1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-05 09:05:04 -05:00
Commit Graph

198 Commits

Author SHA1 Message Date
Daniel Stenberg
3d64031fa7
symbian: drop support
The OS is deprecated. I see no traces of anyone having actually built
curl for Symbian after 2012.

The public headers are unmodified.

Closes #5989
2020-09-22 15:14:12 +02:00
Daniel Stenberg
6434a73984
Curl_handler: add 'family' to each protocol
Makes get_protocol_family() faster and it moves the knowledge about the
"families" to each protocol handler, where it belongs.

Closes #5986
2020-09-21 23:30:16 +02:00
Daniel Stenberg
31e53584db
escape: make the URL decode able to reject only %00 bytes
... or all "control codes" or nothing.

Assisted-by: Nicolas Sterchele
2020-06-25 09:57:18 +02:00
Daniel Stenberg
5afa07fab5
Revert "file: on Windows, refuse paths that start with \\"
This reverts commit 1b71bc532b.

Reminded-by: Chris Roberts
Bug: https://curl.haxx.se/mail/archive-2020-04/0013.html

Closes #5215
2020-04-11 18:20:38 +02:00
Daniel Stenberg
50e35ccfbb
file: fix copyright year range
Follow-up to 1b71bc532b
2020-01-06 10:12:02 +01:00
Daniel Stenberg
1b71bc532b
file: on Windows, refuse paths that start with \\
... as that might cause an unexpected SMB connection to a given host
name.

Reported-by: Fernando Muñoz
CVE-2019-15601
Bug: https://curl.haxx.se/docs/CVE-2019-15601.html
2020-01-06 10:05:37 +01:00
Daniel Stenberg
5add3514e6
file: fix "Checking if unsigned variable 'readcount' is less than zero."
Pointed out by codacy

Closes #3672
2019-03-12 21:46:11 +01:00
Daniel Stenberg
dcd6f81025
snprintf: renamed and we now only use msnprintf()
The function does not return the same value as snprintf() normally does,
so readers may be mislead into thinking the code works differently than
it actually does. A different function name makes this easier to detect.

Reported-by: Tomas Hoger
Assisted-by: Daniel Gustafsson
Fixes #3296
Closes #3297
2018-11-23 08:26:51 +01:00
Daniel Stenberg
e50a2002bd
FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
Now FILE transfers send headers to the header callback like HTTP and
other protocols. Also made curl_easy_getinfo(...CURLINFO_PROTOCOL...)
work for FILE in the callbacks.

Makes "curl -i file://.." and "curl -I file://.." work like before
again. Applied the bold header logic to them too.

Regression from c1c2762 (7.61.0)

Reported-by: Shaun Jackman
Fixes #3083
Closes #3101
2018-10-08 08:35:40 +02:00
Daniel Stenberg
46e164069d
url: use the URL API internally as well
... to make it a truly unified URL parser.

Closes #3017
2018-09-22 11:58:10 +02:00
Daniel Stenberg
2825f46d95
CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
This is step 3 of #2888.

Fixes #2888
Closes #2896
2018-09-06 10:53:39 +02:00
Daniel Stenberg
1a890997a4
all: s/int/size_t cleanup
Assisted-by: Rikard Falkeborn

Closes #2922
2018-09-01 10:40:42 +02:00
Marian Klymov
c45360d463
cppcheck: fix warnings
- Get rid of variable that was generating false positive warning
(unitialized)

- Fix issues in tests

- Reduce scope of several variables all over

etc

Closes #2631
2018-06-11 11:14:48 +02:00
Viktor Szakats
4bd91bc474 spelling fixes
Detected using the `codespell` tool (version 1.13.0).

Also secure and fix an URL.
2018-06-03 12:14:45 +00:00
Daniel Stenberg
ddd31dc5dd
time_t-fixes: remove typecasts to 'long' for info.filetime
They're now wrong.

Reported-by: Michael Kaufmann

Closes #2277
2018-02-01 07:50:59 +01:00
Max Dymond
811d96e9e2
file: Check the return code from Curl_range and bail out on error 2018-01-30 17:23:35 +01:00
Max Dymond
e04417d98f
Curl_range: commonize FTP and FILE range handling
Closes #2205
2018-01-30 17:23:26 +01:00
Daniel Stenberg
5d543fe906 time: rename Curl_tvnow to Curl_now
... since the 'tv' stood for timeval and this function does not return a
timeval struct anymore.

Also, cleaned up the Curl_timediff*() functions to avoid typecasts and
clean up the descriptive comments.

Closes #2011
2017-10-25 18:48:05 +02:00
Daniel Stenberg
afbdc96638
file_range: avoid integer overflow when figuring out byte range
When trying to bump the value with one and the value is already at max,
it causes an integer overflow.

Closes #1908
Detected by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3465

Assisted-by: Max Dymond
2017-09-23 18:21:15 +02:00
Daniel Stenberg
e5743f08e7
code style: use spaces around pluses 2017-09-11 09:29:50 +02:00
Daniel Stenberg
6b84438d9a
code style: use spaces around equals signs 2017-09-11 09:29:50 +02:00
Daniel Stenberg
ff50fe0348
strtoofft: reduce integer overflow risks globally
... make sure we bail out on overflows.

Reported-by: Brian Carpenter
Closes #1758
2017-08-14 23:33:41 +02:00
Even Rouault
c9332fa5e8 file: output the correct buffer to the user
Regression brought by 7c312f84ea (April 2017)

CVE-2017-1000099

Bug: https://curl.haxx.se/docs/adv_20170809C.html

Credit to OSS-Fuzz for the discovery
2017-08-07 09:24:30 +02:00
Max Dymond
c75f63d7c4 handler: refactor connection checking
Add a new type of callback to Curl_handler which performs checks on
the connection. Alter RTSP so that it uses this callback to do its
own check on connection health.
2017-06-30 10:17:27 +02:00
Daniel Stenberg
68c6dcb2cb file: make speedcheck use current time for checks
... as it would previously just get the "now" timestamp before the
transfer starts and then not update it again.

Closes #1550
2017-06-07 23:01:09 +02:00
Daniel Stenberg
e40e9d7f0d buffer: use data->set.buffer_size instead of BUFSIZE
... to properly use the dynamically set buffer size!
2017-05-01 22:55:29 +02:00
Daniel Stenberg
89cf6f38d2 upload: UPLOAD_BUFSIZE is now for the upload buffer 2017-05-01 22:55:29 +02:00
Daniel Stenberg
7c312f84ea file: use private buffer for C-L output
... instead of clobbering the download buffer.
2017-05-01 22:55:29 +02:00
Sylvestre Ledru
66de563482 Improve code readbility
... by removing the else branch after a return, break or continue.

Closes #1310
2017-03-13 23:11:45 +01:00
Richy Kim
6b7616690e CURLOPT_BUFFERSIZE: support enlarging receive buffer
Replace use of fixed macro BUFSIZE to define the size of the receive
buffer.  Reappropriate CURLOPT_BUFFERSIZE to include enlarging receive
buffer size.  Upon setting, resize buffer if larger than the current
default size up to a MAX_BUFSIZE (512KB). This can benefit protocols
like SFTP.

Closes #1222
2017-01-19 23:38:04 +01:00
Daniel Stenberg
dbadaebfc4 checksrc: code style: use 'char *name' style 2016-11-24 23:58:22 +01:00
Michael Kaufmann
f9e51fb55d file: fix compiler warning
follow-up to 46133aa5
2016-11-01 20:40:26 +01:00
Daniel Stenberg
46133aa536 escape: avoid using curl_easy_unescape() internally
Since the internal Curl_urldecode() function has a better API.
2016-10-31 08:46:35 +01:00
Miroslav Franc
bf430ecdef library: Fix memory leaks found during static analysis
Closes https://github.com/curl/curl/pull/913
2016-07-14 02:52:56 -04:00
Daniel Stenberg
434f8d0389 internals: rename the SessionHandle struct to Curl_easy 2016-06-22 10:28:41 +02:00
Daniel Stenberg
4f45240bc8 lib: include curl_printf.h as one of the last headers
curl_printf.h defines printf to curl_mprintf, etc. This can cause
problems with external headers which may use
__attribute__((format(printf, ...))) markers etc.

To avoid that they cause problems with system includes, we include
curl_printf.h after any system headers. That makes the three last
headers to always be, and we keep them in this order:

 curl_printf.h
 curl_memory.h
 memdebug.h

None of them include system headers, they all do funny #defines.

Reported-by: David Benjamin

Fixes #743
2016-04-29 22:32:49 +02:00
Daniel Stenberg
a71012c03e code: style updates 2016-04-03 22:38:36 +02:00
Daniel Stenberg
b3912d9dd7 file: remove duplicate checks of the same variable
... as it doesn't change in between. Deteced by PVS Studio.

Reported-by: Alexis La Goutte
2016-03-31 10:10:58 +02:00
Daniel Stenberg
1e486db9c2 file: try reading from files with no size
Some systems have special files that report as 0 bytes big, but still
contain data that can be read (for example /proc/cpuinfo on
Linux). Starting now, a zero byte size is considered "unknown" size and
will be read as far as possible anyway.

Reported-by: Jesse Tan

Closes #681
2016-02-25 23:45:17 +01:00
Daniel Stenberg
4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Daniel Stenberg
b0143a2a33 read_callback: move to SessionHandle from connectdata
With many easy handles using the same connection for multiplexing, it is
important we store and keep the transfer-oriented stuff in the
SessionHandle so that callbacks and callback data work fine even when
many easy handles share the same physical connection.
2015-05-20 23:06:45 +02:00
Dan Fandrich
35648f2e79 curl_memory: make curl_memory.h the second-last header file loaded
This header file must be included after all header files except
memdebug.h, as it does similar memory function redefinitions and can be
similarly affected by conflicting definitions in system or dependent
library headers.
2015-03-24 23:47:01 +01:00
Daniel Stenberg
df5578a7a3 mprintf.h: remove #ifdef CURLDEBUG
... and as a consequence, introduce curl_printf.h with that re-define
magic instead and make all libcurl code use that instead.
2015-03-03 12:36:18 +01:00
Daniel Stenberg
0eb3d15ccb code cleanup: we prefer 'CURLcode result'
... for the local variable name in functions holding the return
code. Using the same name universally makes code easier to read and
follow.

Also, unify code for checking for CURLcode errors with:

 if(result) or if(!result)

instead of

 if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
2014-10-24 08:23:19 +02:00
Daniel Stenberg
53cbea2231 file: reject paths using embedded %00
Mostly because we use C strings and they end at a binary zero so we know
we can't open a file name using an embedded binary zero.

Reported-by: research@g0blin.co.uk
2014-09-30 07:37:38 +02:00
Daniel Stenberg
d5ec44ca4c INFILESIZE: fields in UserDefined must not be changed run-time
set.infilesize in this case was modified in several places, which could
lead to repeated requests using the same handle to get unintendent/wrong
consequences based on what the previous request did!
2014-04-26 18:17:10 +02:00
Steve Holme
60bd22620a mprintf: Replaced internal usage of FORMAT_OFF_T and FORMAT_OFF_TU
Following commit 0aafd77fa4, replaced the internal usage of
FORMAT_OFF_T and FORMAT_OFF_TU with the external versions that we
expect API programmers to use.

This negates the need for separate definitions which were subtly
different under different platforms/compilers.
2013-12-31 11:10:42 +00:00
Daniel Stenberg
e79535bc5e SessionHandle: the protocol specific pointer is now a void *
All protocol handler structs are now opaque (void *) in the
SessionHandle struct and moved in the request-specific sub-struct
'SingleRequest'. The intension is to keep the protocol specific
knowledge in their own dedicated source files [protocol].c etc.

There's some "leakage" where this policy is violated, to be addressed at
a later point in time.
2013-08-12 13:17:57 +02:00
Daniel Stenberg
4ad8e142da urldata: clean up the use of the protocol specific structs
1 - always allocate the struct in protocol->setup_connection. Some
protocol handlers had to get this function added.

2 - always free at the end of a request. This is also an attempt to keep
less memory in the handle after it is completed.
2013-08-12 13:17:57 +02:00
Yang Tse
5a053ffe80 build: fix circular header inclusion with other packages
This commit renames lib/setup.h to lib/curl_setup.h and
renames lib/setup_once.h to lib/curl_setup_once.h.

Removes the need and usage of a header inclusion guard foreign
to libcurl. [1]

Removes the need and presence of an alarming notice we carried
in old setup_once.h [2]

----------------------------------------

1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard
    up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H,
    this single inclusion guard is enough to ensure that inclusion of
    lib/setup_once.h done from lib/setup.h is only done once.

    Additionally lib/setup.h has always used __SETUP_ONCE_H macro to
    protect inclusion of setup_once.h even after commit ec691ca3, this
    was to avoid a circular header inclusion triggered when building a
    c-ares enabled version with c-ares sources available which also has
    a setup_once.h header. Commit ec691ca3 exposes the real nature of
    __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard
    foreign to libcurl belonging to c-ares's setup_once.h

    The renaming this commit does, fixes the circular header inclusion,
    and as such removes the need and usage of a header inclusion guard
    foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl.

2 - Due to the circular interdependency of old lib/setup_once.h and the
    c-ares setup_once.h header, old file lib/setup_once.h has carried
    back from 2006 up to now days an alarming and prominent notice about
    the need of keeping libcurl's and c-ares's setup_once.h in sync.

    Given that this commit fixes the circular interdependency, the need
    and presence of mentioned notice is removed.

    All mentioned interdependencies come back from now old days when
    the c-ares project lived inside a curl subdirectory. This commit
    removes last traces of such fact.
2013-01-09 00:49:50 +01:00