tests: verify newline in username and password for HTTP

test 1296 is a simply command line test test 1910 is a libcurl test including a redirect
2024-11-04 16:45:06 -05:00 · 2020-06-20 00:04:08 +02:00 · 2020-06-20 00:04:08 +02:00 · 8acfb932ef
commit 8acfb932ef
parent d5ed571948
5 changed files with 178 additions and 2 deletions
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@ -156,6 +156,7 @@ test1268 test1269 test1270 test1271 \
 \
 test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 \
 test1288 test1289 test1290 test1291 test1292 test1293 test1294 test1295 \
+test1296 \
 \
 test1298 test1299 test1300 test1301 test1302 test1303 test1304 test1305 \
 test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \
@ -207,7 +208,7 @@ test1700 test1701 test1702 \
 test1800 test1801 \
 \
 test1900 test1901 test1902 test1903 test1904 test1905 test1906 test1907 \
-test1908 test1909 \
+test1908 test1909 test1910 \
 \
 test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 \
 test2008 test2009 test2010 test2011 test2012 test2013 test2014 test2015 \
--- a/tests/data/test1296
+++ b/tests/data/test1296
@ -0,0 +1,56 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP Basic
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+
+<name>
+HTTP URL with %0a in name part
+</name>
+
+<command>
+http://user%0aname:password@%HOSTIP:%HTTPPORT/1296
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /1296 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Authorization: Basic dXNlcgpuYW1lOnBhc3N3b3Jk
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
+
--- a/tests/data/test1910
+++ b/tests/data/test1910
@ -0,0 +1,68 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP Basic
+CURLOPT_FOLLOWLOCATION
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data nocheck="yes">
+HTTP/1.1 302 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 0
+Location: /19100002
+
+</data>
+<data2>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 4
+
+hej
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+
+<name>
+HTTP credentials with newline and redirect
+</name>
+<tool>
+lib1910
+</tool>
+
+<command>
+%HOSTIP:%HTTPPORT/1910
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /1910 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Authorization: Basic dXNlcgpuYW1lOnBhc3MKd29yZA==
+Accept: */*
+
+GET /19100002 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Authorization: Basic dXNlcgpuYW1lOnBhc3MKd29yZA==
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
--- a/tests/libtest/Makefile.inc
+++ b/tests/libtest/Makefile.inc
@ -58,7 +58,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect                \
 lib1550 lib1551 lib1552 lib1553 lib1554 lib1555 lib1556 lib1557 \
 lib1558 lib1559 lib1560 lib1564 lib1565 \
 lib1591 lib1592 lib1593 lib1594 lib1596 \
- lib1900 lib1905 lib1906 lib1907 lib1908 \
+ lib1900 lib1905 lib1906 lib1907 lib1908 lib1910 \
 lib2033

 chkdecimalpoint_SOURCES = chkdecimalpoint.c ../../lib/mprintf.c \
@ -634,6 +634,10 @@ lib1908_SOURCES = lib1908.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1908_LDADD = $(TESTUTIL_LIBS)
 lib1908_CPPFLAGS = $(AM_CPPFLAGS)

+lib1910_SOURCES = lib1910.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+lib1910_LDADD = $(TESTUTIL_LIBS)
+lib1910_CPPFLAGS = $(AM_CPPFLAGS)
+
 lib2033_SOURCES = libntlmconnect.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib2033_LDADD = $(TESTUTIL_LIBS)
 lib2033_CPPFLAGS = $(AM_CPPFLAGS) -DUSE_PIPELINING
--- a/tests/libtest/lib1910.c
+++ b/tests/libtest/lib1910.c
@ -0,0 +1,47 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2013 - 2020, Linus Nielsen Feltzing, <linus@haxx.se>
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "test.h"
+
+#include "testutil.h"
+#include "warnless.h"
+#include "memdebug.h"
+
+int test(char *URL)
+{
+  CURLcode ret = CURLE_OK;
+  CURL *hnd;
+  start_test_timing();
+
+  curl_global_init(CURL_GLOBAL_ALL);
+
+  hnd = curl_easy_init();
+  if(hnd) {
+    curl_easy_setopt(hnd, CURLOPT_URL, URL);
+    curl_easy_setopt(hnd, CURLOPT_NOPROGRESS, 1L);
+    curl_easy_setopt(hnd, CURLOPT_FOLLOWLOCATION, 1L);
+    curl_easy_setopt(hnd, CURLOPT_USERPWD, "user\nname:pass\nword");
+    ret = curl_easy_perform(hnd);
+    curl_easy_cleanup(hnd);
+  }
+  curl_global_cleanup();
+  return (int)ret;
+}