lib: use bool/TRUE/FALSE properly

booleans should use the type 'bool' and set the value to TRUE/FALSE

non-booleans should not be 'bool' and should not set the value to
TRUE/FALS

lib: use bool/TRUE/FALSE properly

booleans should use the type 'bool' and set the value to TRUE/FALSE

non-booleans should not be 'bool' and should not set the value to
TRUE/FALSE

Closes #15123

show more ...

lib/src: white space edits to comply better with code style

... as checksrc now finds and complains about these.

Closes #14921

lib: tidy up types and casts

Cherry-picked from #13489
Closes #13862

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- save

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING

checksrc is updated to allow non-year using copyright statements

Closes #10205

show more ...

lib: fix some type mismatches and remove unneeded typecasts

Many of these castings are unneeded if we change the variables to work
better with each other.

Ref: https://github.co

lib: fix some type mismatches and remove unneeded typecasts

Many of these castings are unneeded if we change the variables to work
better with each other.

Ref: https://github.com/curl/curl/pull/9823

Closes https://github.com/curl/curl/pull/9835

show more ...

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.

This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.

Closes #8869

show more ...

copyright: fix year ranges

Follow-up from 4d2f8006777

curl.se: new home

Closes #6172

cleanup: remove FIXME and TODO comments

They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing

cleanup: remove FIXME and TODO comments

They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing
or rephrasing them.

Ref: #3876
Closes #3883

show more ...

fnmatch: disable if FTP is disabled

Closes #3551

spelling fixes

Detected using the `codespell` tool (version 1.13.0).

Also secure and fix an URL.

fnmatch: use the system one if available

If configure detects fnmatch to be available, use that instead of our
custom one for FTP wildcard pattern matching. For standard compliance,

fnmatch: use the system one if available

If configure detects fnmatch to be available, use that instead of our
custom one for FTP wildcard pattern matching. For standard compliance,
to reduce our footprint and to use already well tested and well
exercised code.

A POSIX fnmatch behaves slightly different than the internal function
for a few test patterns currently and the macOS one yet slightly
different. Test case 1307 is adjusted for these differences.

Closes #2626

show more ...

fnmatch: insist on escaped bracket to match

A non-escaped bracket ([) is for a character group - as documented. It
will *not* match an individual bracket anymore. Test case 1307 updated

fnmatch: insist on escaped bracket to match

A non-escaped bracket ([) is for a character group - as documented. It
will *not* match an individual bracket anymore. Test case 1307 updated
accordingly to match.

Problem detected by OSS-Fuzz, although this fix is probably not a final
fix for the notorious timeout issues.

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8525
Closes #2614

show more ...

curl_fnmatch: only allow two asterisks for matching

The previous limit of 5 can still end up in situation that takes a very
long time and consumes a lot of CPU.

If there is stil

curl_fnmatch: only allow two asterisks for matching

The previous limit of 5 can still end up in situation that takes a very
long time and consumes a lot of CPU.

If there is still a rare use case for this, a user can provide their own
fnmatch callback for a version that allows a larger set of wildcards.

This commit was triggered by yet another OSS-Fuzz timeout due to this.
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8369

Closes #2587

show more ...

fnmatch: optimize processing of consecutive *s and ?s pattern characters

Reported-By: Daniel Stenberg
Fixes #2291
Closes #2293

fnmatch: pattern syntax can no longer fail

Whenever an expected pattern syntax rule cannot be matched, the
character starting the rule loses its special meaning and the parsing
is re

fnmatch: pattern syntax can no longer fail

Whenever an expected pattern syntax rule cannot be matched, the
character starting the rule loses its special meaning and the parsing
is resumed:
- backslash at the end of pattern string matches itself.
- Error in [:keyword:] results in set containing :\[dekorwy.

Unit test 1307 updated for this new situation.

Closes #2273

show more ...

fnmatch: accept an alphanum to be followed by a non-alphanum in char set

Also be more tolerant about set pattern syntax.
Update unit test 1307 accordingly.

Bug: https://curl.hax

fnmatch: accept an alphanum to be followed by a non-alphanum in char set

Also be more tolerant about set pattern syntax.
Update unit test 1307 accordingly.

Bug: https://curl.haxx.se/mail/lib-2018-01/0114.html

show more ...

fnmatch: do not match the empty string with a character set

curl_fnmatch: only allow 5 '*' sections in a single pattern

... to avoid excessive recursive calls. The number 5 is totally
arbitrary and could be modified if someone has a good motivati

curl_fnmatch: only allow 5 '*' sections in a single pattern

... to avoid excessive recursive calls. The number 5 is totally
arbitrary and could be modified if someone has a good motivation.

show more ...

ftp-wildcard: fix matching an empty string with "*[^a]"

.... and avoid advancing the pointer to trigger an out of buffer read.

Detected by OSS-fuzz
Bug: https://bugs.chromium.or

ftp-wildcard: fix matching an empty string with "*[^a]"

.... and avoid advancing the pointer to trigger an out of buffer read.

Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5251
Assisted-by: Max Dymond

show more ...

wildcardmatch: fix heap buffer overflow in setcharset

The code would previous read beyond the end of the pattern string if the
match pattern ends with an open bracket when the default pa

wildcardmatch: fix heap buffer overflow in setcharset

The code would previous read beyond the end of the pattern string if the
match pattern ends with an open bracket when the default pattern
matching function is used.

Detected by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161

CVE-2017-8817

Bug: https://curl.haxx.se/docs/adv_2017-ae72.html

show more ...

fnmatch: remove dead code

There was a duplicate check for backslashes in the setcharset()
function.

Coverity CID 1420611

curl_fnmatch: return error on illegal wildcard pattern

... instead of doing an infinite loop!

Added test 1162 to verify.

Reported-by: Max Dymond
Fixes #2015
Closes

curl_fnmatch: return error on illegal wildcard pattern

... instead of doing an infinite loop!

Added test 1162 to verify.

Reported-by: Max Dymond
Fixes #2015
Closes #2017

show more ...

code style: use spaces around pluses

Improve code readbility

... by removing the else branch after a return, break or continue.

Closes #1310