Commit Graph

4123 Commits

Author SHA1 Message Date
Вячеслав Петрищев
f7a1e6cd7b Fix multibyte handling in progress bar
* src/progress.c
  (count_cols): Fix return value if invalid multibyte sequence was encountered
  (bar_draw): Fix xrealoc size
2020-01-24 19:38:52 +01:00
Tim Rühsen
e2c0c2fbe5 * src/progress.c (print_row_stats): Fix two integer overflows 2020-01-10 13:56:39 +01:00
Tim Rühsen
bc7e82d3e9 * .gitlab-ci.yml: Fix path for llvm-symbolizer 2020-01-10 13:56:39 +01:00
Tim Rühsen
c1a46e9a3b * fuzz/wget_progress_fuzzer.in/*: Add fuzzer corpora 2020-01-10 13:56:39 +01:00
Tim Rühsen
f27daa1c17 * src/retr.c (calc_rate): Remove unwanted assertions 2020-01-10 13:56:39 +01:00
Tim Rühsen
07eebd2a20 Fix buffer overflows in progress 'bar' code
* src/progress.c (progress_interactive_p): Sanitize input.
  (progress_update): Likewise.
  (bar_create): Use larger BUF_LEN.
  (bar_create): Remove superfluous memset.
  (bar_create): Fix filename layout.
  (bar_create): Remove filename scrolling code, it caused many buffer
  overflows later in bar_create.
  (bar_create): Support TB/s download speed.
2020-01-10 13:56:39 +01:00
Tim Rühsen
34573bdf46 Add new fuzzer for the progress bar code
* Makefile.am: Add wget_progress_fuzzer.
* wget_progress_fuzzer.c: New file.
2020-01-10 13:56:39 +01:00
Darshit Shah
221f1ba3ef Update copyright year to 2020 2020-01-10 12:56:08 +01:00
Darshit Shah
c7fdfe3d60 * cfg.mk: Set update-copyright to use intervals 2020-01-10 12:52:36 +01:00
Tim Rühsen
6bd74e33d6 Fix segfault in progress bar in certain locales
* src/progress.c (create_image): Protect memset from negative count

Reported-by: JunDong Xie
2019-12-27 13:43:22 +01:00
Tim Rühsen
042f2727bf * src/progress.c (count_cols): Fix return value if USE_NLS_PROGRESS_BAR is undefined
Taking patch from #54126
Reported-by: Vyacheslav
Copyright-paperwork-exempt: Yes
2019-12-27 13:42:58 +01:00
Tim Rühsen
ce8ce5bfc0 * src/progress.c: Allow const names for set_progress_implementation. 2019-12-27 13:42:30 +01:00
Tim Rühsen
61b8078672 * src/progress.c (dot_draw): Avoid integer overflow 2019-12-27 13:42:01 +01:00
Tim Rühsen
03a8e59d85 * fuzz/README.md: Add --enable-assert to fuzzing build 2019-12-27 13:41:20 +01:00
Tim Rühsen
abe1ab1916 * src/progress.c (print_row_stats): Fix UB if eta < 0 2019-12-27 13:41:01 +01:00
Tim Rühsen
542524855a * src/progress.c (dot_update, dot_finish): Sanitize input 2019-12-27 13:40:52 +01:00
Tim Rühsen
f5d1dcf718 * src/retr.c (calc_rate): Fix division by 0 2019-12-27 13:40:33 +01:00
Tim Rühsen
1c1cba3a43 * src/retr.c (calc_rate): Add TB/s 2019-12-27 13:39:55 +01:00
Tim Rühsen
0179138fe5 * src/progress.c (create_image): Sanitize input param 'dl_total_time' 2019-12-27 13:39:50 +01:00
Tim Rühsen
ed135257b2 * fuzz/README.md: Update clang instructions 2019-12-27 13:39:11 +01:00
Lauri Nurmi
dd710bde96 Mark note to translators properly and elaborate its contents.
* src/progress.c (create_image): Likewise

The note was not even picked by xgettext to be included in the .pot,
so barely any translators even saw the note.
Also, this is one of the most cryptic messages to translate in wget,
unless the translator happens to guess where the string is used,
or looks at the source.

Copyright-paperwork-exempt: Yes
2019-12-26 19:02:36 +01:00
Lauri Nurmi
dc8bbdbb05 * src/main.c (print_help): Don't cut translatable string mid-sentence.
Complicates translating.

Copyright-paperwork-exempt: Yes
2019-12-26 19:00:11 +01:00
Tim Rühsen
777049389f * fuzz/wget_read_hunk_fuzzer.c: Use cast to fix C++ error 2019-11-24 16:33:34 +01:00
Tim Rühsen
96d74948a3 * src/Makefile.am: Add build_info.c to EXTRA_DIST 2019-11-21 12:16:28 +01:00
Tim Rühsen
b1f566719c * .gitlab-ci.yml: Skip tests on tarball build due to missing perl 2019-11-21 12:16:04 +01:00
Tim Rühsen
0751d053f5 * tests/WgetTests.pm: Support to set the wget executable for testing 2019-11-21 11:24:48 +01:00
Tim Rühsen
4cdda68752 * .gitlab-ci.yml: Add --with-ssl=no 2019-11-21 11:01:27 +01:00
Tim Rühsen
48f762a648 * .gitlab-ci.yml: Allow failure for Valgrind and Scan-Build CI runner 2019-11-21 10:56:10 +01:00
Tim Rühsen
feb52bfab7 * src/ftp.c (delelement): Make sure free'd pointer is set to NULL 2019-11-21 10:56:10 +01:00
Tim Rühsen
1656255767 * configure.ac: Remove -fno-sanitize-recover=integer
With this option on, several overflows from gnulib code (all
harmless and on purpose) would break our tests.
2019-11-21 10:56:10 +01:00
Tim Rühsen
2ba8da8f22 Replace XDIGIT_TO_NUM by _unhex() with proper unsigned handling
* src/wget.h: Replace XDIGIT_TO_NUM by _unhex()
* src/html-parse.c (decode_entity): Use _unhex()
* src/host.c (is_valid_ipv6_address): Use _unhex()
* src/url.c (url_unescape_1): Use unsigned char to avoid UB
* src/res.c (free_specs): Likewise

Code taken from Wget2. XDIGIT_TO_NUM had a signed issue, detected by
scan-build static anylyzer.
2019-11-21 10:56:10 +01:00
Tim Rühsen
a255d9f0c8 * src/connect.c (select_fd): Check for negative fd 2019-11-21 10:56:10 +01:00
Tim Rühsen
823a9c8e0d * .gitlab-ci.yml: Enable Windows executables for MinGW runner 2019-11-21 10:56:10 +01:00
Tim Rühsen
57ac97e6d8 * .gitlab-ci.yml: Add CI runners from Wget2 2019-11-21 10:56:10 +01:00
Tomas Hozza
bac6fbab6c testenv: enable running tests on different wget binary
* testenv/README: Document $WGET_PATH
* testenv/test/base_test.py: Use $WGET_PATH instead ../src/wget if set

Previously tests in testenv/ directory were run only on wget binary
which was built from sources in src/ directory. However as a
wget maintainer in a Linux distribution, I would like to be able to run
upstream tests on the wget binary distributed with the distribution.

This change enables one to define WGET_PATH environment variable
to a path to wget binary which should be used by tests.

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2019-11-21 10:50:34 +01:00
Tim Rühsen
1e4262e98d * AUTHORS: Add Darshit Shah and Tim Rühsen as maintainers 2019-11-21 10:49:56 +01:00
Tim Rühsen
6f3baab02c * src/cookie.c: Fix cookie file header to be recognized by 'file' 2019-11-19 12:37:46 +01:00
Tim Rühsen
b4dba956ce * .mailmap: Allow mapping contributors for statistics 2019-11-19 12:37:46 +01:00
Darshit Shah
f3b25875ab * configure.ac: Ignore -Wchkp which is deprecated 2019-10-03 13:49:32 +02:00
Darshit Shah
cd21cb3812 Update gnulib
* gnulib: Pull submodule
* bootstrap: Update file from gnulib
2019-10-03 13:45:02 +02:00
Tim Rühsen
b3f86f90cc Revert "Add . to perl path for all perl tests"
This reverts commit 79be99aff4.

/usr/bin/env 8.28 and below doesn't know -S.
2019-05-30 12:06:01 +02:00
Darshit Shah
60dc09b507 Revert " Hi, Thank you again Darshit for your response. The RejectHeaderField rule rejects ANY header"
I accidentally commited this patch.

This reverts commit 4ce2f93600.
2019-05-30 11:19:46 +02:00
Darshit Shah
02c059a857 * .gitignore: Update gitignore file 2019-05-30 11:19:15 +02:00
sulfastor
4ce2f93600 Hi, Thank you again Darshit for your response. The RejectHeaderField rule rejects ANY header
of the header field while RejectHeader rejects ONLY the specified full header.
	Since we wanted to be sure a header field is not sent to the server we wrote this rule.

	* doc/wget.texi: Added --disable-header documentation.
        * fuzz/wget_options_fuzzer.dict: Update with --disable-header inputs.
        * src/http.c (disabled_header): Checks for disabled headers
	(request_set_header): Doesn't let header to be set if disabled
	(gethttp): frees disabled header to let overriding
        * src/init.c (cmd_dis_header), (check_user_disabled_header) added new option disabled_headers.
        * src/main.c: added new option --disable-header, added help description
        * src/options.h: added new option --disable-header
	* src/utils.h (vec_remove_header)
	* src/utils.c (vec_remove_header) removes all header instances from vector
        * testenv/Makefile.am: Added new test files
        * testenv/server/http/http_server.py: Added new rule RejectHeaderField
        * testenv/conf/reject_header_field.py: Added new rule RejectHeaderField
        * testenv/README: Added help description for new rule
        * testenv/Test-disable-default-headers.py: Test without using --header
        * testenv/Test-disable-headers-after.py: Test using --header before --disable-header
        * testenv/Test-disable-headers-before.py: Test using --header after --disable-header

Signed-off-by: sulfastor <torresmoisesa@gmail.com>, adham elkarn <adhamelkarn@hotmail.com>
2019-05-30 10:01:24 +02:00
Tim Rühsen
0cdbc715a9 * src/log.c (log_vprintf_internal): Don't log twice 2019-05-28 16:26:03 +02:00
AviSoomirtee
95a677c7f5 * src/openssl.c (ssl_init): post handshake auth for OpenSSL
Copyright-paperwork-exempt: Yes
2019-05-25 18:10:37 +02:00
Tim Rühsen
96f48bf412 * bootstrap.conf: Explicitly set source_base and test_base 2019-05-24 11:14:19 +02:00
Tim Rühsen
95de9cd97f * src/convert.c (convert_basename): Do not pass NULL to strrchr() 2019-05-07 17:06:04 +02:00
Tim Rühsen
fac8f8099d * src/url.c (append_uri_pathel): Check for possible NULL dereference 2019-05-07 17:05:55 +02:00
Tim Rühsen
7da620c7ce * fuzz/main.c: Fix paths for WIN32 2019-05-07 17:05:32 +02:00