curl/lib/strcase.h

#ifndef HEADER_CURL_STRCASE_H
#define HEADER_CURL_STRCASE_H
/***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at https://curl.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * SPDX-License-Identifier: curl
 *
 ***************************************************************************/

#include <curl/curl.h>

/*
 * Only "raw" case insensitive strings. This is meant to be locale independent
 * and only compare strings we know are safe for this.
 *
 * The function is capable of comparing a-z case insensitively.
 *
 * Result is 1 if text matches and 0 if not.
 */

#define strcasecompare(a,b) Curl_strcasecompare(a,b)
#define strncasecompare(a,b,c) Curl_strncasecompare(a,b,c)

int Curl_strcasecompare(const char *first, const char *second);
int Curl_safe_strcasecompare(const char *first, const char *second);
int Curl_strncasecompare(const char *first, const char *second, size_t max);

char Curl_raw_toupper(char in);

/* checkprefix() is a shorter version of the above, used when the first
   argument is the string literal */
#define checkprefix(a,b)    curl_strnequal(b, STRCONST(a))

void Curl_strntoupper(char *dest, const char *src, size_t n);
void Curl_strntolower(char *dest, const char *src, size_t n);

bool Curl_safecmp(char *a, char *b);

#endif /* HEADER_CURL_STRCASE_H */
strcasecompare: is the new name for strequal() ... to make it less likely that we forget that the function actually does case insentive compares. Also replaced several invokes of the function with a plain strcmp when case sensitivity is not an issue (like comparing with "-"). 2016-09-30 23:15:05 +08:00			`#ifndef HEADER_CURL_STRCASE_H`
			`#define HEADER_CURL_STRCASE_H`
updated source code boilerplate/header 2002-09-03 19:52:59 +08:00			`/***************************************************************************`
added Curl_strcasestr() for case insensitive strstr() searching 2004-06-13 16:32:57 +08:00			`* _ _ ____ _`
			`* Project ___\| \| \| \| _ \\| \|`
			`* / __\| \| \| \| \|_) \| \|`
			`* \| (__\| \|_\| \| _ <\| \|___`
files moved to main branch from the newlib branch 2000-05-22 22:09:31 +08:00			`* \___\|\___/\|_\| \_\_____\|`
			`*`
lib: remove support for CURL_DOES_CONVERSIONS TPF was the only user and support for that was dropped. Closes #8378 2022-02-03 20:04:30 +08:00			`* Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.`
files moved to main branch from the newlib branch 2000-05-22 22:09:31 +08:00			`*`
updated source code boilerplate/header 2002-09-03 19:52:59 +08:00			`* This software is licensed as described in the file COPYING, which`
			`* you should have received as part of this distribution. The terms`
curl.se: new home Closes #6172 2020-11-04 21:02:01 +08:00			`* are also available at https://curl.se/docs/copyright.html.`
added Curl_strcasestr() for case insensitive strstr() searching 2004-06-13 16:32:57 +08:00			`*`
dual-license fix 2001-01-03 17:29:33 +08:00			`* You may opt to use, copy, modify, merge, publish, distribute and/or sell`
			`* copies of the Software, and permit persons to whom the Software is`
updated source code boilerplate/header 2002-09-03 19:52:59 +08:00			`* furnished to do so, under the terms of the COPYING file.`
files moved to main branch from the newlib branch 2000-05-22 22:09:31 +08:00			`*`
dual-license fix 2001-01-03 17:29:33 +08:00			`* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY`
			`* KIND, either express or implied.`
files moved to main branch from the newlib branch 2000-05-22 22:09:31 +08:00			`*`
updated source code boilerplate/header 2002-09-03 19:52:59 +08:00			`* SPDX-License-Identifier: curl`
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the file `.reuse/dep5`. This commit also adds a Github workflow to check pull requests and adapts copyright.pl to the changes. Closes #8869 2022-05-17 17:16:50 +08:00			`*`
updated source code boilerplate/header 2002-09-03 19:52:59 +08:00			`***************************************************************************/`
Internal symbols that aren't static are now prefixed with 'Curl_' 2001-01-05 18:11:41 +08:00
Changes for removing libcurl.def file on Win32. Added "CURL_EXTERN" to memdebug.h functions. Cleaned up Makefile.vc6. 2004-11-09 22:00:56 +08:00			`#include <curl/curl.h>`

strcasecompare: all case insensitive string compares ignore locale now We had some confusions on when each function was used. We should not act differently on different locales anyway. 2016-10-01 00:54:02 +08:00			`/*`
			`* Only "raw" case insensitive strings. This is meant to be locale independent`
			`* and only compare strings we know are safe for this.`
			`*`
lib: remove support for CURL_DOES_CONVERSIONS TPF was the only user and support for that was dropped. Closes #8378 2022-02-03 20:04:30 +08:00			`* The function is capable of comparing a-z case insensitively.`
strcase.h: add comment about the return code Tool often we run into expecting this to work like strcmp, but it returns 1 instead of 0 for match. Closes #8658 2022-03-31 17:25:56 +08:00			`*`
			`* Result is 1 if text matches and 0 if not.`
strcasecompare: all case insensitive string compares ignore locale now We had some confusions on when each function was used. We should not act differently on different locales anyway. 2016-10-01 00:54:02 +08:00			`*/`

curl_strequal: part of public API/ABI, needs to be kept These two public functions have been mentioned as deprecated since a very long time but since they are still part of the API and ABI we need to keep them around. 2016-10-31 16:45:17 +08:00			`#define strcasecompare(a,b) Curl_strcasecompare(a,b)`
			`#define strncasecompare(a,b,c) Curl_strncasecompare(a,b,c)`
files moved to main branch from the newlib branch 2000-05-22 22:09:31 +08:00
curl_strequal: part of public API/ABI, needs to be kept These two public functions have been mentioned as deprecated since a very long time but since they are still part of the API and ABI we need to keep them around. 2016-10-31 16:45:17 +08:00			`int Curl_strcasecompare(const char first, const char second);`
proxy: Support HTTPS proxy and SOCKS+HTTP(s) * HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks. 2016-11-17 01:49:15 +08:00			`int Curl_safe_strcasecompare(const char first, const char second);`
curl_strequal: part of public API/ABI, needs to be kept These two public functions have been mentioned as deprecated since a very long time but since they are still part of the API and ABI we need to keep them around. 2016-10-31 16:45:17 +08:00			`int Curl_strncasecompare(const char first, const char second, size_t max);`
lib/*.h: use our standard naming scheme for header inclusion guards 2012-12-28 19:03:09 +08:00
strcasecompare: all case insensitive string compares ignore locale now We had some confusions on when each function was used. We should not act differently on different locales anyway. 2016-10-01 00:54:02 +08:00			`char Curl_raw_toupper(char in);`

			`/* checkprefix() is a shorter version of the above, used when the first`
checkprefix: remove strlen calls Closes #8481 2022-02-20 22:16:07 +08:00			`argument is the string literal */`
			`#define checkprefix(a,b) curl_strnequal(b, STRCONST(a))`
strcasecompare: all case insensitive string compares ignore locale now We had some confusions on when each function was used. We should not act differently on different locales anyway. 2016-10-01 00:54:02 +08:00
			`void Curl_strntoupper(char dest, const char src, size_t n);`
http: lowercase headernames for HTTP/2 and HTTP/3 Closes #4401 Fixes #4400 2019-09-23 04:17:12 +08:00			`void Curl_strntolower(char dest, const char src, size_t n);`
strcasecompare: is the new name for strequal() ... to make it less likely that we forget that the function actually does case insentive compares. Also replaced several invokes of the function with a plain strcmp when case sensitivity is not an issue (like comparing with "-"). 2016-09-30 23:15:05 +08:00
url: check sasl additional parameters for connection reuse. Also move static function safecmp() as non-static Curl_safecmp() since its purpose is needed at several places. Bug: https://curl.se/docs/CVE-2022-22576.html CVE-2022-22576 Closes #8746 2022-04-25 17:44:05 +08:00			`bool Curl_safecmp(char a, char b);`

strcasecompare: is the new name for strequal() ... to make it less likely that we forget that the function actually does case insentive compares. Also replaced several invokes of the function with a plain strcmp when case sensitivity is not an issue (like comparing with "-"). 2016-09-30 23:15:05 +08:00			`#endif /* HEADER_CURL_STRCASE_H */`