#
cf337d85 |
| 20-Apr-2024 |
Daniel Stenberg |
tool_paramhlp: remove duplicate assign Spotted by CodeSonar Closes #13433
|
#
923f7f8c |
| 06-Mar-2024 |
Daniel Stenberg |
paramhlp: fix CRLF-stripping files with "-d @file" All CR and LF bytes should be stripped, as documented, and all other bytes are inluded in the data. Starting now, it also excludes null
paramhlp: fix CRLF-stripping files with "-d @file" All CR and LF bytes should be stripped, as documented, and all other bytes are inluded in the data. Starting now, it also excludes null bytes as they would otherwise also cut the data short. Reported-by: Simon K Fixes #13063 Closes #13064
show more ...
|
#
1dba44b2 |
| 08-Jan-2024 |
Daniel Stenberg |
tool_getparam: replace malloc + copy by dynbuf for --data
|
#
07bcae89 |
| 02-Jan-2024 |
Daniel Stenberg |
tool: make parser reject blank arguments if not supported Already in the getstr() function that clones the input argument. Closes #12620
|
#
3829759b |
| 08-Dec-2023 |
Viktor Szakats |
build: enable missing OpenSSF-recommended warnings, with fixes https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html as of 2023-11-29 [1]
build: enable missing OpenSSF-recommended warnings, with fixes https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html as of 2023-11-29 [1]. Enable new recommended warnings (except `-Wsign-conversion`): - enable `-Wformat=2` for clang (in both cmake and autotools). - add `CURL_PRINTF()` internal attribute and mark functions accepting printf arguments with it. This is a copy of existing `CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible with redefinting the `printf` symbol: https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94 - fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for mingw-w64 and enable it on this platform. - enable `-Wimplicit-fallthrough`. - enable `-Wtrampolines`. - add `-Wsign-conversion` commented with a FIXME. - cmake: enable `-pedantic-errors` the way we do it with autotools. Follow-up to d5c0351055d5709da8f3e16c91348092fdb481aa #2747 - lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format checks. Previously it was always disabled due to the internal `printf` macro. Fix them: - fix bug where an `set_ipv6_v6only()` call was missed in builds with `--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`. - add internal `FALLTHROUGH()` macro. - replace obsolete fall-through comments with `FALLTHROUGH()`. - fix fallthrough markups: Delete redundant ones (showing up as warnings in most cases). Add missing ones. Fix indentation. - silence `-Wformat-nonliteral` warnings with llvm/clang. - fix one `-Wformat-nonliteral` warning. - fix new `-Wformat` and `-Wformat-security` warnings. - fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its definition to `lib/curl_setup.h` allowing use in `tests/server`. - lib: fix two wrongly passed string arguments in log outputs. Co-authored-by: Jay Satiro - fix new `-Wformat` warnings on mingw-w64. [1] https://github.com/ossf/wg-best-practices-os-developers/blob/56c0fde3895bfc55c8a973ef49a2572c507b2ae1/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C%2B%2B.md Closes #12489
show more ...
|
#
458c70db |
| 27-Aug-2023 |
Gerome Fournier |
tool_paramhlp: improve str2num(): avoid unnecessary call to strlen() Closes #11742
|
#
6d45b9ca |
| 30-May-2023 |
Daniel Stenberg |
tool: remove newlines from all helpf/notef/warnf/errorf calls Make voutf() always add one. Closes #11226
|
#
d567cca1 |
| 27-Apr-2023 |
Daniel Stenberg |
checksrc: fix SPACEBEFOREPAREN for conditions starting with "*" The open paren check wants to warn for spaces before open parenthesis for if/while/for but also for any function call. In
checksrc: fix SPACEBEFOREPAREN for conditions starting with "*" The open paren check wants to warn for spaces before open parenthesis for if/while/for but also for any function call. In order to avoid catching function pointer declarations, the logic allows a space if the first character after the open parenthesis is an asterisk. I also spotted what we did not include "switch" in the check but we should. This check is a little lame, but we reduce this problem by not allowing that space for if/while/for/switch. Reported-by: Emanuele Torre Closes #11044
show more ...
|
#
2bc1d775 |
| 02-Jan-2023 |
Daniel Stenberg |
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - save
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING checksrc is updated to allow non-year using copyright statements Closes #10205
show more ...
|
#
614f7813 |
| 14-Dec-2022 |
Daniel Stenberg |
tool_paramhlp: free the proto strings on exit And also make sure that repeated use of the options free the previous string before it stores a new. Follow-up from e6f8445edef8e79
tool_paramhlp: free the proto strings on exit And also make sure that repeated use of the options free the previous string before it stores a new. Follow-up from e6f8445edef8e7996d Closes #10098
show more ...
|
#
e9c580de |
| 17-Nov-2022 |
Daniel Stenberg |
lib: parse numbers with fixed known base 10 ... instead of using 0 argument that allows decimal, hex or octal when the number is documented and assumed to use base 10. Closes #9
lib: parse numbers with fixed known base 10 ... instead of using 0 argument that allows decimal, hex or octal when the number is documented and assumed to use base 10. Closes #9933
show more ...
|
#
a55256cf |
| 27-Oct-2022 |
Daniel Stenberg |
curl: timeout in the read callback The read callback can timeout if there's nothing to read within the given maximum period. Example use case is when doing "curl -m 3 telnet://exampl
curl: timeout in the read callback The read callback can timeout if there's nothing to read within the given maximum period. Example use case is when doing "curl -m 3 telnet://example.com" or anything else that expects input on stdin or similar that otherwise would "hang" until something happens and then not respect the timeout. This fixes KNOWN_BUG 8.1, first filed in July 2009. Bug: https://sourceforge.net/p/curl/bugs/846/ Closes #9815
show more ...
|
#
703efb33 |
| 13-Oct-2022 |
Rickard Hallerbäck |
tool_paramhlp: make the max argument a 'double' To fix compiler warnings "Implicit conversion from 'long' to 'double' may lose precision" Closes #9700
|
#
eef7ad15 |
| 13-Oct-2022 |
Daniel Stenberg |
tool_paramhelp: asserts verify maximum sizes for string loading The two defines MAX_FILE2MEMORY and MAX_FILE2STRING define the largest strings accepted when loading files into memory, bu
tool_paramhelp: asserts verify maximum sizes for string loading The two defines MAX_FILE2MEMORY and MAX_FILE2STRING define the largest strings accepted when loading files into memory, but as the size is later used as input to functions that take the size as 'int' as argument, the sizes must not be larger than INT_MAX. These two new assert()s make the code error out if someone would bump the sizes without this consideration. Reported-by Trail of Bits Closes #9719
show more ...
|
#
ce30d518 |
| 23-Sep-2022 |
Patrick Monnerat |
tool: remove dead code Add a debug assertion to verify protocols included/excluded in a set are always tokenized. Follow-up to commit 677266c. Closes #9576
|
#
677266c7 |
| 21-Sep-2022 |
Patrick Monnerat |
tool: remove protocol count limitation Replace bit mask protocol sets by null-terminated arrays of protocol tokens. These are the addresses of the protocol names returned by curl_ver
tool: remove protocol count limitation Replace bit mask protocol sets by null-terminated arrays of protocol tokens. These are the addresses of the protocol names returned by curl_version_info(). Protocol names are sorted case-insensitively before output to satisfy CI tests matches consistency. The protocol list returned by curl_version_info() is augmented with all RTMP protocol variants. Test 1401 adjusted for new alpha ordered output. Closes #9546
show more ...
|
#
dd2a0243 |
| 15-Sep-2022 |
Patrick Monnerat |
cli tool: do not use disabled protocols As they are now rejected by the library, take care of not passing disabled protocol names to CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS
cli tool: do not use disabled protocols As they are now rejected by the library, take care of not passing disabled protocol names to CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR. Rather than using the CURLPROTO_* constants, dynamically assign protocol numbers based on the order they are listed by curl_version_info(). New type proto_set_t implements prototype bit masks: it should therefore be large enough to accomodate all library-enabled protocols. If not, protocol numbers beyond the bit count of proto_set_t are recognized but "inaccessible": when used, a warning is displayed and the value is ignored. Should proto_set_t overflows, enabled protocols are reordered to force those having a public CURLPROTO_* representation to be accessible. Code has been added to subordinate RTMP?* protocols to the presence of RTMP in the enabled protocol list, being returned by curl_version_info() or not.
show more ...
|
#
0bb842a5 |
| 20-Jul-2022 |
Daniel Stenberg |
tool_paramhlp: fix "enumerated type mixed with another type" Warning by icc Closes #9179
|
#
3f533a79 |
| 20-Jul-2022 |
Daniel Stenberg |
tool_paramhlp: make check_protocol return ParameterError "enumerated type mixed with another type" Closes #9179
|
#
bf7e887b |
| 10-Jul-2022 |
Daniel Stenberg |
tool_getparam: repair cleanarg Regression since 9e5669f. Make sure the "cleaning" of command line arguments is done on the original argv[] pointers. As a bonus, it also exits be
tool_getparam: repair cleanarg Regression since 9e5669f. Make sure the "cleaning" of command line arguments is done on the original argv[] pointers. As a bonus, it also exits better on out of memory error. Reported-by: Litter White Fixes #9128 Closes #9130
show more ...
|
#
127d04aa |
| 04-Jul-2022 |
Daniel Stenberg |
curl: proto2num: make sure obuf is inited Detected by Coverity. CID 1507052. Closes #9096
|
#
e6f8445e |
| 13-Jun-2022 |
Daniel Stenberg |
setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR ... as replacements for deprecated CURLOPT_PROTOCOLS and CURLOPT_REDIR_PROTOCOLS as these new ones do not risk running i
setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR ... as replacements for deprecated CURLOPT_PROTOCOLS and CURLOPT_REDIR_PROTOCOLS as these new ones do not risk running into the 32 bit limit the old ones are facing. CURLINFO_PROTCOOL is now deprecated. The curl tool is updated to use the new options. Added test 1597 to verify the libcurl protocol parser. Closes #8992
show more ...
|
#
ad9bc597 |
| 17-May-2022 |
max.mehl |
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the file `.reuse/dep5`. This commit also adds a Github workflow to check pull requests and adapts copyright.pl to the changes. Closes #8869
show more ...
|
#
77a6bf84 |
| 17-Apr-2022 |
Emanuele Torre |
tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3) This loop was using the number of bytes read from the file as condition to keep reading. From Linux's fr
tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3) This loop was using the number of bytes read from the file as condition to keep reading. From Linux's fread(3) man page: > On success, fread() and fwrite() return the number of items read or > written. This number equals the number of bytes transferred only when > size is 1. If an error occurs, or the end of the file is reached, the > return value is a short item count (or zero). > > The file position indicator for the stream is advanced by the number > of bytes successfully read or written. > > fread() does not distinguish between end-of-file and error, and > callers must use feof(3) and ferror(3) to determine which occurred. This means that nread!=0 doesn't make much sense as an end condition for the loop: nread==0 doesn't necessarily mean that EOF has been reached or an error has occured (but that is usually the case) and nread!=0 doesn't necessarily mean that EOF has not been reached or that no read errors have occured. feof(3) and ferror(3) should be uses when using fread(3). Currently curl has to performs an extra fread(3) call to get a return value equal to 0 to stop looping. This usually "works" (even though nread==0 shouldn't be interpreted as EOF) if stdin is a pipe because EOF usually marks the "real" end of the stream, so the extra fread(3) call will return immediately and the extra read syscall won't be noticeable: bash-5.1$ strace -e read curl -s -F file=@- 0x0.st <<< a 2>&1 | > tail -n 5 read(0, "a\n", 4096) = 2 read(0, "", 4096) = 0 read(0, "", 4096) = 0 http://0x0.st/oRs.txt +++ exited with 0 +++ bash-5.1$ But this doesn't work if curl is reading from stdin, stdin is a terminal, and the EOF is being emulated using a shell with ^D. Two consecutive ^D will be required in this case to actually make curl stop reading: bash-5.1$ curl -F file=@- 0x0.st a ^D^D http://0x0.st/oRs.txt bash-5.1$ A possible workaround to this issue is to use a program that handles EOF correctly to indirectly send data to curl's stdin: bash-5.1$ cat - | curl -F file=@- 0x0.st a ^D http://0x0.st/oRs.txt bash-5.1$ This patch makes curl handle EOF properly when using fread(3) in file2memory() so that the workaround is not necessary. Since curl was previously ignoring read errors caused by this fread(3), ferror(3) is also used in the condition of the loop: read errors and EOF will have the same meaning; this is done to somewhat preserve the old behaviour instead of making the command fail when a read error occurs. Closes #8701
show more ...
|
#
32160cae |
| 21-Jan-2022 |
Daniel Stenberg |
tool_getparam: initial --json support Adds these test cases: 383 - simple single command line option 384 - reading it from stdin 385 - getting two --json options on comma
tool_getparam: initial --json support Adds these test cases: 383 - simple single command line option 384 - reading it from stdin 385 - getting two --json options on command line 386 - --next works after --json Closes #8314
show more ...
|