1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 08:38:49 -05:00
Commit Graph

534 Commits

Author SHA1 Message Date
Daniel Stenberg
f15a88f2b2 glob: error out on range overflow
The new multiply() function detects range value overflows. 32bit
machines will overflow on a 32bit boundary while 64bit hosts support
ranges up to the full 64 bit range.

Added test 1236 to verify.

Bug: http://curl.haxx.se/bug/view.cgi?id=1267
Reported-by: Will Dietz
2013-08-16 11:55:04 +02:00
Daniel Stenberg
5ca96cb844 urlglob: better detect unclosed braces, empty lists and overflows
A rather big overhaul and cleanup.

1 - curl wouldn't properly detect and reject globbing that ended with an
open brace if there were brackets or braces before it. Like "{}{" or
"[0-1]{"

2 - curl wouldn't properly reject empty lists so that "{}{}" would
result in curl getting (nil) strings in the output.

3 - By using strtoul() instead of sscanf() the code will now detected
over and underflows. It now also better parses the step argument to only
accept positive numbers and only step counters that is smaller than the
delta between the maximum and minimum numbers.

4 - By switching to unsigned longs instead of signed ints for the
counters, the max values for []-ranges are now very large (on 64bit
machines).

5 - Bumped the maximum number of globs in a single URL to 100 (from 10)

6 - Simplified the code somewhat and now it stores fixed strings as
single- entry lists. That's also one of the reasons why I did (5) as now
all strings between "globs" will take a slot in the array.

Added test 1234 and 1235 to verify. Updated test 87.

This commit fixes three separate bug reports.

Bug: http://curl.haxx.se/bug/view.cgi?id=1264
Bug: http://curl.haxx.se/bug/view.cgi?id=1265
Bug: http://curl.haxx.se/bug/view.cgi?id=1266
Reported-by: Will Dietz
2013-08-16 11:52:08 +02:00
Daniel Stenberg
d2b36e466a global dns cache: didn't work [regression]
CURLOPT_DNS_USE_GLOBAL_CACHE broke in commit c43127414d (been
broken since the libcurl 7.29.0 release). While this option has been
documented as deprecated for almost a decade and nobody even reported
this bug, it should remain functional.

Added test case 1512 to verify
2013-08-08 16:28:46 +02:00
Daniel Stenberg
7cc00d9a83 FTP: when EPSV gets a 229 but fails to connect, retry with PASV
This is a regression as this logic used to work. It isn't clear when it
broke, but I'm assuming in 7.28.0 when we went all-multi internally.

This likely never worked with the multi interface. As the failed
connection is detected once the multi state has reached DO_MORE, the
Curl_do_more() function was now expanded somewhat so that the
ftp_do_more() function can request to go "back" to the previous state
when it makes another attempt - using PASV.

Added test case 1233 to verify this fix. It has the little issue that it
assumes no service is listening/accepting connections on port 1...

Reported-by: byte_bucket in the #curl IRC channel
2013-08-06 09:57:59 +02:00
Fabian Keil
d020e2c381 tests: test1232 verifies dotdot removal from path with proxy 2013-07-23 20:51:15 +02:00
Daniel Stenberg
1016637f5a test1414: FTP PORT download without SIZE support 2013-07-16 22:54:31 +02:00
Daniel Stenberg
d3d5c4a40e tests: add test1395 to the tarball 2013-06-24 09:25:58 +02:00
Daniel Stenberg
7877619f85 dotdot: introducing dot file path cleanup
RFC3986 details how a path part passed in as part of a URI should be
"cleaned" from dot sequences before getting used. The described
algorithm is now implemented in lib/dotdot.c with the accompanied test
case in test 1395.

Bug: http://curl.haxx.se/bug/view.cgi?id=1200
Reported-by: Alex Vinnik
2013-06-22 14:15:07 +02:00
Daniel Stenberg
0de7249bb3 unit1396: unit tests to verify curl_easy_(un)escape 2013-06-22 11:21:35 +02:00
Daniel Stenberg
51b3445e84 test1230: verify CONNECT to a numerical ipv6-address 2013-06-04 22:52:13 +02:00
Daniel Stenberg
ac419bf562 Digest auth: escape user names with \ or " in them
When sending the HTTP Authorization: header for digest, the user name
needs to be escaped if it contains a double-quote or backslash.

Test 1229 was added to verify

Reported and fixed by: Nach M. S
Bug: http://curl.haxx.se/bug/view.cgi?id=1230
2013-05-27 19:45:12 +02:00
Daniel Stenberg
fc4759af9d tests: add test1394 file to the tarball 2013-05-19 12:44:44 +02:00
YAMADA Yasuharu
04f52e9b4d cookies: only consider full path matches
I found a bug which cURL sends cookies to the path not to aim at.
For example:
- cURL sends a request to http://example.fake/hoge/
- server returns cookie which with path=/hoge;
  the point is there is NOT the '/' end of path string.
- cURL sends a request to http://example.fake/hogege/ with the cookie.

The reason for this old "feature" is because that behavior is what is
described in the original netscape cookie spec:
http://curl.haxx.se/rfc/cookie_spec.html

The current cookie spec (RFC6265) clarifies the situation:
http://tools.ietf.org/html/rfc6265#section-5.2.4
2013-05-18 22:54:48 +02:00
Steve Holme
6add1901a1 tests: Added new SMTP tests to verify commit 99b4045183 2013-05-07 22:52:43 +02:00
Steve Holme
cb9c0ac7d7 tests: Renamed test1411 to test909 as this is a main SMTP test 2013-05-02 18:46:11 +01:00
Steve Holme
b56e3d43e5 tests: Added imap STATUS command test 2013-04-29 12:53:09 +01:00
Steve Holme
f9b691cdb0 tests: Added SMTP AUTH with initial response tests 2013-04-27 13:04:02 +01:00
Daniel Stenberg
0523152ad6 ftp_state_pasv_resp: connect through proxy also when set by env
When connecting back to an FTP server after having sent PASV/EPSV,
libcurl sometimes didn't use the proxy properly even though the proxy
was used for the initial connect.

The function wrongly checked for the CURLOPT_PROXY variable to be set,
which made it act wrongly if the proxy information was set with an
environment variable.

Added test case 711 to verify (based on 707 which uses --socks5). Also
added test712 to verify another variation of setting the proxy: with
--proxy socks5://

Bug: http://curl.haxx.se/bug/view.cgi?id=1218
Reported-by: Zekun Ni
2013-04-26 16:49:25 +02:00
Alessandro Ghedini
d791179d7f tests: add test1511 to check timecond clean-up
Verifies the timecond fix in commit c49ed0b6c0
2013-04-22 22:46:47 +02:00
Daniel Stenberg
c5ba0c2f54 FTP: handle a 230 welcome response
...instead of the 220 we otherwise expect.

Made the ftpserver.pl support sending a custom "welcome" and then
created test 1219 to verify this fix with such a 230 welcome.

Bug: http://curl.haxx.se/mail/lib-2013-02/0102.html
Reported by: Anders Havn
2013-04-12 23:59:37 +02:00
Daniel Stenberg
61d259f950 FTP: access files in root dir correctly
Accessing a file with an absolute path in the root dir but with no
directory specified was not handled correctly. This fix comes with four
new test cases that verify it.

Bug: http://curl.haxx.se/mail/lib-2013-04/0142.html
Reported by: Sam Deane
2013-04-12 22:43:13 +02:00
Daniel Stenberg
5c5e1a1cd2 test1218: another cookie tailmatch test
... and make 1216 also verify it with a file input

These tests verify commit 3604fde3d3c9b0d, the fix for the "cookie
domain tailmatch" vulnerability. See
http://curl.haxx.se/docs/adv_20130412.html
2013-04-11 23:52:12 +02:00
Daniel Stenberg
f8da49eec0 test1217: verify parsing 257 responses with "rubbish" before path
Test 1217 verifies commit e0fb2d86c9, and without that change this
test fails.
2013-04-09 22:21:49 +02:00
Daniel Stenberg
11dee0bfae test1216: test tailmatching cookie domains
This test is an attempt to repeat the problem YAMADA Yasuharu reported
at http://curl.haxx.se/mail/lib-2013-04/0108.html
2013-04-09 15:45:27 +02:00
Fabian Keil
638c6da9db proxy: make ConnectionExists() check credential of proxyconnections too
Previously it only compared credentials if the requested needle
connection wasn't using a proxy. This caused NTLM authentication
failures when using proxies as the authentication code wasn't send on
the connection where the challenge arrived.

Added test 1215 to verify: NTLM server authentication through a proxy
(This is a modified copy of test 67)
2013-04-08 16:13:27 +02:00
Linus Nielsen Feltzing
e87e76e2dc easy: Fix the broken CURLOPT_MAXCONNECTS option
Copy the CURLOPT_MAXCONNECTS option to CURLMOPT_MAXCONNECTS in
curl_easy_perform().

Bug: http://curl.haxx.se/bug/view.cgi?id=1212
Reported-by: Steven Gu
2013-04-04 10:33:39 +02:00
Daniel Stenberg
1e29d275c6 test1509: verify proxy header response headers count
Modified sws to support and use custom CONNECT responses instead of the
previously naive hard-coded version. Made the HTTP test server able to
extract test case number from the host name in a CONNECT request by
finding the number after the last dot. It makes 'machine.moo.123' use
test case 123.

Adapted a larger amount of tests to the new <connect> style.

Bug: http://curl.haxx.se/bug/view.cgi?id=1204
Reported by: Martin Jansen
2013-03-27 15:30:46 +01:00
Yang Tse
1700668d78 tests: add #96 #558 and #1330
These verfy that the 'memory tracking' subsystem is actually doing its
job when using curl tool (#96), a test in libtest (#558) and also a unit
test (#1330), in order to prevent regressions in this functionallity.
2013-03-15 19:59:51 +01:00
Steve Holme
a8f93d4efc imap-tests: Added test808 for custom EXAMINE command 2013-03-15 18:12:58 +00:00
Daniel Stenberg
e4b733e3f1 HTTP proxy: insert slash in URL if missing
curl has been accepting URLs using slightly wrong syntax for a long
time, such as when completely missing as slash "http://example.org" or
missing a slash when a query part is given
"http://example.org?q=foobar".

curl would translate these into a legitimate HTTP request to servers,
although as was shown in bug #1206 it was not adjusted properly in the
cases where a HTTP proxy was used.

Test 1213 and 1214 were added to the test suite to verify this fix.

The test HTTP server was adjusted to allow us to specify test number in
the host name only without using any slashes in a given URL.

Bug: http://curl.haxx.se/bug/view.cgi?id=1206
Reported by: ScottJi
2013-03-15 14:18:16 +01:00
Linus Nielsen Feltzing
0f147887b0 Multiple pipelines and limiting the number of connections.
Introducing a number of options to the multi interface that
allows for multiple pipelines to the same host, in order to
optimize the balance between the penalty for opening new
connections and the potential pipelining latency.

Two new options for limiting the number of connections:

CURLMOPT_MAX_HOST_CONNECTIONS - Limits the number of running connections
to the same host. When adding a handle that exceeds this limit,
that handle will be put in a pending state until another handle is
finished, so we can reuse the connection.

CURLMOPT_MAX_TOTAL_CONNECTIONS - Limits the number of connections in total.
When adding a handle that exceeds this limit,
that handle will be put in a pending state until another handle is
finished. The free connection will then be reused, if possible, or
closed if the pending handle can't reuse it.

Several new options for pipelining:

CURLMOPT_MAX_PIPELINE_LENGTH - Limits the pipeling length. If a
pipeline is "full" when a connection is to be reused, a new connection
will be opened if the CURLMOPT_MAX_xxx_CONNECTIONS limits allow it.
If not, the handle will be put in a pending state until a connection is
ready (either free or a pipe got shorter).

CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE - A pipelined connection will not
be reused if it is currently processing a transfer with a content
length that is larger than this.

CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE - A pipelined connection will not
be reused if it is currently processing a chunk larger than this.

CURLMOPT_PIPELINING_SITE_BL - A blacklist of hosts that don't allow
pipelining.

CURLMOPT_PIPELINING_SERVER_BL - A blacklist of server types that don't allow
pipelining.

See the curl_multi_setopt() man page for details.
2013-03-13 23:55:24 +01:00
Yang Tse
ba7fbd0960 test509: libcurl initialization with memory callbacks and actual usage 2013-03-13 21:50:40 +01:00
Steve Holme
25d040035e Makefile.am: Corrected a couple of spurious tab characters
Corrected a couple of tab characters between test702 and test703, and
between test900 and test901 which should be spaces.
2013-03-10 20:27:05 +00:00
Jiri Hruska
8dc7393d89 imap: Added test807 for custom request functionality (STORE) 2013-03-10 20:23:23 +00:00
Jiri Hruska
245f522761 imap: Added test806 for IMAP (folder) LIST command 2013-03-10 20:20:10 +00:00
Jiri Hruska
90c8386187 imap: Added test805 for APPEND functionality 2013-03-10 20:14:01 +00:00
Jiri Hruska
263db764c4 imap: Added test804 for skipping SELECT if in the same mailbox 2013-03-10 20:04:38 +00:00
Jiri Hruska
3a5530a1f3 imap: Added test802 and test803 for UIDVALIDITY verification
Added one test for a request with matching UIDVALIDITY and one which is
a mismatched request that will fail.
2013-03-10 19:57:26 +00:00
Jiri Hruska
0d49f92872 imap: Added test801 for UID and SECTION URL parameters 2013-03-10 19:43:54 +00:00
Steve Holme
62b5015796 Makefile.am: Corrected end of line filler character
The majority of lines, that specify a test file for inclusion, end with
a tab character before the slash whilst some end with a space. Corrected
those that end with a space to end with a tab character as well.
2013-03-10 19:02:41 +00:00
Steve Holme
5a6464ae09 email-tests: Renamed the IMAP test to be 800
Continued segregating the email protocol tests, into their own protocol
based ranges, in preparation of adding more e-mail related tests to the
test suite.
2013-03-10 19:02:37 +00:00
Steve Holme
fb327e42c6 email-tests: Renamed the SMTP tests to be in the range 900-906
Continued segregating the email protocol tests, into their own protocol
based ranges, in preparation of adding more e-mail related tests to the
test suite.
2013-03-10 19:02:36 +00:00
Steve Holme
a1348aa23c email-tests: Renamed the POP3 tests to be in the range 850-857
Started segregating the email protocol tests, into their own protocol
based ranges, in preparation of adding more e-mail related tests to the
test suite.
2013-03-10 19:02:34 +00:00
ulion
5cd85db9fa SOCKS: fix socks proxy when noproxy matched
Test 1212 added to verify

Bug: http://curl.haxx.se/bug/view.cgi?id=1190
2013-02-11 20:10:52 +01:00
Linus Nielsen Feltzing
da3fc1ee91 Fix NULL pointer reference when closing an unused multi handle. 2013-02-10 22:57:58 +01:00
Daniel Stenberg
72688317ad DONE: consider callback-aborted transfers premature
This bug report properly identified that when doing SMTP and aborting
the transfer with a callback, it must be considered aborted prematurely
by the code to avoid QUIT etc to be attempted as that would cause a
hang.

The new test case 1507 verifies this behavior.

Reported by: Patricia Muscalu
Bug: http://curl.haxx.se/bug/view.cgi?id=1184
2013-02-08 13:57:01 +01:00
Linus Nielsen Feltzing
bd1f170a5a CURLMOPT_MAXCONNECTS: restore functionality
When a connection is no longer used, it is kept in the cache. If the
cache is full, the oldest idle connection is closed. If no connection is
idle, the current one is closed instead.
2013-02-05 09:17:52 +01:00
Ulion
2698520aef formpost: support quotes, commas and semicolon in file names
- document the double-quote and backslash need be escaped if quoting.
- libcurl formdata escape double-quote in filename by backslash.
- curl formparse can parse filename both contains '"' and ',' or ';'.
- curl now can uploading file with ',' or ';' in filename.

Bug: http://curl.haxx.se/bug/view.cgi?id=1171
2013-01-22 15:43:29 +01:00
Daniel Stenberg
65e8ba8e1d writeout: -w now supports remote_ip/port and local_ip/port
Added mention to the curl.1 man page.

Test case 1223 verifies remote_ip/port.
2013-01-03 23:16:38 +01:00
Yang Tse
0b3180b4f5 test 1222: 8 chars object name generation && test 1221: adjustments 2013-01-03 19:24:00 +01:00