[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 51/173: url: Refactor detect_proxy()
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 51/173: url: Refactor detect_proxy() |
Date: |
Fri, 24 Feb 2017 14:01:13 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.53.1
in repository gnurl.
commit efdbfde7ca205f256c4e8b473c775cf73557cfd7
Author: ERAMOTO Masaya <address@hidden>
AuthorDate: Fri Dec 16 21:26:18 2016 +0900
url: Refactor detect_proxy()
If defined CURL_DISABLE_HTTP, detect_proxy() returned NULL. If not
defined CURL_DISABLE_HTTP, detect_proxy() checked noproxy list.
Thus refactor to set proxy to NULL instead of calling detect_proxy() if
define CURL_DISABLE_HTTP, and refactor to call detect_proxy() if not
define CURL_DISABLE_HTTP and the host is not in the noproxy list.
---
lib/url.c | 91 ++++++++++++++++++++++++++++-----------------------------------
1 file changed, 40 insertions(+), 51 deletions(-)
diff --git a/lib/url.c b/lib/url.c
index 3cb7cba0e..d1a7afe1d 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -4853,7 +4853,6 @@ static char *detect_proxy(struct connectdata *conn)
{
char *proxy = NULL;
-#ifndef CURL_DISABLE_HTTP
/* If proxy was not specified, we check for default proxy environment
* variables, to enable i.e Lynx compliance:
*
@@ -4871,62 +4870,46 @@ static char *detect_proxy(struct connectdata *conn)
* For compatibility, the all-uppercase versions of these variables are
* checked if the lowercase versions don't exist.
*/
- char *no_proxy=NULL;
char proxy_env[128];
+ const char *protop = conn->handler->scheme;
+ char *envp = proxy_env;
+ char *prox;
- no_proxy=curl_getenv("no_proxy");
- if(!no_proxy)
- no_proxy=curl_getenv("NO_PROXY");
-
- if(!check_noproxy(conn->host.name, no_proxy)) {
- /* It was not listed as without proxy */
- const char *protop = conn->handler->scheme;
- char *envp = proxy_env;
- char *prox;
+ /* Now, build <protocol>_proxy and check for such a one to use */
+ while(*protop)
+ *envp++ = (char)tolower((int)*protop++);
- /* Now, build <protocol>_proxy and check for such a one to use */
- while(*protop)
- *envp++ = (char)tolower((int)*protop++);
+ /* append _proxy */
+ strcpy(envp, "_proxy");
- /* append _proxy */
- strcpy(envp, "_proxy");
+ /* read the protocol proxy: */
+ prox=curl_getenv(proxy_env);
- /* read the protocol proxy: */
+ /*
+ * We don't try the uppercase version of HTTP_PROXY because of
+ * security reasons:
+ *
+ * When curl is used in a webserver application
+ * environment (cgi or php), this environment variable can
+ * be controlled by the web server user by setting the
+ * http header 'Proxy:' to some value.
+ *
+ * This can cause 'internal' http/ftp requests to be
+ * arbitrarily redirected by any external attacker.
+ */
+ if(!prox && !strcasecompare("http_proxy", proxy_env)) {
+ /* There was no lowercase variable, try the uppercase version: */
+ Curl_strntoupper(proxy_env, proxy_env, sizeof(proxy_env));
prox=curl_getenv(proxy_env);
+ }
- /*
- * We don't try the uppercase version of HTTP_PROXY because of
- * security reasons:
- *
- * When curl is used in a webserver application
- * environment (cgi or php), this environment variable can
- * be controlled by the web server user by setting the
- * http header 'Proxy:' to some value.
- *
- * This can cause 'internal' http/ftp requests to be
- * arbitrarily redirected by any external attacker.
- */
- if(!prox && !strcasecompare("http_proxy", proxy_env)) {
- /* There was no lowercase variable, try the uppercase version: */
- Curl_strntoupper(proxy_env, proxy_env, sizeof(proxy_env));
- prox=curl_getenv(proxy_env);
- }
-
- if(prox)
- proxy = prox; /* use this */
- else {
- proxy = curl_getenv("all_proxy"); /* default proxy to use */
- if(!proxy)
- proxy=curl_getenv("ALL_PROXY");
- }
- } /* if(!check_noproxy(conn->host.name, no_proxy)) - it wasn't specified
- non-proxy */
- free(no_proxy);
-
-#else /* !CURL_DISABLE_HTTP */
-
- (void)conn;
-#endif /* CURL_DISABLE_HTTP */
+ if(prox)
+ proxy = prox; /* use this */
+ else {
+ proxy = curl_getenv("all_proxy"); /* default proxy to use */
+ if(!proxy)
+ proxy=curl_getenv("ALL_PROXY");
+ }
return proxy;
}
@@ -6267,7 +6250,13 @@ static CURLcode create_conn(struct Curl_easy *data,
Curl_safefree(socksproxy);
}
else if(!proxy && !socksproxy)
- proxy = detect_proxy(conn);
+#ifndef CURL_DISABLE_HTTP
+ /* if the host is not in the noproxy list, detect proxy. */
+ if(!check_noproxy(conn->host.name, no_proxy))
+ proxy = detect_proxy(conn);
+#else /* !CURL_DISABLE_HTTP */
+ proxy = NULL;
+#endif /* CURL_DISABLE_HTTP */
Curl_safefree(no_proxy);
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 82/173: sws: use SOCKERRNO, not errno, (continued)
- [GNUnet-SVN] [gnurl] 82/173: sws: use SOCKERRNO, not errno, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 60/173: write-out.d: 'time_total' is not always shown with ms precision, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 63/173: THANKS-filter: Jiri Malak, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 56/173: CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char*, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 120/173: polarssl, mbedtls: Fix detection of pending data, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 30/173: wolfssl: support setting cipher list, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 81/173: KNOWN_BUGS: HTTP/2 server push enabled when no pushes can be accepted, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 85/173: vtls: fix PolarSSL non-blocking handling, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 80/173: *.rc: escape non-ASCII/non-UTF-8 character for clarity, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 64/173: addrinfo: fix compiler warning on offsetof() use, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 51/173: url: Refactor detect_proxy(),
gnunet <=
- [GNUnet-SVN] [gnurl] 50/173: url: Fix NO_PROXY env var to work properly with --proxy option., gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 68/173: TODO: send only part of --data, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 61/173: unix_socket: add support for abstract unix domain socket, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 92/173: telnet: fix windows compiler warnings, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 84/173: vtls: fix mbedtls multi non blocking handshake., gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 104/173: cmake: Support curl --xattr when built with cmake, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 76/173: parseurl: move back buffer to function scope, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 77/173: usercertinmem.c: improve the short description, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 101/173: docs: we no longer ship HTML versions of man pages, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 96/173: polarssl: fix hangs, gnunet, 2017/02/24