LaserEyess [Sun, 17 Mar 2019 14:37:52 +0000 (10:37 -0400)]
Parse session-id header case-insensitively (#765)
RFC 2616 defines headers as case-insensitive, so if rpc is behind a
reverse proxy that lowers the case of headers, transmission will not
parse them correctly.
A new wrapper function, `tr_strcasestr` is added to
libtransmission/utils.c to allow for comparisons of headers case
insensitively, and checks in cmake and autogen are included.
Mike Gelfand [Sun, 17 Mar 2019 06:15:35 +0000 (09:15 +0300)]
Define each identifier in a dedicated statement
* MISRA C++:2008, 8-0-1 - An init-declarator-list or a member-declarator-list
shall consist of a single init-declarator or member-declarator respectively
* CERT, DCL52-J. - Do not declare more than one variable per declaration
* CERT, DCL04-C. - Do not declare more than one variable per declaration
Mike Gelfand [Sun, 17 Mar 2019 06:09:08 +0000 (09:09 +0300)]
Remove side effects from right hand operands of && or ||
* MISRA C:2004, 12.4 - The right-hand operand of a logical && or || operator
shall not contain side effects.
* MISRA C++:2008, 5-14-1 - The right hand operand of a logical && or ||
operator shall not contain side effects.
* MISRA C:2012, 13.5 - The right hand operand of a logical && or || operator
shall not contain persistent side effects
* CERT, EXP02-C. - Be aware of the short-circuit behavior of the logical AND
and OR operators
Mike Gelfand [Sun, 17 Mar 2019 05:00:15 +0000 (08:00 +0300)]
Extract assignments from expression
Assignments explicitly enclosed in parentheses are ignored.
* MISRA C:2004, 13.1 - Assignment operators shall not be used in expressions
that yield a Boolean value
* MISRA C++:2008, 6-2-1 - Assignment operators shall not be used in
sub-expressions
* MISRA C:2012, 13.4 - The result of an assignment operator should not be used
* MITRE, CWE-481 - Assigning instead of Comparing
* CERT, EXP45-C. - Do not perform assignments in selection statements
* CERT, EXP51-J. - Do not perform assignments in conditional expressions
Mike Gelfand [Sun, 17 Mar 2019 04:07:48 +0000 (07:07 +0300)]
Uppercase the literal suffixes
* MISRA C++:2008, 2-13-4 - Literal suffixes shall be upper case
* MISRA C:2012, 7.3 - The lowercase character "l" shall not be used in a
literal suffix
* CERT DCL16-C. - Use "L," not "l," to indicate a long value
* CERT, DCL50-J. - Use visually distinct identifiers
Mike Gelfand [Wed, 13 Mar 2019 02:32:35 +0000 (05:32 +0300)]
Attempt to explain something to Coverity
I'm seeing 7 potentially false reported issues re. use of uninitialized buffer
data here. It seems that `read` function should be properly supported by
Coverity, but maybe it can't figure out the postconditions of it properly...
Walking in the dark here.
Charles Kerr [Mon, 18 Feb 2019 22:38:24 +0000 (22:38 +0000)]
fix: Coverity warnings (#842)
* Silence coverity CHECKED_RETURN on added.f load
The existing code behaved alright since added.f is optional.
However, by testing for success we can both silence the warning
and prevent a useless initialization of NULL/0 to added_f and
added_f_length.
* Silence coverity CHECKED_RETURN on added6.f load
saveStringFunc() gets the target string by calling tr_variantGetStr().
It previously didn't check to see if this function succeeded because
saveStringFunc() isn't reached without the type already being known.
However, checking the return value costs nothing and makes Coverity happy.
* Silence coverity CHECKED_RETURN on ut metadata
Like earlier few Coverity commits in this PR, we're handling optional
values by declaring stack locals set to the default (e.g. -1) and then
trying to read the variant.
Unlike the earlier commits, there is a two-part step to thise read:
checking for the metadata, then checking for the individual fields.
The earlier fixes' aproach -- e.g. initializing to -1 only if the reads
failed -- would involve new nested conditionals. I find the new complexity
to outweigh the benefit of removing the dead store, so in this case I'm
casting the return value to `(void)` to tell Coverity to shush.
* Silence coverity CHECKED_RETURN on scrape
Check the return value of tr_variantGetInt() when showing
seeder and leecher counts in transmission-show.
* Silence CHECKED_RETURN on rpc recently-active
When building a list of removed torrent IDs from variants, confirm that
we can read the IDs from the variants before adding them to the list.
I don't _think_ this would have failed before, but Coverity's right that
it's reasonable to add a safeguard here.
* fix: better fix to serializing benc strings
The approach in 33e2ece7e5bc261566ae9e8db57be0b3247508d1 was
a little problematic: GetString() shouldn't fail here; but if
it somehow did, we still want to encode a zero-length benc string here.
Charles Kerr [Sat, 16 Feb 2019 20:19:38 +0000 (15:19 -0500)]
feat: make multiscrape limits adaptive (#837)
* feat: make multiscrape limits adaptive
Previously hardcoded by TR_MULTISCRAPE_MAX. This change makes
that the initial value, then incrementally lowers the value
when multiscrapes get "req too long" style errors.
* fix: don't log personal announce url
* chore: treat HTTP 400 as scrape-too-long
* chore: copyediting
* chore: copyediting
* move 'const' to the right of the type
* make conditional tests explicitly boolean
* make 'key' const
* don't lookup a value we already have
* make an array for known too-big scrape error messages
* improved multiscrape throttle logging
* fix: multiscraping of low numbers of torrents
Handle the case of getting a 'multiscrape too big' error message
back even if the user fewer than TR_MULTISCRAPE_MAX torrents.
* uncrustify
* fix oops
* refactor: remove TR_MULTISCRAPE_MIN
Is there any reason to have a minimum batch size?
* make test explicit boolean
Co-Authored-By: ckerr <ckerr@github.com>
* improve declaration of too_long_errors
Co-Authored-By: ckerr <ckerr@github.com>
* make test explicitly boolean
Co-Authored-By: ckerr <ckerr@github.com>
* make test explicitly boolean
Co-Authored-By: ckerr <ckerr@github.com>
* improve looping decl of too_long_errors
Charles Kerr [Sat, 2 Feb 2019 03:59:17 +0000 (21:59 -0600)]
fix: update the resume file before running scripts
This is useful if the client script is going to access
the .resume file. Ensuring an up-to-date .resume file
means that user scripts will be able to access it.
Mingye Wang [Sat, 13 Oct 2018 21:20:40 +0000 (17:20 -0400)]
Support CIDR-notated blocklists
This commit adds a new blocklist line format, namely individual IPv4
CIDR ranges separated by newlines. Text put after each entry is ignored
by sscanf, so feel free to put any kind of comments there.
Mike Gelfand [Sun, 30 Sep 2018 10:37:30 +0000 (13:37 +0300)]
Fix build with Xcode 10
For some reason, Mac client is the only project that references
libtransmission files as if they were a part of its own project, and
inconsistently so. Make the include/import style uniform an in line with
other projects.
Adjust Mac client include directory settings a bit along the way.