diff options
author | Daniel Stenberg <daniel@haxx.se> | 2023-01-03 14:58:37 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2023-01-04 09:15:37 +0100 |
commit | 7ad8a7ba9ebdedceafe8859d3bd4d22ee447648d (patch) | |
tree | 09e568b07541857b31aa6ba431a239d328380216 | |
parent | bb393e521ffc217d14faf3812861278086ac84aa (diff) | |
download | curl-7ad8a7ba9ebdedceafe8859d3bd4d22ee447648d.tar.gz |
noproxy: support for space-separated names is deprecated
To be removed in July 2024.
Assisted-by: Michael Osipov
Fixes #10209
Closes #10215
-rw-r--r-- | docs/DEPRECATE.md | 19 | ||||
-rw-r--r-- | lib/noproxy.c | 13 | ||||
-rw-r--r-- | lib/noproxy.h | 3 | ||||
-rw-r--r-- | lib/url.c | 6 | ||||
-rw-r--r-- | tests/unit/unit1614.c | 91 |
5 files changed, 88 insertions, 44 deletions
diff --git a/docs/DEPRECATE.md b/docs/DEPRECATE.md index 7e140cd5d..ac7c4d340 100644 --- a/docs/DEPRECATE.md +++ b/docs/DEPRECATE.md @@ -52,6 +52,25 @@ We remove support for building curl with the gskit TLS library in August 2023. - build breakages in this code take weeks or more to get detected - fixing gskit code is mostly done "flying blind" +## space-separated `NOPROXY` patterns + +When specifying patterns/domain names for curl that should *not* go through a +proxy, the curl tool features the `--noproxy` command line option and the +library supports the `NO_PROXY` environment variable and the `CURLOPT_NOPROXY` +libcurl option. + +They all set the same list of patterns. This list is documented to be a set of +**comma-separated** names, but can also be provided separated with just +space. The ability to just use spaces for this has never been documented but +some users may still have come to rely on this. + +Several other tools and utilities also parse the `NO_PROXY` environment +variable but do not consider a space to be a valid separator. Using spaces for +separator is probably less portable and might cause more friction than commas +do. Users should use commas for this for greater portability. + +curl will remove the support for space-separated names in July 2024. + ## past removals - Pipelining diff --git a/lib/noproxy.c b/lib/noproxy.c index 6c0c486f8..f1c1ed2c6 100644 --- a/lib/noproxy.c +++ b/lib/noproxy.c @@ -119,8 +119,10 @@ enum nametype { * Checks if the host is in the noproxy list. returns TRUE if it matches and * therefore the proxy should NOT be used. ****************************************************************/ -bool Curl_check_noproxy(const char *name, const char *no_proxy) +bool Curl_check_noproxy(const char *name, const char *no_proxy, + bool *spacesep) { + *spacesep = FALSE; /* * If we don't have a hostname at all, like for example with a FILE * transfer, we have nothing to interrogate the noproxy list with. @@ -244,6 +246,15 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) if(match) return TRUE; } /* if(tokenlen) */ + /* pass blanks after pattern */ + while(ISBLANK(*p)) + p++; + /* if not a comma! */ + if(*p && (*p != ',')) { + *spacesep = TRUE; + continue; + } + /* pass any number of commas */ while(*p == ',') p++; } /* while(*p) */ diff --git a/lib/noproxy.h b/lib/noproxy.h index b6a1a556a..a3a680772 100644 --- a/lib/noproxy.h +++ b/lib/noproxy.h @@ -37,7 +37,8 @@ UNITTEST bool Curl_cidr6_match(const char *ipv6, unsigned int bits); #endif -bool Curl_check_noproxy(const char *name, const char *no_proxy); +bool Curl_check_noproxy(const char *name, const char *no_proxy, + bool *spacesep); #endif @@ -2401,6 +2401,7 @@ static CURLcode create_conn_helper_init_proxy(struct Curl_easy *data, char *socksproxy = NULL; char *no_proxy = NULL; CURLcode result = CURLE_OK; + bool spacesep = FALSE; /************************************************************* * Extract the user and password from the authentication string @@ -2447,7 +2448,8 @@ static CURLcode create_conn_helper_init_proxy(struct Curl_easy *data, } if(Curl_check_noproxy(conn->host.name, data->set.str[STRING_NOPROXY] ? - data->set.str[STRING_NOPROXY] : no_proxy)) { + data->set.str[STRING_NOPROXY] : no_proxy, + &spacesep)) { Curl_safefree(proxy); Curl_safefree(socksproxy); } @@ -2456,6 +2458,8 @@ static CURLcode create_conn_helper_init_proxy(struct Curl_easy *data, /* if the host is not in the noproxy list, detect proxy. */ proxy = detect_proxy(data, conn); #endif /* CURL_DISABLE_HTTP */ + if(spacesep) + infof(data, "space-separated NOPROXY patterns are deprecated"); Curl_safefree(no_proxy); diff --git a/tests/unit/unit1614.c b/tests/unit/unit1614.c index cc685b9ce..0818ea7ed 100644 --- a/tests/unit/unit1614.c +++ b/tests/unit/unit1614.c @@ -46,6 +46,7 @@ struct noproxy { const char *a; const char *n; bool match; + bool space; /* space separated */ }; UNITTEST_START @@ -77,50 +78,52 @@ UNITTEST_START { NULL, NULL, 0, FALSE} /* end marker */ }; struct noproxy list[]= { - { "www.example.com", "localhost,.example.com,.example.de", TRUE}, - { "www.example.com.", "localhost,.example.com,.example.de", TRUE}, - { "example.com", "localhost,.example.com,.example.de", TRUE}, - { "example.com.", "localhost,.example.com,.example.de", TRUE}, - { "www.example.com", "localhost,.example.com.,.example.de", TRUE}, - { "www.example.com", "localhost,www.example.com.,.example.de", TRUE}, - { "example.com", "localhost,example.com,.example.de", TRUE}, - { "example.com.", "localhost,example.com,.example.de", TRUE}, - { "nexample.com", "localhost,example.com,.example.de", FALSE}, - { "www.example.com", "localhost,example.com,.example.de", TRUE}, - { "127.0.0.1", "127.0.0.1,localhost", TRUE}, - { "127.0.0.1", "127.0.0.1,localhost,", TRUE}, - { "127.0.0.1", "127.0.0.1/8,localhost,", TRUE}, - { "127.0.0.1", "127.0.0.1/28,localhost,", TRUE}, - { "127.0.0.1", "127.0.0.1/31,localhost,", TRUE}, - { "127.0.0.1", "localhost,127.0.0.1", TRUE}, + { "www.example.com", "localhost .example.com .example.de", TRUE, TRUE}, + { "www.example.com", "localhost,.example.com,.example.de", TRUE, FALSE}, + { "www.example.com.", "localhost,.example.com,.example.de", TRUE, FALSE}, + { "example.com", "localhost,.example.com,.example.de", TRUE, FALSE}, + { "example.com.", "localhost,.example.com,.example.de", TRUE, FALSE}, + { "www.example.com", "localhost,.example.com.,.example.de", TRUE, FALSE}, + { "www.example.com", "localhost,www.example.com.,.example.de", + TRUE, FALSE}, + { "example.com", "localhost,example.com,.example.de", TRUE, FALSE}, + { "example.com.", "localhost,example.com,.example.de", TRUE, FALSE}, + { "nexample.com", "localhost,example.com,.example.de", FALSE, FALSE}, + { "www.example.com", "localhost,example.com,.example.de", TRUE, FALSE}, + { "127.0.0.1", "127.0.0.1,localhost", TRUE, FALSE}, + { "127.0.0.1", "127.0.0.1,localhost,", TRUE, FALSE}, + { "127.0.0.1", "127.0.0.1/8,localhost,", TRUE, FALSE}, + { "127.0.0.1", "127.0.0.1/28,localhost,", TRUE, FALSE}, + { "127.0.0.1", "127.0.0.1/31,localhost,", TRUE, FALSE}, + { "127.0.0.1", "localhost,127.0.0.1", TRUE, FALSE}, { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1." "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127." - "0.0.1.127.0.0.1.127.0.0." /* 128 bytes "address" */, FALSE}, + "0.0.1.127.0.0.1.127.0.0." /* 128 bytes "address" */, FALSE, FALSE}, { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1." "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127." - "0.0.1.127.0.0.1.127.0.0" /* 127 bytes "address" */, FALSE}, - { "localhost", "localhost,127.0.0.1", TRUE}, - { "localhost", "127.0.0.1,localhost", TRUE}, - { "foobar", "barfoo", FALSE}, - { "foobar", "foobar", TRUE}, - { "192.168.0.1", "foobar", FALSE}, - { "192.168.0.1", "192.168.0.0/16", TRUE}, - { "192.168.0.1", "192.168.0.0/24", TRUE}, - { "192.168.0.1", "192.168.0.0/32", FALSE}, - { "192.168.0.1", "192.168.0.0", FALSE}, - { "192.168.1.1", "192.168.0.0/24", FALSE}, - { "192.168.1.1", "foo, bar, 192.168.0.0/24", FALSE}, - { "192.168.1.1", "foo, bar, 192.168.0.0/16", TRUE}, - { "[::1]", "foo, bar, 192.168.0.0/16", FALSE}, - { "[::1]", "foo, bar, ::1/64", TRUE}, - { "bar", "foo, bar, ::1/64", TRUE}, - { "BAr", "foo, bar, ::1/64", TRUE}, - { "BAr", "foo,,,,, bar, ::1/64", TRUE}, - { "www.example.com", "foo, .example.com", TRUE}, - { "www.example.com", "www2.example.com, .example.net", FALSE}, - { "example.com", ".example.com, .example.net", TRUE}, - { "nonexample.com", ".example.com, .example.net", FALSE}, - { NULL, NULL, FALSE} + "0.0.1.127.0.0.1.127.0.0" /* 127 bytes "address" */, FALSE, FALSE}, + { "localhost", "localhost,127.0.0.1", TRUE, FALSE}, + { "localhost", "127.0.0.1,localhost", TRUE, FALSE}, + { "foobar", "barfoo", FALSE, FALSE}, + { "foobar", "foobar", TRUE, FALSE}, + { "192.168.0.1", "foobar", FALSE, FALSE}, + { "192.168.0.1", "192.168.0.0/16", TRUE, FALSE}, + { "192.168.0.1", "192.168.0.0/24", TRUE, FALSE}, + { "192.168.0.1", "192.168.0.0/32", FALSE, FALSE}, + { "192.168.0.1", "192.168.0.0", FALSE, FALSE}, + { "192.168.1.1", "192.168.0.0/24", FALSE, FALSE}, + { "192.168.1.1", "foo, bar, 192.168.0.0/24", FALSE, FALSE}, + { "192.168.1.1", "foo, bar, 192.168.0.0/16", TRUE, FALSE}, + { "[::1]", "foo, bar, 192.168.0.0/16", FALSE, FALSE}, + { "[::1]", "foo, bar, ::1/64", TRUE, FALSE}, + { "bar", "foo, bar, ::1/64", TRUE, FALSE}, + { "BAr", "foo, bar, ::1/64", TRUE, FALSE}, + { "BAr", "foo,,,,, bar, ::1/64", TRUE, FALSE}, + { "www.example.com", "foo, .example.com", TRUE, FALSE}, + { "www.example.com", "www2.example.com, .example.net", FALSE, FALSE}, + { "example.com", ".example.com, .example.net", TRUE, FALSE}, + { "nonexample.com", ".example.com, .example.net", FALSE, FALSE}, + { NULL, NULL, FALSE, FALSE} }; for(i = 0; list4[i].a; i++) { bool match = Curl_cidr4_match(list4[i].a, list4[i].n, list4[i].bits); @@ -141,13 +144,19 @@ UNITTEST_START } } for(i = 0; list[i].a; i++) { - bool match = Curl_check_noproxy(list[i].a, list[i].n); + bool spacesep = FALSE; + bool match = Curl_check_noproxy(list[i].a, list[i].n, &spacesep); if(match != list[i].match) { fprintf(stderr, "%s in %s should %smatch\n", list[i].a, list[i].n, list[i].match ? "": "not "); err++; } + if(spacesep != list[i].space) { + fprintf(stderr, "%s is claimed to be %sspace separated\n", + list[i].n, list[i].space?"":"NOT "); + err++; + } } return err; } |