summaryrefslogtreecommitdiff
path: root/lib/dotdot.c
Commit message (Collapse)AuthorAgeFilesLines
* curl.se: new homeDaniel Stenberg2020-11-041-1/+1
| | | | Closes #6172
* terminology: call them null-terminated stringsDaniel Stenberg2020-06-281-5/+5
| | | | | | | | | | | Updated terminology in docs, comments and phrases to refer to C strings as "null-terminated". Done to unify with how most other C oriented docs refer of them and what users in general seem to prefer (based on a single highly unscientific poll on twitter). Reported-by: coinhubs on github Fixes #5598 Closes #5608
* copyrights: fix copyright year rangeDaniel Stenberg2019-11-081-1/+1
| | | | | | | | .. because checksrc's copyright year check stopped working. Ref: https://github.com/curl/curl/pull/4547 Closes https://github.com/curl/curl/pull/4549
* Curl_dedotdotify(): always nul terminate returned string.Even Rouault2018-09-241-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes potential out-of-buffer access on "file:./" URL $ valgrind curl "file:./" ==24516== Memcheck, a memory error detector ==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==24516== Command: /home/even/install-curl-git/bin/curl file:./ ==24516== ==24516== Conditional jump or move depends on uninitialised value(s) ==24516== at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==24516== by 0x4EBB315: seturl (urlapi.c:801) ==24516== by 0x4EBB568: parseurl (urlapi.c:861) ==24516== by 0x4EBC509: curl_url_set (urlapi.c:1199) ==24516== by 0x4E644C6: parseurlandfillconn (url.c:2044) ==24516== by 0x4E67AEF: create_conn (url.c:3613) ==24516== by 0x4E68A4F: Curl_connect (url.c:4119) ==24516== by 0x4E7F0A4: multi_runsingle (multi.c:1440) ==24516== by 0x4E808E5: curl_multi_perform (multi.c:2173) ==24516== by 0x4E7558C: easy_transfer (easy.c:686) ==24516== by 0x4E75801: easy_perform (easy.c:779) ==24516== by 0x4E75868: curl_easy_perform (easy.c:798) Was originally spotted by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637 Credit to OSS-Fuzz Closes #3039
* code style: use spaces around plusesDaniel Stenberg2017-09-111-2/+2
|
* code style: use spaces around equals signsDaniel Stenberg2017-09-111-13/+13
|
* dedotdot: fixed output for ".." and "." only inputDaniel Stenberg2017-06-031-1/+2
| | | | | | | Found when updating test 1395, which I did to increase test coverage of this source file... Closes #1535
* memdebug: Ensure curl/curl.h is included before curl_memory.hSteve Holme2016-04-011-1/+3
| | | | Follow up to commit 7db9782dd6.
* URLs: change more http to httpsViktor Szakats2016-02-041-1/+1
|
* URLs: change all http:// URLs to https://Daniel Stenberg2016-02-031-1/+1
|
* dotdot: allow an empty input string tooDaniel Stenberg2016-02-021-1/+8
| | | | | | | It isn't used by the code in current conditions but for safety it seems sensible to at least not crash on such input. Extended unit test 1395 to verify this too as well as a plain "/" input.
* copyright: Updated following recent editsSteve Holme2014-04-281-1/+1
|
* Added a few more const where possibleDan Fandrich2014-04-291-1/+1
|
* dotdot.c: Fix a RFC section number in a comment for Curl_dedotdotify()Fabian Keil2013-07-231-1/+1
|
* dotdot.c: fix global declaration shadowingYang Tse2013-07-111-13/+13
|
* dotdot: introducing dot file path cleanupDaniel Stenberg2013-06-221-0/+170
RFC3986 details how a path part passed in as part of a URI should be "cleaned" from dot sequences before getting used. The described algorithm is now implemented in lib/dotdot.c with the accompanied test case in test 1395. Bug: http://curl.haxx.se/bug/view.cgi?id=1200 Reported-by: Alex Vinnik