curl/lib/dict.c
Viktor Szakats 3829759bd0
build: enable missing OpenSSF-recommended warnings, with fixes
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
as of 2023-11-29 [1].

Enable new recommended warnings (except `-Wsign-conversion`):

- enable `-Wformat=2` for clang (in both cmake and autotools).
- add `CURL_PRINTF()` internal attribute and mark functions accepting
  printf arguments with it. This is a copy of existing
  `CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible
  with redefinting the `printf` symbol:
  https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94
- fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for
  mingw-w64 and enable it on this platform.
- enable `-Wimplicit-fallthrough`.
- enable `-Wtrampolines`.
- add `-Wsign-conversion` commented with a FIXME.
- cmake: enable `-pedantic-errors` the way we do it with autotools.
  Follow-up to d5c0351055 #2747
- lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format
  checks. Previously it was always disabled due to the internal `printf`
  macro.

Fix them:

- fix bug where an `set_ipv6_v6only()` call was missed in builds with
  `--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`.
- add internal `FALLTHROUGH()` macro.
- replace obsolete fall-through comments with `FALLTHROUGH()`.
- fix fallthrough markups: Delete redundant ones (showing up as
  warnings in most cases). Add missing ones. Fix indentation.
- silence `-Wformat-nonliteral` warnings with llvm/clang.
- fix one `-Wformat-nonliteral` warning.
- fix new `-Wformat` and `-Wformat-security` warnings.
- fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its
  definition to `lib/curl_setup.h` allowing use in `tests/server`.
- lib: fix two wrongly passed string arguments in log outputs.
  Co-authored-by: Jay Satiro
- fix new `-Wformat` warnings on mingw-w64.

[1] 56c0fde389/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C%2B%2B.md

Closes #12489
2023-12-16 13:12:37 +00:00

331 lines
8.8 KiB
C

/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
* SPDX-License-Identifier: curl
*
***************************************************************************/
#include "curl_setup.h"
#ifndef CURL_DISABLE_DICT
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_NET_IF_H
#include <net/if.h>
#endif
#ifdef HAVE_SYS_IOCTL_H
#include <sys/ioctl.h>
#endif
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endif
#ifdef HAVE_SYS_SELECT_H
#include <sys/select.h>
#elif defined(HAVE_UNISTD_H)
#include <unistd.h>
#endif
#include "urldata.h"
#include <curl/curl.h>
#include "transfer.h"
#include "sendf.h"
#include "escape.h"
#include "progress.h"
#include "dict.h"
#include "curl_printf.h"
#include "strcase.h"
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
/*
* Forward declarations.
*/
static CURLcode dict_do(struct Curl_easy *data, bool *done);
/*
* DICT protocol handler.
*/
const struct Curl_handler Curl_handler_dict = {
"DICT", /* scheme */
ZERO_NULL, /* setup_connection */
dict_do, /* do_it */
ZERO_NULL, /* done */
ZERO_NULL, /* do_more */
ZERO_NULL, /* connect_it */
ZERO_NULL, /* connecting */
ZERO_NULL, /* doing */
ZERO_NULL, /* proto_getsock */
ZERO_NULL, /* doing_getsock */
ZERO_NULL, /* domore_getsock */
ZERO_NULL, /* perform_getsock */
ZERO_NULL, /* disconnect */
ZERO_NULL, /* readwrite */
ZERO_NULL, /* connection_check */
ZERO_NULL, /* attach connection */
PORT_DICT, /* defport */
CURLPROTO_DICT, /* protocol */
CURLPROTO_DICT, /* family */
PROTOPT_NONE | PROTOPT_NOURLQUERY /* flags */
};
#define DYN_DICT_WORD 10000
static char *unescape_word(const char *input)
{
struct dynbuf out;
const char *ptr;
CURLcode result = CURLE_OK;
Curl_dyn_init(&out, DYN_DICT_WORD);
/* According to RFC2229 section 2.2, these letters need to be escaped with
\[letter] */
for(ptr = input; *ptr; ptr++) {
char ch = *ptr;
if((ch <= 32) || (ch == 127) ||
(ch == '\'') || (ch == '\"') || (ch == '\\'))
result = Curl_dyn_addn(&out, "\\", 1);
if(!result)
result = Curl_dyn_addn(&out, ptr, 1);
if(result)
return NULL;
}
return Curl_dyn_ptr(&out);
}
/* sendf() sends formatted data to the server */
static CURLcode sendf(curl_socket_t sockfd, struct Curl_easy *data,
const char *fmt, ...) CURL_PRINTF(3, 4);
static CURLcode sendf(curl_socket_t sockfd, struct Curl_easy *data,
const char *fmt, ...)
{
ssize_t bytes_written;
size_t write_len;
CURLcode result = CURLE_OK;
char *s;
char *sptr;
va_list ap;
va_start(ap, fmt);
#ifdef __clang__
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wformat-nonliteral"
#endif
s = vaprintf(fmt, ap); /* returns an allocated string */
#ifdef __clang__
#pragma clang diagnostic pop
#endif
va_end(ap);
if(!s)
return CURLE_OUT_OF_MEMORY; /* failure */
bytes_written = 0;
write_len = strlen(s);
sptr = s;
for(;;) {
/* Write the buffer to the socket */
result = Curl_write(data, sockfd, sptr, write_len, &bytes_written);
if(result)
break;
Curl_debug(data, CURLINFO_DATA_OUT, sptr, (size_t)bytes_written);
if((size_t)bytes_written != write_len) {
/* if not all was written at once, we must advance the pointer, decrease
the size left and try again! */
write_len -= bytes_written;
sptr += bytes_written;
}
else
break;
}
free(s); /* free the output string */
return result;
}
static CURLcode dict_do(struct Curl_easy *data, bool *done)
{
char *word;
char *eword = NULL;
char *ppath;
char *database = NULL;
char *strategy = NULL;
char *nthdef = NULL; /* This is not part of the protocol, but required
by RFC 2229 */
CURLcode result;
struct connectdata *conn = data->conn;
curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
char *path;
*done = TRUE; /* unconditionally */
/* url-decode path before further evaluation */
result = Curl_urldecode(data->state.up.path, 0, &path, NULL, REJECT_CTRL);
if(result)
return result;
if(strncasecompare(path, DICT_MATCH, sizeof(DICT_MATCH)-1) ||
strncasecompare(path, DICT_MATCH2, sizeof(DICT_MATCH2)-1) ||
strncasecompare(path, DICT_MATCH3, sizeof(DICT_MATCH3)-1)) {
word = strchr(path, ':');
if(word) {
word++;
database = strchr(word, ':');
if(database) {
*database++ = (char)0;
strategy = strchr(database, ':');
if(strategy) {
*strategy++ = (char)0;
nthdef = strchr(strategy, ':');
if(nthdef) {
*nthdef = (char)0;
}
}
}
}
if(!word || (*word == (char)0)) {
infof(data, "lookup word is missing");
word = (char *)"default";
}
if(!database || (*database == (char)0)) {
database = (char *)"!";
}
if(!strategy || (*strategy == (char)0)) {
strategy = (char *)".";
}
eword = unescape_word(word);
if(!eword) {
result = CURLE_OUT_OF_MEMORY;
goto error;
}
result = sendf(sockfd, data,
"CLIENT " LIBCURL_NAME " " LIBCURL_VERSION "\r\n"
"MATCH "
"%s " /* database */
"%s " /* strategy */
"%s\r\n" /* word */
"QUIT\r\n",
database,
strategy,
eword);
if(result) {
failf(data, "Failed sending DICT request");
goto error;
}
Curl_setup_transfer(data, FIRSTSOCKET, -1, FALSE, -1); /* no upload */
}
else if(strncasecompare(path, DICT_DEFINE, sizeof(DICT_DEFINE)-1) ||
strncasecompare(path, DICT_DEFINE2, sizeof(DICT_DEFINE2)-1) ||
strncasecompare(path, DICT_DEFINE3, sizeof(DICT_DEFINE3)-1)) {
word = strchr(path, ':');
if(word) {
word++;
database = strchr(word, ':');
if(database) {
*database++ = (char)0;
nthdef = strchr(database, ':');
if(nthdef) {
*nthdef = (char)0;
}
}
}
if(!word || (*word == (char)0)) {
infof(data, "lookup word is missing");
word = (char *)"default";
}
if(!database || (*database == (char)0)) {
database = (char *)"!";
}
eword = unescape_word(word);
if(!eword) {
result = CURLE_OUT_OF_MEMORY;
goto error;
}
result = sendf(sockfd, data,
"CLIENT " LIBCURL_NAME " " LIBCURL_VERSION "\r\n"
"DEFINE "
"%s " /* database */
"%s\r\n" /* word */
"QUIT\r\n",
database,
eword);
if(result) {
failf(data, "Failed sending DICT request");
goto error;
}
Curl_setup_transfer(data, FIRSTSOCKET, -1, FALSE, -1);
}
else {
ppath = strchr(path, '/');
if(ppath) {
int i;
ppath++;
for(i = 0; ppath[i]; i++) {
if(ppath[i] == ':')
ppath[i] = ' ';
}
result = sendf(sockfd, data,
"CLIENT " LIBCURL_NAME " " LIBCURL_VERSION "\r\n"
"%s\r\n"
"QUIT\r\n", ppath);
if(result) {
failf(data, "Failed sending DICT request");
goto error;
}
Curl_setup_transfer(data, FIRSTSOCKET, -1, FALSE, -1);
}
}
error:
free(eword);
free(path);
return result;
}
#endif /* CURL_DISABLE_DICT */