() when no file descriptor - * is provided to wait on, just being used to delay execution. - * WinSock select() and poll() timeout mechanisms need a valid - * socket descriptor in a not null file descriptor set to work. - * Waiting indefinitely with this function is not allowed, a - * zero or negative timeout value will return immediately. - * Timeout resolution, accuracy, as well as maximum supported - * value is system dependent, neither factor is a critical issue - * for the intended use of this function in the library. + * Internal function used for waiting a specific amount of ms in + * Curl_socket_check() and Curl_poll() when no file descriptor is provided to + * wait on, just being used to delay execution. Winsock select() and poll() + * timeout mechanisms need a valid socket descriptor in a not null file + * descriptor set to work. Waiting indefinitely with this function is not + * allowed, a zero or negative timeout value will return immediately. Timeout + * resolution, accuracy, as well as maximum supported value is system + * dependent, neither factor is a critical issue for the intended use of this + * function in the library. * * Return values: * -1 = system call error, or invalid timeout value @@ -89,20 +88,13 @@ int Curl_wait_ms(timediff_t timeout_ms) #endif Sleep((ULONG)timeout_ms); #else -#if defined(HAVE_POLL_FINE) - /* prevent overflow, timeout_ms is typecast to int. */ -#if TIMEDIFF_T_MAX > INT_MAX - if(timeout_ms > INT_MAX) - timeout_ms = INT_MAX; -#endif - r = poll(NULL, 0, (int)timeout_ms); -#else + /* avoid using poll() for this since it behaves incorrectly with no sockets + on Apple operating systems */ { struct timeval pending_tv; r = select(0, NULL, NULL, NULL, curlx_mstotv(&pending_tv, timeout_ms)); } -#endif /* HAVE_POLL_FINE */ -#endif /* USE_WINSOCK */ +#endif /* _WIN32 */ if(r) { if((r == -1) && (SOCKERRNO == EINTR)) /* make EINTR from select or poll not a "lethal" error */ @@ -113,12 +105,12 @@ int Curl_wait_ms(timediff_t timeout_ms) return r; } -#ifndef HAVE_POLL_FINE +#ifndef HAVE_POLL /* - * This is a wrapper around select() to aid in Windows compatibility. - * A negative timeout value makes this function wait indefinitely, - * unless no valid file descriptor is given, when this happens the - * negative timeout is ignored and the function times out immediately. + * This is a wrapper around select() to aid in Windows compatibility. A + * negative timeout value makes this function wait indefinitely, unless no + * valid file descriptor is given, when this happens the negative timeout is + * ignored and the function times out immediately. * * Return values: * -1 = system call error or fd >= FD_SETSIZE @@ -135,7 +127,7 @@ static int our_select(curl_socket_t maxfd, /* highest socket number */ struct timeval *ptimeout; #ifdef USE_WINSOCK - /* WinSock select() cannot handle zero events. See the comment below. */ + /* Winsock select() cannot handle zero events. See the comment below. */ if((!fds_read || fds_read->fd_count == 0) && (!fds_write || fds_write->fd_count == 0) && (!fds_err || fds_err->fd_count == 0)) { @@ -147,7 +139,7 @@ static int our_select(curl_socket_t maxfd, /* highest socket number */ ptimeout = curlx_mstotv(&pending_tv, timeout_ms); #ifdef USE_WINSOCK - /* WinSock select() must not be called with an fd_set that contains zero + /* Winsock select() must not be called with an fd_set that contains zero fd flags, or it will return WSAEINVAL. But, it also cannot be called with no fd_sets at all! From the documentation: @@ -155,8 +147,8 @@ static int our_select(curl_socket_t maxfd, /* highest socket number */ given as null. At least one must be non-null, and any non-null descriptor set must contain at least one handle to a socket. - It is unclear why WinSock does not just handle this for us instead of - calling this an error. Luckily, with WinSock, we can _also_ ask how + It is unclear why Winsock does not just handle this for us instead of + calling this an error. Luckily, with Winsock, we can _also_ ask how many bits are set on an fd_set. So, let's just check it beforehand. */ return select((int)maxfd + 1, @@ -172,13 +164,13 @@ static int our_select(curl_socket_t maxfd, /* highest socket number */ /* * Wait for read or write events on a set of file descriptors. It uses poll() - * when a fine poll() is available, in order to avoid limits with FD_SETSIZE, + * when poll() is available, in order to avoid limits with FD_SETSIZE, * otherwise select() is used. An error is returned if select() is being used * and a file descriptor is too large for FD_SETSIZE. * - * A negative timeout value makes this function wait indefinitely, - * unless no valid file descriptor is given, when this happens the - * negative timeout is ignored and the function times out immediately. + * A negative timeout value makes this function wait indefinitely, unless no + * valid file descriptor is given, when this happens the negative timeout is + * ignored and the function times out immediately. * * Return values: * -1 = system call error or fd >= FD_SETSIZE @@ -275,7 +267,7 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */ */ int Curl_poll(struct pollfd ufds[], unsigned int nfds, timediff_t timeout_ms) { -#ifdef HAVE_POLL_FINE +#ifdef HAVE_POLL int pending_ms; #else fd_set fds_read; @@ -305,7 +297,7 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, timediff_t timeout_ms) when function is called with a zero timeout or a negative timeout value indicating a blocking call should be performed. */ -#ifdef HAVE_POLL_FINE +#ifdef HAVE_POLL /* prevent overflow, timeout_ms is typecast to int. */ #if TIMEDIFF_T_MAX > INT_MAX @@ -335,7 +327,7 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, timediff_t timeout_ms) ufds[i].revents |= POLLIN|POLLOUT; } -#else /* HAVE_POLL_FINE */ +#else /* HAVE_POLL */ FD_ZERO(&fds_read); FD_ZERO(&fds_write); @@ -361,8 +353,8 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, timediff_t timeout_ms) } /* - Note also that WinSock ignores the first argument, so we do not worry - about the fact that maxfd is computed incorrectly with WinSock (since + Note also that Winsock ignores the first argument, so we do not worry + about the fact that maxfd is computed incorrectly with Winsock (since curl_socket_t is unsigned in such cases and thus -1 is the largest value). */ @@ -401,7 +393,7 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, timediff_t timeout_ms) r++; } -#endif /* HAVE_POLL_FINE */ +#endif /* HAVE_POLL */ return r; } diff --git a/libraries/libcurl/sendf.c b/libraries/libcurl/sendf.c index 24b90d2a..30a35172 100644 --- a/libraries/libcurl/sendf.c +++ b/libraries/libcurl/sendf.c @@ -292,15 +292,15 @@ static CURLcode cw_download_write(struct Curl_easy *data, if((type & CLIENTWRITE_EOS) && !data->req.no_body && (data->req.maxdownload > data->req.bytecount)) { - failf(data, "end of response with %" CURL_FORMAT_CURL_OFF_T - " bytes missing", data->req.maxdownload - data->req.bytecount); + failf(data, "end of response with %" FMT_OFF_T " bytes missing", + data->req.maxdownload - data->req.bytecount); return CURLE_PARTIAL_FILE; } } /* Error on too large filesize is handled below, after writing * the permitted bytes */ - if(data->set.max_filesize) { + if(data->set.max_filesize && !data->req.ignorebody) { size_t wmax = get_max_body_write_len(data, data->set.max_filesize); if(nwrite > wmax) { nwrite = wmax; @@ -328,18 +328,17 @@ static CURLcode cw_download_write(struct Curl_easy *data, infof(data, "Excess found writing body:" " excess = %zu" - ", size = %" CURL_FORMAT_CURL_OFF_T - ", maxdownload = %" CURL_FORMAT_CURL_OFF_T - ", bytecount = %" CURL_FORMAT_CURL_OFF_T, + ", size = %" FMT_OFF_T + ", maxdownload = %" FMT_OFF_T + ", bytecount = %" FMT_OFF_T, excess_len, data->req.size, data->req.maxdownload, data->req.bytecount); connclose(data->conn, "excess found in a read"); } } - else if(nwrite < nbytes) { + else if((nwrite < nbytes) && !data->req.ignorebody) { failf(data, "Exceeded the maximum allowed file size " - "(%" CURL_FORMAT_CURL_OFF_T ") with %" - CURL_FORMAT_CURL_OFF_T " bytes", + "(%" FMT_OFF_T ") with %" FMT_OFF_T " bytes", data->set.max_filesize, data->req.bytecount); return CURLE_FILESIZE_EXCEEDED; } @@ -399,7 +398,7 @@ CURLcode Curl_cwriter_create(struct Curl_cwriter **pwriter, result = cwt->do_init(data, writer); out: - *pwriter = result? NULL : writer; + *pwriter = result ? NULL : writer; if(result) free(writer); return result; @@ -576,7 +575,7 @@ bool Curl_creader_def_needs_rewind(struct Curl_easy *data, curl_off_t Curl_creader_def_total_length(struct Curl_easy *data, struct Curl_creader *reader) { - return reader->next? + return reader->next ? reader->next->crt->total_length(data, reader->next) : -1; } @@ -678,9 +677,9 @@ static CURLcode cr_in_read(struct Curl_easy *data, } nread = 0; if(ctx->read_cb && blen) { - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); nread = ctx->read_cb(buf, 1, blen, ctx->cb_user_data); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); ctx->has_used_cb = TRUE; } @@ -688,8 +687,8 @@ static CURLcode cr_in_read(struct Curl_easy *data, case 0: if((ctx->total_len >= 0) && (ctx->read_len < ctx->total_len)) { failf(data, "client read function EOF fail, " - "only %"CURL_FORMAT_CURL_OFF_T"/%"CURL_FORMAT_CURL_OFF_T - " of needed bytes read", ctx->read_len, ctx->total_len); + "only %"FMT_OFF_T"/%"FMT_OFF_T " of needed bytes read", + ctx->read_len, ctx->total_len); return CURLE_READ_ERROR; } *pnread = 0; @@ -738,8 +737,8 @@ static CURLcode cr_in_read(struct Curl_easy *data, *peos = ctx->seen_eos; break; } - CURL_TRC_READ(data, "cr_in_read(len=%zu, total=%"CURL_FORMAT_CURL_OFF_T - ", read=%"CURL_FORMAT_CURL_OFF_T") -> %d, nread=%zu, eos=%d", + CURL_TRC_READ(data, "cr_in_read(len=%zu, total=%"FMT_OFF_T + ", read=%"FMT_OFF_T") -> %d, nread=%zu, eos=%d", blen, ctx->total_len, ctx->read_len, CURLE_OK, *pnread, *peos); return CURLE_OK; @@ -774,9 +773,9 @@ static CURLcode cr_in_resume_from(struct Curl_easy *data, return CURLE_READ_ERROR; if(data->set.seek_func) { - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); seekerr = data->set.seek_func(data->set.seek_client, offset, SEEK_SET); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); } if(seekerr != CURL_SEEKFUNC_OK) { @@ -795,17 +794,17 @@ static CURLcode cr_in_resume_from(struct Curl_easy *data, curlx_sotouz(offset - passed); size_t actuallyread; - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); actuallyread = ctx->read_cb(scratch, 1, readthisamountnow, ctx->cb_user_data); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); passed += actuallyread; if((actuallyread == 0) || (actuallyread > readthisamountnow)) { /* this checks for greater-than only to make sure that the CURL_READFUNC_ABORT return code still aborts */ - failf(data, "Could only read %" CURL_FORMAT_CURL_OFF_T - " bytes from the input", passed); + failf(data, "Could only read %" FMT_OFF_T " bytes from the input", + passed); return CURLE_READ_ERROR; } } while(passed < offset); @@ -836,9 +835,9 @@ static CURLcode cr_in_rewind(struct Curl_easy *data, if(data->set.seek_func) { int err; - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); err = (data->set.seek_func)(data->set.seek_client, 0, SEEK_SET); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); CURL_TRC_READ(data, "cr_in, rewind via set.seek_func -> %d", err); if(err) { failf(data, "seek callback returned error %d", (int)err); @@ -848,10 +847,10 @@ static CURLcode cr_in_rewind(struct Curl_easy *data, else if(data->set.ioctl_func) { curlioerr err; - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); err = (data->set.ioctl_func)(data, CURLIOCMD_RESTARTREAD, data->set.ioctl_client); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); CURL_TRC_READ(data, "cr_in, rewind via set.ioctl_func -> %d", (int)err); if(err) { failf(data, "ioctl callback returned error %d", (int)err); @@ -931,7 +930,7 @@ CURLcode Curl_creader_create(struct Curl_creader **preader, result = crt->do_init(data, reader); out: - *preader = result? NULL : reader; + *preader = result ? NULL : reader; if(result) free(reader); return result; @@ -950,6 +949,7 @@ struct cr_lc_ctx { struct bufq buf; BIT(read_eos); /* we read an EOS from the next reader */ BIT(eos); /* we have returned an EOS */ + BIT(prev_cr); /* the last byte was a CR */ }; static CURLcode cr_lc_init(struct Curl_easy *data, struct Curl_creader *reader) @@ -1006,10 +1006,15 @@ static CURLcode cr_lc_read(struct Curl_easy *data, goto out; } - /* at least one \n needs conversion to '\r\n', place into ctx->buf */ + /* at least one \n might need conversion to '\r\n', place into ctx->buf */ for(i = start = 0; i < nread; ++i) { - if(buf[i] != '\n') + /* if this byte is not an LF character, or if the preceding character is + a CR (meaning this already is a CRLF pair), go to next */ + if((buf[i] != '\n') || ctx->prev_cr) { + ctx->prev_cr = (buf[i] == '\r'); continue; + } + ctx->prev_cr = FALSE; /* on a soft limit bufq, we do not need to check length */ result = Curl_bufq_cwrite(&ctx->buf, buf + start, i - start, &n); if(!result) @@ -1103,7 +1108,7 @@ static CURLcode do_init_reader_stack(struct Curl_easy *data, /* if we do not have 0 length init, and crlf conversion is wanted, * add the reader for it */ if(clen && (data->set.crlf -#ifdef CURL_DO_LINEEND_CONV +#ifdef CURL_PREFER_LF_LINEENDS || data->state.prefer_ascii #endif )) { @@ -1130,8 +1135,8 @@ CURLcode Curl_creader_set_fread(struct Curl_easy *data, curl_off_t len) cl_reset_reader(data); result = do_init_reader_stack(data, r); out: - CURL_TRC_READ(data, "add fread reader, len=%"CURL_FORMAT_CURL_OFF_T - " -> %d", len, result); + CURL_TRC_READ(data, "add fread reader, len=%"FMT_OFF_T " -> %d", + len, result); return result; } @@ -1371,7 +1376,7 @@ CURLcode Curl_creader_set_buf(struct Curl_easy *data, curl_off_t Curl_creader_total_length(struct Curl_easy *data) { struct Curl_creader *r = data->req.reader_stack; - return r? r->crt->total_length(data, r) : -1; + return r ? r->crt->total_length(data, r) : -1; } curl_off_t Curl_creader_client_length(struct Curl_easy *data) @@ -1379,7 +1384,7 @@ curl_off_t Curl_creader_client_length(struct Curl_easy *data) struct Curl_creader *r = data->req.reader_stack; while(r && r->phase != CURL_CR_CLIENT) r = r->next; - return r? r->crt->total_length(data, r) : -1; + return r ? r->crt->total_length(data, r) : -1; } CURLcode Curl_creader_resume_from(struct Curl_easy *data, curl_off_t offset) @@ -1387,7 +1392,7 @@ CURLcode Curl_creader_resume_from(struct Curl_easy *data, curl_off_t offset) struct Curl_creader *r = data->req.reader_stack; while(r && r->phase != CURL_CR_CLIENT) r = r->next; - return r? r->crt->resume_from(data, r, offset) : CURLE_READ_ERROR; + return r ? r->crt->resume_from(data, r, offset) : CURLE_READ_ERROR; } CURLcode Curl_creader_unpause(struct Curl_easy *data) diff --git a/libraries/libcurl/setopt.c b/libraries/libcurl/setopt.c index 7d35651d..4f069721 100644 --- a/libraries/libcurl/setopt.c +++ b/libraries/libcurl/setopt.c @@ -139,30 +139,24 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp) return CURLE_OK; } -static CURLcode setstropt_interface( - char *option, char **devp, char **ifacep, char **hostp) +static CURLcode setstropt_interface(char *option, char **devp, + char **ifacep, char **hostp) { char *dev = NULL; char *iface = NULL; char *host = NULL; - size_t len; CURLcode result; DEBUGASSERT(devp); DEBUGASSERT(ifacep); DEBUGASSERT(hostp); - /* Parse the interface details */ - if(!option || !*option) - return CURLE_BAD_FUNCTION_ARGUMENT; - len = strlen(option); - if(len > 255) - return CURLE_BAD_FUNCTION_ARGUMENT; - - result = Curl_parse_interface(option, len, &dev, &iface, &host); - if(result) - return result; - + if(option) { + /* Parse the interface details if set, otherwise clear them all */ + result = Curl_parse_interface(option, &dev, &iface, &host); + if(result) + return result; + } free(*devp); *devp = dev; @@ -199,7 +193,7 @@ static CURLcode protocol2num(const char *str, curl_prot_t *val) size_t tlen; str = strchr(str, ','); - tlen = str? (size_t) (str - token): strlen(token); + tlen = str ? (size_t) (str - token) : strlen(token); if(tlen) { const struct Curl_handler *h = Curl_getn_scheme_handler(token, tlen); @@ -216,21 +210,58 @@ static CURLcode protocol2num(const char *str, curl_prot_t *val) return CURLE_OK; } -/* - * Do not make Curl_vsetopt() static: it is called from - * packages/OS400/ccsidcurl.c. - */ -CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) +static CURLcode httpauth(struct Curl_easy *data, bool proxy, + unsigned long auth) { - char *argptr; - CURLcode result = CURLE_OK; - long arg; - unsigned long uarg; - curl_off_t bigsize; + if(auth != CURLAUTH_NONE) { + int bitcheck = 0; + bool authbits = FALSE; + /* the DIGEST_IE bit is only used to set a special marker, for all the + rest we need to handle it as normal DIGEST */ + bool iestyle = !!(auth & CURLAUTH_DIGEST_IE); + if(proxy) + data->state.authproxy.iestyle = iestyle; + else + data->state.authhost.iestyle = iestyle; + + if(auth & CURLAUTH_DIGEST_IE) { + auth |= CURLAUTH_DIGEST; /* set standard digest bit */ + auth &= ~CURLAUTH_DIGEST_IE; /* unset ie digest bit */ + } + + /* switch off bits we cannot support */ +#ifndef USE_NTLM + auth &= ~CURLAUTH_NTLM; /* no NTLM support */ +#endif +#ifndef USE_SPNEGO + auth &= ~CURLAUTH_NEGOTIATE; /* no Negotiate (SPNEGO) auth without GSS-API + or SSPI */ +#endif + + /* check if any auth bit lower than CURLAUTH_ONLY is still set */ + while(bitcheck < 31) { + if(auth & (1UL << bitcheck++)) { + authbits = TRUE; + break; + } + } + if(!authbits) + return CURLE_NOT_BUILT_IN; /* no supported types left! */ + } + if(proxy) + data->set.proxyauth = auth; + else + data->set.httpauth = auth; + return CURLE_OK; +} +static CURLcode setopt_long(struct Curl_easy *data, CURLoption option, + long arg) +{ + bool enabled = (0 != arg); + unsigned long uarg = (unsigned long)arg; switch(option) { case CURLOPT_DNS_CACHE_TIMEOUT: - arg = va_arg(param, long); if(arg < -1) return CURLE_BAD_FUNCTION_ARGUMENT; else if(arg > INT_MAX) @@ -240,7 +271,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; case CURLOPT_CA_CACHE_TIMEOUT: if(Curl_ssl_supports(data, SSLSUPP_CA_CACHE)) { - arg = va_arg(param, long); if(arg < -1) return CURLE_BAD_FUNCTION_ARGUMENT; else if(arg > INT_MAX) @@ -251,87 +281,47 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) else return CURLE_NOT_BUILT_IN; break; - case CURLOPT_DNS_USE_GLOBAL_CACHE: - /* deprecated */ - break; - case CURLOPT_SSL_CIPHER_LIST: - /* set a list of cipher we want to use in the SSL connection */ - result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST], - va_arg(param, char *)); - break; -#ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXY_SSL_CIPHER_LIST: - /* set a list of cipher we want to use in the SSL connection for proxy */ - result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST_PROXY], - va_arg(param, char *)); - break; -#endif - case CURLOPT_TLS13_CIPHERS: - if(Curl_ssl_supports(data, SSLSUPP_TLS13_CIPHERSUITES)) { - /* set preferred list of TLS 1.3 cipher suites */ - result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER13_LIST], - va_arg(param, char *)); - } - else - return CURLE_NOT_BUILT_IN; - break; -#ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXY_TLS13_CIPHERS: - if(Curl_ssl_supports(data, SSLSUPP_TLS13_CIPHERSUITES)) { - /* set preferred list of TLS 1.3 cipher suites for proxy */ - result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER13_LIST_PROXY], - va_arg(param, char *)); - } - else - return CURLE_NOT_BUILT_IN; - break; -#endif - case CURLOPT_RANDOM_FILE: - break; - case CURLOPT_EGDSOCKET: - break; case CURLOPT_MAXCONNECTS: /* * Set the absolute number of maximum simultaneous alive connection that * libcurl is allowed to have. */ - uarg = va_arg(param, unsigned long); if(uarg > UINT_MAX) return CURLE_BAD_FUNCTION_ARGUMENT; data->set.maxconnects = (unsigned int)uarg; break; - case CURLOPT_FORBID_REUSE: + case CURLOPT_FORBID_REUSE: /* * When this transfer is done, it must not be left to be reused by a * subsequent transfer but shall be closed immediately. */ - data->set.reuse_forbid = (0 != va_arg(param, long)); + data->set.reuse_forbid = enabled; break; case CURLOPT_FRESH_CONNECT: /* * This transfer shall not use a previously cached connection but * should be made with a fresh new connect! */ - data->set.reuse_fresh = (0 != va_arg(param, long)); + data->set.reuse_fresh = enabled; break; case CURLOPT_VERBOSE: /* * Verbose means infof() calls that give a lot of information about * the connection and transfer procedures as well as internal choices. */ - data->set.verbose = (0 != va_arg(param, long)); + data->set.verbose = enabled; break; case CURLOPT_HEADER: /* * Set to include the header in the general data output stream. */ - data->set.include_header = (0 != va_arg(param, long)); + data->set.include_header = enabled; break; case CURLOPT_NOPROGRESS: /* * Shut off the internal supported progress meter */ - data->set.hide_progress = (0 != va_arg(param, long)); + data->set.hide_progress = enabled; if(data->set.hide_progress) data->progress.flags |= PGRS_HIDE; else @@ -341,7 +331,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* * Do not include the body part in the output data stream. */ - data->set.opt_no_body = (0 != va_arg(param, long)); + data->set.opt_no_body = enabled; #ifndef CURL_DISABLE_HTTP if(data->set.opt_no_body) /* in HTTP lingo, no body means using the HEAD request... */ @@ -355,10 +345,10 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Do not output the >=400 error code HTML-page, but instead only * return error. */ - data->set.http_fail_on_error = (0 != va_arg(param, long)); + data->set.http_fail_on_error = enabled; break; case CURLOPT_KEEP_SENDING_ON_ERROR: - data->set.http_keep_sending_on_error = (0 != va_arg(param, long)); + data->set.http_keep_sending_on_error = enabled; break; case CURLOPT_UPLOAD: case CURLOPT_PUT: @@ -366,7 +356,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * We want to sent data to the remote host. If this is HTTP, that equals * using the PUT request. */ - arg = va_arg(param, long); if(arg) { /* If this is HTTP, PUT is what's needed to "upload" */ data->set.method = HTTPREQ_PUT; @@ -377,23 +366,18 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) then this can be changed to HEAD later on) */ data->set.method = HTTPREQ_GET; break; - case CURLOPT_REQUEST_TARGET: - result = Curl_setstropt(&data->set.str[STRING_TARGET], - va_arg(param, char *)); - break; case CURLOPT_FILETIME: /* * Try to get the file time of the remote document. The time will * later (possibly) become available using curl_easy_getinfo(). */ - data->set.get_filetime = (0 != va_arg(param, long)); + data->set.get_filetime = enabled; break; case CURLOPT_SERVER_RESPONSE_TIMEOUT: /* * Option that specifies how quickly a server response must be obtained * before it is considered failure. For pingpong protocols. */ - arg = va_arg(param, long); if((arg >= 0) && (arg <= (INT_MAX/1000))) data->set.server_response_timeout = (unsigned int)arg * 1000; else @@ -404,7 +388,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Option that specifies how quickly a server response must be obtained * before it is considered failure. For pingpong protocols. */ - arg = va_arg(param, long); if((arg >= 0) && (arg <= INT_MAX)) data->set.server_response_timeout = (unsigned int)arg; else @@ -416,15 +399,16 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Option that prevents libcurl from sending TFTP option requests to the * server. */ - data->set.tftp_no_options = va_arg(param, long) != 0; + data->set.tftp_no_options = enabled; break; case CURLOPT_TFTP_BLKSIZE: /* * TFTP option that specifies the block size to use for data transmission. */ - arg = va_arg(param, long); - if(arg > TFTP_BLKSIZE_MAX || arg < TFTP_BLKSIZE_MIN) - return CURLE_BAD_FUNCTION_ARGUMENT; + if(arg < TFTP_BLKSIZE_MIN) + arg = 512; + else if(arg > TFTP_BLKSIZE_MAX) + arg = TFTP_BLKSIZE_MAX; data->set.tftp_blksize = arg; break; #endif @@ -433,18 +417,10 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* * Parse the $HOME/.netrc file */ - arg = va_arg(param, long); if((arg < CURL_NETRC_IGNORED) || (arg >= CURL_NETRC_LAST)) return CURLE_BAD_FUNCTION_ARGUMENT; data->set.use_netrc = (unsigned char)arg; break; - case CURLOPT_NETRC_FILE: - /* - * Use this file instead of the $HOME/.netrc file - */ - result = Curl_setstropt(&data->set.str[STRING_NETRC_FILE], - va_arg(param, char *)); - break; #endif case CURLOPT_TRANSFERTEXT: /* @@ -453,14 +429,13 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * * Transfer using ASCII (instead of BINARY). */ - data->set.prefer_ascii = (0 != va_arg(param, long)); + data->set.prefer_ascii = enabled; break; case CURLOPT_TIMECONDITION: /* * Set HTTP time condition. This must be one of the defines in the * curl/curl.h header file. */ - arg = va_arg(param, long); if((arg < CURL_TIMECOND_NONE) || (arg >= CURL_TIMECOND_LAST)) return CURLE_BAD_FUNCTION_ARGUMENT; data->set.timecondition = (unsigned char)(curl_TimeCond)arg; @@ -470,17 +445,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * This is the value to compare with the remote document with the * method set with CURLOPT_TIMECONDITION */ - data->set.timevalue = (time_t)va_arg(param, long); - break; - - case CURLOPT_TIMEVALUE_LARGE: - /* - * This is the value to compare with the remote document with the - * method set with CURLOPT_TIMECONDITION - */ - data->set.timevalue = (time_t)va_arg(param, curl_off_t); + data->set.timevalue = (time_t)arg; break; - case CURLOPT_SSLVERSION: #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_SSLVERSION: @@ -497,9 +463,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) if(option != CURLOPT_SSLVERSION) primary = &data->set.proxy_ssl.primary; #endif - - arg = va_arg(param, long); - version = C_SSLVERSION_VALUE(arg); version_max = (long)C_SSLVERSION_MAX_VALUE(arg); @@ -515,136 +478,54 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) primary->version_max = (unsigned int)version_max; } #else - result = CURLE_NOT_BUILT_IN; + return CURLE_NOT_BUILT_IN; #endif break; - - /* MQTT "borrows" some of the HTTP options */ -#if !defined(CURL_DISABLE_HTTP) || !defined(CURL_DISABLE_MQTT) - case CURLOPT_COPYPOSTFIELDS: - /* - * A string with POST data. Makes curl HTTP POST. Even if it is NULL. - * If needed, CURLOPT_POSTFIELDSIZE must have been set prior to - * CURLOPT_COPYPOSTFIELDS and not altered later. - */ - argptr = va_arg(param, char *); - - if(!argptr || data->set.postfieldsize == -1) - result = Curl_setstropt(&data->set.str[STRING_COPYPOSTFIELDS], argptr); - else { - /* - * Check that requested length does not overflow the size_t type. - */ - - if((data->set.postfieldsize < 0) || - ((sizeof(curl_off_t) != sizeof(size_t)) && - (data->set.postfieldsize > (curl_off_t)((size_t)-1)))) - result = CURLE_OUT_OF_MEMORY; - else { - /* Allocate even when size == 0. This satisfies the need of possible - later address compare to detect the COPYPOSTFIELDS mode, and to - mark that postfields is used rather than read function or form - data. - */ - char *p = Curl_memdup0(argptr, (size_t)data->set.postfieldsize); - if(!p) - result = CURLE_OUT_OF_MEMORY; - else { - free(data->set.str[STRING_COPYPOSTFIELDS]); - data->set.str[STRING_COPYPOSTFIELDS] = p; - } - } - } - - data->set.postfields = data->set.str[STRING_COPYPOSTFIELDS]; - data->set.method = HTTPREQ_POST; - break; - - case CURLOPT_POSTFIELDS: - /* - * Like above, but use static data instead of copying it. - */ - data->set.postfields = va_arg(param, void *); - /* Release old copied data. */ - Curl_safefree(data->set.str[STRING_COPYPOSTFIELDS]); - data->set.method = HTTPREQ_POST; - break; - case CURLOPT_POSTFIELDSIZE: /* * The size of the POSTFIELD data to prevent libcurl to do strlen() to * figure it out. Enables binary posts. */ - bigsize = va_arg(param, long); - if(bigsize < -1) + if(arg < -1) return CURLE_BAD_FUNCTION_ARGUMENT; - if(data->set.postfieldsize < bigsize && + if(data->set.postfieldsize < arg && data->set.postfields == data->set.str[STRING_COPYPOSTFIELDS]) { /* Previous CURLOPT_COPYPOSTFIELDS is no longer valid. */ Curl_safefree(data->set.str[STRING_COPYPOSTFIELDS]); data->set.postfields = NULL; } - data->set.postfieldsize = bigsize; + data->set.postfieldsize = arg; break; - - case CURLOPT_POSTFIELDSIZE_LARGE: +#ifndef CURL_DISABLE_HTTP +#if !defined(CURL_DISABLE_COOKIES) + case CURLOPT_COOKIESESSION: /* - * The size of the POSTFIELD data to prevent libcurl to do strlen() to - * figure it out. Enables binary posts. + * Set this option to TRUE to start a new "cookie session". It will + * prevent the forthcoming read-cookies-from-file actions to accept + * cookies that are marked as being session cookies, as they belong to a + * previous session. */ - bigsize = va_arg(param, curl_off_t); - if(bigsize < -1) - return CURLE_BAD_FUNCTION_ARGUMENT; - - if(data->set.postfieldsize < bigsize && - data->set.postfields == data->set.str[STRING_COPYPOSTFIELDS]) { - /* Previous CURLOPT_COPYPOSTFIELDS is no longer valid. */ - Curl_safefree(data->set.str[STRING_COPYPOSTFIELDS]); - data->set.postfields = NULL; - } - - data->set.postfieldsize = bigsize; + data->set.cookiesession = enabled; break; #endif -#ifndef CURL_DISABLE_HTTP case CURLOPT_AUTOREFERER: /* * Switch on automatic referer that gets set if curl follows locations. */ - data->set.http_auto_referer = (0 != va_arg(param, long)); - break; - - case CURLOPT_ACCEPT_ENCODING: - /* - * String to use at the value of Accept-Encoding header. - * - * If the encoding is set to "" we use an Accept-Encoding header that - * encompasses all the encodings we support. - * If the encoding is set to NULL we do not send an Accept-Encoding header - * and ignore an received Content-Encoding header. - * - */ - argptr = va_arg(param, char *); - if(argptr && !*argptr) { - char all[256]; - Curl_all_content_encodings(all, sizeof(all)); - result = Curl_setstropt(&data->set.str[STRING_ENCODING], all); - } - else - result = Curl_setstropt(&data->set.str[STRING_ENCODING], argptr); + data->set.http_auto_referer = enabled; break; case CURLOPT_TRANSFER_ENCODING: - data->set.http_transfer_encoding = (0 != va_arg(param, long)); + data->set.http_transfer_encoding = enabled; break; case CURLOPT_FOLLOWLOCATION: /* * Follow Location: header hints on an HTTP-server. */ - data->set.http_follow_location = (0 != va_arg(param, long)); + data->set.http_follow_location = enabled; break; case CURLOPT_UNRESTRICTED_AUTH: @@ -652,7 +533,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Send authentication (user+password) when following locations, even when * hostname changed. */ - data->set.allow_auth_to_other_hosts = (0 != va_arg(param, long)); + data->set.allow_auth_to_other_hosts = enabled; break; case CURLOPT_MAXREDIRS: @@ -660,7 +541,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * The maximum amount of hops you allow curl to follow Location: * headers. This should mostly be used to detect never-ending loops. */ - arg = va_arg(param, long); if(arg < -1) return CURLE_BAD_FUNCTION_ARGUMENT; data->set.maxredirs = arg; @@ -676,7 +556,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * CURL_REDIR_POST_ALL - POST is kept as POST after 301, 302 and 303 * other - POST is kept as POST after 301 and 302 */ - arg = va_arg(param, long); if(arg < CURL_REDIR_GET_ALL) /* no return error on too high numbers since the bitmask could be extended in a future */ @@ -688,887 +567,904 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* Does this option serve a purpose anymore? Yes it does, when CURLOPT_POSTFIELDS is not used and the POST data is read off the callback! */ - if(va_arg(param, long)) { + if(arg) { data->set.method = HTTPREQ_POST; data->set.opt_no_body = FALSE; /* this is implied */ } else data->set.method = HTTPREQ_GET; break; - -#ifndef CURL_DISABLE_FORM_API - case CURLOPT_HTTPPOST: + case CURLOPT_HEADEROPT: /* - * Set to make us do HTTP POST. Legacy API-style. + * Set header option. */ - data->set.httppost = va_arg(param, struct curl_httppost *); - data->set.method = HTTPREQ_POST_FORM; - data->set.opt_no_body = FALSE; /* this is implied */ - Curl_mime_cleanpart(data->state.formp); - Curl_safefree(data->state.formp); - data->state.mimepost = NULL; + data->set.sep_headers = !!(arg & CURLHEADER_SEPARATE); break; -#endif + case CURLOPT_HTTPAUTH: + return httpauth(data, FALSE, uarg); -#if !defined(CURL_DISABLE_AWS) - case CURLOPT_AWS_SIGV4: - /* - * String that is merged to some authentication - * parameters are used by the algorithm. - */ - result = Curl_setstropt(&data->set.str[STRING_AWS_SIGV4], - va_arg(param, char *)); + case CURLOPT_HTTPGET: /* - * Basic been set by default it need to be unset here + * Set to force us do HTTP GET */ - if(data->set.str[STRING_AWS_SIGV4]) - data->set.httpauth = CURLAUTH_AWS_SIGV4; + if(enabled) { + data->set.method = HTTPREQ_GET; + data->set.opt_no_body = FALSE; /* this is implied */ + } break; -#endif - case CURLOPT_REFERER: + case CURLOPT_HTTP_VERSION: /* - * String to set in the HTTP Referer: field. + * This sets a requested HTTP version to be used. The value is one of + * the listed enums in curl/curl.h. */ - if(data->state.referer_alloc) { - Curl_safefree(data->state.referer); - data->state.referer_alloc = FALSE; + switch(arg) { + case CURL_HTTP_VERSION_NONE: +#ifdef USE_HTTP2 + /* TODO: this seems an undesirable quirk to force a behaviour on + * lower implementations that they should recognize independently? */ + arg = CURL_HTTP_VERSION_2TLS; +#endif + /* accepted */ + break; + case CURL_HTTP_VERSION_1_0: + case CURL_HTTP_VERSION_1_1: + /* accepted */ + break; +#ifdef USE_HTTP2 + case CURL_HTTP_VERSION_2_0: + case CURL_HTTP_VERSION_2TLS: + case CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE: + /* accepted */ + break; +#endif +#ifdef USE_HTTP3 + case CURL_HTTP_VERSION_3: + case CURL_HTTP_VERSION_3ONLY: + /* accepted */ + break; +#endif + default: + /* not accepted */ + if(arg < CURL_HTTP_VERSION_NONE) + return CURLE_BAD_FUNCTION_ARGUMENT; + return CURLE_UNSUPPORTED_PROTOCOL; } - result = Curl_setstropt(&data->set.str[STRING_SET_REFERER], - va_arg(param, char *)); - data->state.referer = data->set.str[STRING_SET_REFERER]; + data->set.httpwant = (unsigned char)arg; break; - case CURLOPT_USERAGENT: + case CURLOPT_EXPECT_100_TIMEOUT_MS: /* - * String to use in the HTTP User-Agent field + * Time to wait for a response to an HTTP request containing an + * Expect: 100-continue header before sending the data anyway. */ - result = Curl_setstropt(&data->set.str[STRING_USERAGENT], - va_arg(param, char *)); + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.expect_100_timeout = arg; break; -#ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXYHEADER: - /* - * Set a list with proxy headers to use (or replace internals with) - * - * Since CURLOPT_HTTPHEADER was the only way to set HTTP headers for a - * long time we remain doing it this way until CURLOPT_PROXYHEADER is - * used. As soon as this option has been used, if set to anything but - * NULL, custom headers for proxies are only picked from this list. - * - * Set this option to NULL to restore the previous behavior. - */ - data->set.proxyheaders = va_arg(param, struct curl_slist *); + case CURLOPT_HTTP09_ALLOWED: +#ifdef USE_HYPER + /* Hyper does not support HTTP/0.9 */ + if(enabled) + return CURLE_BAD_FUNCTION_ARGUMENT; +#else + data->set.http09_allowed = enabled; +#endif + break; +#endif /* ! CURL_DISABLE_HTTP */ + +#ifndef CURL_DISABLE_MIME + case CURLOPT_MIME_OPTIONS: + data->set.mime_formescape = !!(arg & CURLMIMEOPT_FORMESCAPE); break; #endif - case CURLOPT_HEADEROPT: +#ifndef CURL_DISABLE_PROXY + case CURLOPT_HTTPPROXYTUNNEL: /* - * Set header option. + * Tunnel operations through the proxy instead of normal proxy use */ - arg = va_arg(param, long); - data->set.sep_headers = !!(arg & CURLHEADER_SEPARATE); + data->set.tunnel_thru_httpproxy = enabled; break; -#if !defined(CURL_DISABLE_COOKIES) - case CURLOPT_COOKIE: + case CURLOPT_PROXYPORT: /* - * Cookie string to send to the remote server in the request. + * Explicitly set HTTP proxy port number. */ - result = Curl_setstropt(&data->set.str[STRING_COOKIE], - va_arg(param, char *)); + if((arg < 0) || (arg > 65535)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.proxyport = (unsigned short)arg; break; - case CURLOPT_COOKIEFILE: + case CURLOPT_PROXYAUTH: + return httpauth(data, TRUE, uarg); + + case CURLOPT_PROXYTYPE: /* - * Set cookie file to read and parse. Can be used multiple times. + * Set proxy type. */ - argptr = (char *)va_arg(param, void *); - if(argptr) { - struct curl_slist *cl; - /* general protection against mistakes and abuse */ - if(strlen(argptr) > CURL_MAX_INPUT_LENGTH) - return CURLE_BAD_FUNCTION_ARGUMENT; - /* append the cookie filename to the list of filenames, and deal with - them later */ - cl = curl_slist_append(data->state.cookielist, argptr); - if(!cl) { - curl_slist_free_all(data->state.cookielist); - data->state.cookielist = NULL; - return CURLE_OUT_OF_MEMORY; - } - data->state.cookielist = cl; /* store the list for later use */ - } - else { - /* clear the list of cookie files */ - curl_slist_free_all(data->state.cookielist); - data->state.cookielist = NULL; - - if(!data->share || !data->share->cookies) { - /* throw away all existing cookies if this is not a shared cookie - container */ - Curl_cookie_clearall(data->cookies); - Curl_cookie_cleanup(data->cookies); - } - /* disable the cookie engine */ - data->cookies = NULL; - } + if((arg < CURLPROXY_HTTP) || (arg > CURLPROXY_SOCKS5_HOSTNAME)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.proxytype = (unsigned char)(curl_proxytype)arg; break; - case CURLOPT_COOKIEJAR: + case CURLOPT_PROXY_TRANSFER_MODE: /* - * Set cookie filename to dump all cookies to when we are done. + * set transfer mode (;type=) when doing FTP via an HTTP proxy */ - result = Curl_setstropt(&data->set.str[STRING_COOKIEJAR], - va_arg(param, char *)); - if(!result) { - /* - * Activate the cookie parser. This may or may not already - * have been made. - */ - struct CookieInfo *newcookies = - Curl_cookie_init(data, NULL, data->cookies, data->set.cookiesession); - if(!newcookies) - result = CURLE_OUT_OF_MEMORY; - data->cookies = newcookies; - } + if(uarg > 1) + /* reserve other values for future use */ + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.proxy_transfer_mode = (bool)uarg; break; - - case CURLOPT_COOKIESESSION: + case CURLOPT_SOCKS5_AUTH: + if(data->set.socks5auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI)) + return CURLE_NOT_BUILT_IN; + data->set.socks5auth = (unsigned char)uarg; + break; + case CURLOPT_HAPROXYPROTOCOL: /* - * Set this option to TRUE to start a new "cookie session". It will - * prevent the forthcoming read-cookies-from-file actions to accept - * cookies that are marked as being session cookies, as they belong to a - * previous session. + * Set to send the HAProxy Proxy Protocol header */ - data->set.cookiesession = (0 != va_arg(param, long)); + data->set.haproxyprotocol = enabled; break; + case CURLOPT_PROXY_SSL_VERIFYPEER: + /* + * Enable peer SSL verifying for proxy. + */ + data->set.proxy_ssl.primary.verifypeer = enabled; - case CURLOPT_COOKIELIST: - argptr = va_arg(param, char *); - - if(!argptr) - break; - - if(strcasecompare(argptr, "ALL")) { - /* clear all cookies */ - Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); - Curl_cookie_clearall(data->cookies); - Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); - } - else if(strcasecompare(argptr, "SESS")) { - /* clear session cookies */ - Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); - Curl_cookie_clearsess(data->cookies); - Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); - } - else if(strcasecompare(argptr, "FLUSH")) { - /* flush cookies to file, takes care of the locking */ - Curl_flush_cookies(data, FALSE); - } - else if(strcasecompare(argptr, "RELOAD")) { - /* reload cookies from file */ - Curl_cookie_loadfiles(data); - break; - } - else { - if(!data->cookies) - /* if cookie engine was not running, activate it */ - data->cookies = Curl_cookie_init(data, NULL, NULL, TRUE); - - /* general protection against mistakes and abuse */ - if(strlen(argptr) > CURL_MAX_INPUT_LENGTH) - return CURLE_BAD_FUNCTION_ARGUMENT; - argptr = strdup(argptr); - if(!argptr || !data->cookies) { - result = CURLE_OUT_OF_MEMORY; - free(argptr); - } - else { - Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); - - if(checkprefix("Set-Cookie:", argptr)) - /* HTTP Header format line */ - Curl_cookie_add(data, data->cookies, TRUE, FALSE, argptr + 11, NULL, - NULL, TRUE); - - else - /* Netscape format line */ - Curl_cookie_add(data, data->cookies, FALSE, FALSE, argptr, NULL, - NULL, TRUE); - - Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); - free(argptr); - } - } - + /* Update the current connection proxy_ssl_config. */ + Curl_ssl_conn_config_update(data, TRUE); break; -#endif /* !CURL_DISABLE_COOKIES */ - - case CURLOPT_HTTPGET: + case CURLOPT_PROXY_SSL_VERIFYHOST: /* - * Set to force us do HTTP GET + * Enable verification of the hostname in the peer certificate for proxy */ - if(va_arg(param, long)) { - data->set.method = HTTPREQ_GET; - data->set.opt_no_body = FALSE; /* this is implied */ - } + data->set.proxy_ssl.primary.verifyhost = enabled; + + /* Update the current connection proxy_ssl_config. */ + Curl_ssl_conn_config_update(data, TRUE); break; +#endif /* ! CURL_DISABLE_PROXY */ - case CURLOPT_HTTP_VERSION: +#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) + case CURLOPT_SOCKS5_GSSAPI_NEC: /* - * This sets a requested HTTP version to be used. The value is one of - * the listed enums in curl/curl.h. + * Set flag for NEC SOCK5 support */ - arg = va_arg(param, long); - switch(arg) { - case CURL_HTTP_VERSION_NONE: -#ifdef USE_HTTP2 - /* TODO: this seems an undesirable quirk to force a behaviour on - * lower implementations that they should recognize independently? */ - arg = CURL_HTTP_VERSION_2TLS; -#endif - /* accepted */ - break; - case CURL_HTTP_VERSION_1_0: - case CURL_HTTP_VERSION_1_1: - /* accepted */ - break; -#ifdef USE_HTTP2 - case CURL_HTTP_VERSION_2_0: - case CURL_HTTP_VERSION_2TLS: - case CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE: - /* accepted */ - break; + data->set.socks5_gssapi_nec = enabled; + break; #endif -#ifdef USE_HTTP3 - case CURL_HTTP_VERSION_3: - case CURL_HTTP_VERSION_3ONLY: - /* accepted */ - break; +#ifdef CURL_LIST_ONLY_PROTOCOL + case CURLOPT_DIRLISTONLY: + /* + * An option that changes the command to one that asks for a list only, no + * file info details. Used for FTP, POP3 and SFTP. + */ + data->set.list_only = enabled; + break; #endif - default: - /* not accepted */ - if(arg < CURL_HTTP_VERSION_NONE) - return CURLE_BAD_FUNCTION_ARGUMENT; - return CURLE_UNSUPPORTED_PROTOCOL; - } - data->set.httpwant = (unsigned char)arg; + case CURLOPT_APPEND: + /* + * We want to upload and append to an existing file. Used for FTP and + * SFTP. + */ + data->set.remote_append = enabled; break; - case CURLOPT_EXPECT_100_TIMEOUT_MS: +#ifndef CURL_DISABLE_FTP + case CURLOPT_FTP_FILEMETHOD: /* - * Time to wait for a response to an HTTP request containing an - * Expect: 100-continue header before sending the data anyway. + * How do access files over FTP. */ - arg = va_arg(param, long); - if(arg < 0) + if((arg < CURLFTPMETHOD_DEFAULT) || (arg >= CURLFTPMETHOD_LAST)) return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.expect_100_timeout = arg; + data->set.ftp_filemethod = (unsigned char)arg; + break; + case CURLOPT_FTP_USE_EPRT: + data->set.ftp_use_eprt = enabled; break; - case CURLOPT_HTTP09_ALLOWED: - arg = (long)va_arg(param, unsigned long); - if(arg > 1L) - return CURLE_BAD_FUNCTION_ARGUMENT; -#ifdef USE_HYPER - /* Hyper does not support HTTP/0.9 */ - if(arg) + case CURLOPT_FTP_USE_EPSV: + data->set.ftp_use_epsv = enabled; + break; + + case CURLOPT_FTP_USE_PRET: + data->set.ftp_use_pret = enabled; + break; + + case CURLOPT_FTP_SSL_CCC: + if((arg < CURLFTPSSL_CCC_NONE) || (arg >= CURLFTPSSL_CCC_LAST)) return CURLE_BAD_FUNCTION_ARGUMENT; -#else - data->set.http09_allowed = !!arg; -#endif + data->set.ftp_ccc = (unsigned char)arg; break; - case CURLOPT_HTTP200ALIASES: + case CURLOPT_FTP_SKIP_PASV_IP: /* - * Set a list of aliases for HTTP 200 in response header + * Enable or disable FTP_SKIP_PASV_IP, which will disable/enable the + * bypass of the IP address in PASV responses. */ - data->set.http200aliases = va_arg(param, struct curl_slist *); + data->set.ftp_skip_ip = enabled; break; -#endif /* CURL_DISABLE_HTTP */ -#if !defined(CURL_DISABLE_HTTP) || !defined(CURL_DISABLE_SMTP) || \ - !defined(CURL_DISABLE_IMAP) -# if !defined(CURL_DISABLE_HTTP) || !defined(CURL_DISABLE_MIME) - case CURLOPT_HTTPHEADER: + case CURLOPT_FTPSSLAUTH: /* - * Set a list with HTTP headers to use (or replace internals with) + * Set a specific auth for FTP-SSL transfers. */ - data->set.headers = va_arg(param, struct curl_slist *); + if((arg < CURLFTPAUTH_DEFAULT) || (arg >= CURLFTPAUTH_LAST)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.ftpsslauth = (unsigned char)(curl_ftpauth)arg; break; -# endif - -# ifndef CURL_DISABLE_MIME - case CURLOPT_MIMEPOST: + case CURLOPT_ACCEPTTIMEOUT_MS: /* - * Set to make us do MIME POST + * The maximum time for curl to wait for FTP server connect */ - result = Curl_mime_set_subparts(&data->set.mimepost, - va_arg(param, curl_mime *), FALSE); - if(!result) { - data->set.method = HTTPREQ_POST_MIME; - data->set.opt_no_body = FALSE; /* this is implied */ -#ifndef CURL_DISABLE_FORM_API - Curl_mime_cleanpart(data->state.formp); - Curl_safefree(data->state.formp); - data->state.mimepost = NULL; -#endif - } + if(uarg > UINT_MAX) + uarg = UINT_MAX; + data->set.accepttimeout = (unsigned int)uarg; break; - - case CURLOPT_MIME_OPTIONS: - arg = va_arg(param, long); - data->set.mime_formescape = !!(arg & CURLMIMEOPT_FORMESCAPE); - break; -# endif -#endif - - case CURLOPT_HTTPAUTH: + case CURLOPT_WILDCARDMATCH: + data->set.wildcard_enabled = enabled; + break; +#endif /* ! CURL_DISABLE_FTP */ +#if !defined(CURL_DISABLE_FTP) || defined(USE_SSH) + case CURLOPT_FTP_CREATE_MISSING_DIRS: /* - * Set HTTP Authentication type BITMASK. + * An FTP/SFTP option that modifies an upload to create missing + * directories on the server. */ - { - int bitcheck; - bool authbits; - unsigned long auth = va_arg(param, unsigned long); - - if(auth == CURLAUTH_NONE) { - data->set.httpauth = auth; - break; - } - - /* the DIGEST_IE bit is only used to set a special marker, for all the - rest we need to handle it as normal DIGEST */ - data->state.authhost.iestyle = !!(auth & CURLAUTH_DIGEST_IE); - - if(auth & CURLAUTH_DIGEST_IE) { - auth |= CURLAUTH_DIGEST; /* set standard digest bit */ - auth &= ~CURLAUTH_DIGEST_IE; /* unset ie digest bit */ - } - - /* switch off bits we cannot support */ -#ifndef USE_NTLM - auth &= ~CURLAUTH_NTLM; /* no NTLM support */ -#endif -#ifndef USE_SPNEGO - auth &= ~CURLAUTH_NEGOTIATE; /* no Negotiate (SPNEGO) auth without - GSS-API or SSPI */ -#endif - - /* check if any auth bit lower than CURLAUTH_ONLY is still set */ - bitcheck = 0; - authbits = FALSE; - while(bitcheck < 31) { - if(auth & (1UL << bitcheck++)) { - authbits = TRUE; - break; - } - } - if(!authbits) - return CURLE_NOT_BUILT_IN; /* no supported types left! */ - - data->set.httpauth = auth; - } - break; - - case CURLOPT_CUSTOMREQUEST: + /* reserve other values for future use */ + if((arg < CURLFTP_CREATE_DIR_NONE) || (arg > CURLFTP_CREATE_DIR_RETRY)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.ftp_create_missing_dirs = (unsigned char)arg; + break; +#endif /* ! CURL_DISABLE_FTP || USE_SSH */ + case CURLOPT_INFILESIZE: /* - * Set a custom string to use as request + * If known, this should inform curl about the file size of the + * to-be-uploaded file. */ - result = Curl_setstropt(&data->set.str[STRING_CUSTOMREQUEST], - va_arg(param, char *)); - - /* we do not set - data->set.method = HTTPREQ_CUSTOM; - here, we continue as if we were using the already set type - and this just changes the actual request keyword */ + if(arg < -1) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.filesize = arg; break; - -#ifndef CURL_DISABLE_PROXY - case CURLOPT_HTTPPROXYTUNNEL: + case CURLOPT_LOW_SPEED_LIMIT: /* - * Tunnel operations through the proxy instead of normal proxy use + * The low speed limit that if transfers are below this for + * CURLOPT_LOW_SPEED_TIME, the transfer is aborted. */ - data->set.tunnel_thru_httpproxy = (0 != va_arg(param, long)); + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.low_speed_limit = arg; break; - - case CURLOPT_PROXYPORT: + case CURLOPT_LOW_SPEED_TIME: /* - * Explicitly set HTTP proxy port number. + * The low speed time that if transfers are below the set + * CURLOPT_LOW_SPEED_LIMIT during this time, the transfer is aborted. + */ + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.low_speed_time = arg; + break; + case CURLOPT_PORT: + /* + * The port number to use when getting the URL. 0 disables it. */ - arg = va_arg(param, long); if((arg < 0) || (arg > 65535)) return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.proxyport = (unsigned short)arg; + data->set.use_port = (unsigned short)arg; break; - - case CURLOPT_PROXYAUTH: + case CURLOPT_TIMEOUT: /* - * Set HTTP Authentication type BITMASK. + * The maximum time you allow curl to use for a single transfer + * operation. */ - { - int bitcheck; - bool authbits; - unsigned long auth = va_arg(param, unsigned long); - - if(auth == CURLAUTH_NONE) { - data->set.proxyauth = auth; - break; - } - - /* the DIGEST_IE bit is only used to set a special marker, for all the - rest we need to handle it as normal DIGEST */ - data->state.authproxy.iestyle = !!(auth & CURLAUTH_DIGEST_IE); - - if(auth & CURLAUTH_DIGEST_IE) { - auth |= CURLAUTH_DIGEST; /* set standard digest bit */ - auth &= ~CURLAUTH_DIGEST_IE; /* unset ie digest bit */ - } - /* switch off bits we cannot support */ -#ifndef USE_NTLM - auth &= ~CURLAUTH_NTLM; /* no NTLM support */ -#endif -#ifndef USE_SPNEGO - auth &= ~CURLAUTH_NEGOTIATE; /* no Negotiate (SPNEGO) auth without - GSS-API or SSPI */ -#endif - - /* check if any auth bit lower than CURLAUTH_ONLY is still set */ - bitcheck = 0; - authbits = FALSE; - while(bitcheck < 31) { - if(auth & (1UL << bitcheck++)) { - authbits = TRUE; - break; - } - } - if(!authbits) - return CURLE_NOT_BUILT_IN; /* no supported types left! */ + if((arg >= 0) && (arg <= (INT_MAX/1000))) + data->set.timeout = (unsigned int)arg * 1000; + else + return CURLE_BAD_FUNCTION_ARGUMENT; + break; - data->set.proxyauth = auth; - } - break; + case CURLOPT_TIMEOUT_MS: + if(uarg > UINT_MAX) + uarg = UINT_MAX; + data->set.timeout = (unsigned int)uarg; + break; - case CURLOPT_PROXY: + case CURLOPT_CONNECTTIMEOUT: /* - * Set proxy server:port to use as proxy. - * - * If the proxy is set to "" (and CURLOPT_SOCKS_PROXY is set to "" or NULL) - * we explicitly say that we do not want to use a proxy - * (even though there might be environment variables saying so). - * - * Setting it to NULL, means no proxy but allows the environment variables - * to decide for us (if CURLOPT_SOCKS_PROXY setting it to NULL). + * The maximum time you allow curl to use to connect. */ - result = Curl_setstropt(&data->set.str[STRING_PROXY], - va_arg(param, char *)); + if((arg >= 0) && (arg <= (INT_MAX/1000))) + data->set.connecttimeout = (unsigned int)arg * 1000; + else + return CURLE_BAD_FUNCTION_ARGUMENT; break; - case CURLOPT_PRE_PROXY: - /* - * Set proxy server:port to use as SOCKS proxy. - * - * If the proxy is set to "" or NULL we explicitly say that we do not want - * to use the socks proxy. - */ - result = Curl_setstropt(&data->set.str[STRING_PRE_PROXY], - va_arg(param, char *)); + case CURLOPT_CONNECTTIMEOUT_MS: + if(uarg > UINT_MAX) + uarg = UINT_MAX; + data->set.connecttimeout = (unsigned int)uarg; break; - case CURLOPT_PROXYTYPE: + case CURLOPT_RESUME_FROM: /* - * Set proxy type. + * Resume transfer at the given file position */ - arg = va_arg(param, long); - if((arg < CURLPROXY_HTTP) || (arg > CURLPROXY_SOCKS5_HOSTNAME)) + if(arg < -1) return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.proxytype = (unsigned char)(curl_proxytype)arg; + data->set.set_resume_from = arg; break; - case CURLOPT_PROXY_TRANSFER_MODE: + case CURLOPT_CRLF: /* - * set transfer mode (;type=) when doing FTP via an HTTP proxy + * Kludgy option to enable CRLF conversions. Subject for removal. */ - switch(va_arg(param, long)) { - case 0: - data->set.proxy_transfer_mode = FALSE; - break; - case 1: - data->set.proxy_transfer_mode = TRUE; - break; - default: - /* reserve other values for future use */ - result = CURLE_BAD_FUNCTION_ARGUMENT; - break; - } + data->set.crlf = enabled; break; - case CURLOPT_SOCKS5_AUTH: - data->set.socks5auth = (unsigned char)va_arg(param, unsigned long); - if(data->set.socks5auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI)) - result = CURLE_NOT_BUILT_IN; - break; -#endif /* CURL_DISABLE_PROXY */ - -#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) - case CURLOPT_SOCKS5_GSSAPI_NEC: +#ifndef CURL_DISABLE_BINDLOCAL + case CURLOPT_LOCALPORT: /* - * Set flag for NEC SOCK5 support + * Set what local port to bind the socket to when performing an operation. */ - data->set.socks5_gssapi_nec = (0 != va_arg(param, long)); + if((arg < 0) || (arg > 65535)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.localport = curlx_sltous(arg); break; -#endif -#ifndef CURL_DISABLE_PROXY - case CURLOPT_SOCKS5_GSSAPI_SERVICE: - case CURLOPT_PROXY_SERVICE_NAME: + case CURLOPT_LOCALPORTRANGE: /* - * Set proxy authentication service name for Kerberos 5 and SPNEGO + * Set number of local ports to try, starting with CURLOPT_LOCALPORT. */ - result = Curl_setstropt(&data->set.str[STRING_PROXY_SERVICE_NAME], - va_arg(param, char *)); + if((arg < 0) || (arg > 65535)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.localportrange = curlx_sltous(arg); break; #endif - case CURLOPT_SERVICE_NAME: - /* - * Set authentication service name for DIGEST-MD5, Kerberos 5 and SPNEGO - */ - result = Curl_setstropt(&data->set.str[STRING_SERVICE_NAME], - va_arg(param, char *)); - break; - case CURLOPT_HEADERDATA: + case CURLOPT_GSSAPI_DELEGATION: /* - * Custom pointer to pass the header write callback function + * GSS-API credential delegation bitmask */ - data->set.writeheader = (void *)va_arg(param, void *); + data->set.gssapi_delegation = (unsigned char)uarg& + (CURLGSSAPI_DELEGATION_POLICY_FLAG|CURLGSSAPI_DELEGATION_FLAG); break; - case CURLOPT_ERRORBUFFER: + case CURLOPT_SSL_VERIFYPEER: /* - * Error buffer provided by the caller to get the human readable - * error string in. + * Enable peer SSL verifying. */ - data->set.errorbuffer = va_arg(param, char *); + data->set.ssl.primary.verifypeer = enabled; + + /* Update the current connection ssl_config. */ + Curl_ssl_conn_config_update(data, FALSE); break; - case CURLOPT_WRITEDATA: +#ifndef CURL_DISABLE_DOH + case CURLOPT_DOH_SSL_VERIFYPEER: /* - * FILE pointer to write to. Or possibly - * used as argument to the write callback. + * Enable peer SSL verifying for DoH. */ - data->set.out = va_arg(param, void *); + data->set.doh_verifypeer = enabled; break; - -#ifdef CURL_LIST_ONLY_PROTOCOL - case CURLOPT_DIRLISTONLY: + case CURLOPT_DOH_SSL_VERIFYHOST: /* - * An option that changes the command to one that asks for a list only, no - * file info details. Used for FTP, POP3 and SFTP. + * Enable verification of the hostname in the peer certificate for DoH */ - data->set.list_only = (0 != va_arg(param, long)); + data->set.doh_verifyhost = enabled; break; -#endif - case CURLOPT_APPEND: + case CURLOPT_DOH_SSL_VERIFYSTATUS: /* - * We want to upload and append to an existing file. Used for FTP and - * SFTP. + * Enable certificate status verifying for DoH. */ - data->set.remote_append = (0 != va_arg(param, long)); - break; + if(!Curl_ssl_cert_status_request()) + return CURLE_NOT_BUILT_IN; -#ifndef CURL_DISABLE_FTP - case CURLOPT_FTP_FILEMETHOD: - /* - * How do access files over FTP. - */ - arg = va_arg(param, long); - if((arg < CURLFTPMETHOD_DEFAULT) || (arg >= CURLFTPMETHOD_LAST)) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.ftp_filemethod = (unsigned char)arg; + data->set.doh_verifystatus = enabled; break; - case CURLOPT_FTPPORT: +#endif /* ! CURL_DISABLE_DOH */ + case CURLOPT_SSL_VERIFYHOST: /* - * Use FTP PORT, this also specifies which IP address to use + * Enable verification of the hostname in the peer certificate */ - result = Curl_setstropt(&data->set.str[STRING_FTPPORT], - va_arg(param, char *)); - data->set.ftp_use_port = !!(data->set.str[STRING_FTPPORT]); - break; - case CURLOPT_FTP_USE_EPRT: - data->set.ftp_use_eprt = (0 != va_arg(param, long)); - break; + /* Obviously people are not reading documentation and too many thought + this argument took a boolean when it was not and misused it. + Treat 1 and 2 the same */ + data->set.ssl.primary.verifyhost = enabled; - case CURLOPT_FTP_USE_EPSV: - data->set.ftp_use_epsv = (0 != va_arg(param, long)); + /* Update the current connection ssl_config. */ + Curl_ssl_conn_config_update(data, FALSE); break; + case CURLOPT_SSL_VERIFYSTATUS: + /* + * Enable certificate status verifying. + */ + if(!Curl_ssl_cert_status_request()) + return CURLE_NOT_BUILT_IN; - case CURLOPT_FTP_USE_PRET: - data->set.ftp_use_pret = (0 != va_arg(param, long)); - break; + data->set.ssl.primary.verifystatus = enabled; - case CURLOPT_FTP_SSL_CCC: - arg = va_arg(param, long); - if((arg < CURLFTPSSL_CCC_NONE) || (arg >= CURLFTPSSL_CCC_LAST)) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.ftp_ccc = (unsigned char)arg; + /* Update the current connection ssl_config. */ + Curl_ssl_conn_config_update(data, FALSE); break; - - case CURLOPT_FTP_SKIP_PASV_IP: + case CURLOPT_SSL_FALSESTART: /* - * Enable or disable FTP_SKIP_PASV_IP, which will disable/enable the - * bypass of the IP address in PASV responses. + * Enable TLS false start. */ - data->set.ftp_skip_ip = (0 != va_arg(param, long)); - break; + if(!Curl_ssl_false_start(data)) + return CURLE_NOT_BUILT_IN; - case CURLOPT_FTP_ACCOUNT: - result = Curl_setstropt(&data->set.str[STRING_FTP_ACCOUNT], - va_arg(param, char *)); + data->set.ssl.falsestart = enabled; break; + case CURLOPT_CERTINFO: +#ifdef USE_SSL + if(Curl_ssl_supports(data, SSLSUPP_CERTINFO)) + data->set.ssl.certinfo = enabled; + else +#endif + return CURLE_NOT_BUILT_IN; + break; + case CURLOPT_BUFFERSIZE: + /* + * The application kindly asks for a differently sized receive buffer. + * If it seems reasonable, we will use it. + */ + if(arg > READBUFFER_MAX) + arg = READBUFFER_MAX; + else if(arg < 1) + arg = READBUFFER_SIZE; + else if(arg < READBUFFER_MIN) + arg = READBUFFER_MIN; - case CURLOPT_FTP_ALTERNATIVE_TO_USER: - result = Curl_setstropt(&data->set.str[STRING_FTP_ALTERNATIVE_TO_USER], - va_arg(param, char *)); + data->set.buffer_size = (unsigned int)arg; break; - case CURLOPT_FTPSSLAUTH: + case CURLOPT_UPLOAD_BUFFERSIZE: /* - * Set a specific auth for FTP-SSL transfers. + * The application kindly asks for a differently sized upload buffer. + * Cap it to sensible. */ - arg = va_arg(param, long); - if((arg < CURLFTPAUTH_DEFAULT) || (arg >= CURLFTPAUTH_LAST)) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.ftpsslauth = (unsigned char)(curl_ftpauth)arg; + if(arg > UPLOADBUFFER_MAX) + arg = UPLOADBUFFER_MAX; + else if(arg < UPLOADBUFFER_MIN) + arg = UPLOADBUFFER_MIN; + + data->set.upload_buffer_size = (unsigned int)arg; break; -#ifdef HAVE_GSSAPI - case CURLOPT_KRBLEVEL: + + case CURLOPT_NOSIGNAL: /* - * A string that defines the kerberos security level. + * The application asks not to set any signal() or alarm() handlers, + * even when using a timeout. */ - result = Curl_setstropt(&data->set.str[STRING_KRB_LEVEL], - va_arg(param, char *)); - data->set.krb = !!(data->set.str[STRING_KRB_LEVEL]); + data->set.no_signal = enabled; break; -#endif -#endif -#if !defined(CURL_DISABLE_FTP) || defined(USE_SSH) - case CURLOPT_FTP_CREATE_MISSING_DIRS: + case CURLOPT_MAXFILESIZE: /* - * An FTP/SFTP option that modifies an upload to create missing - * directories on the server. + * Set the maximum size of a file to download. */ - arg = va_arg(param, long); - /* reserve other values for future use */ - if((arg < CURLFTP_CREATE_DIR_NONE) || - (arg > CURLFTP_CREATE_DIR_RETRY)) - result = CURLE_BAD_FUNCTION_ARGUMENT; - else - data->set.ftp_create_missing_dirs = (unsigned char)arg; + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.max_filesize = arg; break; - case CURLOPT_POSTQUOTE: +#ifdef USE_SSL + case CURLOPT_USE_SSL: /* - * List of RAW FTP commands to use after a transfer + * Make transfers attempt to use SSL/TLS. */ - data->set.postquote = va_arg(param, struct curl_slist *); + if((arg < CURLUSESSL_NONE) || (arg >= CURLUSESSL_LAST)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.use_ssl = (unsigned char)arg; break; - case CURLOPT_PREQUOTE: - /* - * List of RAW FTP commands to use prior to RETR (Wesley Laxton) - */ - data->set.prequote = va_arg(param, struct curl_slist *); + case CURLOPT_SSL_OPTIONS: + data->set.ssl.primary.ssl_options = (unsigned char)(arg & 0xff); + data->set.ssl.enable_beast = !!(arg & CURLSSLOPT_ALLOW_BEAST); + data->set.ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE); + data->set.ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN); + data->set.ssl.revoke_best_effort = !!(arg & CURLSSLOPT_REVOKE_BEST_EFFORT); + data->set.ssl.native_ca_store = !!(arg & CURLSSLOPT_NATIVE_CA); + data->set.ssl.auto_client_cert = !!(arg & CURLSSLOPT_AUTO_CLIENT_CERT); + data->set.ssl.earlydata = !!(arg & CURLSSLOPT_EARLYDATA); + /* If a setting is added here it should also be added in dohprobe() + which sets its own CURLOPT_SSL_OPTIONS based on these settings. */ break; - case CURLOPT_QUOTE: - /* - * List of RAW FTP commands to use before a transfer - */ - data->set.quote = va_arg(param, struct curl_slist *); + +#ifndef CURL_DISABLE_PROXY + case CURLOPT_PROXY_SSL_OPTIONS: + data->set.proxy_ssl.primary.ssl_options = (unsigned char)(arg & 0xff); + data->set.proxy_ssl.enable_beast = !!(arg & CURLSSLOPT_ALLOW_BEAST); + data->set.proxy_ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE); + data->set.proxy_ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN); + data->set.proxy_ssl.revoke_best_effort = + !!(arg & CURLSSLOPT_REVOKE_BEST_EFFORT); + data->set.proxy_ssl.native_ca_store = !!(arg & CURLSSLOPT_NATIVE_CA); + data->set.proxy_ssl.auto_client_cert = + !!(arg & CURLSSLOPT_AUTO_CLIENT_CERT); break; #endif - case CURLOPT_READDATA: - /* - * FILE pointer to read the file to be uploaded from. Or possibly - * used as argument to the read callback. - */ - data->set.in_set = va_arg(param, void *); - break; - case CURLOPT_INFILESIZE: - /* - * If known, this should inform curl about the file size of the - * to-be-uploaded file. - */ - arg = va_arg(param, long); - if(arg < -1) + +#endif /* USE_SSL */ + case CURLOPT_IPRESOLVE: + if((arg < CURL_IPRESOLVE_WHATEVER) || (arg > CURL_IPRESOLVE_V6)) return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.filesize = arg; + data->set.ipver = (unsigned char) arg; break; - case CURLOPT_INFILESIZE_LARGE: + case CURLOPT_TCP_NODELAY: /* - * If known, this should inform curl about the file size of the - * to-be-uploaded file. + * Enable or disable TCP_NODELAY, which will disable/enable the Nagle + * algorithm */ - bigsize = va_arg(param, curl_off_t); - if(bigsize < -1) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.filesize = bigsize; + data->set.tcp_nodelay = enabled; break; - case CURLOPT_LOW_SPEED_LIMIT: - /* - * The low speed limit that if transfers are below this for - * CURLOPT_LOW_SPEED_TIME, the transfer is aborted. - */ - arg = va_arg(param, long); - if(arg < 0) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.low_speed_limit = arg; + + case CURLOPT_IGNORE_CONTENT_LENGTH: + data->set.ignorecl = enabled; break; - case CURLOPT_MAX_SEND_SPEED_LARGE: + + case CURLOPT_CONNECT_ONLY: /* - * When transfer uploads are faster then CURLOPT_MAX_SEND_SPEED_LARGE - * bytes per second the transfer is throttled.. + * No data transfer. + * (1) - only do connection + * (2) - do first get request but get no content */ - bigsize = va_arg(param, curl_off_t); - if(bigsize < 0) + if(arg > 2) return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.max_send_speed = bigsize; + data->set.connect_only = (unsigned char)arg; break; - case CURLOPT_MAX_RECV_SPEED_LARGE: - /* - * When receiving data faster than CURLOPT_MAX_RECV_SPEED_LARGE bytes per - * second the transfer is throttled.. - */ - bigsize = va_arg(param, curl_off_t); - if(bigsize < 0) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.max_recv_speed = bigsize; + + case CURLOPT_SSL_SESSIONID_CACHE: + data->set.ssl.primary.cache_session = enabled; +#ifndef CURL_DISABLE_PROXY + data->set.proxy_ssl.primary.cache_session = + data->set.ssl.primary.cache_session; +#endif break; - case CURLOPT_LOW_SPEED_TIME: + +#ifdef USE_SSH + /* we only include SSH options if explicitly built to support SSH */ + case CURLOPT_SSH_AUTH_TYPES: + data->set.ssh_auth_types = (int)arg; + break; + case CURLOPT_SSH_COMPRESSION: + data->set.ssh_compression = enabled; + break; +#endif + + case CURLOPT_HTTP_TRANSFER_DECODING: /* - * The low speed time that if transfers are below the set - * CURLOPT_LOW_SPEED_LIMIT during this time, the transfer is aborted. + * disable libcurl transfer encoding is used */ - arg = va_arg(param, long); - if(arg < 0) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.low_speed_time = arg; +#ifndef USE_HYPER + data->set.http_te_skip = !enabled; /* reversed */ break; - case CURLOPT_CURLU: +#else + return CURLE_NOT_BUILT_IN; /* hyper does not support */ +#endif + + case CURLOPT_HTTP_CONTENT_DECODING: /* - * pass CURLU to set URL + * raw data passed to the application when content encoding is used */ - data->set.uh = va_arg(param, CURLU *); + data->set.http_ce_skip = enabled; break; - case CURLOPT_URL: + +#if !defined(CURL_DISABLE_FTP) || defined(USE_SSH) + case CURLOPT_NEW_FILE_PERMS: /* - * The URL to fetch. + * Uses these permissions instead of 0644 */ - if(data->state.url_alloc) { - /* the already set URL is allocated, free it first! */ - Curl_safefree(data->state.url); - data->state.url_alloc = FALSE; - } - result = Curl_setstropt(&data->set.str[STRING_SET_URL], - va_arg(param, char *)); - data->state.url = data->set.str[STRING_SET_URL]; + if((arg < 0) || (arg > 0777)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.new_file_perms = (unsigned int)arg; break; - case CURLOPT_PORT: +#endif +#ifdef USE_SSH + case CURLOPT_NEW_DIRECTORY_PERMS: /* - * The port number to use when getting the URL. 0 disables it. + * Uses these permissions instead of 0755 */ - arg = va_arg(param, long); - if((arg < 0) || (arg > 65535)) + if((arg < 0) || (arg > 0777)) return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.use_port = (unsigned short)arg; + data->set.new_directory_perms = (unsigned int)arg; break; - case CURLOPT_TIMEOUT: +#endif +#ifdef USE_IPV6 + case CURLOPT_ADDRESS_SCOPE: /* - * The maximum time you allow curl to use for a single transfer - * operation. + * Use this scope id when using IPv6 + * We always get longs when passed plain numericals so we should check + * that the value fits into an unsigned 32-bit integer. */ - arg = va_arg(param, long); - if((arg >= 0) && (arg <= (INT_MAX/1000))) - data->set.timeout = (unsigned int)arg * 1000; - else +#if SIZEOF_LONG > 4 + if(uarg > UINT_MAX) return CURLE_BAD_FUNCTION_ARGUMENT; +#endif + data->set.scope_id = (unsigned int)uarg; break; - - case CURLOPT_TIMEOUT_MS: - uarg = va_arg(param, unsigned long); - if(uarg > UINT_MAX) - uarg = UINT_MAX; - data->set.timeout = (unsigned int)uarg; +#endif + case CURLOPT_PROTOCOLS: + /* set the bitmask for the protocols that are allowed to be used for the + transfer, which thus helps the app which takes URLs from users or other + external inputs and want to restrict what protocol(s) to deal with. + Defaults to CURLPROTO_ALL. */ + data->set.allowed_protocols = (curl_prot_t)arg; break; - case CURLOPT_CONNECTTIMEOUT: + case CURLOPT_REDIR_PROTOCOLS: + /* set the bitmask for the protocols that libcurl is allowed to follow to, + as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol + needs to be set in both bitmasks to be allowed to get redirected to. */ + data->set.redir_protocols = (curl_prot_t)arg; + break; + +#ifndef CURL_DISABLE_SMTP + case CURLOPT_MAIL_RCPT_ALLOWFAILS: + /* allow RCPT TO command to fail for some recipients */ + data->set.mail_rcpt_allowfails = enabled; + break; +#endif /* !CURL_DISABLE_SMTP */ + case CURLOPT_SASL_IR: + /* Enable/disable SASL initial response */ + data->set.sasl_ir = enabled; + break; +#ifndef CURL_DISABLE_RTSP + case CURLOPT_RTSP_REQUEST: + { /* - * The maximum time you allow curl to use to connect. + * Set the RTSP request method (OPTIONS, SETUP, PLAY, etc...) + * Would this be better if the RTSPREQ_* were just moved into here? */ - arg = va_arg(param, long); - if((arg >= 0) && (arg <= (INT_MAX/1000))) - data->set.connecttimeout = (unsigned int)arg * 1000; - else + Curl_RtspReq rtspreq = RTSPREQ_NONE; + switch(arg) { + case CURL_RTSPREQ_OPTIONS: + rtspreq = RTSPREQ_OPTIONS; + break; + + case CURL_RTSPREQ_DESCRIBE: + rtspreq = RTSPREQ_DESCRIBE; + break; + + case CURL_RTSPREQ_ANNOUNCE: + rtspreq = RTSPREQ_ANNOUNCE; + break; + + case CURL_RTSPREQ_SETUP: + rtspreq = RTSPREQ_SETUP; + break; + + case CURL_RTSPREQ_PLAY: + rtspreq = RTSPREQ_PLAY; + break; + + case CURL_RTSPREQ_PAUSE: + rtspreq = RTSPREQ_PAUSE; + break; + + case CURL_RTSPREQ_TEARDOWN: + rtspreq = RTSPREQ_TEARDOWN; + break; + + case CURL_RTSPREQ_GET_PARAMETER: + rtspreq = RTSPREQ_GET_PARAMETER; + break; + + case CURL_RTSPREQ_SET_PARAMETER: + rtspreq = RTSPREQ_SET_PARAMETER; + break; + + case CURL_RTSPREQ_RECORD: + rtspreq = RTSPREQ_RECORD; + break; + + case CURL_RTSPREQ_RECEIVE: + rtspreq = RTSPREQ_RECEIVE; + break; + default: return CURLE_BAD_FUNCTION_ARGUMENT; - break; + } - case CURLOPT_CONNECTTIMEOUT_MS: - uarg = va_arg(param, unsigned long); - if(uarg > UINT_MAX) - uarg = UINT_MAX; - data->set.connecttimeout = (unsigned int)uarg; + data->set.rtspreq = rtspreq; break; - -#ifndef CURL_DISABLE_FTP - case CURLOPT_ACCEPTTIMEOUT_MS: + } + case CURLOPT_RTSP_CLIENT_CSEQ: /* - * The maximum time for curl to wait for FTP server connect + * Set the CSEQ number to issue for the next RTSP request. Useful if the + * application is resuming a previously broken connection. The CSEQ + * will increment from this new number henceforth. */ - uarg = va_arg(param, unsigned long); + data->state.rtsp_next_client_CSeq = arg; + break; + + case CURLOPT_RTSP_SERVER_CSEQ: + /* Same as the above, but for server-initiated requests */ + data->state.rtsp_next_server_CSeq = arg; + break; + +#endif /* ! CURL_DISABLE_RTSP */ + + case CURLOPT_TCP_KEEPALIVE: + data->set.tcp_keepalive = enabled; + break; + case CURLOPT_TCP_KEEPIDLE: + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + else if(arg > INT_MAX) + arg = INT_MAX; + data->set.tcp_keepidle = (int)arg; + break; + case CURLOPT_TCP_KEEPINTVL: + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + else if(arg > INT_MAX) + arg = INT_MAX; + data->set.tcp_keepintvl = (int)arg; + break; + case CURLOPT_TCP_KEEPCNT: + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + else if(arg > INT_MAX) + arg = INT_MAX; + data->set.tcp_keepcnt = (int)arg; + break; + case CURLOPT_TCP_FASTOPEN: +#if defined(CONNECT_DATA_IDEMPOTENT) || defined(MSG_FASTOPEN) || \ + defined(TCP_FASTOPEN_CONNECT) + data->set.tcp_fastopen = enabled; +#else + return CURLE_NOT_BUILT_IN; +#endif + break; + case CURLOPT_SSL_ENABLE_NPN: + break; + case CURLOPT_SSL_ENABLE_ALPN: + data->set.ssl_enable_alpn = enabled; + break; + case CURLOPT_PATH_AS_IS: + data->set.path_as_is = enabled; + break; + case CURLOPT_PIPEWAIT: + data->set.pipewait = enabled; + break; + case CURLOPT_STREAM_WEIGHT: +#if defined(USE_HTTP2) || defined(USE_HTTP3) + if((arg >= 1) && (arg <= 256)) + data->set.priority.weight = (int)arg; + break; +#else + return CURLE_NOT_BUILT_IN; +#endif + case CURLOPT_SUPPRESS_CONNECT_HEADERS: + data->set.suppress_connect_headers = enabled; + break; + case CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS: if(uarg > UINT_MAX) uarg = UINT_MAX; - data->set.accepttimeout = (unsigned int)uarg; + data->set.happy_eyeballs_timeout = (unsigned int)uarg; + break; +#ifndef CURL_DISABLE_SHUFFLE_DNS + case CURLOPT_DNS_SHUFFLE_ADDRESSES: + data->set.dns_shuffle_addresses = enabled; break; #endif + case CURLOPT_DISALLOW_USERNAME_IN_URL: + data->set.disallow_username_in_url = enabled; + break; - case CURLOPT_USERPWD: + case CURLOPT_UPKEEP_INTERVAL_MS: + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.upkeep_interval_ms = arg; + break; + case CURLOPT_MAXAGE_CONN: + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.maxage_conn = arg; + break; + case CURLOPT_MAXLIFETIME_CONN: + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.maxlifetime_conn = arg; + break; +#ifndef CURL_DISABLE_HSTS + case CURLOPT_HSTS_CTRL: + if(arg & CURLHSTS_ENABLE) { + if(!data->hsts) { + data->hsts = Curl_hsts_init(); + if(!data->hsts) + return CURLE_OUT_OF_MEMORY; + } + } + else + Curl_hsts_cleanup(&data->hsts); + break; +#endif /* ! CURL_DISABLE_HSTS */ +#ifndef CURL_DISABLE_ALTSVC + case CURLOPT_ALTSVC_CTRL: + if(!arg) { + DEBUGF(infof(data, "bad CURLOPT_ALTSVC_CTRL input")); + return CURLE_BAD_FUNCTION_ARGUMENT; + } + if(!data->asi) { + data->asi = Curl_altsvc_init(); + if(!data->asi) + return CURLE_OUT_OF_MEMORY; + } + return Curl_altsvc_ctrl(data->asi, arg); +#endif /* ! CURL_DISABLE_ALTSVC */ +#ifndef CURL_DISABLE_WEBSOCKETS + case CURLOPT_WS_OPTIONS: + data->set.ws_raw_mode = (bool)(arg & CURLWS_RAW_MODE); + break; +#endif + case CURLOPT_QUICK_EXIT: + data->set.quick_exit = enabled; + break; + case CURLOPT_DNS_USE_GLOBAL_CACHE: + /* deprecated */ + break; + case CURLOPT_SSLENGINE_DEFAULT: /* - * user:password to use in the operation + * flag to set engine as default. */ - result = setstropt_userpwd(va_arg(param, char *), - &data->set.str[STRING_USERNAME], - &data->set.str[STRING_PASSWORD]); - break; + Curl_safefree(data->set.str[STRING_SSL_ENGINE]); + return Curl_ssl_set_engine_default(data); - case CURLOPT_USERNAME: + default: + /* unknown option */ + return CURLE_UNKNOWN_OPTION; + } + return CURLE_OK; +} + +static CURLcode setopt_slist(struct Curl_easy *data, CURLoption option, + struct curl_slist *slist) +{ + CURLcode result = CURLE_OK; + switch(option) { +#ifndef CURL_DISABLE_PROXY + case CURLOPT_PROXYHEADER: /* - * authentication username to use in the operation + * Set a list with proxy headers to use (or replace internals with) + * + * Since CURLOPT_HTTPHEADER was the only way to set HTTP headers for a + * long time we remain doing it this way until CURLOPT_PROXYHEADER is + * used. As soon as this option has been used, if set to anything but + * NULL, custom headers for proxies are only picked from this list. + * + * Set this option to NULL to restore the previous behavior. */ - result = Curl_setstropt(&data->set.str[STRING_USERNAME], - va_arg(param, char *)); + data->set.proxyheaders = slist; break; - case CURLOPT_PASSWORD: +#endif +#ifndef CURL_DISABLE_HTTP + case CURLOPT_HTTP200ALIASES: /* - * authentication password to use in the operation + * Set a list of aliases for HTTP 200 in response header */ - result = Curl_setstropt(&data->set.str[STRING_PASSWORD], - va_arg(param, char *)); + data->set.http200aliases = slist; break; - - case CURLOPT_LOGIN_OPTIONS: +#endif +#if !defined(CURL_DISABLE_FTP) || defined(USE_SSH) + case CURLOPT_POSTQUOTE: /* - * authentication options to use in the operation + * List of RAW FTP commands to use after a transfer */ - result = Curl_setstropt(&data->set.str[STRING_OPTIONS], - va_arg(param, char *)); + data->set.postquote = slist; break; - - case CURLOPT_XOAUTH2_BEARER: + case CURLOPT_PREQUOTE: /* - * OAuth 2.0 bearer token to use in the operation + * List of RAW FTP commands to use prior to RETR (Wesley Laxton) */ - result = Curl_setstropt(&data->set.str[STRING_BEARER], - va_arg(param, char *)); + data->set.prequote = slist; break; - + case CURLOPT_QUOTE: + /* + * List of RAW FTP commands to use before a transfer + */ + data->set.quote = slist; + break; +#endif case CURLOPT_RESOLVE: /* * List of HOST:PORT:[addresses] strings to populate the DNS cache with @@ -1583,123 +1479,83 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * This API can remove any entry from the DNS cache, but only entries * that are not actually in use right now will be pruned immediately. */ - data->set.resolve = va_arg(param, struct curl_slist *); + data->set.resolve = slist; data->state.resolve = data->set.resolve; break; - case CURLOPT_PROGRESSFUNCTION: +#if !defined(CURL_DISABLE_HTTP) || !defined(CURL_DISABLE_MIME) + case CURLOPT_HTTPHEADER: /* - * Progress callback function + * Set a list with HTTP headers to use (or replace internals with) */ - data->set.fprogress = va_arg(param, curl_progress_callback); - if(data->set.fprogress) - data->progress.callback = TRUE; /* no longer internal */ - else - data->progress.callback = FALSE; /* NULL enforces internal */ + data->set.headers = slist; break; - - case CURLOPT_XFERINFOFUNCTION: +#endif +#ifndef CURL_DISABLE_TELNET + case CURLOPT_TELNETOPTIONS: /* - * Transfer info callback function + * Set a linked list of telnet options */ - data->set.fxferinfo = va_arg(param, curl_xferinfo_callback); - if(data->set.fxferinfo) - data->progress.callback = TRUE; /* no longer internal */ - else - data->progress.callback = FALSE; /* NULL enforces internal */ - - break; - - case CURLOPT_PROGRESSDATA: - /* - * Custom client data to pass to the progress callback - */ - data->set.progress_client = va_arg(param, void *); - break; - -#ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXYUSERPWD: { - /* - * user:password needed to use the proxy - */ - char *u = NULL; - char *p = NULL; - result = setstropt_userpwd(va_arg(param, char *), &u, &p); - - /* URL decode the components */ - if(!result && u) - result = Curl_urldecode(u, 0, &data->set.str[STRING_PROXYUSERNAME], NULL, - REJECT_ZERO); - if(!result && p) - result = Curl_urldecode(p, 0, &data->set.str[STRING_PROXYPASSWORD], NULL, - REJECT_ZERO); - free(u); - free(p); - } - break; - case CURLOPT_PROXYUSERNAME: - /* - * authentication username to use in the operation - */ - result = Curl_setstropt(&data->set.str[STRING_PROXYUSERNAME], - va_arg(param, char *)); - break; - case CURLOPT_PROXYPASSWORD: - /* - * authentication password to use in the operation - */ - result = Curl_setstropt(&data->set.str[STRING_PROXYPASSWORD], - va_arg(param, char *)); - break; - case CURLOPT_NOPROXY: - /* - * proxy exception list - */ - result = Curl_setstropt(&data->set.str[STRING_NOPROXY], - va_arg(param, char *)); + data->set.telnet_options = slist; break; #endif - - case CURLOPT_RANGE: - /* - * What range of the file you want to transfer - */ - result = Curl_setstropt(&data->set.str[STRING_SET_RANGE], - va_arg(param, char *)); - break; - case CURLOPT_RESUME_FROM: - /* - * Resume transfer at the given file position - */ - arg = va_arg(param, long); - if(arg < -1) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.set_resume_from = arg; +#ifndef CURL_DISABLE_SMTP + case CURLOPT_MAIL_RCPT: + /* Set the list of mail recipients */ + data->set.mail_rcpt = slist; break; - case CURLOPT_RESUME_FROM_LARGE: - /* - * Resume transfer at the given file position - */ - bigsize = va_arg(param, curl_off_t); - if(bigsize < -1) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.set_resume_from = bigsize; +#endif + case CURLOPT_CONNECT_TO: + data->set.connect_to = slist; break; - case CURLOPT_DEBUGFUNCTION: - /* - * stderr write callback. - */ - data->set.fdebug = va_arg(param, curl_debug_callback); + default: + return CURLE_UNKNOWN_OPTION; + } + return result; +} + +/* assorted pointer type arguments */ +static CURLcode setopt_pointers(struct Curl_easy *data, CURLoption option, + va_list param) +{ + CURLcode result = CURLE_OK; + switch(option) { +#ifndef CURL_DISABLE_HTTP +#ifndef CURL_DISABLE_FORM_API + case CURLOPT_HTTPPOST: /* - * if the callback provided is NULL, it will use the default callback + * Set to make us do HTTP POST. Legacy API-style. */ + data->set.httppost = va_arg(param, struct curl_httppost *); + data->set.method = HTTPREQ_POST_FORM; + data->set.opt_no_body = FALSE; /* this is implied */ + Curl_mime_cleanpart(data->state.formp); + Curl_safefree(data->state.formp); + data->state.mimepost = NULL; break; - case CURLOPT_DEBUGDATA: +#endif /* ! CURL_DISABLE_FORM_API */ +#endif /* ! CURL_DISABLE_HTTP */ +#if !defined(CURL_DISABLE_HTTP) || !defined(CURL_DISABLE_SMTP) || \ + !defined(CURL_DISABLE_IMAP) +# ifndef CURL_DISABLE_MIME + case CURLOPT_MIMEPOST: /* - * Set to a void * that should receive all error writes. This - * defaults to CURLOPT_STDERR for normal operations. + * Set to make us do MIME POST */ - data->set.debugdata = va_arg(param, void *); + result = Curl_mime_set_subparts(&data->set.mimepost, + va_arg(param, curl_mime *), + FALSE); + if(!result) { + data->set.method = HTTPREQ_POST_MIME; + data->set.opt_no_body = FALSE; /* this is implied */ +#ifndef CURL_DISABLE_FORM_API + Curl_mime_cleanpart(data->state.formp); + Curl_safefree(data->state.formp); + data->state.mimepost = NULL; +#endif + } break; +#endif /* ! CURL_DISABLE_MIME */ +#endif /* ! disabled HTTP, SMTP or IMAP */ case CURLOPT_STDERR: /* * Set to a FILE * that should receive all error writes. This @@ -1709,351 +1565,468 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) if(!data->set.err) data->set.err = stderr; break; - case CURLOPT_HEADERFUNCTION: - /* - * Set header write callback - */ - data->set.fwrite_header = va_arg(param, curl_write_callback); - break; - case CURLOPT_WRITEFUNCTION: - /* - * Set data write callback - */ - data->set.fwrite_func = va_arg(param, curl_write_callback); - if(!data->set.fwrite_func) - /* When set to NULL, reset to our internal default function */ - data->set.fwrite_func = (curl_write_callback)fwrite; - break; - case CURLOPT_READFUNCTION: - /* - * Read data callback - */ - data->set.fread_func_set = va_arg(param, curl_read_callback); - if(!data->set.fread_func_set) { - data->set.is_fread_set = 0; - /* When set to NULL, reset to our internal default function */ - data->set.fread_func_set = (curl_read_callback)fread; + case CURLOPT_SHARE: + { + struct Curl_share *set = va_arg(param, struct Curl_share *); + + /* disconnect from old share, if any */ + if(data->share) { + Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE); + + if(data->dns.hostcachetype == HCACHE_SHARED) { + data->dns.hostcache = NULL; + data->dns.hostcachetype = HCACHE_NONE; + } + +#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) + if(data->share->cookies == data->cookies) + data->cookies = NULL; +#endif + +#ifndef CURL_DISABLE_HSTS + if(data->share->hsts == data->hsts) + data->hsts = NULL; +#endif +#ifdef USE_SSL + if(data->share->sslsession == data->state.session) + data->state.session = NULL; +#endif +#ifdef USE_LIBPSL + if(data->psl == &data->share->psl) + data->psl = data->multi ? &data->multi->psl : NULL; +#endif + + data->share->dirty--; + + Curl_share_unlock(data, CURL_LOCK_DATA_SHARE); + data->share = NULL; } - else - data->set.is_fread_set = 1; - break; - case CURLOPT_SEEKFUNCTION: - /* - * Seek callback. Might be NULL. - */ - data->set.seek_func = va_arg(param, curl_seek_callback); - break; - case CURLOPT_SEEKDATA: - /* - * Seek control callback. Might be NULL. - */ - data->set.seek_client = va_arg(param, void *); - break; - case CURLOPT_IOCTLFUNCTION: - /* - * I/O control callback. Might be NULL. - */ - data->set.ioctl_func = va_arg(param, curl_ioctl_callback); - break; - case CURLOPT_IOCTLDATA: - /* - * I/O control data pointer. Might be NULL. - */ - data->set.ioctl_client = va_arg(param, void *); - break; - case CURLOPT_SSLCERT: - /* - * String that holds filename of the SSL certificate to use - */ - result = Curl_setstropt(&data->set.str[STRING_CERT], - va_arg(param, char *)); + + if(GOOD_SHARE_HANDLE(set)) + /* use new share if it set */ + data->share = set; + if(data->share) { + + Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE); + + data->share->dirty++; + + if(data->share->specifier & (1 << CURL_LOCK_DATA_DNS)) { + /* use shared host cache */ + data->dns.hostcache = &data->share->hostcache; + data->dns.hostcachetype = HCACHE_SHARED; + } +#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) + if(data->share->cookies) { + /* use shared cookie list, first free own one if any */ + Curl_cookie_cleanup(data->cookies); + /* enable cookies since we now use a share that uses cookies! */ + data->cookies = data->share->cookies; + } +#endif /* CURL_DISABLE_HTTP */ +#ifndef CURL_DISABLE_HSTS + if(data->share->hsts) { + /* first free the private one if any */ + Curl_hsts_cleanup(&data->hsts); + data->hsts = data->share->hsts; + } +#endif +#ifdef USE_SSL + if(data->share->sslsession) { + data->set.general_ssl.max_ssl_sessions = data->share->max_ssl_sessions; + data->state.session = data->share->sslsession; + } +#endif +#ifdef USE_LIBPSL + if(data->share->specifier & (1 << CURL_LOCK_DATA_PSL)) + data->psl = &data->share->psl; +#endif + + Curl_share_unlock(data, CURL_LOCK_DATA_SHARE); + } + /* check for host cache not needed, + * it will be done by curl_easy_perform */ + } + break; + +#ifdef USE_HTTP2 + case CURLOPT_STREAM_DEPENDS: + case CURLOPT_STREAM_DEPENDS_E: { + struct Curl_easy *dep = va_arg(param, struct Curl_easy *); + if(!dep || GOOD_EASY_HANDLE(dep)) + return Curl_data_priority_add_child(dep, data, + option == CURLOPT_STREAM_DEPENDS_E); break; - case CURLOPT_SSLCERT_BLOB: - /* - * Blob that holds file content of the SSL certificate to use - */ - result = Curl_setblobopt(&data->set.blobs[BLOB_CERT], - va_arg(param, struct curl_blob *)); + } +#endif + + default: + return CURLE_UNKNOWN_OPTION; + } + return result; +} + +static CURLcode setopt_cptr(struct Curl_easy *data, CURLoption option, + char *ptr) +{ + CURLcode result = CURLE_OK; + switch(option) { + case CURLOPT_SSL_CIPHER_LIST: + if(Curl_ssl_supports(data, SSLSUPP_CIPHER_LIST)) + /* set a list of cipher we want to use in the SSL connection */ + return Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST], ptr); + return CURLE_NOT_BUILT_IN; break; #ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXY_SSLCERT: - /* - * String that holds filename of the SSL certificate to use for proxy - */ - result = Curl_setstropt(&data->set.str[STRING_CERT_PROXY], - va_arg(param, char *)); - break; - case CURLOPT_PROXY_SSLCERT_BLOB: - /* - * Blob that holds file content of the SSL certificate to use for proxy - */ - result = Curl_setblobopt(&data->set.blobs[BLOB_CERT_PROXY], - va_arg(param, struct curl_blob *)); + case CURLOPT_PROXY_SSL_CIPHER_LIST: + if(Curl_ssl_supports(data, SSLSUPP_CIPHER_LIST)) { + /* set a list of cipher we want to use in the SSL connection for proxy */ + return Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST_PROXY], + ptr); + } + else + return CURLE_NOT_BUILT_IN; break; #endif - case CURLOPT_SSLCERTTYPE: - /* - * String that holds file type of the SSL certificate to use - */ - result = Curl_setstropt(&data->set.str[STRING_CERT_TYPE], - va_arg(param, char *)); + case CURLOPT_TLS13_CIPHERS: + if(Curl_ssl_supports(data, SSLSUPP_TLS13_CIPHERSUITES)) { + /* set preferred list of TLS 1.3 cipher suites */ + return Curl_setstropt(&data->set.str[STRING_SSL_CIPHER13_LIST], ptr); + } + else + return CURLE_NOT_BUILT_IN; break; #ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXY_SSLCERTTYPE: - /* - * String that holds file type of the SSL certificate to use for proxy - */ - result = Curl_setstropt(&data->set.str[STRING_CERT_TYPE_PROXY], - va_arg(param, char *)); + case CURLOPT_PROXY_TLS13_CIPHERS: + if(Curl_ssl_supports(data, SSLSUPP_TLS13_CIPHERSUITES)) + /* set preferred list of TLS 1.3 cipher suites for proxy */ + return Curl_setstropt(&data->set.str[STRING_SSL_CIPHER13_LIST_PROXY], + ptr); + else + return CURLE_NOT_BUILT_IN; break; #endif - case CURLOPT_SSLKEY: - /* - * String that holds filename of the SSL key to use - */ - result = Curl_setstropt(&data->set.str[STRING_KEY], - va_arg(param, char *)); + case CURLOPT_RANDOM_FILE: break; - case CURLOPT_SSLKEY_BLOB: - /* - * Blob that holds file content of the SSL key to use - */ - result = Curl_setblobopt(&data->set.blobs[BLOB_KEY], - va_arg(param, struct curl_blob *)); + case CURLOPT_EGDSOCKET: break; -#ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXY_SSLKEY: + case CURLOPT_REQUEST_TARGET: + return Curl_setstropt(&data->set.str[STRING_TARGET], ptr); +#ifndef CURL_DISABLE_NETRC + case CURLOPT_NETRC_FILE: /* - * String that holds filename of the SSL key to use for proxy + * Use this file instead of the $HOME/.netrc file */ - result = Curl_setstropt(&data->set.str[STRING_KEY_PROXY], - va_arg(param, char *)); - break; - case CURLOPT_PROXY_SSLKEY_BLOB: + return Curl_setstropt(&data->set.str[STRING_NETRC_FILE], ptr); +#endif + +#if !defined(CURL_DISABLE_HTTP) || !defined(CURL_DISABLE_MQTT) + case CURLOPT_COPYPOSTFIELDS: /* - * Blob that holds file content of the SSL key to use for proxy + * A string with POST data. Makes curl HTTP POST. Even if it is NULL. + * If needed, CURLOPT_POSTFIELDSIZE must have been set prior to + * CURLOPT_COPYPOSTFIELDS and not altered later. */ - result = Curl_setblobopt(&data->set.blobs[BLOB_KEY_PROXY], - va_arg(param, struct curl_blob *)); - break; + if(!ptr || data->set.postfieldsize == -1) + result = Curl_setstropt(&data->set.str[STRING_COPYPOSTFIELDS], ptr); + else { + if(data->set.postfieldsize < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; +#if SIZEOF_CURL_OFF_T > SIZEOF_SIZE_T + /* + * Check that requested length does not overflow the size_t type. + */ + else if(data->set.postfieldsize > SIZE_T_MAX) + return CURLE_OUT_OF_MEMORY; #endif - case CURLOPT_SSLKEYTYPE: + else { + /* Allocate even when size == 0. This satisfies the need of possible + later address compare to detect the COPYPOSTFIELDS mode, and to + mark that postfields is used rather than read function or form + data. + */ + char *p = Curl_memdup0(ptr, (size_t)data->set.postfieldsize); + if(!p) + return CURLE_OUT_OF_MEMORY; + else { + free(data->set.str[STRING_COPYPOSTFIELDS]); + data->set.str[STRING_COPYPOSTFIELDS] = p; + } + } + } + + data->set.postfields = data->set.str[STRING_COPYPOSTFIELDS]; + data->set.method = HTTPREQ_POST; + break; + + case CURLOPT_POSTFIELDS: /* - * String that holds file type of the SSL key to use + * Like above, but use static data instead of copying it. */ - result = Curl_setstropt(&data->set.str[STRING_KEY_TYPE], - va_arg(param, char *)); + data->set.postfields = ptr; + /* Release old copied data. */ + Curl_safefree(data->set.str[STRING_COPYPOSTFIELDS]); + data->set.method = HTTPREQ_POST; break; -#ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXY_SSLKEYTYPE: + +#ifndef CURL_DISABLE_HTTP + case CURLOPT_ACCEPT_ENCODING: /* - * String that holds file type of the SSL key to use for proxy + * String to use at the value of Accept-Encoding header. + * + * If the encoding is set to "" we use an Accept-Encoding header that + * encompasses all the encodings we support. + * If the encoding is set to NULL we do not send an Accept-Encoding header + * and ignore an received Content-Encoding header. + * */ - result = Curl_setstropt(&data->set.str[STRING_KEY_TYPE_PROXY], - va_arg(param, char *)); - break; -#endif - case CURLOPT_KEYPASSWD: + if(ptr && !*ptr) { + char all[256]; + Curl_all_content_encodings(all, sizeof(all)); + return Curl_setstropt(&data->set.str[STRING_ENCODING], all); + } + return Curl_setstropt(&data->set.str[STRING_ENCODING], ptr); + +#if !defined(CURL_DISABLE_AWS) + case CURLOPT_AWS_SIGV4: /* - * String that holds the SSL or SSH private key password. + * String that is merged to some authentication + * parameters are used by the algorithm. */ - result = Curl_setstropt(&data->set.str[STRING_KEY_PASSWD], - va_arg(param, char *)); - break; -#ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXY_KEYPASSWD: + result = Curl_setstropt(&data->set.str[STRING_AWS_SIGV4], ptr); /* - * String that holds the SSL private key password for proxy. + * Basic been set by default it need to be unset here */ - result = Curl_setstropt(&data->set.str[STRING_KEY_PASSWD_PROXY], - va_arg(param, char *)); + if(data->set.str[STRING_AWS_SIGV4]) + data->set.httpauth = CURLAUTH_AWS_SIGV4; break; #endif - case CURLOPT_SSLENGINE: + case CURLOPT_REFERER: /* - * String that holds the SSL crypto engine. + * String to set in the HTTP Referer: field. */ - argptr = va_arg(param, char *); - if(argptr && argptr[0]) { - result = Curl_setstropt(&data->set.str[STRING_SSL_ENGINE], argptr); - if(!result) { - result = Curl_ssl_set_engine(data, argptr); - } + if(data->state.referer_alloc) { + Curl_safefree(data->state.referer); + data->state.referer_alloc = FALSE; } + result = Curl_setstropt(&data->set.str[STRING_SET_REFERER], ptr); + data->state.referer = data->set.str[STRING_SET_REFERER]; break; - case CURLOPT_SSLENGINE_DEFAULT: - /* - * flag to set engine as default. - */ - Curl_safefree(data->set.str[STRING_SSL_ENGINE]); - result = Curl_ssl_set_engine_default(data); - break; - case CURLOPT_CRLF: + case CURLOPT_USERAGENT: /* - * Kludgy option to enable CRLF conversions. Subject for removal. + * String to use in the HTTP User-Agent field */ - data->set.crlf = (0 != va_arg(param, long)); - break; -#ifndef CURL_DISABLE_PROXY - case CURLOPT_HAPROXYPROTOCOL: + return Curl_setstropt(&data->set.str[STRING_USERAGENT], ptr); + +#if !defined(CURL_DISABLE_COOKIES) + case CURLOPT_COOKIE: /* - * Set to send the HAProxy Proxy Protocol header + * Cookie string to send to the remote server in the request. */ - data->set.haproxyprotocol = (0 != va_arg(param, long)); - break; - case CURLOPT_HAPROXY_CLIENT_IP: + return Curl_setstropt(&data->set.str[STRING_COOKIE], ptr); + + case CURLOPT_COOKIEFILE: /* - * Set the client IP to send through HAProxy PROXY protocol + * Set cookie file to read and parse. Can be used multiple times. */ - result = Curl_setstropt(&data->set.str[STRING_HAPROXY_CLIENT_IP], - va_arg(param, char *)); - /* We enable implicitly the HAProxy protocol if we use this flag. */ - data->set.haproxyprotocol = TRUE; + if(ptr) { + struct curl_slist *cl; + /* general protection against mistakes and abuse */ + if(strlen(ptr) > CURL_MAX_INPUT_LENGTH) + return CURLE_BAD_FUNCTION_ARGUMENT; + /* append the cookie filename to the list of filenames, and deal with + them later */ + cl = curl_slist_append(data->state.cookielist, ptr); + if(!cl) { + curl_slist_free_all(data->state.cookielist); + data->state.cookielist = NULL; + return CURLE_OUT_OF_MEMORY; + } + data->state.cookielist = cl; /* store the list for later use */ + } + else { + /* clear the list of cookie files */ + curl_slist_free_all(data->state.cookielist); + data->state.cookielist = NULL; + + if(!data->share || !data->share->cookies) { + /* throw away all existing cookies if this is not a shared cookie + container */ + Curl_cookie_clearall(data->cookies); + Curl_cookie_cleanup(data->cookies); + } + /* disable the cookie engine */ + data->cookies = NULL; + } break; -#endif - case CURLOPT_INTERFACE: + + case CURLOPT_COOKIEJAR: /* - * Set what interface or address/hostname to bind the socket to when - * performing an operation and thus what from-IP your connection will use. + * Set cookie filename to dump all cookies to when we are done. */ - result = setstropt_interface(va_arg(param, char *), - &data->set.str[STRING_DEVICE], - &data->set.str[STRING_INTERFACE], - &data->set.str[STRING_BINDHOST]); + result = Curl_setstropt(&data->set.str[STRING_COOKIEJAR], ptr); + if(!result) { + /* + * Activate the cookie parser. This may or may not already + * have been made. + */ + struct CookieInfo *newcookies = + Curl_cookie_init(data, NULL, data->cookies, data->set.cookiesession); + if(!newcookies) + result = CURLE_OUT_OF_MEMORY; + data->cookies = newcookies; + } break; -#ifndef CURL_DISABLE_BINDLOCAL - case CURLOPT_LOCALPORT: - /* - * Set what local port to bind the socket to when performing an operation. - */ - arg = va_arg(param, long); - if((arg < 0) || (arg > 65535)) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.localport = curlx_sltous(arg); + + case CURLOPT_COOKIELIST: + if(!ptr) + break; + + if(strcasecompare(ptr, "ALL")) { + /* clear all cookies */ + Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); + Curl_cookie_clearall(data->cookies); + Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); + } + else if(strcasecompare(ptr, "SESS")) { + /* clear session cookies */ + Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); + Curl_cookie_clearsess(data->cookies); + Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); + } + else if(strcasecompare(ptr, "FLUSH")) { + /* flush cookies to file, takes care of the locking */ + Curl_flush_cookies(data, FALSE); + } + else if(strcasecompare(ptr, "RELOAD")) { + /* reload cookies from file */ + Curl_cookie_loadfiles(data); + break; + } + else { + if(!data->cookies) { + /* if cookie engine was not running, activate it */ + data->cookies = Curl_cookie_init(data, NULL, NULL, TRUE); + if(!data->cookies) + return CURLE_OUT_OF_MEMORY; + } + + /* general protection against mistakes and abuse */ + if(strlen(ptr) > CURL_MAX_INPUT_LENGTH) + return CURLE_BAD_FUNCTION_ARGUMENT; + + Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); + if(checkprefix("Set-Cookie:", ptr)) + /* HTTP Header format line */ + Curl_cookie_add(data, data->cookies, TRUE, FALSE, ptr + 11, NULL, + NULL, TRUE); + else + /* Netscape format line */ + Curl_cookie_add(data, data->cookies, FALSE, FALSE, ptr, NULL, + NULL, TRUE); + Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); + } break; - case CURLOPT_LOCALPORTRANGE: +#endif /* !CURL_DISABLE_COOKIES */ + +#endif /* ! CURL_DISABLE_HTTP */ + + case CURLOPT_CUSTOMREQUEST: /* - * Set number of local ports to try, starting with CURLOPT_LOCALPORT. + * Set a custom string to use as request */ - arg = va_arg(param, long); - if((arg < 0) || (arg > 65535)) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.localportrange = curlx_sltous(arg); - break; -#endif - case CURLOPT_GSSAPI_DELEGATION: + return Curl_setstropt(&data->set.str[STRING_CUSTOMREQUEST], ptr); + + /* we do not set + data->set.method = HTTPREQ_CUSTOM; + here, we continue as if we were using the already set type + and this just changes the actual request keyword */ + +#ifndef CURL_DISABLE_PROXY + case CURLOPT_PROXY: /* - * GSS-API credential delegation bitmask + * Set proxy server:port to use as proxy. + * + * If the proxy is set to "" (and CURLOPT_SOCKS_PROXY is set to "" or NULL) + * we explicitly say that we do not want to use a proxy + * (even though there might be environment variables saying so). + * + * Setting it to NULL, means no proxy but allows the environment variables + * to decide for us (if CURLOPT_SOCKS_PROXY setting it to NULL). */ - uarg = va_arg(param, unsigned long); - data->set.gssapi_delegation = (unsigned char)uarg& - (CURLGSSAPI_DELEGATION_POLICY_FLAG|CURLGSSAPI_DELEGATION_FLAG); + return Curl_setstropt(&data->set.str[STRING_PROXY], ptr); break; - case CURLOPT_SSL_VERIFYPEER: + + case CURLOPT_PRE_PROXY: /* - * Enable peer SSL verifying. + * Set proxy server:port to use as SOCKS proxy. + * + * If the proxy is set to "" or NULL we explicitly say that we do not want + * to use the socks proxy. */ - data->set.ssl.primary.verifypeer = (0 != va_arg(param, long)); + return Curl_setstropt(&data->set.str[STRING_PRE_PROXY], ptr); +#endif /* CURL_DISABLE_PROXY */ - /* Update the current connection ssl_config. */ - Curl_ssl_conn_config_update(data, FALSE); - break; -#ifndef CURL_DISABLE_DOH - case CURLOPT_DOH_SSL_VERIFYPEER: +#ifndef CURL_DISABLE_PROXY + case CURLOPT_SOCKS5_GSSAPI_SERVICE: + case CURLOPT_PROXY_SERVICE_NAME: /* - * Enable peer SSL verifying for DoH. + * Set proxy authentication service name for Kerberos 5 and SPNEGO */ - data->set.doh_verifypeer = (0 != va_arg(param, long)); - break; + return Curl_setstropt(&data->set.str[STRING_PROXY_SERVICE_NAME], ptr); #endif -#ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXY_SSL_VERIFYPEER: + case CURLOPT_SERVICE_NAME: /* - * Enable peer SSL verifying for proxy. + * Set authentication service name for DIGEST-MD5, Kerberos 5 and SPNEGO */ - data->set.proxy_ssl.primary.verifypeer = - (0 != va_arg(param, long))?TRUE:FALSE; + return Curl_setstropt(&data->set.str[STRING_SERVICE_NAME], ptr); + break; - /* Update the current connection proxy_ssl_config. */ - Curl_ssl_conn_config_update(data, TRUE); + case CURLOPT_HEADERDATA: + /* + * Custom pointer to pass the header write callback function + */ + data->set.writeheader = (void *)ptr; break; -#endif - case CURLOPT_SSL_VERIFYHOST: + case CURLOPT_READDATA: /* - * Enable verification of the hostname in the peer certificate + * FILE pointer to read the file to be uploaded from. Or possibly used as + * argument to the read callback. */ - arg = va_arg(param, long); - - /* Obviously people are not reading documentation and too many thought - this argument took a boolean when it was not and misused it. - Treat 1 and 2 the same */ - data->set.ssl.primary.verifyhost = !!(arg & 3); - - /* Update the current connection ssl_config. */ - Curl_ssl_conn_config_update(data, FALSE); + data->set.in_set = (void *)ptr; break; -#ifndef CURL_DISABLE_DOH - case CURLOPT_DOH_SSL_VERIFYHOST: + case CURLOPT_WRITEDATA: /* - * Enable verification of the hostname in the peer certificate for DoH + * FILE pointer to write to. Or possibly used as argument to the write + * callback. */ - arg = va_arg(param, long); - - /* Treat both 1 and 2 as TRUE */ - data->set.doh_verifyhost = !!(arg & 3); + data->set.out = (void *)ptr; break; -#endif -#ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXY_SSL_VERIFYHOST: + case CURLOPT_DEBUGDATA: /* - * Enable verification of the hostname in the peer certificate for proxy + * Set to a void * that should receive all error writes. This + * defaults to CURLOPT_STDERR for normal operations. */ - arg = va_arg(param, long); - - /* Treat both 1 and 2 as TRUE */ - data->set.proxy_ssl.primary.verifyhost = (bool)((arg & 3)?TRUE:FALSE); - /* Update the current connection proxy_ssl_config. */ - Curl_ssl_conn_config_update(data, TRUE); + data->set.debugdata = (void *)ptr; break; -#endif - case CURLOPT_SSL_VERIFYSTATUS: + case CURLOPT_PROGRESSDATA: /* - * Enable certificate status verifying. + * Custom client data to pass to the progress callback */ - if(!Curl_ssl_cert_status_request()) { - result = CURLE_NOT_BUILT_IN; - break; - } - - data->set.ssl.primary.verifystatus = (0 != va_arg(param, long)); - - /* Update the current connection ssl_config. */ - Curl_ssl_conn_config_update(data, FALSE); + data->set.progress_client = (void *)ptr; break; -#ifndef CURL_DISABLE_DOH - case CURLOPT_DOH_SSL_VERIFYSTATUS: + case CURLOPT_SEEKDATA: /* - * Enable certificate status verifying for DoH. + * Seek control callback. Might be NULL. */ - if(!Curl_ssl_cert_status_request()) { - result = CURLE_NOT_BUILT_IN; - break; - } - - data->set.doh_verifystatus = (0 != va_arg(param, long)); + data->set.seek_client = (void *)ptr; break; -#endif - case CURLOPT_SSL_CTX_FUNCTION: + case CURLOPT_IOCTLDATA: /* - * Set a SSL_CTX callback + * I/O control data pointer. Might be NULL. */ -#ifdef USE_SSL - if(Curl_ssl_supports(data, SSLSUPP_SSL_CTX)) - data->set.ssl.fsslctx = va_arg(param, curl_ssl_ctx_callback); - else -#endif - result = CURLE_NOT_BUILT_IN; + data->set.ioctl_client = (void *)ptr; break; case CURLOPT_SSL_CTX_DATA: /* @@ -2061,525 +2034,414 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) */ #ifdef USE_SSL if(Curl_ssl_supports(data, SSLSUPP_SSL_CTX)) - data->set.ssl.fsslctxp = va_arg(param, void *); + data->set.ssl.fsslctxp = (void *)ptr; else #endif - result = CURLE_NOT_BUILT_IN; + return CURLE_NOT_BUILT_IN; break; - case CURLOPT_SSL_FALSESTART: + case CURLOPT_SOCKOPTDATA: /* - * Enable TLS false start. + * socket callback data pointer. Might be NULL. */ - if(!Curl_ssl_false_start(data)) { - result = CURLE_NOT_BUILT_IN; - break; - } - - data->set.ssl.falsestart = (0 != va_arg(param, long)); - break; - case CURLOPT_CERTINFO: -#ifdef USE_SSL - if(Curl_ssl_supports(data, SSLSUPP_CERTINFO)) - data->set.ssl.certinfo = (0 != va_arg(param, long)); - else -#endif - result = CURLE_NOT_BUILT_IN; + data->set.sockopt_client = (void *)ptr; break; - case CURLOPT_PINNEDPUBLICKEY: + case CURLOPT_OPENSOCKETDATA: /* - * Set pinned public key for SSL connection. - * Specify filename of the public key in DER format. + * socket callback data pointer. Might be NULL. */ -#ifdef USE_SSL - if(Curl_ssl_supports(data, SSLSUPP_PINNEDPUBKEY)) - result = Curl_setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY], - va_arg(param, char *)); - else -#endif - result = CURLE_NOT_BUILT_IN; + data->set.opensocket_client = (void *)ptr; break; -#ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXY_PINNEDPUBLICKEY: + case CURLOPT_RESOLVER_START_DATA: /* - * Set pinned public key for SSL connection. - * Specify filename of the public key in DER format. + * resolver start callback data pointer. Might be NULL. */ -#ifdef USE_SSL - if(Curl_ssl_supports(data, SSLSUPP_PINNEDPUBKEY)) - result = Curl_setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY], - va_arg(param, char *)); - else -#endif - result = CURLE_NOT_BUILT_IN; + data->set.resolver_start_client = (void *)ptr; break; -#endif - case CURLOPT_CAINFO: + case CURLOPT_CLOSESOCKETDATA: /* - * Set CA info for SSL connection. Specify filename of the CA certificate + * socket callback data pointer. Might be NULL. */ - result = Curl_setstropt(&data->set.str[STRING_SSL_CAFILE], - va_arg(param, char *)); + data->set.closesocket_client = (void *)ptr; break; - case CURLOPT_CAINFO_BLOB: - /* - * Blob that holds CA info for SSL connection. - * Specify entire PEM of the CA certificate - */ -#ifdef USE_SSL - if(Curl_ssl_supports(data, SSLSUPP_CAINFO_BLOB)) { - result = Curl_setblobopt(&data->set.blobs[BLOB_CAINFO], - va_arg(param, struct curl_blob *)); - break; - } - else + case CURLOPT_TRAILERDATA: +#ifndef CURL_DISABLE_HTTP + data->set.trailer_data = (void *)ptr; #endif - return CURLE_NOT_BUILT_IN; -#ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXY_CAINFO: - /* - * Set CA info SSL connection for proxy. Specify filename of the - * CA certificate - */ - result = Curl_setstropt(&data->set.str[STRING_SSL_CAFILE_PROXY], - va_arg(param, char *)); break; - case CURLOPT_PROXY_CAINFO_BLOB: - /* - * Blob that holds CA info for SSL connection proxy. - * Specify entire PEM of the CA certificate - */ -#ifdef USE_SSL - if(Curl_ssl_supports(data, SSLSUPP_CAINFO_BLOB)) { - result = Curl_setblobopt(&data->set.blobs[BLOB_CAINFO_PROXY], - va_arg(param, struct curl_blob *)); - break; - } - else -#endif - return CURLE_NOT_BUILT_IN; -#endif - case CURLOPT_CAPATH: - /* - * Set CA path info for SSL connection. Specify directory name of the CA - * certificates which have been prepared using openssl c_rehash utility. - */ -#ifdef USE_SSL - if(Curl_ssl_supports(data, SSLSUPP_CA_PATH)) - /* This does not work on windows. */ - result = Curl_setstropt(&data->set.str[STRING_SSL_CAPATH], - va_arg(param, char *)); - else -#endif - result = CURLE_NOT_BUILT_IN; + case CURLOPT_PREREQDATA: + data->set.prereq_userp = (void *)ptr; break; -#ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXY_CAPATH: + + case CURLOPT_ERRORBUFFER: /* - * Set CA path info for SSL connection proxy. Specify directory name of the - * CA certificates which have been prepared using openssl c_rehash utility. + * Error buffer provided by the caller to get the human readable error + * string in. */ -#ifdef USE_SSL - if(Curl_ssl_supports(data, SSLSUPP_CA_PATH)) - /* This does not work on windows. */ - result = Curl_setstropt(&data->set.str[STRING_SSL_CAPATH_PROXY], - va_arg(param, char *)); - else -#endif - result = CURLE_NOT_BUILT_IN; + data->set.errorbuffer = ptr; break; -#endif - case CURLOPT_CRLFILE: + +#ifndef CURL_DISABLE_FTP + case CURLOPT_FTPPORT: /* - * Set CRL file info for SSL connection. Specify filename of the CRL - * to check certificates revocation + * Use FTP PORT, this also specifies which IP address to use */ - result = Curl_setstropt(&data->set.str[STRING_SSL_CRLFILE], - va_arg(param, char *)); + result = Curl_setstropt(&data->set.str[STRING_FTPPORT], ptr); + data->set.ftp_use_port = !!(data->set.str[STRING_FTPPORT]); break; -#ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXY_CRLFILE: + + case CURLOPT_FTP_ACCOUNT: + return Curl_setstropt(&data->set.str[STRING_FTP_ACCOUNT], ptr); + + case CURLOPT_FTP_ALTERNATIVE_TO_USER: + return Curl_setstropt(&data->set.str[STRING_FTP_ALTERNATIVE_TO_USER], ptr); + +#ifdef HAVE_GSSAPI + case CURLOPT_KRBLEVEL: /* - * Set CRL file info for SSL connection for proxy. Specify filename of the - * CRL to check certificates revocation + * A string that defines the kerberos security level. */ - result = Curl_setstropt(&data->set.str[STRING_SSL_CRLFILE_PROXY], - va_arg(param, char *)); + result = Curl_setstropt(&data->set.str[STRING_KRB_LEVEL], ptr); + data->set.krb = !!(data->set.str[STRING_KRB_LEVEL]); break; #endif - case CURLOPT_ISSUERCERT: +#endif + case CURLOPT_URL: /* - * Set Issuer certificate file - * to check certificates issuer + * The URL to fetch. */ - result = Curl_setstropt(&data->set.str[STRING_SSL_ISSUERCERT], - va_arg(param, char *)); + if(data->state.url_alloc) { + /* the already set URL is allocated, free it first! */ + Curl_safefree(data->state.url); + data->state.url_alloc = FALSE; + } + result = Curl_setstropt(&data->set.str[STRING_SET_URL], ptr); + data->state.url = data->set.str[STRING_SET_URL]; break; - case CURLOPT_ISSUERCERT_BLOB: + + case CURLOPT_USERPWD: /* - * Blob that holds Issuer certificate to check certificates issuer + * user:password to use in the operation */ - result = Curl_setblobopt(&data->set.blobs[BLOB_SSL_ISSUERCERT], - va_arg(param, struct curl_blob *)); - break; -#ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXY_ISSUERCERT: + return setstropt_userpwd(ptr, &data->set.str[STRING_USERNAME], + &data->set.str[STRING_PASSWORD]); + + case CURLOPT_USERNAME: /* - * Set Issuer certificate file - * to check certificates issuer + * authentication username to use in the operation */ - result = Curl_setstropt(&data->set.str[STRING_SSL_ISSUERCERT_PROXY], - va_arg(param, char *)); - break; - case CURLOPT_PROXY_ISSUERCERT_BLOB: + return Curl_setstropt(&data->set.str[STRING_USERNAME], ptr); + + case CURLOPT_PASSWORD: /* - * Blob that holds Issuer certificate to check certificates issuer + * authentication password to use in the operation */ - result = Curl_setblobopt(&data->set.blobs[BLOB_SSL_ISSUERCERT_PROXY], - va_arg(param, struct curl_blob *)); - break; -#endif -#ifndef CURL_DISABLE_TELNET - case CURLOPT_TELNETOPTIONS: + return Curl_setstropt(&data->set.str[STRING_PASSWORD], ptr); + + case CURLOPT_LOGIN_OPTIONS: /* - * Set a linked list of telnet options + * authentication options to use in the operation */ - data->set.telnet_options = va_arg(param, struct curl_slist *); - break; -#endif - case CURLOPT_BUFFERSIZE: + return Curl_setstropt(&data->set.str[STRING_OPTIONS], ptr); + + case CURLOPT_XOAUTH2_BEARER: /* - * The application kindly asks for a differently sized receive buffer. - * If it seems reasonable, we will use it. + * OAuth 2.0 bearer token to use in the operation */ - arg = va_arg(param, long); + return Curl_setstropt(&data->set.str[STRING_BEARER], ptr); - if(arg > READBUFFER_MAX) - arg = READBUFFER_MAX; - else if(arg < 1) - arg = READBUFFER_SIZE; - else if(arg < READBUFFER_MIN) - arg = READBUFFER_MIN; +#ifndef CURL_DISABLE_PROXY + case CURLOPT_PROXYUSERPWD: { + /* + * user:password needed to use the proxy + */ + char *u = NULL; + char *p = NULL; + result = setstropt_userpwd(ptr, &u, &p); - data->set.buffer_size = (unsigned int)arg; + /* URL decode the components */ + if(!result && u) + result = Curl_urldecode(u, 0, &data->set.str[STRING_PROXYUSERNAME], NULL, + REJECT_ZERO); + if(!result && p) + result = Curl_urldecode(p, 0, &data->set.str[STRING_PROXYPASSWORD], NULL, + REJECT_ZERO); + free(u); + free(p); + } break; + case CURLOPT_PROXYUSERNAME: + /* + * authentication username to use in the operation + */ + return Curl_setstropt(&data->set.str[STRING_PROXYUSERNAME], ptr); - case CURLOPT_UPLOAD_BUFFERSIZE: + case CURLOPT_PROXYPASSWORD: /* - * The application kindly asks for a differently sized upload buffer. - * Cap it to sensible. + * authentication password to use in the operation */ - arg = va_arg(param, long); + return Curl_setstropt(&data->set.str[STRING_PROXYPASSWORD], ptr); - if(arg > UPLOADBUFFER_MAX) - arg = UPLOADBUFFER_MAX; - else if(arg < UPLOADBUFFER_MIN) - arg = UPLOADBUFFER_MIN; + case CURLOPT_NOPROXY: + /* + * proxy exception list + */ + return Curl_setstropt(&data->set.str[STRING_NOPROXY], ptr); +#endif - data->set.upload_buffer_size = (unsigned int)arg; - break; + case CURLOPT_RANGE: + /* + * What range of the file you want to transfer + */ + return Curl_setstropt(&data->set.str[STRING_SET_RANGE], ptr); - case CURLOPT_NOSIGNAL: +#endif /* ! CURL_DISABLE_PROXY */ + case CURLOPT_CURLU: /* - * The application asks not to set any signal() or alarm() handlers, - * even when using a timeout. + * pass CURLU to set URL */ - data->set.no_signal = (0 != va_arg(param, long)); + data->set.uh = (CURLU *)ptr; break; + case CURLOPT_SSLCERT: + /* + * String that holds filename of the SSL certificate to use + */ + return Curl_setstropt(&data->set.str[STRING_CERT], ptr); - case CURLOPT_SHARE: - { - struct Curl_share *set; - set = va_arg(param, struct Curl_share *); - - /* disconnect from old share, if any */ - if(data->share) { - Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE); - - if(data->dns.hostcachetype == HCACHE_SHARED) { - data->dns.hostcache = NULL; - data->dns.hostcachetype = HCACHE_NONE; - } +#ifndef CURL_DISABLE_PROXY + case CURLOPT_PROXY_SSLCERT: + /* + * String that holds filename of the SSL certificate to use for proxy + */ + return Curl_setstropt(&data->set.str[STRING_CERT_PROXY], ptr); -#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) - if(data->share->cookies == data->cookies) - data->cookies = NULL; #endif + case CURLOPT_SSLCERTTYPE: + /* + * String that holds file type of the SSL certificate to use + */ + return Curl_setstropt(&data->set.str[STRING_CERT_TYPE], ptr); -#ifndef CURL_DISABLE_HSTS - if(data->share->hsts == data->hsts) - data->hsts = NULL; -#endif -#ifdef USE_SSL - if(data->share->sslsession == data->state.session) - data->state.session = NULL; -#endif -#ifdef USE_LIBPSL - if(data->psl == &data->share->psl) - data->psl = data->multi? &data->multi->psl: NULL; +#ifndef CURL_DISABLE_PROXY + case CURLOPT_PROXY_SSLCERTTYPE: + /* + * String that holds file type of the SSL certificate to use for proxy + */ + return Curl_setstropt(&data->set.str[STRING_CERT_TYPE_PROXY], ptr); #endif + case CURLOPT_SSLKEY: + /* + * String that holds filename of the SSL key to use + */ + return Curl_setstropt(&data->set.str[STRING_KEY], ptr); - data->share->dirty--; - - Curl_share_unlock(data, CURL_LOCK_DATA_SHARE); - data->share = NULL; - } - - if(GOOD_SHARE_HANDLE(set)) - /* use new share if it set */ - data->share = set; - if(data->share) { - - Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE); - - data->share->dirty++; +#ifndef CURL_DISABLE_PROXY + case CURLOPT_PROXY_SSLKEY: + /* + * String that holds filename of the SSL key to use for proxy + */ + return Curl_setstropt(&data->set.str[STRING_KEY_PROXY], ptr); - if(data->share->specifier & (1<< CURL_LOCK_DATA_DNS)) { - /* use shared host cache */ - data->dns.hostcache = &data->share->hostcache; - data->dns.hostcachetype = HCACHE_SHARED; - } -#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) - if(data->share->cookies) { - /* use shared cookie list, first free own one if any */ - Curl_cookie_cleanup(data->cookies); - /* enable cookies since we now use a share that uses cookies! */ - data->cookies = data->share->cookies; - } -#endif /* CURL_DISABLE_HTTP */ -#ifndef CURL_DISABLE_HSTS - if(data->share->hsts) { - /* first free the private one if any */ - Curl_hsts_cleanup(&data->hsts); - data->hsts = data->share->hsts; - } -#endif -#ifdef USE_SSL - if(data->share->sslsession) { - data->set.general_ssl.max_ssl_sessions = data->share->max_ssl_sessions; - data->state.session = data->share->sslsession; - } -#endif -#ifdef USE_LIBPSL - if(data->share->specifier & (1 << CURL_LOCK_DATA_PSL)) - data->psl = &data->share->psl; #endif - - Curl_share_unlock(data, CURL_LOCK_DATA_SHARE); - } - /* check for host cache not needed, - * it will be done by curl_easy_perform */ - } - break; - - case CURLOPT_PRIVATE: + case CURLOPT_SSLKEYTYPE: /* - * Set private data pointer. + * String that holds file type of the SSL key to use */ - data->set.private_data = va_arg(param, void *); + return Curl_setstropt(&data->set.str[STRING_KEY_TYPE], ptr); break; - - case CURLOPT_MAXFILESIZE: +#ifndef CURL_DISABLE_PROXY + case CURLOPT_PROXY_SSLKEYTYPE: /* - * Set the maximum size of a file to download. + * String that holds file type of the SSL key to use for proxy */ - arg = va_arg(param, long); - if(arg < 0) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.max_filesize = arg; - break; + return Curl_setstropt(&data->set.str[STRING_KEY_TYPE_PROXY], ptr); -#ifdef USE_SSL - case CURLOPT_USE_SSL: +#endif + case CURLOPT_KEYPASSWD: /* - * Make transfers attempt to use SSL/TLS. + * String that holds the SSL or SSH private key password. */ - arg = va_arg(param, long); - if((arg < CURLUSESSL_NONE) || (arg >= CURLUSESSL_LAST)) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.use_ssl = (unsigned char)arg; - break; + return Curl_setstropt(&data->set.str[STRING_KEY_PASSWD], ptr); - case CURLOPT_SSL_OPTIONS: - arg = va_arg(param, long); - data->set.ssl.primary.ssl_options = (unsigned char)(arg & 0xff); - data->set.ssl.enable_beast = !!(arg & CURLSSLOPT_ALLOW_BEAST); - data->set.ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE); - data->set.ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN); - data->set.ssl.revoke_best_effort = !!(arg & CURLSSLOPT_REVOKE_BEST_EFFORT); - data->set.ssl.native_ca_store = !!(arg & CURLSSLOPT_NATIVE_CA); - data->set.ssl.auto_client_cert = !!(arg & CURLSSLOPT_AUTO_CLIENT_CERT); - /* If a setting is added here it should also be added in dohprobe() - which sets its own CURLOPT_SSL_OPTIONS based on these settings. */ +#ifndef CURL_DISABLE_PROXY + case CURLOPT_PROXY_KEYPASSWD: + /* + * String that holds the SSL private key password for proxy. + */ + return Curl_setstropt(&data->set.str[STRING_KEY_PASSWD_PROXY], ptr); +#endif + case CURLOPT_SSLENGINE: + /* + * String that holds the SSL crypto engine. + */ + if(ptr && ptr[0]) { + result = Curl_setstropt(&data->set.str[STRING_SSL_ENGINE], ptr); + if(!result) { + result = Curl_ssl_set_engine(data, ptr); + } + } break; #ifndef CURL_DISABLE_PROXY - case CURLOPT_PROXY_SSL_OPTIONS: - arg = va_arg(param, long); - data->set.proxy_ssl.primary.ssl_options = (unsigned char)(arg & 0xff); - data->set.proxy_ssl.enable_beast = !!(arg & CURLSSLOPT_ALLOW_BEAST); - data->set.proxy_ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE); - data->set.proxy_ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN); - data->set.proxy_ssl.revoke_best_effort = - !!(arg & CURLSSLOPT_REVOKE_BEST_EFFORT); - data->set.proxy_ssl.native_ca_store = !!(arg & CURLSSLOPT_NATIVE_CA); - data->set.proxy_ssl.auto_client_cert = - !!(arg & CURLSSLOPT_AUTO_CLIENT_CERT); + case CURLOPT_HAPROXY_CLIENT_IP: + /* + * Set the client IP to send through HAProxy PROXY protocol + */ + result = Curl_setstropt(&data->set.str[STRING_HAPROXY_CLIENT_IP], ptr); + /* enable the HAProxy protocol */ + data->set.haproxyprotocol = TRUE; break; #endif + case CURLOPT_INTERFACE: + /* + * Set what interface or address/hostname to bind the socket to when + * performing an operation and thus what from-IP your connection will use. + */ + return setstropt_interface(ptr, + &data->set.str[STRING_DEVICE], + &data->set.str[STRING_INTERFACE], + &data->set.str[STRING_BINDHOST]); - case CURLOPT_SSL_EC_CURVES: + case CURLOPT_PINNEDPUBLICKEY: /* - * Set accepted curves in SSL connection setup. - * Specify colon-delimited list of curve algorithm names. + * Set pinned public key for SSL connection. + * Specify filename of the public key in DER format. */ - result = Curl_setstropt(&data->set.str[STRING_SSL_EC_CURVES], - va_arg(param, char *)); - break; +#ifdef USE_SSL + if(Curl_ssl_supports(data, SSLSUPP_PINNEDPUBKEY)) + return Curl_setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY], ptr); #endif - case CURLOPT_IPRESOLVE: - arg = va_arg(param, long); - if((arg < CURL_IPRESOLVE_WHATEVER) || (arg > CURL_IPRESOLVE_V6)) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.ipver = (unsigned char) arg; - break; + return CURLE_NOT_BUILT_IN; - case CURLOPT_MAXFILESIZE_LARGE: +#ifndef CURL_DISABLE_PROXY + case CURLOPT_PROXY_PINNEDPUBLICKEY: /* - * Set the maximum size of a file to download. + * Set pinned public key for SSL connection. + * Specify filename of the public key in DER format. */ - bigsize = va_arg(param, curl_off_t); - if(bigsize < 0) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.max_filesize = bigsize; - break; - - case CURLOPT_TCP_NODELAY: +#ifdef USE_SSL + if(Curl_ssl_supports(data, SSLSUPP_PINNEDPUBKEY)) + return Curl_setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY], + ptr); +#endif + return CURLE_NOT_BUILT_IN; +#endif + case CURLOPT_CAINFO: /* - * Enable or disable TCP_NODELAY, which will disable/enable the Nagle - * algorithm + * Set CA info for SSL connection. Specify filename of the CA certificate */ - data->set.tcp_nodelay = (0 != va_arg(param, long)); - break; - - case CURLOPT_IGNORE_CONTENT_LENGTH: - data->set.ignorecl = (0 != va_arg(param, long)); - break; + return Curl_setstropt(&data->set.str[STRING_SSL_CAFILE], ptr); - case CURLOPT_CONNECT_ONLY: +#ifndef CURL_DISABLE_PROXY + case CURLOPT_PROXY_CAINFO: /* - * No data transfer. - * (1) - only do connection - * (2) - do first get request but get no content + * Set CA info SSL connection for proxy. Specify filename of the + * CA certificate */ - arg = va_arg(param, long); - if(arg > 2) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.connect_only = (unsigned char)arg; - break; + return Curl_setstropt(&data->set.str[STRING_SSL_CAFILE_PROXY], ptr); +#endif - case CURLOPT_SOCKOPTFUNCTION: + case CURLOPT_CAPATH: /* - * socket callback function: called after socket() but before connect() + * Set CA path info for SSL connection. Specify directory name of the CA + * certificates which have been prepared using openssl c_rehash utility. */ - data->set.fsockopt = va_arg(param, curl_sockopt_callback); - break; - - case CURLOPT_SOCKOPTDATA: +#ifdef USE_SSL + if(Curl_ssl_supports(data, SSLSUPP_CA_PATH)) + /* This does not work on Windows. */ + return Curl_setstropt(&data->set.str[STRING_SSL_CAPATH], ptr); +#endif + return CURLE_NOT_BUILT_IN; +#ifndef CURL_DISABLE_PROXY + case CURLOPT_PROXY_CAPATH: /* - * socket callback data pointer. Might be NULL. + * Set CA path info for SSL connection proxy. Specify directory name of the + * CA certificates which have been prepared using openssl c_rehash utility. */ - data->set.sockopt_client = va_arg(param, void *); - break; - - case CURLOPT_OPENSOCKETFUNCTION: +#ifdef USE_SSL + if(Curl_ssl_supports(data, SSLSUPP_CA_PATH)) + /* This does not work on Windows. */ + return Curl_setstropt(&data->set.str[STRING_SSL_CAPATH_PROXY], ptr); +#endif + return CURLE_NOT_BUILT_IN; +#endif + case CURLOPT_CRLFILE: /* - * open/create socket callback function: called instead of socket(), - * before connect() + * Set CRL file info for SSL connection. Specify filename of the CRL + * to check certificates revocation */ - data->set.fopensocket = va_arg(param, curl_opensocket_callback); - break; + return Curl_setstropt(&data->set.str[STRING_SSL_CRLFILE], ptr); - case CURLOPT_OPENSOCKETDATA: +#ifndef CURL_DISABLE_PROXY + case CURLOPT_PROXY_CRLFILE: /* - * socket callback data pointer. Might be NULL. + * Set CRL file info for SSL connection for proxy. Specify filename of the + * CRL to check certificates revocation */ - data->set.opensocket_client = va_arg(param, void *); - break; - - case CURLOPT_CLOSESOCKETFUNCTION: + return Curl_setstropt(&data->set.str[STRING_SSL_CRLFILE_PROXY], ptr); +#endif + case CURLOPT_ISSUERCERT: /* - * close socket callback function: called instead of close() - * when shutting down a connection + * Set Issuer certificate file + * to check certificates issuer */ - data->set.fclosesocket = va_arg(param, curl_closesocket_callback); - break; + return Curl_setstropt(&data->set.str[STRING_SSL_ISSUERCERT], ptr); - case CURLOPT_RESOLVER_START_FUNCTION: +#ifndef CURL_DISABLE_PROXY + case CURLOPT_PROXY_ISSUERCERT: /* - * resolver start callback function: called before a new resolver request - * is started + * Set Issuer certificate file + * to check certificates issuer */ - data->set.resolver_start = va_arg(param, curl_resolver_start_callback); - break; + return Curl_setstropt(&data->set.str[STRING_SSL_ISSUERCERT_PROXY], ptr); - case CURLOPT_RESOLVER_START_DATA: +#endif + + case CURLOPT_PRIVATE: /* - * resolver start callback data pointer. Might be NULL. + * Set private data pointer. */ - data->set.resolver_start_client = va_arg(param, void *); + data->set.private_data = (void *)ptr; break; - case CURLOPT_CLOSESOCKETDATA: +#ifdef USE_SSL + case CURLOPT_SSL_EC_CURVES: /* - * socket callback data pointer. Might be NULL. + * Set accepted curves in SSL connection setup. + * Specify colon-delimited list of curve algorithm names. */ - data->set.closesocket_client = va_arg(param, void *); - break; - - case CURLOPT_SSL_SESSIONID_CACHE: - data->set.ssl.primary.cache_session = (0 != va_arg(param, long)); -#ifndef CURL_DISABLE_PROXY - data->set.proxy_ssl.primary.cache_session = - data->set.ssl.primary.cache_session; + return Curl_setstropt(&data->set.str[STRING_SSL_EC_CURVES], ptr); #endif - break; - #ifdef USE_SSH - /* we only include SSH options if explicitly built to support SSH */ - case CURLOPT_SSH_AUTH_TYPES: - data->set.ssh_auth_types = (int)va_arg(param, long); - break; - case CURLOPT_SSH_PUBLIC_KEYFILE: /* * Use this file instead of the $HOME/.ssh/id_dsa.pub file */ - result = Curl_setstropt(&data->set.str[STRING_SSH_PUBLIC_KEY], - va_arg(param, char *)); - break; + return Curl_setstropt(&data->set.str[STRING_SSH_PUBLIC_KEY], ptr); case CURLOPT_SSH_PRIVATE_KEYFILE: /* * Use this file instead of the $HOME/.ssh/id_dsa file */ - result = Curl_setstropt(&data->set.str[STRING_SSH_PRIVATE_KEY], - va_arg(param, char *)); - break; + return Curl_setstropt(&data->set.str[STRING_SSH_PRIVATE_KEY], ptr); + case CURLOPT_SSH_HOST_PUBLIC_KEY_MD5: /* * Option to allow for the MD5 of the host public key to be checked * for validation purposes. */ - result = Curl_setstropt(&data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5], - va_arg(param, char *)); - break; + return Curl_setstropt(&data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5], ptr); case CURLOPT_SSH_KNOWNHOSTS: /* * Store the filename to read known hosts from. */ - result = Curl_setstropt(&data->set.str[STRING_SSH_KNOWNHOSTS], - va_arg(param, char *)); + return Curl_setstropt(&data->set.str[STRING_SSH_KNOWNHOSTS], ptr); + + case CURLOPT_SSH_KEYDATA: + /* + * Custom client data to pass to the SSH keyfunc callback + */ + data->set.ssh_keyfunc_userp = (void *)ptr; break; #ifdef USE_LIBSSH2 case CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256: @@ -2587,651 +2449,611 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Option to allow for the SHA256 of the host public key to be checked * for validation purposes. */ - result = Curl_setstropt(&data->set.str[STRING_SSH_HOST_PUBLIC_KEY_SHA256], - va_arg(param, char *)); - break; - - case CURLOPT_SSH_HOSTKEYFUNCTION: - /* the callback to check the hostkey without the knownhost file */ - data->set.ssh_hostkeyfunc = va_arg(param, curl_sshhostkeycallback); - break; + return Curl_setstropt(&data->set.str[STRING_SSH_HOST_PUBLIC_KEY_SHA256], + ptr); case CURLOPT_SSH_HOSTKEYDATA: /* * Custom client data to pass to the SSH keyfunc callback */ - data->set.ssh_hostkeyfunc_userp = va_arg(param, void *); - break; -#endif - - case CURLOPT_SSH_KEYFUNCTION: - /* setting to NULL is fine since the ssh.c functions themselves will - then revert to use the internal default */ - data->set.ssh_keyfunc = va_arg(param, curl_sshkeycallback); - break; - - case CURLOPT_SSH_KEYDATA: - /* - * Custom client data to pass to the SSH keyfunc callback - */ - data->set.ssh_keyfunc_userp = va_arg(param, void *); - break; - - case CURLOPT_SSH_COMPRESSION: - data->set.ssh_compression = (0 != va_arg(param, long))?TRUE:FALSE; + data->set.ssh_hostkeyfunc_userp = (void *)ptr; break; +#endif /* USE_LIBSSH2 */ #endif /* USE_SSH */ - - case CURLOPT_HTTP_TRANSFER_DECODING: - /* - * disable libcurl transfer encoding is used - */ -#ifndef USE_HYPER - data->set.http_te_skip = (0 == va_arg(param, long)); - break; -#else - return CURLE_NOT_BUILT_IN; /* hyper does not support */ -#endif - - case CURLOPT_HTTP_CONTENT_DECODING: - /* - * raw data passed to the application when content encoding is used - */ - data->set.http_ce_skip = (0 == va_arg(param, long)); - break; - -#if !defined(CURL_DISABLE_FTP) || defined(USE_SSH) - case CURLOPT_NEW_FILE_PERMS: - /* - * Uses these permissions instead of 0644 - */ - arg = va_arg(param, long); - if((arg < 0) || (arg > 0777)) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.new_file_perms = (unsigned int)arg; - break; -#endif -#ifdef USE_SSH - case CURLOPT_NEW_DIRECTORY_PERMS: - /* - * Uses these permissions instead of 0755 - */ - arg = va_arg(param, long); - if((arg < 0) || (arg > 0777)) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.new_directory_perms = (unsigned int)arg; - break; -#endif - -#ifdef USE_IPV6 - case CURLOPT_ADDRESS_SCOPE: - /* - * Use this scope id when using IPv6 - * We always get longs when passed plain numericals so we should check - * that the value fits into an unsigned 32-bit integer. - */ - uarg = va_arg(param, unsigned long); -#if SIZEOF_LONG > 4 - if(uarg > UINT_MAX) - return CURLE_BAD_FUNCTION_ARGUMENT; -#endif - data->set.scope_id = (unsigned int)uarg; - break; -#endif - - case CURLOPT_PROTOCOLS: - /* set the bitmask for the protocols that are allowed to be used for the - transfer, which thus helps the app which takes URLs from users or other - external inputs and want to restrict what protocol(s) to deal - with. Defaults to CURLPROTO_ALL. */ - data->set.allowed_protocols = (curl_prot_t)va_arg(param, long); - break; - - case CURLOPT_REDIR_PROTOCOLS: - /* set the bitmask for the protocols that libcurl is allowed to follow to, - as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs - to be set in both bitmasks to be allowed to get redirected to. */ - data->set.redir_protocols = (curl_prot_t)va_arg(param, long); - break; - - case CURLOPT_PROTOCOLS_STR: { - argptr = va_arg(param, char *); - result = protocol2num(argptr, &data->set.allowed_protocols); - if(result) - return result; + case CURLOPT_PROTOCOLS_STR: + if(ptr) + return protocol2num(ptr, &data->set.allowed_protocols); + /* make a NULL argument reset to default */ + data->set.allowed_protocols = (curl_prot_t) CURLPROTO_ALL; break; - } - case CURLOPT_REDIR_PROTOCOLS_STR: { - argptr = va_arg(param, char *); - result = protocol2num(argptr, &data->set.redir_protocols); - if(result) - return result; + case CURLOPT_REDIR_PROTOCOLS_STR: + if(ptr) + return protocol2num(ptr, &data->set.redir_protocols); + /* make a NULL argument reset to default */ + data->set.redir_protocols = (curl_prot_t) CURLPROTO_REDIR; break; - } case CURLOPT_DEFAULT_PROTOCOL: /* Set the protocol to use when the URL does not include any protocol */ - result = Curl_setstropt(&data->set.str[STRING_DEFAULT_PROTOCOL], - va_arg(param, char *)); - break; + return Curl_setstropt(&data->set.str[STRING_DEFAULT_PROTOCOL], ptr); + #ifndef CURL_DISABLE_SMTP case CURLOPT_MAIL_FROM: /* Set the SMTP mail originator */ - result = Curl_setstropt(&data->set.str[STRING_MAIL_FROM], - va_arg(param, char *)); - break; + return Curl_setstropt(&data->set.str[STRING_MAIL_FROM], ptr); case CURLOPT_MAIL_AUTH: /* Set the SMTP auth originator */ - result = Curl_setstropt(&data->set.str[STRING_MAIL_AUTH], - va_arg(param, char *)); - break; - - case CURLOPT_MAIL_RCPT: - /* Set the list of mail recipients */ - data->set.mail_rcpt = va_arg(param, struct curl_slist *); - break; - case CURLOPT_MAIL_RCPT_ALLOWFAILS: - /* allow RCPT TO command to fail for some recipients */ - data->set.mail_rcpt_allowfails = (0 != va_arg(param, long)); - break; + return Curl_setstropt(&data->set.str[STRING_MAIL_AUTH], ptr); #endif case CURLOPT_SASL_AUTHZID: /* Authorization identity (identity to act as) */ - result = Curl_setstropt(&data->set.str[STRING_SASL_AUTHZID], - va_arg(param, char *)); - break; + return Curl_setstropt(&data->set.str[STRING_SASL_AUTHZID], ptr); - case CURLOPT_SASL_IR: - /* Enable/disable SASL initial response */ - data->set.sasl_ir = (0 != va_arg(param, long)); - break; #ifndef CURL_DISABLE_RTSP - case CURLOPT_RTSP_REQUEST: - { - /* - * Set the RTSP request method (OPTIONS, SETUP, PLAY, etc...) - * Would this be better if the RTSPREQ_* were just moved into here? - */ - long in_rtspreq = va_arg(param, long); - Curl_RtspReq rtspreq = RTSPREQ_NONE; - switch(in_rtspreq) { - case CURL_RTSPREQ_OPTIONS: - rtspreq = RTSPREQ_OPTIONS; - break; - - case CURL_RTSPREQ_DESCRIBE: - rtspreq = RTSPREQ_DESCRIBE; - break; - - case CURL_RTSPREQ_ANNOUNCE: - rtspreq = RTSPREQ_ANNOUNCE; - break; - - case CURL_RTSPREQ_SETUP: - rtspreq = RTSPREQ_SETUP; - break; - - case CURL_RTSPREQ_PLAY: - rtspreq = RTSPREQ_PLAY; - break; - - case CURL_RTSPREQ_PAUSE: - rtspreq = RTSPREQ_PAUSE; - break; - - case CURL_RTSPREQ_TEARDOWN: - rtspreq = RTSPREQ_TEARDOWN; - break; - - case CURL_RTSPREQ_GET_PARAMETER: - rtspreq = RTSPREQ_GET_PARAMETER; - break; - - case CURL_RTSPREQ_SET_PARAMETER: - rtspreq = RTSPREQ_SET_PARAMETER; - break; - - case CURL_RTSPREQ_RECORD: - rtspreq = RTSPREQ_RECORD; - break; - - case CURL_RTSPREQ_RECEIVE: - rtspreq = RTSPREQ_RECEIVE; - break; - default: - rtspreq = RTSPREQ_NONE; - } - - data->set.rtspreq = rtspreq; - break; - } - - case CURLOPT_RTSP_SESSION_ID: /* * Set the RTSP Session ID manually. Useful if the application is * resuming a previously established RTSP session */ - result = Curl_setstropt(&data->set.str[STRING_RTSP_SESSION_ID], - va_arg(param, char *)); - break; + return Curl_setstropt(&data->set.str[STRING_RTSP_SESSION_ID], ptr); case CURLOPT_RTSP_STREAM_URI: /* * Set the Stream URI for the RTSP request. Unless the request is * for generic server options, the application will need to set this. */ - result = Curl_setstropt(&data->set.str[STRING_RTSP_STREAM_URI], - va_arg(param, char *)); + return Curl_setstropt(&data->set.str[STRING_RTSP_STREAM_URI], ptr); break; case CURLOPT_RTSP_TRANSPORT: /* * The content of the Transport: header for the RTSP request */ - result = Curl_setstropt(&data->set.str[STRING_RTSP_TRANSPORT], - va_arg(param, char *)); - break; - - case CURLOPT_RTSP_CLIENT_CSEQ: - /* - * Set the CSEQ number to issue for the next RTSP request. Useful if the - * application is resuming a previously broken connection. The CSEQ - * will increment from this new number henceforth. - */ - data->state.rtsp_next_client_CSeq = va_arg(param, long); - break; - - case CURLOPT_RTSP_SERVER_CSEQ: - /* Same as the above, but for server-initiated requests */ - data->state.rtsp_next_server_CSeq = va_arg(param, long); - break; + return Curl_setstropt(&data->set.str[STRING_RTSP_TRANSPORT], ptr); case CURLOPT_INTERLEAVEDATA: - data->set.rtp_out = va_arg(param, void *); + data->set.rtp_out = (void *)ptr; break; - case CURLOPT_INTERLEAVEFUNCTION: - /* Set the user defined RTP write function */ - data->set.fwrite_rtp = va_arg(param, curl_write_callback); - break; -#endif +#endif /* ! CURL_DISABLE_RTSP */ #ifndef CURL_DISABLE_FTP - case CURLOPT_WILDCARDMATCH: - data->set.wildcard_enabled = (0 != va_arg(param, long)); - break; - case CURLOPT_CHUNK_BGN_FUNCTION: - data->set.chunk_bgn = va_arg(param, curl_chunk_bgn_callback); - break; - case CURLOPT_CHUNK_END_FUNCTION: - data->set.chunk_end = va_arg(param, curl_chunk_end_callback); - break; - case CURLOPT_FNMATCH_FUNCTION: - data->set.fnmatch = va_arg(param, curl_fnmatch_callback); - break; case CURLOPT_CHUNK_DATA: - data->set.wildcardptr = va_arg(param, void *); + data->set.wildcardptr = (void *)ptr; break; case CURLOPT_FNMATCH_DATA: - data->set.fnmatch_data = va_arg(param, void *); + data->set.fnmatch_data = (void *)ptr; break; #endif #ifdef USE_TLS_SRP case CURLOPT_TLSAUTH_USERNAME: - result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME], - va_arg(param, char *)); - break; + return Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME], ptr); + #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_TLSAUTH_USERNAME: - result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY], - va_arg(param, char *)); - break; + return Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY], ptr); + #endif case CURLOPT_TLSAUTH_PASSWORD: - result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD], - va_arg(param, char *)); - break; + return Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD], ptr); + #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_TLSAUTH_PASSWORD: - result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY], - va_arg(param, char *)); - break; + return Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY], ptr); #endif case CURLOPT_TLSAUTH_TYPE: - argptr = va_arg(param, char *); - if(argptr && !strcasecompare(argptr, "SRP")) + if(ptr && !strcasecompare(ptr, "SRP")) return CURLE_BAD_FUNCTION_ARGUMENT; break; #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_TLSAUTH_TYPE: - argptr = va_arg(param, char *); - if(argptr && !strcasecompare(argptr, "SRP")) + if(ptr && !strcasecompare(ptr, "SRP")) return CURLE_BAD_FUNCTION_ARGUMENT; break; #endif #endif #ifdef USE_ARES case CURLOPT_DNS_SERVERS: - result = Curl_setstropt(&data->set.str[STRING_DNS_SERVERS], - va_arg(param, char *)); + result = Curl_setstropt(&data->set.str[STRING_DNS_SERVERS], ptr); if(result) return result; - result = Curl_set_dns_servers(data, data->set.str[STRING_DNS_SERVERS]); - break; + return Curl_set_dns_servers(data, data->set.str[STRING_DNS_SERVERS]); + case CURLOPT_DNS_INTERFACE: - result = Curl_setstropt(&data->set.str[STRING_DNS_INTERFACE], - va_arg(param, char *)); + result = Curl_setstropt(&data->set.str[STRING_DNS_INTERFACE], ptr); if(result) return result; - result = Curl_set_dns_interface(data, data->set.str[STRING_DNS_INTERFACE]); - break; + return Curl_set_dns_interface(data, data->set.str[STRING_DNS_INTERFACE]); + case CURLOPT_DNS_LOCAL_IP4: - result = Curl_setstropt(&data->set.str[STRING_DNS_LOCAL_IP4], - va_arg(param, char *)); + result = Curl_setstropt(&data->set.str[STRING_DNS_LOCAL_IP4], ptr); if(result) return result; - result = Curl_set_dns_local_ip4(data, data->set.str[STRING_DNS_LOCAL_IP4]); - break; + return Curl_set_dns_local_ip4(data, data->set.str[STRING_DNS_LOCAL_IP4]); + case CURLOPT_DNS_LOCAL_IP6: - result = Curl_setstropt(&data->set.str[STRING_DNS_LOCAL_IP6], - va_arg(param, char *)); + result = Curl_setstropt(&data->set.str[STRING_DNS_LOCAL_IP6], ptr); if(result) return result; - result = Curl_set_dns_local_ip6(data, data->set.str[STRING_DNS_LOCAL_IP6]); + return Curl_set_dns_local_ip6(data, data->set.str[STRING_DNS_LOCAL_IP6]); + +#endif +#ifdef USE_UNIX_SOCKETS + case CURLOPT_UNIX_SOCKET_PATH: + data->set.abstract_unix_socket = FALSE; + return Curl_setstropt(&data->set.str[STRING_UNIX_SOCKET_PATH], ptr); + + case CURLOPT_ABSTRACT_UNIX_SOCKET: + data->set.abstract_unix_socket = TRUE; + return Curl_setstropt(&data->set.str[STRING_UNIX_SOCKET_PATH], ptr); + +#endif + +#ifndef CURL_DISABLE_DOH + case CURLOPT_DOH_URL: + result = Curl_setstropt(&data->set.str[STRING_DOH], ptr); + data->set.doh = !!(data->set.str[STRING_DOH]); break; #endif - case CURLOPT_TCP_KEEPALIVE: - data->set.tcp_keepalive = (0 != va_arg(param, long)); +#ifndef CURL_DISABLE_HSTS + case CURLOPT_HSTSREADDATA: + data->set.hsts_read_userp = (void *)ptr; break; - case CURLOPT_TCP_KEEPIDLE: - arg = va_arg(param, long); - if(arg < 0) - return CURLE_BAD_FUNCTION_ARGUMENT; - else if(arg > INT_MAX) - arg = INT_MAX; - data->set.tcp_keepidle = (int)arg; + case CURLOPT_HSTSWRITEDATA: + data->set.hsts_write_userp = (void *)ptr; break; - case CURLOPT_TCP_KEEPINTVL: - arg = va_arg(param, long); - if(arg < 0) - return CURLE_BAD_FUNCTION_ARGUMENT; - else if(arg > INT_MAX) - arg = INT_MAX; - data->set.tcp_keepintvl = (int)arg; + case CURLOPT_HSTS: { + struct curl_slist *h; + if(!data->hsts) { + data->hsts = Curl_hsts_init(); + if(!data->hsts) + return CURLE_OUT_OF_MEMORY; + } + if(ptr) { + result = Curl_setstropt(&data->set.str[STRING_HSTS], ptr); + if(result) + return result; + /* this needs to build a list of filenames to read from, so that it can + read them later, as we might get a shared HSTS handle to load them + into */ + h = curl_slist_append(data->state.hstslist, ptr); + if(!h) { + curl_slist_free_all(data->state.hstslist); + data->state.hstslist = NULL; + return CURLE_OUT_OF_MEMORY; + } + data->state.hstslist = h; /* store the list for later use */ + } + else { + /* clear the list of HSTS files */ + curl_slist_free_all(data->state.hstslist); + data->state.hstslist = NULL; + if(!data->share || !data->share->hsts) + /* throw away the HSTS cache unless shared */ + Curl_hsts_cleanup(&data->hsts); + } break; - case CURLOPT_TCP_KEEPCNT: - arg = va_arg(param, long); - if(arg < 0) + } +#endif /* ! CURL_DISABLE_HSTS */ +#ifndef CURL_DISABLE_ALTSVC + case CURLOPT_ALTSVC: + if(!data->asi) { + data->asi = Curl_altsvc_init(); + if(!data->asi) + return CURLE_OUT_OF_MEMORY; + } + result = Curl_setstropt(&data->set.str[STRING_ALTSVC], ptr); + if(result) + return result; + if(ptr) + (void)Curl_altsvc_load(data->asi, ptr); + break; +#endif /* ! CURL_DISABLE_ALTSVC */ +#ifdef USE_ECH + case CURLOPT_ECH: { + size_t plen = 0; + + if(!ptr) { + data->set.tls_ech = CURLECH_DISABLE; + return CURLE_OK; + } + plen = strlen(ptr); + if(plen > CURL_MAX_INPUT_LENGTH) { + data->set.tls_ech = CURLECH_DISABLE; return CURLE_BAD_FUNCTION_ARGUMENT; - else if(arg > INT_MAX) - arg = INT_MAX; - data->set.tcp_keepcnt = (int)arg; + } + /* set tls_ech flag value, preserving CLA_CFG bit */ + if(!strcmp(ptr, "false")) + data->set.tls_ech = CURLECH_DISABLE | + (data->set.tls_ech & CURLECH_CLA_CFG); + else if(!strcmp(ptr, "grease")) + data->set.tls_ech = CURLECH_GREASE | + (data->set.tls_ech & CURLECH_CLA_CFG); + else if(!strcmp(ptr, "true")) + data->set.tls_ech = CURLECH_ENABLE | + (data->set.tls_ech & CURLECH_CLA_CFG); + else if(!strcmp(ptr, "hard")) + data->set.tls_ech = CURLECH_HARD | + (data->set.tls_ech & CURLECH_CLA_CFG); + else if(plen > 5 && !strncmp(ptr, "ecl:", 4)) { + result = Curl_setstropt(&data->set.str[STRING_ECH_CONFIG], ptr + 4); + if(result) + return result; + data->set.tls_ech |= CURLECH_CLA_CFG; + } + else if(plen > 4 && !strncmp(ptr, "pn:", 3)) { + result = Curl_setstropt(&data->set.str[STRING_ECH_PUBLIC], ptr + 3); + if(result) + return result; + } break; - case CURLOPT_TCP_FASTOPEN: -#if defined(CONNECT_DATA_IDEMPOTENT) || defined(MSG_FASTOPEN) || \ - defined(TCP_FASTOPEN_CONNECT) - data->set.tcp_fastopen = (0 != va_arg(param, long))?TRUE:FALSE; -#else - result = CURLE_NOT_BUILT_IN; + } #endif + default: + return CURLE_UNKNOWN_OPTION; + } + return result; +} + +static CURLcode setopt_func(struct Curl_easy *data, CURLoption option, + va_list param) +{ + switch(option) { + case CURLOPT_PROGRESSFUNCTION: + /* + * Progress callback function + */ + data->set.fprogress = va_arg(param, curl_progress_callback); + if(data->set.fprogress) + data->progress.callback = TRUE; /* no longer internal */ + else + data->progress.callback = FALSE; /* NULL enforces internal */ break; - case CURLOPT_SSL_ENABLE_NPN: + + case CURLOPT_XFERINFOFUNCTION: + /* + * Transfer info callback function + */ + data->set.fxferinfo = va_arg(param, curl_xferinfo_callback); + if(data->set.fxferinfo) + data->progress.callback = TRUE; /* no longer internal */ + else + data->progress.callback = FALSE; /* NULL enforces internal */ + break; - case CURLOPT_SSL_ENABLE_ALPN: - data->set.ssl_enable_alpn = (0 != va_arg(param, long)); + case CURLOPT_DEBUGFUNCTION: + /* + * stderr write callback. + */ + data->set.fdebug = va_arg(param, curl_debug_callback); + /* + * if the callback provided is NULL, it will use the default callback + */ break; -#ifdef USE_UNIX_SOCKETS - case CURLOPT_UNIX_SOCKET_PATH: - data->set.abstract_unix_socket = FALSE; - result = Curl_setstropt(&data->set.str[STRING_UNIX_SOCKET_PATH], - va_arg(param, char *)); + case CURLOPT_HEADERFUNCTION: + /* + * Set header write callback + */ + data->set.fwrite_header = va_arg(param, curl_write_callback); break; - case CURLOPT_ABSTRACT_UNIX_SOCKET: - data->set.abstract_unix_socket = TRUE; - result = Curl_setstropt(&data->set.str[STRING_UNIX_SOCKET_PATH], - va_arg(param, char *)); + case CURLOPT_WRITEFUNCTION: + /* + * Set data write callback + */ + data->set.fwrite_func = va_arg(param, curl_write_callback); + if(!data->set.fwrite_func) + /* When set to NULL, reset to our internal default function */ + data->set.fwrite_func = (curl_write_callback)fwrite; break; -#endif - - case CURLOPT_PATH_AS_IS: - data->set.path_as_is = (0 != va_arg(param, long)); + case CURLOPT_READFUNCTION: + /* + * Read data callback + */ + data->set.fread_func_set = va_arg(param, curl_read_callback); + if(!data->set.fread_func_set) { + data->set.is_fread_set = 0; + /* When set to NULL, reset to our internal default function */ + data->set.fread_func_set = (curl_read_callback)fread; + } + else + data->set.is_fread_set = 1; break; - case CURLOPT_PIPEWAIT: - data->set.pipewait = (0 != va_arg(param, long)); + case CURLOPT_SEEKFUNCTION: + /* + * Seek callback. Might be NULL. + */ + data->set.seek_func = va_arg(param, curl_seek_callback); break; - case CURLOPT_STREAM_WEIGHT: -#if defined(USE_HTTP2) || defined(USE_HTTP3) - arg = va_arg(param, long); - if((arg >= 1) && (arg <= 256)) - data->set.priority.weight = (int)arg; + case CURLOPT_IOCTLFUNCTION: + /* + * I/O control callback. Might be NULL. + */ + data->set.ioctl_func = va_arg(param, curl_ioctl_callback); break; -#else - return CURLE_NOT_BUILT_IN; + case CURLOPT_SSL_CTX_FUNCTION: + /* + * Set a SSL_CTX callback + */ +#ifdef USE_SSL + if(Curl_ssl_supports(data, SSLSUPP_SSL_CTX)) + data->set.ssl.fsslctx = va_arg(param, curl_ssl_ctx_callback); + else #endif - case CURLOPT_STREAM_DEPENDS: - case CURLOPT_STREAM_DEPENDS_E: - { - struct Curl_easy *dep = va_arg(param, struct Curl_easy *); - if(!dep || GOOD_EASY_HANDLE(dep)) { - return Curl_data_priority_add_child(dep, data, - option == CURLOPT_STREAM_DEPENDS_E); - } + return CURLE_NOT_BUILT_IN; break; - } - case CURLOPT_CONNECT_TO: - data->set.connect_to = va_arg(param, struct curl_slist *); + + case CURLOPT_SOCKOPTFUNCTION: + /* + * socket callback function: called after socket() but before connect() + */ + data->set.fsockopt = va_arg(param, curl_sockopt_callback); break; - case CURLOPT_SUPPRESS_CONNECT_HEADERS: - data->set.suppress_connect_headers = (0 != va_arg(param, long))?TRUE:FALSE; + + case CURLOPT_OPENSOCKETFUNCTION: + /* + * open/create socket callback function: called instead of socket(), + * before connect() + */ + data->set.fopensocket = va_arg(param, curl_opensocket_callback); break; - case CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS: - uarg = va_arg(param, unsigned long); - if(uarg > UINT_MAX) - uarg = UINT_MAX; - data->set.happy_eyeballs_timeout = (unsigned int)uarg; + + case CURLOPT_CLOSESOCKETFUNCTION: + /* + * close socket callback function: called instead of close() + * when shutting down a connection + */ + data->set.fclosesocket = va_arg(param, curl_closesocket_callback); + break; + + case CURLOPT_RESOLVER_START_FUNCTION: + /* + * resolver start callback function: called before a new resolver request + * is started + */ + data->set.resolver_start = va_arg(param, curl_resolver_start_callback); break; -#ifndef CURL_DISABLE_SHUFFLE_DNS - case CURLOPT_DNS_SHUFFLE_ADDRESSES: - data->set.dns_shuffle_addresses = (0 != va_arg(param, long)); + + +#ifdef USE_SSH +#ifdef USE_LIBSSH2 + case CURLOPT_SSH_HOSTKEYFUNCTION: + /* the callback to check the hostkey without the knownhost file */ + data->set.ssh_hostkeyfunc = va_arg(param, curl_sshhostkeycallback); break; #endif - case CURLOPT_DISALLOW_USERNAME_IN_URL: - data->set.disallow_username_in_url = (0 != va_arg(param, long)); + + case CURLOPT_SSH_KEYFUNCTION: + /* setting to NULL is fine since the ssh.c functions themselves will + then revert to use the internal default */ + data->set.ssh_keyfunc = va_arg(param, curl_sshkeycallback); break; -#ifndef CURL_DISABLE_DOH - case CURLOPT_DOH_URL: - result = Curl_setstropt(&data->set.str[STRING_DOH], - va_arg(param, char *)); - data->set.doh = data->set.str[STRING_DOH]?TRUE:FALSE; + +#endif /* USE_SSH */ + +#ifndef CURL_DISABLE_RTSP + case CURLOPT_INTERLEAVEFUNCTION: + /* Set the user defined RTP write function */ + data->set.fwrite_rtp = va_arg(param, curl_write_callback); break; #endif - case CURLOPT_UPKEEP_INTERVAL_MS: - arg = va_arg(param, long); - if(arg < 0) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.upkeep_interval_ms = arg; +#ifndef CURL_DISABLE_FTP + case CURLOPT_CHUNK_BGN_FUNCTION: + data->set.chunk_bgn = va_arg(param, curl_chunk_bgn_callback); break; - case CURLOPT_MAXAGE_CONN: - arg = va_arg(param, long); - if(arg < 0) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.maxage_conn = arg; + case CURLOPT_CHUNK_END_FUNCTION: + data->set.chunk_end = va_arg(param, curl_chunk_end_callback); break; - case CURLOPT_MAXLIFETIME_CONN: - arg = va_arg(param, long); - if(arg < 0) - return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.maxlifetime_conn = arg; + case CURLOPT_FNMATCH_FUNCTION: + data->set.fnmatch = va_arg(param, curl_fnmatch_callback); break; - case CURLOPT_TRAILERFUNCTION: +#endif #ifndef CURL_DISABLE_HTTP + case CURLOPT_TRAILERFUNCTION: data->set.trailer_callback = va_arg(param, curl_trailer_callback); -#endif break; - case CURLOPT_TRAILERDATA: -#ifndef CURL_DISABLE_HTTP - data->set.trailer_data = va_arg(param, void *); #endif - break; #ifndef CURL_DISABLE_HSTS case CURLOPT_HSTSREADFUNCTION: data->set.hsts_read = va_arg(param, curl_hstsread_callback); break; - case CURLOPT_HSTSREADDATA: - data->set.hsts_read_userp = va_arg(param, void *); - break; case CURLOPT_HSTSWRITEFUNCTION: data->set.hsts_write = va_arg(param, curl_hstswrite_callback); break; - case CURLOPT_HSTSWRITEDATA: - data->set.hsts_write_userp = va_arg(param, void *); - break; - case CURLOPT_HSTS: { - struct curl_slist *h; - if(!data->hsts) { - data->hsts = Curl_hsts_init(); - if(!data->hsts) - return CURLE_OUT_OF_MEMORY; - } - argptr = va_arg(param, char *); - if(argptr) { - result = Curl_setstropt(&data->set.str[STRING_HSTS], argptr); - if(result) - return result; - /* this needs to build a list of filenames to read from, so that it can - read them later, as we might get a shared HSTS handle to load them - into */ - h = curl_slist_append(data->state.hstslist, argptr); - if(!h) { - curl_slist_free_all(data->state.hstslist); - data->state.hstslist = NULL; - return CURLE_OUT_OF_MEMORY; - } - data->state.hstslist = h; /* store the list for later use */ - } - else { - /* clear the list of HSTS files */ - curl_slist_free_all(data->state.hstslist); - data->state.hstslist = NULL; - if(!data->share || !data->share->hsts) - /* throw away the HSTS cache unless shared */ - Curl_hsts_cleanup(&data->hsts); - } +#endif + case CURLOPT_PREREQFUNCTION: + data->set.fprereq = va_arg(param, curl_prereq_callback); break; + default: + return CURLE_UNKNOWN_OPTION; } - case CURLOPT_HSTS_CTRL: - arg = va_arg(param, long); - if(arg & CURLHSTS_ENABLE) { - if(!data->hsts) { - data->hsts = Curl_hsts_init(); - if(!data->hsts) - return CURLE_OUT_OF_MEMORY; - } - } - else - Curl_hsts_cleanup(&data->hsts); + return CURLE_OK; +} + +static CURLcode setopt_offt(struct Curl_easy *data, CURLoption option, + curl_off_t offt) +{ + switch(option) { + case CURLOPT_TIMEVALUE_LARGE: + /* + * This is the value to compare with the remote document with the + * method set with CURLOPT_TIMECONDITION + */ + data->set.timevalue = (time_t)offt; break; -#endif -#ifndef CURL_DISABLE_ALTSVC - case CURLOPT_ALTSVC: - if(!data->asi) { - data->asi = Curl_altsvc_init(); - if(!data->asi) - return CURLE_OUT_OF_MEMORY; + + /* MQTT "borrows" some of the HTTP options */ + case CURLOPT_POSTFIELDSIZE_LARGE: + /* + * The size of the POSTFIELD data to prevent libcurl to do strlen() to + * figure it out. Enables binary posts. + */ + if(offt < -1) + return CURLE_BAD_FUNCTION_ARGUMENT; + + if(data->set.postfieldsize < offt && + data->set.postfields == data->set.str[STRING_COPYPOSTFIELDS]) { + /* Previous CURLOPT_COPYPOSTFIELDS is no longer valid. */ + Curl_safefree(data->set.str[STRING_COPYPOSTFIELDS]); + data->set.postfields = NULL; } - argptr = va_arg(param, char *); - result = Curl_setstropt(&data->set.str[STRING_ALTSVC], argptr); - if(result) - return result; - if(argptr) - (void)Curl_altsvc_load(data->asi, argptr); + data->set.postfieldsize = offt; break; - case CURLOPT_ALTSVC_CTRL: - if(!data->asi) { - data->asi = Curl_altsvc_init(); - if(!data->asi) - return CURLE_OUT_OF_MEMORY; - } - arg = va_arg(param, long); - if(!arg) { - DEBUGF(infof(data, "bad CURLOPT_ALTSVC_CTRL input")); + case CURLOPT_INFILESIZE_LARGE: + /* + * If known, this should inform curl about the file size of the + * to-be-uploaded file. + */ + if(offt < -1) return CURLE_BAD_FUNCTION_ARGUMENT; - } - result = Curl_altsvc_ctrl(data->asi, arg); - if(result) - return result; + data->set.filesize = offt; break; -#endif - case CURLOPT_PREREQFUNCTION: - data->set.fprereq = va_arg(param, curl_prereq_callback); + case CURLOPT_MAX_SEND_SPEED_LARGE: + /* + * When transfer uploads are faster then CURLOPT_MAX_SEND_SPEED_LARGE + * bytes per second the transfer is throttled.. + */ + if(offt < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.max_send_speed = offt; break; - case CURLOPT_PREREQDATA: - data->set.prereq_userp = va_arg(param, void *); + case CURLOPT_MAX_RECV_SPEED_LARGE: + /* + * When receiving data faster than CURLOPT_MAX_RECV_SPEED_LARGE bytes per + * second the transfer is throttled.. + */ + if(offt < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.max_recv_speed = offt; break; -#ifdef USE_WEBSOCKETS - case CURLOPT_WS_OPTIONS: { - bool raw; - arg = va_arg(param, long); - raw = (arg & CURLWS_RAW_MODE); - data->set.ws_raw_mode = raw; + case CURLOPT_RESUME_FROM_LARGE: + /* + * Resume transfer at the given file position + */ + if(offt < -1) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.set_resume_from = offt; break; - } -#endif -#ifdef USE_ECH - case CURLOPT_ECH: { - size_t plen = 0; - - argptr = va_arg(param, char *); - if(!argptr) { - data->set.tls_ech = CURLECH_DISABLE; - result = CURLE_BAD_FUNCTION_ARGUMENT; - return result; - } - plen = strlen(argptr); - if(plen > CURL_MAX_INPUT_LENGTH) { - data->set.tls_ech = CURLECH_DISABLE; - result = CURLE_BAD_FUNCTION_ARGUMENT; - return result; - } - /* set tls_ech flag value, preserving CLA_CFG bit */ - if(plen == 5 && !strcmp(argptr, "false")) - data->set.tls_ech = CURLECH_DISABLE - | (data->set.tls_ech & CURLECH_CLA_CFG); - else if(plen == 6 && !strcmp(argptr, "grease")) - data->set.tls_ech = CURLECH_GREASE - | (data->set.tls_ech & CURLECH_CLA_CFG); - else if(plen == 4 && !strcmp(argptr, "true")) - data->set.tls_ech = CURLECH_ENABLE - | (data->set.tls_ech & CURLECH_CLA_CFG); - else if(plen == 4 && !strcmp(argptr, "hard")) - data->set.tls_ech = CURLECH_HARD - | (data->set.tls_ech & CURLECH_CLA_CFG); - else if(plen > 5 && !strncmp(argptr, "ecl:", 4)) { - result = Curl_setstropt(&data->set.str[STRING_ECH_CONFIG], argptr + 4); - if(result) - return result; - data->set.tls_ech |= CURLECH_CLA_CFG; - } - else if(plen > 4 && !strncmp(argptr, "pn:", 3)) { - result = Curl_setstropt(&data->set.str[STRING_ECH_PUBLIC], argptr + 3); - if(result) - return result; - } + case CURLOPT_MAXFILESIZE_LARGE: + /* + * Set the maximum size of a file to download. + */ + if(offt < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.max_filesize = offt; break; + + default: + return CURLE_UNKNOWN_OPTION; } + return CURLE_OK; +} + +static CURLcode setopt_blob(struct Curl_easy *data, CURLoption option, + struct curl_blob *blob) +{ + switch(option) { + case CURLOPT_SSLCERT_BLOB: + /* + * Blob that holds file content of the SSL certificate to use + */ + return Curl_setblobopt(&data->set.blobs[BLOB_CERT], blob); +#ifndef CURL_DISABLE_PROXY + case CURLOPT_PROXY_SSLCERT_BLOB: + /* + * Blob that holds file content of the SSL certificate to use for proxy + */ + return Curl_setblobopt(&data->set.blobs[BLOB_CERT_PROXY], blob); + case CURLOPT_PROXY_SSLKEY_BLOB: + /* + * Blob that holds file content of the SSL key to use for proxy + */ + return Curl_setblobopt(&data->set.blobs[BLOB_KEY_PROXY], blob); + case CURLOPT_PROXY_CAINFO_BLOB: + /* + * Blob that holds CA info for SSL connection proxy. + * Specify entire PEM of the CA certificate + */ +#ifdef USE_SSL + if(Curl_ssl_supports(data, SSLSUPP_CAINFO_BLOB)) + return Curl_setblobopt(&data->set.blobs[BLOB_CAINFO_PROXY], blob); #endif - case CURLOPT_QUICK_EXIT: - data->set.quick_exit = (0 != va_arg(param, long)) ? 1L:0L; - break; + return CURLE_NOT_BUILT_IN; + case CURLOPT_PROXY_ISSUERCERT_BLOB: + /* + * Blob that holds Issuer certificate to check certificates issuer + */ + return Curl_setblobopt(&data->set.blobs[BLOB_SSL_ISSUERCERT_PROXY], + blob); +#endif + case CURLOPT_SSLKEY_BLOB: + /* + * Blob that holds file content of the SSL key to use + */ + return Curl_setblobopt(&data->set.blobs[BLOB_KEY], blob); + case CURLOPT_CAINFO_BLOB: + /* + * Blob that holds CA info for SSL connection. + * Specify entire PEM of the CA certificate + */ +#ifdef USE_SSL + if(Curl_ssl_supports(data, SSLSUPP_CAINFO_BLOB)) + return Curl_setblobopt(&data->set.blobs[BLOB_CAINFO], blob); +#endif + return CURLE_NOT_BUILT_IN; + case CURLOPT_ISSUERCERT_BLOB: + /* + * Blob that holds Issuer certificate to check certificates issuer + */ + return Curl_setblobopt(&data->set.blobs[BLOB_SSL_ISSUERCERT], blob); + default: - /* unknown tag and its companion, just ignore: */ - result = CURLE_UNKNOWN_OPTION; - break; + return CURLE_UNKNOWN_OPTION; } + /* unreachable */ +} - return result; +/* + * Do not make Curl_vsetopt() static: it is called from + * packages/OS400/ccsidcurl.c. + */ +CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) +{ + if(option < CURLOPTTYPE_OBJECTPOINT) + return setopt_long(data, option, va_arg(param, long)); + else if(option < CURLOPTTYPE_FUNCTIONPOINT) { + /* unfortunately, different pointer types cannot be identified any other + way than being listed explicitly */ + switch(option) { + case CURLOPT_HTTPHEADER: + case CURLOPT_QUOTE: + case CURLOPT_POSTQUOTE: + case CURLOPT_TELNETOPTIONS: + case CURLOPT_PREQUOTE: + case CURLOPT_HTTP200ALIASES: + case CURLOPT_MAIL_RCPT: + case CURLOPT_RESOLVE: + case CURLOPT_PROXYHEADER: + case CURLOPT_CONNECT_TO: + return setopt_slist(data, option, va_arg(param, struct curl_slist *)); + case CURLOPT_HTTPPOST: /* curl_httppost * */ + case CURLOPT_MIMEPOST: /* curl_mime * */ + case CURLOPT_STDERR: /* FILE * */ + case CURLOPT_SHARE: /* CURLSH * */ + case CURLOPT_STREAM_DEPENDS: /* CURL * */ + case CURLOPT_STREAM_DEPENDS_E: /* CURL * */ + return setopt_pointers(data, option, param); + default: + break; + } + /* the char pointer options */ + return setopt_cptr(data, option, va_arg(param, char *)); + } + else if(option < CURLOPTTYPE_OFF_T) + return setopt_func(data, option, param); + else if(option < CURLOPTTYPE_BLOB) + return setopt_offt(data, option, va_arg(param, curl_off_t)); + return setopt_blob(data, option, va_arg(param, struct curl_blob *)); } /* @@ -3243,10 +3065,11 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) */ #undef curl_easy_setopt -CURLcode curl_easy_setopt(struct Curl_easy *data, CURLoption tag, ...) +CURLcode curl_easy_setopt(CURL *d, CURLoption tag, ...) { va_list arg; CURLcode result; + struct Curl_easy *data = d; if(!data) return CURLE_BAD_FUNCTION_ARGUMENT; diff --git a/libraries/libcurl/setup-vms.h b/libraries/libcurl/setup-vms.h index fc215602..33b74db3 100644 --- a/libraries/libcurl/setup-vms.h +++ b/libraries/libcurl/setup-vms.h @@ -101,7 +101,7 @@ static char *vms_translate_path(const char *path) } } # else - /* VMS translate path is actually not needed on the current 64 bit */ + /* VMS translate path is actually not needed on the current 64-bit */ /* VMS platforms, so instead of figuring out the pointer settings */ /* Change it to a noop */ # define vms_translate_path(__path) __path diff --git a/libraries/libcurl/setup-win32.h b/libraries/libcurl/setup-win32.h index 80efc25f..a297bdcf 100644 --- a/libraries/libcurl/setup-win32.h +++ b/libraries/libcurl/setup-win32.h @@ -62,11 +62,11 @@ #endif /* - * Include header files for windows builds before redefining anything. + * Include header files for Windows builds before redefining anything. * Use this preprocessor block only to include or exclude windows.h, - * winsock2.h or ws2tcpip.h. Any other windows thing belongs + * winsock2.h or ws2tcpip.h. Any other Windows thing belongs * to any other further and independent block. Under Cygwin things work - * just as under linux (e.g. ) and the winsock headers should + * just as under Linux (e.g. ) and the Winsock headers should * never be included when __CYGWIN__ is defined. */ diff --git a/libraries/libcurl/sha256.c b/libraries/libcurl/sha256.c index 6ff66f74..c5bb921b 100644 --- a/libraries/libcurl/sha256.c +++ b/libraries/libcurl/sha256.c @@ -34,9 +34,6 @@ #ifdef USE_WOLFSSL #include -#ifndef NO_SHA256 -#define USE_OPENSSL_SHA256 -#endif #endif #if defined(USE_OPENSSL) @@ -100,13 +97,14 @@ #if defined(USE_OPENSSL_SHA256) -struct sha256_ctx { +struct ossl_sha256_ctx { EVP_MD_CTX *openssl_ctx; }; -typedef struct sha256_ctx my_sha256_ctx; +typedef struct ossl_sha256_ctx my_sha256_ctx; -static CURLcode my_sha256_init(my_sha256_ctx *ctx) +static CURLcode my_sha256_init(void *in) { + my_sha256_ctx *ctx = (my_sha256_ctx *)in; ctx->openssl_ctx = EVP_MD_CTX_create(); if(!ctx->openssl_ctx) return CURLE_OUT_OF_MEMORY; @@ -118,15 +116,17 @@ static CURLcode my_sha256_init(my_sha256_ctx *ctx) return CURLE_OK; } -static void my_sha256_update(my_sha256_ctx *ctx, +static void my_sha256_update(void *in, const unsigned char *data, unsigned int length) { + my_sha256_ctx *ctx = (my_sha256_ctx *)in; EVP_DigestUpdate(ctx->openssl_ctx, data, length); } -static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) +static void my_sha256_final(unsigned char *digest, void *in) { + my_sha256_ctx *ctx = (my_sha256_ctx *)in; EVP_DigestFinal_ex(ctx->openssl_ctx, digest, NULL); EVP_MD_CTX_destroy(ctx->openssl_ctx); } @@ -135,20 +135,20 @@ static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) typedef struct sha256_ctx my_sha256_ctx; -static CURLcode my_sha256_init(my_sha256_ctx *ctx) +static CURLcode my_sha256_init(void *ctx) { sha256_init(ctx); return CURLE_OK; } -static void my_sha256_update(my_sha256_ctx *ctx, +static void my_sha256_update(void *ctx, const unsigned char *data, unsigned int length) { sha256_update(ctx, length, data); } -static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) +static void my_sha256_final(unsigned char *digest, void *ctx) { sha256_digest(ctx, SHA256_DIGEST_SIZE, digest); } @@ -157,7 +157,7 @@ static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) typedef mbedtls_sha256_context my_sha256_ctx; -static CURLcode my_sha256_init(my_sha256_ctx *ctx) +static CURLcode my_sha256_init(void *ctx) { #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) (void) mbedtls_sha256_starts(ctx, 0); @@ -167,7 +167,7 @@ static CURLcode my_sha256_init(my_sha256_ctx *ctx) return CURLE_OK; } -static void my_sha256_update(my_sha256_ctx *ctx, +static void my_sha256_update(void *ctx, const unsigned char *data, unsigned int length) { @@ -178,7 +178,7 @@ static void my_sha256_update(my_sha256_ctx *ctx, #endif } -static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) +static void my_sha256_final(unsigned char *digest, void *ctx) { #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) (void) mbedtls_sha256_finish(ctx, digest); @@ -190,20 +190,20 @@ static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) #elif defined(AN_APPLE_OS) typedef CC_SHA256_CTX my_sha256_ctx; -static CURLcode my_sha256_init(my_sha256_ctx *ctx) +static CURLcode my_sha256_init(void *ctx) { (void) CC_SHA256_Init(ctx); return CURLE_OK; } -static void my_sha256_update(my_sha256_ctx *ctx, +static void my_sha256_update(void *ctx, const unsigned char *data, unsigned int length) { (void) CC_SHA256_Update(ctx, data, length); } -static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) +static void my_sha256_final(unsigned char *digest, void *ctx) { (void) CC_SHA256_Final(digest, ctx); } @@ -220,8 +220,9 @@ typedef struct sha256_ctx my_sha256_ctx; #define CALG_SHA_256 0x0000800c #endif -static CURLcode my_sha256_init(my_sha256_ctx *ctx) +static CURLcode my_sha256_init(void *in) { + my_sha256_ctx *ctx = (my_sha256_ctx *)in; if(!CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) return CURLE_OUT_OF_MEMORY; @@ -235,19 +236,21 @@ static CURLcode my_sha256_init(my_sha256_ctx *ctx) return CURLE_OK; } -static void my_sha256_update(my_sha256_ctx *ctx, +static void my_sha256_update(void *in, const unsigned char *data, unsigned int length) { + my_sha256_ctx *ctx = (my_sha256_ctx *)in; CryptHashData(ctx->hHash, (unsigned char *) data, length, 0); } -static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) +static void my_sha256_final(unsigned char *digest, void *in) { + my_sha256_ctx *ctx = (my_sha256_ctx *)in; unsigned long length = 0; CryptGetHashParam(ctx->hHash, HP_HASHVAL, NULL, &length, 0); - if(length == SHA256_DIGEST_LENGTH) + if(length == CURL_SHA256_DIGEST_LENGTH) CryptGetHashParam(ctx->hHash, HP_HASHVAL, digest, &length, 0); if(ctx->hHash) @@ -388,8 +391,9 @@ static int sha256_compress(struct sha256_state *md, } /* Initialize the hash state */ -static CURLcode my_sha256_init(struct sha256_state *md) +static CURLcode my_sha256_init(void *in) { + struct sha256_state *md = (struct sha256_state *)in; md->curlen = 0; md->length = 0; md->state[0] = 0x6A09E667UL; @@ -409,41 +413,39 @@ static CURLcode my_sha256_init(struct sha256_state *md) @param md The hash state @param in The data to hash @param inlen The length of the data (octets) - @return 0 if successful */ -static int my_sha256_update(struct sha256_state *md, - const unsigned char *in, - unsigned long inlen) +static void my_sha256_update(void *ctx, + const unsigned char *in, + unsigned int len) { + unsigned long inlen = len; unsigned long n; - -#define block_size 64 + struct sha256_state *md = (struct sha256_state *)ctx; +#define CURL_SHA256_BLOCK_SIZE 64 if(md->curlen > sizeof(md->buf)) - return -1; + return; while(inlen > 0) { - if(md->curlen == 0 && inlen >= block_size) { + if(md->curlen == 0 && inlen >= CURL_SHA256_BLOCK_SIZE) { if(sha256_compress(md, (unsigned char *)in) < 0) - return -1; - md->length += block_size * 8; - in += block_size; - inlen -= block_size; + return; + md->length += CURL_SHA256_BLOCK_SIZE * 8; + in += CURL_SHA256_BLOCK_SIZE; + inlen -= CURL_SHA256_BLOCK_SIZE; } else { - n = CURLMIN(inlen, (block_size - md->curlen)); + n = CURLMIN(inlen, (CURL_SHA256_BLOCK_SIZE - md->curlen)); memcpy(md->buf + md->curlen, in, n); md->curlen += n; in += n; inlen -= n; - if(md->curlen == block_size) { + if(md->curlen == CURL_SHA256_BLOCK_SIZE) { if(sha256_compress(md, md->buf) < 0) - return -1; - md->length += 8 * block_size; + return; + md->length += 8 * CURL_SHA256_BLOCK_SIZE; md->curlen = 0; } } } - - return 0; } /* @@ -452,13 +454,13 @@ static int my_sha256_update(struct sha256_state *md, @param out [out] The destination of the hash (32 bytes) @return 0 if successful */ -static int my_sha256_final(unsigned char *out, - struct sha256_state *md) +static void my_sha256_final(unsigned char *out, void *ctx) { + struct sha256_state *md = ctx; int i; if(md->curlen >= sizeof(md->buf)) - return -1; + return; /* Increase the length of the message */ md->length += md->curlen * 8; @@ -490,8 +492,6 @@ static int my_sha256_final(unsigned char *out, /* Copy output */ for(i = 0; i < 8; i++) WPA_PUT_BE32(out + (4 * i), md->state[i]); - - return 0; } #endif /* CRYPTO LIBS */ @@ -510,7 +510,7 @@ static int my_sha256_final(unsigned char *out, * Returns CURLE_OK on success. */ CURLcode Curl_sha256it(unsigned char *output, const unsigned char *input, - const size_t length) + const size_t length) { CURLcode result; my_sha256_ctx ctx; @@ -524,21 +524,13 @@ CURLcode Curl_sha256it(unsigned char *output, const unsigned char *input, } -const struct HMAC_params Curl_HMAC_SHA256[] = { - { - /* Hash initialization function. */ - CURLX_FUNCTION_CAST(HMAC_hinit_func, my_sha256_init), - /* Hash update function. */ - CURLX_FUNCTION_CAST(HMAC_hupdate_func, my_sha256_update), - /* Hash computation end function. */ - CURLX_FUNCTION_CAST(HMAC_hfinal_func, my_sha256_final), - /* Size of hash context structure. */ - sizeof(my_sha256_ctx), - /* Maximum key length. */ - 64, - /* Result size. */ - 32 - } +const struct HMAC_params Curl_HMAC_SHA256 = { + my_sha256_init, /* Hash initialization function. */ + my_sha256_update, /* Hash update function. */ + my_sha256_final, /* Hash computation end function. */ + sizeof(my_sha256_ctx), /* Size of hash context structure. */ + 64, /* Maximum key length. */ + 32 /* Result size. */ }; diff --git a/libraries/libcurl/share.c b/libraries/libcurl/share.c index 164aceb8..6cdba18e 100644 --- a/libraries/libcurl/share.c +++ b/libraries/libcurl/share.c @@ -31,19 +31,20 @@ #include "psl.h" #include "vtls/vtls.h" #include "hsts.h" +#include "url.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" #include "memdebug.h" -struct Curl_share * +CURLSH * curl_share_init(void) { struct Curl_share *share = calloc(1, sizeof(struct Curl_share)); if(share) { share->magic = CURL_GOOD_SHARE; - share->specifier |= (1<specifier |= (1 << CURL_LOCK_DATA_SHARE); Curl_init_dnscache(&share->hostcache, 23); } @@ -52,7 +53,7 @@ curl_share_init(void) #undef curl_share_setopt CURLSHcode -curl_share_setopt(struct Curl_share *share, CURLSHoption option, ...) +curl_share_setopt(CURLSH *sh, CURLSHoption option, ...) { va_list param; int type; @@ -60,6 +61,7 @@ curl_share_setopt(struct Curl_share *share, CURLSHoption option, ...) curl_unlock_function unlockfunc; void *ptr; CURLSHcode res = CURLSHE_OK; + struct Curl_share *share = sh; if(!GOOD_SHARE_HANDLE(share)) return CURLSHE_INVALID; @@ -120,8 +122,12 @@ curl_share_setopt(struct Curl_share *share, CURLSHoption option, ...) break; case CURL_LOCK_DATA_CONNECT: - if(Curl_conncache_init(&share->conn_cache, NULL, 103)) - res = CURLSHE_NOMEM; + /* It is safe to set this option several times on a share. */ + if(!share->cpool.idata) { + if(Curl_cpool_init(&share->cpool, Curl_on_disconnect, + NULL, share, 103)) + res = CURLSHE_NOMEM; + } break; case CURL_LOCK_DATA_PSL: @@ -134,13 +140,13 @@ curl_share_setopt(struct Curl_share *share, CURLSHoption option, ...) res = CURLSHE_BAD_OPTION; } if(!res) - share->specifier |= (unsigned int)(1<specifier |= (unsigned int)(1 << type); break; case CURLSHOPT_UNSHARE: /* this is a type this share will no longer share */ type = va_arg(param, int); - share->specifier &= ~(unsigned int)(1<specifier &= ~(unsigned int)(1 << type); switch(type) { case CURL_LOCK_DATA_DNS: break; @@ -209,8 +215,9 @@ curl_share_setopt(struct Curl_share *share, CURLSHoption option, ...) } CURLSHcode -curl_share_cleanup(struct Curl_share *share) +curl_share_cleanup(CURLSH *sh) { + struct Curl_share *share = sh; if(!GOOD_SHARE_HANDLE(share)) return CURLSHE_INVALID; @@ -224,8 +231,9 @@ curl_share_cleanup(struct Curl_share *share) return CURLSHE_IN_USE; } - Curl_conncache_close_all_connections(&share->conn_cache); - Curl_conncache_destroy(&share->conn_cache); + if(share->specifier & (1 << CURL_LOCK_DATA_CONNECT)) { + Curl_cpool_destroy(&share->cpool); + } Curl_hash_destroy(&share->hostcache); #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) @@ -265,7 +273,7 @@ Curl_share_lock(struct Curl_easy *data, curl_lock_data type, if(!share) return CURLSHE_INVALID; - if(share->specifier & (unsigned int)(1<specifier & (unsigned int)(1 << type)) { if(share->lockfunc) /* only call this if set! */ share->lockfunc(data, type, accesstype, share->clientdata); } @@ -282,7 +290,7 @@ Curl_share_unlock(struct Curl_easy *data, curl_lock_data type) if(!share) return CURLSHE_INVALID; - if(share->specifier & (unsigned int)(1<specifier & (unsigned int)(1 << type)) { if(share->unlockfunc) /* only call this if set! */ share->unlockfunc (data, type, share->clientdata); } diff --git a/libraries/libcurl/share.h b/libraries/libcurl/share.h index f63a6f8f..124f7049 100644 --- a/libraries/libcurl/share.h +++ b/libraries/libcurl/share.h @@ -34,6 +34,9 @@ #define CURL_GOOD_SHARE 0x7e117a1e #define GOOD_SHARE_HANDLE(x) ((x) && (x)->magic == CURL_GOOD_SHARE) +#define CURL_SHARE_KEEP_CONNECT(s) \ + ((s) && ((s)->specifier & (1<< CURL_LOCK_DATA_CONNECT))) + /* this struct is libcurl-private, do not export details */ struct Curl_share { unsigned int magic; /* CURL_GOOD_SHARE */ @@ -43,7 +46,7 @@ struct Curl_share { curl_lock_function lockfunc; curl_unlock_function unlockfunc; void *clientdata; - struct conncache conn_cache; + struct cpool cpool; struct Curl_hash hostcache; #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) struct CookieInfo *cookies; diff --git a/libraries/libcurl/sigpipe.h b/libraries/libcurl/sigpipe.h index b91a2f51..c57580f4 100644 --- a/libraries/libcurl/sigpipe.h +++ b/libraries/libcurl/sigpipe.h @@ -35,10 +35,12 @@ struct sigpipe_ignore { }; #define SIGPIPE_VARIABLE(x) struct sigpipe_ignore x +#define SIGPIPE_MEMBER(x) struct sigpipe_ignore x static void sigpipe_init(struct sigpipe_ignore *ig) { memset(ig, 0, sizeof(*ig)); + ig->no_signal = TRUE; } /* @@ -91,6 +93,7 @@ static void sigpipe_apply(struct Curl_easy *data, #define sigpipe_init(x) Curl_nop_stmt #define sigpipe_restore(x) Curl_nop_stmt #define SIGPIPE_VARIABLE(x) +#define SIGPIPE_MEMBER(x) bool x #endif #endif /* HEADER_CURL_SIGPIPE_H */ diff --git a/libraries/libcurl/smb.c b/libraries/libcurl/smb.c index 102662ac..a242fc5c 100644 --- a/libraries/libcurl/smb.c +++ b/libraries/libcurl/smb.c @@ -28,7 +28,9 @@ #if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE) #ifdef _WIN32 -#define getpid GetCurrentProcessId +#define Curl_getpid() ((unsigned int)GetCurrentProcessId()) +#else +#define Curl_getpid() ((unsigned int)getpid()) #endif #include "smb.h" @@ -44,7 +46,8 @@ #include "escape.h" #include "curl_endian.h" -/* The last #include files should be: */ +/* The last 3 #include files should be in this order */ +#include "curl_printf.h" #include "curl_memory.h" #include "memdebug.h" @@ -316,20 +319,6 @@ const struct Curl_handler Curl_handler_smbs = { #define CLIENTNAME "curl" #define SERVICENAME "?????" -/* Append a string to an SMB message */ -#define MSGCAT(str) \ - do { \ - strcpy(p, (str)); \ - p += strlen(str); \ - } while(0) - -/* Append a null-terminated string to an SMB message */ -#define MSGCATNULL(str) \ - do { \ - strcpy(p, (str)); \ - p += strlen(str) + 1; \ - } while(0) - /* SMB is mostly little endian */ #if (defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) || \ defined(__OS400__) @@ -559,7 +548,7 @@ static void smb_format_message(struct Curl_easy *data, struct smb_header *h, h->flags2 = smb_swap16(SMB_FLAGS2_IS_LONG_NAME | SMB_FLAGS2_KNOWS_LONG_NAME); h->uid = smb_swap16(smbc->uid); h->tid = smb_swap16(req->tid); - pid = (unsigned int)getpid(); + pid = Curl_getpid(); h->pid_high = smb_swap16((unsigned short)(pid >> 16)); h->pid = smb_swap16((unsigned short) pid); } @@ -572,7 +561,7 @@ static CURLcode smb_send(struct Curl_easy *data, size_t len, size_t bytes_written; CURLcode result; - result = Curl_xfer_send(data, smbc->send_buf, len, &bytes_written); + result = Curl_xfer_send(data, smbc->send_buf, len, FALSE, &bytes_written); if(result) return result; @@ -597,7 +586,7 @@ static CURLcode smb_flush(struct Curl_easy *data) if(!smbc->send_size) return CURLE_OK; - result = Curl_xfer_send(data, smbc->send_buf + smbc->sent, len, + result = Curl_xfer_send(data, smbc->send_buf + smbc->sent, len, FALSE, &bytes_written); if(result) return result; @@ -642,9 +631,9 @@ static CURLcode smb_send_setup(struct Curl_easy *data) unsigned char nt_hash[21]; unsigned char nt[24]; - size_t byte_count = sizeof(lm) + sizeof(nt); - byte_count += strlen(smbc->user) + strlen(smbc->domain); - byte_count += strlen(OS) + strlen(CLIENTNAME) + 4; /* 4 null chars */ + const size_t byte_count = sizeof(lm) + sizeof(nt) + + strlen(smbc->user) + strlen(smbc->domain) + + strlen(CURL_OS) + strlen(CLIENTNAME) + 4; /* 4 null chars */ if(byte_count > sizeof(msg.bytes)) return CURLE_FILESIZE_EXCEEDED; @@ -653,7 +642,7 @@ static CURLcode smb_send_setup(struct Curl_easy *data) Curl_ntlm_core_mk_nt_hash(conn->passwd, nt_hash); Curl_ntlm_core_lm_resp(nt_hash, smbc->challenge, nt); - memset(&msg, 0, sizeof(msg)); + memset(&msg, 0, sizeof(msg) - sizeof(msg.bytes)); msg.word_count = SMB_WC_SETUP_ANDX; msg.andx.command = SMB_COM_NO_ANDX_COMMAND; msg.max_buffer_size = smb_swap16(MAX_MESSAGE_SIZE); @@ -667,11 +656,14 @@ static CURLcode smb_send_setup(struct Curl_easy *data) p += sizeof(lm); memcpy(p, nt, sizeof(nt)); p += sizeof(nt); - MSGCATNULL(smbc->user); - MSGCATNULL(smbc->domain); - MSGCATNULL(OS); - MSGCATNULL(CLIENTNAME); - byte_count = p - msg.bytes; + p += msnprintf(p, byte_count - sizeof(nt) - sizeof(lm), + "%s%c" /* user */ + "%s%c" /* domain */ + "%s%c" /* OS */ + "%s", /* client name */ + smbc->user, 0, smbc->domain, 0, CURL_OS, 0, CLIENTNAME); + p++; /* count the final null termination */ + DEBUGASSERT(byte_count == (size_t)(p - msg.bytes)); msg.byte_count = smb_swap16((unsigned short)byte_count); return smb_send_message(data, SMB_COM_SETUP_ANDX, &msg, @@ -685,21 +677,23 @@ static CURLcode smb_send_tree_connect(struct Curl_easy *data) struct smb_conn *smbc = &conn->proto.smbc; char *p = msg.bytes; - size_t byte_count = strlen(conn->host.name) + strlen(smbc->share); - byte_count += strlen(SERVICENAME) + 5; /* 2 nulls and 3 backslashes */ + const size_t byte_count = strlen(conn->host.name) + strlen(smbc->share) + + strlen(SERVICENAME) + 5; /* 2 nulls and 3 backslashes */ if(byte_count > sizeof(msg.bytes)) return CURLE_FILESIZE_EXCEEDED; - memset(&msg, 0, sizeof(msg)); + memset(&msg, 0, sizeof(msg) - sizeof(msg.bytes)); msg.word_count = SMB_WC_TREE_CONNECT_ANDX; msg.andx.command = SMB_COM_NO_ANDX_COMMAND; msg.pw_len = 0; - MSGCAT("\\\\"); - MSGCAT(conn->host.name); - MSGCAT("\\"); - MSGCATNULL(smbc->share); - MSGCATNULL(SERVICENAME); /* Match any type of service */ - byte_count = p - msg.bytes; + + p += msnprintf(p, byte_count, + "\\\\%s\\" /* hostname */ + "%s%c" /* share */ + "%s", /* service */ + conn->host.name, smbc->share, 0, SERVICENAME); + p++; /* count the final null termination */ + DEBUGASSERT(byte_count == (size_t)(p - msg.bytes)); msg.byte_count = smb_swap16((unsigned short)byte_count); return smb_send_message(data, SMB_COM_TREE_CONNECT_ANDX, &msg, @@ -710,16 +704,15 @@ static CURLcode smb_send_open(struct Curl_easy *data) { struct smb_request *req = data->req.p.smb; struct smb_nt_create msg; - size_t byte_count; + const size_t byte_count = strlen(req->path) + 1; - if((strlen(req->path) + 1) > sizeof(msg.bytes)) + if(byte_count > sizeof(msg.bytes)) return CURLE_FILESIZE_EXCEEDED; - memset(&msg, 0, sizeof(msg)); + memset(&msg, 0, sizeof(msg) - sizeof(msg.bytes)); msg.word_count = SMB_WC_NT_CREATE_ANDX; msg.andx.command = SMB_COM_NO_ANDX_COMMAND; - byte_count = strlen(req->path); - msg.name_length = smb_swap16((unsigned short)byte_count); + msg.name_length = smb_swap16((unsigned short)(byte_count - 1)); msg.share_access = smb_swap32(SMB_FILE_SHARE_ALL); if(data->state.upload) { msg.access = smb_swap32(SMB_GENERIC_READ | SMB_GENERIC_WRITE); @@ -729,7 +722,7 @@ static CURLcode smb_send_open(struct Curl_easy *data) msg.access = smb_swap32(SMB_GENERIC_READ); msg.create_disposition = smb_swap32(SMB_FILE_OPEN); } - msg.byte_count = smb_swap16((unsigned short) ++byte_count); + msg.byte_count = smb_swap16((unsigned short) byte_count); strcpy(msg.bytes, req->path); return smb_send_message(data, SMB_COM_NT_CREATE_ANDX, &msg, @@ -909,7 +902,7 @@ static CURLcode smb_connection_state(struct Curl_easy *data, bool *done) } smbc->uid = smb_swap16(h->uid); conn_state(data, SMB_CONNECTED); - *done = true; + *done = TRUE; break; default: @@ -924,7 +917,7 @@ static CURLcode smb_connection_state(struct Curl_easy *data, bool *done) /* * Convert a timestamp from the Windows world (100 nsec units from 1 Jan 1601) - * to Posix time. Cap the output to fit within a time_t. + * to POSIX time. Cap the output to fit within a time_t. */ static void get_posix_time(time_t *out, curl_off_t timestamp) { @@ -1109,7 +1102,7 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done) case SMB_DONE: result = req->result; - *done = true; + *done = TRUE; break; default: diff --git a/libraries/libcurl/smtp.c b/libraries/libcurl/smtp.c index 5ee1b5ea..d854d364 100644 --- a/libraries/libcurl/smtp.c +++ b/libraries/libcurl/smtp.c @@ -288,7 +288,7 @@ static CURLcode smtp_get_message(struct Curl_easy *data, struct bufref *out) static void smtp_state(struct Curl_easy *data, smtpstate newstate) { struct smtp_conn *smtpc = &data->conn->proto.smtpc; -#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) +#if !defined(CURL_DISABLE_VERBOSE_STRINGS) /* for debug purposes */ static const char * const names[] = { "STOP", @@ -308,8 +308,8 @@ static void smtp_state(struct Curl_easy *data, smtpstate newstate) }; if(smtpc->state != newstate) - infof(data, "SMTP %p state change from %s to %s", - (void *)smtpc, names[smtpc->state], names[newstate]); + CURL_TRC_SMTP(data, "state change from %s to %s", + names[smtpc->state], names[newstate]); #endif smtpc->state = newstate; @@ -723,7 +723,7 @@ static CURLcode smtp_perform_mail(struct Curl_easy *data) /* Calculate the optional SIZE parameter */ if(conn->proto.smtpc.size_supported && data->state.infilesize > 0) { - size = aprintf("%" CURL_FORMAT_CURL_OFF_T, data->state.infilesize); + size = aprintf("%" FMT_OFF_T, data->state.infilesize); if(!size) { result = CURLE_OUT_OF_MEMORY; @@ -1100,12 +1100,11 @@ static CURLcode smtp_state_rcpt_resp(struct Curl_easy *data, (void)instate; /* no use for this yet */ - is_smtp_err = (smtpcode/100 != 2) ? TRUE : FALSE; + is_smtp_err = (smtpcode/100 != 2); /* If there is multiple RCPT TO to be issued, it is possible to ignore errors and proceed with only the valid addresses. */ - is_smtp_blocking_err = - (is_smtp_err && !data->set.mail_rcpt_allowfails) ? TRUE : FALSE; + is_smtp_blocking_err = (is_smtp_err && !data->set.mail_rcpt_allowfails); if(is_smtp_err) { /* Remembering the last failure which we can report if all "RCPT TO" have @@ -1296,7 +1295,7 @@ static CURLcode smtp_multi_statemach(struct Curl_easy *data, bool *done) } result = Curl_pp_statemach(data, &smtpc->pp, FALSE, FALSE); - *done = (smtpc->state == SMTP_STOP) ? TRUE : FALSE; + *done = (smtpc->state == SMTP_STOP); return result; } @@ -1422,7 +1421,8 @@ static CURLcode smtp_done(struct Curl_easy *data, CURLcode status, /* Clear the transfer mode for the next request */ smtp->transfer = PPTRANSFER_BODY; - + CURL_TRC_SMTP(data, "smtp_done(status=%d, premature=%d) -> %d", + status, premature, result); return result; } @@ -1440,7 +1440,7 @@ static CURLcode smtp_perform(struct Curl_easy *data, bool *connected, CURLcode result = CURLE_OK; struct SMTP *smtp = data->req.p.smtp; - DEBUGF(infof(data, "DO phase starts")); + CURL_TRC_SMTP(data, "smtp_perform(), start"); if(data->req.no_body) { /* Requested no body means no transfer */ @@ -1472,16 +1472,16 @@ static CURLcode smtp_perform(struct Curl_easy *data, bool *connected, result = smtp_perform_command(data); if(result) - return result; + goto out; /* Run the state-machine */ result = smtp_multi_statemach(data, dophase_done); *connected = Curl_conn_is_connected(data->conn, FIRSTSOCKET); - if(*dophase_done) - DEBUGF(infof(data, "DO phase is complete")); - +out: + CURL_TRC_SMTP(data, "smtp_perform() -> %d, connected=%d, done=%d", + result, *connected, *dophase_done); return result; } @@ -1507,7 +1507,7 @@ static CURLcode smtp_do(struct Curl_easy *data, bool *done) return result; result = smtp_regular_transfer(data, done); - + CURL_TRC_SMTP(data, "smtp_do() -> %d, done=%d", result, *done); return result; } @@ -1542,6 +1542,7 @@ static CURLcode smtp_disconnect(struct Curl_easy *data, /* Cleanup our connection based variables */ Curl_safefree(smtpc->domain); + CURL_TRC_SMTP(data, "smtp_disconnect(), finished"); return CURLE_OK; } @@ -1573,6 +1574,7 @@ static CURLcode smtp_doing(struct Curl_easy *data, bool *dophase_done) DEBUGF(infof(data, "DO phase is complete")); } + CURL_TRC_SMTP(data, "smtp_doing() -> %d, done=%d", result, *dophase_done); return result; } @@ -1607,6 +1609,8 @@ static CURLcode smtp_regular_transfer(struct Curl_easy *data, if(!result && *dophase_done) result = smtp_dophase_done(data, connected); + CURL_TRC_SMTP(data, "smtp_regular_transfer() -> %d, done=%d", + result, *dophase_done); return result; } @@ -1620,10 +1624,8 @@ static CURLcode smtp_setup_connection(struct Curl_easy *data, /* Initialise the SMTP layer */ result = smtp_init(data); - if(result) - return result; - - return CURLE_OK; + CURL_TRC_SMTP(data, "smtp_setup_connection() -> %d", result); + return result; } /*********************************************************************** diff --git a/libraries/libcurl/socketpair.h b/libraries/libcurl/socketpair.h index 42f4034f..3044f112 100644 --- a/libraries/libcurl/socketpair.h +++ b/libraries/libcurl/socketpair.h @@ -74,7 +74,7 @@ int Curl_pipe(curl_socket_t socks[2], bool nonblocking); #elif !defined(HAVE_SOCKETPAIR) #define SOCKETPAIR_FAMILY 0 /* not used */ #else -#error "unsupported unix domain and socketpair build combo" +#error "unsupported Unix domain and socketpair build combo" #endif #ifdef SOCK_CLOEXEC diff --git a/libraries/libcurl/socks.c b/libraries/libcurl/socks.c index 094ff42c..d16a30b9 100644 --- a/libraries/libcurl/socks.c +++ b/libraries/libcurl/socks.c @@ -217,7 +217,7 @@ static CURLproxycode socks_state_send(struct Curl_cfilter *cf, CURLcode result; nwritten = Curl_conn_cf_send(cf->next, data, (char *)sx->outp, - sx->outstanding, &result); + sx->outstanding, FALSE, &result); if(nwritten <= 0) { if(CURLE_AGAIN == result) { return CURLPX_OK; @@ -286,7 +286,7 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf, { struct connectdata *conn = cf->conn; const bool protocol4a = - (conn->socks_proxy.proxytype == CURLPROXY_SOCKS4A) ? TRUE : FALSE; + (conn->socks_proxy.proxytype == CURLPROXY_SOCKS4A); unsigned char *socksreq = sx->buffer; CURLcode result; CURLproxycode presult; @@ -388,7 +388,7 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf, infof(data, "SOCKS4 connect to IPv4 %s (locally resolved)", buf); - Curl_resolv_unlock(data, dns); /* not used anymore from now on */ + Curl_resolv_unlink(data, &dns); /* not used anymore from now on */ } else failf(data, "SOCKS4 connection to %s not supported", sx->hostname); @@ -512,7 +512,7 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf, /* Result */ switch(socksreq[1]) { case 90: - infof(data, "SOCKS4%s request granted.", protocol4a?"a":""); + infof(data, "SOCKS4%s request granted.", protocol4a ? "a" : ""); break; case 91: failf(data, @@ -583,7 +583,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, CURLcode result; CURLproxycode presult; bool socks5_resolve_local = - (conn->socks_proxy.proxytype == CURLPROXY_SOCKS5) ? TRUE : FALSE; + (conn->socks_proxy.proxytype == CURLPROXY_SOCKS5); const size_t hostname_len = strlen(sx->hostname); size_t len = 0; const unsigned char auth = data->set.socks5auth; @@ -893,7 +893,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, failf(data, "SOCKS5 connection to %s not supported", dest); } - Curl_resolv_unlock(data, dns); /* not used anymore from now on */ + Curl_resolv_unlink(data, &dns); /* not used anymore from now on */ goto CONNECT_REQ_SEND; } CONNECT_RESOLVE_REMOTE: diff --git a/libraries/libcurl/socks_gssapi.c b/libraries/libcurl/socks_gssapi.c index edcc6832..f6fd55dc 100644 --- a/libraries/libcurl/socks_gssapi.c +++ b/libraries/libcurl/socks_gssapi.c @@ -42,6 +42,8 @@ #include "curl_memory.h" #include "memdebug.h" +#define MAX_GSS_LEN 1024 + static gss_ctx_id_t gss_context = GSS_C_NO_CONTEXT; /* @@ -56,10 +58,9 @@ static int check_gss_err(struct Curl_easy *data, OM_uint32 maj_stat, min_stat; OM_uint32 msg_ctx = 0; gss_buffer_desc status_string = GSS_C_EMPTY_BUFFER; - char buf[1024]; - size_t len; + struct dynbuf dbuf; - len = 0; + Curl_dyn_init(&dbuf, MAX_GSS_LEN); msg_ctx = 0; while(!msg_ctx) { /* convert major status code (GSS-API error) to text */ @@ -68,19 +69,16 @@ static int check_gss_err(struct Curl_easy *data, GSS_C_NULL_OID, &msg_ctx, &status_string); if(maj_stat == GSS_S_COMPLETE) { - if(sizeof(buf) > len + status_string.length + 1) { - strcpy(buf + len, (char *) status_string.value); - len += status_string.length; - } + if(Curl_dyn_addn(&dbuf, status_string.value, + status_string.length)) + return 1; /* error */ gss_release_buffer(&min_stat, &status_string); break; } gss_release_buffer(&min_stat, &status_string); } - if(sizeof(buf) > len + 3) { - strcpy(buf + len, ".\n"); - len += 2; - } + if(Curl_dyn_addn(&dbuf, ".\n", 2)) + return 1; /* error */ msg_ctx = 0; while(!msg_ctx) { /* convert minor status code (underlying routine error) to text */ @@ -89,14 +87,16 @@ static int check_gss_err(struct Curl_easy *data, GSS_C_NULL_OID, &msg_ctx, &status_string); if(maj_stat == GSS_S_COMPLETE) { - if(sizeof(buf) > len + status_string.length) - strcpy(buf + len, (char *) status_string.value); + if(Curl_dyn_addn(&dbuf, status_string.value, + status_string.length)) + return 1; /* error */ gss_release_buffer(&min_stat, &status_string); break; } gss_release_buffer(&min_stat, &status_string); } - failf(data, "GSS-API error: %s failed: %s", function, buf); + failf(data, "GSS-API error: %s failed: %s", function, Curl_dyn_ptr(&dbuf)); + Curl_dyn_free(&dbuf); return 1; } @@ -204,7 +204,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, us_length = htons((unsigned short)gss_send_token.length); memcpy(socksreq + 2, &us_length, sizeof(short)); - nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, &code); + nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, + FALSE, &code); if(code || (4 != nwritten)) { failf(data, "Failed to send GSS-API authentication request."); gss_release_name(&gss_status, &server); @@ -216,7 +217,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, nwritten = Curl_conn_cf_send(cf->next, data, (char *)gss_send_token.value, - gss_send_token.length, &code); + gss_send_token.length, FALSE, &code); if(code || ((ssize_t)gss_send_token.length != nwritten)) { failf(data, "Failed to send GSS-API authentication token."); gss_release_name(&gss_status, &server); @@ -348,7 +349,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, gss_enc = 1; infof(data, "SOCKS5 server supports GSS-API %s data protection.", - (gss_enc == 0)?"no":((gss_enc==1)?"integrity":"confidentiality")); + (gss_enc == 0) ? "no" : + ((gss_enc == 1) ? "integrity" : "confidentiality")); /* force for the moment to no data protection */ gss_enc = 0; /* @@ -410,7 +412,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, memcpy(socksreq + 2, &us_length, sizeof(short)); } - nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, &code); + nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, FALSE, + &code); if(code || (4 != nwritten)) { failf(data, "Failed to send GSS-API encryption request."); gss_release_buffer(&gss_status, &gss_w_token); @@ -420,7 +423,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, if(data->set.socks5_gssapi_nec) { memcpy(socksreq, &gss_enc, 1); - nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 1, &code); + nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 1, FALSE, + &code); if(code || ( 1 != nwritten)) { failf(data, "Failed to send GSS-API encryption type."); gss_delete_sec_context(&gss_status, &gss_context, NULL); @@ -430,7 +434,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, else { nwritten = Curl_conn_cf_send(cf->next, data, (char *)gss_w_token.value, - gss_w_token.length, &code); + gss_w_token.length, FALSE, &code); if(code || ((ssize_t)gss_w_token.length != nwritten)) { failf(data, "Failed to send GSS-API encryption type."); gss_release_buffer(&gss_status, &gss_w_token); @@ -522,8 +526,9 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, (void)curlx_nonblock(sock, TRUE); infof(data, "SOCKS5 access with%s protection granted.", - (socksreq[0] == 0)?"out GSS-API data": - ((socksreq[0] == 1)?" GSS-API integrity":" GSS-API confidentiality")); + (socksreq[0] == 0) ? "out GSS-API data": + ((socksreq[0] == 1) ? " GSS-API integrity" : + " GSS-API confidentiality")); conn->socks5_gssapi_enctype = socksreq[0]; if(socksreq[0] == 0) diff --git a/libraries/libcurl/socks_sspi.c b/libraries/libcurl/socks_sspi.c index a83288dd..6d8e6ef7 100644 --- a/libraries/libcurl/socks_sspi.c +++ b/libraries/libcurl/socks_sspi.c @@ -139,7 +139,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, cred_handle.dwLower = 0; cred_handle.dwUpper = 0; - status = s_pSecFn->AcquireCredentialsHandle(NULL, + status = Curl_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *) TEXT("Kerberos"), SECPKG_CRED_OUTBOUND, NULL, @@ -152,7 +152,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, if(check_sspi_err(data, status, "AcquireCredentialsHandle")) { failf(data, "Failed to acquire credentials."); free(service_name); - s_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); return CURLE_COULDNT_CONNECT; } @@ -167,7 +167,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, if(!sname) return CURLE_OUT_OF_MEMORY; - status = s_pSecFn->InitializeSecurityContext(&cred_handle, + status = Curl_pSecFn->InitializeSecurityContext(&cred_handle, context_handle, sname, ISC_REQ_MUTUAL_AUTH | @@ -186,17 +186,17 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, curlx_unicodefree(sname); if(sspi_recv_token.pvBuffer) { - s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); sspi_recv_token.pvBuffer = NULL; sspi_recv_token.cbBuffer = 0; } if(check_sspi_err(data, status, "InitializeSecurityContext")) { free(service_name); - s_pSecFn->FreeCredentialsHandle(&cred_handle); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); if(sspi_recv_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); failf(data, "Failed to initialise security context."); return CURLE_COULDNT_CONNECT; } @@ -207,44 +207,45 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, us_length = htons((unsigned short)sspi_send_token.cbBuffer); memcpy(socksreq + 2, &us_length, sizeof(short)); - written = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, &code); + written = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, FALSE, + &code); if(code || (4 != written)) { failf(data, "Failed to send SSPI authentication request."); free(service_name); if(sspi_send_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); if(sspi_recv_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); - s_pSecFn->FreeCredentialsHandle(&cred_handle); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } written = Curl_conn_cf_send(cf->next, data, (char *)sspi_send_token.pvBuffer, - sspi_send_token.cbBuffer, &code); + sspi_send_token.cbBuffer, FALSE, &code); if(code || (sspi_send_token.cbBuffer != (size_t)written)) { failf(data, "Failed to send SSPI authentication token."); free(service_name); if(sspi_send_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); if(sspi_recv_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); - s_pSecFn->FreeCredentialsHandle(&cred_handle); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } } if(sspi_send_token.pvBuffer) { - s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); sspi_send_token.pvBuffer = NULL; } sspi_send_token.cbBuffer = 0; if(sspi_recv_token.pvBuffer) { - s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); sspi_recv_token.pvBuffer = NULL; } sspi_recv_token.cbBuffer = 0; @@ -266,8 +267,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, if(result || (actualread != 4)) { failf(data, "Failed to receive SSPI authentication response."); free(service_name); - s_pSecFn->FreeCredentialsHandle(&cred_handle); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } @@ -276,8 +277,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, failf(data, "User was rejected by the SOCKS5 server (%u %u).", (unsigned int)socksreq[0], (unsigned int)socksreq[1]); free(service_name); - s_pSecFn->FreeCredentialsHandle(&cred_handle); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } @@ -285,8 +286,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, failf(data, "Invalid SSPI authentication response type (%u %u).", (unsigned int)socksreq[0], (unsigned int)socksreq[1]); free(service_name); - s_pSecFn->FreeCredentialsHandle(&cred_handle); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } @@ -298,8 +299,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, if(!sspi_recv_token.pvBuffer) { free(service_name); - s_pSecFn->FreeCredentialsHandle(&cred_handle); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_OUT_OF_MEMORY; } result = Curl_blockread_all(cf, data, (char *)sspi_recv_token.pvBuffer, @@ -309,9 +310,9 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, failf(data, "Failed to receive SSPI authentication token."); free(service_name); if(sspi_recv_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); - s_pSecFn->FreeCredentialsHandle(&cred_handle); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } @@ -321,13 +322,13 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, free(service_name); /* Everything is good so far, user was authenticated! */ - status = s_pSecFn->QueryCredentialsAttributes(&cred_handle, + status = Curl_pSecFn->QueryCredentialsAttributes(&cred_handle, SECPKG_CRED_ATTR_NAMES, &names); - s_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); if(check_sspi_err(data, status, "QueryCredentialAttributes")) { - s_pSecFn->DeleteSecurityContext(&sspi_context); - s_pSecFn->FreeContextBuffer(names.sUserName); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(names.sUserName); failf(data, "Failed to determine username."); return CURLE_COULDNT_CONNECT; } @@ -338,7 +339,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, (user_utf8 ? user_utf8 : "(unknown)")); curlx_unicodefree(user_utf8); #endif - s_pSecFn->FreeContextBuffer(names.sUserName); + Curl_pSecFn->FreeContextBuffer(names.sUserName); } /* Do encryption */ @@ -354,7 +355,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, gss_enc = 1; infof(data, "SOCKS5 server supports GSS-API %s data protection.", - (gss_enc == 0)?"no":((gss_enc == 1)?"integrity":"confidentiality") ); + (gss_enc == 0) ? "no" : + ((gss_enc == 1) ? "integrity":"confidentiality") ); /* force to no data protection, avoid encryption/decryption for now */ gss_enc = 0; /* @@ -393,11 +395,11 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, memcpy(socksreq + 2, &us_length, sizeof(short)); } else { - status = s_pSecFn->QueryContextAttributes(&sspi_context, + status = Curl_pSecFn->QueryContextAttributes(&sspi_context, SECPKG_ATTR_SIZES, &sspi_sizes); if(check_sspi_err(data, status, "QueryContextAttributes")) { - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); failf(data, "Failed to query security context attributes."); return CURLE_COULDNT_CONNECT; } @@ -407,15 +409,15 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, sspi_w_token[0].pvBuffer = malloc(sspi_sizes.cbSecurityTrailer); if(!sspi_w_token[0].pvBuffer) { - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_OUT_OF_MEMORY; } sspi_w_token[1].cbBuffer = 1; sspi_w_token[1].pvBuffer = malloc(1); if(!sspi_w_token[1].pvBuffer) { - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_OUT_OF_MEMORY; } @@ -424,20 +426,20 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, sspi_w_token[2].cbBuffer = sspi_sizes.cbBlockSize; sspi_w_token[2].pvBuffer = malloc(sspi_sizes.cbBlockSize); if(!sspi_w_token[2].pvBuffer) { - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_OUT_OF_MEMORY; } - status = s_pSecFn->EncryptMessage(&sspi_context, + status = Curl_pSecFn->EncryptMessage(&sspi_context, KERB_WRAP_NO_ENCRYPT, &wrap_desc, 0); if(check_sspi_err(data, status, "EncryptMessage")) { - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); failf(data, "Failed to query security context attributes."); return CURLE_COULDNT_CONNECT; } @@ -446,10 +448,10 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, + sspi_w_token[2].cbBuffer; sspi_send_token.pvBuffer = malloc(sspi_send_token.cbBuffer); if(!sspi_send_token.pvBuffer) { - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_OUT_OF_MEMORY; } @@ -462,13 +464,13 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, + sspi_w_token[1].cbBuffer, sspi_w_token[2].pvBuffer, sspi_w_token[2].cbBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); sspi_w_token[0].pvBuffer = NULL; sspi_w_token[0].cbBuffer = 0; - s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); sspi_w_token[1].pvBuffer = NULL; sspi_w_token[1].cbBuffer = 0; - s_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer); sspi_w_token[2].pvBuffer = NULL; sspi_w_token[2].cbBuffer = 0; @@ -476,43 +478,45 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, memcpy(socksreq + 2, &us_length, sizeof(short)); } - written = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, &code); + written = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, FALSE, + &code); if(code || (4 != written)) { failf(data, "Failed to send SSPI encryption request."); if(sspi_send_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } if(data->set.socks5_gssapi_nec) { memcpy(socksreq, &gss_enc, 1); - written = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 1, &code); + written = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 1, FALSE, + &code); if(code || (1 != written)) { failf(data, "Failed to send SSPI encryption type."); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } } else { written = Curl_conn_cf_send(cf->next, data, (char *)sspi_send_token.pvBuffer, - sspi_send_token.cbBuffer, &code); + sspi_send_token.cbBuffer, FALSE, &code); if(code || (sspi_send_token.cbBuffer != (size_t)written)) { failf(data, "Failed to send SSPI encryption type."); if(sspi_send_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } if(sspi_send_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); } result = Curl_blockread_all(cf, data, (char *)socksreq, 4, &actualread); if(result || (actualread != 4)) { failf(data, "Failed to receive SSPI encryption response."); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } @@ -520,14 +524,14 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, if(socksreq[1] == 255) { /* status / message type */ failf(data, "User was rejected by the SOCKS5 server (%u %u).", (unsigned int)socksreq[0], (unsigned int)socksreq[1]); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } if(socksreq[1] != 2) { /* status / message type */ failf(data, "Invalid SSPI encryption response type (%u %u).", (unsigned int)socksreq[0], (unsigned int)socksreq[1]); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } @@ -537,7 +541,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, sspi_w_token[0].cbBuffer = us_length; sspi_w_token[0].pvBuffer = malloc(us_length); if(!sspi_w_token[0].pvBuffer) { - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_OUT_OF_MEMORY; } @@ -546,8 +550,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, if(result || (actualread != us_length)) { failf(data, "Failed to receive SSPI encryption type."); - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } @@ -559,17 +563,17 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, sspi_w_token[1].cbBuffer = 0; sspi_w_token[1].pvBuffer = NULL; - status = s_pSecFn->DecryptMessage(&sspi_context, + status = Curl_pSecFn->DecryptMessage(&sspi_context, &wrap_desc, 0, &qop); if(check_sspi_err(data, status, "DecryptMessage")) { if(sspi_w_token[0].pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); if(sspi_w_token[1].pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); failf(data, "Failed to query security context attributes."); return CURLE_COULDNT_CONNECT; } @@ -578,40 +582,41 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, failf(data, "Invalid SSPI encryption response length (%lu).", (unsigned long)sspi_w_token[1].cbBuffer); if(sspi_w_token[0].pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); if(sspi_w_token[1].pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } memcpy(socksreq, sspi_w_token[1].pvBuffer, sspi_w_token[1].cbBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); } else { if(sspi_w_token[0].cbBuffer != 1) { failf(data, "Invalid SSPI encryption response length (%lu).", (unsigned long)sspi_w_token[0].cbBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } memcpy(socksreq, sspi_w_token[0].pvBuffer, sspi_w_token[0].cbBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); } (void)curlx_nonblock(sock, TRUE); infof(data, "SOCKS5 access with%s protection granted.", - (socksreq[0] == 0)?"out GSS-API data": - ((socksreq[0] == 1)?" GSS-API integrity":" GSS-API confidentiality")); + (socksreq[0] == 0) ? "out GSS-API data": + ((socksreq[0] == 1) ? " GSS-API integrity" : + " GSS-API confidentiality")); /* For later use if encryption is required conn->socks5_gssapi_enctype = socksreq[0]; if(socksreq[0] != 0) conn->socks5_sspi_context = sspi_context; else { - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); conn->socks5_sspi_context = sspi_context; } */ diff --git a/libraries/libcurl/speedcheck.h b/libraries/libcurl/speedcheck.h index bff2f32b..8b116f15 100644 --- a/libraries/libcurl/speedcheck.h +++ b/libraries/libcurl/speedcheck.h @@ -27,7 +27,7 @@ #include "curl_setup.h" #include "timeval.h" - +struct Curl_easy; void Curl_speedinit(struct Curl_easy *data); CURLcode Curl_speedcheck(struct Curl_easy *data, struct curltime now); diff --git a/libraries/libcurl/splay.c b/libraries/libcurl/splay.c index 99bb1499..3f2bae02 100644 --- a/libraries/libcurl/splay.c +++ b/libraries/libcurl/splay.c @@ -24,6 +24,7 @@ #include "curl_setup.h" +#include "timeval.h" #include "splay.h" /* @@ -33,7 +34,7 @@ * zero : when i is equal to j * positive when : when i is larger than j */ -#define compare(i,j) Curl_splaycomparekeys((i),(j)) +#define compare(i,j) Curl_timediff_us(i,j) /* * Splay using the key i (which may or may not be in the tree.) The starting @@ -45,12 +46,12 @@ struct Curl_tree *Curl_splay(struct curltime i, struct Curl_tree N, *l, *r, *y; if(!t) - return t; + return NULL; N.smaller = N.larger = NULL; l = r = &N; for(;;) { - long comp = compare(i, t->key); + timediff_t comp = compare(i, t->key); if(comp < 0) { if(!t->smaller) break; @@ -106,15 +107,15 @@ struct Curl_tree *Curl_splayinsert(struct curltime i, ~0, -1 }; /* will *NEVER* appear */ - if(!node) - return t; + DEBUGASSERT(node); if(t) { t = Curl_splay(i, t); + DEBUGASSERT(t); if(compare(i, t->key) == 0) { - /* There already exists a node in the tree with the very same key. Build - a doubly-linked circular list of nodes. We add the new 'node' struct - to the end of this list. */ + /* There already exists a node in the tree with the same key. Build a + doubly-linked circular list of nodes. We add the new 'node' struct to + the end of this list. */ node->key = KEY_NOTUSED; /* we set the key in the sub node to NOTUSED to quickly identify this node as a subnode */ @@ -166,6 +167,7 @@ struct Curl_tree *Curl_splaygetbest(struct curltime i, /* find smallest */ t = Curl_splay(tv_zero, t); + DEBUGASSERT(t); if(compare(i, t->key) < 0) { /* even the smallest is too big */ *removed = NULL; @@ -197,7 +199,7 @@ struct Curl_tree *Curl_splaygetbest(struct curltime i, } -/* Deletes the very node we point out from the tree if it is there. Stores a +/* Deletes the node we point out from the tree if it is there. Stores a * pointer to the new resulting tree in 'newroot'. * * Returns zero on success and non-zero on errors! @@ -217,9 +219,11 @@ int Curl_splayremove(struct Curl_tree *t, }; /* will *NEVER* appear */ struct Curl_tree *x; - if(!t || !removenode) + if(!t) return 1; + DEBUGASSERT(removenode); + if(compare(KEY_NOTUSED, removenode->key) == 0) { /* Key set to NOTUSED means it is a subnode within a 'same' linked list and thus we can unlink it easily. */ @@ -238,6 +242,7 @@ int Curl_splayremove(struct Curl_tree *t, } t = Curl_splay(removenode->key, t); + DEBUGASSERT(t); /* First make sure that we got the same root node as the one we want to remove, as otherwise we might be trying to remove a node that @@ -268,6 +273,7 @@ int Curl_splayremove(struct Curl_tree *t, x = t->larger; else { x = Curl_splay(removenode->key, t->smaller); + DEBUGASSERT(x); x->larger = t->larger; } } @@ -276,3 +282,16 @@ int Curl_splayremove(struct Curl_tree *t, return 0; } + +/* set and get the custom payload for this tree node */ +void Curl_splayset(struct Curl_tree *node, void *payload) +{ + DEBUGASSERT(node); + node->ptr = payload; +} + +void *Curl_splayget(struct Curl_tree *node) +{ + DEBUGASSERT(node); + return node->ptr; +} diff --git a/libraries/libcurl/splay.h b/libraries/libcurl/splay.h index 20b2bb69..b8c9360e 100644 --- a/libraries/libcurl/splay.h +++ b/libraries/libcurl/splay.h @@ -26,13 +26,14 @@ #include "curl_setup.h" #include "timeval.h" +/* only use function calls to access this struct */ struct Curl_tree { struct Curl_tree *smaller; /* smaller node */ struct Curl_tree *larger; /* larger node */ struct Curl_tree *samen; /* points to the next node with identical key */ struct Curl_tree *samep; /* points to the prev node with identical key */ - struct curltime key; /* this node's "sort" key */ - void *payload; /* data the splay code does not care about */ + struct curltime key; /* this node's "sort" key */ + void *ptr; /* data the splay code does not care about */ }; struct Curl_tree *Curl_splay(struct curltime i, @@ -50,9 +51,8 @@ int Curl_splayremove(struct Curl_tree *t, struct Curl_tree *removenode, struct Curl_tree **newroot); -#define Curl_splaycomparekeys(i,j) ( ((i.tv_sec) < (j.tv_sec)) ? -1 : \ - ( ((i.tv_sec) > (j.tv_sec)) ? 1 : \ - ( ((i.tv_usec) < (j.tv_usec)) ? -1 : \ - ( ((i.tv_usec) > (j.tv_usec)) ? 1 : 0)))) +/* set and get the custom payload for this tree node */ +void Curl_splayset(struct Curl_tree *node, void *payload); +void *Curl_splayget(struct Curl_tree *node); #endif /* HEADER_CURL_SPLAY_H */ diff --git a/libraries/libcurl/strerror.c b/libraries/libcurl/strerror.c index 76a8ba2d..7d326e16 100644 --- a/libraries/libcurl/strerror.c +++ b/libraries/libcurl/strerror.c @@ -348,9 +348,9 @@ curl_easy_strerror(CURLcode error) * By using gcc -Wall -Werror, you cannot forget. * * A table would not have the same benefit. Most compilers will generate - * code very similar to a table in any case, so there is little performance - * gain from a table. Something is broken for the user's application, - * anyways, so does it matter how fast it _does not_ work? + * code similar to a table in any case, so there is little performance gain + * from a table. Something is broken for the user's application, anyways, so + * does it matter how fast it _does not_ work? * * The line number for the error will be near this comment, which is why it * is here, and not at the start of the switch. diff --git a/libraries/libcurl/strtoofft.c b/libraries/libcurl/strtoofft.c index 8fac230f..f1c7ba27 100644 --- a/libraries/libcurl/strtoofft.c +++ b/libraries/libcurl/strtoofft.c @@ -207,7 +207,7 @@ static int get_char(char c, int base) #endif /* Only present if we need strtoll, but do not have it. */ /* - * Parse a *positive* up to 64-bit number written in ascii. + * Parse a *positive* up to 64-bit number written in ASCII. */ CURLofft curlx_strtoofft(const char *str, char **endp, int base, curl_off_t *num) diff --git a/libraries/libcurl/system_win32.c b/libraries/libcurl/system_win32.c index 4af86699..5ab71187 100644 --- a/libraries/libcurl/system_win32.c +++ b/libraries/libcurl/system_win32.c @@ -38,25 +38,18 @@ LARGE_INTEGER Curl_freq; bool Curl_isVistaOrGreater; -bool Curl_isWindows8OrGreater; /* Handle of iphlpapp.dll */ static HMODULE s_hIpHlpApiDll = NULL; -/* Function pointers */ +/* Pointer to the if_nametoindex function */ IF_NAMETOINDEX_FN Curl_if_nametoindex = NULL; -FREEADDRINFOEXW_FN Curl_FreeAddrInfoExW = NULL; -GETADDRINFOEXCANCEL_FN Curl_GetAddrInfoExCancel = NULL; -GETADDRINFOEXW_FN Curl_GetAddrInfoExW = NULL; -/* Curl_win32_init() performs win32 global initialization */ +/* Curl_win32_init() performs Win32 global initialization */ CURLcode Curl_win32_init(long flags) { -#ifdef USE_WINSOCK - HMODULE ws2_32Dll; -#endif /* CURL_GLOBAL_WIN32 controls the *optional* part of the initialization which - is just for Winsock at the moment. Any required win32 initialization + is just for Winsock at the moment. Any required Win32 initialization should take place after this block. */ if(flags & CURL_GLOBAL_WIN32) { #ifdef USE_WINSOCK @@ -111,22 +104,6 @@ CURLcode Curl_win32_init(long flags) Curl_if_nametoindex = pIfNameToIndex; } -#ifdef USE_WINSOCK -#ifdef CURL_WINDOWS_APP - ws2_32Dll = Curl_load_library(TEXT("ws2_32.dll")); -#else - ws2_32Dll = GetModuleHandleA("ws2_32"); -#endif - if(ws2_32Dll) { - Curl_FreeAddrInfoExW = CURLX_FUNCTION_CAST(FREEADDRINFOEXW_FN, - GetProcAddress(ws2_32Dll, "FreeAddrInfoExW")); - Curl_GetAddrInfoExCancel = CURLX_FUNCTION_CAST(GETADDRINFOEXCANCEL_FN, - GetProcAddress(ws2_32Dll, "GetAddrInfoExCancel")); - Curl_GetAddrInfoExW = CURLX_FUNCTION_CAST(GETADDRINFOEXW_FN, - GetProcAddress(ws2_32Dll, "GetAddrInfoExW")); - } -#endif - /* curlx_verify_windows_version must be called during init at least once because it has its own initialization routine. */ if(curlx_verify_windows_version(6, 0, 0, PLATFORM_WINNT, @@ -136,13 +113,6 @@ CURLcode Curl_win32_init(long flags) else Curl_isVistaOrGreater = FALSE; - if(curlx_verify_windows_version(6, 2, 0, PLATFORM_WINNT, - VERSION_GREATER_THAN_EQUAL)) { - Curl_isWindows8OrGreater = TRUE; - } - else - Curl_isWindows8OrGreater = FALSE; - QueryPerformanceFrequency(&Curl_freq); return CURLE_OK; } @@ -150,9 +120,6 @@ CURLcode Curl_win32_init(long flags) /* Curl_win32_cleanup() is the opposite of Curl_win32_init() */ void Curl_win32_cleanup(long init_flags) { - Curl_FreeAddrInfoExW = NULL; - Curl_GetAddrInfoExCancel = NULL; - Curl_GetAddrInfoExW = NULL; if(s_hIpHlpApiDll) { FreeLibrary(s_hIpHlpApiDll); s_hIpHlpApiDll = NULL; @@ -208,11 +175,11 @@ typedef HMODULE (APIENTRY *LOADLIBRARYEX_FN)(LPCTSTR, HANDLE, DWORD); */ HMODULE Curl_load_library(LPCTSTR filename) { -#ifndef CURL_WINDOWS_APP +#ifndef CURL_WINDOWS_UWP HMODULE hModule = NULL; LOADLIBRARYEX_FN pLoadLibraryEx = NULL; - /* Get a handle to kernel32 so we can access it is functions at runtime */ + /* Get a handle to kernel32 so we can access its functions at runtime */ HMODULE hKernel32 = GetModuleHandle(TEXT("kernel32")); if(!hKernel32) return NULL; @@ -271,16 +238,4 @@ HMODULE Curl_load_library(LPCTSTR filename) #endif } -bool Curl_win32_impersonating(void) -{ -#ifndef CURL_WINDOWS_APP - HANDLE token = NULL; - if(OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &token)) { - CloseHandle(token); - return TRUE; - } -#endif - return FALSE; -} - #endif /* _WIN32 */ diff --git a/libraries/libcurl/system_win32.h b/libraries/libcurl/system_win32.h index 534a5e49..024d959f 100644 --- a/libraries/libcurl/system_win32.h +++ b/libraries/libcurl/system_win32.h @@ -26,13 +26,12 @@ #include "curl_setup.h" -#ifdef _WIN32 +#if defined(_WIN32) #include extern LARGE_INTEGER Curl_freq; extern bool Curl_isVistaOrGreater; -extern bool Curl_isWindows8OrGreater; CURLcode Curl_win32_init(long flags); void Curl_win32_cleanup(long init_flags); @@ -43,35 +42,6 @@ typedef unsigned int(WINAPI *IF_NAMETOINDEX_FN)(const char *); /* This is used instead of if_nametoindex if available on Windows */ extern IF_NAMETOINDEX_FN Curl_if_nametoindex; -/* Identical copy of addrinfoexW/ADDRINFOEXW */ -typedef struct addrinfoexW_ -{ - int ai_flags; - int ai_family; - int ai_socktype; - int ai_protocol; - size_t ai_addrlen; - PWSTR ai_canonname; - struct sockaddr *ai_addr; - void *ai_blob; - size_t ai_bloblen; - LPGUID ai_provider; - struct addrinfoexW_ *ai_next; -} ADDRINFOEXW_; - -typedef void (CALLBACK *LOOKUP_COMPLETION_FN)(DWORD, DWORD, LPWSAOVERLAPPED); -typedef void (WSAAPI *FREEADDRINFOEXW_FN)(ADDRINFOEXW_*); -typedef int (WSAAPI *GETADDRINFOEXCANCEL_FN)(LPHANDLE); -typedef int (WSAAPI *GETADDRINFOEXW_FN)(PCWSTR, PCWSTR, DWORD, LPGUID, - const ADDRINFOEXW_*, ADDRINFOEXW_**, struct timeval*, LPOVERLAPPED, - LOOKUP_COMPLETION_FN, LPHANDLE); - -extern FREEADDRINFOEXW_FN Curl_FreeAddrInfoExW; -extern GETADDRINFOEXCANCEL_FN Curl_GetAddrInfoExCancel; -extern GETADDRINFOEXW_FN Curl_GetAddrInfoExW; - -bool Curl_win32_impersonating(void); - /* This is used to dynamically load DLLs */ HMODULE Curl_load_library(LPCTSTR filename); #else /* _WIN32 */ diff --git a/libraries/libcurl/telnet.c b/libraries/libcurl/telnet.c index 91fa10ad..64d552d1 100644 --- a/libraries/libcurl/telnet.c +++ b/libraries/libcurl/telnet.c @@ -154,8 +154,8 @@ struct TELNET { int himq[256]; int him_preferred[256]; int subnegotiation[256]; - char subopt_ttype[32]; /* Set with suboption TTYPE */ - char subopt_xdisploc[128]; /* Set with suboption XDISPLOC */ + char *subopt_ttype; /* Set with suboption TTYPE */ + char *subopt_xdisploc; /* Set with suboption XDISPLOC */ unsigned short subopt_wsx; /* Set with suboption NAWS */ unsigned short subopt_wsy; /* Set with suboption NAWS */ TelnetReceive telrcv_state; @@ -671,7 +671,7 @@ static void printsub(struct Curl_easy *data, if(data->set.verbose) { unsigned int i = 0; if(direction) { - infof(data, "%s IAC SB ", (direction == '<')? "RCVD":"SENT"); + infof(data, "%s IAC SB ", (direction == '<') ? "RCVD" : "SENT"); if(length >= 3) { int j; @@ -721,8 +721,8 @@ static void printsub(struct Curl_easy *data, switch(pointer[0]) { case CURL_TELOPT_NAWS: if(length > 4) - infof(data, "Width: %d ; Height: %d", (pointer[1]<<8) | pointer[2], - (pointer[3]<<8) | pointer[4]); + infof(data, "Width: %d ; Height: %d", (pointer[1] << 8) | pointer[2], + (pointer[3] << 8) | pointer[4]); break; default: switch(pointer[1]) { @@ -831,12 +831,9 @@ static CURLcode check_telnet_options(struct Curl_easy *data) case 5: /* Terminal type */ if(strncasecompare(option, "TTYPE", 5)) { - size_t l = strlen(arg); - if(l < sizeof(tn->subopt_ttype)) { - strcpy(tn->subopt_ttype, arg); - tn->us_preferred[CURL_TELOPT_TTYPE] = CURL_YES; - break; - } + tn->subopt_ttype = arg; + tn->us_preferred[CURL_TELOPT_TTYPE] = CURL_YES; + break; } result = CURLE_UNKNOWN_OPTION; break; @@ -844,12 +841,9 @@ static CURLcode check_telnet_options(struct Curl_easy *data) case 8: /* Display variable */ if(strncasecompare(option, "XDISPLOC", 8)) { - size_t l = strlen(arg); - if(l < sizeof(tn->subopt_xdisploc)) { - strcpy(tn->subopt_xdisploc, arg); - tn->us_preferred[CURL_TELOPT_XDISPLOC] = CURL_YES; - break; - } + tn->subopt_xdisploc = arg; + tn->us_preferred[CURL_TELOPT_XDISPLOC] = CURL_YES; + break; } result = CURLE_UNKNOWN_OPTION; break; @@ -1276,7 +1270,7 @@ static CURLcode send_telnet_data(struct Curl_easy *data, default: /* write! */ bytes_written = 0; result = Curl_xfer_send(data, outbuf + total_written, - outlen - total_written, &bytes_written); + outlen - total_written, FALSE, &bytes_written); total_written += bytes_written; break; } @@ -1342,7 +1336,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) #ifdef USE_WINSOCK /* We want to wait for both stdin and the socket. Since - ** the select() function in winsock only works on sockets + ** the select() function in Winsock only works on sockets ** we have to use the WaitForMultipleObjects() call. */ @@ -1353,7 +1347,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) return CURLE_FAILED_INIT; } - /* Tell winsock what events we want to listen to */ + /* Tell Winsock what events we want to listen to */ if(WSAEventSelect(sockfd, event_handle, FD_READ|FD_CLOSE) == SOCKET_ERROR) { WSACloseEvent(event_handle); return CURLE_OK; diff --git a/libraries/libcurl/tftp.c b/libraries/libcurl/tftp.c index c4cc8049..e92e5127 100644 --- a/libraries/libcurl/tftp.c +++ b/libraries/libcurl/tftp.c @@ -205,7 +205,7 @@ static CURLcode tftp_set_timeouts(struct tftp_state_data *state) { time_t maxtime, timeout; timediff_t timeout_ms; - bool start = (state->state == TFTP_STATE_START) ? TRUE : FALSE; + bool start = (state->state == TFTP_STATE_START); /* Compute drop-dead time */ timeout_ms = Curl_timeleft(state->data, NULL, start); @@ -228,20 +228,19 @@ static CURLcode tftp_set_timeouts(struct tftp_state_data *state) state->retry_max = (int)timeout/5; /* But bound the total number */ - if(state->retry_max<3) + if(state->retry_max < 3) state->retry_max = 3; - if(state->retry_max>50) + if(state->retry_max > 50) state->retry_max = 50; /* Compute the re-ACK interval to suit the timeout */ state->retry_time = (int)(timeout/state->retry_max); - if(state->retry_time<1) + if(state->retry_time < 1) state->retry_time = 1; infof(state->data, - "set timeouts for state %d; Total % " CURL_FORMAT_CURL_OFF_T - ", retry %d maxtry %d", + "set timeouts for state %d; Total % " FMT_OFF_T ", retry %d maxtry %d", (int)state->state, timeout_ms, state->retry_time, state->retry_max); /* init RX time */ @@ -434,7 +433,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state, struct Curl_easy *data = state->data; CURLcode result = CURLE_OK; - /* Set ascii mode if -B flag was used */ + /* Set ASCII mode if -B flag was used */ if(data->state.prefer_ascii) mode = "netascii"; @@ -444,7 +443,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state, case TFTP_EVENT_TIMEOUT: /* Resend the first packet out */ /* Increment the retry counter, quit if over the limit */ state->retries++; - if(state->retries>state->retry_max) { + if(state->retries > state->retry_max) { state->error = TFTP_ERR_NORESPONSE; state->state = TFTP_STATE_FIN; return result; @@ -483,11 +482,9 @@ static CURLcode tftp_send_first(struct tftp_state_data *state, if(!data->set.tftp_no_options) { char buf[64]; /* add tsize option */ - if(data->state.upload && (data->state.infilesize != -1)) - msnprintf(buf, sizeof(buf), "%" CURL_FORMAT_CURL_OFF_T, - data->state.infilesize); - else - strcpy(buf, "0"); /* the destination is large enough */ + msnprintf(buf, sizeof(buf), "%" FMT_OFF_T, + data->state.upload && (data->state.infilesize != -1) ? + data->state.infilesize : 0); result = tftp_option_add(state, &sbytes, (char *)state->spacket.data + sbytes, @@ -527,7 +524,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state, not have a size_t argument, like older unixes that want an 'int' */ senddata = sendto(state->sockfd, (void *)state->spacket.data, (SEND_TYPE_ARG3)sbytes, 0, - &data->conn->remote_addr->sa_addr, + &data->conn->remote_addr->curl_sa_addr, (curl_socklen_t)data->conn->remote_addr->addrlen); if(senddata != (ssize_t)sbytes) { char buffer[STRERROR_LEN]; @@ -665,7 +662,7 @@ static CURLcode tftp_rx(struct tftp_state_data *state, 4, SEND_4TH_ARG, (struct sockaddr *)&state->remote_addr, state->remote_addrlen); - if(sbytes<0) { + if(sbytes < 0) { failf(data, "%s", Curl_strerror(SOCKERRNO, buffer, sizeof(buffer))); return CURLE_SEND_ERROR; } @@ -730,7 +727,7 @@ static CURLcode tftp_tx(struct tftp_state_data *state, tftp_event_t event) rblock, state->block); state->retries++; /* Bail out if over the maximum */ - if(state->retries>state->retry_max) { + if(state->retries > state->retry_max) { failf(data, "tftp_tx: giving up waiting for block %d ack", state->block); result = CURLE_SEND_ERROR; @@ -742,7 +739,7 @@ static CURLcode tftp_tx(struct tftp_state_data *state, tftp_event_t event) (struct sockaddr *)&state->remote_addr, state->remote_addrlen); /* Check all sbytes were sent */ - if(sbytes<0) { + if(sbytes < 0) { failf(data, "%s", Curl_strerror(SOCKERRNO, buffer, sizeof(buffer))); result = CURLE_SEND_ERROR; @@ -787,7 +784,7 @@ static CURLcode tftp_tx(struct tftp_state_data *state, tftp_event_t event) (struct sockaddr *)&state->remote_addr, state->remote_addrlen); /* Check all sbytes were sent */ - if(sbytes<0) { + if(sbytes < 0) { failf(data, "%s", Curl_strerror(SOCKERRNO, buffer, sizeof(buffer))); return CURLE_SEND_ERROR; } @@ -813,7 +810,7 @@ static CURLcode tftp_tx(struct tftp_state_data *state, tftp_event_t event) (struct sockaddr *)&state->remote_addr, state->remote_addrlen); /* Check all sbytes were sent */ - if(sbytes<0) { + if(sbytes < 0) { failf(data, "%s", Curl_strerror(SOCKERRNO, buffer, sizeof(buffer))); return CURLE_SEND_ERROR; } @@ -1001,7 +998,7 @@ static CURLcode tftp_connect(struct Curl_easy *data, bool *done) return CURLE_OUT_OF_MEMORY; } - /* we do not keep TFTP connections up basically because there is none or very + /* we do not keep TFTP connections up basically because there is none or * little gain for UDP */ connclose(conn, "TFTP"); @@ -1100,24 +1097,20 @@ static int tftp_getsock(struct Curl_easy *data, **********************************************************/ static CURLcode tftp_receive_packet(struct Curl_easy *data) { - struct Curl_sockaddr_storage fromaddr; curl_socklen_t fromlen; CURLcode result = CURLE_OK; struct connectdata *conn = data->conn; struct tftp_state_data *state = conn->proto.tftpc; /* Receive the packet */ - fromlen = sizeof(fromaddr); + fromlen = sizeof(state->remote_addr); state->rbytes = (int)recvfrom(state->sockfd, (void *)state->rpacket.data, (RECV_TYPE_ARG3)state->blksize + 4, 0, - (struct sockaddr *)&fromaddr, + (struct sockaddr *)&state->remote_addr, &fromlen); - if(state->remote_addrlen == 0) { - memcpy(&state->remote_addr, &fromaddr, fromlen); - state->remote_addrlen = fromlen; - } + state->remote_addrlen = fromlen; /* Sanity check packet length */ if(state->rbytes < 4) { @@ -1239,7 +1232,7 @@ static CURLcode tftp_multi_statemach(struct Curl_easy *data, bool *done) result = tftp_state_machine(state, event); if(result) return result; - *done = (state->state == TFTP_STATE_FIN) ? TRUE : FALSE; + *done = (state->state == TFTP_STATE_FIN); if(*done) /* Tell curl we are done */ Curl_xfer_setup_nop(data); @@ -1262,7 +1255,7 @@ static CURLcode tftp_multi_statemach(struct Curl_easy *data, bool *done) result = tftp_state_machine(state, state->event); if(result) return result; - *done = (state->state == TFTP_STATE_FIN) ? TRUE : FALSE; + *done = (state->state == TFTP_STATE_FIN); if(*done) /* Tell curl we are done */ Curl_xfer_setup_nop(data); diff --git a/libraries/libcurl/timediff.h b/libraries/libcurl/timediff.h index 1ffa59e7..75f996c5 100644 --- a/libraries/libcurl/timediff.h +++ b/libraries/libcurl/timediff.h @@ -29,7 +29,7 @@ /* Use a larger type even for 32-bit time_t systems so that we can keep microsecond accuracy in it */ typedef curl_off_t timediff_t; -#define CURL_FORMAT_TIMEDIFF_T CURL_FORMAT_CURL_OFF_T +#define FMT_TIMEDIFF_T FMT_OFF_T #define TIMEDIFF_T_MAX CURL_OFF_T_MAX #define TIMEDIFF_T_MIN CURL_OFF_T_MIN diff --git a/libraries/libcurl/timeval.c b/libraries/libcurl/timeval.c index 10dbaf02..bb29bfdf 100644 --- a/libraries/libcurl/timeval.c +++ b/libraries/libcurl/timeval.c @@ -137,7 +137,7 @@ struct curltime Curl_now(void) struct curltime Curl_now(void) { /* - ** Monotonic timer on Mac OS is provided by mach_absolute_time(), which + ** Monotonic timer on macOS is provided by mach_absolute_time(), which ** returns time in Mach "absolute time units," which are platform-dependent. ** To convert to nanoseconds, one must use conversion factors specified by ** mach_timebase_info(). diff --git a/libraries/libcurl/transfer.c b/libraries/libcurl/transfer.c index 6c95a471..d7d3d16f 100644 --- a/libraries/libcurl/transfer.c +++ b/libraries/libcurl/transfer.c @@ -79,7 +79,6 @@ #include "http2.h" #include "mime.h" #include "strcase.h" -#include "urlapi-int.h" #include "hsts.h" #include "setopt.h" #include "headers.h" @@ -184,6 +183,18 @@ static bool xfer_recv_shutdown_started(struct Curl_easy *data) return Curl_shutdown_started(data, sockindex); } +CURLcode Curl_xfer_send_shutdown(struct Curl_easy *data, bool *done) +{ + int sockindex; + + if(!data || !data->conn) + return CURLE_FAILED_INIT; + if(data->conn->writesockfd == CURL_SOCKET_BAD) + return CURLE_FAILED_INIT; + sockindex = (data->conn->writesockfd == data->conn->sock[SECONDARYSOCKET]); + return Curl_conn_shutdown(data, sockindex, done); +} + /** * Receive raw response data for the transfer. * @param data the transfer @@ -193,10 +204,10 @@ static bool xfer_recv_shutdown_started(struct Curl_easy *data) * @param err error code in case of -1 return * @return number of bytes read or -1 for error */ -static ssize_t Curl_xfer_recv_resp(struct Curl_easy *data, - char *buf, size_t blen, - bool eos_reliable, - CURLcode *err) +static ssize_t xfer_recv_resp(struct Curl_easy *data, + char *buf, size_t blen, + bool eos_reliable, + CURLcode *err) { ssize_t nread; @@ -211,7 +222,7 @@ static ssize_t Curl_xfer_recv_resp(struct Curl_easy *data, blen = (size_t)totalleft; } else if(xfer_recv_shutdown_started(data)) { - /* we already reveived everything. Do not try more. */ + /* we already received everything. Do not try more. */ blen = 0; } @@ -237,7 +248,7 @@ static ssize_t Curl_xfer_recv_resp(struct Curl_easy *data, return -1; } } - DEBUGF(infof(data, "readwrite_data: we are done")); + DEBUGF(infof(data, "sendrecv_dl: we are done")); } DEBUGASSERT(nread >= 0); return nread; @@ -248,9 +259,9 @@ static ssize_t Curl_xfer_recv_resp(struct Curl_easy *data, * the stream was rewound (in which case we have data in a * buffer) */ -static CURLcode readwrite_data(struct Curl_easy *data, - struct SingleRequest *k, - int *didwhat) +static CURLcode sendrecv_dl(struct Curl_easy *data, + struct SingleRequest *k, + int *didwhat) { struct connectdata *conn = data->conn; CURLcode result = CURLE_OK; @@ -291,14 +302,20 @@ static CURLcode readwrite_data(struct Curl_easy *data, bytestoread = (size_t)data->set.max_recv_speed; } - nread = Curl_xfer_recv_resp(data, buf, bytestoread, - is_multiplex, &result); + nread = xfer_recv_resp(data, buf, bytestoread, is_multiplex, &result); if(nread < 0) { - if(CURLE_AGAIN == result) { - result = CURLE_OK; - break; /* get out of loop */ + if(CURLE_AGAIN != result) + goto out; /* real error */ + result = CURLE_OK; + if(data->req.download_done && data->req.no_body && + !data->req.resp_trailer) { + DEBUGF(infof(data, "EAGAIN, download done, no trailer announced, " + "not waiting for EOS")); + nread = 0; + /* continue as if we read the EOS */ } - goto out; /* real error */ + else + break; /* get out of loop */ } /* We only get a 0-length read on EndOfStream */ @@ -313,10 +330,9 @@ static CURLcode readwrite_data(struct Curl_easy *data, DEBUGF(infof(data, "nread == 0, stream closed, bailing")); else DEBUGF(infof(data, "nread <= 0, server closed connection, bailing")); - /* stop receiving and ALL sending as well, including PAUSE and HOLD. - * We might still be paused on receive client writes though, so - * keep those bits around. */ - k->keepon &= ~(KEEP_RECV|KEEP_SENDBITS); + result = Curl_req_stop_send_recv(data); + if(result) + goto out; if(k->eos_written) /* already did write this to client, leave */ break; } @@ -352,25 +368,21 @@ static CURLcode readwrite_data(struct Curl_easy *data, may now close the connection. If there is now any kind of sending going on from our side, we need to stop that immediately. */ infof(data, "we are done reading and this is set to close, stop send"); - k->keepon &= ~KEEP_SEND; /* no writing anymore either */ - k->keepon &= ~KEEP_SEND_PAUSE; /* no pausing anymore either */ + Curl_req_abort_sending(data); } out: Curl_multi_xfer_buf_release(data, xfer_buf); if(result) - DEBUGF(infof(data, "readwrite_data() -> %d", result)); + DEBUGF(infof(data, "sendrecv_dl() -> %d", result)); return result; } /* * Send data to upload to the server, when the socket is writable. */ -static CURLcode readwrite_upload(struct Curl_easy *data, int *didwhat) +static CURLcode sendrecv_ul(struct Curl_easy *data, int *didwhat) { - if((data->req.keepon & KEEP_SEND_PAUSE)) - return CURLE_OK; - /* We should not get here when the sending is already done. It * probably means that someone set `data-req.keepon |= KEEP_SEND` * when it should not. */ @@ -402,76 +414,46 @@ static int select_bits_paused(struct Curl_easy *data, int select_bits) } /* - * Curl_readwrite() is the low-level function to be called when data is to + * Curl_sendrecv() is the low-level function to be called when data is to * be read and written to/from the connection. */ -CURLcode Curl_readwrite(struct Curl_easy *data) +CURLcode Curl_sendrecv(struct Curl_easy *data, struct curltime *nowp) { - struct connectdata *conn = data->conn; struct SingleRequest *k = &data->req; - CURLcode result; - struct curltime now; + CURLcode result = CURLE_OK; int didwhat = 0; - int select_bits; + DEBUGASSERT(nowp); if(data->state.select_bits) { if(select_bits_paused(data, data->state.select_bits)) { /* leave the bits unchanged, so they'll tell us what to do when * this transfer gets unpaused. */ - DEBUGF(infof(data, "readwrite, select_bits, early return on PAUSED")); result = CURLE_OK; goto out; } - select_bits = data->state.select_bits; data->state.select_bits = 0; } - else { - curl_socket_t fd_read; - curl_socket_t fd_write; - /* only use the proper socket if the *_HOLD bit is not set simultaneously - as then we are in rate limiting state in that transfer direction */ - if((k->keepon & KEEP_RECVBITS) == KEEP_RECV) - fd_read = conn->sockfd; - else - fd_read = CURL_SOCKET_BAD; - - if((k->keepon & KEEP_SENDBITS) == KEEP_SEND) - fd_write = conn->writesockfd; - else - fd_write = CURL_SOCKET_BAD; - - select_bits = Curl_socket_check(fd_read, CURL_SOCKET_BAD, fd_write, 0); - } - - if(select_bits == CURL_CSELECT_ERR) { - failf(data, "select/poll returned error"); - result = CURLE_SEND_ERROR; - goto out; - } #ifdef USE_HYPER - if(conn->datastream) { - result = conn->datastream(data, conn, &didwhat, select_bits); + if(data->conn->datastream) { + result = data->conn->datastream(data, data->conn, &didwhat, + CURL_CSELECT_OUT|CURL_CSELECT_IN); if(result || data->req.done) goto out; } else { #endif - /* We go ahead and do a read if we have a readable socket or if - the stream was rewound (in which case we have data in a - buffer) */ - if((k->keepon & KEEP_RECV) && (select_bits & CURL_CSELECT_IN)) { - result = readwrite_data(data, k, &didwhat); + /* We go ahead and do a read if we have a readable socket or if the stream + was rewound (in which case we have data in a buffer) */ + if(k->keepon & KEEP_RECV) { + result = sendrecv_dl(data, k, &didwhat); if(result || data->req.done) goto out; } /* If we still have writing to do, we check if we have a writable socket. */ - if(((k->keepon & KEEP_SEND) && (select_bits & CURL_CSELECT_OUT)) || - (k->keepon & KEEP_SEND_TIMED)) { - /* write */ - - result = readwrite_upload(data, &didwhat); + if(Curl_req_want_send(data) || (data->req.keepon & KEEP_SEND_TIMED)) { + result = sendrecv_ul(data, &didwhat); if(result) goto out; } @@ -479,8 +461,8 @@ CURLcode Curl_readwrite(struct Curl_easy *data) } #endif - now = Curl_now(); if(!didwhat) { + /* Transfer wanted to send/recv, but nothing was possible. */ result = Curl_conn_ev_data_idle(data); if(result) goto out; @@ -489,23 +471,23 @@ CURLcode Curl_readwrite(struct Curl_easy *data) if(Curl_pgrsUpdate(data)) result = CURLE_ABORTED_BY_CALLBACK; else - result = Curl_speedcheck(data, now); + result = Curl_speedcheck(data, *nowp); if(result) goto out; if(k->keepon) { - if(0 > Curl_timeleft(data, &now, FALSE)) { + if(0 > Curl_timeleft(data, nowp, FALSE)) { if(k->size != -1) { - failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T - " milliseconds with %" CURL_FORMAT_CURL_OFF_T " out of %" - CURL_FORMAT_CURL_OFF_T " bytes received", - Curl_timediff(now, data->progress.t_startsingle), + failf(data, "Operation timed out after %" FMT_TIMEDIFF_T + " milliseconds with %" FMT_OFF_T " out of %" + FMT_OFF_T " bytes received", + Curl_timediff(*nowp, data->progress.t_startsingle), k->bytecount, k->size); } else { - failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T - " milliseconds with %" CURL_FORMAT_CURL_OFF_T " bytes received", - Curl_timediff(now, data->progress.t_startsingle), + failf(data, "Operation timed out after %" FMT_TIMEDIFF_T + " milliseconds with %" FMT_OFF_T " bytes received", + Curl_timediff(*nowp, data->progress.t_startsingle), k->bytecount); } result = CURLE_OPERATION_TIMEDOUT; @@ -518,16 +500,8 @@ CURLcode Curl_readwrite(struct Curl_easy *data) * returning. */ if(!(data->req.no_body) && (k->size != -1) && - (k->bytecount != k->size) && -#ifdef CURL_DO_LINEEND_CONV - /* Most FTP servers do not adjust their file SIZE response for CRLFs, - so we will check to see if the discrepancy can be explained - by the number of CRLFs we have changed to LFs. - */ - (k->bytecount != (k->size + data->state.crlf_conversions)) && -#endif /* CURL_DO_LINEEND_CONV */ - !k->newurl) { - failf(data, "transfer closed with %" CURL_FORMAT_CURL_OFF_T + (k->bytecount != k->size) && !k->newurl) { + failf(data, "transfer closed with %" FMT_OFF_T " bytes remaining to read", k->size - k->bytecount); result = CURLE_PARTIAL_FILE; goto out; @@ -544,7 +518,7 @@ CURLcode Curl_readwrite(struct Curl_easy *data) out: if(result) - DEBUGF(infof(data, "Curl_readwrite() -> %d", result)); + DEBUGF(infof(data, "Curl_sendrecv() -> %d", result)); return result; } @@ -704,6 +678,9 @@ CURLcode Curl_pretransfer(struct Curl_easy *data) return CURLE_OUT_OF_MEMORY; } + if(data->set.str[STRING_USERNAME] || + data->set.str[STRING_PASSWORD]) + data->state.creds_from = CREDS_OPTION; if(!result) result = Curl_setstropt(&data->state.aptr.user, data->set.str[STRING_USERNAME]); @@ -724,298 +701,6 @@ CURLcode Curl_pretransfer(struct Curl_easy *data) return result; } -/* - * Curl_follow() handles the URL redirect magic. Pass in the 'newurl' string - * as given by the remote server and set up the new URL to request. - * - * This function DOES NOT FREE the given url. - */ -CURLcode Curl_follow(struct Curl_easy *data, - char *newurl, /* the Location: string */ - followtype type) /* see transfer.h */ -{ -#ifdef CURL_DISABLE_HTTP - (void)data; - (void)newurl; - (void)type; - /* Location: following will not happen when HTTP is disabled */ - return CURLE_TOO_MANY_REDIRECTS; -#else - - /* Location: redirect */ - bool disallowport = FALSE; - bool reachedmax = FALSE; - CURLUcode uc; - - DEBUGASSERT(type != FOLLOW_NONE); - - if(type != FOLLOW_FAKE) - data->state.requests++; /* count all real follows */ - if(type == FOLLOW_REDIR) { - if((data->set.maxredirs != -1) && - (data->state.followlocation >= data->set.maxredirs)) { - reachedmax = TRUE; - type = FOLLOW_FAKE; /* switch to fake to store the would-be-redirected - to URL */ - } - else { - data->state.followlocation++; /* count redirect-followings, including - auth reloads */ - - if(data->set.http_auto_referer) { - CURLU *u; - char *referer = NULL; - - /* We are asked to automatically set the previous URL as the referer - when we get the next URL. We pick the ->url field, which may or may - not be 100% correct */ - - if(data->state.referer_alloc) { - Curl_safefree(data->state.referer); - data->state.referer_alloc = FALSE; - } - - /* Make a copy of the URL without credentials and fragment */ - u = curl_url(); - if(!u) - return CURLE_OUT_OF_MEMORY; - - uc = curl_url_set(u, CURLUPART_URL, data->state.url, 0); - if(!uc) - uc = curl_url_set(u, CURLUPART_FRAGMENT, NULL, 0); - if(!uc) - uc = curl_url_set(u, CURLUPART_USER, NULL, 0); - if(!uc) - uc = curl_url_set(u, CURLUPART_PASSWORD, NULL, 0); - if(!uc) - uc = curl_url_get(u, CURLUPART_URL, &referer, 0); - - curl_url_cleanup(u); - - if(uc || !referer) - return CURLE_OUT_OF_MEMORY; - - data->state.referer = referer; - data->state.referer_alloc = TRUE; /* yes, free this later */ - } - } - } - - if((type != FOLLOW_RETRY) && - (data->req.httpcode != 401) && (data->req.httpcode != 407) && - Curl_is_absolute_url(newurl, NULL, 0, FALSE)) { - /* If this is not redirect due to a 401 or 407 response and an absolute - URL: do not allow a custom port number */ - disallowport = TRUE; - } - - DEBUGASSERT(data->state.uh); - uc = curl_url_set(data->state.uh, CURLUPART_URL, newurl, (unsigned int) - ((type == FOLLOW_FAKE) ? CURLU_NON_SUPPORT_SCHEME : - ((type == FOLLOW_REDIR) ? CURLU_URLENCODE : 0) | - CURLU_ALLOW_SPACE | - (data->set.path_as_is ? CURLU_PATH_AS_IS : 0))); - if(uc) { - if(type != FOLLOW_FAKE) { - failf(data, "The redirect target URL could not be parsed: %s", - curl_url_strerror(uc)); - return Curl_uc_to_curlcode(uc); - } - - /* the URL could not be parsed for some reason, but since this is FAKE - mode, just duplicate the field as-is */ - newurl = strdup(newurl); - if(!newurl) - return CURLE_OUT_OF_MEMORY; - } - else { - uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0); - if(uc) - return Curl_uc_to_curlcode(uc); - - /* Clear auth if this redirects to a different port number or protocol, - unless permitted */ - if(!data->set.allow_auth_to_other_hosts && (type != FOLLOW_FAKE)) { - char *portnum; - int port; - bool clear = FALSE; - - if(data->set.use_port && data->state.allow_port) - /* a custom port is used */ - port = (int)data->set.use_port; - else { - uc = curl_url_get(data->state.uh, CURLUPART_PORT, &portnum, - CURLU_DEFAULT_PORT); - if(uc) { - free(newurl); - return Curl_uc_to_curlcode(uc); - } - port = atoi(portnum); - free(portnum); - } - if(port != data->info.conn_remote_port) { - infof(data, "Clear auth, redirects to port from %u to %u", - data->info.conn_remote_port, port); - clear = TRUE; - } - else { - char *scheme; - const struct Curl_handler *p; - uc = curl_url_get(data->state.uh, CURLUPART_SCHEME, &scheme, 0); - if(uc) { - free(newurl); - return Curl_uc_to_curlcode(uc); - } - - p = Curl_get_scheme_handler(scheme); - if(p && (p->protocol != data->info.conn_protocol)) { - infof(data, "Clear auth, redirects scheme from %s to %s", - data->info.conn_scheme, scheme); - clear = TRUE; - } - free(scheme); - } - if(clear) { - Curl_safefree(data->state.aptr.user); - Curl_safefree(data->state.aptr.passwd); - } - } - } - - if(type == FOLLOW_FAKE) { - /* we are only figuring out the new URL if we would have followed locations - but now we are done so we can get out! */ - data->info.wouldredirect = newurl; - - if(reachedmax) { - failf(data, "Maximum (%ld) redirects followed", data->set.maxredirs); - return CURLE_TOO_MANY_REDIRECTS; - } - return CURLE_OK; - } - - if(disallowport) - data->state.allow_port = FALSE; - - if(data->state.url_alloc) - Curl_safefree(data->state.url); - - data->state.url = newurl; - data->state.url_alloc = TRUE; - Curl_req_soft_reset(&data->req, data); - infof(data, "Issue another request to this URL: '%s'", data->state.url); - - /* - * We get here when the HTTP code is 300-399 (and 401). We need to perform - * differently based on exactly what return code there was. - * - * News from 7.10.6: we can also get here on a 401 or 407, in case we act on - * an HTTP (proxy-) authentication scheme other than Basic. - */ - switch(data->info.httpcode) { - /* 401 - Act on a WWW-Authenticate, we keep on moving and do the - Authorization: XXXX header in the HTTP request code snippet */ - /* 407 - Act on a Proxy-Authenticate, we keep on moving and do the - Proxy-Authorization: XXXX header in the HTTP request code snippet */ - /* 300 - Multiple Choices */ - /* 306 - Not used */ - /* 307 - Temporary Redirect */ - default: /* for all above (and the unknown ones) */ - /* Some codes are explicitly mentioned since I have checked RFC2616 and - * they seem to be OK to POST to. - */ - break; - case 301: /* Moved Permanently */ - /* (quote from RFC7231, section 6.4.2) - * - * Note: For historical reasons, a user agent MAY change the request - * method from POST to GET for the subsequent request. If this - * behavior is undesired, the 307 (Temporary Redirect) status code - * can be used instead. - * - * ---- - * - * Many webservers expect this, so these servers often answers to a POST - * request with an error page. To be sure that libcurl gets the page that - * most user agents would get, libcurl has to force GET. - * - * This behavior is forbidden by RFC1945 and the obsolete RFC2616, and - * can be overridden with CURLOPT_POSTREDIR. - */ - if((data->state.httpreq == HTTPREQ_POST - || data->state.httpreq == HTTPREQ_POST_FORM - || data->state.httpreq == HTTPREQ_POST_MIME) - && !(data->set.keep_post & CURL_REDIR_POST_301)) { - infof(data, "Switch from POST to GET"); - data->state.httpreq = HTTPREQ_GET; - Curl_creader_set_rewind(data, FALSE); - } - break; - case 302: /* Found */ - /* (quote from RFC7231, section 6.4.3) - * - * Note: For historical reasons, a user agent MAY change the request - * method from POST to GET for the subsequent request. If this - * behavior is undesired, the 307 (Temporary Redirect) status code - * can be used instead. - * - * ---- - * - * Many webservers expect this, so these servers often answers to a POST - * request with an error page. To be sure that libcurl gets the page that - * most user agents would get, libcurl has to force GET. - * - * This behavior is forbidden by RFC1945 and the obsolete RFC2616, and - * can be overridden with CURLOPT_POSTREDIR. - */ - if((data->state.httpreq == HTTPREQ_POST - || data->state.httpreq == HTTPREQ_POST_FORM - || data->state.httpreq == HTTPREQ_POST_MIME) - && !(data->set.keep_post & CURL_REDIR_POST_302)) { - infof(data, "Switch from POST to GET"); - data->state.httpreq = HTTPREQ_GET; - Curl_creader_set_rewind(data, FALSE); - } - break; - - case 303: /* See Other */ - /* 'See Other' location is not the resource but a substitute for the - * resource. In this case we switch the method to GET/HEAD, unless the - * method is POST and the user specified to keep it as POST. - * https://github.com/curl/curl/issues/5237#issuecomment-614641049 - */ - if(data->state.httpreq != HTTPREQ_GET && - ((data->state.httpreq != HTTPREQ_POST && - data->state.httpreq != HTTPREQ_POST_FORM && - data->state.httpreq != HTTPREQ_POST_MIME) || - !(data->set.keep_post & CURL_REDIR_POST_303))) { - data->state.httpreq = HTTPREQ_GET; - infof(data, "Switch to %s", - data->req.no_body?"HEAD":"GET"); - } - break; - case 304: /* Not Modified */ - /* 304 means we did a conditional request and it was "Not modified". - * We should not get any Location: header in this response! - */ - break; - case 305: /* Use Proxy */ - /* (quote from RFC2616, section 10.3.6): - * "The requested resource MUST be accessed through the proxy given - * by the Location field. The Location field gives the URI of the - * proxy. The recipient is expected to repeat this single request - * via the proxy. 305 responses MUST only be generated by origin - * servers." - */ - break; - } - Curl_pgrsTime(data, TIMER_REDIRECT); - Curl_pgrsResetTransferSizes(data); - - return CURLE_OK; -#endif /* CURL_DISABLE_HTTP */ -} - /* Returns CURLE_OK *and* sets '*url' if a request retry is wanted. NOTE: that the *url is malloc()ed. */ @@ -1091,10 +776,12 @@ static void xfer_setup( int sockindex, /* socket index to read from or -1 */ curl_off_t size, /* -1 if unknown at this point */ bool getheader, /* TRUE if header parsing is wanted */ - int writesockindex, /* socket index to write to, it may very well be - the same we read from. -1 disables */ - bool shutdown /* shutdown connection at transfer end. Only + int writesockindex, /* socket index to write to, it may be the same we + read from. -1 disables */ + bool shutdown, /* shutdown connection at transfer end. Only * supported when sending OR receiving. */ + bool shutdown_err_ignore /* errors during shutdown do not fail the + * transfer */ ) { struct SingleRequest *k = &data->req; @@ -1113,19 +800,20 @@ static void xfer_setup( conn->sock[sockindex]; conn->writesockfd = conn->sockfd; if(want_send) - /* special and very HTTP-specific */ + /* special and HTTP-specific */ writesockindex = FIRSTSOCKET; } else { conn->sockfd = sockindex == -1 ? CURL_SOCKET_BAD : conn->sock[sockindex]; conn->writesockfd = writesockindex == -1 ? - CURL_SOCKET_BAD:conn->sock[writesockindex]; + CURL_SOCKET_BAD : conn->sock[writesockindex]; } k->getheader = getheader; k->size = size; k->shutdown = shutdown; + k->shutdown_err_ignore = shutdown_err_ignore; /* The code sequence below is placed in this function just because all necessary input is not always known in do_complete() as this function may @@ -1150,7 +838,7 @@ static void xfer_setup( void Curl_xfer_setup_nop(struct Curl_easy *data) { - xfer_setup(data, -1, -1, FALSE, -1, FALSE); + xfer_setup(data, -1, -1, FALSE, -1, FALSE, FALSE); } void Curl_xfer_setup1(struct Curl_easy *data, @@ -1158,21 +846,23 @@ void Curl_xfer_setup1(struct Curl_easy *data, curl_off_t recv_size, bool getheader) { - int recv_index = (send_recv & CURL_XFER_RECV)? FIRSTSOCKET : -1; - int send_index = (send_recv & CURL_XFER_SEND)? FIRSTSOCKET : -1; + int recv_index = (send_recv & CURL_XFER_RECV) ? FIRSTSOCKET : -1; + int send_index = (send_recv & CURL_XFER_SEND) ? FIRSTSOCKET : -1; DEBUGASSERT((recv_index >= 0) || (recv_size == -1)); - xfer_setup(data, recv_index, recv_size, getheader, send_index, FALSE); + xfer_setup(data, recv_index, recv_size, getheader, send_index, FALSE, FALSE); } void Curl_xfer_setup2(struct Curl_easy *data, int send_recv, curl_off_t recv_size, - bool shutdown) + bool shutdown, + bool shutdown_err_ignore) { - int recv_index = (send_recv & CURL_XFER_RECV)? SECONDARYSOCKET : -1; - int send_index = (send_recv & CURL_XFER_SEND)? SECONDARYSOCKET : -1; + int recv_index = (send_recv & CURL_XFER_RECV) ? SECONDARYSOCKET : -1; + int send_index = (send_recv & CURL_XFER_SEND) ? SECONDARYSOCKET : -1; DEBUGASSERT((recv_index >= 0) || (recv_size == -1)); - xfer_setup(data, recv_index, recv_size, FALSE, send_index, shutdown); + xfer_setup(data, recv_index, recv_size, FALSE, send_index, + shutdown, shutdown_err_ignore); } CURLcode Curl_xfer_write_resp(struct Curl_easy *data, @@ -1193,15 +883,7 @@ CURLcode Curl_xfer_write_resp(struct Curl_easy *data, int cwtype = CLIENTWRITE_BODY; if(is_eos) cwtype |= CLIENTWRITE_EOS; - -#ifndef CURL_DISABLE_POP3 - if(blen && data->conn->handler->protocol & PROTO_FAMILY_POP3) { - result = data->req.ignorebody? CURLE_OK : - Curl_pop3_write(data, buf, blen); - } - else -#endif /* CURL_DISABLE_POP3 */ - result = Curl_client_write(data, cwtype, buf, blen); + result = Curl_client_write(data, cwtype, buf, blen); } } @@ -1233,25 +915,35 @@ CURLcode Curl_xfer_write_done(struct Curl_easy *data, bool premature) return Curl_cw_out_done(data); } +bool Curl_xfer_needs_flush(struct Curl_easy *data) +{ + int sockindex; + sockindex = ((data->conn->writesockfd != CURL_SOCKET_BAD) && + (data->conn->writesockfd == data->conn->sock[SECONDARYSOCKET])); + return Curl_conn_needs_flush(data, sockindex); +} + +CURLcode Curl_xfer_flush(struct Curl_easy *data) +{ + int sockindex; + sockindex = ((data->conn->writesockfd != CURL_SOCKET_BAD) && + (data->conn->writesockfd == data->conn->sock[SECONDARYSOCKET])); + return Curl_conn_flush(data, sockindex); +} + CURLcode Curl_xfer_send(struct Curl_easy *data, - const void *buf, size_t blen, + const void *buf, size_t blen, bool eos, size_t *pnwritten) { CURLcode result; int sockindex; - if(!data || !data->conn) - return CURLE_FAILED_INIT; - /* FIXME: would like to enable this, but some protocols (MQTT) do not - * setup the transfer correctly, it seems - if(data->conn->writesockfd == CURL_SOCKET_BAD) { - failf(data, "transfer not setup for sending"); - DEBUGASSERT(0); - return CURLE_SEND_ERROR; - } */ + DEBUGASSERT(data); + DEBUGASSERT(data->conn); + sockindex = ((data->conn->writesockfd != CURL_SOCKET_BAD) && (data->conn->writesockfd == data->conn->sock[SECONDARYSOCKET])); - result = Curl_conn_send(data, sockindex, buf, blen, pnwritten); + result = Curl_conn_send(data, sockindex, buf, blen, eos, pnwritten); if(result == CURLE_AGAIN) { result = CURLE_OK; *pnwritten = 0; @@ -1259,6 +951,8 @@ CURLcode Curl_xfer_send(struct Curl_easy *data, else if(!result && *pnwritten) data->info.request_size += *pnwritten; + DEBUGF(infof(data, "Curl_xfer_send(len=%zu, eos=%d) -> %d, %zu", + blen, eos, result, *pnwritten)); return result; } @@ -1268,18 +962,13 @@ CURLcode Curl_xfer_recv(struct Curl_easy *data, { int sockindex; - if(!data || !data->conn) - return CURLE_FAILED_INIT; - /* FIXME: would like to enable this, but some protocols (MQTT) do not - * setup the transfer correctly, it seems - if(data->conn->sockfd == CURL_SOCKET_BAD) { - failf(data, "transfer not setup for receiving"); - DEBUGASSERT(0); - return CURLE_RECV_ERROR; - } */ + DEBUGASSERT(data); + DEBUGASSERT(data->conn); + DEBUGASSERT(data->set.buffer_size > 0); + sockindex = ((data->conn->sockfd != CURL_SOCKET_BAD) && (data->conn->sockfd == data->conn->sock[SECONDARYSOCKET])); - if(data->set.buffer_size > 0 && (size_t)data->set.buffer_size < blen) + if((size_t)data->set.buffer_size < blen) blen = (size_t)data->set.buffer_size; return Curl_conn_recv(data, sockindex, buf, blen, pnrcvd); } @@ -1290,18 +979,6 @@ CURLcode Curl_xfer_send_close(struct Curl_easy *data) return CURLE_OK; } -CURLcode Curl_xfer_send_shutdown(struct Curl_easy *data, bool *done) -{ - int sockindex; - - if(!data || !data->conn) - return CURLE_FAILED_INIT; - if(data->conn->writesockfd == CURL_SOCKET_BAD) - return CURLE_FAILED_INIT; - sockindex = (data->conn->writesockfd == data->conn->sock[SECONDARYSOCKET]); - return Curl_conn_shutdown(data, sockindex, done); -} - bool Curl_xfer_is_blocked(struct Curl_easy *data) { bool want_send = ((data)->req.keepon & KEEP_SEND); diff --git a/libraries/libcurl/transfer.h b/libraries/libcurl/transfer.h index 21ad2596..8c9b88c1 100644 --- a/libraries/libcurl/transfer.h +++ b/libraries/libcurl/transfer.h @@ -42,9 +42,7 @@ typedef enum { FOLLOW_REDIR /* a full true redirect */ } followtype; -CURLcode Curl_follow(struct Curl_easy *data, char *newurl, - followtype type); -CURLcode Curl_readwrite(struct Curl_easy *data); +CURLcode Curl_sendrecv(struct Curl_easy *data, struct curltime *nowp); int Curl_single_getsock(struct Curl_easy *data, struct connectdata *conn, curl_socket_t *socks); CURLcode Curl_retry_request(struct Curl_easy *data, char **url); @@ -100,12 +98,13 @@ void Curl_xfer_setup1(struct Curl_easy *data, * the amount to receive or -1 if unknown. With `shutdown` being * set, the transfer is only allowed to either send OR receive * and the socket 2 connection will be shutdown at the end of - * the transfer. An unclean shutdown will fail the transfer. + * the transfer. An unclean shutdown will fail the transfer + * unless `shutdown_err_ignore` is TRUE. */ void Curl_xfer_setup2(struct Curl_easy *data, int send_recv, curl_off_t recv_size, - bool shutdown); + bool shutdown, bool shutdown_err_ignore); /** * Multi has set transfer to DONE. Last chance to trigger @@ -113,13 +112,24 @@ void Curl_xfer_setup2(struct Curl_easy *data, */ CURLcode Curl_xfer_write_done(struct Curl_easy *data, bool premature); +/** + * Return TRUE iff transfer has pending data to send. Checks involved + * connection filters. + */ +bool Curl_xfer_needs_flush(struct Curl_easy *data); + +/** + * Flush any pending send data on the transfer connection. + */ +CURLcode Curl_xfer_flush(struct Curl_easy *data); + /** * Send data on the socket/connection filter designated * for transfer's outgoing data. * Will return CURLE_OK on blocking with (*pnwritten == 0). */ CURLcode Curl_xfer_send(struct Curl_easy *data, - const void *buf, size_t blen, + const void *buf, size_t blen, bool eos, size_t *pnwritten); /** diff --git a/libraries/libcurl/url.c b/libraries/libcurl/url.c index 914b5b65..f9bb05f7 100644 --- a/libraries/libcurl/url.c +++ b/libraries/libcurl/url.c @@ -234,8 +234,6 @@ CURLcode Curl_close(struct Curl_easy **datap) data = *datap; *datap = NULL; - Curl_expire_clear(data); /* shut off timers */ - /* Detach connection if any is left. This should not be normal, but can be the case for example with CONNECT_ONLY + recv/send (test 556) */ Curl_detach_connection(data); @@ -253,6 +251,8 @@ CURLcode Curl_close(struct Curl_easy **datap) } } + Curl_expire_clear(data); /* shut off any timers left */ + data->magic = 0; /* force a clear AFTER the possibly enforced removal from the multi handle, since that function uses the magic field! */ @@ -266,7 +266,6 @@ CURLcode Curl_close(struct Curl_easy **datap) /* Close down all open SSL info and sessions */ Curl_ssl_close_all(data); Curl_safefree(data->state.first_host); - Curl_safefree(data->state.scratch); Curl_ssl_free_certinfo(data); if(data->state.referer_alloc) { @@ -339,6 +338,7 @@ CURLcode Curl_close(struct Curl_easy **datap) Curl_wildcard_dtor(&data->wildcard); Curl_freeset(data); Curl_headers_cleanup(data); + Curl_netrc_cleanup(&data->state.netrc); free(data); return CURLE_OK; } @@ -415,8 +415,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) set->new_file_perms = 0644; /* Default permissions */ set->allowed_protocols = (curl_prot_t) CURLPROTO_ALL; - set->redir_protocols = CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FTP | - CURLPROTO_FTPS; + set->redir_protocols = CURLPROTO_REDIR; #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) /* @@ -428,9 +427,9 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) /* Set the default CA cert bundle/path detected/specified at build time. * - * If Schannel or SecureTransport is the selected SSL backend then these - * locations are ignored. We allow setting CA location for schannel and - * securetransport when explicitly specified by the user via + * If Schannel or Secure Transport is the selected SSL backend then these + * locations are ignored. We allow setting CA location for Schannel and + * Secure Transport when explicitly specified by the user via * CURLOPT_CAINFO / --cacert. */ if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL && @@ -507,10 +506,10 @@ CURLcode Curl_open(struct Curl_easy **curl) CURLcode result; struct Curl_easy *data; - /* Very simple start-up: alloc the struct, init it with zeroes and return */ + /* simple start-up: alloc the struct, init it with zeroes and return */ data = calloc(1, sizeof(struct Curl_easy)); if(!data) { - /* this is a very serious error */ + /* this is a serious error */ DEBUGF(fprintf(stderr, "Error: calloc of Curl_easy failed\n")); return CURLE_OUT_OF_MEMORY; } @@ -537,9 +536,17 @@ CURLcode Curl_open(struct Curl_easy **curl) data->state.recent_conn_id = -1; /* and not assigned an id yet */ data->id = -1; + data->mid = -1; +#ifndef CURL_DISABLE_DOH + data->set.dohfor_mid = -1; +#endif data->progress.flags |= PGRS_HIDE; data->state.current_speed = -1; /* init to negative == impossible */ +#ifndef CURL_DISABLE_HTTP + Curl_llist_init(&data->state.httphdrs, NULL); +#endif + Curl_netrc_init(&data->state.netrc); } if(result) { @@ -552,7 +559,6 @@ CURLcode Curl_open(struct Curl_easy **curl) } else *curl = data; - return result; } @@ -593,13 +599,14 @@ void Curl_conn_free(struct Curl_easy *data, struct connectdata *conn) #ifdef USE_UNIX_SOCKETS Curl_safefree(conn->unix_domain_socket); #endif + Curl_safefree(conn->destination); free(conn); /* free all the connection oriented data */ } /* * Disconnects the given connection. Note the connection may not be the - * primary connection, like when freeing room in the connection cache or + * primary connection, like when freeing room in the connection pool or * killing of a dead old connection. * * A connection needs an easy handle when closing down. We support this passed @@ -609,14 +616,14 @@ void Curl_conn_free(struct Curl_easy *data, struct connectdata *conn) * This function MUST NOT reset state in the Curl_easy struct if that * is not strictly bound to the life-time of *this* particular connection. */ -void Curl_disconnect(struct Curl_easy *data, - struct connectdata *conn, bool aborted) +bool Curl_on_disconnect(struct Curl_easy *data, + struct connectdata *conn, bool aborted) { /* there must be a connection to close */ DEBUGASSERT(conn); - /* it must be removed from the connection cache */ - DEBUGASSERT(!conn->bundle); + /* it must be removed from the connection pool */ + DEBUGASSERT(!conn->bits.in_cpool); /* there must be an associated transfer */ DEBUGASSERT(data); @@ -624,23 +631,11 @@ void Curl_disconnect(struct Curl_easy *data, /* the transfer must be detached from the connection */ DEBUGASSERT(!data->conn); - DEBUGF(infof(data, "Curl_disconnect(conn #%" - CURL_FORMAT_CURL_OFF_T ", aborted=%d)", + DEBUGF(infof(data, "Curl_disconnect(conn #%" FMT_OFF_T ", aborted=%d)", conn->connection_id, aborted)); - /* - * If this connection is not marked to force-close, leave it open if there - * are other users of it - */ - if(CONN_INUSE(conn) && !aborted) { - DEBUGF(infof(data, "Curl_disconnect when inuse: %zu", CONN_INUSE(conn))); - return; - } - - if(conn->dns_entry) { - Curl_resolv_unlock(data, conn->dns_entry); - conn->dns_entry = NULL; - } + if(conn->dns_entry) + Curl_resolv_unlink(data, &conn->dns_entry); /* Cleanup NTLM connection-related data */ Curl_http_auth_cleanup_ntlm(conn); @@ -652,30 +647,28 @@ void Curl_disconnect(struct Curl_easy *data, /* treat the connection as aborted in CONNECT_ONLY situations */ aborted = TRUE; - Curl_conncache_disconnect(data, conn, aborted); + return aborted; } /* - * IsMultiplexingPossible() + * xfer_may_multiplex() * - * Return a bitmask with the available multiplexing options for the given - * requested connection. + * Return a TRUE, iff the transfer can be done over an (appropriate) + * multiplexed connection. */ -static int IsMultiplexingPossible(const struct Curl_easy *handle, - const struct connectdata *conn) +static bool xfer_may_multiplex(const struct Curl_easy *data, + const struct connectdata *conn) { - int avail = 0; - /* If an HTTP protocol and multiplexing is enabled */ if((conn->handler->protocol & PROTO_FAMILY_HTTP) && (!conn->bits.protoconnstart || !conn->bits.close)) { - if(Curl_multiplex_wanted(handle->multi) && - (handle->state.httpwant >= CURL_HTTP_VERSION_2)) - /* allows HTTP/2 */ - avail |= CURLPIPE_MULTIPLEX; + if(Curl_multiplex_wanted(data->multi) && + (data->state.httpwant >= CURL_HTTP_VERSION_2)) + /* allows HTTP/2 or newer */ + return TRUE; } - return avail; + return FALSE; } #ifndef CURL_DISABLE_PROXY @@ -729,7 +722,7 @@ static bool conn_maxage(struct Curl_easy *data, idletime /= 1000; /* integer seconds is fine */ if(idletime > data->set.maxage_conn) { - infof(data, "Too old connection (%" CURL_FORMAT_TIMEDIFF_T + infof(data, "Too old connection (%" FMT_TIMEDIFF_T " seconds idle), disconnect it", idletime); return TRUE; } @@ -739,7 +732,7 @@ static bool conn_maxage(struct Curl_easy *data, if(data->set.maxlifetime_conn && lifetime > data->set.maxlifetime_conn) { infof(data, - "Too old connection (%" CURL_FORMAT_TIMEDIFF_T + "Too old connection (%" FMT_TIMEDIFF_T " seconds since creation), disconnect it", lifetime); return TRUE; } @@ -749,23 +742,24 @@ static bool conn_maxage(struct Curl_easy *data, } /* - * This function checks if the given connection is dead and prunes it from - * the connection cache if so. - * - * When this is called as a Curl_conncache_foreach() callback, the connection - * cache lock is held! - * - * Returns TRUE if the connection was dead and pruned. + * Return TRUE iff the given connection is considered dead. */ -static bool prune_if_dead(struct connectdata *conn, - struct Curl_easy *data) +bool Curl_conn_seems_dead(struct connectdata *conn, + struct Curl_easy *data, + struct curltime *pnow) { + DEBUGASSERT(!data->conn); if(!CONN_INUSE(conn)) { /* The check for a dead socket makes sense only if the connection is not in use */ bool dead; - struct curltime now = Curl_now(); - if(conn_maxage(data, conn, now)) { + struct curltime now; + if(!pnow) { + now = Curl_now(); + pnow = &now; + } + + if(conn_maxage(data, conn, *pnow)) { /* avoid check if already too old */ dead = TRUE; } @@ -805,64 +799,40 @@ static bool prune_if_dead(struct connectdata *conn, } if(dead) { - /* remove connection from cache */ - infof(data, "Connection %" CURL_FORMAT_CURL_OFF_T " seems to be dead", + /* remove connection from cpool */ + infof(data, "Connection %" FMT_OFF_T " seems to be dead", conn->connection_id); - Curl_conncache_remove_conn(data, conn, FALSE); return TRUE; } } return FALSE; } -/* - * Wrapper to use prune_if_dead() function in Curl_conncache_foreach() - * - */ -static int call_prune_if_dead(struct Curl_easy *data, - struct connectdata *conn, void *param) -{ - struct connectdata **pruned = (struct connectdata **)param; - if(prune_if_dead(conn, data)) { - /* stop the iteration here, pass back the connection that was pruned */ - *pruned = conn; - return 1; - } - return 0; /* continue iteration */ -} - -/* - * This function scans the connection cache for half-open/dead connections, - * closes and removes them. The cleanup is done at most once per second. - * - * When called, this transfer has no connection attached. - */ -static void prune_dead_connections(struct Curl_easy *data) +CURLcode Curl_conn_upkeep(struct Curl_easy *data, + struct connectdata *conn, + struct curltime *now) { - struct curltime now = Curl_now(); - timediff_t elapsed; - - DEBUGASSERT(!data->conn); /* no connection */ - CONNCACHE_LOCK(data); - elapsed = - Curl_timediff(now, data->state.conn_cache->last_cleanup); - CONNCACHE_UNLOCK(data); - - if(elapsed >= 1000L) { - struct connectdata *pruned = NULL; - while(Curl_conncache_foreach(data, data->state.conn_cache, &pruned, - call_prune_if_dead)) { - /* unlocked */ - - /* connection previously removed from cache in prune_if_dead() */ + CURLcode result = CURLE_OK; + if(Curl_timediff(*now, conn->keepalive) <= data->set.upkeep_interval_ms) + return result; - /* disconnect it, do not treat as aborted */ - Curl_disconnect(data, pruned, FALSE); - } - CONNCACHE_LOCK(data); - data->state.conn_cache->last_cleanup = now; - CONNCACHE_UNLOCK(data); + /* briefly attach for action */ + Curl_attach_connection(data, conn); + if(conn->handler->connection_check) { + /* Do a protocol-specific keepalive check on the connection. */ + unsigned int rc; + rc = conn->handler->connection_check(data, conn, CONNCHECK_KEEPALIVE); + if(rc & CONNRESULT_DEAD) + result = CURLE_RECV_ERROR; } + else { + /* Do the generic action on the FIRSTSOCKET filter chain */ + result = Curl_conn_keep_alive(data, conn, FIRSTSOCKET); + } + Curl_detach_connection(data); + + conn->keepalive = *now; + return result; } #ifdef USE_SSH @@ -876,425 +846,432 @@ static bool ssh_config_matches(struct connectdata *one, #define ssh_config_matches(x,y) FALSE #endif -/* - * Given one filled in connection struct (named needle), this function should - * detect if there already is one that has all the significant details - * exactly the same and thus should be used instead. - * - * If there is a match, this function returns TRUE - and has marked the - * connection as 'in-use'. It must later be called with ConnectionDone() to - * return back to 'idle' (unused) state. - * - * The force_reuse flag is set if the connection must be used. - */ -static bool -ConnectionExists(struct Curl_easy *data, - struct connectdata *needle, - struct connectdata **usethis, - bool *force_reuse, - bool *waitpipe) +struct url_conn_match { + struct connectdata *found; + struct Curl_easy *data; + struct connectdata *needle; + BIT(may_multiplex); + BIT(want_ntlm_http); + BIT(want_proxy_ntlm_http); + + BIT(wait_pipe); + BIT(force_reuse); + BIT(seen_pending_conn); + BIT(seen_single_use_conn); + BIT(seen_multiplex_conn); +}; + +static bool url_match_conn(struct connectdata *conn, void *userdata) { - struct connectdata *chosen = NULL; - bool foundPendingCandidate = FALSE; - bool canmultiplex = FALSE; - struct connectbundle *bundle; - struct Curl_llist_element *curr; + struct url_conn_match *match = userdata; + struct Curl_easy *data = match->data; + struct connectdata *needle = match->needle; -#ifdef USE_NTLM - bool wantNTLMhttp = ((data->state.authhost.want & CURLAUTH_NTLM) && - (needle->handler->protocol & PROTO_FAMILY_HTTP)); -#ifndef CURL_DISABLE_PROXY - bool wantProxyNTLMhttp = (needle->bits.proxy_user_passwd && - ((data->state.authproxy.want & - CURLAUTH_NTLM) && - (needle->handler->protocol & PROTO_FAMILY_HTTP))); -#else - bool wantProxyNTLMhttp = FALSE; -#endif -#endif - /* plain HTTP with upgrade */ - bool h2upgrade = (data->state.httpwant == CURL_HTTP_VERSION_2_0) && - (needle->handler->protocol & CURLPROTO_HTTP); + /* Check if `conn` can be used for transfer `data` */ - *usethis = NULL; - *force_reuse = FALSE; - *waitpipe = FALSE; + if(conn->connect_only || conn->bits.close) + /* connect-only or to-be-closed connections will not be reused */ + return FALSE; - /* Look up the bundle with all the connections to this particular host. - Locks the connection cache, beware of early returns! */ - bundle = Curl_conncache_find_bundle(data, needle, data->state.conn_cache); - if(!bundle) { - CONNCACHE_UNLOCK(data); + if(data->set.ipver != CURL_IPRESOLVE_WHATEVER + && data->set.ipver != conn->ip_version) { + /* skip because the connection is not via the requested IP version */ return FALSE; } - infof(data, "Found bundle for host: %p [%s]", - (void *)bundle, (bundle->multiuse == BUNDLE_MULTIPLEX ? - "can multiplex" : "serially")); - - /* We can only multiplex iff the transfer allows it AND we know - * that the server we want to talk to supports it as well. */ - canmultiplex = FALSE; - if(IsMultiplexingPossible(data, needle)) { - if(bundle->multiuse == BUNDLE_UNKNOWN) { - if(data->set.pipewait) { - infof(data, "Server does not support multiplex yet, wait"); - *waitpipe = TRUE; - CONNCACHE_UNLOCK(data); - return FALSE; /* no reuse */ - } - infof(data, "Server does not support multiplex (yet)"); - } - else if(bundle->multiuse == BUNDLE_MULTIPLEX) { - if(Curl_multiplex_wanted(data->multi)) - canmultiplex = TRUE; - else - infof(data, "Could multiplex, but not asked to"); - } - else if(bundle->multiuse == BUNDLE_NO_MULTIUSE) { - infof(data, "Can not multiplex, even if we wanted to"); - } - } - curr = bundle->conn_list.head; - while(curr) { - struct connectdata *check = curr->ptr; - /* Get next node now. We might remove a dead `check` connection which - * would invalidate `curr` as well. */ - curr = curr->next; - - /* Note that if we use an HTTP proxy in normal mode (no tunneling), we - * check connections to that proxy and not to the actual remote server. - */ - if(check->connect_only || check->bits.close) - /* connect-only or to-be-closed connections will not be reused */ - continue; + if(needle->localdev || needle->localport) { + /* If we are bound to a specific local end (IP+port), we must not reuse a + random other one, although if we did not ask for a particular one we + can reuse one that was bound. + + This comparison is a bit rough and too strict. Since the input + parameters can be specified in numerous ways and still end up the same + it would take a lot of processing to make it really accurate. Instead, + this matching will assume that reuses of bound connections will most + likely also reuse the exact same binding parameters and missing out a + few edge cases should not hurt anyone much. + */ + if((conn->localport != needle->localport) || + (conn->localportrange != needle->localportrange) || + (needle->localdev && + (!conn->localdev || strcmp(conn->localdev, needle->localdev)))) + return FALSE; + } + + if(needle->bits.conn_to_host != conn->bits.conn_to_host) + /* do not mix connections that use the "connect to host" feature and + * connections that do not use this feature */ + return FALSE; - if(data->set.ipver != CURL_IPRESOLVE_WHATEVER - && data->set.ipver != check->ip_version) { - /* skip because the connection is not via the requested IP version */ - continue; - } + if(needle->bits.conn_to_port != conn->bits.conn_to_port) + /* do not mix connections that use the "connect to port" feature and + * connections that do not use this feature */ + return FALSE; - if(!canmultiplex) { - if(Curl_resolver_asynch() && - /* remote_ip[0] is NUL only if the resolving of the name has not - completed yet and until then we do not reuse this connection */ - !check->primary.remote_ip[0]) - continue; + if(!Curl_conn_is_connected(conn, FIRSTSOCKET) || + conn->bits.asks_multiplex) { + /* Not yet connected, or not yet decided if it multiplexes. The later + * happens for HTTP/2 Upgrade: requests that need a response. */ + if(match->may_multiplex) { + match->seen_pending_conn = TRUE; + /* Do not pick a connection that has not connected yet */ + infof(data, "Connection #%" FMT_OFF_T + " is not open enough, cannot reuse", conn->connection_id); } + /* Do not pick a connection that has not connected yet */ + return FALSE; + } + /* `conn` is connected. If it has transfers, can we add ours to it? */ - if(CONN_INUSE(check)) { - if(!canmultiplex) { - /* transfer cannot be multiplexed and check is in use */ - continue; - } - else { - /* Could multiplex, but not when check belongs to another multi */ - struct Curl_llist_element *e = check->easyq.head; - struct Curl_easy *entry = e->ptr; - if(entry->multi != data->multi) - continue; - } + if(CONN_INUSE(conn)) { + if(!conn->bits.multiplex) { + /* conn busy and conn cannot take more transfers */ + match->seen_single_use_conn = TRUE; + return FALSE; } - - if(!Curl_conn_is_connected(check, FIRSTSOCKET)) { - foundPendingCandidate = TRUE; - /* Do not pick a connection that has not connected yet */ - infof(data, "Connection #%" CURL_FORMAT_CURL_OFF_T - " is not open enough, cannot reuse", check->connection_id); - continue; + match->seen_multiplex_conn = TRUE; + if(!match->may_multiplex) + /* conn busy and transfer cannot be multiplexed */ + return FALSE; + else { + /* transfer and conn multiplex. Are they on the same multi? */ + struct Curl_llist_node *e = Curl_llist_head(&conn->easyq); + struct Curl_easy *entry = Curl_node_elem(e); + if(entry->multi != data->multi) + return FALSE; } + } + /* `conn` is connected and we could add the transfer to it, if + * all the other criteria do match. */ - /* `check` is connected. if it is in use and does not support multiplex, - * we cannot use it. */ - if(!check->bits.multiplex && CONN_INUSE(check)) - continue; - + /* Does `conn` use the correct protocol? */ #ifdef USE_UNIX_SOCKETS - if(needle->unix_domain_socket) { - if(!check->unix_domain_socket) - continue; - if(strcmp(needle->unix_domain_socket, check->unix_domain_socket)) - continue; - if(needle->bits.abstract_unix_socket != - check->bits.abstract_unix_socket) - continue; - } - else if(check->unix_domain_socket) - continue; -#endif - - if((needle->handler->flags&PROTOPT_SSL) != - (check->handler->flags&PROTOPT_SSL)) - /* do not do mixed SSL and non-SSL connections */ - if(get_protocol_family(check->handler) != - needle->handler->protocol || !check->bits.tls_upgraded) - /* except protocols that have been upgraded via TLS */ - continue; - - if(needle->bits.conn_to_host != check->bits.conn_to_host) - /* do not mix connections that use the "connect to host" feature and - * connections that do not use this feature */ - continue; - - if(needle->bits.conn_to_port != check->bits.conn_to_port) - /* do not mix connections that use the "connect to port" feature and - * connections that do not use this feature */ - continue; + if(needle->unix_domain_socket) { + if(!conn->unix_domain_socket) + return FALSE; + if(strcmp(needle->unix_domain_socket, conn->unix_domain_socket)) + return FALSE; + if(needle->bits.abstract_unix_socket != conn->bits.abstract_unix_socket) + return FALSE; + } + else if(conn->unix_domain_socket) + return FALSE; +#endif + + if((needle->handler->flags&PROTOPT_SSL) != + (conn->handler->flags&PROTOPT_SSL)) + /* do not do mixed SSL and non-SSL connections */ + if(get_protocol_family(conn->handler) != + needle->handler->protocol || !conn->bits.tls_upgraded) + /* except protocols that have been upgraded via TLS */ + return FALSE; #ifndef CURL_DISABLE_PROXY - if(needle->bits.httpproxy != check->bits.httpproxy || - needle->bits.socksproxy != check->bits.socksproxy) - continue; - - if(needle->bits.socksproxy && - !socks_proxy_info_matches(&needle->socks_proxy, - &check->socks_proxy)) - continue; - - if(needle->bits.httpproxy) { - if(needle->bits.tunnel_proxy != check->bits.tunnel_proxy) - continue; - - if(!proxy_info_matches(&needle->http_proxy, &check->http_proxy)) - continue; - - if(IS_HTTPS_PROXY(needle->http_proxy.proxytype)) { - /* https proxies come in different types, http/1.1, h2, ... */ - if(needle->http_proxy.proxytype != check->http_proxy.proxytype) - continue; - /* match SSL config to proxy */ - if(!Curl_ssl_conn_config_match(data, check, TRUE)) { - DEBUGF(infof(data, - "Connection #%" CURL_FORMAT_CURL_OFF_T - " has different SSL proxy parameters, cannot reuse", - check->connection_id)); - continue; - } - /* the SSL config to the server, which may apply here is checked - * further below */ + if(needle->bits.httpproxy != conn->bits.httpproxy || + needle->bits.socksproxy != conn->bits.socksproxy) + return FALSE; + + if(needle->bits.socksproxy && + !socks_proxy_info_matches(&needle->socks_proxy, + &conn->socks_proxy)) + return FALSE; + + if(needle->bits.httpproxy) { + if(needle->bits.tunnel_proxy != conn->bits.tunnel_proxy) + return FALSE; + + if(!proxy_info_matches(&needle->http_proxy, &conn->http_proxy)) + return FALSE; + + if(IS_HTTPS_PROXY(needle->http_proxy.proxytype)) { + /* https proxies come in different types, http/1.1, h2, ... */ + if(needle->http_proxy.proxytype != conn->http_proxy.proxytype) + return FALSE; + /* match SSL config to proxy */ + if(!Curl_ssl_conn_config_match(data, conn, TRUE)) { + DEBUGF(infof(data, + "Connection #%" FMT_OFF_T + " has different SSL proxy parameters, cannot reuse", + conn->connection_id)); + return FALSE; } + /* the SSL config to the server, which may apply here is checked + * further below */ } + } #endif - if(h2upgrade && !check->httpversion && canmultiplex) { - if(data->set.pipewait) { - infof(data, "Server upgrade does not support multiplex yet, wait"); - *waitpipe = TRUE; - CONNCACHE_UNLOCK(data); - return FALSE; /* no reuse */ - } - infof(data, "Server upgrade cannot be used"); - continue; /* cannot be used atm */ - } - - if(needle->localdev || needle->localport) { - /* If we are bound to a specific local end (IP+port), we must not - reuse a random other one, although if we did not ask for a - particular one we can reuse one that was bound. - - This comparison is a bit rough and too strict. Since the input - parameters can be specified in numerous ways and still end up the - same it would take a lot of processing to make it really accurate. - Instead, this matching will assume that reuses of bound connections - will most likely also reuse the exact same binding parameters and - missing out a few edge cases should not hurt anyone very much. - */ - if((check->localport != needle->localport) || - (check->localportrange != needle->localportrange) || - (needle->localdev && - (!check->localdev || strcmp(check->localdev, needle->localdev)))) - continue; - } - - if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) { - /* This protocol requires credentials per connection, - so verify that we are using the same name and password as well */ - if(Curl_timestrcmp(needle->user, check->user) || - Curl_timestrcmp(needle->passwd, check->passwd) || - Curl_timestrcmp(needle->sasl_authzid, check->sasl_authzid) || - Curl_timestrcmp(needle->oauth_bearer, check->oauth_bearer)) { - /* one of them was different */ - continue; - } + if(match->may_multiplex && + (data->state.httpwant == CURL_HTTP_VERSION_2_0) && + (needle->handler->protocol & CURLPROTO_HTTP) && + !conn->httpversion) { + if(data->set.pipewait) { + infof(data, "Server upgrade does not support multiplex yet, wait"); + match->found = NULL; + match->wait_pipe = TRUE; + return TRUE; /* stop searching, we want to wait */ } + infof(data, "Server upgrade cannot be used"); + return FALSE; + } - /* GSS delegation differences do not actually affect every connection - and auth method, but this check takes precaution before efficiency */ - if(needle->gssapi_delegation != check->gssapi_delegation) - continue; + if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) { + /* This protocol requires credentials per connection, + so verify that we are using the same name and password as well */ + if(Curl_timestrcmp(needle->user, conn->user) || + Curl_timestrcmp(needle->passwd, conn->passwd) || + Curl_timestrcmp(needle->sasl_authzid, conn->sasl_authzid) || + Curl_timestrcmp(needle->oauth_bearer, conn->oauth_bearer)) { + /* one of them was different */ + return FALSE; + } + } - /* If looking for HTTP and the HTTP version we want is less - * than the HTTP version of the check connection, continue looking */ - if((needle->handler->protocol & PROTO_FAMILY_HTTP) && - (((check->httpversion >= 20) && - (data->state.httpwant < CURL_HTTP_VERSION_2_0)) - || ((check->httpversion >= 30) && - (data->state.httpwant < CURL_HTTP_VERSION_3)))) - continue; -#ifdef USE_SSH - else if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) { - if(!ssh_config_matches(needle, check)) - continue; + /* GSS delegation differences do not actually affect every connection + and auth method, but this check takes precaution before efficiency */ + if(needle->gssapi_delegation != conn->gssapi_delegation) + return FALSE; + + /* If looking for HTTP and the HTTP version we want is less + * than the HTTP version of conn, continue looking. + * CURL_HTTP_VERSION_2TLS is default which indicates no preference, + * so we take any existing connection. */ + if((needle->handler->protocol & PROTO_FAMILY_HTTP) && + (data->state.httpwant != CURL_HTTP_VERSION_2TLS)) { + if((conn->httpversion >= 20) && + (data->state.httpwant < CURL_HTTP_VERSION_2_0)) { + DEBUGF(infof(data, "nor reusing conn #%" CURL_FORMAT_CURL_OFF_T + " with httpversion=%d, we want a version less than h2", + conn->connection_id, conn->httpversion)); + } + if((conn->httpversion >= 30) && + (data->state.httpwant < CURL_HTTP_VERSION_3)) { + DEBUGF(infof(data, "nor reusing conn #%" CURL_FORMAT_CURL_OFF_T + " with httpversion=%d, we want a version less than h3", + conn->connection_id, conn->httpversion)); + return FALSE; } + } +#ifdef USE_SSH + else if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) { + if(!ssh_config_matches(needle, conn)) + return FALSE; + } #endif #ifndef CURL_DISABLE_FTP - else if(get_protocol_family(needle->handler) & PROTO_FAMILY_FTP) { - /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */ - if(Curl_timestrcmp(needle->proto.ftpc.account, - check->proto.ftpc.account) || - Curl_timestrcmp(needle->proto.ftpc.alternative_to_user, - check->proto.ftpc.alternative_to_user) || - (needle->proto.ftpc.use_ssl != check->proto.ftpc.use_ssl) || - (needle->proto.ftpc.ccc != check->proto.ftpc.ccc)) - continue; - } + else if(get_protocol_family(needle->handler) & PROTO_FAMILY_FTP) { + /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */ + if(Curl_timestrcmp(needle->proto.ftpc.account, + conn->proto.ftpc.account) || + Curl_timestrcmp(needle->proto.ftpc.alternative_to_user, + conn->proto.ftpc.alternative_to_user) || + (needle->proto.ftpc.use_ssl != conn->proto.ftpc.use_ssl) || + (needle->proto.ftpc.ccc != conn->proto.ftpc.ccc)) + return FALSE; + } #endif - /* Additional match requirements if talking TLS OR - * not talking to an HTTP proxy OR using a tunnel through a proxy */ - if((needle->handler->flags&PROTOPT_SSL) + /* Additional match requirements if talking TLS OR + * not talking to an HTTP proxy OR using a tunnel through a proxy */ + if((needle->handler->flags&PROTOPT_SSL) #ifndef CURL_DISABLE_PROXY - || !needle->bits.httpproxy || needle->bits.tunnel_proxy -#endif - ) { - /* Talking the same protocol scheme or a TLS upgraded protocol in the - * same protocol family? */ - if(!strcasecompare(needle->handler->scheme, check->handler->scheme) && - (get_protocol_family(check->handler) != - needle->handler->protocol || !check->bits.tls_upgraded)) - continue; - - /* If needle has "conn_to_*" set, check must match this */ - if((needle->bits.conn_to_host && !strcasecompare( - needle->conn_to_host.name, check->conn_to_host.name)) || - (needle->bits.conn_to_port && - needle->conn_to_port != check->conn_to_port)) - continue; - - /* hostname and port must match */ - if(!strcasecompare(needle->host.name, check->host.name) || - needle->remote_port != check->remote_port) - continue; - - /* If talking TLS, check needs to use the same SSL options. */ - if((needle->handler->flags & PROTOPT_SSL) && - !Curl_ssl_conn_config_match(data, check, FALSE)) { - DEBUGF(infof(data, - "Connection #%" CURL_FORMAT_CURL_OFF_T - " has different SSL parameters, cannot reuse", - check->connection_id)); - continue; - } + || !needle->bits.httpproxy || needle->bits.tunnel_proxy +#endif + ) { + /* Talking the same protocol scheme or a TLS upgraded protocol in the + * same protocol family? */ + if(!strcasecompare(needle->handler->scheme, conn->handler->scheme) && + (get_protocol_family(conn->handler) != + needle->handler->protocol || !conn->bits.tls_upgraded)) + return FALSE; + + /* If needle has "conn_to_*" set, conn must match this */ + if((needle->bits.conn_to_host && !strcasecompare( + needle->conn_to_host.name, conn->conn_to_host.name)) || + (needle->bits.conn_to_port && + needle->conn_to_port != conn->conn_to_port)) + return FALSE; + + /* hostname and port must match */ + if(!strcasecompare(needle->host.name, conn->host.name) || + needle->remote_port != conn->remote_port) + return FALSE; + + /* If talking TLS, conn needs to use the same SSL options. */ + if((needle->handler->flags & PROTOPT_SSL) && + !Curl_ssl_conn_config_match(data, conn, FALSE)) { + DEBUGF(infof(data, + "Connection #%" FMT_OFF_T + " has different SSL parameters, cannot reuse", + conn->connection_id)); + return FALSE; } + } #if defined(USE_NTLM) - /* If we are looking for an HTTP+NTLM connection, check if this is - already authenticating with the right credentials. If not, keep - looking so that we can reuse NTLM connections if - possible. (Especially we must not reuse the same connection if - partway through a handshake!) */ - if(wantNTLMhttp) { - if(Curl_timestrcmp(needle->user, check->user) || - Curl_timestrcmp(needle->passwd, check->passwd)) { - - /* we prefer a credential match, but this is at least a connection - that can be reused and "upgraded" to NTLM */ - if(check->http_ntlm_state == NTLMSTATE_NONE) - chosen = check; - continue; - } - } - else if(check->http_ntlm_state != NTLMSTATE_NONE) { - /* Connection is using NTLM auth but we do not want NTLM */ - continue; - } + /* If we are looking for an HTTP+NTLM connection, check if this is + already authenticating with the right credentials. If not, keep + looking so that we can reuse NTLM connections if + possible. (Especially we must not reuse the same connection if + partway through a handshake!) */ + if(match->want_ntlm_http) { + if(Curl_timestrcmp(needle->user, conn->user) || + Curl_timestrcmp(needle->passwd, conn->passwd)) { + + /* we prefer a credential match, but this is at least a connection + that can be reused and "upgraded" to NTLM */ + if(conn->http_ntlm_state == NTLMSTATE_NONE) + match->found = conn; + return FALSE; + } + } + else if(conn->http_ntlm_state != NTLMSTATE_NONE) { + /* Connection is using NTLM auth but we do not want NTLM */ + return FALSE; + } #ifndef CURL_DISABLE_PROXY - /* Same for Proxy NTLM authentication */ - if(wantProxyNTLMhttp) { - /* Both check->http_proxy.user and check->http_proxy.passwd can be - * NULL */ - if(!check->http_proxy.user || !check->http_proxy.passwd) - continue; - - if(Curl_timestrcmp(needle->http_proxy.user, - check->http_proxy.user) || - Curl_timestrcmp(needle->http_proxy.passwd, - check->http_proxy.passwd)) - continue; - } - else if(check->proxy_ntlm_state != NTLMSTATE_NONE) { - /* Proxy connection is using NTLM auth but we do not want NTLM */ - continue; - } -#endif - if(wantNTLMhttp || wantProxyNTLMhttp) { - /* Credentials are already checked, we may use this connection. - * With NTLM being weird as it is, we MUST use a - * connection where it has already been fully negotiated. - * If it has not, we keep on looking for a better one. */ - chosen = check; - - if((wantNTLMhttp && - (check->http_ntlm_state != NTLMSTATE_NONE)) || - (wantProxyNTLMhttp && - (check->proxy_ntlm_state != NTLMSTATE_NONE))) { - /* We must use this connection, no other */ - *force_reuse = TRUE; - break; - } - /* Continue look up for a better connection */ - continue; + /* Same for Proxy NTLM authentication */ + if(match->want_proxy_ntlm_http) { + /* Both conn->http_proxy.user and conn->http_proxy.passwd can be + * NULL */ + if(!conn->http_proxy.user || !conn->http_proxy.passwd) + return FALSE; + + if(Curl_timestrcmp(needle->http_proxy.user, + conn->http_proxy.user) || + Curl_timestrcmp(needle->http_proxy.passwd, + conn->http_proxy.passwd)) + return FALSE; + } + else if(conn->proxy_ntlm_state != NTLMSTATE_NONE) { + /* Proxy connection is using NTLM auth but we do not want NTLM */ + return FALSE; + } +#endif + if(match->want_ntlm_http || match->want_proxy_ntlm_http) { + /* Credentials are already checked, we may use this connection. + * With NTLM being weird as it is, we MUST use a + * connection where it has already been fully negotiated. + * If it has not, we keep on looking for a better one. */ + match->found = conn; + + if((match->want_ntlm_http && + (conn->http_ntlm_state != NTLMSTATE_NONE)) || + (match->want_proxy_ntlm_http && + (conn->proxy_ntlm_state != NTLMSTATE_NONE))) { + /* We must use this connection, no other */ + match->force_reuse = TRUE; + return TRUE; } + /* Continue look up for a better connection */ + return FALSE; + } #endif - if(CONN_INUSE(check)) { - DEBUGASSERT(canmultiplex); - DEBUGASSERT(check->bits.multiplex); - /* If multiplexed, make sure we do not go over concurrency limit */ - if(CONN_INUSE(check) >= - Curl_multi_max_concurrent_streams(data->multi)) { - infof(data, "client side MAX_CONCURRENT_STREAMS reached" - ", skip (%zu)", CONN_INUSE(check)); - continue; - } - if(CONN_INUSE(check) >= - Curl_conn_get_max_concurrent(data, check, FIRSTSOCKET)) { - infof(data, "MAX_CONCURRENT_STREAMS reached, skip (%zu)", - CONN_INUSE(check)); - continue; - } - /* When not multiplexed, we have a match here! */ - infof(data, "Multiplexed connection found"); + if(CONN_INUSE(conn)) { + DEBUGASSERT(match->may_multiplex); + DEBUGASSERT(conn->bits.multiplex); + /* If multiplexed, make sure we do not go over concurrency limit */ + if(CONN_INUSE(conn) >= + Curl_multi_max_concurrent_streams(data->multi)) { + infof(data, "client side MAX_CONCURRENT_STREAMS reached" + ", skip (%zu)", CONN_INUSE(conn)); + return FALSE; } - else if(prune_if_dead(check, data)) { - /* disconnect it, do not treat as aborted */ - Curl_disconnect(data, check, FALSE); - continue; + if(CONN_INUSE(conn) >= + Curl_conn_get_max_concurrent(data, conn, FIRSTSOCKET)) { + infof(data, "MAX_CONCURRENT_STREAMS reached, skip (%zu)", + CONN_INUSE(conn)); + return FALSE; } + /* When not multiplexed, we have a match here! */ + infof(data, "Multiplexed connection found"); + } + else if(Curl_conn_seems_dead(conn, data, NULL)) { + /* removed and disconnect. Do not treat as aborted. */ + Curl_cpool_disconnect(data, conn, FALSE); + return FALSE; + } - /* We have found a connection. Let's stop searching. */ - chosen = check; - break; - } /* loop over connection bundle */ + /* We have found a connection. Let's stop searching. */ + match->found = conn; + return TRUE; +} - if(chosen) { - /* mark it as used before releasing the lock */ - Curl_attach_connection(data, chosen); - CONNCACHE_UNLOCK(data); - *usethis = chosen; - return TRUE; /* yes, we found one to use! */ +static bool url_match_result(bool result, void *userdata) +{ + struct url_conn_match *match = userdata; + (void)result; + if(match->found) { + /* Attach it now while still under lock, so the connection does + * no longer appear idle and can be reaped. */ + Curl_attach_connection(match->data, match->found); + return TRUE; } - CONNCACHE_UNLOCK(data); - - if(foundPendingCandidate && data->set.pipewait) { - infof(data, + else if(match->seen_single_use_conn && !match->seen_multiplex_conn) { + /* We've seen a single-use, existing connection to the destination and + * no multiplexed one. It seems safe to assume that the server does + * not support multiplexing. */ + match->wait_pipe = FALSE; + } + else if(match->seen_pending_conn && match->data->set.pipewait) { + infof(match->data, "Found pending candidate for reuse and CURLOPT_PIPEWAIT is set"); - *waitpipe = TRUE; + match->wait_pipe = TRUE; } + match->force_reuse = FALSE; + return FALSE; +} + +/* + * Given one filled in connection struct (named needle), this function should + * detect if there already is one that has all the significant details + * exactly the same and thus should be used instead. + * + * If there is a match, this function returns TRUE - and has marked the + * connection as 'in-use'. It must later be called with ConnectionDone() to + * return back to 'idle' (unused) state. + * + * The force_reuse flag is set if the connection must be used. + */ +static bool +ConnectionExists(struct Curl_easy *data, + struct connectdata *needle, + struct connectdata **usethis, + bool *force_reuse, + bool *waitpipe) +{ + struct url_conn_match match; + bool result; - return FALSE; /* no matching connecting exists */ + memset(&match, 0, sizeof(match)); + match.data = data; + match.needle = needle; + match.may_multiplex = xfer_may_multiplex(data, needle); + +#ifdef USE_NTLM + match.want_ntlm_http = ((data->state.authhost.want & CURLAUTH_NTLM) && + (needle->handler->protocol & PROTO_FAMILY_HTTP)); +#ifndef CURL_DISABLE_PROXY + match.want_proxy_ntlm_http = + (needle->bits.proxy_user_passwd && + (data->state.authproxy.want & CURLAUTH_NTLM) && + (needle->handler->protocol & PROTO_FAMILY_HTTP)); +#endif +#endif + + /* Find a connection in the pool that matches what "data + needle" + * requires. If a suitable candidate is found, it is attached to "data". */ + result = Curl_cpool_find(data, needle->destination, needle->destination_len, + url_match_conn, url_match_result, &match); + + /* wait_pipe is TRUE if we encounter a bundle that is undecided. There + * is no matching connection then, yet. */ + *usethis = match.found; + *force_reuse = match.force_reuse; + *waitpipe = match.wait_pipe; + return result; } /* @@ -1311,6 +1288,21 @@ void Curl_verboseconnect(struct Curl_easy *data, infof(data, "Connected to %s (%s) port %u", CURL_CONN_HOST_DISPNAME(conn), conn->primary.remote_ip, conn->primary.remote_port); +#if !defined(CURL_DISABLE_HTTP) + if(conn->handler->protocol & PROTO_FAMILY_HTTP) { + switch(conn->alpn) { + case CURL_HTTP_VERSION_3: + infof(data, "using HTTP/3"); + break; + case CURL_HTTP_VERSION_2: + infof(data, "using HTTP/2"); + break; + default: + infof(data, "using HTTP/1.x"); + break; + } + } +#endif } #endif @@ -1351,22 +1343,19 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) /* note that these two proxy bits are now just on what looks to be requested, they may be altered down the road */ conn->bits.proxy = (data->set.str[STRING_PROXY] && - *data->set.str[STRING_PROXY]) ? TRUE : FALSE; + *data->set.str[STRING_PROXY]); conn->bits.httpproxy = (conn->bits.proxy && (conn->http_proxy.proxytype == CURLPROXY_HTTP || conn->http_proxy.proxytype == CURLPROXY_HTTP_1_0 || - IS_HTTPS_PROXY(conn->http_proxy.proxytype))) ? - TRUE : FALSE; - conn->bits.socksproxy = (conn->bits.proxy && - !conn->bits.httpproxy) ? TRUE : FALSE; + IS_HTTPS_PROXY(conn->http_proxy.proxytype))); + conn->bits.socksproxy = (conn->bits.proxy && !conn->bits.httpproxy); if(data->set.str[STRING_PRE_PROXY] && *data->set.str[STRING_PRE_PROXY]) { conn->bits.proxy = TRUE; conn->bits.socksproxy = TRUE; } - conn->bits.proxy_user_passwd = - (data->state.aptr.proxyuser) ? TRUE : FALSE; + conn->bits.proxy_user_passwd = !!data->state.aptr.proxyuser; conn->bits.tunnel_proxy = data->set.tunnel_thru_httpproxy; #endif /* CURL_DISABLE_PROXY */ @@ -1519,7 +1508,7 @@ const struct Curl_handler *Curl_getn_scheme_handler(const char *scheme, #else NULL, #endif -#if defined(USE_WEBSOCKETS) && \ +#if !defined(CURL_DISABLE_WEBSOCKETS) && \ defined(USE_SSL) && !defined(CURL_DISABLE_HTTP) &Curl_handler_wss, #else @@ -1588,7 +1577,7 @@ const struct Curl_handler *Curl_getn_scheme_handler(const char *scheme, NULL, #endif NULL, -#if defined(USE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) +#if !defined(CURL_DISABLE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) &Curl_handler_ws, #else NULL, @@ -1868,10 +1857,10 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, return result; /* - * username and password set with their own options override the - * credentials possibly set in the URL. + * username and password set with their own options override the credentials + * possibly set in the URL, but netrc does not. */ - if(!data->set.str[STRING_PASSWORD]) { + if(!data->state.aptr.passwd || (data->state.creds_from != CREDS_OPTION)) { uc = curl_url_get(uh, CURLUPART_PASSWORD, &data->state.up.password, 0); if(!uc) { char *decoded; @@ -1884,12 +1873,13 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, result = Curl_setstropt(&data->state.aptr.passwd, decoded); if(result) return result; + data->state.creds_from = CREDS_URL; } else if(uc != CURLUE_NO_PASSWORD) return Curl_uc_to_curlcode(uc); } - if(!data->set.str[STRING_USERNAME]) { + if(!data->state.aptr.user || (data->state.creds_from != CREDS_OPTION)) { /* we do not use the URL API's URL decoder option here since it rejects control codes and we want to allow them for some schemes in the user and password fields */ @@ -1903,13 +1893,10 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, return result; conn->user = decoded; result = Curl_setstropt(&data->state.aptr.user, decoded); + data->state.creds_from = CREDS_URL; } else if(uc != CURLUE_NO_USER) return Curl_uc_to_curlcode(uc); - else if(data->state.aptr.passwd) { - /* no user was set but a password, set a blank user */ - result = Curl_setstropt(&data->state.aptr.user, ""); - } if(result) return result; } @@ -1967,15 +1954,15 @@ static CURLcode setup_range(struct Curl_easy *data) free(s->range); if(s->resume_from) - s->range = aprintf("%" CURL_FORMAT_CURL_OFF_T "-", s->resume_from); + s->range = aprintf("%" FMT_OFF_T "-", s->resume_from); else s->range = strdup(data->set.str[STRING_SET_RANGE]); - s->rangestringalloc = (s->range) ? TRUE : FALSE; - if(!s->range) return CURLE_OUT_OF_MEMORY; + s->rangestringalloc = TRUE; + /* tell ourselves to fetch this range */ s->use_range = TRUE; /* enable range download */ } @@ -1999,6 +1986,8 @@ static CURLcode setup_connection_internals(struct Curl_easy *data, struct connectdata *conn) { const struct Curl_handler *p; + const char *hostname; + int port; CURLcode result; /* Perform setup complement if some. */ @@ -2014,10 +2003,38 @@ static CURLcode setup_connection_internals(struct Curl_easy *data, } if(conn->primary.remote_port < 0) - /* we check for -1 here since if proxy was detected already, this - was very likely already set to the proxy port */ + /* we check for -1 here since if proxy was detected already, this was + likely already set to the proxy port */ conn->primary.remote_port = p->defport; + /* Now create the destination name */ +#ifndef CURL_DISABLE_PROXY + if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) { + hostname = conn->http_proxy.host.name; + port = conn->primary.remote_port; + } + else +#endif + { + port = conn->remote_port; + if(conn->bits.conn_to_host) + hostname = conn->conn_to_host.name; + else + hostname = conn->host.name; + } + +#ifdef USE_IPV6 + conn->destination = aprintf("%u/%d/%s", conn->scope_id, port, hostname); +#else + conn->destination = aprintf("%d/%s", port, hostname); +#endif + if(!conn->destination) + return CURLE_OUT_OF_MEMORY; + + conn->destination_len = strlen(conn->destination) + 1; + Curl_strntolower(conn->destination, conn->destination, + conn->destination_len - 1); + return CURLE_OK; } @@ -2082,7 +2099,7 @@ static char *detect_proxy(struct Curl_easy *data, } if(!proxy) { -#ifdef USE_WEBSOCKETS +#ifndef CURL_DISABLE_WEBSOCKETS /* websocket proxy fallbacks */ if(strcasecompare("ws_proxy", proxy_env)) { proxy = curl_getenv("http_proxy"); @@ -2100,7 +2117,7 @@ static char *detect_proxy(struct Curl_easy *data, envp = (char *)"ALL_PROXY"; proxy = curl_getenv(envp); } -#ifdef USE_WEBSOCKETS +#ifndef CURL_DISABLE_WEBSOCKETS } #endif } @@ -2341,7 +2358,7 @@ static CURLcode parse_proxy_auth(struct Curl_easy *data, return result; } -/* create_conn helper to parse and init proxy values. to be called after unix +/* create_conn helper to parse and init proxy values. to be called after Unix socket init but before any proxy vars are evaluated. */ static CURLcode create_conn_helper_init_proxy(struct Curl_easy *data, struct connectdata *conn) @@ -2408,7 +2425,7 @@ static CURLcode create_conn_helper_init_proxy(struct Curl_easy *data, Curl_safefree(no_proxy); #ifdef USE_UNIX_SOCKETS - /* For the time being do not mix proxy and unix domain sockets. See #1274 */ + /* For the time being do not mix proxy and Unix domain sockets. See #1274 */ if(proxy && conn->unix_domain_socket) { free(proxy); proxy = NULL; @@ -2663,13 +2680,14 @@ static CURLcode override_login(struct Curl_easy *data, int ret; bool url_provided = FALSE; - if(data->state.aptr.user) { + if(data->state.aptr.user && + (data->state.creds_from != CREDS_NETRC)) { /* there was a username in the URL. Use the URL decoded version */ userp = &data->state.aptr.user; url_provided = TRUE; } - ret = Curl_parsenetrc(conn->host.name, + ret = Curl_parsenetrc(&data->state.netrc, conn->host.name, userp, passwdp, data->set.str[STRING_NETRC_FILE]); if(ret > 0) { @@ -2711,6 +2729,7 @@ static CURLcode override_login(struct Curl_easy *data, result = Curl_setstropt(&data->state.aptr.user, *userp); if(result) return result; + data->state.creds_from = CREDS_NETRC; } } if(data->state.aptr.user) { @@ -2728,6 +2747,7 @@ static CURLcode override_login(struct Curl_easy *data, CURLcode result = Curl_setstropt(&data->state.aptr.passwd, *passwdp); if(result) return result; + data->state.creds_from = CREDS_NETRC; } if(data->state.aptr.passwd) { uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, @@ -2893,8 +2913,8 @@ static CURLcode parse_connect_to_string(struct Curl_easy *data, { CURLcode result = CURLE_OK; const char *ptr = conn_to_host; - int host_match = FALSE; - int port_match = FALSE; + bool host_match = FALSE; + bool port_match = FALSE; *host_result = NULL; *port_result = -1; @@ -3007,9 +3027,10 @@ static CURLcode parse_connect_to_slist(struct Curl_easy *data, #endif )) { /* no connect_to match, try alt-svc! */ - enum alpnid srcalpnid; - bool hit; - struct altsvc *as; + enum alpnid srcalpnid = ALPN_none; + bool use_alt_svc = FALSE; + bool hit = FALSE; + struct altsvc *as = NULL; const int allowed_versions = ( ALPN_h1 #ifdef USE_HTTP2 | ALPN_h2 @@ -3018,24 +3039,65 @@ static CURLcode parse_connect_to_slist(struct Curl_easy *data, | ALPN_h3 #endif ) & data->asi->flags; + static enum alpnid alpn_ids[] = { +#ifdef USE_HTTP3 + ALPN_h3, +#endif +#ifdef USE_HTTP2 + ALPN_h2, +#endif + ALPN_h1, + }; + size_t i; + + switch(data->state.httpwant) { + case CURL_HTTP_VERSION_1_0: + break; + case CURL_HTTP_VERSION_1_1: + use_alt_svc = TRUE; + srcalpnid = ALPN_h1; /* only regard alt-svc advice for http/1.1 */ + break; + case CURL_HTTP_VERSION_2_0: + use_alt_svc = TRUE; + srcalpnid = ALPN_h2; /* only regard alt-svc advice for h2 */ + break; + case CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE: + break; + case CURL_HTTP_VERSION_3: + use_alt_svc = TRUE; + srcalpnid = ALPN_h3; /* only regard alt-svc advice for h3 */ + break; + case CURL_HTTP_VERSION_3ONLY: + break; + default: /* no specific HTTP version wanted, look at all of alt-svc */ + use_alt_svc = TRUE; + srcalpnid = ALPN_none; + break; + } + if(!use_alt_svc) + return CURLE_OK; host = conn->host.rawalloc; -#ifdef USE_HTTP2 - /* with h2 support, check that first */ - srcalpnid = ALPN_h2; - hit = Curl_altsvc_lookup(data->asi, - srcalpnid, host, conn->remote_port, /* from */ - &as /* to */, - allowed_versions); - if(!hit) -#endif - { - srcalpnid = ALPN_h1; + DEBUGF(infof(data, "check Alt-Svc for host %s", host)); + if(srcalpnid == ALPN_none) { + /* scan all alt-svc protocol ids in order or relevance */ + for(i = 0; !hit && (i < ARRAYSIZE(alpn_ids)); ++i) { + srcalpnid = alpn_ids[i]; + hit = Curl_altsvc_lookup(data->asi, + srcalpnid, host, conn->remote_port, /* from */ + &as /* to */, + allowed_versions); + } + } + else { + /* look for a specific alt-svc protocol id */ hit = Curl_altsvc_lookup(data->asi, srcalpnid, host, conn->remote_port, /* from */ &as /* to */, allowed_versions); } + + if(hit) { char *hostd = strdup((char *)as->dst.host); if(!hostd) @@ -3101,140 +3163,82 @@ static CURLcode resolve_unix(struct Curl_easy *data, return longpath ? CURLE_COULDNT_RESOLVE_HOST : CURLE_OUT_OF_MEMORY; } - hostaddr->inuse++; + hostaddr->refcount = 1; /* connection is the only one holding this */ conn->dns_entry = hostaddr; return CURLE_OK; } #endif -#ifndef CURL_DISABLE_PROXY -static CURLcode resolve_proxy(struct Curl_easy *data, - struct connectdata *conn, - bool *async) +/************************************************************* + * Resolve the address of the server or proxy + *************************************************************/ +static CURLcode resolve_server(struct Curl_easy *data, + struct connectdata *conn, + bool *async) { - struct Curl_dns_entry *hostaddr = NULL; - struct hostname *host; + struct hostname *ehost; timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE); + const char *peertype = "host"; int rc; +#ifdef USE_UNIX_SOCKETS + char *unix_path = conn->unix_domain_socket; - DEBUGASSERT(conn->dns_entry == NULL); - - host = conn->bits.socksproxy ? &conn->socks_proxy.host : - &conn->http_proxy.host; - - conn->hostname_resolve = strdup(host->name); - if(!conn->hostname_resolve) - return CURLE_OUT_OF_MEMORY; +#ifndef CURL_DISABLE_PROXY + if(!unix_path && CONN_IS_PROXIED(conn) && conn->socks_proxy.host.name && + !strncmp(UNIX_SOCKET_PREFIX"/", + conn->socks_proxy.host.name, sizeof(UNIX_SOCKET_PREFIX))) + unix_path = conn->socks_proxy.host.name + sizeof(UNIX_SOCKET_PREFIX) - 1; +#endif - rc = Curl_resolv_timeout(data, conn->hostname_resolve, - conn->primary.remote_port, &hostaddr, timeout_ms); - conn->dns_entry = hostaddr; - if(rc == CURLRESOLV_PENDING) - *async = TRUE; - else if(rc == CURLRESOLV_TIMEDOUT) - return CURLE_OPERATION_TIMEDOUT; - else if(!hostaddr) { - failf(data, "Couldn't resolve proxy '%s'", host->dispname); - return CURLE_COULDNT_RESOLVE_PROXY; + if(unix_path) { + /* TODO, this only works if previous transport is TRNSPRT_TCP. Check it? */ + conn->transport = TRNSPRT_UNIX; + return resolve_unix(data, conn, unix_path); } - - return CURLE_OK; -} #endif -static CURLcode resolve_host(struct Curl_easy *data, - struct connectdata *conn, - bool *async) -{ - struct Curl_dns_entry *hostaddr = NULL; - struct hostname *connhost; - timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE); - int rc; - DEBUGASSERT(conn->dns_entry == NULL); - connhost = conn->bits.conn_to_host ? &conn->conn_to_host : &conn->host; - - /* If not connecting via a proxy, extract the port from the URL, if it is - * there, thus overriding any defaults that might have been set above. */ - conn->primary.remote_port = conn->bits.conn_to_port ? conn->conn_to_port : - conn->remote_port; +#ifndef CURL_DISABLE_PROXY + if(CONN_IS_PROXIED(conn)) { + ehost = conn->bits.socksproxy ? &conn->socks_proxy.host : + &conn->http_proxy.host; + peertype = "proxy"; + } + else +#endif + { + ehost = conn->bits.conn_to_host ? &conn->conn_to_host : &conn->host; + /* If not connecting via a proxy, extract the port from the URL, if it is + * there, thus overriding any defaults that might have been set above. */ + conn->primary.remote_port = conn->bits.conn_to_port ? conn->conn_to_port : + conn->remote_port; + } /* Resolve target host right on */ - conn->hostname_resolve = strdup(connhost->name); + conn->hostname_resolve = strdup(ehost->name); if(!conn->hostname_resolve) return CURLE_OUT_OF_MEMORY; rc = Curl_resolv_timeout(data, conn->hostname_resolve, - conn->primary.remote_port, &hostaddr, timeout_ms); - conn->dns_entry = hostaddr; + conn->primary.remote_port, + &conn->dns_entry, timeout_ms); if(rc == CURLRESOLV_PENDING) *async = TRUE; else if(rc == CURLRESOLV_TIMEDOUT) { - failf(data, "Failed to resolve host '%s' with timeout after %" - CURL_FORMAT_TIMEDIFF_T " ms", connhost->dispname, + failf(data, "Failed to resolve %s '%s' with timeout after %" + FMT_TIMEDIFF_T " ms", peertype, ehost->dispname, Curl_timediff(Curl_now(), data->progress.t_startsingle)); return CURLE_OPERATION_TIMEDOUT; } - else if(!hostaddr) { - failf(data, "Could not resolve host: %s", connhost->dispname); + else if(!conn->dns_entry) { + failf(data, "Could not resolve %s: %s", peertype, ehost->dispname); return CURLE_COULDNT_RESOLVE_HOST; } return CURLE_OK; } -/* Perform a fresh resolve */ -static CURLcode resolve_fresh(struct Curl_easy *data, - struct connectdata *conn, - bool *async) -{ -#ifdef USE_UNIX_SOCKETS - char *unix_path = conn->unix_domain_socket; - -#ifndef CURL_DISABLE_PROXY - if(!unix_path && conn->socks_proxy.host.name && - !strncmp(UNIX_SOCKET_PREFIX"/", - conn->socks_proxy.host.name, sizeof(UNIX_SOCKET_PREFIX))) - unix_path = conn->socks_proxy.host.name + sizeof(UNIX_SOCKET_PREFIX) - 1; -#endif - - if(unix_path) { - conn->transport = TRNSPRT_UNIX; - return resolve_unix(data, conn, unix_path); - } -#endif - -#ifndef CURL_DISABLE_PROXY - if(CONN_IS_PROXIED(conn)) - return resolve_proxy(data, conn, async); -#endif - - return resolve_host(data, conn, async); -} - -/************************************************************* - * Resolve the address of the server or proxy - *************************************************************/ -static CURLcode resolve_server(struct Curl_easy *data, - struct connectdata *conn, - bool *async) -{ - DEBUGASSERT(conn); - DEBUGASSERT(data); - - /* Resolve the name of the server or proxy */ - if(conn->bits.reuse) { - /* We are reusing the connection - no need to resolve anything, and - idnconvert_hostname() was called already in create_conn() for the reuse - case. */ - *async = FALSE; - return CURLE_OK; - } - - return resolve_fresh(data, conn, async); -} - /* * Cleanup the connection `temp`, just allocated for `data`, before using the * previously `existing` one for `data`. All relevant info is copied over @@ -3275,7 +3279,7 @@ static void reuse_conn(struct Curl_easy *data, } #endif - /* Finding a connection for reuse in the cache matches, among other + /* Finding a connection for reuse in the cpool matches, among other * things on the "remote-relevant" hostname. This is not necessarily * the authority of the URL, e.g. conn->host. For example: * - we use a proxy (not tunneling). we want to send all requests @@ -3337,8 +3341,6 @@ static CURLcode create_conn(struct Curl_easy *data, bool connections_available = TRUE; bool force_reuse = FALSE; bool waitpipe = FALSE; - size_t max_host_connections = Curl_multi_max_host_connections(data->multi); - size_t max_total_connections = Curl_multi_max_total_connections(data->multi); *async = FALSE; *in_connect = NULL; @@ -3398,7 +3400,7 @@ static CURLcode create_conn(struct Curl_easy *data, } #endif - /* After the unix socket init but before the proxy vars are used, parse and + /* After the Unix socket init but before the proxy vars are used, parse and initialize the proxy vars */ #ifndef CURL_DISABLE_PROXY result = create_conn_helper_init_proxy(data, conn); @@ -3503,13 +3505,15 @@ static CURLcode create_conn(struct Curl_easy *data, /* this is supposed to be the connect function so we better at least check that the file is present here! */ DEBUGASSERT(conn->handler->connect_it); - Curl_persistconninfo(data, conn, NULL); + data->info.conn_scheme = conn->handler->scheme; + /* conn_protocol can only provide "old" protocols */ + data->info.conn_protocol = (conn->handler->protocol) & CURLPROTO_MASK; result = conn->handler->connect_it(data, &done); /* Setup a "faked" transfer that will do nothing */ if(!result) { Curl_attach_connection(data, conn); - result = Curl_conncache_add_conn(data); + result = Curl_cpool_add_conn(data, conn); if(result) goto out; @@ -3545,7 +3549,8 @@ static CURLcode create_conn(struct Curl_easy *data, if(result) goto out; - prune_dead_connections(data); + /* FIXME: do we really want to run this every time we add a transfer? */ + Curl_cpool_prune_dead(data); /************************************************************* * Check the current list of connections to see if we can @@ -3578,7 +3583,7 @@ static CURLcode create_conn(struct Curl_easy *data, #ifndef CURL_DISABLE_PROXY infof(data, "Re-using existing connection with %s %s", - conn->bits.proxy?"proxy":"host", + conn->bits.proxy ? "proxy" : "host", conn->socks_proxy.host.name ? conn->socks_proxy.host.dispname : conn->http_proxy.host.name ? conn->http_proxy.host.dispname : conn->host.dispname); @@ -3604,43 +3609,14 @@ static CURLcode create_conn(struct Curl_easy *data, "soon", and we wait for that */ connections_available = FALSE; else { - /* this gets a lock on the conncache */ - struct connectbundle *bundle = - Curl_conncache_find_bundle(data, conn, data->state.conn_cache); - - if(max_host_connections > 0 && bundle && - (bundle->num_connections >= max_host_connections)) { - struct connectdata *conn_candidate; - - /* The bundle is full. Extract the oldest connection. */ - conn_candidate = Curl_conncache_extract_bundle(data, bundle); - CONNCACHE_UNLOCK(data); - - if(conn_candidate) - Curl_disconnect(data, conn_candidate, FALSE); - else { - infof(data, "No more connections allowed to host: %zu", - max_host_connections); - connections_available = FALSE; - } - } - else - CONNCACHE_UNLOCK(data); - - } - - if(connections_available && - (max_total_connections > 0) && - (Curl_conncache_size(data) >= max_total_connections)) { - struct connectdata *conn_candidate; - - /* The cache is full. Let's see if we can kill a connection. */ - conn_candidate = Curl_conncache_extract_oldest(data); - if(conn_candidate) - Curl_disconnect(data, conn_candidate, FALSE); - else + switch(Curl_cpool_check_limits(data, conn)) { + case CPOOL_LIMIT_DEST: + infof(data, "No more connections allowed to host"); + connections_available = FALSE; + break; + case CPOOL_LIMIT_TOTAL: #ifndef CURL_DISABLE_DOH - if(data->set.dohfor) + if(data->set.dohfor_mid >= 0) infof(data, "Allowing DoH to override max connection limit"); else #endif @@ -3648,6 +3624,10 @@ static CURLcode create_conn(struct Curl_easy *data, infof(data, "No connections available in cache"); connections_available = FALSE; } + break; + default: + break; + } } if(!connections_available) { @@ -3671,7 +3651,7 @@ static CURLcode create_conn(struct Curl_easy *data, } Curl_attach_connection(data, conn); - result = Curl_conncache_add_conn(data); + result = Curl_cpool_add_conn(data, conn); if(result) goto out; } @@ -3708,16 +3688,35 @@ static CURLcode create_conn(struct Curl_easy *data, /* Continue connectdata initialization here. */ - /************************************************************* - * Resolve the address of the server or proxy - *************************************************************/ - result = resolve_server(data, conn, async); - if(result) - goto out; + if(conn->bits.reuse) { + /* We are reusing the connection - no need to resolve anything, and + idnconvert_hostname() was called already in create_conn() for the reuse + case. */ + *async = FALSE; + } + else { + /************************************************************* + * Resolve the address of the server or proxy + *************************************************************/ + result = resolve_server(data, conn, async); + if(result) + goto out; + } + + /* persist the scheme and handler the transfer is using */ + data->info.conn_scheme = conn->handler->scheme; + /* conn_protocol can only provide "old" protocols */ + data->info.conn_protocol = (conn->handler->protocol) & CURLPROTO_MASK; + data->info.used_proxy = +#ifdef CURL_DISABLE_PROXY + 0 +#else + conn->bits.proxy +#endif + ; /* Everything general done, inform filters that they need - * to prepare for a data transfer. - */ + * to prepare for a data transfer. */ result = Curl_conn_ev_data_setup(data); out: @@ -3743,18 +3742,6 @@ CURLcode Curl_setup_conn(struct Curl_easy *data, return result; } -#ifndef CURL_DISABLE_PROXY - /* set proxy_connect_closed to false unconditionally already here since it - is used strictly to provide extra information to a parent function in the - case of proxy CONNECT failures and we must make sure we do not have it - lingering set from a previous invoke */ - conn->bits.proxy_connect_closed = FALSE; -#endif - -#ifdef CURL_DO_LINEEND_CONV - data->state.crlf_conversions = 0; /* reset CRLF conversion counter */ -#endif /* CURL_DO_LINEEND_CONV */ - /* set start time here for timeout purposes in the connect procedure, it is later set again for the progress meter purpose */ conn->now = Curl_now(); @@ -3803,8 +3790,7 @@ CURLcode Curl_connect(struct Curl_easy *data, /* We are not allowed to return failure with memory left allocated in the connectdata struct, free those here */ Curl_detach_connection(data); - Curl_conncache_remove_conn(data, conn, TRUE); - Curl_disconnect(data, conn, TRUE); + Curl_cpool_disconnect(data, conn, TRUE); } return result; diff --git a/libraries/libcurl/url.h b/libraries/libcurl/url.h index 55f9b158..47c1db44 100644 --- a/libraries/libcurl/url.h +++ b/libraries/libcurl/url.h @@ -37,8 +37,8 @@ void Curl_freeset(struct Curl_easy *data); CURLcode Curl_uc_to_curlcode(CURLUcode uc); CURLcode Curl_close(struct Curl_easy **datap); /* opposite of curl_open() */ CURLcode Curl_connect(struct Curl_easy *, bool *async, bool *protocol_connect); -void Curl_disconnect(struct Curl_easy *data, - struct connectdata *, bool aborted); +bool Curl_on_disconnect(struct Curl_easy *data, + struct connectdata *, bool aborted); CURLcode Curl_setup_conn(struct Curl_easy *data, bool *protocol_done); void Curl_conn_free(struct Curl_easy *data, struct connectdata *conn); @@ -65,6 +65,21 @@ void Curl_verboseconnect(struct Curl_easy *data, struct connectdata *conn, int sockindex); #endif +/** + * Return TRUE iff the given connection is considered dead. + * @param nowp NULL or pointer to time being checked against. + */ +bool Curl_conn_seems_dead(struct connectdata *conn, + struct Curl_easy *data, + struct curltime *nowp); + +/** + * Perform upkeep operations on the connection. + */ +CURLcode Curl_conn_upkeep(struct Curl_easy *data, + struct connectdata *conn, + struct curltime *now); + #if defined(USE_HTTP2) || defined(USE_HTTP3) void Curl_data_priority_clear_state(struct Curl_easy *data); #else diff --git a/libraries/libcurl/urlapi.c b/libraries/libcurl/urlapi.c index b71be384..98c8f6fe 100644 --- a/libraries/libcurl/urlapi.c +++ b/libraries/libcurl/urlapi.c @@ -34,20 +34,19 @@ #include "inet_ntop.h" #include "strdup.h" #include "idn.h" -#include "curl_memrchr.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" #include "memdebug.h" - /* MSDOS/Windows style drive prefix, eg c: in c:foo */ + /* MS-DOS/Windows style drive prefix, eg c: in c:foo */ #define STARTS_WITH_DRIVE_PREFIX(str) \ ((('a' <= str[0] && str[0] <= 'z') || \ ('A' <= str[0] && str[0] <= 'Z')) && \ (str[1] == ':')) - /* MSDOS/Windows style drive prefix, optionally with + /* MS-DOS/Windows style drive prefix, optionally with * a '|' instead of ':', followed by a slash or NUL */ #define STARTS_WITH_URL_DRIVE_PREFIX(str) \ ((('a' <= (str)[0] && (str)[0] <= 'z') || \ @@ -182,7 +181,7 @@ static CURLUcode urlencode_str(struct dynbuf *o, const char *url, if(urlchar_needs_escaping(*iptr)) { char out[3]={'%'}; - out[1] = hexdigits[*iptr>>4]; + out[1] = hexdigits[*iptr >> 4]; out[2] = hexdigits[*iptr & 0xf]; result = Curl_dyn_addn(o, out, 3); } @@ -468,7 +467,7 @@ static CURLUcode parse_hostname_login(struct Curl_URL *u, ccode = Curl_parse_login_details(login, ptr - login - 1, &userp, &passwdp, (h && (h->flags & PROTOPT_URLOPTIONS)) ? - &optionsp:NULL); + &optionsp : NULL); if(ccode) { result = CURLUE_BAD_LOGIN; goto out; @@ -611,19 +610,14 @@ static CURLUcode ipv6_parse(struct Curl_URL *u, char *hostname, /* hostname is fine */ } - /* Check the IPv6 address. */ + /* Normalize the IPv6 address */ { char dest[16]; /* fits a binary IPv6 address */ - char norm[MAX_IPADR_LEN]; hostname[hlen] = 0; /* end the address there */ if(1 != Curl_inet_pton(AF_INET6, hostname, dest)) return CURLUE_BAD_IPV6; - - /* check if it can be done shorter */ - if(Curl_inet_ntop(AF_INET6, dest, norm, sizeof(norm)) && - (strlen(norm) < hlen)) { - strcpy(hostname, norm); - hlen = strlen(norm); + if(Curl_inet_ntop(AF_INET6, dest, hostname, hlen)) { + hlen = strlen(hostname); /* might be shorter now */ hostname[hlen + 1] = 0; } hostname[hlen] = ']'; /* restore ending bracket */ @@ -1121,7 +1115,7 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) * This catches both "file:/c:" and "file:c:" */ if(('/' == path[0] && STARTS_WITH_URL_DRIVE_PREFIX(&path[1])) || STARTS_WITH_URL_DRIVE_PREFIX(path)) { - /* File drive letters are only accepted in MSDOS/Windows */ + /* File drive letters are only accepted in MS-DOS/Windows */ result = CURLUE_BAD_FILE_URL; goto fail; } @@ -1420,8 +1414,8 @@ CURLUcode curl_url_get(const CURLU *u, CURLUPart what, const char *ptr; CURLUcode ifmissing = CURLUE_UNKNOWN_PART; char portbuf[7]; - bool urldecode = (flags & CURLU_URLDECODE)?1:0; - bool urlencode = (flags & CURLU_URLENCODE)?1:0; + bool urldecode = (flags & CURLU_URLDECODE) ? 1 : 0; + bool urlencode = (flags & CURLU_URLENCODE) ? 1 : 0; bool punycode = FALSE; bool depunyfy = FALSE; bool plusdecode = FALSE; @@ -1455,8 +1449,8 @@ CURLUcode curl_url_get(const CURLU *u, CURLUPart what, case CURLUPART_HOST: ptr = u->host; ifmissing = CURLUE_NO_HOST; - punycode = (flags & CURLU_PUNYCODE)?1:0; - depunyfy = (flags & CURLU_PUNY2IDN)?1:0; + punycode = (flags & CURLU_PUNYCODE) ? 1 : 0; + depunyfy = (flags & CURLU_PUNY2IDN) ? 1 : 0; break; case CURLUPART_ZONEID: ptr = u->zoneid; @@ -1515,8 +1509,8 @@ CURLUcode curl_url_get(const CURLU *u, CURLUPart what, bool show_query = (u->query && u->query[0]) || (u->query_present && flags & CURLU_GET_EMPTY); - punycode = (flags & CURLU_PUNYCODE)?1:0; - depunyfy = (flags & CURLU_PUNY2IDN)?1:0; + punycode = (flags & CURLU_PUNYCODE) ? 1 : 0; + depunyfy = (flags & CURLU_PUNY2IDN) ? 1 : 0; if(u->scheme && strcasecompare("file", u->scheme)) { url = aprintf("file://%s%s%s", u->path, @@ -1618,7 +1612,7 @@ CURLUcode curl_url_get(const CURLU *u, CURLUPart what, show_query ? "?": "", u->query ? u->query : "", show_fragment ? "#": "", - u->fragment? u->fragment : ""); + u->fragment ? u->fragment : ""); free(allochost); } if(!url) @@ -1709,7 +1703,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, const char *part, unsigned int flags) { char **storep = NULL; - bool urlencode = (flags & CURLU_URLENCODE)? 1 : 0; + bool urlencode = (flags & CURLU_URLENCODE) ? 1 : 0; bool plusencode = FALSE; bool urlskipslash = FALSE; bool leadingslash = FALSE; @@ -1846,7 +1840,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, break; case CURLUPART_QUERY: plusencode = urlencode; - appendquery = (flags & CURLU_APPENDQUERY)?1:0; + appendquery = (flags & CURLU_APPENDQUERY) ? 1 : 0; equalsencode = appendquery; storep = &u->query; u->query_present = TRUE; @@ -1928,7 +1922,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, } else { char out[3]={'%'}; - out[1] = hexdigits[*i>>4]; + out[1] = hexdigits[*i >> 4]; out[2] = hexdigits[*i & 0xf]; result = Curl_dyn_addn(&enc, out, 3); if(result) @@ -1991,7 +1985,23 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, /* Skip hostname check, it is allowed to be empty. */ } else { - if(!n || hostname_check(u, (char *)newp, n)) { + bool bad = FALSE; + if(!n) + bad = TRUE; /* empty hostname is not okay */ + else if(!urlencode) { + /* if the host name part was not URL encoded here, it was set ready + URL encoded so we need to decode it to check */ + size_t dlen; + char *decoded = NULL; + CURLcode result = + Curl_urldecode(newp, n, &decoded, &dlen, REJECT_CTRL); + if(result || hostname_check(u, decoded, dlen)) + bad = TRUE; + free(decoded); + } + else if(hostname_check(u, (char *)newp, n)) + bad = TRUE; + if(bad) { Curl_dyn_free(&enc); return CURLUE_BAD_HOSTNAME; } diff --git a/libraries/libcurl/urldata.h b/libraries/libcurl/urldata.h index f34aa591..704fb7a1 100644 --- a/libraries/libcurl/urldata.h +++ b/libraries/libcurl/urldata.h @@ -64,7 +64,7 @@ struct curl_trc_featt; # define CURLECH_CLA_CFG (1<<4) #endif -#ifdef USE_WEBSOCKETS +#ifndef CURL_DISABLE_WEBSOCKETS /* CURLPROTO_GOPHERS (29) is the highest publicly used protocol bit number, * the rest are internal information. If we use higher bits we only do this on * platforms that have a >= 64-bit type and then we use such a type for the @@ -77,6 +77,10 @@ struct curl_trc_featt; #define CURLPROTO_WSS 0 #endif +/* the default protocols accepting a redirect to */ +#define CURLPROTO_REDIR (CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FTP | \ + CURLPROTO_FTPS) + /* This should be undefined once we need bit 32 or higher */ #define PROTO_TYPE_SMALL @@ -101,6 +105,12 @@ typedef unsigned int curl_prot_t; #define CURL_DEFAULT_USER "anonymous" #define CURL_DEFAULT_PASSWORD "ftp@example.com" +#if !defined(_WIN32) && !defined(MSDOS) && !defined(__EMX__) +/* do FTP line-end CRLF => LF conversions on platforms that prefer LF-only. It + also means: keep CRLF line endings on the CRLF platforms */ +#define CURL_PREFER_LF_LINEENDS +#endif + /* Convenience defines for checking protocols or their SSL based version. Each protocol handler should only ever have a single CURLPROTO_ in its protocol field. */ @@ -153,12 +163,14 @@ typedef unsigned int curl_prot_t; #include "dynbuf.h" #include "dynhds.h" #include "request.h" +#include "netrc.h" /* return the count of bytes sent, or -1 on error */ typedef ssize_t (Curl_send)(struct Curl_easy *data, /* transfer */ int sockindex, /* socketindex */ const void *buf, /* data to write */ size_t len, /* max amount to write */ + bool eos, /* last chunk */ CURLcode *err); /* error to return */ /* return the count of bytes read, or -1 on error */ @@ -272,11 +284,11 @@ struct ssl_peer { char *sni; /* SNI version of hostname or NULL if not usable */ ssl_peer_type type; /* type of the peer information */ int port; /* port we are talking to */ - int transport; /* TCP or QUIC */ + int transport; /* one of TRNSPRT_* defines */ }; struct ssl_primary_config { - char *CApath; /* certificate dir (does not work on windows) */ + char *CApath; /* certificate dir (does not work on Windows) */ char *CAfile; /* certificate to verify peer against */ char *issuercert; /* optional issuer certificate filename */ char *clientcert; @@ -313,6 +325,7 @@ struct ssl_config_data { char *key_passwd; /* plain text private key password */ BIT(certinfo); /* gather lots of certificate info */ BIT(falsestart); + BIT(earlydata); /* use tls1.3 early data */ BIT(enable_beast); /* allow this flaw for interoperability's sake */ BIT(no_revoke); /* disable SSL certificate revocation checks */ BIT(no_partialchain); /* do not accept partial certificate chains */ @@ -335,6 +348,7 @@ struct Curl_ssl_session { char *name; /* hostname for which this ID was used */ char *conn_to_host; /* hostname for the connection (may be NULL) */ const char *scheme; /* protocol scheme used */ + char *alpn; /* APLN TLS negotiated protocol string */ void *sessionid; /* as returned from the SSL layer */ size_t idsize; /* if known, otherwise 0 */ Curl_ssl_sessionid_dtor *sessionid_free; /* free `sessionid` callback */ @@ -441,7 +455,7 @@ struct ntlmdata { unsigned int flags; unsigned char nonce[8]; unsigned int target_info_len; - void *target_info; /* TargetInfo received in the ntlm type-2 message */ + void *target_info; /* TargetInfo received in the NTLM type-2 message */ #endif }; #endif @@ -454,6 +468,7 @@ struct negotiatedata { gss_ctx_id_t context; gss_name_t spn; gss_buffer_desc output_token; + struct dynbuf channel_binding_data; #else #ifdef USE_WINDOWS_SSPI #ifdef SECPKG_ATTR_ENDPOINT_BINDINGS @@ -495,9 +510,6 @@ struct ConnectBits { This is implicit when SSL-protocols are used through proxies, but can also be enabled explicitly by apps */ - BIT(proxy_connect_closed); /* TRUE if a proxy disconnected the connection - in a CONNECT request with auth, so that - libcurl should reconnect and continue. */ BIT(proxy); /* if set, this transfer is done through a proxy - any type */ #endif /* always modify bits.close with the connclose() and connkeep() macros! */ @@ -532,6 +544,7 @@ struct ConnectBits { #endif BIT(bound); /* set true if bind() has already been done on this socket/ connection */ + BIT(asks_multiplex); /* connection asks for multiplexing, but is not yet */ BIT(multiplex); /* connection is multiplexed */ BIT(tcp_fastopen); /* use TCP Fast Open */ BIT(tls_enable_alpn); /* TLS ALPN extension? */ @@ -549,6 +562,7 @@ struct ConnectBits { BIT(aborted); /* connection was aborted, e.g. in unclean state */ BIT(shutdown_handler); /* connection shutdown: handler shut down */ BIT(shutdown_filters); /* connection shutdown: filters shut down */ + BIT(in_cpool); /* connection is kept in a connection pool */ }; struct hostname { @@ -617,27 +631,6 @@ struct easy_pollset { unsigned char actions[MAX_SOCKSPEREASYHANDLE]; }; -enum doh_slots { - /* Explicit values for first two symbols so as to match hard-coded - * constants in existing code - */ - DOH_PROBE_SLOT_IPADDR_V4 = 0, /* make 'V4' stand out for readability */ - DOH_PROBE_SLOT_IPADDR_V6 = 1, /* 'V6' likewise */ - - /* Space here for (possibly build-specific) additional slot definitions */ -#ifdef USE_HTTPSRR - DOH_PROBE_SLOT_HTTPS = 2, /* for HTTPS RR */ -#endif - - /* for example */ - /* #ifdef WANT_DOH_FOOBAR_TXT */ - /* DOH_PROBE_SLOT_FOOBAR_TXT, */ - /* #endif */ - - /* AFTER all slot definitions, establish how many we have */ - DOH_PROBE_SLOTS -}; - /* * Specific protocol handler. */ @@ -757,7 +750,7 @@ struct Curl_handler { HTTP proxy as HTTP proxies may know this protocol and act as a gateway */ #define PROTOPT_WILDCARD (1<<12) /* protocol supports wildcard matching */ -#define PROTOPT_USERPWDCTRL (1<<13) /* Allow "control bytes" (< 32 ascii) in +#define PROTOPT_USERPWDCTRL (1<<13) /* Allow "control bytes" (< 32 ASCII) in username and password */ #define PROTOPT_NOTCPPROXY (1<<14) /* this protocol cannot proxy over TCP */ @@ -796,20 +789,22 @@ struct ldapconninfo; * unique for an entire connection. */ struct connectdata { - struct Curl_llist_element bundle_node; /* conncache */ + struct Curl_llist_node cpool_node; /* conncache lists */ curl_closesocket_callback fclosesocket; /* function closing the socket(s) */ void *closesocket_client; - /* This is used by the connection cache logic. If this returns TRUE, this + /* This is used by the connection pool logic. If this returns TRUE, this handle is still used by one or more easy handles and can only used by any other easy handle without careful consideration (== only for multiplexing) and it cannot be used by another multi handle! */ -#define CONN_INUSE(c) ((c)->easyq.size) +#define CONN_INUSE(c) Curl_llist_count(&(c)->easyq) /**** Fields set when inited and not modified again */ curl_off_t connection_id; /* Contains a unique number to make it easier to track the connections in the log output */ + char *destination; /* string carrying normalized hostname+port+scope */ + size_t destination_len; /* strlen(destination) + 1 */ /* 'dns_entry' is the particular host we use. This points to an entry in the DNS cache and it will not get pruned while locked. It gets unlocked in @@ -831,7 +826,8 @@ struct connectdata { struct proxy_info http_proxy; #endif /* 'primary' and 'secondary' get filled with IP quadruple - (local/remote numerical ip address and port) whenever a is *attempted*. + (local/remote numerical ip address and port) whenever a connect is + *attempted*. When more than one address is tried for a connection these will hold data for the last attempt. When the connection is actually established these are updated with data which comes directly from the socket. */ @@ -844,7 +840,7 @@ struct connectdata { char *oauth_bearer; /* OAUTH2 bearer, allocated */ struct curltime now; /* "current" time */ struct curltime created; /* creation time */ - struct curltime lastused; /* when returned to the connection cache */ + struct curltime lastused; /* when returned to the connection poolas idle */ curl_socket_t sock[2]; /* two sockets, the second is used for the data transfer when doing FTP */ Curl_recv *recv[2]; @@ -875,9 +871,8 @@ struct connectdata { /**** curl_get() phase fields */ curl_socket_t sockfd; /* socket to read from or CURL_SOCKET_BAD */ - curl_socket_t writesockfd; /* socket to write to, it may very - well be the same we read from. - CURL_SOCKET_BAD disables */ + curl_socket_t writesockfd; /* socket to write to, it may be the same we read + from. CURL_SOCKET_BAD disables */ #ifdef HAVE_GSSAPI BIT(sec_complete); /* if Kerberos is enabled for this connection */ @@ -958,13 +953,12 @@ struct connectdata { #ifndef CURL_DISABLE_MQTT struct mqtt_conn mqtt; #endif -#ifdef USE_WEBSOCKETS +#ifndef CURL_DISABLE_WEBSOCKETS struct websocket *ws; #endif unsigned int unused:1; /* avoids empty union */ } proto; - struct connectbundle *bundle; /* The bundle we are member of */ #ifdef USE_UNIX_SOCKETS char *unix_domain_socket; #endif @@ -1043,7 +1037,7 @@ struct PureInfo { even when the session handle is no longer associated with a connection, and also allow curl_easy_reset() to clear this information from the session handle without disturbing information which is still alive, and - that might be reused, in the connection cache. */ + that might be reused, in the connection pool. */ struct ip_quadruple primary; int conn_remote_port; /* this is the "remote port", which is the port number of the used URL, independent of proxy or @@ -1058,30 +1052,38 @@ struct PureInfo { BIT(used_proxy); /* the transfer used a proxy */ }; +struct pgrs_measure { + struct curltime start; /* when measure started */ + curl_off_t start_size; /* the 'cur_size' the measure started at */ +}; + +struct pgrs_dir { + curl_off_t total_size; /* total expected bytes */ + curl_off_t cur_size; /* transferred bytes so far */ + curl_off_t speed; /* bytes per second transferred */ + struct pgrs_measure limit; +}; struct Progress { time_t lastshow; /* time() of the last displayed progress meter or NULL to force redraw at next call */ - curl_off_t size_dl; /* total expected size */ - curl_off_t size_ul; /* total expected size */ - curl_off_t downloaded; /* transferred so far */ - curl_off_t uploaded; /* transferred so far */ + struct pgrs_dir ul; + struct pgrs_dir dl; curl_off_t current_speed; /* uses the currently fastest transfer */ + curl_off_t earlydata_sent; int width; /* screen width at download start */ int flags; /* see progress.h */ timediff_t timespent; - curl_off_t dlspeed; - curl_off_t ulspeed; - timediff_t t_postqueue; timediff_t t_nslookup; timediff_t t_connect; timediff_t t_appconnect; timediff_t t_pretransfer; + timediff_t t_posttransfer; timediff_t t_starttransfer; timediff_t t_redirect; @@ -1090,14 +1092,6 @@ struct Progress { struct curltime t_startop; struct curltime t_acceptdata; - - /* upload speed limit */ - struct curltime ul_limit_start; - curl_off_t ul_limit_size; - /* download speed limit */ - struct curltime dl_limit_start; - curl_off_t dl_limit_size; - #define CURR_TIME (5 + 1) /* 6 entries for 5 seconds */ curl_off_t speeder[ CURR_TIME ]; @@ -1194,7 +1188,7 @@ typedef enum { * One instance for each timeout an easy handle can set. */ struct time_node { - struct Curl_llist_element list; + struct Curl_llist_node list; struct curltime time; expire_id eid; }; @@ -1211,9 +1205,12 @@ struct urlpieces { char *query; }; +#define CREDS_NONE 0 +#define CREDS_URL 1 /* from URL */ +#define CREDS_OPTION 2 /* set with a CURLOPT_ */ +#define CREDS_NETRC 3 /* found in netrc */ + struct UrlState { - /* Points to the connection cache */ - struct conncache *conn_cache; /* buffers to store authentication data in, as parsed from input options */ struct curltime keeps_speed; /* for the progress meter really */ @@ -1238,7 +1235,6 @@ struct UrlState { struct Curl_ssl_session *session; /* array of 'max_ssl_sessions' size */ long sessionage; /* number of the most recent session */ int os_errno; /* filled in with errno whenever an error occurs */ - char *scratch; /* huge buffer[set.buffer_size*2] for upload CRLF replacing */ long followlocation; /* redirect counter */ int requests; /* request counter: redirects + authentication retakes */ #ifdef HAVE_SIGNAL @@ -1266,12 +1262,6 @@ struct UrlState { /* a place to store the most recently set (S)FTP entrypath */ char *most_recent_ftp_entrypath; -#if !defined(_WIN32) && !defined(MSDOS) && !defined(__EMX__) -/* do FTP line-end conversions on most platforms */ -#define CURL_DO_LINEEND_CONV - /* for FTP downloads: how many CRLFs did we converted to LFs? */ - curl_off_t crlf_conversions; -#endif char *range; /* range, if used. See README for detailed specification on this syntax. */ curl_off_t resume_from; /* continue [ftp] transfer from here */ @@ -1328,6 +1318,10 @@ struct UrlState { struct curl_trc_feat *feat; /* opt. trace feature transfer is part of */ #endif +#ifndef CURL_DISABLE_NETRC + struct store_netrc netrc; +#endif + /* Dynamically allocated strings, MUST be freed before this struct is killed. */ struct dynamically_allocated_data { @@ -1354,7 +1348,6 @@ struct UrlState { char *proxypasswd; #endif } aptr; - unsigned char httpwant; /* when non-zero, a specific HTTP version requested to be used in the library's request(s) */ unsigned char httpversion; /* the lowest HTTP version*10 reported by any @@ -1364,9 +1357,9 @@ struct UrlState { unsigned char select_bits; /* != 0 -> bitmask of socket events for this transfer overriding anything the socket may report */ -#ifdef DEBUGBUILD - BIT(conncache_lock); -#endif + unsigned int creds_from:2; /* where is the server credentials originating + from, see the CREDS_* defines above */ + /* when curl_easy_perform() is called, the multi handle is "owned" by the easy handle so curl_easy_cleanup() on such an easy handle will also close the multi handle! */ @@ -1422,7 +1415,7 @@ enum dupstring { STRING_KEY, /* private key filename */ STRING_KEY_PASSWD, /* plain text private key password */ STRING_KEY_TYPE, /* format for private key (default: PEM) */ - STRING_SSL_CAPATH, /* CA directory name (does not work on windows) */ + STRING_SSL_CAPATH, /* CA directory name (does not work on Windows) */ STRING_SSL_CAFILE, /* certificate file to verify peer against */ STRING_SSL_PINNEDPUBLICKEY, /* public key file to verify peer against */ STRING_SSL_CIPHER_LIST, /* list of ciphers to use */ @@ -1436,7 +1429,7 @@ enum dupstring { STRING_KEY_PROXY, /* private key filename */ STRING_KEY_PASSWD_PROXY, /* plain text private key password */ STRING_KEY_TYPE_PROXY, /* format for private key (default: PEM) */ - STRING_SSL_CAPATH_PROXY, /* CA directory name (does not work on windows) */ + STRING_SSL_CAPATH_PROXY, /* CA directory name (does not work on Windows) */ STRING_SSL_CAFILE_PROXY, /* certificate file to verify peer against */ STRING_SSL_PINNEDPUBLICKEY_PROXY, /* public key file to verify proxy */ STRING_SSL_CIPHER_LIST_PROXY, /* list of ciphers to use */ @@ -1493,7 +1486,7 @@ enum dupstring { #ifdef USE_SSH STRING_SSH_PRIVATE_KEY, /* path to the private key file for auth */ STRING_SSH_PUBLIC_KEY, /* path to the public key file for auth */ - STRING_SSH_HOST_PUBLIC_KEY_MD5, /* md5 of host public key in ascii hex */ + STRING_SSH_HOST_PUBLIC_KEY_MD5, /* md5 of host public key in ASCII hex */ STRING_SSH_HOST_PUBLIC_KEY_SHA256, /* sha256 of host public key in base64 */ STRING_SSH_KNOWNHOSTS, /* filename of knownhosts file */ #endif @@ -1751,7 +1744,7 @@ struct UserDefined { long upkeep_interval_ms; /* Time between calls for connection upkeep. */ multidone_func fmultidone; #ifndef CURL_DISABLE_DOH - struct Curl_easy *dohfor; /* this is a DoH request for that transfer */ + curl_off_t dohfor_mid; /* this is a DoH request for that transfer */ #endif CURLU *uh; /* URL handle for the current parsed URL */ #ifndef CURL_DISABLE_HTTP @@ -1865,7 +1858,7 @@ struct UserDefined { BIT(doh_verifystatus); /* DoH certificate status verification */ #endif BIT(http09_allowed); /* allow HTTP/0.9 responses */ -#ifdef USE_WEBSOCKETS +#ifndef CURL_DISABLE_WEBSOCKETS BIT(ws_raw_mode); #endif #ifdef USE_ECH @@ -1902,22 +1895,21 @@ struct Curl_easy { /* First a simple identifier to easier detect if a user mix up this easy handle with a multi handle. Set this to CURLEASY_MAGIC_NUMBER */ unsigned int magic; - /* once an easy handle is tied to a connection cache - a non-negative number to distinguish this transfer from - other using the same cache. For easier tracking - in log output. - This may wrap around after LONG_MAX to 0 again, so it - has no uniqueness guarantee for very large processings. */ + /* once an easy handle is tied to a connection pool a non-negative number to + distinguish this transfer from other using the same pool. For easier + tracking in log output. This may wrap around after LONG_MAX to 0 again, + so it has no uniqueness guarantee for large processings. Note: it has no + uniqueness either IFF more than one connection pool is used by the + libcurl application. */ curl_off_t id; - - /* first, two fields for the linked list of these */ - struct Curl_easy *next; - struct Curl_easy *prev; + /* once an easy handle is added to a multi, either explicitly by the + * libcurl application or implicitly during `curl_easy_perform()`, + * a unique identifier inside this one multi instance. */ + curl_off_t mid; struct connectdata *conn; - struct Curl_llist_element connect_queue; /* for the pending and msgsent - lists */ - struct Curl_llist_element conn_queue; /* list per connectdata */ + struct Curl_llist_node multi_queue; /* for multihandle list management */ + struct Curl_llist_node conn_queue; /* list per connectdata */ CURLMstate mstate; /* the handle's state */ CURLcode result; /* previous result */ diff --git a/libraries/libcurl/vauth/cram.c b/libraries/libcurl/vauth/cram.c index f8bdd545..c51c7285 100644 --- a/libraries/libcurl/vauth/cram.c +++ b/libraries/libcurl/vauth/cram.c @@ -67,7 +67,7 @@ CURLcode Curl_auth_create_cram_md5_message(const struct bufref *chlg, char *response; /* Compute the digest using the password as the key */ - ctxt = Curl_HMAC_init(Curl_HMAC_MD5, + ctxt = Curl_HMAC_init(&Curl_HMAC_MD5, (const unsigned char *) passwdp, curlx_uztoui(strlen(passwdp))); if(!ctxt) diff --git a/libraries/libcurl/vauth/digest.c b/libraries/libcurl/vauth/digest.c index f00e6651..cd3fca19 100644 --- a/libraries/libcurl/vauth/digest.c +++ b/libraries/libcurl/vauth/digest.c @@ -142,7 +142,7 @@ bool Curl_auth_digest_get_pair(const char *str, char *value, char *content, } #if !defined(USE_WINDOWS_SSPI) -/* Convert md5 chunk to RFC2617 (section 3.1.3) -suitable ascii string */ +/* Convert md5 chunk to RFC2617 (section 3.1.3) -suitable ASCII string */ static void auth_digest_md5_to_ascii(unsigned char *source, /* 16 bytes */ unsigned char *dest) /* 33 bytes */ { @@ -151,7 +151,7 @@ static void auth_digest_md5_to_ascii(unsigned char *source, /* 16 bytes */ msnprintf((char *) &dest[i * 2], 3, "%02x", source[i]); } -/* Convert sha256 or SHA-512/256 chunk to RFC7616 -suitable ascii string */ +/* Convert sha256 or SHA-512/256 chunk to RFC7616 -suitable ASCII string */ static void auth_digest_sha256_to_ascii(unsigned char *source, /* 32 bytes */ unsigned char *dest) /* 65 bytes */ { @@ -388,7 +388,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, return result; /* So far so good, now calculate A1 and H(A1) according to RFC 2831 */ - ctxt = Curl_MD5_init(Curl_DIGEST_MD5); + ctxt = Curl_MD5_init(&Curl_DIGEST_MD5); if(!ctxt) return CURLE_OUT_OF_MEMORY; @@ -402,7 +402,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, curlx_uztoui(strlen(passwdp))); Curl_MD5_final(ctxt, digest); - ctxt = Curl_MD5_init(Curl_DIGEST_MD5); + ctxt = Curl_MD5_init(&Curl_DIGEST_MD5); if(!ctxt) return CURLE_OUT_OF_MEMORY; @@ -425,7 +425,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; /* Calculate H(A2) */ - ctxt = Curl_MD5_init(Curl_DIGEST_MD5); + ctxt = Curl_MD5_init(&Curl_DIGEST_MD5); if(!ctxt) { free(spn); @@ -443,7 +443,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, msnprintf(&HA2_hex[2 * i], 3, "%02x", digest[i]); /* Now calculate the response hash */ - ctxt = Curl_MD5_init(Curl_DIGEST_MD5); + ctxt = Curl_MD5_init(&Curl_DIGEST_MD5); if(!ctxt) { free(spn); diff --git a/libraries/libcurl/vauth/digest_sspi.c b/libraries/libcurl/vauth/digest_sspi.c index 18135667..2ae6fb30 100644 --- a/libraries/libcurl/vauth/digest_sspi.c +++ b/libraries/libcurl/vauth/digest_sspi.c @@ -60,15 +60,16 @@ bool Curl_auth_is_digest_supported(void) SECURITY_STATUS status; /* Query the security package for Digest */ - status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST), - &SecurityPackage); + status = + Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST), + &SecurityPackage); /* Release the package buffer as it is not required anymore */ if(status == SEC_E_OK) { - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); } - return (status == SEC_E_OK ? TRUE : FALSE); + return (status == SEC_E_OK); } /* @@ -119,8 +120,9 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, } /* Query the security package for DigestSSP */ - status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST), - &SecurityPackage); + status = + Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST), + &SecurityPackage); if(status != SEC_E_OK) { failf(data, "SSPI: could not get auth info"); return CURLE_AUTH_ERROR; @@ -129,7 +131,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, token_max = SecurityPackage->cbMaxToken; /* Release the package buffer as it is not required anymore */ - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); /* Allocate our response buffer */ output_token = malloc(token_max); @@ -160,7 +162,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, p_identity = NULL; /* Acquire our credentials handle */ - status = s_pSecFn->AcquireCredentialsHandle(NULL, + status = Curl_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *) TEXT(SP_NAME_DIGEST), SECPKG_CRED_OUTBOUND, NULL, p_identity, NULL, NULL, @@ -190,20 +192,20 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, resp_buf.cbBuffer = curlx_uztoul(token_max); /* Generate our response message */ - status = s_pSecFn->InitializeSecurityContext(&credentials, NULL, spn, + status = Curl_pSecFn->InitializeSecurityContext(&credentials, NULL, spn, 0, 0, 0, &chlg_desc, 0, &context, &resp_desc, &attrs, &expiry); if(status == SEC_I_COMPLETE_NEEDED || status == SEC_I_COMPLETE_AND_CONTINUE) - s_pSecFn->CompleteAuthToken(&credentials, &resp_desc); + Curl_pSecFn->CompleteAuthToken(&credentials, &resp_desc); else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) { #if !defined(CURL_DISABLE_VERBOSE_STRINGS) char buffer[STRERROR_LEN]; #endif - s_pSecFn->FreeCredentialsHandle(&credentials); + Curl_pSecFn->FreeCredentialsHandle(&credentials); Curl_sspi_free_identity(p_identity); free(spn); free(output_token); @@ -223,8 +225,8 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, Curl_bufref_set(out, output_token, resp_buf.cbBuffer, curl_free); /* Free our handles */ - s_pSecFn->DeleteSecurityContext(&context); - s_pSecFn->FreeCredentialsHandle(&credentials); + Curl_pSecFn->DeleteSecurityContext(&context); + Curl_pSecFn->FreeCredentialsHandle(&credentials); /* Free the identity structure */ Curl_sspi_free_identity(p_identity); @@ -327,7 +329,7 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg, /* We had an input token before so if there is another one now that means we provided bad credentials in the previous request or it is stale. */ if(digest->input_token) { - bool stale = false; + bool stale = FALSE; const char *p = chlg; /* Check for the 'stale' directive */ @@ -343,7 +345,7 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg, if(strcasecompare(value, "stale") && strcasecompare(content, "true")) { - stale = true; + stale = TRUE; break; } @@ -410,8 +412,9 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, (void) data; /* Query the security package for DigestSSP */ - status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST), - &SecurityPackage); + status = + Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST), + &SecurityPackage); if(status != SEC_E_OK) { failf(data, "SSPI: could not get auth info"); return CURLE_AUTH_ERROR; @@ -420,7 +423,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, token_max = SecurityPackage->cbMaxToken; /* Release the package buffer as it is not required anymore */ - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); /* Allocate the output buffer according to the max token size as indicated by the security package */ @@ -436,7 +439,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, (userp && digest->user && Curl_timestrcmp(userp, digest->user)) || (passwdp && digest->passwd && Curl_timestrcmp(passwdp, digest->passwd))) { if(digest->http_context) { - s_pSecFn->DeleteSecurityContext(digest->http_context); + Curl_pSecFn->DeleteSecurityContext(digest->http_context); Curl_safefree(digest->http_context); } Curl_safefree(digest->user); @@ -463,13 +466,14 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, chlg_buf[4].pvBuffer = output_token; chlg_buf[4].cbBuffer = curlx_uztoul(token_max); - status = s_pSecFn->MakeSignature(digest->http_context, 0, &chlg_desc, 0); + status = Curl_pSecFn->MakeSignature(digest->http_context, 0, &chlg_desc, + 0); if(status == SEC_E_OK) output_token_len = chlg_buf[4].cbBuffer; else { /* delete the context so a new one can be made */ infof(data, "digest_sspi: MakeSignature failed, error 0x%08lx", (long)status); - s_pSecFn->DeleteSecurityContext(digest->http_context); + Curl_pSecFn->DeleteSecurityContext(digest->http_context); Curl_safefree(digest->http_context); } } @@ -529,7 +533,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, } /* Acquire our credentials handle */ - status = s_pSecFn->AcquireCredentialsHandle(NULL, + status = Curl_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *) TEXT(SP_NAME_DIGEST), SECPKG_CRED_OUTBOUND, NULL, p_identity, NULL, NULL, @@ -565,7 +569,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, spn = curlx_convert_UTF8_to_tchar((char *) uripath); if(!spn) { - s_pSecFn->FreeCredentialsHandle(&credentials); + Curl_pSecFn->FreeCredentialsHandle(&credentials); Curl_sspi_free_identity(p_identity); free(output_token); @@ -579,7 +583,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; /* Generate our response message */ - status = s_pSecFn->InitializeSecurityContext(&credentials, NULL, + status = Curl_pSecFn->InitializeSecurityContext(&credentials, NULL, spn, ISC_REQ_USE_HTTP_STYLE, 0, 0, &chlg_desc, 0, @@ -589,13 +593,13 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, if(status == SEC_I_COMPLETE_NEEDED || status == SEC_I_COMPLETE_AND_CONTINUE) - s_pSecFn->CompleteAuthToken(&credentials, &resp_desc); + Curl_pSecFn->CompleteAuthToken(&credentials, &resp_desc); else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) { #if !defined(CURL_DISABLE_VERBOSE_STRINGS) char buffer[STRERROR_LEN]; #endif - s_pSecFn->FreeCredentialsHandle(&credentials); + Curl_pSecFn->FreeCredentialsHandle(&credentials); Curl_sspi_free_identity(p_identity); free(output_token); @@ -615,7 +619,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, output_token_len = resp_buf.cbBuffer; - s_pSecFn->FreeCredentialsHandle(&credentials); + Curl_pSecFn->FreeCredentialsHandle(&credentials); Curl_sspi_free_identity(p_identity); } @@ -660,7 +664,7 @@ void Curl_auth_digest_cleanup(struct digestdata *digest) /* Delete security context */ if(digest->http_context) { - s_pSecFn->DeleteSecurityContext(digest->http_context); + Curl_pSecFn->DeleteSecurityContext(digest->http_context); Curl_safefree(digest->http_context); } diff --git a/libraries/libcurl/vauth/gsasl.c b/libraries/libcurl/vauth/gsasl.c index c7d0a8d3..ee11b603 100644 --- a/libraries/libcurl/vauth/gsasl.c +++ b/libraries/libcurl/vauth/gsasl.c @@ -59,7 +59,7 @@ bool Curl_auth_gsasl_is_supported(struct Curl_easy *data, return FALSE; } - return true; + return TRUE; } CURLcode Curl_auth_gsasl_start(struct Curl_easy *data, diff --git a/libraries/libcurl/vauth/krb5_gssapi.c b/libraries/libcurl/vauth/krb5_gssapi.c index 748cdf93..e7927828 100644 --- a/libraries/libcurl/vauth/krb5_gssapi.c +++ b/libraries/libcurl/vauth/krb5_gssapi.c @@ -158,7 +158,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, gss_release_buffer(&unused_status, &output_token); } else - Curl_bufref_set(out, mutual_auth? "": NULL, 0, NULL); + Curl_bufref_set(out, mutual_auth ? "": NULL, 0, NULL); return result; } diff --git a/libraries/libcurl/vauth/krb5_sspi.c b/libraries/libcurl/vauth/krb5_sspi.c index 430eb3ef..4af0bd1e 100644 --- a/libraries/libcurl/vauth/krb5_sspi.c +++ b/libraries/libcurl/vauth/krb5_sspi.c @@ -55,16 +55,16 @@ bool Curl_auth_is_gssapi_supported(void) SECURITY_STATUS status; /* Query the security package for Kerberos */ - status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) + status = Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_KERBEROS), &SecurityPackage); /* Release the package buffer as it is not required anymore */ if(status == SEC_E_OK) { - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); } - return (status == SEC_E_OK ? TRUE : FALSE); + return (status == SEC_E_OK); } /* @@ -118,7 +118,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, if(!krb5->output_token) { /* Query the security package for Kerberos */ - status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) + status = Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_KERBEROS), &SecurityPackage); if(status != SEC_E_OK) { @@ -129,7 +129,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, krb5->token_max = SecurityPackage->cbMaxToken; /* Release the package buffer as it is not required anymore */ - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); /* Allocate our response buffer */ krb5->output_token = malloc(krb5->token_max); @@ -158,7 +158,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; /* Acquire our credentials handle */ - status = s_pSecFn->AcquireCredentialsHandle(NULL, + status = Curl_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *) TEXT(SP_NAME_KERBEROS), SECPKG_CRED_OUTBOUND, NULL, @@ -197,7 +197,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, resp_buf.cbBuffer = curlx_uztoul(krb5->token_max); /* Generate our challenge-response message */ - status = s_pSecFn->InitializeSecurityContext(krb5->credentials, + status = Curl_pSecFn->InitializeSecurityContext(krb5->credentials, chlg ? krb5->context : NULL, krb5->spn, (mutual_auth ? @@ -215,7 +215,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, return CURLE_AUTH_ERROR; if(memcmp(&context, krb5->context, sizeof(context))) { - s_pSecFn->DeleteSecurityContext(krb5->context); + Curl_pSecFn->DeleteSecurityContext(krb5->context); memcpy(krb5->context, &context, sizeof(context)); } @@ -282,7 +282,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, } /* Get our response size information */ - status = s_pSecFn->QueryContextAttributes(krb5->context, + status = Curl_pSecFn->QueryContextAttributes(krb5->context, SECPKG_ATTR_SIZES, &sizes); @@ -304,7 +304,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, input_buf[1].cbBuffer = 0; /* Decrypt the inbound challenge and obtain the qop */ - status = s_pSecFn->DecryptMessage(krb5->context, &input_desc, 0, &qop); + status = Curl_pSecFn->DecryptMessage(krb5->context, &input_desc, 0, &qop); if(status != SEC_E_OK) { infof(data, "GSSAPI handshake failure (empty security message)"); return CURLE_BAD_CONTENT_ENCODING; @@ -323,7 +323,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, ((unsigned long)indata[2] << 8) | indata[3]; /* Free the challenge as it is not required anymore */ - s_pSecFn->FreeContextBuffer(input_buf[1].pvBuffer); + Curl_pSecFn->FreeContextBuffer(input_buf[1].pvBuffer); /* Process the security layer */ if(!(sec_layer & KERB_WRAP_NO_ENCRYPT)) { @@ -392,7 +392,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, wrap_buf[2].cbBuffer = sizes.cbBlockSize; /* Encrypt the data */ - status = s_pSecFn->EncryptMessage(krb5->context, KERB_WRAP_NO_ENCRYPT, + status = Curl_pSecFn->EncryptMessage(krb5->context, KERB_WRAP_NO_ENCRYPT, &wrap_desc, 0); if(status != SEC_E_OK) { free(padding); @@ -448,14 +448,14 @@ void Curl_auth_cleanup_gssapi(struct kerberos5data *krb5) { /* Free our security context */ if(krb5->context) { - s_pSecFn->DeleteSecurityContext(krb5->context); + Curl_pSecFn->DeleteSecurityContext(krb5->context); free(krb5->context); krb5->context = NULL; } /* Free our credentials handle */ if(krb5->credentials) { - s_pSecFn->FreeCredentialsHandle(krb5->credentials); + Curl_pSecFn->FreeCredentialsHandle(krb5->credentials); free(krb5->credentials); krb5->credentials = NULL; } diff --git a/libraries/libcurl/vauth/ntlm.c b/libraries/libcurl/vauth/ntlm.c index abebdeda..f8f6aea0 100644 --- a/libraries/libcurl/vauth/ntlm.c +++ b/libraries/libcurl/vauth/ntlm.c @@ -59,10 +59,6 @@ /* "NTLMSSP" signature is always in ASCII regardless of the platform */ #define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50" -/* The fixed hostname we provide, in order to not leak our real local host - name. Copy the name used by Firefox. */ -#define NTLM_HOSTNAME "WORKSTATION" - #if DEBUG_ME # define DEBUG_OUT(x) x static void ntlm_print_flags(FILE *handle, unsigned long flags) @@ -73,7 +69,7 @@ static void ntlm_print_flags(FILE *handle, unsigned long flags) fprintf(handle, "NTLMFLAG_NEGOTIATE_OEM "); if(flags & NTLMFLAG_REQUEST_TARGET) fprintf(handle, "NTLMFLAG_REQUEST_TARGET "); - if(flags & (1<<3)) + if(flags & (1 << 3)) fprintf(handle, "NTLMFLAG_UNKNOWN_3 "); if(flags & NTLMFLAG_NEGOTIATE_SIGN) fprintf(handle, "NTLMFLAG_NEGOTIATE_SIGN "); @@ -85,7 +81,7 @@ static void ntlm_print_flags(FILE *handle, unsigned long flags) fprintf(handle, "NTLMFLAG_NEGOTIATE_LM_KEY "); if(flags & NTLMFLAG_NEGOTIATE_NTLM_KEY) fprintf(handle, "NTLMFLAG_NEGOTIATE_NTLM_KEY "); - if(flags & (1<<10)) + if(flags & (1 << 10)) fprintf(handle, "NTLMFLAG_UNKNOWN_10 "); if(flags & NTLMFLAG_NEGOTIATE_ANONYMOUS) fprintf(handle, "NTLMFLAG_NEGOTIATE_ANONYMOUS "); @@ -113,15 +109,15 @@ static void ntlm_print_flags(FILE *handle, unsigned long flags) fprintf(handle, "NTLMFLAG_REQUEST_NONNT_SESSION_KEY "); if(flags & NTLMFLAG_NEGOTIATE_TARGET_INFO) fprintf(handle, "NTLMFLAG_NEGOTIATE_TARGET_INFO "); - if(flags & (1<<24)) + if(flags & (1 << 24)) fprintf(handle, "NTLMFLAG_UNKNOWN_24 "); - if(flags & (1<<25)) + if(flags & (1 << 25)) fprintf(handle, "NTLMFLAG_UNKNOWN_25 "); - if(flags & (1<<26)) + if(flags & (1 << 26)) fprintf(handle, "NTLMFLAG_UNKNOWN_26 "); - if(flags & (1<<27)) + if(flags & (1 << 27)) fprintf(handle, "NTLMFLAG_UNKNOWN_27 "); - if(flags & (1<<28)) + if(flags & (1 << 28)) fprintf(handle, "NTLMFLAG_UNKNOWN_28 "); if(flags & NTLMFLAG_NEGOTIATE_128) fprintf(handle, "NTLMFLAG_NEGOTIATE_128 "); @@ -489,8 +485,10 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, unsigned char ntresp[24]; /* fixed-size */ unsigned char *ptr_ntresp = &ntresp[0]; unsigned char *ntlmv2resp = NULL; - bool unicode = (ntlm->flags & NTLMFLAG_NEGOTIATE_UNICODE) ? TRUE : FALSE; - char host[HOSTNAME_MAX + 1] = ""; + bool unicode = (ntlm->flags & NTLMFLAG_NEGOTIATE_UNICODE); + /* The fixed hostname we provide, in order to not leak our real local host + name. Copy the name used by Firefox. */ + static const char host[] = "WORKSTATION"; const char *user; const char *domain = ""; size_t hostoff = 0; @@ -515,21 +513,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, user = userp; userlen = strlen(user); - -#ifndef NTLM_HOSTNAME - /* Get the machine's un-qualified hostname as NTLM does not like the fully - qualified domain name */ - if(Curl_gethostname(host, sizeof(host))) { - infof(data, "gethostname() failed, continuing without"); - hostlen = 0; - } - else { - hostlen = strlen(host); - } -#else - (void)msnprintf(host, sizeof(host), "%s", NTLM_HOSTNAME); - hostlen = sizeof(NTLM_HOSTNAME)-1; -#endif + hostlen = sizeof(host) - 1; if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) { unsigned char ntbuffer[0x18]; diff --git a/libraries/libcurl/vauth/ntlm_sspi.c b/libraries/libcurl/vauth/ntlm_sspi.c index 7d1d04e0..a2e5bc10 100644 --- a/libraries/libcurl/vauth/ntlm_sspi.c +++ b/libraries/libcurl/vauth/ntlm_sspi.c @@ -55,15 +55,15 @@ bool Curl_auth_is_ntlm_supported(void) SECURITY_STATUS status; /* Query the security package for NTLM */ - status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM), + status = Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM), &SecurityPackage); /* Release the package buffer as it is not required anymore */ if(status == SEC_E_OK) { - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); } - return (status == SEC_E_OK ? TRUE : FALSE); + return (status == SEC_E_OK); } /* @@ -103,7 +103,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, Curl_auth_cleanup_ntlm(ntlm); /* Query the security package for NTLM */ - status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM), + status = Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM), &SecurityPackage); if(status != SEC_E_OK) { failf(data, "SSPI: could not get auth info"); @@ -113,7 +113,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, ntlm->token_max = SecurityPackage->cbMaxToken; /* Release the package buffer as it is not required anymore */ - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); /* Allocate our output buffer */ ntlm->output_token = malloc(ntlm->token_max); @@ -141,7 +141,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; /* Acquire our credentials handle */ - status = s_pSecFn->AcquireCredentialsHandle(NULL, + status = Curl_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *) TEXT(SP_NAME_NTLM), SECPKG_CRED_OUTBOUND, NULL, ntlm->p_identity, NULL, NULL, @@ -167,7 +167,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, type_1_buf.cbBuffer = curlx_uztoul(ntlm->token_max); /* Generate our type-1 message */ - status = s_pSecFn->InitializeSecurityContext(ntlm->credentials, NULL, + status = Curl_pSecFn->InitializeSecurityContext(ntlm->credentials, NULL, ntlm->spn, 0, 0, SECURITY_NETWORK_DREP, NULL, 0, @@ -175,7 +175,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, &attrs, &expiry); if(status == SEC_I_COMPLETE_NEEDED || status == SEC_I_COMPLETE_AND_CONTINUE) - s_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc); + Curl_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc); else if(status == SEC_E_INSUFFICIENT_MEMORY) return CURLE_OUT_OF_MEMORY; else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) @@ -282,7 +282,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, SEC_CHANNEL_BINDINGS channelBindings; SecPkgContext_Bindings pkgBindings; pkgBindings.Bindings = &channelBindings; - status = s_pSecFn->QueryContextAttributes( + status = Curl_pSecFn->QueryContextAttributes( ntlm->sslContext, SECPKG_ATTR_ENDPOINT_BINDINGS, &pkgBindings @@ -305,7 +305,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, type_3_buf.cbBuffer = curlx_uztoul(ntlm->token_max); /* Generate our type-3 message */ - status = s_pSecFn->InitializeSecurityContext(ntlm->credentials, + status = Curl_pSecFn->InitializeSecurityContext(ntlm->credentials, ntlm->context, ntlm->spn, 0, 0, SECURITY_NETWORK_DREP, @@ -343,14 +343,14 @@ void Curl_auth_cleanup_ntlm(struct ntlmdata *ntlm) { /* Free our security context */ if(ntlm->context) { - s_pSecFn->DeleteSecurityContext(ntlm->context); + Curl_pSecFn->DeleteSecurityContext(ntlm->context); free(ntlm->context); ntlm->context = NULL; } /* Free our credentials handle */ if(ntlm->credentials) { - s_pSecFn->FreeCredentialsHandle(ntlm->credentials); + Curl_pSecFn->FreeCredentialsHandle(ntlm->credentials); free(ntlm->credentials); ntlm->credentials = NULL; } diff --git a/libraries/libcurl/vauth/spnego_gssapi.c b/libraries/libcurl/vauth/spnego_gssapi.c index 23822838..f48d9b70 100644 --- a/libraries/libcurl/vauth/spnego_gssapi.c +++ b/libraries/libcurl/vauth/spnego_gssapi.c @@ -91,6 +91,8 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, gss_buffer_desc spn_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; + gss_channel_bindings_t chan_bindings = GSS_C_NO_CHANNEL_BINDINGS; + struct gss_channel_bindings_struct chan; (void) user; (void) password; @@ -148,13 +150,21 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, input_token.length = chlglen; } + /* Set channel binding data if available */ + if(nego->channel_binding_data.leng > 0) { + memset(&chan, 0, sizeof(struct gss_channel_bindings_struct)); + chan.application_data.length = nego->channel_binding_data.leng; + chan.application_data.value = nego->channel_binding_data.bufr; + chan_bindings = &chan; + } + /* Generate our challenge-response message */ major_status = Curl_gss_init_sec_context(data, &minor_status, &nego->context, nego->spn, &Curl_spnego_mech_oid, - GSS_C_NO_CHANNEL_BINDINGS, + chan_bindings, &input_token, &output_token, TRUE, diff --git a/libraries/libcurl/vauth/spnego_sspi.c b/libraries/libcurl/vauth/spnego_sspi.c index a2c7072c..7a27c298 100644 --- a/libraries/libcurl/vauth/spnego_sspi.c +++ b/libraries/libcurl/vauth/spnego_sspi.c @@ -57,17 +57,17 @@ bool Curl_auth_is_spnego_supported(void) SECURITY_STATUS status; /* Query the security package for Negotiate */ - status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) + status = Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NEGOTIATE), &SecurityPackage); /* Release the package buffer as it is not required anymore */ if(status == SEC_E_OK) { - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); } - return (status == SEC_E_OK ? TRUE : FALSE); + return (status == SEC_E_OK); } /* @@ -128,7 +128,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, if(!nego->output_token) { /* Query the security package for Negotiate */ - nego->status = (DWORD)s_pSecFn->QuerySecurityPackageInfo((TCHAR *) + nego->status = (DWORD)Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NEGOTIATE), &SecurityPackage); if(nego->status != SEC_E_OK) { @@ -139,7 +139,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, nego->token_max = SecurityPackage->cbMaxToken; /* Release the package buffer as it is not required anymore */ - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); /* Allocate our output buffer */ nego->output_token = malloc(nego->token_max); @@ -169,7 +169,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, /* Acquire our credentials handle */ nego->status = (DWORD) - s_pSecFn->AcquireCredentialsHandle(NULL, + Curl_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *)TEXT(SP_NAME_NEGOTIATE), SECPKG_CRED_OUTBOUND, NULL, nego->p_identity, NULL, NULL, @@ -218,7 +218,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, SEC_CHANNEL_BINDINGS channelBindings; SecPkgContext_Bindings pkgBindings; pkgBindings.Bindings = &channelBindings; - nego->status = (DWORD)s_pSecFn->QueryContextAttributes( + nego->status = (DWORD)Curl_pSecFn->QueryContextAttributes( nego->sslContext, SECPKG_ATTR_ENDPOINT_BINDINGS, &pkgBindings @@ -242,16 +242,16 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, resp_buf.cbBuffer = curlx_uztoul(nego->token_max); /* Generate our challenge-response message */ - nego->status = (DWORD)s_pSecFn->InitializeSecurityContext(nego->credentials, - chlg ? nego->context : - NULL, - nego->spn, - ISC_REQ_CONFIDENTIALITY, - 0, SECURITY_NATIVE_DREP, - chlg ? &chlg_desc : NULL, - 0, nego->context, - &resp_desc, &attrs, - &expiry); + nego->status = + (DWORD)Curl_pSecFn->InitializeSecurityContext(nego->credentials, + chlg ? nego->context : NULL, + nego->spn, + ISC_REQ_CONFIDENTIALITY, + 0, SECURITY_NATIVE_DREP, + chlg ? &chlg_desc : NULL, + 0, nego->context, + &resp_desc, &attrs, + &expiry); /* Free the decoded challenge as it is not required anymore */ free(chlg); @@ -269,7 +269,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, if(nego->status == SEC_I_COMPLETE_NEEDED || nego->status == SEC_I_COMPLETE_AND_CONTINUE) { - nego->status = (DWORD)s_pSecFn->CompleteAuthToken(nego->context, + nego->status = (DWORD)Curl_pSecFn->CompleteAuthToken(nego->context, &resp_desc); if(GSS_ERROR(nego->status)) { char buffer[STRERROR_LEN]; @@ -333,14 +333,14 @@ void Curl_auth_cleanup_spnego(struct negotiatedata *nego) { /* Free our security context */ if(nego->context) { - s_pSecFn->DeleteSecurityContext(nego->context); + Curl_pSecFn->DeleteSecurityContext(nego->context); free(nego->context); nego->context = NULL; } /* Free our credentials handle */ if(nego->credentials) { - s_pSecFn->FreeCredentialsHandle(nego->credentials); + Curl_pSecFn->FreeCredentialsHandle(nego->credentials); free(nego->credentials); nego->credentials = NULL; } diff --git a/libraries/libcurl/vauth/vauth.c b/libraries/libcurl/vauth/vauth.c index ace43c47..a7e7e17f 100644 --- a/libraries/libcurl/vauth/vauth.c +++ b/libraries/libcurl/vauth/vauth.c @@ -134,8 +134,7 @@ bool Curl_auth_user_contains_domain(const char *user) /* Check we have a domain name or UPN present */ char *p = strpbrk(user, "\\/@"); - valid = (p != NULL && p > user && p < user + strlen(user) - 1 ? TRUE : - FALSE); + valid = (p != NULL && p > user && p < user + strlen(user) - 1); } #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) else diff --git a/libraries/libcurl/version.c b/libraries/libcurl/version.c index c0d822dc..1d5b96d2 100644 --- a/libraries/libcurl/version.c +++ b/libraries/libcurl/version.c @@ -63,13 +63,13 @@ #endif #ifdef HAVE_BROTLI -#if defined(__GNUC__) +#if defined(__GNUC__) || defined(__clang__) /* Ignore -Wvla warnings in brotli headers */ #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wvla" #endif #include -#if defined(__GNUC__) +#if defined(__GNUC__) || defined(__clang__) #pragma GCC diagnostic pop #endif #endif @@ -93,20 +93,71 @@ static void brotli_version(char *buf, size_t bufsz) unsigned int major = brotli_version >> 24; unsigned int minor = (brotli_version & 0x00FFFFFF) >> 12; unsigned int patch = brotli_version & 0x00000FFF; - (void)msnprintf(buf, bufsz, "%u.%u.%u", major, minor, patch); + (void)msnprintf(buf, bufsz, "brotli/%u.%u.%u", major, minor, patch); } #endif #ifdef HAVE_ZSTD static void zstd_version(char *buf, size_t bufsz) { - unsigned long zstd_version = (unsigned long)ZSTD_versionNumber(); - unsigned int major = (unsigned int)(zstd_version / (100 * 100)); - unsigned int minor = (unsigned int)((zstd_version - - (major * 100 * 100)) / 100); - unsigned int patch = (unsigned int)(zstd_version - - (major * 100 * 100) - (minor * 100)); - (void)msnprintf(buf, bufsz, "%u.%u.%u", major, minor, patch); + unsigned int version = ZSTD_versionNumber(); + unsigned int major = version / (100 * 100); + unsigned int minor = (version - (major * 100 * 100)) / 100; + unsigned int patch = version - (major * 100 * 100) - (minor * 100); + (void)msnprintf(buf, bufsz, "zstd/%u.%u.%u", major, minor, patch); +} +#endif + +#ifdef USE_OPENLDAP +static void oldap_version(char *buf, size_t bufsz) +{ + LDAPAPIInfo api; + api.ldapai_info_version = LDAP_API_INFO_VERSION; + + if(ldap_get_option(NULL, LDAP_OPT_API_INFO, &api) == LDAP_OPT_SUCCESS) { + unsigned int patch = (unsigned int)(api.ldapai_vendor_version % 100); + unsigned int major = (unsigned int)(api.ldapai_vendor_version / 10000); + unsigned int minor = + (((unsigned int)api.ldapai_vendor_version - major * 10000) + - patch) / 100; + msnprintf(buf, bufsz, "%s/%u.%u.%u", + api.ldapai_vendor_name, major, minor, patch); + ldap_memfree(api.ldapai_vendor_name); + ber_memvfree((void **)api.ldapai_extensions); + } + else + msnprintf(buf, bufsz, "OpenLDAP"); +} +#endif + +#ifdef USE_LIBPSL +static void psl_version(char *buf, size_t bufsz) +{ +#if defined(PSL_VERSION_MAJOR) && (PSL_VERSION_MAJOR > 0 || \ + PSL_VERSION_MINOR >= 11) + int num = psl_check_version_number(0); + msnprintf(buf, bufsz, "libpsl/%d.%d.%d", + num >> 16, (num >> 8) & 0xff, num & 0xff); +#else + msnprintf(buf, bufsz, "libpsl/%s", psl_get_version()); +#endif +} +#endif + +#if defined(USE_LIBIDN2) || defined(USE_WIN32_IDN) || defined(USE_APPLE_IDN) +#define USE_IDN +#endif + +#ifdef USE_IDN +static void idn_version(char *buf, size_t bufsz) +{ +#ifdef USE_LIBIDN2 + msnprintf(buf, bufsz, "libidn2/%s", idn2_check_version(NULL)); +#elif defined(USE_WIN32_IDN) + msnprintf(buf, bufsz, "WinIDN"); +#elif defined(USE_APPLE_IDN) + msnprintf(buf, bufsz, "AppleIDN"); +#endif } #endif @@ -130,34 +181,34 @@ char *curl_version(void) char ssl_version[200]; #endif #ifdef HAVE_LIBZ - char z_version[40]; + char z_version[30]; #endif #ifdef HAVE_BROTLI - char br_version[40] = "brotli/"; + char br_version[30]; #endif #ifdef HAVE_ZSTD - char zst_version[40] = "zstd/"; + char zstd_ver[30]; #endif #ifdef USE_ARES - char cares_version[40]; + char cares_version[30]; #endif -#if defined(USE_LIBIDN2) - char idn_version[40]; +#ifdef USE_IDN + char idn_ver[30]; #endif #ifdef USE_LIBPSL - char psl_version[40]; + char psl_ver[30]; #endif #ifdef USE_SSH - char ssh_version[40]; + char ssh_version[30]; #endif #ifdef USE_NGHTTP2 - char h2_version[40]; + char h2_version[30]; #endif #ifdef USE_HTTP3 - char h3_version[40]; + char h3_version[30]; #endif #ifdef USE_LIBRTMP - char rtmp_version[40]; + char rtmp_version[30]; #endif #ifdef USE_HYPER char hyper_buf[30]; @@ -190,43 +241,26 @@ char *curl_version(void) src[i++] = z_version; #endif #ifdef HAVE_BROTLI - brotli_version(&br_version[7], sizeof(br_version) - 7); + brotli_version(br_version, sizeof(br_version)); src[i++] = br_version; #endif #ifdef HAVE_ZSTD - zstd_version(&zst_version[5], sizeof(zst_version) - 5); - src[i++] = zst_version; + zstd_version(zstd_ver, sizeof(zstd_ver)); + src[i++] = zstd_ver; #endif #ifdef USE_ARES msnprintf(cares_version, sizeof(cares_version), "c-ares/%s", ares_version(NULL)); src[i++] = cares_version; #endif -#ifdef USE_LIBIDN2 - msnprintf(idn_version, sizeof(idn_version), - "libidn2/%s", idn2_check_version(NULL)); - src[i++] = idn_version; -#elif defined(USE_WIN32_IDN) - src[i++] = (char *)"WinIDN"; -#elif defined(USE_APPLE_IDN) - src[i++] = (char *)"AppleIDN"; +#ifdef USE_IDN + idn_version(idn_ver, sizeof(idn_ver)); + src[i++] = idn_ver; #endif - #ifdef USE_LIBPSL - { -#if defined(PSL_VERSION_MAJOR) && (PSL_VERSION_MAJOR > 0 || \ - PSL_VERSION_MINOR >= 11) - int num = psl_check_version_number(0); - msnprintf(psl_version, sizeof(psl_version), "libpsl/%d.%d.%d", - num >> 16, (num >> 8) & 0xff, num & 0xff); -#else - msnprintf(psl_version, sizeof(psl_version), "libpsl/%s", - psl_get_version()); + psl_version(psl_ver, sizeof(psl_ver)); + src[i++] = psl_ver; #endif - src[i++] = psl_version; - } -#endif - #ifdef USE_SSH Curl_ssh_version(ssh_version, sizeof(ssh_version)); src[i++] = ssh_version; @@ -253,23 +287,8 @@ char *curl_version(void) src[i++] = gsasl_buf; #endif #ifdef USE_OPENLDAP - { - LDAPAPIInfo api; - api.ldapai_info_version = LDAP_API_INFO_VERSION; - - if(ldap_get_option(NULL, LDAP_OPT_API_INFO, &api) == LDAP_OPT_SUCCESS) { - unsigned int patch = (unsigned int)(api.ldapai_vendor_version % 100); - unsigned int major = (unsigned int)(api.ldapai_vendor_version / 10000); - unsigned int minor = - (((unsigned int)api.ldapai_vendor_version - major * 10000) - - patch) / 100; - msnprintf(ldap_buf, sizeof(ldap_buf), "%s/%u.%u.%u", - api.ldapai_vendor_name, major, minor, patch); - src[i++] = ldap_buf; - ldap_memfree(api.ldapai_vendor_name); - ber_memvfree((void **)api.ldapai_extensions); - } - } + oldap_version(ldap_buf, sizeof(ldap_buf)); + src[i++] = ldap_buf; #endif DEBUGASSERT(i <= VERSION_PARTS); @@ -384,11 +403,14 @@ static const char * const supported_protocols[] = { #ifndef CURL_DISABLE_TFTP "tftp", #endif -#ifdef USE_WEBSOCKETS +#ifndef CURL_DISABLE_HTTP + /* WebSocket support relies on HTTP */ +#ifndef CURL_DISABLE_WEBSOCKETS "ws", #endif -#if defined(USE_SSL) && defined(USE_WEBSOCKETS) +#if defined(USE_SSL) && !defined(CURL_DISABLE_WEBSOCKETS) "wss", +#endif #endif NULL @@ -540,7 +562,7 @@ static curl_version_info_data version_info = { CURLVERSION_NOW, LIBCURL_VERSION, LIBCURL_VERSION_NUM, - OS, /* as found by configure or set by hand at build-time */ + CURL_OS, /* as found by configure or set by hand at build-time */ 0, /* features bitmask is built at runtime */ NULL, /* ssl_version */ 0, /* ssl_version_num, this is kept at zero */ @@ -581,7 +603,7 @@ curl_version_info_data *curl_version_info(CURLversion stamp) int features = 0; #if defined(USE_SSH) - static char ssh_buffer[80]; + static char ssh_buf[80]; /* 'ssh_buffer' clashes with libssh/libssh.h */ #endif #ifdef USE_SSL #ifdef CURL_WITH_MULTI_SSL @@ -622,8 +644,8 @@ curl_version_info_data *curl_version_info(CURLversion stamp) #endif #if defined(USE_SSH) - Curl_ssh_version(ssh_buffer, sizeof(ssh_buffer)); - version_info.libssh_version = ssh_buffer; + Curl_ssh_version(ssh_buf, sizeof(ssh_buf)); + version_info.libssh_version = ssh_buf; #endif #ifdef HAVE_BROTLI diff --git a/libraries/libcurl/version_win32.c b/libraries/libcurl/version_win32.c index 10fd0b1f..21a122f2 100644 --- a/libraries/libcurl/version_win32.c +++ b/libraries/libcurl/version_win32.c @@ -55,7 +55,7 @@ struct OUR_OSVERSIONINFOEXW { /* * curlx_verify_windows_version() * - * This is used to verify if we are running on a specific windows version. + * This is used to verify if we are running on a specific Windows version. * * Parameters: * @@ -79,7 +79,7 @@ bool curlx_verify_windows_version(const unsigned int majorVersion, { bool matched = FALSE; -#if defined(CURL_WINDOWS_APP) +#if defined(CURL_WINDOWS_UWP) /* We have no way to determine the Windows version from Windows apps, so let's assume we are running on the target Windows version. */ const WORD fullVersion = MAKEWORD(minorVersion, majorVersion); @@ -209,12 +209,12 @@ bool curlx_verify_windows_version(const unsigned int majorVersion, typedef LONG (APIENTRY *RTLVERIFYVERSIONINFO_FN) (struct OUR_OSVERSIONINFOEXW *, ULONG, ULONGLONG); static RTLVERIFYVERSIONINFO_FN pRtlVerifyVersionInfo; - static bool onetime = true; /* safe because first call is during init */ + static bool onetime = TRUE; /* safe because first call is during init */ if(onetime) { pRtlVerifyVersionInfo = CURLX_FUNCTION_CAST(RTLVERIFYVERSIONINFO_FN, (GetProcAddress(GetModuleHandleA("ntdll"), "RtlVerifyVersionInfo"))); - onetime = false; + onetime = FALSE; } switch(condition) { diff --git a/libraries/libcurl/version_win32.h b/libraries/libcurl/version_win32.h index 95c06611..95a9e7f2 100644 --- a/libraries/libcurl/version_win32.h +++ b/libraries/libcurl/version_win32.h @@ -44,7 +44,7 @@ typedef enum { PLATFORM_WINNT } PlatformIdentifier; -/* This is used to verify if we are running on a specific windows version */ +/* This is used to verify if we are running on a specific Windows version */ bool curlx_verify_windows_version(const unsigned int majorVersion, const unsigned int minorVersion, const unsigned int buildVersion, diff --git a/libraries/libcurl/vquic/curl_msh3.c b/libraries/libcurl/vquic/curl_msh3.c index b707a6eb..fe812f87 100644 --- a/libraries/libcurl/vquic/curl_msh3.c +++ b/libraries/libcurl/vquic/curl_msh3.c @@ -71,7 +71,7 @@ pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE); \ pthread_mutex_init(lock, &attr); \ pthread_mutexattr_destroy(&attr); \ -}while(0) +} while(0) #define msh3_lock_uninitialize(lock) pthread_mutex_destroy(lock) #define msh3_lock_acquire(lock) pthread_mutex_lock(lock) #define msh3_lock_release(lock) pthread_mutex_unlock(lock) @@ -119,16 +119,38 @@ struct cf_msh3_ctx { struct cf_call_data call_data; struct curltime connect_started; /* time the current attempt started */ struct curltime handshake_at; /* time connect handshake finished */ - struct Curl_hash streams; /* hash `data->id` to `stream_ctx` */ + struct Curl_hash streams; /* hash `data->mid` to `stream_ctx` */ /* Flags written by msh3/msquic thread */ bool handshake_complete; bool handshake_succeeded; bool connected; + BIT(initialized); /* Flags written by curl thread */ BIT(verbose); BIT(active); }; +static void h3_stream_hash_free(void *stream); + +static void cf_msh3_ctx_init(struct cf_msh3_ctx *ctx, + const struct Curl_addrinfo *ai) +{ + DEBUGASSERT(!ctx->initialized); + Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free); + Curl_sock_assign_addr(&ctx->addr, ai, TRNSPRT_QUIC); + ctx->sock[SP_LOCAL] = CURL_SOCKET_BAD; + ctx->sock[SP_REMOTE] = CURL_SOCKET_BAD; + ctx->initialized = TRUE; +} + +static void cf_msh3_ctx_free(struct cf_msh3_ctx *ctx) +{ + if(ctx && ctx->initialized) { + Curl_hash_destroy(&ctx->streams); + } + free(ctx); +} + static struct cf_msh3_ctx *h3_get_msh3_ctx(struct Curl_easy *data); /* How to access `call_data` from a cf_msh3 filter */ @@ -158,7 +180,7 @@ struct stream_ctx { }; #define H3_STREAM_CTX(ctx,data) ((struct stream_ctx *)((data && ctx)? \ - Curl_hash_offt_get(&(ctx)->streams, (data)->id) : NULL)) + Curl_hash_offt_get(&(ctx)->streams, (data)->mid) : NULL)) static void h3_stream_ctx_free(struct stream_ctx *stream) { @@ -191,7 +213,7 @@ static CURLcode h3_data_setup(struct Curl_cfilter *cf, H3_STREAM_RECV_CHUNKS, BUFQ_OPT_SOFT_LIMIT); CURL_TRC_CF(data, cf, "data setup"); - if(!Curl_hash_offt_set(&ctx->streams, data->id, stream)) { + if(!Curl_hash_offt_set(&ctx->streams, data->mid, stream)) { h3_stream_ctx_free(stream); return CURLE_OUT_OF_MEMORY; } @@ -207,7 +229,7 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) (void)cf; if(stream) { CURL_TRC_CF(data, cf, "easy handle is done"); - Curl_hash_offt_remove(&ctx->streams, data->id); + Curl_hash_offt_remove(&ctx->streams, data->mid); } } @@ -226,8 +248,8 @@ static void drain_stream_from_other_thread(struct Curl_easy *data, } } -static void drain_stream(struct Curl_cfilter *cf, - struct Curl_easy *data) +static void h3_drain_stream(struct Curl_cfilter *cf, + struct Curl_easy *data) { struct cf_msh3_ctx *ctx = cf->ctx; struct stream_ctx *stream = H3_STREAM_CTX(ctx, data); @@ -258,9 +280,9 @@ static void MSH3_CALL msh3_conn_connected(MSH3_CONNECTION *Connection, (void)Connection; CURL_TRC_CF(data, cf, "[MSH3] connected"); - ctx->handshake_succeeded = true; - ctx->connected = true; - ctx->handshake_complete = true; + ctx->handshake_succeeded = TRUE; + ctx->connected = TRUE; + ctx->handshake_complete = TRUE; } static void MSH3_CALL msh3_conn_shutdown_complete(MSH3_CONNECTION *Connection, @@ -272,8 +294,8 @@ static void MSH3_CALL msh3_conn_shutdown_complete(MSH3_CONNECTION *Connection, (void)Connection; CURL_TRC_CF(data, cf, "[MSH3] shutdown complete"); - ctx->connected = false; - ctx->handshake_complete = true; + ctx->connected = FALSE; + ctx->handshake_complete = TRUE; } static void MSH3_CALL msh3_conn_new_request(MSH3_CONNECTION *Connection, @@ -428,7 +450,7 @@ static bool MSH3_CALL msh3_data_received(MSH3_REQUEST *Request, stream->recv_error = result; goto out; } - stream->recv_header_complete = true; + stream->recv_header_complete = TRUE; } result = write_resp_raw(data, buf, *buflen); @@ -454,7 +476,7 @@ static void MSH3_CALL msh3_complete(MSH3_REQUEST *Request, void *IfContext, return; msh3_lock_acquire(&stream->recv_lock); stream->closed = TRUE; - stream->recv_header_complete = true; + stream->recv_header_complete = TRUE; if(error) stream->error3 = error; if(aborted) @@ -574,7 +596,7 @@ static ssize_t cf_msh3_recv(struct Curl_cfilter *cf, struct Curl_easy *data, if(nread < 0) goto out; if(stream->closed) - drain_stream(cf, data); + h3_drain_stream(cf, data); } else if(stream->closed) { nread = recv_closed_stream(cf, data, err); @@ -593,7 +615,8 @@ static ssize_t cf_msh3_recv(struct Curl_cfilter *cf, struct Curl_easy *data, } static ssize_t cf_msh3_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { struct cf_msh3_ctx *ctx = cf->ctx; struct stream_ctx *stream = H3_STREAM_CTX(ctx, data); @@ -603,7 +626,6 @@ static ssize_t cf_msh3_send(struct Curl_cfilter *cf, struct Curl_easy *data, size_t nheader, i; ssize_t nwritten = -1; struct cf_call_data save; - bool eos; CF_DATA_SAVE(save, cf, data); @@ -646,21 +668,6 @@ static ssize_t cf_msh3_send(struct Curl_cfilter *cf, struct Curl_easy *data, nva[i].ValueLength = e->valuelen; } - switch(data->state.httpreq) { - case HTTPREQ_POST: - case HTTPREQ_POST_FORM: - case HTTPREQ_POST_MIME: - case HTTPREQ_PUT: - /* known request body size or -1 */ - eos = FALSE; - break; - default: - /* there is not request body */ - eos = TRUE; - stream->upload_done = TRUE; - break; - } - CURL_TRC_CF(data, cf, "req: send %zu headers", nheader); stream->req = MsH3RequestOpen(ctx->qconn, &msh3_request_if, data, nva, nheader, @@ -715,11 +722,11 @@ static void cf_msh3_adjust_pollset(struct Curl_cfilter *cf, if(stream && ctx->sock[SP_LOCAL] != CURL_SOCKET_BAD) { if(stream->recv_error) { Curl_pollset_add_in(data, ps, ctx->sock[SP_LOCAL]); - drain_stream(cf, data); + h3_drain_stream(cf, data); } else if(stream->req) { Curl_pollset_add_out(data, ps, ctx->sock[SP_LOCAL]); - drain_stream(cf, data); + h3_drain_stream(cf, data); } } } @@ -742,7 +749,7 @@ static bool cf_msh3_data_pending(struct Curl_cfilter *cf, pending = !Curl_bufq_is_empty(&stream->recvbuf); msh3_lock_release(&stream->recv_lock); if(pending) - drain_stream(cf, (struct Curl_easy *)data); + h3_drain_stream(cf, (struct Curl_easy *)data); } CF_DATA_RESTORE(cf, save); @@ -754,7 +761,7 @@ static CURLcode h3_data_pause(struct Curl_cfilter *cf, bool pause) { if(!pause) { - drain_stream(cf, data); + h3_drain_stream(cf, data); Curl_expire(data, 0, EXPIRE_RUN_NOW); } return CURLE_OK; @@ -813,13 +820,13 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, CURLcode result; bool verify; - Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free); + DEBUGASSERT(ctx->initialized); conn_config = Curl_ssl_cf_get_primary_config(cf); if(!conn_config) return CURLE_FAILED_INIT; verify = !!conn_config->verifypeer; - memcpy(&addr, &ctx->addr.sa_addr, ctx->addr.addrlen); + memcpy(&addr, &ctx->addr.curl_sa_addr, ctx->addr.addrlen); MSH3_SET_PORT(&addr, (uint16_t)cf->conn->remote_port); if(verify && (conn_config->CAfile || conn_config->CApath)) { @@ -904,7 +911,6 @@ static CURLcode cf_msh3_connect(struct Curl_cfilter *cf, CURL_TRC_CF(data, cf, "handshake succeeded"); cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ cf->conn->httpversion = 30; - cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX; cf->connected = TRUE; cf->conn->alpn = CURL_HTTP_VERSION_3; *done = TRUE; @@ -940,7 +946,6 @@ static void cf_msh3_close(struct Curl_cfilter *cf, struct Curl_easy *data) MsH3ApiClose(ctx->api); ctx->api = NULL; } - Curl_hash_destroy(&ctx->streams); if(ctx->active) { /* We share our socket at cf->conn->sock[cf->sockindex] when active. @@ -979,10 +984,11 @@ static void cf_msh3_destroy(struct Curl_cfilter *cf, struct Curl_easy *data) CF_DATA_SAVE(save, cf, data); cf_msh3_close(cf, data); - free(cf->ctx); - cf->ctx = NULL; + if(cf->ctx) { + cf_msh3_ctx_free(cf->ctx); + cf->ctx = NULL; + } /* no CF_DATA_RESTORE(cf, save); its gone */ - } static CURLcode cf_msh3_query(struct Curl_cfilter *cf, @@ -1014,7 +1020,7 @@ static CURLcode cf_msh3_query(struct Curl_cfilter *cf, default: break; } - return cf->next? + return cf->next ? cf->next->cft->query(cf->next, data, query, pres1, pres2) : CURLE_UNKNOWN_OPTION; } @@ -1081,17 +1087,15 @@ CURLcode Curl_cf_msh3_create(struct Curl_cfilter **pcf, result = CURLE_OUT_OF_MEMORY; goto out; } - Curl_sock_assign_addr(&ctx->addr, ai, TRNSPRT_QUIC); - ctx->sock[SP_LOCAL] = CURL_SOCKET_BAD; - ctx->sock[SP_REMOTE] = CURL_SOCKET_BAD; + cf_msh3_ctx_init(ctx, ai); result = Curl_cf_create(&cf, &Curl_cft_http3, ctx); out: - *pcf = (!result)? cf : NULL; + *pcf = (!result) ? cf : NULL; if(result) { Curl_safefree(cf); - Curl_safefree(ctx); + cf_msh3_ctx_free(ctx); } return result; @@ -1101,7 +1105,7 @@ bool Curl_conn_is_msh3(const struct Curl_easy *data, const struct connectdata *conn, int sockindex) { - struct Curl_cfilter *cf = conn? conn->cfilter[sockindex] : NULL; + struct Curl_cfilter *cf = conn ? conn->cfilter[sockindex] : NULL; (void)data; for(; cf; cf = cf->next) { diff --git a/libraries/libcurl/vquic/curl_ngtcp2.c b/libraries/libcurl/vquic/curl_ngtcp2.c index 1f67f236..37009abd 100644 --- a/libraries/libcurl/vquic/curl_ngtcp2.c +++ b/libraries/libcurl/vquic/curl_ngtcp2.c @@ -41,6 +41,7 @@ #include "vtls/gtls.h" #elif defined(USE_WOLFSSL) #include +#include "vtls/wolfssl.h" #endif #include "urldata.h" @@ -129,15 +130,15 @@ struct cf_ngtcp2_ctx { nghttp3_settings h3settings; struct curltime started_at; /* time the current attempt started */ struct curltime handshake_at; /* time connect handshake finished */ - struct curltime reconnect_at; /* time the next attempt should start */ struct bufc_pool stream_bufcp; /* chunk pool for streams */ struct dynbuf scratch; /* temp buffer for header construction */ - struct Curl_hash streams; /* hash `data->id` to `h3_stream_ctx` */ + struct Curl_hash streams; /* hash `data->mid` to `h3_stream_ctx` */ size_t max_stream_window; /* max flow window for one stream */ uint64_t max_idle_ms; /* max idle time for QUIC connection */ uint64_t used_bidi_streams; /* bidi streams we have opened */ uint64_t max_bidi_streams; /* max bidi streams we can open */ int qlogfd; + BIT(initialized); BIT(shutdown_started); /* queued shutdown packets */ }; @@ -146,6 +147,34 @@ struct cf_ngtcp2_ctx { #define CF_CTX_CALL_DATA(cf) \ ((struct cf_ngtcp2_ctx *)(cf)->ctx)->call_data +static void h3_stream_hash_free(void *stream); + +static void cf_ngtcp2_ctx_init(struct cf_ngtcp2_ctx *ctx) +{ + DEBUGASSERT(!ctx->initialized); + ctx->qlogfd = -1; + ctx->version = NGTCP2_PROTO_VER_MAX; + ctx->max_stream_window = H3_STREAM_WINDOW_SIZE; + ctx->max_idle_ms = CURL_QUIC_MAX_IDLE_MS; + Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE, + H3_STREAM_POOL_SPARES); + Curl_dyn_init(&ctx->scratch, CURL_MAX_HTTP_HEADER); + Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free); + ctx->initialized = TRUE; +} + +static void cf_ngtcp2_ctx_free(struct cf_ngtcp2_ctx *ctx) +{ + if(ctx && ctx->initialized) { + Curl_bufcp_free(&ctx->stream_bufcp); + Curl_dyn_free(&ctx->scratch); + Curl_hash_clean(&ctx->streams); + Curl_hash_destroy(&ctx->streams); + Curl_ssl_peer_cleanup(&ctx->peer); + } + free(ctx); +} + struct pkt_io_ctx; static CURLcode cf_progress_ingress(struct Curl_cfilter *cf, struct Curl_easy *data, @@ -174,7 +203,7 @@ struct h3_stream_ctx { }; #define H3_STREAM_CTX(ctx,data) ((struct h3_stream_ctx *)(\ - data? Curl_hash_offt_get(&(ctx)->streams, (data)->id) : NULL)) + data? Curl_hash_offt_get(&(ctx)->streams, (data)->mid) : NULL)) #define H3_STREAM_CTX_ID(ctx,id) ((struct h3_stream_ctx *)(\ Curl_hash_offt_get(&(ctx)->streams, (id)))) @@ -197,10 +226,8 @@ static CURLcode h3_data_setup(struct Curl_cfilter *cf, struct cf_ngtcp2_ctx *ctx = cf->ctx; struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data); - if(!data) { - failf(data, "initialization failure, transfer not http initialized"); + if(!data) return CURLE_FAILED_INIT; - } if(stream) return CURLE_OK; @@ -216,7 +243,7 @@ static CURLcode h3_data_setup(struct Curl_cfilter *cf, stream->sendbuf_len_in_flight = 0; Curl_h1_req_parse_init(&stream->h1, H1_PARSE_DEFAULT_MAX_LINE_LEN); - if(!Curl_hash_offt_set(&ctx->streams, data->id, stream)) { + if(!Curl_hash_offt_set(&ctx->streams, data->mid, stream)) { h3_stream_ctx_free(stream); return CURLE_OUT_OF_MEMORY; } @@ -241,7 +268,7 @@ static void cf_ngtcp2_stream_close(struct Curl_cfilter *cf, NGHTTP3_H3_REQUEST_CANCELLED); result = cf_progress_egress(cf, data, NULL); if(result) - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cancel stream -> %d", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cancel stream -> %d", stream->id, result); } } @@ -252,10 +279,10 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data); (void)cf; if(stream) { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] easy handle is done", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] easy handle is done", stream->id); cf_ngtcp2_stream_close(cf, data, stream); - Curl_hash_offt_remove(&ctx->streams, data->id); + Curl_hash_offt_remove(&ctx->streams, data->mid); } } @@ -265,7 +292,6 @@ static struct Curl_easy *get_stream_easy(struct Curl_cfilter *cf, struct h3_stream_ctx **pstream) { struct cf_ngtcp2_ctx *ctx = cf->ctx; - struct Curl_easy *sdata; struct h3_stream_ctx *stream; (void)cf; @@ -275,8 +301,10 @@ static struct Curl_easy *get_stream_easy(struct Curl_cfilter *cf, return data; } else { + struct Curl_llist_node *e; DEBUGASSERT(data->multi); - for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *sdata = Curl_node_elem(e); if(sdata->conn != data->conn) continue; stream = H3_STREAM_CTX(ctx, sdata); @@ -315,7 +343,6 @@ struct pkt_io_ctx { struct Curl_cfilter *cf; struct Curl_easy *data; ngtcp2_tstamp ts; - size_t pkt_count; ngtcp2_path_storage ps; }; @@ -335,7 +362,6 @@ static void pktx_init(struct pkt_io_ctx *pktx, { pktx->cf = cf; pktx->data = data; - pktx->pkt_count = 0; ngtcp2_path_storage_zero(&pktx->ps); pktx_update_time(pktx, cf); } @@ -402,7 +428,7 @@ static void quic_settings(struct cf_ngtcp2_ctx *ctx, s->initial_ts = pktx->ts; s->handshake_timeout = QUIC_HANDSHAKE_TIMEOUT; s->max_window = 100 * ctx->max_stream_window; - s->max_stream_window = ctx->max_stream_window; + s->max_stream_window = 10 * ctx->max_stream_window; t->initial_max_data = 10 * ctx->max_stream_window; t->initial_max_stream_data_bidi_local = ctx->max_stream_window; @@ -490,12 +516,12 @@ static int cb_recv_stream_data(ngtcp2_conn *tconn, uint32_t flags, if(!data) data = CF_DATA_CURRENT(cf); if(data) - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] read_stream(len=%zu) -> %zd", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read_stream(len=%zu) -> %zd", stream_id, buflen, nconsumed); if(nconsumed < 0) { struct h3_stream_ctx *stream = H3_STREAM_CTX_ID(ctx, stream_id); if(data && stream) { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] error on known stream, " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] error on known stream, " "reset=%d, closed=%d", stream_id, stream->reset, stream->closed); } @@ -555,8 +581,8 @@ static int cb_stream_close(ngtcp2_conn *tconn, uint32_t flags, } rv = nghttp3_conn_close_stream(ctx->h3conn, stream_id, app_error_code); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] quic close(app_error=%" - CURL_PRIu64 ") -> %d", stream_id, (curl_uint64_t)app_error_code, + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] quic close(app_error=%" + FMT_PRIu64 ") -> %d", stream_id, (curl_uint64_t)app_error_code, rv); if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { cf_ngtcp2_h3_err_set(cf, data, rv); @@ -581,7 +607,7 @@ static int cb_stream_reset(ngtcp2_conn *tconn, int64_t sid, (void)data; rv = nghttp3_conn_shutdown_stream_read(ctx->h3conn, stream_id); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] reset -> %d", stream_id, rv); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] reset -> %d", stream_id, rv); if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { return NGTCP2_ERR_CALLBACK_FAILURE; } @@ -619,8 +645,8 @@ static int cb_extend_max_local_streams_bidi(ngtcp2_conn *tconn, (void)tconn; ctx->max_bidi_streams = max_streams; if(data) - CURL_TRC_CF(data, cf, "max bidi streams now %" CURL_PRIu64 - ", used %" CURL_PRIu64, (curl_uint64_t)ctx->max_bidi_streams, + CURL_TRC_CF(data, cf, "max bidi streams now %" FMT_PRIu64 + ", used %" FMT_PRIu64, (curl_uint64_t)ctx->max_bidi_streams, (curl_uint64_t)ctx->used_bidi_streams); return 0; } @@ -646,8 +672,7 @@ static int cb_extend_max_stream_data(ngtcp2_conn *tconn, int64_t sid, } s_data = get_stream_easy(cf, data, stream_id, &stream); if(s_data && stream && stream->quic_flow_blocked) { - CURL_TRC_CF(s_data, cf, "[%" CURL_PRId64 "] unblock quic flow", - stream_id); + CURL_TRC_CF(s_data, cf, "[%" FMT_PRId64 "] unblock quic flow", stream_id); stream->quic_flow_blocked = FALSE; h3_drain_stream(cf, s_data); } @@ -705,6 +730,11 @@ static int cb_recv_rx_key(ngtcp2_conn *tconn, ngtcp2_encryption_level level, return 0; } +#if defined(_MSC_VER) && defined(_DLL) +# pragma warning(push) +# pragma warning(disable:4232) /* MSVC extension, dllimport identity */ +#endif + static ngtcp2_callbacks ng_callbacks = { ngtcp2_crypto_client_initial_cb, NULL, /* recv_client_initial */ @@ -748,6 +778,10 @@ static ngtcp2_callbacks ng_callbacks = { NULL, /* early_data_rejected */ }; +#if defined(_MSC_VER) && defined(_DLL) +# pragma warning(pop) +#endif + /** * Connection maintenance like timeouts on packet ACKs etc. are done by us, not * the OS like for TCP. POLL events on the socket therefore are not @@ -858,11 +892,11 @@ static int cb_h3_stream_close(nghttp3_conn *conn, int64_t sid, if(stream->error3 != NGHTTP3_H3_NO_ERROR) { stream->reset = TRUE; stream->send_closed = TRUE; - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] RESET: error %" CURL_PRIu64, + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] RESET: error %" FMT_PRIu64, stream->id, stream->error3); } else { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] CLOSED", stream->id); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] CLOSED", stream->id); } h3_drain_stream(cf, data); return 0; @@ -878,7 +912,7 @@ static void h3_xfer_write_resp_hd(struct Curl_cfilter *cf, if(!stream->xfer_result) { stream->xfer_result = Curl_xfer_write_resp_hd(data, buf, blen, eos); if(stream->xfer_result) - CURL_TRC_CF(data, cf, "[%"CURL_PRId64"] error %d writing %zu " + CURL_TRC_CF(data, cf, "[%"FMT_PRId64"] error %d writing %zu " "bytes of headers", stream->id, stream->xfer_result, blen); } } @@ -894,7 +928,7 @@ static void h3_xfer_write_resp(struct Curl_cfilter *cf, stream->xfer_result = Curl_xfer_write_resp(data, buf, blen, eos); /* If the transfer write is errored, we do not want any more data */ if(stream->xfer_result) { - CURL_TRC_CF(data, cf, "[%"CURL_PRId64"] error %d writing %zu bytes " + CURL_TRC_CF(data, cf, "[%"FMT_PRId64"] error %d writing %zu bytes " "of data", stream->id, stream->xfer_result, blen); } } @@ -917,12 +951,12 @@ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id, h3_xfer_write_resp(cf, data, stream, (char *)buf, blen, FALSE); if(blen) { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] ACK %zu bytes of DATA", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] ACK %zu bytes of DATA", stream->id, blen); ngtcp2_conn_extend_max_stream_offset(ctx->qconn, stream->id, blen); ngtcp2_conn_extend_max_offset(ctx->qconn, blen); } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] DATA len=%zu", stream->id, blen); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] DATA len=%zu", stream->id, blen); return 0; } @@ -960,7 +994,7 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t sid, /* add a CRLF only if we have received some headers */ h3_xfer_write_resp_hd(cf, data, stream, STRCONST("\r\n"), stream->closed); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] end_headers, status=%d", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] end_headers, status=%d", stream_id, stream->status_code); if(stream->status_code / 100 != 1) { stream->resp_hds_complete = TRUE; @@ -1008,7 +1042,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t sid, if(!result) h3_xfer_write_resp_hd(cf, data, stream, Curl_dyn_ptr(&ctx->scratch), Curl_dyn_len(&ctx->scratch), FALSE); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] status: %s", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] status: %s", stream_id, Curl_dyn_ptr(&ctx->scratch)); if(result) { return -1; @@ -1016,7 +1050,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t sid, } else { /* store as an HTTP1-style header */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] header: %.*s: %.*s", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] header: %.*s: %.*s", stream_id, (int)h3name.len, h3name.base, (int)h3val.len, h3val.base); Curl_dyn_reset(&ctx->scratch); @@ -1049,7 +1083,7 @@ static int cb_h3_stop_sending(nghttp3_conn *conn, int64_t stream_id, rv = ngtcp2_conn_shutdown_stream_read(ctx->qconn, 0, stream_id, app_error_code); if(rv && rv != NGTCP2_ERR_STREAM_NOT_FOUND) { - return NGTCP2_ERR_CALLBACK_FAILURE; + return NGHTTP3_ERR_CALLBACK_FAILURE; } return 0; @@ -1068,9 +1102,9 @@ static int cb_h3_reset_stream(nghttp3_conn *conn, int64_t sid, rv = ngtcp2_conn_shutdown_stream_write(ctx->qconn, 0, stream_id, app_error_code); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] reset -> %d", stream_id, rv); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] reset -> %d", stream_id, rv); if(rv && rv != NGTCP2_ERR_STREAM_NOT_FOUND) { - return NGTCP2_ERR_CALLBACK_FAILURE; + return NGHTTP3_ERR_CALLBACK_FAILURE; } return 0; @@ -1163,14 +1197,13 @@ static ssize_t recv_closed_stream(struct Curl_cfilter *cf, (void)cf; if(stream->reset) { - failf(data, - "HTTP/3 stream %" CURL_PRId64 " reset by server", stream->id); - *err = data->req.bytecount? CURLE_PARTIAL_FILE : CURLE_HTTP3; + failf(data, "HTTP/3 stream %" FMT_PRId64 " reset by server", stream->id); + *err = data->req.bytecount ? CURLE_PARTIAL_FILE : CURLE_HTTP3; goto out; } else if(!stream->resp_hds_complete) { failf(data, - "HTTP/3 stream %" CURL_PRId64 " was closed cleanly, but before " + "HTTP/3 stream %" FMT_PRId64 " was closed cleanly, but before " "getting all response header fields, treated as error", stream->id); *err = CURLE_HTTP3; @@ -1217,7 +1250,7 @@ static ssize_t cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, } if(stream->xfer_result) { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] xfer write failed", stream->id); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] xfer write failed", stream->id); cf_ngtcp2_stream_close(cf, data, stream); *err = stream->xfer_result; nread = -1; @@ -1242,8 +1275,8 @@ static ssize_t cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, nread = -1; } } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cf_recv(blen=%zu) -> %zd, %d", - stream? stream->id : -1, blen, nread, *err); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_recv(blen=%zu) -> %zd, %d", + stream ? stream->id : -1, blen, nread, *err); CF_DATA_RESTORE(cf, save); return nread; } @@ -1275,7 +1308,7 @@ static int cb_h3_acked_req_body(nghttp3_conn *conn, int64_t stream_id, if(stream->sendbuf_len_in_flight < Curl_bufq_len(&stream->sendbuf)) { int rv = nghttp3_conn_resume_stream(conn, stream_id); if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { - return NGTCP2_ERR_CALLBACK_FAILURE; + return NGHTTP3_ERR_CALLBACK_FAILURE; } } return 0; @@ -1333,16 +1366,15 @@ cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id, } else if(!nwritten) { /* Not EOF, and nothing to give, we signal WOULDBLOCK. */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] read req body -> AGAIN", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read req body -> AGAIN", stream->id); return NGHTTP3_ERR_WOULDBLOCK; } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] read req body -> " - "%d vecs%s with %zu (buffered=%zu, left=%" - CURL_FORMAT_CURL_OFF_T ")", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read req body -> " + "%d vecs%s with %zu (buffered=%zu, left=%" FMT_OFF_T ")", stream->id, (int)nvecs, - *pflags == NGHTTP3_DATA_FLAG_EOF?" EOF":"", + *pflags == NGHTTP3_DATA_FLAG_EOF ? " EOF" : "", nwritten, Curl_bufq_len(&stream->sendbuf), stream->upload_left); return (nghttp3_ssize)nvecs; @@ -1454,12 +1486,12 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf, if(rc) { switch(rc) { case NGHTTP3_ERR_CONN_CLOSING: - CURL_TRC_CF(data, cf, "h3sid[%" CURL_PRId64 "] failed to send, " + CURL_TRC_CF(data, cf, "h3sid[%" FMT_PRId64 "] failed to send, " "connection is closing", stream->id); break; default: - CURL_TRC_CF(data, cf, "h3sid[%" CURL_PRId64 "] failed to send -> " - "%d (%s)", stream->id, rc, ngtcp2_strerror(rc)); + CURL_TRC_CF(data, cf, "h3sid[%" FMT_PRId64 "] failed to send -> " + "%d (%s)", stream->id, rc, nghttp3_strerror(rc)); break; } *err = CURLE_SEND_ERROR; @@ -1468,10 +1500,10 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf, } if(Curl_trc_is_verbose(data)) { - infof(data, "[HTTP/3] [%" CURL_PRId64 "] OPENED stream for %s", + infof(data, "[HTTP/3] [%" FMT_PRId64 "] OPENED stream for %s", stream->id, data->state.url); for(i = 0; i < nheader; ++i) { - infof(data, "[HTTP/3] [%" CURL_PRId64 "] [%.*s: %.*s]", stream->id, + infof(data, "[HTTP/3] [%" FMT_PRId64 "] [%.*s: %.*s]", stream->id, (int)nva[i].namelen, nva[i].name, (int)nva[i].valuelen, nva[i].value); } @@ -1484,7 +1516,8 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf, } static ssize_t cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { struct cf_ngtcp2_ctx *ctx = cf->ctx; struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data); @@ -1500,6 +1533,7 @@ static ssize_t cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data, pktx_init(&pktx, cf, data); *err = CURLE_OK; + (void)eos; /* TODO: use for stream EOF and block handling */ result = cf_progress_ingress(cf, data, &pktx); if(result) { *err = result; @@ -1521,7 +1555,7 @@ static ssize_t cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data, stream = H3_STREAM_CTX(ctx, data); } else if(stream->xfer_result) { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] xfer write failed", stream->id); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] xfer write failed", stream->id); cf_ngtcp2_stream_close(cf, data, stream); *err = stream->xfer_result; sent = -1; @@ -1534,13 +1568,13 @@ static ssize_t cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data, * body. This happens on 30x or 40x responses. * We silently discard the data sent, since this is not a transport * error situation. */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] discarding data" + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] discarding data" "on closed stream with response", stream->id); *err = CURLE_OK; sent = (ssize_t)len; goto out; } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] send_body(len=%zu) " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] send_body(len=%zu) " "-> stream closed", stream->id, len); *err = CURLE_HTTP3; sent = -1; @@ -1554,7 +1588,7 @@ static ssize_t cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data, } else { sent = Curl_bufq_write(&stream->sendbuf, buf, len, err); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cf_send, add to " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_send, add to " "sendbuf(len=%zu) -> %zd, %d", stream->id, len, sent, *err); if(sent < 0) { @@ -1576,8 +1610,8 @@ static ssize_t cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data, *err = result; sent = -1; } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cf_send(len=%zu) -> %zd, %d", - stream? stream->id : -1, len, sent, *err); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_send(len=%zu) -> %zd, %d", + stream ? stream->id : -1, len, sent, *err); CF_DATA_RESTORE(cf, save); return sent; } @@ -1589,7 +1623,6 @@ static CURLcode qng_verify_peer(struct Curl_cfilter *cf, cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ cf->conn->httpversion = 30; - cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX; return Curl_vquic_tls_verify_peer(&ctx->tls, cf, data, &ctx->peer); } @@ -1605,7 +1638,6 @@ static CURLcode recv_pkt(const unsigned char *pkt, size_t pktlen, ngtcp2_path path; int rv; - ++pktx->pkt_count; ngtcp2_addr_init(&path.local, (struct sockaddr *)&ctx->q.local_addr, (socklen_t)ctx->q.local_addrlen); ngtcp2_addr_init(&path.remote, (struct sockaddr *)remote_addr, @@ -1634,31 +1666,18 @@ static CURLcode cf_progress_ingress(struct Curl_cfilter *cf, { struct cf_ngtcp2_ctx *ctx = cf->ctx; struct pkt_io_ctx local_pktx; - size_t pkts_chunk = 128, i; CURLcode result = CURLE_OK; if(!pktx) { pktx_init(&local_pktx, cf, data); pktx = &local_pktx; } - else { - pktx_update_time(pktx, cf); - } result = Curl_vquic_tls_before_recv(&ctx->tls, cf, data); if(result) return result; - for(i = 0; i < 4; ++i) { - if(i) - pktx_update_time(pktx, cf); - pktx->pkt_count = 0; - result = vquic_recv_packets(cf, data, &ctx->q, pkts_chunk, - recv_pkt, pktx); - if(result || !pktx->pkt_count) /* error or got nothing */ - break; - } - return result; + return vquic_recv_packets(cf, data, &ctx->q, 1000, recv_pkt, pktx); } /** @@ -1723,7 +1742,7 @@ static ssize_t read_pkt_to_send(void *userp, struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, x->data); DEBUGASSERT(ndatalen == -1); nghttp3_conn_block_stream(ctx->h3conn, stream_id); - CURL_TRC_CF(x->data, x->cf, "[%" CURL_PRId64 "] block quic flow", + CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRId64 "] block quic flow", (curl_int64_t)stream_id); DEBUGASSERT(stream); if(stream) @@ -1960,27 +1979,22 @@ static CURLcode cf_ngtcp2_data_event(struct Curl_cfilter *cf, return result; } -static void cf_ngtcp2_ctx_clear(struct cf_ngtcp2_ctx *ctx) +static void cf_ngtcp2_ctx_close(struct cf_ngtcp2_ctx *ctx) { struct cf_call_data save = ctx->call_data; + if(!ctx->initialized) + return; if(ctx->qlogfd != -1) { close(ctx->qlogfd); } + ctx->qlogfd = -1; Curl_vquic_tls_cleanup(&ctx->tls); vquic_ctx_free(&ctx->q); if(ctx->h3conn) nghttp3_conn_del(ctx->h3conn); if(ctx->qconn) ngtcp2_conn_del(ctx->qconn); - Curl_bufcp_free(&ctx->stream_bufcp); - Curl_dyn_free(&ctx->scratch); - Curl_hash_clean(&ctx->streams); - Curl_hash_destroy(&ctx->streams); - Curl_ssl_peer_cleanup(&ctx->peer); - - memset(ctx, 0, sizeof(*ctx)); - ctx->qlogfd = -1; ctx->call_data = save; } @@ -2027,7 +2041,7 @@ static CURLcode cf_ngtcp2_shutdown(struct Curl_cfilter *cf, (uint8_t *)buffer, sizeof(buffer), &ctx->last_error, pktx.ts); CURL_TRC_CF(data, cf, "start shutdown(err_type=%d, err_code=%" - CURL_PRIu64 ") -> %d", ctx->last_error.type, + FMT_PRIu64 ") -> %d", ctx->last_error.type, (curl_uint64_t)ctx->last_error.error_code, (int)nwritten); if(nwritten > 0) { Curl_bufq_write(&ctx->q.sendbuf, (const unsigned char *)buffer, @@ -2085,7 +2099,7 @@ static void cf_ngtcp2_close(struct Curl_cfilter *cf, struct Curl_easy *data) CF_DATA_SAVE(save, cf, data); if(ctx && ctx->qconn) { cf_ngtcp2_conn_close(cf, data); - cf_ngtcp2_ctx_clear(ctx); + cf_ngtcp2_ctx_close(ctx); CURL_TRC_CF(data, cf, "close"); } cf->connected = FALSE; @@ -2094,18 +2108,11 @@ static void cf_ngtcp2_close(struct Curl_cfilter *cf, struct Curl_easy *data) static void cf_ngtcp2_destroy(struct Curl_cfilter *cf, struct Curl_easy *data) { - struct cf_ngtcp2_ctx *ctx = cf->ctx; - struct cf_call_data save; - - CF_DATA_SAVE(save, cf, data); CURL_TRC_CF(data, cf, "destroy"); - if(ctx) { - cf_ngtcp2_ctx_clear(ctx); - free(ctx); + if(cf->ctx) { + cf_ngtcp2_ctx_free(cf->ctx); + cf->ctx = NULL; } - cf->ctx = NULL; - /* No CF_DATA_RESTORE(cf, save) possible */ - (void)save; } #ifdef USE_OPENSSL @@ -2120,9 +2127,9 @@ static int quic_ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) ngtcp2_crypto_conn_ref *cref; cref = (ngtcp2_crypto_conn_ref *)SSL_get_app_data(ssl); - cf = cref? cref->user_data : NULL; - ctx = cf? cf->ctx : NULL; - data = cf? CF_DATA_CURRENT(cf) : NULL; + cf = cref ? cref->user_data : NULL; + ctx = cf ? cf->ctx : NULL; + data = cf ? CF_DATA_CURRENT(cf) : NULL; if(cf && data && ctx) { Curl_ossl_add_session(cf, data, &ctx->peer, ssl_sessionid); return 1; @@ -2131,12 +2138,63 @@ static int quic_ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) } #endif /* USE_OPENSSL */ +#ifdef USE_GNUTLS +static int quic_gtls_handshake_cb(gnutls_session_t session, unsigned int htype, + unsigned when, unsigned int incoming, + const gnutls_datum_t *msg) +{ + ngtcp2_crypto_conn_ref *conn_ref = gnutls_session_get_ptr(session); + struct Curl_cfilter *cf = conn_ref ? conn_ref->user_data : NULL; + struct cf_ngtcp2_ctx *ctx = cf ? cf->ctx : NULL; + + (void)msg; + (void)incoming; + if(when && cf && ctx) { /* after message has been processed */ + struct Curl_easy *data = CF_DATA_CURRENT(cf); + DEBUGASSERT(data); + if(data) { + CURL_TRC_CF(data, cf, "handshake: %s message type %d", + incoming ? "incoming" : "outgoing", htype); + } + switch(htype) { + case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: { + (void)Curl_gtls_update_session_id(cf, data, session, &ctx->peer, "h3"); + break; + } + default: + break; + } + } + return 0; +} +#endif /* USE_GNUTLS */ + +#ifdef USE_WOLFSSL +static int wssl_quic_new_session_cb(WOLFSSL *ssl, WOLFSSL_SESSION *session) +{ + ngtcp2_crypto_conn_ref *conn_ref = wolfSSL_get_app_data(ssl); + struct Curl_cfilter *cf = conn_ref ? conn_ref->user_data : NULL; + + DEBUGASSERT(cf != NULL); + if(cf && session) { + struct cf_ngtcp2_ctx *ctx = cf->ctx; + struct Curl_easy *data = CF_DATA_CURRENT(cf); + DEBUGASSERT(data); + if(data && ctx) { + (void)wssl_cache_session(cf, data, &ctx->peer, session); + } + } + return 0; +} +#endif /* USE_WOLFSSL */ + static CURLcode tls_ctx_setup(struct Curl_cfilter *cf, struct Curl_easy *data, void *user_data) { struct curl_tls_ctx *ctx = user_data; - (void)cf; + struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); + #ifdef USE_OPENSSL #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) if(ngtcp2_crypto_boringssl_configure_client_context(ctx->ossl.ssl_ctx) @@ -2150,25 +2208,37 @@ static CURLcode tls_ctx_setup(struct Curl_cfilter *cf, return CURLE_FAILED_INIT; } #endif /* !OPENSSL_IS_BORINGSSL && !OPENSSL_IS_AWSLC */ - /* Enable the session cache because it is a prerequisite for the - * "new session" callback. Use the "external storage" mode to prevent - * OpenSSL from creating an internal session cache. - */ - SSL_CTX_set_session_cache_mode(ctx->ossl.ssl_ctx, - SSL_SESS_CACHE_CLIENT | - SSL_SESS_CACHE_NO_INTERNAL); - SSL_CTX_sess_set_new_cb(ctx->ossl.ssl_ctx, quic_ossl_new_session_cb); + if(ssl_config->primary.cache_session) { + /* Enable the session cache because it is a prerequisite for the + * "new session" callback. Use the "external storage" mode to prevent + * OpenSSL from creating an internal session cache. + */ + SSL_CTX_set_session_cache_mode(ctx->ossl.ssl_ctx, + SSL_SESS_CACHE_CLIENT | + SSL_SESS_CACHE_NO_INTERNAL); + SSL_CTX_sess_set_new_cb(ctx->ossl.ssl_ctx, quic_ossl_new_session_cb); + } #elif defined(USE_GNUTLS) if(ngtcp2_crypto_gnutls_configure_client_session(ctx->gtls.session) != 0) { failf(data, "ngtcp2_crypto_gnutls_configure_client_session failed"); return CURLE_FAILED_INIT; } + if(ssl_config->primary.cache_session) { + gnutls_handshake_set_hook_function(ctx->gtls.session, + GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, + quic_gtls_handshake_cb); + } + #elif defined(USE_WOLFSSL) if(ngtcp2_crypto_wolfssl_configure_client_context(ctx->wssl.ctx) != 0) { failf(data, "ngtcp2_crypto_wolfssl_configure_client_context failed"); return CURLE_FAILED_INIT; } + if(ssl_config->primary.cache_session) { + /* Register to get notified when a new session is received */ + wolfSSL_CTX_sess_set_new_cb(ctx->wssl.ctx, wssl_quic_new_session_cb); + } #endif return CURLE_OK; } @@ -2187,14 +2257,7 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, const struct Curl_sockaddr_ex *sockaddr = NULL; int qfd; - ctx->version = NGTCP2_PROTO_VER_MAX; - ctx->max_stream_window = H3_STREAM_WINDOW_SIZE; - ctx->max_idle_ms = CURL_QUIC_MAX_IDLE_MS; - Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE, - H3_STREAM_POOL_SPARES); - Curl_dyn_init(&ctx->scratch, CURL_MAX_HTTP_HEADER); - Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free); - + DEBUGASSERT(ctx->initialized); result = Curl_ssl_peer_init(&ctx->peer, cf, TRNSPRT_QUIC); if(result) return result; @@ -2241,7 +2304,7 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, (struct sockaddr *)&ctx->q.local_addr, ctx->q.local_addrlen); ngtcp2_addr_init(&ctx->connected_path.remote, - &sockaddr->sa_addr, (socklen_t)sockaddr->addrlen); + &sockaddr->curl_sa_addr, (socklen_t)sockaddr->addrlen); rc = ngtcp2_conn_client_new(&ctx->qconn, &ctx->dcid, &ctx->scid, &ctx->connected_path, @@ -2255,8 +2318,10 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, ngtcp2_conn_set_tls_native_handle(ctx->qconn, ctx->tls.ossl.ssl); #elif defined(USE_GNUTLS) ngtcp2_conn_set_tls_native_handle(ctx->qconn, ctx->tls.gtls.session); -#else +#elif defined(USE_WOLFSSL) ngtcp2_conn_set_tls_native_handle(ctx->qconn, ctx->tls.wssl.handle); +#else + #error "ngtcp2 TLS backend not defined" #endif ngtcp2_ccerr_default(&ctx->last_error); @@ -2295,12 +2360,6 @@ static CURLcode cf_ngtcp2_connect(struct Curl_cfilter *cf, CF_DATA_SAVE(save, cf, data); - if(ctx->reconnect_at.tv_sec && Curl_timediff(now, ctx->reconnect_at) < 0) { - /* Not time yet to attempt the next connect */ - CURL_TRC_CF(data, cf, "waiting for reconnect time"); - goto out; - } - if(!ctx->qconn) { ctx->started_at = now; result = cf_connect_start(cf, data, &pktx); @@ -2385,11 +2444,11 @@ static CURLcode cf_ngtcp2_query(struct Curl_cfilter *cf, if(ctx->max_bidi_streams > ctx->used_bidi_streams) avail_bidi_streams = ctx->max_bidi_streams - ctx->used_bidi_streams; max_streams += avail_bidi_streams; - *pres1 = (max_streams > INT_MAX)? INT_MAX : (int)max_streams; + *pres1 = (max_streams > INT_MAX) ? INT_MAX : (int)max_streams; } else /* transport params not arrived yet? take our default. */ *pres1 = (int)Curl_multi_max_concurrent_streams(data->multi); - CURL_TRC_CF(data, cf, "query conn[%" CURL_FORMAT_CURL_OFF_T "]: " + CURL_TRC_CF(data, cf, "query conn[%" FMT_OFF_T "]: " "MAX_CONCURRENT -> %d (%zu in use)", cf->conn->connection_id, *pres1, CONN_INUSE(cf->conn)); CF_DATA_RESTORE(cf, save); @@ -2398,7 +2457,7 @@ static CURLcode cf_ngtcp2_query(struct Curl_cfilter *cf, case CF_QUERY_CONNECT_REPLY_MS: if(ctx->q.got_first_byte) { timediff_t ms = Curl_timediff(ctx->q.first_byte_at, ctx->started_at); - *pres1 = (ms < INT_MAX)? (int)ms : INT_MAX; + *pres1 = (ms < INT_MAX) ? (int)ms : INT_MAX; } else *pres1 = -1; @@ -2418,7 +2477,7 @@ static CURLcode cf_ngtcp2_query(struct Curl_cfilter *cf, default: break; } - return cf->next? + return cf->next ? cf->next->cft->query(cf->next, data, query, pres1, pres2) : CURLE_UNKNOWN_OPTION; } @@ -2467,7 +2526,7 @@ static bool cf_ngtcp2_conn_is_alive(struct Curl_cfilter *cf, *input_pending = FALSE; result = cf_progress_ingress(cf, data, NULL); CURL_TRC_CF(data, cf, "is_alive, progress ingress -> %d", result); - alive = result? FALSE : TRUE; + alive = result ? FALSE : TRUE; } out: @@ -2509,8 +2568,7 @@ CURLcode Curl_cf_ngtcp2_create(struct Curl_cfilter **pcf, result = CURLE_OUT_OF_MEMORY; goto out; } - ctx->qlogfd = -1; - cf_ngtcp2_ctx_clear(ctx); + cf_ngtcp2_ctx_init(ctx); result = Curl_cf_create(&cf, &Curl_cft_http3, ctx); if(result) @@ -2526,12 +2584,12 @@ CURLcode Curl_cf_ngtcp2_create(struct Curl_cfilter **pcf, cf->next = udp_cf; out: - *pcf = (!result)? cf : NULL; + *pcf = (!result) ? cf : NULL; if(result) { if(udp_cf) Curl_conn_cf_discard_sub(cf, udp_cf, data, TRUE); Curl_safefree(cf); - Curl_safefree(ctx); + cf_ngtcp2_ctx_free(ctx); } return result; } @@ -2540,7 +2598,7 @@ bool Curl_conn_is_ngtcp2(const struct Curl_easy *data, const struct connectdata *conn, int sockindex) { - struct Curl_cfilter *cf = conn? conn->cfilter[sockindex] : NULL; + struct Curl_cfilter *cf = conn ? conn->cfilter[sockindex] : NULL; (void)data; for(; cf; cf = cf->next) { diff --git a/libraries/libcurl/vquic/curl_osslq.c b/libraries/libcurl/vquic/curl_osslq.c index dafde44f..e5f737f8 100644 --- a/libraries/libcurl/vquic/curl_osslq.c +++ b/libraries/libcurl/vquic/curl_osslq.c @@ -175,7 +175,7 @@ static CURLcode make_bio_addr(BIO_ADDR **pbio_addr, switch(addr->family) { case AF_INET: { struct sockaddr_in * const sin = - (struct sockaddr_in * const)(void *)&addr->sa_addr; + (struct sockaddr_in * const)(void *)&addr->curl_sa_addr; if(!BIO_ADDR_rawmake(ba, AF_INET, &sin->sin_addr, sizeof(sin->sin_addr), sin->sin_port)) { goto out; @@ -186,7 +186,7 @@ static CURLcode make_bio_addr(BIO_ADDR **pbio_addr, #ifdef USE_IPV6 case AF_INET6: { struct sockaddr_in6 * const sin = - (struct sockaddr_in6 * const)(void *)&addr->sa_addr; + (struct sockaddr_in6 * const)(void *)&addr->curl_sa_addr; if(!BIO_ADDR_rawmake(ba, AF_INET6, &sin->sin6_addr, sizeof(sin->sin6_addr), sin->sin6_port)) { } @@ -288,11 +288,11 @@ struct cf_osslq_ctx { struct curltime started_at; /* time the current attempt started */ struct curltime handshake_at; /* time connect handshake finished */ struct curltime first_byte_at; /* when first byte was recvd */ - struct curltime reconnect_at; /* time the next attempt should start */ struct bufc_pool stream_bufcp; /* chunk pool for streams */ - struct Curl_hash streams; /* hash `data->id` to `h3_stream_ctx` */ + struct Curl_hash streams; /* hash `data->mid` to `h3_stream_ctx` */ size_t max_stream_window; /* max flow window for one stream */ uint64_t max_idle_ms; /* max idle time for QUIC connection */ + BIT(initialized); BIT(got_first_byte); /* if first byte was received */ BIT(x509_store_setup); /* if x509 store has been set up */ BIT(protocol_shutdown); /* QUIC connection is shut down */ @@ -300,19 +300,35 @@ struct cf_osslq_ctx { BIT(need_send); /* QUIC connection needs to send */ }; -static void cf_osslq_ctx_clear(struct cf_osslq_ctx *ctx) +static void h3_stream_hash_free(void *stream); + +static void cf_osslq_ctx_init(struct cf_osslq_ctx *ctx) +{ + DEBUGASSERT(!ctx->initialized); + Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE, + H3_STREAM_POOL_SPARES); + Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free); + ctx->initialized = TRUE; +} + +static void cf_osslq_ctx_free(struct cf_osslq_ctx *ctx) +{ + if(ctx && ctx->initialized) { + Curl_bufcp_free(&ctx->stream_bufcp); + Curl_hash_clean(&ctx->streams); + Curl_hash_destroy(&ctx->streams); + Curl_ssl_peer_cleanup(&ctx->peer); + } + free(ctx); +} + +static void cf_osslq_ctx_close(struct cf_osslq_ctx *ctx) { struct cf_call_data save = ctx->call_data; cf_osslq_h3conn_cleanup(&ctx->h3); Curl_vquic_tls_cleanup(&ctx->tls); vquic_ctx_free(&ctx->q); - Curl_bufcp_free(&ctx->stream_bufcp); - Curl_hash_clean(&ctx->streams); - Curl_hash_destroy(&ctx->streams); - Curl_ssl_peer_cleanup(&ctx->peer); - - memset(ctx, 0, sizeof(*ctx)); ctx->call_data = save; } @@ -401,7 +417,7 @@ static void cf_osslq_close(struct Curl_cfilter *cf, struct Curl_easy *data) (SSL_SHUTDOWN_FLAG_NO_BLOCK | SSL_SHUTDOWN_FLAG_RAPID), NULL, 0); } - cf_osslq_ctx_clear(ctx); + cf_osslq_ctx_close(ctx); } cf->connected = FALSE; @@ -417,8 +433,9 @@ static void cf_osslq_destroy(struct Curl_cfilter *cf, struct Curl_easy *data) CURL_TRC_CF(data, cf, "destroy"); if(ctx) { CURL_TRC_CF(data, cf, "cf_osslq_destroy()"); - cf_osslq_ctx_clear(ctx); - free(ctx); + if(ctx->tls.ossl.ssl) + cf_osslq_ctx_close(ctx); + cf_osslq_ctx_free(ctx); } cf->ctx = NULL; /* No CF_DATA_RESTORE(cf, save) possible */ @@ -435,7 +452,7 @@ static CURLcode cf_osslq_h3conn_add_stream(struct cf_osslq_h3conn *h3, if(h3->remote_ctrl_n >= ARRAYSIZE(h3->remote_ctrl)) { /* rejected, we are full */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] rejecting remote stream", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] rejecting remote stream", stream_id); SSL_free(stream_ssl); return CURLE_FAILED_INIT; @@ -446,12 +463,12 @@ static CURLcode cf_osslq_h3conn_add_stream(struct cf_osslq_h3conn *h3, nstream->id = stream_id; nstream->ssl = stream_ssl; Curl_bufq_initp(&nstream->recvbuf, &ctx->stream_bufcp, 1, BUFQ_OPT_NONE); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] accepted remote uni stream", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] accepted remote uni stream", stream_id); break; } default: - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] reject remote non-uni-read" + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] reject remote non-uni-read" " stream", stream_id); SSL_free(stream_ssl); return CURLE_FAILED_INIT; @@ -546,7 +563,6 @@ static CURLcode cf_osslq_verify_peer(struct Curl_cfilter *cf, cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ cf->conn->httpversion = 30; - cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX; return Curl_vquic_tls_verify_peer(&ctx->tls, cf, data, &ctx->peer); } @@ -573,7 +589,7 @@ struct h3_stream_ctx { }; #define H3_STREAM_CTX(ctx,data) ((struct h3_stream_ctx *)(\ - data? Curl_hash_offt_get(&(ctx)->streams, (data)->id) : NULL)) + data? Curl_hash_offt_get(&(ctx)->streams, (data)->mid) : NULL)) static void h3_stream_ctx_free(struct h3_stream_ctx *stream) { @@ -596,10 +612,8 @@ static CURLcode h3_data_setup(struct Curl_cfilter *cf, struct cf_osslq_ctx *ctx = cf->ctx; struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data); - if(!data) { - failf(data, "initialization failure, transfer not http initialized"); + if(!data) return CURLE_FAILED_INIT; - } if(stream) return CURLE_OK; @@ -620,7 +634,7 @@ static CURLcode h3_data_setup(struct Curl_cfilter *cf, stream->recv_buf_nonflow = 0; Curl_h1_req_parse_init(&stream->h1, H1_PARSE_DEFAULT_MAX_LINE_LEN); - if(!Curl_hash_offt_set(&ctx->streams, data->id, stream)) { + if(!Curl_hash_offt_set(&ctx->streams, data->mid, stream)) { h3_stream_ctx_free(stream); return CURLE_OUT_OF_MEMORY; } @@ -635,7 +649,7 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) (void)cf; if(stream) { - CURL_TRC_CF(data, cf, "[%"CURL_PRId64"] easy handle is done", + CURL_TRC_CF(data, cf, "[%"FMT_PRId64"] easy handle is done", stream->s.id); if(ctx->h3.conn && !stream->closed) { nghttp3_conn_shutdown_stream_read(ctx->h3.conn, stream->s.id); @@ -645,7 +659,7 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) stream->closed = TRUE; } - Curl_hash_offt_remove(&ctx->streams, data->id); + Curl_hash_offt_remove(&ctx->streams, data->mid); } } @@ -655,7 +669,6 @@ static struct cf_osslq_stream *cf_osslq_get_qstream(struct Curl_cfilter *cf, { struct cf_osslq_ctx *ctx = cf->ctx; struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data); - struct Curl_easy *sdata; if(stream && stream->s.id == stream_id) { return &stream->s; @@ -670,8 +683,10 @@ static struct cf_osslq_stream *cf_osslq_get_qstream(struct Curl_cfilter *cf, return &ctx->h3.s_qpack_dec; } else { + struct Curl_llist_node *e; DEBUGASSERT(data->multi); - for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *sdata = Curl_node_elem(e); if(sdata->conn != data->conn) continue; stream = H3_STREAM_CTX(ctx, sdata); @@ -732,11 +747,11 @@ static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id, if(stream->error3 != NGHTTP3_H3_NO_ERROR) { stream->reset = TRUE; stream->send_closed = TRUE; - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] RESET: error %" CURL_PRIu64, + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] RESET: error %" FMT_PRIu64, stream->s.id, stream->error3); } else { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] CLOSED", stream->s.id); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] CLOSED", stream->s.id); } h3_drain_stream(cf, data); return 0; @@ -796,12 +811,12 @@ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id, result = write_resp_raw(cf, data, buf, buflen, TRUE); if(result) { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] DATA len=%zu, ERROR %d", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] DATA len=%zu, ERROR %d", stream->s.id, buflen, result); return NGHTTP3_ERR_CALLBACK_FAILURE; } stream->download_recvd += (curl_off_t)buflen; - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] DATA len=%zu, total=%zd", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] DATA len=%zu, total=%zd", stream->s.id, buflen, stream->download_recvd); h3_drain_stream(cf, data); return 0; @@ -819,7 +834,7 @@ static int cb_h3_deferred_consume(nghttp3_conn *conn, int64_t stream_id, (void)conn; (void)stream_id; if(stream) - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] deferred consume %zu bytes", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] deferred consume %zu bytes", stream->s.id, consumed); return 0; } @@ -857,7 +872,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t sid, return -1; ncopy = msnprintf(line, sizeof(line), "HTTP/3 %03d \r\n", stream->status_code); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] status: %s", stream_id, line); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] status: %s", stream_id, line); result = write_resp_raw(cf, data, line, ncopy, FALSE); if(result) { return -1; @@ -865,7 +880,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t sid, } else { /* store as an HTTP1-style header */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] header: %.*s: %.*s", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] header: %.*s: %.*s", stream_id, (int)h3name.len, h3name.base, (int)h3val.len, h3val.base); result = write_resp_raw(cf, data, h3name.base, h3name.len, FALSE); @@ -910,7 +925,7 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t sid, return -1; } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] end_headers, status=%d", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] end_headers, status=%d", stream_id, stream->status_code); if(stream->status_code / 100 != 1) { stream->resp_hds_complete = TRUE; @@ -934,7 +949,7 @@ static int cb_h3_stop_sending(nghttp3_conn *conn, int64_t sid, if(!stream || !stream->s.ssl) return 0; - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] stop_sending", stream_id); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] stop_sending", stream_id); cf_osslq_stream_close(&stream->s); return 0; } @@ -954,7 +969,7 @@ static int cb_h3_reset_stream(nghttp3_conn *conn, int64_t sid, SSL_STREAM_RESET_ARGS args = {0}; args.quic_error_code = app_error_code; rv = !SSL_stream_reset(stream->s.ssl, &args, sizeof(args)); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] reset -> %d", stream_id, rv); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] reset -> %d", stream_id, rv); if(!rv) { return NGHTTP3_ERR_CALLBACK_FAILURE; } @@ -1014,16 +1029,15 @@ cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id, } else if(!nwritten) { /* Not EOF, and nothing to give, we signal WOULDBLOCK. */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] read req body -> AGAIN", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read req body -> AGAIN", stream->s.id); return NGHTTP3_ERR_WOULDBLOCK; } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] read req body -> " - "%d vecs%s with %zu (buffered=%zu, left=%" - CURL_FORMAT_CURL_OFF_T ")", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read req body -> " + "%d vecs%s with %zu (buffered=%zu, left=%" FMT_OFF_T ")", stream->s.id, (int)nvecs, - *pflags == NGHTTP3_DATA_FLAG_EOF?" EOF":"", + *pflags == NGHTTP3_DATA_FLAG_EOF ? " EOF" : "", nwritten, Curl_bufq_len(&stream->sendbuf), stream->upload_left); return (nghttp3_ssize)nvecs; @@ -1147,9 +1161,7 @@ static CURLcode cf_osslq_ctx_start(struct Curl_cfilter *cf, BIO *bio = NULL; BIO_ADDR *baddr = NULL; - Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE, - H3_STREAM_POOL_SPARES); - Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free); + DEBUGASSERT(ctx->initialized); result = Curl_ssl_peer_init(&ctx->peer, cf, TRNSPRT_QUIC); if(result) goto out; @@ -1263,7 +1275,7 @@ static ssize_t h3_quic_recv(void *reader_ctx, return -1; } else if(detail == SSL_ERROR_ZERO_RETURN) { - CURL_TRC_CF(x->data, x->cf, "[%" CURL_PRId64 "] h3_quic_recv -> EOS", + CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRId64 "] h3_quic_recv -> EOS", x->s->id); x->s->recvd_eos = TRUE; return 0; @@ -1272,8 +1284,8 @@ static ssize_t h3_quic_recv(void *reader_ctx, SSL_STREAM_STATE_RESET_REMOTE) { uint64_t app_error_code = NGHTTP3_H3_NO_ERROR; SSL_get_stream_read_error_code(x->s->ssl, &app_error_code); - CURL_TRC_CF(x->data, x->cf, "[%" CURL_PRId64 "] h3_quic_recv -> RESET, " - "rv=%d, app_err=%" CURL_PRIu64, + CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRId64 "] h3_quic_recv -> RESET, " + "rv=%d, app_err=%" FMT_PRIu64, x->s->id, rv, (curl_uint64_t)app_error_code); if(app_error_code != NGHTTP3_H3_NO_ERROR) { x->s->reset = TRUE; @@ -1297,7 +1309,7 @@ static CURLcode cf_osslq_stream_recv(struct cf_osslq_stream *s, CURLcode result = CURLE_OK; ssize_t nread; struct h3_quic_recv_ctx x; - int rv, eagain = FALSE; + bool eagain = FALSE; size_t total_recv_len = 0; DEBUGASSERT(s); @@ -1329,7 +1341,7 @@ static CURLcode cf_osslq_stream_recv(struct cf_osslq_stream *s, while(Curl_bufq_peek(&s->recvbuf, &buf, &blen)) { nread = nghttp3_conn_read_stream(ctx->h3.conn, s->id, buf, blen, 0); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] forward %zu bytes " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] forward %zu bytes " "to nghttp3 -> %zd", s->id, blen, nread); if(nread < 0) { failf(data, "nghttp3_conn_read_stream(len=%zu) error: %s", @@ -1347,6 +1359,7 @@ static CURLcode cf_osslq_stream_recv(struct cf_osslq_stream *s, /* When we forwarded everything, handle RESET/EOS */ if(Curl_bufq_is_empty(&s->recvbuf) && !s->closed) { + int rv; result = CURLE_OK; if(s->reset) { uint64_t app_error; @@ -1368,7 +1381,7 @@ static CURLcode cf_osslq_stream_recv(struct cf_osslq_stream *s, rv = nghttp3_conn_close_stream(ctx->h3.conn, s->id, NGHTTP3_H3_NO_ERROR); s->closed = TRUE; - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] close nghttp3 stream -> %d", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] close nghttp3 stream -> %d", s->id, rv); if(rv < 0 && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { failf(data, "nghttp3_conn_close_stream returned error: %s", @@ -1381,7 +1394,7 @@ static CURLcode cf_osslq_stream_recv(struct cf_osslq_stream *s, } out: if(result) - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cf_osslq_stream_recv -> %d", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_osslq_stream_recv -> %d", s->id, result); return result; } @@ -1422,11 +1435,12 @@ static CURLcode cf_progress_ingress(struct Curl_cfilter *cf, } if(ctx->h3.conn) { - struct Curl_easy *sdata; + struct Curl_llist_node *e; struct h3_stream_ctx *stream; /* PULL all open streams */ DEBUGASSERT(data->multi); - for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *sdata = Curl_node_elem(e); if(sdata->conn == data->conn && CURL_WANT_RECV(sdata)) { stream = H3_STREAM_CTX(ctx, sdata); if(stream && !stream->closed && @@ -1449,11 +1463,12 @@ static CURLcode cf_osslq_check_and_unblock(struct Curl_cfilter *cf, struct Curl_easy *data) { struct cf_osslq_ctx *ctx = cf->ctx; - struct Curl_easy *sdata; struct h3_stream_ctx *stream; if(ctx->h3.conn) { - for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + struct Curl_llist_node *e; + for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *sdata = Curl_node_elem(e); if(sdata->conn == data->conn) { stream = H3_STREAM_CTX(ctx, sdata); if(stream && stream->s.ssl && stream->s.send_blocked && @@ -1505,7 +1520,7 @@ static CURLcode h3_send_streams(struct Curl_cfilter *cf, s = cf_osslq_get_qstream(cf, data, stream_id); if(!s) { failf(data, "nghttp3_conn_writev_stream gave unknown stream %" - CURL_PRId64, (curl_int64_t)stream_id); + FMT_PRId64, (curl_int64_t)stream_id); result = CURLE_SEND_ERROR; goto out; } @@ -1517,7 +1532,7 @@ static CURLcode h3_send_streams(struct Curl_cfilter *cf, for(i = 0; (i < n) && !blocked; ++i) { /* Without stream->s.ssl, we closed that already, so * pretend the write did succeed. */ - uint64_t flags = (eos && ((i + 1) == n))? SSL_WRITE_FLAG_CONCLUDE : 0; + uint64_t flags = (eos && ((i + 1) == n)) ? SSL_WRITE_FLAG_CONCLUDE : 0; written = vec[i].len; ok = !s->ssl || SSL_write_ex2(s->ssl, vec[i].base, vec[i].len, flags, &written); @@ -1526,7 +1541,7 @@ static CURLcode h3_send_streams(struct Curl_cfilter *cf, if(ok) { /* As OpenSSL buffers the data, we count this as acknowledged * from nghttp3's point of view */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] send %zu bytes to QUIC ok", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] send %zu bytes to QUIC ok", s->id, vec[i].len); acked_len += vec[i].len; } @@ -1536,14 +1551,14 @@ static CURLcode h3_send_streams(struct Curl_cfilter *cf, case SSL_ERROR_WANT_WRITE: case SSL_ERROR_WANT_READ: /* QUIC blocked us from writing more */ - CURL_TRC_CF(data, cf, "[%"CURL_PRId64 "] send %zu bytes to " + CURL_TRC_CF(data, cf, "[%"FMT_PRId64 "] send %zu bytes to " "QUIC blocked", s->id, vec[i].len); written = 0; nghttp3_conn_block_stream(ctx->h3.conn, s->id); s->send_blocked = blocked = TRUE; break; default: - failf(data, "[%"CURL_PRId64 "] send %zu bytes to QUIC, SSL error %d", + failf(data, "[%"FMT_PRId64 "] send %zu bytes to QUIC, SSL error %d", s->id, vec[i].len, detail); result = cf_osslq_ssl_err(cf, data, detail, CURLE_HTTP3); goto out; @@ -1569,13 +1584,13 @@ static CURLcode h3_send_streams(struct Curl_cfilter *cf, result = CURLE_SEND_ERROR; goto out; } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] forwarded %zu/%zu h3 bytes " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] forwarded %zu/%zu h3 bytes " "to QUIC, eos=%d", s->id, acked_len, total_len, eos); } if(eos && !s->send_blocked && !eos_written) { /* wrote everything and H3 indicates end of stream */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] closing QUIC stream", s->id); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] closing QUIC stream", s->id); SSL_stream_conclude(s->ssl, 0); } } @@ -1618,11 +1633,11 @@ static CURLcode check_and_set_expiry(struct Curl_cfilter *cf, CURLcode result = CURLE_OK; struct timeval tv; timediff_t timeoutms; - int is_infinite = TRUE; + int is_infinite = 1; if(ctx->tls.ossl.ssl && - SSL_get_event_timeout(ctx->tls.ossl.ssl, &tv, &is_infinite) && - !is_infinite) { + SSL_get_event_timeout(ctx->tls.ossl.ssl, &tv, &is_infinite) && + !is_infinite) { timeoutms = curlx_tvtoms(&tv); /* QUIC want to be called again latest at the returned timeout */ if(timeoutms <= 0) { @@ -1671,12 +1686,6 @@ static CURLcode cf_osslq_connect(struct Curl_cfilter *cf, now = Curl_now(); CF_DATA_SAVE(save, cf, data); - if(ctx->reconnect_at.tv_sec && Curl_timediff(now, ctx->reconnect_at) < 0) { - /* Not time yet to attempt the next connect */ - CURL_TRC_CF(data, cf, "waiting for reconnect time"); - goto out; - } - if(!ctx->tls.ossl.ssl) { ctx->started_at = now; result = cf_osslq_ctx_start(cf, data); @@ -1692,6 +1701,14 @@ static CURLcode cf_osslq_connect(struct Curl_cfilter *cf, } } + /* Since OpenSSL does its own send/recv internally, we may miss the + * moment to populate the x509 store right before the server response. + * Do it instead before we start the handshake, at the loss of the + * time to set this up. */ + result = Curl_vquic_tls_before_recv(&ctx->tls, cf, data); + if(result) + goto out; + ERR_clear_error(); err = SSL_do_handshake(ctx->tls.ossl.ssl); @@ -1716,7 +1733,6 @@ static CURLcode cf_osslq_connect(struct Curl_cfilter *cf, case SSL_ERROR_WANT_READ: ctx->q.last_io = now; CURL_TRC_CF(data, cf, "QUIC SSL_connect() -> WANT_RECV"); - result = Curl_vquic_tls_before_recv(&ctx->tls, cf, data); goto out; case SSL_ERROR_WANT_WRITE: ctx->q.last_io = now; @@ -1868,11 +1884,11 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf, if(rc) { switch(rc) { case NGHTTP3_ERR_CONN_CLOSING: - CURL_TRC_CF(data, cf, "h3sid[%"CURL_PRId64"] failed to send, " + CURL_TRC_CF(data, cf, "h3sid[%"FMT_PRId64"] failed to send, " "connection is closing", stream->s.id); break; default: - CURL_TRC_CF(data, cf, "h3sid[%"CURL_PRId64 "] failed to send -> %d (%s)", + CURL_TRC_CF(data, cf, "h3sid[%"FMT_PRId64 "] failed to send -> %d (%s)", stream->s.id, rc, nghttp3_strerror(rc)); break; } @@ -1882,10 +1898,10 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf, } if(Curl_trc_is_verbose(data)) { - infof(data, "[HTTP/3] [%" CURL_PRId64 "] OPENED stream for %s", + infof(data, "[HTTP/3] [%" FMT_PRId64 "] OPENED stream for %s", stream->s.id, data->state.url); for(i = 0; i < nheader; ++i) { - infof(data, "[HTTP/3] [%" CURL_PRId64 "] [%.*s: %.*s]", + infof(data, "[HTTP/3] [%" FMT_PRId64 "] [%.*s: %.*s]", stream->s.id, (int)nva[i].namelen, nva[i].name, (int)nva[i].valuelen, nva[i].value); @@ -1899,7 +1915,8 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf, } static ssize_t cf_osslq_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { struct cf_osslq_ctx *ctx = cf->ctx; struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data); @@ -1907,6 +1924,7 @@ static ssize_t cf_osslq_send(struct Curl_cfilter *cf, struct Curl_easy *data, ssize_t nwritten; CURLcode result; + (void)eos; /* TODO: use to end stream */ CF_DATA_SAVE(save, cf, data); DEBUGASSERT(cf->connected); DEBUGASSERT(ctx->tls.ossl.ssl); @@ -1942,13 +1960,13 @@ static ssize_t cf_osslq_send(struct Curl_cfilter *cf, struct Curl_easy *data, * body. This happens on 30x or 40x responses. * We silently discard the data sent, since this is not a transport * error situation. */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] discarding data" + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] discarding data" "on closed stream with response", stream->s.id); *err = CURLE_OK; nwritten = (ssize_t)len; goto out; } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] send_body(len=%zu) " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] send_body(len=%zu) " "-> stream closed", stream->s.id, len); *err = CURLE_HTTP3; nwritten = -1; @@ -1956,7 +1974,7 @@ static ssize_t cf_osslq_send(struct Curl_cfilter *cf, struct Curl_easy *data, } else { nwritten = Curl_bufq_write(&stream->sendbuf, buf, len, err); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cf_send, add to " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_send, add to " "sendbuf(len=%zu) -> %zd, %d", stream->s.id, len, nwritten, *err); if(nwritten < 0) { @@ -1974,8 +1992,8 @@ static ssize_t cf_osslq_send(struct Curl_cfilter *cf, struct Curl_easy *data, out: result = check_and_set_expiry(cf, data); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cf_send(len=%zu) -> %zd, %d", - stream? stream->s.id : -1, len, nwritten, *err); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_send(len=%zu) -> %zd, %d", + stream ? stream->s.id : -1, len, nwritten, *err); CF_DATA_RESTORE(cf, save); return nwritten; } @@ -1990,14 +2008,14 @@ static ssize_t recv_closed_stream(struct Curl_cfilter *cf, (void)cf; if(stream->reset) { failf(data, - "HTTP/3 stream %" CURL_PRId64 " reset by server", + "HTTP/3 stream %" FMT_PRId64 " reset by server", stream->s.id); - *err = data->req.bytecount? CURLE_PARTIAL_FILE : CURLE_HTTP3; + *err = data->req.bytecount ? CURLE_PARTIAL_FILE : CURLE_HTTP3; goto out; } else if(!stream->resp_hds_complete) { failf(data, - "HTTP/3 stream %" CURL_PRId64 + "HTTP/3 stream %" FMT_PRId64 " was closed cleanly, but before getting" " all response header fields, treated as error", stream->s.id); @@ -2037,7 +2055,7 @@ static ssize_t cf_osslq_recv(struct Curl_cfilter *cf, struct Curl_easy *data, nread = Curl_bufq_read(&stream->recvbuf, (unsigned char *)buf, len, err); if(nread < 0) { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] read recvbuf(len=%zu) " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read recvbuf(len=%zu) " "-> %zd, %d", stream->s.id, len, nread, *err); goto out; } @@ -2055,7 +2073,7 @@ static ssize_t cf_osslq_recv(struct Curl_cfilter *cf, struct Curl_easy *data, nread = Curl_bufq_read(&stream->recvbuf, (unsigned char *)buf, len, err); if(nread < 0) { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] read recvbuf(len=%zu) " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read recvbuf(len=%zu) " "-> %zd, %d", stream->s.id, len, nread, *err); goto out; } @@ -2085,8 +2103,8 @@ static ssize_t cf_osslq_recv(struct Curl_cfilter *cf, struct Curl_easy *data, nread = -1; } } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cf_recv(len=%zu) -> %zd, %d", - stream? stream->s.id : -1, len, nread, *err); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_recv(len=%zu) -> %zd, %d", + stream ? stream->s.id : -1, len, nread, *err); CF_DATA_RESTORE(cf, save); return nread; } @@ -2197,7 +2215,7 @@ static bool cf_osslq_conn_is_alive(struct Curl_cfilter *cf, *input_pending = FALSE; result = cf_progress_ingress(cf, data); CURL_TRC_CF(data, cf, "is_alive, progress ingress -> %d", result); - alive = result? FALSE : TRUE; + alive = result ? FALSE : TRUE; } out: @@ -2256,7 +2274,7 @@ static CURLcode cf_osslq_query(struct Curl_cfilter *cf, } /* we report avail + in_use */ v += CONN_INUSE(cf->conn); - *pres1 = (v > INT_MAX)? INT_MAX : (int)v; + *pres1 = (v > INT_MAX) ? INT_MAX : (int)v; #else *pres1 = 100; #endif @@ -2266,7 +2284,7 @@ static CURLcode cf_osslq_query(struct Curl_cfilter *cf, case CF_QUERY_CONNECT_REPLY_MS: if(ctx->got_first_byte) { timediff_t ms = Curl_timediff(ctx->first_byte_at, ctx->started_at); - *pres1 = (ms < INT_MAX)? (int)ms : INT_MAX; + *pres1 = (ms < INT_MAX) ? (int)ms : INT_MAX; } else *pres1 = -1; @@ -2286,7 +2304,7 @@ static CURLcode cf_osslq_query(struct Curl_cfilter *cf, default: break; } - return cf->next? + return cf->next ? cf->next->cft->query(cf->next, data, query, pres1, pres2) : CURLE_UNKNOWN_OPTION; } @@ -2325,7 +2343,7 @@ CURLcode Curl_cf_osslq_create(struct Curl_cfilter **pcf, result = CURLE_OUT_OF_MEMORY; goto out; } - cf_osslq_ctx_clear(ctx); + cf_osslq_ctx_init(ctx); result = Curl_cf_create(&cf, &Curl_cft_http3, ctx); if(result) @@ -2341,12 +2359,12 @@ CURLcode Curl_cf_osslq_create(struct Curl_cfilter **pcf, cf->next = udp_cf; out: - *pcf = (!result)? cf : NULL; + *pcf = (!result) ? cf : NULL; if(result) { if(udp_cf) Curl_conn_cf_discard_sub(cf, udp_cf, data, TRUE); Curl_safefree(cf); - Curl_safefree(ctx); + cf_osslq_ctx_free(ctx); } return result; } @@ -2355,7 +2373,7 @@ bool Curl_conn_is_osslq(const struct Curl_easy *data, const struct connectdata *conn, int sockindex) { - struct Curl_cfilter *cf = conn? conn->cfilter[sockindex] : NULL; + struct Curl_cfilter *cf = conn ? conn->cfilter[sockindex] : NULL; (void)data; for(; cf; cf = cf->next) { diff --git a/libraries/libcurl/vquic/curl_quiche.c b/libraries/libcurl/vquic/curl_quiche.c index 6f01c19a..30484989 100644 --- a/libraries/libcurl/vquic/curl_quiche.c +++ b/libraries/libcurl/vquic/curl_quiche.c @@ -96,16 +96,18 @@ struct cf_quiche_ctx { uint8_t scid[QUICHE_MAX_CONN_ID_LEN]; struct curltime started_at; /* time the current attempt started */ struct curltime handshake_at; /* time connect handshake finished */ - struct curltime reconnect_at; /* time the next attempt should start */ struct bufc_pool stream_bufcp; /* chunk pool for streams */ - struct Curl_hash streams; /* hash `data->id` to `stream_ctx` */ + struct Curl_hash streams; /* hash `data->mid` to `stream_ctx` */ curl_off_t data_recvd; + BIT(initialized); BIT(goaway); /* got GOAWAY from server */ BIT(x509_store_setup); /* if x509 store has been set up */ BIT(shutdown_started); /* queued shutdown packets */ }; #ifdef DEBUG_QUICHE +/* initialize debug log callback only once */ +static int debug_log_init = 0; static void quiche_debug_log(const char *line, void *argp) { (void)argp; @@ -113,17 +115,27 @@ static void quiche_debug_log(const char *line, void *argp) } #endif -static void cf_quiche_ctx_clear(struct cf_quiche_ctx *ctx) +static void h3_stream_hash_free(void *stream); + +static void cf_quiche_ctx_init(struct cf_quiche_ctx *ctx) +{ + DEBUGASSERT(!ctx->initialized); +#ifdef DEBUG_QUICHE + if(!debug_log_init) { + quiche_enable_debug_logging(quiche_debug_log, NULL); + debug_log_init = 1; + } +#endif + Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE, + H3_STREAM_POOL_SPARES); + Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free); + ctx->data_recvd = 0; + ctx->initialized = TRUE; +} + +static void cf_quiche_ctx_free(struct cf_quiche_ctx *ctx) { - if(ctx) { - if(ctx->h3c) - quiche_h3_conn_free(ctx->h3c); - if(ctx->h3config) - quiche_h3_config_free(ctx->h3config); - if(ctx->qconn) - quiche_conn_free(ctx->qconn); - if(ctx->cfg) - quiche_config_free(ctx->cfg); + if(ctx && ctx->initialized) { /* quiche just freed it */ ctx->tls.ossl.ssl = NULL; Curl_vquic_tls_cleanup(&ctx->tls); @@ -132,9 +144,20 @@ static void cf_quiche_ctx_clear(struct cf_quiche_ctx *ctx) Curl_bufcp_free(&ctx->stream_bufcp); Curl_hash_clean(&ctx->streams); Curl_hash_destroy(&ctx->streams); - - memset(ctx, 0, sizeof(*ctx)); } + free(ctx); +} + +static void cf_quiche_ctx_close(struct cf_quiche_ctx *ctx) +{ + if(ctx->h3c) + quiche_h3_conn_free(ctx->h3c); + if(ctx->h3config) + quiche_h3_config_free(ctx->h3config); + if(ctx->qconn) + quiche_conn_free(ctx->qconn); + if(ctx->cfg) + quiche_config_free(ctx->cfg); } static CURLcode cf_flush_egress(struct Curl_cfilter *cf, @@ -148,7 +171,6 @@ struct stream_ctx { struct bufq recvbuf; /* h3 response */ struct h1_req_parser h1; /* h1 request parsing */ curl_uint64_t error3; /* HTTP/3 stream error code */ - curl_off_t upload_left; /* number of request bytes left to upload */ BIT(opened); /* TRUE after stream has been opened */ BIT(closed); /* TRUE on stream close */ BIT(reset); /* TRUE on stream reset */ @@ -159,7 +181,7 @@ struct stream_ctx { }; #define H3_STREAM_CTX(ctx,data) ((struct stream_ctx *)(\ - data? Curl_hash_offt_get(&(ctx)->streams, (data)->id) : NULL)) + data? Curl_hash_offt_get(&(ctx)->streams, (data)->mid) : NULL)) static void h3_stream_ctx_free(struct stream_ctx *stream) { @@ -178,17 +200,17 @@ static void check_resumes(struct Curl_cfilter *cf, struct Curl_easy *data) { struct cf_quiche_ctx *ctx = cf->ctx; - struct Curl_easy *sdata; - struct stream_ctx *stream; + struct Curl_llist_node *e; DEBUGASSERT(data->multi); - for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *sdata = Curl_node_elem(e); if(sdata->conn == data->conn) { - stream = H3_STREAM_CTX(ctx, sdata); + struct stream_ctx *stream = H3_STREAM_CTX(ctx, sdata); if(stream && stream->quic_flow_blocked) { stream->quic_flow_blocked = FALSE; Curl_expire(data, 0, EXPIRE_RUN_NOW); - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] unblock", stream->id); + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] unblock", stream->id); } } } @@ -212,7 +234,7 @@ static CURLcode h3_data_setup(struct Curl_cfilter *cf, H3_STREAM_RECV_CHUNKS, BUFQ_OPT_SOFT_LIMIT); Curl_h1_req_parse_init(&stream->h1, H1_PARSE_DEFAULT_MAX_LINE_LEN); - if(!Curl_hash_offt_set(&ctx->streams, data->id, stream)) { + if(!Curl_hash_offt_set(&ctx->streams, data->mid, stream)) { h3_stream_ctx_free(stream); return CURLE_OUT_OF_MEMORY; } @@ -228,7 +250,7 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) (void)cf; if(stream) { - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] easy handle is done", stream->id); + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] easy handle is done", stream->id); if(ctx->qconn && !stream->closed) { quiche_conn_stream_shutdown(ctx->qconn, stream->id, QUICHE_SHUTDOWN_READ, CURL_H3_NO_ERROR); @@ -242,12 +264,12 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) if(result) CURL_TRC_CF(data, cf, "data_done, flush egress -> %d", result); } - Curl_hash_offt_remove(&ctx->streams, data->id); + Curl_hash_offt_remove(&ctx->streams, data->mid); } } -static void drain_stream(struct Curl_cfilter *cf, - struct Curl_easy *data) +static void h3_drain_stream(struct Curl_cfilter *cf, + struct Curl_easy *data) { struct cf_quiche_ctx *ctx = cf->ctx; struct stream_ctx *stream = H3_STREAM_CTX(ctx, data); @@ -255,7 +277,7 @@ static void drain_stream(struct Curl_cfilter *cf, (void)cf; bits = CURL_CSELECT_IN; - if(stream && !stream->send_closed && stream->upload_left) + if(stream && !stream->send_closed) bits |= CURL_CSELECT_OUT; if(data->state.select_bits != bits) { data->state.select_bits = bits; @@ -269,7 +291,6 @@ static struct Curl_easy *get_stream_easy(struct Curl_cfilter *cf, struct stream_ctx **pstream) { struct cf_quiche_ctx *ctx = cf->ctx; - struct Curl_easy *sdata; struct stream_ctx *stream; (void)cf; @@ -279,8 +300,10 @@ static struct Curl_easy *get_stream_easy(struct Curl_cfilter *cf, return data; } else { + struct Curl_llist_node *e; DEBUGASSERT(data->multi); - for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *sdata = Curl_node_elem(e); if(sdata->conn != data->conn) continue; stream = H3_STREAM_CTX(ctx, sdata); @@ -297,11 +320,12 @@ static struct Curl_easy *get_stream_easy(struct Curl_cfilter *cf, static void cf_quiche_expire_conn_closed(struct Curl_cfilter *cf, struct Curl_easy *data) { - struct Curl_easy *sdata; + struct Curl_llist_node *e; DEBUGASSERT(data->multi); CURL_TRC_CF(data, cf, "conn closed, expire all transfers"); - for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *sdata = Curl_node_elem(e); if(sdata == data || sdata->conn != data->conn) continue; CURL_TRC_CF(sdata, cf, "conn closed, expire transfer"); @@ -357,7 +381,7 @@ static int cb_each_header(uint8_t *name, size_t name_len, return CURLE_OK; if((name_len == 7) && !strncmp(HTTP_PSEUDO_STATUS, (char *)name, 7)) { - CURL_TRC_CF(x->data, x->cf, "[%" CURL_PRIu64 "] status: %.*s", + CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRIu64 "] status: %.*s", stream->id, (int)value_len, value); result = write_resp_raw(x->cf, x->data, "HTTP/3 ", sizeof("HTTP/3 ") - 1); if(!result) @@ -366,7 +390,7 @@ static int cb_each_header(uint8_t *name, size_t name_len, result = write_resp_raw(x->cf, x->data, " \r\n", 3); } else { - CURL_TRC_CF(x->data, x->cf, "[%" CURL_PRIu64 "] header: %.*s: %.*s", + CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRIu64 "] header: %.*s: %.*s", stream->id, (int)name_len, name, (int)value_len, value); result = write_resp_raw(x->cf, x->data, name, name_len); @@ -378,7 +402,7 @@ static int cb_each_header(uint8_t *name, size_t name_len, result = write_resp_raw(x->cf, x->data, "\r\n", 2); } if(result) { - CURL_TRC_CF(x->data, x->cf, "[%"CURL_PRIu64"] on header error %d", + CURL_TRC_CF(x->data, x->cf, "[%"FMT_PRIu64"] on header error %d", stream->id, result); } return result; @@ -435,9 +459,9 @@ static CURLcode cf_recv_body(struct Curl_cfilter *cf, stream_resp_read, &cb_ctx, &result); if(nwritten < 0 && result != CURLE_AGAIN) { - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] recv_body error %zd", + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] recv_body error %zd", stream->id, nwritten); - failf(data, "Error %d in HTTP/3 response body for stream[%"CURL_PRIu64"]", + failf(data, "Error %d in HTTP/3 response body for stream[%"FMT_PRIu64"]", result, stream->id); stream->closed = TRUE; stream->reset = TRUE; @@ -489,10 +513,10 @@ static CURLcode h3_process_event(struct Curl_cfilter *cf, rc = quiche_h3_event_for_each_header(ev, cb_each_header, &cb_ctx); if(rc) { failf(data, "Error %d in HTTP/3 response header for stream[%" - CURL_PRIu64"]", rc, stream->id); + FMT_PRIu64"]", rc, stream->id); return CURLE_RECV_ERROR; } - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] <- [HEADERS]", stream->id); + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] <- [HEADERS]", stream->id); break; case QUICHE_H3_EVENT_DATA: @@ -502,7 +526,7 @@ static CURLcode h3_process_event(struct Curl_cfilter *cf, break; case QUICHE_H3_EVENT_RESET: - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] RESET", stream->id); + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] RESET", stream->id); stream->closed = TRUE; stream->reset = TRUE; stream->send_closed = TRUE; @@ -510,7 +534,7 @@ static CURLcode h3_process_event(struct Curl_cfilter *cf, break; case QUICHE_H3_EVENT_FINISHED: - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] CLOSED", stream->id); + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] CLOSED", stream->id); if(!stream->resp_hds_complete) { result = write_resp_raw(cf, data, "\r\n", 2); if(result) @@ -522,11 +546,11 @@ static CURLcode h3_process_event(struct Curl_cfilter *cf, break; case QUICHE_H3_EVENT_GOAWAY: - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] <- [GOAWAY]", stream->id); + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] <- [GOAWAY]", stream->id); break; default: - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] recv, unhandled event %d", + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] recv, unhandled event %d", stream->id, quiche_h3_event_type(ev)); break; } @@ -549,21 +573,21 @@ static CURLcode cf_poll_events(struct Curl_cfilter *cf, break; } else if(stream3_id < 0) { - CURL_TRC_CF(data, cf, "error poll: %"CURL_PRId64, stream3_id); + CURL_TRC_CF(data, cf, "error poll: %"FMT_PRId64, stream3_id); return CURLE_HTTP3; } sdata = get_stream_easy(cf, data, stream3_id, &stream); if(!sdata || !stream) { - CURL_TRC_CF(data, cf, "discard event %s for unknown [%"CURL_PRId64"]", + CURL_TRC_CF(data, cf, "discard event %s for unknown [%"FMT_PRId64"]", cf_ev_name(ev), stream3_id); } else { result = h3_process_event(cf, sdata, stream, ev); - drain_stream(cf, sdata); + h3_drain_stream(cf, sdata); if(result) { CURL_TRC_CF(data, cf, "error processing event %s " - "for [%"CURL_PRIu64"] -> %d", cf_ev_name(ev), + "for [%"FMT_PRIu64"] -> %d", cf_ev_name(ev), stream3_id, result); if(data == sdata) { /* Only report this error to the caller if it is about the @@ -793,19 +817,19 @@ static ssize_t recv_closed_stream(struct Curl_cfilter *cf, DEBUGASSERT(stream); if(stream->reset) { failf(data, - "HTTP/3 stream %" CURL_PRIu64 " reset by server", stream->id); - *err = data->req.bytecount? CURLE_PARTIAL_FILE : CURLE_HTTP3; - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] cf_recv, was reset -> %d", + "HTTP/3 stream %" FMT_PRIu64 " reset by server", stream->id); + *err = data->req.bytecount ? CURLE_PARTIAL_FILE : CURLE_HTTP3; + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] cf_recv, was reset -> %d", stream->id, *err); } else if(!stream->resp_got_header) { failf(data, - "HTTP/3 stream %" CURL_PRIu64 " was closed cleanly, but before " + "HTTP/3 stream %" FMT_PRIu64 " was closed cleanly, but before " "getting all response header fields, treated as error", stream->id); /* *err = CURLE_PARTIAL_FILE; */ *err = CURLE_HTTP3; - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] cf_recv, closed incomplete" + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] cf_recv, closed incomplete" " -> %d", stream->id, *err); } else { @@ -833,7 +857,7 @@ static ssize_t cf_quiche_recv(struct Curl_cfilter *cf, struct Curl_easy *data, if(!Curl_bufq_is_empty(&stream->recvbuf)) { nread = Curl_bufq_read(&stream->recvbuf, (unsigned char *)buf, len, err); - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] read recvbuf(len=%zu) " + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] read recvbuf(len=%zu) " "-> %zd, %d", stream->id, len, nread, *err); if(nread < 0) goto out; @@ -850,7 +874,7 @@ static ssize_t cf_quiche_recv(struct Curl_cfilter *cf, struct Curl_easy *data, if(nread < 0 && !Curl_bufq_is_empty(&stream->recvbuf)) { nread = Curl_bufq_read(&stream->recvbuf, (unsigned char *)buf, len, err); - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] read recvbuf(len=%zu) " + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] read recvbuf(len=%zu) " "-> %zd, %d", stream->id, len, nread, *err); if(nread < 0) goto out; @@ -858,7 +882,7 @@ static ssize_t cf_quiche_recv(struct Curl_cfilter *cf, struct Curl_easy *data, if(nread > 0) { if(stream->closed) - drain_stream(cf, data); + h3_drain_stream(cf, data); } else { if(stream->closed) { @@ -884,19 +908,70 @@ static ssize_t cf_quiche_recv(struct Curl_cfilter *cf, struct Curl_easy *data, } if(nread > 0) ctx->data_recvd += nread; - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] cf_recv(total=%" - CURL_FORMAT_CURL_OFF_T ") -> %zd, %d", + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] cf_recv(total=%" + FMT_OFF_T ") -> %zd, %d", stream->id, ctx->data_recvd, nread, *err); return nread; } +static ssize_t cf_quiche_send_body(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct stream_ctx *stream, + const void *buf, size_t len, bool eos, + CURLcode *err) +{ + struct cf_quiche_ctx *ctx = cf->ctx; + ssize_t nwritten; + + nwritten = quiche_h3_send_body(ctx->h3c, ctx->qconn, stream->id, + (uint8_t *)buf, len, eos); + if(nwritten == QUICHE_H3_ERR_DONE || (nwritten == 0 && len > 0)) { + /* TODO: we seem to be blocked on flow control and should HOLD + * sending. But when do we open again? */ + if(!quiche_conn_stream_writable(ctx->qconn, stream->id, len)) { + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] send_body(len=%zu) " + "-> window exhausted", stream->id, len); + stream->quic_flow_blocked = TRUE; + } + *err = CURLE_AGAIN; + return -1; + } + else if(nwritten == QUICHE_H3_TRANSPORT_ERR_INVALID_STREAM_STATE) { + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] send_body(len=%zu) " + "-> invalid stream state", stream->id, len); + *err = CURLE_HTTP3; + return -1; + } + else if(nwritten == QUICHE_H3_TRANSPORT_ERR_FINAL_SIZE) { + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] send_body(len=%zu) " + "-> exceeds size", stream->id, len); + *err = CURLE_SEND_ERROR; + return -1; + } + else if(nwritten < 0) { + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] send_body(len=%zu) " + "-> quiche err %zd", stream->id, len, nwritten); + *err = CURLE_SEND_ERROR; + return -1; + } + else { + if(eos && (len == (size_t)nwritten)) + stream->send_closed = TRUE; + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] send body(len=%zu, " + "eos=%d) -> %zd", + stream->id, len, stream->send_closed, nwritten); + *err = CURLE_OK; + return nwritten; + } +} + /* Index where :authority header field will appear in request header field list. */ #define AUTHORITY_DST_IDX 3 static ssize_t h3_open_stream(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, + const char *buf, size_t len, bool eos, CURLcode *err) { struct cf_quiche_ctx *ctx = cf->ctx; @@ -952,23 +1027,7 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf, nva[i].value_len = e->valuelen; } - switch(data->state.httpreq) { - case HTTPREQ_POST: - case HTTPREQ_POST_FORM: - case HTTPREQ_POST_MIME: - case HTTPREQ_PUT: - if(data->state.infilesize != -1) - stream->upload_left = data->state.infilesize; - else - /* data sending without specifying the data amount up front */ - stream->upload_left = -1; /* unknown */ - break; - default: - stream->upload_left = 0; /* no request body */ - break; - } - - if(stream->upload_left == 0) + if(eos && ((size_t)nwritten == len)) stream->send_closed = TRUE; stream3_id = quiche_h3_send_request(ctx->h3c, ctx->qconn, nva, nheader, @@ -977,14 +1036,14 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf, if(QUICHE_H3_ERR_STREAM_BLOCKED == stream3_id) { /* quiche seems to report this error if the connection window is * exhausted. Which happens frequently and intermittent. */ - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] blocked", stream->id); + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] blocked", stream->id); stream->quic_flow_blocked = TRUE; *err = CURLE_AGAIN; nwritten = -1; goto out; } else { - CURL_TRC_CF(data, cf, "send_request(%s) -> %" CURL_PRIu64, + CURL_TRC_CF(data, cf, "send_request(%s) -> %" FMT_PRIu64, data->state.url, stream3_id); } *err = CURLE_SEND_ERROR; @@ -1000,15 +1059,31 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf, stream->reset = FALSE; if(Curl_trc_is_verbose(data)) { - infof(data, "[HTTP/3] [%" CURL_PRIu64 "] OPENED stream for %s", + infof(data, "[HTTP/3] [%" FMT_PRIu64 "] OPENED stream for %s", stream->id, data->state.url); for(i = 0; i < nheader; ++i) { - infof(data, "[HTTP/3] [%" CURL_PRIu64 "] [%.*s: %.*s]", stream->id, + infof(data, "[HTTP/3] [%" FMT_PRIu64 "] [%.*s: %.*s]", stream->id, (int)nva[i].name_len, nva[i].name, (int)nva[i].value_len, nva[i].value); } } + if(nwritten > 0 && ((size_t)nwritten < len)) { + /* after the headers, there was request BODY data */ + size_t hds_len = (size_t)nwritten; + ssize_t bwritten; + + bwritten = cf_quiche_send_body(cf, data, stream, + buf + hds_len, len - hds_len, eos, err); + if((bwritten < 0) && (CURLE_AGAIN != *err)) { + /* real error, fail */ + nwritten = -1; + } + else if(bwritten > 0) { + nwritten += bwritten; + } + } + out: free(nva); Curl_dynhds_free(&h2_headers); @@ -1016,7 +1091,8 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf, } static ssize_t cf_quiche_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { struct cf_quiche_ctx *ctx = cf->ctx; struct stream_ctx *stream = H3_STREAM_CTX(ctx, data); @@ -1032,7 +1108,7 @@ static ssize_t cf_quiche_send(struct Curl_cfilter *cf, struct Curl_easy *data, } if(!stream || !stream->opened) { - nwritten = h3_open_stream(cf, data, buf, len, err); + nwritten = h3_open_stream(cf, data, buf, len, eos, err); if(nwritten < 0) goto out; stream = H3_STREAM_CTX(ctx, data); @@ -1047,70 +1123,20 @@ static ssize_t cf_quiche_send(struct Curl_cfilter *cf, struct Curl_easy *data, * sending the 30x response. * This is sort of a race: had the transfer loop called recv first, * it would see the response and stop/discard sending on its own- */ - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] discarding data" + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] discarding data" "on closed stream with response", stream->id); *err = CURLE_OK; nwritten = (ssize_t)len; goto out; } - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] send_body(len=%zu) " + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] send_body(len=%zu) " "-> stream closed", stream->id, len); *err = CURLE_HTTP3; nwritten = -1; goto out; } else { - bool eof = (stream->upload_left >= 0 && - (curl_off_t)len >= stream->upload_left); - nwritten = quiche_h3_send_body(ctx->h3c, ctx->qconn, stream->id, - (uint8_t *)buf, len, eof); - if(nwritten == QUICHE_H3_ERR_DONE || (nwritten == 0 && len > 0)) { - /* TODO: we seem to be blocked on flow control and should HOLD - * sending. But when do we open again? */ - if(!quiche_conn_stream_writable(ctx->qconn, stream->id, len)) { - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] send_body(len=%zu) " - "-> window exhausted", stream->id, len); - stream->quic_flow_blocked = TRUE; - } - *err = CURLE_AGAIN; - nwritten = -1; - goto out; - } - else if(nwritten == QUICHE_H3_TRANSPORT_ERR_INVALID_STREAM_STATE) { - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] send_body(len=%zu) " - "-> invalid stream state", stream->id, len); - *err = CURLE_HTTP3; - nwritten = -1; - goto out; - } - else if(nwritten == QUICHE_H3_TRANSPORT_ERR_FINAL_SIZE) { - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] send_body(len=%zu) " - "-> exceeds size", stream->id, len); - *err = CURLE_SEND_ERROR; - nwritten = -1; - goto out; - } - else if(nwritten < 0) { - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] send_body(len=%zu) " - "-> quiche err %zd", stream->id, len, nwritten); - *err = CURLE_SEND_ERROR; - nwritten = -1; - goto out; - } - else { - /* quiche accepted all or at least a part of the buf */ - if(stream->upload_left > 0) { - stream->upload_left = (nwritten < stream->upload_left)? - (stream->upload_left - nwritten) : 0; - } - if(stream->upload_left == 0) - stream->send_closed = TRUE; - - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] send body(len=%zu, " - "left=%" CURL_FORMAT_CURL_OFF_T ") -> %zd", - stream->id, len, stream->upload_left, nwritten); - *err = CURLE_OK; - } + nwritten = cf_quiche_send_body(cf, data, stream, buf, len, eos, err); } out: @@ -1119,8 +1145,8 @@ static ssize_t cf_quiche_send(struct Curl_cfilter *cf, struct Curl_easy *data, *err = result; nwritten = -1; } - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] cf_send(len=%zu) -> %zd, %d", - stream? stream->id : (uint64_t)~0, len, nwritten, *err); + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] cf_send(len=%zu) -> %zd, %d", + stream ? stream->id : (curl_uint64_t)~0, len, nwritten, *err); return nwritten; } @@ -1181,7 +1207,7 @@ static CURLcode h3_data_pause(struct Curl_cfilter *cf, /* TODO: there seems right now no API in quiche to shrink/enlarge * the streams windows. As we do in HTTP/2. */ if(!pause) { - drain_stream(cf, data); + h3_drain_stream(cf, data); Curl_expire(data, 0, EXPIRE_RUN_NOW); } return CURLE_OK; @@ -1215,10 +1241,9 @@ static CURLcode cf_quiche_data_event(struct Curl_cfilter *cf, ssize_t sent; stream->send_closed = TRUE; - stream->upload_left = 0; body[0] = 'X'; - sent = cf_quiche_send(cf, data, body, 0, &result); - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] DONE_SEND -> %zd, %d", + sent = cf_quiche_send(cf, data, body, 0, TRUE, &result); + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] DONE_SEND -> %zd, %d", stream->id, sent, result); } break; @@ -1238,8 +1263,8 @@ static CURLcode cf_quiche_data_event(struct Curl_cfilter *cf, return result; } -static CURLcode cf_connect_start(struct Curl_cfilter *cf, - struct Curl_easy *data) +static CURLcode cf_quiche_ctx_open(struct Curl_cfilter *cf, + struct Curl_easy *data) { struct cf_quiche_ctx *ctx = cf->ctx; int rv; @@ -1247,19 +1272,7 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, const struct Curl_sockaddr_ex *sockaddr; DEBUGASSERT(ctx->q.sockfd != CURL_SOCKET_BAD); - -#ifdef DEBUG_QUICHE - /* initialize debug log callback only once */ - static int debug_log_init = 0; - if(!debug_log_init) { - quiche_enable_debug_logging(quiche_debug_log, NULL); - debug_log_init = 1; - } -#endif - Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE, - H3_STREAM_POOL_SPARES); - Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free); - ctx->data_recvd = 0; + DEBUGASSERT(ctx->initialized); result = vquic_ctx_init(&ctx->q); if(result) @@ -1274,7 +1287,7 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, failf(data, "cannot create quiche config"); return CURLE_FAILED_INIT; } - quiche_config_enable_pacing(ctx->cfg, false); + quiche_config_enable_pacing(ctx->cfg, FALSE); quiche_config_set_max_idle_timeout(ctx->cfg, CURL_QUIC_MAX_IDLE_MS); quiche_config_set_initial_max_data(ctx->cfg, (1 * 1024 * 1024) /* (QUIC_MAX_STREAMS/2) * H3_STREAM_WINDOW_SIZE */); @@ -1316,11 +1329,12 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, return CURLE_QUIC_CONNECT_ERROR; ctx->qconn = quiche_conn_new_with_tls((const uint8_t *)ctx->scid, - sizeof(ctx->scid), NULL, 0, - (struct sockaddr *)&ctx->q.local_addr, - ctx->q.local_addrlen, - &sockaddr->sa_addr, sockaddr->addrlen, - ctx->cfg, ctx->tls.ossl.ssl, false); + sizeof(ctx->scid), NULL, 0, + (struct sockaddr *)&ctx->q.local_addr, + ctx->q.local_addrlen, + &sockaddr->curl_sa_addr, + sockaddr->addrlen, + ctx->cfg, ctx->tls.ossl.ssl, FALSE); if(!ctx->qconn) { failf(data, "cannot create quiche connection"); return CURLE_OUT_OF_MEMORY; @@ -1366,7 +1380,6 @@ static CURLcode cf_quiche_verify_peer(struct Curl_cfilter *cf, cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ cf->conn->httpversion = 30; - cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX; return Curl_vquic_tls_verify_peer(&ctx->tls, cf, data, &ctx->peer); } @@ -1393,15 +1406,8 @@ static CURLcode cf_quiche_connect(struct Curl_cfilter *cf, *done = FALSE; vquic_ctx_update_time(&ctx->q); - if(ctx->reconnect_at.tv_sec && - Curl_timediff(ctx->q.last_op, ctx->reconnect_at) < 0) { - /* Not time yet to attempt the next connect */ - CURL_TRC_CF(data, cf, "waiting for reconnect time"); - goto out; - } - if(!ctx->qconn) { - result = cf_connect_start(cf, data); + result = cf_quiche_ctx_open(cf, data); if(result) goto out; ctx->started_at = ctx->q.last_op; @@ -1513,23 +1519,20 @@ static CURLcode cf_quiche_shutdown(struct Curl_cfilter *cf, static void cf_quiche_close(struct Curl_cfilter *cf, struct Curl_easy *data) { - struct cf_quiche_ctx *ctx = cf->ctx; - - if(ctx) { + if(cf->ctx) { bool done; (void)cf_quiche_shutdown(cf, data, &done); - cf_quiche_ctx_clear(ctx); + cf_quiche_ctx_close(cf->ctx); } } static void cf_quiche_destroy(struct Curl_cfilter *cf, struct Curl_easy *data) { - struct cf_quiche_ctx *ctx = cf->ctx; - (void)data; - cf_quiche_ctx_clear(ctx); - free(ctx); - cf->ctx = NULL; + if(cf->ctx) { + cf_quiche_ctx_free(cf->ctx); + cf->ctx = NULL; + } } static CURLcode cf_quiche_query(struct Curl_cfilter *cf, @@ -1544,8 +1547,8 @@ static CURLcode cf_quiche_query(struct Curl_cfilter *cf, if(!ctx->goaway) { max_streams += quiche_conn_peer_streams_left_bidi(ctx->qconn); } - *pres1 = (max_streams > INT_MAX)? INT_MAX : (int)max_streams; - CURL_TRC_CF(data, cf, "query conn[%" CURL_FORMAT_CURL_OFF_T "]: " + *pres1 = (max_streams > INT_MAX) ? INT_MAX : (int)max_streams; + CURL_TRC_CF(data, cf, "query conn[%" FMT_OFF_T "]: " "MAX_CONCURRENT -> %d (%zu in use)", cf->conn->connection_id, *pres1, CONN_INUSE(cf->conn)); return CURLE_OK; @@ -1553,7 +1556,7 @@ static CURLcode cf_quiche_query(struct Curl_cfilter *cf, case CF_QUERY_CONNECT_REPLY_MS: if(ctx->q.got_first_byte) { timediff_t ms = Curl_timediff(ctx->q.first_byte_at, ctx->started_at); - *pres1 = (ms < INT_MAX)? (int)ms : INT_MAX; + *pres1 = (ms < INT_MAX) ? (int)ms : INT_MAX; } else *pres1 = -1; @@ -1573,7 +1576,7 @@ static CURLcode cf_quiche_query(struct Curl_cfilter *cf, default: break; } - return cf->next? + return cf->next ? cf->next->cft->query(cf->next, data, query, pres1, pres2) : CURLE_UNKNOWN_OPTION; } @@ -1650,6 +1653,7 @@ CURLcode Curl_cf_quiche_create(struct Curl_cfilter **pcf, result = CURLE_OUT_OF_MEMORY; goto out; } + cf_quiche_ctx_init(ctx); result = Curl_cf_create(&cf, &Curl_cft_http3, ctx); if(result) @@ -1664,12 +1668,12 @@ CURLcode Curl_cf_quiche_create(struct Curl_cfilter **pcf, cf->next = udp_cf; out: - *pcf = (!result)? cf : NULL; + *pcf = (!result) ? cf : NULL; if(result) { if(udp_cf) Curl_conn_cf_discard_sub(cf, udp_cf, data, TRUE); Curl_safefree(cf); - Curl_safefree(ctx); + cf_quiche_ctx_free(ctx); } return result; @@ -1679,7 +1683,7 @@ bool Curl_conn_is_quiche(const struct Curl_easy *data, const struct connectdata *conn, int sockindex) { - struct Curl_cfilter *cf = conn? conn->cfilter[sockindex] : NULL; + struct Curl_cfilter *cf = conn ? conn->cfilter[sockindex] : NULL; (void)data; for(; cf; cf = cf->next) { diff --git a/libraries/libcurl/vquic/vquic-tls.c b/libraries/libcurl/vquic/vquic-tls.c index 6aa6613a..580e5707 100644 --- a/libraries/libcurl/vquic/vquic-tls.c +++ b/libraries/libcurl/vquic/vquic-tls.c @@ -76,11 +76,11 @@ static void keylog_callback(const WOLFSSL *ssl, const char *line) } #endif -static CURLcode Curl_wssl_init_ctx(struct curl_tls_ctx *ctx, - struct Curl_cfilter *cf, - struct Curl_easy *data, - Curl_vquic_tls_ctx_setup *cb_setup, - void *cb_user_data) +static CURLcode wssl_init_ctx(struct curl_tls_ctx *ctx, + struct Curl_cfilter *cf, + struct Curl_easy *data, + Curl_vquic_tls_ctx_setup *cb_setup, + void *cb_user_data) { struct ssl_primary_config *conn_config; CURLcode result = CURLE_FAILED_INIT; @@ -162,7 +162,7 @@ static CURLcode Curl_wssl_init_ctx(struct curl_tls_ctx *ctx, #ifdef CURL_CA_FALLBACK else { /* verifying the peer without any CA certificates will not work so - use wolfssl's built-in default as fallback */ + use wolfSSL's built-in default as fallback */ wolfSSL_CTX_set_default_verify_paths(ctx->wssl.ctx); } #endif @@ -173,10 +173,10 @@ static CURLcode Curl_wssl_init_ctx(struct curl_tls_ctx *ctx, /* give application a chance to interfere with SSL set up. */ if(data->set.ssl.fsslctx) { - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); result = (*data->set.ssl.fsslctx)(data, ctx->wssl.ctx, data->set.ssl.fsslctxp); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); if(result) { failf(data, "error signaled by ssl ctx callback"); goto out; @@ -194,13 +194,15 @@ static CURLcode Curl_wssl_init_ctx(struct curl_tls_ctx *ctx, /** SSL callbacks ***/ -static CURLcode Curl_wssl_init_ssl(struct curl_tls_ctx *ctx, - struct Curl_easy *data, - struct ssl_peer *peer, - const char *alpn, size_t alpn_len, - void *user_data) +static CURLcode wssl_init_ssl(struct curl_tls_ctx *ctx, + struct Curl_cfilter *cf, + struct Curl_easy *data, + struct ssl_peer *peer, + const char *alpn, size_t alpn_len, + void *user_data) { - (void)data; + struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); + DEBUGASSERT(!ctx->wssl.handle); DEBUGASSERT(ctx->wssl.ctx); ctx->wssl.handle = wolfSSL_new(ctx->wssl.ctx); @@ -218,6 +220,10 @@ static CURLcode Curl_wssl_init_ssl(struct curl_tls_ctx *ctx, peer->sni, (unsigned short)strlen(peer->sni)); } + if(ssl_config->primary.cache_session) { + (void)wssl_setup_session(cf, data, &ctx->wssl, peer); + } + return CURLE_OK; } #endif /* defined(USE_WOLFSSL) */ @@ -240,14 +246,14 @@ CURLcode Curl_vquic_tls_init(struct curl_tls_ctx *ctx, #elif defined(USE_GNUTLS) (void)result; return Curl_gtls_ctx_init(&ctx->gtls, cf, data, peer, - (const unsigned char *)alpn, alpn_len, + (const unsigned char *)alpn, alpn_len, NULL, cb_setup, cb_user_data, ssl_user_data); #elif defined(USE_WOLFSSL) - result = Curl_wssl_init_ctx(ctx, cf, data, cb_setup, cb_user_data); + result = wssl_init_ctx(ctx, cf, data, cb_setup, cb_user_data); if(result) return result; - return Curl_wssl_init_ssl(ctx, data, peer, alpn, alpn_len, ssl_user_data); + return wssl_init_ssl(ctx, cf, data, peer, alpn, alpn_len, ssl_user_data); #else #error "no TLS lib in used, should not happen" return CURLE_FAILED_INIT; diff --git a/libraries/libcurl/vquic/vquic-tls.h b/libraries/libcurl/vquic/vquic-tls.h index 0ec74bfb..969acad4 100644 --- a/libraries/libcurl/vquic/vquic-tls.h +++ b/libraries/libcurl/vquic/vquic-tls.h @@ -64,7 +64,7 @@ typedef CURLcode Curl_vquic_tls_ctx_setup(struct Curl_cfilter *cf, * @param alpn the ALPN string in protocol format ((len+bytes+)+), * may be NULL * @param alpn_len the overall number of bytes in `alpn` - * @param cb_setup optional callback for very early TLS config + * @param cb_setup optional callback for early TLS config ± @param cb_user_data user_data param for callback * @param ssl_user_data optional pointer to set in TLS application context */ diff --git a/libraries/libcurl/vquic/vquic.c b/libraries/libcurl/vquic/vquic.c index 2bb06d46..20ff6a64 100644 --- a/libraries/libcurl/vquic/vquic.c +++ b/libraries/libcurl/vquic/vquic.c @@ -22,18 +22,6 @@ * ***************************************************************************/ -/* WIP, experimental: use recvmmsg() on linux - * we have no configure check, yet - * and also it is only available for _GNU_SOURCE, which - * we do not use otherwise. -#define HAVE_SENDMMSG - */ -#if defined(HAVE_SENDMMSG) -#define _GNU_SOURCE -#include -#undef _GNU_SOURCE -#endif - #include "curl_setup.h" #ifdef HAVE_NETINET_UDP_H @@ -51,6 +39,7 @@ #include "curl_ngtcp2.h" #include "curl_osslq.h" #include "curl_quiche.h" +#include "multiif.h" #include "rand.h" #include "vquic.h" #include "vquic_int.h" @@ -153,8 +142,8 @@ static CURLcode do_sendmsg(struct Curl_cfilter *cf, /* Only set this, when we need it. macOS, for example, * does not seem to like a msg_control of length 0. */ msg.msg_control = msg_ctrl; - assert(sizeof(msg_ctrl) >= CMSG_SPACE(sizeof(uint16_t))); - msg.msg_controllen = CMSG_SPACE(sizeof(uint16_t)); + assert(sizeof(msg_ctrl) >= CMSG_SPACE(sizeof(int))); + msg.msg_controllen = CMSG_SPACE(sizeof(int)); cm = CMSG_FIRSTHDR(&msg); cm->cmsg_level = SOL_UDP; cm->cmsg_type = UDP_SEGMENT; @@ -333,20 +322,20 @@ CURLcode vquic_send_tail_split(struct Curl_cfilter *cf, struct Curl_easy *data, } #if defined(HAVE_SENDMMSG) || defined(HAVE_SENDMSG) -static size_t msghdr_get_udp_gro(struct msghdr *msg) +static size_t vquic_msghdr_get_udp_gro(struct msghdr *msg) { int gso_size = 0; #if defined(__linux__) && defined(UDP_GRO) struct cmsghdr *cmsg; /* Workaround musl CMSG_NXTHDR issue */ -#ifndef __GLIBC__ +#if defined(__clang__) && !defined(__GLIBC__) #pragma clang diagnostic push #pragma clang diagnostic ignored "-Wsign-compare" #pragma clang diagnostic ignored "-Wcast-align" #endif for(cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { -#ifndef __GLIBC__ +#if defined(__clang__) && !defined(__GLIBC__) #pragma clang diagnostic pop #endif if(cmsg->cmsg_level == SOL_UDP && cmsg->cmsg_type == UDP_GRO) { @@ -369,21 +358,28 @@ static CURLcode recvmmsg_packets(struct Curl_cfilter *cf, size_t max_pkts, vquic_recv_pkt_cb *recv_cb, void *userp) { -#define MMSG_NUM 64 +#define MMSG_NUM 16 struct iovec msg_iov[MMSG_NUM]; struct mmsghdr mmsg[MMSG_NUM]; - uint8_t msg_ctrl[MMSG_NUM * CMSG_SPACE(sizeof(uint16_t))]; - uint8_t bufs[MMSG_NUM][2*1024]; + uint8_t msg_ctrl[MMSG_NUM * CMSG_SPACE(sizeof(int))]; struct sockaddr_storage remote_addr[MMSG_NUM]; - size_t total_nread, pkts; + size_t total_nread = 0, pkts; int mcount, i, n; char errstr[STRERROR_LEN]; CURLcode result = CURLE_OK; size_t gso_size; size_t pktlen; size_t offset, to; + char *sockbuf = NULL; + uint8_t (*bufs)[64*1024] = NULL; DEBUGASSERT(max_pkts > 0); + result = Curl_multi_xfer_sockbuf_borrow(data, MMSG_NUM * sizeof(bufs[0]), + &sockbuf); + if(result) + goto out; + bufs = (uint8_t (*)[64*1024])sockbuf; + pkts = 0; total_nread = 0; while(pkts < max_pkts) { @@ -396,8 +392,8 @@ static CURLcode recvmmsg_packets(struct Curl_cfilter *cf, mmsg[i].msg_hdr.msg_iovlen = 1; mmsg[i].msg_hdr.msg_name = &remote_addr[i]; mmsg[i].msg_hdr.msg_namelen = sizeof(remote_addr[i]); - mmsg[i].msg_hdr.msg_control = &msg_ctrl[i]; - mmsg[i].msg_hdr.msg_controllen = CMSG_SPACE(sizeof(uint16_t)); + mmsg[i].msg_hdr.msg_control = &msg_ctrl[i * CMSG_SPACE(sizeof(int))]; + mmsg[i].msg_hdr.msg_controllen = CMSG_SPACE(sizeof(int)); } while((mcount = recvmmsg(qctx->sockfd, mmsg, n, 0, NULL)) == -1 && @@ -427,7 +423,7 @@ static CURLcode recvmmsg_packets(struct Curl_cfilter *cf, for(i = 0; i < mcount; ++i) { total_nread += mmsg[i].msg_len; - gso_size = msghdr_get_udp_gro(&mmsg[i].msg_hdr); + gso_size = vquic_msghdr_get_udp_gro(&mmsg[i].msg_hdr); if(gso_size == 0) { gso_size = mmsg[i].msg_len; } @@ -455,6 +451,7 @@ static CURLcode recvmmsg_packets(struct Curl_cfilter *cf, if(total_nread || result) CURL_TRC_CF(data, cf, "recvd %zu packets with %zu bytes -> %d", pkts, total_nread, result); + Curl_multi_xfer_sockbuf_release(data, sockbuf); return result; } @@ -473,7 +470,7 @@ static CURLcode recvmsg_packets(struct Curl_cfilter *cf, ssize_t nread; char errstr[STRERROR_LEN]; CURLcode result = CURLE_OK; - uint8_t msg_ctrl[CMSG_SPACE(sizeof(uint16_t))]; + uint8_t msg_ctrl[CMSG_SPACE(sizeof(int))]; size_t gso_size; size_t pktlen; size_t offset, to; @@ -515,7 +512,7 @@ static CURLcode recvmsg_packets(struct Curl_cfilter *cf, total_nread += (size_t)nread; - gso_size = msghdr_get_udp_gro(&msg); + gso_size = vquic_msghdr_get_udp_gro(&msg); if(gso_size == 0) { gso_size = (size_t)nread; } @@ -720,7 +717,7 @@ CURLcode Curl_conn_may_http3(struct Curl_easy *data, const struct connectdata *conn) { if(conn->transport == TRNSPRT_UNIX) { - /* cannot do QUIC over a unix domain socket */ + /* cannot do QUIC over a Unix domain socket */ return CURLE_QUIC_CONNECT_ERROR; } if(!(conn->handler->flags & PROTOPT_SSL)) { diff --git a/libraries/libcurl/curl_path.c b/libraries/libcurl/vssh/curl_path.c similarity index 100% rename from libraries/libcurl/curl_path.c rename to libraries/libcurl/vssh/curl_path.c index 144f8803..61452a42 100644 --- a/libraries/libcurl/curl_path.c +++ b/libraries/libcurl/vssh/curl_path.c @@ -26,9 +26,9 @@ #if defined(USE_SSH) +#include "curl_path.h" #include #include "curl_memory.h" -#include "curl_path.h" #include "escape.h" #include "memdebug.h" diff --git a/libraries/libcurl/curl_path.h b/libraries/libcurl/vssh/curl_path.h similarity index 83% rename from libraries/libcurl/curl_path.h rename to libraries/libcurl/vssh/curl_path.h index 6fdb2fdd..8e984174 100644 --- a/libraries/libcurl/curl_path.h +++ b/libraries/libcurl/vssh/curl_path.h @@ -28,19 +28,6 @@ #include #include "urldata.h" -#ifdef _WIN32 -# undef PATH_MAX -# define PATH_MAX MAX_PATH -# ifndef R_OK -# define R_OK 4 -# endif -#endif - -#ifndef PATH_MAX -#define PATH_MAX 1024 /* just an extra precaution since there are systems that - have their definition hidden well */ -#endif - CURLcode Curl_getworkingpath(struct Curl_easy *data, char *homedir, char **path); diff --git a/libraries/libcurl/vssh/libssh.c b/libraries/libcurl/vssh/libssh.c index 20a05636..2781365b 100644 --- a/libraries/libcurl/vssh/libssh.c +++ b/libraries/libcurl/vssh/libssh.c @@ -31,11 +31,6 @@ #include -/* in 0.10.0 or later, ignore deprecated warnings */ -#define SSH_SUPPRESS_DEPRECATED -#include -#include - #ifdef HAVE_NETINET_IN_H #include #endif @@ -139,6 +134,7 @@ static void sftp_quote(struct Curl_easy *data); static void sftp_quote_stat(struct Curl_easy *data); static int myssh_getsock(struct Curl_easy *data, struct connectdata *conn, curl_socket_t *sock); +static void myssh_block2waitfor(struct connectdata *conn, bool block); static CURLcode myssh_setup_connection(struct Curl_easy *data, struct connectdata *conn); @@ -500,11 +496,11 @@ static int myssh_is_known(struct Curl_easy *data) goto cleanup; } - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); rc = func(data, knownkeyp, /* from the knownhosts file */ &foundkey, /* from the remote host */ keymatch, data->set.ssh_keyfunc_userp); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); switch(rc) { case CURLKHSTAT_FINE_ADD_TO_FILE: @@ -698,8 +694,12 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) case SSH_S_STARTUP: rc = ssh_connect(sshc->ssh_session); - if(rc == SSH_AGAIN) + + myssh_block2waitfor(conn, (rc == SSH_AGAIN)); + if(rc == SSH_AGAIN) { + DEBUGF(infof(data, "ssh_connect -> EAGAIN")); break; + } if(rc != SSH_OK) { failf(data, "Failure establishing ssh session"); @@ -1241,7 +1241,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) if(attrs) { curl_off_t size = attrs->size; if(size < 0) { - failf(data, "Bad file size (%" CURL_FORMAT_CURL_OFF_T ")", size); + failf(data, "Bad file size (%" FMT_OFF_T ")", size); MOVE_TO_ERROR_STATE(CURLE_BAD_DOWNLOAD_RESUME); break; } @@ -1294,10 +1294,10 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) if(data->state.resume_from > 0) { /* Let's read off the proper amount of bytes from the input. */ if(data->set.seek_func) { - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); seekerr = data->set.seek_func(data->set.seek_client, data->state.resume_from, SEEK_SET); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); } if(seekerr != CURL_SEEKFUNC_OK) { @@ -1626,7 +1626,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) sftp_attributes_free(attrs); if(size < 0) { - failf(data, "Bad file size (%" CURL_FORMAT_CURL_OFF_T ")", size); + failf(data, "Bad file size (%" FMT_OFF_T ")", size); return CURLE_BAD_DOWNLOAD_RESUME; } if(data->state.use_range) { @@ -1656,9 +1656,8 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) to = size - 1; } if(from > size) { - failf(data, "Offset (%" - CURL_FORMAT_CURL_OFF_T ") was beyond file size (%" - CURL_FORMAT_CURL_OFF_T ")", from, size); + failf(data, "Offset (%" FMT_OFF_T ") was beyond file size (%" + FMT_OFF_T ")", from, size); return CURLE_BAD_DOWNLOAD_RESUME; } if(from > to) { @@ -1687,10 +1686,8 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) if(data->state.resume_from < 0) { /* We are supposed to download the last abs(from) bytes */ if((curl_off_t)size < -data->state.resume_from) { - failf(data, "Offset (%" - CURL_FORMAT_CURL_OFF_T ") was beyond file size (%" - CURL_FORMAT_CURL_OFF_T ")", - data->state.resume_from, size); + failf(data, "Offset (%" FMT_OFF_T ") was beyond file size (%" + FMT_OFF_T ")", data->state.resume_from, size); return CURLE_BAD_DOWNLOAD_RESUME; } /* download from where? */ @@ -1698,8 +1695,8 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) } else { if((curl_off_t)size < data->state.resume_from) { - failf(data, "Offset (%" CURL_FORMAT_CURL_OFF_T - ") was beyond file size (%" CURL_FORMAT_CURL_OFF_T ")", + failf(data, "Offset (%" FMT_OFF_T + ") was beyond file size (%" FMT_OFF_T ")", data->state.resume_from, size); return CURLE_BAD_DOWNLOAD_RESUME; } @@ -2055,6 +2052,7 @@ static int myssh_getsock(struct Curl_easy *data, if(!conn->waitfor) bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET); + DEBUGF(infof(data, "ssh_getsock -> %x", bitmap)); return bitmap; } @@ -2068,13 +2066,12 @@ static void myssh_block2waitfor(struct connectdata *conn, bool block) if(block) { int dir = ssh_get_poll_flags(sshc->ssh_session); - if(dir & SSH_READ_PENDING) { - /* translate the libssh define bits into our own bit defines */ - conn->waitfor = KEEP_RECV; - } - else if(dir & SSH_WRITE_PENDING) { - conn->waitfor = KEEP_SEND; - } + conn->waitfor = 0; + /* translate the libssh define bits into our own bit defines */ + if(dir & SSH_READ_PENDING) + conn->waitfor |= KEEP_RECV; + if(dir & SSH_WRITE_PENDING) + conn->waitfor |= KEEP_SEND; } } @@ -2088,7 +2085,7 @@ static CURLcode myssh_multi_statemach(struct Curl_easy *data, implementation */ CURLcode result = myssh_statemach_act(data, &block); - *done = (sshc->state == SSH_STOP) ? TRUE : FALSE; + *done = (sshc->state == SSH_STOP); myssh_block2waitfor(conn, block); return result; @@ -2149,7 +2146,7 @@ static CURLcode myssh_setup_connection(struct Curl_easy *data, data->req.p.ssh = ssh = calloc(1, sizeof(struct SSHPROTO)); if(!ssh) return CURLE_OUT_OF_MEMORY; - Curl_dyn_init(&sshc->readdir_buf, PATH_MAX * 2); + Curl_dyn_init(&sshc->readdir_buf, CURL_PATH_MAX * 2); return CURLE_OK; } @@ -2320,7 +2317,7 @@ CURLcode scp_perform(struct Curl_easy *data, static CURLcode myssh_do_it(struct Curl_easy *data, bool *done) { CURLcode result; - bool connected = 0; + bool connected = FALSE; struct connectdata *conn = data->conn; struct ssh_conn *sshc = &conn->proto.sshc; @@ -2404,12 +2401,13 @@ static CURLcode scp_done(struct Curl_easy *data, CURLcode status, } static ssize_t scp_send(struct Curl_easy *data, int sockindex, - const void *mem, size_t len, CURLcode *err) + const void *mem, size_t len, bool eos, CURLcode *err) { int rc; struct connectdata *conn = data->conn; (void) sockindex; /* we only support SCP on the fixed known primary socket */ (void) err; + (void)eos; rc = ssh_scp_write(conn->proto.sshc.scp_session, mem, len); @@ -2417,7 +2415,7 @@ static ssize_t scp_send(struct Curl_easy *data, int sockindex, /* The following code is misleading, mostly added as wishful thinking * that libssh at some point will implement non-blocking ssh_scp_write/read. * Currently rc can only be number of bytes read or SSH_ERROR. */ - myssh_block2waitfor(conn, (rc == SSH_AGAIN) ? TRUE : FALSE); + myssh_block2waitfor(conn, (rc == SSH_AGAIN)); if(rc == SSH_AGAIN) { *err = CURLE_AGAIN; @@ -2449,7 +2447,7 @@ static ssize_t scp_recv(struct Curl_easy *data, int sockindex, * that libssh at some point will implement non-blocking ssh_scp_write/read. * Currently rc can only be SSH_OK or SSH_ERROR. */ - myssh_block2waitfor(conn, (nread == SSH_AGAIN) ? TRUE : FALSE); + myssh_block2waitfor(conn, (nread == SSH_AGAIN)); if(nread == SSH_AGAIN) { *err = CURLE_AGAIN; nread = -1; @@ -2552,11 +2550,13 @@ static CURLcode sftp_done(struct Curl_easy *data, CURLcode status, /* return number of sent bytes */ static ssize_t sftp_send(struct Curl_easy *data, int sockindex, - const void *mem, size_t len, CURLcode *err) + const void *mem, size_t len, bool eos, + CURLcode *err) { ssize_t nwrite; struct connectdata *conn = data->conn; (void)sockindex; + (void)eos; /* limit the writes to the maximum specified in Section 3 of * https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-02 @@ -2614,7 +2614,7 @@ static ssize_t sftp_recv(struct Curl_easy *data, int sockindex, mem, (uint32_t)len, (uint32_t)conn->proto.sshc.sftp_file_index); - myssh_block2waitfor(conn, (nread == SSH_AGAIN)?TRUE:FALSE); + myssh_block2waitfor(conn, (nread == SSH_AGAIN)); if(nread == SSH_AGAIN) { *err = CURLE_AGAIN; diff --git a/libraries/libcurl/vssh/libssh2.c b/libraries/libcurl/vssh/libssh2.c index 1b566d1a..e19ffefe 100644 --- a/libraries/libcurl/vssh/libssh2.c +++ b/libraries/libcurl/vssh/libssh2.c @@ -30,9 +30,6 @@ #include -#include -#include - #ifdef HAVE_FCNTL_H #include #endif @@ -282,23 +279,27 @@ static CURLcode libssh2_session_error_to_CURLE(int err) return CURLE_SSH; } +/* These functions are made to use the libcurl memory functions - NOT the + debugmem functions, as that leads us to trigger on libssh2 memory leaks + that are not ours to care for */ + static LIBSSH2_ALLOC_FUNC(my_libssh2_malloc) { (void)abstract; /* arg not used */ - return malloc(count); + return Curl_cmalloc(count); } static LIBSSH2_REALLOC_FUNC(my_libssh2_realloc) { (void)abstract; /* arg not used */ - return realloc(ptr, count); + return Curl_crealloc(ptr, count); } static LIBSSH2_FREE_FUNC(my_libssh2_free) { (void)abstract; /* arg not used */ if(ptr) /* ssh2 agent sometimes call free with null ptr */ - free(ptr); + Curl_cfree(ptr); } /* @@ -388,7 +389,7 @@ static void state(struct Curl_easy *data, sshstate nowstate) #ifdef HAVE_LIBSSH2_KNOWNHOST_API -static int sshkeycallback(struct Curl_easy *easy, +static int sshkeycallback(CURL *easy, const struct curl_khkey *knownkey, /* known */ const struct curl_khkey *foundkey, /* found */ enum curl_khmatch match, @@ -400,7 +401,7 @@ static int sshkeycallback(struct Curl_easy *easy, (void)clientp; /* we only allow perfect matches, and we reject everything else */ - return (match != CURLKHMATCH_OK)?CURLKHSTAT_REJECT:CURLKHSTAT_FINE; + return (match != CURLKHMATCH_OK) ? CURLKHSTAT_REJECT : CURLKHSTAT_FINE; } #endif @@ -537,8 +538,8 @@ static CURLcode ssh_knownhost(struct Curl_easy *data) #ifdef HAVE_LIBSSH2_KNOWNHOST_CHECKP keycheck = libssh2_knownhost_checkp(sshc->kh, conn->host.name, - (conn->remote_port != PORT_SSH)? - conn->remote_port:-1, + (conn->remote_port != PORT_SSH) ? + conn->remote_port : -1, remotekey, keylen, LIBSSH2_KNOWNHOST_TYPE_PLAIN| LIBSSH2_KNOWNHOST_KEYENC_RAW| @@ -555,8 +556,8 @@ static CURLcode ssh_knownhost(struct Curl_easy *data) #endif infof(data, "SSH host check: %d, key: %s", keycheck, - (keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH)? - host->key:""); + (keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH) ? + host->key : ""); /* setup 'knownkey' */ if(keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH) { @@ -579,11 +580,11 @@ static CURLcode ssh_knownhost(struct Curl_easy *data) keymatch = (enum curl_khmatch)keycheck; /* Ask the callback how to behave */ - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); rc = func(data, knownkeyp, /* from the knownhosts file */ &foundkey, /* from the remote host */ keymatch, data->set.ssh_keyfunc_userp); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); } } else @@ -781,10 +782,10 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data) &keylen, &sshkeytype); if(remotekey) { enum curl_khtype keytype = convert_ssh2_keytype(sshkeytype); - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); rc = data->set.ssh_hostkeyfunc(data->set.ssh_hostkeyfunc_userp, (int)keytype, remotekey, keylen); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); if(rc!= CURLKHMATCH_OK) { state(data, SSH_SESSION_FREE); sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; @@ -848,7 +849,7 @@ static CURLcode ssh_force_knownhost_key_type(struct Curl_easy *data) const char *kh_name_end = NULL; size_t kh_name_size = 0; int port = 0; - bool found = false; + bool found = FALSE; if(sshc->kh && !data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]) { /* lets try to find our host in the known hosts file */ @@ -869,18 +870,18 @@ static CURLcode ssh_force_knownhost_key_type(struct Curl_easy *data) kh_name_size = strlen(store->name) - 1 - strlen(kh_name_end); if(strncmp(store->name + 1, conn->host.name, kh_name_size) == 0) { - found = true; + found = TRUE; break; } } } else if(strcmp(store->name, conn->host.name) == 0) { - found = true; + found = TRUE; break; } } else { - found = true; + found = TRUE; break; } } @@ -958,25 +959,744 @@ static CURLcode ssh_force_knownhost_key_type(struct Curl_easy *data) return result; } +static CURLcode sftp_quote(struct Curl_easy *data, + struct ssh_conn *sshc, + struct SSHPROTO *sshp) +{ + const char *cp; + CURLcode result = CURLE_OK; + + /* + * Support some of the "FTP" commands + * + * 'sshc->quote_item' is already verified to be non-NULL before it + * switched to this state. + */ + char *cmd = sshc->quote_item->data; + sshc->acceptfail = FALSE; + + /* if a command starts with an asterisk, which a legal SFTP command never + can, the command will be allowed to fail without it causing any + aborts or cancels etc. It will cause libcurl to act as if the command + is successful, whatever the server responds. */ + + if(cmd[0] == '*') { + cmd++; + sshc->acceptfail = TRUE; + } + + if(strcasecompare("pwd", cmd)) { + /* output debug output if that is requested */ + char *tmp = aprintf("257 \"%s\" is current directory.\n", sshp->path); + if(!tmp) + return CURLE_OUT_OF_MEMORY; + Curl_debug(data, CURLINFO_HEADER_OUT, (char *)"PWD\n", 4); + Curl_debug(data, CURLINFO_HEADER_IN, tmp, strlen(tmp)); + + /* this sends an FTP-like "header" to the header callback so that the + current directory can be read very similar to how it is read when + using ordinary FTP. */ + result = Curl_client_write(data, CLIENTWRITE_HEADER, tmp, strlen(tmp)); + free(tmp); + if(!result) + state(data, SSH_SFTP_NEXT_QUOTE); + return result; + } + + /* + * the arguments following the command must be separated from the + * command with a space so we can check for it unconditionally + */ + cp = strchr(cmd, ' '); + if(!cp) { + failf(data, "Syntax error command '%s', missing parameter", cmd); + return result; + } + + /* + * also, every command takes at least one argument so we get that + * first argument right now + */ + result = Curl_get_pathname(&cp, &sshc->quote_path1, sshc->homedir); + if(result) { + if(result != CURLE_OUT_OF_MEMORY) + failf(data, "Syntax error: Bad first parameter to '%s'", cmd); + return result; + } + + /* + * SFTP is a binary protocol, so we do not send text commands to the server. + * Instead, we scan for commands used by OpenSSH's sftp program and call the + * appropriate libssh2 functions. + */ + if(strncasecompare(cmd, "chgrp ", 6) || + strncasecompare(cmd, "chmod ", 6) || + strncasecompare(cmd, "chown ", 6) || + strncasecompare(cmd, "atime ", 6) || + strncasecompare(cmd, "mtime ", 6)) { + /* attribute change */ + + /* sshc->quote_path1 contains the mode to set */ + /* get the destination */ + result = Curl_get_pathname(&cp, &sshc->quote_path2, sshc->homedir); + if(result) { + if(result != CURLE_OUT_OF_MEMORY) + failf(data, "Syntax error in %s: Bad second parameter", cmd); + Curl_safefree(sshc->quote_path1); + return result; + } + memset(&sshp->quote_attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); + state(data, SSH_SFTP_QUOTE_STAT); + return result; + } + if(strncasecompare(cmd, "ln ", 3) || + strncasecompare(cmd, "symlink ", 8)) { + /* symbolic linking */ + /* sshc->quote_path1 is the source */ + /* get the destination */ + result = Curl_get_pathname(&cp, &sshc->quote_path2, sshc->homedir); + if(result) { + if(result != CURLE_OUT_OF_MEMORY) + failf(data, "Syntax error in ln/symlink: Bad second parameter"); + Curl_safefree(sshc->quote_path1); + return result; + } + state(data, SSH_SFTP_QUOTE_SYMLINK); + return result; + } + else if(strncasecompare(cmd, "mkdir ", 6)) { + /* create dir */ + state(data, SSH_SFTP_QUOTE_MKDIR); + return result; + } + else if(strncasecompare(cmd, "rename ", 7)) { + /* rename file */ + /* first param is the source path */ + /* second param is the dest. path */ + result = Curl_get_pathname(&cp, &sshc->quote_path2, sshc->homedir); + if(result) { + if(result != CURLE_OUT_OF_MEMORY) + failf(data, "Syntax error in rename: Bad second parameter"); + Curl_safefree(sshc->quote_path1); + return result; + } + state(data, SSH_SFTP_QUOTE_RENAME); + return result; + } + else if(strncasecompare(cmd, "rmdir ", 6)) { + /* delete dir */ + state(data, SSH_SFTP_QUOTE_RMDIR); + return result; + } + else if(strncasecompare(cmd, "rm ", 3)) { + state(data, SSH_SFTP_QUOTE_UNLINK); + return result; + } +#ifdef HAS_STATVFS_SUPPORT + else if(strncasecompare(cmd, "statvfs ", 8)) { + state(data, SSH_SFTP_QUOTE_STATVFS); + return result; + } +#endif + + failf(data, "Unknown SFTP command"); + Curl_safefree(sshc->quote_path1); + Curl_safefree(sshc->quote_path2); + return CURLE_QUOTE_ERROR; +} + +static CURLcode +sftp_upload_init(struct Curl_easy *data, + struct ssh_conn *sshc, + struct SSHPROTO *sshp, + bool *blockp) +{ + unsigned long flags; + + /* + * NOTE!!! libssh2 requires that the destination path is a full path + * that includes the destination file and name OR ends in a "/" + * If this is not done the destination file will be named the + * same name as the last directory in the path. + */ + + if(data->state.resume_from) { + LIBSSH2_SFTP_ATTRIBUTES attrs; + if(data->state.resume_from < 0) { + int rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshp->path, + curlx_uztoui(strlen(sshp->path)), + LIBSSH2_SFTP_STAT, &attrs); + if(rc == LIBSSH2_ERROR_EAGAIN) { + *blockp = TRUE; + return CURLE_OK; + } + if(rc) { + data->state.resume_from = 0; + } + else { + curl_off_t size = attrs.filesize; + if(size < 0) { + failf(data, "Bad file size (%" FMT_OFF_T ")", size); + return CURLE_BAD_DOWNLOAD_RESUME; + } + data->state.resume_from = attrs.filesize; + } + } + } + + if(data->set.remote_append) + /* Try to open for append, but create if nonexisting */ + flags = LIBSSH2_FXF_WRITE|LIBSSH2_FXF_CREAT|LIBSSH2_FXF_APPEND; + else if(data->state.resume_from > 0) + /* If we have restart position then open for append */ + flags = LIBSSH2_FXF_WRITE|LIBSSH2_FXF_APPEND; + else + /* Clear file before writing (normal behavior) */ + flags = LIBSSH2_FXF_WRITE|LIBSSH2_FXF_CREAT|LIBSSH2_FXF_TRUNC; + + sshc->sftp_handle = + libssh2_sftp_open_ex(sshc->sftp_session, sshp->path, + curlx_uztoui(strlen(sshp->path)), + flags, (long)data->set.new_file_perms, + LIBSSH2_SFTP_OPENFILE); + + if(!sshc->sftp_handle) { + unsigned long sftperr; + int rc = libssh2_session_last_errno(sshc->ssh_session); + + if(LIBSSH2_ERROR_EAGAIN == rc) { + *blockp = TRUE; + return CURLE_OK; + } + + if(LIBSSH2_ERROR_SFTP_PROTOCOL == rc) + /* only when there was an SFTP protocol error can we extract + the sftp error! */ + sftperr = libssh2_sftp_last_error(sshc->sftp_session); + else + sftperr = LIBSSH2_FX_OK; /* not an sftp error at all */ + + if(sshc->secondCreateDirs) { + state(data, SSH_SFTP_CLOSE); + sshc->actualcode = sftperr != LIBSSH2_FX_OK ? + sftp_libssh2_error_to_CURLE(sftperr) : CURLE_SSH; + failf(data, "Creating the dir/file failed: %s", + sftp_libssh2_strerror(sftperr)); + return CURLE_OK; + } + if(((sftperr == LIBSSH2_FX_NO_SUCH_FILE) || + (sftperr == LIBSSH2_FX_FAILURE) || + (sftperr == LIBSSH2_FX_NO_SUCH_PATH)) && + (data->set.ftp_create_missing_dirs && + (strlen(sshp->path) > 1))) { + /* try to create the path remotely */ + sshc->secondCreateDirs = 1; + state(data, SSH_SFTP_CREATE_DIRS_INIT); + return CURLE_OK; + } + state(data, SSH_SFTP_CLOSE); + sshc->actualcode = sftperr != LIBSSH2_FX_OK ? + sftp_libssh2_error_to_CURLE(sftperr) : CURLE_SSH; + if(!sshc->actualcode) { + /* Sometimes, for some reason libssh2_sftp_last_error() returns zero + even though libssh2_sftp_open() failed previously! We need to + work around that! */ + sshc->actualcode = CURLE_SSH; + sftperr = LIBSSH2_FX_OK; + } + failf(data, "Upload failed: %s (%lu/%d)", + sftperr != LIBSSH2_FX_OK ? + sftp_libssh2_strerror(sftperr) : "ssh error", + sftperr, rc); + return sshc->actualcode; + } + + /* If we have a restart point then we need to seek to the correct + position. */ + if(data->state.resume_from > 0) { + int seekerr = CURL_SEEKFUNC_OK; + /* Let's read off the proper amount of bytes from the input. */ + if(data->set.seek_func) { + Curl_set_in_callback(data, TRUE); + seekerr = data->set.seek_func(data->set.seek_client, + data->state.resume_from, SEEK_SET); + Curl_set_in_callback(data, FALSE); + } + + if(seekerr != CURL_SEEKFUNC_OK) { + curl_off_t passed = 0; + + if(seekerr != CURL_SEEKFUNC_CANTSEEK) { + failf(data, "Could not seek stream"); + return CURLE_FTP_COULDNT_USE_REST; + } + /* seekerr == CURL_SEEKFUNC_CANTSEEK (cannot seek to offset) */ + do { + char scratch[4*1024]; + size_t readthisamountnow = + (data->state.resume_from - passed > + (curl_off_t)sizeof(scratch)) ? + sizeof(scratch) : curlx_sotouz(data->state.resume_from - passed); + + size_t actuallyread; + Curl_set_in_callback(data, TRUE); + actuallyread = data->state.fread_func(scratch, 1, + readthisamountnow, + data->state.in); + Curl_set_in_callback(data, FALSE); + + passed += actuallyread; + if((actuallyread == 0) || (actuallyread > readthisamountnow)) { + /* this checks for greater-than only to make sure that the + CURL_READFUNC_ABORT return code still aborts */ + failf(data, "Failed to read data"); + return CURLE_FTP_COULDNT_USE_REST; + } + } while(passed < data->state.resume_from); + } + + /* now, decrease the size of the read */ + if(data->state.infilesize > 0) { + data->state.infilesize -= data->state.resume_from; + data->req.size = data->state.infilesize; + Curl_pgrsSetUploadSize(data, data->state.infilesize); + } + + SFTP_SEEK(sshc->sftp_handle, data->state.resume_from); + } + if(data->state.infilesize > 0) { + data->req.size = data->state.infilesize; + Curl_pgrsSetUploadSize(data, data->state.infilesize); + } + /* upload data */ + Curl_xfer_setup1(data, CURL_XFER_SEND, -1, FALSE); + + /* not set by Curl_xfer_setup to preserve keepon bits */ + data->conn->sockfd = data->conn->writesockfd; + + /* store this original bitmask setup to use later on if we cannot + figure out a "real" bitmask */ + sshc->orig_waitfor = data->req.keepon; + + /* we want to use the _sending_ function even when the socket turns + out readable as the underlying libssh2 sftp send function will deal + with both accordingly */ + data->state.select_bits = CURL_CSELECT_OUT; + + /* since we do not really wait for anything at this point, we want the + state machine to move on as soon as possible so we set a very short + timeout here */ + Curl_expire(data, 0, EXPIRE_RUN_NOW); + + state(data, SSH_STOP); + return CURLE_OK; +} + +static CURLcode +sftp_pkey_init(struct Curl_easy *data, + struct ssh_conn *sshc) +{ + /* + * Check the supported auth types in the order I feel is most secure + * with the requested type of authentication + */ + sshc->authed = FALSE; + + if((data->set.ssh_auth_types & CURLSSH_AUTH_PUBLICKEY) && + (strstr(sshc->authlist, "publickey") != NULL)) { + bool out_of_memory = FALSE; + + sshc->rsa_pub = sshc->rsa = NULL; + + if(data->set.str[STRING_SSH_PRIVATE_KEY]) + sshc->rsa = strdup(data->set.str[STRING_SSH_PRIVATE_KEY]); + else { + /* To ponder about: should really the lib be messing about with the + HOME environment variable etc? */ + char *home = curl_getenv("HOME"); + struct_stat sbuf; + + /* If no private key file is specified, try some common paths. */ + if(home) { + /* Try ~/.ssh first. */ + sshc->rsa = aprintf("%s/.ssh/id_rsa", home); + if(!sshc->rsa) + out_of_memory = TRUE; + else if(stat(sshc->rsa, &sbuf)) { + Curl_safefree(sshc->rsa); + sshc->rsa = aprintf("%s/.ssh/id_dsa", home); + if(!sshc->rsa) + out_of_memory = TRUE; + else if(stat(sshc->rsa, &sbuf)) { + Curl_safefree(sshc->rsa); + } + } + free(home); + } + if(!out_of_memory && !sshc->rsa) { + /* Nothing found; try the current dir. */ + sshc->rsa = strdup("id_rsa"); + if(sshc->rsa && stat(sshc->rsa, &sbuf)) { + Curl_safefree(sshc->rsa); + sshc->rsa = strdup("id_dsa"); + if(sshc->rsa && stat(sshc->rsa, &sbuf)) { + Curl_safefree(sshc->rsa); + /* Out of guesses. Set to the empty string to avoid + * surprising info messages. */ + sshc->rsa = strdup(""); + } + } + } + } + + /* + * Unless the user explicitly specifies a public key file, let + * libssh2 extract the public key from the private key file. + * This is done by simply passing sshc->rsa_pub = NULL. + */ + if(data->set.str[STRING_SSH_PUBLIC_KEY] + /* treat empty string the same way as NULL */ + && data->set.str[STRING_SSH_PUBLIC_KEY][0]) { + sshc->rsa_pub = strdup(data->set.str[STRING_SSH_PUBLIC_KEY]); + if(!sshc->rsa_pub) + out_of_memory = TRUE; + } + + if(out_of_memory || !sshc->rsa) { + Curl_safefree(sshc->rsa); + Curl_safefree(sshc->rsa_pub); + state(data, SSH_SESSION_FREE); + sshc->actualcode = CURLE_OUT_OF_MEMORY; + return CURLE_OUT_OF_MEMORY; + } + + sshc->passphrase = data->set.ssl.key_passwd; + if(!sshc->passphrase) + sshc->passphrase = ""; + + if(sshc->rsa_pub) + infof(data, "Using SSH public key file '%s'", sshc->rsa_pub); + infof(data, "Using SSH private key file '%s'", sshc->rsa); + + state(data, SSH_AUTH_PKEY); + } + else { + state(data, SSH_AUTH_PASS_INIT); + } + return CURLE_OK; +} + +static CURLcode +sftp_quote_stat(struct Curl_easy *data, + struct ssh_conn *sshc, + struct SSHPROTO *sshp, + bool *blockp) +{ + char *cmd = sshc->quote_item->data; + sshc->acceptfail = FALSE; + + /* if a command starts with an asterisk, which a legal SFTP command never + can, the command will be allowed to fail without it causing any aborts or + cancels etc. It will cause libcurl to act as if the command is + successful, whatever the server responds. */ + + if(cmd[0] == '*') { + cmd++; + sshc->acceptfail = TRUE; + } + + if(!strncasecompare(cmd, "chmod", 5)) { + /* Since chown and chgrp only set owner OR group but libssh2 wants to set + * them both at once, we need to obtain the current ownership first. This + * takes an extra protocol round trip. + */ + int rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshc->quote_path2, + curlx_uztoui(strlen(sshc->quote_path2)), + LIBSSH2_SFTP_STAT, + &sshp->quote_attrs); + if(rc == LIBSSH2_ERROR_EAGAIN) { + *blockp = TRUE; + return CURLE_OK; + } + if(rc && !sshc->acceptfail) { /* get those attributes */ + unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session); + failf(data, "Attempt to get SFTP stats failed: %s", + sftp_libssh2_strerror(sftperr)); + goto fail; + } + } + + /* Now set the new attributes... */ + if(strncasecompare(cmd, "chgrp", 5)) { + sshp->quote_attrs.gid = strtoul(sshc->quote_path1, NULL, 10); + sshp->quote_attrs.flags = LIBSSH2_SFTP_ATTR_UIDGID; + if(sshp->quote_attrs.gid == 0 && !ISDIGIT(sshc->quote_path1[0]) && + !sshc->acceptfail) { + failf(data, "Syntax error: chgrp gid not a number"); + goto fail; + } + } + else if(strncasecompare(cmd, "chmod", 5)) { + sshp->quote_attrs.permissions = strtoul(sshc->quote_path1, NULL, 8); + sshp->quote_attrs.flags = LIBSSH2_SFTP_ATTR_PERMISSIONS; + /* permissions are octal */ + if(sshp->quote_attrs.permissions == 0 && + !ISDIGIT(sshc->quote_path1[0])) { + failf(data, "Syntax error: chmod permissions not a number"); + goto fail; + } + } + else if(strncasecompare(cmd, "chown", 5)) { + sshp->quote_attrs.uid = strtoul(sshc->quote_path1, NULL, 10); + sshp->quote_attrs.flags = LIBSSH2_SFTP_ATTR_UIDGID; + if(sshp->quote_attrs.uid == 0 && !ISDIGIT(sshc->quote_path1[0]) && + !sshc->acceptfail) { + failf(data, "Syntax error: chown uid not a number"); + goto fail; + } + } + else if(strncasecompare(cmd, "atime", 5) || + strncasecompare(cmd, "mtime", 5)) { + time_t date = Curl_getdate_capped(sshc->quote_path1); + bool fail = FALSE; + + if(date == -1) { + failf(data, "incorrect date format for %.*s", 5, cmd); + fail = TRUE; + } +#if SIZEOF_TIME_T > SIZEOF_LONG + if(date > 0xffffffff) { + /* if 'long' cannot old >32-bit, this date cannot be sent */ + failf(data, "date overflow"); + fail = TRUE; + } +#endif + if(fail) + goto fail; + if(strncasecompare(cmd, "atime", 5)) + sshp->quote_attrs.atime = (unsigned long)date; + else /* mtime */ + sshp->quote_attrs.mtime = (unsigned long)date; + + sshp->quote_attrs.flags = LIBSSH2_SFTP_ATTR_ACMODTIME; + } + + /* Now send the completed structure... */ + state(data, SSH_SFTP_QUOTE_SETSTAT); + return CURLE_OK; +fail: + Curl_safefree(sshc->quote_path1); + Curl_safefree(sshc->quote_path2); + return CURLE_QUOTE_ERROR; +} + +static CURLcode +sftp_download_stat(struct Curl_easy *data, + struct ssh_conn *sshc, + struct SSHPROTO *sshp, + bool *blockp) +{ + LIBSSH2_SFTP_ATTRIBUTES attrs; + int rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshp->path, + curlx_uztoui(strlen(sshp->path)), + LIBSSH2_SFTP_STAT, &attrs); + if(rc == LIBSSH2_ERROR_EAGAIN) { + *blockp = TRUE; + return CURLE_OK; + } + if(rc || + !(attrs.flags & LIBSSH2_SFTP_ATTR_SIZE) || + (attrs.filesize == 0)) { + /* + * libssh2_sftp_open() did not return an error, so maybe the server + * just does not support stat() + * OR the server does not return a file size with a stat() + * OR file size is 0 + */ + data->req.size = -1; + data->req.maxdownload = -1; + Curl_pgrsSetDownloadSize(data, -1); + } + else { + curl_off_t size = attrs.filesize; + + if(size < 0) { + failf(data, "Bad file size (%" FMT_OFF_T ")", size); + return CURLE_BAD_DOWNLOAD_RESUME; + } + if(data->state.use_range) { + curl_off_t from, to; + char *ptr; + char *ptr2; + CURLofft to_t; + CURLofft from_t; + + from_t = curlx_strtoofft(data->state.range, &ptr, 10, &from); + if(from_t == CURL_OFFT_FLOW) + return CURLE_RANGE_ERROR; + while(*ptr && (ISBLANK(*ptr) || (*ptr == '-'))) + ptr++; + to_t = curlx_strtoofft(ptr, &ptr2, 10, &to); + if(to_t == CURL_OFFT_FLOW) + return CURLE_RANGE_ERROR; + if((to_t == CURL_OFFT_INVAL) /* no "to" value given */ + || (to >= size)) { + to = size - 1; + } + if(from_t) { + /* from is relative to end of file */ + from = size - to; + to = size - 1; + } + if(from > size) { + failf(data, "Offset (%" FMT_OFF_T ") was beyond file size (%" + FMT_OFF_T ")", from, (curl_off_t)attrs.filesize); + return CURLE_BAD_DOWNLOAD_RESUME; + } + if(from > to) { + from = to; + size = 0; + } + else { + if((to - from) == CURL_OFF_T_MAX) + return CURLE_RANGE_ERROR; + size = to - from + 1; + } + + SFTP_SEEK(sshc->sftp_handle, from); + } + data->req.size = size; + data->req.maxdownload = size; + Curl_pgrsSetDownloadSize(data, size); + } + + /* We can resume if we can seek to the resume position */ + if(data->state.resume_from) { + if(data->state.resume_from < 0) { + /* We are supposed to download the last abs(from) bytes */ + if((curl_off_t)attrs.filesize < -data->state.resume_from) { + failf(data, "Offset (%" FMT_OFF_T ") was beyond file size (%" + FMT_OFF_T ")", + data->state.resume_from, (curl_off_t)attrs.filesize); + return CURLE_BAD_DOWNLOAD_RESUME; + } + /* download from where? */ + data->state.resume_from += attrs.filesize; + } + else { + if((curl_off_t)attrs.filesize < data->state.resume_from) { + failf(data, "Offset (%" FMT_OFF_T + ") was beyond file size (%" FMT_OFF_T ")", + data->state.resume_from, (curl_off_t)attrs.filesize); + return CURLE_BAD_DOWNLOAD_RESUME; + } + } + /* Now store the number of bytes we are expected to download */ + data->req.size = attrs.filesize - data->state.resume_from; + data->req.maxdownload = attrs.filesize - data->state.resume_from; + Curl_pgrsSetDownloadSize(data, + attrs.filesize - data->state.resume_from); + SFTP_SEEK(sshc->sftp_handle, data->state.resume_from); + } + + /* Setup the actual download */ + if(data->req.size == 0) { + /* no data to transfer */ + Curl_xfer_setup_nop(data); + infof(data, "File already completely downloaded"); + state(data, SSH_STOP); + return CURLE_OK; + } + Curl_xfer_setup1(data, CURL_XFER_RECV, data->req.size, FALSE); + + /* not set by Curl_xfer_setup to preserve keepon bits */ + data->conn->writesockfd = data->conn->sockfd; + + /* we want to use the _receiving_ function even when the socket turns + out writableable as the underlying libssh2 recv function will deal + with both accordingly */ + data->state.select_bits = CURL_CSELECT_IN; + state(data, SSH_STOP); + + return CURLE_OK; +} + +static CURLcode sftp_readdir(struct Curl_easy *data, + struct ssh_conn *sshc, + struct SSHPROTO *sshp, + bool *blockp) +{ + CURLcode result = CURLE_OK; + int rc = libssh2_sftp_readdir_ex(sshc->sftp_handle, + sshp->readdir_filename, CURL_PATH_MAX, + sshp->readdir_longentry, CURL_PATH_MAX, + &sshp->readdir_attrs); + if(rc == LIBSSH2_ERROR_EAGAIN) { + *blockp = TRUE; + return result; + } + if(rc > 0) { + size_t readdir_len = (size_t) rc; + sshp->readdir_filename[readdir_len] = '\0'; + + if(data->set.list_only) { + result = Curl_client_write(data, CLIENTWRITE_BODY, + sshp->readdir_filename, + readdir_len); + if(!result) + result = Curl_client_write(data, CLIENTWRITE_BODY, + (char *)"\n", 1); + if(result) + return result; + } + else { + result = Curl_dyn_add(&sshp->readdir, sshp->readdir_longentry); + + if(!result) { + if((sshp->readdir_attrs.flags & LIBSSH2_SFTP_ATTR_PERMISSIONS) && + ((sshp->readdir_attrs.permissions & LIBSSH2_SFTP_S_IFMT) == + LIBSSH2_SFTP_S_IFLNK)) { + Curl_dyn_init(&sshp->readdir_link, CURL_PATH_MAX); + result = Curl_dyn_addf(&sshp->readdir_link, "%s%s", sshp->path, + sshp->readdir_filename); + state(data, SSH_SFTP_READDIR_LINK); + } + else { + state(data, SSH_SFTP_READDIR_BOTTOM); + } + } + return result; + } + } + else if(rc == 0) { + state(data, SSH_SFTP_READDIR_DONE); + } + else if(rc < 0) { + unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session); + result = sftp_libssh2_error_to_CURLE(sftperr); + sshc->actualcode = result ? result : CURLE_SSH; + failf(data, "Could not open remote file for reading: %s :: %d", + sftp_libssh2_strerror(sftperr), + libssh2_session_last_errno(sshc->ssh_session)); + state(data, SSH_SFTP_CLOSE); + } + return result; +} /* - * ssh_statemach_act() runs the SSH state machine as far as it can without + * ssh_statemachine() runs the SSH state machine as far as it can without * blocking and without reaching the end. The data the pointer 'block' points * to will be set to TRUE if the libssh2 function returns LIBSSH2_ERROR_EAGAIN * meaning it wants to be called again when the socket is ready */ -static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) +static CURLcode ssh_statemachine(struct Curl_easy *data, bool *block) { CURLcode result = CURLE_OK; struct connectdata *conn = data->conn; struct SSHPROTO *sshp = data->req.p.ssh; struct ssh_conn *sshc = &conn->proto.sshc; - curl_socket_t sock = conn->sock[FIRSTSOCKET]; + int rc = LIBSSH2_ERROR_NONE; - int ssherr; - unsigned long sftperr; - int seekerr = CURL_SEEKFUNC_OK; - size_t readdir_len; *block = 0; /* we are not blocking by default */ do { @@ -1001,7 +1721,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) FALLTHROUGH(); case SSH_S_STARTUP: - rc = session_startup(sshc->ssh_session, sock); + rc = session_startup(sshc->ssh_session, conn->sock[FIRSTSOCKET]); if(rc == LIBSSH2_ERROR_EAGAIN) { break; } @@ -1052,12 +1772,12 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) state(data, SSH_AUTH_DONE); break; } - ssherr = libssh2_session_last_errno(sshc->ssh_session); - if(ssherr == LIBSSH2_ERROR_EAGAIN) + rc = libssh2_session_last_errno(sshc->ssh_session); + if(rc == LIBSSH2_ERROR_EAGAIN) rc = LIBSSH2_ERROR_EAGAIN; else { state(data, SSH_SESSION_FREE); - sshc->actualcode = libssh2_session_error_to_CURLE(ssherr); + sshc->actualcode = libssh2_session_error_to_CURLE(rc); } break; } @@ -1068,93 +1788,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; case SSH_AUTH_PKEY_INIT: - /* - * Check the supported auth types in the order I feel is most secure - * with the requested type of authentication - */ - sshc->authed = FALSE; - - if((data->set.ssh_auth_types & CURLSSH_AUTH_PUBLICKEY) && - (strstr(sshc->authlist, "publickey") != NULL)) { - bool out_of_memory = FALSE; - - sshc->rsa_pub = sshc->rsa = NULL; - - if(data->set.str[STRING_SSH_PRIVATE_KEY]) - sshc->rsa = strdup(data->set.str[STRING_SSH_PRIVATE_KEY]); - else { - /* To ponder about: should really the lib be messing about with the - HOME environment variable etc? */ - char *home = curl_getenv("HOME"); - struct_stat sbuf; - - /* If no private key file is specified, try some common paths. */ - if(home) { - /* Try ~/.ssh first. */ - sshc->rsa = aprintf("%s/.ssh/id_rsa", home); - if(!sshc->rsa) - out_of_memory = TRUE; - else if(stat(sshc->rsa, &sbuf)) { - Curl_safefree(sshc->rsa); - sshc->rsa = aprintf("%s/.ssh/id_dsa", home); - if(!sshc->rsa) - out_of_memory = TRUE; - else if(stat(sshc->rsa, &sbuf)) { - Curl_safefree(sshc->rsa); - } - } - free(home); - } - if(!out_of_memory && !sshc->rsa) { - /* Nothing found; try the current dir. */ - sshc->rsa = strdup("id_rsa"); - if(sshc->rsa && stat(sshc->rsa, &sbuf)) { - Curl_safefree(sshc->rsa); - sshc->rsa = strdup("id_dsa"); - if(sshc->rsa && stat(sshc->rsa, &sbuf)) { - Curl_safefree(sshc->rsa); - /* Out of guesses. Set to the empty string to avoid - * surprising info messages. */ - sshc->rsa = strdup(""); - } - } - } - } - - /* - * Unless the user explicitly specifies a public key file, let - * libssh2 extract the public key from the private key file. - * This is done by simply passing sshc->rsa_pub = NULL. - */ - if(data->set.str[STRING_SSH_PUBLIC_KEY] - /* treat empty string the same way as NULL */ - && data->set.str[STRING_SSH_PUBLIC_KEY][0]) { - sshc->rsa_pub = strdup(data->set.str[STRING_SSH_PUBLIC_KEY]); - if(!sshc->rsa_pub) - out_of_memory = TRUE; - } - - if(out_of_memory || !sshc->rsa) { - Curl_safefree(sshc->rsa); - Curl_safefree(sshc->rsa_pub); - state(data, SSH_SESSION_FREE); - sshc->actualcode = CURLE_OUT_OF_MEMORY; - break; - } - - sshc->passphrase = data->set.ssl.key_passwd; - if(!sshc->passphrase) - sshc->passphrase = ""; - - if(sshc->rsa_pub) - infof(data, "Using SSH public key file '%s'", sshc->rsa_pub); - infof(data, "Using SSH private key file '%s'", sshc->rsa); - - state(data, SSH_AUTH_PKEY); - } - else { - state(data, SSH_AUTH_PASS_INIT); - } + result = sftp_pkey_init(data, sshc); break; case SSH_AUTH_PKEY: @@ -1377,7 +2011,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) Curl_pgrsTime(data, TIMER_APPCONNECT); /* SSH is connected */ - conn->sockfd = sock; + conn->sockfd = conn->sock[FIRSTSOCKET]; conn->writesockfd = CURL_SOCKET_BAD; if(conn->handler->protocol == CURLPROTO_SFTP) { @@ -1412,21 +2046,18 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; case SSH_SFTP_REALPATH: - { - char tempHome[PATH_MAX]; - /* * Get the "home" directory */ rc = sftp_libssh2_realpath(sshc->sftp_session, ".", - tempHome, PATH_MAX-1); + sshp->readdir_filename, CURL_PATH_MAX); if(rc == LIBSSH2_ERROR_EAGAIN) { break; } if(rc > 0) { /* It seems that this string is not always NULL terminated */ - tempHome[rc] = '\0'; - sshc->homedir = strdup(tempHome); + sshp->readdir_filename[rc] = '\0'; + sshc->homedir = strdup(sshp->readdir_filename); if(!sshc->homedir) { state(data, SSH_SFTP_CLOSE); sshc->actualcode = CURLE_OUT_OF_MEMORY; @@ -1436,7 +2067,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) } else { /* Return the error type */ - sftperr = libssh2_sftp_last_error(sshc->sftp_session); + unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session); if(sftperr) result = sftp_libssh2_error_to_CURLE(sftperr); else @@ -1449,7 +2080,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) state(data, SSH_STOP); break; } - } + /* This is the last step in the SFTP connect phase. Do note that while we get the homedir here, we get the "workingpath" in the DO action since the homedir will remain the same between request but the @@ -1489,187 +2120,14 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; case SSH_SFTP_QUOTE: - /* Send any quote commands */ - { - const char *cp; - - /* - * Support some of the "FTP" commands - * - * 'sshc->quote_item' is already verified to be non-NULL before it - * switched to this state. - */ - char *cmd = sshc->quote_item->data; - sshc->acceptfail = FALSE; - - /* if a command starts with an asterisk, which a legal SFTP command never - can, the command will be allowed to fail without it causing any - aborts or cancels etc. It will cause libcurl to act as if the command - is successful, whatever the server responds. */ - - if(cmd[0] == '*') { - cmd++; - sshc->acceptfail = TRUE; - } - - if(strcasecompare("pwd", cmd)) { - /* output debug output if that is requested */ - char *tmp = aprintf("257 \"%s\" is current directory.\n", - sshp->path); - if(!tmp) { - result = CURLE_OUT_OF_MEMORY; - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - break; - } - Curl_debug(data, CURLINFO_HEADER_OUT, (char *)"PWD\n", 4); - Curl_debug(data, CURLINFO_HEADER_IN, tmp, strlen(tmp)); - - /* this sends an FTP-like "header" to the header callback so that the - current directory can be read very similar to how it is read when - using ordinary FTP. */ - result = Curl_client_write(data, CLIENTWRITE_HEADER, tmp, strlen(tmp)); - free(tmp); - if(result) { - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = result; - } - else - state(data, SSH_SFTP_NEXT_QUOTE); - break; - } - - /* - * the arguments following the command must be separated from the - * command with a space so we can check for it unconditionally - */ - cp = strchr(cmd, ' '); - if(!cp) { - failf(data, "Syntax error command '%s', missing parameter", - cmd); - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = CURLE_QUOTE_ERROR; - break; - } - - /* - * also, every command takes at least one argument so we get that - * first argument right now - */ - result = Curl_get_pathname(&cp, &sshc->quote_path1, sshc->homedir); + /* Send quote commands */ + result = sftp_quote(data, sshc, sshp); if(result) { - if(result == CURLE_OUT_OF_MEMORY) - failf(data, "Out of memory"); - else - failf(data, "Syntax error: Bad first parameter to '%s'", cmd); state(data, SSH_SFTP_CLOSE); sshc->nextstate = SSH_NO_STATE; sshc->actualcode = result; - break; } - - /* - * SFTP is a binary protocol, so we do not send text commands - * to the server. Instead, we scan for commands used by - * OpenSSH's sftp program and call the appropriate libssh2 - * functions. - */ - if(strncasecompare(cmd, "chgrp ", 6) || - strncasecompare(cmd, "chmod ", 6) || - strncasecompare(cmd, "chown ", 6) || - strncasecompare(cmd, "atime ", 6) || - strncasecompare(cmd, "mtime ", 6)) { - /* attribute change */ - - /* sshc->quote_path1 contains the mode to set */ - /* get the destination */ - result = Curl_get_pathname(&cp, &sshc->quote_path2, sshc->homedir); - if(result) { - if(result == CURLE_OUT_OF_MEMORY) - failf(data, "Out of memory"); - else - failf(data, "Syntax error in %s: Bad second parameter", cmd); - Curl_safefree(sshc->quote_path1); - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = result; - break; - } - memset(&sshp->quote_attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); - state(data, SSH_SFTP_QUOTE_STAT); - break; - } - if(strncasecompare(cmd, "ln ", 3) || - strncasecompare(cmd, "symlink ", 8)) { - /* symbolic linking */ - /* sshc->quote_path1 is the source */ - /* get the destination */ - result = Curl_get_pathname(&cp, &sshc->quote_path2, sshc->homedir); - if(result) { - if(result == CURLE_OUT_OF_MEMORY) - failf(data, "Out of memory"); - else - failf(data, - "Syntax error in ln/symlink: Bad second parameter"); - Curl_safefree(sshc->quote_path1); - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = result; - break; - } - state(data, SSH_SFTP_QUOTE_SYMLINK); - break; - } - else if(strncasecompare(cmd, "mkdir ", 6)) { - /* create dir */ - state(data, SSH_SFTP_QUOTE_MKDIR); - break; - } - else if(strncasecompare(cmd, "rename ", 7)) { - /* rename file */ - /* first param is the source path */ - /* second param is the dest. path */ - result = Curl_get_pathname(&cp, &sshc->quote_path2, sshc->homedir); - if(result) { - if(result == CURLE_OUT_OF_MEMORY) - failf(data, "Out of memory"); - else - failf(data, "Syntax error in rename: Bad second parameter"); - Curl_safefree(sshc->quote_path1); - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = result; - break; - } - state(data, SSH_SFTP_QUOTE_RENAME); - break; - } - else if(strncasecompare(cmd, "rmdir ", 6)) { - /* delete dir */ - state(data, SSH_SFTP_QUOTE_RMDIR); - break; - } - else if(strncasecompare(cmd, "rm ", 3)) { - state(data, SSH_SFTP_QUOTE_UNLINK); - break; - } -#ifdef HAS_STATVFS_SUPPORT - else if(strncasecompare(cmd, "statvfs ", 8)) { - state(data, SSH_SFTP_QUOTE_STATVFS); - break; - } -#endif - - failf(data, "Unknown SFTP command"); - Curl_safefree(sshc->quote_path1); - Curl_safefree(sshc->quote_path2); - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = CURLE_QUOTE_ERROR; break; - } case SSH_SFTP_NEXT_QUOTE: Curl_safefree(sshc->quote_path1); @@ -1692,125 +2150,13 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; case SSH_SFTP_QUOTE_STAT: - { - char *cmd = sshc->quote_item->data; - sshc->acceptfail = FALSE; - - /* if a command starts with an asterisk, which a legal SFTP command never - can, the command will be allowed to fail without it causing any - aborts or cancels etc. It will cause libcurl to act as if the command - is successful, whatever the server responds. */ - - if(cmd[0] == '*') { - cmd++; - sshc->acceptfail = TRUE; - } - - if(!strncasecompare(cmd, "chmod", 5)) { - /* Since chown and chgrp only set owner OR group but libssh2 wants to - * set them both at once, we need to obtain the current ownership - * first. This takes an extra protocol round trip. - */ - rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshc->quote_path2, - curlx_uztoui(strlen(sshc->quote_path2)), - LIBSSH2_SFTP_STAT, - &sshp->quote_attrs); - if(rc == LIBSSH2_ERROR_EAGAIN) { - break; - } - if(rc && !sshc->acceptfail) { /* get those attributes */ - sftperr = libssh2_sftp_last_error(sshc->sftp_session); - Curl_safefree(sshc->quote_path1); - Curl_safefree(sshc->quote_path2); - failf(data, "Attempt to get SFTP stats failed: %s", - sftp_libssh2_strerror(sftperr)); - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = CURLE_QUOTE_ERROR; - break; - } - } - - /* Now set the new attributes... */ - if(strncasecompare(cmd, "chgrp", 5)) { - sshp->quote_attrs.gid = strtoul(sshc->quote_path1, NULL, 10); - sshp->quote_attrs.flags = LIBSSH2_SFTP_ATTR_UIDGID; - if(sshp->quote_attrs.gid == 0 && !ISDIGIT(sshc->quote_path1[0]) && - !sshc->acceptfail) { - Curl_safefree(sshc->quote_path1); - Curl_safefree(sshc->quote_path2); - failf(data, "Syntax error: chgrp gid not a number"); - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = CURLE_QUOTE_ERROR; - break; - } - } - else if(strncasecompare(cmd, "chmod", 5)) { - sshp->quote_attrs.permissions = strtoul(sshc->quote_path1, NULL, 8); - sshp->quote_attrs.flags = LIBSSH2_SFTP_ATTR_PERMISSIONS; - /* permissions are octal */ - if(sshp->quote_attrs.permissions == 0 && - !ISDIGIT(sshc->quote_path1[0])) { - Curl_safefree(sshc->quote_path1); - Curl_safefree(sshc->quote_path2); - failf(data, "Syntax error: chmod permissions not a number"); - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = CURLE_QUOTE_ERROR; - break; - } - } - else if(strncasecompare(cmd, "chown", 5)) { - sshp->quote_attrs.uid = strtoul(sshc->quote_path1, NULL, 10); - sshp->quote_attrs.flags = LIBSSH2_SFTP_ATTR_UIDGID; - if(sshp->quote_attrs.uid == 0 && !ISDIGIT(sshc->quote_path1[0]) && - !sshc->acceptfail) { - Curl_safefree(sshc->quote_path1); - Curl_safefree(sshc->quote_path2); - failf(data, "Syntax error: chown uid not a number"); - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = CURLE_QUOTE_ERROR; - break; - } - } - else if(strncasecompare(cmd, "atime", 5) || - strncasecompare(cmd, "mtime", 5)) { - time_t date = Curl_getdate_capped(sshc->quote_path1); - bool fail = FALSE; - - if(date == -1) { - failf(data, "incorrect date format for %.*s", 5, cmd); - fail = TRUE; - } -#if SIZEOF_TIME_T > SIZEOF_LONG - if(date > 0xffffffff) { - /* if 'long' cannot old >32bit, this date cannot be sent */ - failf(data, "date overflow"); - fail = TRUE; - } -#endif - if(fail) { - Curl_safefree(sshc->quote_path1); - Curl_safefree(sshc->quote_path2); - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = CURLE_QUOTE_ERROR; - break; - } - if(strncasecompare(cmd, "atime", 5)) - sshp->quote_attrs.atime = (unsigned long)date; - else /* mtime */ - sshp->quote_attrs.mtime = (unsigned long)date; - - sshp->quote_attrs.flags = LIBSSH2_SFTP_ATTR_ACMODTIME; + result = sftp_quote_stat(data, sshc, sshp, block); + if(result) { + state(data, SSH_SFTP_CLOSE); + sshc->nextstate = SSH_NO_STATE; + sshc->actualcode = result; } - - /* Now send the completed structure... */ - state(data, SSH_SFTP_QUOTE_SETSTAT); break; - } case SSH_SFTP_QUOTE_SETSTAT: rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshc->quote_path2, @@ -1821,7 +2167,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; } if(rc && !sshc->acceptfail) { - sftperr = libssh2_sftp_last_error(sshc->sftp_session); + unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session); Curl_safefree(sshc->quote_path1); Curl_safefree(sshc->quote_path2); failf(data, "Attempt to set SFTP stats failed: %s", @@ -1844,7 +2190,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; } if(rc && !sshc->acceptfail) { - sftperr = libssh2_sftp_last_error(sshc->sftp_session); + unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session); Curl_safefree(sshc->quote_path1); Curl_safefree(sshc->quote_path2); failf(data, "symlink command failed: %s", @@ -1865,7 +2211,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; } if(rc && !sshc->acceptfail) { - sftperr = libssh2_sftp_last_error(sshc->sftp_session); + unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session); Curl_safefree(sshc->quote_path1); failf(data, "mkdir command failed: %s", sftp_libssh2_strerror(sftperr)); @@ -1890,7 +2236,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; } if(rc && !sshc->acceptfail) { - sftperr = libssh2_sftp_last_error(sshc->sftp_session); + unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session); Curl_safefree(sshc->quote_path1); Curl_safefree(sshc->quote_path2); failf(data, "rename command failed: %s", @@ -1910,7 +2256,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; } if(rc && !sshc->acceptfail) { - sftperr = libssh2_sftp_last_error(sshc->sftp_session); + unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session); Curl_safefree(sshc->quote_path1); failf(data, "rmdir command failed: %s", sftp_libssh2_strerror(sftperr)); @@ -1929,7 +2275,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; } if(rc && !sshc->acceptfail) { - sftperr = libssh2_sftp_last_error(sshc->sftp_session); + unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session); Curl_safefree(sshc->quote_path1); failf(data, "rm command failed: %s", sftp_libssh2_strerror(sftperr)); state(data, SSH_SFTP_CLOSE); @@ -1952,7 +2298,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; } if(rc && !sshc->acceptfail) { - sftperr = libssh2_sftp_last_error(sshc->sftp_session); + unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session); Curl_safefree(sshc->quote_path1); failf(data, "statvfs command failed: %s", sftp_libssh2_strerror(sftperr)); @@ -1962,11 +2308,11 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; } else if(rc == 0) { - #ifdef _MSC_VER - #define CURL_LIBSSH2_VFS_SIZE_MASK "I64u" - #else - #define CURL_LIBSSH2_VFS_SIZE_MASK "llu" - #endif +#ifdef _MSC_VER +#define CURL_LIBSSH2_VFS_SIZE_MASK "I64u" +#else +#define CURL_LIBSSH2_VFS_SIZE_MASK "llu" +#endif char *tmp = aprintf("statvfs:\n" "f_bsize: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n" "f_frsize: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n" @@ -2045,188 +2391,13 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; case SSH_SFTP_UPLOAD_INIT: - { - unsigned long flags; - /* - * NOTE!!! libssh2 requires that the destination path is a full path - * that includes the destination file and name OR ends in a "/" - * If this is not done the destination file will be named the - * same name as the last directory in the path. - */ - - if(data->state.resume_from) { - LIBSSH2_SFTP_ATTRIBUTES attrs; - if(data->state.resume_from < 0) { - rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshp->path, - curlx_uztoui(strlen(sshp->path)), - LIBSSH2_SFTP_STAT, &attrs); - if(rc == LIBSSH2_ERROR_EAGAIN) { - break; - } - if(rc) { - data->state.resume_from = 0; - } - else { - curl_off_t size = attrs.filesize; - if(size < 0) { - failf(data, "Bad file size (%" CURL_FORMAT_CURL_OFF_T ")", size); - return CURLE_BAD_DOWNLOAD_RESUME; - } - data->state.resume_from = attrs.filesize; - } - } - } - - if(data->set.remote_append) - /* Try to open for append, but create if nonexisting */ - flags = LIBSSH2_FXF_WRITE|LIBSSH2_FXF_CREAT|LIBSSH2_FXF_APPEND; - else if(data->state.resume_from > 0) - /* If we have restart position then open for append */ - flags = LIBSSH2_FXF_WRITE|LIBSSH2_FXF_APPEND; - else - /* Clear file before writing (normal behavior) */ - flags = LIBSSH2_FXF_WRITE|LIBSSH2_FXF_CREAT|LIBSSH2_FXF_TRUNC; - - sshc->sftp_handle = - libssh2_sftp_open_ex(sshc->sftp_session, sshp->path, - curlx_uztoui(strlen(sshp->path)), - flags, (long)data->set.new_file_perms, - LIBSSH2_SFTP_OPENFILE); - - if(!sshc->sftp_handle) { - rc = libssh2_session_last_errno(sshc->ssh_session); - - if(LIBSSH2_ERROR_EAGAIN == rc) - break; - - if(LIBSSH2_ERROR_SFTP_PROTOCOL == rc) - /* only when there was an SFTP protocol error can we extract - the sftp error! */ - sftperr = libssh2_sftp_last_error(sshc->sftp_session); - else - sftperr = LIBSSH2_FX_OK; /* not an sftp error at all */ - - if(sshc->secondCreateDirs) { - state(data, SSH_SFTP_CLOSE); - sshc->actualcode = sftperr != LIBSSH2_FX_OK ? - sftp_libssh2_error_to_CURLE(sftperr):CURLE_SSH; - failf(data, "Creating the dir/file failed: %s", - sftp_libssh2_strerror(sftperr)); - break; - } - if(((sftperr == LIBSSH2_FX_NO_SUCH_FILE) || - (sftperr == LIBSSH2_FX_FAILURE) || - (sftperr == LIBSSH2_FX_NO_SUCH_PATH)) && - (data->set.ftp_create_missing_dirs && - (strlen(sshp->path) > 1))) { - /* try to create the path remotely */ - rc = 0; /* clear rc and continue */ - sshc->secondCreateDirs = 1; - state(data, SSH_SFTP_CREATE_DIRS_INIT); - break; - } - state(data, SSH_SFTP_CLOSE); - sshc->actualcode = sftperr != LIBSSH2_FX_OK ? - sftp_libssh2_error_to_CURLE(sftperr):CURLE_SSH; - if(!sshc->actualcode) { - /* Sometimes, for some reason libssh2_sftp_last_error() returns zero - even though libssh2_sftp_open() failed previously! We need to - work around that! */ - sshc->actualcode = CURLE_SSH; - sftperr = LIBSSH2_FX_OK; - } - failf(data, "Upload failed: %s (%lu/%d)", - sftperr != LIBSSH2_FX_OK ? - sftp_libssh2_strerror(sftperr):"ssh error", - sftperr, rc); - break; - } - - /* If we have a restart point then we need to seek to the correct - position. */ - if(data->state.resume_from > 0) { - /* Let's read off the proper amount of bytes from the input. */ - if(data->set.seek_func) { - Curl_set_in_callback(data, true); - seekerr = data->set.seek_func(data->set.seek_client, - data->state.resume_from, SEEK_SET); - Curl_set_in_callback(data, false); - } - - if(seekerr != CURL_SEEKFUNC_OK) { - curl_off_t passed = 0; - - if(seekerr != CURL_SEEKFUNC_CANTSEEK) { - failf(data, "Could not seek stream"); - return CURLE_FTP_COULDNT_USE_REST; - } - /* seekerr == CURL_SEEKFUNC_CANTSEEK (cannot seek to offset) */ - do { - char scratch[4*1024]; - size_t readthisamountnow = - (data->state.resume_from - passed > - (curl_off_t)sizeof(scratch)) ? - sizeof(scratch) : curlx_sotouz(data->state.resume_from - passed); - - size_t actuallyread; - Curl_set_in_callback(data, true); - actuallyread = data->state.fread_func(scratch, 1, - readthisamountnow, - data->state.in); - Curl_set_in_callback(data, false); - - passed += actuallyread; - if((actuallyread == 0) || (actuallyread > readthisamountnow)) { - /* this checks for greater-than only to make sure that the - CURL_READFUNC_ABORT return code still aborts */ - failf(data, "Failed to read data"); - return CURLE_FTP_COULDNT_USE_REST; - } - } while(passed < data->state.resume_from); - } - - /* now, decrease the size of the read */ - if(data->state.infilesize > 0) { - data->state.infilesize -= data->state.resume_from; - data->req.size = data->state.infilesize; - Curl_pgrsSetUploadSize(data, data->state.infilesize); - } - - SFTP_SEEK(sshc->sftp_handle, data->state.resume_from); - } - if(data->state.infilesize > 0) { - data->req.size = data->state.infilesize; - Curl_pgrsSetUploadSize(data, data->state.infilesize); - } - /* upload data */ - Curl_xfer_setup1(data, CURL_XFER_SEND, -1, FALSE); - - /* not set by Curl_xfer_setup to preserve keepon bits */ - conn->sockfd = conn->writesockfd; - + result = sftp_upload_init(data, sshc, sshp, block); if(result) { state(data, SSH_SFTP_CLOSE); + sshc->nextstate = SSH_NO_STATE; sshc->actualcode = result; } - else { - /* store this original bitmask setup to use later on if we cannot - figure out a "real" bitmask */ - sshc->orig_waitfor = data->req.keepon; - - /* we want to use the _sending_ function even when the socket turns - out readable as the underlying libssh2 sftp send function will deal - with both accordingly */ - data->state.select_bits = CURL_CSELECT_OUT; - - /* since we do not really wait for anything at this point, we want the - state machine to move on as soon as possible so we set a very short - timeout here */ - Curl_expire(data, 0, EXPIRE_RUN_NOW); - - state(data, SSH_STOP); - } break; - } case SSH_SFTP_CREATE_DIRS_INIT: if(strlen(sshp->path) > 1) { @@ -2266,13 +2437,13 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) * permission was denied (creation might succeed further down the * path) - retry on unspecific FAILURE also */ - sftperr = libssh2_sftp_last_error(sshc->sftp_session); + unsigned long sftperr = libssh2_sftp_last_error(sshc->sftp_session); if((sftperr != LIBSSH2_FX_FILE_ALREADY_EXISTS) && (sftperr != LIBSSH2_FX_FAILURE) && (sftperr != LIBSSH2_FX_PERMISSION_DENIED)) { result = sftp_libssh2_error_to_CURLE(sftperr); state(data, SSH_SFTP_CLOSE); - sshc->actualcode = result?result:CURLE_SSH; + sshc->actualcode = result ? result : CURLE_SSH; break; } rc = 0; /* clear rc and continue */ @@ -2291,12 +2462,12 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) * This is a directory that we are trying to get, so produce a directory * listing */ - sshc->sftp_handle = libssh2_sftp_open_ex(sshc->sftp_session, - sshp->path, - curlx_uztoui( - strlen(sshp->path)), - 0, 0, LIBSSH2_SFTP_OPENDIR); + sshc->sftp_handle = + libssh2_sftp_open_ex(sshc->sftp_session, sshp->path, + curlx_uztoui(strlen(sshp->path)), + 0, 0, LIBSSH2_SFTP_OPENDIR); if(!sshc->sftp_handle) { + unsigned long sftperr; if(libssh2_session_last_errno(sshc->ssh_session) == LIBSSH2_ERROR_EAGAIN) { rc = LIBSSH2_ERROR_EAGAIN; @@ -2307,94 +2478,18 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) sftp_libssh2_strerror(sftperr)); state(data, SSH_SFTP_CLOSE); result = sftp_libssh2_error_to_CURLE(sftperr); - sshc->actualcode = result?result:CURLE_SSH; - break; - } - sshp->readdir_filename = malloc(PATH_MAX + 1); - if(!sshp->readdir_filename) { - state(data, SSH_SFTP_CLOSE); - sshc->actualcode = CURLE_OUT_OF_MEMORY; + sshc->actualcode = result ? result : CURLE_SSH; break; } - sshp->readdir_longentry = malloc(PATH_MAX + 1); - if(!sshp->readdir_longentry) { - Curl_safefree(sshp->readdir_filename); - state(data, SSH_SFTP_CLOSE); - sshc->actualcode = CURLE_OUT_OF_MEMORY; - break; - } - Curl_dyn_init(&sshp->readdir, PATH_MAX * 2); + Curl_dyn_init(&sshp->readdir, CURL_PATH_MAX * 2); state(data, SSH_SFTP_READDIR); break; case SSH_SFTP_READDIR: - rc = libssh2_sftp_readdir_ex(sshc->sftp_handle, - sshp->readdir_filename, - PATH_MAX, - sshp->readdir_longentry, - PATH_MAX, - &sshp->readdir_attrs); - if(rc == LIBSSH2_ERROR_EAGAIN) { - break; - } - if(rc > 0) { - readdir_len = (size_t) rc; - sshp->readdir_filename[readdir_len] = '\0'; - - if(data->set.list_only) { - result = Curl_client_write(data, CLIENTWRITE_BODY, - sshp->readdir_filename, - readdir_len); - if(!result) - result = Curl_client_write(data, CLIENTWRITE_BODY, - (char *)"\n", 1); - if(result) { - state(data, SSH_STOP); - break; - } - - } - else { - result = Curl_dyn_add(&sshp->readdir, sshp->readdir_longentry); - - if(!result) { - if((sshp->readdir_attrs.flags & LIBSSH2_SFTP_ATTR_PERMISSIONS) && - ((sshp->readdir_attrs.permissions & LIBSSH2_SFTP_S_IFMT) == - LIBSSH2_SFTP_S_IFLNK)) { - Curl_dyn_init(&sshp->readdir_link, PATH_MAX); - result = Curl_dyn_addf(&sshp->readdir_link, "%s%s", sshp->path, - sshp->readdir_filename); - state(data, SSH_SFTP_READDIR_LINK); - if(!result) - break; - } - else { - state(data, SSH_SFTP_READDIR_BOTTOM); - break; - } - } - sshc->actualcode = result; - state(data, SSH_SFTP_CLOSE); - break; - } - } - else if(rc == 0) { - Curl_safefree(sshp->readdir_filename); - Curl_safefree(sshp->readdir_longentry); - state(data, SSH_SFTP_READDIR_DONE); - break; - } - else if(rc < 0) { - sftperr = libssh2_sftp_last_error(sshc->sftp_session); - result = sftp_libssh2_error_to_CURLE(sftperr); - sshc->actualcode = result?result:CURLE_SSH; - failf(data, "Could not open remote file for reading: %s :: %d", - sftp_libssh2_strerror(sftperr), - libssh2_session_last_errno(sshc->ssh_session)); - Curl_safefree(sshp->readdir_filename); - Curl_safefree(sshp->readdir_longentry); + result = sftp_readdir(data, sshc, sshp, block); + if(result) { + sshc->actualcode = result; state(data, SSH_SFTP_CLOSE); - break; } break; @@ -2405,7 +2500,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) (unsigned int) Curl_dyn_len(&sshp->readdir_link), sshp->readdir_filename, - PATH_MAX, LIBSSH2_SFTP_READLINK); + CURL_PATH_MAX, LIBSSH2_SFTP_READLINK); if(rc == LIBSSH2_ERROR_EAGAIN) { break; } @@ -2415,8 +2510,6 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) result = Curl_dyn_addf(&sshp->readdir, " -> %s", sshp->readdir_filename); if(result) { - Curl_safefree(sshp->readdir_filename); - Curl_safefree(sshp->readdir_longentry); state(data, SSH_SFTP_CLOSE); sshc->actualcode = result; break; @@ -2449,8 +2542,6 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; } sshc->sftp_handle = NULL; - Curl_safefree(sshp->readdir_filename); - Curl_safefree(sshp->readdir_longentry); /* no data to transfer */ Curl_xfer_setup_nop(data); @@ -2467,6 +2558,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) LIBSSH2_FXF_READ, (long)data->set.new_file_perms, LIBSSH2_SFTP_OPENFILE); if(!sshc->sftp_handle) { + unsigned long sftperr; if(libssh2_session_last_errno(sshc->ssh_session) == LIBSSH2_ERROR_EAGAIN) { rc = LIBSSH2_ERROR_EAGAIN; @@ -2477,149 +2569,20 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) sftp_libssh2_strerror(sftperr)); state(data, SSH_SFTP_CLOSE); result = sftp_libssh2_error_to_CURLE(sftperr); - sshc->actualcode = result?result:CURLE_SSH; + sshc->actualcode = result ? result : CURLE_SSH; break; } state(data, SSH_SFTP_DOWNLOAD_STAT); break; case SSH_SFTP_DOWNLOAD_STAT: - { - LIBSSH2_SFTP_ATTRIBUTES attrs; - - rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshp->path, - curlx_uztoui(strlen(sshp->path)), - LIBSSH2_SFTP_STAT, &attrs); - if(rc == LIBSSH2_ERROR_EAGAIN) { - break; - } - if(rc || - !(attrs.flags & LIBSSH2_SFTP_ATTR_SIZE) || - (attrs.filesize == 0)) { - /* - * libssh2_sftp_open() did not return an error, so maybe the server - * just does not support stat() - * OR the server does not return a file size with a stat() - * OR file size is 0 - */ - data->req.size = -1; - data->req.maxdownload = -1; - Curl_pgrsSetDownloadSize(data, -1); - } - else { - curl_off_t size = attrs.filesize; - - if(size < 0) { - failf(data, "Bad file size (%" CURL_FORMAT_CURL_OFF_T ")", size); - return CURLE_BAD_DOWNLOAD_RESUME; - } - if(data->state.use_range) { - curl_off_t from, to; - char *ptr; - char *ptr2; - CURLofft to_t; - CURLofft from_t; - - from_t = curlx_strtoofft(data->state.range, &ptr, 10, &from); - if(from_t == CURL_OFFT_FLOW) - return CURLE_RANGE_ERROR; - while(*ptr && (ISBLANK(*ptr) || (*ptr == '-'))) - ptr++; - to_t = curlx_strtoofft(ptr, &ptr2, 10, &to); - if(to_t == CURL_OFFT_FLOW) - return CURLE_RANGE_ERROR; - if((to_t == CURL_OFFT_INVAL) /* no "to" value given */ - || (to >= size)) { - to = size - 1; - } - if(from_t) { - /* from is relative to end of file */ - from = size - to; - to = size - 1; - } - if(from > size) { - failf(data, "Offset (%" - CURL_FORMAT_CURL_OFF_T ") was beyond file size (%" - CURL_FORMAT_CURL_OFF_T ")", from, - (curl_off_t)attrs.filesize); - return CURLE_BAD_DOWNLOAD_RESUME; - } - if(from > to) { - from = to; - size = 0; - } - else { - if((to - from) == CURL_OFF_T_MAX) - return CURLE_RANGE_ERROR; - size = to - from + 1; - } - - SFTP_SEEK(sshc->sftp_handle, from); - } - data->req.size = size; - data->req.maxdownload = size; - Curl_pgrsSetDownloadSize(data, size); - } - - /* We can resume if we can seek to the resume position */ - if(data->state.resume_from) { - if(data->state.resume_from < 0) { - /* We are supposed to download the last abs(from) bytes */ - if((curl_off_t)attrs.filesize < -data->state.resume_from) { - failf(data, "Offset (%" - CURL_FORMAT_CURL_OFF_T ") was beyond file size (%" - CURL_FORMAT_CURL_OFF_T ")", - data->state.resume_from, (curl_off_t)attrs.filesize); - return CURLE_BAD_DOWNLOAD_RESUME; - } - /* download from where? */ - data->state.resume_from += attrs.filesize; - } - else { - if((curl_off_t)attrs.filesize < data->state.resume_from) { - failf(data, "Offset (%" CURL_FORMAT_CURL_OFF_T - ") was beyond file size (%" CURL_FORMAT_CURL_OFF_T ")", - data->state.resume_from, (curl_off_t)attrs.filesize); - return CURLE_BAD_DOWNLOAD_RESUME; - } - } - /* Now store the number of bytes we are expected to download */ - data->req.size = attrs.filesize - data->state.resume_from; - data->req.maxdownload = attrs.filesize - data->state.resume_from; - Curl_pgrsSetDownloadSize(data, - attrs.filesize - data->state.resume_from); - SFTP_SEEK(sshc->sftp_handle, data->state.resume_from); + result = sftp_download_stat(data, sshc, sshp, block); + if(result) { + state(data, SSH_SFTP_CLOSE); + sshc->nextstate = SSH_NO_STATE; + sshc->actualcode = result; } - } - - /* Setup the actual download */ - if(data->req.size == 0) { - /* no data to transfer */ - Curl_xfer_setup_nop(data); - infof(data, "File already completely downloaded"); - state(data, SSH_STOP); break; - } - Curl_xfer_setup1(data, CURL_XFER_RECV, data->req.size, FALSE); - - /* not set by Curl_xfer_setup to preserve keepon bits */ - conn->writesockfd = conn->sockfd; - - /* we want to use the _receiving_ function even when the socket turns - out writableable as the underlying libssh2 recv function will deal - with both accordingly */ - data->state.select_bits = CURL_CSELECT_IN; - - if(result) { - /* this should never occur; the close state should be entered - at the time the error occurs */ - state(data, SSH_SFTP_CLOSE); - sshc->actualcode = result; - } - else { - state(data, SSH_STOP); - } - break; case SSH_SFTP_CLOSE: if(sshc->sftp_handle) { @@ -3084,8 +3047,8 @@ static void ssh_block2waitfor(struct Curl_easy *data, bool block) dir = libssh2_session_block_directions(sshc->ssh_session); if(dir) { /* translate the libssh2 define bits into our own bit defines */ - conn->waitfor = ((dir&LIBSSH2_SESSION_BLOCK_INBOUND)?KEEP_RECV:0) | - ((dir&LIBSSH2_SESSION_BLOCK_OUTBOUND)?KEEP_SEND:0); + conn->waitfor = ((dir&LIBSSH2_SESSION_BLOCK_INBOUND) ? KEEP_RECV : 0) | + ((dir&LIBSSH2_SESSION_BLOCK_OUTBOUND) ? KEEP_SEND : 0); } } if(!dir) @@ -3103,8 +3066,8 @@ static CURLcode ssh_multi_statemach(struct Curl_easy *data, bool *done) bool block; /* we store the status and use that to provide a ssh_getsock() implementation */ do { - result = ssh_statemach_act(data, &block); - *done = (sshc->state == SSH_STOP) ? TRUE : FALSE; + result = ssh_statemachine(data, &block); + *done = (sshc->state == SSH_STOP); /* if there is no error, it is not done and it did not EWOULDBLOCK, then try again */ } while(!result && !*done && !block); @@ -3126,7 +3089,7 @@ static CURLcode ssh_block_statemach(struct Curl_easy *data, timediff_t left = 1000; struct curltime now = Curl_now(); - result = ssh_statemach_act(data, &block); + result = ssh_statemachine(data, &block); if(result) break; @@ -3162,7 +3125,7 @@ static CURLcode ssh_block_statemach(struct Curl_easy *data, fd_write = sock; /* wait for the socket to become ready */ (void)Curl_socket_check(fd_read, CURL_SOCKET_BAD, fd_write, - left>1000?1000:left); + left > 1000 ? 1000 : left); } } @@ -3229,7 +3192,7 @@ static ssize_t ssh_tls_send(libssh2_socket_t sock, const void *buffer, /* swap in the TLS writer function for this call only, and then swap back the SSH one again */ conn->send[0] = ssh->tls_send; - result = Curl_conn_send(data, socknum, buffer, length, &nwrite); + result = Curl_conn_send(data, socknum, buffer, length, FALSE, &nwrite); conn->send[0] = backup; if(result == CURLE_AGAIN) return -EAGAIN; /* magic return code for libssh2 */ @@ -3455,7 +3418,7 @@ static CURLcode scp_doing(struct Curl_easy *data, static CURLcode ssh_do(struct Curl_easy *data, bool *done) { CURLcode result; - bool connected = 0; + bool connected = FALSE; struct connectdata *conn = data->conn; struct ssh_conn *sshc = &conn->proto.sshc; @@ -3515,8 +3478,6 @@ static CURLcode ssh_done(struct Curl_easy *data, CURLcode status) result = status; Curl_safefree(sshp->path); - Curl_safefree(sshp->readdir_filename); - Curl_safefree(sshp->readdir_longentry); Curl_dyn_free(&sshp->readdir); if(Curl_pgrsDone(data)) @@ -3540,17 +3501,18 @@ static CURLcode scp_done(struct Curl_easy *data, CURLcode status, } static ssize_t scp_send(struct Curl_easy *data, int sockindex, - const void *mem, size_t len, CURLcode *err) + const void *mem, size_t len, bool eos, CURLcode *err) { ssize_t nwrite; struct connectdata *conn = data->conn; struct ssh_conn *sshc = &conn->proto.sshc; (void)sockindex; /* we only support SCP on the fixed known primary socket */ + (void)eos; /* libssh2_channel_write() returns int! */ nwrite = (ssize_t) libssh2_channel_write(sshc->ssh_channel, mem, len); - ssh_block2waitfor(data, (nwrite == LIBSSH2_ERROR_EAGAIN)?TRUE:FALSE); + ssh_block2waitfor(data, (nwrite == LIBSSH2_ERROR_EAGAIN)); if(nwrite == LIBSSH2_ERROR_EAGAIN) { *err = CURLE_AGAIN; @@ -3575,7 +3537,7 @@ static ssize_t scp_recv(struct Curl_easy *data, int sockindex, /* libssh2_channel_read() returns int */ nread = (ssize_t) libssh2_channel_read(sshc->ssh_channel, mem, len); - ssh_block2waitfor(data, (nread == LIBSSH2_ERROR_EAGAIN)?TRUE:FALSE); + ssh_block2waitfor(data, (nread == LIBSSH2_ERROR_EAGAIN)); if(nread == LIBSSH2_ERROR_EAGAIN) { *err = CURLE_AGAIN; nread = -1; @@ -3678,16 +3640,17 @@ static CURLcode sftp_done(struct Curl_easy *data, CURLcode status, /* return number of sent bytes */ static ssize_t sftp_send(struct Curl_easy *data, int sockindex, - const void *mem, size_t len, CURLcode *err) + const void *mem, size_t len, bool eos, CURLcode *err) { ssize_t nwrite; struct connectdata *conn = data->conn; struct ssh_conn *sshc = &conn->proto.sshc; (void)sockindex; + (void)eos; nwrite = libssh2_sftp_write(sshc->sftp_handle, mem, len); - ssh_block2waitfor(data, (nwrite == LIBSSH2_ERROR_EAGAIN)?TRUE:FALSE); + ssh_block2waitfor(data, (nwrite == LIBSSH2_ERROR_EAGAIN)); if(nwrite == LIBSSH2_ERROR_EAGAIN) { *err = CURLE_AGAIN; @@ -3715,7 +3678,7 @@ static ssize_t sftp_recv(struct Curl_easy *data, int sockindex, nread = libssh2_sftp_read(sshc->sftp_handle, mem, len); - ssh_block2waitfor(data, (nread == LIBSSH2_ERROR_EAGAIN)?TRUE:FALSE); + ssh_block2waitfor(data, (nread == LIBSSH2_ERROR_EAGAIN)); if(nread == LIBSSH2_ERROR_EAGAIN) { *err = CURLE_AGAIN; diff --git a/libraries/libcurl/vssh/ssh.h b/libraries/libcurl/vssh/ssh.h index 64ef3329..f2d42a3d 100644 --- a/libraries/libcurl/vssh/ssh.h +++ b/libraries/libcurl/vssh/ssh.h @@ -30,6 +30,8 @@ #include #include #elif defined(USE_LIBSSH) +/* in 0.10.0 or later, ignore deprecated warnings */ +#define SSH_SUPPRESS_DEPRECATED #include #include #elif defined(USE_WOLFSSH) @@ -37,6 +39,8 @@ #include #endif +#include "curl_path.h" + /**************************************************************************** * SSH unique setup ***************************************************************************/ @@ -107,6 +111,8 @@ typedef enum { SSH_LAST /* never used */ } sshstate; +#define CURL_PATH_MAX 1024 + /* this struct is used in the HandleData struct which is part of the Curl_easy, which means this is used on a per-easy handle basis. Everything that is strictly related to a connection is banned from this @@ -116,8 +122,8 @@ struct SSHPROTO { #ifdef USE_LIBSSH2 struct dynbuf readdir_link; struct dynbuf readdir; - char *readdir_filename; - char *readdir_longentry; + char readdir_filename[CURL_PATH_MAX + 1]; + char readdir_longentry[CURL_PATH_MAX + 1]; LIBSSH2_SFTP_ATTRIBUTES quote_attrs; /* used by the SFTP_QUOTE state */ diff --git a/libraries/libcurl/vssh/wolfssh.c b/libraries/libcurl/vssh/wolfssh.c index 1ed24fe4..54008211 100644 --- a/libraries/libcurl/vssh/wolfssh.c +++ b/libraries/libcurl/vssh/wolfssh.c @@ -28,8 +28,6 @@ #include -#include -#include #include "urldata.h" #include "cfilters.h" #include "connect.h" @@ -220,13 +218,15 @@ static void state(struct Curl_easy *data, sshstate nowstate) } static ssize_t wscp_send(struct Curl_easy *data, int sockindex, - const void *mem, size_t len, CURLcode *err) + const void *mem, size_t len, bool eos, + CURLcode *err) { ssize_t nwrite = 0; (void)data; (void)sockindex; /* we only support SCP on the fixed known primary socket */ (void)mem; (void)len; + (void)eos; (void)err; return nwrite; @@ -247,16 +247,17 @@ static ssize_t wscp_recv(struct Curl_easy *data, int sockindex, /* return number of sent bytes */ static ssize_t wsftp_send(struct Curl_easy *data, int sockindex, - const void *mem, size_t len, CURLcode *err) + const void *mem, size_t len, bool eos, CURLcode *err) { struct connectdata *conn = data->conn; struct ssh_conn *sshc = &conn->proto.sshc; word32 offset[2]; int rc; (void)sockindex; + (void)eos; - offset[0] = (word32)sshc->offset&0xFFFFFFFF; - offset[1] = (word32)(sshc->offset>>32)&0xFFFFFFFF; + offset[0] = (word32)sshc->offset & 0xFFFFFFFF; + offset[1] = (word32)(sshc->offset >> 32) & 0xFFFFFFFF; rc = wolfSSH_SFTP_SendWritePacket(sshc->ssh_session, sshc->handle, sshc->handleSz, @@ -280,7 +281,7 @@ static ssize_t wsftp_send(struct Curl_easy *data, int sockindex, return -1; } DEBUGASSERT(rc == (int)len); - infof(data, "sent %zu bytes SFTP from offset %" CURL_FORMAT_CURL_OFF_T, + infof(data, "sent %zu bytes SFTP from offset %" FMT_OFF_T, len, sshc->offset); sshc->offset += len; return (ssize_t)rc; @@ -299,8 +300,8 @@ static ssize_t wsftp_recv(struct Curl_easy *data, int sockindex, word32 offset[2]; (void)sockindex; - offset[0] = (word32)sshc->offset&0xFFFFFFFF; - offset[1] = (word32)(sshc->offset>>32)&0xFFFFFFFF; + offset[0] = (word32)sshc->offset & 0xFFFFFFFF; + offset[1] = (word32)(sshc->offset >> 32) & 0xFFFFFFFF; rc = wolfSSH_SFTP_SendReadPacket(sshc->ssh_session, sshc->handle, sshc->handleSz, @@ -577,7 +578,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) else { curl_off_t size = ((curl_off_t)attrs.sz[1] << 32) | attrs.sz[0]; if(size < 0) { - failf(data, "Bad file size (%" CURL_FORMAT_CURL_OFF_T ")", size); + failf(data, "Bad file size (%" FMT_OFF_T ")", size); return CURLE_BAD_DOWNLOAD_RESUME; } data->state.resume_from = size; @@ -628,10 +629,10 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) /* Let's read off the proper amount of bytes from the input. */ int seekerr = CURL_SEEKFUNC_OK; if(data->set.seek_func) { - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); seekerr = data->set.seek_func(data->set.seek_client, data->state.resume_from, SEEK_SET); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); } if(seekerr != CURL_SEEKFUNC_OK) { @@ -650,11 +651,11 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) sizeof(scratch) : curlx_sotouz(data->state.resume_from - passed); size_t actuallyread; - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); actuallyread = data->state.fread_func(scratch, 1, readthisamountnow, data->state.in); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); passed += actuallyread; if((actuallyread == 0) || (actuallyread > readthisamountnow)) { @@ -762,13 +763,13 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) return CURLE_SSH; } - size = ((curl_off_t)attrs.sz[1] <<32) | attrs.sz[0]; + size = ((curl_off_t)attrs.sz[1] << 32) | attrs.sz[0]; data->req.size = size; data->req.maxdownload = size; Curl_pgrsSetDownloadSize(data, size); - infof(data, "SFTP download %" CURL_FORMAT_CURL_OFF_T " bytes", size); + infof(data, "SFTP download %" FMT_OFF_T " bytes", size); /* We cannot seek with wolfSSH so resuming and range requests are not possible */ @@ -907,7 +908,7 @@ static CURLcode wssh_multi_statemach(struct Curl_easy *data, bool *done) implementation */ do { result = wssh_statemach_act(data, &block); - *done = (sshc->state == SSH_STOP) ? TRUE : FALSE; + *done = (sshc->state == SSH_STOP); /* if there is no error, it is not done and it did not EWOULDBLOCK, then try again */ if(*done) { @@ -961,7 +962,7 @@ CURLcode wsftp_perform(struct Curl_easy *data, static CURLcode wssh_do(struct Curl_easy *data, bool *done) { CURLcode result; - bool connected = 0; + bool connected = FALSE; struct connectdata *conn = data->conn; struct ssh_conn *sshc = &conn->proto.sshc; @@ -1027,7 +1028,7 @@ static CURLcode wssh_block_statemach(struct Curl_easy *data, /* wait for the socket to become ready */ (void)Curl_socket_check(fd_read, CURL_SOCKET_BAD, fd_write, - left>1000?1000:left); /* ignore result */ + left > 1000 ? 1000 : left); /* ignore result */ } } diff --git a/libraries/libcurl/vtls/bearssl.c b/libraries/libcurl/vtls/bearssl.c index 47c5528c..53fd4a6b 100644 --- a/libraries/libcurl/vtls/bearssl.c +++ b/libraries/libcurl/vtls/bearssl.c @@ -361,6 +361,56 @@ static const br_x509_class x509_vtable = { x509_get_pkey }; +static CURLcode +bearssl_set_ssl_version_min_max(struct Curl_easy *data, + br_ssl_engine_context *ssl_eng, + struct ssl_primary_config *conn_config) +{ + unsigned version_min, version_max; + + switch(conn_config->version) { + case CURL_SSLVERSION_DEFAULT: + case CURL_SSLVERSION_TLSv1: + case CURL_SSLVERSION_TLSv1_0: + version_min = BR_TLS10; + break; + case CURL_SSLVERSION_TLSv1_1: + version_min = BR_TLS11; + break; + case CURL_SSLVERSION_TLSv1_2: + version_min = BR_TLS12; + break; + case CURL_SSLVERSION_TLSv1_3: + failf(data, "BearSSL: does not support TLS 1.3"); + return CURLE_SSL_CONNECT_ERROR; + default: + failf(data, "BearSSL: unsupported minimum TLS version value"); + return CURLE_SSL_CONNECT_ERROR; + } + + switch(conn_config->version_max) { + case CURL_SSLVERSION_MAX_DEFAULT: + case CURL_SSLVERSION_MAX_NONE: + case CURL_SSLVERSION_MAX_TLSv1_3: + case CURL_SSLVERSION_MAX_TLSv1_2: + version_max = BR_TLS12; + break; + case CURL_SSLVERSION_MAX_TLSv1_1: + version_max = BR_TLS11; + break; + case CURL_SSLVERSION_MAX_TLSv1_0: + version_max = BR_TLS10; + break; + default: + failf(data, "BearSSL: unsupported maximum TLS version value"); + return CURLE_SSL_CONNECT_ERROR; + } + + br_ssl_engine_set_versions(ssl_eng, version_min, version_max); + + return CURLE_OK; +} + static const uint16_t ciphertable[] = { /* RFC 2246 TLS 1.0 */ BR_TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* 0x000A */ @@ -495,41 +545,11 @@ static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf, const bool verifypeer = conn_config->verifypeer; const bool verifyhost = conn_config->verifyhost; CURLcode ret; - unsigned version_min, version_max; int session_set = 0; DEBUGASSERT(backend); CURL_TRC_CF(data, cf, "connect_step1"); - switch(conn_config->version) { - case CURL_SSLVERSION_SSLv2: - failf(data, "BearSSL does not support SSLv2"); - return CURLE_SSL_CONNECT_ERROR; - case CURL_SSLVERSION_SSLv3: - failf(data, "BearSSL does not support SSLv3"); - return CURLE_SSL_CONNECT_ERROR; - case CURL_SSLVERSION_TLSv1_0: - version_min = BR_TLS10; - version_max = BR_TLS10; - break; - case CURL_SSLVERSION_TLSv1_1: - version_min = BR_TLS11; - version_max = BR_TLS11; - break; - case CURL_SSLVERSION_TLSv1_2: - version_min = BR_TLS12; - version_max = BR_TLS12; - break; - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1: - version_min = BR_TLS10; - version_max = BR_TLS12; - break; - default: - failf(data, "BearSSL: unknown CURLOPT_SSLVERSION"); - return CURLE_SSL_CONNECT_ERROR; - } - if(verifypeer) { if(ca_info_blob) { struct cafile_source source; @@ -564,7 +584,11 @@ static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf, /* initialize SSL context */ br_ssl_client_init_full(&backend->ctx, &backend->x509.minimal, backend->anchors, backend->anchors_len); - br_ssl_engine_set_versions(&backend->ctx.eng, version_min, version_max); + + ret = bearssl_set_ssl_version_min_max(data, &backend->ctx.eng, conn_config); + if(ret != CURLE_OK) + return ret; + br_ssl_engine_set_buffer(&backend->ctx.eng, backend->buf, sizeof(backend->buf), 1); @@ -585,11 +609,15 @@ static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf, br_ssl_engine_set_x509(&backend->ctx.eng, &backend->x509.vtable); if(ssl_config->primary.cache_session) { - void *session; + void *sdata; + size_t slen; + const br_ssl_session_parameters *session; CURL_TRC_CF(data, cf, "connect_step1, check session cache"); Curl_ssl_sessionid_lock(data); - if(!Curl_ssl_getsessionid(cf, data, &connssl->peer, &session, NULL)) { + if(!Curl_ssl_getsessionid(cf, data, &connssl->peer, &sdata, &slen, NULL) && + slen == sizeof(*session)) { + session = sdata; br_ssl_engine_set_session_parameters(&backend->ctx.eng, session); session_set = 1; infof(data, "BearSSL: reusing session ID"); @@ -629,10 +657,10 @@ static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf, /* give application a chance to interfere with SSL set up. */ if(data->set.ssl.fsslctx) { - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); ret = (*data->set.ssl.fsslctx)(data, &backend->ctx, data->set.ssl.fsslctxp); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); if(ret) { failf(data, "BearSSL: error signaled by ssl ctx callback"); return ret; @@ -648,28 +676,6 @@ static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf, return CURLE_OK; } -static void bearssl_adjust_pollset(struct Curl_cfilter *cf, - struct Curl_easy *data, - struct easy_pollset *ps) -{ - if(!cf->connected) { - curl_socket_t sock = Curl_conn_cf_get_socket(cf->next, data); - if(sock != CURL_SOCKET_BAD) { - struct ssl_connect_data *connssl = cf->ctx; - struct bearssl_ssl_backend_data *backend = - (struct bearssl_ssl_backend_data *)connssl->backend; - unsigned state = br_ssl_engine_current_state(&backend->ctx.eng); - - if(state & BR_SSL_SENDREC) { - Curl_pollset_set_out_only(data, ps, sock); - } - else { - Curl_pollset_set_in_only(data, ps, sock); - } - } - } -} - static CURLcode bearssl_run_until(struct Curl_cfilter *cf, struct Curl_easy *data, unsigned target) @@ -686,6 +692,7 @@ static CURLcode bearssl_run_until(struct Curl_cfilter *cf, DEBUGASSERT(backend); + connssl->io_need = CURL_SSL_IO_NEED_NONE; for(;;) { state = br_ssl_engine_current_state(&backend->ctx.eng); if(state & BR_SSL_CLOSED) { @@ -710,7 +717,9 @@ static CURLcode bearssl_run_until(struct Curl_cfilter *cf, failf(data, "SSL: X.509 verification: " "chain could not be linked to a trust anchor"); return CURLE_PEER_FAILED_VERIFICATION; + default:; } + failf(data, "BearSSL: connection error 0x%04x", err); /* X.509 errors are documented to have the range 32..63 */ if(err >= 32 && err < 64) return CURLE_PEER_FAILED_VERIFICATION; @@ -720,7 +729,8 @@ static CURLcode bearssl_run_until(struct Curl_cfilter *cf, return CURLE_OK; if(state & BR_SSL_SENDREC) { buf = br_ssl_engine_sendrec_buf(&backend->ctx.eng, &len); - ret = Curl_conn_cf_send(cf->next, data, (char *)buf, len, &result); + ret = Curl_conn_cf_send(cf->next, data, (char *)buf, len, FALSE, + &result); CURL_TRC_CF(data, cf, "ssl_send(len=%zu) -> %zd, %d", len, ret, result); if(ret <= 0) { if(result == CURLE_AGAIN) @@ -755,7 +765,6 @@ static CURLcode bearssl_connect_step2(struct Curl_cfilter *cf, (struct bearssl_ssl_backend_data *)connssl->backend; br_ssl_session_parameters session; char cipher_str[64]; - char ver_str[16]; CURLcode ret; DEBUGASSERT(backend); @@ -766,6 +775,7 @@ static CURLcode bearssl_connect_step2(struct Curl_cfilter *cf, return CURLE_OK; if(ret == CURLE_OK) { unsigned int tver; + int subver = 0; if(br_ssl_engine_current_state(&backend->ctx.eng) == BR_SSL_CLOSED) { failf(data, "SSL: connection closed during handshake"); @@ -774,19 +784,22 @@ static CURLcode bearssl_connect_step2(struct Curl_cfilter *cf, connssl->connecting_state = ssl_connect_3; /* Informational message */ tver = br_ssl_engine_get_version(&backend->ctx.eng); - if(tver == BR_TLS12) - strcpy(ver_str, "TLSv1.2"); - else if(tver == BR_TLS11) - strcpy(ver_str, "TLSv1.1"); - else if(tver == BR_TLS10) - strcpy(ver_str, "TLSv1.0"); - else { - msnprintf(ver_str, sizeof(ver_str), "TLS 0x%04x", tver); + switch(tver) { + case BR_TLS12: + subver = 2; /* 1.2 */ + break; + case BR_TLS11: + subver = 1; /* 1.1 */ + break; + case BR_TLS10: /* 1.0 */ + default: /* unknown, leave it at zero */ + break; } br_ssl_engine_get_session_parameters(&backend->ctx.eng, &session); Curl_cipher_suite_get_str(session.cipher_suite, cipher_str, - sizeof(cipher_str), true); - infof(data, "BearSSL: %s connection using %s", ver_str, cipher_str); + sizeof(cipher_str), TRUE); + infof(data, "BearSSL: TLS v1.%d connection using %s", subver, + cipher_str); } return ret; } @@ -814,8 +827,8 @@ static CURLcode bearssl_connect_step3(struct Curl_cfilter *cf, const char *proto; proto = br_ssl_engine_get_selected_protocol(&backend->ctx.eng); - Curl_alpn_set_negotiated(cf, data, (const unsigned char *)proto, - proto? strlen(proto) : 0); + Curl_alpn_set_negotiated(cf, data, connssl, (const unsigned char *)proto, + proto ? strlen(proto) : 0); } if(ssl_config->primary.cache_session) { @@ -826,7 +839,8 @@ static CURLcode bearssl_connect_step3(struct Curl_cfilter *cf, return CURLE_OUT_OF_MEMORY; br_ssl_engine_get_session_parameters(&backend->ctx.eng, session); Curl_ssl_sessionid_lock(data); - ret = Curl_ssl_set_sessionid(cf, data, &connssl->peer, session, 0, + ret = Curl_ssl_set_sessionid(cf, data, &connssl->peer, NULL, + session, sizeof(*session), bearssl_session_free); Curl_ssl_sessionid_unlock(data); if(ret) @@ -935,15 +949,14 @@ static CURLcode bearssl_connect_common(struct Curl_cfilter *cf, /* if ssl is expecting something, check if it is available. */ if(connssl->io_need) { - - curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND)? - sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV)? - sockfd:CURL_SOCKET_BAD; + curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND) ? + sockfd : CURL_SOCKET_BAD; + curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV) ? + sockfd : CURL_SOCKET_BAD; CURL_TRC_CF(data, cf, "connect_common, check socket"); what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, - nonblocking?0:timeout_ms); + nonblocking ? 0 : timeout_ms); CURL_TRC_CF(data, cf, "connect_common, check socket -> %d", what); if(what < 0) { /* fatal error */ @@ -1089,8 +1102,10 @@ static CURLcode bearssl_shutdown(struct Curl_cfilter *cf, if(result == CURLE_OK) { *done = TRUE; } - else if(result == CURLE_AGAIN) + else if(result == CURLE_AGAIN) { + CURL_TRC_CF(data, cf, "shutdown EAGAIN, io_need=%x", connssl->io_need); result = CURLE_OK; + } else CURL_TRC_CF(data, cf, "shutdown error: %d", result); @@ -1131,7 +1146,12 @@ static CURLcode bearssl_sha256sum(const unsigned char *input, const struct Curl_ssl Curl_ssl_bearssl = { { CURLSSLBACKEND_BEARSSL, "bearssl" }, /* info */ - SSLSUPP_CAINFO_BLOB | SSLSUPP_SSL_CTX | SSLSUPP_HTTPS_PROXY, + + SSLSUPP_CAINFO_BLOB | + SSLSUPP_SSL_CTX | + SSLSUPP_HTTPS_PROXY | + SSLSUPP_CIPHER_LIST, + sizeof(struct bearssl_ssl_backend_data), Curl_none_init, /* init */ @@ -1144,7 +1164,7 @@ const struct Curl_ssl Curl_ssl_bearssl = { Curl_none_cert_status_request, /* cert_status_request */ bearssl_connect, /* connect */ bearssl_connect_nonblocking, /* connect_nonblocking */ - bearssl_adjust_pollset, /* adjust_pollset */ + Curl_ssl_adjust_pollset, /* adjust_pollset */ bearssl_get_internals, /* get_internals */ bearssl_close, /* close_one */ Curl_none_close_all, /* close_all */ @@ -1157,6 +1177,7 @@ const struct Curl_ssl Curl_ssl_bearssl = { NULL, /* disassociate_connection */ bearssl_recv, /* recv decrypted data */ bearssl_send, /* send data to encrypt */ + NULL, /* get_channel_binding */ }; #endif /* USE_BEARSSL */ diff --git a/libraries/libcurl/vtls/cipher_suite.c b/libraries/libcurl/vtls/cipher_suite.c index 83ac5ddf..a694b146 100644 --- a/libraries/libcurl/vtls/cipher_suite.c +++ b/libraries/libcurl/vtls/cipher_suite.c @@ -23,7 +23,8 @@ ***************************************************************************/ #include "curl_setup.h" -#if defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || defined(USE_BEARSSL) +#if defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || \ + defined(USE_BEARSSL) || defined(USE_RUSTLS) #include "cipher_suite.h" #include "curl_printf.h" #include "strcase.h" @@ -163,24 +164,24 @@ enum { CS_TXT_LEN, }; -#define CS_ZIP_IDX(a, b, c, d, e, f, g, h) \ -{ \ - (uint8_t) ((a) << 2 | ((b) & 0x3F) >> 4), \ - (uint8_t) ((b) << 4 | ((c) & 0x3F) >> 2), \ - (uint8_t) ((c) << 6 | ((d) & 0x3F)), \ - (uint8_t) ((e) << 2 | ((f) & 0x3F) >> 4), \ - (uint8_t) ((f) << 4 | ((g) & 0x3F) >> 2), \ - (uint8_t) ((g) << 6 | ((h) & 0x3F)) \ +#define CS_ZIP_IDX(a, b, c, d, e, f, g, h) \ +{ \ + (uint8_t) ((((a) << 2) & 0xFF) | ((b) & 0x3F) >> 4), \ + (uint8_t) ((((b) << 4) & 0xFF) | ((c) & 0x3F) >> 2), \ + (uint8_t) ((((c) << 6) & 0xFF) | ((d) & 0x3F)), \ + (uint8_t) ((((e) << 2) & 0xFF) | ((f) & 0x3F) >> 4), \ + (uint8_t) ((((f) << 4) & 0xFF) | ((g) & 0x3F) >> 2), \ + (uint8_t) ((((g) << 6) & 0xFF) | ((h) & 0x3F)) \ } -#define CS_ENTRY(id, a, b, c, d, e, f, g, h) \ -{ \ - id, \ - CS_ZIP_IDX( \ - CS_TXT_IDX_ ## a, CS_TXT_IDX_ ## b, \ - CS_TXT_IDX_ ## c, CS_TXT_IDX_ ## d, \ - CS_TXT_IDX_ ## e, CS_TXT_IDX_ ## f, \ - CS_TXT_IDX_ ## g, CS_TXT_IDX_ ## h \ - ) \ +#define CS_ENTRY(id, a, b, c, d, e, f, g, h) \ +{ \ + id, \ + CS_ZIP_IDX( \ + CS_TXT_IDX_ ## a, CS_TXT_IDX_ ## b, \ + CS_TXT_IDX_ ## c, CS_TXT_IDX_ ## d, \ + CS_TXT_IDX_ ## e, CS_TXT_IDX_ ## f, \ + CS_TXT_IDX_ ## g, CS_TXT_IDX_ ## h \ + ) \ } struct cs_entry { @@ -190,6 +191,28 @@ struct cs_entry { /* !checksrc! disable COMMANOSPACE all */ static const struct cs_entry cs_list [] = { + /* TLS 1.3 ciphers */ +#if defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || defined(USE_RUSTLS) + CS_ENTRY(0x1301, TLS,AES,128,GCM,SHA256,,,), + CS_ENTRY(0x1302, TLS,AES,256,GCM,SHA384,,,), + CS_ENTRY(0x1303, TLS,CHACHA20,POLY1305,SHA256,,,,), + CS_ENTRY(0x1304, TLS,AES,128,CCM,SHA256,,,), + CS_ENTRY(0x1305, TLS,AES,128,CCM,8,SHA256,,), +#endif + /* TLS 1.2 ciphers */ + CS_ENTRY(0xC02B, TLS,ECDHE,ECDSA,WITH,AES,128,GCM,SHA256), + CS_ENTRY(0xC02B, ECDHE,ECDSA,AES128,GCM,SHA256,,,), + CS_ENTRY(0xC02C, TLS,ECDHE,ECDSA,WITH,AES,256,GCM,SHA384), + CS_ENTRY(0xC02C, ECDHE,ECDSA,AES256,GCM,SHA384,,,), + CS_ENTRY(0xC02F, TLS,ECDHE,RSA,WITH,AES,128,GCM,SHA256), + CS_ENTRY(0xC02F, ECDHE,RSA,AES128,GCM,SHA256,,,), + CS_ENTRY(0xC030, TLS,ECDHE,RSA,WITH,AES,256,GCM,SHA384), + CS_ENTRY(0xC030, ECDHE,RSA,AES256,GCM,SHA384,,,), + CS_ENTRY(0xCCA8, TLS,ECDHE,RSA,WITH,CHACHA20,POLY1305,SHA256,), + CS_ENTRY(0xCCA8, ECDHE,RSA,CHACHA20,POLY1305,,,,), + CS_ENTRY(0xCCA9, TLS,ECDHE,ECDSA,WITH,CHACHA20,POLY1305,SHA256,), + CS_ENTRY(0xCCA9, ECDHE,ECDSA,CHACHA20,POLY1305,,,,), +#if defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || defined(USE_BEARSSL) CS_ENTRY(0x002F, TLS,RSA,WITH,AES,128,CBC,SHA,), CS_ENTRY(0x002F, AES128,SHA,,,,,,), CS_ENTRY(0x0035, TLS,RSA,WITH,AES,256,CBC,SHA,), @@ -234,26 +257,15 @@ static const struct cs_entry cs_list [] = { CS_ENTRY(0xC029, ECDH,RSA,AES128,SHA256,,,,), CS_ENTRY(0xC02A, TLS,ECDH,RSA,WITH,AES,256,CBC,SHA384), CS_ENTRY(0xC02A, ECDH,RSA,AES256,SHA384,,,,), - CS_ENTRY(0xC02B, TLS,ECDHE,ECDSA,WITH,AES,128,GCM,SHA256), - CS_ENTRY(0xC02B, ECDHE,ECDSA,AES128,GCM,SHA256,,,), - CS_ENTRY(0xC02C, TLS,ECDHE,ECDSA,WITH,AES,256,GCM,SHA384), - CS_ENTRY(0xC02C, ECDHE,ECDSA,AES256,GCM,SHA384,,,), CS_ENTRY(0xC02D, TLS,ECDH,ECDSA,WITH,AES,128,GCM,SHA256), CS_ENTRY(0xC02D, ECDH,ECDSA,AES128,GCM,SHA256,,,), CS_ENTRY(0xC02E, TLS,ECDH,ECDSA,WITH,AES,256,GCM,SHA384), CS_ENTRY(0xC02E, ECDH,ECDSA,AES256,GCM,SHA384,,,), - CS_ENTRY(0xC02F, TLS,ECDHE,RSA,WITH,AES,128,GCM,SHA256), - CS_ENTRY(0xC02F, ECDHE,RSA,AES128,GCM,SHA256,,,), - CS_ENTRY(0xC030, TLS,ECDHE,RSA,WITH,AES,256,GCM,SHA384), - CS_ENTRY(0xC030, ECDHE,RSA,AES256,GCM,SHA384,,,), CS_ENTRY(0xC031, TLS,ECDH,RSA,WITH,AES,128,GCM,SHA256), CS_ENTRY(0xC031, ECDH,RSA,AES128,GCM,SHA256,,,), CS_ENTRY(0xC032, TLS,ECDH,RSA,WITH,AES,256,GCM,SHA384), CS_ENTRY(0xC032, ECDH,RSA,AES256,GCM,SHA384,,,), - CS_ENTRY(0xCCA8, TLS,ECDHE,RSA,WITH,CHACHA20,POLY1305,SHA256,), - CS_ENTRY(0xCCA8, ECDHE,RSA,CHACHA20,POLY1305,,,,), - CS_ENTRY(0xCCA9, TLS,ECDHE,ECDSA,WITH,CHACHA20,POLY1305,SHA256,), - CS_ENTRY(0xCCA9, ECDHE,ECDSA,CHACHA20,POLY1305,,,,), +#endif #if defined(USE_SECTRANSP) || defined(USE_MBEDTLS) CS_ENTRY(0x0001, TLS,RSA,WITH,NULL,MD5,,,), CS_ENTRY(0x0001, NULL,MD5,,,,,,), @@ -327,11 +339,6 @@ static const struct cs_entry cs_list [] = { CS_ENTRY(0x00B8, RSA,PSK,NULL,SHA256,,,,), CS_ENTRY(0x00B9, TLS,RSA,PSK,WITH,NULL,SHA384,,), CS_ENTRY(0x00B9, RSA,PSK,NULL,SHA384,,,,), - CS_ENTRY(0x1301, TLS,AES,128,GCM,SHA256,,,), - CS_ENTRY(0x1302, TLS,AES,256,GCM,SHA384,,,), - CS_ENTRY(0x1303, TLS,CHACHA20,POLY1305,SHA256,,,,), - CS_ENTRY(0x1304, TLS,AES,128,CCM,SHA256,,,), - CS_ENTRY(0x1305, TLS,AES,128,CCM,8,SHA256,,), CS_ENTRY(0xC001, TLS,ECDH,ECDSA,WITH,NULL,SHA,,), CS_ENTRY(0xC001, ECDH,ECDSA,NULL,SHA,,,,), CS_ENTRY(0xC006, TLS,ECDHE,ECDSA,WITH,NULL,SHA,,), @@ -837,10 +844,10 @@ static bool cs_is_separator(char c) case ':': case ',': case ';': - return true; + return TRUE; default:; } - return false; + return FALSE; } uint16_t Curl_cipher_suite_walk_str(const char **str, const char **end) @@ -881,4 +888,4 @@ int Curl_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size, } #endif /* defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || \ - defined(USE_BEARSSL) */ + defined(USE_BEARSSL) || defined(USE_RUSTLS) */ diff --git a/libraries/libcurl/vtls/cipher_suite.h b/libraries/libcurl/vtls/cipher_suite.h index 1dd4d7b4..6d980103 100644 --- a/libraries/libcurl/vtls/cipher_suite.h +++ b/libraries/libcurl/vtls/cipher_suite.h @@ -26,7 +26,8 @@ #include "curl_setup.h" -#if defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || defined(USE_BEARSSL) +#if defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || \ + defined(USE_BEARSSL) || defined(USE_RUSTLS) #include /* Lookup IANA id for cipher suite string, returns 0 if not recognized */ @@ -43,5 +44,5 @@ int Curl_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size, bool prefer_rfc); #endif /* defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || \ - defined(USE_BEARSSL) */ + defined(USE_BEARSSL) || defined(USE_RUSTLS) */ #endif /* HEADER_CURL_CIPHER_SUITE_H */ diff --git a/libraries/libcurl/vtls/gtls.c b/libraries/libcurl/vtls/gtls.c index 39c22c20..af4f0c34 100644 --- a/libraries/libcurl/vtls/gtls.c +++ b/libraries/libcurl/vtls/gtls.c @@ -50,6 +50,7 @@ #include "vauth/vauth.h" #include "parsedate.h" #include "connect.h" /* for the connect timeout */ +#include "progress.h" #include "select.h" #include "strcase.h" #include "warnless.h" @@ -102,13 +103,13 @@ static ssize_t gtls_push(void *s, const void *buf, size_t blen) CURLcode result; DEBUGASSERT(data); - nwritten = Curl_conn_cf_send(cf->next, data, buf, blen, &result); + nwritten = Curl_conn_cf_send(cf->next, data, buf, blen, FALSE, &result); CURL_TRC_CF(data, cf, "gtls_push(len=%zu) -> %zd, err=%d", blen, nwritten, result); backend->gtls.io_result = result; if(nwritten < 0) { gnutls_transport_set_errno(backend->gtls.session, - (CURLE_AGAIN == result)? EAGAIN : EINVAL); + (CURLE_AGAIN == result) ? EAGAIN : EINVAL); nwritten = -1; } return nwritten; @@ -140,7 +141,7 @@ static ssize_t gtls_pull(void *s, void *buf, size_t blen) backend->gtls.io_result = result; if(nread < 0) { gnutls_transport_set_errno(backend->gtls.session, - (CURLE_AGAIN == result)? EAGAIN : EINVAL); + (CURLE_AGAIN == result) ? EAGAIN : EINVAL); nread = -1; } else if(nread == 0) @@ -159,7 +160,7 @@ static int gtls_init(void) { int ret = 1; if(!gtls_inited) { - ret = gnutls_global_init()?0:1; + ret = gnutls_global_init() ? 0 : 1; #ifdef GTLSDEBUG gnutls_global_set_log_function(tls_log_func); gnutls_global_set_log_level(2); @@ -193,7 +194,7 @@ static void showtime(struct Curl_easy *data, sizeof(str), " %s: %s, %02d %s %4d %02d:%02d:%02d GMT", text, - Curl_wkday[tm->tm_wday?tm->tm_wday-1:6], + Curl_wkday[tm->tm_wday ? tm->tm_wday-1 : 6], tm->tm_mday, Curl_month[tm->tm_mon], tm->tm_year + 1900, @@ -269,14 +270,14 @@ static CURLcode handshake(struct Curl_cfilter *cf, /* if ssl is expecting something, check if it is available. */ if(connssl->io_need) { int what; - curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND)? - sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV)? - sockfd:CURL_SOCKET_BAD; + curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND) ? + sockfd : CURL_SOCKET_BAD; + curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV) ? + sockfd : CURL_SOCKET_BAD; what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, - nonblocking?0: - timeout_ms?timeout_ms:1000); + nonblocking ? 0 : + timeout_ms ? timeout_ms : 1000); if(what < 0) { /* fatal error */ failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); @@ -284,7 +285,7 @@ static CURLcode handshake(struct Curl_cfilter *cf, } else if(0 == what) { if(nonblocking) - return CURLE_OK; + return CURLE_AGAIN; else if(timeout_ms) { /* timeout */ failf(data, "SSL connection timeout at %ld", (long)timeout_ms); @@ -308,8 +309,8 @@ static CURLcode handshake(struct Curl_cfilter *cf, if((rc == GNUTLS_E_AGAIN) || (rc == GNUTLS_E_INTERRUPTED)) { connssl->io_need = - gnutls_record_get_direction(session)? - CURL_SSL_IO_NEED_SEND:CURL_SSL_IO_NEED_RECV; + gnutls_record_get_direction(session) ? + CURL_SSL_IO_NEED_SEND : CURL_SSL_IO_NEED_RECV; continue; } else if((rc < 0) && !gnutls_error_is_fatal(rc)) { @@ -340,7 +341,7 @@ static CURLcode handshake(struct Curl_cfilter *cf, if(!strerr) strerr = gnutls_strerror(rc); - failf(data, "gnutls_handshake() failed: %s", strerr); + failf(data, "GnuTLS, handshake failed: %s", strerr); return CURLE_SSL_CONNECT_ERROR; } @@ -350,7 +351,7 @@ static CURLcode handshake(struct Curl_cfilter *cf, } } -static gnutls_x509_crt_fmt_t do_file_type(const char *type) +static gnutls_x509_crt_fmt_t gnutls_do_file_type(const char *type) { if(!type || !type[0]) return GNUTLS_X509_FMT_PEM; @@ -368,11 +369,11 @@ static gnutls_x509_crt_fmt_t do_file_type(const char *type) #define GNUTLS_SRP "+SRP" static CURLcode -set_ssl_version_min_max(struct Curl_easy *data, - struct ssl_peer *peer, - struct ssl_primary_config *conn_config, - const char **prioritylist, - const char *tls13support) +gnutls_set_ssl_version_min_max(struct Curl_easy *data, + struct ssl_peer *peer, + struct ssl_primary_config *conn_config, + const char **prioritylist, + const char *tls13support) { long ssl_version = conn_config->version; long ssl_version_max = conn_config->version_max; @@ -509,7 +510,7 @@ static CURLcode gtls_populate_creds(struct Curl_cfilter *cf, int rc; if(config->verifypeer) { - bool imported_native_ca = false; + bool imported_native_ca = FALSE; if(ssl_config->native_ca_store) { rc = gnutls_certificate_set_x509_system_trust(creds); @@ -519,7 +520,7 @@ static CURLcode gtls_populate_creds(struct Curl_cfilter *cf, else { infof(data, "found %d certificates in native ca store", rc); if(rc > 0) - imported_native_ca = true; + imported_native_ca = TRUE; } } @@ -590,7 +591,7 @@ static bool gtls_shared_creds_expired(const struct Curl_easy *data, timediff_t timeout_ms = cfg->ca_cache_timeout * (timediff_t)1000; if(timeout_ms < 0) - return false; + return FALSE; return elapsed_ms >= timeout_ms; } @@ -719,45 +720,57 @@ static void gtls_sessionid_free(void *sessionid, size_t idsize) free(sessionid); } -static CURLcode gtls_update_session_id(struct Curl_cfilter *cf, - struct Curl_easy *data, - gnutls_session_t session) +CURLcode Curl_gtls_update_session_id(struct Curl_cfilter *cf, + struct Curl_easy *data, + gnutls_session_t session, + struct ssl_peer *peer, + const char *alpn) { struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); - struct ssl_connect_data *connssl = cf->ctx; + void *connect_sessionid; + size_t connect_idsize = 0; CURLcode result = CURLE_OK; - if(ssl_config->primary.cache_session) { - /* we always unconditionally get the session id here, as even if we - already got it from the cache and asked to use it in the connection, it - might've been rejected and then a new one is in use now and we need to - detect that. */ - void *connect_sessionid; - size_t connect_idsize = 0; - - /* get the session ID data size */ - gnutls_session_get_data(session, NULL, &connect_idsize); - connect_sessionid = malloc(connect_idsize); /* get a buffer for it */ - if(!connect_sessionid) { - return CURLE_OUT_OF_MEMORY; - } - else { - /* extract session ID to the allocated buffer */ - gnutls_session_get_data(session, connect_sessionid, &connect_idsize); - - CURL_TRC_CF(data, cf, "get session id (len=%zu) and store in cache", - connect_idsize); - Curl_ssl_sessionid_lock(data); - /* store this session id, takes ownership */ - result = Curl_ssl_set_sessionid(cf, data, &connssl->peer, - connect_sessionid, connect_idsize, - gtls_sessionid_free); - Curl_ssl_sessionid_unlock(data); - } - } + if(!ssl_config->primary.cache_session) + return CURLE_OK; + + /* we always unconditionally get the session id here, as even if we + already got it from the cache and asked to use it in the connection, it + might've been rejected and then a new one is in use now and we need to + detect that. */ + + /* get the session ID data size */ + gnutls_session_get_data(session, NULL, &connect_idsize); + if(!connect_idsize) /* gnutls does this for some version combinations */ + return CURLE_OK; + + connect_sessionid = malloc(connect_idsize); /* get a buffer for it */ + if(!connect_sessionid) + return CURLE_OUT_OF_MEMORY; + + /* extract session ID to the allocated buffer */ + gnutls_session_get_data(session, connect_sessionid, &connect_idsize); + + CURL_TRC_CF(data, cf, "get session id (len=%zu, alpn=%s) and store in cache", + connect_idsize, alpn ? alpn : "-"); + Curl_ssl_sessionid_lock(data); + /* store this session id, takes ownership */ + result = Curl_ssl_set_sessionid(cf, data, peer, alpn, + connect_sessionid, connect_idsize, + gtls_sessionid_free); + Curl_ssl_sessionid_unlock(data); return result; } +static CURLcode cf_gtls_update_session_id(struct Curl_cfilter *cf, + struct Curl_easy *data, + gnutls_session_t session) +{ + struct ssl_connect_data *connssl = cf->ctx; + return Curl_gtls_update_session_id(cf, data, session, &connssl->peer, + connssl->alpn_negotiated); +} + static int gtls_handshake_cb(gnutls_session_t session, unsigned int htype, unsigned when, unsigned int incoming, const gnutls_datum_t *msg) @@ -770,10 +783,10 @@ static int gtls_handshake_cb(gnutls_session_t session, unsigned int htype, struct Curl_easy *data = CF_DATA_CURRENT(cf); if(data) { CURL_TRC_CF(data, cf, "handshake: %s message type %d", - incoming? "incoming" : "outgoing", htype); + incoming ? "incoming" : "outgoing", htype); switch(htype) { case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: { - gtls_update_session_id(cf, data, session); + cf_gtls_update_session_id(cf, data, session); break; } default: @@ -845,9 +858,20 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf, init_flags |= GNUTLS_FORCE_CLIENT_CERT; #endif -#if defined(GNUTLS_NO_TICKETS) - /* Disable TLS session tickets */ - init_flags |= GNUTLS_NO_TICKETS; +#if defined(GNUTLS_NO_TICKETS_TLS12) + init_flags |= GNUTLS_NO_TICKETS_TLS12; +#elif defined(GNUTLS_NO_TICKETS) + /* Disable TLS session tickets for non 1.3 connections */ + if((config->version != CURL_SSLVERSION_TLSv1_3) && + (config->version != CURL_SSLVERSION_DEFAULT)) + init_flags |= GNUTLS_NO_TICKETS; +#endif + +#if defined(GNUTLS_NO_STATUS_REQUEST) + if(!config->verifystatus) + /* Disable the "status_request" TLS extension, enabled by default since + GnuTLS 3.8.0. */ + init_flags |= GNUTLS_NO_STATUS_REQUEST; #endif rc = gnutls_init(>ls->session, init_flags); @@ -890,8 +914,8 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf, } /* At this point we know we have a supported TLS version, so set it */ - result = set_ssl_version_min_max(data, peer, - config, &prioritylist, tls13support); + result = gnutls_set_ssl_version_min_max(data, peer, + config, &prioritylist, tls13support); if(result) return result; @@ -929,7 +953,19 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf, if(result) return result; } - if(ssl_config->key_passwd) { + if(ssl_config->cert_type && strcasecompare(ssl_config->cert_type, "P12")) { + rc = gnutls_certificate_set_x509_simple_pkcs12_file( + gtls->shared_creds->creds, config->clientcert, GNUTLS_X509_FMT_DER, + ssl_config->key_passwd ? ssl_config->key_passwd : ""); + if(rc != GNUTLS_E_SUCCESS) { + failf(data, + "error reading X.509 potentially-encrypted key or certificate " + "file: %s", + gnutls_strerror(rc)); + return CURLE_SSL_CONNECT_ERROR; + } + } + else if(ssl_config->key_passwd) { const unsigned int supported_key_encryption_algorithms = GNUTLS_PKCS_USE_PKCS12_3DES | GNUTLS_PKCS_USE_PKCS12_ARCFOUR | GNUTLS_PKCS_USE_PKCS12_RC2_40 | GNUTLS_PKCS_USE_PBES2_3DES | @@ -939,7 +975,7 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf, gtls->shared_creds->creds, config->clientcert, ssl_config->key ? ssl_config->key : config->clientcert, - do_file_type(ssl_config->cert_type), + gnutls_do_file_type(ssl_config->cert_type), ssl_config->key_passwd, supported_key_encryption_algorithms); if(rc != GNUTLS_E_SUCCESS) { @@ -954,7 +990,7 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf, gtls->shared_creds->creds, config->clientcert, ssl_config->key ? ssl_config->key : config->clientcert, - do_file_type(ssl_config->cert_type) ) != + gnutls_do_file_type(ssl_config->cert_type) ) != GNUTLS_E_SUCCESS) { failf(data, "error reading X.509 key or certificate file"); return CURLE_SSL_CONNECT_ERROR; @@ -1015,11 +1051,15 @@ CURLcode Curl_gtls_ctx_init(struct gtls_ctx *gctx, struct Curl_easy *data, struct ssl_peer *peer, const unsigned char *alpn, size_t alpn_len, + struct ssl_connect_data *connssl, Curl_gtls_ctx_setup_cb *cb_setup, void *cb_user_data, void *ssl_user_data) { struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); + struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); + gnutls_datum_t gtls_alpns[5]; + size_t gtls_alpns_count = 0; CURLcode result; DEBUGASSERT(gctx); @@ -1042,52 +1082,91 @@ CURLcode Curl_gtls_ctx_init(struct gtls_ctx *gctx, gnutls_session_set_keylog_function(gctx->session, keylog_callback); } - /* convert the ALPN string from our arguments to a list of strings - * that gnutls wants and will convert internally back to this very - * string for sending to the server. nice. */ - if(alpn && alpn_len) { - gnutls_datum_t alpns[5]; - size_t i, alen = alpn_len; - unsigned char *s = (unsigned char *)alpn; - unsigned char slen; - for(i = 0; (i < ARRAYSIZE(alpns)) && alen; ++i) { - slen = s[0]; - if(slen >= alen) - return CURLE_FAILED_INIT; - alpns[i].data = s + 1; - alpns[i].size = slen; - s += slen + 1; - alen -= (size_t)slen + 1; - } - if(alen) /* not all alpn chars used, wrong format or too many */ - return CURLE_FAILED_INIT; - if(i && gnutls_alpn_set_protocols(gctx->session, - alpns, (unsigned int)i, - GNUTLS_ALPN_MANDATORY)) { - failf(data, "failed setting ALPN"); - return CURLE_SSL_CONNECT_ERROR; - } - } - /* This might be a reconnect, so we check for a session ID in the cache to speed up things */ if(conn_config->cache_session) { void *ssl_sessionid; size_t ssl_idsize; - + char *session_alpn; Curl_ssl_sessionid_lock(data); - if(!Curl_ssl_getsessionid(cf, data, peer, &ssl_sessionid, &ssl_idsize)) { + if(!Curl_ssl_getsessionid(cf, data, peer, + &ssl_sessionid, &ssl_idsize, &session_alpn)) { /* we got a session id, use it! */ int rc; rc = gnutls_session_set_data(gctx->session, ssl_sessionid, ssl_idsize); if(rc < 0) infof(data, "SSL failed to set session ID"); - else - infof(data, "SSL reusing session ID (size=%zu)", ssl_idsize); + else { + infof(data, "SSL reusing session ID (size=%zu, alpn=%s)", + ssl_idsize, session_alpn ? session_alpn : "-"); +#ifdef DEBUGBUILD + if((ssl_config->earlydata || !!getenv("CURL_USE_EARLYDATA")) && +#else + if(ssl_config->earlydata && +#endif + !cf->conn->connect_only && connssl && + (gnutls_protocol_get_version(gctx->session) == GNUTLS_TLS1_3) && + Curl_alpn_contains_proto(connssl->alpn, session_alpn)) { + connssl->earlydata_max = + gnutls_record_get_max_early_data_size(gctx->session); + if((!connssl->earlydata_max || + connssl->earlydata_max == 0xFFFFFFFFUL)) { + /* Seems to be GnuTLS way to signal no EarlyData in session */ + CURL_TRC_CF(data, cf, "TLS session does not allow earlydata"); + } + else { + CURL_TRC_CF(data, cf, "TLS session allows %zu earlydata bytes, " + "reusing ALPN '%s'", + connssl->earlydata_max, session_alpn); + connssl->earlydata_state = ssl_earlydata_use; + connssl->state = ssl_connection_deferred; + result = Curl_alpn_set_negotiated(cf, data, connssl, + (const unsigned char *)session_alpn, + session_alpn ? strlen(session_alpn) : 0); + if(result) + return result; + /* We only try the ALPN protocol the session used before, + * otherwise we might send early data for the wrong protocol */ + gtls_alpns[0].data = (unsigned char *)session_alpn; + gtls_alpns[0].size = (unsigned)strlen(session_alpn); + gtls_alpns_count = 1; + } + } + } } Curl_ssl_sessionid_unlock(data); } + + /* convert the ALPN string from our arguments to a list of strings that + * gnutls wants and will convert internally back to this string for sending + * to the server. nice. */ + if(!gtls_alpns_count && alpn && alpn_len) { + size_t i, alen = alpn_len; + unsigned char *s = (unsigned char *)alpn; + unsigned char slen; + for(i = 0; (i < ARRAYSIZE(gtls_alpns)) && alen; ++i) { + slen = s[0]; + if(slen >= alen) + return CURLE_FAILED_INIT; + gtls_alpns[i].data = s + 1; + gtls_alpns[i].size = slen; + s += slen + 1; + alen -= (size_t)slen + 1; + } + if(alen) /* not all alpn chars used, wrong format or too many */ + return CURLE_FAILED_INIT; + gtls_alpns_count = i; + } + + if(gtls_alpns_count && + gnutls_alpn_set_protocols(gctx->session, + gtls_alpns, (unsigned int)gtls_alpns_count, + GNUTLS_ALPN_MANDATORY)) { + failf(data, "failed setting ALPN"); + return CURLE_SSL_CONNECT_ERROR; + } + return CURLE_OK; } @@ -1118,10 +1197,15 @@ gtls_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) } result = Curl_gtls_ctx_init(&backend->gtls, cf, data, &connssl->peer, - proto.data, proto.len, NULL, NULL, cf); + proto.data, proto.len, connssl, NULL, NULL, cf); if(result) return result; + if(connssl->alpn && (connssl->state != ssl_connection_deferred)) { + Curl_alpn_to_proto_str(&proto, connssl->alpn); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data); + } + gnutls_handshake_set_hook_function(backend->gtls.session, GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, gtls_handshake_cb); @@ -1295,9 +1379,18 @@ Curl_gtls_verifyserver(struct Curl_easy *data, /* verify_status is a bitmask of gnutls_certificate_status bits */ if(verify_status & GNUTLS_CERT_INVALID) { if(config->verifypeer) { - failf(data, "server certificate verification failed. CAfile: %s " - "CRLfile: %s", config->CAfile ? config->CAfile: - "none", + const char *cause = "certificate error, no details available"; + if(verify_status & GNUTLS_CERT_EXPIRED) + cause = "certificate has expired"; + else if(verify_status & GNUTLS_CERT_SIGNER_NOT_FOUND) + cause = "certificate signer not trusted"; + else if(verify_status & GNUTLS_CERT_INSECURE_ALGORITHM) + cause = "certificate uses insecure algorithm"; + else if(verify_status & GNUTLS_CERT_INVALID_OCSP_STATUS) + cause = "attached OCSP status response is invalid"; + failf(data, "server verification failed: %s. (CAfile: %s " + "CRLfile: %s)", cause, + config->CAfile ? config->CAfile : "none", ssl_config->primary.CRLfile ? ssl_config->primary.CRLfile : "none"); return CURLE_PEER_FAILED_VERIFICATION; @@ -1312,104 +1405,97 @@ Curl_gtls_verifyserver(struct Curl_easy *data, infof(data, " server certificate verification SKIPPED"); if(config->verifystatus) { - if(gnutls_ocsp_status_request_is_checked(session, 0) == 0) { - gnutls_datum_t status_request; - gnutls_ocsp_resp_t ocsp_resp; + gnutls_datum_t status_request; + gnutls_ocsp_resp_t ocsp_resp; + gnutls_ocsp_cert_status_t status; + gnutls_x509_crl_reason_t reason; - gnutls_ocsp_cert_status_t status; - gnutls_x509_crl_reason_t reason; + rc = gnutls_ocsp_status_request_get(session, &status_request); - rc = gnutls_ocsp_status_request_get(session, &status_request); + if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + failf(data, "No OCSP response received"); + return CURLE_SSL_INVALIDCERTSTATUS; + } - infof(data, " server certificate status verification FAILED"); + if(rc < 0) { + failf(data, "Invalid OCSP response received"); + return CURLE_SSL_INVALIDCERTSTATUS; + } - if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { - failf(data, "No OCSP response received"); - return CURLE_SSL_INVALIDCERTSTATUS; - } + gnutls_ocsp_resp_init(&ocsp_resp); - if(rc < 0) { - failf(data, "Invalid OCSP response received"); - return CURLE_SSL_INVALIDCERTSTATUS; - } + rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); + if(rc < 0) { + failf(data, "Invalid OCSP response received"); + return CURLE_SSL_INVALIDCERTSTATUS; + } - gnutls_ocsp_resp_init(&ocsp_resp); + (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, + &status, NULL, NULL, NULL, &reason); - rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); - if(rc < 0) { - failf(data, "Invalid OCSP response received"); - return CURLE_SSL_INVALIDCERTSTATUS; - } + switch(status) { + case GNUTLS_OCSP_CERT_GOOD: + break; - (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, - &status, NULL, NULL, NULL, &reason); + case GNUTLS_OCSP_CERT_REVOKED: { + const char *crl_reason; - switch(status) { - case GNUTLS_OCSP_CERT_GOOD: + switch(reason) { + default: + case GNUTLS_X509_CRLREASON_UNSPECIFIED: + crl_reason = "unspecified reason"; break; - case GNUTLS_OCSP_CERT_REVOKED: { - const char *crl_reason; - - switch(reason) { - default: - case GNUTLS_X509_CRLREASON_UNSPECIFIED: - crl_reason = "unspecified reason"; - break; - - case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: - crl_reason = "private key compromised"; - break; - - case GNUTLS_X509_CRLREASON_CACOMPROMISE: - crl_reason = "CA compromised"; - break; - - case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: - crl_reason = "affiliation has changed"; - break; + case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: + crl_reason = "private key compromised"; + break; - case GNUTLS_X509_CRLREASON_SUPERSEDED: - crl_reason = "certificate superseded"; - break; + case GNUTLS_X509_CRLREASON_CACOMPROMISE: + crl_reason = "CA compromised"; + break; - case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: - crl_reason = "operation has ceased"; - break; + case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: + crl_reason = "affiliation has changed"; + break; - case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: - crl_reason = "certificate is on hold"; - break; + case GNUTLS_X509_CRLREASON_SUPERSEDED: + crl_reason = "certificate superseded"; + break; - case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: - crl_reason = "will be removed from delta CRL"; - break; + case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: + crl_reason = "operation has ceased"; + break; - case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: - crl_reason = "privilege withdrawn"; - break; + case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: + crl_reason = "certificate is on hold"; + break; - case GNUTLS_X509_CRLREASON_AACOMPROMISE: - crl_reason = "AA compromised"; - break; - } + case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: + crl_reason = "will be removed from delta CRL"; + break; - failf(data, "Server certificate was revoked: %s", crl_reason); + case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: + crl_reason = "privilege withdrawn"; break; - } - default: - case GNUTLS_OCSP_CERT_UNKNOWN: - failf(data, "Server certificate status is unknown"); + case GNUTLS_X509_CRLREASON_AACOMPROMISE: + crl_reason = "AA compromised"; break; } - gnutls_ocsp_resp_deinit(ocsp_resp); + failf(data, "Server certificate was revoked: %s", crl_reason); + break; + } - return CURLE_SSL_INVALIDCERTSTATUS; + default: + case GNUTLS_OCSP_CERT_UNKNOWN: + failf(data, "Server certificate status is unknown"); + break; } - else - infof(data, " server certificate status verification OK"); + + gnutls_ocsp_resp_deinit(ocsp_resp); + if(status != GNUTLS_OCSP_CERT_GOOD) + return CURLE_SSL_INVALIDCERTSTATUS; } else infof(data, " server certificate status verification SKIPPED"); @@ -1431,12 +1517,12 @@ Curl_gtls_verifyserver(struct Curl_easy *data, unload_file(issuerp); if(rc <= 0) { failf(data, "server certificate issuer check failed (IssuerCert: %s)", - config->issuercert?config->issuercert:"none"); + config->issuercert ? config->issuercert : "none"); gnutls_x509_crt_deinit(x509_cert); return CURLE_SSL_ISSUER_ERROR; } infof(data, " server certificate issuer check OK (Issuer Cert: %s)", - config->issuercert?config->issuercert:"none"); + config->issuercert ? config->issuercert : "none"); } size = sizeof(certname); @@ -1641,8 +1727,8 @@ static CURLcode gtls_verifyserver(struct Curl_cfilter *cf, struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); #ifndef CURL_DISABLE_PROXY - const char *pinned_key = Curl_ssl_cf_is_proxy(cf)? - data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]: + const char *pinned_key = Curl_ssl_cf_is_proxy(cf) ? + data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] : data->set.str[STRING_SSL_PINNEDPUBLICKEY]; #else const char *pinned_key = data->set.str[STRING_SSL_PINNEDPUBLICKEY]; @@ -1654,26 +1740,79 @@ static CURLcode gtls_verifyserver(struct Curl_cfilter *cf, if(result) goto out; - if(connssl->alpn) { - gnutls_datum_t proto; - int rc; - - rc = gnutls_alpn_get_selected_protocol(session, &proto); - if(rc == 0) - Curl_alpn_set_negotiated(cf, data, proto.data, proto.size); - else - Curl_alpn_set_negotiated(cf, data, NULL, 0); - } - /* Only on TLSv1.2 or lower do we have the session id now. For * TLSv1.3 we get it via a SESSION_TICKET message that arrives later. */ if(gnutls_protocol_get_version(session) < GNUTLS_TLS1_3) - result = gtls_update_session_id(cf, data, session); + result = cf_gtls_update_session_id(cf, data, session); out: return result; } +static CURLcode gtls_set_earlydata(struct Curl_cfilter *cf, + struct Curl_easy *data, + const void *buf, size_t blen) +{ + struct ssl_connect_data *connssl = cf->ctx; + ssize_t nwritten = 0; + CURLcode result = CURLE_OK; + + DEBUGASSERT(connssl->earlydata_state == ssl_earlydata_use); + DEBUGASSERT(Curl_bufq_is_empty(&connssl->earlydata)); + if(blen) { + if(blen > connssl->earlydata_max) + blen = connssl->earlydata_max; + nwritten = Curl_bufq_write(&connssl->earlydata, buf, blen, &result); + CURL_TRC_CF(data, cf, "gtls_set_earlydata(len=%zu) -> %zd", + blen, nwritten); + if(nwritten < 0) + return result; + } + connssl->earlydata_state = ssl_earlydata_sending; + connssl->earlydata_skip = Curl_bufq_len(&connssl->earlydata); + return CURLE_OK; +} + +static CURLcode gtls_send_earlydata(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct ssl_connect_data *connssl = cf->ctx; + struct gtls_ssl_backend_data *backend = + (struct gtls_ssl_backend_data *)connssl->backend; + CURLcode result = CURLE_OK; + const unsigned char *buf; + size_t blen; + ssize_t n; + + DEBUGASSERT(connssl->earlydata_state == ssl_earlydata_sending); + backend->gtls.io_result = CURLE_OK; + while(Curl_bufq_peek(&connssl->earlydata, &buf, &blen)) { + n = gnutls_record_send_early_data(backend->gtls.session, buf, blen); + CURL_TRC_CF(data, cf, "gtls_send_earlydata(len=%zu) -> %zd", + blen, n); + if(n < 0) { + if(n == GNUTLS_E_AGAIN) + result = CURLE_AGAIN; + else + result = backend->gtls.io_result ? + backend->gtls.io_result : CURLE_SEND_ERROR; + goto out; + } + else if(!n) { + /* gnutls is buggy, it *SHOULD* return the amount of bytes it took in. + * Instead it returns 0 if everything was written. */ + n = (ssize_t)blen; + } + + Curl_bufq_skip(&connssl->earlydata, (size_t)n); + } + /* sent everything there was */ + infof(data, "SSL sending %" FMT_OFF_T " bytes of early data", + connssl->earlydata_skip); +out: + return result; +} + /* * This function is called after the TCP connect has completed. Setup the TLS * layer and do all necessary magic. @@ -1687,46 +1826,89 @@ static CURLcode gtls_connect_common(struct Curl_cfilter *cf, struct Curl_easy *data, bool nonblocking, - bool *done) -{ + bool *done) { struct ssl_connect_data *connssl = cf->ctx; - CURLcode rc; + struct gtls_ssl_backend_data *backend = + (struct gtls_ssl_backend_data *)connssl->backend; CURLcode result = CURLE_OK; + DEBUGASSERT(backend); + /* Initiate the connection, if not already done */ - if(ssl_connect_1 == connssl->connecting_state) { - rc = gtls_connect_step1(cf, data); - if(rc) { - result = rc; + if(connssl->connecting_state == ssl_connect_1) { + result = gtls_connect_step1(cf, data); + if(result) goto out; - } + connssl->connecting_state = ssl_connect_2; } - rc = handshake(cf, data, TRUE, nonblocking); - if(rc) { - /* handshake() sets its own error message with failf() */ - result = rc; - goto out; + if(connssl->connecting_state == ssl_connect_2) { + if(connssl->earlydata_state == ssl_earlydata_use) { + goto out; + } + else if(connssl->earlydata_state == ssl_earlydata_sending) { + result = gtls_send_earlydata(cf, data); + if(result) + goto out; + connssl->earlydata_state = ssl_earlydata_sent; + if(!Curl_ssl_cf_is_proxy(cf)) + Curl_pgrsEarlyData(data, (curl_off_t)connssl->earlydata_skip); + } + DEBUGASSERT((connssl->earlydata_state == ssl_earlydata_none) || + (connssl->earlydata_state == ssl_earlydata_sent)); + + result = handshake(cf, data, TRUE, nonblocking); + if(result) + goto out; + connssl->connecting_state = ssl_connect_3; } /* Finish connecting once the handshake is done */ - if(ssl_connect_1 == connssl->connecting_state) { - struct gtls_ssl_backend_data *backend = - (struct gtls_ssl_backend_data *)connssl->backend; - gnutls_session_t session; - DEBUGASSERT(backend); - session = backend->gtls.session; - rc = gtls_verifyserver(cf, data, session); - if(rc) { - result = rc; + if(connssl->connecting_state == ssl_connect_3) { + gnutls_datum_t proto; + int rc; + result = gtls_verifyserver(cf, data, backend->gtls.session); + if(result) goto out; - } + connssl->state = ssl_connection_complete; + connssl->connecting_state = ssl_connect_1; + + rc = gnutls_alpn_get_selected_protocol(backend->gtls.session, &proto); + if(rc) { /* No ALPN from server */ + proto.data = NULL; + proto.size = 0; + } + + result = Curl_alpn_set_negotiated(cf, data, connssl, + proto.data, proto.size); + if(result) + goto out; + + if(connssl->earlydata_state == ssl_earlydata_sent) { + if(gnutls_session_get_flags(backend->gtls.session) & + GNUTLS_SFLAGS_EARLY_DATA) { + connssl->earlydata_state = ssl_earlydata_accepted; + infof(data, "Server accepted %zu bytes of TLS early data.", + connssl->earlydata_skip); + } + else { + connssl->earlydata_state = ssl_earlydata_rejected; + if(!Curl_ssl_cf_is_proxy(cf)) + Curl_pgrsEarlyData(data, -(curl_off_t)connssl->earlydata_skip); + infof(data, "Server rejected TLS early data."); + connssl->earlydata_skip = 0; + } + } } out: - *done = ssl_connect_1 == connssl->connecting_state; - + if(result == CURLE_AGAIN) { + *done = FALSE; + return CURLE_OK; + } + *done = ((connssl->connecting_state == ssl_connect_1) || + (connssl->state == ssl_connection_deferred)); return result; } @@ -1734,6 +1916,12 @@ static CURLcode gtls_connect_nonblocking(struct Curl_cfilter *cf, struct Curl_easy *data, bool *done) { + struct ssl_connect_data *connssl = cf->ctx; + if(connssl->state == ssl_connection_deferred) { + /* We refuse to be pushed, we are waiting for someone to send/recv. */ + *done = TRUE; + return CURLE_OK; + } return gtls_connect_common(cf, data, TRUE, done); } @@ -1752,6 +1940,26 @@ static CURLcode gtls_connect(struct Curl_cfilter *cf, return CURLE_OK; } +static CURLcode gtls_connect_deferred(struct Curl_cfilter *cf, + struct Curl_easy *data, + const void *buf, + size_t blen, + bool *done) +{ + struct ssl_connect_data *connssl = cf->ctx; + CURLcode result = CURLE_OK; + + DEBUGASSERT(connssl->state == ssl_connection_deferred); + *done = FALSE; + if(connssl->earlydata_state == ssl_earlydata_use) { + result = gtls_set_earlydata(cf, data, buf, blen); + if(result) + return result; + } + + return gtls_connect_common(cf, data, TRUE, done); +} + static bool gtls_data_pending(struct Curl_cfilter *cf, const struct Curl_easy *data) { @@ -1769,28 +1977,74 @@ static bool gtls_data_pending(struct Curl_cfilter *cf, static ssize_t gtls_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *mem, - size_t len, + const void *buf, + size_t blen, CURLcode *curlcode) { struct ssl_connect_data *connssl = cf->ctx; struct gtls_ssl_backend_data *backend = (struct gtls_ssl_backend_data *)connssl->backend; ssize_t rc; + size_t nwritten, total_written = 0; - (void)data; DEBUGASSERT(backend); - backend->gtls.io_result = CURLE_OK; - rc = gnutls_record_send(backend->gtls.session, mem, len); - if(rc < 0) { - *curlcode = (rc == GNUTLS_E_AGAIN)? - CURLE_AGAIN : - (backend->gtls.io_result? backend->gtls.io_result : CURLE_SEND_ERROR); + if(connssl->state == ssl_connection_deferred) { + bool done = FALSE; + *curlcode = gtls_connect_deferred(cf, data, buf, blen, &done); + if(*curlcode) { + rc = -1; + goto out; + } + else if(!done) { + *curlcode = CURLE_AGAIN; + rc = -1; + goto out; + } + DEBUGASSERT(connssl->state == ssl_connection_complete); + } - rc = -1; + if(connssl->earlydata_skip) { + if(connssl->earlydata_skip >= blen) { + connssl->earlydata_skip -= blen; + *curlcode = CURLE_OK; + rc = (ssize_t)blen; + goto out; + } + else { + total_written += connssl->earlydata_skip; + buf = ((const char *)buf) + connssl->earlydata_skip; + blen -= connssl->earlydata_skip; + connssl->earlydata_skip = 0; + } } + while(blen) { + backend->gtls.io_result = CURLE_OK; + rc = gnutls_record_send(backend->gtls.session, buf, blen); + + if(rc < 0) { + if(total_written && (rc == GNUTLS_E_AGAIN)) { + *curlcode = CURLE_OK; + rc = (ssize_t)total_written; + goto out; + } + *curlcode = (rc == GNUTLS_E_AGAIN) ? + CURLE_AGAIN : + (backend->gtls.io_result ? backend->gtls.io_result : CURLE_SEND_ERROR); + + rc = -1; + goto out; + } + nwritten = (size_t)rc; + total_written += nwritten; + DEBUGASSERT(nwritten <= blen); + buf = (char *)buf + nwritten; + blen -= nwritten; + } + rc = total_written; + +out: return rc; } @@ -1811,7 +2065,9 @@ static CURLcode gtls_shutdown(struct Curl_cfilter *cf, size_t i; DEBUGASSERT(backend); - if(!backend->gtls.session || cf->shutdown) { + /* If we have no handshaked connection or already shut down */ + if(!backend->gtls.session || cf->shutdown || + connssl->state != ssl_connection_complete) { *done = TRUE; goto out; } @@ -1826,8 +2082,9 @@ static CURLcode gtls_shutdown(struct Curl_cfilter *cf, int ret = gnutls_bye(backend->gtls.session, GNUTLS_SHUT_RDWR); if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) { CURL_TRC_CF(data, cf, "SSL shutdown, gnutls_bye EAGAIN"); - connssl->io_need = gnutls_record_get_direction(backend->gtls.session)? + connssl->io_need = gnutls_record_get_direction(backend->gtls.session) ? CURL_SSL_IO_NEED_SEND : CURL_SSL_IO_NEED_RECV; + backend->gtls.sent_shutdown = FALSE; result = CURLE_OK; goto out; } @@ -1855,7 +2112,7 @@ static CURLcode gtls_shutdown(struct Curl_cfilter *cf, *done = TRUE; } else if((nread == GNUTLS_E_AGAIN) || (nread == GNUTLS_E_INTERRUPTED)) { - connssl->io_need = gnutls_record_get_direction(backend->gtls.session)? + connssl->io_need = gnutls_record_get_direction(backend->gtls.session) ? CURL_SSL_IO_NEED_SEND : CURL_SSL_IO_NEED_RECV; } else { @@ -1908,7 +2165,21 @@ static ssize_t gtls_recv(struct Curl_cfilter *cf, (void)data; DEBUGASSERT(backend); - backend->gtls.io_result = CURLE_OK; + if(connssl->state == ssl_connection_deferred) { + bool done = FALSE; + *curlcode = gtls_connect_deferred(cf, data, NULL, 0, &done); + if(*curlcode) { + ret = -1; + goto out; + } + else if(!done) { + *curlcode = CURLE_AGAIN; + ret = -1; + goto out; + } + DEBUGASSERT(connssl->state == ssl_connection_complete); + } + ret = gnutls_record_recv(backend->gtls.session, buf, buffersize); if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) { *curlcode = CURLE_AGAIN; @@ -1931,10 +2202,9 @@ static ssize_t gtls_recv(struct Curl_cfilter *cf, if(ret < 0) { failf(data, "GnuTLS recv error (%d): %s", - (int)ret, gnutls_strerror((int)ret)); - *curlcode = backend->gtls.io_result? - backend->gtls.io_result : CURLE_RECV_ERROR; + *curlcode = backend->gtls.io_result ? + backend->gtls.io_result : CURLE_RECV_ERROR; ret = -1; goto out; } @@ -1955,7 +2225,7 @@ static CURLcode gtls_random(struct Curl_easy *data, int rc; (void)data; rc = gnutls_rnd(GNUTLS_RND_RANDOM, entropy, length); - return rc?CURLE_FAILED_INIT:CURLE_OK; + return rc ? CURLE_FAILED_INIT : CURLE_OK; } static CURLcode gtls_sha256sum(const unsigned char *tmp, /* input */ @@ -2019,6 +2289,7 @@ const struct Curl_ssl Curl_ssl_gnutls = { NULL, /* disassociate_connection */ gtls_recv, /* recv decrypted data */ gtls_send, /* send data to encrypt */ + NULL, /* get_channel_binding */ }; #endif /* USE_GNUTLS */ diff --git a/libraries/libcurl/vtls/gtls.h b/libraries/libcurl/vtls/gtls.h index b0ca55bf..4f9c540e 100644 --- a/libraries/libcurl/vtls/gtls.h +++ b/libraries/libcurl/vtls/gtls.h @@ -45,6 +45,7 @@ struct Curl_cfilter; struct ssl_primary_config; struct ssl_config_data; struct ssl_peer; +struct ssl_connect_data; struct gtls_shared_creds { gnutls_certificate_credentials_t creds; @@ -78,6 +79,7 @@ CURLcode Curl_gtls_ctx_init(struct gtls_ctx *gctx, struct Curl_easy *data, struct ssl_peer *peer, const unsigned char *alpn, size_t alpn_len, + struct ssl_connect_data *connssl, Curl_gtls_ctx_setup_cb *cb_setup, void *cb_user_data, void *ssl_user_data); @@ -93,6 +95,13 @@ CURLcode Curl_gtls_verifyserver(struct Curl_easy *data, struct ssl_peer *peer, const char *pinned_key); +/* Extract TLS session and place in cache, if configured. */ +CURLcode Curl_gtls_update_session_id(struct Curl_cfilter *cf, + struct Curl_easy *data, + gnutls_session_t session, + struct ssl_peer *peer, + const char *alpn); + extern const struct Curl_ssl Curl_ssl_gnutls; #endif /* USE_GNUTLS */ diff --git a/libraries/libcurl/vtls/keylog.c b/libraries/libcurl/vtls/keylog.c index ab7baaae..ca86c156 100644 --- a/libraries/libcurl/vtls/keylog.c +++ b/libraries/libcurl/vtls/keylog.c @@ -99,13 +99,13 @@ Curl_tls_keylog_write_line(const char *line) char buf[256]; if(!keylog_file_fp || !line) { - return false; + return FALSE; } linelen = strlen(line); if(linelen == 0 || linelen > sizeof(buf) - 2) { /* Empty line or too big to fit in a LF and NUL. */ - return false; + return FALSE; } memcpy(buf, line, linelen); @@ -117,7 +117,7 @@ Curl_tls_keylog_write_line(const char *line) /* Using fputs here instead of fprintf since libcurl's fprintf replacement may not be thread-safe. */ fputs(buf, keylog_file_fp); - return true; + return TRUE; } bool @@ -131,13 +131,13 @@ Curl_tls_keylog_write(const char *label, 2 * SECRET_MAXLEN + 1 + 1]; if(!keylog_file_fp) { - return false; + return FALSE; } pos = strlen(label); if(pos > KEYLOG_LABEL_MAXLEN || !secretlen || secretlen > SECRET_MAXLEN) { /* Should never happen - sanity check anyway. */ - return false; + return FALSE; } memcpy(line, label, pos); @@ -161,7 +161,7 @@ Curl_tls_keylog_write(const char *label, /* Using fputs here instead of fprintf since libcurl's fprintf replacement may not be thread-safe. */ fputs(line, keylog_file_fp); - return true; + return TRUE; } #endif /* TLS or QUIC backend */ diff --git a/libraries/libcurl/vtls/mbedtls.c b/libraries/libcurl/vtls/mbedtls.c index 2b6042df..7a34e9c1 100644 --- a/libraries/libcurl/vtls/mbedtls.c +++ b/libraries/libcurl/vtls/mbedtls.c @@ -36,13 +36,6 @@ /* Define this to enable lots of debugging for mbedTLS */ /* #define MBEDTLS_DEBUG */ -#ifdef __GNUC__ -#pragma GCC diagnostic push -/* mbedTLS (as of v3.5.1) has a duplicate function declaration - in its public headers. Disable the warning that detects it. */ -#pragma GCC diagnostic ignored "-Wredundant-decls" -#endif - #include #if MBEDTLS_VERSION_NUMBER >= 0x02040000 #include @@ -63,10 +56,6 @@ # endif #endif -#ifdef __GNUC__ -#pragma GCC diagnostic pop -#endif - #include "cipher_suite.h" #include "strcase.h" #include "urldata.h" @@ -129,6 +118,10 @@ struct mbed_ssl_backend_data { #define TLS13_SUPPORT #endif +#if defined(TLS13_SUPPORT) && defined(MBEDTLS_SSL_SESSION_TICKETS) +#define HAS_SESSION_TICKETS +#endif + #if defined(THREADING_SUPPORT) static mbedtls_entropy_context ts_entropy; @@ -200,7 +193,8 @@ static int mbedtls_bio_cf_write(void *bio, if(!data) return 0; - nwritten = Curl_conn_cf_send(cf->next, data, (char *)buf, blen, &result); + nwritten = Curl_conn_cf_send(cf->next, data, (char *)buf, blen, FALSE, + &result); CURL_TRC_CF(data, cf, "mbedtls_bio_cf_out_write(len=%zu) -> %zd, err=%d", blen, nwritten, result); if(nwritten < 0 && CURLE_AGAIN == result) { @@ -258,138 +252,92 @@ static const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_fr = #define PUB_DER_MAX_BYTES (RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \ RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES) -#if MBEDTLS_VERSION_NUMBER >= 0x03020000 -static CURLcode mbedtls_version_from_curl( - mbedtls_ssl_protocol_version* mbedver, long version) +static CURLcode +mbed_set_ssl_version_min_max(struct Curl_easy *data, + struct mbed_ssl_backend_data *backend, + struct ssl_primary_config *conn_config) { - switch(version) { + /* TLS 1.0 and TLS 1.1 were dropped with mbedTLS 3.0.0 (2021). So, since + * then, and before the introduction of TLS 1.3 in 3.6.0 (2024), this + * function basically always sets TLS 1.2 as min/max, unless given + * unsupported option values. */ + +#if MBEDTLS_VERSION_NUMBER < 0x03020000 + int ver_min = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */ + int ver_max = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */ +#else + /* mbedTLS 3.2.0 (2022) introduced new methods for setting TLS version */ + mbedtls_ssl_protocol_version ver_min = MBEDTLS_SSL_VERSION_TLS1_2; + mbedtls_ssl_protocol_version ver_max = MBEDTLS_SSL_VERSION_TLS1_2; +#endif + + switch(conn_config->version) { + case CURL_SSLVERSION_DEFAULT: +#if MBEDTLS_VERSION_NUMBER < 0x03000000 + case CURL_SSLVERSION_TLSv1: + case CURL_SSLVERSION_TLSv1_0: + ver_min = MBEDTLS_SSL_MINOR_VERSION_1; + break; + case CURL_SSLVERSION_TLSv1_1: + ver_min = MBEDTLS_SSL_MINOR_VERSION_2; + break; +#else + case CURL_SSLVERSION_TLSv1: case CURL_SSLVERSION_TLSv1_0: case CURL_SSLVERSION_TLSv1_1: +#endif case CURL_SSLVERSION_TLSv1_2: - *mbedver = MBEDTLS_SSL_VERSION_TLS1_2; - return CURLE_OK; + /* ver_min = MBEDTLS_SSL_VERSION_TLS1_2; */ + break; case CURL_SSLVERSION_TLSv1_3: #ifdef TLS13_SUPPORT - *mbedver = MBEDTLS_SSL_VERSION_TLS1_3; - return CURLE_OK; -#else + ver_min = MBEDTLS_SSL_VERSION_TLS1_3; break; #endif + default: + failf(data, "mbedTLS: unsupported minimum TLS version value: %x", + conn_config->version); + return CURLE_SSL_CONNECT_ERROR; } - return CURLE_SSL_CONNECT_ERROR; -} -#else -static CURLcode mbedtls_version_from_curl(int *mbedver, long version) -{ -#if MBEDTLS_VERSION_NUMBER >= 0x03000000 - switch(version) { - case CURL_SSLVERSION_TLSv1_0: - case CURL_SSLVERSION_TLSv1_1: - case CURL_SSLVERSION_TLSv1_2: - *mbedver = MBEDTLS_SSL_MINOR_VERSION_3; - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_3: - break; - } -#else - switch(version) { - case CURL_SSLVERSION_TLSv1_0: - *mbedver = MBEDTLS_SSL_MINOR_VERSION_1; - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_1: - *mbedver = MBEDTLS_SSL_MINOR_VERSION_2; - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_2: - *mbedver = MBEDTLS_SSL_MINOR_VERSION_3; - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_3: - break; - } -#endif - - return CURLE_SSL_CONNECT_ERROR; -} -#endif - -static CURLcode -set_ssl_version_min_max(struct Curl_cfilter *cf, struct Curl_easy *data) -{ - struct ssl_connect_data *connssl = cf->ctx; - struct mbed_ssl_backend_data *backend = - (struct mbed_ssl_backend_data *)connssl->backend; - struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); -#if MBEDTLS_VERSION_NUMBER >= 0x03020000 - mbedtls_ssl_protocol_version mbedtls_ver_min = MBEDTLS_SSL_VERSION_TLS1_2; + switch(conn_config->version_max) { + case CURL_SSLVERSION_MAX_DEFAULT: + case CURL_SSLVERSION_MAX_NONE: + case CURL_SSLVERSION_MAX_TLSv1_3: #ifdef TLS13_SUPPORT - mbedtls_ssl_protocol_version mbedtls_ver_max = MBEDTLS_SSL_VERSION_TLS1_3; -#else - mbedtls_ssl_protocol_version mbedtls_ver_max = MBEDTLS_SSL_VERSION_TLS1_2; -#endif -#elif MBEDTLS_VERSION_NUMBER >= 0x03000000 - int mbedtls_ver_min = MBEDTLS_SSL_MINOR_VERSION_3; - int mbedtls_ver_max = MBEDTLS_SSL_MINOR_VERSION_3; -#else - int mbedtls_ver_min = MBEDTLS_SSL_MINOR_VERSION_1; - int mbedtls_ver_max = MBEDTLS_SSL_MINOR_VERSION_1; + ver_max = MBEDTLS_SSL_VERSION_TLS1_3; + break; #endif - long ssl_version = conn_config->version; - long ssl_version_max = conn_config->version_max; - CURLcode result = CURLE_OK; - - DEBUGASSERT(backend); - - switch(ssl_version) { - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1: - ssl_version = CURL_SSLVERSION_TLSv1_0; - break; - } - - switch(ssl_version_max) { - case CURL_SSLVERSION_MAX_NONE: - case CURL_SSLVERSION_MAX_DEFAULT: -#ifdef TLS13_SUPPORT - ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_3; + case CURL_SSLVERSION_MAX_TLSv1_2: + /* ver_max = MBEDTLS_SSL_VERSION_TLS1_2; */ + break; +#if MBEDTLS_VERSION_NUMBER < 0x03000000 + case CURL_SSLVERSION_MAX_TLSv1_1: + ver_max = MBEDTLS_SSL_MINOR_VERSION_2; + break; + case CURL_SSLVERSION_MAX_TLSv1_0: + ver_max = MBEDTLS_SSL_MINOR_VERSION_1; + break; #else - ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2; + case CURL_SSLVERSION_MAX_TLSv1_1: + case CURL_SSLVERSION_MAX_TLSv1_0: #endif - break; - } - - result = mbedtls_version_from_curl(&mbedtls_ver_min, ssl_version); - if(result) { - failf(data, "unsupported min version passed via CURLOPT_SSLVERSION"); - return result; - } - result = mbedtls_version_from_curl(&mbedtls_ver_max, ssl_version_max >> 16); - if(result) { - failf(data, "unsupported max version passed via CURLOPT_SSLVERSION"); - return result; + default: + failf(data, "mbedTLS: unsupported maximum TLS version value"); + return CURLE_SSL_CONNECT_ERROR; } -#if MBEDTLS_VERSION_NUMBER >= 0x03020000 - mbedtls_ssl_conf_min_tls_version(&backend->config, mbedtls_ver_min); - mbedtls_ssl_conf_max_tls_version(&backend->config, mbedtls_ver_max); -#else +#if MBEDTLS_VERSION_NUMBER < 0x03020000 mbedtls_ssl_conf_min_version(&backend->config, MBEDTLS_SSL_MAJOR_VERSION_3, - mbedtls_ver_min); + ver_min); mbedtls_ssl_conf_max_version(&backend->config, MBEDTLS_SSL_MAJOR_VERSION_3, - mbedtls_ver_max); -#endif - -#ifdef TLS13_SUPPORT - if(mbedtls_ver_min == MBEDTLS_SSL_VERSION_TLS1_3) { - mbedtls_ssl_conf_authmode(&backend->config, MBEDTLS_SSL_VERIFY_REQUIRED); - } - else { - mbedtls_ssl_conf_authmode(&backend->config, MBEDTLS_SSL_VERIFY_OPTIONAL); - } + ver_max); #else - mbedtls_ssl_conf_authmode(&backend->config, MBEDTLS_SSL_VERIFY_OPTIONAL); + mbedtls_ssl_conf_min_tls_version(&backend->config, ver_min); + mbedtls_ssl_conf_max_tls_version(&backend->config, ver_max); #endif - return result; + return CURLE_OK; } /* TLS_ECJPAKE_WITH_AES_128_CCM_8 (0xC0FF) is marked experimental @@ -397,6 +345,7 @@ set_ssl_version_min_max(struct Curl_cfilter *cf, struct Curl_easy *data) cipher suite present in other SSL implementations. Provide provisional support for specifying the cipher suite here. */ #ifdef MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 +#if MBEDTLS_VERSION_NUMBER >= 0x03020000 static int mbed_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size, bool prefer_rfc) @@ -407,6 +356,7 @@ mbed_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size, return Curl_cipher_suite_get_str(id, buf, buf_size, prefer_rfc); return 0; } +#endif static uint16_t mbed_cipher_suite_walk_str(const char **str, const char **end) @@ -428,11 +378,13 @@ mbed_cipher_suite_walk_str(const char **str, const char **end) static CURLcode mbed_set_selected_ciphers(struct Curl_easy *data, struct mbed_ssl_backend_data *backend, - const char *ciphers) + const char *ciphers12, + const char *ciphers13) { + const char *ciphers = ciphers12; const int *supported; int *selected; - size_t supported_len, count = 0, i; + size_t supported_len, count = 0, default13_count = 0, i, j; const char *ptr, *end; supported = mbedtls_ssl_list_ciphersuites(); @@ -443,6 +395,26 @@ mbed_set_selected_ciphers(struct Curl_easy *data, if(!selected) return CURLE_OUT_OF_MEMORY; +#ifndef TLS13_SUPPORT + (void) ciphers13, (void) j; +#else + if(!ciphers13) { + /* Add default TLSv1.3 ciphers to selection */ + for(j = 0; j < supported_len; j++) { + uint16_t id = (uint16_t) supported[j]; + if(strncmp(mbedtls_ssl_get_ciphersuite_name(id), "TLS1-3", 6) != 0) + continue; + + selected[count++] = id; + } + + default13_count = count; + } + else + ciphers = ciphers13; + +add_ciphers: +#endif for(ptr = ciphers; ptr[0] != '\0' && count < supported_len; ptr = end) { uint16_t id = mbed_cipher_suite_walk_str(&ptr, &end); @@ -462,14 +434,38 @@ mbed_set_selected_ciphers(struct Curl_easy *data, /* No duplicates allowed (so selected cannot overflow) */ for(i = 0; i < count && selected[i] != id; i++); if(i < count) { - infof(data, "mbedTLS: duplicate cipher in list: \"%.*s\"", - (int) (end - ptr), ptr); + if(i >= default13_count) + infof(data, "mbedTLS: duplicate cipher in list: \"%.*s\"", + (int) (end - ptr), ptr); continue; } selected[count++] = id; } +#ifdef TLS13_SUPPORT + if(ciphers == ciphers13 && ciphers12) { + ciphers = ciphers12; + goto add_ciphers; + } + + if(!ciphers12) { + /* Add default TLSv1.2 ciphers to selection */ + for(j = 0; j < supported_len; j++) { + uint16_t id = (uint16_t) supported[j]; + if(strncmp(mbedtls_ssl_get_ciphersuite_name(id), "TLS1-3", 6) == 0) + continue; + + /* No duplicates allowed (so selected cannot overflow) */ + for(i = 0; i < count && selected[i] != id; i++); + if(i < count) + continue; + + selected[count++] = id; + } + } +#endif + selected[count] = 0; if(count == 0) { @@ -485,19 +481,79 @@ mbed_set_selected_ciphers(struct Curl_easy *data, return CURLE_OK; } -#ifdef TLS13_SUPPORT -static int mbed_no_verify(void *udata, mbedtls_x509_crt *crt, +static void +mbed_dump_cert_info(struct Curl_easy *data, const mbedtls_x509_crt *crt) +{ +#if defined(CURL_DISABLE_VERBOSE_STRINGS) || \ + (MBEDTLS_VERSION_NUMBER >= 0x03000000 && defined(MBEDTLS_X509_REMOVE_INFO)) + (void) data, (void) crt; +#else + const size_t bufsize = 16384; + char *p, *buffer = malloc(bufsize); + + if(buffer && mbedtls_x509_crt_info(buffer, bufsize, " ", crt) > 0) { + infof(data, "Server certificate:"); + for(p = buffer; *p; p += *p != '\0') { + size_t s = strcspn(p, "\n"); + infof(data, "%.*s", (int) s, p); + p += s; + } + } + else + infof(data, "Unable to dump certificate information"); + + free(buffer); +#endif +} + +static void +mbed_extract_certinfo(struct Curl_easy *data, const mbedtls_x509_crt *crt) +{ + CURLcode result; + const mbedtls_x509_crt *cur; + int i; + + for(i = 0, cur = crt; cur; ++i, cur = cur->next); + result = Curl_ssl_init_certinfo(data, i); + + for(i = 0, cur = crt; result == CURLE_OK && cur; ++i, cur = cur->next) { + const char *beg = (const char *) cur->raw.p; + const char *end = beg + cur->raw.len; + result = Curl_extract_certinfo(data, i, beg, end); + } +} + +static int mbed_verify_cb(void *ptr, mbedtls_x509_crt *crt, int depth, uint32_t *flags) { - (void)udata; - (void)crt; - (void)depth; - /* we clear any faults the mbedtls' own verification found. - * See */ - *flags = 0; + struct Curl_cfilter *cf = (struct Curl_cfilter *) ptr; + struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); + struct Curl_easy *data = CF_DATA_CURRENT(cf); + + if(depth == 0) { + if(data->set.verbose) + mbed_dump_cert_info(data, crt); + if(data->set.ssl.certinfo) + mbed_extract_certinfo(data, crt); + } + + if(!conn_config->verifypeer) + *flags = 0; + else if(!conn_config->verifyhost) + *flags &= ~MBEDTLS_X509_BADCERT_CN_MISMATCH; + + if(*flags) { +#if MBEDTLS_VERSION_NUMBER < 0x03000000 || !defined(MBEDTLS_X509_REMOVE_INFO) + char buf[128]; + mbedtls_x509_crt_verify_info(buf, sizeof(buf), "", *flags); + failf(data, "mbedTLS: %s", buf); +#else + failf(data, "mbedTLS: certificate verification error 0x%08x", *flags); +#endif + } + return 0; } -#endif static CURLcode mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) @@ -578,7 +634,7 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) ret = mbedtls_x509_crt_parse(&backend->cacert, newblob, ca_info_blob->len + 1); free(newblob); - if(ret<0) { + if(ret < 0) { mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); failf(data, "Error importing ca cert blob - mbedTLS: (-0x%04X) %s", -ret, errorbuf); @@ -590,7 +646,7 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) #ifdef MBEDTLS_FS_IO ret = mbedtls_x509_crt_parse_file(&backend->cacert, ssl_cafile); - if(ret<0) { + if(ret < 0) { mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); failf(data, "Error reading ca cert file %s - mbedTLS: (-0x%04X) %s", ssl_cafile, -ret, errorbuf); @@ -606,7 +662,7 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) #ifdef MBEDTLS_FS_IO ret = mbedtls_x509_crt_parse_path(&backend->cacert, ssl_capath); - if(ret<0) { + if(ret < 0) { mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); failf(data, "Error reading ca cert path %s - mbedTLS: (-0x%04X) %s", ssl_capath, -ret, errorbuf); @@ -755,16 +811,18 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) failf(data, "mbedTLS: ssl_config failed"); return CURLE_SSL_CONNECT_ERROR; } -#ifdef TLS13_SUPPORT - if(!verifypeer) { - /* Default verify behaviour changed in mbedtls v3.6.0 with TLS v1.3. - * On 1.3 connections, the handshake fails by default without trust - * anchors. We override this questionable change by installing our - * own verify callback that clears all errors. */ - mbedtls_ssl_conf_verify(&backend->config, mbed_no_verify, cf); - } + +#ifdef MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED + /* New in mbedTLS 3.6.1, need to enable, default is now disabled */ + mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets(&backend->config, + MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED); #endif + /* Always let mbedTLS verify certificates, if verifypeer or verifyhost are + * disabled we clear the corresponding error flags in the verify callback + * function. That is also where we log verification errors. */ + mbedtls_ssl_conf_verify(&backend->config, mbed_verify_cb, cf); + mbedtls_ssl_conf_authmode(&backend->config, MBEDTLS_SSL_VERIFY_REQUIRED); mbedtls_ssl_init(&backend->ssl); backend->initialized = TRUE; @@ -773,29 +831,9 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) mbedtls_ssl_conf_cert_profile(&backend->config, &mbedtls_x509_crt_profile_fr); - switch(conn_config->version) { - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1: -#if MBEDTLS_VERSION_NUMBER < 0x03000000 - mbedtls_ssl_conf_min_version(&backend->config, MBEDTLS_SSL_MAJOR_VERSION_3, - MBEDTLS_SSL_MINOR_VERSION_1); - infof(data, "mbedTLS: Set min SSL version to TLS 1.0"); - break; -#endif - case CURL_SSLVERSION_TLSv1_0: - case CURL_SSLVERSION_TLSv1_1: - case CURL_SSLVERSION_TLSv1_2: - case CURL_SSLVERSION_TLSv1_3: - { - CURLcode result = set_ssl_version_min_max(cf, data); - if(result != CURLE_OK) - return result; - break; - } - default: - failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); - return CURLE_SSL_CONNECT_ERROR; - } + ret = mbed_set_ssl_version_min_max(data, backend, conn_config); + if(ret != CURLE_OK) + return ret; mbedtls_ssl_conf_rng(&backend->config, mbedtls_ctr_drbg_random, &backend->ctr_drbg); @@ -813,9 +851,17 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) mbedtls_bio_cf_read, NULL /* rev_timeout() */); +#ifndef TLS13_SUPPORT if(conn_config->cipher_list) { CURLcode result = mbed_set_selected_ciphers(data, backend, - conn_config->cipher_list); + conn_config->cipher_list, + NULL); +#else + if(conn_config->cipher_list || conn_config->cipher_list13) { + CURLcode result = mbed_set_selected_ciphers(data, backend, + conn_config->cipher_list, + conn_config->cipher_list13); +#endif if(result != CURLE_OK) { failf(data, "mbedTLS: failed to set cipher suites"); return result; @@ -839,17 +885,27 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) /* Check if there is a cached ID we can/should use here! */ if(ssl_config->primary.cache_session) { - void *old_session = NULL; + void *sdata = NULL; + size_t slen = 0; Curl_ssl_sessionid_lock(data); - if(!Curl_ssl_getsessionid(cf, data, &connssl->peer, &old_session, NULL)) { - ret = mbedtls_ssl_set_session(&backend->ssl, old_session); + if(!Curl_ssl_getsessionid(cf, data, &connssl->peer, + &sdata, &slen, NULL) && slen) { + mbedtls_ssl_session session; + + mbedtls_ssl_session_init(&session); + ret = mbedtls_ssl_session_load(&session, sdata, slen); if(ret) { - Curl_ssl_sessionid_unlock(data); - failf(data, "mbedtls_ssl_set_session returned -0x%x", -ret); - return CURLE_SSL_CONNECT_ERROR; + failf(data, "error loading cached session: -0x%x", -ret); } - infof(data, "mbedTLS reusing session"); + else { + ret = mbedtls_ssl_set_session(&backend->ssl, &session); + if(ret) + failf(data, "error setting session: -0x%x", -ret); + else + infof(data, "SSL reusing session ID"); + } + mbedtls_ssl_session_free(&session); } Curl_ssl_sessionid_unlock(data); } @@ -867,7 +923,7 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) &backend->clicert, &backend->pk); } - if(mbedtls_ssl_set_hostname(&backend->ssl, connssl->peer.sni? + if(mbedtls_ssl_set_hostname(&backend->ssl, connssl->peer.sni ? connssl->peer.sni : connssl->peer.hostname)) { /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks and the name to set in the SNI extension. So even if curl connects to a @@ -923,60 +979,6 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) return CURLE_OK; } -static int count_server_cert(const mbedtls_x509_crt *peercert) -{ - int count = 1; - - DEBUGASSERT(peercert); - - while(peercert->next) { - ++count; - peercert = peercert->next; - } - return count; -} - -static CURLcode collect_server_cert_single(struct Curl_easy *data, - const mbedtls_x509_crt *server_cert, - int idx) -{ - const char *beg, *end; - - DEBUGASSERT(server_cert); - - beg = (const char *)server_cert->raw.p; - end = beg + server_cert->raw.len; - return Curl_extract_certinfo(data, idx, beg, end); -} - -static CURLcode collect_server_cert(struct Curl_cfilter *cf, - struct Curl_easy *data, - const struct mbedtls_x509_crt *peercert) -{ -#ifndef CURL_DISABLE_VERBOSE_STRINGS - const bool show_verbose_server_cert = data->set.verbose; -#else - const bool show_verbose_server_cert = false; -#endif - struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); - CURLcode result = CURLE_PEER_FAILED_VERIFICATION; - int i, count; - - if(!show_verbose_server_cert && !ssl_config->certinfo) - return CURLE_OK; - - if(!peercert) - return result; - - count = count_server_cert(peercert); - result = Curl_ssl_init_certinfo(data, count); - for(i = 0 ; !result && peercert ; i++) { - result = collect_server_cert_single(data, peercert, i); - peercert = peercert->next; - } - return result; -} - static CURLcode mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) { @@ -984,11 +986,9 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) struct ssl_connect_data *connssl = cf->ctx; struct mbed_ssl_backend_data *backend = (struct mbed_ssl_backend_data *)connssl->backend; - struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); - const mbedtls_x509_crt *peercert; #ifndef CURL_DISABLE_PROXY - const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf)? - data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]: + const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf) ? + data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] : data->set.str[STRING_SSL_PINNEDPUBLICKEY]; #else const char * const pinnedpubkey = data->set.str[STRING_SSL_PINNEDPUBLICKEY]; @@ -1028,70 +1028,23 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) uint16_t cipher_id; cipher_id = (uint16_t) mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl); - mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true); - infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str); - } -#else - infof(data, "mbedTLS: Handshake complete"); -#endif - ret = mbedtls_ssl_get_verify_result(&backend->ssl); - - if(!conn_config->verifyhost) - /* Ignore hostname errors if verifyhost is disabled */ - ret &= ~MBEDTLS_X509_BADCERT_CN_MISMATCH; - - if(ret && conn_config->verifypeer) { - if(ret & MBEDTLS_X509_BADCERT_EXPIRED) - failf(data, "Cert verify failed: BADCERT_EXPIRED"); - - else if(ret & MBEDTLS_X509_BADCERT_REVOKED) - failf(data, "Cert verify failed: BADCERT_REVOKED"); - - else if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH) - failf(data, "Cert verify failed: BADCERT_CN_MISMATCH"); - - else if(ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED) - failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED"); - - else if(ret & MBEDTLS_X509_BADCERT_FUTURE) - failf(data, "Cert verify failed: BADCERT_FUTURE"); - - return CURLE_PEER_FAILED_VERIFICATION; - } - - peercert = mbedtls_ssl_get_peer_cert(&backend->ssl); - - if(peercert) { - const CURLcode result = collect_server_cert(cf, data, peercert); - if(result) - return result; + mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), TRUE); + infof(data, "mbedTLS: %s Handshake complete, cipher is %s", + mbedtls_ssl_get_version(&backend->ssl), cipher_str); } - - if(peercert && data->set.verbose) { -#ifndef MBEDTLS_X509_REMOVE_INFO - const size_t bufsize = 16384; - char *buffer = malloc(bufsize); - - if(!buffer) - return CURLE_OUT_OF_MEMORY; - - if(mbedtls_x509_crt_info(buffer, bufsize, "* ", peercert) > 0) - infof(data, "Dumping cert info: %s", buffer); - else - infof(data, "Unable to dump certificate information"); - - free(buffer); #else - infof(data, "Unable to dump certificate information"); + infof(data, "mbedTLS: %s Handshake complete", + mbedtls_ssl_get_version(&backend->ssl)); #endif - } if(pinnedpubkey) { int size; CURLcode result; + const mbedtls_x509_crt *peercert; mbedtls_x509_crt *p = NULL; unsigned char *pubkey = NULL; + peercert = mbedtls_ssl_get_peer_cert(&backend->ssl); #if MBEDTLS_VERSION_NUMBER == 0x03000000 if(!peercert || !peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(p) || !peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len)) { @@ -1118,7 +1071,7 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) /* Make a copy of our const peercert because mbedtls_pk_write_pubkey_der needs a non-const key, for now. - https://github.com/ARMmbed/mbedtls/issues/396 */ + https://github.com/Mbed-TLS/mbedtls/issues/396 */ #if MBEDTLS_VERSION_NUMBER == 0x03000000 if(mbedtls_x509_crt_parse_der(p, peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(p), @@ -1161,8 +1114,8 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) if(connssl->alpn) { const char *proto = mbedtls_ssl_get_alpn_protocol(&backend->ssl); - Curl_alpn_set_negotiated(cf, data, (const unsigned char *)proto, - proto? strlen(proto) : 0); + Curl_alpn_set_negotiated(cf, data, connssl, (const unsigned char *)proto, + proto ? strlen(proto) : 0); } #endif @@ -1172,57 +1125,62 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) return CURLE_OK; } -static void mbedtls_session_free(void *sessionid, size_t idsize) +static void mbedtls_session_free(void *session, size_t slen) { - (void)idsize; - mbedtls_ssl_session_free(sessionid); - free(sessionid); + (void)slen; + free(session); } static CURLcode -mbed_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data) +mbed_new_session(struct Curl_cfilter *cf, struct Curl_easy *data) { - CURLcode retcode = CURLE_OK; struct ssl_connect_data *connssl = cf->ctx; struct mbed_ssl_backend_data *backend = (struct mbed_ssl_backend_data *)connssl->backend; struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); + CURLcode result = CURLE_OK; - DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); DEBUGASSERT(backend); - if(ssl_config->primary.cache_session) { int ret; - mbedtls_ssl_session *our_ssl_sessionid; + mbedtls_ssl_session session; + unsigned char *sdata = NULL; + size_t slen = 0; - our_ssl_sessionid = malloc(sizeof(mbedtls_ssl_session)); - if(!our_ssl_sessionid) - return CURLE_OUT_OF_MEMORY; - - mbedtls_ssl_session_init(our_ssl_sessionid); - - ret = mbedtls_ssl_get_session(&backend->ssl, our_ssl_sessionid); + mbedtls_ssl_session_init(&session); + ret = mbedtls_ssl_get_session(&backend->ssl, &session); if(ret) { if(ret != MBEDTLS_ERR_SSL_ALLOC_FAILED) - mbedtls_ssl_session_free(our_ssl_sessionid); - free(our_ssl_sessionid); + mbedtls_ssl_session_free(&session); failf(data, "mbedtls_ssl_get_session returned -0x%x", -ret); return CURLE_SSL_CONNECT_ERROR; } - /* If there is already a matching session in the cache, delete it */ - Curl_ssl_sessionid_lock(data); - retcode = Curl_ssl_set_sessionid(cf, data, &connssl->peer, - our_ssl_sessionid, 0, - mbedtls_session_free); - Curl_ssl_sessionid_unlock(data); - if(retcode) - return retcode; + mbedtls_ssl_session_save(&session, NULL, 0, &slen); + if(!slen) { + failf(data, "failed to serialize session: length is 0"); + } + else { + sdata = malloc(slen); + if(sdata) { + ret = mbedtls_ssl_session_save(&session, sdata, slen, &slen); + if(ret) { + failf(data, "failed to serialize session: -0x%x", -ret); + } + else { + Curl_ssl_sessionid_lock(data); + result = Curl_ssl_set_sessionid(cf, data, &connssl->peer, NULL, + sdata, slen, mbedtls_session_free); + Curl_ssl_sessionid_unlock(data); + if(!result) + sdata = NULL; + } + } + } + mbedtls_ssl_session_free(&session); + free(sdata); } - - connssl->connecting_state = ssl_connect_done; - - return CURLE_OK; + return result; } static ssize_t mbed_send(struct Curl_cfilter *cf, struct Curl_easy *data, @@ -1245,7 +1203,7 @@ static ssize_t mbed_send(struct Curl_cfilter *cf, struct Curl_easy *data, #ifdef TLS13_SUPPORT || (ret == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET) #endif - )? CURLE_AGAIN : CURLE_SEND_ERROR; + ) ? CURLE_AGAIN : CURLE_SEND_ERROR; ret = -1; } @@ -1381,7 +1339,6 @@ static ssize_t mbed_recv(struct Curl_cfilter *cf, struct Curl_easy *data, struct mbed_ssl_backend_data *backend = (struct mbed_ssl_backend_data *)connssl->backend; int ret = -1; - ssize_t len = -1; (void)data; DEBUGASSERT(backend); @@ -1391,24 +1348,31 @@ static ssize_t mbed_recv(struct Curl_cfilter *cf, struct Curl_easy *data, if(ret <= 0) { CURL_TRC_CF(data, cf, "mbedtls_ssl_read(len=%zu) -> -0x%04X", buffersize, -ret); - if(ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) - return 0; - *curlcode = ((ret == MBEDTLS_ERR_SSL_WANT_READ) -#ifdef TLS13_SUPPORT - || (ret == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET) + switch(ret) { +#ifdef HAS_SESSION_TICKETS + case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET: + mbed_new_session(cf, data); + FALLTHROUGH(); #endif - ) ? CURLE_AGAIN : CURLE_RECV_ERROR; - if(*curlcode != CURLE_AGAIN) { + case MBEDTLS_ERR_SSL_WANT_READ: + *curlcode = CURLE_AGAIN; + ret = -1; + break; + case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: + *curlcode = CURLE_OK; + ret = 0; + break; + default: { char errorbuf[128]; mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); failf(data, "ssl_read returned: (-0x%04X) %s", -ret, errorbuf); + *curlcode = CURLE_RECV_ERROR; + ret = -1; + break; + } } - return -1; } - - len = ret; - - return len; + return (ssize_t)ret; } static size_t mbedtls_version(char *buffer, size_t size) @@ -1416,42 +1380,31 @@ static size_t mbedtls_version(char *buffer, size_t size) #ifdef MBEDTLS_VERSION_C /* if mbedtls_version_get_number() is available it is better */ unsigned int version = mbedtls_version_get_number(); - return msnprintf(buffer, size, "mbedTLS/%u.%u.%u", version>>24, - (version>>16)&0xff, (version>>8)&0xff); + return msnprintf(buffer, size, "mbedTLS/%u.%u.%u", version >> 24, + (version >> 16) & 0xff, (version >> 8) & 0xff); #else return msnprintf(buffer, size, "mbedTLS/%s", MBEDTLS_VERSION_STRING); #endif } +/* 'data' might be NULL */ static CURLcode mbedtls_random(struct Curl_easy *data, unsigned char *entropy, size_t length) { #if defined(MBEDTLS_CTR_DRBG_C) - int ret = -1; - char errorbuf[128]; + int ret; mbedtls_entropy_context ctr_entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_entropy_init(&ctr_entropy); mbedtls_ctr_drbg_init(&ctr_drbg); + (void)data; ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &ctr_entropy, NULL, 0); - if(ret) { - mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); - failf(data, "mbedtls_ctr_drbg_seed returned (-0x%04X) %s", - -ret, errorbuf); - } - else { + if(!ret) ret = mbedtls_ctr_drbg_random(&ctr_drbg, entropy, length); - if(ret) { - mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); - failf(data, "mbedtls_ctr_drbg_random returned (-0x%04X) %s", - -ret, errorbuf); - } - } - mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&ctr_entropy); @@ -1511,11 +1464,10 @@ mbed_connect_common(struct Curl_cfilter *cf, struct Curl_easy *data, /* if ssl is expecting something, check if it is available. */ if(connssl->io_need) { - - curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND)? - sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV)? - sockfd:CURL_SOCKET_BAD; + curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND) ? + sockfd : CURL_SOCKET_BAD; + curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV) ? + sockfd : CURL_SOCKET_BAD; what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, nonblocking ? 0 : timeout_ms); @@ -1554,9 +1506,22 @@ mbed_connect_common(struct Curl_cfilter *cf, struct Curl_easy *data, } /* repeat step2 until all transactions are done. */ if(ssl_connect_3 == connssl->connecting_state) { - retcode = mbed_connect_step3(cf, data); - if(retcode) - return retcode; + /* For tls1.3 we get notified about new sessions */ +#if MBEDTLS_VERSION_NUMBER >= 0x03020000 + struct ssl_connect_data *ctx = cf->ctx; + struct mbed_ssl_backend_data *backend = + (struct mbed_ssl_backend_data *)ctx->backend; + + if(mbedtls_ssl_get_version_number(&backend->ssl) <= + MBEDTLS_SSL_VERSION_TLS1_2) { +#else + { /* no TLSv1.3 supported here */ +#endif + retcode = mbed_new_session(cf, data); + if(retcode) + return retcode; + } + connssl->connecting_state = ssl_connect_done; } if(ssl_connect_done == connssl->connecting_state) { @@ -1668,7 +1633,11 @@ const struct Curl_ssl Curl_ssl_mbedtls = { SSLSUPP_CERTINFO | SSLSUPP_PINNEDPUBKEY | SSLSUPP_SSL_CTX | - SSLSUPP_HTTPS_PROXY, +#ifdef TLS13_SUPPORT + SSLSUPP_TLS13_CIPHERSUITES | +#endif + SSLSUPP_HTTPS_PROXY | + SSLSUPP_CIPHER_LIST, sizeof(struct mbed_ssl_backend_data), @@ -1695,6 +1664,7 @@ const struct Curl_ssl Curl_ssl_mbedtls = { NULL, /* disassociate_connection */ mbed_recv, /* recv decrypted data */ mbed_send, /* send data to encrypt */ + NULL, /* get_channel_binding */ }; #endif /* USE_MBEDTLS */ diff --git a/libraries/libcurl/vtls/openssl.c b/libraries/libcurl/vtls/openssl.c index 8a65491b..e8be5d0c 100644 --- a/libraries/libcurl/vtls/openssl.c +++ b/libraries/libcurl/vtls/openssl.c @@ -247,7 +247,7 @@ #elif defined(OPENSSL_IS_AWSLC) #define OSSL_PACKAGE "AWS-LC" #else -# if defined(USE_NGTCP2) && defined(USE_NGHTTP3) +# if (defined(USE_NGTCP2) && defined(USE_NGHTTP3)) || defined(USE_MSH3) # define OSSL_PACKAGE "quictls" # else # define OSSL_PACKAGE "OpenSSL" @@ -314,29 +314,36 @@ typedef unsigned long sslerr_t; #define USE_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L) #endif /* !LIBRESSL_VERSION_NUMBER */ -#define push_certinfo(_label, _num) \ -do { \ - long info_len = BIO_get_mem_data(mem, &ptr); \ - Curl_ssl_push_certinfo_len(data, _num, _label, ptr, info_len); \ - if(1 != BIO_reset(mem)) \ - break; \ -} while(0) +static CURLcode ossl_certchain(struct Curl_easy *data, SSL *ssl); + +static CURLcode push_certinfo(struct Curl_easy *data, + BIO *mem, const char *label, int num) + WARN_UNUSED_RESULT; -static void pubkey_show(struct Curl_easy *data, - BIO *mem, - int num, - const char *type, - const char *name, - const BIGNUM *bn) +static CURLcode push_certinfo(struct Curl_easy *data, + BIO *mem, const char *label, int num) { char *ptr; + long len = BIO_get_mem_data(mem, &ptr); + CURLcode result = Curl_ssl_push_certinfo_len(data, num, label, ptr, len); + (void)BIO_reset(mem); + return result; +} + +static CURLcode pubkey_show(struct Curl_easy *data, + BIO *mem, + int num, + const char *type, + const char *name, + const BIGNUM *bn) +{ char namebuf[32]; msnprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name); if(bn) BN_print(mem, bn); - push_certinfo(namebuf, num); + return push_certinfo(data, mem, namebuf, num); } #ifdef HAVE_OPAQUE_RSA_DSA_DH @@ -368,15 +375,16 @@ static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len) return 0; } -static void X509V3_ext(struct Curl_easy *data, - int certnum, - CONST_EXTS STACK_OF(X509_EXTENSION) *exts) +static CURLcode X509V3_ext(struct Curl_easy *data, + int certnum, + CONST_EXTS STACK_OF(X509_EXTENSION) *exts) { int i; + CURLcode result = CURLE_OK; if((int)sk_X509_EXTENSION_num(exts) <= 0) /* no extensions, bail out */ - return; + return result; for(i = 0; i < (int)sk_X509_EXTENSION_num(exts); i++) { ASN1_OBJECT *obj; @@ -386,7 +394,7 @@ static void X509V3_ext(struct Curl_easy *data, BIO *bio_out = BIO_new(BIO_s_mem()); if(!bio_out) - return; + return result; obj = X509_EXTENSION_get_object(ext); @@ -396,13 +404,16 @@ static void X509V3_ext(struct Curl_easy *data, ASN1_STRING_print(bio_out, (ASN1_STRING *)X509_EXTENSION_get_data(ext)); BIO_get_mem_ptr(bio_out, &biomem); - Curl_ssl_push_certinfo_len(data, certnum, namebuf, biomem->data, - biomem->length); + result = Curl_ssl_push_certinfo_len(data, certnum, namebuf, biomem->data, + biomem->length); BIO_free(bio_out); + if(result) + break; } + return result; } -CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) +static CURLcode ossl_certchain(struct Curl_easy *data, SSL *ssl) { CURLcode result; STACK_OF(X509) *sk; @@ -420,38 +431,43 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) numcerts = sk_X509_num(sk); result = Curl_ssl_init_certinfo(data, (int)numcerts); - if(result) { + if(result) return result; - } mem = BIO_new(BIO_s_mem()); - if(!mem) { - return CURLE_OUT_OF_MEMORY; - } + if(!mem) + result = CURLE_OUT_OF_MEMORY; - for(i = 0; i < (int)numcerts; i++) { + for(i = 0; !result && (i < (int)numcerts); i++) { ASN1_INTEGER *num; X509 *x = sk_X509_value(sk, (ossl_valsize_t)i); EVP_PKEY *pubkey = NULL; int j; - char *ptr; const ASN1_BIT_STRING *psig = NULL; X509_NAME_print_ex(mem, X509_get_subject_name(x), 0, XN_FLAG_ONELINE); - push_certinfo("Subject", i); + result = push_certinfo(data, mem, "Subject", i); + if(result) + break; X509_NAME_print_ex(mem, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE); - push_certinfo("Issuer", i); + result = push_certinfo(data, mem, "Issuer", i); + if(result) + break; BIO_printf(mem, "%lx", X509_get_version(x)); - push_certinfo("Version", i); + result = push_certinfo(data, mem, "Version", i); + if(result) + break; num = X509_get_serialNumber(x); if(num->type == V_ASN1_NEG_INTEGER) BIO_puts(mem, "-"); for(j = 0; j < num->length; j++) BIO_printf(mem, "%02x", num->data[j]); - push_certinfo("Serial Number", i); + result = push_certinfo(data, mem, "Serial Number", i); + if(result) + break; #if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS) { @@ -464,7 +480,9 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) const ASN1_OBJECT *sigalgoid = NULL; X509_ALGOR_get0(&sigalgoid, NULL, NULL, sigalg); i2a_ASN1_OBJECT(mem, sigalgoid); - push_certinfo("Signature Algorithm", i); + result = push_certinfo(data, mem, "Signature Algorithm", i); + if(result) + break; } xpubkey = X509_get_X509_PUBKEY(x); @@ -472,11 +490,15 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) X509_PUBKEY_get0_param(&pubkeyoid, NULL, NULL, NULL, xpubkey); if(pubkeyoid) { i2a_ASN1_OBJECT(mem, pubkeyoid); - push_certinfo("Public Key Algorithm", i); + result = push_certinfo(data, mem, "Public Key Algorithm", i); + if(result) + break; } } - X509V3_ext(data, i, X509_get0_extensions(x)); + result = X509V3_ext(data, i, X509_get0_extensions(x)); + if(result) + break; } #else { @@ -484,22 +506,32 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) X509_CINF *cinf = x->cert_info; i2a_ASN1_OBJECT(mem, cinf->signature->algorithm); - push_certinfo("Signature Algorithm", i); + result = push_certinfo(data, mem, "Signature Algorithm", i); - i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm); - push_certinfo("Public Key Algorithm", i); + if(!result) { + i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm); + result = push_certinfo(data, mem, "Public Key Algorithm", i); + } + + if(!result) + result = X509V3_ext(data, i, cinf->extensions); - X509V3_ext(data, i, cinf->extensions); + if(result) + break; psig = x->signature; } #endif ASN1_TIME_print(mem, X509_get0_notBefore(x)); - push_certinfo("Start date", i); + result = push_certinfo(data, mem, "Start date", i); + if(result) + break; ASN1_TIME_print(mem, X509_get0_notAfter(x)); - push_certinfo("Expire date", i); + result = push_certinfo(data, mem, "Expire date", i); + if(result) + break; pubkey = X509_get_pubkey(x); if(!pubkey) @@ -512,8 +544,7 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) pktype = pubkey->type; #endif switch(pktype) { - case EVP_PKEY_RSA: - { + case EVP_PKEY_RSA: { #ifndef HAVE_EVP_PKEY_GET_PARAMS RSA *rsa; #ifdef HAVE_OPAQUE_EVP_PKEY @@ -537,7 +568,9 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) #else BIO_printf(mem, "%d", rsa->n ? BN_num_bits(rsa->n) : 0); #endif /* HAVE_OPAQUE_RSA_DSA_DH */ - push_certinfo("RSA Public Key", i); + result = push_certinfo(data, mem, "RSA Public Key", i); + if(result) + break; print_pubkey_BN(rsa, n, i); print_pubkey_BN(rsa, e, i); FREE_PKEY_PARAM_BIGNUM(n); @@ -585,8 +618,7 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) #endif /* !OPENSSL_NO_DSA */ break; } - case EVP_PKEY_DH: - { + case EVP_PKEY_DH: { #ifndef HAVE_EVP_PKEY_GET_PARAMS DH *dh; #ifdef HAVE_OPAQUE_EVP_PKEY @@ -629,19 +661,25 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) EVP_PKEY_free(pubkey); } - if(psig) { + if(!result && psig) { for(j = 0; j < psig->length; j++) BIO_printf(mem, "%02x:", psig->data[j]); - push_certinfo("Signature", i); + result = push_certinfo(data, mem, "Signature", i); } - PEM_write_bio_X509(mem, x); - push_certinfo("Cert", i); + if(!result) { + PEM_write_bio_X509(mem, x); + result = push_certinfo(data, mem, "Cert", i); + } } BIO_free(mem); - return CURLE_OK; + if(result) + /* cleanup all leftovers */ + Curl_ssl_free_certinfo(data); + + return result; } #endif /* quiche or OpenSSL */ @@ -723,7 +761,8 @@ static int ossl_bio_cf_out_write(BIO *bio, const char *buf, int blen) if(blen < 0) return 0; - nwritten = Curl_conn_cf_send(cf->next, data, buf, (size_t)blen, &result); + nwritten = Curl_conn_cf_send(cf->next, data, buf, (size_t)blen, FALSE, + &result); CURL_TRC_CF(data, cf, "ossl_bio_cf_out_write(len=%d) -> %d, err=%d", blen, (int)nwritten, result); BIO_clear_retry_flags(bio); @@ -877,7 +916,7 @@ ossl_log_tls12_secret(const SSL *ssl, bool *keylog_done) if(master_key_length <= 0) return; - *keylog_done = true; + *keylog_done = TRUE; Curl_tls_keylog_write("CLIENT_RANDOM", client_random, master_key, master_key_length); } @@ -976,7 +1015,7 @@ static int passwd_callback(char *buf, int num, int encrypting, */ static bool rand_enough(void) { - return (0 != RAND_status()) ? TRUE : FALSE; + return (0 != RAND_status()); } static CURLcode ossl_seed(struct Curl_easy *data) @@ -997,12 +1036,6 @@ static CURLcode ossl_seed(struct Curl_easy *data) return CURLE_SSL_CONNECT_ERROR; #else -#ifdef RANDOM_FILE - RAND_load_file(RANDOM_FILE, RAND_LOAD_LENGTH); - if(rand_enough()) - return CURLE_OK; -#endif - /* fallback to a custom seeding of the PRNG using a hash based on a current time */ do { @@ -1049,7 +1082,7 @@ static CURLcode ossl_seed(struct Curl_easy *data) #ifndef SSL_FILETYPE_PKCS12 #define SSL_FILETYPE_PKCS12 43 #endif -static int do_file_type(const char *type) +static int ossl_do_file_type(const char *type) { if(!type || !type[0]) return SSL_FILETYPE_PEM; @@ -1271,7 +1304,7 @@ int cert_stuff(struct Curl_easy *data, char error_buffer[256]; bool check_privkey = TRUE; - int file_type = do_file_type(cert_type); + int file_type = ossl_do_file_type(cert_type); if(cert_file || cert_blob || (file_type == SSL_FILETYPE_ENGINE)) { SSL *ssl; @@ -1512,7 +1545,7 @@ int cert_stuff(struct Curl_easy *data, key_blob = cert_blob; } else - file_type = do_file_type(key_type); + file_type = ossl_do_file_type(key_type); switch(file_type) { case SSL_FILETYPE_PEM: @@ -1525,7 +1558,8 @@ int cert_stuff(struct Curl_easy *data, SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type); if(cert_use_result != 1) { failf(data, "unable to set private key file: '%s' type %s", - key_file?key_file:"(memory blob)", key_type?key_type:"PEM"); + key_file ? key_file : "(memory blob)", + key_type ? key_type : "PEM"); return 0; } break; @@ -1646,46 +1680,24 @@ int cert_stuff(struct Curl_easy *data, return 1; } -CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data, SSL_CTX *ctx, - char *cert_file, - const struct curl_blob *cert_blob, - const char *cert_type, char *key_file, - const struct curl_blob *key_blob, - const char *key_type, char *key_passwd) -{ - int rv = cert_stuff(data, ctx, cert_file, cert_blob, cert_type, key_file, - key_blob, key_type, key_passwd); - if(rv != 1) { - return CURLE_SSL_CERTPROBLEM; - } - - return CURLE_OK; -} - /* returns non-zero on failure */ -static int x509_name_oneline(X509_NAME *a, char *buf, size_t size) +static CURLcode x509_name_oneline(X509_NAME *a, struct dynbuf *d) { BIO *bio_out = BIO_new(BIO_s_mem()); BUF_MEM *biomem; int rc; - - if(!bio_out) - return 1; /* alloc failed! */ - - rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC); - BIO_get_mem_ptr(bio_out, &biomem); - - if((size_t)biomem->length < size) - size = biomem->length; - else - size--; /* do not overwrite the buffer end */ - - memcpy(buf, biomem->data, size); - buf[size] = 0; - - BIO_free(bio_out); - - return !rc; + CURLcode result = CURLE_OUT_OF_MEMORY; + + if(bio_out) { + Curl_dyn_reset(d); + rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC); + if(rc != -1) { + BIO_get_mem_ptr(bio_out, &biomem); + result = Curl_dyn_addn(d, biomem->data, biomem->length); + BIO_free(bio_out); + } + } + return result; } /** @@ -1878,7 +1890,7 @@ static CURLcode ossl_shutdown(struct Curl_cfilter *cf, struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; CURLcode result = CURLE_OK; char buf[1024]; - int nread, err; + int nread = -1, err; unsigned long sslerr; size_t i; @@ -1919,15 +1931,27 @@ static CURLcode ossl_shutdown(struct Curl_cfilter *cf, goto out; } } - if(send_shutdown && SSL_shutdown(octx->ssl) == 1) { + } + + /* SSL should now have started the shutdown from our side. Since it + * was not complete, we are lacking the close notify from the server. */ + if(send_shutdown && !(SSL_get_shutdown(octx->ssl) & SSL_SENT_SHUTDOWN)) { + ERR_clear_error(); + CURL_TRC_CF(data, cf, "send SSL close notify"); + if(SSL_shutdown(octx->ssl) == 1) { CURL_TRC_CF(data, cf, "SSL shutdown finished"); *done = TRUE; goto out; } + if(SSL_ERROR_WANT_WRITE == SSL_get_error(octx->ssl, nread)) { + CURL_TRC_CF(data, cf, "SSL shutdown still wants to send"); + connssl->io_need = CURL_SSL_IO_NEED_SEND; + goto out; + } + /* Having sent the close notify, we use SSL_read() to get the + * missing close notify from the server. */ } - /* SSL should now have started the shutdown from our side. Since it - * was not complete, we are lacking the close notify from the server. */ for(i = 0; i < 10; ++i) { ERR_clear_error(); nread = SSL_read(octx->ssl, buf, (int)sizeof(buf)); @@ -1935,15 +1959,13 @@ static CURLcode ossl_shutdown(struct Curl_cfilter *cf, if(nread <= 0) break; } - if(SSL_get_shutdown(octx->ssl) & SSL_RECEIVED_SHUTDOWN) { - CURL_TRC_CF(data, cf, "SSL shutdown received, finished"); - *done = TRUE; - goto out; - } err = SSL_get_error(octx->ssl, nread); switch(err) { case SSL_ERROR_ZERO_RETURN: /* no more data */ - CURL_TRC_CF(data, cf, "SSL shutdown not received, but closed"); + if(SSL_shutdown(octx->ssl) == 1) + CURL_TRC_CF(data, cf, "SSL shutdown finished"); + else + CURL_TRC_CF(data, cf, "SSL shutdown not received, but closed"); *done = TRUE; break; case SSL_ERROR_NONE: /* just did not get anything */ @@ -2003,7 +2025,7 @@ static void ossl_session_free(void *sessionid, size_t idsize) { /* free the ID */ (void)idsize; - SSL_SESSION_free(sessionid); + free(sessionid); } /* @@ -2077,8 +2099,9 @@ static bool subj_alt_hostcheck(struct Curl_easy *data, This function is now used from ngtcp2 (QUIC) as well. */ -CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, - struct ssl_peer *peer, X509 *server_cert) +static CURLcode ossl_verifyhost(struct Curl_easy *data, + struct connectdata *conn, + struct ssl_peer *peer, X509 *server_cert) { bool matched = FALSE; int target; /* target type, GEN_DNS or GEN_IPADD */ @@ -2210,8 +2233,9 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, /* we have to look to the last occurrence of a commonName in the distinguished one to get the most significant one. */ int i = -1; - unsigned char *peer_CN = NULL; - int peerlen = 0; + unsigned char *cn = NULL; + int cnlen = 0; + bool free_cn = FALSE; /* The following is done because of a bug in 0.9.6b */ X509_NAME *name = X509_get_subject_name(server_cert); @@ -2235,21 +2259,17 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, conditional in the future when OpenSSL has been fixed. */ if(tmp) { if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { - peerlen = ASN1_STRING_length(tmp); - if(peerlen >= 0) { - peer_CN = OPENSSL_malloc(peerlen + 1); - if(peer_CN) { - memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen); - peer_CN[peerlen] = '\0'; - } - else - result = CURLE_OUT_OF_MEMORY; - } + cnlen = ASN1_STRING_length(tmp); + cn = (unsigned char *) ASN1_STRING_get0_data(tmp); + } + else { /* not a UTF8 name */ + cnlen = ASN1_STRING_to_UTF8(&cn, tmp); + free_cn = TRUE; } - else /* not a UTF8 name */ - peerlen = ASN1_STRING_to_UTF8(&peer_CN, tmp); - if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != peerlen)) { + if((cnlen <= 0) || !cn) + result = CURLE_OUT_OF_MEMORY; + else if((size_t)cnlen != strlen((char *)cn)) { /* there was a terminating zero before the end of string, this cannot match and we return failure! */ failf(data, "SSL: illegal cert name field"); @@ -2261,22 +2281,22 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, if(result) /* error already detected, pass through */ ; - else if(!peer_CN) { + else if(!cn) { failf(data, "SSL: unable to obtain common name from peer certificate"); result = CURLE_PEER_FAILED_VERIFICATION; } - else if(!Curl_cert_hostcheck((const char *)peer_CN, - peerlen, peer->hostname, hostlen)) { + else if(!Curl_cert_hostcheck((const char *)cn, cnlen, + peer->hostname, hostlen)) { failf(data, "SSL: certificate subject name '%s' does not match " - "target hostname '%s'", peer_CN, peer->dispname); + "target hostname '%s'", cn, peer->dispname); result = CURLE_PEER_FAILED_VERIFICATION; } else { - infof(data, " common name: %s (matched)", peer_CN); + infof(data, " common name: %s (matched)", cn); } - if(peer_CN) - OPENSSL_free(peer_CN); + if(free_cn) + OPENSSL_free(cn); } return result; @@ -2661,11 +2681,9 @@ static void ossl_trace(int direction, int ssl_ver, int content_type, txt_len = msnprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n", - verstr, direction?"OUT":"IN", + verstr, direction ? "OUT" : "IN", tls_rt_name, msg_name, msg_type); - if(0 <= txt_len && (unsigned)txt_len < sizeof(ssl_buf)) { - Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len); - } + Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len); } Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT : @@ -2868,6 +2886,9 @@ CURLcode Curl_ossl_add_session(struct Curl_cfilter *cf, { const struct ssl_config_data *config; CURLcode result = CURLE_OK; + size_t der_session_size; + unsigned char *der_session_buf; + unsigned char *der_session_ptr; if(!cf || !data) goto out; @@ -2875,16 +2896,32 @@ CURLcode Curl_ossl_add_session(struct Curl_cfilter *cf, config = Curl_ssl_cf_get_config(cf, data); if(config->primary.cache_session) { + der_session_size = i2d_SSL_SESSION(session, NULL); + if(der_session_size == 0) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } + + der_session_buf = der_session_ptr = malloc(der_session_size); + if(!der_session_buf) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } + + der_session_size = i2d_SSL_SESSION(session, &der_session_ptr); + if(der_session_size == 0) { + result = CURLE_OUT_OF_MEMORY; + free(der_session_buf); + goto out; + } + Curl_ssl_sessionid_lock(data); - result = Curl_ssl_set_sessionid(cf, data, peer, session, 0, - ossl_session_free); - session = NULL; /* call has taken ownership */ + result = Curl_ssl_set_sessionid(cf, data, peer, NULL, der_session_buf, + der_session_size, ossl_session_free); Curl_ssl_sessionid_unlock(data); } out: - if(session) - ossl_session_free(session, 0); return result; } @@ -2898,10 +2935,10 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) struct ssl_connect_data *connssl; cf = (struct Curl_cfilter*) SSL_get_app_data(ssl); - connssl = cf? cf->ctx : NULL; - data = connssl? CF_DATA_CURRENT(cf) : NULL; + connssl = cf ? cf->ctx : NULL; + data = connssl ? CF_DATA_CURRENT(cf) : NULL; Curl_ossl_add_session(cf, data, &connssl->peer, ssl_sessionid); - return 1; + return 0; } static CURLcode load_cacert_from_memory(X509_STORE *store, @@ -2969,7 +3006,7 @@ static CURLcode import_windows_cert_store(struct Curl_easy *data, CURLcode result = CURLE_OK; HCERTSTORE hStore; - *imported = false; + *imported = FALSE; hStore = CertOpenSystemStoreA(0, name); if(hStore) { @@ -2991,20 +3028,19 @@ static CURLcode import_windows_cert_store(struct Curl_easy *data, BYTE key_usage[2]; DWORD req_size; const unsigned char *encoded_cert; -#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) - char cert_name[256]; -#endif - pContext = CertEnumCertificatesInStore(hStore, pContext); if(!pContext) break; #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) - if(!CertGetNameStringA(pContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, - NULL, cert_name, sizeof(cert_name))) { - strcpy(cert_name, "Unknown"); + else { + char cert_name[256]; + if(!CertGetNameStringA(pContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, + NULL, cert_name, sizeof(cert_name))) + infof(data, "SSL: unknown cert name"); + else + infof(data, "SSL: Checking cert \"%s\"", cert_name); } - infof(data, "SSL: Checking cert \"%s\"", cert_name); #endif encoded_cert = (const unsigned char *)pContext->pbCertEncoded; if(!encoded_cert) @@ -3057,12 +3093,12 @@ static CURLcode import_windows_cert_store(struct Curl_easy *data, } else { DWORD i; - bool found = false; + bool found = FALSE; for(i = 0; i < enhkey_usage->cUsageIdentifier; ++i) { if(!strcmp("1.3.6.1.5.5.7.3.1" /* OID server auth */, enhkey_usage->rgpszUsageIdentifier[i])) { - found = true; + found = TRUE; break; } } @@ -3086,9 +3122,9 @@ static CURLcode import_windows_cert_store(struct Curl_easy *data, not OpenSSL. */ if(X509_STORE_add_cert(store, x509) == 1) { #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) - infof(data, "SSL: Imported cert \"%s\"", cert_name); + infof(data, "SSL: Imported cert"); #endif - *imported = true; + *imported = TRUE; } X509_free(x509); } @@ -3120,11 +3156,11 @@ static CURLcode populate_x509_store(struct Curl_cfilter *cf, const char * const ssl_capath = conn_config->CApath; const char * const ssl_crlfile = ssl_config->primary.CRLfile; const bool verifypeer = conn_config->verifypeer; - bool imported_native_ca = false; - bool imported_ca_info_blob = false; + bool imported_native_ca = FALSE; + bool imported_ca_info_blob = FALSE; CURL_TRC_CF(data, cf, "populate_x509_store, path=%s, blob=%d", - ssl_cafile? ssl_cafile : "none", !!ca_info_blob); + ssl_cafile ? ssl_cafile : "none", !!ca_info_blob); if(!store) return CURLE_OUT_OF_MEMORY; @@ -3142,14 +3178,14 @@ static CURLcode populate_x509_store(struct Curl_cfilter *cf, }; size_t i; for(i = 0; i < ARRAYSIZE(storeNames); ++i) { - bool imported = false; + bool imported = FALSE; result = import_windows_cert_store(data, storeNames[i], store, &imported); if(result) return result; if(imported) { infof(data, "successfully imported Windows %s store", storeNames[i]); - imported_native_ca = true; + imported_native_ca = TRUE; } else infof(data, "error importing Windows %s store, continuing anyway", @@ -3164,7 +3200,7 @@ static CURLcode populate_x509_store(struct Curl_cfilter *cf, return result; } else { - imported_ca_info_blob = true; + imported_ca_info_blob = TRUE; infof(data, "successfully imported CA certificate blob"); } } @@ -3328,9 +3364,9 @@ static X509_STORE *get_cached_x509_store(struct Curl_cfilter *cf, X509_STORE *store = NULL; DEBUGASSERT(multi); - share = multi? Curl_hash_pick(&multi->proto_hash, - (void *)MPROTO_OSSL_X509_KEY, - sizeof(MPROTO_OSSL_X509_KEY)-1) : NULL; + share = multi ? Curl_hash_pick(&multi->proto_hash, + (void *)MPROTO_OSSL_X509_KEY, + sizeof(MPROTO_OSSL_X509_KEY)-1) : NULL; if(share && share->store && !cached_x509_store_expired(data, share) && !cached_x509_store_different(cf, share)) { @@ -3451,7 +3487,9 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, const char *ciphers; SSL_METHOD_QUAL SSL_METHOD *req_method = NULL; ctx_option_t ctx_options = 0; - void *ssl_sessionid = NULL; + SSL_SESSION *ssl_session = NULL; + const unsigned char *der_sessionid = NULL; + size_t der_sessionid_size = 0; struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); const long int ssl_version_min = conn_config->version; @@ -3631,6 +3669,11 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, SSL_CTX_set_options(octx->ssl_ctx, ctx_options); +#ifdef SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER + /* We do retry writes sometimes from another buffer address */ + SSL_CTX_set_mode(octx->ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); +#endif + #ifdef HAS_ALPN if(alpn && alpn_len) { if(SSL_CTX_set_alpn_protos(octx->ssl_ctx, alpn, (int)alpn_len)) { @@ -3754,10 +3797,10 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, return result; octx->x509_store_setup = TRUE; } - Curl_set_in_callback(data, true); + Curl_set_in_callback(data, TRUE); result = (*data->set.ssl.fsslctx)(data, octx->ssl_ctx, data->set.ssl.fsslctxp); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, FALSE); if(result) { failf(data, "error signaled by ssl ctx callback"); return result; @@ -3897,7 +3940,7 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, if(data->set.tls_ech & CURLECH_HARD) return CURLE_SSL_CONNECT_ERROR; } - Curl_resolv_unlock(data, dns); + Curl_resolv_unlink(data, &dns); } } # ifdef OPENSSL_IS_BORINGSSL @@ -3929,20 +3972,31 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, #endif octx->reused_session = FALSE; - if(ssl_config->primary.cache_session && transport == TRNSPRT_TCP) { + if(ssl_config->primary.cache_session) { Curl_ssl_sessionid_lock(data); - if(!Curl_ssl_getsessionid(cf, data, peer, &ssl_sessionid, NULL)) { + if(!Curl_ssl_getsessionid(cf, data, peer, (void **)&der_sessionid, + &der_sessionid_size, NULL)) { /* we got a session id, use it! */ - if(!SSL_set_session(octx->ssl, ssl_sessionid)) { + ssl_session = d2i_SSL_SESSION(NULL, &der_sessionid, + (long)der_sessionid_size); + if(ssl_session) { + if(!SSL_set_session(octx->ssl, ssl_session)) { + Curl_ssl_sessionid_unlock(data); + SSL_SESSION_free(ssl_session); + failf(data, "SSL: SSL_set_session failed: %s", + ossl_strerror(ERR_get_error(), error_buffer, + sizeof(error_buffer))); + return CURLE_SSL_CONNECT_ERROR; + } + SSL_SESSION_free(ssl_session); + /* Informational message */ + infof(data, "SSL reusing session ID"); + octx->reused_session = TRUE; + } + else { Curl_ssl_sessionid_unlock(data); - failf(data, "SSL: SSL_set_session failed: %s", - ossl_strerror(ERR_get_error(), error_buffer, - sizeof(error_buffer))); return CURLE_SSL_CONNECT_ERROR; } - /* Informational message */ - infof(data, "SSL reusing session ID"); - octx->reused_session = TRUE; } Curl_ssl_sessionid_unlock(data); } @@ -4110,30 +4164,34 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, <0 is "handshake was not successful, because a fatal error occurred" */ if(1 != err) { int detail = SSL_get_error(octx->ssl, err); + CURL_TRC_CF(data, cf, "SSL_connect() -> err=%d, detail=%d", err, detail); if(SSL_ERROR_WANT_READ == detail) { + CURL_TRC_CF(data, cf, "SSL_connect() -> want recv"); connssl->io_need = CURL_SSL_IO_NEED_RECV; return CURLE_OK; } if(SSL_ERROR_WANT_WRITE == detail) { + CURL_TRC_CF(data, cf, "SSL_connect() -> want send"); connssl->io_need = CURL_SSL_IO_NEED_SEND; return CURLE_OK; } #ifdef SSL_ERROR_WANT_ASYNC if(SSL_ERROR_WANT_ASYNC == detail) { + CURL_TRC_CF(data, cf, "SSL_connect() -> want async"); + connssl->io_need = CURL_SSL_IO_NEED_RECV; connssl->connecting_state = ssl_connect_2; return CURLE_OK; } #endif #ifdef SSL_ERROR_WANT_RETRY_VERIFY if(SSL_ERROR_WANT_RETRY_VERIFY == detail) { + CURL_TRC_CF(data, cf, "SSL_connect() -> want retry_verify"); + connssl->io_need = CURL_SSL_IO_NEED_RECV; connssl->connecting_state = ssl_connect_2; return CURLE_OK; } #endif - if(octx->io_result == CURLE_AGAIN) { - return CURLE_OK; - } else { /* untreated error */ sslerr_t errdetail; @@ -4166,10 +4224,10 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, "SSL certificate problem: %s", X509_verify_cert_error_string(lerr)); } - else - /* strcpy() is fine here as long as the string fits within - error_buffer */ - strcpy(error_buffer, "SSL certificate verification failed"); + else { + failf(data, "%s", "SSL certificate verification failed"); + return result; + } } #if defined(SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED) /* SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED is only available on @@ -4179,7 +4237,8 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, /* If client certificate is required, communicate the error to client */ result = CURLE_SSL_CLIENTCERT; - ossl_strerror(errdetail, error_buffer, sizeof(error_buffer)); + failf(data, "TLS cert problem: %s", + ossl_strerror(errdetail, error_buffer, sizeof(error_buffer))); } #endif #ifdef USE_ECH @@ -4194,12 +4253,14 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, ossl_trace_ech_retry_configs(data, octx->ssl, reason); result = CURLE_ECH_REQUIRED; - ossl_strerror(errdetail, error_buffer, sizeof(error_buffer)); + failf(data, "ECH required: %s", + ossl_strerror(errdetail, error_buffer, sizeof(error_buffer))); } #endif else { result = CURLE_SSL_CONNECT_ERROR; - ossl_strerror(errdetail, error_buffer, sizeof(error_buffer)); + failf(data, "TLS connect error: %s", + ossl_strerror(errdetail, error_buffer, sizeof(error_buffer))); } /* detail is already set to the SSL error above */ @@ -4220,9 +4281,6 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, return result; } - /* Could be a CERT problem */ - failf(data, "%s", error_buffer); - return result; } } @@ -4247,7 +4305,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, infof(data, "SSL connection using %s / %s / %s / %s", SSL_get_version(octx->ssl), SSL_get_cipher(octx->ssl), - negotiated_group_name? negotiated_group_name : "[blank]", + negotiated_group_name ? negotiated_group_name : "[blank]", OBJ_nid2sn(psigtype_nid)); #ifdef USE_ECH @@ -4291,9 +4349,9 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, infof(data, "ECH: unexpected status %d",rv); } infof(data, "ECH: result: status is %s, inner is %s, outer is %s", - (status?status:"NULL"), - (inner?inner:"NULL"), - (outer?outer:"NULL")); + (status ? status : "NULL"), + (inner ? inner : "NULL"), + (outer ? outer : "NULL")); OPENSSL_free(inner); OPENSSL_free(outer); if(rv == SSL_ECH_STATUS_GREASE_ECH) { @@ -4321,7 +4379,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, unsigned int len; SSL_get0_alpn_selected(octx->ssl, &neg_protocol, &len); - return Curl_alpn_set_negotiated(cf, data, neg_protocol, len); + return Curl_alpn_set_negotiated(cf, data, connssl, neg_protocol, len); } #endif @@ -4456,6 +4514,8 @@ static void infof_certstack(struct Curl_easy *data, const SSL *ssl) #define infof_certstack(data, ssl) #endif +#define MAX_CERT_NAME_LENGTH 2048 + CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf, struct Curl_easy *data, struct ossl_ctx *octx, @@ -4465,18 +4525,19 @@ CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf, struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); CURLcode result = CURLE_OK; - int rc; long lerr; X509 *issuer; BIO *fp = NULL; char error_buffer[256]=""; - char buffer[2048]; const char *ptr; BIO *mem = BIO_new(BIO_s_mem()); bool strict = (conn_config->verifypeer || conn_config->verifyhost); + struct dynbuf dname; DEBUGASSERT(octx); + Curl_dyn_init(&dname, MAX_CERT_NAME_LENGTH); + if(!mem) { failf(data, "BIO_new return NULL, " OSSL_PACKAGE @@ -4488,7 +4549,7 @@ CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf, if(data->set.ssl.certinfo) /* asked to gather certificate info */ - (void)Curl_ossl_certchain(data, octx->ssl); + (void)ossl_certchain(data, octx->ssl); octx->server_cert = SSL_get1_peer_certificate(octx->ssl); if(!octx->server_cert) { @@ -4501,11 +4562,11 @@ CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf, } infof(data, "%s certificate:", - Curl_ssl_cf_is_proxy(cf)? "Proxy" : "Server"); + Curl_ssl_cf_is_proxy(cf) ? "Proxy" : "Server"); - rc = x509_name_oneline(X509_get_subject_name(octx->server_cert), - buffer, sizeof(buffer)); - infof(data, " subject: %s", rc?"[NONE]":buffer); + result = x509_name_oneline(X509_get_subject_name(octx->server_cert), + &dname); + infof(data, " subject: %s", result ? "[NONE]" : Curl_dyn_ptr(&dname)); #ifndef CURL_DISABLE_VERBOSE_STRINGS { @@ -4525,23 +4586,25 @@ CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf, BIO_free(mem); if(conn_config->verifyhost) { - result = Curl_ossl_verifyhost(data, conn, peer, octx->server_cert); + result = ossl_verifyhost(data, conn, peer, octx->server_cert); if(result) { X509_free(octx->server_cert); octx->server_cert = NULL; + Curl_dyn_free(&dname); return result; } } - rc = x509_name_oneline(X509_get_issuer_name(octx->server_cert), - buffer, sizeof(buffer)); - if(rc) { + result = x509_name_oneline(X509_get_issuer_name(octx->server_cert), + &dname); + if(result) { if(strict) failf(data, "SSL: could not get X509-issuer name"); result = CURLE_PEER_FAILED_VERIFICATION; } else { - infof(data, " issuer: %s", buffer); + infof(data, " issuer: %s", Curl_dyn_ptr(&dname)); + Curl_dyn_free(&dname); /* We could do all sorts of certificate verification stuff here before deallocating the certificate. */ @@ -4634,7 +4697,6 @@ CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf, else infof(data, " SSL certificate verify ok."); } - infof_certstack(data, octx->ssl); #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \ @@ -4650,7 +4712,7 @@ CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf, bool incache; Curl_ssl_sessionid_lock(data); incache = !(Curl_ssl_getsessionid(cf, data, peer, - &old_ssl_sessionid, NULL)); + &old_ssl_sessionid, NULL, NULL)); if(incache) { infof(data, "Remove session ID again from cache"); Curl_ssl_delsessionid(data, old_ssl_sessionid); @@ -4670,8 +4732,8 @@ CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf, result = CURLE_OK; #ifndef CURL_DISABLE_PROXY - ptr = Curl_ssl_cf_is_proxy(cf)? - data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]: + ptr = Curl_ssl_cf_is_proxy(cf) ? + data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] : data->set.str[STRING_SSL_PINNEDPUBLICKEY]; #else ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY]; @@ -4721,6 +4783,7 @@ static CURLcode ossl_connect_common(struct Curl_cfilter *cf, curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data); int what; + connssl->io_need = CURL_SSL_IO_NEED_NONE; /* check if the connection has already been established */ if(ssl_connection_complete == connssl->state) { *done = TRUE; @@ -4756,11 +4819,10 @@ static CURLcode ossl_connect_common(struct Curl_cfilter *cf, /* if ssl is expecting something, check if it is available. */ if(!nonblocking && connssl->io_need) { - - curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND)? - sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV)? - sockfd:CURL_SOCKET_BAD; + curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND) ? + sockfd : CURL_SOCKET_BAD; + curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV) ? + sockfd : CURL_SOCKET_BAD; what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, timeout_ms); @@ -4867,6 +4929,7 @@ static ssize_t ossl_send(struct Curl_cfilter *cf, ERR_clear_error(); + connssl->io_need = CURL_SSL_IO_NEED_NONE; memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; rc = SSL_write(octx->ssl, mem, memlen); @@ -4875,10 +4938,11 @@ static ssize_t ossl_send(struct Curl_cfilter *cf, switch(err) { case SSL_ERROR_WANT_READ: + connssl->io_need = CURL_SSL_IO_NEED_RECV; + *curlcode = CURLE_AGAIN; + rc = -1; + goto out; case SSL_ERROR_WANT_WRITE: - /* The operation did not complete; the same TLS/SSL I/O function - should be called again later. This is basically an EWOULDBLOCK - equivalent. */ *curlcode = CURLE_AGAIN; rc = -1; goto out; @@ -4950,6 +5014,7 @@ static ssize_t ossl_recv(struct Curl_cfilter *cf, ERR_clear_error(); + connssl->io_need = CURL_SSL_IO_NEED_NONE; buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; nread = (ssize_t)SSL_read(octx->ssl, buf, buffsize); @@ -4968,8 +5033,11 @@ static ssize_t ossl_recv(struct Curl_cfilter *cf, connclose(conn, "TLS close_notify"); break; case SSL_ERROR_WANT_READ: + *curlcode = CURLE_AGAIN; + nread = -1; + goto out; case SSL_ERROR_WANT_WRITE: - /* there is data pending, re-invoke SSL_read() */ + connssl->io_need = CURL_SSL_IO_NEED_SEND; *curlcode = CURLE_AGAIN; nread = -1; goto out; @@ -5032,6 +5100,90 @@ static ssize_t ossl_recv(struct Curl_cfilter *cf, return nread; } +static CURLcode ossl_get_channel_binding(struct Curl_easy *data, int sockindex, + struct dynbuf *binding) +{ + /* required for X509_get_signature_nid support */ +#if OPENSSL_VERSION_NUMBER > 0x10100000L + X509 *cert; + int algo_nid; + const EVP_MD *algo_type; + const char *algo_name; + unsigned int length; + unsigned char buf[EVP_MAX_MD_SIZE]; + + const char prefix[] = "tls-server-end-point:"; + struct connectdata *conn = data->conn; + struct Curl_cfilter *cf = conn->cfilter[sockindex]; + struct ossl_ctx *octx = NULL; + + do { + const struct Curl_cftype *cft = cf->cft; + struct ssl_connect_data *connssl = cf->ctx; + + if(cft->name && !strcmp(cft->name, "SSL")) { + octx = (struct ossl_ctx *)connssl->backend; + break; + } + + if(cf->next) + cf = cf->next; + + } while(cf->next); + + if(!octx) { + failf(data, "Failed to find the SSL filter"); + return CURLE_BAD_FUNCTION_ARGUMENT; + } + + cert = SSL_get1_peer_certificate(octx->ssl); + if(!cert) { + /* No server certificate, don't do channel binding */ + return CURLE_OK; + } + + if(!OBJ_find_sigid_algs(X509_get_signature_nid(cert), &algo_nid, NULL)) { + failf(data, + "Unable to find digest NID for certificate signature algorithm"); + return CURLE_SSL_INVALIDCERTSTATUS; + } + + /* https://datatracker.ietf.org/doc/html/rfc5929#section-4.1 */ + if(algo_nid == NID_md5 || algo_nid == NID_sha1) { + algo_type = EVP_sha256(); + } + else { + algo_type = EVP_get_digestbynid(algo_nid); + if(!algo_type) { + algo_name = OBJ_nid2sn(algo_nid); + failf(data, "Could not find digest algorithm %s (NID %d)", + algo_name ? algo_name : "(null)", algo_nid); + return CURLE_SSL_INVALIDCERTSTATUS; + } + } + + if(!X509_digest(cert, algo_type, buf, &length)) { + failf(data, "X509_digest() failed"); + return CURLE_SSL_INVALIDCERTSTATUS; + } + + /* Append "tls-server-end-point:" */ + if(Curl_dyn_addn(binding, prefix, sizeof(prefix) - 1) != CURLE_OK) + return CURLE_OUT_OF_MEMORY; + /* Append digest */ + if(Curl_dyn_addn(binding, buf, length)) + return CURLE_OUT_OF_MEMORY; + + return CURLE_OK; +#else + /* No X509_get_signature_nid support */ + (void)data; /* unused */ + (void)sockindex; /* unused */ + (void)binding; /* unused */ + return CURLE_OK; +#endif +} + static size_t ossl_version(char *buffer, size_t size) { #ifdef LIBRESSL_VERSION_NUMBER @@ -5052,9 +5204,9 @@ static size_t ossl_version(char *buffer, size_t size) #else return msnprintf(buffer, size, "%s/%lx.%lx.%lx", OSSL_PACKAGE, - (LIBRESSL_VERSION_NUMBER>>28)&0xf, - (LIBRESSL_VERSION_NUMBER>>20)&0xff, - (LIBRESSL_VERSION_NUMBER>>12)&0xff); + (LIBRESSL_VERSION_NUMBER >> 28) & 0xf, + (LIBRESSL_VERSION_NUMBER >> 20) & 0xff, + (LIBRESSL_VERSION_NUMBER >> 12) & 0xff); #endif #elif defined(OPENSSL_IS_BORINGSSL) #ifdef CURL_BORINGSSL_VERSION @@ -5105,9 +5257,9 @@ static size_t ossl_version(char *buffer, size_t size) #endif , OSSL_PACKAGE, - (ssleay_value>>28)&0xf, - (ssleay_value>>20)&0xff, - (ssleay_value>>12)&0xff, + (ssleay_value >> 28) & 0xf, + (ssleay_value >> 20) & 0xff, + (ssleay_value >> 12) & 0xff, sub); #endif /* OPENSSL_IS_BORINGSSL */ } @@ -5189,7 +5341,8 @@ const struct Curl_ssl Curl_ssl_openssl = { SSLSUPP_ECH | #endif SSLSUPP_CA_CACHE | - SSLSUPP_HTTPS_PROXY, + SSLSUPP_HTTPS_PROXY | + SSLSUPP_CIPHER_LIST, sizeof(struct ossl_ctx), @@ -5220,6 +5373,7 @@ const struct Curl_ssl Curl_ssl_openssl = { NULL, /* remote of data from this connection */ ossl_recv, /* recv decrypted data */ ossl_send, /* send data to encrypt */ + ossl_get_channel_binding /* get_channel_binding */ }; #endif /* USE_OPENSSL */ diff --git a/libraries/libcurl/vtls/openssl.h b/libraries/libcurl/vtls/openssl.h index b0d78478..7aba947d 100644 --- a/libraries/libcurl/vtls/openssl.h +++ b/libraries/libcurl/vtls/openssl.h @@ -74,19 +74,8 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, #define SSL_get1_peer_certificate SSL_get_peer_certificate #endif -CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, - struct ssl_peer *peer, X509 *server_cert); extern const struct Curl_ssl Curl_ssl_openssl; -CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data, - SSL_CTX *ctx, char *cert_file, - const struct curl_blob *cert_blob, - const char *cert_type, char *key_file, - const struct curl_blob *key_blob, - const char *key_type, char *key_passwd); - -CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl); - /** * Setup the OpenSSL X509_STORE in `ssl_ctx` for the cfilter `cf` and * easy handle `data`. Will allow reuse of a shared cache if suitable diff --git a/libraries/libcurl/vtls/rustls.c b/libraries/libcurl/vtls/rustls.c index bdcd08ab..5d143486 100644 --- a/libraries/libcurl/vtls/rustls.c +++ b/libraries/libcurl/vtls/rustls.c @@ -37,10 +37,13 @@ #include "sendf.h" #include "vtls.h" #include "vtls_int.h" +#include "rustls.h" #include "select.h" #include "strerror.h" #include "multiif.h" #include "connect.h" /* for the connect timeout */ +#include "cipher_suite.h" +#include "rand.h" struct rustls_ssl_backend_data { @@ -115,7 +118,8 @@ write_cb(void *userdata, const uint8_t *buf, uintptr_t len, uintptr_t *out_n) CURLcode result; int ret = 0; ssize_t nwritten = Curl_conn_cf_send(io_ctx->cf->next, io_ctx->data, - (const char *)buf, len, &result); + (const char *)buf, len, FALSE, + &result); if(nwritten < 0) { nwritten = 0; if(CURLE_AGAIN == result) @@ -174,14 +178,14 @@ static ssize_t tls_recv_more(struct Curl_cfilter *cf, /* * On each run: - * - Read a chunk of bytes from the socket into rustls' TLS input buffer. - * - Tell rustls to process any new packets. - * - Read out as many plaintext bytes from rustls as possible, until hitting + * - Read a chunk of bytes from the socket into Rustls' TLS input buffer. + * - Tell Rustls to process any new packets. + * - Read out as many plaintext bytes from Rustls as possible, until hitting * error, EOF, or EAGAIN/EWOULDBLOCK, or plainbuf/plainlen is filled up. * * it is okay to call this function with plainbuf == NULL and plainlen == 0. In - * that case, it will copy bytes from the socket into rustls' TLS input - * buffer, and process packets, but will not consume bytes from rustls' + * that case, it will copy bytes from the socket into Rustls' TLS input + * buffer, and process packets, but will not consume bytes from Rustls' * plaintext output buffer. */ static ssize_t @@ -213,15 +217,15 @@ cr_recv(struct Curl_cfilter *cf, struct Curl_easy *data, } rresult = rustls_connection_read(rconn, - (uint8_t *)plainbuf + plain_bytes_copied, - plainlen - plain_bytes_copied, - &n); + (uint8_t *)plainbuf + plain_bytes_copied, + plainlen - plain_bytes_copied, + &n); if(rresult == RUSTLS_RESULT_PLAINTEXT_EMPTY) { backend->data_in_pending = FALSE; } else if(rresult == RUSTLS_RESULT_UNEXPECTED_EOF) { failf(data, "rustls: peer closed TCP connection " - "without first closing TLS connection"); + "without first closing TLS connection"); *err = CURLE_RECV_ERROR; nread = -1; goto out; @@ -305,13 +309,13 @@ static CURLcode cr_flush_out(struct Curl_cfilter *cf, struct Curl_easy *data, /* * On each call: - * - Copy `plainlen` bytes into rustls' plaintext input buffer (if > 0). - * - Fully drain rustls' plaintext output buffer into the socket until + * - Copy `plainlen` bytes into Rustls' plaintext input buffer (if > 0). + * - Fully drain Rustls' plaintext output buffer into the socket until * we get either an error or EAGAIN/EWOULDBLOCK. * * it is okay to call this function with plainbuf == NULL and plainlen == 0. - * In that case, it will not read anything into rustls' plaintext input buffer. - * It will only drain rustls' plaintext output buffer into the socket. + * In that case, it will not read anything into Rustls' plaintext input buffer. + * It will only drain Rustls' plaintext output buffer into the socket. */ static ssize_t cr_send(struct Curl_cfilter *cf, struct Curl_easy *data, @@ -356,7 +360,7 @@ cr_send(struct Curl_cfilter *cf, struct Curl_easy *data, } if(blen > 0) { - CURL_TRC_CF(data, cf, "cf_send: adding %zu plain bytes to rustls", blen); + CURL_TRC_CF(data, cf, "cf_send: adding %zu plain bytes to Rustls", blen); rresult = rustls_connection_write(rconn, buf, blen, &plainwritten); if(rresult != RUSTLS_RESULT_OK) { rustls_error(rresult, errorbuf, sizeof(errorbuf), &errorlen); @@ -375,9 +379,9 @@ cr_send(struct Curl_cfilter *cf, struct Curl_easy *data, if(*err) { if(CURLE_AGAIN == *err) { /* The TLS bytes may have been partially written, but we fail the - * complete send() and remember how much we already added to rustls. */ + * complete send() and remember how much we already added to Rustls. */ CURL_TRC_CF(data, cf, "cf_send: EAGAIN, remember we added %zu plain" - " bytes already to rustls", blen); + " bytes already to Rustls", blen); backend->plain_out_buffered = plainwritten; if(nwritten) { *err = CURLE_OK; @@ -394,7 +398,7 @@ cr_send(struct Curl_cfilter *cf, struct Curl_easy *data, return nwritten; } -/* A server certificate verify callback for rustls that always returns +/* A server certificate verify callback for Rustls that always returns RUSTLS_RESULT_OK, or in other words disable certificate verification. */ static uint32_t cr_verify_none(void *userdata UNUSED_PARAM, @@ -403,20 +407,119 @@ cr_verify_none(void *userdata UNUSED_PARAM, return RUSTLS_RESULT_OK; } -static bool -cr_hostname_is_ip(const char *hostname) +static int +read_file_into(const char *filename, + struct dynbuf *out) { - struct in_addr in; -#ifdef USE_IPV6 - struct in6_addr in6; - if(Curl_inet_pton(AF_INET6, hostname, &in6) > 0) { - return true; + FILE *f = fopen(filename, FOPEN_READTEXT); + if(!f) { + return 0; + } + + while(!feof(f)) { + uint8_t buf[256]; + size_t rr = fread(buf, 1, sizeof(buf), f); + if(rr == 0 || + CURLE_OK != Curl_dyn_addn(out, buf, rr)) { + fclose(f); + return 0; + } + } + + return fclose(f) == 0; +} + +static void +cr_get_selected_ciphers(struct Curl_easy *data, + const char *ciphers12, + const char *ciphers13, + const struct rustls_supported_ciphersuite **selected, + size_t *selected_size) +{ + size_t supported_len = *selected_size; + size_t default_len = rustls_default_crypto_provider_ciphersuites_len(); + const struct rustls_supported_ciphersuite *entry; + const char *ciphers = ciphers12; + size_t count = 0, default13_count = 0, i, j; + const char *ptr, *end; + + DEBUGASSERT(default_len <= supported_len); + + if(!ciphers13) { + /* Add default TLSv1.3 ciphers to selection */ + for(j = 0; j < default_len; j++) { + entry = rustls_default_crypto_provider_ciphersuites_get(j); + if(rustls_supported_ciphersuite_protocol_version(entry) != + RUSTLS_TLS_VERSION_TLSV1_3) + continue; + + selected[count++] = entry; + } + + default13_count = count; + + if(!ciphers) + ciphers = ""; + } + else + ciphers = ciphers13; + +add_ciphers: + for(ptr = ciphers; ptr[0] != '\0' && count < supported_len; ptr = end) { + uint16_t id = Curl_cipher_suite_walk_str(&ptr, &end); + + /* Check if cipher is supported */ + if(id) { + for(i = 0; i < supported_len; i++) { + entry = rustls_default_crypto_provider_ciphersuites_get(i); + if(rustls_supported_ciphersuite_get_suite(entry) == id) + break; + } + if(i == supported_len) + id = 0; + } + if(!id) { + if(ptr[0] != '\0') + infof(data, "rustls: unknown cipher in list: \"%.*s\"", + (int) (end - ptr), ptr); + continue; + } + + /* No duplicates allowed (so selected cannot overflow) */ + for(i = 0; i < count && selected[i] != entry; i++); + if(i < count) { + if(i >= default13_count) + infof(data, "rustls: duplicate cipher in list: \"%.*s\"", + (int) (end - ptr), ptr); + continue; + } + + selected[count++] = entry; + } + + if(ciphers == ciphers13 && ciphers12) { + ciphers = ciphers12; + goto add_ciphers; } -#endif /* USE_IPV6 */ - if(Curl_inet_pton(AF_INET, hostname, &in) > 0) { - return true; + + if(!ciphers12) { + /* Add default TLSv1.2 ciphers to selection */ + for(j = 0; j < default_len; j++) { + entry = rustls_default_crypto_provider_ciphersuites_get(j); + if(rustls_supported_ciphersuite_protocol_version(entry) == + RUSTLS_TLS_VERSION_TLSV1_3) + continue; + + /* No duplicates allowed (so selected cannot overflow) */ + for(i = 0; i < count && selected[i] != entry; i++); + if(i < count) + continue; + + selected[count++] = entry; + } } - return false; + + *selected_size = count; } static CURLcode @@ -425,6 +528,8 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, { struct ssl_connect_data *connssl = cf->ctx; struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); + struct rustls_crypto_provider_builder *custom_provider_builder = NULL; + const struct rustls_crypto_provider *custom_provider = NULL; struct rustls_connection *rconn = NULL; struct rustls_client_config_builder *config_builder = NULL; const struct rustls_root_cert_store *roots = NULL; @@ -436,7 +541,6 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */ (ca_info_blob ? NULL : conn_config->CAfile); const bool verifypeer = conn_config->verifypeer; - const char *hostname = connssl->peer.hostname; char errorbuf[256]; size_t errorlen; rustls_result result; @@ -444,7 +548,106 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, DEBUGASSERT(backend); rconn = backend->conn; - config_builder = rustls_client_config_builder_new(); + { + uint16_t tls_versions[2] = { + RUSTLS_TLS_VERSION_TLSV1_2, + RUSTLS_TLS_VERSION_TLSV1_3, + }; + size_t tls_versions_len = 2; + const struct rustls_supported_ciphersuite **cipher_suites; + size_t cipher_suites_len = + rustls_default_crypto_provider_ciphersuites_len(); + + switch(conn_config->version) { + case CURL_SSLVERSION_DEFAULT: + case CURL_SSLVERSION_TLSv1: + case CURL_SSLVERSION_TLSv1_0: + case CURL_SSLVERSION_TLSv1_1: + case CURL_SSLVERSION_TLSv1_2: + break; + case CURL_SSLVERSION_TLSv1_3: + tls_versions[0] = RUSTLS_TLS_VERSION_TLSV1_3; + tls_versions_len = 1; + break; + default: + failf(data, "rustls: unsupported minimum TLS version value"); + return CURLE_BAD_FUNCTION_ARGUMENT; + } + + switch(conn_config->version_max) { + case CURL_SSLVERSION_MAX_DEFAULT: + case CURL_SSLVERSION_MAX_NONE: + case CURL_SSLVERSION_MAX_TLSv1_3: + break; + case CURL_SSLVERSION_MAX_TLSv1_2: + if(tls_versions[0] == RUSTLS_TLS_VERSION_TLSV1_2) { + tls_versions_len = 1; + break; + } + FALLTHROUGH(); + case CURL_SSLVERSION_MAX_TLSv1_1: + case CURL_SSLVERSION_MAX_TLSv1_0: + default: + failf(data, "rustls: unsupported maximum TLS version value"); + return CURLE_BAD_FUNCTION_ARGUMENT; + } + + cipher_suites = malloc(sizeof(cipher_suites) * (cipher_suites_len)); + if(!cipher_suites) + return CURLE_OUT_OF_MEMORY; + + cr_get_selected_ciphers(data, + conn_config->cipher_list, + conn_config->cipher_list13, + cipher_suites, &cipher_suites_len); + if(cipher_suites_len == 0) { + failf(data, "rustls: no supported cipher in list"); + free(cipher_suites); + return CURLE_SSL_CIPHER; + } + + result = rustls_crypto_provider_builder_new_from_default( + &custom_provider_builder); + if(result != RUSTLS_RESULT_OK) { + failf(data, + "rustls: failed to create crypto provider builder from default"); + return CURLE_SSL_CIPHER; + } + + result = + rustls_crypto_provider_builder_set_cipher_suites( + custom_provider_builder, + cipher_suites, + cipher_suites_len); + if(result != RUSTLS_RESULT_OK) { + failf(data, + "rustls: failed to set ciphersuites for crypto provider builder"); + rustls_crypto_provider_builder_free(custom_provider_builder); + return CURLE_SSL_CIPHER; + } + + result = rustls_crypto_provider_builder_build( + custom_provider_builder, &custom_provider); + if(result != RUSTLS_RESULT_OK) { + failf(data, "rustls: failed to build custom crypto provider"); + rustls_crypto_provider_builder_free(custom_provider_builder); + return CURLE_SSL_CIPHER; + } + + result = rustls_client_config_builder_new_custom(custom_provider, + tls_versions, + tls_versions_len, + &config_builder); + free(cipher_suites); + if(result != RUSTLS_RESULT_OK) { + failf(data, "rustls: failed to create client config"); + return CURLE_SSL_CIPHER; + } + } + + rustls_crypto_provider_builder_free(custom_provider_builder); + rustls_crypto_provider_free(custom_provider); + if(connssl->alpn) { struct alpn_proto_buf proto; rustls_slice_bytes alpn[ALPN_ENTRIES_MAX]; @@ -462,14 +665,6 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, if(!verifypeer) { rustls_client_config_builder_dangerous_set_certificate_verifier( config_builder, cr_verify_none); - /* rustls does not support IP addresses (as of 0.19.0), and will reject - * connections created with an IP address, even when certificate - * verification is turned off. Set a placeholder hostname and disable - * SNI. */ - if(cr_hostname_is_ip(hostname)) { - rustls_client_config_builder_set_enable_sni(config_builder, false); - hostname = "example.invalid"; - } } else if(ca_info_blob || ssl_cafile) { roots_builder = rustls_root_cert_store_builder_new(); @@ -483,8 +678,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, if(result != RUSTLS_RESULT_OK) { failf(data, "rustls: failed to parse trusted certificates from blob"); rustls_root_cert_store_builder_free(roots_builder); - rustls_client_config_free( - rustls_client_config_builder_build(config_builder)); + rustls_client_config_builder_free(config_builder); return CURLE_SSL_CACERT_BADFILE; } } @@ -495,8 +689,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, if(result != RUSTLS_RESULT_OK) { failf(data, "rustls: failed to load trusted certificates"); rustls_root_cert_store_builder_free(roots_builder); - rustls_client_config_free( - rustls_client_config_builder_build(config_builder)); + rustls_client_config_builder_free(config_builder); return CURLE_SSL_CACERT_BADFILE; } } @@ -504,30 +697,60 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, result = rustls_root_cert_store_builder_build(roots_builder, &roots); rustls_root_cert_store_builder_free(roots_builder); if(result != RUSTLS_RESULT_OK) { - failf(data, "rustls: failed to load trusted certificates"); - rustls_client_config_free( - rustls_client_config_builder_build(config_builder)); + failf(data, "rustls: failed to build trusted root certificate store"); + rustls_client_config_builder_free(config_builder); return CURLE_SSL_CACERT_BADFILE; } verifier_builder = rustls_web_pki_server_cert_verifier_builder_new(roots); + rustls_root_cert_store_free(roots); + + if(conn_config->CRLfile) { + struct dynbuf crl_contents; + Curl_dyn_init(&crl_contents, SIZE_MAX); + if(!read_file_into(conn_config->CRLfile, &crl_contents)) { + failf(data, "rustls: failed to read revocation list file"); + Curl_dyn_free(&crl_contents); + rustls_web_pki_server_cert_verifier_builder_free(verifier_builder); + return CURLE_SSL_CRL_BADFILE; + } + + result = rustls_web_pki_server_cert_verifier_builder_add_crl( + verifier_builder, + Curl_dyn_uptr(&crl_contents), + Curl_dyn_len(&crl_contents)); + Curl_dyn_free(&crl_contents); + if(result != RUSTLS_RESULT_OK) { + failf(data, "rustls: failed to parse revocation list"); + rustls_web_pki_server_cert_verifier_builder_free(verifier_builder); + return CURLE_SSL_CRL_BADFILE; + } + } result = rustls_web_pki_server_cert_verifier_builder_build( verifier_builder, &server_cert_verifier); rustls_web_pki_server_cert_verifier_builder_free(verifier_builder); if(result != RUSTLS_RESULT_OK) { - failf(data, "rustls: failed to load trusted certificates"); + failf(data, "rustls: failed to build certificate verifier"); rustls_server_cert_verifier_free(server_cert_verifier); - rustls_client_config_free( - rustls_client_config_builder_build(config_builder)); + rustls_client_config_builder_free(config_builder); return CURLE_SSL_CACERT_BADFILE; } rustls_client_config_builder_set_server_verifier(config_builder, server_cert_verifier); + rustls_server_cert_verifier_free(server_cert_verifier); + } + + result = rustls_client_config_builder_build( + config_builder, + &backend->config); + if(result != RUSTLS_RESULT_OK) { + failf(data, "rustls: failed to build client config"); + rustls_client_config_free(backend->config); + return CURLE_SSL_CONNECT_ERROR; } - backend->config = rustls_client_config_builder_build(config_builder); DEBUGASSERT(rconn == NULL); result = rustls_client_connection_new(backend->config, connssl->peer.hostname, &rconn); @@ -546,11 +769,12 @@ static void cr_set_negotiated_alpn(struct Curl_cfilter *cf, struct Curl_easy *data, const struct rustls_connection *rconn) { + struct ssl_connect_data *const connssl = cf->ctx; const uint8_t *protocol = NULL; size_t len = 0; rustls_connection_get_alpn_protocol(rconn, &protocol, &len); - Curl_alpn_set_negotiated(cf, data, protocol, len); + Curl_alpn_set_negotiated(cf, data, connssl, protocol, len); } /* Given an established network connection, do a TLS handshake. @@ -602,13 +826,12 @@ cr_connect_common(struct Curl_cfilter *cf, /* Read/write data until the handshake is done or the socket would block. */ for(;;) { /* - * Connection has been established according to rustls. Set send/recv + * Connection has been established according to Rustls. Set send/recv * handlers, and update the state machine. */ connssl->io_need = CURL_SSL_IO_NEED_NONE; if(!rustls_connection_is_handshaking(rconn)) { - infof(data, "Done handshaking"); - /* rustls claims it is no longer handshaking *before* it has + /* Rustls claims it is no longer handshaking *before* it has * send its FINISHED message off. We attempt to let it write * one more time. Oh my. */ @@ -622,6 +845,19 @@ cr_connect_common(struct Curl_cfilter *cf, return tmperr; } /* REALLY Done with the handshake. */ + { + uint16_t proto = rustls_connection_get_protocol_version(rconn); + uint16_t cipher = rustls_connection_get_negotiated_ciphersuite(rconn); + char buf[64] = ""; + const char *ver = "TLS version unknown"; + if(proto == RUSTLS_TLS_VERSION_TLSV1_3) + ver = "TLSv1.3"; + if(proto == RUSTLS_TLS_VERSION_TLSV1_2) + ver = "TLSv1.2"; + Curl_cipher_suite_get_str(cipher, buf, sizeof(buf), TRUE); + infof(data, "rustls: handshake complete, %s, cipher: %s", + ver, buf); + } connssl->state = ssl_connection_complete; *done = TRUE; return CURLE_OK; @@ -632,8 +868,8 @@ cr_connect_common(struct Curl_cfilter *cf, wants_write = rustls_connection_wants_write(rconn) || backend->plain_out_buffered; DEBUGASSERT(wants_read || wants_write); - writefd = wants_write?sockfd:CURL_SOCKET_BAD; - readfd = wants_read?sockfd:CURL_SOCKET_BAD; + writefd = wants_write ? sockfd : CURL_SOCKET_BAD; + readfd = wants_read ? sockfd : CURL_SOCKET_BAD; /* check allowed time left */ timeout_ms = Curl_timeleft(data, NULL, TRUE); @@ -644,7 +880,7 @@ cr_connect_common(struct Curl_cfilter *cf, return CURLE_OPERATION_TIMEDOUT; } - socket_check_timeout = blocking?timeout_ms:0; + socket_check_timeout = blocking ? timeout_ms : 0; what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, socket_check_timeout); @@ -654,13 +890,13 @@ cr_connect_common(struct Curl_cfilter *cf, return CURLE_SSL_CONNECT_ERROR; } if(blocking && 0 == what) { - failf(data, "rustls connection timeout after %" - CURL_FORMAT_TIMEDIFF_T " ms", socket_check_timeout); + failf(data, "rustls: connection timeout after %" FMT_TIMEDIFF_T " ms", + socket_check_timeout); return CURLE_OPERATION_TIMEDOUT; } if(0 == what) { CURL_TRC_CF(data, cf, "Curl_socket_check: %s would block", - wants_read&&wants_write ? "writing and reading" : + wants_read && wants_write ? "writing and reading" : wants_write ? "writing" : "reading"); if(wants_write) connssl->io_need |= CURL_SSL_IO_NEED_SEND; @@ -701,7 +937,7 @@ cr_connect_common(struct Curl_cfilter *cf, /* We should never fall through the loop. We should return either because the handshake is done or because we cannot read/write without blocking. */ - DEBUGASSERT(false); + DEBUGASSERT(FALSE); } static CURLcode @@ -822,10 +1058,22 @@ static size_t cr_version(char *buffer, size_t size) return msnprintf(buffer, size, "%.*s", (int)ver.len, ver.data); } +static CURLcode +cr_random(struct Curl_easy *data, unsigned char *entropy, size_t length) +{ + rustls_result rresult = 0; + (void)data; + rresult = + rustls_default_crypto_provider_random(entropy, length); + return map_error(rresult); +} + const struct Curl_ssl Curl_ssl_rustls = { { CURLSSLBACKEND_RUSTLS, "rustls" }, SSLSUPP_CAINFO_BLOB | /* supports */ - SSLSUPP_HTTPS_PROXY, + SSLSUPP_HTTPS_PROXY | + SSLSUPP_CIPHER_LIST | + SSLSUPP_TLS13_CIPHERSUITES, sizeof(struct rustls_ssl_backend_data), Curl_none_init, /* init */ @@ -834,7 +1082,7 @@ const struct Curl_ssl Curl_ssl_rustls = { Curl_none_check_cxn, /* check_cxn */ cr_shutdown, /* shutdown */ cr_data_pending, /* data_pending */ - Curl_none_random, /* random */ + cr_random, /* random */ Curl_none_cert_status_request, /* cert_status_request */ cr_connect_blocking, /* connect */ cr_connect_nonblocking, /* connect_nonblocking */ @@ -851,6 +1099,7 @@ const struct Curl_ssl Curl_ssl_rustls = { NULL, /* disassociate_connection */ cr_recv, /* recv decrypted data */ cr_send, /* send data to encrypt */ + NULL, /* get_channel_binding */ }; #endif /* USE_RUSTLS */ diff --git a/libraries/libcurl/vtls/schannel.c b/libraries/libcurl/vtls/schannel.c index f9bb2f82..2085f709 100644 --- a/libraries/libcurl/vtls/schannel.c +++ b/libraries/libcurl/vtls/schannel.c @@ -59,6 +59,17 @@ #include "curl_memory.h" #include "memdebug.h" +/* Some verbose debug messages are wrapped by SCH_DEV() instead of DEBUGF() + * and only shown if CURL_SCHANNEL_DEV_DEBUG was defined at build time. These + * messages are extra verbose and intended for curl developers debugging + * Schannel recv decryption. + */ +#ifdef CURL_SCHANNEL_DEV_DEBUG +#define SCH_DEV(x) x +#else +#define SCH_DEV(x) do { } while(0) +#endif + /* ALPN requires version 8.1 of the Windows SDK, which was shipped with Visual Studio 2013, aka _MSC_VER 1800: @@ -968,7 +979,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, #endif sspi_status = - s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR*)UNISP_NAME, + Curl_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR*)UNISP_NAME, SECPKG_CRED_OUTBOUND, NULL, &credentials, NULL, NULL, &backend->cred->cred_handle, @@ -1015,7 +1026,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, #endif sspi_status = - s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR*)UNISP_NAME, + Curl_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR*)UNISP_NAME, SECPKG_CRED_OUTBOUND, NULL, &schannel_cred, NULL, NULL, &backend->cred->cred_handle, @@ -1083,30 +1094,30 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) #ifdef HAS_ALPN /* ALPN is only supported on Windows 8.1 / Server 2012 R2 and above. - Also it does not seem to be supported for Wine, see curl bug #983. */ + Also it does not seem to be supported for WINE, see curl bug #983. */ backend->use_alpn = connssl->alpn && !GetProcAddress(GetModuleHandle(TEXT("ntdll")), "wine_get_version") && curlx_verify_windows_version(6, 3, 0, PLATFORM_WINNT, VERSION_GREATER_THAN_EQUAL); #else - backend->use_alpn = false; + backend->use_alpn = FALSE; #endif #ifdef _WIN32_WCE #ifdef HAS_MANUAL_VERIFY_API /* certificate validation on CE does not seem to work right; we will * do it following a more manual process. */ - backend->use_manual_cred_validation = true; + backend->use_manual_cred_validation = TRUE; #else -#error "compiler too old to support requisite manual cert verify for Win CE" +#error "compiler too old to support Windows CE requisite manual cert verify" #endif #else #ifdef HAS_MANUAL_VERIFY_API if(conn_config->CAfile || conn_config->ca_info_blob) { if(curlx_verify_windows_version(6, 1, 0, PLATFORM_WINNT, VERSION_GREATER_THAN_EQUAL)) { - backend->use_manual_cred_validation = true; + backend->use_manual_cred_validation = TRUE; } else { failf(data, "schannel: this version of Windows is too old to support " @@ -1115,7 +1126,7 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) } } else - backend->use_manual_cred_validation = false; + backend->use_manual_cred_validation = FALSE; #else if(conn_config->CAfile || conn_config->ca_info_blob) { failf(data, "schannel: CA cert support not built in"); @@ -1130,7 +1141,7 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) if(ssl_config->primary.cache_session) { Curl_ssl_sessionid_lock(data); if(!Curl_ssl_getsessionid(cf, data, &connssl->peer, - (void **)&old_cred, NULL)) { + (void **)&old_cred, NULL, NULL)) { backend->cred = old_cred; DEBUGF(infof(data, "schannel: reusing existing credential handle")); @@ -1153,7 +1164,7 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) /* A hostname associated with the credential is needed by InitializeSecurityContext for SNI and other reasons. */ - snihost = connssl->peer.sni? connssl->peer.sni : connssl->peer.hostname; + snihost = connssl->peer.sni ? connssl->peer.sni : connssl->peer.hostname; backend->cred->sni_hostname = curlx_convert_UTF8_to_tchar(snihost); if(!backend->cred->sni_hostname) return CURLE_OUT_OF_MEMORY; @@ -1242,10 +1253,10 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) https://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx At the moment we do not pass inbuf unless we are using ALPN since we only - use it for that, and Wine (for which we currently disable ALPN) is giving + use it for that, and WINE (for which we currently disable ALPN) is giving us problems with inbuf regardless. https://github.com/curl/curl/issues/983 */ - sspi_status = s_pSecFn->InitializeSecurityContext( + sspi_status = Curl_pSecFn->InitializeSecurityContext( &backend->cred->cred_handle, NULL, backend->cred->sni_hostname, backend->req_flags, 0, 0, (backend->use_alpn ? &inbuf_desc : NULL), @@ -1287,9 +1298,9 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) /* send initial handshake data which is now stored in output buffer */ written = Curl_conn_cf_send(cf->next, data, - outbuf.pvBuffer, outbuf.cbBuffer, + outbuf.pvBuffer, outbuf.cbBuffer, FALSE, &result); - s_pSecFn->FreeContextBuffer(outbuf.pvBuffer); + Curl_pSecFn->FreeContextBuffer(outbuf.pvBuffer); if((result != CURLE_OK) || (outbuf.cbBuffer != (size_t) written)) { failf(data, "schannel: failed to send initial handshake data: " "sent %zd of %lu bytes", written, outbuf.cbBuffer); @@ -1300,10 +1311,10 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) "sent %zd bytes", written)); backend->recv_unrecoverable_err = CURLE_OK; - backend->recv_sspi_close_notify = false; - backend->recv_connection_closed = false; - backend->recv_renegotiating = false; - backend->encdata_is_incomplete = false; + backend->recv_sspi_close_notify = FALSE; + backend->recv_connection_closed = FALSE; + backend->recv_renegotiating = FALSE; + backend->encdata_is_incomplete = FALSE; /* continue to second handshake step */ connssl->connecting_state = ssl_connect_2; @@ -1332,7 +1343,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) DEBUGASSERT(backend); - doread = (connssl->io_need & CURL_SSL_IO_NEED_SEND)? FALSE : TRUE; + doread = (connssl->io_need & CURL_SSL_IO_NEED_SEND) ? FALSE : TRUE; connssl->io_need = CURL_SSL_IO_NEED_NONE; DEBUGF(infof(data, @@ -1355,7 +1366,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) /* buffer to store previously received and encrypted data */ if(!backend->encdata_buffer) { - backend->encdata_is_incomplete = false; + backend->encdata_is_incomplete = FALSE; backend->encdata_offset = 0; backend->encdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE; backend->encdata_buffer = malloc(backend->encdata_length); @@ -1407,13 +1418,13 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) /* increase encrypted data buffer offset */ backend->encdata_offset += nread; - backend->encdata_is_incomplete = false; - DEBUGF(infof(data, "schannel: encrypted data got %zd", nread)); + backend->encdata_is_incomplete = FALSE; + SCH_DEV(infof(data, "schannel: encrypted data got %zd", nread)); } - DEBUGF(infof(data, - "schannel: encrypted data buffer: offset %zu length %zu", - backend->encdata_offset, backend->encdata_length)); + SCH_DEV(infof(data, + "schannel: encrypted data buffer: offset %zu length %zu", + backend->encdata_offset, backend->encdata_length)); /* setup input buffers */ InitSecBuffer(&inbuf[0], SECBUFFER_TOKEN, malloc(backend->encdata_offset), @@ -1436,7 +1447,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) memcpy(inbuf[0].pvBuffer, backend->encdata_buffer, backend->encdata_offset); - sspi_status = s_pSecFn->InitializeSecurityContext( + sspi_status = Curl_pSecFn->InitializeSecurityContext( &backend->cred->cred_handle, &backend->ctxt->ctxt_handle, backend->cred->sni_hostname, backend->req_flags, 0, 0, &inbuf_desc, 0, NULL, @@ -1447,7 +1458,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) /* check if the handshake was incomplete */ if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) { - backend->encdata_is_incomplete = true; + backend->encdata_is_incomplete = TRUE; connssl->io_need = CURL_SSL_IO_NEED_RECV; DEBUGF(infof(data, "schannel: received incomplete message, need more data")); @@ -1477,7 +1488,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) /* send handshake token to server */ written = Curl_conn_cf_send(cf->next, data, outbuf[i].pvBuffer, outbuf[i].cbBuffer, - &result); + FALSE, &result); if((result != CURLE_OK) || (outbuf[i].cbBuffer != (size_t) written)) { failf(data, "schannel: failed to send next handshake data: " @@ -1488,7 +1499,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) /* free obsolete buffer */ if(outbuf[i].pvBuffer) { - s_pSecFn->FreeContextBuffer(outbuf[i].pvBuffer); + Curl_pSecFn->FreeContextBuffer(outbuf[i].pvBuffer); } } } @@ -1527,8 +1538,8 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) /* check if there was additional remaining encrypted data */ if(inbuf[1].BufferType == SECBUFFER_EXTRA && inbuf[1].cbBuffer > 0) { - DEBUGF(infof(data, "schannel: encrypted data length: %lu", - inbuf[1].cbBuffer)); + SCH_DEV(infof(data, "schannel: encrypted data length: %lu", + inbuf[1].cbBuffer)); /* There are two cases where we could be getting extra data here: 1) If we are renegotiating a connection and the handshake is already @@ -1571,8 +1582,8 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) } #ifndef CURL_DISABLE_PROXY - pubkey_ptr = Curl_ssl_cf_is_proxy(cf)? - data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]: + pubkey_ptr = Curl_ssl_cf_is_proxy(cf) ? + data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] : data->set.str[STRING_SSL_PINNEDPUBLICKEY]; #else pubkey_ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY]; @@ -1617,9 +1628,9 @@ traverse_cert_store(const CERT_CONTEXT *context, Read_crt_func func, void *arg) { const CERT_CONTEXT *current_context = NULL; - bool should_continue = true; - bool first = true; - bool reverse_order = false; + bool should_continue = TRUE; + bool first = TRUE; + bool reverse_order = FALSE; while(should_continue && (current_context = CertEnumCertificatesInStore( context->hCertStore, @@ -1630,9 +1641,9 @@ traverse_cert_store(const CERT_CONTEXT *context, Read_crt_func func, by comparing SECPKG_ATTR_REMOTE_CERT_CONTEXT's pbCertContext with the first certificate's pbCertContext. */ if(first && context->pbCertEncoded != current_context->pbCertEncoded) - reverse_order = true; + reverse_order = TRUE; should_continue = func(current_context, reverse_order, arg); - first = false; + first = FALSE; } if(current_context) @@ -1646,7 +1657,7 @@ cert_counter_callback(const CERT_CONTEXT *ccert_context, bool reverse_order, (void)reverse_order; /* unused */ if(valid_cert_encoding(ccert_context)) (*(int *)certs_count)++; - return true; + return TRUE; } struct Adder_args @@ -1684,7 +1695,7 @@ static void schannel_session_free(void *sessionid, size_t idsize) if(cred) { cred->refcount--; if(cred->refcount == 0) { - s_pSecFn->FreeCredentialsHandle(&cred->cred_handle); + Curl_pSecFn->FreeCredentialsHandle(&cred->cred_handle); curlx_unicodefree(cred->sni_hostname); #ifdef HAS_CLIENT_CERT_PATH if(cred->client_cert_store) { @@ -1739,7 +1750,7 @@ schannel_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data) #ifdef HAS_ALPN if(backend->use_alpn) { sspi_status = - s_pSecFn->QueryContextAttributes(&backend->ctxt->ctxt_handle, + Curl_pSecFn->QueryContextAttributes(&backend->ctxt->ctxt_handle, SECPKG_ATTR_APPLICATION_PROTOCOL, &alpn_result); @@ -1752,7 +1763,7 @@ schannel_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data) SecApplicationProtocolNegotiationStatus_Success) { unsigned char prev_alpn = cf->conn->alpn; - Curl_alpn_set_negotiated(cf, data, alpn_result.ProtocolId, + Curl_alpn_set_negotiated(cf, data, connssl, alpn_result.ProtocolId, alpn_result.ProtocolIdSize); if(backend->recv_renegotiating) { if(prev_alpn != cf->conn->alpn && @@ -1766,7 +1777,7 @@ schannel_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data) } else { if(!backend->recv_renegotiating) - Curl_alpn_set_negotiated(cf, data, NULL, 0); + Curl_alpn_set_negotiated(cf, data, connssl, NULL, 0); } } #endif @@ -1776,7 +1787,8 @@ schannel_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data) Curl_ssl_sessionid_lock(data); /* Up ref count since call takes ownership */ backend->cred->refcount++; - result = Curl_ssl_set_sessionid(cf, data, &connssl->peer, backend->cred, + result = Curl_ssl_set_sessionid(cf, data, &connssl->peer, NULL, + backend->cred, sizeof(struct Curl_schannel_cred), schannel_session_free); Curl_ssl_sessionid_unlock(data); @@ -1787,7 +1799,7 @@ schannel_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data) if(data->set.ssl.certinfo) { int certs_count = 0; sspi_status = - s_pSecFn->QueryContextAttributes(&backend->ctxt->ctxt_handle, + Curl_pSecFn->QueryContextAttributes(&backend->ctxt->ctxt_handle, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &ccert_context); @@ -1863,10 +1875,10 @@ schannel_connect_common(struct Curl_cfilter *cf, /* if ssl is expecting something, check if it is available. */ if(connssl->io_need) { - curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND)? - sockfd : CURL_SOCKET_BAD; - curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV)? - sockfd : CURL_SOCKET_BAD; + curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND) ? + sockfd : CURL_SOCKET_BAD; + curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV) ? + sockfd : CURL_SOCKET_BAD; what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, nonblocking ? 0 : timeout_ms); @@ -1955,7 +1967,7 @@ schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data, /* check if the maximum stream sizes were queried */ if(backend->stream_sizes.cbMaximumMessage == 0) { - sspi_status = s_pSecFn->QueryContextAttributes( + sspi_status = Curl_pSecFn->QueryContextAttributes( &backend->ctxt->ctxt_handle, SECPKG_ATTR_STREAM_SIZES, &backend->stream_sizes); @@ -1994,7 +2006,7 @@ schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data, memcpy(outbuf[1].pvBuffer, buf, len); /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa375390.aspx */ - sspi_status = s_pSecFn->EncryptMessage(&backend->ctxt->ctxt_handle, 0, + sspi_status = Curl_pSecFn->EncryptMessage(&backend->ctxt->ctxt_handle, 0, &outbuf_desc, 0); /* check if the message was encrypted */ @@ -2054,7 +2066,7 @@ schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data, this_write = Curl_conn_cf_send(cf->next, data, ptr + written, len - written, - &result); + FALSE, &result); if(result == CURLE_AGAIN) continue; else if(result != CURLE_OK) { @@ -2109,17 +2121,23 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, * cleanup. The pattern for return error is set *err, optional infof, goto * cleanup. * + * Some verbose debug messages are wrapped by SCH_DEV() instead of DEBUGF() + * and only shown if CURL_SCHANNEL_DEV_DEBUG was defined at build time. These + * messages are extra verbose and intended for curl developers debugging + * Schannel recv decryption. + * * Our priority is to always return as much decrypted data to the caller as * possible, even if an error occurs. The state of the decrypted buffer must * always be valid. Transfer of decrypted data to the caller's buffer is * handled in the cleanup. */ - DEBUGF(infof(data, "schannel: client wants to read %zu bytes", len)); + SCH_DEV(infof(data, "schannel: client wants to read %zu bytes", len)); *err = CURLE_OK; if(len && len <= backend->decdata_offset) { - infof(data, "schannel: enough decrypted data is already available"); + SCH_DEV(infof(data, + "schannel: enough decrypted data is already available")); goto cleanup; } else if(backend->recv_unrecoverable_err) { @@ -2157,13 +2175,13 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, backend->encdata_buffer = reallocated_buffer; backend->encdata_length = reallocated_length; size = backend->encdata_length - backend->encdata_offset; - DEBUGF(infof(data, "schannel: encdata_buffer resized %zu", - backend->encdata_length)); + SCH_DEV(infof(data, "schannel: encdata_buffer resized %zu", + backend->encdata_length)); } - DEBUGF(infof(data, - "schannel: encrypted data buffer: offset %zu length %zu", - backend->encdata_offset, backend->encdata_length)); + SCH_DEV(infof(data, + "schannel: encrypted data buffer: offset %zu length %zu", + backend->encdata_offset, backend->encdata_length)); /* read encrypted data from socket */ nread = Curl_conn_cf_recv(cf->next, data, @@ -2173,27 +2191,25 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, if(*err) { nread = -1; if(*err == CURLE_AGAIN) - DEBUGF(infof(data, - "schannel: recv returned CURLE_AGAIN")); + SCH_DEV(infof(data, "schannel: recv returned CURLE_AGAIN")); else if(*err == CURLE_RECV_ERROR) infof(data, "schannel: recv returned CURLE_RECV_ERROR"); else infof(data, "schannel: recv returned error %d", *err); } else if(nread == 0) { - backend->recv_connection_closed = true; + backend->recv_connection_closed = TRUE; DEBUGF(infof(data, "schannel: server closed the connection")); } else if(nread > 0) { backend->encdata_offset += (size_t)nread; - backend->encdata_is_incomplete = false; - DEBUGF(infof(data, "schannel: encrypted data got %zd", nread)); + backend->encdata_is_incomplete = FALSE; + SCH_DEV(infof(data, "schannel: encrypted data got %zd", nread)); } } - DEBUGF(infof(data, - "schannel: encrypted data buffer: offset %zu length %zu", - backend->encdata_offset, backend->encdata_length)); + SCH_DEV(infof(data, "schannel: encrypted data buffer: offset %zu length %zu", + backend->encdata_offset, backend->encdata_length)); /* decrypt loop */ while(backend->encdata_offset > 0 && sspi_status == SEC_E_OK && @@ -2211,7 +2227,7 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa375348.aspx */ - sspi_status = s_pSecFn->DecryptMessage(&backend->ctxt->ctxt_handle, + sspi_status = Curl_pSecFn->DecryptMessage(&backend->ctxt->ctxt_handle, &inbuf_desc, 0, NULL); /* check if everything went fine (server may want to renegotiate @@ -2221,8 +2237,8 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, /* check for successfully decrypted data, even before actual renegotiation or shutdown of the connection context */ if(inbuf[1].BufferType == SECBUFFER_DATA) { - DEBUGF(infof(data, "schannel: decrypted data length: %lu", - inbuf[1].cbBuffer)); + SCH_DEV(infof(data, "schannel: decrypted data length: %lu", + inbuf[1].cbBuffer)); /* increase buffer in order to fit the received amount of data */ size = inbuf[1].cbBuffer > CURL_SCHANNEL_BUFFER_FREE_SIZE ? @@ -2254,16 +2270,16 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, backend->decdata_offset += size; } - DEBUGF(infof(data, "schannel: decrypted data added: %zu", size)); - DEBUGF(infof(data, - "schannel: decrypted cached: offset %zu length %zu", - backend->decdata_offset, backend->decdata_length)); + SCH_DEV(infof(data, "schannel: decrypted data added: %zu", size)); + SCH_DEV(infof(data, + "schannel: decrypted cached: offset %zu length %zu", + backend->decdata_offset, backend->decdata_length)); } /* check for remaining encrypted data */ if(inbuf[3].BufferType == SECBUFFER_EXTRA && inbuf[3].cbBuffer > 0) { - DEBUGF(infof(data, "schannel: encrypted data length: %lu", - inbuf[3].cbBuffer)); + SCH_DEV(infof(data, "schannel: encrypted data length: %lu", + inbuf[3].cbBuffer)); /* check if the remaining data is less than the total amount * and therefore begins after the already processed data @@ -2277,9 +2293,9 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, backend->encdata_offset = inbuf[3].cbBuffer; } - DEBUGF(infof(data, - "schannel: encrypted cached: offset %zu length %zu", - backend->encdata_offset, backend->encdata_length)); + SCH_DEV(infof(data, + "schannel: encrypted cached: offset %zu length %zu", + backend->encdata_offset, backend->encdata_length)); } else { /* reset encrypted buffer offset, because there is no data remaining */ @@ -2299,9 +2315,9 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, connssl->state = ssl_connection_negotiating; connssl->connecting_state = ssl_connect_2; connssl->io_need = CURL_SSL_IO_NEED_SEND; - backend->recv_renegotiating = true; + backend->recv_renegotiating = TRUE; *err = schannel_connect_common(cf, data, FALSE, &done); - backend->recv_renegotiating = false; + backend->recv_renegotiating = FALSE; if(*err) { infof(data, "schannel: renegotiation failed"); goto cleanup; @@ -2315,25 +2331,30 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, else if(sspi_status == SEC_I_CONTEXT_EXPIRED) { /* In Windows 2000 SEC_I_CONTEXT_EXPIRED (close_notify) is not returned so we have to work around that in cleanup. */ - backend->recv_sspi_close_notify = true; + backend->recv_sspi_close_notify = TRUE; if(!backend->recv_connection_closed) - backend->recv_connection_closed = true; + backend->recv_connection_closed = TRUE; + /* We received the close notify just fine, any error we got + * from the lower filters afterwards (e.g. the socket), is not + * an error on the TLS data stream. That one ended here. */ + if(*err == CURLE_RECV_ERROR) + *err = CURLE_OK; infof(data, "schannel: server close notification received (close_notify)"); goto cleanup; } } else if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) { - backend->encdata_is_incomplete = true; + backend->encdata_is_incomplete = TRUE; if(!*err) *err = CURLE_AGAIN; - infof(data, "schannel: failed to decrypt data, need more data"); + SCH_DEV(infof(data, "schannel: failed to decrypt data, need more data")); goto cleanup; } else { #ifndef CURL_DISABLE_VERBOSE_STRINGS char buffer[STRERROR_LEN]; - infof(data, "schannel: failed to read data from server: %s", + failf(data, "schannel: failed to read data from server: %s", Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); #endif *err = CURLE_RECV_ERROR; @@ -2341,17 +2362,15 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, } } - DEBUGF(infof(data, - "schannel: encrypted data buffer: offset %zu length %zu", - backend->encdata_offset, backend->encdata_length)); + SCH_DEV(infof(data, "schannel: encrypted data buffer: offset %zu length %zu", + backend->encdata_offset, backend->encdata_length)); - DEBUGF(infof(data, - "schannel: decrypted data buffer: offset %zu length %zu", - backend->decdata_offset, backend->decdata_length)); + SCH_DEV(infof(data, "schannel: decrypted data buffer: offset %zu length %zu", + backend->decdata_offset, backend->decdata_length)); cleanup: /* Warning- there is no guarantee the encdata state is valid at this point */ - DEBUGF(infof(data, "schannel: schannel_recv cleanup")); + SCH_DEV(infof(data, "schannel: schannel_recv cleanup")); /* Error if the connection has closed without a close_notify. @@ -2370,10 +2389,10 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, VERSION_EQUAL); if(isWin2k && sspi_status == SEC_E_OK) - backend->recv_sspi_close_notify = true; + backend->recv_sspi_close_notify = TRUE; else { *err = CURLE_RECV_ERROR; - infof(data, "schannel: server closed abruptly (missing close_notify)"); + failf(data, "schannel: server closed abruptly (missing close_notify)"); } } @@ -2387,10 +2406,10 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, memmove(backend->decdata_buffer, backend->decdata_buffer + size, backend->decdata_offset - size); backend->decdata_offset -= size; - DEBUGF(infof(data, "schannel: decrypted data returned %zu", size)); - DEBUGF(infof(data, - "schannel: decrypted data buffer: offset %zu length %zu", - backend->decdata_offset, backend->decdata_length)); + SCH_DEV(infof(data, "schannel: decrypted data returned %zu", size)); + SCH_DEV(infof(data, + "schannel: decrypted data buffer: offset %zu length %zu", + backend->decdata_offset, backend->decdata_length)); *err = CURLE_OK; return (ssize_t)size; } @@ -2498,7 +2517,7 @@ static CURLcode schannel_shutdown(struct Curl_cfilter *cf, InitSecBuffer(&Buffer, SECBUFFER_TOKEN, &dwshut, sizeof(dwshut)); InitSecBufferDesc(&BuffDesc, &Buffer, 1); - sspi_status = s_pSecFn->ApplyControlToken(&backend->ctxt->ctxt_handle, + sspi_status = Curl_pSecFn->ApplyControlToken(&backend->ctxt->ctxt_handle, &BuffDesc); if(sspi_status != SEC_E_OK) { @@ -2513,7 +2532,7 @@ static CURLcode schannel_shutdown(struct Curl_cfilter *cf, InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0); InitSecBufferDesc(&outbuf_desc, &outbuf, 1); - sspi_status = s_pSecFn->InitializeSecurityContext( + sspi_status = Curl_pSecFn->InitializeSecurityContext( &backend->cred->cred_handle, &backend->ctxt->ctxt_handle, backend->cred->sni_hostname, @@ -2531,12 +2550,12 @@ static CURLcode schannel_shutdown(struct Curl_cfilter *cf, /* send close message which is in output buffer */ ssize_t written = Curl_conn_cf_send(cf->next, data, outbuf.pvBuffer, outbuf.cbBuffer, - &result); - s_pSecFn->FreeContextBuffer(outbuf.pvBuffer); + FALSE, &result); + Curl_pSecFn->FreeContextBuffer(outbuf.pvBuffer); if(!result) { if(written < (ssize_t)outbuf.cbBuffer) { /* TODO: handle partial sends */ - infof(data, "schannel: failed to send close msg: %s" + failf(data, "schannel: failed to send close msg: %s" " (bytes written: %zd)", curl_easy_strerror(result), written); result = CURLE_SEND_ERROR; goto out; @@ -2551,7 +2570,7 @@ static CURLcode schannel_shutdown(struct Curl_cfilter *cf, } else { if(!backend->recv_connection_closed) { - infof(data, "schannel: error sending close msg: %d", result); + failf(data, "schannel: error sending close msg: %d", result); result = CURLE_SEND_ERROR; goto out; } @@ -2605,7 +2624,7 @@ static void schannel_close(struct Curl_cfilter *cf, struct Curl_easy *data) /* free SSPI Schannel API security context handle */ if(backend->ctxt) { DEBUGF(infof(data, "schannel: clear security context handle")); - s_pSecFn->DeleteSecurityContext(&backend->ctxt->ctxt_handle); + Curl_pSecFn->DeleteSecurityContext(&backend->ctxt->ctxt_handle); Curl_safefree(backend->ctxt); } @@ -2622,7 +2641,7 @@ static void schannel_close(struct Curl_cfilter *cf, struct Curl_easy *data) Curl_safefree(backend->encdata_buffer); backend->encdata_length = 0; backend->encdata_offset = 0; - backend->encdata_is_incomplete = false; + backend->encdata_is_incomplete = FALSE; } /* free internal buffer for received decrypted data */ @@ -2682,7 +2701,7 @@ static CURLcode schannel_pkp_pin_peer_pubkey(struct Curl_cfilter *cf, struct Curl_asn1Element *pubkey; sspi_status = - s_pSecFn->QueryContextAttributes(&backend->ctxt->ctxt_handle, + Curl_pSecFn->QueryContextAttributes(&backend->ctxt->ctxt_handle, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &pCertContextServer); @@ -2732,7 +2751,7 @@ static void schannel_checksum(const unsigned char *input, DWORD provType, const unsigned int algId) { -#ifdef CURL_WINDOWS_APP +#ifdef CURL_WINDOWS_UWP (void)input; (void)inputlen; (void)provType; @@ -2846,9 +2865,6 @@ HCERTSTORE Curl_schannel_get_cached_cert_store(struct Curl_cfilter *cf, } if(ca_info_blob) { - if(!share->CAinfo_blob_digest) { - return NULL; - } if(share->CAinfo_blob_size != ca_info_blob->len) { return NULL; } @@ -2856,10 +2872,9 @@ HCERTSTORE Curl_schannel_get_cached_cert_store(struct Curl_cfilter *cf, ca_info_blob->len, info_blob_digest, CURL_SHA256_DIGEST_LENGTH); - if(memcmp(share->CAinfo_blob_digest, - info_blob_digest, + if(memcmp(share->CAinfo_blob_digest, info_blob_digest, CURL_SHA256_DIGEST_LENGTH)) { - return NULL; + return NULL; } } else { @@ -2882,7 +2897,6 @@ static void schannel_cert_share_free(void *key, size_t key_len, void *p) if(share->cert_store) { CertCloseStore(share->cert_store, 0); } - free(share->CAinfo_blob_digest); free(share->CAfile); free(share); } @@ -2895,14 +2909,13 @@ bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf, struct Curl_multi *multi = data->multi; const struct curl_blob *ca_info_blob = conn_config->ca_info_blob; struct schannel_cert_share *share; - unsigned char *CAinfo_blob_digest = NULL; size_t CAinfo_blob_size = 0; char *CAfile = NULL; DEBUGASSERT(multi); if(!multi) { - return false; + return FALSE; } share = Curl_hash_pick(&multi->proto_hash, @@ -2911,25 +2924,21 @@ bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf, if(!share) { share = calloc(1, sizeof(*share)); if(!share) { - return false; + return FALSE; } if(!Curl_hash_add2(&multi->proto_hash, (void *)MPROTO_SCHANNEL_CERT_SHARE_KEY, sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY)-1, share, schannel_cert_share_free)) { free(share); - return false; + return FALSE; } } if(ca_info_blob) { - CAinfo_blob_digest = malloc(CURL_SHA256_DIGEST_LENGTH); - if(!CAinfo_blob_digest) { - return false; - } schannel_sha256sum((const unsigned char *)ca_info_blob->data, ca_info_blob->len, - CAinfo_blob_digest, + share->CAinfo_blob_digest, CURL_SHA256_DIGEST_LENGTH); CAinfo_blob_size = ca_info_blob->len; } @@ -2937,7 +2946,7 @@ bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf, if(conn_config->CAfile) { CAfile = strdup(conn_config->CAfile); if(!CAfile) { - return false; + return FALSE; } } } @@ -2946,15 +2955,13 @@ bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf, if(share->cert_store) { CertCloseStore(share->cert_store, 0); } - free(share->CAinfo_blob_digest); free(share->CAfile); share->time = Curl_now(); share->cert_store = cert_store; - share->CAinfo_blob_digest = CAinfo_blob_digest; share->CAinfo_blob_size = CAinfo_blob_size; share->CAfile = CAfile; - return true; + return TRUE; } const struct Curl_ssl Curl_ssl_schannel = { @@ -2964,12 +2971,13 @@ const struct Curl_ssl Curl_ssl_schannel = { #ifdef HAS_MANUAL_VERIFY_API SSLSUPP_CAINFO_BLOB | #endif -#ifndef CURL_WINDOWS_APP +#ifndef CURL_WINDOWS_UWP SSLSUPP_PINNEDPUBKEY | #endif SSLSUPP_TLS13_CIPHERSUITES | SSLSUPP_CA_CACHE | - SSLSUPP_HTTPS_PROXY, + SSLSUPP_HTTPS_PROXY | + SSLSUPP_CIPHER_LIST, sizeof(struct schannel_ssl_backend_data), @@ -2996,6 +3004,7 @@ const struct Curl_ssl Curl_ssl_schannel = { NULL, /* disassociate_connection */ schannel_recv, /* recv decrypted data */ schannel_send, /* send data to encrypt */ + NULL, /* get_channel_binding */ }; #endif /* USE_SCHANNEL */ diff --git a/libraries/libcurl/vtls/schannel_int.h b/libraries/libcurl/vtls/schannel_int.h index b04f1804..81476bc6 100644 --- a/libraries/libcurl/vtls/schannel_int.h +++ b/libraries/libcurl/vtls/schannel_int.h @@ -28,8 +28,10 @@ #ifdef USE_SCHANNEL +#include "vtls.h" + #if (defined(__MINGW32__) || defined(CERT_CHAIN_REVOCATION_CHECK_CHAIN)) \ - && !defined(CURL_WINDOWS_APP) + && !defined(CURL_WINDOWS_UWP) #define HAS_MANUAL_VERIFY_API #endif @@ -165,7 +167,7 @@ struct schannel_ssl_backend_data { #define MPROTO_SCHANNEL_CERT_SHARE_KEY "tls:schannel:cert:share" struct schannel_cert_share { - unsigned char *CAinfo_blob_digest; /* CA info blob digest */ + unsigned char CAinfo_blob_digest[CURL_SHA256_DIGEST_LENGTH]; size_t CAinfo_blob_size; /* CA info blob size */ char *CAfile; /* CAfile path used to generate certificate store */ @@ -174,6 +176,17 @@ struct schannel_cert_share { struct curltime time; /* when the cached store was created */ }; +/* +* size of the structure: 20 bytes. +*/ +struct num_ip_data { + DWORD size; /* 04 bytes */ + union { + struct in_addr ia; /* 04 bytes */ + struct in6_addr ia6; /* 16 bytes */ + } bData; +}; + HCERTSTORE Curl_schannel_get_cached_cert_store(struct Curl_cfilter *cf, const struct Curl_easy *data); diff --git a/libraries/libcurl/vtls/schannel_verify.c b/libraries/libcurl/vtls/schannel_verify.c index 96ad0e51..4b52b8e8 100644 --- a/libraries/libcurl/vtls/schannel_verify.c +++ b/libraries/libcurl/vtls/schannel_verify.c @@ -39,6 +39,7 @@ #include "schannel.h" #include "schannel_int.h" +#include "inet_pton.h" #include "vtls.h" #include "vtls_int.h" #include "sendf.h" @@ -54,7 +55,6 @@ #define BACKEND ((struct schannel_ssl_backend_data *)connssl->backend) - #ifdef HAS_MANUAL_VERIFY_API #define MAX_CAFILE_SIZE 1048576 /* 1 MiB */ @@ -83,7 +83,7 @@ static int is_cr_or_lf(char c) /* Search the substring needle,needlelen into string haystack,haystacklen * Strings do not need to be terminated by a '\0'. - * Similar of OSX/Linux memmem (not available on Visual Studio). + * Similar of macOS/Linux memmem (not available on Visual Studio). * Return position of beginning of first occurrence or NULL if not found */ static const char *c_memmem(const void *haystack, size_t haystacklen, @@ -116,7 +116,7 @@ static CURLcode add_certs_data_to_store(HCERTSTORE trust_store, const char *current_ca_file_ptr = ca_buffer; const char *ca_buffer_limit = ca_buffer + ca_buffer_size; - while(more_certs && (current_ca_file_ptrpCertInfo; - if(!cert_info) { - failf(data, "schannel: Null certificate info."); - return actual_length; - } - - extension = CertFindExtension(szOID_SUBJECT_ALT_NAME2, - cert_info->cExtension, - cert_info->rgExtension); - if(!extension) { - failf(data, "schannel: CertFindExtension() returned no extension."); - return actual_length; - } - - decode_para.cbSize = sizeof(CRYPT_DECODE_PARA); - - ret_val = - CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - szOID_SUBJECT_ALT_NAME2, - extension->Value.pbData, - extension->Value.cbData, - CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, - &decode_para, - &alt_name_info, - &alt_name_info_size); - if(!ret_val) { - failf(data, - "schannel: CryptDecodeObjectEx() returned no alternate name " - "information."); - return actual_length; - } - current_pos = host_names; /* Iterate over the alternate names and populate host_names. */ @@ -452,7 +415,7 @@ static DWORD cert_get_name_string(struct Curl_easy *data, } dns_w = entry->pwszDNSName; /* pwszDNSName is in ia5 string format and hence does not contain any - * non-ascii characters. */ + * non-ASCII characters. */ while(*dns_w != '\0') { *current_pos++ = (TCHAR)(*dns_w++); } @@ -467,6 +430,88 @@ static DWORD cert_get_name_string(struct Curl_easy *data, return actual_length; } +/* +* Returns TRUE if the hostname is a numeric IPv4/IPv6 Address, +* and populates the buffer with IPv4/IPv6 info. +*/ + +static bool get_num_host_info(struct num_ip_data *ip_blob, + LPCSTR hostname) +{ + struct in_addr ia; + struct in6_addr ia6; + bool result = FALSE; + + int res = Curl_inet_pton(AF_INET, hostname, &ia); + if(res) { + ip_blob->size = sizeof(struct in_addr); + memcpy(&ip_blob->bData.ia, &ia, sizeof(struct in_addr)); + result = TRUE; + } + else { + res = Curl_inet_pton(AF_INET6, hostname, &ia6); + if(res) { + ip_blob->size = sizeof(struct in6_addr); + memcpy(&ip_blob->bData.ia6, &ia6, sizeof(struct in6_addr)); + result = TRUE; + } + } + return result; +} + +static bool get_alt_name_info(struct Curl_easy *data, + PCCERT_CONTEXT ctx, + PCERT_ALT_NAME_INFO *alt_name_info, + LPDWORD alt_name_info_size) +{ + bool result = FALSE; +#if defined(CURL_WINDOWS_UWP) + (void)data; + (void)ctx; + (void)alt_name_info; + (void)alt_name_info_size; +#else + PCERT_INFO cert_info = NULL; + PCERT_EXTENSION extension = NULL; + CRYPT_DECODE_PARA decode_para = { sizeof(CRYPT_DECODE_PARA), NULL, NULL }; + + if(!ctx) { + failf(data, "schannel: Null certificate context."); + return result; + } + + cert_info = ctx->pCertInfo; + if(!cert_info) { + failf(data, "schannel: Null certificate info."); + return result; + } + + extension = CertFindExtension(szOID_SUBJECT_ALT_NAME2, + cert_info->cExtension, + cert_info->rgExtension); + if(!extension) { + failf(data, "schannel: CertFindExtension() returned no extension."); + return result; + } + + if(!CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + szOID_SUBJECT_ALT_NAME2, + extension->Value.pbData, + extension->Value.cbData, + CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, + &decode_para, + alt_name_info, + alt_name_info_size)) { + failf(data, + "schannel: CryptDecodeObjectEx() returned no alternate name " + "information."); + return result; + } + result = TRUE; +#endif + return result; +} + /* Verify the server's hostname */ CURLcode Curl_verify_host(struct Curl_cfilter *cf, struct Curl_easy *data) @@ -481,9 +526,15 @@ CURLcode Curl_verify_host(struct Curl_cfilter *cf, size_t hostlen = strlen(conn_hostname); DWORD len = 0; DWORD actual_len = 0; + PCERT_ALT_NAME_INFO alt_name_info = NULL; + DWORD alt_name_info_size = 0; + struct num_ip_data ip_blob = { 0 }; + bool Win8_compat; + struct num_ip_data *p = &ip_blob; + DWORD i; sspi_status = - s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, + Curl_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &pCertContextServer); @@ -491,97 +542,123 @@ CURLcode Curl_verify_host(struct Curl_cfilter *cf, char buffer[STRERROR_LEN]; failf(data, "schannel: Failed to read remote certificate context: %s", Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); - result = CURLE_PEER_FAILED_VERIFICATION; goto cleanup; } - /* Determine the size of the string needed for the cert hostname */ - len = cert_get_name_string(data, pCertContextServer, NULL, 0); - if(len == 0) { - failf(data, - "schannel: CertGetNameString() returned no " - "certificate name information"); - result = CURLE_PEER_FAILED_VERIFICATION; - goto cleanup; + Win8_compat = curlx_verify_windows_version(6, 2, 0, PLATFORM_WINNT, + VERSION_GREATER_THAN_EQUAL); + if(get_num_host_info(p, conn_hostname) || !Win8_compat) { + if(!get_alt_name_info(data, pCertContextServer, + &alt_name_info, &alt_name_info_size)) { + goto cleanup; + } } - /* CertGetNameString guarantees that the returned name will not contain - * embedded null bytes. This appears to be undocumented behavior. - */ - cert_hostname_buff = (LPTSTR)malloc(len * sizeof(TCHAR)); - if(!cert_hostname_buff) { - result = CURLE_OUT_OF_MEMORY; - goto cleanup; + if(p->size) { + for(i = 0; i < alt_name_info->cAltEntry; ++i) { + PCERT_ALT_NAME_ENTRY entry = &alt_name_info->rgAltEntry[i]; + if(entry->dwAltNameChoice == CERT_ALT_NAME_IP_ADDRESS) { + if(entry->IPAddress.cbData == p->size) { + if(!memcmp(entry->IPAddress.pbData, &p->bData, + entry->IPAddress.cbData)) { + result = CURLE_OK; + infof(data, + "schannel: connection hostname (%s) matched cert's IP address!", + conn_hostname); + break; + } + } + } + } } - actual_len = cert_get_name_string( - data, pCertContextServer, (LPTSTR)cert_hostname_buff, len); - /* Sanity check */ - if(actual_len != len) { - failf(data, - "schannel: CertGetNameString() returned certificate " - "name information of unexpected size"); - result = CURLE_PEER_FAILED_VERIFICATION; - goto cleanup; - } + else { + /* Determine the size of the string needed for the cert hostname */ + len = cert_get_name_string(data, pCertContextServer, + NULL, 0, alt_name_info, Win8_compat); + if(len == 0) { + failf(data, + "schannel: CertGetNameString() returned no " + "certificate name information"); + goto cleanup; + } - /* cert_hostname_buff contains all DNS names, where each name is - * null-terminated and the last DNS name is double null-terminated. Due to - * this encoding, use the length of the buffer to iterate over all names. - */ - result = CURLE_PEER_FAILED_VERIFICATION; - while(cert_hostname_buff_index < len && - cert_hostname_buff[cert_hostname_buff_index] != TEXT('\0') && - result == CURLE_PEER_FAILED_VERIFICATION) { + /* CertGetNameString guarantees that the returned name will not contain + * embedded null bytes. This appears to be undocumented behavior. + */ + cert_hostname_buff = (LPTSTR)malloc(len * sizeof(TCHAR)); + if(!cert_hostname_buff) { + result = CURLE_OUT_OF_MEMORY; + goto cleanup; + } + actual_len = cert_get_name_string(data, pCertContextServer, + (LPTSTR)cert_hostname_buff, len, alt_name_info, Win8_compat); - char *cert_hostname; + /* Sanity check */ + if(actual_len != len) { + failf(data, + "schannel: CertGetNameString() returned certificate " + "name information of unexpected size"); + goto cleanup; + } - /* Comparing the cert name and the connection hostname encoded as UTF-8 - * is acceptable since both values are assumed to use ASCII - * (or some equivalent) encoding + /* cert_hostname_buff contains all DNS names, where each name is + * null-terminated and the last DNS name is double null-terminated. Due to + * this encoding, use the length of the buffer to iterate over all names. */ - cert_hostname = curlx_convert_tchar_to_UTF8( + while(cert_hostname_buff_index < len && + cert_hostname_buff[cert_hostname_buff_index] != TEXT('\0') && + result == CURLE_PEER_FAILED_VERIFICATION) { + + char *cert_hostname; + + /* Comparing the cert name and the connection hostname encoded as UTF-8 + * is acceptable since both values are assumed to use ASCII + * (or some equivalent) encoding + */ + cert_hostname = curlx_convert_tchar_to_UTF8( &cert_hostname_buff[cert_hostname_buff_index]); - if(!cert_hostname) { - result = CURLE_OUT_OF_MEMORY; - } - else { - if(Curl_cert_hostcheck(cert_hostname, strlen(cert_hostname), - conn_hostname, hostlen)) { - infof(data, - "schannel: connection hostname (%s) validated " - "against certificate name (%s)", - conn_hostname, cert_hostname); - result = CURLE_OK; + if(!cert_hostname) { + result = CURLE_OUT_OF_MEMORY; } else { - size_t cert_hostname_len; + if(Curl_cert_hostcheck(cert_hostname, strlen(cert_hostname), + conn_hostname, hostlen)) { + infof(data, + "schannel: connection hostname (%s) validated " + "against certificate name (%s)", + conn_hostname, cert_hostname); + result = CURLE_OK; + } + else { + size_t cert_hostname_len; - infof(data, - "schannel: connection hostname (%s) did not match " - "against certificate name (%s)", - conn_hostname, cert_hostname); + infof(data, + "schannel: connection hostname (%s) did not match " + "against certificate name (%s)", + conn_hostname, cert_hostname); - cert_hostname_len = - _tcslen(&cert_hostname_buff[cert_hostname_buff_index]); + cert_hostname_len = + _tcslen(&cert_hostname_buff[cert_hostname_buff_index]); - /* Move on to next cert name */ - cert_hostname_buff_index += cert_hostname_len + 1; + /* Move on to next cert name */ + cert_hostname_buff_index += cert_hostname_len + 1; - result = CURLE_PEER_FAILED_VERIFICATION; + result = CURLE_PEER_FAILED_VERIFICATION; + } + curlx_unicodefree(cert_hostname); } - curlx_unicodefree(cert_hostname); } - } - if(result == CURLE_PEER_FAILED_VERIFICATION) { - failf(data, - "schannel: CertGetNameString() failed to match " - "connection hostname (%s) against server certificate names", - conn_hostname); + if(result == CURLE_PEER_FAILED_VERIFICATION) { + failf(data, + "schannel: CertGetNameString() failed to match " + "connection hostname (%s) against server certificate names", + conn_hostname); + } + else if(result != CURLE_OK) + failf(data, "schannel: server certificate name verification failed"); } - else if(result != CURLE_OK) - failf(data, "schannel: server certificate name verification failed"); cleanup: Curl_safefree(cert_hostname_buff); @@ -592,7 +669,6 @@ CURLcode Curl_verify_host(struct Curl_cfilter *cf, return result; } - #ifdef HAS_MANUAL_VERIFY_API /* Verify the server's certificate and hostname */ CURLcode Curl_verify_certificate(struct Curl_cfilter *cf, @@ -612,7 +688,7 @@ CURLcode Curl_verify_certificate(struct Curl_cfilter *cf, DEBUGASSERT(BACKEND); sspi_status = - s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, + Curl_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &pCertContextServer); diff --git a/libraries/libcurl/vtls/sectransp.c b/libraries/libcurl/vtls/sectransp.c index c2803e8b..022c467f 100644 --- a/libraries/libcurl/vtls/sectransp.c +++ b/libraries/libcurl/vtls/sectransp.c @@ -24,7 +24,7 @@ ***************************************************************************/ /* - * Source file for all iOS and macOS SecureTransport-specific code for the + * Source file for all iOS and macOS Secure Transport-specific code for the * TLS/SSL layer. No code but vtls.c should ever call or use these functions. */ @@ -197,7 +197,7 @@ static const uint16_t default_ciphers[] = { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */ - /* TLSv1.3 is not supported by sectransp, but there is also other + /* TLSv1.3 is not supported by Secure Transport, but there is also other * code referencing TLSv1.3, like: kTLSProtocol13 ? */ TLS_AES_128_GCM_SHA256, /* 0x1301 */ TLS_AES_256_GCM_SHA384, /* 0x1302 */ @@ -216,7 +216,7 @@ static const uint16_t default_ciphers[] = { #define SECTRANSP_PINNEDPUBKEY_V1 1 #endif -/* version 2 supports MacOSX 10.7+ */ +/* version 2 supports macOS 10.7+ */ #if (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070) #define SECTRANSP_PINNEDPUBKEY_V2 1 #endif @@ -278,7 +278,7 @@ static OSStatus sectransp_bio_cf_in_read(SSLConnectionRef connection, case CURLE_OK: case CURLE_AGAIN: rtn = errSSLWouldBlock; - backend->ssl_direction = false; + backend->ssl_direction = FALSE; break; default: rtn = ioErr; @@ -310,13 +310,14 @@ static OSStatus sectransp_bio_cf_out_write(SSLConnectionRef connection, OSStatus rtn = noErr; DEBUGASSERT(data); - nwritten = Curl_conn_cf_send(cf->next, data, buf, *dataLength, &result); + nwritten = Curl_conn_cf_send(cf->next, data, buf, *dataLength, FALSE, + &result); CURL_TRC_CF(data, cf, "bio_send(len=%zu) -> %zd, result=%d", *dataLength, nwritten, result); if(nwritten <= 0) { if(result == CURLE_AGAIN) { rtn = errSSLWouldBlock; - backend->ssl_direction = true; + backend->ssl_direction = TRUE; } else { rtn = ioErr; @@ -511,7 +512,7 @@ static OSStatus CopyIdentityWithLabel(char *label, * label matching below worked correctly */ keys[2] = kSecMatchLimit; /* identity searches need a SecPolicyRef in order to work */ - values[3] = SecPolicyCreateSSL(false, NULL); + values[3] = SecPolicyCreateSSL(FALSE, NULL); keys[3] = kSecMatchPolicy; /* match the name of the certificate (does not work in macOS 10.12.1) */ values[4] = label_cf; @@ -531,7 +532,7 @@ static OSStatus CopyIdentityWithLabel(char *label, keys_list_count = CFArrayGetCount(keys_list); *out_cert_and_key = NULL; status = 1; - for(i = 0; iversion) { + case CURL_SSLVERSION_DEFAULT: + case CURL_SSLVERSION_TLSv1: case CURL_SSLVERSION_TLSv1_0: - *darwinver = kTLSProtocol1; - return CURLE_OK; + ver_min = kTLSProtocol1; + break; case CURL_SSLVERSION_TLSv1_1: - *darwinver = kTLSProtocol11; - return CURLE_OK; + ver_min = kTLSProtocol11; + break; case CURL_SSLVERSION_TLSv1_2: - *darwinver = kTLSProtocol12; - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_3: - /* TLS 1.3 support first appeared in iOS 11 and macOS 10.13 */ -#if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && \ - defined(HAVE_BUILTIN_AVAILABLE) - if(__builtin_available(macOS 10.13, iOS 11.0, *)) { - *darwinver = kTLSProtocol13; - return CURLE_OK; - } -#endif /* (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && - defined(HAVE_BUILTIN_AVAILABLE) */ + ver_min = kTLSProtocol12; break; + case CURL_SSLVERSION_TLSv1_3: + default: + failf(data, "SSL: unsupported minimum TLS version value"); + return CURLE_SSL_CONNECT_ERROR; } - return CURLE_SSL_CONNECT_ERROR; -} -#endif -static CURLcode set_ssl_version_min_max(struct Curl_cfilter *cf, - struct Curl_easy *data) -{ - struct ssl_connect_data *connssl = cf->ctx; - struct st_ssl_backend_data *backend = - (struct st_ssl_backend_data *)connssl->backend; - struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); - long ssl_version = conn_config->version; - long ssl_version_max = conn_config->version_max; - long max_supported_version_by_os; - - DEBUGASSERT(backend); + switch(conn_config->version_max) { + case CURL_SSLVERSION_MAX_DEFAULT: + case CURL_SSLVERSION_MAX_NONE: + case CURL_SSLVERSION_MAX_TLSv1_3: + case CURL_SSLVERSION_MAX_TLSv1_2: + ver_max = kTLSProtocol12; + break; + case CURL_SSLVERSION_MAX_TLSv1_1: + ver_max = kTLSProtocol11; + break; + case CURL_SSLVERSION_MAX_TLSv1_0: + ver_max = kTLSProtocol1; + break; + default: + failf(data, "SSL: unsupported maximum TLS version value"); + return CURLE_SSL_CONNECT_ERROR; + } - /* macOS 10.5-10.7 supported TLS 1.0 only. - macOS 10.8 and later, and iOS 5 and later, added TLS 1.1 and 1.2. - macOS 10.13 and later, and iOS 11 and later, added TLS 1.3. */ -#if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && \ - defined(HAVE_BUILTIN_AVAILABLE) - if(__builtin_available(macOS 10.13, iOS 11.0, *)) { - max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_3; + err = SSLSetProtocolVersionMin(backend->ssl_ctx, ver_min); + if(err != noErr) { + failf(data, "SSL: failed to set minimum TLS version"); + return CURLE_SSL_CONNECT_ERROR; } - else { - max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_2; + err = SSLSetProtocolVersionMax(backend->ssl_ctx, ver_max); + if(err != noErr) { + failf(data, "SSL: failed to set maximum TLS version"); + return CURLE_SSL_CONNECT_ERROR; } -#else - max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_2; -#endif /* (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && - defined(HAVE_BUILTIN_AVAILABLE) */ - switch(ssl_version) { + return CURLE_OK; +#endif +#if CURL_SUPPORT_MAC_10_7 + goto legacy; +legacy: + switch(conn_config->version) { case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: - ssl_version = CURL_SSLVERSION_TLSv1_0; - break; - } - - switch(ssl_version_max) { - case CURL_SSLVERSION_MAX_NONE: - case CURL_SSLVERSION_MAX_DEFAULT: - ssl_version_max = max_supported_version_by_os; + case CURL_SSLVERSION_TLSv1_0: break; + default: + failf(data, "SSL: unsupported minimum TLS version value"); + return CURLE_SSL_CONNECT_ERROR; } -#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS - if(&SSLSetProtocolVersionMax) { - SSLProtocol darwin_ver_min = kTLSProtocol1; - SSLProtocol darwin_ver_max = kTLSProtocol1; - CURLcode result = sectransp_version_from_curl(&darwin_ver_min, - ssl_version); - if(result) { - failf(data, "unsupported min version passed via CURLOPT_SSLVERSION"); - return result; - } - result = sectransp_version_from_curl(&darwin_ver_max, - ssl_version_max >> 16); - if(result) { - failf(data, "unsupported max version passed via CURLOPT_SSLVERSION"); - return result; - } + /* only TLS 1.0 is supported, disable SSL 3.0 and SSL 2.0 */ + SSLSetProtocolVersionEnabled(backend->ssl_ctx, kSSLProtocolAll, FALSE); + SSLSetProtocolVersionEnabled(backend->ssl_ctx, kTLSProtocol1, TRUE); - (void)SSLSetProtocolVersionMin(backend->ssl_ctx, darwin_ver_min); - (void)SSLSetProtocolVersionMax(backend->ssl_ctx, darwin_ver_max); - return result; - } - else { -#if CURL_SUPPORT_MAC_10_8 - long i = ssl_version; - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kSSLProtocolAll, - false); - for(; i <= (ssl_version_max >> 16); i++) { - switch(i) { - case CURL_SSLVERSION_TLSv1_0: - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kTLSProtocol1, - true); - break; - case CURL_SSLVERSION_TLSv1_1: - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kTLSProtocol11, - true); - break; - case CURL_SSLVERSION_TLSv1_2: - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kTLSProtocol12, - true); - break; - case CURL_SSLVERSION_TLSv1_3: - failf(data, "Your version of the OS does not support TLSv1.3"); - return CURLE_SSL_CONNECT_ERROR; - } - } - return CURLE_OK; -#endif /* CURL_SUPPORT_MAC_10_8 */ - } -#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ - failf(data, "Secure Transport: cannot set SSL protocol"); - return CURLE_SSL_CONNECT_ERROR; + return CURLE_OK; +#endif } static int sectransp_cipher_suite_get_str(uint16_t id, char *buf, @@ -927,7 +883,7 @@ static SSLCipherSuite * sectransp_get_supported_ciphers(SSLContextRef ssl_ctx, /* There is a known bug in early versions of Mountain Lion where ST's ECC ciphers (cipher suite 0xC001 through 0xC032) simply do not work. Work around the problem here by disabling those ciphers if we are - running in an affected version of OS X. */ + running in an affected version of macOS. */ if(maj == 12 && min <= 3) { size_t i = 0, j = 0; for(; i < *len; i++) { @@ -1113,7 +1069,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, #if CURL_SUPPORT_MAC_10_8 if(backend->ssl_ctx) (void)SSLDisposeContext(backend->ssl_ctx); - err = SSLNewContext(false, &(backend->ssl_ctx)); + err = SSLNewContext(FALSE, &(backend->ssl_ctx)); if(err != noErr) { failf(data, "SSL: could not create a context: OSStatus %d", err); return CURLE_OUT_OF_MEMORY; @@ -1123,7 +1079,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, #else if(backend->ssl_ctx) (void)SSLDisposeContext(backend->ssl_ctx); - err = SSLNewContext(false, &(backend->ssl_ctx)); + err = SSLNewContext(FALSE, &(backend->ssl_ctx)); if(err != noErr) { failf(data, "SSL: could not create a context: OSStatus %d", err); return CURLE_OUT_OF_MEMORY; @@ -1131,112 +1087,9 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ backend->ssl_write_buffered_length = 0UL; /* reset buffered write length */ - /* check to see if we have been told to use an explicit SSL/TLS version */ -#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS - if(&SSLSetProtocolVersionMax) { - switch(conn_config->version) { - case CURL_SSLVERSION_TLSv1: - (void)SSLSetProtocolVersionMin(backend->ssl_ctx, kTLSProtocol1); -#if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && \ - defined(HAVE_BUILTIN_AVAILABLE) - if(__builtin_available(macOS 10.13, iOS 11.0, *)) { - (void)SSLSetProtocolVersionMax(backend->ssl_ctx, kTLSProtocol13); - } - else { - (void)SSLSetProtocolVersionMax(backend->ssl_ctx, kTLSProtocol12); - } -#else - (void)SSLSetProtocolVersionMax(backend->ssl_ctx, kTLSProtocol12); -#endif /* (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && - defined(HAVE_BUILTIN_AVAILABLE) */ - break; - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1_0: - case CURL_SSLVERSION_TLSv1_1: - case CURL_SSLVERSION_TLSv1_2: - case CURL_SSLVERSION_TLSv1_3: - result = set_ssl_version_min_max(cf, data); - if(result != CURLE_OK) - return result; - break; - case CURL_SSLVERSION_SSLv3: - case CURL_SSLVERSION_SSLv2: - failf(data, "SSL versions not supported"); - return CURLE_NOT_BUILT_IN; - default: - failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); - return CURLE_SSL_CONNECT_ERROR; - } - } - else { -#if CURL_SUPPORT_MAC_10_8 - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kSSLProtocolAll, - false); - switch(conn_config->version) { - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1: - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kTLSProtocol1, - true); - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kTLSProtocol11, - true); - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kTLSProtocol12, - true); - break; - case CURL_SSLVERSION_TLSv1_0: - case CURL_SSLVERSION_TLSv1_1: - case CURL_SSLVERSION_TLSv1_2: - case CURL_SSLVERSION_TLSv1_3: - result = set_ssl_version_min_max(cf, data); - if(result != CURLE_OK) - return result; - break; - case CURL_SSLVERSION_SSLv3: - case CURL_SSLVERSION_SSLv2: - failf(data, "SSL versions not supported"); - return CURLE_NOT_BUILT_IN; - default: - failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); - return CURLE_SSL_CONNECT_ERROR; - } -#endif /* CURL_SUPPORT_MAC_10_8 */ - } -#else - if(conn_config->version_max != CURL_SSLVERSION_MAX_NONE) { - failf(data, "Your version of the OS does not support to set maximum" - " SSL/TLS version"); - return CURLE_SSL_CONNECT_ERROR; - } - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, kSSLProtocolAll, false); - switch(conn_config->version) { - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1: - case CURL_SSLVERSION_TLSv1_0: - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kTLSProtocol1, - true); - break; - case CURL_SSLVERSION_TLSv1_1: - failf(data, "Your version of the OS does not support TLSv1.1"); - return CURLE_SSL_CONNECT_ERROR; - case CURL_SSLVERSION_TLSv1_2: - failf(data, "Your version of the OS does not support TLSv1.2"); - return CURLE_SSL_CONNECT_ERROR; - case CURL_SSLVERSION_TLSv1_3: - failf(data, "Your version of the OS does not support TLSv1.3"); - return CURLE_SSL_CONNECT_ERROR; - case CURL_SSLVERSION_SSLv2: - case CURL_SSLVERSION_SSLv3: - failf(data, "SSL versions not supported"); - return CURLE_NOT_BUILT_IN; - default: - failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); - return CURLE_SSL_CONNECT_ERROR; - } -#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ + result = sectransp_set_ssl_version_min_max(data, backend, conn_config); + if(result != CURLE_OK) + return result; #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && \ defined(HAVE_BUILTIN_AVAILABLE) @@ -1374,8 +1227,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, Mountain Lion. So we need to call SSLSetEnableCertVerify() on those older cats in order to disable certificate validation if the user turned that off. - (SecureTransport will always validate the certificate chain by - default.) + (Secure Transport always validates the certificate chain by default.) Note: Darwin 11.x.x is Lion (10.7) Darwin 12.x.x is Mountain Lion (10.8) @@ -1401,7 +1253,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, else { #if CURL_SUPPORT_MAC_10_8 err = SSLSetEnableCertVerify(backend->ssl_ctx, - conn_config->verifypeer?true:false); + conn_config->verifypeer ? true : FALSE); if(err != noErr) { failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err); return CURLE_SSL_CONNECT_ERROR; @@ -1410,7 +1262,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, } #else err = SSLSetEnableCertVerify(backend->ssl_ctx, - conn_config->verifypeer?true:false); + conn_config->verifypeer ? true : FALSE); if(err != noErr) { failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err); return CURLE_SSL_CONNECT_ERROR; @@ -1432,8 +1284,8 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, * Both hostname check and SNI require SSLSetPeerDomainName(). * Also: the verifyhost setting influences SNI usage */ if(conn_config->verifyhost) { - char *server = connssl->peer.sni? - connssl->peer.sni : connssl->peer.hostname; + char *server = connssl->peer.sni ? + connssl->peer.sni : connssl->peer.hostname; err = SSLSetPeerDomainName(backend->ssl_ctx, server, strlen(server)); if(err != noErr) { @@ -1482,7 +1334,8 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, Curl_ssl_sessionid_lock(data); if(!Curl_ssl_getsessionid(cf, data, &connssl->peer, - (void **)&ssl_sessionid, &ssl_sessionid_len)) { + (void **)&ssl_sessionid, &ssl_sessionid_len, + NULL)) { /* we got a session id, use it! */ err = SSLSetPeerID(backend->ssl_ctx, ssl_sessionid, ssl_sessionid_len); Curl_ssl_sessionid_unlock(data); @@ -1510,8 +1363,8 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, return CURLE_SSL_CONNECT_ERROR; } - result = Curl_ssl_set_sessionid(cf, data, &connssl->peer, ssl_sessionid, - ssl_sessionid_len, + result = Curl_ssl_set_sessionid(cf, data, &connssl->peer, NULL, + ssl_sessionid, ssl_sessionid_len, sectransp_session_free); Curl_ssl_sessionid_unlock(data); if(result) @@ -1752,7 +1605,7 @@ static CURLcode verify_cert_buf(struct Curl_cfilter *cf, failf(data, "SecTrustSetAnchorCertificates() returned error %d", ret); goto out; } - ret = SecTrustSetAnchorCertificatesOnly(trust, true); + ret = SecTrustSetAnchorCertificatesOnly(trust, TRUE); if(ret != noErr) { failf(data, "SecTrustSetAnchorCertificatesOnly() returned error %d", ret); goto out; @@ -2201,7 +2054,7 @@ static CURLcode sectransp_connect_step2(struct Curl_cfilter *cf, (void)SSLGetNegotiatedProtocolVersion(backend->ssl_ctx, &protocol); sectransp_cipher_suite_get_str((uint16_t) cipher, cipher_str, - sizeof(cipher_str), true); + sizeof(cipher_str), TRUE); switch(protocol) { case kSSLProtocol2: infof(data, "SSL 2.0 connection using %s", cipher_str); @@ -2255,9 +2108,6 @@ static CURLcode sectransp_connect_step2(struct Curl_cfilter *cf, else infof(data, VTLS_INFOF_NO_ALPN); - Curl_multiuse_state(data, cf->conn->alpn == CURL_HTTP_VERSION_2 ? - BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); - /* chosenProtocol is a reference to the string within alpnArr and does not need to be freed separately */ if(alpnArr) @@ -2319,7 +2169,7 @@ static CURLcode collect_server_cert(struct Curl_cfilter *cf, #ifndef CURL_DISABLE_VERBOSE_STRINGS const bool show_verbose_server_cert = data->set.verbose; #else - const bool show_verbose_server_cert = false; + const bool show_verbose_server_cert = FALSE; #endif struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); CURLcode result = ssl_config->certinfo ? @@ -2478,10 +2328,10 @@ sectransp_connect_common(struct Curl_cfilter *cf, struct Curl_easy *data, /* if ssl is expecting something, check if it is available. */ if(connssl->io_need) { - curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND)? - sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV)? - sockfd:CURL_SOCKET_BAD; + curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND) ? + sockfd : CURL_SOCKET_BAD; + curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV) ? + sockfd : CURL_SOCKET_BAD; what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, nonblocking ? 0 : timeout_ms); @@ -2613,7 +2463,7 @@ static CURLcode sectransp_shutdown(struct Curl_cfilter *cf, } else { /* We would like to read the close notify from the server using - * secure transport, however SSLRead() no longer works after we + * Secure Transport, however SSLRead() no longer works after we * sent the notify from our side. So, we just read from the * underlying filter and hope it will end. */ nread = Curl_conn_cf_recv(cf->next, data, buf, sizeof(buf), &result); @@ -2694,10 +2544,10 @@ static bool sectransp_data_pending(struct Curl_cfilter *cf, err = SSLGetBufferedReadSize(backend->ssl_ctx, &buffer); if(err == noErr) return buffer > 0UL; - return false; + return FALSE; } else - return false; + return FALSE; } static CURLcode sectransp_random(struct Curl_easy *data UNUSED_PARAM, @@ -2887,7 +2737,8 @@ const struct Curl_ssl Curl_ssl_sectransp = { #ifdef SECTRANSP_PINNEDPUBKEY SSLSUPP_PINNEDPUBKEY | #endif /* SECTRANSP_PINNEDPUBKEY */ - SSLSUPP_HTTPS_PROXY, + SSLSUPP_HTTPS_PROXY | + SSLSUPP_CIPHER_LIST, sizeof(struct st_ssl_backend_data), @@ -2914,6 +2765,7 @@ const struct Curl_ssl Curl_ssl_sectransp = { NULL, /* disassociate_connection */ sectransp_recv, /* recv decrypted data */ sectransp_send, /* send data to encrypt */ + NULL, /* get_channel_binding */ }; #ifdef __GNUC__ diff --git a/libraries/libcurl/vtls/vtls.c b/libraries/libcurl/vtls/vtls.c index e601f4b1..61b407ab 100644 --- a/libraries/libcurl/vtls/vtls.c +++ b/libraries/libcurl/vtls/vtls.c @@ -55,6 +55,16 @@ #include "vtls.h" /* generic SSL protos etc */ #include "vtls_int.h" + +#include "openssl.h" /* OpenSSL versions */ +#include "gtls.h" /* GnuTLS versions */ +#include "wolfssl.h" /* wolfSSL versions */ +#include "schannel.h" /* Schannel SSPI version */ +#include "sectransp.h" /* Secure Transport (Darwin) version */ +#include "mbedtls.h" /* mbedTLS versions */ +#include "bearssl.h" /* BearSSL versions */ +#include "rustls.h" /* Rustls versions */ + #include "slist.h" #include "sendf.h" #include "strcase.h" @@ -71,6 +81,7 @@ #include "connect.h" #include "select.h" #include "strdup.h" +#include "rand.h" /* The last #include files should be: */ #include "curl_memory.h" @@ -138,6 +149,9 @@ static const struct alpn_spec ALPN_SPEC_H11 = { { ALPN_HTTP_1_1 }, 1 }; #ifdef USE_HTTP2 +static const struct alpn_spec ALPN_SPEC_H2 = { + { ALPN_H2 }, 1 +}; static const struct alpn_spec ALPN_SPEC_H2_H11 = { { ALPN_H2, ALPN_HTTP_1_1 }, 2 }; @@ -148,6 +162,8 @@ static const struct alpn_spec *alpn_get_spec(int httpwant, bool use_alpn) if(!use_alpn) return NULL; #ifdef USE_HTTP2 + if(httpwant == CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE) + return &ALPN_SPEC_H2; if(httpwant >= CURL_HTTP_VERSION_2) return &ALPN_SPEC_H2_H11; #else @@ -253,7 +269,7 @@ static bool clone_ssl_primary_config(struct ssl_primary_config *source, return TRUE; } -static void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc) +static void free_primary_ssl_config(struct ssl_primary_config *sslc) { Curl_safefree(sslc->CApath); Curl_safefree(sslc->CAfile); @@ -353,9 +369,9 @@ CURLcode Curl_ssl_conn_config_init(struct Curl_easy *data, void Curl_ssl_conn_config_cleanup(struct connectdata *conn) { - Curl_free_primary_ssl_config(&conn->ssl_config); + free_primary_ssl_config(&conn->ssl_config); #ifndef CURL_DISABLE_PROXY - Curl_free_primary_ssl_config(&conn->proxy_ssl_config); + free_primary_ssl_config(&conn->proxy_ssl_config); #endif } @@ -365,8 +381,8 @@ void Curl_ssl_conn_config_update(struct Curl_easy *data, bool for_proxy) if(data->conn) { struct ssl_primary_config *src, *dest; #ifndef CURL_DISABLE_PROXY - src = for_proxy? &data->set.proxy_ssl.primary : &data->set.ssl.primary; - dest = for_proxy? &data->conn->proxy_ssl_config : &data->conn->ssl_config; + src = for_proxy ? &data->set.proxy_ssl.primary : &data->set.ssl.primary; + dest = for_proxy ? &data->conn->proxy_ssl_config : &data->conn->ssl_config; #else (void)for_proxy; src = &data->set.ssl.primary; @@ -448,6 +464,7 @@ static struct ssl_connect_data *cf_ctx_new(struct Curl_easy *data, return NULL; ctx->alpn = alpn; + Curl_bufq_init2(&ctx->earlydata, CURL_SSL_EARLY_MAX, 1, BUFQ_OPT_NO_SPARES); ctx->backend = calloc(1, Curl_ssl->sizeof_ssl_backend_data); if(!ctx->backend) { free(ctx); @@ -459,6 +476,8 @@ static struct ssl_connect_data *cf_ctx_new(struct Curl_easy *data, static void cf_ctx_free(struct ssl_connect_data *ctx) { if(ctx) { + Curl_safefree(ctx->alpn_negotiated); + Curl_bufq_free(&ctx->earlydata); free(ctx->backend); free(ctx); } @@ -521,7 +540,8 @@ bool Curl_ssl_getsessionid(struct Curl_cfilter *cf, struct Curl_easy *data, const struct ssl_peer *peer, void **ssl_sessionid, - size_t *idsize) /* set 0 if unknown */ + size_t *idsize, /* set 0 if unknown */ + char **palpn) { struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); @@ -531,6 +551,8 @@ bool Curl_ssl_getsessionid(struct Curl_cfilter *cf, bool no_match = TRUE; *ssl_sessionid = NULL; + if(palpn) + *palpn = NULL; if(!ssl_config) return TRUE; @@ -569,15 +591,16 @@ bool Curl_ssl_getsessionid(struct Curl_cfilter *cf, *ssl_sessionid = check->sessionid; if(idsize) *idsize = check->idsize; + if(palpn) + *palpn = check->alpn; no_match = FALSE; break; } } - DEBUGF(infof(data, "%s Session ID in cache for %s %s://%s:%d", - no_match? "Did not find": "Found", - Curl_ssl_cf_is_proxy(cf) ? "proxy" : "host", - cf->conn->handler->scheme, peer->hostname, peer->port)); + CURL_TRC_CF(data, cf, "%s cached session ID for %s://%s:%d", + no_match ? "No" : "Found", + cf->conn->handler->scheme, peer->hostname, peer->port); return no_match; } @@ -596,10 +619,11 @@ void Curl_ssl_kill_session(struct Curl_ssl_session *session) session->sessionid_free = NULL; session->age = 0; /* fresh */ - Curl_free_primary_ssl_config(&session->ssl_config); + free_primary_ssl_config(&session->ssl_config); Curl_safefree(session->name); Curl_safefree(session->conn_to_host); + Curl_safefree(session->alpn); } } @@ -623,6 +647,7 @@ void Curl_ssl_delsessionid(struct Curl_easy *data, void *ssl_sessionid) CURLcode Curl_ssl_set_sessionid(struct Curl_cfilter *cf, struct Curl_easy *data, const struct ssl_peer *peer, + const char *alpn, void *ssl_sessionid, size_t idsize, Curl_ssl_sessionid_dtor *sessionid_free_cb) @@ -634,6 +659,7 @@ CURLcode Curl_ssl_set_sessionid(struct Curl_cfilter *cf, long oldest_age; char *clone_host = NULL; char *clone_conn_to_host = NULL; + char *clone_alpn = NULL; int conn_to_port; long *general_age; void *old_sessionid; @@ -648,7 +674,7 @@ CURLcode Curl_ssl_set_sessionid(struct Curl_cfilter *cf, return CURLE_OK; } - if(!Curl_ssl_getsessionid(cf, data, peer, &old_sessionid, &old_size)) { + if(!Curl_ssl_getsessionid(cf, data, peer, &old_sessionid, &old_size, NULL)) { if((old_size == idsize) && ((old_sessionid == ssl_sessionid) || (idsize && !memcmp(old_sessionid, ssl_sessionid, idsize)))) { @@ -674,6 +700,10 @@ CURLcode Curl_ssl_set_sessionid(struct Curl_cfilter *cf, goto out; } + clone_alpn = alpn ? strdup(alpn) : NULL; + if(alpn && !clone_alpn) + goto out; + if(cf->conn->bits.conn_to_port) conn_to_port = cf->conn->conn_to_port; else @@ -706,7 +736,7 @@ CURLcode Curl_ssl_set_sessionid(struct Curl_cfilter *cf, /* now init the session struct wisely */ if(!clone_ssl_primary_config(conn_config, &store->ssl_config)) { - Curl_free_primary_ssl_config(&store->ssl_config); + free_primary_ssl_config(&store->ssl_config); store->sessionid = NULL; /* let caller free sessionid */ goto out; } @@ -722,6 +752,8 @@ CURLcode Curl_ssl_set_sessionid(struct Curl_cfilter *cf, store->conn_to_host = clone_conn_to_host; /* clone connect to hostname */ clone_conn_to_host = NULL; store->conn_to_port = conn_to_port; /* connect to port number */ + store->alpn = clone_alpn; + clone_alpn = NULL; /* port number */ store->remote_port = peer->port; store->scheme = cf->conn->handler->scheme; @@ -732,6 +764,7 @@ CURLcode Curl_ssl_set_sessionid(struct Curl_cfilter *cf, out: free(clone_host); free(clone_conn_to_host); + free(clone_alpn); if(result) { failf(data, "Failed to add Session ID to cache for %s://%s:%d [%s]", store->scheme, store->name, store->remote_port, @@ -745,6 +778,14 @@ CURLcode Curl_ssl_set_sessionid(struct Curl_cfilter *cf, return CURLE_OK; } +CURLcode Curl_ssl_get_channel_binding(struct Curl_easy *data, int sockindex, + struct dynbuf *binding) +{ + if(Curl_ssl->get_channel_binding) + return Curl_ssl->get_channel_binding(data, sockindex, binding); + return CURLE_OK; +} + void Curl_ssl_close_all(struct Curl_easy *data) { /* kill the session ID cache if not shared */ @@ -771,13 +812,13 @@ void Curl_ssl_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, if(sock != CURL_SOCKET_BAD) { if(connssl->io_need & CURL_SSL_IO_NEED_SEND) { Curl_pollset_set_out_only(data, ps, sock); - CURL_TRC_CF(data, cf, "adjust_pollset, POLLOUT fd=%" - CURL_FORMAT_SOCKET_T, sock); + CURL_TRC_CF(data, cf, "adjust_pollset, POLLOUT fd=%" FMT_SOCKET_T, + sock); } else { Curl_pollset_set_in_only(data, ps, sock); - CURL_TRC_CF(data, cf, "adjust_pollset, POLLIN fd=%" - CURL_FORMAT_SOCKET_T, sock); + CURL_TRC_CF(data, cf, "adjust_pollset, POLLIN fd=%" FMT_SOCKET_T, + sock); } } } @@ -844,7 +885,7 @@ void Curl_ssl_free_certinfo(struct Curl_easy *data) if(ci->num_of_certs) { /* free all individual lists used */ int i; - for(i = 0; inum_of_certs; i++) { + for(i = 0; i < ci->num_of_certs; i++) { curl_slist_free_all(ci->certinfo[i]); ci->certinfo[i] = NULL; } @@ -888,7 +929,9 @@ CURLcode Curl_ssl_push_certinfo_len(struct Curl_easy *data, CURLcode result = CURLE_OK; struct dynbuf build; - Curl_dyn_init(&build, 10000); + DEBUGASSERT(certnum < ci->num_of_certs); + + Curl_dyn_init(&build, CURL_X509_STR_MAX); if(Curl_dyn_add(&build, label) || Curl_dyn_addn(&build, ":", 1) || @@ -907,11 +950,16 @@ CURLcode Curl_ssl_push_certinfo_len(struct Curl_easy *data, return result; } +/* get 32 bits of random */ CURLcode Curl_ssl_random(struct Curl_easy *data, unsigned char *entropy, size_t length) { - return Curl_ssl->random(data, entropy, length); + DEBUGASSERT(length == sizeof(int)); + if(Curl_ssl->random) + return Curl_ssl->random(data, entropy, length); + else + return CURLE_NOT_BUILT_IN; } /* @@ -921,14 +969,17 @@ CURLcode Curl_ssl_random(struct Curl_easy *data, static CURLcode pubkey_pem_to_der(const char *pem, unsigned char **der, size_t *der_len) { - char *stripped_pem, *begin_pos, *end_pos; - size_t pem_count, stripped_pem_count = 0, pem_len; + char *begin_pos, *end_pos; + size_t pem_count, pem_len; CURLcode result; + struct dynbuf pbuf; /* if no pem, exit. */ if(!pem) return CURLE_BAD_CONTENT_ENCODING; + Curl_dyn_init(&pbuf, MAX_PINNED_PUBKEY_SIZE); + begin_pos = strstr(pem, "-----BEGIN PUBLIC KEY-----"); if(!begin_pos) return CURLE_BAD_CONTENT_ENCODING; @@ -948,26 +999,23 @@ static CURLcode pubkey_pem_to_der(const char *pem, pem_len = end_pos - pem; - stripped_pem = malloc(pem_len - pem_count + 1); - if(!stripped_pem) - return CURLE_OUT_OF_MEMORY; - /* * Here we loop through the pem array one character at a time between the * correct indices, and place each character that is not '\n' or '\r' * into the stripped_pem array, which should represent the raw base64 string */ while(pem_count < pem_len) { - if('\n' != pem[pem_count] && '\r' != pem[pem_count]) - stripped_pem[stripped_pem_count++] = pem[pem_count]; + if('\n' != pem[pem_count] && '\r' != pem[pem_count]) { + result = Curl_dyn_addn(&pbuf, &pem[pem_count], 1); + if(result) + return result; + } ++pem_count; } - /* Place the null terminator in the correct place */ - stripped_pem[stripped_pem_count] = '\0'; - result = Curl_base64_decode(stripped_pem, der, der_len); + result = Curl_base64_decode(Curl_dyn_ptr(&pbuf), der, der_len); - Curl_safefree(stripped_pem); + Curl_dyn_free(&pbuf); return result; } @@ -980,8 +1028,6 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, const char *pinnedpubkey, const unsigned char *pubkey, size_t pubkeylen) { - FILE *fp; - unsigned char *buf = NULL, *pem_ptr = NULL; CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; #ifdef CURL_DISABLE_VERBOSE_STRINGS (void)data; @@ -994,7 +1040,7 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, return result; /* only do this if pinnedpubkey starts with "sha256//", length 8 */ - if(strncmp(pinnedpubkey, "sha256//", 8) == 0) { + if(!strncmp(pinnedpubkey, "sha256//", 8)) { CURLcode encode; size_t encodedlen = 0; char *encoded = NULL, *pinkeycopy, *begin_pos, *end_pos; @@ -1058,26 +1104,28 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, } while(end_pos && begin_pos); Curl_safefree(encoded); Curl_safefree(pinkeycopy); - return result; } - - fp = fopen(pinnedpubkey, "rb"); - if(!fp) - return result; - - do { + else { long filesize; size_t size, pem_len; CURLcode pem_read; + struct dynbuf buf; + char unsigned *pem_ptr = NULL; + size_t left; + FILE *fp = fopen(pinnedpubkey, "rb"); + if(!fp) + return result; + + Curl_dyn_init(&buf, MAX_PINNED_PUBKEY_SIZE); /* Determine the file's size */ if(fseek(fp, 0, SEEK_END)) - break; + goto end; filesize = ftell(fp); if(fseek(fp, 0, SEEK_SET)) - break; + goto end; if(filesize < 0 || filesize > MAX_PINNED_PUBKEY_SIZE) - break; + goto end; /* * if the size of our certificate is bigger than the file @@ -1085,36 +1133,37 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, */ size = curlx_sotouz((curl_off_t) filesize); if(pubkeylen > size) - break; + goto end; /* - * Allocate buffer for the pinned key - * With 1 additional byte for null terminator in case of PEM key + * Read the file into the dynbuf */ - buf = malloc(size + 1); - if(!buf) - break; - - /* Returns number of elements read, which should be 1 */ - if((int) fread(buf, size, 1, fp) != 1) - break; + left = size; + do { + char buffer[1024]; + size_t want = left > sizeof(buffer) ? sizeof(buffer) : left; + if(want != fread(buffer, 1, want, fp)) + goto end; + if(Curl_dyn_addn(&buf, buffer, want)) + goto end; + left -= want; + } while(left); /* If the sizes are the same, it cannot be base64 encoded, must be der */ if(pubkeylen == size) { - if(!memcmp(pubkey, buf, pubkeylen)) + if(!memcmp(pubkey, Curl_dyn_ptr(&buf), pubkeylen)) result = CURLE_OK; - break; + goto end; } /* * Otherwise we will assume it is PEM and try to decode it * after placing null terminator */ - buf[size] = '\0'; - pem_read = pubkey_pem_to_der((const char *)buf, &pem_ptr, &pem_len); + pem_read = pubkey_pem_to_der(Curl_dyn_ptr(&buf), &pem_ptr, &pem_len); /* if it was not read successfully, exit */ if(pem_read) - break; + goto end; /* * if the size of our certificate does not match the size of @@ -1122,11 +1171,11 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, */ if(pubkeylen == pem_len && !memcmp(pubkey, pem_ptr, pubkeylen)) result = CURLE_OK; - } while(0); - - Curl_safefree(buf); - Curl_safefree(pem_ptr); - fclose(fp); +end: + Curl_dyn_free(&buf); + Curl_safefree(pem_ptr); + fclose(fp); + } return result; } @@ -1181,16 +1230,6 @@ int Curl_none_check_cxn(struct Curl_cfilter *cf, struct Curl_easy *data) return -1; } -CURLcode Curl_none_random(struct Curl_easy *data UNUSED_PARAM, - unsigned char *entropy UNUSED_PARAM, - size_t length UNUSED_PARAM) -{ - (void)data; - (void)entropy; - (void)length; - return CURLE_NOT_BUILT_IN; -} - void Curl_none_close_all(struct Curl_easy *data UNUSED_PARAM) { (void)data; @@ -1317,7 +1356,7 @@ static const struct Curl_ssl Curl_ssl_multi = { Curl_none_check_cxn, /* check_cxn */ Curl_none_shutdown, /* shutdown */ Curl_none_data_pending, /* data_pending */ - Curl_none_random, /* random */ + NULL, /* random */ Curl_none_cert_status_request, /* cert_status_request */ multissl_connect, /* connect */ multissl_connect_nonblocking, /* connect_nonblocking */ @@ -1334,6 +1373,7 @@ static const struct Curl_ssl Curl_ssl_multi = { NULL, /* disassociate_connection */ multissl_recv_plain, /* recv decrypted data */ multissl_send_plain, /* send data to encrypt */ + NULL, /* get_channel_binding */ }; const struct Curl_ssl *Curl_ssl = @@ -1567,69 +1607,70 @@ CURLcode Curl_ssl_peer_init(struct ssl_peer *peer, struct Curl_cfilter *cf, int transport) { const char *ehostname, *edispname; - int eport; + CURLcode result = CURLE_OUT_OF_MEMORY; + /* We expect a clean struct, e.g. called only ONCE */ + DEBUGASSERT(peer); + DEBUGASSERT(!peer->hostname); + DEBUGASSERT(!peer->dispname); + DEBUGASSERT(!peer->sni); /* We need the hostname for SNI negotiation. Once handshaked, this remains * the SNI hostname for the TLS connection. When the connection is reused, * the settings in cf->conn might change. We keep a copy of the hostname we * use for SNI. */ + peer->transport = transport; #ifndef CURL_DISABLE_PROXY if(Curl_ssl_cf_is_proxy(cf)) { ehostname = cf->conn->http_proxy.host.name; edispname = cf->conn->http_proxy.host.dispname; - eport = cf->conn->http_proxy.port; + peer->port = cf->conn->http_proxy.port; } else #endif { ehostname = cf->conn->host.name; edispname = cf->conn->host.dispname; - eport = cf->conn->remote_port; + peer->port = cf->conn->remote_port; } - /* change if ehostname changed */ - DEBUGASSERT(!ehostname || ehostname[0]); - if(ehostname && (!peer->hostname - || strcmp(ehostname, peer->hostname))) { - Curl_ssl_peer_cleanup(peer); - peer->hostname = strdup(ehostname); - if(!peer->hostname) { - Curl_ssl_peer_cleanup(peer); - return CURLE_OUT_OF_MEMORY; - } - if(!edispname || !strcmp(ehostname, edispname)) - peer->dispname = peer->hostname; - else { - peer->dispname = strdup(edispname); - if(!peer->dispname) { - Curl_ssl_peer_cleanup(peer); - return CURLE_OUT_OF_MEMORY; - } - } + /* hostname MUST exist and not be empty */ + if(!ehostname || !ehostname[0]) { + result = CURLE_FAILED_INIT; + goto out; + } - peer->type = get_peer_type(peer->hostname); - if(peer->type == CURL_SSL_PEER_DNS && peer->hostname[0]) { - /* not an IP address, normalize according to RCC 6066 ch. 3, - * max len of SNI is 2^16-1, no trailing dot */ - size_t len = strlen(peer->hostname); - if(len && (peer->hostname[len-1] == '.')) - len--; - if(len < USHRT_MAX) { - peer->sni = calloc(1, len + 1); - if(!peer->sni) { - Curl_ssl_peer_cleanup(peer); - return CURLE_OUT_OF_MEMORY; - } - Curl_strntolower(peer->sni, peer->hostname, len); - peer->sni[len] = 0; - } + peer->hostname = strdup(ehostname); + if(!peer->hostname) + goto out; + if(!edispname || !strcmp(ehostname, edispname)) + peer->dispname = peer->hostname; + else { + peer->dispname = strdup(edispname); + if(!peer->dispname) + goto out; + } + peer->type = get_peer_type(peer->hostname); + if(peer->type == CURL_SSL_PEER_DNS) { + /* not an IP address, normalize according to RCC 6066 ch. 3, + * max len of SNI is 2^16-1, no trailing dot */ + size_t len = strlen(peer->hostname); + if(len && (peer->hostname[len-1] == '.')) + len--; + if(len < USHRT_MAX) { + peer->sni = calloc(1, len + 1); + if(!peer->sni) + goto out; + Curl_strntolower(peer->sni, peer->hostname, len); + peer->sni[len] = 0; } - } - peer->port = eport; - peer->transport = transport; - return CURLE_OK; + result = CURLE_OK; + +out: + if(result) + Curl_ssl_peer_cleanup(peer); + return result; } static void ssl_cf_destroy(struct Curl_cfilter *cf, struct Curl_easy *data) @@ -1668,22 +1709,29 @@ static CURLcode ssl_cf_connect(struct Curl_cfilter *cf, return CURLE_OK; } + if(!cf->next) { + *done = FALSE; + return CURLE_FAILED_INIT; + } + + if(!cf->next->connected) { + result = cf->next->cft->do_connect(cf->next, data, blocking, done); + if(result || !*done) + return result; + } + CF_DATA_SAVE(save, cf, data); CURL_TRC_CF(data, cf, "cf_connect()"); - (void)connssl; DEBUGASSERT(data->conn); DEBUGASSERT(data->conn == cf->conn); DEBUGASSERT(connssl); - DEBUGASSERT(cf->conn->host.name); - - result = cf->next->cft->do_connect(cf->next, data, blocking, done); - if(result || !*done) - goto out; *done = FALSE; - result = Curl_ssl_peer_init(&connssl->peer, cf, TRNSPRT_TCP); - if(result) - goto out; + if(!connssl->peer.hostname) { + result = Curl_ssl_peer_init(&connssl->peer, cf, TRNSPRT_TCP); + if(result) + goto out; + } if(blocking) { result = ssl_connect(cf, data); @@ -1696,7 +1744,9 @@ static CURLcode ssl_cf_connect(struct Curl_cfilter *cf, if(!result && *done) { cf->connected = TRUE; connssl->handshake_done = Curl_now(); - DEBUGASSERT(connssl->state == ssl_connection_complete); + /* Connection can be deferred when sending early data */ + DEBUGASSERT(connssl->state == ssl_connection_complete || + connssl->state == ssl_connection_deferred); } out: CURL_TRC_CF(data, cf, "cf_connect() -> %d, done=%d", result, *done); @@ -1721,15 +1771,19 @@ static bool ssl_cf_data_pending(struct Curl_cfilter *cf, static ssize_t ssl_cf_send(struct Curl_cfilter *cf, struct Curl_easy *data, const void *buf, size_t len, - CURLcode *err) + bool eos, CURLcode *err) { struct cf_call_data save; - ssize_t nwritten; + ssize_t nwritten = 0; - CF_DATA_SAVE(save, cf, data); + (void)eos; + /* OpenSSL and maybe other TLS libs do not like 0-length writes. Skip. */ *err = CURLE_OK; - nwritten = Curl_ssl->send_plain(cf, data, buf, len, err); - CF_DATA_RESTORE(cf, save); + if(len > 0) { + CF_DATA_SAVE(save, cf, data); + nwritten = Curl_ssl->send_plain(cf, data, buf, len, err); + CF_DATA_RESTORE(cf, save); + } return nwritten; } @@ -1831,7 +1885,7 @@ static CURLcode ssl_cf_query(struct Curl_cfilter *cf, default: break; } - return cf->next? + return cf->next ? cf->next->cft->query(cf->next, data, query, pres1, pres2) : CURLE_UNKNOWN_OPTION; } @@ -1861,7 +1915,7 @@ static bool cf_ssl_is_alive(struct Curl_cfilter *cf, struct Curl_easy *data, return FALSE; } /* ssl backend does not know */ - return cf->next? + return cf->next ? cf->next->cft->is_alive(cf->next, data, input_pending) : FALSE; /* pessimistic in absence of data */ } @@ -1930,7 +1984,7 @@ static CURLcode cf_ssl_create(struct Curl_cfilter **pcf, out: if(result) cf_ctx_free(ctx); - *pcf = result? NULL : cf; + *pcf = result ? NULL : cf; return result; } @@ -1988,7 +2042,7 @@ static CURLcode cf_ssl_proxy_create(struct Curl_cfilter **pcf, out: if(result) cf_ctx_free(ctx); - *pcf = result? NULL : cf; + *pcf = result ? NULL : cf; return result; } @@ -2009,7 +2063,7 @@ CURLcode Curl_cf_ssl_proxy_insert_after(struct Curl_cfilter *cf_at, bool Curl_ssl_supports(struct Curl_easy *data, unsigned int ssl_option) { (void)data; - return (Curl_ssl->supports & ssl_option)? TRUE : FALSE; + return (Curl_ssl->supports & ssl_option); } static struct Curl_cfilter *get_ssl_filter(struct Curl_cfilter *cf) @@ -2104,7 +2158,7 @@ CURLcode Curl_ssl_cfilter_remove(struct Curl_easy *data, struct Curl_cfilter *cf, *head; CURLcode result = CURLE_OK; - head = data->conn? data->conn->cfilter[sockindex] : NULL; + head = data->conn ? data->conn->cfilter[sockindex] : NULL; for(cf = head; cf; cf = cf->next) { if(cf->cft == &Curl_cft_ssl) { bool done; @@ -2134,7 +2188,7 @@ Curl_ssl_cf_get_config(struct Curl_cfilter *cf, struct Curl_easy *data) (void)cf; return &data->set.ssl; #else - return Curl_ssl_cf_is_proxy(cf)? &data->set.proxy_ssl : &data->set.ssl; + return Curl_ssl_cf_is_proxy(cf) ? &data->set.proxy_ssl : &data->set.ssl; #endif } @@ -2144,7 +2198,7 @@ Curl_ssl_cf_get_primary_config(struct Curl_cfilter *cf) #ifdef CURL_DISABLE_PROXY return &cf->conn->ssl_config; #else - return Curl_ssl_cf_is_proxy(cf)? + return Curl_ssl_cf_is_proxy(cf) ? &cf->conn->proxy_ssl_config : &cf->conn->ssl_config; #endif } @@ -2195,21 +2249,73 @@ CURLcode Curl_alpn_to_proto_str(struct alpn_proto_buf *buf, return CURLE_OK; } +bool Curl_alpn_contains_proto(const struct alpn_spec *spec, + const char *proto) +{ + size_t i, plen = proto ? strlen(proto) : 0; + for(i = 0; spec && plen && i < spec->count; ++i) { + size_t slen = strlen(spec->entries[i]); + if((slen == plen) && !memcmp(proto, spec->entries[i], plen)) + return TRUE; + } + return FALSE; +} + CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf, struct Curl_easy *data, + struct ssl_connect_data *connssl, const unsigned char *proto, size_t proto_len) { - int can_multi = 0; + CURLcode result = CURLE_OK; unsigned char *palpn = #ifndef CURL_DISABLE_PROXY - (cf->conn->bits.tunnel_proxy && Curl_ssl_cf_is_proxy(cf))? + (cf->conn->bits.tunnel_proxy && Curl_ssl_cf_is_proxy(cf)) ? &cf->conn->proxy_alpn : &cf->conn->alpn #else &cf->conn->alpn #endif ; + if(connssl->alpn_negotiated) { + /* When we ask for a specific ALPN protocol, we need the confirmation + * of it by the server, as we have installed protocol handler and + * connection filter chain for exactly this protocol. */ + if(!proto_len) { + failf(data, "ALPN: asked for '%s' from previous session, " + "but server did not confirm it. Refusing to continue.", + connssl->alpn_negotiated); + result = CURLE_SSL_CONNECT_ERROR; + goto out; + } + else if((strlen(connssl->alpn_negotiated) != proto_len) || + memcmp(connssl->alpn_negotiated, proto, proto_len)) { + failf(data, "ALPN: asked for '%s' from previous session, but server " + "selected '%.*s'. Refusing to continue.", + connssl->alpn_negotiated, (int)proto_len, proto); + result = CURLE_SSL_CONNECT_ERROR; + goto out; + } + /* ALPN is exactly what we asked for, done. */ + infof(data, "ALPN: server confirmed to use '%s'", + connssl->alpn_negotiated); + goto out; + } + + if(proto && proto_len) { + if(memchr(proto, '\0', proto_len)) { + failf(data, "ALPN: server selected protocol contains NUL. " + "Refusing to continue."); + result = CURLE_SSL_CONNECT_ERROR; + goto out; + } + connssl->alpn_negotiated = malloc(proto_len + 1); + if(!connssl->alpn_negotiated) + return CURLE_OUT_OF_MEMORY; + memcpy(connssl->alpn_negotiated, proto, proto_len); + connssl->alpn_negotiated[proto_len] = 0; + } + if(proto && proto_len) { if(proto_len == ALPN_HTTP_1_1_LENGTH && !memcmp(ALPN_HTTP_1_1, proto, ALPN_HTTP_1_1_LENGTH)) { @@ -2219,14 +2325,12 @@ CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf, else if(proto_len == ALPN_H2_LENGTH && !memcmp(ALPN_H2, proto, ALPN_H2_LENGTH)) { *palpn = CURL_HTTP_VERSION_2; - can_multi = 1; } #endif #ifdef USE_HTTP3 else if(proto_len == ALPN_H3_LENGTH && !memcmp(ALPN_H3, proto, ALPN_H3_LENGTH)) { *palpn = CURL_HTTP_VERSION_3; - can_multi = 1; } #endif else { @@ -2237,18 +2341,22 @@ CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf, /* return CURLE_NOT_BUILT_IN; */ goto out; } - infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, (int)proto_len, proto); + + if(connssl->state == ssl_connection_deferred) + infof(data, VTLS_INFOF_ALPN_DEFERRED, (int)proto_len, proto); + else + infof(data, VTLS_INFOF_ALPN_ACCEPTED, (int)proto_len, proto); } else { *palpn = CURL_HTTP_VERSION_NONE; - infof(data, VTLS_INFOF_NO_ALPN); + if(connssl->state == ssl_connection_deferred) + infof(data, VTLS_INFOF_NO_ALPN_DEFERRED); + else + infof(data, VTLS_INFOF_NO_ALPN); } out: - if(!Curl_ssl_cf_is_proxy(cf)) - Curl_multiuse_state(data, can_multi? - BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); - return CURLE_OK; + return result; } #endif /* USE_SSL */ diff --git a/libraries/libcurl/vtls/vtls.h b/libraries/libcurl/vtls/vtls.h index 8fe2bc7c..7a223f6f 100644 --- a/libraries/libcurl/vtls/vtls.h +++ b/libraries/libcurl/vtls/vtls.h @@ -39,18 +39,22 @@ struct Curl_ssl_session; #define SSLSUPP_CAINFO_BLOB (1<<6) #define SSLSUPP_ECH (1<<7) #define SSLSUPP_CA_CACHE (1<<8) +#define SSLSUPP_CIPHER_LIST (1<<9) /* supports TLS 1.0-1.2 ciphersuites */ #define ALPN_ACCEPTED "ALPN: server accepted " -#define VTLS_INFOF_NO_ALPN \ +#define VTLS_INFOF_NO_ALPN \ "ALPN: server did not agree on a protocol. Uses default." -#define VTLS_INFOF_ALPN_OFFER_1STR \ +#define VTLS_INFOF_ALPN_OFFER_1STR \ "ALPN: curl offers %s" -#define VTLS_INFOF_ALPN_ACCEPTED_1STR \ - ALPN_ACCEPTED "%s" -#define VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR \ +#define VTLS_INFOF_ALPN_ACCEPTED \ ALPN_ACCEPTED "%.*s" +#define VTLS_INFOF_NO_ALPN_DEFERRED \ + "ALPN: deferred handshake for early data without specific protocol." +#define VTLS_INFOF_ALPN_DEFERRED \ + "ALPN: deferred handshake for early data using '%.*s'." + /* Curl_multi SSL backend-specific data; declared differently by each SSL backend */ struct Curl_cfilter; @@ -92,7 +96,7 @@ CURLcode Curl_ssl_conn_config_init(struct Curl_easy *data, void Curl_ssl_conn_config_cleanup(struct connectdata *conn); /** - * Return TRUE iff SSL configuration from `conn` is functionally the + * Return TRUE iff SSL configuration from `data` is functionally the * same as the one on `candidate`. * @param proxy match the proxy SSL config or the main one */ @@ -131,6 +135,7 @@ CURLcode Curl_ssl_initsessions(struct Curl_easy *, size_t); void Curl_ssl_version(char *buffer, size_t size); /* Certificate information list handling. */ +#define CURL_X509_STR_MAX 100000 void Curl_ssl_free_certinfo(struct Curl_easy *data); CURLcode Curl_ssl_init_certinfo(struct Curl_easy *data, int num); @@ -181,6 +186,25 @@ bool Curl_ssl_cert_status_request(void); bool Curl_ssl_false_start(struct Curl_easy *data); +/* The maximum size of the SSL channel binding is 85 bytes, as defined in + * RFC 5929, Section 4.1. The 'tls-server-end-point:' prefix is 21 bytes long, + * and SHA-512 is the longest supported hash algorithm, with a digest length of + * 64 bytes. + * The maximum size of the channel binding is therefore 21 + 64 = 85 bytes. + */ +#define SSL_CB_MAX_SIZE 85 + +/* Return the tls-server-end-point channel binding, including the + * 'tls-server-end-point:' prefix. + * If successful, the data is written to the dynbuf, and CURLE_OK is returned. + * The dynbuf MUST HAVE a minimum toobig size of SSL_CB_MAX_SIZE. + * If the dynbuf is too small, CURLE_OUT_OF_MEMORY is returned. + * If channel binding is not supported, binding stays empty and CURLE_OK is + * returned. + */ +CURLcode Curl_ssl_get_channel_binding(struct Curl_easy *data, int sockindex, + struct dynbuf *binding); + #define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */ CURLcode Curl_ssl_cfilter_add(struct Curl_easy *data, diff --git a/libraries/libcurl/vtls/vtls_int.h b/libraries/libcurl/vtls/vtls_int.h index 1472a0ca..13bd3fbb 100644 --- a/libraries/libcurl/vtls/vtls_int.h +++ b/libraries/libcurl/vtls/vtls_int.h @@ -29,6 +29,8 @@ #ifdef USE_SSL +struct ssl_connect_data; + /* see https://www.iana.org/assignments/tls-extensiontype-values/ */ #define ALPN_HTTP_1_1_LENGTH 8 #define ALPN_HTTP_1_1 "http/1.1" @@ -61,9 +63,13 @@ CURLcode Curl_alpn_to_proto_str(struct alpn_proto_buf *buf, CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf, struct Curl_easy *data, + struct ssl_connect_data *connssl, const unsigned char *proto, size_t proto_len); +bool Curl_alpn_contains_proto(const struct alpn_spec *spec, + const char *proto); + /* enum for the nonblocking SSL connection state machine */ typedef enum { ssl_connect_1, @@ -74,14 +80,27 @@ typedef enum { typedef enum { ssl_connection_none, + ssl_connection_deferred, ssl_connection_negotiating, ssl_connection_complete } ssl_connection_state; +typedef enum { + ssl_earlydata_none, + ssl_earlydata_use, + ssl_earlydata_sending, + ssl_earlydata_sent, + ssl_earlydata_accepted, + ssl_earlydata_rejected +} ssl_earlydata_state; + #define CURL_SSL_IO_NEED_NONE (0) #define CURL_SSL_IO_NEED_RECV (1<<0) #define CURL_SSL_IO_NEED_SEND (1<<1) +/* Max earlydata payload we want to send */ +#define CURL_SSL_EARLY_MAX (64*1024) + /* Information in each SSL cfilter context: cf->ctx */ struct ssl_connect_data { struct ssl_peer peer; @@ -89,8 +108,14 @@ struct ssl_connect_data { void *backend; /* vtls backend specific props */ struct cf_call_data call_data; /* data handle used in current call */ struct curltime handshake_done; /* time when handshake finished */ + char *alpn_negotiated; /* negotiated ALPN value or NULL */ + struct bufq earlydata; /* earlydata to be send to peer */ + size_t earlydata_max; /* max earlydata allowed by peer */ + size_t earlydata_skip; /* sending bytes to skip when earlydata + * is accepted by peer */ ssl_connection_state state; ssl_connect_state connecting_state; + ssl_earlydata_state earlydata_state; int io_need; /* TLS signals special SEND/RECV needs */ BIT(use_alpn); /* if ALPN shall be used in handshake */ BIT(peer_closed); /* peer has closed connection */ @@ -158,6 +183,9 @@ struct Curl_ssl { ssize_t (*send_plain)(struct Curl_cfilter *cf, struct Curl_easy *data, const void *mem, size_t len, CURLcode *code); + CURLcode (*get_channel_binding)(struct Curl_easy *data, int sockindex, + struct dynbuf *binding); + }; extern const struct Curl_ssl *Curl_ssl; @@ -168,8 +196,6 @@ void Curl_none_cleanup(void); CURLcode Curl_none_shutdown(struct Curl_cfilter *cf, struct Curl_easy *data, bool send_shutdown, bool *done); int Curl_none_check_cxn(struct Curl_cfilter *cf, struct Curl_easy *data); -CURLcode Curl_none_random(struct Curl_easy *data, unsigned char *entropy, - size_t length); void Curl_none_close_all(struct Curl_easy *data); void Curl_none_session_free(void *ptr); bool Curl_none_data_pending(struct Curl_cfilter *cf, @@ -192,15 +218,23 @@ bool Curl_ssl_cf_is_proxy(struct Curl_cfilter *cf); * Caller must make sure that the ownership of returned sessionid object * is properly taken (e.g. its refcount is incremented * under sessionid mutex). + * @param cf the connection filter wanting to use it + * @param data the transfer involved + * @param peer the peer the filter wants to talk to + * @param sessionid on return the TLS session + * @param idsize on return the size of the TLS session data + * @param palpn on return the ALPN string used by the session, + * set to NULL when not interested */ bool Curl_ssl_getsessionid(struct Curl_cfilter *cf, struct Curl_easy *data, const struct ssl_peer *peer, void **ssl_sessionid, - size_t *idsize); /* set 0 if unknown */ + size_t *idsize, /* set 0 if unknown */ + char **palpn); /* Set a TLS session ID for `peer`. Replaces an existing session ID if - * not already the very same. + * not already the same. * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock). * Call takes ownership of `ssl_sessionid`, using `sessionid_free_cb` * to deallocate it. Is called in all outcomes, either right away or @@ -211,19 +245,11 @@ bool Curl_ssl_getsessionid(struct Curl_cfilter *cf, CURLcode Curl_ssl_set_sessionid(struct Curl_cfilter *cf, struct Curl_easy *data, const struct ssl_peer *peer, + const char *alpn, void *sessionid, size_t sessionid_size, Curl_ssl_sessionid_dtor *sessionid_free_cb); -#include "openssl.h" /* OpenSSL versions */ -#include "gtls.h" /* GnuTLS versions */ -#include "wolfssl.h" /* wolfSSL versions */ -#include "schannel.h" /* Schannel SSPI version */ -#include "sectransp.h" /* SecureTransport (Darwin) version */ -#include "mbedtls.h" /* mbedTLS versions */ -#include "bearssl.h" /* BearSSL versions */ -#include "rustls.h" /* rustls versions */ - #endif /* USE_SSL */ #endif /* HEADER_CURL_VTLS_INT_H */ diff --git a/libraries/libcurl/vtls/wolfssl.c b/libraries/libcurl/vtls/wolfssl.c index 2b467c93..0d74b3e7 100644 --- a/libraries/libcurl/vtls/wolfssl.c +++ b/libraries/libcurl/vtls/wolfssl.c @@ -36,6 +36,10 @@ #include #include +#if LIBWOLFSSL_VERSION_HEX < 0x03004006 /* wolfSSL 3.4.6 (2015) */ +#error "wolfSSL version should be at least 3.4.6" +#endif + /* To determine what functions are available we rely on one or both of: - the user's options.h generated by wolfSSL - the symbols detected by curl's configure @@ -93,9 +97,25 @@ #endif #endif -#if defined(HAVE_WOLFSSL_FULL_BIO) && HAVE_WOLFSSL_FULL_BIO +#ifdef HAVE_WOLFSSL_BIO #define USE_BIO_CHAIN -#else +#ifdef HAVE_WOLFSSL_FULL_BIO +#define USE_FULL_BIO +#else /* HAVE_WOLFSSL_FULL_BIO */ +#undef USE_FULL_BIO +#endif +/* wolfSSL 5.7.4 and older do not have these symbols, but only the + * OpenSSL ones. */ +#ifndef WOLFSSL_BIO_CTRL_GET_CLOSE +#define WOLFSSL_BIO_CTRL_GET_CLOSE BIO_CTRL_GET_CLOSE +#define WOLFSSL_BIO_CTRL_SET_CLOSE BIO_CTRL_SET_CLOSE +#define WOLFSSL_BIO_CTRL_FLUSH BIO_CTRL_FLUSH +#define WOLFSSL_BIO_CTRL_DUP BIO_CTRL_DUP +#define wolfSSL_BIO_set_retry_write BIO_set_retry_write +#define wolfSSL_BIO_set_retry_read BIO_set_retry_read +#endif /* !WOLFSSL_BIO_CTRL_GET_CLOSE */ + +#else /* HAVE_WOLFSSL_BIO */ #undef USE_BIO_CHAIN #endif @@ -159,7 +179,7 @@ wolfssl_tls13_secret_callback(SSL *ssl, int id, const unsigned char *secret, #endif /* defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13) */ static void -wolfssl_log_tls12_secret(SSL *ssl) +wolfssl_log_tls12_secret(WOLFSSL *ssl) { unsigned char *ms, *sr, *cr; unsigned int msLen, srLen, crLen, i, x = 0; @@ -183,7 +203,7 @@ wolfssl_log_tls12_secret(SSL *ssl) #endif if(wolfSSL_get_keys(ssl, &ms, &msLen, &sr, &srLen, &cr, &crLen) != - SSL_SUCCESS) { + WOLFSSL_SUCCESS) { return; } @@ -201,14 +221,14 @@ wolfssl_log_tls12_secret(SSL *ssl) } #endif /* OPENSSL_EXTRA */ -static int do_file_type(const char *type) +static int wolfssl_do_file_type(const char *type) { if(!type || !type[0]) - return SSL_FILETYPE_PEM; + return WOLFSSL_FILETYPE_PEM; if(strcasecompare(type, "PEM")) - return SSL_FILETYPE_PEM; + return WOLFSSL_FILETYPE_PEM; if(strcasecompare(type, "DER")) - return SSL_FILETYPE_ASN1; + return WOLFSSL_FILETYPE_ASN1; return -1; } @@ -233,7 +253,9 @@ static const struct group_name_map gnm[] = { static int wolfssl_bio_cf_create(WOLFSSL_BIO *bio) { +#ifdef USE_FULL_BIO wolfSSL_BIO_set_shutdown(bio, 1); +#endif wolfSSL_BIO_set_data(bio, NULL); return 1; } @@ -247,28 +269,35 @@ static int wolfssl_bio_cf_destroy(WOLFSSL_BIO *bio) static long wolfssl_bio_cf_ctrl(WOLFSSL_BIO *bio, int cmd, long num, void *ptr) { - struct Curl_cfilter *cf = BIO_get_data(bio); + struct Curl_cfilter *cf = wolfSSL_BIO_get_data(bio); long ret = 1; (void)cf; (void)ptr; + (void)num; switch(cmd) { - case BIO_CTRL_GET_CLOSE: + case WOLFSSL_BIO_CTRL_GET_CLOSE: +#ifdef USE_FULL_BIO ret = (long)wolfSSL_BIO_get_shutdown(bio); +#else + ret = 0; +#endif break; - case BIO_CTRL_SET_CLOSE: + case WOLFSSL_BIO_CTRL_SET_CLOSE: +#ifdef USE_FULL_BIO wolfSSL_BIO_set_shutdown(bio, (int)num); +#endif break; - case BIO_CTRL_FLUSH: + case WOLFSSL_BIO_CTRL_FLUSH: /* we do no delayed writes, but if we ever would, this * needs to trigger it. */ ret = 1; break; - case BIO_CTRL_DUP: + case WOLFSSL_BIO_CTRL_DUP: ret = 1; break; -#ifdef BIO_CTRL_EOF - case BIO_CTRL_EOF: +#ifdef WOLFSSL_BIO_CTRL_EOF + case WOLFSSL_BIO_CTRL_EOF: /* EOF has been reached on input? */ return (!cf->next || !cf->next->connected); #endif @@ -287,17 +316,34 @@ static int wolfssl_bio_cf_out_write(WOLFSSL_BIO *bio, struct wolfssl_ctx *backend = (struct wolfssl_ctx *)connssl->backend; struct Curl_easy *data = CF_DATA_CURRENT(cf); - ssize_t nwritten; + ssize_t nwritten, skiplen = 0; CURLcode result = CURLE_OK; DEBUGASSERT(data); - nwritten = Curl_conn_cf_send(cf->next, data, buf, blen, &result); + if(backend->shutting_down && backend->io_send_blocked_len && + (backend->io_send_blocked_len < blen)) { + /* bug in wolfSSL: + * It adds the close notify message again every time we retry + * sending during shutdown. */ + CURL_TRC_CF(data, cf, "bio_write, shutdown restrict send of %d" + " to %d bytes", blen, backend->io_send_blocked_len); + skiplen = (ssize_t)(blen - backend->io_send_blocked_len); + blen = backend->io_send_blocked_len; + } + nwritten = Curl_conn_cf_send(cf->next, data, buf, blen, FALSE, &result); backend->io_result = result; CURL_TRC_CF(data, cf, "bio_write(len=%d) -> %zd, %d", blen, nwritten, result); +#ifdef USE_FULL_BIO wolfSSL_BIO_clear_retry_flags(bio); - if(nwritten < 0 && CURLE_AGAIN == result) - BIO_set_retry_write(bio); +#endif + if(nwritten < 0 && CURLE_AGAIN == result) { + wolfSSL_BIO_set_retry_write(bio); + if(backend->shutting_down && !backend->io_send_blocked_len) + backend->io_send_blocked_len = blen; + } + else if(!result && skiplen) + nwritten += skiplen; return (int)nwritten; } @@ -319,9 +365,11 @@ static int wolfssl_bio_cf_in_read(WOLFSSL_BIO *bio, char *buf, int blen) nread = Curl_conn_cf_recv(cf->next, data, buf, blen, &result); backend->io_result = result; CURL_TRC_CF(data, cf, "bio_read(len=%d) -> %zd, %d", blen, nread, result); +#ifdef USE_FULL_BIO wolfSSL_BIO_clear_retry_flags(bio); +#endif if(nread < 0 && CURLE_AGAIN == result) - BIO_set_retry_read(bio); + wolfSSL_BIO_set_retry_read(bio); else if(nread == 0) connssl->peer_closed = TRUE; return (int)nread; @@ -331,7 +379,8 @@ static WOLFSSL_BIO_METHOD *wolfssl_bio_cf_method = NULL; static void wolfssl_bio_cf_init_methods(void) { - wolfssl_bio_cf_method = wolfSSL_BIO_meth_new(BIO_TYPE_MEM, "wolfSSL CF BIO"); + wolfssl_bio_cf_method = wolfSSL_BIO_meth_new(WOLFSSL_BIO_MEMORY, + "wolfSSL CF BIO"); wolfSSL_BIO_meth_set_write(wolfssl_bio_cf_method, &wolfssl_bio_cf_out_write); wolfSSL_BIO_meth_set_read(wolfssl_bio_cf_method, &wolfssl_bio_cf_in_read); wolfSSL_BIO_meth_set_ctrl(wolfssl_bio_cf_method, &wolfssl_bio_cf_ctrl); @@ -351,9 +400,114 @@ static void wolfssl_bio_cf_free_methods(void) #endif /* !USE_BIO_CHAIN */ +static void wolfssl_session_free(void *sdata, size_t slen) +{ + (void)slen; + free(sdata); +} + +CURLcode wssl_cache_session(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct ssl_peer *peer, + WOLFSSL_SESSION *session) +{ + CURLcode result = CURLE_OK; + unsigned char *sdata = NULL; + unsigned int slen; + + if(!session) + goto out; + + slen = wolfSSL_i2d_SSL_SESSION(session, NULL); + if(slen <= 0) { + CURL_TRC_CF(data, cf, "fail to assess session length: %u", slen); + result = CURLE_FAILED_INIT; + goto out; + } + sdata = calloc(1, slen); + if(!sdata) { + failf(data, "unable to allocate session buffer of %u bytes", slen); + result = CURLE_OUT_OF_MEMORY; + goto out; + } + slen = wolfSSL_i2d_SSL_SESSION(session, &sdata); + if(slen <= 0) { + CURL_TRC_CF(data, cf, "fail to serialize session: %u", slen); + result = CURLE_FAILED_INIT; + goto out; + } + + Curl_ssl_sessionid_lock(data); + result = Curl_ssl_set_sessionid(cf, data, peer, NULL, + sdata, slen, wolfssl_session_free); + Curl_ssl_sessionid_unlock(data); + if(result) + failf(data, "failed to add new ssl session to cache (%d)", result); + else { + CURL_TRC_CF(data, cf, "added new session to cache"); + sdata = NULL; + } + +out: + free(sdata); + return 0; +} + +static int wssl_vtls_new_session_cb(WOLFSSL *ssl, WOLFSSL_SESSION *session) +{ + struct Curl_cfilter *cf; + + cf = (struct Curl_cfilter*)wolfSSL_get_app_data(ssl); + DEBUGASSERT(cf != NULL); + if(cf && session) { + struct ssl_connect_data *connssl = cf->ctx; + struct Curl_easy *data = CF_DATA_CURRENT(cf); + DEBUGASSERT(connssl); + DEBUGASSERT(data); + if(connssl && data) { + (void)wssl_cache_session(cf, data, &connssl->peer, session); + } + } + return 0; +} + +CURLcode wssl_setup_session(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct wolfssl_ctx *wss, + struct ssl_peer *peer) +{ + void *psdata; + const unsigned char *sdata = NULL; + size_t slen = 0; + CURLcode result = CURLE_OK; + + Curl_ssl_sessionid_lock(data); + if(!Curl_ssl_getsessionid(cf, data, peer, &psdata, &slen, NULL)) { + WOLFSSL_SESSION *session; + sdata = psdata; + session = wolfSSL_d2i_SSL_SESSION(NULL, &sdata, (long)slen); + if(session) { + int ret = wolfSSL_set_session(wss->handle, session); + if(ret != WOLFSSL_SUCCESS) { + Curl_ssl_delsessionid(data, psdata); + infof(data, "previous session not accepted (%d), " + "removing from cache", ret); + } + else + infof(data, "SSL reusing session ID"); + wolfSSL_SESSION_free(session); + } + else { + failf(data, "could not decode previous session"); + } + } + Curl_ssl_sessionid_unlock(data); + return result; +} + static CURLcode populate_x509_store(struct Curl_cfilter *cf, struct Curl_easy *data, - X509_STORE *store, + WOLFSSL_X509_STORE *store, struct wolfssl_ctx *wssl) { struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); @@ -363,7 +517,7 @@ static CURLcode populate_x509_store(struct Curl_cfilter *cf, (ca_info_blob ? NULL : conn_config->CAfile); const char * const ssl_capath = conn_config->CApath; struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); - bool imported_native_ca = false; + bool imported_native_ca = FALSE; #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SYS_CA_CERTS) /* load native CA certificates */ @@ -372,7 +526,7 @@ static CURLcode populate_x509_store(struct Curl_cfilter *cf, infof(data, "error importing native CA store, continuing anyway"); } else { - imported_native_ca = true; + imported_native_ca = TRUE; infof(data, "successfully imported native CA store"); wssl->x509_store_setup = TRUE; } @@ -383,7 +537,8 @@ static CURLcode populate_x509_store(struct Curl_cfilter *cf, if(ca_info_blob) { if(wolfSSL_CTX_load_verify_buffer(wssl->ctx, ca_info_blob->data, (long)ca_info_blob->len, - SSL_FILETYPE_PEM) != SSL_SUCCESS) { + WOLFSSL_FILETYPE_PEM) != + WOLFSSL_SUCCESS) { if(imported_native_ca) { infof(data, "error importing CA certificate blob, continuing anyway"); } @@ -402,7 +557,7 @@ static CURLcode populate_x509_store(struct Curl_cfilter *cf, /* load trusted cacert from file if not blob */ CURL_TRC_CF(data, cf, "populate_x509_store, path=%s, blob=%d", - ssl_cafile? ssl_cafile : "none", !!ca_info_blob); + ssl_cafile ? ssl_cafile : "none", !!ca_info_blob); if(!store) return CURLE_OUT_OF_MEMORY; @@ -412,7 +567,7 @@ static CURLcode populate_x509_store(struct Curl_cfilter *cf, ssl_cafile, ssl_capath, WOLFSSL_LOAD_FLAG_IGNORE_ERR); - if(SSL_SUCCESS != rc) { + if(WOLFSSL_SUCCESS != rc) { if(conn_config->verifypeer) { /* Fail if we insist on successfully verifying the server. */ failf(data, "error setting certificate verify locations:" @@ -474,7 +629,7 @@ cached_x509_store_expired(const struct Curl_easy *data, timediff_t timeout_ms = cfg->ca_cache_timeout * (timediff_t)1000; if(timeout_ms < 0) - return false; + return FALSE; return elapsed_ms >= timeout_ms; } @@ -490,17 +645,17 @@ cached_x509_store_different(struct Curl_cfilter *cf, return strcmp(mb->CAfile, conn_config->CAfile); } -static X509_STORE *get_cached_x509_store(struct Curl_cfilter *cf, - const struct Curl_easy *data) +static WOLFSSL_X509_STORE *get_cached_x509_store(struct Curl_cfilter *cf, + const struct Curl_easy *data) { struct Curl_multi *multi = data->multi; struct wssl_x509_share *share; WOLFSSL_X509_STORE *store = NULL; DEBUGASSERT(multi); - share = multi? Curl_hash_pick(&multi->proto_hash, - (void *)MPROTO_WSSL_X509_KEY, - sizeof(MPROTO_WSSL_X509_KEY)-1) : NULL; + share = multi ? Curl_hash_pick(&multi->proto_hash, + (void *)MPROTO_WSSL_X509_KEY, + sizeof(MPROTO_WSSL_X509_KEY)-1) : NULL; if(share && share->store && !cached_x509_store_expired(data, share) && !cached_x509_store_different(cf, share)) { @@ -512,7 +667,7 @@ static X509_STORE *get_cached_x509_store(struct Curl_cfilter *cf, static void set_cached_x509_store(struct Curl_cfilter *cf, const struct Curl_easy *data, - X509_STORE *store) + WOLFSSL_X509_STORE *store) { struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); struct Curl_multi *multi = data->multi; @@ -544,13 +699,13 @@ static void set_cached_x509_store(struct Curl_cfilter *cf, if(conn_config->CAfile) { CAfile = strdup(conn_config->CAfile); if(!CAfile) { - X509_STORE_free(store); + wolfSSL_X509_STORE_free(store); return; } } if(share->store) { - X509_STORE_free(share->store); + wolfSSL_X509_STORE_free(share->store); free(share->CAfile); } @@ -581,13 +736,16 @@ CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf, !ssl_config->native_ca_store; cached_store = cache_criteria_met ? get_cached_x509_store(cf, data) : NULL; - if(cached_store && wolfSSL_X509_STORE_up_ref(cached_store)) { + if(cached_store && wolfSSL_CTX_get_cert_store(wssl->ctx) == cached_store) { + /* The cached store is already in use, do nothing. */ + } + else if(cached_store && wolfSSL_X509_STORE_up_ref(cached_store)) { wolfSSL_CTX_set_cert_store(wssl->ctx, cached_store); } else if(cache_criteria_met) { /* wolfSSL's initial store in CTX is not shareable by default. * Make a new one, suitable for adding to the cache. See #14278 */ - X509_STORE *store = wolfSSL_X509_STORE_new(); + WOLFSSL_X509_STORE *store = wolfSSL_X509_STORE_new(); if(!store) { failf(data, "SSL: could not create a X509 store"); return CURLE_OUT_OF_MEMORY; @@ -601,13 +759,81 @@ CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf, } else { /* We never share the CTX's store, use it. */ - X509_STORE *store = wolfSSL_CTX_get_cert_store(wssl->ctx); + WOLFSSL_X509_STORE *store = wolfSSL_CTX_get_cert_store(wssl->ctx); result = populate_x509_store(cf, data, store, wssl); } return result; } +#ifdef WOLFSSL_TLS13 +static CURLcode +wssl_add_default_ciphers(bool tls13, struct dynbuf *buf) +{ + int i; + char *str; + + for(i = 0; (str = wolfSSL_get_cipher_list(i)); i++) { + size_t n; + if((strncmp(str, "TLS13", 5) == 0) != tls13) + continue; + + /* if there already is data in the string, add colon separator */ + if(Curl_dyn_len(buf)) { + CURLcode result = Curl_dyn_addn(buf, ":", 1); + if(result) + return result; + } + + n = strlen(str); + if(Curl_dyn_addn(buf, str, n)) + return CURLE_OUT_OF_MEMORY; + } + + return CURLE_OK; +} +#endif + +/* 4.2.0 (2019) */ +#if LIBWOLFSSL_VERSION_HEX < 0x04002000 || !defined(OPENSSL_EXTRA) +static int +wssl_legacy_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version) +{ + int res; + switch(version) { + default: + case TLS1_VERSION: + res = wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_TLSV1); + if(res == WOLFSSL_SUCCESS) + return res; + FALLTHROUGH(); + case TLS1_1_VERSION: + res = wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_TLSV1_1); + if(res == WOLFSSL_SUCCESS) + return res; + FALLTHROUGH(); + case TLS1_2_VERSION: + res = wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_TLSV1_2); +#ifdef WOLFSSL_TLS13 + if(res == WOLFSSL_SUCCESS) + return res; + FALLTHROUGH(); + case TLS1_3_VERSION: + res = wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_TLSV1_3); +#endif + } + return res; +} +static int +wssl_legacy_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version) +{ + (void) ctx, (void) version; + return WOLFSSL_NOT_IMPLEMENTED; +} +#define wolfSSL_CTX_set_min_proto_version wssl_legacy_CTX_set_min_proto_version +#define wolfSSL_CTX_set_max_proto_version wssl_legacy_CTX_set_max_proto_version +#endif + /* * This function loads all the client/CA certificates and CRLs. Setup the TLS * layer and do all necessary magic. @@ -615,7 +841,8 @@ CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf, static CURLcode wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) { - char *ciphers, *curves; + int res; + char *curves; struct ssl_connect_data *connssl = cf->ctx; struct wolfssl_ctx *backend = (struct wolfssl_ctx *)connssl->backend; @@ -625,12 +852,6 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) #ifdef WOLFSSL_HAVE_KYBER word16 pqkem = 0; size_t idx = 0; -#endif -#ifdef HAVE_SNI - bool sni = FALSE; -#define use_sni(x) sni = (x) -#else -#define use_sni(x) Curl_nop_stmt #endif DEBUGASSERT(backend); @@ -638,114 +859,126 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) if(connssl->state == ssl_connection_complete) return CURLE_OK; - if(conn_config->version_max != CURL_SSLVERSION_MAX_NONE) { - failf(data, "wolfSSL does not support to set maximum SSL/TLS version"); - return CURLE_SSL_CONNECT_ERROR; +#if LIBWOLFSSL_VERSION_HEX < 0x04002000 /* 4.2.0 (2019) */ + req_method = wolfSSLv23_client_method(); +#else + req_method = wolfTLS_client_method(); +#endif + if(!req_method) { + failf(data, "wolfSSL: could not create a client method"); + return CURLE_OUT_OF_MEMORY; + } + + if(backend->ctx) + wolfSSL_CTX_free(backend->ctx); + + backend->ctx = wolfSSL_CTX_new(req_method); + if(!backend->ctx) { + failf(data, "wolfSSL: could not create a context"); + return CURLE_OUT_OF_MEMORY; } - /* check to see if we have been told to use an explicit SSL/TLS version */ switch(conn_config->version) { case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: -#if LIBWOLFSSL_VERSION_HEX >= 0x03003000 /* >= 3.3.0 */ - /* minimum protocol version is set later after the CTX object is created */ - req_method = SSLv23_client_method(); -#else - infof(data, "wolfSSL <3.3.0 cannot be configured to use TLS 1.0-1.2, " - "TLS 1.0 is used exclusively"); - req_method = TLSv1_client_method(); -#endif - use_sni(TRUE); - break; case CURL_SSLVERSION_TLSv1_0: -#if defined(WOLFSSL_ALLOW_TLSV10) && !defined(NO_OLD_TLS) - req_method = TLSv1_client_method(); - use_sni(TRUE); + res = wolfSSL_CTX_set_min_proto_version(backend->ctx, TLS1_VERSION); break; -#else - failf(data, "wolfSSL does not support TLS 1.0"); - return CURLE_NOT_BUILT_IN; -#endif case CURL_SSLVERSION_TLSv1_1: -#ifndef NO_OLD_TLS - req_method = TLSv1_1_client_method(); - use_sni(TRUE); + res = wolfSSL_CTX_set_min_proto_version(backend->ctx, TLS1_1_VERSION); break; -#else - failf(data, "wolfSSL does not support TLS 1.1"); - return CURLE_NOT_BUILT_IN; -#endif case CURL_SSLVERSION_TLSv1_2: -#ifndef WOLFSSL_NO_TLS12 - req_method = TLSv1_2_client_method(); - use_sni(TRUE); -#else - failf(data, "wolfSSL does not support TLS 1.2"); - return CURLE_NOT_BUILT_IN; -#endif + res = wolfSSL_CTX_set_min_proto_version(backend->ctx, TLS1_2_VERSION); break; - case CURL_SSLVERSION_TLSv1_3: #ifdef WOLFSSL_TLS13 - req_method = wolfTLSv1_3_client_method(); - use_sni(TRUE); + case CURL_SSLVERSION_TLSv1_3: + res = wolfSSL_CTX_set_min_proto_version(backend->ctx, TLS1_3_VERSION); break; -#else - failf(data, "wolfSSL: TLS 1.3 is not yet supported"); - return CURLE_SSL_CONNECT_ERROR; #endif default: - failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); + failf(data, "wolfSSL: unsupported minimum TLS version value"); return CURLE_SSL_CONNECT_ERROR; } - - if(!req_method) { - failf(data, "SSL: could not create a method"); - return CURLE_OUT_OF_MEMORY; - } - - if(backend->ctx) - wolfSSL_CTX_free(backend->ctx); - backend->ctx = wolfSSL_CTX_new(req_method); - - if(!backend->ctx) { - failf(data, "SSL: could not create a context"); - return CURLE_OUT_OF_MEMORY; + if(res != WOLFSSL_SUCCESS) { + failf(data, "wolfSSL: failed set the minimum TLS version"); + return CURLE_SSL_CONNECT_ERROR; } - switch(conn_config->version) { - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1: -#if LIBWOLFSSL_VERSION_HEX > 0x03004006 /* > 3.4.6 */ - /* Versions 3.3.0 to 3.4.6 we know the minimum protocol version is - * whatever minimum version of TLS was built in and at least TLS 1.0. For - * later library versions that could change (eg TLS 1.0 built in but - * defaults to TLS 1.1) so we have this short circuit evaluation to find - * the minimum supported TLS version. - */ - if((wolfSSL_CTX_SetMinVersion(backend->ctx, WOLFSSL_TLSV1) != 1) && - (wolfSSL_CTX_SetMinVersion(backend->ctx, WOLFSSL_TLSV1_1) != 1) && - (wolfSSL_CTX_SetMinVersion(backend->ctx, WOLFSSL_TLSV1_2) != 1) + switch(conn_config->version_max) { #ifdef WOLFSSL_TLS13 - && (wolfSSL_CTX_SetMinVersion(backend->ctx, WOLFSSL_TLSV1_3) != 1) -#endif - ) { - failf(data, "SSL: could not set the minimum protocol version"); - return CURLE_SSL_CONNECT_ERROR; - } + case CURL_SSLVERSION_MAX_TLSv1_3: + res = wolfSSL_CTX_set_max_proto_version(backend->ctx, TLS1_3_VERSION); + break; #endif - FALLTHROUGH(); - default: + case CURL_SSLVERSION_MAX_TLSv1_2: + res = wolfSSL_CTX_set_max_proto_version(backend->ctx, TLS1_2_VERSION); + break; + case CURL_SSLVERSION_MAX_TLSv1_1: + res = wolfSSL_CTX_set_max_proto_version(backend->ctx, TLS1_1_VERSION); break; + case CURL_SSLVERSION_MAX_TLSv1_0: + res = wolfSSL_CTX_set_max_proto_version(backend->ctx, TLS1_VERSION); + break; + case CURL_SSLVERSION_MAX_DEFAULT: + case CURL_SSLVERSION_MAX_NONE: + res = WOLFSSL_SUCCESS; + break; + default: + failf(data, "wolfSSL: unsupported maximum TLS version value"); + return CURLE_SSL_CONNECT_ERROR; + } + if(res != WOLFSSL_SUCCESS) { + failf(data, "wolfSSL: failed set the maximum TLS version"); + return CURLE_SSL_CONNECT_ERROR; + } + +#ifndef WOLFSSL_TLS13 + { + char *ciphers = conn_config->cipher_list; + if(ciphers) { + if(!SSL_CTX_set_cipher_list(backend->ctx, ciphers)) { + failf(data, "failed setting cipher list: %s", ciphers); + return CURLE_SSL_CIPHER; + } + infof(data, "Cipher selection: %s", ciphers); + } } +#else +#define MAX_CIPHER_LEN 4096 + if(conn_config->cipher_list || conn_config->cipher_list13) { + const char *ciphers12 = conn_config->cipher_list; + const char *ciphers13 = conn_config->cipher_list13; + struct dynbuf c; + CURLcode result; + Curl_dyn_init(&c, MAX_CIPHER_LEN); + + if(ciphers13) + result = Curl_dyn_add(&c, ciphers13); + else + result = wssl_add_default_ciphers(TRUE, &c); - ciphers = conn_config->cipher_list; - if(ciphers) { - if(!SSL_CTX_set_cipher_list(backend->ctx, ciphers)) { - failf(data, "failed setting cipher list: %s", ciphers); + if(!result) { + if(ciphers12) { + if(Curl_dyn_len(&c)) + result = Curl_dyn_addn(&c, ":", 1); + if(!result) + result = Curl_dyn_add(&c, ciphers12); + } + else + result = wssl_add_default_ciphers(FALSE, &c); + } + if(result) + return result; + + if(!wolfSSL_CTX_set_cipher_list(backend->ctx, Curl_dyn_ptr(&c))) { + failf(data, "failed setting cipher list: %s", Curl_dyn_ptr(&c)); + Curl_dyn_free(&c); return CURLE_SSL_CIPHER; } - infof(data, "Cipher selection: %s", ciphers); + infof(data, "Cipher selection: %s", Curl_dyn_ptr(&c)); + Curl_dyn_free(&c); } +#endif curves = conn_config->curves; if(curves) { @@ -761,47 +994,96 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) if(pqkem == 0) #endif { - if(!SSL_CTX_set1_curves_list(backend->ctx, curves)) { + if(!wolfSSL_CTX_set1_curves_list(backend->ctx, curves)) { failf(data, "failed setting curves list: '%s'", curves); return CURLE_SSL_CIPHER; } } } -#ifndef NO_FILESYSTEM /* Load the client certificate, and private key */ - if(ssl_config->primary.clientcert) { - char *key_file = ssl_config->key; - int file_type = do_file_type(ssl_config->cert_type); - - if(file_type == WOLFSSL_FILETYPE_PEM) { - if(wolfSSL_CTX_use_certificate_chain_file(backend->ctx, - ssl_config->primary.clientcert) - != 1) { - failf(data, "unable to use client certificate"); - return CURLE_SSL_CONNECT_ERROR; - } +#ifndef NO_FILESYSTEM + if(ssl_config->primary.cert_blob || ssl_config->primary.clientcert) { + const char *cert_file = ssl_config->primary.clientcert; + const char *key_file = ssl_config->key; + const struct curl_blob *cert_blob = ssl_config->primary.cert_blob; + const struct curl_blob *key_blob = ssl_config->key_blob; + int file_type = wolfssl_do_file_type(ssl_config->cert_type); + int rc; + + switch(file_type) { + case WOLFSSL_FILETYPE_PEM: + rc = cert_blob ? + wolfSSL_CTX_use_certificate_chain_buffer(backend->ctx, + cert_blob->data, + (long)cert_blob->len) : + wolfSSL_CTX_use_certificate_chain_file(backend->ctx, cert_file); + break; + case WOLFSSL_FILETYPE_ASN1: + rc = cert_blob ? + wolfSSL_CTX_use_certificate_buffer(backend->ctx, cert_blob->data, + (long)cert_blob->len, file_type) : + wolfSSL_CTX_use_certificate_file(backend->ctx, cert_file, file_type); + break; + default: + failf(data, "unknown cert type"); + return CURLE_BAD_FUNCTION_ARGUMENT; } - else if(file_type == WOLFSSL_FILETYPE_ASN1) { - if(wolfSSL_CTX_use_certificate_file(backend->ctx, - ssl_config->primary.clientcert, - file_type) != 1) { - failf(data, "unable to use client certificate"); - return CURLE_SSL_CONNECT_ERROR; - } + if(rc != 1) { + failf(data, "unable to use client certificate"); + return CURLE_SSL_CONNECT_ERROR; } - else { + + if(!key_blob && !key_file) { + key_blob = cert_blob; + key_file = cert_file; + } + else + file_type = wolfssl_do_file_type(ssl_config->key_type); + + rc = key_blob ? + wolfSSL_CTX_use_PrivateKey_buffer(backend->ctx, key_blob->data, + (long)key_blob->len, file_type) : + wolfSSL_CTX_use_PrivateKey_file(backend->ctx, key_file, file_type); + if(rc != 1) { + failf(data, "unable to set private key"); + return CURLE_SSL_CONNECT_ERROR; + } + } +#else /* NO_FILESYSTEM */ + if(ssl_config->primary.cert_blob) { + const struct curl_blob *cert_blob = ssl_config->primary.cert_blob; + const struct curl_blob *key_blob = ssl_config->key_blob; + int file_type = wolfssl_do_file_type(ssl_config->cert_type); + int rc; + + switch(file_type) { + case WOLFSSL_FILETYPE_PEM: + rc = wolfSSL_CTX_use_certificate_chain_buffer(backend->ctx, + cert_blob->data, + (long)cert_blob->len); + break; + case WOLFSSL_FILETYPE_ASN1: + rc = wolfSSL_CTX_use_certificate_buffer(backend->ctx, cert_blob->data, + (long)cert_blob->len, file_type); + break; + default: failf(data, "unknown cert type"); return CURLE_BAD_FUNCTION_ARGUMENT; } + if(rc != 1) { + failf(data, "unable to use client certificate"); + return CURLE_SSL_CONNECT_ERROR; + } - if(!key_file) - key_file = ssl_config->primary.clientcert; + if(!key_blob) + key_blob = cert_blob; else - file_type = do_file_type(ssl_config->key_type); + file_type = wolfssl_do_file_type(ssl_config->key_type); - if(wolfSSL_CTX_use_PrivateKey_file(backend->ctx, key_file, - file_type) != 1) { + if(wolfSSL_CTX_use_PrivateKey_buffer(backend->ctx, key_blob->data, + (long)key_blob->len, + file_type) != 1) { failf(data, "unable to set private key"); return CURLE_SSL_CONNECT_ERROR; } @@ -813,11 +1095,11 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) * anyway. In the latter case the result of the verification is checked with * SSL_get_verify_result() below. */ wolfSSL_CTX_set_verify(backend->ctx, - conn_config->verifypeer?SSL_VERIFY_PEER: - SSL_VERIFY_NONE, NULL); + conn_config->verifypeer ? WOLFSSL_VERIFY_PEER : + WOLFSSL_VERIFY_NONE, NULL); #ifdef HAVE_SNI - if(sni && connssl->peer.sni) { + if(connssl->peer.sni) { size_t sni_len = strlen(connssl->peer.sni); if((sni_len < USHRT_MAX)) { if(wolfSSL_CTX_UseSNI(backend->ctx, WOLFSSL_SNI_HOST_NAME, @@ -881,7 +1163,7 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) if(result || wolfSSL_UseALPN(backend->handle, (char *)proto.data, (unsigned int)proto.len, - WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != SSL_SUCCESS) { + WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != WOLFSSL_SUCCESS) { failf(data, "SSL: failed setting ALPN protocols"); return CURLE_SSL_CONNECT_ERROR; } @@ -909,20 +1191,11 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) /* Check if there is a cached ID we can/should use here! */ if(ssl_config->primary.cache_session) { - void *ssl_sessionid = NULL; - - Curl_ssl_sessionid_lock(data); - if(!Curl_ssl_getsessionid(cf, data, &connssl->peer, - &ssl_sessionid, NULL)) { - /* we got a session id, use it! */ - if(!SSL_set_session(backend->handle, ssl_sessionid)) { - Curl_ssl_delsessionid(data, ssl_sessionid); - infof(data, "cannot use session ID, going on without"); - } - else - infof(data, "SSL reusing session ID"); - } - Curl_ssl_sessionid_unlock(data); + /* Set session from cache if there is one */ + (void)wssl_setup_session(cf, data, backend, &connssl->peer); + /* Register to get notified when a new session is received */ + wolfSSL_set_app_data(backend->handle, cf); + wolfSSL_CTX_sess_set_new_cb(backend->ctx, wssl_vtls_new_session_cb); } #ifdef USE_ECH @@ -988,7 +1261,7 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) if(data->set.tls_ech & CURLECH_HARD) return CURLE_SSL_CONNECT_ERROR; } - Curl_resolv_unlock(data, dns); + Curl_resolv_unlink(data, &dns); } } @@ -1005,7 +1278,7 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) { WOLFSSL_BIO *bio; - bio = BIO_new(wolfssl_bio_cf_method); + bio = wolfSSL_BIO_new(wolfssl_bio_cf_method); if(!bio) return CURLE_OUT_OF_MEMORY; @@ -1029,15 +1302,15 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) static char *wolfssl_strerror(unsigned long error, char *buf, unsigned long size) { - DEBUGASSERT(size); + DEBUGASSERT(size > 40); *buf = '\0'; wolfSSL_ERR_error_string_n(error, buf, size); if(!*buf) { const char *msg = error ? "Unknown error" : "No error"; - strncpy(buf, msg, size - 1); - buf[size - 1] = '\0'; + /* the string fits because the assert above assures this */ + strcpy(buf, msg); } return buf; @@ -1053,8 +1326,8 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) (struct wolfssl_ctx *)connssl->backend; struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); #ifndef CURL_DISABLE_PROXY - const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf)? - data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]: + const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf) ? + data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] : data->set.str[STRING_SSL_PINNEDPUBLICKEY]; #else const char * const pinnedpubkey = data->set.str[STRING_SSL_PINNEDPUBLICKEY]; @@ -1066,9 +1339,9 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) /* Enable RFC2818 checks */ if(conn_config->verifyhost) { - char *snihost = connssl->peer.sni? - connssl->peer.sni : connssl->peer.hostname; - if(wolfSSL_check_domain_name(backend->handle, snihost) == SSL_FAILURE) + char *snihost = connssl->peer.sni ? + connssl->peer.sni : connssl->peer.hostname; + if(wolfSSL_check_domain_name(backend->handle, snihost) == WOLFSSL_FAILURE) return CURLE_SSL_CONNECT_ERROR; } @@ -1097,7 +1370,7 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) * Note that OpenSSL SSL_want_read() is always true here. If wolfSSL ever * changes, the worst case is that no key is logged on error. */ - if(ret == SSL_SUCCESS || + if(ret == WOLFSSL_SUCCESS || (!wolfSSL_want_read(backend->handle) && !wolfSSL_want_write(backend->handle))) { wolfssl_log_tls12_secret(backend->handle); @@ -1111,11 +1384,11 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) if(ret != 1) { int detail = wolfSSL_get_error(backend->handle, ret); - if(SSL_ERROR_WANT_READ == detail) { + if(WOLFSSL_ERROR_WANT_READ == detail) { connssl->io_need = CURL_SSL_IO_NEED_RECV; return CURLE_OK; } - else if(SSL_ERROR_WANT_WRITE == detail) { + else if(WOLFSSL_ERROR_WANT_WRITE == detail) { connssl->io_need = CURL_SSL_IO_NEED_SEND; return CURLE_OK; } @@ -1148,7 +1421,6 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) } #endif } -#if LIBWOLFSSL_VERSION_HEX >= 0x02007000 /* 2.7.0 */ else if(ASN_NO_SIGNER_E == detail) { if(conn_config->verifypeer) { failf(data, " CA signer not available for verification"); @@ -1161,7 +1433,14 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) "continuing anyway"); } } -#endif + else if(ASN_AFTER_DATE_E == detail) { + failf(data, "server verification failed: certificate has expired."); + return CURLE_PEER_FAILED_VERIFICATION; + } + else if(ASN_BEFORE_DATE_E == detail) { + failf(data, "server verification failed: certificate not valid yet."); + return CURLE_PEER_FAILED_VERIFICATION; + } #ifdef USE_ECH else if(-1 == detail) { /* try access a retry_config ECHConfigList for tracing */ @@ -1201,7 +1480,7 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) if(pinnedpubkey) { #ifdef KEEP_PEER_CERT - X509 *x509; + WOLFSSL_X509 *x509; const char *x509_der; int x509_der_len; struct Curl_X509certificate x509_parsed; @@ -1253,12 +1532,12 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) rc = wolfSSL_ALPN_GetProtocol(backend->handle, &protocol, &protocol_len); - if(rc == SSL_SUCCESS) { - Curl_alpn_set_negotiated(cf, data, (const unsigned char *)protocol, - protocol_len); + if(rc == WOLFSSL_SUCCESS) { + Curl_alpn_set_negotiated(cf, data, connssl, + (const unsigned char *)protocol, protocol_len); } - else if(rc == SSL_ALPN_NOT_FOUND) - Curl_alpn_set_negotiated(cf, data, NULL, 0); + else if(rc == WOLFSSL_ALPN_NOT_FOUND) + Curl_alpn_set_negotiated(cf, data, connssl, NULL, 0); else { failf(data, "ALPN, failure getting protocol, error %d", rc); return CURLE_SSL_CONNECT_ERROR; @@ -1278,50 +1557,6 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) return CURLE_OK; } - -static void wolfssl_session_free(void *sessionid, size_t idsize) -{ - (void)idsize; - wolfSSL_SESSION_free(sessionid); -} - - -static CURLcode -wolfssl_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data) -{ - CURLcode result = CURLE_OK; - struct ssl_connect_data *connssl = cf->ctx; - struct wolfssl_ctx *backend = - (struct wolfssl_ctx *)connssl->backend; - const struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); - - DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); - DEBUGASSERT(backend); - - if(ssl_config->primary.cache_session) { - /* wolfSSL_get1_session allocates memory that has to be freed. */ - WOLFSSL_SESSION *our_ssl_sessionid = wolfSSL_get1_session(backend->handle); - - if(our_ssl_sessionid) { - Curl_ssl_sessionid_lock(data); - /* call takes ownership of `our_ssl_sessionid` */ - result = Curl_ssl_set_sessionid(cf, data, &connssl->peer, - our_ssl_sessionid, 0, - wolfssl_session_free); - Curl_ssl_sessionid_unlock(data); - if(result) { - failf(data, "failed to store ssl session"); - return result; - } - } - } - - connssl->connecting_state = ssl_connect_done; - - return result; -} - - static ssize_t wolfssl_send(struct Curl_cfilter *cf, struct Curl_easy *data, const void *mem, @@ -1343,8 +1578,8 @@ static ssize_t wolfssl_send(struct Curl_cfilter *cf, int err = wolfSSL_get_error(backend->handle, rc); switch(err) { - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: + case WOLFSSL_ERROR_WANT_READ: + case WOLFSSL_ERROR_WANT_WRITE: /* there is data pending, re-invoke SSL_write() */ CURL_TRC_CF(data, cf, "wolfssl_send(len=%zu) -> AGAIN", len); *curlcode = CURLE_AGAIN; @@ -1379,7 +1614,10 @@ static CURLcode wolfssl_shutdown(struct Curl_cfilter *cf, struct wolfssl_ctx *wctx = (struct wolfssl_ctx *)connssl->backend; CURLcode result = CURLE_OK; char buf[1024]; - int nread, err; + char error_buffer[256]; + int nread = -1, err; + size_t i; + int detail; DEBUGASSERT(wctx); if(!wctx->handle || cf->shutdown) { @@ -1387,15 +1625,17 @@ static CURLcode wolfssl_shutdown(struct Curl_cfilter *cf, goto out; } + wctx->shutting_down = TRUE; connssl->io_need = CURL_SSL_IO_NEED_NONE; *done = FALSE; - if(!(wolfSSL_get_shutdown(wctx->handle) & SSL_SENT_SHUTDOWN)) { + if(!(wolfSSL_get_shutdown(wctx->handle) & WOLFSSL_SENT_SHUTDOWN)) { /* We have not started the shutdown from our side yet. Check * if the server already sent us one. */ - ERR_clear_error(); + wolfSSL_ERR_clear_error(); nread = wolfSSL_read(wctx->handle, buf, (int)sizeof(buf)); err = wolfSSL_get_error(wctx->handle, nread); - if(!nread && err == SSL_ERROR_ZERO_RETURN) { + CURL_TRC_CF(data, cf, "wolfSSL_read, nread=%d, err=%d", nread, err); + if(!nread && err == WOLFSSL_ERROR_ZERO_RETURN) { bool input_pending; /* Yes, it did. */ if(!send_shutdown) { @@ -1415,49 +1655,55 @@ static CURLcode wolfssl_shutdown(struct Curl_cfilter *cf, } } - if(send_shutdown && wolfSSL_shutdown(wctx->handle) == 1) { - CURL_TRC_CF(data, cf, "SSL shutdown finished"); - *done = TRUE; - goto out; - } - else { - size_t i; - /* SSL should now have started the shutdown from our side. Since it - * was not complete, we are lacking the close notify from the server. */ - for(i = 0; i < 10; ++i) { - ERR_clear_error(); - nread = wolfSSL_read(wctx->handle, buf, (int)sizeof(buf)); - if(nread <= 0) - break; - } - err = wolfSSL_get_error(wctx->handle, nread); - switch(err) { - case SSL_ERROR_ZERO_RETURN: /* no more data */ - CURL_TRC_CF(data, cf, "SSL shutdown received"); + /* SSL should now have started the shutdown from our side. Since it + * was not complete, we are lacking the close notify from the server. */ + if(send_shutdown) { + wolfSSL_ERR_clear_error(); + if(wolfSSL_shutdown(wctx->handle) == 1) { + CURL_TRC_CF(data, cf, "SSL shutdown finished"); *done = TRUE; - break; - case SSL_ERROR_NONE: /* just did not get anything */ - case SSL_ERROR_WANT_READ: - /* SSL has send its notify and now wants to read the reply - * from the server. We are not really interested in that. */ - CURL_TRC_CF(data, cf, "SSL shutdown sent, want receive"); - connssl->io_need = CURL_SSL_IO_NEED_RECV; - break; - case SSL_ERROR_WANT_WRITE: - CURL_TRC_CF(data, cf, "SSL shutdown send blocked"); - connssl->io_need = CURL_SSL_IO_NEED_SEND; - break; - default: { - char error_buffer[256]; - int detail = wolfSSL_get_error(wctx->handle, err); - CURL_TRC_CF(data, cf, "SSL shutdown, error: '%s'(%d)", - wolfssl_strerror((unsigned long)err, error_buffer, - sizeof(error_buffer)), - detail); - result = CURLE_RECV_ERROR; - break; + goto out; } + if(WOLFSSL_ERROR_WANT_WRITE == wolfSSL_get_error(wctx->handle, nread)) { + CURL_TRC_CF(data, cf, "SSL shutdown still wants to send"); + connssl->io_need = CURL_SSL_IO_NEED_SEND; + goto out; } + /* Having sent the close notify, we use wolfSSL_read() to get the + * missing close notify from the server. */ + } + + for(i = 0; i < 10; ++i) { + wolfSSL_ERR_clear_error(); + nread = wolfSSL_read(wctx->handle, buf, (int)sizeof(buf)); + if(nread <= 0) + break; + } + err = wolfSSL_get_error(wctx->handle, nread); + switch(err) { + case WOLFSSL_ERROR_ZERO_RETURN: /* no more data */ + CURL_TRC_CF(data, cf, "SSL shutdown received"); + *done = TRUE; + break; + case WOLFSSL_ERROR_NONE: /* just did not get anything */ + case WOLFSSL_ERROR_WANT_READ: + /* SSL has send its notify and now wants to read the reply + * from the server. We are not really interested in that. */ + CURL_TRC_CF(data, cf, "SSL shutdown sent, want receive"); + connssl->io_need = CURL_SSL_IO_NEED_RECV; + break; + case WOLFSSL_ERROR_WANT_WRITE: + CURL_TRC_CF(data, cf, "SSL shutdown send blocked"); + connssl->io_need = CURL_SSL_IO_NEED_SEND; + break; + default: + detail = wolfSSL_get_error(wctx->handle, err); + CURL_TRC_CF(data, cf, "SSL shutdown, error: '%s'(%d)", + wolfssl_strerror((unsigned long)err, error_buffer, + sizeof(error_buffer)), + detail); + result = CURLE_RECV_ERROR; + break; } out: @@ -1507,13 +1753,18 @@ static ssize_t wolfssl_recv(struct Curl_cfilter *cf, int err = wolfSSL_get_error(backend->handle, nread); switch(err) { - case SSL_ERROR_ZERO_RETURN: /* no more data */ + case WOLFSSL_ERROR_ZERO_RETURN: /* no more data */ CURL_TRC_CF(data, cf, "wolfssl_recv(len=%zu) -> CLOSED", blen); *curlcode = CURLE_OK; return 0; - case SSL_ERROR_NONE: - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: + case WOLFSSL_ERROR_NONE: + case WOLFSSL_ERROR_WANT_READ: + case WOLFSSL_ERROR_WANT_WRITE: + if(!backend->io_result && connssl->peer_closed) { + CURL_TRC_CF(data, cf, "wolfssl_recv(len=%zu) -> CLOSED", blen); + *curlcode = CURLE_OK; + return 0; + } /* there is data pending, re-invoke wolfSSL_read() */ CURL_TRC_CF(data, cf, "wolfssl_recv(len=%zu) -> AGAIN", blen); *curlcode = CURLE_AGAIN; @@ -1524,7 +1775,12 @@ static ssize_t wolfssl_recv(struct Curl_cfilter *cf, *curlcode = CURLE_AGAIN; return -1; } - { + else if(!backend->io_result && connssl->peer_closed) { + CURL_TRC_CF(data, cf, "wolfssl_recv(len=%zu) -> CLOSED", blen); + *curlcode = CURLE_OK; + return 0; + } + else { char error_buffer[256]; failf(data, "SSL read: %s, errno %d", wolfssl_strerror((unsigned long)err, error_buffer, @@ -1557,7 +1813,7 @@ static int wolfssl_init(void) #ifdef OPENSSL_EXTRA Curl_tls_keylog_open(); #endif - ret = (wolfSSL_Init() == SSL_SUCCESS); + ret = (wolfSSL_Init() == WOLFSSL_SUCCESS); wolfssl_bio_cf_init_methods(); return ret; } @@ -1584,7 +1840,7 @@ static bool wolfssl_data_pending(struct Curl_cfilter *cf, backend = (struct wolfssl_ctx *)ctx->backend; if(backend->handle) /* SSL is in use */ - return (0 != wolfSSL_pending(backend->handle)) ? TRUE : FALSE; + return wolfSSL_pending(backend->handle); else return FALSE; } @@ -1598,7 +1854,6 @@ wolfssl_connect_common(struct Curl_cfilter *cf, CURLcode result; struct ssl_connect_data *connssl = cf->ctx; curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data); - int what; /* check if the connection has already been established */ if(ssl_connection_complete == connssl->state) { @@ -1634,14 +1889,12 @@ wolfssl_connect_common(struct Curl_cfilter *cf, /* if ssl is expecting something, check if it is available. */ if(connssl->io_need) { - - curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND)? - sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV)? - sockfd:CURL_SOCKET_BAD; - - what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, - nonblocking?0:timeout_ms); + curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND) ? + sockfd : CURL_SOCKET_BAD; + curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV) ? + sockfd : CURL_SOCKET_BAD; + int what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, + nonblocking ? 0 : timeout_ms); if(what < 0) { /* fatal error */ failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); @@ -1674,9 +1927,9 @@ wolfssl_connect_common(struct Curl_cfilter *cf, } /* repeat step2 until all transactions are done. */ if(ssl_connect_3 == connssl->connecting_state) { - result = wolfssl_connect_step3(cf, data); - if(result) - return result; + /* In other backends, this is where we verify the certificate, but + * wolfSSL already does that as part of the handshake. */ + connssl->connecting_state = ssl_connect_done; } if(ssl_connect_done == connssl->connecting_state) { @@ -1771,7 +2024,11 @@ const struct Curl_ssl Curl_ssl_wolfssl = { SSLSUPP_ECH | #endif SSLSUPP_SSL_CTX | - SSLSUPP_CA_CACHE, +#ifdef WOLFSSL_TLS13 + SSLSUPP_TLS13_CIPHERSUITES | +#endif + SSLSUPP_CA_CACHE | + SSLSUPP_CIPHER_LIST, sizeof(struct wolfssl_ctx), @@ -1798,6 +2055,7 @@ const struct Curl_ssl Curl_ssl_wolfssl = { NULL, /* disassociate_connection */ wolfssl_recv, /* recv decrypted data */ wolfssl_send, /* send data to encrypt */ + NULL, /* get_channel_binding */ }; #endif diff --git a/libraries/libcurl/vtls/wolfssl.h b/libraries/libcurl/vtls/wolfssl.h index d75bdaa1..dc2967d6 100644 --- a/libraries/libcurl/vtls/wolfssl.h +++ b/libraries/libcurl/vtls/wolfssl.h @@ -26,25 +26,41 @@ #include "curl_setup.h" #ifdef USE_WOLFSSL -#include -#include -#include -#include #include "urldata.h" +struct WOLFSSL; +typedef struct WOLFSSL WOLFSSL; +struct WOLFSSL_CTX; +typedef struct WOLFSSL_CTX WOLFSSL_CTX; +struct WOLFSSL_SESSION; +typedef struct WOLFSSL_SESSION WOLFSSL_SESSION; + extern const struct Curl_ssl Curl_ssl_wolfssl; struct wolfssl_ctx { WOLFSSL_CTX *ctx; WOLFSSL *handle; CURLcode io_result; /* result of last BIO cfilter operation */ + int io_send_blocked_len; /* length of last BIO write that EAGAINed */ BIT(x509_store_setup); /* x509 store has been set up */ + BIT(shutting_down); /* TLS is being shut down */ }; CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf, struct Curl_easy *data, struct wolfssl_ctx *wssl); +CURLcode wssl_setup_session(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct wolfssl_ctx *wss, + struct ssl_peer *peer); + +CURLcode wssl_cache_session(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct ssl_peer *peer, + WOLFSSL_SESSION *session); + + #endif /* USE_WOLFSSL */ #endif /* HEADER_CURL_WOLFSSL_H */ diff --git a/libraries/libcurl/vtls/x509asn1.c b/libraries/libcurl/vtls/x509asn1.c index 7f04af3b..fe4a38b8 100644 --- a/libraries/libcurl/vtls/x509asn1.c +++ b/libraries/libcurl/vtls/x509asn1.c @@ -99,10 +99,6 @@ #define CURL_ASN1_CHARACTER_STRING 29 #define CURL_ASN1_BMP_STRING 30 -/* Max sixes */ - -#define MAX_X509_STR 10000 -#define MAX_X509_CERT 100000 #ifdef WANT_EXTRACT_CERTINFO /* ASN.1 OID table entry. */ @@ -274,7 +270,7 @@ static CURLcode bool2str(struct dynbuf *store, { if(end - beg != 1) return CURLE_BAD_FUNCTION_ARGUMENT; - return Curl_dyn_add(store, *beg? "TRUE": "FALSE"); + return Curl_dyn_add(store, *beg ? "TRUE": "FALSE"); } /* @@ -327,7 +323,7 @@ static CURLcode int2str(struct dynbuf *store, do val = (val << 8) | *(const unsigned char *) beg++; while(beg < end); - return Curl_dyn_addf(store, "%s%x", val >= 10? "0x": "", val); + return Curl_dyn_addf(store, "%s%x", val >= 10 ? "0x" : "", val); } /* @@ -463,7 +459,7 @@ static CURLcode OID2str(struct dynbuf *store, if(beg < end) { if(symbolic) { struct dynbuf buf; - Curl_dyn_init(&buf, MAX_X509_STR); + Curl_dyn_init(&buf, CURL_X509_STR_MAX); result = encodeOID(&buf, beg, end); if(!result) { @@ -555,7 +551,7 @@ static CURLcode GTime2str(struct dynbuf *store, "%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s", beg, beg + 4, beg + 6, beg + 8, beg + 10, sec1, sec2, - fracl? ".": "", (int)fracl, fracp, + fracl ? ".": "", (int)fracl, fracp, sep, (int)tzl, tzp); } @@ -685,7 +681,7 @@ static CURLcode encodeDN(struct dynbuf *store, struct Curl_asn1Element *dn) CURLcode result = CURLE_OK; bool added = FALSE; struct dynbuf temp; - Curl_dyn_init(&temp, MAX_X509_STR); + Curl_dyn_init(&temp, CURL_X509_STR_MAX); for(p1 = dn->beg; p1 < dn->end;) { p1 = getASN1Element(&rdn, p1, dn->end); @@ -949,7 +945,7 @@ static CURLcode do_pubkey_field(struct Curl_easy *data, int certnum, CURLcode result; struct dynbuf out; - Curl_dyn_init(&out, MAX_X509_STR); + Curl_dyn_init(&out, CURL_X509_STR_MAX); /* Generate a certificate information record for the public key. */ @@ -1093,7 +1089,7 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, if(certnum) return CURLE_OK; - Curl_dyn_init(&out, MAX_X509_STR); + Curl_dyn_init(&out, CURL_X509_STR_MAX); /* Prepare the certificate information for curl_easy_getinfo(). */ /* Extract the certificate ASN.1 elements. */ diff --git a/libraries/libcurl/warnless.c b/libraries/libcurl/warnless.c index c80937b8..8da3be3a 100644 --- a/libraries/libcurl/warnless.c +++ b/libraries/libcurl/warnless.c @@ -345,28 +345,6 @@ size_t curlx_sitouz(int sinum) #endif } -#ifdef USE_WINSOCK - -/* -** curl_socket_t to signed int -*/ - -int curlx_sktosi(curl_socket_t s) -{ - return (int)((ssize_t) s); -} - -/* -** signed int to curl_socket_t -*/ - -curl_socket_t curlx_sitosk(int i) -{ - return (curl_socket_t)((ssize_t) i); -} - -#endif /* USE_WINSOCK */ - #if defined(_WIN32) ssize_t curlx_read(int fd, void *buf, size_t count) diff --git a/libraries/libcurl/warnless.h b/libraries/libcurl/warnless.h index 6adf63a7..972c7a9c 100644 --- a/libraries/libcurl/warnless.h +++ b/libraries/libcurl/warnless.h @@ -61,14 +61,6 @@ unsigned short curlx_uitous(unsigned int uinum); size_t curlx_sitouz(int sinum); -#ifdef USE_WINSOCK - -int curlx_sktosi(curl_socket_t s); - -curl_socket_t curlx_sitosk(int i); - -#endif /* USE_WINSOCK */ - #if defined(_WIN32) ssize_t curlx_read(int fd, void *buf, size_t count); diff --git a/libraries/libcurl/ws.c b/libraries/libcurl/ws.c index 3c2d9495..3d739a53 100644 --- a/libraries/libcurl/ws.c +++ b/libraries/libcurl/ws.c @@ -24,7 +24,7 @@ #include "curl_setup.h" #include -#if defined(USE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) +#if !defined(CURL_DISABLE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) #include "urldata.h" #include "bufq.h" @@ -37,6 +37,7 @@ #include "ws.h" #include "easyif.h" #include "transfer.h" +#include "select.h" #include "nonblock.h" /* The last 3 #include files should be in this order */ @@ -116,26 +117,29 @@ static void ws_dec_info(struct ws_decoder *dec, struct Curl_easy *data, case 1: CURL_TRC_WRITE(data, "websocket, decoded %s [%s%s]", msg, ws_frame_name_of_op(dec->head[0]), - (dec->head[0] & WSBIT_FIN)? "" : " NON-FINAL"); + (dec->head[0] & WSBIT_FIN) ? "" : " NON-FINAL"); break; default: if(dec->head_len < dec->head_total) { CURL_TRC_WRITE(data, "websocket, decoded %s [%s%s](%d/%d)", msg, ws_frame_name_of_op(dec->head[0]), - (dec->head[0] & WSBIT_FIN)? "" : " NON-FINAL", + (dec->head[0] & WSBIT_FIN) ? "" : " NON-FINAL", dec->head_len, dec->head_total); } else { CURL_TRC_WRITE(data, "websocket, decoded %s [%s%s payload=%" - CURL_FORMAT_CURL_OFF_T "/%" CURL_FORMAT_CURL_OFF_T "]", + FMT_OFF_T "/%" FMT_OFF_T "]", msg, ws_frame_name_of_op(dec->head[0]), - (dec->head[0] & WSBIT_FIN)? "" : " NON-FINAL", + (dec->head[0] & WSBIT_FIN) ? "" : " NON-FINAL", dec->payload_offset, dec->payload_len); } break; } } +static CURLcode ws_send_raw_blocking(CURL *data, struct websocket *ws, + const char *buffer, size_t buflen); + typedef ssize_t ws_write_payload(const unsigned char *buf, size_t buflen, int frame_age, int frame_flags, curl_off_t payload_offset, @@ -278,10 +282,10 @@ static CURLcode ws_dec_pass_payload(struct ws_decoder *dec, dec->payload_offset += (curl_off_t)nwritten; remain = dec->payload_len - dec->payload_offset; CURL_TRC_WRITE(data, "websocket, passed %zd bytes payload, %" - CURL_FORMAT_CURL_OFF_T " remain", nwritten, remain); + FMT_OFF_T " remain", nwritten, remain); } - return remain? CURLE_AGAIN : CURLE_OK; + return remain ? CURLE_AGAIN : CURLE_OK; } static CURLcode ws_dec_pass(struct ws_decoder *dec, @@ -488,12 +492,11 @@ static const struct Curl_cwtype ws_cw_decode = { static void ws_enc_info(struct ws_encoder *enc, struct Curl_easy *data, const char *msg) { - infof(data, "WS-ENC: %s [%s%s%s payload=%" CURL_FORMAT_CURL_OFF_T - "/%" CURL_FORMAT_CURL_OFF_T "]", + infof(data, "WS-ENC: %s [%s%s%s payload=%" FMT_OFF_T "/%" FMT_OFF_T "]", msg, ws_frame_name_of_op(enc->firstbyte), (enc->firstbyte & WSBIT_OPCODE_MASK) == WSBIT_OPCODE_CONT ? " CONT" : "", - (enc->firstbyte & WSBIT_FIN)? "" : " NON-FIN", + (enc->firstbyte & WSBIT_FIN) ? "" : " NON-FIN", enc->payload_len - enc->payload_remain, enc->payload_len); } @@ -547,20 +550,20 @@ static ssize_t ws_enc_write_head(struct Curl_easy *data, if(payload_len < 0) { failf(data, "WS: starting new frame with negative payload length %" - CURL_FORMAT_CURL_OFF_T, payload_len); + FMT_OFF_T, payload_len); *err = CURLE_SEND_ERROR; return -1; } if(enc->payload_remain > 0) { /* trying to write a new frame before the previous one is finished */ - failf(data, "WS: starting new frame with %zd bytes from last one" + failf(data, "WS: starting new frame with %zd bytes from last one " "remaining to be sent", (ssize_t)enc->payload_remain); *err = CURLE_SEND_ERROR; return -1; } - opcode = ws_frame_flags2op((int)flags); + opcode = ws_frame_flags2op((int)flags & ~CURLWS_CONT); if(!opcode) { failf(data, "WS: provided flags not recognized '%x'", flags); *err = CURLE_SEND_ERROR; @@ -773,7 +776,7 @@ CURLcode Curl_ws_accept(struct Curl_easy *data, } } #endif - DEBUGF(infof(data, "WS, using chunk size %zu", chunk_size)); + CURL_TRC_WS(data, "WS, using chunk size %zu", chunk_size); Curl_bufq_init2(&ws->recvbuf, chunk_size, WS_CHUNK_COUNT, BUFQ_OPT_SOFT_LIMIT); Curl_bufq_init2(&ws->sendbuf, chunk_size, WS_CHUNK_COUNT, @@ -921,15 +924,17 @@ static ssize_t nw_in_recv(void *reader_ctx, return (ssize_t)nread; } -CURL_EXTERN CURLcode curl_ws_recv(struct Curl_easy *data, void *buffer, +CURL_EXTERN CURLcode curl_ws_recv(CURL *d, void *buffer, size_t buflen, size_t *nread, const struct curl_ws_frame **metap) { + struct Curl_easy *data = d; struct connectdata *conn = data->conn; struct websocket *ws; - bool done = FALSE; /* not filled passed buffer yet */ struct ws_collect ctx; - CURLcode result; + + *nread = 0; + *metap = NULL; if(!conn) { /* Unhappy hack with lifetimes of transfers and connection */ @@ -950,15 +955,15 @@ CURL_EXTERN CURLcode curl_ws_recv(struct Curl_easy *data, void *buffer, return CURLE_BAD_FUNCTION_ARGUMENT; } - *nread = 0; - *metap = NULL; memset(&ctx, 0, sizeof(ctx)); ctx.data = data; ctx.buffer = buffer; ctx.buflen = buflen; - while(!done) { + while(1) { + CURLcode result; + /* receive more when our buffer is empty */ if(Curl_bufq_is_empty(&ws->recvbuf)) { ssize_t n = Curl_bufq_slurp(&ws->recvbuf, nw_in_recv, data, &result); @@ -970,8 +975,8 @@ CURL_EXTERN CURLcode curl_ws_recv(struct Curl_easy *data, void *buffer, infof(data, "connection expectedly closed?"); return CURLE_GOT_NOTHING; } - DEBUGF(infof(data, "curl_ws_recv, added %zu bytes from network", - Curl_bufq_len(&ws->recvbuf))); + CURL_TRC_WS(data, "curl_ws_recv, added %zu bytes from network", + Curl_bufq_len(&ws->recvbuf)); } result = ws_dec_pass(&ws->dec, data, &ws->recvbuf, @@ -981,7 +986,6 @@ CURL_EXTERN CURLcode curl_ws_recv(struct Curl_easy *data, void *buffer, ws_dec_info(&ws->dec, data, "need more input"); continue; /* nothing written, try more input */ } - done = TRUE; break; } else if(result) { @@ -991,7 +995,6 @@ CURL_EXTERN CURLcode curl_ws_recv(struct Curl_easy *data, void *buffer, /* The decoded frame is passed back to our caller. * There are frames like PING were we auto-respond to and * that we do not return. For these `ctx.written` is not set. */ - done = TRUE; break; } } @@ -1001,14 +1004,14 @@ CURL_EXTERN CURLcode curl_ws_recv(struct Curl_easy *data, void *buffer, ctx.payload_len, ctx.bufidx); *metap = &ws->frame; *nread = ws->frame.len; - /* infof(data, "curl_ws_recv(len=%zu) -> %zu bytes (frame at %" - CURL_FORMAT_CURL_OFF_T ", %" CURL_FORMAT_CURL_OFF_T " left)", - buflen, *nread, ws->frame.offset, ws->frame.bytesleft); */ + CURL_TRC_WS(data, "curl_ws_recv(len=%zu) -> %zu bytes (frame at %" + FMT_OFF_T ", %" FMT_OFF_T " left)", + buflen, *nread, ws->frame.offset, ws->frame.bytesleft); return CURLE_OK; } static CURLcode ws_flush(struct Curl_easy *data, struct websocket *ws, - bool complete) + bool blocking) { if(!Curl_bufq_is_empty(&ws->sendbuf)) { CURLcode result; @@ -1016,30 +1019,26 @@ static CURLcode ws_flush(struct Curl_easy *data, struct websocket *ws, size_t outlen, n; while(Curl_bufq_peek(&ws->sendbuf, &out, &outlen)) { - if(data->set.connect_only) + if(blocking) { + result = ws_send_raw_blocking(data, ws, (char *)out, outlen); + n = result ? 0 : outlen; + } + else if(data->set.connect_only || Curl_is_in_callback(data)) result = Curl_senddata(data, out, outlen, &n); else { - result = Curl_xfer_send(data, out, outlen, &n); + result = Curl_xfer_send(data, out, outlen, FALSE, &n); if(!result && !n && outlen) result = CURLE_AGAIN; } - if(result) { - if(result == CURLE_AGAIN) { - if(!complete) { - infof(data, "WS: flush EAGAIN, %zu bytes remain in buffer", - Curl_bufq_len(&ws->sendbuf)); - return result; - } - /* TODO: the current design does not allow for buffered writes. - * We need to flush the buffer now. There is no ws_flush() later */ - n = 0; - continue; - } - else if(result) { - failf(data, "WS: flush, write error %d", result); - return result; - } + if(result == CURLE_AGAIN) { + CURL_TRC_WS(data, "flush EAGAIN, %zu bytes remain in buffer", + Curl_bufq_len(&ws->sendbuf)); + return result; + } + else if(result) { + failf(data, "WS: flush, write error %d", result); + return result; } else { infof(data, "WS: flushed %zu bytes", n); @@ -1050,67 +1049,139 @@ static CURLcode ws_flush(struct Curl_easy *data, struct websocket *ws, return CURLE_OK; } -CURL_EXTERN CURLcode curl_ws_send(CURL *data, const void *buffer, +static CURLcode ws_send_raw_blocking(CURL *d, struct websocket *ws, + const char *buffer, size_t buflen) +{ + CURLcode result = CURLE_OK; + size_t nwritten; + struct Curl_easy *data = d; + + (void)ws; + while(buflen) { + result = Curl_xfer_send(data, buffer, buflen, FALSE, &nwritten); + if(result) + return result; + DEBUGASSERT(nwritten <= buflen); + buffer += nwritten; + buflen -= nwritten; + if(buflen) { + curl_socket_t sock = data->conn->sock[FIRSTSOCKET]; + timediff_t left_ms; + int ev; + + CURL_TRC_WS(data, "ws_send_raw_blocking() partial, %zu left to send", + buflen); + left_ms = Curl_timeleft(data, NULL, FALSE); + if(left_ms < 0) { + failf(data, "Timeout waiting for socket becoming writable"); + return CURLE_SEND_ERROR; + } + + /* POLLOUT socket */ + if(sock == CURL_SOCKET_BAD) + return CURLE_SEND_ERROR; + ev = Curl_socket_check(CURL_SOCKET_BAD, CURL_SOCKET_BAD, sock, + left_ms ? left_ms : 500); + if(ev < 0) { + failf(data, "Error while waiting for socket becoming writable"); + return CURLE_SEND_ERROR; + } + } + } + return result; +} + +static CURLcode ws_send_raw(struct Curl_easy *data, const void *buffer, + size_t buflen, size_t *pnwritten) +{ + struct websocket *ws = data->conn->proto.ws; + CURLcode result; + + if(!ws) { + failf(data, "Not a websocket transfer"); + return CURLE_SEND_ERROR; + } + if(!buflen) + return CURLE_OK; + + if(Curl_is_in_callback(data)) { + /* When invoked from inside callbacks, we do a blocking send as the + * callback will probably not implement partial writes that may then + * mess up the ws framing subsequently. + * We need any pending data to be flushed before sending. */ + result = ws_flush(data, ws, TRUE); + if(result) + return result; + result = ws_send_raw_blocking(data, ws, buffer, buflen); + } + else { + /* We need any pending data to be sent or EAGAIN this call. */ + result = ws_flush(data, ws, FALSE); + if(result) + return result; + result = Curl_senddata(data, buffer, buflen, pnwritten); + } + + CURL_TRC_WS(data, "ws_send_raw(len=%zu) -> %d, %zu", + buflen, result, *pnwritten); + return result; +} + +CURL_EXTERN CURLcode curl_ws_send(CURL *d, const void *buffer, size_t buflen, size_t *sent, curl_off_t fragsize, unsigned int flags) { struct websocket *ws; ssize_t n; - size_t nwritten, space; + size_t space, payload_added; CURLcode result; + struct Curl_easy *data = d; + CURL_TRC_WS(data, "curl_ws_send(len=%zu, fragsize=%" FMT_OFF_T + ", flags=%x), raw=%d", + buflen, fragsize, flags, data->set.ws_raw_mode); *sent = 0; if(!data->conn && data->set.connect_only) { result = Curl_connect_only_attach(data); if(result) - return result; + goto out; } if(!data->conn) { failf(data, "No associated connection"); - return CURLE_SEND_ERROR; + result = CURLE_SEND_ERROR; + goto out; } if(!data->conn->proto.ws) { failf(data, "Not a websocket transfer"); - return CURLE_SEND_ERROR; + result = CURLE_SEND_ERROR; + goto out; } ws = data->conn->proto.ws; + /* try flushing any content still waiting to be sent. */ + result = ws_flush(data, ws, FALSE); + if(result) + goto out; + if(data->set.ws_raw_mode) { + /* In raw mode, we write directly to the connection */ if(fragsize || flags) { - DEBUGF(infof(data, "ws_send: " - "fragsize and flags cannot be non-zero in raw mode")); + failf(data, "ws_send, raw mode: fragsize and flags cannot be non-zero"); return CURLE_BAD_FUNCTION_ARGUMENT; } - if(!buflen) - /* nothing to do */ - return CURLE_OK; - /* raw mode sends exactly what was requested, and this is from within - the write callback */ - if(Curl_is_in_callback(data)) { - result = Curl_xfer_send(data, buffer, buflen, &nwritten); - } - else - result = Curl_senddata(data, buffer, buflen, &nwritten); - - infof(data, "WS: wanted to send %zu bytes, sent %zu bytes", - buflen, nwritten); - *sent = nwritten; - return result; + result = ws_send_raw(data, buffer, buflen, sent); + goto out; } /* Not RAW mode, buf we do the frame encoding */ - result = ws_flush(data, ws, FALSE); - if(result) - return result; - - /* TODO: the current design does not allow partial writes, afaict. - * It is not clear how the application is supposed to react. */ space = Curl_bufq_space(&ws->sendbuf); - DEBUGF(infof(data, "curl_ws_send(len=%zu), sendbuf len=%zu space %zu", - buflen, Curl_bufq_len(&ws->sendbuf), space)); - if(space < 14) - return CURLE_AGAIN; + CURL_TRC_WS(data, "curl_ws_send(len=%zu), sendbuf=%zu space_left=%zu", + buflen, Curl_bufq_len(&ws->sendbuf), space); + if(space < 14) { + result = CURLE_AGAIN; + goto out; + } if(flags & CURLWS_OFFSET) { if(fragsize) { @@ -1118,12 +1189,12 @@ CURL_EXTERN CURLcode curl_ws_send(CURL *data, const void *buffer, n = ws_enc_write_head(data, &ws->enc, flags, fragsize, &ws->sendbuf, &result); if(n < 0) - return result; + goto out; } else { if((curl_off_t)buflen > ws->enc.payload_remain) { infof(data, "WS: unaligned frame size (sending %zu instead of %" - CURL_FORMAT_CURL_OFF_T ")", + FMT_OFF_T ")", buflen, ws->enc.payload_remain); } } @@ -1132,16 +1203,66 @@ CURL_EXTERN CURLcode curl_ws_send(CURL *data, const void *buffer, n = ws_enc_write_head(data, &ws->enc, flags, (curl_off_t)buflen, &ws->sendbuf, &result); if(n < 0) - return result; + goto out; } n = ws_enc_write_payload(&ws->enc, data, buffer, buflen, &ws->sendbuf, &result); if(n < 0) - return result; + goto out; + payload_added = (size_t)n; + + while(!result && (buflen || !Curl_bufq_is_empty(&ws->sendbuf))) { + /* flush, blocking when in callback */ + result = ws_flush(data, ws, Curl_is_in_callback(data)); + if(!result) { + DEBUGASSERT(payload_added <= buflen); + /* all buffered data sent. Try sending the rest if there is any. */ + *sent += payload_added; + buffer = (const char *)buffer + payload_added; + buflen -= payload_added; + payload_added = 0; + if(buflen) { + n = ws_enc_write_payload(&ws->enc, data, + buffer, buflen, &ws->sendbuf, &result); + if(n < 0) + goto out; + payload_added = Curl_bufq_len(&ws->sendbuf); + } + } + else if(result == CURLE_AGAIN) { + /* partially sent. how much of the call data has been part of it? what + * should we report to out caller so it can retry/send the rest? */ + if(payload_added < buflen) { + /* We did not add everything the caller wanted. Return just + * the partial write to our buffer. */ + *sent = payload_added; + result = CURLE_OK; + goto out; + } + else if(!buflen) { + /* We have no payload to report a partial write. EAGAIN would make + * the caller repeat this and add the frame again. + * Flush blocking seems the only way out of this. */ + *sent = (size_t)n; + result = ws_flush(data, ws, TRUE); + goto out; + } + /* We added the complete data to our sendbuf. Report one byte less as + * sent. This partial success should make the caller invoke us again + * with the last byte. */ + *sent = payload_added - 1; + result = Curl_bufq_unwrite(&ws->sendbuf, 1); + if(!result) + result = CURLE_AGAIN; + } + } - *sent = (size_t)n; - return ws_flush(data, ws, TRUE); +out: + CURL_TRC_WS(data, "curl_ws_send(len=%zu, fragsize=%" FMT_OFF_T + ", flags=%x, raw=%d) -> %d, %zu", + buflen, fragsize, flags, data->set.ws_raw_mode, result, *sent); + return result; } static void ws_free(struct connectdata *conn) @@ -1156,7 +1277,7 @@ static void ws_free(struct connectdata *conn) static CURLcode ws_setup_conn(struct Curl_easy *data, struct connectdata *conn) { - /* websockets is 1.1 only (for now) */ + /* WebSockets is 1.1 only (for now) */ data->state.httpwant = CURL_HTTP_VERSION_1_1; return Curl_http_setup_conn(data, conn); } @@ -1172,10 +1293,11 @@ static CURLcode ws_disconnect(struct Curl_easy *data, return CURLE_OK; } -CURL_EXTERN const struct curl_ws_frame *curl_ws_meta(struct Curl_easy *data) +CURL_EXTERN const struct curl_ws_frame *curl_ws_meta(CURL *d) { /* we only return something for websocket, called from within the callback when not using raw mode */ + struct Curl_easy *data = d; if(GOOD_EASY_HANDLE(data) && Curl_is_in_callback(data) && data->conn && data->conn->proto.ws && !data->set.ws_raw_mode) return &data->conn->proto.ws->frame; @@ -1263,9 +1385,9 @@ CURL_EXTERN CURLcode curl_ws_send(CURL *curl, const void *buffer, return CURLE_NOT_BUILT_IN; } -CURL_EXTERN const struct curl_ws_frame *curl_ws_meta(struct Curl_easy *data) +CURL_EXTERN const struct curl_ws_frame *curl_ws_meta(CURL *data) { (void)data; return NULL; } -#endif /* USE_WEBSOCKETS */ +#endif /* !CURL_DISABLE_WEBSOCKETS */ diff --git a/libraries/libcurl/ws.h b/libraries/libcurl/ws.h index 398900cc..186cc2c6 100644 --- a/libraries/libcurl/ws.h +++ b/libraries/libcurl/ws.h @@ -25,7 +25,7 @@ ***************************************************************************/ #include "curl_setup.h" -#if defined(USE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) +#if !defined(CURL_DISABLE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) #ifdef USE_HYPER #define REQTYPE void diff --git a/msvc/Libraries/libcurl/libcurl.vcxproj b/msvc/Libraries/libcurl/libcurl.vcxproj index 559c1589..09896a98 100644 --- a/msvc/Libraries/libcurl/libcurl.vcxproj +++ b/msvc/Libraries/libcurl/libcurl.vcxproj @@ -229,7 +229,6 @@ - @@ -349,6 +348,7 @@ + @@ -504,6 +504,7 @@ + diff --git a/msvc/Libraries/libcurl/libcurl.vcxproj.filters b/msvc/Libraries/libcurl/libcurl.vcxproj.filters index b39a3406..cf0ee16a 100644 --- a/msvc/Libraries/libcurl/libcurl.vcxproj.filters +++ b/msvc/Libraries/libcurl/libcurl.vcxproj.filters @@ -387,9 +387,6 @@ Quelldateien - - Quelldateien - Quelldateien @@ -540,6 +537,9 @@ Quelldateien + + Quelldateien\vssh + @@ -998,5 +998,8 @@ Headerdateien + + Headerdateien\vssh + \ No newline at end of file