RFC 2616 defines headers as case-insensitive, so if rpc is behind a
reverse proxy that lowers the case of headers, transmission will not
parse them correctly.
A new wrapper function, `tr_strcasestr` is added to
libtransmission/utils.c to allow for comparisons of headers case
insensitively, and checks in cmake and autogen are included.
They are being discarded by server side with "ignoring disallowed
property" messages otherwise which leads to failed checks using those
properties.
Fixes: #451
* MISRA C++:2008, 8-0-1 - An init-declarator-list or a member-declarator-list
shall consist of a single init-declarator or member-declarator respectively
* CERT, DCL52-J. - Do not declare more than one variable per declaration
* CERT, DCL04-C. - Do not declare more than one variable per declaration
* MISRA C:2004, 12.4 - The right-hand operand of a logical && or || operator
shall not contain side effects.
* MISRA C++:2008, 5-14-1 - The right hand operand of a logical && or ||
operator shall not contain side effects.
* MISRA C:2012, 13.5 - The right hand operand of a logical && or || operator
shall not contain persistent side effects
* CERT, EXP02-C. - Be aware of the short-circuit behavior of the logical AND
and OR operators
Assignments explicitly enclosed in parentheses are ignored.
* MISRA C:2004, 13.1 - Assignment operators shall not be used in expressions
that yield a Boolean value
* MISRA C++:2008, 6-2-1 - Assignment operators shall not be used in
sub-expressions
* MISRA C:2012, 13.4 - The result of an assignment operator should not be used
* MITRE, CWE-481 - Assigning instead of Comparing
* CERT, EXP45-C. - Do not perform assignments in selection statements
* CERT, EXP51-J. - Do not perform assignments in conditional expressions
* MISRA C++:2008, 2-13-4 - Literal suffixes shall be upper case
* MISRA C:2012, 7.3 - The lowercase character "l" shall not be used in a
literal suffix
* CERT DCL16-C. - Use "L," not "l," to indicate a long value
* CERT, DCL50-J. - Use visually distinct identifiers
I'm seeing 7 potentially false reported issues re. use of uninitialized buffer
data here. It seems that `read` function should be properly supported by
Coverity, but maybe it can't figure out the postconditions of it properly...
Walking in the dark here.
Remove static assert altogether: it should have worked everywhere anyway,
otherwise there is no point.
Add a few casts here and there to ensure proper type for directory handle.
* Silence coverity CHECKED_RETURN on added.f load
The existing code behaved alright since added.f is optional.
However, by testing for success we can both silence the warning
and prevent a useless initialization of NULL/0 to added_f and
added_f_length.
* Silence coverity CHECKED_RETURN on added6.f load
ipv6 variant of previous commit.
* Silence coverity CHECKED_RETURN writing benc strs
saveStringFunc() gets the target string by calling tr_variantGetStr().
It previously didn't check to see if this function succeeded because
saveStringFunc() isn't reached without the type already being known.
However, checking the return value costs nothing and makes Coverity happy.
* Silence coverity CHECKED_RETURN on ut metadata
Like earlier few Coverity commits in this PR, we're handling optional
values by declaring stack locals set to the default (e.g. -1) and then
trying to read the variant.
Unlike the earlier commits, there is a two-part step to thise read:
checking for the metadata, then checking for the individual fields.
The earlier fixes' aproach -- e.g. initializing to -1 only if the reads
failed -- would involve new nested conditionals. I find the new complexity
to outweigh the benefit of removing the dead store, so in this case I'm
casting the return value to `(void)` to tell Coverity to shush.
* Silence coverity CHECKED_RETURN on scrape
Check the return value of tr_variantGetInt() when showing
seeder and leecher counts in transmission-show.
* Silence CHECKED_RETURN on rpc recently-active
When building a list of removed torrent IDs from variants, confirm that
we can read the IDs from the variants before adding them to the list.
I don't _think_ this would have failed before, but Coverity's right that
it's reasonable to add a safeguard here.
* fix: better fix to serializing benc strings
The approach in 33e2ece7e5 was
a little problematic: GetString() shouldn't fail here; but if
it somehow did, we still want to encode a zero-length benc string here.
* chore: make uncrustify happy
* applied changes from https://github.com/Elbandi/transmission/tree/elbandi/labels to official transmission repo
* Fix compilation errors
* Address review comments
Changed `tr_ptrArray* labels` to `tr_ptrArray labels`;
Removed tr_ptrArrayNew() tr_ptrArrayDup() tr_ptrArrayFree()
Use tr_strsep() to split string by delimiters
Update transmission-remote.1
Update rpc-spec.txt
* Fix warning, address comments
* Rebase, fix formatting and address comments
Use uncrustify to format changed files
Fix "const <type>" -> "<type> const"
Fix small comments
* Lock torrent for setLabels, check for duplicates
* Check for empty labels in daemon
* Stop on first error
* feat: make multiscrape limits adaptive
Previously hardcoded by TR_MULTISCRAPE_MAX. This change makes
that the initial value, then incrementally lowers the value
when multiscrapes get "req too long" style errors.
* fix: don't log personal announce url
* chore: treat HTTP 400 as scrape-too-long
* chore: copyediting
* chore: copyediting
* move 'const' to the right of the type
* make conditional tests explicitly boolean
* make 'key' const
* don't lookup a value we already have
* make an array for known too-big scrape error messages
* improved multiscrape throttle logging
* fix: multiscraping of low numbers of torrents
Handle the case of getting a 'multiscrape too big' error message
back even if the user fewer than TR_MULTISCRAPE_MAX torrents.
* uncrustify
* fix oops
* refactor: remove TR_MULTISCRAPE_MIN
Is there any reason to have a minimum batch size?
* make test explicit boolean
Co-Authored-By: ckerr <ckerr@github.com>
* improve declaration of too_long_errors
Co-Authored-By: ckerr <ckerr@github.com>
* make test explicitly boolean
Co-Authored-By: ckerr <ckerr@github.com>
* make test explicitly boolean
Co-Authored-By: ckerr <ckerr@github.com>
* improve looping decl of too_long_errors
This is useful if the client script is going to access
the .resume file. Ensuring an up-to-date .resume file
means that user scripts will be able to access it.
Mike Gelfand