summaryrefslogtreecommitdiff
path: root/src/tool_urlglob.c
Commit message (Collapse)AuthorAgeFilesLines
* urlglob: Argument with 'nonnull' attribute passed nullDaniel Stenberg2019-02-131-2/+2
| | | | Detected by scan-build.
* snprintf: renamed and we now only use msnprintf()Daniel Stenberg2018-11-231-11/+11
| | | | | | | | | | | The function does not return the same value as snprintf() normally does, so readers may be mislead into thinking the code works differently than it actually does. A different function name makes this easier to detect. Reported-by: Tomas Hoger Assisted-by: Daniel Gustafsson Fixes #3296 Closes #3297
* urlglob: improve error messageDaniel Stenberg2018-09-131-5/+6
| | | | | | | | | to help user understand what the problem is Reported-by: Daniel Shahaf Fixes #2763 Closes #2977
* misc: fix typos in commentsDaniel Gustafsson2018-09-101-1/+1
| | | | Closes #2963
* curl-compilers: enable -Wimplicit-fallthrough=4 for GCCMarcel Raad2018-08-211-2/+2
| | | | | | | | This enables level 4 instead of the default level 3, which of the currently used comments only allows /* FALLTHROUGH */ to silence the warning. Closes https://github.com/curl/curl/pull/2747
* Remove unused definitionsMarcel Raad2018-08-211-2/+0
| | | | Closes https://github.com/curl/curl/pull/2747
* cppcheck: fix warningsMarian Klymov2018-06-111-1/+1
| | | | | | | | | | | | | - Get rid of variable that was generating false positive warning (unitialized) - Fix issues in tests - Reduce scope of several variables all over etc Closes #2631
* tool: Fix format specifiersRikard Falkeborn2018-05-141-1/+1
|
* curl: pass through [] in URLs instead of calling globbing errorDaniel Stenberg2017-11-041-3/+5
| | | | | | | Assisted-by: Per Lundberg Fixes #2044 Closes #2046 Closes #2048
* code style: use spaces around plusesDaniel Stenberg2017-09-111-8/+8
|
* code style: use spaces around equals signsDaniel Stenberg2017-09-111-5/+5
|
* glob: do not continue parsing after a strtoul() overflow rangeDaniel Stenberg2017-08-071-1/+4
| | | | | | | | | Added test 1289 to verify. CVE-2017-1000101 Bug: https://curl.haxx.se/docs/adv_20170809A.html Reported-by: Brian Carpenter
* urlglob: fix division by zeroDaniel Stenberg2017-06-131-1/+5
| | | | | | | | The multiply() function that is used to avoid integer overflows, was itself reason for a possible division by zero error when passed a specially formatted glob. Reported-by: GwanYeong Kim
* string formatting: fix 4 printf-style format stringsMichael Kaufmann2017-02-191-1/+1
|
* tool_urlglob: Allow a glob range with the same start and stopJay Satiro2017-02-151-18/+17
| | | | | | | | | For example allow ranges like [1-1] and [a-a] etc. Regression since 5ca96cb. Bug: https://github.com/curl/curl/issues/1238 Reported-by: R. Dennis Steed
* checksrc: stricter no-space-before-paren enforcementDaniel Stenberg2016-12-131-2/+2
| | | | In order to make the code style more uniform everywhere
* tool_urlglob: Improve sanity check in glob_rangeJay Satiro2016-11-241-1/+1
| | | | | | | | Prior to this change we depended on errno if strtol could not perform a conversion. POSIX says EINVAL *may* be set. Some implementations like Microsoft's will not set it if there's no conversion. Ref: https://github.com/curl/curl/commit/ee4f7660#commitcomment-19658189
* checksrc: white space edits to comply to stricter checksrcDaniel Stenberg2016-11-241-3/+3
|
* checksrc: code style: use 'char *name' styleDaniel Stenberg2016-11-241-1/+1
|
* glob: fix [a-c] globbing regressionDaniel Stenberg2016-11-151-0/+3
| | | | | | | | | | Brought in ee4f76606cf Added test case 1280 to verify Reported-by: Dave Reisner Bug: https://github.com/curl/curl/commit/ee4f76606cfa4ee068bf28edd37c8dae7e8db317#commitcomment-19823146
* range: reject char globs with missing end like '[L-]'Daniel Stenberg2016-10-311-15/+19
| | | | | | ... which previously would lead to out of boundary reads. Reported-by: Luật Nguyễn
* glob_next_url: make sure to stay within the given output bufferDaniel Stenberg2016-10-311-6/+11
|
* range: prevent negative end number in a glob rangeDaniel Stenberg2016-10-311-0/+7
| | | | | | | CVE-2016-8620 Bug: https://curl.haxx.se/docs/adv_20161102F.html Reported-by: Luật Nguyễn
* tool_urlglob: fix off-by-one error in glob_parse()Kamil Dudka2016-06-031-1/+1
| | | | | | | | | | ... causing SIGSEGV while parsing URL with too many globs. Minimal example: $ curl $(for i in $(seq 101); do printf '{a}'; done) Reported-by: Romain Coltel Bug: https://bugzilla.redhat.com/1340757
* curl: glob_range: no need to check unsigned variable for negativeDaniel Stenberg2016-03-141-3/+2
| | | | | | | cppcheck warned: [src/tool_urlglob.c:283]: (style) Checking if unsigned variable 'step_n' is less than zero.
* tool_urlglob: Allow reserved dos device names (Windows)Jay Satiro2016-02-081-1/+2
| | | | | | | | | | Allow --output to reserved dos device names without the device prefix for backwards compatibility. Example: --output NUL can be used instead of --output \\.\NUL Bug: https://github.com/curl/curl/commit/4520534#commitcomment-15954863 Reported-by: Gisle Vanem
* tool_doswin: Improve sanitization processingJay Satiro2016-02-051-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - Add unit test 1604 to test the sanitize_file_name function. - Use -DCURL_STATICLIB when building libcurltool for unit testing. - Better detection of reserved DOS device names. - New flags to modify sanitize behavior: SANITIZE_ALLOW_COLONS: Allow colons SANITIZE_ALLOW_PATH: Allow path separators and colons SANITIZE_ALLOW_RESERVED: Allow reserved device names SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename - Restore sanitization of banned characters from user-specified outfile. Prior to this commit sanitization of a user-specified outfile was temporarily disabled in 2b6dadc because there was no way to allow path separators and colons through while replacing other banned characters. Now in such a case we call the sanitize function with SANITIZE_ALLOW_PATH which allows path separators and colons to pass through. Closes https://github.com/curl/curl/issues/624 Reported-by: Octavio Schroeder
* URLs: change all http:// URLs to https://Daniel Stenberg2016-02-031-1/+1
|
* globbing: fix url number calculation when using range with stepEmil Lerner2015-03-251-5/+7
| | | | | In function glob_range, the number of urls was multiplied by (max - min + 1), regardless of step. The correct formula is (max - min) / step + 1
* globbing: fix step parsing for character globbing rangesEmil Lerner2015-03-251-1/+1
| | | | | | | The glob_range function used wrong offset (3 instead of 4) for parsing integer step inside character range specification, which led to 'bad range' error when using character ranges with explicitly specified step (such as '[a-z:2]')
* tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACEDaniel Stenberg2015-03-031-4/+4
|
* glob_next_url: make the loop count upwardsDaniel Stenberg2014-12-161-2/+2
| | | | | As the former contruct apparently caused a compiler warning, mentioned in d8efde07e556c.
* tool_urlglob: unify return codes to use CURLcodeDaniel Stenberg2014-12-161-35/+32
| | | | | | There was a mix of GlobCode, CURLcode and ints and they were mostly passing around CURLcode errors. This change makes the functions use only CURLcode and removes the GlobCode type completely.
* tool_urlglob.c: partly reverse dc19789444Daniel Stenberg2014-12-161-3/+3
| | | | | The loop in glob_next_url() needs to be done backwards to maintain the logic. dc19789444 caused test 1235 to fail.
* tool_urlglob.c: reverse two loopsDaniel Stenberg2014-12-141-10/+8
| | | | | | By counting from 0 and up instead of backwards like before, we remove the need for the "funny" check of the unsigned variable when decreased passed zero. Easier to read and less risk for compiler warnings.
* tool_urlglob.c: Added braces to clarify the conditionsMarc Hoersken2014-12-141-2/+2
|
* tool_urlglob.c: Silence warning C6293: Ill-defined for-loopMarc Hoersken2014-12-141-2/+2
| | | | | | The >= 0 is actually not required, since i underflows and the for-loop is stopped using the < condition, but this makes the VS2012 compiler and code analysis happy.
* Fixed some "statement not reached" warningsDan Fandrich2014-07-121-1/+1
|
* tool_urlglob.c: Fixed compilation warningSteve Holme2014-05-091-1/+1
| | | | An enumerated type is mixed with another type.
* tool_urlglob.c: added some comments to clarify for loop conditionsMarc Hoersken2014-04-181-0/+2
| | | | | I was tempted to change those to >= 0 until I saw that this is actually a for loop that terminates once i underflows.
* curl: stop interpreting IPv6 literals as glob patterns.Paul Marks2014-03-301-3/+45
| | | | | | | | | | | | | | | | | | | | This makes it possible to fetch from an IPv6 literal without specifying the -g option. Globbing remains available elsehwere in the URL. For example: curl http://[::1]/file[1-3].txt This creates no ambiguity, because there is no overlap between the syntax of valid globs and valid IPv6 literals. Globs contain hyphens and at most 1 colon, while IPv6 literals have no hyphens, and at least 2 colons. The peek_ipv6() parser simply whitelists a set of characters and counts colons, because the real validation happens later on. The character set includes A-Z, in case someone decides to implement support for scopes like [fe80::1%25eth0] in the future. Signed-off-by: Paul Marks <pmarks@google.com>
* globbing: curl glob counter mismatch with {} list useDaniel Stenberg2013-11-281-8/+4
| | | | | | | | | The "fixed string" function wrongly bumped the "urlnum" counter which made curl output the total number of URLs wrong when using {one,two,three} lists in globs. Reported-by: Michael-O Bug: http://curl.haxx.se/bug/view.cgi?id=1305
* glob_range: pass the closing bracket for a-z rangesDaniel Stenberg2013-11-031-1/+1
| | | | | | Regression since commit 5ca96cb844102 (release in 7.33.0) Reported-by: Marcin Gryszkalis
* glob: fix regression from commit 5ca96cb844Daniel Stenberg2013-10-221-4/+8
| | | | | | | Plain strings after glob ranges/lists weren't treated correctly but caused broken URLs to get used. Reported-by: Javier Barroso
* urlglob: improved error messages and column number on bad useDaniel Stenberg2013-09-061-81/+64
| | | | | | | Introduce a convenience macro and keep of the column better so that it can point out the offending column better. Updated test 75 accordingly.
* urlglob: avoid error code translationDaniel Stenberg2013-09-061-6/+4
| | | | | By using the correct values from the start we don't have to translate them!
* urlglob: avoid NULL pointer dereferenceDaniel Stenberg2013-09-061-1/+1
| | | | Thanks to clang-analyzer
* tool_urlglob.c: Fixed compiler warningsSteve Holme2013-08-261-2/+2
| | | | warning: 'variable' may be used uninitialized in this function
* glob: error out on range overflowDaniel Stenberg2013-08-161-6/+28
| | | | | | | | | | | The new multiply() function detects range value overflows. 32bit machines will overflow on a 32bit boundary while 64bit hosts support ranges up to the full 64 bit range. Added test 1236 to verify. Bug: http://curl.haxx.se/bug/view.cgi?id=1267 Reported-by: Will Dietz
* urlglob: better detect unclosed braces, empty lists and overflowsDaniel Stenberg2013-08-161-230/+243
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A rather big overhaul and cleanup. 1 - curl wouldn't properly detect and reject globbing that ended with an open brace if there were brackets or braces before it. Like "{}{" or "[0-1]{" 2 - curl wouldn't properly reject empty lists so that "{}{}" would result in curl getting (nil) strings in the output. 3 - By using strtoul() instead of sscanf() the code will now detected over and underflows. It now also better parses the step argument to only accept positive numbers and only step counters that is smaller than the delta between the maximum and minimum numbers. 4 - By switching to unsigned longs instead of signed ints for the counters, the max values for []-ranges are now very large (on 64bit machines). 5 - Bumped the maximum number of globs in a single URL to 100 (from 10) 6 - Simplified the code somewhat and now it stores fixed strings as single- entry lists. That's also one of the reasons why I did (5) as now all strings between "globs" will take a slot in the array. Added test 1234 and 1235 to verify. Updated test 87. This commit fixes three separate bug reports. Bug: http://curl.haxx.se/bug/view.cgi?id=1264 Bug: http://curl.haxx.se/bug/view.cgi?id=1265 Bug: http://curl.haxx.se/bug/view.cgi?id=1266 Reported-by: Will Dietz
View Lorry Controller Status