curl: proto2num: make sure obuf is inited

Detected by Coverity. CID 1507052.

Closes #9096

setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR

... as replacements for deprecated CURLOPT_PROTOCOLS and
CURLOPT_REDIR_PROTOCOLS as these new ones do not risk running i

setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR

... as replacements for deprecated CURLOPT_PROTOCOLS and
CURLOPT_REDIR_PROTOCOLS as these new ones do not risk running into the
32 bit limit the old ones are facing.

CURLINFO_PROTCOOL is now deprecated.

The curl tool is updated to use the new options.

Added test 1597 to verify the libcurl protocol parser.

Closes #8992

show more ...

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.

This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.

Closes #8869

show more ...

tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3)

This loop was using the number of bytes read from the file as condition
to keep reading.

From Linux's fr

tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3)

This loop was using the number of bytes read from the file as condition
to keep reading.

From Linux's fread(3) man page:
> On success, fread() and fwrite() return the number of items read or
> written. This number equals the number of bytes transferred only when
> size is 1. If an error occurs, or the end of the file is reached, the
> return value is a short item count (or zero).
>
> The file position indicator for the stream is advanced by the number
> of bytes successfully read or written.
>
> fread() does not distinguish between end-of-file and error, and
> callers must use feof(3) and ferror(3) to determine which occurred.

This means that nread!=0 doesn't make much sense as an end condition for
the loop: nread==0 doesn't necessarily mean that EOF has been reached or
an error has occured (but that is usually the case) and nread!=0 doesn't
necessarily mean that EOF has not been reached or that no read errors
have occured. feof(3) and ferror(3) should be uses when using fread(3).

Currently curl has to performs an extra fread(3) call to get a return
value equal to 0 to stop looping.

This usually "works" (even though nread==0 shouldn't be interpreted as
EOF) if stdin is a pipe because EOF usually marks the "real" end of the
stream, so the extra fread(3) call will return immediately and the extra
read syscall won't be noticeable:

bash-5.1$ strace -e read curl -s -F file=@- 0x0.st <<< a 2>&1 |
> tail -n 5
read(0, "a\n", 4096) = 2
read(0, "", 4096) = 0
read(0, "", 4096) = 0
http://0x0.st/oRs.txt
+++ exited with 0 +++
bash-5.1$

But this doesn't work if curl is reading from stdin, stdin is a
terminal, and the EOF is being emulated using a shell with ^D. Two
consecutive ^D will be required in this case to actually make curl stop
reading:

bash-5.1$ curl -F file=@- 0x0.st
a
^D^D
http://0x0.st/oRs.txt
bash-5.1$

A possible workaround to this issue is to use a program that handles EOF
correctly to indirectly send data to curl's stdin:

bash-5.1$ cat - | curl -F file=@- 0x0.st
a
^D
http://0x0.st/oRs.txt
bash-5.1$

This patch makes curl handle EOF properly when using fread(3) in
file2memory() so that the workaround is not necessary.

Since curl was previously ignoring read errors caused by this fread(3),
ferror(3) is also used in the condition of the loop: read errors and EOF
will have the same meaning; this is done to somewhat preserve the old
behaviour instead of making the command fail when a read error occurs.

Closes #8701

show more ...

tool_getparam: initial --json support

Adds these test cases:

383 - simple single command line option
384 - reading it from stdin
385 - getting two --json options on comma

tool_getparam: initial --json support

Adds these test cases:

383 - simple single command line option
384 - reading it from stdin
385 - getting two --json options on command line
386 - --next works after --json

Closes #8314

show more ...

tool_findfile: search for a file in the homedir

The homedir() function is now renamed into findfile() and iterates over
all the environment variables trying to access the file in questio

tool_findfile: search for a file in the homedir

The homedir() function is now renamed into findfile() and iterates over
all the environment variables trying to access the file in question
until it finds it. Last resort is then getpwuid() if
available. Previously it would first try to find a home directory and if
that was set, insist on checking only that directory for the file. This
now returns the full file name it finds.

The Windows specific checks are now done differently too and in this
order:

1 - %USERPROFILE%
2 - %APPDATA%
3 - %USERPROFILE%\\Application Data

The windows order is modified to match how the Windows 10 ssh tool works
when it searches for .ssh/known_hosts.

Reported-by: jeffrson on github
Co-authored-by: Jay Satiro
Fixes #8033
Closes #8035

show more ...

copyright: update copyright year ranges to 2021

Reviewed-by: Emil Engler
Closes #6802

tool_paramhlp: reduce variable scope

Closes https://github.com/curl/curl/pull/6576

curl: add variables to --write-out

In particular, these ones can help a user to create its own error
message when one or transfers fail.

writeout: add 'onerror', 'url', 'urlnum'

curl: add variables to --write-out

In particular, these ones can help a user to create its own error
message when one or transfers fail.

writeout: add 'onerror', 'url', 'urlnum', 'exitcode', 'errormsg'

onerror - lets a user only show the rest on non-zero exit codes

url - the input URL used for this transfer

urlnum - the numerical URL counter (0 indexed) for this transfer

exitcode - the numerical exit code for the transfer

errormsg - obvious

Reported-by: Earnestly on github
Fixes #6199
Closes #6207

show more ...

curl: add --create-file-mode [mode]

This option sets the (octal) mode to use for the remote file when one is
created, using the SFTP, SCP or FILE protocols. When not set, the
default

curl: add --create-file-mode [mode]

This option sets the (octal) mode to use for the remote file when one is
created, using the SFTP, SCP or FILE protocols. When not set, the
default is 0644.

Closes #6244

show more ...

curl.se: new home

Closes #6172

curl: make checkpasswd use dynbuf

Closes #5952

curl: make file2memory use dynbuf

Closes #5952

curl: make file2string use dynbuf

Closes #5952

file2memory: use a define instead of -1 unsigned value

... to use the maximum value for 'size_t' when detecting integer overflow.
Changed the limit to max/4 as already that seems unreaso

file2memory: use a define instead of -1 unsigned value

... to use the maximum value for 'size_t' when detecting integer overflow.
Changed the limit to max/4 as already that seems unreasonably large.

Codacy didn't like the previous approach.

Closes #5683

show more ...

tool_paramhlp: fixup C89 mistake

Follow-up to c5f0a9db22.

tool_paramhlp: fixed potentially uninitialized strtol() variable

Seems highly unlikely to actually be possible, but better safe than
sorry.

Closes #5417

curl -w: handle a blank input file correctly

Previously it would end up with an uninitialized memory buffer that
would lead to a crash or junk getting output.

Added test 1271 to

curl -w: handle a blank input file correctly

Previously it would end up with an uninitialized memory buffer that
would lead to a crash or junk getting output.

Added test 1271 to verify.

Reported-by: Brian Carpenter
Closes #4786

show more ...

tool: make a few char pointers point to const char instead

These are read-only.

Closes https://github.com/curl/curl/pull/4771

curl: use errorf() better

Change series of error outputs to use errorf().

Only errors that are due to mistakes in command line option usage should
use helpf(), other types of er

curl: use errorf() better

Change series of error outputs to use errorf().

Only errors that are due to mistakes in command line option usage should
use helpf(), other types of errors in the tool should rather use
errorf().

Closes #4691

show more ...

curl:file2string: load large files much faster

... by using a more efficient realloc scheme.

Bug: https://curl.haxx.se/mail/lib-2019-09/0045.html
Closes #4336

curl: cap the maximum allowed values for retry time arguments

... to avoid integer overflows later when multiplying with 1000 to
convert seconds to milliseconds.

Added test 1269

curl: cap the maximum allowed values for retry time arguments

... to avoid integer overflows later when multiplying with 1000 to
convert seconds to milliseconds.

Added test 1269 to verify.

Reported-by: Jason Lee
Closes #4166

show more ...

printf: fix format specifiers

Closes #3426

cppcheck: fix warnings

- Get rid of variable that was generating false positive warning
(unitialized)

- Fix issues in tests

- Reduce scope of several variables all over

cppcheck: fix warnings

- Get rid of variable that was generating false positive warning
(unitialized)

- Fix issues in tests

- Reduce scope of several variables all over

etc

Closes #2631

show more ...

curl: make str2udouble not return values on error

... previously it would store a return value even when it returned
error, which could make the value get used anyway!

Reported-

curl: make str2udouble not return values on error

... previously it would store a return value even when it returned
error, which could make the value get used anyway!

Reported-by: Brian Carpenter
Closes #1893

show more ...