On 2022/11/06 16:20, Christian Weisgerber wrote:
> Christian Weisgerber:
>
> > > I've added https://github.com/curl/curl/issues/9842
> >
> > So we wait?
>
> Here's a diff with the accumulated noproxy fixes, including the
> lastest suggested "tailmatch like in 7.85.0 and earlier".
Thanks. OK
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/net/curl/Makefile,v
> retrieving revision 1.174
> diff -u -p -r1.174 Makefile
> --- Makefile 28 Oct 2022 17:59:06 -0000 1.174
> +++ Makefile 6 Nov 2022 15:18:15 -0000
> @@ -1,6 +1,7 @@
> COMMENT= transfer files with FTP, HTTP, HTTPS, etc.
>
> DISTNAME= curl-7.86.0
> +REVISION= 0
> SHARED_LIBS= curl 26.17 # 12.0
> CATEGORIES= net
> HOMEPAGE= https://curl.se/
> Index: patches/patch-lib_noproxy_c
> ===================================================================
> RCS file: patches/patch-lib_noproxy_c
> diff -N patches/patch-lib_noproxy_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-lib_noproxy_c 6 Nov 2022 15:18:15 -0000
> @@ -0,0 +1,95 @@
> +noproxy: also match with adjacent comma
> +https://github.com/curl/curl/commit/efc286b7a62af0568fdcbf3c68791c9955182128
> +
> +noproxy: fix tail-matching
> +https://github.com/curl/curl/commit/b830f9ba9e94acf672cd191993ff679fa888838b
> +
> +noproxy: tailmatch like in 7.85.0 and earlier
> +
> +Index: lib/noproxy.c
> +--- lib/noproxy.c.orig
> ++++ lib/noproxy.c
> +@@ -149,9 +149,14 @@ bool Curl_check_noproxy(const char *name, const char *
> + }
> + else {
> + unsigned int address;
> ++ namelen = strlen(name);
> + if(1 == Curl_inet_pton(AF_INET, name, &address))
> + type = TYPE_IPV4;
> +- namelen = strlen(name);
> ++ else {
> ++ /* ignore trailing dots in the host name */
> ++ if(name[namelen - 1] == '.')
> ++ namelen--;
> ++ }
> + }
> +
> + while(*p) {
> +@@ -173,33 +178,50 @@ bool Curl_check_noproxy(const char *name, const char *
> + if(tokenlen) {
> + switch(type) {
> + case TYPE_HOST:
> +- if(*token == '.') {
> +- ++token;
> +- --tokenlen;
> +- /* tailmatch */
> +- match = (tokenlen <= namelen) &&
> +- strncasecompare(token, name + (namelen - tokenlen), namelen);
> ++ /* ignore trailing dots in the token to check */
> ++ if(token[tokenlen - 1] == '.')
> ++ tokenlen--;
> ++
> ++ if(tokenlen && (*token == '.')) {
> ++ /* ignore leading token dot as well */
> ++ token++;
> ++ tokenlen--;
> + }
> +- else
> +- match = (tokenlen == namelen) &&
> +- strncasecompare(token, name, namelen);
> ++ /* A: example.com matches 'example.com'
> ++ B: www.example.com matches 'example.com'
> ++ C: nonexample.com DOES NOT match 'example.com'
> ++ */
> ++ if(tokenlen == namelen)
> ++ /* case A, exact match */
> ++ match = strncasecompare(token, name, namelen);
> ++ else if(tokenlen < namelen) {
> ++ /* case B, tailmatch domain */
> ++ match = (name[namelen - tokenlen - 1] == '.') &&
> ++ strncasecompare(token, name + (namelen - tokenlen),
> ++ tokenlen);
> ++ }
> ++ /* case C passes through, not a match */
> + break;
> + case TYPE_IPV4:
> + /* FALLTHROUGH */
> + case TYPE_IPV6: {
> + const char *check = token;
> +- char *slash = strchr(check, '/');
> ++ char *slash;
> + unsigned int bits = 0;
> + char checkip[128];
> ++ if(tokenlen >= sizeof(checkip))
> ++ /* this cannot match */
> ++ break;
> ++ /* copy the check name to a temp buffer */
> ++ memcpy(checkip, check, tokenlen);
> ++ checkip[tokenlen] = 0;
> ++ check = checkip;
> ++
> ++ slash = strchr(check, '/');
> + /* if the slash is part of this token, use it */
> +- if(slash && (slash < &check[tokenlen])) {
> ++ if(slash) {
> + bits = atoi(slash + 1);
> +- /* copy the check name to a temp buffer */
> +- if(tokenlen >= sizeof(checkip))
> +- break;
> +- memcpy(checkip, check, tokenlen);
> +- checkip[ slash - check ] = 0;
> +- check = checkip;
> ++ *slash = 0; /* null terminate there */
> + }
> + if(type == TYPE_IPV6)
> + match = Curl_cidr6_match(name, check, bits);
> Index: patches/patch-m4_curl-compilers_m4
> ===================================================================
> RCS file: /cvs/ports/net/curl/patches/patch-m4_curl-compilers_m4,v
> retrieving revision 1.5
> diff -u -p -r1.5 patch-m4_curl-compilers_m4
> --- patches/patch-m4_curl-compilers_m4 30 Jun 2022 18:11:25 -0000 1.5
> +++ patches/patch-m4_curl-compilers_m4 6 Nov 2022 15:18:15 -0000
> @@ -9,7 +9,7 @@ Do not override optimization flags in CF
> Index: m4/curl-compilers.m4
> --- m4/curl-compilers.m4.orig
> +++ m4/curl-compilers.m4
> -@@ -693,7 +693,7 @@ AC_DEFUN([CURL_SET_COMPILER_OPTIMIZE_OPTS], [
> +@@ -695,7 +695,7 @@ AC_DEFUN([CURL_SET_COMPILER_OPTIMIZE_OPTS], [
> tmp_options=""
> tmp_CFLAGS="$CFLAGS"
> tmp_CPPFLAGS="$CPPFLAGS"
> --
> Christian "naddy" Weisgerber naddy@mips.inka.de
>
No comments:
Post a Comment