| yuezonghe | 824eb0c | 2024-06-27 02:32:26 -0700 | [diff] [blame^] | 1 | /*************************************************************************** |
| 2 | * _ _ ____ _ |
| 3 | * Project ___| | | | _ \| | |
| 4 | * / __| | | | |_) | | |
| 5 | * | (__| |_| | _ <| |___ |
| 6 | * \___|\___/|_| \_\_____| |
| 7 | * |
| 8 | * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. |
| 9 | * |
| 10 | * This software is licensed as described in the file COPYING, which |
| 11 | * you should have received as part of this distribution. The terms |
| 12 | * are also available at https://curl.haxx.se/docs/copyright.html. |
| 13 | * |
| 14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
| 15 | * copies of the Software, and permit persons to whom the Software is |
| 16 | * furnished to do so, under the terms of the COPYING file. |
| 17 | * |
| 18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
| 19 | * KIND, either express or implied. |
| 20 | * |
| 21 | ***************************************************************************/ |
| 22 | #include "tool_setup.h" |
| 23 | |
| 24 | #include "strcase.h" |
| 25 | |
| 26 | #define ENABLE_CURLX_PRINTF |
| 27 | /* use our own printf() functions */ |
| 28 | #include "curlx.h" |
| 29 | |
| 30 | #include "tool_cfgable.h" |
| 31 | #include "tool_doswin.h" |
| 32 | #include "tool_msgs.h" |
| 33 | #include "tool_cb_hdr.h" |
| 34 | |
| 35 | #include "memdebug.h" /* keep this as LAST include */ |
| 36 | |
| 37 | static char *parse_filename(const char *ptr, size_t len); |
| 38 | |
| 39 | /* |
| 40 | ** callback for CURLOPT_HEADERFUNCTION |
| 41 | */ |
| 42 | |
| 43 | size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata) |
| 44 | { |
| 45 | struct HdrCbData *hdrcbdata = userdata; |
| 46 | struct OutStruct *outs = hdrcbdata->outs; |
| 47 | struct OutStruct *heads = hdrcbdata->heads; |
| 48 | const char *str = ptr; |
| 49 | const size_t cb = size * nmemb; |
| 50 | const char *end = (char *)ptr + cb; |
| 51 | char *url = NULL; |
| 52 | |
| 53 | /* |
| 54 | * Once that libcurl has called back tool_header_cb() the returned value |
| 55 | * is checked against the amount that was intended to be written, if |
| 56 | * it does not match then it fails with CURLE_WRITE_ERROR. So at this |
| 57 | * point returning a value different from sz*nmemb indicates failure. |
| 58 | */ |
| 59 | size_t failure = (size && nmemb) ? 0 : 1; |
| 60 | |
| 61 | if(!heads->config) |
| 62 | return failure; |
| 63 | |
| 64 | #ifdef DEBUGBUILD |
| 65 | if(size * nmemb > (size_t)CURL_MAX_HTTP_HEADER) { |
| 66 | warnf(heads->config->global, "Header data exceeds single call write " |
| 67 | "limit!\n"); |
| 68 | return failure; |
| 69 | } |
| 70 | #endif |
| 71 | |
| 72 | /* |
| 73 | * Write header data when curl option --dump-header (-D) is given. |
| 74 | */ |
| 75 | |
| 76 | if(heads->config->headerfile && heads->stream) { |
| 77 | size_t rc = fwrite(ptr, size, nmemb, heads->stream); |
| 78 | if(rc != cb) |
| 79 | return rc; |
| 80 | /* flush the stream to send off what we got earlier */ |
| 81 | (void)fflush(heads->stream); |
| 82 | } |
| 83 | |
| 84 | /* |
| 85 | * This callback sets the filename where output shall be written when |
| 86 | * curl options --remote-name (-O) and --remote-header-name (-J) have |
| 87 | * been simultaneously given and additionally server returns an HTTP |
| 88 | * Content-Disposition header specifying a filename property. |
| 89 | */ |
| 90 | |
| 91 | if(hdrcbdata->honor_cd_filename && |
| 92 | (cb > 20) && checkprefix("Content-disposition:", str) && |
| 93 | !curl_easy_getinfo(outs->config->easy, CURLINFO_EFFECTIVE_URL, &url) && |
| 94 | url && (checkprefix("http://", url) || checkprefix("https://", url))) { |
| 95 | const char *p = str + 20; |
| 96 | |
| 97 | /* look for the 'filename=' parameter |
| 98 | (encoded filenames (*=) are not supported) */ |
| 99 | for(;;) { |
| 100 | char *filename; |
| 101 | size_t len; |
| 102 | |
| 103 | while(*p && (p < end) && !ISALPHA(*p)) |
| 104 | p++; |
| 105 | if(p > end - 9) |
| 106 | break; |
| 107 | |
| 108 | if(memcmp(p, "filename=", 9)) { |
| 109 | /* no match, find next parameter */ |
| 110 | while((p < end) && (*p != ';')) |
| 111 | p++; |
| 112 | continue; |
| 113 | } |
| 114 | p += 9; |
| 115 | |
| 116 | /* this expression below typecasts 'cb' only to avoid |
| 117 | warning: signed and unsigned type in conditional expression |
| 118 | */ |
| 119 | len = (ssize_t)cb - (p - str); |
| 120 | filename = parse_filename(p, len); |
| 121 | if(filename) { |
| 122 | outs->filename = filename; |
| 123 | outs->alloc_filename = TRUE; |
| 124 | outs->is_cd_filename = TRUE; |
| 125 | outs->s_isreg = TRUE; |
| 126 | outs->fopened = FALSE; |
| 127 | outs->stream = NULL; |
| 128 | hdrcbdata->honor_cd_filename = FALSE; |
| 129 | break; |
| 130 | } |
| 131 | return failure; |
| 132 | } |
| 133 | } |
| 134 | |
| 135 | return cb; |
| 136 | } |
| 137 | |
| 138 | /* |
| 139 | * Copies a file name part and returns an ALLOCATED data buffer. |
| 140 | */ |
| 141 | static char *parse_filename(const char *ptr, size_t len) |
| 142 | { |
| 143 | char *copy; |
| 144 | char *p; |
| 145 | char *q; |
| 146 | char stop = '\0'; |
| 147 | |
| 148 | /* simple implementation of strndup() */ |
| 149 | copy = malloc(len+1); |
| 150 | if(!copy) |
| 151 | return NULL; |
| 152 | memcpy(copy, ptr, len); |
| 153 | copy[len] = '\0'; |
| 154 | |
| 155 | p = copy; |
| 156 | if(*p == '\'' || *p == '"') { |
| 157 | /* store the starting quote */ |
| 158 | stop = *p; |
| 159 | p++; |
| 160 | } |
| 161 | else |
| 162 | stop = ';'; |
| 163 | |
| 164 | /* if the filename contains a path, only use filename portion */ |
| 165 | q = strrchr(copy, '/'); |
| 166 | if(q) { |
| 167 | p = q + 1; |
| 168 | if(!*p) { |
| 169 | Curl_safefree(copy); |
| 170 | return NULL; |
| 171 | } |
| 172 | } |
| 173 | |
| 174 | /* If the filename contains a backslash, only use filename portion. The idea |
| 175 | is that even systems that don't handle backslashes as path separators |
| 176 | probably want the path removed for convenience. */ |
| 177 | q = strrchr(p, '\\'); |
| 178 | if(q) { |
| 179 | p = q + 1; |
| 180 | if(!*p) { |
| 181 | Curl_safefree(copy); |
| 182 | return NULL; |
| 183 | } |
| 184 | } |
| 185 | |
| 186 | /* scan for the end letter and stop there */ |
| 187 | for(q = p; *q; ++q) { |
| 188 | if(*q == stop) { |
| 189 | *q = '\0'; |
| 190 | break; |
| 191 | } |
| 192 | } |
| 193 | |
| 194 | /* make sure the file name doesn't end in \r or \n */ |
| 195 | q = strchr(p, '\r'); |
| 196 | if(q) |
| 197 | *q = '\0'; |
| 198 | |
| 199 | q = strchr(p, '\n'); |
| 200 | if(q) |
| 201 | *q = '\0'; |
| 202 | |
| 203 | if(copy != p) |
| 204 | memmove(copy, p, strlen(p) + 1); |
| 205 | |
| 206 | #if defined(MSDOS) || defined(WIN32) |
| 207 | { |
| 208 | char *sanitized; |
| 209 | SANITIZEcode sc = sanitize_file_name(&sanitized, copy, 0); |
| 210 | Curl_safefree(copy); |
| 211 | if(sc) |
| 212 | return NULL; |
| 213 | copy = sanitized; |
| 214 | } |
| 215 | #endif /* MSDOS || WIN32 */ |
| 216 | |
| 217 | /* in case we built debug enabled, we allow an environment variable |
| 218 | * named CURL_TESTDIR to prefix the given file name to put it into a |
| 219 | * specific directory |
| 220 | */ |
| 221 | #ifdef DEBUGBUILD |
| 222 | { |
| 223 | char *tdir = curlx_getenv("CURL_TESTDIR"); |
| 224 | if(tdir) { |
| 225 | char buffer[512]; /* suitably large */ |
| 226 | snprintf(buffer, sizeof(buffer), "%s/%s", tdir, copy); |
| 227 | Curl_safefree(copy); |
| 228 | copy = strdup(buffer); /* clone the buffer, we don't use the libcurl |
| 229 | aprintf() or similar since we want to use the |
| 230 | same memory code as the "real" parse_filename |
| 231 | function */ |
| 232 | curl_free(tdir); |
| 233 | } |
| 234 | } |
| 235 | #endif |
| 236 | |
| 237 | return copy; |
| 238 | } |
| 239 | |