Commit Graph

277 Commits

Author SHA1 Message Date
Darshit Shah
be936bda56 * Update Copyright years 2022-02-26 15:49:52 +01:00
Tim Rühsen
5fe8d26904 Improve wget_options_fuzzer
* fuzz/fuzzer.h: Ignore -Wunused-parameter.
* fuzz/wget_options_fuzzer.c: Let getaddrinfo() fail in while fuzzing.
* fuzz/wget_options_fuzzer.in/*: Update corpora from OSS-Fuzz.
2021-05-02 19:43:06 +02:00
Nekun
aabdf6eb66 Fix typo in VMS support code
* src/utils.c: Remove unpaired brace

Copyright-paperwork-exempt: Yes
2021-05-02 14:19:01 +02:00
Tim Rühsen
7d9ed223fc Use gnulib's utime.h
* bootstrap.conf: Remove utime-h (included by utime).
* configure.ac: Remove header checks for utime.h and sys/utime.h.
* src/utils.c: Simply #include <utime.h>.
2021-01-23 19:28:58 +01:00
Darshit Shah
5a7f2f7e87 Run make update-copyright 2021-01-01 12:31:01 +01:00
Steven M. Schweda
8af2171a34 Fixes for running on VMS
time_t on VMS is typically unsigned.  (Lazy man's solution to 2038?)
I added "(time_t)" type casts to negative values ("-1"), and changed
tests to avoid complaints.

* src/hsts.c (hsts_add_entry): Explicitly cast potentially negative time
  values to time_t to handle VMS quirks.
  (hsts_store_entry): Same
  (get_hsts_store_filename): Use new ajoin_dir_file function to join
  filenames
  (test_hsts_read_database): Same
* src/init.c (struct options): use-askpass is not implemented on VMS
  (ajoin_dir_file): New Function to join filenames in a platform
  agnostic manner
  (wgetrc_user_file_name): Use ajoin_dir_file to join paths. Doing this
  correctly, eliminates the need for a special case on VMS
* src/init.h: Add prototype for ajoin_dir_file
* src/log.c (check_redirect_output): Ignore on VMS
* src/main.c(option_data): Disable use-askpass on VMS
  (print_help): Same
  (get_hsts_database): Use ajoin_dir_file to join paths
  (print_version): Add VMS specific information to Version output
* src/utils.c (fork_to_background): Fix signature on VMS

Co-authored-by: Darshit Shah <darnir@gnu.org>
2020-12-30 22:50:32 +01:00
Tim Rühsen
7ec15b9c92 Remove SIZEOF_WGINT as wgint is always int64_t
* src/http.c (test_parse_range_header): Remove use of SIZEOF_WGINT.
* src/utils.c (human_readable): Remove superfluous HR_NUMTYPE,
*   (number_to_string): Remove use of SIZEOF_WGINT.
* src/utils.h: Remove use of SIZEOF_WGINT and HR_NUMTYPE.
* src/wget.h: Remove #define SIZEOF_WGINT.
2020-12-29 12:44:20 +00:00
Tim Rühsen
9dacc2836a Add missing linefeed in output strings
* src/ftp.c (getftp): Add linefeed to error message.
* src/res.c (res_parse_from_file): Likewise.
* src/utils.c (fopen_stat): Likewise.
  (open_stat): Likewise.
2020-04-18 18:39:50 +02:00
Tim Rühsen
8e130c32ba Split unique_name into two functions with just one arg
* src/http.c (check_file_output): Call unique_name_passthrough.
* src/metalink.c (badhash_suffix): Call unique_name.
* src/url.c (url_file_name): Call unique_name_passthrough.
* src/utils.c: Split unique_name, amend description.
* src/utils.h: Amend unique_name, add unique_name_passthrough.
2020-02-22 12:59:18 +01:00
Tim Rühsen
b62956872c * src/utils.c (fnmatch_nocase): Remove FNM_CASEFOLD emulation, gnulib takes care of it 2020-02-14 12:59:25 +01:00
Tim Rühsen
9adde1e441 * src/utils.c (make_directory): Replace alloca by fixed array / xmalloc 2020-02-13 12:09:34 +01:00
Tim Rühsen
4dd9dee2e7 * src/utils.c (unique_name_1): Replace alloca by xmalloc 2020-02-13 11:48:06 +01:00
Darshit Shah
221f1ba3ef Update copyright year to 2020 2020-01-10 12:56:08 +01:00
Darshit Shah
60dc09b507 Revert " Hi, Thank you again Darshit for your response. The RejectHeaderField rule rejects ANY header"
I accidentally commited this patch.

This reverts commit 4ce2f93600.
2019-05-30 11:19:46 +02:00
sulfastor
4ce2f93600 Hi, Thank you again Darshit for your response. The RejectHeaderField rule rejects ANY header
of the header field while RejectHeader rejects ONLY the specified full header.
	Since we wanted to be sure a header field is not sent to the server we wrote this rule.

	* doc/wget.texi: Added --disable-header documentation.
        * fuzz/wget_options_fuzzer.dict: Update with --disable-header inputs.
        * src/http.c (disabled_header): Checks for disabled headers
	(request_set_header): Doesn't let header to be set if disabled
	(gethttp): frees disabled header to let overriding
        * src/init.c (cmd_dis_header), (check_user_disabled_header) added new option disabled_headers.
        * src/main.c: added new option --disable-header, added help description
        * src/options.h: added new option --disable-header
	* src/utils.h (vec_remove_header)
	* src/utils.c (vec_remove_header) removes all header instances from vector
        * testenv/Makefile.am: Added new test files
        * testenv/server/http/http_server.py: Added new rule RejectHeaderField
        * testenv/conf/reject_header_field.py: Added new rule RejectHeaderField
        * testenv/README: Added help description for new rule
        * testenv/Test-disable-default-headers.py: Test without using --header
        * testenv/Test-disable-headers-after.py: Test using --header before --disable-header
        * testenv/Test-disable-headers-before.py: Test using --header after --disable-header

Signed-off-by: sulfastor <torresmoisesa@gmail.com>, adham elkarn <adhamelkarn@hotmail.com>
2019-05-30 10:01:24 +02:00
Darshit Shah
8b975e83d3 Update copyright statements 2019-02-10 11:50:17 +01:00
Tim Rühsen
fdb7fe613c Fix typos detected by codespell (via contrib/spell-checker) 2018-12-28 18:58:15 +01:00
Tim Rühsen
02afe1e41c Add support for PCRE2 pattern matching
* configure.ac: Check for libpcre2-8
* src/init.c (choices): Test for HAVE_LIBPCRE2
* src/main.c (main): Set regex compile and match functions
* src/options.h: Test for HAVE_LIBPCRE2
* src/utils.c: Include pcre2.h, add functions
  compile_pcre2_regex() and match_pcre2_regex()
* src/utils.h: Declare compile_pcre2_regex() and match_pcre2_regex()

Fixes #54677
Reported-by: Noël Köthe
2018-09-19 16:22:25 +02:00
Tomas Hozza
c045cdded4 * src/utils.c (open_stat): Fix RESOURCE LEAK found by Coverity
Error: RESOURCE_LEAK (CWE-772):
wget-1.19.5/src/utils.c:914: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
wget-1.19.5/src/utils.c:914: var_assign: Assigning: "fd" = handle returned from "open(fname, flags, mode)".
wget-1.19.5/src/utils.c:921: noescape: Resource "fd" is not freed or pointed-to in "fstat". [Note: The source code implementation of the function has been overridden by a builtin model.]
wget-1.19.5/src/utils.c:924: leaked_handle: Handle variable "fd" going out of scope leaks the handle.
\#  922|     {
\#  923|       logprintf (LOG_NOTQUIET, _("Failed to stat file %s, error: %s\n"), fname, strerror(errno));
\#  924|->     return -1;
\#  925|     }
\#  926|   #if !(defined(WINDOWS) || defined(__VMS))

This seems to be a real issue, since the opened file descriptor in "fd"
would leak. There is also additional check below the "fstat" call, which
closes the opened "fd".

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2018-08-27 13:24:46 +02:00
Tim Rühsen
4bdb09d3a7 * src/utils.ci (file_exists_p): Fix stat(NULL,...) 2018-05-09 12:37:03 +02:00
Tim Rühsen
734d0aee15 * src/utils.c (match_tail): Fix unsigned integer overflow 2018-04-27 12:56:25 +02:00
Tim Rühsen
66b416b6cd Fix fopen/stdin issues with fuzzing
* fuzz/wget_options_fuzzer.c: Add fopen_wget() and fopen_wgetrc()
* src/utils.c: Use fopen_wgetrc() for config files,
  don't read from stdin when fuzzing
* src/wget.h: Define fopen as fopen_wget when fuzzing,
  define fopen_wgetrc as fopen when not fuzzing
2018-04-17 23:02:04 +02:00
Tim Rühsen
64758655c4 * src/utils.c (compile_posix_regex): Hard-code string to regcomp
regcomp() may be too cpu + memory intensive for fuzzing.
See https://sourceware.org/glibc/wiki/Security%20Exceptions
2018-04-16 22:04:54 +02:00
Tim Rühsen
328438e69b * src/utils.c (fopen_stat): Early return to allow fuzzing/fmemopen 2018-04-16 09:58:51 +02:00
Tim Rühsen
de54c970b2 Move unit-test code to tests/
* src/Makefile.am: Remove test.c and test.h
* src/test.c: Rename to tests/unit-tests.c
* src/test.h: Rename to tests/unit-tests.h
* tests/Makefile.am: Add unit-tests.c and unit-tests.h
* src/hsts.c: Amend #include
* src/http.c: Likewise
* src/init.c: Likewise
* src/metalink.c: Likewise
* src/res.c: Likewise
* src/url.c: Likewise
* src/utils.c: Likewise
2018-04-05 15:06:47 +02:00
Tim Rühsen
9887b870d1 Use gnulib's utime()
* bootstrap.conf: Add modules utime and utime-h
* src/utils.c (touch): Remove own code for gnulib's utime()
2018-02-09 10:21:43 +01:00
Tim Rühsen
c722973212 Fix logging in background mode
* ../src/main.c: Re-init logfile if changed for background mode
* ../src/utils.c: fork_to_background() returns whether logfile changed
* ../src/utils.h: Set return type bool for fork_to_background()

Fixes: #53020
Reported-by: Noël Köthe
2018-02-09 10:21:43 +01:00
Darshit Shah
183fccdaad Update Copyright years 2018-01-14 11:24:43 +01:00
Tim Rühsen
d8df356d4b * src/utils.c (wg_pin_peer_pubkey): Fix format warning 2017-12-31 13:03:25 +01:00
Tim Rühsen
ae293c945a Fix buffer overflow in Public Key Pinning
* src/utils.c (wget_base64_decode): Add param for destination size,
  (wg_pubkey_pem_to_der): Amend call to wget_base64_decode(),
  (wg_pin_peer_pubkey): Likewise and fix code style.
* src/utils.h: Add param to wget_base64_decode()
* src/http-ntlm.c (ntlm_input): Amend call to wget_base64_decode()
* src/http.c (skip_content_type): Likewise

Fixes #51227
2017-06-13 10:23:04 +02:00
Tim Rühsen
56c78c4b09 * src/utils.c: Remove non-portable __builtin_unreachable() 2017-04-18 13:22:25 +02:00
klemens
f381831d88 Fix typos in comments 2017-04-01 19:38:09 +02:00
Vijo Cherian
400b8eba6c Safeguards against TOCTTOU
* src/utils.h: Add struct file_stat_s declaration,
  change prototypes of file_exists_p(),
  add prototypes for fopen_stat() and open_stat().
* src/utils.c: Extend file_exists_p(),
  new function fopen_stat() and open_stat(),
  add new param for file_exists_p().
* src/init.h: Add param file_stats_t to run_wgetrc().
* src/ftp.c: Amend calls to extended functions.
* src/hsts.c: Likewise.
* src/http.c: Likewise.
* src/init.c: Likewise.
* src/main.c: Likewise.
* src/metalink.c: Likewise.
* src/retr.c: Likewise.
* src/url.c: Likewise.

Added fopen_stat() and open_stat() that checks to makes sure the file didn't
change underneath us.
Return error from file_exists_p().
Added a way to return error from this file without major surgery to the
callers.

Fixes: #20369
2017-03-24 09:39:09 +01:00
Tim Rühsen
366d82f349 * src/utils.c: Move macro FMT_MAX_LENGTH into scope 2017-02-03 12:35:49 +01:00
Tim Rühsen
f2574e90b7 * src/utils.c: Fix -Wformat= warnings 2017-02-03 12:33:38 +01:00
Tim Rühsen
4cf8af84e0 * src/utils.c: Fix _Noreturn compiler warning 2017-01-13 15:49:05 +01:00
Tim Rühsen
fd0f759597 Replace home-grown portability code by gnulib modules
* bootstrap.conf: Add intprops, inttypes, limits-h, signal-h,
  stat, sys_types
* src/ftp.c: Replace 'struct_stat' by 'struct stat'
* src/hsts.c: Likewise
* src/http.c: Likewise
* src/main.c: Likewise
* src/netrc.c: Likewise
* src/retr.c: Likewise
* src/url.c: Likewise
* src/utils.c: Likewise
* src/sysdep.h: Remove old portability code

Further portability issues should be addressed by gnulib.
2017-01-13 15:38:15 +01:00
Rahul Bedarkar
e4e9d3c1c8 Rename base64_{encode,decode} (trivial patch)
* src/http-ntlm.c: Rename base64_{encode,decode}
* src/http.c: Likewise
* src/utils.c: Likewise
* src/utils.h: Likewise

When statically linking with gnutls, we get definition clash error for
base64_encode which is also defined by gnutls.

To prevent definition clash, rename base64_{encode,decode}

Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
2016-12-14 15:52:52 +01:00
Matthew White
acb1d1a668 Bugfix: Prevent sorting when there are less than two elements
* src/utils.c (stable_sort): Add condition nmemb > 1, sort only when
  there is more than one element

Prevent SIGSEGV.
2016-09-30 19:44:06 +02:00
Tim Rühsen
eba724a128 * src/utils.c (stable_sort): Use xmalloc instead of malloc 2016-09-09 10:22:58 +02:00
Tim Rühsen
b4465afa8a * src/utils.c (stable_sort): Reduce tmp allocation size
Reported-by: Coverity
2016-09-08 12:44:17 +02:00
Tim Rühsen
a78b83b1e9 Fix some issues detected by Coverity
* src/connect.c (connect_to_ip): Check return value of setsockopt.
* src/ftp.c (ftp_retrieve_list): Check return value of chmod.
* src/http.c (digest_authentication_encode): Cleanup code.
* src/init.c (setval_internal): Explicitely check comind range.
* src/main.c (main): Explicitely check optarg.
* src/retr.c (retr_rate): Use snprintf instead sprintf,
  (retrieve_from_file): More verbose error message,
  (rotate_backups): Use snprintf instead sprintf, check return
  value of rename().
* src/url.c (mkalldirs): Check return value of unlink().
* src/utils.c (strdupdelim): Explicitely check beg and end for NULL,
  (merge_vecs): Fix sizeof argument to char *,
  (stable_sort): Use malloc instead of alloca.
2016-09-08 10:12:02 +02:00
Tobias Stoeckmann
a9d49e5b15 Fix signal race condition
The signal handler for SIGALRM calls longjmp, but the handler is
installed before the jump target has been initialized. If another
process sends SIGALRM right between handler installation and target
initialization, the jump leads to undefined behavior.

This can easily be fixed by moving the signal handler installation
into the "SETJMP == 0" conditional block, which means that the target
has just been initialized.

* src/utils.c: call signal after SETJMP.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2016-08-09 17:38:29 +02:00
Tim Rühsen
2c736abb4c Fix warning about redefinition of MAP_FAILED
* src/sysdep.h: Removed definition of MAP_FAILED
* src/utils.c: Check and define MAP_FAILED after including sys/mmap.h
2016-06-07 09:56:01 +02:00
moparisthebest
54746578e9 Implement --pinnedpubkey option to pin public keys
* doc/wget.texi: Add description for --pinnedpubkey
* src/gnutls.c: New function pkp_pin_peer_pubkey(),
  (ssl_check_certificate): Check pinned cert via pkp_pin_peer_pubkey()
* src/init.c: Add option --pinnedpubkey
* src/main.c: Add option --pinnedpubkey
* src/openssl.c: New function pkp_pin_peer_pubkey(),
  (ssl_check_certificate): Check pinned cert via pkp_pin_peer_pubkey()
* src/options.h: Add new option variable 'pinnedpubkey'
* src/utils.c: New functions wg_pubkey_pem_to_der(), wg_pin_peer_pubkey()
* src/utils.h: Add prototype for wg_pin_peer_pubkey()
2016-04-11 16:18:05 +02:00
Darshit Shah
4e56a91001 Fix function name collision with OpenSSL library
* src/utils.[ch], src/http.c, src/metalink.c: Rename function
    hex_to_string() to wg_hex_to_string sine it collides with a
    similarly named function in OpenSSL Library.
2015-07-24 23:52:43 +05:30
Hubert Tarasiuk
37b58e3976 Metalink support.
* bootstrap.conf: Add crypto/sha256
* configure.ac: Look for libmetalink and GPGME
* doc/wget.texi: Add --input-metalink and --metalink-over-http
options description.
* po/POTFILES.in: Add metalink.c
* src/Makefile.am: Add new translation unit (metalink.c)
* src/http.c (http_stat): Add metalink field.
(free_stat): Free metalink field.
(find_key_value): Find value of given key in header string.
(has_key): Check if token exists in header string.
(find_key_values): Find all key=value pairs in header string.
(metalink_from_http): Obtain Metalink metadata from HTTP response.
(gethttp): Call metalink_from_http if requested.
(http_loop): Request Metalink metadata from HTTP response if should be.
Fall back to regular download if no Metalink metadata found.
* src/init.c: Add --input-metalink and --metalink-over-http options
* src/main.c (option_data): Handle --input-metalink and
--metalink-over-http cmd arguments.
(print_help): Print --input-metalink option description.
(main): Retrieve files from Metalink file
* src/metalink.c (retrieve_from_metalink): Download files described by
metalink.
(metalink_res_cmp): Comparator for resources priority-sorting.
* src/metalink.h: Create header for metalink.c
(RES_TYPE_SUPPORTED): Define supported resources media.
(DEFAULT_PRI): Default mirror priority for Metalink over HTTP.
(VALID_PRI_RANGE): Valid priority range.
* src/options.h (options): Add input_metalink option and metalink_over_http
options.
* src/utils.c (hex_to_string): Convert binary data to ASCII-hex.
* src/utils.h (hex_to_string): Add prototype.
* src/wget.h: Add metalink-related error enums
Add METALINK_METADATA flag for document type.
2015-07-20 15:30:39 +02:00
Tim Ruehsen
6b8dfe1d6e Fix format specifier warning
* src/utils.c (aprintf): Use %d for int argument
2015-05-03 21:18:47 +02:00
Hubert Tarasiuk
ac40b84ee1 Fix error in free_vec.
* src/utils.c (free_vec): Increment pointer instead of its value.

Reported-by: Gisle Vanem <gvanem@yahoo.no>
2015-04-10 18:06:14 +02:00
Giuseppe Scrivano
16f1fb1d1f maint: update copyright year ranges to include 2015 2015-03-09 16:32:01 +01:00