Commit Graph

4297 Commits

Author SHA1 Message Date
Tim Rühsen
4cdda68752 * .gitlab-ci.yml: Add --with-ssl=no 2019-11-21 11:01:27 +01:00
Tim Rühsen
48f762a648 * .gitlab-ci.yml: Allow failure for Valgrind and Scan-Build CI runner 2019-11-21 10:56:10 +01:00
Tim Rühsen
feb52bfab7 * src/ftp.c (delelement): Make sure free'd pointer is set to NULL 2019-11-21 10:56:10 +01:00
Tim Rühsen
1656255767 * configure.ac: Remove -fno-sanitize-recover=integer
With this option on, several overflows from gnulib code (all
harmless and on purpose) would break our tests.
2019-11-21 10:56:10 +01:00
Tim Rühsen
2ba8da8f22 Replace XDIGIT_TO_NUM by _unhex() with proper unsigned handling
* src/wget.h: Replace XDIGIT_TO_NUM by _unhex()
* src/html-parse.c (decode_entity): Use _unhex()
* src/host.c (is_valid_ipv6_address): Use _unhex()
* src/url.c (url_unescape_1): Use unsigned char to avoid UB
* src/res.c (free_specs): Likewise

Code taken from Wget2. XDIGIT_TO_NUM had a signed issue, detected by
scan-build static anylyzer.
2019-11-21 10:56:10 +01:00
Tim Rühsen
a255d9f0c8 * src/connect.c (select_fd): Check for negative fd 2019-11-21 10:56:10 +01:00
Tim Rühsen
823a9c8e0d * .gitlab-ci.yml: Enable Windows executables for MinGW runner 2019-11-21 10:56:10 +01:00
Tim Rühsen
57ac97e6d8 * .gitlab-ci.yml: Add CI runners from Wget2 2019-11-21 10:56:10 +01:00
Tomas Hozza
bac6fbab6c testenv: enable running tests on different wget binary
* testenv/README: Document $WGET_PATH
* testenv/test/base_test.py: Use $WGET_PATH instead ../src/wget if set

Previously tests in testenv/ directory were run only on wget binary
which was built from sources in src/ directory. However as a
wget maintainer in a Linux distribution, I would like to be able to run
upstream tests on the wget binary distributed with the distribution.

This change enables one to define WGET_PATH environment variable
to a path to wget binary which should be used by tests.

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2019-11-21 10:50:34 +01:00
Tim Rühsen
1e4262e98d * AUTHORS: Add Darshit Shah and Tim Rühsen as maintainers 2019-11-21 10:49:56 +01:00
Tim Rühsen
6f3baab02c * src/cookie.c: Fix cookie file header to be recognized by 'file' 2019-11-19 12:37:46 +01:00
Tim Rühsen
b4dba956ce * .mailmap: Allow mapping contributors for statistics 2019-11-19 12:37:46 +01:00
Darshit Shah
f3b25875ab * configure.ac: Ignore -Wchkp which is deprecated 2019-10-03 13:49:32 +02:00
Darshit Shah
cd21cb3812 Update gnulib
* gnulib: Pull submodule
* bootstrap: Update file from gnulib
2019-10-03 13:45:02 +02:00
Tim Rühsen
b3f86f90cc Revert "Add . to perl path for all perl tests"
This reverts commit 79be99aff4.

/usr/bin/env 8.28 and below doesn't know -S.
2019-05-30 12:06:01 +02:00
Darshit Shah
60dc09b507 Revert " Hi, Thank you again Darshit for your response. The RejectHeaderField rule rejects ANY header"
I accidentally commited this patch.

This reverts commit 4ce2f93600.
2019-05-30 11:19:46 +02:00
Darshit Shah
02c059a857 * .gitignore: Update gitignore file 2019-05-30 11:19:15 +02:00
sulfastor
4ce2f93600 Hi, Thank you again Darshit for your response. The RejectHeaderField rule rejects ANY header
of the header field while RejectHeader rejects ONLY the specified full header.
	Since we wanted to be sure a header field is not sent to the server we wrote this rule.

	* doc/wget.texi: Added --disable-header documentation.
        * fuzz/wget_options_fuzzer.dict: Update with --disable-header inputs.
        * src/http.c (disabled_header): Checks for disabled headers
	(request_set_header): Doesn't let header to be set if disabled
	(gethttp): frees disabled header to let overriding
        * src/init.c (cmd_dis_header), (check_user_disabled_header) added new option disabled_headers.
        * src/main.c: added new option --disable-header, added help description
        * src/options.h: added new option --disable-header
	* src/utils.h (vec_remove_header)
	* src/utils.c (vec_remove_header) removes all header instances from vector
        * testenv/Makefile.am: Added new test files
        * testenv/server/http/http_server.py: Added new rule RejectHeaderField
        * testenv/conf/reject_header_field.py: Added new rule RejectHeaderField
        * testenv/README: Added help description for new rule
        * testenv/Test-disable-default-headers.py: Test without using --header
        * testenv/Test-disable-headers-after.py: Test using --header before --disable-header
        * testenv/Test-disable-headers-before.py: Test using --header after --disable-header

Signed-off-by: sulfastor <torresmoisesa@gmail.com>, adham elkarn <adhamelkarn@hotmail.com>
2019-05-30 10:01:24 +02:00
Tim Rühsen
0cdbc715a9 * src/log.c (log_vprintf_internal): Don't log twice 2019-05-28 16:26:03 +02:00
AviSoomirtee
95a677c7f5 * src/openssl.c (ssl_init): post handshake auth for OpenSSL
Copyright-paperwork-exempt: Yes
2019-05-25 18:10:37 +02:00
Tim Rühsen
96f48bf412 * bootstrap.conf: Explicitly set source_base and test_base 2019-05-24 11:14:19 +02:00
Tim Rühsen
95de9cd97f * src/convert.c (convert_basename): Do not pass NULL to strrchr() 2019-05-07 17:06:04 +02:00
Tim Rühsen
fac8f8099d * src/url.c (append_uri_pathel): Check for possible NULL dereference 2019-05-07 17:05:55 +02:00
Tim Rühsen
7da620c7ce * fuzz/main.c: Fix paths for WIN32 2019-05-07 17:05:32 +02:00
Tim Rühsen
e3790ad2a3 * bootstrap.conf: Work around VPATH issue 2019-05-07 17:05:26 +02:00
Tim Rühsen
021458ddf2 * configure.ac: Update gettext version to 0.19.3 2019-05-07 17:05:10 +02:00
Tim Rühsen
64618a9852 * bootstrap.conf: Remove rsync as prerequisite
'./bootstrap --skip-po' won't need wget nor rsync
2019-05-07 17:05:05 +02:00
Tim Rühsen
c9fa9d599e * bootstrap.conf: Replace prerequisite xz by gzip 2019-05-07 17:04:56 +02:00
Tim Rühsen
64f6f6847e Add sanitizer flags for ./configure
* bootstrap.conf: Add 'warning' gnulib module
* configure.ac: Add --enable-fsanitize-* flags
* tests/Makefile.am: Add compiler flags for unit testing
2019-05-03 11:27:30 +02:00
Tim Rühsen
94e2dd5ecd Add --enable-manywarnings from wget2
* .gitignore: Exclude /lib/Makefile.am
* bootstrap.conf: Use --makefile-name=gnulib.mk with gnulib-tool
* configure.ac: Use wget_MANYWARNINGS()
* lib/Makefile.am: Define empty noinst_LIBRARIES and MAINTAINERCLEANFILES
* m4/wget_manywarnings.m4: New file from GNU Wget2
* src/Makefile.am: Use WARN_CFLAGS for AM_CFLAGS
2019-05-02 12:53:19 +02:00
Tim Rühsen
14dc0c6af0 Add CONTRIBUTING.md
* CONTRIBUTING.md: New file for contributors
* README: Mention CONTRIBUTING.md
2019-04-28 20:36:14 +02:00
Tim Rühsen
6edf7a30b6 * fuzz/*.in/*: Update corpora from OSS-fuzz 2019-04-26 14:47:17 +02:00
Tim Rühsen
c34e9a8c47 * fuzz/get_ossfuzz_corpora: Remove -f from unzip, mkdir *.in/ 2019-04-26 14:14:12 +02:00
Tim Rühsen
370b778db2 * .gitlab-ci.yml: Update Gitlab CI WORKDIR to /usr/local 2019-04-26 11:04:03 +02:00
Eneas U de Queiroz
14e3712b8c * src/openssl.c: fix ssl_init for openssl 1.1.1
ssl_init fails with openssl 1.1.1 when openssl.cnf is not found.
Redundant calls to intialization functions were removed as
OPENSSL_config takes care of them for openssl versions < 1.1.0.
For versions > 1.1.0, OPENSSL_init_ssl is preferred.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Copyright-paperwork-exempt: Yes
2019-04-26 10:33:49 +02:00
Leif Ryge
263546473f * doc/wget.texi: Fix typo in man page
Copyright-paperwork-exempt: Yes
2019-04-11 14:47:30 +02:00
raminfp
4574771a6a [log] miss check If logging is inhibited 2019-04-11 08:50:42 +00:00
Tim Rühsen
562eacb76a * src/iri.c (do_conversion): Remove unneeded debug lines 2019-04-05 13:01:57 +02:00
Darshit Shah
a220ead435 * NEWS: Update NEWS for new release 2019-04-05 11:59:19 +02:00
Tim Ruehsen
692d5c5215 Fix a buffer overflow vulnerability
* src/iri.c(do_conversion): Reallocate the output buffer to a larger
  size if it is already full
2019-04-05 11:54:30 +02:00
Darshit Shah
2ae601a719 * NEWS: Update NEWS for new release 2019-04-05 11:54:30 +02:00
Tim Rühsen
0eaa5f1771 * src/openssl.c (ssl_init): Check for X509_V_FLAG_PARTIAL_CHAIN 2019-04-03 14:54:45 +02:00
Darshit Shah
39f17b3555 * gnulib: Pull forward 2019-04-01 20:15:05 +02:00
Tim Rühsen
4c89c85a28 * fuzz/main.c (test_all_from): Fix indentation 2019-03-26 09:42:50 +01:00
Tim Rühsen
5d87635c66 Fix corner case in processing server response
* src/http.c (response_head_terminator): Don't access uninitialized data
* fuzz/wget_read_hunk_fuzzer.c: Sync response_head_terminator()
2019-03-25 16:05:56 +01:00
Tim Rühsen
4046cd2a71 Add new fuzzer wget_read_hunk_fuzzer.c
* fuzz/Makefile.am: Add wget_read_hunk_fuzzer
* fuzz/wget_read_hunk_fuzzer.c: New file
* fuzz/wget_read_hunk_fuzzer.in/*: Fuzz corpora
* src/connect.c: Add connect_cleanup()
* src/connect.h: Add prototype for connect_cleanup()
2019-03-25 14:57:07 +01:00
Tim Rühsen
ae6636a28f * fuzz/wget_netrc_fuzzer.c: Fix fuzzer 2019-03-03 17:05:58 +01:00
Tim Rühsen
acef0fb4c6 * fuzz/wget_ftpls_fuzzer.c: Fix fuzzer 2019-03-03 17:05:44 +01:00
Jeffrey Walton
7c1c8eb3b1 * src/openssl.c (ssl_init): Trust partial cert chain 2019-02-22 12:46:53 +01:00
Tim Rühsen
19661f1d9a * src/ftp-ls.c (ftp_parse_vms_ls): Use snprintf instead of strcpy/strcat 2019-02-20 10:32:47 +01:00