1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-16 06:25:03 -05:00
Commit Graph

118 Commits

Author SHA1 Message Date
Patrick Monnerat
63ef436ea1 mime: implement encoders.
curl_mime_encoder() is operational and documented.
curl tool -F option is extended with ";encoder=".
curl tool --libcurl option generates calls to curl_mime_encoder().
New encoder tests 648 & 649.
Test 1404 extended with an encoder specification.
2017-09-05 17:55:51 +01:00
Daniel Stenberg
3130414ce7
http-proxy: treat all 2xx as CONNECT success
Added test 1904 to verify.

Reported-by: Lawrence Wagerfield
Fixes #1859
Closes #1860
2017-09-05 09:47:46 +02:00
Patrick Monnerat
3baf36edf6 mime: tests and examples.
Additional mime-specific tests.
Existing tests updated to reflect small differences (Expect: 100-continue,
data size change due to empty lines, etc).
Option -F headers= keyword added to tests.
test1135 disabled until the entry point order change is resolved.
New example smtp-mime.
Examples postit2 and multi-post converted from form API to mime API.
2017-09-02 19:08:45 +01:00
Daniel Stenberg
befaa7b14f
imap: support PREAUTH
It is a defined possible greeting at server startup that means the
connection is already authenticated. See
https://tools.ietf.org/html/rfc3501#section-7.1.4

Test 846 added to verify.

Fixes #1818
Closes #1820
2017-08-23 23:58:49 +02:00
Even Rouault
16c71fafb9
tftp: fix memory leak on too long filename
Fixes

$ valgrind --leak-check=full ~/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz

==9752== Memcheck, a memory error detector
==9752== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==9752== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==9752== Command: /home/even/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz
==9752==
curl: (71) TFTP file name too long

==9752==
==9752== HEAP SUMMARY:
==9752== 505 bytes in 1 blocks are definitely lost in loss record 11 of 11
==9752==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9752==    by 0x4E61CED: Curl_urldecode (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E75868: tftp_state_machine (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E761B6: tftp_do (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E711B6: multi_runsingle (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E71D00: curl_multi_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E6950D: curl_easy_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x40E0B7: operate_do (in /home/even/install-curl-git/bin/curl)
==9752==    by 0x40E849: operate (in /home/even/install-curl-git/bin/curl)
==9752==    by 0x402693: main (in /home/even/install-curl-git/bin/curl)

Fixes https://oss-fuzz.com/v2/testcase-detail/5232311106797568
Credit to OSS Fuzz

Closes #1808
2017-08-19 23:26:30 +02:00
Daniel Stenberg
c95eff4a11
ftp: fix CWD when doing multicwd then nocwd on same connection
Fixes #1782
Closes #1787
Reported-by: Peter Lamare
2017-08-17 10:08:11 +02:00
Viktor Szakats
b7b4dc0d49 ssh: add the ability to enable compression (for SCP/SFTP)
The required low-level logic was already available as part of
`libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1]
option.)

This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION`
(boolean) and the new `curl` command-line option `--compressed-ssh`
to request this `libssh2` feature. To have compression enabled, it
is required that the SSH server supports a (zlib) compatible
compression method and that `libssh2` was built with `zlib` support
enabled.

[1] https://www.libssh2.org/libssh2_session_flag.html

Ref: https://github.com/curl/curl/issues/1732
Closes https://github.com/curl/curl/pull/1735
2017-08-17 03:32:00 -04:00
Daniel Stenberg
91c46dc44e
test1449: FTP download range with an too large size 2017-08-14 23:33:53 +02:00
Daniel Stenberg
6bde13a531
test1448: verify redirect to IDN using URL
Closes #1772
2017-08-13 00:04:27 +02:00
Daniel Stenberg
77cd4e7693
test1447: verifies the parse proxy fix in 6e0e152ce5 2017-08-11 11:58:34 +02:00
Daniel Stenberg
581011a3d2 test1427: verify command line parser integer overflow detection 2017-08-07 09:38:57 +02:00
Daniel Stenberg
453e7a7a03 glob: do not continue parsing after a strtoul() overflow range
Added test 1289 to verify.

CVE-2017-1000101

Bug: https://curl.haxx.se/docs/adv_20170809A.html
Reported-by: Brian Carpenter
2017-08-07 09:24:30 +02:00
Daniel Stenberg
0018221532 test1323: verify curlx_tvdiff 2017-07-28 15:51:36 +02:00
Max Dymond
06a6feba9d test1452: add telnet negotiation
Add a basic telnet server for negotiating some telnet options before
echoing back any data that's sent to it.

Closes #1645
2017-07-07 11:00:26 +02:00
Max Dymond
a6f8d27efc test1451: add SMB support to the testbed
Add test 1451 which does some very basic SMB testing using the impacket
SMB server.

Closes #1630
2017-07-04 10:41:58 +02:00
Daniel Stenberg
b3786f61dc url: make the original string get used on subsequent transfers
... since CURLOPT_URL should follow the same rules as other options:
they remain set until changed or cleared.

Added test 1551 to verify.

Fixes #1631
Closes #1632
Reported-by: Pavel Rochnyak
2017-07-03 23:52:10 +02:00
Max Dymond
9b387034ab test1450: add simple testing for DICT
Add a new server which provides a DICT interface. This is intended to
begin coverage testing for lib/dict.c

Closes #1615
2017-06-30 11:34:05 +02:00
Ryan Winograd
f8f040e659 progress: prevent resetting t_starttransfer
Prevent `Curl_pgrsTime` from modifying `t_starttransfer` when invoked
with `TIMER_STARTTRANSFER` more than once during a single request.

When a redirect occurs, this is considered a new request and
`t_starttransfer` can be updated to reflect the `t_starttransfer` time
of the redirect request.

Closes #1616

Bug: https://github.com/curl/curl/pull/1602#issuecomment-310267370
2017-06-30 09:05:53 +02:00
Daniel Stenberg
b778ae4c5e http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASH
... to enable sending "OPTIONS *" which wasn't possible previously.

This option currently only works for HTTP.

Added test cases 1298 + 1299 to verify

Fixes #1280
Closes #1462
2017-06-19 16:39:22 +02:00
Daniel Stenberg
6208547002 PIPELINING_SERVER_BL: cleanup the internal list use
The list was freed incorrectly since the llist refactor of
cbae73e1dd. Added test 1550 to verify that it works and avoid future
regressions.

Reported-by: Pascal Terjan

Fixes #1584
Closes #1585
2017-06-19 09:14:49 +02:00
Daniel Stenberg
5385450afd curl: prevent binary output spewed to terminal
... unless "--output -" is used. Binary detection is done by simply
checking for a binary zero in early data.

Added test 1425 1426 to verify.

Closes #1512
2017-06-16 23:38:13 +02:00
Daniel Stenberg
de4c747544 test1148: verify the -# progressbar
Closes #1569
2017-06-16 09:45:26 +02:00
Daniel Stenberg
1c32b6e913 test1147: verify -H on a file 2017-06-15 11:09:48 +02:00
Daniel Stenberg
73a2fcea0b includes: remove curl/curlbuild.h and curl/curlrules.h
Rely entirely on curl/system.h now.

Introduced in Aug 2008 with commit 14240e9e10. Now gone.

Fixes #1456
2017-06-14 11:07:33 +02:00
Daniel Stenberg
cccac4fb2b test1521: test *all* curl_easy_setopt options
mk-lib1521.pl generates a test program (lib1521.c) that calls
curl_easy_setopt() for every known option with a few typical values to
make sure they work (ignoring the return codes).

Some small changes were necessary to avoid asserts and NULL accesses
when doing this.

The perl script needs to be manually rerun when we add new options.

Closes #1543
2017-06-05 14:25:18 +02:00
Daniel Stenberg
1573ebee8a test1262: verify ftp download with -z for "if older than this" 2017-06-05 10:33:51 +02:00
Daniel Stenberg
61d4870dc9 test1538: fix typo 2017-06-02 15:52:59 +02:00
Daniel Stenberg
cef9c9e782 test1538: verify the libcurl strerror API calls 2017-06-02 13:52:55 +02:00
Daniel Stenberg
9b2dfe88bb test1537: dedicated tests of the URL (un)escape API calls
Closes #1530
2017-06-02 13:16:18 +02:00
Daniel Stenberg
bba59073c5 redirect: store the "would redirect to" URL when max redirs is reached
Test 1261 added to verify.

Reported-by: Lloyd Fournier

Fixes #1489
Closes #1497
2017-05-23 23:27:58 +02:00
Richard Hsu
8dfa378e52 tests: remove superfluous test 1399
@MarcelRaad noted that `test1399` causes infinite loop on MinGW.
Looking into this, seems like it is related to how Windows handles
CRLF. See https://github.com/curl/curl/commit/9e093f by @mback2k.
Removing `test1399` as it's identical to `test1326` then with such a
fix.

Test 1399 was broughy by commit 862b02f894

Closes #1478
2017-05-10 09:42:31 +02:00
Daniel Stenberg
dfb0595a73 test559: verify use of minimum CURLOPT_BUFFERSIZE 2017-05-04 15:39:04 +02:00
Richard Hsu
862b02f894 Telnet: Write full buffer instead of byte-by-byte
Previous TODO wanting to write in chunks. We should support writing more
at once since some TELNET servers may respond immediately upon first
byte written such as WHOIS servers.

Closes #1389
2017-05-02 23:23:39 +02:00
Dan Fandrich
584142892f tests: added --remote-time tests for remaining protocols that support it 2017-04-29 10:16:06 +02:00
Dan Fandrich
3364de00f7 test1443: test --remote-time 2017-04-27 22:34:12 +02:00
Daniel Stenberg
d2bdc98754 test1606: verify speedcheck 2017-04-06 17:38:23 +02:00
Daniel Stenberg
9506d01ee5 include: curl/system.h is a run-time version of curlbuild.h
system.h is aimed to replace curlbuild.h at a later point in time when
we feel confident system.h works sufficiently well.

curl/system.h is currently used in parallel with curl/curlbuild.h

curl/system.h determines a data sizes, data types and include file
status based on available preprocessor defines instead of getting
generated at build-time. This, in order to avoid relying on a build-time
generated file that makes it complicated to do 32 and 64 bit bields from
the same installed set of headers.

Test 1541 verifies that system.h comes to the same conclusion that
curlbuild.h offers.

Closes #1373
2017-04-03 23:24:39 +02:00
Daniel Stenberg
452203341d pause: handle mixed types of data when paused
When receiving chunked encoded data with trailers, and the write
callback returns PAUSE, there might be both body and header to store to
resend on unpause. Previously libcurl returned error for that case.

Added test case 1540 to verify.

Reported-by: Stephen Toub
Fixes #1354
Closes #1357
2017-03-28 13:27:49 +02:00
Daniel Stenberg
8e65877870 curl: check for end of input in writeout backslash handling
Reported-by: Brian Carpenter

Added test 1442 to verify
2017-03-25 23:48:57 +01:00
Dan Fandrich
1890d59905 tool_writeout: fixed a buffer read overrun on --write-out
If a % ended the statement, the string's trailing NUL would be skipped
and memory past the end of the buffer would be accessed and potentially
displayed as part of the --write-out output. Added tests 1440 and 1441
to check for this kind of condition.

Reported-by: Brian Carpenter
2017-03-12 08:28:31 +01:00
Desmond O. Chang
d2bcf1e3e2 url: add option CURLOPT_SUPPRESS_CONNECT_HEADERS
- Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing
  proxy CONNECT response headers from the user callback functions
  CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION.

- Add new tool option --suppress-connect-headers to expose
  CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT
  response headers from --dump-header and --include.

Assisted-by: Jay Satiro
Assisted-by: CarloCannas@users.noreply.github.com
Closes https://github.com/curl/curl/pull/783
2017-03-12 01:32:33 -05:00
Jay Satiro
ec1d0ed1c1 http_proxy: Ignore TE and CL in CONNECT 2xx responses
A client MUST ignore any Content-Length or Transfer-Encoding header
fields received in a successful response to CONNECT.
"Successful" described as: 2xx (Successful). RFC 7231 4.3.6

Prior to this change such a case would cause an error.

In some ways this bug appears to be a regression since c50b878. Prior to
that libcurl may have appeared to function correctly in such cases by
acting on those headers instead of causing an error. But that behavior
was also incorrect.

Bug: https://github.com/curl/curl/issues/1317
Reported-by: mkzero@users.noreply.github.com
2017-03-11 18:22:42 -05:00
Daniel Stenberg
aadb7c7b62 URL: return error on malformed URLs with junk after port number
... because it causes confusion with users. Example URLs:

"http://[127.0.0.1]:11211:80" which a lot of languages' URL parsers will
parse and claim uses port number 80, while libcurl would use port number
11211.

"http://user@example.com:80@localhost" which by the WHATWG URL spec will
be treated to contain user name 'user@example.com' but according to
RFC3986 is user name 'user' for the host 'example.com' and then port 80
is followed by "@localhost"

Both these formats are now rejected, and verified so in test 1260.

Reported-by: Orange Tsai
2017-03-06 16:08:21 +01:00
Max Khon
f77dabefd8 digest_sspi: Fix nonce-count generation in HTTP digest
- on the first invocation: keep security context returned by
  InitializeSecurityContext()

- on subsequent invocations: use MakeSignature() instead of
  InitializeSecurityContext() to generate HTTP digest response

Bug: https://github.com/curl/curl/issues/870
Reported-by: Andreas Roth

Closes https://github.com/curl/curl/pull/1251
2017-02-20 00:53:01 -05:00
Michael Kaufmann
2f8d0df085 proxy: fix hostname resolution and IDN conversion
Properly resolve, convert and log the proxy host names.
Support the "--connect-to" feature for SOCKS proxies and for passive FTP
data transfers.

Follow-up to cb4e2be

Reported-by: Jay Satiro
Fixes https://github.com/curl/curl/issues/1248
2017-02-18 15:04:43 +01:00
Isaac Boukris
13e3a18b34 http: fix missing 'Content-Length: 0' while negotiating auth
- While negotiating auth during PUT/POST if a user-specified
  Content-Length header is set send 'Content-Length: 0'.

This is what we do already in HTTPREQ_POST_FORM and what we did in the
HTTPREQ_POST case (regression since afd288b).

Prior to this change no Content-Length header would be sent in such a
case.

Bug: https://curl.haxx.se/mail/lib-2017-02/0006.html
Reported-by: Dominik Hölzl

Closes https://github.com/curl/curl/pull/1242
2017-02-17 02:32:16 -05:00
Jay Satiro
7a9f5748bc tool_urlglob: Allow a glob range with the same start and stop
For example allow ranges like [1-1] and [a-a] etc.

Regression since 5ca96cb.

Bug: https://github.com/curl/curl/issues/1238
Reported-by: R. Dennis Steed
2017-02-15 02:31:09 -05:00
Daniel Stenberg
c5c4e816b4 URL: only accept ";options" in SMTP/POP3/IMAP URL schemes
Fixes #1252
2017-02-10 14:51:53 +01:00
Daniel Stenberg
cbd4e1fa0d cookies: do not assume a valid domain has a dot
This repairs cookies for localhost.

Non-PSL builds will now only accept "localhost" without dots, while PSL
builds okeys everything not listed as PSL.

Added test 1258 to verify.

This was a regression brought in a76825a5ef
2017-01-27 13:32:02 +01:00
ERAMOTO Masaya
2ac1942c72 url: --noproxy option overrides NO_PROXY environment variable
Under condition using http_proxy env var, noproxy list was the
combination of --noproxy option and NO_PROXY env var previously. Since
this commit, --noproxy option overrides NO_PROXY environment variable
even if use http_proxy env var.

Closes #1140
2017-01-13 11:18:29 +01:00