Re: unbreak curl no_proxy

Christian Weisgerber Sun, 06 Nov 2022 07:20:31 -0800

Christian Weisgerber:

> > I've added https://github.com/curl/curl/issues/9842
> 
> So we wait?


Here's a diff with the accumulated noproxy fixes, including the
lastest suggested "tailmatch like in 7.85.0 and earlier".

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/curl/Makefile,v
retrieving revision 1.174
diff -u -p -r1.174 Makefile
--- Makefile    28 Oct 2022 17:59:06 -0000      1.174
+++ Makefile    6 Nov 2022 15:18:15 -0000
@@ -1,6 +1,7 @@
 COMMENT=       transfer files with FTP, HTTP, HTTPS, etc.
 
 DISTNAME=      curl-7.86.0
+REVISION=      0
 SHARED_LIBS=   curl                 26.17    # 12.0
 CATEGORIES=    net
 HOMEPAGE=      https://curl.se/
Index: patches/patch-lib_noproxy_c
===================================================================
RCS file: patches/patch-lib_noproxy_c
diff -N patches/patch-lib_noproxy_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-lib_noproxy_c 6 Nov 2022 15:18:15 -0000
@@ -0,0 +1,95 @@
+noproxy: also match with adjacent comma
+https://github.com/curl/curl/commit/efc286b7a62af0568fdcbf3c68791c9955182128
+
+noproxy: fix tail-matching
+https://github.com/curl/curl/commit/b830f9ba9e94acf672cd191993ff679fa888838b
+
+noproxy: tailmatch like in 7.85.0 and earlier
+
+Index: lib/noproxy.c
+--- lib/noproxy.c.orig
++++ lib/noproxy.c
+@@ -149,9 +149,14 @@ bool Curl_check_noproxy(const char *name, const char *
+     }
+     else {
+       unsigned int address;
++      namelen = strlen(name);
+       if(1 == Curl_inet_pton(AF_INET, name, &address))
+         type = TYPE_IPV4;
+-      namelen = strlen(name);
++      else {
++        /* ignore trailing dots in the host name */
++        if(name[namelen - 1] == '.')
++          namelen--;
++      }
+     }
+ 
+     while(*p) {
+@@ -173,33 +178,50 @@ bool Curl_check_noproxy(const char *name, const char *
+       if(tokenlen) {
+         switch(type) {
+         case TYPE_HOST:
+-          if(*token == '.') {
+-            ++token;
+-            --tokenlen;
+-            /* tailmatch */
+-            match = (tokenlen <= namelen) &&
+-              strncasecompare(token, name + (namelen - tokenlen), namelen);
++          /* ignore trailing dots in the token to check */
++          if(token[tokenlen - 1] == '.')
++            tokenlen--;
++
++          if(tokenlen && (*token == '.')) {
++            /* ignore leading token dot as well */
++            token++;
++            tokenlen--;
+           }
+-          else
+-            match = (tokenlen == namelen) &&
+-              strncasecompare(token, name, namelen);
++          /* A: example.com matches 'example.com'
++             B: www.example.com matches 'example.com'
++             C: nonexample.com DOES NOT match 'example.com'
++          */
++          if(tokenlen == namelen)
++            /* case A, exact match */
++            match = strncasecompare(token, name, namelen);
++          else if(tokenlen < namelen) {
++            /* case B, tailmatch domain */
++            match = (name[namelen - tokenlen - 1] == '.') &&
++              strncasecompare(token, name + (namelen - tokenlen),
++                              tokenlen);
++          }
++          /* case C passes through, not a match */
+           break;
+         case TYPE_IPV4:
+           /* FALLTHROUGH */
+         case TYPE_IPV6: {
+           const char *check = token;
+-          char *slash = strchr(check, '/');
++          char *slash;
+           unsigned int bits = 0;
+           char checkip[128];
++          if(tokenlen >= sizeof(checkip))
++            /* this cannot match */
++            break;
++          /* copy the check name to a temp buffer */
++          memcpy(checkip, check, tokenlen);
++          checkip[tokenlen] = 0;
++          check = checkip;
++
++          slash = strchr(check, '/');
+           /* if the slash is part of this token, use it */
+-          if(slash && (slash < &check[tokenlen])) {
++          if(slash) {
+             bits = atoi(slash + 1);
+-            /* copy the check name to a temp buffer */
+-            if(tokenlen >= sizeof(checkip))
+-              break;
+-            memcpy(checkip, check, tokenlen);
+-            checkip[ slash - check ] = 0;
+-            check = checkip;
++            *slash = 0; /* null terminate there */
+           }
+           if(type == TYPE_IPV6)
+             match = Curl_cidr6_match(name, check, bits);
Index: patches/patch-m4_curl-compilers_m4
===================================================================
RCS file: /cvs/ports/net/curl/patches/patch-m4_curl-compilers_m4,v
retrieving revision 1.5
diff -u -p -r1.5 patch-m4_curl-compilers_m4
--- patches/patch-m4_curl-compilers_m4  30 Jun 2022 18:11:25 -0000      1.5
+++ patches/patch-m4_curl-compilers_m4  6 Nov 2022 15:18:15 -0000
@@ -9,7 +9,7 @@ Do not override optimization flags in CF
 Index: m4/curl-compilers.m4
 --- m4/curl-compilers.m4.orig
 +++ m4/curl-compilers.m4
-@@ -693,7 +693,7 @@ AC_DEFUN([CURL_SET_COMPILER_OPTIMIZE_OPTS], [
+@@ -695,7 +695,7 @@ AC_DEFUN([CURL_SET_COMPILER_OPTIMIZE_OPTS], [
      tmp_options=""
      tmp_CFLAGS="$CFLAGS"
      tmp_CPPFLAGS="$CPPFLAGS"
-- 
Christian "naddy" Weisgerber                          na...@mips.inka.de

Re: unbreak curl no_proxy

Reply via email to