#
d84a95de |
| 14-May-2024 |
Daniel Gustafsson |
hsts: explicitly skip blank lines Keep blank lines or lines containing only whitespace to make it all the way to the more expensive sscanf call in hsts_add. Closes: #13603 R
hsts: explicitly skip blank lines Keep blank lines or lines containing only whitespace to make it all the way to the more expensive sscanf call in hsts_add. Closes: #13603 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
show more ...
|
#
4d96873a |
| 13-May-2024 |
Daniel Gustafsson |
hsts: Remove single-use single-line function The hsts_entry() function contains of a single line and is only used in a single place in the code, so move the allocation into hsts_crea
hsts: Remove single-use single-line function The hsts_entry() function contains of a single line and is only used in a single place in the code, so move the allocation into hsts_create instead to improve code readability. C code usually don't use the factory abstraction for object creation, and this small example wasn't following our usual code style. Closes: #13604 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
show more ...
|
#
c296abd4 |
| 10-Apr-2024 |
Stefan Eissing |
llist: add Curl_llist_append() - use for better readability in all places where the "insert_next" actually performs an append to the list - add some tests in unit1300 Clos
llist: add Curl_llist_append() - use for better readability in all places where the "insert_next" actually performs an append to the list - add some tests in unit1300 Closes #13336
show more ...
|
#
142ac257 |
| 06-Feb-2024 |
Daniel Stenberg |
lib: convert Curl_get_line to use dynbuf Create the line in a dynbuf. Aborts the reading of the file on errors. Avoids having to always allocate maximum amount from the start. Avoids
lib: convert Curl_get_line to use dynbuf Create the line in a dynbuf. Aborts the reading of the file on errors. Avoids having to always allocate maximum amount from the start. Avoids direct malloc. Closes #12846
show more ...
|
#
24ae4a07 |
| 10-Jan-2024 |
Daniel Stenberg |
hsts: remove assert for zero length domain A zero length domain can happen if the HSTS parser is given invalid input data which is not unheard of and is done by the fuzzer. Foll
hsts: remove assert for zero length domain A zero length domain can happen if the HSTS parser is given invalid input data which is not unheard of and is done by the fuzzer. Follow-up from cfe7902111ae547873 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65661 Closes #12676
show more ...
|
#
cfe79021 |
| 08-Jan-2024 |
Daniel Stenberg |
lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT Closes #12658
|
#
7c992dd9 |
| 08-Dec-2023 |
Daniel Stenberg |
lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding Since the copy does not stop at a null byte, let's not call it anything that makes you think it works like the common s
lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding Since the copy does not stop at a null byte, let's not call it anything that makes you think it works like the common strndup() function. Based on feedback from Jay Satiro, Stefan Eissing and Patrick Monnerat Closes #12490
show more ...
|
#
289b486f |
| 13-Nov-2023 |
Daniel Stenberg |
urldata: move hstslist from 'set' to 'state' To make it work properly with curl_easy_duphandle(). This, because duphandle duplicates the entire 'UserDefined' struct by plain copy while
urldata: move hstslist from 'set' to 'state' To make it work properly with curl_easy_duphandle(). This, because duphandle duplicates the entire 'UserDefined' struct by plain copy while 'hstslist' is a linked curl_list of file names. This would lead to a double-free when the second of the two involved easy handles were closed. Closes #12315
show more ...
|
#
bc8509a7 |
| 07-Nov-2023 |
Sam James |
misc: fix -Walloc-size warnings GCC 14 introduces a new -Walloc-size included in -Wextra which gives: ``` src/tool_operate.c: In function ‘add_per_transfer’: src/tool_operat
misc: fix -Walloc-size warnings GCC 14 introduces a new -Walloc-size included in -Wextra which gives: ``` src/tool_operate.c: In function ‘add_per_transfer’: src/tool_operate.c:213:5: warning: allocation of insufficient size ‘1’ for type ‘struct per_transfer’ with size ‘480’ [-Walloc-size] 213 | p = calloc(sizeof(struct per_transfer), 1); | ^ src/var.c: In function ‘addvariable’: src/var.c:361:5: warning: allocation of insufficient size ‘1’ for type ‘struct var’ with size ‘32’ [-Walloc-size] 361 | p = calloc(sizeof(struct var), 1); | ^ ``` The calloc prototype is: ``` void *calloc(size_t nmemb, size_t size); ``` So, just swap the number of members and size arguments to match the prototype, as we're initialising 1 struct of size `sizeof(struct ...)`. GCC then sees we're not doing anything wrong. Closes #12292
show more ...
|
#
d3b3ba35 |
| 02-Nov-2023 |
Daniel Stenberg |
lib: add and use Curl_strndup() The Curl_strndup() function is similar to memdup(), but copies 'n' bytes then adds a terminating null byte ('\0'). Closes #12251
|
#
8c058a82 |
| 02-Nov-2023 |
Daniel Stenberg |
hsts: skip single-dot hostname Reported-by: Maksymilian Arciemowicz Closes #12247
|
#
3f8fc257 |
| 09-May-2023 |
Viktor Szakats |
cmake: add support for "unity" builds Aka "jumbo" or "amalgamation" builds. It means to compile all sources per target as a single C source. This is experimental. You can enable
cmake: add support for "unity" builds Aka "jumbo" or "amalgamation" builds. It means to compile all sources per target as a single C source. This is experimental. You can enable it by passing `-DCMAKE_UNITY_BUILD=ON` to cmake. It requires CMake 3.16 or newer. It makes builds (much) faster, allows for better optimizations and tends to promote less ambiguous code. Also add a new AppVeyor CI job and convert an existing one to use "unity" mode (one MSVC, one MinGW), and enable it for one macOS CI job. Fix related issues: - add missing include guard to `easy_lock.h`. - rename static variables and functions (and a macro) with names reused across sources, or shadowed by local variables. - add an `#undef` after use. - add a missing `#undef` before use. - move internal definitions from `ftp.h` to `ftp.c`. - `curl_memory.h` fixes to make it work when included repeatedly. - stop building/linking curlx bits twice for a static-mode curl tool. These caused doubly defined symbols in unity builds. - silence missing extern declarations compiler warning for ` _CRT_glob`. - fix extern declarations for `tool_freq` and `tool_isVistaOrGreater`. - fix colliding static symbols in debug mode: `debugtime()` and `statename`. - rename `ssl_backend_data` structure to unique names for each TLS-backend, along with the `ssl_connect_data` struct member referencing them. This required adding casts for each access. - add workaround for missing `[P]UNICODE_STRING` types in certain Windows builds when compiling `lib/ldap.c`. To support "unity" builds, we had to enable `SCHANNEL_USE_BLACKLISTS` for Schannel (a Windows `schannel.h` option) _globally_. This caused an indirect inclusion of Windows `schannel.h` from `ldap.c` via `winldap.h` to have it enabled as well. This requires `[P]UNICODE_STRING` types, which is apperantly not defined automatically (as seen with both MSVS and mingw-w64). This patch includes `<subauth.h>` to fix it. Ref: https://github.com/curl/curl/runs/13987772013 Ref: https://dev.azure.com/daniel0244/curl/_build/results?buildId=15827&view=logs&jobId=2c9f582d-e278-56b6-4354-f38a4d851906&j=2c9f582d-e278-56b6-4354-f38a4d851906&t=90509b00-34fa-5a81-35d7-5ed9569d331c - tweak unity builds to compile `lib/memdebug.c` separately in memory trace builds to avoid PP confusion. - force-disable unity for test programs. - do not compile and link libcurl sources to libtests _twice_ when libcurl is built in static mode. KNOWN ISSUES: - running tests with unity builds may fail in cases. - some build configurations/env may not compile in unity mode. E.g.: https://ci.appveyor.com/project/curlorg/curl/builds/47230972/job/51wfesgnfuauwl8q#L250 Ref: https://github.com/libssh2/libssh2/issues/1034 Ref: https://cmake.org/cmake/help/latest/prop_tgt/UNITY_BUILD.html Ref: https://en.wikipedia.org/wiki/Unity_build Closes #11095
show more ...
|
#
f198d33e |
| 18-May-2023 |
Emanuele Torre |
checksrc: disallow spaces before labels Out of 415 labels throughout the code base, 86 of those labels were not at the start of the line. Which means labels always at the start of th
checksrc: disallow spaces before labels Out of 415 labels throughout the code base, 86 of those labels were not at the start of the line. Which means labels always at the start of the line is the favoured style overall with 329 instances. Out of the 86 labels not at the start of the line: * 75 were indented with the same indentation level of the following line * 8 were indented with exactly one space * 2 were indented with one fewer indentation level then the following line * 1 was indented with the indentation level of the following line minus three space (probably unintentional) Co-Authored-By: Viktor Szakats Closes #11134
show more ...
|
#
d567cca1 |
| 27-Apr-2023 |
Daniel Stenberg |
checksrc: fix SPACEBEFOREPAREN for conditions starting with "*" The open paren check wants to warn for spaces before open parenthesis for if/while/for but also for any function call. In
checksrc: fix SPACEBEFOREPAREN for conditions starting with "*" The open paren check wants to warn for spaces before open parenthesis for if/while/for but also for any function call. In order to avoid catching function pointer declarations, the logic allows a space if the first character after the open parenthesis is an asterisk. I also spotted what we did not include "switch" in the check but we should. This check is a little lame, but we reduce this problem by not allowing that space for if/while/for/switch. Reported-by: Emanuele Torre Closes #11044
show more ...
|
#
2bc1d775 |
| 02-Jan-2023 |
Daniel Stenberg |
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - save
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING checksrc is updated to allow non-year using copyright statements Closes #10205
show more ...
|
#
ca02a77f |
| 27-Dec-2022 |
Daniel Stenberg |
hsts: handle adding the same host name again It will then use the largest expire time of the two entries.
|
#
076a2f62 |
| 27-Dec-2022 |
Daniel Stenberg |
share: add sharing of HSTS cache among handles Closes #10138
|
#
3f039dfd |
| 31-Oct-2022 |
Daniel Stenberg |
strcase: use curl_str(n)equal for case insensitive matches No point in having two entry points for the same functions. Also merged the *safe* function treatment into these so that t
strcase: use curl_str(n)equal for case insensitive matches No point in having two entry points for the same functions. Also merged the *safe* function treatment into these so that they can also be used when one or both pointers are NULL. Closes #9837
show more ...
|
#
279834dd |
| 24-Oct-2022 |
Daniel Stenberg |
misc: remove duplicated include files Closes #9796
|
#
6f9fb7ec |
| 05-Sep-2022 |
Daniel Stenberg |
misc: ISSPACE() => ISBLANK() Instances of ISSPACE() use that should rather use ISBLANK(). I think somewhat carelessly used because it sounds as if it checks for space or whitespace,
misc: ISSPACE() => ISBLANK() Instances of ISSPACE() use that should rather use ISBLANK(). I think somewhat carelessly used because it sounds as if it checks for space or whitespace, but also includes %0a to %0d. For parsing purposes, we should only accept what we must and not be overly liberal. It leads to surprises and surprises lead to bad things. Closes #9432
show more ...
|
#
d64115d7 |
| 25-May-2022 |
Daniel Stenberg |
hsts: use Curl_fopen()
|
#
ad9bc597 |
| 17-May-2022 |
max.mehl |
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the file `.reuse/dep5`. This commit also adds a Github workflow to check pull requests and adapts copyright.pl to the changes. Closes #8869
show more ...
|
#
3c8b969d |
| 22-May-2022 |
Daniel Stenberg |
links: update dead links The wiki pages are gone, remove and link to more long-living docs. Closes #8897
|
#
fae6fea2 |
| 09-May-2022 |
Daniel Stenberg |
hsts: ignore trailing dots when comparing hosts names CVE-2022-30115 Reported-by: Axel Chong Bug: https://curl.se/docs/CVE-2022-30115.html Closes #8821
|
#
519b62cc |
| 21-Jan-2022 |
lucas |
docs: update IETF links to use datatracker The tools.ietf.org domain has been deprecated a while now, with the links being redirected to datatracker.ietf.org. Rather than make p
docs: update IETF links to use datatracker The tools.ietf.org domain has been deprecated a while now, with the links being redirected to datatracker.ietf.org. Rather than make people eat that redirect time, this change switches the URL to a more canonical source. Closes #8317
show more ...
|