1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-15 22:15:13 -05:00
Commit Graph

49 Commits

Author SHA1 Message Date
Daniel Stenberg
b331a5fa09
file2memory: use a define instead of -1 unsigned value
... to use the maximum value for 'size_t' when detecting integer overflow.
Changed the limit to max/4 as already that seems unreasonably large.

Codacy didn't like the previous approach.

Closes #5683
2020-07-16 00:34:05 +02:00
Daniel Stenberg
33d60d09f3
tool_paramhlp: fixup C89 mistake
Follow-up to c5f0a9db22.
2020-05-19 08:58:33 +02:00
Siva Sivaraman
c5f0a9db22
tool_paramhlp: fixed potentially uninitialized strtol() variable
Seems highly unlikely to actually be possible, but better safe than
sorry.

Closes #5417
2020-05-19 08:55:27 +02:00
Daniel Stenberg
4c34af4c99
curl -w: handle a blank input file correctly
Previously it would end up with an uninitialized memory buffer that
would lead to a crash or junk getting output.

Added test 1271 to verify.

Reported-by: Brian Carpenter
Closes #4786
2020-01-06 10:10:48 +01:00
Marcel Raad
a8d13336b5
tool: make a few char pointers point to const char instead
These are read-only.

Closes https://github.com/curl/curl/pull/4771
2019-12-31 22:18:56 +01:00
Daniel Stenberg
c6deecd7e9
curl: use errorf() better
Change series of error outputs to use errorf().

Only errors that are due to mistakes in command line option usage should
use helpf(), other types of errors in the tool should rather use
errorf().

Closes #4691
2019-12-10 10:03:33 +01:00
Gilles Vollant
b543f1fadb
curl:file2string: load large files much faster
... by using a more efficient realloc scheme.

Bug: https://curl.haxx.se/mail/lib-2019-09/0045.html
Closes #4336
2019-09-13 08:22:58 +02:00
Daniel Stenberg
db0a0dfb0e
curl: cap the maximum allowed values for retry time arguments
... to avoid integer overflows later when multiplying with 1000 to
convert seconds to milliseconds.

Added test 1269 to verify.

Reported-by: Jason Lee
Closes #4166
2019-07-30 08:17:01 +02:00
Rikard Falkeborn
fa2d6ba84d
printf: fix format specifiers
Closes #3426
2019-01-04 23:50:48 +01:00
Marian Klymov
c45360d463
cppcheck: fix warnings
- Get rid of variable that was generating false positive warning
(unitialized)

- Fix issues in tests

- Reduce scope of several variables all over

etc

Closes #2631
2018-06-11 11:14:48 +02:00
Daniel Stenberg
697271fc98
curl: make str2udouble not return values on error
... previously it would store a return value even when it returned
error, which could make the value get used anyway!

Reported-by: Brian Carpenter
Closes #1893
2017-09-18 10:45:29 +02:00
Daniel Stenberg
e5743f08e7
code style: use spaces around pluses 2017-09-11 09:29:50 +02:00
Daniel Stenberg
6b84438d9a
code style: use spaces around equals signs 2017-09-11 09:29:50 +02:00
Daniel Stenberg
80d9e35598
system.h: remove all CURL_SIZEOF_* defines
... as they're not used externally and internally we check for the sizes
already in configure etc.

Closes #1767
2017-08-17 10:26:53 +02:00
Daniel Stenberg
ff50fe0348
strtoofft: reduce integer overflow risks globally
... make sure we bail out on overflows.

Reported-by: Brian Carpenter
Closes #1758
2017-08-14 23:33:41 +02:00
Adam Sampson
45a560390c
curl: do bounds check using a double comparison
The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't
complete: if the parsed number in num is larger than will fit in a long,
the conversion is undefined behaviour (causing test1427 to fail for me
on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7).  Getting
rid of the cast means the comparison will be done using doubles.

It might make more sense for the max argument to also be a double...

Fixes #1750
Closes #1749
2017-08-09 19:24:16 +02:00
Daniel Stenberg
5c7455fe76 curl: detect and bail out early on parameter integer overflows
Make the number parser aware of the maximum limit curl accepts for a
value and return an error immediately if larger, instead of running an
integer overflow later.

Fixes #1730
Closes #1736
2017-08-07 09:38:45 +02:00
Jay Satiro
af0216251b curl_setup_once: Remove ERRNO/SET_ERRNO macros
Prior to this change (SET_)ERRNO mapped to GetLastError/SetLastError
for Win32 and regular errno otherwise.

I reviewed the code and found no justifiable reason for conflating errno
on WIN32 with GetLastError/SetLastError. All Win32 CRTs support errno,
and any Win32 multithreaded CRT supports thread-local errno.

Fixes https://github.com/curl/curl/issues/895
Closes https://github.com/curl/curl/pull/1589
2017-07-10 02:09:27 -04:00
Jozef Kralik
6448f98c18 vtls: add options to specify range of enabled TLS versions
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as
the --tls-max option of the curl tool.

Closes https://github.com/curl/curl/pull/1166
2017-03-08 15:54:07 +01:00
Daniel Stenberg
1c3e8bbfed checksrc: warn for assignments within if() expressions
... they're already frowned upon in our source code style guide, this
now enforces the rule harder.
2016-12-14 01:29:44 +01:00
Daniel Stenberg
b228d2952b checksrc: stricter no-space-before-paren enforcement
In order to make the code style more uniform everywhere
2016-12-13 23:39:11 +01:00
Daniel Stenberg
95bd2b3e7f strcase: make the tool use curl_str[n]equal instead
As they are after all part of the public API. Saves space and reduces
complexity. Remove the strcase defines from the curlx_ family.

Suggested-by: Dan Fandrich
Idea: https://curl.haxx.se/mail/lib-2016-10/0136.html
2016-10-31 21:51:19 +01:00
Daniel Stenberg
811a693b80 strcasecompare: all case insensitive string compares ignore locale now
We had some confusions on when each function was used. We should not act
differently on different locales anyway.
2016-10-31 08:46:35 +01:00
Daniel Stenberg
b965090963 curl: whitelist use of strtok() in non-threaded context 2016-09-07 10:43:40 +02:00
Daniel Stenberg
4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Steve Holme
db05d7a731 tool_paramhlp: Fixed display of URL index in password prompt for --next
Commit f3bae6ed73 added the URL index to the password prompt when using
--next. Unfortunately, because the size_t specifier (%zu) is not
supported by all sprintf() implementations we use the curl_off_t format
specifier instead. The display of an incorrect value arises on platforms
where size_t and curl_off_t are of a different size.
2015-11-27 06:59:02 +00:00
Steve Holme
eaa98cef8d oauth2: Don't use XOAUTH2 in OAuth 2.0 variables 2015-11-09 22:25:08 +00:00
Nathaniel Waisbrot
9756d1da76 CURLOPT_DEFAULT_PROTOCOL: added
- Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default
protocol for schemeless URLs.

- Add new tool option --proto-default to expose
CURLOPT_DEFAULT_PROTOCOL.

In the case of schemeless URLs libcurl will behave in this way:

When the option is used libcurl will use the supplied default.

When the option is not used, libcurl will follow its usual plan of
guessing from the hostname and falling back to 'http'.
2015-08-22 21:57:14 -04:00
Steve Holme
c715fa0b60 tool: Updated the warnf() function to use the GlobalConfig structure
As the 'error' and 'mute' options are now part of the GlobalConfig,
rather than per Operation, updated the warnf() function to use this
structure rather than the OperationConfig.
2015-02-27 21:05:52 +00:00
Bill Nagel
b359badd49 curl tool: Enable support for the SMB protocol
This patch enables SMB/CIFS support in the curl command-line tool.
2014-11-30 21:32:44 +00:00
Steve Holme
5513bbd5c3 tool: Moved --stderr to the global config 2014-03-01 13:03:20 +00:00
Steve Holme
705a4cb549 tool_cfgable: Renamed Configurable structure to OperationConfig
To allow for the addition of a global config structure and prevent
confusion between the two.
2014-02-23 13:09:20 +00:00
Steve Holme
3521e4e40d tool_paramhlp: Fixed compilation warnings
declaration of 'index' shadows a global declaration
2014-02-20 23:18:48 +00:00
Steve Holme
f3bae6ed73 tool_paramhlp: Added URL index to password prompt for multiple operations 2014-02-16 11:13:16 +00:00
Steve Holme
f80ca7a05a tool_operate: Moved required argument getting into separate function 2014-02-15 16:31:32 +00:00
Steve Holme
33b8960dc8 tool: Fixed incorrect return code if password prompting runs out of memory
Due to the changes in commit 3c929ff9f6 and lack of subsequent
updates, curl could return a CURLE_FTP_ACCEPT_FAILED error if
checkpasswd() ran out of memory in versions 7.33.0 and 7.34.0.

Updated the function declaration and return code to return
CURLE_OUT_OF_MEMORY and CURLE_OK where appropriate.
2014-01-19 16:26:19 +00:00
Dave Reisner
d8c04909fa src/tool: allow timeouts to accept decimal values
Implement wrappers around strtod to convert the user argument to a
double with sane error checking. Use this to allow --max-time and
--connect-timeout to accept decimal values instead of strictly integers.

The manpage is updated to make mention of this feature and,
additionally, forewarn that the actual timeout of the operation can
vary in its precision (particularly as the value increases in its
decimal precision).
2013-07-14 23:04:05 +02:00
Dave Reisner
f5005dd8d0 src/tool_paramhlp: try harder to catch negatives
strto* functions happily chomp off leading whitespace, so simply
checking for str[0] can lead to false negatives. Do the full parse and
check the out value instead.
2013-07-14 22:48:29 +02:00
Steve Holme
ca8f17a303 tool_paramhlp: Fixed options being included in username
Fix to prevent the options from being displayed when curl requests the
user's password if the following command line is specified:

--user username;options
2013-04-20 09:16:21 +01:00
Yang Tse
4a5aa6682d Revert changes relative to lib/*.[ch] recent renaming
This reverts renaming and usage of lib/*.h header files done
28-12-2012, reverting 2 commits:

  f871de0... build: make use of 76 lib/*.h renamed files
  ffd8e12... build: rename 76 lib/*.h files

This also reverts removal of redundant include guard (redundant thanks
to changes in above commits) done 2-12-2013, reverting 1 commit:

  c087374... curl_setup.h: remove redundant include guard

This also reverts renaming and usage of lib/*.c source files done
3-12-2013, reverting 3 commits:

  13606bb... build: make use of 93 lib/*.c renamed files
  5b6e792... build: rename 93 lib/*.c files
  7d83dff... build: commit 13606bbfde follow-up 1

Start of related discussion thread:

  http://curl.haxx.se/mail/lib-2013-01/0012.html

Asking for confirmation on pushing this revertion commit:

  http://curl.haxx.se/mail/lib-2013-01/0048.html

Confirmation summary:

  http://curl.haxx.se/mail/lib-2013-01/0079.html

NOTICE: The list of 2 files that have been modified by other
intermixed commits, while renamed, and also by at least one
of the 6 commits this one reverts follows below. These 2 files
will exhibit a hole in history unless git's '--follow' option
is used when viewing logs.

  lib/curl_imap.h
  lib/curl_smtp.h
2013-01-06 18:20:27 +01:00
Yang Tse
f871de0064 build: make use of 76 lib/*.h renamed files
76 private header files renamed to use our standard naming scheme.

This change affects 322 files in libcurl's source tree.
2012-12-28 19:37:11 +01:00
Yang Tse
79954a1b07 avoid mixing of enumerated type with another type 2012-11-26 16:23:48 +01:00
Daniel Stenberg
f2b6ebed7b cmdline: parse numerical options stricter
1 - str2offset() no longer accepts negative numbers since offsets are by
nature positive.

2 - introduced str2unum() for the command line parser that accepts
numericals which are not supposed to be negative, so that it will
properly complain on apparent bad uses and mistakes.

Bug: http://curl.haxx.se/mail/archive-2012-07/0013.html
2012-07-10 23:11:30 +02:00
Yang Tse
01b0f1061d curl tool: make curl.h first header included in tool_setup.h 2012-04-08 13:50:18 +02:00
Yang Tse
919c97fa65 curl tool: use configuration files from lib directory
Configuration files such as curl_config.h and all config-*.h no longer exist
nor are generated/copied into 'src' directory, now these only exist in 'lib'
directory from where curl tool sources uses them.

Additionally old src/setup.h has been refactored into src/tool_setup.h which
now pulls lib/setup.h

The possibility of a makefile needing an include path adjustment exists.
2012-04-06 23:37:05 +02:00
Alessandro Ghedini
e71ac0c6fa curl tool: allow negative numbers as option values
Fix the str2num() function to not check if the input string starts with a
digit, since strtol() supports numbers prepended with '-' (and '+') too.
This makes the --max-redirs option work as documented.
2012-02-13 19:58:23 +01:00
Yang Tse
f7bfdbabf2 curl tool: reviewed code moved to tool_*.[ch] files 2011-10-06 17:39:00 +02:00
Yang Tse
5bf0d74120 curl tool: OOM handling fixes 2011-10-05 15:06:26 +02:00
Yang Tse
49b79b7631 curl tool: code moved to tool_*.[ch] files 2011-10-05 00:03:58 +02:00