1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-25 17:48:48 -05:00
Commit Graph

673 Commits

Author SHA1 Message Date
Daniel Stenberg
a37fc62e8b
examples: safer and more proper read callback logic
The same callback code is used in:

 imap-append.c
 smtp-authzid.c
 smtp-mail.c
 smtp-multi.c
 smtp-ssl.c
 smtp-tls.c

It should not assume that it can copy full lines into the buffer as it
will encourage sloppy coding practices. Instead use byte-wise logic and
check/acknowledge the buffer size appropriately.

Reported-by: Harry Sintonen
Fixes #7330
Closes #7331
2021-07-01 14:27:12 +02:00
Daniel Stenberg
42db4ccee2
examples: length-limit two sscanf() uses of %s
Reported-by: Jishan Shaikh
Fixes #7293
Closes #7294
2021-06-24 15:57:09 +02:00
Daniel Stenberg
265b14d6b3
metalink: remove
Warning: this will make existing curl command lines that use metalink to
stop working.

Reasons for removal:

1. We've found several security problems and issues involving the
   metalink support in curl. The issues are not detailed here. When
   working on those, it become apparent to the team that several of the
   problems are due to the system design, metalink library API and what
   the metalink RFC says. They are very hard to fix on the curl side
   only.

2. The metalink usage with curl was only very briefly documented and was
   not following the "normal" curl usage pattern in several ways, making
   it surprising and non-intuitive which could lead to further security
   issues.

3. The metalink library was last updated 6 years ago and wasn't so
   active the years before that either. An unmaintained library means
   there's a security problem waiting to happen. This is probably reason
   enough.

4. Metalink requires an XML parsing library, which is complex code (even
   the smaller alternatives) and to this day often gets security
   updates.

5. Metalink is not a widely used curl feature. In the 2020 curl user
   survey, only 1.4% of the responders said that they'd are using it. In
   2021 that number was 1.2%. Searching the web also show very few
   traces of it being used, even with other tools.

6. The torrent format and associated technology clearly won for
   downloading large files from multiple sources in parallel.

Cloes #7176
2021-06-07 08:14:25 +02:00
Daniel Stenberg
82d334001f
copyright: update copyright year ranges to 2021 2021-05-26 08:18:11 +02:00
Daniel Stenberg
063d3f3b96
tidy-up: make conditional checks more consistent
... remove '== NULL' and '!= 0'

Closes #6912
2021-04-22 09:10:17 +02:00
Daniel Stenberg
95d525a9e1
misc: update copyright year ranges to match latest updates 2021-04-13 14:32:30 +02:00
Jochem Broekhoff
255bdfe65c
examples/hiperfifo.c: check event_initialized before delete
If event_del is called with the event struct (still) zeroed out, a
segmentation fault may occur.  event_initialized checks whether the
event struct is nonzero.

Closes #6876
2021-04-09 11:44:21 +02:00
Daniel Stenberg
85e6975643
copyright: update copyright year ranges to 2021
Reviewed-by: Emil Engler
Closes #6802
2021-03-27 23:00:14 +01:00
Jay Satiro
a8da0302a7 examples: Remove threaded-shared-conn.c due to bug
Known bug 11.11 is the shared object's connection cache is not thread
safe, so we should not have an example for it.

Ref: https://github.com/curl/curl/issues/4915
Ref: https://curl.se/docs/knownbugs.html#A_shared_connection_cache_is_not

Closes https://github.com/curl/curl/pull/6795
2021-03-26 03:14:50 -04:00
Viktor Szakats
f65d7889b5
http: add new files missed from referrer commit
Ref: 44872aefc2
Ref: #6591
2021-02-19 16:18:15 +00:00
Viktor Szakats
44872aefc2
http: add support to read and store the referrer header
- add CURLINFO_REFERER libcurl option
- add --write-out '%{referer}' command-line option
- extend --xattr command-line option to fill user.xdg.referrer.url extended
  attribute with the referrer (if there was any)

Closes #6591
2021-02-19 13:57:19 +00:00
Viktor Szakats
acd90af51f
docs/Makefile.inc: format to be update-friendly
- one source file per line
- convert tabs to spaces
- do not align line-continuation backslashes
- sort source files alphabetically

Reviewed-by: Daniel Stenberg
Closes #6593
2021-02-11 16:12:12 +00:00
Viktor Szakats
2dfe3d7093
Makefile.m32: add support for libgsasl dependency
Reviewed-by: Marcel Raad
Closes #6586
2021-02-10 18:48:29 +00:00
Daniel Stenberg
2855997a95
examples/curlgtk.c: fix the copyright year range
... and make private functions static.
2020-12-30 22:37:44 +01:00
Olaf Hering
f2ed79d8ee
docs/examples: adjust prototypes for CURLOPT_READFUNCTION
The type of the buffer in curl_read_callback is 'char *', not 'void *'.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Closes #6392
2020-12-30 22:20:24 +01:00
Daniel Stenberg
0a5b8af777
examples: fix more empty expression statement has no effect
Follow-up to 26e46617b9
2020-12-30 22:19:05 +01:00
Daniel Stenberg
a6d20b89db
cleanup: fix two empty expression statement has no effect
Follow-up to 26e46617b9
2020-12-30 16:58:19 +01:00
Daniel Stenberg
a93c647de8
examples/libtest: add .checksrc to dist
... so that (auto)builds from tarballs also get the correct instructions.

Fixes #6176
Closes #6353
2020-12-21 17:06:06 +01:00
Daniel Stenberg
1451f4d2e1
examples: remove superfluous asterisk uses
... for function pointers. Breaks in ancient compilers.
2020-12-16 09:24:16 +01:00
Rikard Falkeborn
77b2f702c4
examples: update .gitignore
Add files that are generated by 'make examples' and remove some that
have been renamed.

The commits that renamed the programs are e9625c5bc6 (imap.c and
simplesmtp.c were renamed to imap-fetch.c and smtp-send.c) and
ad39e7ec01 (pop3slist.c and pop3s.c were renamed to pop3-list.c and
pop3-ssl.c).

Closes #6240
2020-11-23 23:09:33 +01:00
Daniel Stenberg
71ec4e7d76
httpput-postfields.c: new example doing PUT with POSTFIELDS
Proposed-by: Jeroen Ooms
Ref: #6186
Closes #6188
2020-11-13 09:20:57 +01:00
Daniel Stenberg
fa6bbbe167
examples/httpput: remove use of CURLOPT_PUT
It is deprecated and unnecessary since it already sets CURLOPT_UPLOAD.

Reported-by: Jeroen Ooms
Fixes #6186
Closes #6187
2020-11-09 08:25:14 +01:00
Daniel Gustafsson
afddaa6dec examples: fix comment syntax
Commit ac0a88fd2 accidentally added a stray character outside of the
comment which broke compilation. Fix by removing.

Reported-by:  autobuild https://curl.se/dev/log.cgi?id=20201105084306-12742
2020-11-05 09:54:12 +01:00
Daniel Stenberg
ac0a88fd25
copyright: fix year ranges
Follow-up from 4d2f800677
2020-11-05 08:22:10 +01:00
Daniel Stenberg
4d2f800677
curl.se: new home
Closes #6172
2020-11-04 23:59:47 +01:00
Viktor Szakats
769c9a4eec
Makefile.m32: add support for HTTP/3 via ngtcp2+nghttp3
Approved-by: Daniel Stenberg
Closes #6092
2020-10-16 07:15:19 +00:00
Daniel Stenberg
7b9e3c4b4c
examples/README: convert to markdown
Closes #6028
2020-09-30 22:45:29 +02:00
Daniel Stenberg
17fcdf6a31
lib: fix -Wassign-enum warnings
configure --enable-debug now enables -Wassign-enum with clang,
identifying several enum "abuses" also fixed.

Reported-by: Gisle Vanem
Bug: 879007f811 (commitcomment-42087553)

Closes #5929
2020-09-08 13:53:02 +02:00
Viktor Szakats
38039da764
Makefile.m32: add ability to override zstd libs [ci skip]
Similarly to brotli, where this was already possible.
E.g. it allows to link zstd statically to libcurl.dll.

Ref: https://github.com/curl/curl-for-win/issues/12
Ref: d9b266afd2

Closes https://github.com/curl/curl/pull/5840
2020-08-22 21:08:28 +00:00
Daniel Stenberg
687908c6e6
examples/rtsp.c: correct the copyright year 2020-08-17 10:44:39 +02:00
H3RSKO
3d221409e2
docs: change "web site" to "website"
According to wikipedia:

 While "web site" was the original spelling, this variant has become
 rarely used, and "website" has become the standard spelling

Closes #5822
2020-08-17 00:14:18 +02:00
Daniel Stenberg
faeec840f3
checksrc: invoke script with -D to find .checksrc proper
Without the -D command line option, checksrc.pl won't know which
directory to load the ".checksrc" file from when building out of the
source tree.

Reported-by: Marcel Raad
Fixes #5715
Closes #5755
2020-08-01 10:47:55 +02:00
Daniel Stenberg
2f72ad44fc
checksrc: ban gmtime/localtime
They're not thread-safe so they should not be used in libcurl code.

Explictly enabled when deemed necessary and in examples and tests

Reviewed-by: Nicolas Sterchele
Closes #5732
2020-07-28 23:51:17 +02:00
Gilles Vollant
e13357b14b
content_encoding: add zstd decoding support
include zstd curl patch for Makefile.m32 from vszakats
and include Add CMake support for zstd from Peter Wu

Helped-by: Viktor Szakats
Helped-by: Peter Wu
Closes #5453
2020-07-12 18:11:37 +02:00
Daniel Stenberg
600db1e706
examples/multithread.c: call curl_global_cleanup()
Reported-by: qiandu2006 on github
Fixes #5622
Closes #5623
2020-06-29 14:52:56 +02:00
Daniel Stenberg
0f55269aff
copyright: update mismatched copyright years 2020-06-22 11:55:34 +02:00
Radoslav Georgiev
abfd154efd
examples/http2-down/upload: add error checks
If `index.html` does not exist in the directory from which the example
is invoked, the fopen(upload, "rb") invocation in `setup` would fail,
returning NULL.  This value is subsequently passed as the FILE* argument
of the `fread` invocation in the `read_callback` function, which is the
actual cause of the crash (apparently `fread` assumes that argument to
be non-null).

In addition, mitigate some possible crashes of similar origin.

Closes #5463
2020-06-02 00:14:08 +02:00
kotoriのねこ
066b303231
examples/ephiperfifo: turn off interval when setting timerfd
Reported-by: therealhirudo on github
Fixes #5485
Closes #5497
2020-06-02 00:11:38 +02:00
Viktor Szakats
308c243db5
all: fix codespell errors
Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg
Closes https://github.com/curl/curl/pull/5452
2020-05-25 19:44:04 +00:00
Daniel Stenberg
8df455479f
source cleanup: remove all custom typedef structs
- Stick to a single unified way to use structs
 - Make checksrc complain on 'typedef struct {'
 - Allow them in tests, public headers and examples

 - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually
   typedef different types/structs depending on build conditions.

Closes #5338
2020-05-15 08:54:42 +02:00
Daniel Stenberg
66b0775763
checksrc: enhance the ASTERISKSPACE and update code accordingly
Fine: "struct hello *world"

Not fine: "struct hello* world" (and variations)

Closes #5386
2020-05-14 00:02:05 +02:00
Daniel Stenberg
9d47ff5323
examples: remove asiohiper.cpp
This example has repeatedly been reported to contain bugs, and as users
copy and paste code from this into production, I now deem it better to
not provide the example at all.

Closes #5090
Closes #5322
2020-05-02 12:29:58 +02:00
Tom
207a6cbb90 src: Remove C99 constructs to ensure C89 compliance
This fixes the error: 'for' loop initial declaration used outside C99
mode by declaring the loop increment variable in the beginning of the
block instead of inside the for loop.

Fixes #5254
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
2020-04-19 21:56:52 +02:00
Gisle Vanem
e37dc71eae
examples/sessioninfo.c: add include to fix compiler warning
Fixes #5171
2020-03-31 14:32:29 +02:00
Daniel Stenberg
9a8b3b3e13
copyright: fix out-of-date copyright ranges and missing headers
Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyright headers.

Removed three (mostly usesless) README files from docs/

Closes #5141
2020-03-24 15:05:59 +01:00
Jay Satiro
67f3f6cff1 Makefile.m32: Improve windres parameter compatibility
- s/COFF/coff/

Some versions of windres do not recognize uppercase COFF as a valid
way to specify the COFF output format.

Reported-by: Steven Penny

Fixes https://github.com/curl/curl/issues/5099
Closes https://github.com/curl/curl/pull/5101
2020-03-14 19:08:17 -04:00
Jay Satiro
68da0b8b86 examples/postinmemory.c: Call curl_global_cleanup always
Prior to this change curl_global_cleanup was not called if
curl_easy_init failed.

Reported-by: kouzhudong@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/4751
2019-12-24 01:06:47 -05:00
Daniel Stenberg
4c2f5d52ba
url2file.c: fix copyright year
Follow-up to 5257872695
2019-12-21 18:18:12 +01:00
Rickard Hallerbäck
5257872695
examples/url2file.c: corrected a comment
The comment was confusing and suggested that setting CURLOPT_NOPROGRESS
to 0L would both enable and disable debug output at the same time, like
a Schrödinger's cat of CURLOPTs.

Closes #4745
2019-12-20 11:05:38 +01:00
Daniel Stenberg
ea19dbe662
examples: add multi-poll.c
Show how curl_multi_poll() makes it even easier to use the multi
interface.

Closes #4596
2019-11-14 23:24:00 +01:00