curl: prevent binary output spewed to terminal

... unless "--output -" is used. Binary detection is done by simply checking for a binary zero in early data. Added test 1425 1426 to verify. Closes #1512
author: Daniel Stenberg <daniel@haxx.se> 2017-06-16 11:30:36 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2017-06-16 23:38:13 +0200
commit: 5385450afd61328e7d24b50eeffc2b1571cd9e2f (patch)
tree: abed28837e3bc58605b3963280b9b2aec62815d8 /src
parent: ce2cc568f822605ae4258ec25b87b59b24c7bd19 (diff)
6 files changed, 46 insertions, 10 deletions
diff --git a/src/tool_cb_wrt.c b/src/tool_cb_wrt.c
index 6c08943ea..c818abf51 100644
--- a/src/tool_cb_wrt.c
+++ b/src/tool_cb_wrt.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -77,6 +77,8 @@ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata)
   size_t rc;
   struct OutStruct *outs = userdata;
   struct OperationConfig *config = outs->config;
+  size_t bytes = sz * nmemb;
+  bool isatty = config->global->isatty;
 
   /*
    * Once that libcurl has called back tool_write_cb() the returned value
@@ -84,21 +86,29 @@ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata)
    * it does not match then it fails with CURLE_WRITE_ERROR. So at this
    * point returning a value different from sz*nmemb indicates failure.
    */
-  const size_t failure = (sz && nmemb) ? 0 : 1;
+  const size_t failure = bytes ? 0 : 1;
 
   if(!config)
     return failure;
 
 #ifdef DEBUGBUILD
+  {
+    char *tty = curlx_getenv("CURL_ISATTY");
+    if(tty) {
+      isatty = TRUE;
+      curl_free(tty);
+    }
+  }
+
   if(config->include_headers) {
-    if(sz * nmemb > (size_t)CURL_MAX_HTTP_HEADER) {
+    if(bytes > (size_t)CURL_MAX_HTTP_HEADER) {
       warnf(config->global, "Header data size exceeds single call write "
             "limit!\n");
       return failure;
     }
   }
   else {
-    if(sz * nmemb > (size_t)CURL_MAX_WRITE_SIZE) {
+    if(bytes > (size_t)CURL_MAX_WRITE_SIZE) {
       warnf(config->global, "Data size exceeds single call write limit!\n");
       return failure;
     }
@@ -137,11 +147,22 @@ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata)
   if(!outs->stream && !tool_create_output_file(outs))
     return failure;
 
+  if(isatty && (outs->bytes < 2000) && !config->terminal_binary_ok) {
+    /* binary output to terminal? */
+    if(memchr(buffer, 0, bytes)) {
+      warnf(config->global, "Binary output can mess up your terminal. "
+            "Use \"--output -\" to tell curl to output it to your terminal "
+            "anyway, or consider \"--output <FILE>\" to save to a file.\n");
+      config->synthetic_error = ERR_BINARY_TERMINAL;
+      return failure;
+    }
+  }
+
   rc = fwrite(buffer, sz, nmemb, outs->stream);
 
-  if((sz * nmemb) == rc)
+  if(bytes == rc)
     /* we added this amount of data to the output */
-    outs->bytes += (sz * nmemb);
+    outs->bytes += bytes;
 
   if(config->readbusy) {
     config->readbusy = FALSE;
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index 38777f6fd..8d74905d9 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -27,6 +27,12 @@
 
 #include "tool_metalink.h"
 
+typedef enum {
+  ERR_NONE,
+  ERR_BINARY_TERMINAL = 1, /* binary to terminal detected */
+  ERR_LAST
+} curl_error;
+
 struct GlobalConfig;
 
 struct OperationConfig {
@@ -141,6 +147,7 @@ struct OperationConfig {
   bool insecure_ok;         /* set TRUE to allow insecure SSL connects */
   bool proxy_insecure_ok;   /* set TRUE to allow insecure SSL connects
                                for proxy */
+  bool terminal_binary_ok;
   bool verifystatus;
   bool create_dirs;
   bool ftp_create_dirs;
@@ -236,6 +243,8 @@ struct OperationConfig {
   double expect100timeout;
   bool suppress_connect_headers;  /* suppress proxy CONNECT response headers
                                      from user callbacks */
+  curl_error synthetic_error;     /* if non-zero, it overrides any libcurl
+                                     error */
   struct GlobalConfig *global;
   struct OperationConfig *prev;
   struct OperationConfig *next;   /* Always last in the struct */
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index fabe8f04b..bcb9e1ee2 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -1554,7 +1554,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
         config->proxy_insecure_ok = toggle;
         break;
 
-      case '9':
+      case '9': /* --proxy-tlsv1 */
         /* TLS version 1 for proxy */
         config->proxy_ssl_version = CURL_SSLVERSION_TLSv1;
         break;
diff --git a/src/tool_help.c b/src/tool_help.c
index 46aae4527..08a81f590 100644
--- a/src/tool_help.c
+++ b/src/tool_help.c
@@ -252,7 +252,7 @@ static const struct helptxt helptext[] = {
    "Use HTTP NTLM authentication"},
   {"    --ntlm-wb",
    "Use HTTP NTLM authentication with winbind"},
-  {"    --oauth2-bearer",
+  {"    --oauth2-bearer <token>",
    "OAuth 2 Bearer Token"},
   {"-o, --output <file>",
    "Write to file instead of stdout"},
diff --git a/src/tool_main.c b/src/tool_main.c
index 7e742ffca..089a317d4 100644
--- a/src/tool_main.c
+++ b/src/tool_main.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 6f1525e8b..b80a77118 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -862,6 +862,9 @@ static CURLcode operate_do(struct GlobalConfig *global,
           set_binmode(stdout);
         }
 
+        /* explicitly passed to stdout means okaying binary gunk */
+        config->terminal_binary_ok = (outfile && !strcmp(outfile, "-"));
+
         if(!config->tcp_nodelay)
           my_setopt(curl, CURLOPT_TCP_NODELAY, 0L);
 
@@ -1764,7 +1767,10 @@ static CURLcode operate_do(struct GlobalConfig *global,
         }
         else
 #endif
-        if(result && global->showerror) {
+        if(config->synthetic_error) {
+          ;
+        }
+        else if(result && global->showerror) {
           fprintf(global->errors, "curl: (%d) %s\n", result, (errorbuffer[0]) ?
                   errorbuffer : curl_easy_strerror(result));
           if(result == CURLE_SSL_CACERT)
author	Daniel Stenberg <daniel@haxx.se>	2017-06-16 11:30:36 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2017-06-16 23:38:13 +0200
commit	5385450afd61328e7d24b50eeffc2b1571cd9e2f (patch)
tree	abed28837e3bc58605b3963280b9b2aec62815d8 /src
parent	ce2cc568f822605ae4258ec25b87b59b24c7bd19 (diff)