mirror of
https://github.com/curl/curl.git
synced 2025-01-12 13:55:11 +08:00
3829759bd0
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html as of 2023-11-29 [1]. Enable new recommended warnings (except `-Wsign-conversion`): - enable `-Wformat=2` for clang (in both cmake and autotools). - add `CURL_PRINTF()` internal attribute and mark functions accepting printf arguments with it. This is a copy of existing `CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible with redefinting the `printf` symbol: https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94 - fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for mingw-w64 and enable it on this platform. - enable `-Wimplicit-fallthrough`. - enable `-Wtrampolines`. - add `-Wsign-conversion` commented with a FIXME. - cmake: enable `-pedantic-errors` the way we do it with autotools. Follow-up tod5c0351055
#2747 - lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format checks. Previously it was always disabled due to the internal `printf` macro. Fix them: - fix bug where an `set_ipv6_v6only()` call was missed in builds with `--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`. - add internal `FALLTHROUGH()` macro. - replace obsolete fall-through comments with `FALLTHROUGH()`. - fix fallthrough markups: Delete redundant ones (showing up as warnings in most cases). Add missing ones. Fix indentation. - silence `-Wformat-nonliteral` warnings with llvm/clang. - fix one `-Wformat-nonliteral` warning. - fix new `-Wformat` and `-Wformat-security` warnings. - fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its definition to `lib/curl_setup.h` allowing use in `tests/server`. - lib: fix two wrongly passed string arguments in log outputs. Co-authored-by: Jay Satiro - fix new `-Wformat` warnings on mingw-w64. [1]56c0fde389/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C%2B%2B.md
Closes #12489
331 lines
8.8 KiB
C
331 lines
8.8 KiB
C
/***************************************************************************
|
|
* _ _ ____ _
|
|
* Project ___| | | | _ \| |
|
|
* / __| | | | |_) | |
|
|
* | (__| |_| | _ <| |___
|
|
* \___|\___/|_| \_\_____|
|
|
*
|
|
* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
*
|
|
* This software is licensed as described in the file COPYING, which
|
|
* you should have received as part of this distribution. The terms
|
|
* are also available at https://curl.se/docs/copyright.html.
|
|
*
|
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
* copies of the Software, and permit persons to whom the Software is
|
|
* furnished to do so, under the terms of the COPYING file.
|
|
*
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
* KIND, either express or implied.
|
|
*
|
|
* SPDX-License-Identifier: curl
|
|
*
|
|
***************************************************************************/
|
|
|
|
#include "curl_setup.h"
|
|
|
|
#ifndef CURL_DISABLE_DICT
|
|
|
|
#ifdef HAVE_NETINET_IN_H
|
|
#include <netinet/in.h>
|
|
#endif
|
|
#ifdef HAVE_NETDB_H
|
|
#include <netdb.h>
|
|
#endif
|
|
#ifdef HAVE_ARPA_INET_H
|
|
#include <arpa/inet.h>
|
|
#endif
|
|
#ifdef HAVE_NET_IF_H
|
|
#include <net/if.h>
|
|
#endif
|
|
#ifdef HAVE_SYS_IOCTL_H
|
|
#include <sys/ioctl.h>
|
|
#endif
|
|
|
|
#ifdef HAVE_SYS_PARAM_H
|
|
#include <sys/param.h>
|
|
#endif
|
|
|
|
#ifdef HAVE_SYS_SELECT_H
|
|
#include <sys/select.h>
|
|
#elif defined(HAVE_UNISTD_H)
|
|
#include <unistd.h>
|
|
#endif
|
|
|
|
#include "urldata.h"
|
|
#include <curl/curl.h>
|
|
#include "transfer.h"
|
|
#include "sendf.h"
|
|
#include "escape.h"
|
|
#include "progress.h"
|
|
#include "dict.h"
|
|
#include "curl_printf.h"
|
|
#include "strcase.h"
|
|
#include "curl_memory.h"
|
|
/* The last #include file should be: */
|
|
#include "memdebug.h"
|
|
|
|
/*
|
|
* Forward declarations.
|
|
*/
|
|
|
|
static CURLcode dict_do(struct Curl_easy *data, bool *done);
|
|
|
|
/*
|
|
* DICT protocol handler.
|
|
*/
|
|
|
|
const struct Curl_handler Curl_handler_dict = {
|
|
"DICT", /* scheme */
|
|
ZERO_NULL, /* setup_connection */
|
|
dict_do, /* do_it */
|
|
ZERO_NULL, /* done */
|
|
ZERO_NULL, /* do_more */
|
|
ZERO_NULL, /* connect_it */
|
|
ZERO_NULL, /* connecting */
|
|
ZERO_NULL, /* doing */
|
|
ZERO_NULL, /* proto_getsock */
|
|
ZERO_NULL, /* doing_getsock */
|
|
ZERO_NULL, /* domore_getsock */
|
|
ZERO_NULL, /* perform_getsock */
|
|
ZERO_NULL, /* disconnect */
|
|
ZERO_NULL, /* readwrite */
|
|
ZERO_NULL, /* connection_check */
|
|
ZERO_NULL, /* attach connection */
|
|
PORT_DICT, /* defport */
|
|
CURLPROTO_DICT, /* protocol */
|
|
CURLPROTO_DICT, /* family */
|
|
PROTOPT_NONE | PROTOPT_NOURLQUERY /* flags */
|
|
};
|
|
|
|
#define DYN_DICT_WORD 10000
|
|
static char *unescape_word(const char *input)
|
|
{
|
|
struct dynbuf out;
|
|
const char *ptr;
|
|
CURLcode result = CURLE_OK;
|
|
Curl_dyn_init(&out, DYN_DICT_WORD);
|
|
|
|
/* According to RFC2229 section 2.2, these letters need to be escaped with
|
|
\[letter] */
|
|
for(ptr = input; *ptr; ptr++) {
|
|
char ch = *ptr;
|
|
if((ch <= 32) || (ch == 127) ||
|
|
(ch == '\'') || (ch == '\"') || (ch == '\\'))
|
|
result = Curl_dyn_addn(&out, "\\", 1);
|
|
if(!result)
|
|
result = Curl_dyn_addn(&out, ptr, 1);
|
|
if(result)
|
|
return NULL;
|
|
}
|
|
return Curl_dyn_ptr(&out);
|
|
}
|
|
|
|
/* sendf() sends formatted data to the server */
|
|
static CURLcode sendf(curl_socket_t sockfd, struct Curl_easy *data,
|
|
const char *fmt, ...) CURL_PRINTF(3, 4);
|
|
|
|
static CURLcode sendf(curl_socket_t sockfd, struct Curl_easy *data,
|
|
const char *fmt, ...)
|
|
{
|
|
ssize_t bytes_written;
|
|
size_t write_len;
|
|
CURLcode result = CURLE_OK;
|
|
char *s;
|
|
char *sptr;
|
|
va_list ap;
|
|
va_start(ap, fmt);
|
|
#ifdef __clang__
|
|
#pragma clang diagnostic push
|
|
#pragma clang diagnostic ignored "-Wformat-nonliteral"
|
|
#endif
|
|
s = vaprintf(fmt, ap); /* returns an allocated string */
|
|
#ifdef __clang__
|
|
#pragma clang diagnostic pop
|
|
#endif
|
|
va_end(ap);
|
|
if(!s)
|
|
return CURLE_OUT_OF_MEMORY; /* failure */
|
|
|
|
bytes_written = 0;
|
|
write_len = strlen(s);
|
|
sptr = s;
|
|
|
|
for(;;) {
|
|
/* Write the buffer to the socket */
|
|
result = Curl_write(data, sockfd, sptr, write_len, &bytes_written);
|
|
|
|
if(result)
|
|
break;
|
|
|
|
Curl_debug(data, CURLINFO_DATA_OUT, sptr, (size_t)bytes_written);
|
|
|
|
if((size_t)bytes_written != write_len) {
|
|
/* if not all was written at once, we must advance the pointer, decrease
|
|
the size left and try again! */
|
|
write_len -= bytes_written;
|
|
sptr += bytes_written;
|
|
}
|
|
else
|
|
break;
|
|
}
|
|
|
|
free(s); /* free the output string */
|
|
|
|
return result;
|
|
}
|
|
|
|
static CURLcode dict_do(struct Curl_easy *data, bool *done)
|
|
{
|
|
char *word;
|
|
char *eword = NULL;
|
|
char *ppath;
|
|
char *database = NULL;
|
|
char *strategy = NULL;
|
|
char *nthdef = NULL; /* This is not part of the protocol, but required
|
|
by RFC 2229 */
|
|
CURLcode result;
|
|
struct connectdata *conn = data->conn;
|
|
curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
|
|
|
|
char *path;
|
|
|
|
*done = TRUE; /* unconditionally */
|
|
|
|
/* url-decode path before further evaluation */
|
|
result = Curl_urldecode(data->state.up.path, 0, &path, NULL, REJECT_CTRL);
|
|
if(result)
|
|
return result;
|
|
|
|
if(strncasecompare(path, DICT_MATCH, sizeof(DICT_MATCH)-1) ||
|
|
strncasecompare(path, DICT_MATCH2, sizeof(DICT_MATCH2)-1) ||
|
|
strncasecompare(path, DICT_MATCH3, sizeof(DICT_MATCH3)-1)) {
|
|
|
|
word = strchr(path, ':');
|
|
if(word) {
|
|
word++;
|
|
database = strchr(word, ':');
|
|
if(database) {
|
|
*database++ = (char)0;
|
|
strategy = strchr(database, ':');
|
|
if(strategy) {
|
|
*strategy++ = (char)0;
|
|
nthdef = strchr(strategy, ':');
|
|
if(nthdef) {
|
|
*nthdef = (char)0;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if(!word || (*word == (char)0)) {
|
|
infof(data, "lookup word is missing");
|
|
word = (char *)"default";
|
|
}
|
|
if(!database || (*database == (char)0)) {
|
|
database = (char *)"!";
|
|
}
|
|
if(!strategy || (*strategy == (char)0)) {
|
|
strategy = (char *)".";
|
|
}
|
|
|
|
eword = unescape_word(word);
|
|
if(!eword) {
|
|
result = CURLE_OUT_OF_MEMORY;
|
|
goto error;
|
|
}
|
|
|
|
result = sendf(sockfd, data,
|
|
"CLIENT " LIBCURL_NAME " " LIBCURL_VERSION "\r\n"
|
|
"MATCH "
|
|
"%s " /* database */
|
|
"%s " /* strategy */
|
|
"%s\r\n" /* word */
|
|
"QUIT\r\n",
|
|
database,
|
|
strategy,
|
|
eword);
|
|
|
|
if(result) {
|
|
failf(data, "Failed sending DICT request");
|
|
goto error;
|
|
}
|
|
Curl_setup_transfer(data, FIRSTSOCKET, -1, FALSE, -1); /* no upload */
|
|
}
|
|
else if(strncasecompare(path, DICT_DEFINE, sizeof(DICT_DEFINE)-1) ||
|
|
strncasecompare(path, DICT_DEFINE2, sizeof(DICT_DEFINE2)-1) ||
|
|
strncasecompare(path, DICT_DEFINE3, sizeof(DICT_DEFINE3)-1)) {
|
|
|
|
word = strchr(path, ':');
|
|
if(word) {
|
|
word++;
|
|
database = strchr(word, ':');
|
|
if(database) {
|
|
*database++ = (char)0;
|
|
nthdef = strchr(database, ':');
|
|
if(nthdef) {
|
|
*nthdef = (char)0;
|
|
}
|
|
}
|
|
}
|
|
|
|
if(!word || (*word == (char)0)) {
|
|
infof(data, "lookup word is missing");
|
|
word = (char *)"default";
|
|
}
|
|
if(!database || (*database == (char)0)) {
|
|
database = (char *)"!";
|
|
}
|
|
|
|
eword = unescape_word(word);
|
|
if(!eword) {
|
|
result = CURLE_OUT_OF_MEMORY;
|
|
goto error;
|
|
}
|
|
|
|
result = sendf(sockfd, data,
|
|
"CLIENT " LIBCURL_NAME " " LIBCURL_VERSION "\r\n"
|
|
"DEFINE "
|
|
"%s " /* database */
|
|
"%s\r\n" /* word */
|
|
"QUIT\r\n",
|
|
database,
|
|
eword);
|
|
|
|
if(result) {
|
|
failf(data, "Failed sending DICT request");
|
|
goto error;
|
|
}
|
|
Curl_setup_transfer(data, FIRSTSOCKET, -1, FALSE, -1);
|
|
}
|
|
else {
|
|
|
|
ppath = strchr(path, '/');
|
|
if(ppath) {
|
|
int i;
|
|
|
|
ppath++;
|
|
for(i = 0; ppath[i]; i++) {
|
|
if(ppath[i] == ':')
|
|
ppath[i] = ' ';
|
|
}
|
|
result = sendf(sockfd, data,
|
|
"CLIENT " LIBCURL_NAME " " LIBCURL_VERSION "\r\n"
|
|
"%s\r\n"
|
|
"QUIT\r\n", ppath);
|
|
if(result) {
|
|
failf(data, "Failed sending DICT request");
|
|
goto error;
|
|
}
|
|
|
|
Curl_setup_transfer(data, FIRSTSOCKET, -1, FALSE, -1);
|
|
}
|
|
}
|
|
|
|
error:
|
|
free(eword);
|
|
free(path);
|
|
return result;
|
|
}
|
|
#endif /* CURL_DISABLE_DICT */
|