1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-24 17:18:48 -05:00
Commit Graph

4095 Commits

Author SHA1 Message Date
Daniel Stenberg
5e17a5f6cf
test1154: verify that long HTTP headers get rejected 2018-02-16 22:51:59 +01:00
Björn Stenberg
b46cfbc068
TODO fixed: Detect when called from within callbacks
Closes #2302
2018-02-15 09:36:03 +01:00
Patrick Monnerat
e551910f8a tests: new tests for http raw mode
Test 319 checks proper raw mode data with non-chunked gzip
transfer-encoded server data.
Test 326 checks raw mode with chunked server data.

Bug: #2303
Closes #2308
2018-02-13 01:44:57 +01:00
Patrick Monnerat
62cf2d180e smtp: fix processing of initial dot in data
RFC 5321 4.1.1.4 specifies the CRLF terminating the DATA command
should be taken into account when chasing the <CRLF>.<CRLF> end marker.
Thus a leading dot character in data is also subject to escaping.

Tests 911 and test server are adapted to this situation.
New tests 951 and 952 check proper handling of initial dot in data.

Closes #2304
2018-02-12 16:43:15 +01:00
Patrick Monnerat
da5f4b1d84 fnmatch: pattern syntax can no longer fail
Whenever an expected pattern syntax rule cannot be matched, the
character starting the rule loses its special meaning and the parsing
is resumed:
- backslash at the end of pattern string matches itself.
- Error in [:keyword:] results in set containing :\[dekorwy.

Unit test 1307 updated for this new situation.

Closes #2273
2018-01-31 01:17:35 +01:00
Patrick Monnerat
fcaa1826bd fnmatch: accept an alphanum to be followed by a non-alphanum in char set
Also be more tolerant about set pattern syntax.
Update unit test 1307 accordingly.

Bug: https://curl.haxx.se/mail/lib-2018-01/0114.html
2018-01-31 01:17:35 +01:00
Patrick Monnerat
19abad095c fnmatch: do not match the empty string with a character set 2018-01-31 01:17:35 +01:00
Daniel Stenberg
4272a0b0fc
curl_ctype: private is*() type macros and functions
... since the libc provided one are locale dependent in a way we don't
want. Also, the "native" isalnum() (for example) works differently on
different platforms which caused test 1307 failures on macos only.

Closes #2269
2018-01-29 22:56:43 +01:00
Patrick Monnerat
bd5b9e50ce lib555: drop text conversion and encode data as ascii codes
If CURL_DOES_CONVERSION is enabled, uploaded LFs are mapped to CRLFs,
giving a result that is different from what is expected.
This commit avoids using CURLOPT_TRANSFERTEXT and directly encodes data
to upload in ascii.

Bug: https://github.com/curl/curl/pull/1872
2018-01-26 17:45:20 +01:00
Daniel Stenberg
a6b611f0d0
lib517: make variable static to avoid compiler warning
... with clang on macos
2018-01-26 16:51:08 +01:00
Patrick Monnerat
d3db7bc72d lib544: sync ascii code data with textual data
Data mismatch caused test 545 to fail when character encoding
conversion is enabled.

Bug: https://github.com/curl/curl/pull/1872
2018-01-26 15:53:22 +01:00
Daniel Stenberg
1c39128d97
parsedate: fix date parsing for systems with 32 bit long
Make curl_getdate() handle dates before 1970 as well (returning negative
values).

Make test 517 test dates for 64 bit time_t.

This fixes bug (3) mentioned in #2238

Closes #2250
2018-01-25 22:20:52 +01:00
e178fbd40a
SChannel/WinSSL: Implement public key pinning
Closes #1429
2018-01-25 22:14:39 +01:00
Daniel Stenberg
65ceb20dfd
test1454: --connect-to with IPv6 address w/o IPv6 support! 2018-01-23 08:01:29 +01:00
Daniel Stenberg
af32cd3859
http: prevent custom Authorization headers in redirects
... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how
curl already handles Authorization headers created internally.

Note: this changes behavior slightly, for the sake of reducing mistakes.

Added test 317 and 318 to verify.

Reported-by: Craig de Stigter
Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
2018-01-22 10:00:00 +01:00
Daniel Stenberg
993dd5651a
curl: progress bar refresh, get width using ioctl()
Get screen width from the environment variable COLUMNS first, if set. If
not, use ioctl(). If nether works, assume 79.

Closes #2242

The "refresh" is for the -# output when no total transfer size is
known. It will now only use a single updated line even for this case:

The "-=O=-" ship moves when data is transferred. The four flying
"hashes" move (on a sine wave) on each refresh, independent of data.
2018-01-22 08:29:37 +01:00
Daniel Stenberg
87ddeee59b
test558: fix for multissl builds
vtls.c:multissl_init() might do a curl_free() call so strip that out to
make this work with more builds. We just want to verify that
memorytracking works so skipping one line is no harm.
2018-01-18 22:21:33 +01:00
Daniel Stenberg
2c0c4dff08
unit1307: test many wildcards too 2018-01-17 11:14:57 +01:00
Daniel Stenberg
cb5accab9e
ftp-wildcard: fix matching an empty string with "*[^a]"
.... and avoid advancing the pointer to trigger an out of buffer read.

Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5251
Assisted-by: Max Dymond
2018-01-17 10:41:38 +01:00
Patrick Monnerat
e44ddfd477 mime: clone mime tree upon easy handle duplication.
A mime tree attached to an easy handle using CURLOPT_MIMEPOST is
strongly bound to the handle: there is a pointer to the easy handle in
each item of the mime tree and following the parent pointer list
of mime items ends in a dummy part stored within the handle.

Because of this binding, a mime tree cannot be shared between different
easy handles, thus it needs to be cloned upon easy handle duplication.

There is no way for the caller to get the duplicated mime tree
handle: it is then set to be automatically destroyed upon freeing the
new easy handle.

New test 654 checks proper mime structure duplication/release.

Add a warning note in curl_mime_data_cb() documentation about sharing
user data between duplicated handles.

Closes #2235
2018-01-14 19:43:12 +01:00
Daniel Stenberg
a06311be27
test395: HTTP with overflow Content-Length value 2018-01-13 22:49:31 +01:00
Daniel Stenberg
67595e7d23
test394: verify abort of rubbish in Content-Length: value 2018-01-13 22:49:31 +01:00
Daniel Stenberg
ac17d79473
test393: verify --max-filesize with excessive Content-Length 2018-01-13 22:49:31 +01:00
Daniel Stenberg
f68e672715
HTTP: bail out on negative Content-Length: values
... and make the max filesize check trigger if the value is too big.

Updates test 178.

Reported-by: Brad Spencer
Fixes #2212
Closes #2223
2018-01-13 22:49:04 +01:00
Jay Satiro
d4e40f0690 scripts: allow all perl scripts to be run directly
- Enable execute permission (chmod +x)

- Change interpreter to /usr/bin/env perl

Closes https://github.com/curl/curl/pull/2222
2018-01-07 15:42:11 -05:00
Jay Satiro
908a9a6742 build: remove HAVE_LIMITS_H check
.. because limits.h presence isn't optional, it's required by C89.

Ref: http://port70.net/~nsz/c/c89/c89-draft.html#2.2.4.2

Closes https://github.com/curl/curl/pull/2215
2018-01-05 23:34:30 -05:00
Michael Kaufmann
481539e902 test1554: improve the error handling 2017-12-30 16:52:51 +01:00
Michael Kaufmann
593dcc553a test1554: add global initialization and cleanup 2017-12-30 16:43:50 +01:00
Mikalai Ananenka
58d7cd28a0 brotli: data at the end of content can be lost
Decoding loop implementation did not concern the case when all
received data is consumed by Brotli decoder and the size of decoded
data internally hold by Brotli decoder is greater than CURL_MAX_WRITE_SIZE.
For content with unencoded length greater than CURL_MAX_WRITE_SIZE this
can result in the loss of data at the end of content.

Closes #2194
2017-12-27 13:00:54 +01:00
Patrick Monnerat
f009bbe1f6 curl_easy_reset: release mime-related data.
Move curl_mime_initpart() and curl_mime_cleanpart() calls to lower-level
functions dealing with UserDefined structure contents.
This avoids memory leakages on curl-generated part mime headers.
New test 2073 checks this using the cli tool --next option: it
triggers a valgrind error if bug is present.

Bug: https://curl.haxx.se/mail/lib-2017-12/0060.html
Reported-by: Martin Galvan
2017-12-20 19:33:50 +01:00
Patrick Monnerat
4acc9d3d1a content_encoding: rework zlib_inflate
- When zlib version is < 1.2.0.4, process gzip trailer before considering
extra data as an error.
- Inflate with Z_BLOCK instead of Z_SYNC_FLUSH to maximize correct data
and minimize corrupt data output.
- Do not try to restart deflate decompression in raw mode if output has
started or if the leading data is not available anymore.
- New test 232 checks inflating raw-deflated content.

Closes #2068
2017-12-20 16:02:42 +01:00
Daniel Stenberg
671f0b506c
Revert "curl: don't set CURLOPT_INTERLEAVEDATA"
This reverts commit 9ffad8eb13.

It was actually added rather recently in 8e8afa82cb due to a crash
that would otherwise happen in the RTSP code. As I don't think we've
fixed that behavior yet, we better keep this work-around until we have
fixed it better.
2017-12-11 00:00:17 +01:00
Michael Kaufmann
4b6f3cff7c tests: mark data files as non-executable in git 2017-12-10 22:36:42 +01:00
Michael Kaufmann
98c572ed3c tests: update .gitignore for libtests 2017-12-10 22:35:16 +01:00
Daniel Stenberg
e959f16c5f
multi_done: prune DNS cache
Prune the DNS cache immediately after the dns entry is unlocked in
multi_done. Timed out entries will then get discarded in a more orderly
fashion.

Test506 is updated

Reported-by: Oleg Pudeyev

Fixes #2169
Closes #2170
2017-12-10 14:51:47 +01:00
Daniel Stenberg
9ffad8eb13
curl: don't set CURLOPT_INTERLEAVEDATA
That data is only ever used by the CURLOPT_INTERLEAVEFUNCTION callback
and that option isn't set or used by the curl tool!

Updates the 9 tests that verify --libcurl

Closes #2167
2017-12-08 23:40:54 +01:00
Randall S. Becker
24dcd74667
tests: added netinet/in6.h includes in test servers 2017-12-06 00:20:21 +01:00
Daniel Stenberg
07cb27c98e
conncache: fix several lock issues
If the lock is released before the dealings with the bundle is over, it may
have changed by another thread in the mean time.

Fixes #2132
Fixes #2151
Closes #2139
2017-12-05 23:21:02 +01:00
Daniel Stenberg
615edc1f73
sasl_getmesssage: make sure we have a long enough string to pass
For pop3/imap/smtp, added test 891 to somewhat verify the pop3
case.

For this, I enhanced the pingpong test server to be able to send back
responses with LF-only instead of always using CRLF.

Closes #2150
2017-12-05 17:05:44 +01:00
Nikos Mavrogiannopoulos
b7f5345976
lib582: do not verify host for SFTP
This SFTP test fails with libssh back-end due to failure to verify
the peer. Disable peer verification in the test as there seems to
be the intention of the test.

Note that the libssh back-end automatically verifies the peer's
host using the default known_hosts file.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-12-01 17:40:14 +01:00
Nikos Mavrogiannopoulos
38aef6dc45
libssh2: return CURLE_UPLOAD_FAILED on failure to upload
This brings its in sync with the error code returned by the
libssh backend.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-12-01 17:35:15 +01:00
Nikos Mavrogiannopoulos
75427291e5
libssh2: send the correct CURLE error code on scp file not found
That also updates tests to expect the right error code

libssh2 back-end returns CURLE_SSH error if the remote file
is not found. Expect instead CURLE_REMOTE_FILE_NOT_FOUND
which is sent by the libssh backend.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2017-12-01 17:35:15 +01:00
Daniel Stenberg
0b664ba968
wildcardmatch: fix heap buffer overflow in setcharset
The code would previous read beyond the end of the pattern string if the
match pattern ends with an open bracket when the default pattern
matching function is used.

Detected by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161

CVE-2017-8817

Bug: https://curl.haxx.se/docs/adv_2017-ae72.html
2017-11-27 08:19:34 +01:00
Matthew Kerwin
3da4ebad30
test: add test for bad UNC/SMB path in file: URL 2017-11-24 23:13:16 +01:00
Matthew Kerwin
d7c103746c
test: add tests to ensure basic file: URLs 2017-11-24 23:13:16 +01:00
Michael Kaufmann
914f4ed279
test1264: verify URL with space in host name being rejected 2017-11-22 11:14:44 +01:00
Daniel Stenberg
fa939220df
url: reject ASCII control characters and space in host names
Host names like "127.0.0.1 moo" would otherwise be accepted by some
getaddrinfo() implementations.

Updated test 1034 and 1035 accordingly.

Fixes #2073
Closes #2092
2017-11-22 11:14:06 +01:00
Daniel Stenberg
715f1f53e0
resolve: allow IP address within [] brackets
... so that IPv6 addresses can be passed like they can for connect-to
and how they're used in URLs.

Added test 1324 to verify
Reported-by: Alex Malinovich

Fixes #2087
Closes #2091
2017-11-17 15:26:08 +01:00
Michael Kaufmann
ae7369b6d0 URL: return error on malformed URLs with junk after IPv6 bracket
Follow-up to aadb7c7. Verified by new test 1263.

Closes #2072
2017-11-14 18:20:56 +01:00
Daniel Stenberg
edd1f45c9f
test1554: verify connection cache sharing 2017-11-09 11:07:44 +01:00
Patrick Monnerat
11bf1796cd HTTP: implement Brotli content encoding
This uses the brotli external library (https://github.com/google/brotli).
Brotli becomes a feature: additional curl_version_info() bit and
structure fields are provided for it and CURLVERSION_NOW bumped.

Tests 314 and 315 check Brotli content unencoding with correct and
erroneous data.

Some tests are updated to accomodate with the now configuration dependent
parameters of the Accept-Encoding header.
2017-11-05 15:28:16 +01:00
Patrick Monnerat
dbcced8e32 HTTP: support multiple Content-Encodings
This is implemented as an output streaming stack of unencoders, the last
calling the client write procedure.

New test 230 checks this feature.

Bug: https://github.com/curl/curl/pull/2002
Reported-By: Daniel Bankhead
2017-11-05 15:09:48 +01:00
Daniel Stenberg
ee8016b3de curl: speed up handling of many URLs
By properly keeping track of the last entry in the list of URLs/uploads
to handle, curl now avoids many meaningless traverses of the list which
speeds up many-URL handling *MASSIVELY* (several magnitudes on 100K
URLs).

Added test 1291, to verify that it doesn't take ages - but we don't have
any detection of "too slow" command in the test suite.

Reported-by: arainchik on github
Fixes #1959
Closes #2052
2017-11-04 20:56:26 +01:00
Daniel Stenberg
90abb74ff0 curl: pass through [] in URLs instead of calling globbing error
Assisted-by: Per Lundberg
Fixes #2044
Closes #2046
Closes #2048
2017-11-04 10:23:27 +01:00
Dan Fandrich
591f5d18cf tests: Fixed torture tests on tests 556 and 650
Test cleanup after OOM wasn't being consistently performed.
2017-11-01 14:37:01 +01:00
Daniel Stenberg
25cb41d35d CURLOPT_MAXREDIRS: allow -1 as a value
... which is valid according to documentation. Regression since
f121575c0b.

Verified now in test 501.

Reported-by: cbartl on github
Fixes #2038
Closes #2039
2017-11-01 11:56:19 +01:00
Dan Fandrich
89116e3422 runtests.pl: Fixed typo in message 2017-10-30 16:56:42 +01:00
Patrick Monnerat
f82f952d2f cli tool: in -F option arg, comma is a delimiter for files only
Also upgrade test 1133 to cover this case and clarify man page about
form data quoting.

Bug: https://github.com/curl/curl/issues/2022
Reported-By: omau on github
2017-10-29 16:23:06 +01:00
Florin
f20cbac970
auth: Added test cases for RFC7616
Updated docs to include support for RFC7616

Signed-off-by: Florin <petriuc.florin@gmail.com>

Closes #1934
2017-10-28 16:33:09 +02:00
Daniel Stenberg
f0364f7e31
curl_fnmatch: return error on illegal wildcard pattern
... instead of doing an infinite loop!

Added test 1162 to verify.

Reported-by: Max Dymond
Fixes #2015
Closes #2017
2017-10-26 13:37:45 +02:00
Daniel Stenberg
5d543fe906 time: rename Curl_tvnow to Curl_now
... since the 'tv' stood for timeval and this function does not return a
timeval struct anymore.

Also, cleaned up the Curl_timediff*() functions to avoid typecasts and
clean up the descriptive comments.

Closes #2011
2017-10-25 18:48:05 +02:00
Daniel Stenberg
b9d25f9a6b timediff: return timediff_t from the time diff functions
... to cater for systems with unsigned time_t variables.

- Renamed the functions to curlx_timediff and Curl_timediff_us.

- Added overflow protection for both of them in either direction for
  both 32 bit and 64 bit time_ts

- Reprefixed the curlx_time functions to use Curl_*

Reported-by: Peter Piekarski
Fixes #2004
Closes #2005
2017-10-25 09:54:37 +02:00
Paul Howarth
016c6a6abb libtest: Add required test libraries for lib1552 and lib1553
They use $(TESTUTIL) and thus should use $(TESTUTIL_LIBS) too.

This fixes build failures on Fedora 13.

Closes #2006
2017-10-24 13:29:31 +02:00
Daniel Stenberg
769647e714
ftp: reject illegal IP/port in PASV 227 response
... by using range checks. Among other things, this avoids an undefined
behavior for a left shift that could happen on negative or very large
values.

Closes #1997

Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694
2017-10-20 15:06:25 +02:00
Patrick Monnerat
8351ab4510 test653: check reuse of easy handle after mime data change
See issue #1999
2017-10-20 14:01:14 +01:00
Patrick Monnerat
aeaa22de8e test308: disable if MultiSSL feature enabled
Even if OpenSSL is enabled, it might not be the default backend when
multi-ssl is enabled, causing the test to fail.
2017-10-19 20:16:05 +01:00
Patrick Monnerat
7363d5a928 runtests: support MultiSSL client feature 2017-10-19 20:15:21 +01:00
Patrick Monnerat
34def509ef test652: curl_mime_data + base64 encoder with large contents 2017-10-19 18:37:19 +01:00
Patrick Monnerat
a8742efe42 mime: limit bas64-encoded lines length to 76 characters 2017-10-19 18:33:27 +01:00
Daniel Stenberg
ed0b6b18f6
runtests: use valgrind for torture as well
NOTE: it makes them terribly slow. I recommend only using valgrind for
specific torture tests or using lots of patience.
2017-10-14 17:40:21 +02:00
Daniel Stenberg
ad164eceb3
memdebug: trace send, recv and socket
... to allow them to be included in torture tests too.

closes #1980
2017-10-14 17:40:12 +02:00
Daniel Stenberg
10a659dbf6
test651: curl_formadd with huge COPYCONTENTS 2017-10-13 07:55:47 +02:00
Patrick Monnerat
0401734dfd mime: keep "text/plain" content type if user-specified.
Include test cases in 554, 587, 650.

Fixes https://github.com/curl/curl/issues/1986
2017-10-12 19:36:16 +01:00
Patrick Monnerat
665b3e48bc cli tool: reimplement stdin buffering in -F option.
If stdin is not a regular file, its content is memory-buffered to enable
a possible data "rewind".
In all cases, stdin data size is determined before real use to avoid
having an unknown part's size.

--libcurl generated code is left as an unbuffered stdin fread/fseek callback
part with unknown data size.

Buffering is not supported in deprecated curl_formadd() API.
2017-10-12 14:25:59 +01:00
Daniel Stenberg
06bba26e37
test950; verify SMTP with custom request 2017-10-10 23:00:53 +02:00
Daniel Stenberg
b20df57326
ftpserver: support case insensitive commands 2017-10-10 23:00:52 +02:00
Daniel Stenberg
ecf21c551f
FTP: URL decode path for dir listing in nocwd mode
Reported-by: Zenju on github

Test 244 added to verify
Fixes #1974
Closes #1976
2017-10-10 15:02:38 +02:00
Daniel Stenberg
00fb811e2b
test298: verify --ftp-method nowcwd with URL encoded path
Ref: #1974
2017-10-09 22:50:40 +02:00
Kristiyan Tsaklev
c95c92da75
curl: don't pass semicolons when parsing Content-Disposition
Test 1422 updated to verify.

Closes #1964
2017-10-09 10:37:27 +02:00
Daniel Stenberg
232dffcf24
RTSP: avoid integer overflow on funny RTSP response
... like a very large non-existing RTSP version number.

Added test 577 to verify.

Detected by OSS-fuzz.
Closes #1969
2017-10-09 00:41:48 +02:00
Patrick Monnerat
eb04636d68 ftpserver: properly reset $ftptargetdir. 2017-10-08 19:29:44 +01:00
Patrick Monnerat
70c3ed48ac test643: verify curl_mime_subparts() rejects cyclic additions. 2017-10-08 19:05:59 +01:00
Daniel Stenberg
b2df2d47e5
Revert "multi_done: wait for name resolve to finish if still ongoing"
This reverts commit f3e03f6c0a.

Caused memory leaks in the fuzzer, needs to be done differently.

Disable test 1553 for now too, as it causes memory leaks without this
commit!
2017-10-08 00:55:10 +02:00
Daniel Stenberg
5b54df06d2
pingpong: return error when trying to send without connection
When imap_done() got called before a connection is setup, it would try
to "finish up" and dereffed a NULL pointer.

Test case 1553 managed to reproduce. I had to actually use a host name
to try to resolve to slow it down, as using the normal local server IP
will make libcurl get a connection in the first curl_multi_perform()
loop and then the bug doesn't trigger.

Fixes #1953
Assisted-by: Max Dymond
2017-10-07 00:20:31 +02:00
Dan Fandrich
0af5ac27c3 tests: added flaky keyword to tests 587 and 644
These are around 5% flaky in my Linux x86 autobuilds.
2017-10-06 23:04:40 +02:00
Daniel Stenberg
7f1140c8bf
multi_cleanup: call DONE on handles that never got that
... fixes a memory leak with at least IMAP when remove_handle is never
called and the transfer is abruptly just abandoned early.

Test 1552 added to verify

Detected by OSS-fuzz
Assisted-by: Max Dymond
Closes #1954
2017-10-06 16:48:39 +02:00
Max Dymond
4f38db1d28
fuzzer: move to using external curl-fuzzer
Use the external curl-fuzzer repository for fuzzing.

Closes #1923
2017-10-04 15:33:36 +02:00
Daniel Stenberg
2322891330
test1153: verify quoted double-qoutes in PWD response 2017-10-02 07:50:18 +02:00
Daniel Stenberg
5ff2c5ff25
FTP: zero terminate the entry path even on bad input
... a single double quote could leave the entry path buffer without a zero
terminating byte. CVE-2017-1000254

Test 1152 added to verify.

Reported-by: Max Dymond
Bug: https://curl.haxx.se/docs/adv_20171004.html
2017-10-02 07:50:17 +02:00
Daniel Stenberg
8392a0cf61
cookie: fix memory leak if path was set twice in header
... this will let the second occurance override the first.

Added test 1161 to verify.

Reported-by: Max Dymond
Fixes #1932
Closes #1933
2017-09-30 23:40:50 +02:00
Dan Fandrich
cecffff561 test650: Use variable replacement to set the host address and port
Otherwise, the test fails when the -b test option is used to set a
different test port range.
2017-09-30 02:10:54 +02:00
Dan Fandrich
df7839b68c Set and use more necessary options when some protocols are disabled
When curl and libcurl are built with some protocols disabled, they stop
setting and receiving some options that don't make sense with those
protocols.  In particular, when HTTP is disabled many options aren't set
that are used only by HTTP.  However, some options that appear to be
HTTP-only are actually used by other protocols as well (some despite
having HTTP in the name) and should be set, but weren't. This change now
causes some of these options to be set and used for more (or for all)
protocols. In particular, this fixes tests 646 through 649 in an
HTTP-disabled build, which use the MIME API in the mail protocols.
2017-09-30 02:10:54 +02:00
Daniel Stenberg
a352e21c0b
test1160: verifies cookie leak for large cookies
The fix done in 20ea22ff73
2017-09-29 12:06:57 +02:00
Michael Kaufmann
eac324f284 http: add custom empty headers to repeated requests
Closes #1920
2017-09-28 21:25:22 +02:00
Michael Kaufmann
d8ab5dc50e tests: adjust .gitignore for new tests 2017-09-24 13:31:17 +02:00
Michael Kaufmann
b6a90bca33 tests: fix a compiler warning in test 643 2017-09-23 14:49:59 +02:00
Daniel Stenberg
3b05f79ef8
imap: quote atoms properly when escaping characters
Updates test 800 to verify

Fixes #1902
Closes #1903
2017-09-22 14:43:37 +02:00
Daniel Stenberg
a4db3f7046
tests: make the imap server not verify user+password
... as the test cases themselves do that and it makes it easier to add
crazy test cases.

Test 800 updated to use user name + password that need quoting.

Test 856 updated to trigger an auth fail differently.

Ref: #1902
2017-09-22 14:43:33 +02:00
Patrick Monnerat
ee56fdb691 form/mime: field names are not allowed to contain zero-valued bytes.
Also suppress length argument of curl_mime_name() (names are always
zero-terminated).
2017-09-22 01:08:29 +01:00
Pavel P
5fe85587cc
cookies: use lock when using CURLINFO_COOKIELIST
Closes #1896
2017-09-19 23:48:48 +02:00
Max Dymond
c73ebb8537
ossfuzz: changes before merging the generated corpora
Before merging in the oss-fuzz corpora from Google, there are some changes
to the fuzzer.
- Add a read corpus script, to display corpus files nicely.
- Change the behaviour of the fuzzer so that TLV parse failures all now
  go down the same execution paths, which should reduce the size of the
  corpora.
- Make unknown TLVs a failure to parse, which should decrease the size
  of the corpora as well.

Closes #1881
2017-09-18 23:23:13 +02:00
Max Dymond
e239eda39e
ossfuzz: don't write out to stdout
Don't make the fuzzer write out to stdout - instead write some of the
contents to a memory block so we exercise the data output code but
quietly.

Closes #1885
2017-09-18 22:58:39 +02:00
Daniel Stenberg
2bc230de63
cookies: reject oversized cookies
... instead of truncating them.

There's no fixed limit for acceptable cookie names in RFC 6265, but the
entire cookie is said to be less than 4096 bytes (section 6.1). This is
also what browsers seem to implement.

We now allow max 5000 bytes cookie header. Max 4095 bytes length per
cookie name and value. Name + value together may not exceed 4096 bytes.

Added test 1151 to verify

Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html
Reported-by: Kevin Smith

Closes #1894
2017-09-18 22:55:50 +02:00
Daniel Stenberg
452c906dfd
server/getpart: provide dummy function to build conversion enabled 2017-09-15 16:57:59 +02:00
Isaac Boukris
56d949d31a
tests: add initial gssapi test using stub implementation
The stub implementation is pre-loaded using LD_PRELOAD
and emulates common gssapi uses (only builds if curl is
initially built with gssapi support).

The initial tests are currently disabled for debug builds
as LD_PRELOAD is not used then.

Ref: https://github.com/curl/curl/pull/1687
2017-09-15 14:09:08 +02:00
Daniel Stenberg
65872efea7
test1150: verify same host fetch using different ports over proxy
Closes #1889
2017-09-15 08:13:37 +02:00
Daniel Stenberg
20acb58a38
code style: use space after semicolon 2017-09-12 09:50:24 +02:00
Daniel Stenberg
e5743f08e7
code style: use spaces around pluses 2017-09-11 09:29:50 +02:00
Daniel Stenberg
6b84438d9a
code style: use spaces around equals signs 2017-09-11 09:29:50 +02:00
Daniel Stenberg
a14f7152ce
rtsp: do not call fwrite() with NULL pointer FILE *
If the default write callback is used and no destination has been set, a
NULL pointer would be passed to fwrite()'s 4th argument.

OSS-fuzz bug https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3327
(not publicly open yet)

Detected by OSS-fuzz
Closes #1874
2017-09-08 23:56:02 +02:00
Max Dymond
261da2a668 ossfuzz: add some more handled CURL options
Add support for HEADER, COOKIE, RANGE, CUSTOMREQUEST, MAIL_RECIPIENT,
MAIL_FROM and uploading data.
2017-09-08 15:00:55 +02:00
Patrick Monnerat
3620e569b3 form API: add new test 650.
Now that the form API is deprecated and not used anymore in curl tool,
a lot of its features left untested. Test 650 attempts to check all these
features not tested elsewhere.
2017-09-07 19:11:02 +01:00
Patrick Monnerat
63ef436ea1 mime: implement encoders.
curl_mime_encoder() is operational and documented.
curl tool -F option is extended with ";encoder=".
curl tool --libcurl option generates calls to curl_mime_encoder().
New encoder tests 648 & 649.
Test 1404 extended with an encoder specification.
2017-09-05 17:55:51 +01:00
Patrick Monnerat
3bbe894fd2 runtests.pl: support attribute "nonewline" in part verify/upload. 2017-09-05 17:33:16 +01:00
Daniel Stenberg
328ce03d53 fixup data/test1135 2017-09-05 17:33:16 +01:00
Daniel Stenberg
3130414ce7
http-proxy: treat all 2xx as CONNECT success
Added test 1904 to verify.

Reported-by: Lawrence Wagerfield
Fixes #1859
Closes #1860
2017-09-05 09:47:46 +02:00
Daniel Stenberg
4ed618c023
test1135: fixed after bd8070085f 2017-09-04 11:44:42 +02:00
Patrick Monnerat
1ab9e9b50a lib: bump version info (soname). Adapt and reenable test 1135. 2017-09-04 00:35:53 +01:00
Patrick Monnerat
7e36b30da8 mime: fix signed/unsigned conversions.
Use and generate CURL_ZERO_TERMINATED in curl tool and tests.
2017-09-03 17:51:18 +01:00
Patrick Monnerat
1a3f4c1991 mime: remove support "-" stdin pseudo-file name in curl_mime_filedata().
This feature is badly supported in Windows: as a replacement, a caller has
to use curl_mime_data_cb() with fread, fseek and possibly fclose
callbacks to process opened files.

The cli tool and documentation are updated accordingly.

The feature is however kept internally for form API compatibility, with
the known caveats it always had.

As a side effect, stdin size is not determined by the cli tool even if
possible and this results in a chunked transfer encoding. Test 173 is
updated accordingly.
2017-09-03 14:45:43 +01:00
Patrick Monnerat
3baf36edf6 mime: tests and examples.
Additional mime-specific tests.
Existing tests updated to reflect small differences (Expect: 100-continue,
data size change due to empty lines, etc).
Option -F headers= keyword added to tests.
test1135 disabled until the entry point order change is resolved.
New example smtp-mime.
Examples postit2 and multi-post converted from form API to mime API.
2017-09-02 19:08:45 +01:00
Patrick Monnerat
ce0881edee mime: new MIME API.
Available in HTTP, SMTP and IMAP.
Deprecates the FORM API.
See CURLOPT_MIMEPOST.
Lib code and associated documentation.
2017-09-02 17:47:10 +01:00
Patrick Monnerat
5bae72734b test564: Add a warning comment about shell profile output.
Shell profile output makes the SSH server failing and this problem reason
is not easy to find when no hint is given.
2017-09-02 13:01:15 +01:00
Patrick Monnerat
989e4d4a31 runtests.pl: allow <file[1-4]> tags in client section.
This enables tests to create more than one file on the client side.
2017-09-02 12:57:13 +01:00
Patrick Monnerat
f0cda34145 runtests.pl: Apply strippart to upload too.
This will allow substitution of boundaries in mail messages.
2017-09-02 12:55:28 +01:00
Max Dymond
57001ce3bb ossfuzz: Move to C++ for curl_fuzzer.
Automake gets confused if you want to use C++ static libraries with C
code - basically we need to involve the clang++ linker. The easiest way
of achieving this is to rename the C code as C++ code. This gets us a
bit further along the path and ought to be compatible with Google's
version of clang.
2017-09-02 11:07:55 +02:00
Max Dymond
1cf323ec4e
ossfuzz: additional seed corpora
Create simple seed corpora for:
- FTP
- telnet
- dict
- tftp
- imap
- pop3

based off the tests of the same number.

Closes #1842
2017-09-01 11:23:07 +02:00
Max Dymond
efeb4a3176
ossfuzz: moving towards the ideal integration
- Start with the basic code from the ossfuzz project.
- Rewrite fuzz corpora to be binary files full of Type-Length-Value
  data, and write a glue layer in the fuzzing function to convert
  corpora into CURL options.
- Have supporting functions to generate corpora from existing tests
- Integrate with Makefile.am
2017-09-01 11:22:51 +02:00
Daniel Stenberg
529f056809
unit1301: fix error message on first test 2017-08-31 11:37:13 +02:00
Dan Fandrich
82604c5007 unit1606: Fixed shadowed variable warning 2017-08-28 23:55:55 +02:00
Johannes Schindelin
1328f69d53
vtls: introduce curl_global_sslset()
Let's add a compile time safe API to select an SSL backend. This
function needs to be called *before* curl_global_init(), and can be
called only once.

Side note: we do not explicitly test that it is called before
curl_global_init(), but we do verify that it is not called multiple times
(even implicitly).

If SSL is used before the function was called, it will use whatever the
CURL_SSL_BACKEND environment variable says (or default to the first
available SSL backend), and if a subsequent call to
curl_global_sslset() disagrees with the previous choice, it will fail
with CURLSSLSET_TOO_LATE.

The function also accepts an "avail" parameter to point to a (read-only)
NULL-terminated list of available backends. This comes in real handy if
an application wants to let the user choose between whatever SSL backends
the currently available libcurl has to offer: simply call

	curl_global_sslset(-1, NULL, &avail);

which will return CURLSSLSET_UNKNOWN_BACKEND and populate the avail
variable to point to the relevant information to present to the user.

Just like with the HTTP/2 push functions, we have to add the function
declaration of curl_global_sslset() function to the header file
*multi.h* because VMS and OS/400 require a stable order of functions
declared in include/curl/*.h (where the header files are sorted
alphabetically). This looks a bit funny, but it cannot be helped.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-08-28 14:56:59 +02:00
Dan Fandrich
d7d0c9d953 tests: Make sure libtests & unittests call curl_global_cleanup()
These were missed in commit c468c27b.
2017-08-26 22:01:42 +02:00
Daniel Stenberg
3e1245504b
fuzz/Makefile.am: remove curlbuild.h leftovers 2017-08-25 11:01:07 +02:00
Daniel Stenberg
befaa7b14f
imap: support PREAUTH
It is a defined possible greeting at server startup that means the
connection is already authenticated. See
https://tools.ietf.org/html/rfc3501#section-7.1.4

Test 846 added to verify.

Fixes #1818
Closes #1820
2017-08-23 23:58:49 +02:00
Dan Fandrich
78a6d917c5 test1453: Fixed <features> 2017-08-23 09:03:13 +02:00
Even Rouault
16c71fafb9
tftp: fix memory leak on too long filename
Fixes

$ valgrind --leak-check=full ~/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz

==9752== Memcheck, a memory error detector
==9752== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==9752== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==9752== Command: /home/even/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz
==9752==
curl: (71) TFTP file name too long

==9752==
==9752== HEAP SUMMARY:
==9752== 505 bytes in 1 blocks are definitely lost in loss record 11 of 11
==9752==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9752==    by 0x4E61CED: Curl_urldecode (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E75868: tftp_state_machine (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E761B6: tftp_do (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E711B6: multi_runsingle (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E71D00: curl_multi_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E6950D: curl_easy_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x40E0B7: operate_do (in /home/even/install-curl-git/bin/curl)
==9752==    by 0x40E849: operate (in /home/even/install-curl-git/bin/curl)
==9752==    by 0x402693: main (in /home/even/install-curl-git/bin/curl)

Fixes https://oss-fuzz.com/v2/testcase-detail/5232311106797568
Credit to OSS Fuzz

Closes #1808
2017-08-19 23:26:30 +02:00
Dan Fandrich
b9e22e9575 runtests: fixed case insensitive matching of keywords
Commit 5c2aac71 didn't work in the case of mixed-case keywords given on
the command-line.
2017-08-19 22:07:15 +02:00
Dan Fandrich
c468c27b5a tests: Make sure libtests call curl_global_cleanup()
This ensures that global data allocations are freed so Valgrind stays
happy. This was a problem with at least PolarSSL and mbedTLS.
2017-08-19 21:42:47 +02:00
Daniel Stenberg
ab2ef24d5d
lib557: no longer use CURL_SIZEOF_* defines 2017-08-17 10:27:00 +02:00
Daniel Stenberg
c95eff4a11
ftp: fix CWD when doing multicwd then nocwd on same connection
Fixes #1782
Closes #1787
Reported-by: Peter Lamare
2017-08-17 10:08:11 +02:00
Viktor Szakats
b7b4dc0d49 ssh: add the ability to enable compression (for SCP/SFTP)
The required low-level logic was already available as part of
`libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1]
option.)

This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION`
(boolean) and the new `curl` command-line option `--compressed-ssh`
to request this `libssh2` feature. To have compression enabled, it
is required that the SSH server supports a (zlib) compatible
compression method and that `libssh2` was built with `zlib` support
enabled.

[1] https://www.libssh2.org/libssh2_session_flag.html

Ref: https://github.com/curl/curl/issues/1732
Closes https://github.com/curl/curl/pull/1735
2017-08-17 03:32:00 -04:00
Ryan Winograd
43d036e724
progress: Track total times following redirects
Update the progress timers `t_nslookup`, `t_connect`, `t_appconnect`,
`t_pretransfer`, and `t_starttransfer` to track the total times for
these activities when a redirect is followed. Previously, only the times
for the most recent request would be tracked.

Related changes:

  - Rename `Curl_pgrsResetTimesSizes` to `Curl_pgrsResetTransferSizes`
    now that the function only resets transfer sizes and no longer
    modifies any of the progress timers.

  - Add a bool to the `Progress` struct that is used to prevent
    double-counting `t_starttransfer` times.

Added test case 1399.

Fixes #522 and Known Bug 1.8
Closes #1602
Reported-by: joshhe on github
2017-08-15 18:58:31 +02:00
Daniel Stenberg
91c46dc44e
test1449: FTP download range with an too large size 2017-08-14 23:33:53 +02:00
Daniel Stenberg
5c2aac7162
runtests: match keywords case insensitively 2017-08-14 23:05:11 +02:00
Daniel Stenberg
6bde13a531
test1448: verify redirect to IDN using URL
Closes #1772
2017-08-13 00:04:27 +02:00
Daniel Stenberg
47e4a6fa1c
test2032: mark as flaky (again) 2017-08-13 00:00:39 +02:00
Dan Fandrich
2747aec348 test1447: require a curl with http support 2017-08-12 12:53:14 +02:00
Daniel Stenberg
be2a4c1784
test2033: this went flaky again
Suspicion: when we enabled the threaded resolver by default.
2017-08-11 23:53:47 +02:00
Daniel Stenberg
77cd4e7693
test1447: verifies the parse proxy fix in 6e0e152ce5 2017-08-11 11:58:34 +02:00
Adam Sampson
7e949de1d2
dist: Add dictserver.py/negtelnetserver.py to EXTRA_DIST
These weren't included in the 7.55.0 release, but are required in order
to run the full test suite.

Closes #1744
2017-08-09 23:55:14 +02:00
Viktor Szakats
13ef623a81
docs/comments: Update to secure URL versions
Closes #1741
2017-08-08 21:41:07 +02:00
Daniel Stenberg
581011a3d2 test1427: verify command line parser integer overflow detection 2017-08-07 09:38:57 +02:00
Daniel Stenberg
453e7a7a03 glob: do not continue parsing after a strtoul() overflow range
Added test 1289 to verify.

CVE-2017-1000101

Bug: https://curl.haxx.se/docs/adv_20170809A.html
Reported-by: Brian Carpenter
2017-08-07 09:24:30 +02:00
Daniel Stenberg
561e9217c7 test1010: verify that #1718 is fixed
... by doing two transfers in nocwd mode and check that there's no
superfluous CWD command.
2017-08-04 10:01:23 +02:00
Daniel Stenberg
58752b78c7 test130: verify comments in .netrc 2017-08-03 10:04:16 +02:00
Marcel Raad
866e02935d
CMake: set MSVC warning level to 4
The MSVC warning level defaults to 3 in CMake. Change it to 4, which is
consistent with the Visual Studio and NMake builds. Disable level 4
warning C4127 for the library and additionally C4306 for the test
servers to get a clean CURL_WERROR build as that warning is raised in
some macros in older Visual Studio versions.

Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794
Closes https://github.com/curl/curl/pull/1711
2017-08-03 08:39:23 +02:00
Daniel Stenberg
920f777fc8 tests/server/util: fix curltime mistake from 4dee50b9c8 2017-08-02 11:53:27 +02:00
Daniel Stenberg
909283ae5a http: fix response code parser to avoid integer overflow
test 1429 and 1433 were updated to work with the stricter HTTP status line
parser.

Closes #1714
Reported-by: Brian Carpenter
2017-07-31 18:37:43 +02:00
Daniel Stenberg
0018221532 test1323: verify curlx_tvdiff 2017-07-28 15:51:36 +02:00
Daniel Stenberg
4dee50b9c8 timeval: struct curltime is a struct timeval replacement
... to make all libcurl internals able to use the same data types for
the struct members. The timeval struct differs subtly on several
platforms so it makes it cumbersome to use everywhere.

Ref: #1652
Closes #1693
2017-07-28 15:51:25 +02:00
Marcel Raad
da6aa3f763
tests/server/resolve.c: fix deprecation warning
MSVC warns that gethostbyname is deprecated. Always use getaddrinfo
instead to fix this when IPv6 is enabled, also for IPv4 resolves. This
is also consistent with what libcurl does.

Closes https://github.com/curl/curl/pull/1682
2017-07-18 10:23:47 +02:00
Marcel Raad
38faf041cf
rtspd: fix GCC warning after MSVC warning fix
Older GCC warns:
/tests/server/rtspd.c:1194:10: warning: missing braces around
initializer [-Wmissing-braces]

Fix this by using memset instead of an initializer.
2017-07-16 15:16:46 +02:00
Marcel Raad
fb3b0f25ef
libtest: fix MSVC warning C4706
With warning level 4, MSVC warns about assignments within conditional
expressions. Change the while loop to a do-while loop to fix this. This
change is also consistent with CODE_STYLE.md.
2017-07-16 14:02:59 +02:00
Marcel Raad
0bdb811250
sockfilt: suppress conversion warning with explicit cast
MSVC warns when implicitly casting -1 to unsigned long.
2017-07-16 13:28:45 +02:00
Marcel Raad
70cbefeb5f
rtspd: fix MSVC level 4 warning
warning C4701: potentially uninitialized local variable 'req' used
2017-07-16 13:26:21 +02:00
Jay Satiro
c5e87fdb7a strerror: Preserve Windows error code in some functions
This is a follow-up to af02162 which removed (SET_)ERRNO macros. That
commit was an earlier draft that I committed by mistake, which was then
remedied by a5834e5 and e909de6, and now this commit. With this commit
there is now no difference between the current code and the changes that
were approved in the final draft.

Thanks-to: Max Dymond, Marcel Raad, Daniel Stenberg, Gisle Vanem
Ref: https://github.com/curl/curl/pull/1589
2017-07-11 01:53:23 -04:00
Max Dymond
e909de65b9
tests: Fix up issues with errno in test files
Closes https://github.com/curl/curl/pull/1671
2017-07-10 16:19:23 +02:00
Daniel Stenberg
be2c999b80 valgrind.supp: supress OpenSSL false positive seen on travis 2017-07-07 16:58:08 +02:00
Max Dymond
06a6feba9d test1452: add telnet negotiation
Add a basic telnet server for negotiating some telnet options before
echoing back any data that's sent to it.

Closes #1645
2017-07-07 11:00:26 +02:00
Daniel Stenberg
23b828b78b test506: skip if threaded-resolver 2017-07-06 11:49:50 +02:00
Daniel Stenberg
759efe7b51 runtests: support "threaded-resolver" as a feature
... to let tests require it or skip if present
2017-07-06 11:49:50 +02:00
Daniel Stenberg
7121a994dd dist: add SMB python deps into the tarball 2017-07-04 10:46:41 +02:00
Max Dymond
a6f8d27efc test1451: add SMB support to the testbed
Add test 1451 which does some very basic SMB testing using the impacket
SMB server.

Closes #1630
2017-07-04 10:41:58 +02:00
Max Dymond
f1609155d5 test: add impacket for SMB testing
Import impacket 0.9.15 for use in SMB testing. This was generated by
doing "pip2.7 install -t . impacket"

Unnecessary files for current testing were deleted.
2017-07-04 10:36:06 +02:00
Daniel Stenberg
b3786f61dc url: make the original string get used on subsequent transfers
... since CURLOPT_URL should follow the same rules as other options:
they remain set until changed or cleared.

Added test 1551 to verify.

Fixes #1631
Closes #1632
Reported-by: Pavel Rochnyak
2017-07-03 23:52:10 +02:00
Ryan Winograd
3a48a13268 unit1399: fix integer overflow
Bug: #1616
Closes #1633
2017-07-03 08:09:02 +02:00
Daniel Stenberg
8d2b1de284 unit1399: add logging to time comparison
... to enable tracking down why autobuilds fail on this

Bug: #1616
2017-07-01 16:41:29 +02:00
Max Dymond
0362c77841 test1450: fix up DICT server in torture mode
As per https://github.com/curl/curl/pull/1615, the DICT server is a
little spammy in torture mode due to the sockets being torn down
unexpectedly. Fix this by adding some error handling to the handling
function.

Closes #1629
2017-06-30 14:58:06 +02:00
Max Dymond
9b387034ab test1450: add simple testing for DICT
Add a new server which provides a DICT interface. This is intended to
begin coverage testing for lib/dict.c

Closes #1615
2017-06-30 11:34:05 +02:00
Dan Fandrich
77970f484d test1521: fix out-of-tree builds, broken with 467da3af
The test.h file is no longer in the same directory as the source file,
so that directory needs to be added to the include path.

Fixes #1627
Closes #1628
2017-06-30 10:51:20 +02:00
Ryan Winograd
f8f040e659 progress: prevent resetting t_starttransfer
Prevent `Curl_pgrsTime` from modifying `t_starttransfer` when invoked
with `TIMER_STARTTRANSFER` more than once during a single request.

When a redirect occurs, this is considered a new request and
`t_starttransfer` can be updated to reflect the `t_starttransfer` time
of the redirect request.

Closes #1616

Bug: https://github.com/curl/curl/pull/1602#issuecomment-310267370
2017-06-30 09:05:53 +02:00
Daniel Stenberg
467da3af0b libtest/make: generate lib1521.c
... instead of having the generated code checked in. This saves space in
the tarball but primarily automatically adapts to newly added options.

Closes #1614
2017-06-27 17:27:25 +02:00
Dan Fandrich
bec809cb2e test1537: fixed memory leak on OOM 2017-06-25 22:59:55 +02:00
Marcel Raad
e8a4da67f5
test1521: fix compiler warnings
The integer literal 3123123123 doesn't fit into a 32-bit signed
integer, so GCC with 32-bit long warns in C90 mode:
this decimal constant is unsigned only in ISO C90 [enabled by default]
Fix this by using ULONG_MAX, which should fit in any curl_off_t and has
the correct suffix to not issue any warnings.
Also adds the missing CURLOPT_REQUEST_TARGET from commit
9b167fd090.

Closes https://github.com/curl/curl/pull/1611
2017-06-25 13:46:51 +02:00
Daniel Stenberg
2647ad2fe6 libtest/Makefile: remove unused lib1541 variables 2017-06-23 00:14:49 +02:00
Daniel Stenberg
9b167fd090 --request-target: instead of --strip-path-slash
... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH.

This option instead provides the full "alternative" target to use in the
request, instead of extracting the path from the URL.

Test 1298 and 1299 updated accordingly.

Idea-by: Evert Pot
Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373

Closes #1593
2017-06-21 23:39:10 +02:00
Marcel Raad
8de8f4eb7e
lib1521: fix missing-variable-declarations clang warnings
Declare TU-local variables static.
2017-06-21 18:11:11 +02:00
Daniel Stenberg
b778ae4c5e http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASH
... to enable sending "OPTIONS *" which wasn't possible previously.

This option currently only works for HTTP.

Added test cases 1298 + 1299 to verify

Fixes #1280
Closes #1462
2017-06-19 16:39:22 +02:00
Daniel Stenberg
176ec51382 test1521: test getinfo's OFF_T types too
Closes #1588
2017-06-19 14:01:55 +02:00
Daniel Stenberg
0bd12d1970 lib1521: add curl_easy_getinfo calls to the test set
Also added return value checks to make sure no unexpected return codes
are used.
2017-06-19 14:01:51 +02:00
Daniel Stenberg
6208547002 PIPELINING_SERVER_BL: cleanup the internal list use
The list was freed incorrectly since the llist refactor of
cbae73e1dd. Added test 1550 to verify that it works and avoid future
regressions.

Reported-by: Pascal Terjan

Fixes #1584
Closes #1585
2017-06-19 09:14:49 +02:00
Daniel Stenberg
5385450afd curl: prevent binary output spewed to terminal
... unless "--output -" is used. Binary detection is done by simply
checking for a binary zero in early data.

Added test 1425 1426 to verify.

Closes #1512
2017-06-16 23:38:13 +02:00
Daniel Stenberg
01811b6740 http-proxy: fix chunked-encoded CONNECT responses
Regression since 5113ad0424.

... and remove 'flaky' from test 1061 again

Closes #1579
2017-06-16 21:56:56 +02:00
Daniel Stenberg
12ccaed2a5 http-proxy: deal with EAGAIN
... the previous code would reset the header length wrongly (since
5113ad0424). This makes test 1060 reliable again.

Also: make sws send even smaller chunks of data to increase the
likeliness of this happening.
2017-06-16 17:22:32 +02:00
Daniel Stenberg
e9422bc193 libtest/libntlmconnect: fix compiler warnings from f94fcdb 2017-06-16 12:18:32 +02:00
Daniel Stenberg
f94fcdba6e tests: stabilize test 2032 and 2033
Both these tests run the same underlying test code: libntlmconnect.c -
this test code made some assumptions about socket ordering when it used
curl_easy_fdset() and when we changed timing or got accidental changes
in libcurl the tests would fail.

The tests verify that the different transfers keep using the same
connections, which I now instead made sure by adding the number of bytes
each transfer gets and then verifies that they always get the same
amount as when these tests worked.

Closes #1576
2017-06-16 11:43:26 +02:00
Daniel Stenberg
de4c747544 test1148: verify the -# progressbar
Closes #1569
2017-06-16 09:45:26 +02:00
Daniel Stenberg
6c218252df test1061: mark as flaky
Fails intermittently on travis builds since a few days. Likely due to
5113ad0424.
2017-06-16 09:17:57 +02:00
Daniel Stenberg
615326fd99 dist: add the fuzz dir to the tarball 2017-06-16 00:16:57 +02:00
Daniel Stenberg
7e8247c467 fuzz/README: document how to build
Fixes #1476
2017-06-15 22:12:12 +02:00
Frederik B
fd3aa8da0a fuzz: corpora file structure, initial commit 2017-06-15 22:11:40 +02:00
Frederik B
b9ead67e12 fuzz: bring oss-fuzz initial code converted to C89 2017-06-15 22:11:30 +02:00
Daniel Stenberg
1c32b6e913 test1147: verify -H on a file 2017-06-15 11:09:48 +02:00
Daniel Stenberg
5113ad0424 http-proxy: do the HTTP CONNECT process entirely non-blocking
Mentioned as a problem since 2007 (8f87c15bda) and of course it
existed even before that.

Closes #1547
2017-06-14 23:43:52 +02:00
Daniel Stenberg
73a2fcea0b includes: remove curl/curlbuild.h and curl/curlrules.h
Rely entirely on curl/system.h now.

Introduced in Aug 2008 with commit 14240e9e10. Now gone.

Fixes #1456
2017-06-14 11:07:33 +02:00
Dan Fandrich
49ff939034 mk-lib1521.pl: updated to match the test changes in 916ec30a 2017-06-13 22:04:53 +02:00
Dan Fandrich
916ec30a92 test1521: fixed OOM handling 2017-06-11 11:49:31 +02:00
Daniel Stenberg
b94a2cdfe6 lib1521: fix compiler warnings on the use of bad 'long' values
Reported-by: Marcel Raad
Bug: cccac4fb2b (commitcomment-22453387)
2017-06-09 01:02:12 +02:00
Daniel Stenberg
de0adda78c lib1521: fix compiler warnings 2017-06-06 00:21:38 +02:00
Daniel Stenberg
798b2e1964 test1521: make the code < 80 columns wide 2017-06-05 15:21:26 +02:00
Daniel Stenberg
38125e7f7e test1121: use stricter types to work with typcheck-gcc 2017-06-05 14:56:32 +02:00
Daniel Stenberg
cccac4fb2b test1521: test *all* curl_easy_setopt options
mk-lib1521.pl generates a test program (lib1521.c) that calls
curl_easy_setopt() for every known option with a few typical values to
make sure they work (ignoring the return codes).

Some small changes were necessary to avoid asserts and NULL accesses
when doing this.

The perl script needs to be manually rerun when we add new options.

Closes #1543
2017-06-05 14:25:18 +02:00
Dan Fandrich
b95a07ea59 test1538: added "verbose logs" keyword
These error messages are not displayed with --disable-verbose
2017-06-05 11:26:39 +02:00
Daniel Stenberg
1573ebee8a test1262: verify ftp download with -z for "if older than this" 2017-06-05 10:33:51 +02:00
Marcel Raad
a1b275a41e
libtest: fix int-in-bool-context warnings
GCC 7 complained:
‘*’ in boolean context, suggest ‘&&’ instead [-Wint-in-bool-context]
2017-06-03 20:18:34 +02:00
Marcel Raad
0932573e7c
libtest: fix implicit-fallthrough warnings with GCC 7 2017-06-03 20:12:23 +02:00
Daniel Stenberg
cfd3e8f399 dedotdot: fixed output for ".." and "." only input
Found when updating test 1395, which I did to increase test coverage of
this source file...

Closes #1535
2017-06-03 00:11:51 +02:00
Daniel Stenberg
61d4870dc9 test1538: fix typo 2017-06-02 15:52:59 +02:00
Daniel Stenberg
cef9c9e782 test1538: verify the libcurl strerror API calls 2017-06-02 13:52:55 +02:00
Daniel Stenberg
9b2dfe88bb test1537: dedicated tests of the URL (un)escape API calls
Closes #1530
2017-06-02 13:16:18 +02:00
Daniel Stenberg
b5e143e7a5 coverage: run event tests too
... the torture ones are commented out only because they are slooooow.
2017-06-02 13:15:06 +02:00
Daniel Stenberg
f6e0f4556e build: provide easy code coverage measuring
Closes #1528
2017-06-02 13:15:06 +02:00
Marcel Raad
45cecfbd33
lib583: fix compiler warning
Use CURLMcode for variable 'res' and cast to int where necessary
instead of the other way around. Other tests do the same.

This fixes the following clang warning:
lib583.c:68:15: warning: cast from function call of type 'CURLMcode' to
non-matching type 'int' [-Wbad-function-cast]
2017-05-31 19:05:50 +02:00
Daniel Stenberg
69a6cc2e13 libtest/lib574.c: use correct callback proto 2017-05-31 11:56:53 +02:00
Jay Satiro
35682764a9 test557: fix ubsan runtime error due to int left shift
- Test curl_msnprintf negative int width arg using INT_MIN instead of
  1 << 31 which is undefined behavior.

Closes https://github.com/curl/curl/issues/1516
2017-05-29 18:04:53 -04:00
Dan Fandrich
3aaac8c2f7 tests: removed some redundant empty <stdout> sections 2017-05-28 23:07:35 +02:00
Dan Fandrich
01f9487967 runtests.pl: removed <precommand> feature
This hasn't been used in over a decade. <precheck> can still be used to
run commands before the main test.
2017-05-28 20:57:47 +02:00
Dan Fandrich
14514c9796 runtests.pl: removed unused arguments to valgrindparse 2017-05-27 14:30:24 +02:00
Michael Kaufmann
8ab22a7453 time: fix type conversions and compiler warnings
Fix bugs and compiler warnings on systems with 32-bit long and
64-bit time_t.

Reviewed-by: Daniel Stenberg

Closes #1499
2017-05-24 22:56:22 +02:00
Daniel Stenberg
bba59073c5 redirect: store the "would redirect to" URL when max redirs is reached
Test 1261 added to verify.

Reported-by: Lloyd Fournier

Fixes #1489
Closes #1497
2017-05-23 23:27:58 +02:00
Michael Kaufmann
052a14e3cd tests: stabilize test 1034
Pass the invalid domain name on stdin. On some systems, the test
framework cannot pass invalid UTF-8 sequences on the command line.

Closes #1488
2017-05-20 19:00:16 +02:00
eb16305e6a SecureTransport/DarwinSSL: Implement public key pinning
Closes #1400
2017-05-15 22:54:33 +02:00
Dan Fandrich
b1fa80b84f lib510: don't write past the end of the buffer if it's too small 2017-05-13 23:13:09 +02:00
Dan Fandrich
646dc1c42a tests: added missing keywords "chunked Transfer-Encoding" 2017-05-13 22:37:11 +02:00
Dan Fandrich
fa0ac3f4d9 tests: made a couple of prechecks consistent with others
Also removed a TODO suggesting caching the precheck results. Tests
showed this would save about 0.1 sec on the total test run time on a
relatively modern system, an unnoticeable gain at the cost of longer and
more complicated code. There would also be a danger that a cached test
result would be inappropriately returned, such as when other test
dependencies (like environment variables) are different or when the
precheck causes side effects (like filesystem changes).
2017-05-13 19:12:22 +02:00
Richard Hsu
8dfa378e52 tests: remove superfluous test 1399
@MarcelRaad noted that `test1399` causes infinite loop on MinGW.
Looking into this, seems like it is related to how Windows handles
CRLF. See https://github.com/curl/curl/commit/9e093f by @mback2k.
Removing `test1399` as it's identical to `test1326` then with such a
fix.

Test 1399 was broughy by commit 862b02f894

Closes #1478
2017-05-10 09:42:31 +02:00
Dan Fandrich
f19baf27eb tests: make test file names more unique
Include the test number in the names of files written out by tests to
reduce the chance of accidental duplication and to make it more clear
which test is associated with which file.
2017-05-09 21:52:05 +02:00
Dan Fandrich
f5b71d3a6c tests: removed redundant --trace-ascii arguments
This is already added by the test suite; it's not clear why all these
tests had it, unless it's cargo-culting.
2017-05-09 19:43:22 +02:00
Dan Fandrich
2f6bfd5499 tests: list the primary server first in the server section 2017-05-09 00:40:28 +02:00
Daniel Stenberg
8b2f22ed29 curl: generate the --help output
... using the docs/cmdline-opts/gen.pl script, so that we get all the
command line option documentation from the same source.

The generation of the list has to be done manually and pasted into the
source code.

Closes #1465
2017-05-08 23:30:29 +02:00
Daniel Stenberg
73afcfc0ae tests: updated for modified fake random 2017-05-08 23:24:43 +02:00
Dan Fandrich
9e9509e46a tests: give each stunnel.conf file a unique name
Otherwise, subsequent uses of stunnel overwrite the configuration file
of previous invocations so they can no longer be inspected.
2017-05-08 22:59:12 +02:00
Marcel Raad
e076fdaf5b
tftpd: fix signed/unsigned mismatch warnings
alarm's argument is unsigned.
2017-05-08 20:11:03 +02:00
Marcel Raad
141ed8ca09
libtest: fix MinGW-w64 warnings
long is 32 bits while size_t is 64 bits on MinGW-w64, so
typecheck-gcc.h complains when using size_t for a long option.
Also, curl_socket_t is unsigned long long rather than int.
2017-05-08 19:59:46 +02:00
Daniel Stenberg
e3f84efc32 runtests: fix "use of undefined value" warning in -R handling 2017-05-08 10:09:06 +02:00
Marcel Raad
e2b394106d
test537: use correct variable type
Avoids narrowing conversion warnings because rlim_t is usually
unsigned long.

Closes https://github.com/curl/curl/pull/1469
2017-05-08 09:19:18 +02:00
Dan Fandrich
ba5fa1c7a8 runtests.pl: simplify the datacheck read section
Also, document that numbered datacheck sections are possible.
2017-05-06 09:04:00 +02:00
Marcel Raad
6dc3422d48
tests: fix -Wcast-qual warnings
Avoid casting string literals to non-const char *.
2017-05-05 21:29:50 +02:00
Daniel Stenberg
22fdb0954c tests/server: run checksrc by default in debug-builds 2017-05-05 15:51:25 +02:00
Marcel Raad
ad8c1472fe
unit1305: fix compiler warning
calloc and ai_addrlen expect different (usually unsigned) types.
2017-05-05 11:44:22 +02:00