1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-10 19:45:04 -05:00
Commit Graph

122 Commits

Author SHA1 Message Date
Marcel Raad
a626fa128c
security: silence conversion warning
With MinGW-w64, `curl_socket_t` is is a 32 or 64 bit unsigned integer,
while `read` expects a 32 bit signed integer.
Use `sread` instead of `read` to use the correct parameter type.

Closes https://github.com/curl/curl/pull/4483
2019-10-13 22:10:12 +02:00
Daniel Stenberg
9069838b30
security:read_data fix bad realloc()
... that could end up a double-free

CVE-2019-5481
Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
2019-09-09 08:14:34 +02:00
Daniel Gustafsson
efc55b8986 cleanup: fix typo in comment 2019-07-08 13:19:35 +02:00
Gergely Nagy
cf4255c847 lib: Use UTF-8 encoding in comments
Some editors and IDEs assume that source files use UTF-8 file encodings.
It also fixes the build with MSVC when /utf-8 command line option is
used (this option is mandatory for some other open-source projects, this
is useful when using the same options is desired for building all
libraries of a project).

Closes https://github.com/curl/curl/pull/4087
2019-07-06 23:25:20 -04:00
Marcel Raad
10db3ef21e
lib: reduce variable scopes
Fixes Codacy/CppCheck warnings.

Closes https://github.com/curl/curl/pull/3872
2019-05-20 08:51:11 +02:00
Daniel Stenberg
8ece8177f1
cleanup: remove FIXME and TODO comments
They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing
or rephrasing them.

Ref: #3876
Closes #3883
2019-05-16 09:16:56 +02:00
Daniel Stenberg
4ed62bc0dc
source: fix two 'nread' may be used uninitialized warnings
Both seem to be false positives but we don't like warnings.

Closes #3646
2019-03-05 13:03:43 +01:00
Daniel Stenberg
dcd6f81025
snprintf: renamed and we now only use msnprintf()
The function does not return the same value as snprintf() normally does,
so readers may be mislead into thinking the code works differently than
it actually does. A different function name makes this easier to detect.

Reported-by: Tomas Hoger
Assisted-by: Daniel Gustafsson
Fixes #3296
Closes #3297
2018-11-23 08:26:51 +01:00
Daniel Gustafsson
927cb3708e memory: add missing curl_printf header
ftp_send_command() was using vsnprintf() without including the libcurl
*rintf() replacement header. Fix by including curl_printf.h and also
add curl_memory.h while at it since memdebug.h depends on it.

Closes #2999
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-09-17 09:28:10 +02:00
Daniel Gustafsson
e7ee2f2923 sendf: Fix whitespace in infof/failf concatenation
Strings broken on multiple rows in the .c file need to have appropriate
whitespace padding on either side of the concatenation point to render
a correct amalgamated string. Fix by adding a space at the occurrences
found.

Closes #2986
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-09-13 10:47:45 +02:00
Daniel Stenberg
5ae22272d1
Curl_debug: remove dead printhost code
The struct field is never set (since 5e0d9aea3) so remove the use of it
and remove the connectdata pointer from the prototype.

Reported-by: Tejas
Bug: https://curl.haxx.se/mail/lib-2018-06/0054.html
Closes #2647
2018-06-12 16:00:27 +02:00
Rikard Falkeborn
8ea5d41fe0
strictness: correct {infof, failf} format specifiers
Closes #2623
2018-05-31 11:34:32 +02:00
Jay Satiro
908a9a6742 build: remove HAVE_LIMITS_H check
.. because limits.h presence isn't optional, it's required by C89.

Ref: http://port70.net/~nsz/c/c89/c89-draft.html#2.2.4.2

Closes https://github.com/curl/curl/pull/2215
2018-01-05 23:34:30 -05:00
Daniel Stenberg
6b84438d9a
code style: use spaces around equals signs 2017-09-11 09:29:50 +02:00
Daniel Stenberg
5fe164a258 ftp-gss: check for init before use
To avoid dereferencing a NULL pointer.

Reported-by: Daniel Romero
2016-12-24 23:35:43 +01:00
Daniel Stenberg
6832c1d4b2 checksrc: move open braces to comply with function declaration style 2016-11-24 23:58:22 +01:00
Daniel Stenberg
8657c268e1 checksrc: white space edits to comply to stricter checksrc 2016-11-24 23:58:22 +01:00
Daniel Stenberg
dbadaebfc4 checksrc: code style: use 'char *name' style 2016-11-24 23:58:22 +01:00
Daniel Stenberg
0649433da5 realloc: use Curl_saferealloc to avoid common mistakes
Discussed: https://curl.haxx.se/mail/lib-2016-11/0087.html
2016-11-11 10:03:48 +01:00
Daniel Stenberg
811a693b80 strcasecompare: all case insensitive string compares ignore locale now
We had some confusions on when each function was used. We should not act
differently on different locales anyway.
2016-10-31 08:46:35 +01:00
Daniel Stenberg
3d6460edee krb5: avoid realloc(0)
If the requested size is zero, bail out with error instead of doing a
realloc() that would cause a double-free: realloc(0) acts as a free()
and then there's a second free in the cleanup path.

CVE-2016-8619

Bug: https://curl.haxx.se/docs/adv_20161102E.html
Reported-by: Cure53
2016-10-31 08:46:35 +01:00
Daniel Stenberg
8238ba9c5f ftp: fix Curl_ftpsendf()
... it no longer takes printf() arguments since it was only really taken
advantage by one user and it was not written and used in a safe
way. Thus the 'f' is removed from the function name and the proto is
changed.

Although the current code wouldn't end up in badness, it was a risk that
future changes could end up springf()ing too large data or passing in a
format string inadvertently.
2016-10-08 15:13:46 +02:00
Daniel Stenberg
434f8d0389 internals: rename the SessionHandle struct to Curl_easy 2016-06-22 10:28:41 +02:00
Daniel Stenberg
99eafc49bb security:choose_mech fix DEAD CODE warning
... by removing the "do {} while (0)" block.

Coverity CID 1306669
2015-06-15 09:02:46 +02:00
Daniel Stenberg
e582cd16ff security: fix "Unchecked return value" from sscanf()
By (void) prefixing it and adding a comment. Did some minor related
cleanups.

Coverity CID 1299423.
2015-05-22 16:52:41 +02:00
Daniel Stenberg
1514977bcd security: simplify choose_mech
Coverity CID 1299424 identified dead code because of checks that could
never equal true (if the mechanism's name was NULL).

Simplified the function by removing a level of pointers and removing the
loop and array that weren't used.
2015-05-22 16:46:01 +02:00
Markus Elfring
29c655c0a6 Bug #149: Deletion of unnecessary checks before calls of the function "free"
The function "free" is documented in the way that no action shall occur for
a passed null pointer. It is therefore not needed that a function caller
repeats a corresponding check.
http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first

This issue was fixed by using the software Coccinelle 1.0.0-rc24.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-16 12:13:56 +01:00
Daniel Stenberg
9d964e5477 security: avoid compiler warning
Possible access to uninitialised memory '&nread' at line 140 of
lib/security.c in function 'ftp_send_command'.

Reported-by: Rich Burridge
2015-01-28 10:10:59 +01:00
Daniel Stenberg
0eb3d15ccb code cleanup: we prefer 'CURLcode result'
... for the local variable name in functions holding the return
code. Using the same name universally makes code easier to read and
follow.

Also, unify code for checking for CURLcode errors with:

 if(result) or if(!result)

instead of

 if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
2014-10-24 08:23:19 +02:00
Daniel Stenberg
87c8e00b7a do_sec_send: remove dead code
Coverity CID 1241951. The condition 'len >= 0' would always be true at
that point and thus not necessary to check for.
2014-10-08 12:48:06 +02:00
Daniel Stenberg
b90f6e87cf krb5_encode: remove unused argument
Coverity CID 1241957. Removed the unused argument. As this struct and
pointer now are used only for krb5, there's no need to keep unused
function arguments around.
2014-10-08 12:25:07 +02:00
Daniel Stenberg
793ac8035c choose_mech: fix return code
Coverity CID 1241950. The pointer is never NULL but it might point to
NULL.
2014-10-04 15:37:42 +02:00
Daniel Stenberg
c2791caf53 Curl_sec_read_msg: spell out that we ignore return code
Coverity CID 1241947. Since if sscanf() fails, the previously set value
remains set.
2014-10-04 15:21:39 +02:00
Daniel Stenberg
460fb12097 security.h: rename to curl_sec.h to avoid name collision
I brought back security.h in commit bb55293313. As we actually
already found out back in 2005 in commit 62970da675, the file name
security.h causes problems so I renamed it curl_sec.h instead.
2013-08-26 11:51:18 +02:00
Daniel Stenberg
bb55293313 FTP: remove krb4 support
We've announced this pending removal for a long time and we've
repeatedly asked if anyone would care or if anyone objects. Nobody has
objected. It has probably not even been working for a good while since
nobody has tested/used this code recently.

The stuff in krb4.h that was generic enough to be used by other sources
is now present in security.h
2013-08-25 19:16:36 +02:00
Yang Tse
de052ca6fc string formatting: fix 25+ printf-style format strings 2013-07-24 01:21:26 +02:00
Yang Tse
5a053ffe80 build: fix circular header inclusion with other packages
This commit renames lib/setup.h to lib/curl_setup.h and
renames lib/setup_once.h to lib/curl_setup_once.h.

Removes the need and usage of a header inclusion guard foreign
to libcurl. [1]

Removes the need and presence of an alarming notice we carried
in old setup_once.h [2]

----------------------------------------

1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard
    up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H,
    this single inclusion guard is enough to ensure that inclusion of
    lib/setup_once.h done from lib/setup.h is only done once.

    Additionally lib/setup.h has always used __SETUP_ONCE_H macro to
    protect inclusion of setup_once.h even after commit ec691ca3, this
    was to avoid a circular header inclusion triggered when building a
    c-ares enabled version with c-ares sources available which also has
    a setup_once.h header. Commit ec691ca3 exposes the real nature of
    __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard
    foreign to libcurl belonging to c-ares's setup_once.h

    The renaming this commit does, fixes the circular header inclusion,
    and as such removes the need and usage of a header inclusion guard
    foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl.

2 - Due to the circular interdependency of old lib/setup_once.h and the
    c-ares setup_once.h header, old file lib/setup_once.h has carried
    back from 2006 up to now days an alarming and prominent notice about
    the need of keeping libcurl's and c-ares's setup_once.h in sync.

    Given that this commit fixes the circular interdependency, the need
    and presence of mentioned notice is removed.

    All mentioned interdependencies come back from now old days when
    the c-ares project lived inside a curl subdirectory. This commit
    removes last traces of such fact.
2013-01-09 00:49:50 +01:00
Yang Tse
4a5aa6682d Revert changes relative to lib/*.[ch] recent renaming
This reverts renaming and usage of lib/*.h header files done
28-12-2012, reverting 2 commits:

  f871de0... build: make use of 76 lib/*.h renamed files
  ffd8e12... build: rename 76 lib/*.h files

This also reverts removal of redundant include guard (redundant thanks
to changes in above commits) done 2-12-2013, reverting 1 commit:

  c087374... curl_setup.h: remove redundant include guard

This also reverts renaming and usage of lib/*.c source files done
3-12-2013, reverting 3 commits:

  13606bb... build: make use of 93 lib/*.c renamed files
  5b6e792... build: rename 93 lib/*.c files
  7d83dff... build: commit 13606bbfde follow-up 1

Start of related discussion thread:

  http://curl.haxx.se/mail/lib-2013-01/0012.html

Asking for confirmation on pushing this revertion commit:

  http://curl.haxx.se/mail/lib-2013-01/0048.html

Confirmation summary:

  http://curl.haxx.se/mail/lib-2013-01/0079.html

NOTICE: The list of 2 files that have been modified by other
intermixed commits, while renamed, and also by at least one
of the 6 commits this one reverts follows below. These 2 files
will exhibit a hole in history unless git's '--follow' option
is used when viewing logs.

  lib/curl_imap.h
  lib/curl_smtp.h
2013-01-06 18:20:27 +01:00
Yang Tse
5b6e7927c6 build: rename 93 lib/*.c files
93 lib/*.c source files renamed to use our standard naming scheme.

This commit only does the file renaming.

----------------------------------------

  renamed:    lib/amigaos.c -> lib/curl_amigaos.c
  renamed:    lib/asyn-ares.c -> lib/curl_asyn_ares.c
  renamed:    lib/asyn-thread.c -> lib/curl_asyn_thread.c
  renamed:    lib/axtls.c -> lib/curl_axtls.c
  renamed:    lib/base64.c -> lib/curl_base64.c
  renamed:    lib/bundles.c -> lib/curl_bundles.c
  renamed:    lib/conncache.c -> lib/curl_conncache.c
  renamed:    lib/connect.c -> lib/curl_connect.c
  renamed:    lib/content_encoding.c -> lib/curl_content_encoding.c
  renamed:    lib/cookie.c -> lib/curl_cookie.c
  renamed:    lib/cyassl.c -> lib/curl_cyassl.c
  renamed:    lib/dict.c -> lib/curl_dict.c
  renamed:    lib/easy.c -> lib/curl_easy.c
  renamed:    lib/escape.c -> lib/curl_escape.c
  renamed:    lib/file.c -> lib/curl_file.c
  renamed:    lib/fileinfo.c -> lib/curl_fileinfo.c
  renamed:    lib/formdata.c -> lib/curl_formdata.c
  renamed:    lib/ftp.c -> lib/curl_ftp.c
  renamed:    lib/ftplistparser.c -> lib/curl_ftplistparser.c
  renamed:    lib/getenv.c -> lib/curl_getenv.c
  renamed:    lib/getinfo.c -> lib/curl_getinfo.c
  renamed:    lib/gopher.c -> lib/curl_gopher.c
  renamed:    lib/gtls.c -> lib/curl_gtls.c
  renamed:    lib/hash.c -> lib/curl_hash.c
  renamed:    lib/hmac.c -> lib/curl_hmac.c
  renamed:    lib/hostasyn.c -> lib/curl_hostasyn.c
  renamed:    lib/hostcheck.c -> lib/curl_hostcheck.c
  renamed:    lib/hostip.c -> lib/curl_hostip.c
  renamed:    lib/hostip4.c -> lib/curl_hostip4.c
  renamed:    lib/hostip6.c -> lib/curl_hostip6.c
  renamed:    lib/hostsyn.c -> lib/curl_hostsyn.c
  renamed:    lib/http.c -> lib/curl_http.c
  renamed:    lib/http_chunks.c -> lib/curl_http_chunks.c
  renamed:    lib/http_digest.c -> lib/curl_http_digest.c
  renamed:    lib/http_negotiate.c -> lib/curl_http_negotiate.c
  renamed:    lib/http_negotiate_sspi.c -> lib/curl_http_negotiate_sspi.c
  renamed:    lib/http_proxy.c -> lib/curl_http_proxy.c
  renamed:    lib/idn_win32.c -> lib/curl_idn_win32.c
  renamed:    lib/if2ip.c -> lib/curl_if2ip.c
  renamed:    lib/imap.c -> lib/curl_imap.c
  renamed:    lib/inet_ntop.c -> lib/curl_inet_ntop.c
  renamed:    lib/inet_pton.c -> lib/curl_inet_pton.c
  renamed:    lib/krb4.c -> lib/curl_krb4.c
  renamed:    lib/krb5.c -> lib/curl_krb5.c
  renamed:    lib/ldap.c -> lib/curl_ldap.c
  renamed:    lib/llist.c -> lib/curl_llist.c
  renamed:    lib/md4.c -> lib/curl_md4.c
  renamed:    lib/md5.c -> lib/curl_md5.c
  renamed:    lib/memdebug.c -> lib/curl_memdebug.c
  renamed:    lib/mprintf.c -> lib/curl_mprintf.c
  renamed:    lib/multi.c -> lib/curl_multi.c
  renamed:    lib/netrc.c -> lib/curl_netrc.c
  renamed:    lib/non-ascii.c -> lib/curl_non_ascii.c
  renamed:    lib/curl_non-ascii.h -> lib/curl_non_ascii.h
  renamed:    lib/nonblock.c -> lib/curl_nonblock.c
  renamed:    lib/nss.c -> lib/curl_nss.c
  renamed:    lib/nwlib.c -> lib/curl_nwlib.c
  renamed:    lib/nwos.c -> lib/curl_nwos.c
  renamed:    lib/openldap.c -> lib/curl_openldap.c
  renamed:    lib/parsedate.c -> lib/curl_parsedate.c
  renamed:    lib/pingpong.c -> lib/curl_pingpong.c
  renamed:    lib/polarssl.c -> lib/curl_polarssl.c
  renamed:    lib/pop3.c -> lib/curl_pop3.c
  renamed:    lib/progress.c -> lib/curl_progress.c
  renamed:    lib/qssl.c -> lib/curl_qssl.c
  renamed:    lib/rawstr.c -> lib/curl_rawstr.c
  renamed:    lib/rtsp.c -> lib/curl_rtsp.c
  renamed:    lib/security.c -> lib/curl_security.c
  renamed:    lib/select.c -> lib/curl_select.c
  renamed:    lib/sendf.c -> lib/curl_sendf.c
  renamed:    lib/share.c -> lib/curl_share.c
  renamed:    lib/slist.c -> lib/curl_slist.c
  renamed:    lib/smtp.c -> lib/curl_smtp.c
  renamed:    lib/socks.c -> lib/curl_socks.c
  renamed:    lib/socks_gssapi.c -> lib/curl_socks_gssapi.c
  renamed:    lib/socks_sspi.c -> lib/curl_socks_sspi.c
  renamed:    lib/speedcheck.c -> lib/curl_speedcheck.c
  renamed:    lib/splay.c -> lib/curl_splay.c
  renamed:    lib/ssh.c -> lib/curl_ssh.c
  renamed:    lib/sslgen.c -> lib/curl_sslgen.c
  renamed:    lib/ssluse.c -> lib/curl_ssluse.c
  renamed:    lib/strdup.c -> lib/curl_strdup.c
  renamed:    lib/strequal.c -> lib/curl_strequal.c
  renamed:    lib/strerror.c -> lib/curl_strerror.c
  renamed:    lib/strtok.c -> lib/curl_strtok.c
  renamed:    lib/strtoofft.c -> lib/curl_strtoofft.c
  renamed:    lib/telnet.c -> lib/curl_telnet.c
  renamed:    lib/tftp.c -> lib/curl_tftp.c
  renamed:    lib/timeval.c -> lib/curl_timeval.c
  renamed:    lib/transfer.c -> lib/curl_transfer.c
  renamed:    lib/url.c -> lib/curl_url.c
  renamed:    lib/version.c -> lib/curl_version.c
  renamed:    lib/warnless.c -> lib/curl_warnless.c
  renamed:    lib/wildcard.c -> lib/curl_wildcard.c

----------------------------------------
2013-01-03 06:13:18 +01:00
Yang Tse
f871de0064 build: make use of 76 lib/*.h renamed files
76 private header files renamed to use our standard naming scheme.

This change affects 322 files in libcurl's source tree.
2012-12-28 19:37:11 +01:00
Yang Tse
a0b207164c setup_once.h: refactor inclusion of <unistd.h> and <sys/socket.h>
Inclusion of top two most included header files now done in setup_once.h
2012-12-14 17:38:18 +01:00
Marc Hoersken
50a7d32af0 security.c: Aligned internal type to return type
Use ssize_t instead of int to avoid conversion problems on 64-bit
systems. Also added curlx_sztosi where necessary.
2012-10-04 19:16:59 +02:00
Yang Tse
e83421baf4 include limits.h for INT_MAX 2011-08-24 14:00:42 +02:00
Daniel Stenberg
b9c63b9a73 add missing semicolons 2011-08-24 11:56:23 +02:00
Yang Tse
fd00b382b2 base64: fix Curl_base64_encode and Curl_base64_decode interfaces
Previous interfaces for these libcurl internal functions did not allow to tell
apart a legitimate zero size result from an error condition. These functions
now return a CURLcode indicating function success or otherwise specific error.
Output size is returned using a pointer argument.

All usage of these two functions, and others closely related, has been adapted
to the new interfaces. Relative error and OOM handling adapted or added where
missing. Unit test 1302 also adapted.
2011-08-24 08:10:30 +02:00
Yang Tse
f1586cb477 stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.h 2011-07-26 17:23:27 +02:00
Daniel Stenberg
b903186fa0 source cleanup: unify look, style and indent levels
By the use of a the new lib/checksrc.pl script that checks that our
basic source style rules are followed.
2011-04-27 09:09:35 +02:00
Fabian Keil
1702a2c08d Fix a couple of spelling errors in lib/
Found with codespell.
2011-04-21 07:55:53 -07:00
Julien Chaffraix
add5766dd4 urldata: Capitalize enum protect_level values.
This makes it easier to spot the enum values from the variables.
Removed some unneeded DEBUGASSERT added in the previous commit.
2010-11-13 14:42:34 -08:00
Julien Chaffraix
8d59d69449 security: tighten enum protection_level usage.
While changing Curl_sec_read_msg to accept an enum protection_level
instead of an int, I went ahead and fixed the usage of the associated
fields.

Some code was assuming that prot_clear == 0. Fixed those to use the
proper value. Added assertions prior to any code that would set the
protection level.
2010-11-13 14:12:43 -08:00