From 5385450afd61328e7d24b50eeffc2b1571cd9e2f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 16 Jun 2017 11:30:36 +0200
Subject: [PATCH] curl: prevent binary output spewed to terminal

... unless "--output -" is used. Binary detection is done by simply
checking for a binary zero in early data.

Added test 1425 1426 to verify.

Closes #1512
---
 docs/TODO               |   6 ------
 src/tool_cb_wrt.c       |  33 +++++++++++++++++++++++++++------
 src/tool_cfgable.h      |   9 +++++++++
 src/tool_getparam.c     |   2 +-
 src/tool_help.c         |   2 +-
 src/tool_main.c         |   2 +-
 src/tool_operate.c      |   8 +++++++-
 tests/data/Makefile.inc |   2 +-
 tests/data/test1425     | Bin 0 -> 1726 bytes
 tests/data/test1426     | Bin 0 -> 1663 bytes
 10 files changed, 47 insertions(+), 17 deletions(-)
 create mode 100644 tests/data/test1425
 create mode 100644 tests/data/test1426

diff --git a/docs/TODO b/docs/TODO
index 3e3ea16840..099929b369 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -140,7 +140,6 @@
  18.4 simultaneous parallel transfers
  18.5 provide formpost headers
  18.6 warning when setting an option
- 18.7 warning when sending binary output to terminal
  18.8 offer color-coded HTTP header output
  18.9 Choose the name of file in braces for complex URLs
  18.10 improve how curl works in a windows console window
@@ -933,11 +932,6 @@ that doesn't exist on the server, just like --ftp-create-dirs.
  This can be useful to tell when support for a particular feature hasn't been
  compiled into the library.
 
-18.7 warning when sending binary output to terminal
-
- Provide a way that prompts the user for confirmation before binary data is
- sent to the terminal, much in the style 'less' does it.
-
 18.8 offer color-coded HTTP header output
 
  By offering different color output on the header name and the header
diff --git a/src/tool_cb_wrt.c b/src/tool_cb_wrt.c
index 6c08943eae..c818abf51a 100644
--- a/src/tool_cb_wrt.c
+++ b/src/tool_cb_wrt.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -77,6 +77,8 @@ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata)
   size_t rc;
   struct OutStruct *outs = userdata;
   struct OperationConfig *config = outs->config;
+  size_t bytes = sz * nmemb;
+  bool isatty = config->global->isatty;
 
   /*
    * Once that libcurl has called back tool_write_cb() the returned value
@@ -84,21 +86,29 @@ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata)
    * it does not match then it fails with CURLE_WRITE_ERROR. So at this
    * point returning a value different from sz*nmemb indicates failure.
    */
-  const size_t failure = (sz && nmemb) ? 0 : 1;
+  const size_t failure = bytes ? 0 : 1;
 
   if(!config)
     return failure;
 
 #ifdef DEBUGBUILD
+  {
+    char *tty = curlx_getenv("CURL_ISATTY");
+    if(tty) {
+      isatty = TRUE;
+      curl_free(tty);
+    }
+  }
+
   if(config->include_headers) {
-    if(sz * nmemb > (size_t)CURL_MAX_HTTP_HEADER) {
+    if(bytes > (size_t)CURL_MAX_HTTP_HEADER) {
       warnf(config->global, "Header data size exceeds single call write "
             "limit!\n");
       return failure;
     }
   }
   else {
-    if(sz * nmemb > (size_t)CURL_MAX_WRITE_SIZE) {
+    if(bytes > (size_t)CURL_MAX_WRITE_SIZE) {
       warnf(config->global, "Data size exceeds single call write limit!\n");
       return failure;
     }
@@ -137,11 +147,22 @@ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata)
   if(!outs->stream && !tool_create_output_file(outs))
     return failure;
 
+  if(isatty && (outs->bytes < 2000) && !config->terminal_binary_ok) {
+    /* binary output to terminal? */
+    if(memchr(buffer, 0, bytes)) {
+      warnf(config->global, "Binary output can mess up your terminal. "
+            "Use \"--output -\" to tell curl to output it to your terminal "
+            "anyway, or consider \"--output <FILE>\" to save to a file.\n");
+      config->synthetic_error = ERR_BINARY_TERMINAL;
+      return failure;
+    }
+  }
+
   rc = fwrite(buffer, sz, nmemb, outs->stream);
 
-  if((sz * nmemb) == rc)
+  if(bytes == rc)
     /* we added this amount of data to the output */
-    outs->bytes += (sz * nmemb);
+    outs->bytes += bytes;
 
   if(config->readbusy) {
     config->readbusy = FALSE;
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index 38777f6fdb..8d74905d97 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -27,6 +27,12 @@
 
 #include "tool_metalink.h"
 
+typedef enum {
+  ERR_NONE,
+  ERR_BINARY_TERMINAL = 1, /* binary to terminal detected */
+  ERR_LAST
+} curl_error;
+
 struct GlobalConfig;
 
 struct OperationConfig {
@@ -141,6 +147,7 @@ struct OperationConfig {
   bool insecure_ok;         /* set TRUE to allow insecure SSL connects */
   bool proxy_insecure_ok;   /* set TRUE to allow insecure SSL connects
                                for proxy */
+  bool terminal_binary_ok;
   bool verifystatus;
   bool create_dirs;
   bool ftp_create_dirs;
@@ -236,6 +243,8 @@ struct OperationConfig {
   double expect100timeout;
   bool suppress_connect_headers;  /* suppress proxy CONNECT response headers
                                      from user callbacks */
+  curl_error synthetic_error;     /* if non-zero, it overrides any libcurl
+                                     error */
   struct GlobalConfig *global;
   struct OperationConfig *prev;
   struct OperationConfig *next;   /* Always last in the struct */
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index fabe8f04b1..bcb9e1ee2f 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -1554,7 +1554,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
         config->proxy_insecure_ok = toggle;
         break;
 
-      case '9':
+      case '9': /* --proxy-tlsv1 */
         /* TLS version 1 for proxy */
         config->proxy_ssl_version = CURL_SSLVERSION_TLSv1;
         break;
diff --git a/src/tool_help.c b/src/tool_help.c
index 46aae45271..08a81f5905 100644
--- a/src/tool_help.c
+++ b/src/tool_help.c
@@ -252,7 +252,7 @@ static const struct helptxt helptext[] = {
    "Use HTTP NTLM authentication"},
   {"    --ntlm-wb",
    "Use HTTP NTLM authentication with winbind"},
-  {"    --oauth2-bearer",
+  {"    --oauth2-bearer <token>",
    "OAuth 2 Bearer Token"},
   {"-o, --output <file>",
    "Write to file instead of stdout"},
diff --git a/src/tool_main.c b/src/tool_main.c
index 7e742ffcab..089a317d4f 100644
--- a/src/tool_main.c
+++ b/src/tool_main.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 6f1525e8b1..b80a77118a 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -862,6 +862,9 @@ static CURLcode operate_do(struct GlobalConfig *global,
           set_binmode(stdout);
         }
 
+        /* explicitly passed to stdout means okaying binary gunk */
+        config->terminal_binary_ok = (outfile && !strcmp(outfile, "-"));
+
         if(!config->tcp_nodelay)
           my_setopt(curl, CURLOPT_TCP_NODELAY, 0L);
 
@@ -1764,7 +1767,10 @@ static CURLcode operate_do(struct GlobalConfig *global,
         }
         else
 #endif
-        if(result && global->showerror) {
+        if(config->synthetic_error) {
+          ;
+        }
+        else if(result && global->showerror) {
           fprintf(global->errors, "curl: (%d) %s\n", result, (errorbuffer[0]) ?
                   errorbuffer : curl_easy_strerror(result));
           if(result == CURLE_SSL_CACERT)
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index d5f892e4cf..4f3428987f 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -151,7 +151,7 @@ test1396 test1397 test1398 \
 test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 \
 test1408 test1409 test1410 test1411 test1412 test1413 test1414 test1415 \
 test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \
-test1424 \
+test1424 test1425 test1426 \
 test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
 test1436 test1437 test1438 test1439 test1440 test1441 test1442 test1443 \
 test1444 test1445 test1446 \
diff --git a/tests/data/test1425 b/tests/data/test1425
new file mode 100644
index 0000000000000000000000000000000000000000..0044c69d516739dd6add1d4cfc3f21c47eab964c
GIT binary patch
literal 1726
zcmd^AYj3Jb6uqA(>3`U1b8?cVmPf7kNT`YRRa(&&@likA24MsgXABHl{PlMa^p)J7
za1)KpelGUxwKN6IgzsgvMa-D3IsR;EapY-`waA0(K9g0<ytJrgBH+0ort<AJl`4an
zDcvUprl!<OAn=4&<to~>2D+-k_=$8qK@D)D{0h`2jQ9Z^nhILos5cD^8Q3nF(DXo4
z10<$eRvwhKx20t0p~2=sypCyrRdRX-+6_GBOqRzgx}m9`ReG)$8lY>cep?ItziT(m
zdPA=_|B$xt)4ixU9t&w^z^cGLq{Eq@Ow@*yg(5QGR$3VKMa-E2e!?^Q72_6rd<Q|_
zg%XKfLi#ylMJ=KpVk&5cA42}p^qV@4>BlI@1w5zx5C=2>FM}0MyHN+qd@e15Lr4XP
zh(a}LIMI|t%qkNP3J_RK&;aY~Q@*EZQe1<Z#{L#vGMmv9{owO7Md0Wqro4oYPIu=B
z>>L>PBkFIfQ;SUc&UD)O^FG}4LVMFbTD|75vvs0iFl|_UhX<2mXm_`vyKCxJ*E-s6
zJG9-G#;Ch(*xh#MsM@rXj1r$M6XI`p7z}2oprf6Zi${IAunx;zKV81;?bpRf9Zt2w
za**u2`D{Cm@2A0hnpxf6$?EO3RopJH;1SQoc+)$Qafv1v&D#6^Y|v+88Q`{y(L~$6
zo_t}Sw(4kOsbe>MdYO+l%f-DqoIOUXU6A-E9=@_fT`ugW7rmJiM3o~ddpW;l!60l{
z-D&Aq?Pi-`kQ`Qs{8fKH_<Cjkh@aBMeS%1_P^1p^NL|g3PsCxfe8slH8_c3*mxpvd
zJIQY+<ZauvPNVkS9bSD!0J#DsE64?2TqlX;mSwmE#PrJp@}=7G7Kwz|W8&u#<3$u_
zB@cj68sH;`6$K9hy2?XX<#7_o6+xcTR5~S1AQl)Dvk>E4_Z5(@dr8?fZcm<4By^dL
zjlL}i0oVV~BAux-e6uEPOuUneEYVaRFqyYQeQ@YH&%TzlDlS_Kn(j~|5(1`DMS|(`
z-Ogh{^=5{m{CXHqT<h8RB_-u~?6`_n*Ke`OS0FxqOr@OHjHdCrD76H<HMS_(AcX-U
z$stM^oM#ai=fp(Kz*sp>k;eNL`DcoQthJFB!nnSaZ&KM!WRKuJPg-QqbD@L)5|GrX
zGxESQVZeWoo_*+s0hh|<89Bpx-*vF1l*RwA+{xiq6Sx5V2JY@aE>iDp?pSW`t>-vn
u=L-BhP2kA$Bw)V<c%=;g6ui$xrD@7jsfsP4-{72ooK5BHmX+_ntbYML;wLr$

literal 0
HcmV?d00001

diff --git a/tests/data/test1426 b/tests/data/test1426
new file mode 100644
index 0000000000000000000000000000000000000000..dd6a8d117067a2579e2ea0775ec70dcc23eb56c3
GIT binary patch
literal 1663
zcmd^AZEvbb6yDF1^gm2`bH6l~@>1(w2{p04l~%M>Q0s@?05bxDGXw@L{`x&5wcTWY
z!X_G-^YWaBGv_&4f|ermOWH+N!nPcKQd%E*LCP+Aa@|)HB+M^rr4)o$0$J*}+fthh
zWEC{eYDg`ppJCz)zsXhgTOAvkhG#Em;0tPEH?DqRt%Ilh01jQlddqBeOb8h}E?Usy
zKnoK~PD*(`s9Qg!XySvx;Uw86lmJRae_{O&KUYk`1Bzkl+686k`jLqZT{G?#68@>&
zby{ts)%lHjVMueK%zYNo(!@axbx@x(L77k{ltm&o@x8P#8j6H76Necu=~s+f=kN}K
zeh4)d`wWdL#%d*|K5(jO2_J<1(2ctmwCP{1KtJ$n!4C<c1p6fppxf;hrYz*rA~=qy
zz#^u&X*E94g5!iWCQfQB08CH<IC;TyT4ePtc8erT!6ma9Ex?aMUKBtayvUN5@LB2M
z8i-wE#>1F~X>;nL#c1w%{ofyx-7s=?y`w$sO#10OCS$K{kLH{#j*&A+BX{31?16oB
z++O6kZ|&(IZ99WrG}m;mpG~unZ88+@ctpm_6Y1-x&HCBctnI^QKPonFx%0lBY7<XC
zY{uE%UoF#F^5~J3SK5Q&$sXo<ko0N*Ji@u2?S@A*JF_9vWiKBs$0IhA0dB9JF7)*M
z6bk2*YSW#q&D`kaZ8hC(){oj``5Xs(l7%N8y|YZ)teuxPqf;SZRRJq!v$|(w9JTF%
zcXkB(<&KQALjcU*jgLcUH1^MUkFFmxU<yF7HZfu?SRG%`oGq(>rNSRC<IR9abhSLm
zZ$IKa$F)z>-opc2eIo!l0%ujAA8>K~ERj=I!Vn-UJRd+W&5U<ZEJO~8mm|cBI4RFM
zz>HD?j~oXS`<T$6if~XR8IdCbI;DklN}1q9Kv2RWh;!X{40_F_WVbLqRY5_}=WHnS
zZ2<}}{)aB=d-KWP_M!)g4|0$to5q7J=I>!Y%u>I;jA#Qb3kzE8VMAmHTWS-Bt&s2c
zJ|oS0nX3BpX|{0fSM#S_D6g}*tLiPIjTPk+MuBQyIq>+|o^#`tv`Dt~d8uH33)RlD
zkQ)NWQcRRGd|k#|Tq6sX2gJ(0iXzFo=r0dCs`Nl0!o0nauhiHrkdfda&$?(lbaBH*
za+3?|3O(^snD{@WuRa%uiEq@KD|7{T-#AcG?nh7=qsJ^^^rEv1?EiHSHhqCRQNM0S
I{r=DS2lSm0$N&HU

literal 0
HcmV?d00001