mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-01-12 13:55:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
3829759bd0
curl/lib
History
Viktor Szakats 3829759bd0
build: enable missing OpenSSF-recommended warnings, with fixes 
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
as of 2023-11-29 [1].

Enable new recommended warnings (except `-Wsign-conversion`):

- enable `-Wformat=2` for clang (in both cmake and autotools).
- add `CURL_PRINTF()` internal attribute and mark functions accepting
  printf arguments with it. This is a copy of existing
  `CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible
  with redefinting the `printf` symbol:
  https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94
- fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for
  mingw-w64 and enable it on this platform.
- enable `-Wimplicit-fallthrough`.
- enable `-Wtrampolines`.
- add `-Wsign-conversion` commented with a FIXME.
- cmake: enable `-pedantic-errors` the way we do it with autotools.
  Follow-up to d5c0351055 #2747
- lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format
  checks. Previously it was always disabled due to the internal `printf`
  macro.

Fix them:

- fix bug where an `set_ipv6_v6only()` call was missed in builds with
  `--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`.
- add internal `FALLTHROUGH()` macro.
- replace obsolete fall-through comments with `FALLTHROUGH()`.
- fix fallthrough markups: Delete redundant ones (showing up as
  warnings in most cases). Add missing ones. Fix indentation.
- silence `-Wformat-nonliteral` warnings with llvm/clang.
- fix one `-Wformat-nonliteral` warning.
- fix new `-Wformat` and `-Wformat-security` warnings.
- fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its
  definition to `lib/curl_setup.h` allowing use in `tests/server`.
- lib: fix two wrongly passed string arguments in log outputs.
  Co-authored-by: Jay Satiro
- fix new `-Wformat` warnings on mingw-w64.

[1] 56c0fde389/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C%2B%2B.md

Closes #12489
2023-12-16 13:12:37 +00:00
..
vauth build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
vquic build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
vssh build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
vtls build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
.checksrc
.gitattributes
.gitignore
altsvc.c lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding 2023-12-08 17:22:33 +01:00
altsvc.h
amigaos.c
amigaos.h
arpa_telnet.h lib: apache style infof and trace macros/functions 2023-10-26 17:42:54 +02:00
asyn-ares.c Revert "urldata: move async resolver state from easy handle to connectdata" 2023-12-15 12:57:35 +01:00
asyn-thread.c Revert "urldata: move async resolver state from easy handle to connectdata" 2023-12-15 12:57:35 +01:00
asyn.h
base64.c build: fix builds that disable protocols but not digest auth 2023-12-01 23:26:53 -05:00
bufq.c
bufq.h
bufref.c lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding 2023-12-08 17:22:33 +01:00
bufref.h
c-hyper.c transfer: cleanup done+excess handling 2023-11-24 13:22:07 +01:00
c-hyper.h
cf-h1-proxy.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
cf-h1-proxy.h
cf-h2-proxy.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
cf-h2-proxy.h
cf-haproxy.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
cf-haproxy.h
cf-https-connect.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
cf-https-connect.h
cf-socket.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
cf-socket.h build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
cfilters.c misc: fix -Walloc-size warnings 2023-11-11 23:35:47 +01:00
cfilters.h lib: fix comment typos 2023-11-23 12:35:59 +01:00
CMakeLists.txt cmake: option to disable install & drop curlu target when unused 2023-11-10 18:24:14 +00:00
config-amigaos.h build: delete HAVE_STDINT_H and HAVE_INTTYPES_H 2023-11-06 17:20:39 +00:00
config-dos.h build: variadic macro tidy-ups 2023-10-27 00:37:34 +00:00
config-mac.h lib: remove TIME_WITH_SYS_TIME 2023-09-28 22:58:36 +02:00
config-os400.h build: delete HAVE_STDINT_H and HAVE_INTTYPES_H 2023-11-06 17:20:39 +00:00
config-plan9.h build: delete HAVE_STDINT_H and HAVE_INTTYPES_H 2023-11-06 17:20:39 +00:00
config-riscos.h build: delete HAVE_STDINT_H and HAVE_INTTYPES_H 2023-11-06 17:20:39 +00:00
config-win32.h config-win32: set HAVE_SNPRINTF for mingw-w64 2023-11-15 14:22:22 +00:00
config-win32ce.h build: delete support bits for obsolete Windows compilers 2023-11-06 22:00:10 +00:00
conncache.c conncache: use the closure handle when disconnecting surplus connections 2023-11-26 17:49:15 +01:00
conncache.h
connect.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
connect.h
content_encoding.c content_encoding: make Curl_all_content_encodings allocless 2023-11-07 16:35:30 +01:00
content_encoding.h content_encoding: make Curl_all_content_encodings allocless 2023-11-07 16:35:30 +01:00
cookie.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
cookie.h
curl_addrinfo.c
curl_addrinfo.h
curl_base64.h
curl_config.h.cmake fopen: create new file using old file's mode 2023-11-23 22:30:42 +01:00
curl_ctype.h
curl_des.c
curl_des.h
curl_endian.c
curl_endian.h
curl_fnmatch.c
curl_fnmatch.h
curl_get_line.c
curl_get_line.h
curl_gethostname.c
curl_gethostname.h
curl_gssapi.c
curl_gssapi.h
curl_hmac.h build: fix libssh2 + CURL_DISABLE_DIGEST_AUTH + CURL_DISABLE_AWS 2023-11-15 20:57:49 +00:00
curl_krb5.h
curl_ldap.h
curl_md4.h
curl_md5.h
curl_memory.h windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
curl_memrchr.c
curl_memrchr.h build: delete checks for C89 standard headers 2023-09-26 14:25:10 +00:00
curl_multibyte.c windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
curl_multibyte.h windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
curl_ntlm_core.c openssl: fix building with v3 no-deprecated + add CI test 2023-11-23 02:03:02 +00:00
curl_ntlm_core.h
curl_ntlm_wb.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
curl_ntlm_wb.h
curl_path.c
curl_path.h windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
curl_printf.h
curl_range.c
curl_range.h
curl_rtmp.c windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
curl_rtmp.h
curl_sasl.c sasl: fix -Wunused-function compiler warning 2023-11-15 13:00:38 +00:00
curl_sasl.h
curl_setup_once.h windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
curl_setup.h build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
curl_sha256.h
curl_sspi.c
curl_sspi.h curl_sspi: support more revocation error names in error messages 2023-11-03 03:50:59 -04:00
curl_threads.c
curl_threads.h
curl_trc.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
curl_trc.h build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
curlx.h
dict.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
dict.h
doh.c Revert "urldata: move async resolver state from easy handle to connectdata" 2023-12-15 12:57:35 +01:00
doh.h
dynbuf.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
dynbuf.h build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
dynhds.c http2: header conversion tightening 2023-10-21 14:36:51 +02:00
dynhds.h http2: header conversion tightening 2023-10-21 14:36:51 +02:00
easy_lock.h easy_lock: add a pthread_mutex_t fallback 2023-10-12 23:40:08 -04:00
easy.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
easygetopt.c
easyif.h
easyoptions.c
easyoptions.h
escape.c lib: provide and use Curl_hexencode 2023-09-30 11:45:39 +02:00
escape.h lib: provide and use Curl_hexencode 2023-09-30 11:45:39 +02:00
file.c windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
file.h
fileinfo.c
fileinfo.h
fopen.c fopen: allocate the dir after fopen 2023-11-24 13:24:08 +01:00
fopen.h
formdata.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
formdata.h
ftp.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
ftp.h
ftplistparser.c build: add more picky warnings and fix them 2023-11-21 16:35:42 +00:00
ftplistparser.h
functypes.h windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
getenv.c windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
getinfo.c
getinfo.h
gopher.c
gopher.h
hash.c
hash.h
headers.c
headers.h
hmac.c
hostasyn.c Revert "urldata: move async resolver state from easy handle to connectdata" 2023-12-15 12:57:35 +01:00
hostip4.c
hostip6.c hostip6: fix DEBUG_ADDRINFO builds 2023-10-28 00:27:20 -04:00
hostip.c Revert "urldata: move async resolver state from easy handle to connectdata" 2023-12-15 12:57:35 +01:00
hostip.h hostip: show the list of IPs when resolving is done 2023-10-20 23:00:10 +02:00
hostsyn.c
hsts.c lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding 2023-12-08 17:22:33 +01:00
hsts.h
http1.c http: h1/h2 proxy unification 2023-09-25 20:12:18 +02:00
http1.h http: h1/h2 proxy unification 2023-09-25 20:12:18 +02:00
http2.c lib: eliminate conn->cselect_bits 2023-12-14 15:20:05 +01:00
http2.h
http_aws_sigv4.c lib: reduce use of strncpy 2023-12-11 23:29:02 +01:00
http_aws_sigv4.h
http_chunks.c build: add more picky warnings and fix them 2023-11-21 16:35:42 +00:00
http_chunks.h transfer: readwrite improvements 2023-11-21 08:03:45 +01:00
http_digest.c
http_digest.h
http_negotiate.c
http_negotiate.h
http_ntlm.c
http_ntlm.h
http_proxy.c lib: introduce struct easy_poll_set for poll information 2023-10-25 09:34:32 +02:00
http_proxy.h http: h1/h2 proxy unification 2023-09-25 20:12:18 +02:00
http.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
http.h transfer: cleanup done+excess handling 2023-11-24 13:22:07 +01:00
idn.c windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
idn.h
if2ip.c
if2ip.h
imap.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
imap.h
inet_ntop.c inet_ntop: add typecast to silence Coverity 2023-09-27 13:18:22 +02:00
inet_ntop.h
inet_pton.c
inet_pton.h
krb5.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
ldap.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
libcurl.plist.in
libcurl.rc
libcurl.vers.in
llist.c
llist.h
macos.c
macos.h
Makefile.am autotools: avoid passing LDFLAGS twice to libcurl 2023-11-14 19:28:15 +00:00
Makefile.inc build: alpha-sort source files for lib and src 2023-10-03 12:58:17 +00:00
Makefile.mk Makefile.mk: drop Windows support 2023-12-16 13:12:22 +00:00
Makefile.soname
md4.c lib: strndup/memdup instead of malloc, memcpy and null-terminate 2023-12-07 08:47:44 +01:00
md5.c
memdebug.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
memdebug.h build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
mime.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
mime.h build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
mprintf.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
mqtt.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
mqtt.h MQTT: improve receive of ACKs 2023-10-09 18:34:17 +02:00
multi.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
multihandle.h urldata: make maxconnects a 32 bit value 2023-11-22 13:27:38 +01:00
multiif.h multiif.h: remove Curl_multi_dump declaration 2023-09-26 03:51:13 -04:00
netrc.c windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
netrc.h
nonblock.c
nonblock.h
noproxy.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
noproxy.h
openldap.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
optiontable.pl
parsedate.c
parsedate.h
pingpong.c lib: strndup/memdup instead of malloc, memcpy and null-terminate 2023-12-07 08:47:44 +01:00
pingpong.h build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
pop3.c misc: fix -Walloc-size warnings 2023-11-11 23:35:47 +01:00
pop3.h
progress.c multi: during ratelimit multi_getsock should return no sockets 2023-11-30 15:53:22 +01:00
progress.h
psl.c
psl.h
rand.c windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
rand.h windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
rename.c windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
rename.h
rtsp.c lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding 2023-12-08 17:22:33 +01:00
rtsp.h RTSP: improved RTP parser 2023-10-21 14:38:21 +02:00
select.c windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
select.h
sendf.c sendf: fix compiler warning with CURL_DISABLE_HEADERS_API 2023-12-08 09:28:53 +01:00
sendf.h lib: client writer, part 2, accounting + logging 2023-11-06 13:14:06 +01:00
setopt.c urldata: make maxconnects a 32 bit value 2023-11-22 13:27:38 +01:00
setopt.h
setup-os400.h
setup-vms.h
setup-win32.h tidy-up: casing typos, delete unused Windows version aliases 2023-11-18 11:16:32 +00:00
sha256.c
share.c
share.h build: delete support bits for obsolete Windows compilers 2023-11-06 22:00:10 +00:00
sigpipe.h build: delete checks for C89 standard headers 2023-09-26 14:25:10 +00:00
slist.c
slist.h
smb.c windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
smb.h
smtp.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
smtp.h
sockaddr.h
socketpair.c windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
socketpair.h asyn-thread: use pipe instead of socketpair for IPC when available 2023-10-18 08:23:53 +02:00
socks_gssapi.c lib: strndup/memdup instead of malloc, memcpy and null-terminate 2023-12-07 08:47:44 +01:00
socks_sspi.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
socks.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
socks.h
speedcheck.c
speedcheck.h
splay.c
splay.h
strcase.c
strcase.h
strdup.c lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding 2023-12-08 17:22:33 +01:00
strdup.h lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding 2023-12-08 17:22:33 +01:00
strerror.c lib: reduce use of strncpy 2023-12-11 23:29:02 +01:00
strerror.h windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
strtok.c
strtok.h
strtoofft.c
strtoofft.h
system_win32.c windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
system_win32.h windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
telnet.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
telnet.h
tftp.c setopt: check CURLOPT_TFTP_BLKSIZE range on set 2023-11-22 07:44:05 +01:00
tftp.h setopt: check CURLOPT_TFTP_BLKSIZE range on set 2023-11-22 07:44:05 +01:00
timediff.c windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
timediff.h
timeval.c windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
timeval.h multi: round the timeout up to prevent early wakeups 2023-09-28 09:52:20 +02:00
transfer.c readwrite_data: loop less 2023-12-14 16:13:28 +01:00
transfer.h lib: eliminate conn->cselect_bits 2023-12-14 15:20:05 +01:00
url.c Revert "urldata: move async resolver state from easy handle to connectdata" 2023-12-15 12:57:35 +01:00
url.h url: protocol handler lookup tidy-up 2023-10-27 16:55:54 +02:00
urlapi-int.h
urlapi.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
urldata.h Revert "urldata: move async resolver state from easy handle to connectdata" 2023-12-15 12:57:35 +01:00
version_win32.c windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
version_win32.h windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
version.c windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
warnless.c windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
warnless.h windows: use built-in _WIN32 macro to detect Windows 2023-11-22 15:42:25 +00:00
ws.c build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
ws.h