aboutsummaryrefslogtreecommitdiff
path: root/src/tool_urlglob.c
AgeCommit message (Collapse)Author
2020-05-15source cleanup: remove all custom typedef structsDaniel Stenberg
- Stick to a single unified way to use structs - Make checksrc complain on 'typedef struct {' - Allow them in tests, public headers and examples - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually typedef different types/structs depending on build conditions. Closes #5338
2020-01-13curl: make #0 not output the full URLDaniel Stenberg
It was not intended nor documented! Added test 1176 to verify. Reported-by: vshmuk on hackerone Closes #4812
2019-10-02curl: create easy handles on-demand and not ahead of timeDaniel Stenberg
This should again enable crazy-large download ranges of the style [1-10000000] that otherwise easily ran out of memory starting in 7.66.0 when this new handle allocating scheme was introduced. Reported-by: Peter Sumatra Fixes #4393 Closes #4438
2019-05-16cleanup: remove FIXME and TODO commentsDaniel Stenberg
They serve very little purpose and mostly just add noise. Most of them have been around for a very long time. I read them all before removing or rephrasing them. Ref: #3876 Closes #3883
2019-02-13urlglob: Argument with 'nonnull' attribute passed nullDaniel Stenberg
Detected by scan-build.
2018-11-23snprintf: renamed and we now only use msnprintf()Daniel Stenberg
The function does not return the same value as snprintf() normally does, so readers may be mislead into thinking the code works differently than it actually does. A different function name makes this easier to detect. Reported-by: Tomas Hoger Assisted-by: Daniel Gustafsson Fixes #3296 Closes #3297
2018-09-13urlglob: improve error messageDaniel Stenberg
to help user understand what the problem is Reported-by: Daniel Shahaf Fixes #2763 Closes #2977
2018-09-10misc: fix typos in commentsDaniel Gustafsson
Closes #2963
2018-08-21curl-compilers: enable -Wimplicit-fallthrough=4 for GCCMarcel Raad
This enables level 4 instead of the default level 3, which of the currently used comments only allows /* FALLTHROUGH */ to silence the warning. Closes https://github.com/curl/curl/pull/2747
2018-08-21Remove unused definitionsMarcel Raad
Closes https://github.com/curl/curl/pull/2747
2018-06-11cppcheck: fix warningsMarian Klymov
- Get rid of variable that was generating false positive warning (unitialized) - Fix issues in tests - Reduce scope of several variables all over etc Closes #2631
2018-05-14tool: Fix format specifiersRikard Falkeborn
2017-11-04curl: pass through [] in URLs instead of calling globbing errorDaniel Stenberg
Assisted-by: Per Lundberg Fixes #2044 Closes #2046 Closes #2048
2017-09-11code style: use spaces around plusesDaniel Stenberg
2017-09-11code style: use spaces around equals signsDaniel Stenberg
2017-08-07glob: do not continue parsing after a strtoul() overflow rangeDaniel Stenberg
Added test 1289 to verify. CVE-2017-1000101 Bug: https://curl.haxx.se/docs/adv_20170809A.html Reported-by: Brian Carpenter
2017-06-13urlglob: fix division by zeroDaniel Stenberg
The multiply() function that is used to avoid integer overflows, was itself reason for a possible division by zero error when passed a specially formatted glob. Reported-by: GwanYeong Kim
2017-02-19string formatting: fix 4 printf-style format stringsMichael Kaufmann
2017-02-15tool_urlglob: Allow a glob range with the same start and stopJay Satiro
For example allow ranges like [1-1] and [a-a] etc. Regression since 5ca96cb. Bug: https://github.com/curl/curl/issues/1238 Reported-by: R. Dennis Steed
2016-12-13checksrc: stricter no-space-before-paren enforcementDaniel Stenberg
In order to make the code style more uniform everywhere
2016-11-24tool_urlglob: Improve sanity check in glob_rangeJay Satiro
Prior to this change we depended on errno if strtol could not perform a conversion. POSIX says EINVAL *may* be set. Some implementations like Microsoft's will not set it if there's no conversion. Ref: https://github.com/curl/curl/commit/ee4f7660#commitcomment-19658189
2016-11-24checksrc: white space edits to comply to stricter checksrcDaniel Stenberg
2016-11-24checksrc: code style: use 'char *name' styleDaniel Stenberg
2016-11-15glob: fix [a-c] globbing regressionDaniel Stenberg
Brought in ee4f76606cf Added test case 1280 to verify Reported-by: Dave Reisner Bug: https://github.com/curl/curl/commit/ee4f76606cfa4ee068bf28edd37c8dae7e8db317#commitcomment-19823146
2016-10-31range: reject char globs with missing end like '[L-]'Daniel Stenberg
... which previously would lead to out of boundary reads. Reported-by: Luật Nguyễn
2016-10-31glob_next_url: make sure to stay within the given output bufferDaniel Stenberg
2016-10-31range: prevent negative end number in a glob rangeDaniel Stenberg
CVE-2016-8620 Bug: https://curl.haxx.se/docs/adv_20161102F.html Reported-by: Luật Nguyễn
2016-06-03tool_urlglob: fix off-by-one error in glob_parse()Kamil Dudka
... causing SIGSEGV while parsing URL with too many globs. Minimal example: $ curl $(for i in $(seq 101); do printf '{a}'; done) Reported-by: Romain Coltel Bug: https://bugzilla.redhat.com/1340757
2016-03-14curl: glob_range: no need to check unsigned variable for negativeDaniel Stenberg
cppcheck warned: [src/tool_urlglob.c:283]: (style) Checking if unsigned variable 'step_n' is less than zero.
2016-02-08tool_urlglob: Allow reserved dos device names (Windows)Jay Satiro
Allow --output to reserved dos device names without the device prefix for backwards compatibility. Example: --output NUL can be used instead of --output \\.\NUL Bug: https://github.com/curl/curl/commit/4520534#commitcomment-15954863 Reported-by: Gisle Vanem
2016-02-05tool_doswin: Improve sanitization processingJay Satiro
- Add unit test 1604 to test the sanitize_file_name function. - Use -DCURL_STATICLIB when building libcurltool for unit testing. - Better detection of reserved DOS device names. - New flags to modify sanitize behavior: SANITIZE_ALLOW_COLONS: Allow colons SANITIZE_ALLOW_PATH: Allow path separators and colons SANITIZE_ALLOW_RESERVED: Allow reserved device names SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename - Restore sanitization of banned characters from user-specified outfile. Prior to this commit sanitization of a user-specified outfile was temporarily disabled in 2b6dadc because there was no way to allow path separators and colons through while replacing other banned characters. Now in such a case we call the sanitize function with SANITIZE_ALLOW_PATH which allows path separators and colons to pass through. Closes https://github.com/curl/curl/issues/624 Reported-by: Octavio Schroeder
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2015-03-25globbing: fix url number calculation when using range with stepEmil Lerner
In function glob_range, the number of urls was multiplied by (max - min + 1), regardless of step. The correct formula is (max - min) / step + 1
2015-03-25globbing: fix step parsing for character globbing rangesEmil Lerner
The glob_range function used wrong offset (3 instead of 4) for parsing integer step inside character range specification, which led to 'bad range' error when using character ranges with explicitly specified step (such as '[a-z:2]')
2015-03-03tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACEDaniel Stenberg
2014-12-16glob_next_url: make the loop count upwardsDaniel Stenberg
As the former contruct apparently caused a compiler warning, mentioned in d8efde07e556c.
2014-12-16tool_urlglob: unify return codes to use CURLcodeDaniel Stenberg
There was a mix of GlobCode, CURLcode and ints and they were mostly passing around CURLcode errors. This change makes the functions use only CURLcode and removes the GlobCode type completely.
2014-12-16tool_urlglob.c: partly reverse dc19789444Daniel Stenberg
The loop in glob_next_url() needs to be done backwards to maintain the logic. dc19789444 caused test 1235 to fail.
2014-12-14tool_urlglob.c: reverse two loopsDaniel Stenberg
By counting from 0 and up instead of backwards like before, we remove the need for the "funny" check of the unsigned variable when decreased passed zero. Easier to read and less risk for compiler warnings.
2014-12-14tool_urlglob.c: Added braces to clarify the conditionsMarc Hoersken
2014-12-14tool_urlglob.c: Silence warning C6293: Ill-defined for-loopMarc Hoersken
The >= 0 is actually not required, since i underflows and the for-loop is stopped using the < condition, but this makes the VS2012 compiler and code analysis happy.
2014-07-12Fixed some "statement not reached" warningsDan Fandrich
2014-05-09tool_urlglob.c: Fixed compilation warningSteve Holme
An enumerated type is mixed with another type.
2014-04-18tool_urlglob.c: added some comments to clarify for loop conditionsMarc Hoersken
I was tempted to change those to >= 0 until I saw that this is actually a for loop that terminates once i underflows.
2014-03-30curl: stop interpreting IPv6 literals as glob patterns.Paul Marks
This makes it possible to fetch from an IPv6 literal without specifying the -g option. Globbing remains available elsehwere in the URL. For example: curl http://[::1]/file[1-3].txt This creates no ambiguity, because there is no overlap between the syntax of valid globs and valid IPv6 literals. Globs contain hyphens and at most 1 colon, while IPv6 literals have no hyphens, and at least 2 colons. The peek_ipv6() parser simply whitelists a set of characters and counts colons, because the real validation happens later on. The character set includes A-Z, in case someone decides to implement support for scopes like [fe80::1%25eth0] in the future. Signed-off-by: Paul Marks <pmarks@google.com>
2013-11-28globbing: curl glob counter mismatch with {} list useDaniel Stenberg
The "fixed string" function wrongly bumped the "urlnum" counter which made curl output the total number of URLs wrong when using {one,two,three} lists in globs. Reported-by: Michael-O Bug: http://curl.haxx.se/bug/view.cgi?id=1305
2013-11-03glob_range: pass the closing bracket for a-z rangesDaniel Stenberg
Regression since commit 5ca96cb844102 (release in 7.33.0) Reported-by: Marcin Gryszkalis
2013-10-22glob: fix regression from commit 5ca96cb844Daniel Stenberg
Plain strings after glob ranges/lists weren't treated correctly but caused broken URLs to get used. Reported-by: Javier Barroso
2013-09-06urlglob: improved error messages and column number on bad useDaniel Stenberg
Introduce a convenience macro and keep of the column better so that it can point out the offending column better. Updated test 75 accordingly.
2013-09-06urlglob: avoid error code translationDaniel Stenberg
By using the correct values from the start we don't have to translate them!