checksrc: detect more kinds of NULL comparisons we avoid

Co-authored-by: Jay Satiro
Closes #8180

infof: remove newline from format strings, always append it

- the data needs to be "line-based" anyway since it's also passed to the
debug callback/application

- it makes info

infof: remove newline from format strings, always append it

- the data needs to be "line-based" anyway since it's also passed to the
debug callback/application

- it makes infof() work like failf() and consistency is good

- there's an assert that triggers on newlines in the format string

- Also removes a few instances of "..."

- Removes the code that would append "..." to the end of the data *iff*
it was truncated in infof()

Closes #7357

show more ...

misc: fix typos in comments which repeat a word

Fix typos in code comments which repeat various words. In trivial
cases, just delete the repeated word. Reword the affected sentence in

misc: fix typos in comments which repeat a word

Fix typos in code comments which repeat various words. In trivial
cases, just delete the repeated word. Reword the affected sentence in
"lib/url.c" for it to make sense.

Closes #7303
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>

show more ...

cookies: track expiration in jar to optimize removals

Removing expired cookies needs to be a fast operation since we want to
be able to perform it often and speculatively. By tracking th

cookies: track expiration in jar to optimize removals

Removing expired cookies needs to be a fast operation since we want to
be able to perform it often and speculatively. By tracking the timestamp
of the next known expiration we can exit early in case the timestamp is
in the future.

Closes: #7172
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

cookies: fix typo and expand comment

Fix a typo in the sorting comment, and while in there elaborate slightly
on why creationtime can be used as a tiebreaker.

cookies: remove unused header

Commit 1c1d9f1affbd3367bcb24062e261d0ea5d185e3a removed the last use
for the inet_pton.h headerfile, this removes the inclusion of the
header.

cookies: remove unused header

Commit 1c1d9f1affbd3367bcb24062e261d0ea5d185e3a removed the last use
for the inet_pton.h headerfile, this removes the inclusion of the
header.

Closes: #7182
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

hsts: ignore numberical IP address hosts

Also, use a single function library-wide for detecting if a given hostname is
a numerical IP address.

Reported-by: Harry Sintonen
Fi

hsts: ignore numberical IP address hosts

Also, use a single function library-wide for detecting if a given hostname is
a numerical IP address.

Reported-by: Harry Sintonen
Fixes #7146
Closes #7149

show more ...

cookies: use CURLcode for cookie_output reporting

Writing the cookie file has multiple error conditions, and was using an
int with magic numbers to report the different error (which in t

cookies: use CURLcode for cookie_output reporting

Writing the cookie file has multiple error conditions, and was using an
int with magic numbers to report the different error (which in turn were
disregarded anyways). This moves reporting to use a CURLcode value.

Lightly-touched-by: Daniel Stenberg

Closes #7037
Closes #6749

show more ...

cookies: make use of string duplication function

strstore() is defined as a strdup which ensures to free the target
pointer before duping the source char * into it. Make use of it in

cookies: make use of string duplication function

strstore() is defined as a strdup which ensures to free the target
pointer before duping the source char * into it. Make use of it in
two more cases where it can simplify the code.

show more ...

cookies: refactor comments

Comments in the cookie code were a bit all over the place in terms of
style and wording. This takes a stab at cleaning them up by keeping to
a single style

cookies: refactor comments

Comments in the cookie code were a bit all over the place in terms of
style and wording. This takes a stab at cleaning them up by keeping to
a single style and overall shape. Some comments are moved a little and
some removed alltogether due to being redundant. No functional changes
have been made,

show more ...

tidy-up: make conditional checks more consistent

... remove '== NULL' and '!= 0'

Closes #6912

urldata: merge "struct DynamicStatic" into "struct UrlState"

Both were used for the same purposes and there was no logical separation
between them. Combined, this also saves 16 bytes in

urldata: merge "struct DynamicStatic" into "struct UrlState"

Both were used for the same purposes and there was no logical separation
between them. Combined, this also saves 16 bytes in less holes in my
test build.

Closes #6798

show more ...

cookies: Fix potential NULL pointer deref with PSL

Curl_cookie_init can be called with data being NULL, and this can in turn
be passed to Curl_cookie_add, meaning that both functions mus

cookies: Fix potential NULL pointer deref with PSL

Curl_cookie_init can be called with data being NULL, and this can in turn
be passed to Curl_cookie_add, meaning that both functions must be careful
to only use data where it's checked for being a NULL pointer. The libpsl
support code does however dereference data without checking, so if we are
indeed having an unset data pointer we cannot PSL check the cookiedomain.

This is currently not a reachable dereference, as the only caller with a
NULL data isn't passing a file to initialize cookies from, but since the
API has this contract let's ensure we hold it.

Closes #6731
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

cookie: avoid the C1001 internal compiler error with MSVC 14

Fixes #6112
Closes #6135

curl.se: new home

Closes #6172

terminology: call them null-terminated strings

Updated terminology in docs, comments and phrases to refer to C strings
as "null-terminated". Done to unify with how most other C oriented

terminology: call them null-terminated strings

Updated terminology in docs, comments and phrases to refer to C strings
as "null-terminated". Done to unify with how most other C oriented docs
refer of them and what users in general seem to prefer (based on a
single highly unscientific poll on twitter).

Reported-by: coinhubs on github
Fixes #5598
Closes #5608

show more ...

cookie: get_top_domain() sets zero length for null domains

This silents a compilation warning with gcc -O3.

cookie: remove unnecessary check for 'out != 0'

... as it will always be non-NULL at this point.

Detected by Coverity: CID 1459009

cleanup: comment typos

Spotted by 'codespell'

Closes #4957

rename: a new file for Curl_rename()

And make the cookie save function use it.

cookies: make saving atomic with a rename

Saves the file as "[filename].[8 random hex digits].tmp" and renames
away the extension when done.

Co-authored-by: Jay Satiro
Repor

cookies: make saving atomic with a rename

Saves the file as "[filename].[8 random hex digits].tmp" and renames
away the extension when done.

Co-authored-by: Jay Satiro
Reported-by: Mike Frysinger
Fixes #4914
Closes #4926

show more ...

cookie: check __Secure- and __Host- case sensitively

While most keywords in cookies are case insensitive, these prefixes are
specified explicitly to get checked "with a case-sensitive ma

cookie: check __Secure- and __Host- case sensitively

While most keywords in cookies are case insensitive, these prefixes are
specified explicitly to get checked "with a case-sensitive match".

(From the 6265bis document in progress)

Ref: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-04
Closes #4864

show more ...

build: Disable Visual Studio warning "conditional expression is constant"

- Disable warning C4127 "conditional expression is constant" globally
in curl_setup.h for when building with M

build: Disable Visual Studio warning "conditional expression is constant"

- Disable warning C4127 "conditional expression is constant" globally
in curl_setup.h for when building with Microsoft's compiler.

This mainly affects building with the Visual Studio project files found
in the projects dir.

Prior to this change the cmake and winbuild build systems already
disabled 4127 globally for when building with Microsoft's compiler.
Also, 4127 was already disabled for all build systems in the limited
circumstance of the WHILE_FALSE macro which disabled the warning
specifically for while(0). This commit removes the WHILE_FALSE macro and
all other cruft in favor of disabling globally in curl_setup.

Background:

We have various macros that cause 0 or 1 to be evaluated, which would
cause warning C4127 in Visual Studio. For example this causes it:

#define Curl_resolver_asynch() 1

Full behavior is not clearly defined and inconsistent across versions.
However it is documented that since VS 2015 Update 3 Microsoft has
addressed this somewhat but not entirely, not warning on while(true) for
example.

Prior to this change some C4127 warnings occurred when I built with
Visual Studio using the generated projects in the projects dir.

Closes https://github.com/curl/curl/pull/4658

show more ...

parsedate: offer a getdate_capped() alternative

... and use internally. This function will return TIME_T_MAX instead of
failure if the parsed data is found to be larger than what can be

parsedate: offer a getdate_capped() alternative

... and use internally. This function will return TIME_T_MAX instead of
failure if the parsed data is found to be larger than what can be
represented. TIME_T_MAX being the largest value curl can represent.

Reviewed-by: Daniel Gustafsson
Reported-by: JanB on github
Fixes #4152
Closes #4651

show more ...

curl_setup_once: consistently use WHILE_FALSE in macros

The WHILE_FALSE construction is used to avoid compiler warnings in
macro constructions. This fixes a few instances where it was no

curl_setup_once: consistently use WHILE_FALSE in macros

The WHILE_FALSE construction is used to avoid compiler warnings in
macro constructions. This fixes a few instances where it was not
used in order to keep the code consistent.

Closes #4649
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...