Permalink
Browse files

curl: prevent binary output spewed to terminal

... unless "--output -" is used. Binary detection is done by simply
checking for a binary zero in early data.

Added test 1425 1426 to verify.

Closes #1512
  • Loading branch information...
bagder committed Jun 16, 2017
1 parent ce2cc56 commit 5385450afd61328e7d24b50eeffc2b1571cd9e2f
View
@@ -140,7 +140,6 @@
18.4 simultaneous parallel transfers
18.5 provide formpost headers
18.6 warning when setting an option
18.7 warning when sending binary output to terminal
18.8 offer color-coded HTTP header output
18.9 Choose the name of file in braces for complex URLs
18.10 improve how curl works in a windows console window
@@ -933,11 +932,6 @@ that doesn't exist on the server, just like --ftp-create-dirs.
This can be useful to tell when support for a particular feature hasn't been
compiled into the library.
18.7 warning when sending binary output to terminal
Provide a way that prompts the user for confirmation before binary data is
sent to the terminal, much in the style 'less' does it.
18.8 offer color-coded HTTP header output
By offering different color output on the header name and the header
View
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -77,28 +77,38 @@ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata)
size_t rc;
struct OutStruct *outs = userdata;
struct OperationConfig *config = outs->config;
size_t bytes = sz * nmemb;
bool isatty = config->global->isatty;
/*
* Once that libcurl has called back tool_write_cb() the returned value
* is checked against the amount that was intended to be written, if
* it does not match then it fails with CURLE_WRITE_ERROR. So at this
* point returning a value different from sz*nmemb indicates failure.
*/
const size_t failure = (sz && nmemb) ? 0 : 1;
const size_t failure = bytes ? 0 : 1;
if(!config)
return failure;
#ifdef DEBUGBUILD
{
char *tty = curlx_getenv("CURL_ISATTY");
if(tty) {
isatty = TRUE;
curl_free(tty);
}
}
if(config->include_headers) {
if(sz * nmemb > (size_t)CURL_MAX_HTTP_HEADER) {
if(bytes > (size_t)CURL_MAX_HTTP_HEADER) {
warnf(config->global, "Header data size exceeds single call write "
"limit!\n");
return failure;
}
}
else {
if(sz * nmemb > (size_t)CURL_MAX_WRITE_SIZE) {
if(bytes > (size_t)CURL_MAX_WRITE_SIZE) {
warnf(config->global, "Data size exceeds single call write limit!\n");
return failure;
}
@@ -137,11 +147,22 @@ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata)
if(!outs->stream && !tool_create_output_file(outs))
return failure;
if(isatty && (outs->bytes < 2000) && !config->terminal_binary_ok) {
/* binary output to terminal? */
if(memchr(buffer, 0, bytes)) {
warnf(config->global, "Binary output can mess up your terminal. "
"Use \"--output -\" to tell curl to output it to your terminal "
"anyway, or consider \"--output <FILE>\" to save to a file.\n");
config->synthetic_error = ERR_BINARY_TERMINAL;
return failure;
}
}
rc = fwrite(buffer, sz, nmemb, outs->stream);
if((sz * nmemb) == rc)
if(bytes == rc)
/* we added this amount of data to the output */
outs->bytes += (sz * nmemb);
outs->bytes += bytes;
if(config->readbusy) {
config->readbusy = FALSE;
View
@@ -27,6 +27,12 @@
#include "tool_metalink.h"
typedef enum {
ERR_NONE,
ERR_BINARY_TERMINAL = 1, /* binary to terminal detected */
ERR_LAST
} curl_error;
struct GlobalConfig;
struct OperationConfig {
@@ -141,6 +147,7 @@ struct OperationConfig {
bool insecure_ok; /* set TRUE to allow insecure SSL connects */
bool proxy_insecure_ok; /* set TRUE to allow insecure SSL connects
for proxy */
bool terminal_binary_ok;
bool verifystatus;
bool create_dirs;
bool ftp_create_dirs;
@@ -236,6 +243,8 @@ struct OperationConfig {
double expect100timeout;
bool suppress_connect_headers; /* suppress proxy CONNECT response headers
from user callbacks */
curl_error synthetic_error; /* if non-zero, it overrides any libcurl
error */
struct GlobalConfig *global;
struct OperationConfig *prev;
struct OperationConfig *next; /* Always last in the struct */
View
@@ -1554,7 +1554,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
config->proxy_insecure_ok = toggle;
break;
case '9':
case '9': /* --proxy-tlsv1 */
/* TLS version 1 for proxy */
config->proxy_ssl_version = CURL_SSLVERSION_TLSv1;
break;
View
@@ -252,7 +252,7 @@ static const struct helptxt helptext[] = {
"Use HTTP NTLM authentication"},
{" --ntlm-wb",
"Use HTTP NTLM authentication with winbind"},
{" --oauth2-bearer",
{" --oauth2-bearer <token>",
"OAuth 2 Bearer Token"},
{"-o, --output <file>",
"Write to file instead of stdout"},
View
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
View
@@ -862,6 +862,9 @@ static CURLcode operate_do(struct GlobalConfig *global,
set_binmode(stdout);
}
/* explicitly passed to stdout means okaying binary gunk */
config->terminal_binary_ok = (outfile && !strcmp(outfile, "-"));
if(!config->tcp_nodelay)
my_setopt(curl, CURLOPT_TCP_NODELAY, 0L);
@@ -1764,7 +1767,10 @@ static CURLcode operate_do(struct GlobalConfig *global,
}
else
#endif
if(result && global->showerror) {
if(config->synthetic_error) {
;
}
else if(result && global->showerror) {
fprintf(global->errors, "curl: (%d) %s\n", result, (errorbuffer[0]) ?
errorbuffer : curl_easy_strerror(result));
if(result == CURLE_SSL_CACERT)
View
@@ -151,7 +151,7 @@ test1396 test1397 test1398 \
test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 \
test1408 test1409 test1410 test1411 test1412 test1413 test1414 test1415 \
test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \
test1424 \
test1424 test1425 test1426 \
test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
test1436 test1437 test1438 test1439 test1440 test1441 test1442 test1443 \
test1444 test1445 test1446 \
View
Binary file not shown.
View
Binary file not shown.

1 comment on commit 5385450

@tobbbles

This comment has been minimized.

Show comment
Hide comment
@tobbbles

tobbbles commented on 5385450 Jun 19, 2017

🎉

Please sign in to comment.