1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-06 01:25:33 -05:00
Commit Graph

1364 Commits

Author SHA1 Message Date
Daniel Stenberg
62da1e7458 test1513: added - verify early progress callback return fail
Verify the change brought in commit 8e11731653061. It makes sure that
returning a failure from the progress callback even very early results
in the correct return code.
2014-01-03 14:09:59 +01:00
Steve Holme
01aaad7442 tests: Disabled NTLM tests when running with SSPI enabled 2013-12-28 20:37:00 +00:00
Steve Holme
82bf8edff3 tests: Removed APOP timestamp from default server greeting 2013-12-24 15:07:32 +00:00
Steve Holme
cd492a3ba8 test936: Corrected login details from commit 7246255416 2013-12-23 12:25:42 +00:00
Steve Holme
574db1a6fd tests: Corrected syntax error from commit 7246255416 2013-12-23 09:25:50 +00:00
Steve Holme
7246255416 tests: Added SMTP SASL downgrade tests 2013-12-23 07:17:53 +00:00
Steve Holme
f763d1b1bb tests: Added POP3 SASL downgrade tests 2013-12-23 07:17:41 +00:00
Steve Holme
48cd1292e2 tests: Added IMAP SASL downgrade tests 2013-12-23 07:17:31 +00:00
Steve Holme
248967e300 tests: Added SASL cancellation keywords
Added SASL CANCELLATION keywords to differentiate these tests from the
upcoming SASL downgrade tests.
2013-12-22 13:06:59 +00:00
Steve Holme
48043f87b6 imap/pop3/smtp: Added support for SASL authentication downgrades
Added support for downgrading the SASL authentication mechanism when the
decoding of CRAM-MD5, DIGEST-MD5 and NTLM messages fails. This enhances
the previously added support for graceful cancellation by allowing the
client to retry a lesser SASL mechanism such as LOGIN or PLAIN, or even
APOP / clear text (in the case of POP3 and IMAP) when supported by the
server.
2013-12-18 20:45:17 +00:00
Daniel Stenberg
169fedbdce login options: remove the ;[options] support from CURLOPT_USERPWD
To avoid the regression when users pass in passwords containing semi-
colons, we now drop the ability to set the login options with the same
options. Support for login options in CURLOPT_USERPWD was added in
7.31.0.

Test case 83 was modified to verify that colons and semi-colons can be
used as part of the password when using -u (CURLOPT_USERPWD).

Bug: http://curl.haxx.se/bug/view.cgi?id=1311
Reported-by: Petr Bahula
Assisted-by: Steve Holme
Signed-off-by: Daniel Stenberg <daniel@haxx.se>
2013-12-14 22:40:37 +01:00
Steve Holme
35e476a3f6 tests: Re-ordered test arguments to match other IMAP tests 2013-11-24 17:59:17 +00:00
Steve Holme
0434a19431 tests: Corrected login "username" authentication responses 2013-11-24 16:25:44 +00:00
Steve Holme
2ff0c6f5f3 tests: Added error code explanation comments 2013-11-24 12:35:45 +00:00
Steve Holme
8a94aedbd6 tests: Removed expected QUIT response from graceful cancellation tests
A failure during authentication, which is performed as part of the
CONNECT phrase (for IMAP, POP3 and SMTP) is considered by the multi-
interface as being closed prematurely (aka a dead connection). As such
these protocols cannot issue the relevant QUIT or LOGOUT command.

Temporarily fixed the test cases until we can fix this properly.
2013-11-24 11:03:40 +00:00
Steve Holme
95877cf8ae tests: Added SMTP graceful authentication cancellation tests 2013-11-24 10:37:41 +00:00
Steve Holme
d3325ae40a tests: Added POP3 graceful authentication cancellation tests 2013-11-24 10:37:30 +00:00
Steve Holme
6d3c832a30 tests: Added IMAP graceful authentication cancellation tests 2013-11-23 15:03:18 +00:00
Steve Holme
7935478397 tests: Moved CR LF in URL tests to their respective protocol groups 2013-11-23 14:49:50 +00:00
Steve Holme
2165298fe6 tests: Added SMTP NOOP and RSET tests 2013-11-17 12:52:42 +00:00
Steve Holme
e885dc85a1 test928: Corrected typo in expected data from commit df58084695 2013-11-17 12:49:10 +00:00
Steve Holme
df58084695 tests: Added SMTP HELP test 2013-11-17 10:11:27 +00:00
Steve Holme
b56d7cda74 tests: Added SMTP EXPN command test 2013-11-17 00:20:58 +00:00
Steve Holme
8896b56488 test926: Corrected unknown user reply from commit 0d735c29f9
The error code should not be sent as data as it isn't passed onto the
client as body data, so cannot be compared in the test suite against
expected data.
2013-11-16 20:33:08 +00:00
Steve Holme
0d735c29f9 tests: Corrected missing data reply sections from 3d50e91aee 2013-11-16 17:19:26 +00:00
Steve Holme
3d50e91aee tests: Added SMTP VRFY command tests 2013-11-16 12:20:22 +00:00
Steve Holme
55250d2d02 test825: Corrected typo from commit b29217d0d6 2013-11-13 17:31:42 +00:00
Steve Holme
bde901ad89 test922: Corrected title to match other OAuth 2.0 tests 2013-11-13 09:17:50 +00:00
Steve Holme
79c77f7c31 tests: Added IMAP OAuth 2.0 authentication with initial response test 2013-11-13 09:14:30 +00:00
Steve Holme
986c249f2f tests: Added IMAP NTLM authentication with initial response test 2013-11-13 09:14:10 +00:00
Steve Holme
3b8c3eb911 tests: Added IMAP login authentication with initial response test 2013-11-13 09:12:59 +00:00
Steve Holme
b29217d0d6 tests: Added IMAP plain authentication with initial response test 2013-11-13 09:12:32 +00:00
Steve Holme
534f90f9bf test873: Use proper padding in NTLM responses 2013-11-13 09:12:11 +00:00
Steve Holme
2ea9a125a6 tests: Added POP3 OAuth 2.0 authentication with initial response test 2013-11-13 00:29:05 +00:00
Steve Holme
58a00d6d9f tests: Added POP3 NTLM authentication with initial response test 2013-11-13 00:24:06 +00:00
Steve Holme
57a27528e6 tests: Added POP3 login authentication with initial response test 2013-11-13 00:11:19 +00:00
Steve Holme
632c1edd06 tests: Added POP3 plain authentication with initial response test 2013-11-13 00:07:02 +00:00
Steve Holme
5f34a10445 tests: Updated CRAM-MD5 tests to use test user details 2013-11-12 09:46:30 +00:00
Steve Holme
c8e63f247a tests: Corrected titles of POP3 and SMTP OAuth 2.0 tests 2013-11-10 20:26:57 +00:00
Steve Holme
7396ad6e09 test823: Fixed expected authentication text from commit e10a26a9d6
Fixed authentication text due to incorrect digest-uri property.
2013-11-10 20:21:18 +00:00
Steve Holme
6d295f8d7d test821: Fixed expected authentication text from commit 2d5455feac 2013-11-10 20:17:30 +00:00
Steve Holme
9b67960421 tests: Added IMAP OAuth 2.0 authentication test 2013-11-10 17:04:32 +00:00
Steve Holme
e10a26a9d6 tests: Added IMAP DIGEST-MD5 authentication test 2013-11-10 16:53:58 +00:00
Steve Holme
7b68b58bc0 tests: Added IMAP NTLM authentication test 2013-11-10 16:44:19 +00:00
Steve Holme
2d5455feac tests: Added IMAP CRAM-MD5 authentication test 2013-11-10 16:42:21 +00:00
Steve Holme
ac05c80f19 test819: Fixed expected authentication text from commit 76f924131c 2013-11-10 16:24:38 +00:00
Steve Holme
af82661dbd tests: Added IMAP login authentication test 2013-11-05 23:48:16 +00:00
Steve Holme
76f924131c tests: Added IMAP plain authentication test 2013-11-05 23:48:01 +00:00
Steve Holme
aa61e14dc1 tests: Added test for IMAP NOOP command 2013-11-03 21:36:46 +00:00
Steve Holme
a84a09ad0b tests: Added test for IMAP COPY command 2013-11-03 21:36:11 +00:00
Steve Holme
66b8557aff tests: Disable IMAP CLOSE and EXPUNGE command tests
This is temporary until curl supports either multiple custom commands
or post-quote commands in IMAP.
2013-11-03 20:39:21 +00:00
Steve Holme
63cac69c2a tests: Added tests for IMAP CLOSE and EXPUNGE commands 2013-11-03 20:37:34 +00:00
Kamil Dudka
8179354c2f tests: use proper padding in NTLM responses 2013-10-30 20:38:01 +00:00
Daniel Stenberg
d44b014271 FTP: make the data connection work when going through proxy
This is a regression since the switch to always-multi internally
c43127414d.

Test 1316 was modified since we now clearly call the Curl_client_write()
function when doing the LIST transfer part and then the
handler->protocol says FTP and ftpc.transfertype is 'A' which implies
text converting even though that the response is initially a HTTP
CONNECT response in this case.
2013-10-26 23:33:06 +02:00
Steve Holme
e4670a1029 tests: Tidy up of SMTP and POP3 tests
Corrected line endings, RFC references and standardised on user names
and passwords used in the tests.
2013-10-26 13:50:08 +01:00
Steve Holme
6e3613e6e6 test907: Corrected DIGEST-MD5 response given in commit 820ed48a00
As the URI, which is contained within the DIGEST-MD5 response, is
constructed from the service and realm, the encoded message differs
from that generated under POP3.
2013-10-26 00:24:45 +01:00
Steve Holme
d24b7953c2 tests: Added SMTP OAUTH2 authentication with initial response test 2013-10-25 19:44:03 +01:00
Steve Holme
13db74ffc3 tests: Added SMTP NTLM authentication with initial response test 2013-10-25 19:40:23 +01:00
Steve Holme
98905aa2c5 tests: Added SMTP OAUTH2 authentication test 2013-10-25 19:34:05 +01:00
Steve Holme
820ed48a00 tests: Added SMTP DIGEST-MD5 authentication test 2013-10-25 19:31:51 +01:00
Steve Holme
973cc22529 tests: Regrouped SMTP authentication tests 2013-10-25 19:30:52 +01:00
Steve Holme
58bd0148fb tests: Added POP3 OAUTH2 authentication test 2013-10-23 22:12:04 +01:00
Steve Holme
ca5c5be3e4 tests: Added empty response support to custom replies
...and fixed up test869 as DIGEST-MD transcript is as follows:

S: Challenge
C: Authentication String
S: Continue Response
C: Empty String
2013-10-23 22:05:22 +01:00
Steve Holme
1be69159f3 tests: Added POP3 DIGEST-MD5 authentication test 2013-10-23 18:30:00 +01:00
Daniel Stenberg
626f8a85f0 test1240: verify 867b52a7ac (glob ranges with text to the right) 2013-10-22 00:10:16 +02:00
Steve Holme
41d820d2c3 test866: Fixed user response from commit 7f7fbe7fbd 2013-10-19 21:43:20 +01:00
Steve Holme
39f4e4fafa tests: Added POP3 NTLM authentication test 2013-10-19 13:17:25 +01:00
Steve Holme
587811c0a6 tests: Added POP3 CRAM-MD5 authentication test 2013-10-19 12:57:25 +01:00
Steve Holme
7f7fbe7fbd tests: Added POP3 login authentication test 2013-10-19 12:42:25 +01:00
Steve Holme
9b1eb2b421 tests: Added POP3 plain authentication test 2013-10-19 12:31:55 +01:00
Steve Holme
1034aa6680 tests: Added POP3 APOP authentication test 2013-10-19 12:20:00 +01:00
Steve Holme
72f850571d tests: Added POP3 RSET test 2013-10-19 00:10:29 +01:00
Steve Holme
4d49ffe165 test906: Fixed failing test on some platforms
Bug: http://sourceforge.net/p/curl/bugs/1291
Reported-by: David Walser
2013-10-15 21:31:14 +01:00
Daniel Stenberg
f0f95c97f7 test1239: verify 4cd444e01a and the simulated 304 response 2013-10-07 14:42:21 +02:00
Steve Holme
ca995010d0 tests: Fixed typos from commit 25a0c96a49 2013-09-29 20:32:23 +01:00
Steve Holme
25a0c96a49 tests: Updated email addresses in SMTP tests following recent changes 2013-09-29 16:48:02 +01:00
Steve Holme
a8b606b1a6 test909: Removed custom EHLO response after recent changes
...as it is no longer required following capability and authentication
changes and is now causing problems following commit 49341628b5 as
the test number is obtained from the client address in the EHLO.
2013-09-29 16:25:11 +01:00
Steve Holme
49341628b5 ftpserver.pl: Moved specifying the test number from the RCPT address
...to the client address as this frees the RCPT strings to contain
just an email address and by passing the test number into curl as the
client address remains consistent with POP3 and IMAP tests as they are
specified in the URL.
2013-09-29 10:02:00 +01:00
Steve Holme
14d8209adc test906: Fixed type-2 response 2013-09-23 07:10:25 +01:00
Steve Holme
a942d8ff5b test915: Corrected test number from commit 22bccb0eda 2013-09-23 00:19:56 +01:00
Steve Holme
1695c67818 test906: Fixed type-1 message not handled error
...from commit f81d1e1666 due to copy paste error.
2013-09-23 00:15:37 +01:00
Steve Holme
f81d1e1666 tests: Added SMTP AUTH NTLM test 2013-09-22 20:53:29 +01:00
Steve Holme
b71ed1fb3d tests: Added SMTP multiple and invalid --mail-rcpt test 2013-09-22 20:25:32 +01:00
Steve Holme
86ccfaa3fd tests: Added SMTP multiple --mail-rcpt test 2013-09-22 20:23:27 +01:00
Steve Holme
3b69462fc0 tests: Added SMTP invalid --mail-rcpt test 2013-09-22 20:12:20 +01:00
Steve Holme
22bccb0eda tests: Regrouping of SMTP tests 2013-09-22 20:09:57 +01:00
Benoit Sigoure
4f591b9148 test1112: Increase the timeout from 7s to 16s
As someone reported on the mailing list a while back, the hard-coded
arbitrary timeout of 7s in test 1112 is not sufficient in some build
environments. At Arista Networks we build and test curl as part of our
automated build system, and we've run into this timeout 170 times so
far. Our build servers are typically quite busy building and testing a
lot of code in parallel, so despite being beefy machines with 32 cores
and 128GB of RAM we still hit this 7s timeout regularly.

URL: http://curl.haxx.se/mail/lib-2010-02/0200.html
2013-09-22 18:23:09 +02:00
Steve Holme
52cefc8cd7 tests: Fixed smtp rcpt to addresses 2013-09-22 15:14:26 +01:00
Daniel Stenberg
34df869f99 test1415: adjusted to work for 32bit time_t
The libcurl date parser returns INT_MAX for all dates > 2037 so this
test is now made to use 2037 instead of 2038 to work the same for both
32bit and 64bit time_t systems.
2013-09-21 13:46:42 -05:00
Steve Holme
3f04d48495 tests: Reworked existing SMTP tests to be single recipient based
...in preparation of upcoming multiple recipient tests.
2013-09-21 19:44:09 +01:00
Steve Holme
bd7d56ec71 tests: Added SMTP invalid --mail-from test 2013-09-20 07:09:39 +01:00
Steve Holme
89d320c2fd tests: Updated SMTP AUTH tests to use the new AUTH directive
...rather than specify a customised EHLO response.
2013-09-19 20:29:59 +01:00
Steve Holme
b809bafb0c tests: Corrected test913 as the QUIT response is received 2013-09-19 20:13:08 +01:00
Steve Holme
3b6a1681dc tests: Added SMTP large message SIZE test 2013-09-19 18:17:11 +01:00
Steve Holme
dfe7ee1429 tests: Fixed smtp mail from addresses 2013-09-19 07:19:25 +01:00
YAMADA Yasuharu
4cfbb201c4 cookies: add expiration
Implement: Expired Cookies These following situation, curl removes
cookie(s) from struct CookieInfo if the cookie expired.
 - Curl_cookie_add()
 - Curl_cookie_getlist()
 - cookie_output()
2013-09-17 23:25:56 +02:00
Steve Holme
8f5336a2fa tests: Fixed test 1406 following recent changes in ftpserver.pl
By default the mail server doesn't send the SIZE capability but instead
it has to be specified as a supported capability.
2013-09-16 00:24:46 +01:00
Steve Holme
f8a9dbd391 tests: Added test for SMTP SIZE capability 2013-09-16 00:24:30 +01:00
Steve Holme
eae86ba62d ftpserver.pl: Added support for SMTP HELO command
...and updated test902 as explicit HELO response is no longer required.
2013-09-15 09:10:11 +01:00
Steve Holme
84ad1569e5 ftpserver.pl: Moved POP3 USER and PASS handlers into own functions 2013-09-14 20:46:45 +01:00
Steve Holme
b68c52704b tests: Updated descriptions to be more meaningful 2013-09-14 15:04:25 +01:00
Steve Holme
83f6f58834 tests: Updated descriptions to be more meaningful 2013-09-14 10:41:17 +01:00
Steve Holme
eb6314260d tests: Added test for POP3 TOP command 2013-09-09 17:13:28 +01:00
Steve Holme
ae6096471a tests: Added test for POP3 UIDL command 2013-09-09 17:10:40 +01:00
Steve Holme
131649a121 ftpserver.pl: Corrected POP3 LIST as message numbers should be contiguous
The message numbers given in the LIST response are an index into the
list, which are only valid for the current session, rather than being a
unique message identifier. An index would only be missing from the LIST
response if a DELE command had been issued within the same session and
had not been committed by the end of session QUIT command. Once
committed the POP3 server will regenerate the message numbers in the
next session to be contiguous again. As such our LIST response should
list message numbers contiguously until we support a DELE command in the
same session.

Should a POP3 user require the unique message ID for any or all
messages then they should use the extended UIDL command. This command
will be supported by the test ftpserver in an upcoming commit.
2013-09-08 20:19:20 +01:00
Steve Holme
241aeadc50 tests: Updated descriptions to be more meaningful 2013-09-08 16:59:57 +01:00
Steve Holme
669e4ca366 tests: Added test for POP3 NOOP command 2013-09-08 16:59:55 +01:00
Steve Holme
1b96ce04b2 tests: Added test for POP3 STAT command 2013-09-08 08:52:53 +01:00
Steve Holme
8a4069fb17 tests: Added test for POP3 DELE command 2013-09-07 19:49:12 +01:00
Daniel Stenberg
9fa42beddc urlglob: improved error messages and column number on bad use
Introduce a convenience macro and keep of the column better so that it
can point out the offending column better.

Updated test 75 accordingly.
2013-09-06 23:27:47 +02:00
Steve Holme
83f5332536 tests: Added test for IMAP CHECK command 2013-08-31 18:40:48 +01:00
Steve Holme
75b52f9dcc tests: Added tests for IMAP CREATE, DELETE and RENAME commands 2013-08-30 18:56:56 +01:00
Steve Holme
1b4dc10393 tests: Added test for IMAP SEARCH command 2013-08-28 07:27:10 +01:00
Daniel Stenberg
4bea91fc67 TFTP: make the CURLOPT_LOW_SPEED* options work
... this also makes sure that the progess callback gets called more
often during TFTP transfers.

Added test 1238 to verify.

Bug: http://curl.haxx.se/bug/view.cgi?id=1269
Reported-by: Jo3
2013-08-22 22:42:27 +02:00
Daniel Stenberg
e4a1888bd0 test1237: verify 1000+ letter user name + passwords 2013-08-20 11:23:31 +02:00
Daniel Stenberg
f15a88f2b2 glob: error out on range overflow
The new multiply() function detects range value overflows. 32bit
machines will overflow on a 32bit boundary while 64bit hosts support
ranges up to the full 64 bit range.

Added test 1236 to verify.

Bug: http://curl.haxx.se/bug/view.cgi?id=1267
Reported-by: Will Dietz
2013-08-16 11:55:04 +02:00
Daniel Stenberg
5ca96cb844 urlglob: better detect unclosed braces, empty lists and overflows
A rather big overhaul and cleanup.

1 - curl wouldn't properly detect and reject globbing that ended with an
open brace if there were brackets or braces before it. Like "{}{" or
"[0-1]{"

2 - curl wouldn't properly reject empty lists so that "{}{}" would
result in curl getting (nil) strings in the output.

3 - By using strtoul() instead of sscanf() the code will now detected
over and underflows. It now also better parses the step argument to only
accept positive numbers and only step counters that is smaller than the
delta between the maximum and minimum numbers.

4 - By switching to unsigned longs instead of signed ints for the
counters, the max values for []-ranges are now very large (on 64bit
machines).

5 - Bumped the maximum number of globs in a single URL to 100 (from 10)

6 - Simplified the code somewhat and now it stores fixed strings as
single- entry lists. That's also one of the reasons why I did (5) as now
all strings between "globs" will take a slot in the array.

Added test 1234 and 1235 to verify. Updated test 87.

This commit fixes three separate bug reports.

Bug: http://curl.haxx.se/bug/view.cgi?id=1264
Bug: http://curl.haxx.se/bug/view.cgi?id=1265
Bug: http://curl.haxx.se/bug/view.cgi?id=1266
Reported-by: Will Dietz
2013-08-16 11:52:08 +02:00
Tor Arntsen
6972335f50 tests 2032, 2033: Don't hardcode port in expected output 2013-08-15 10:55:44 +02:00
Fabian Keil
a64bca68c7 test1228: add 'HTTP proxy' to the keywords 2013-08-11 19:56:23 +02:00
Fabian Keil
67633e1308 tests: add keywords for a couple of FILE tests 2013-08-11 19:56:14 +02:00
Fabian Keil
715ca7c5fe tests: add 'FAILURE' keywords to tests 1409 and 1410 2013-08-11 19:56:11 +02:00
Fabian Keil
001758760b tests: add keywords for a couple of HTTP tests 2013-08-11 19:56:05 +02:00
Fabian Keil
2f06265e39 tests: add keywords for a couple of FTP tests 2013-08-11 19:56:01 +02:00
Fabian Keil
432431368f test1511: consistently terminate headers with CRLF 2013-08-11 19:55:44 +02:00
Daniel Stenberg
4b0028f82d DISABLED: shut of test 1512 for now
It shows intermittent failures and I haven't been able to track them
down yet. Disable this test for now.
2013-08-10 23:55:10 +02:00
Daniel Stenberg
d2b36e466a global dns cache: didn't work [regression]
CURLOPT_DNS_USE_GLOBAL_CACHE broke in commit c43127414d (been
broken since the libcurl 7.29.0 release). While this option has been
documented as deprecated for almost a decade and nobody even reported
this bug, it should remain functional.

Added test case 1512 to verify
2013-08-08 16:28:46 +02:00
Daniel Stenberg
7cc00d9a83 FTP: when EPSV gets a 229 but fails to connect, retry with PASV
This is a regression as this logic used to work. It isn't clear when it
broke, but I'm assuming in 7.28.0 when we went all-multi internally.

This likely never worked with the multi interface. As the failed
connection is detected once the multi state has reached DO_MORE, the
Curl_do_more() function was now expanded somewhat so that the
ftp_do_more() function can request to go "back" to the previous state
when it makes another attempt - using PASV.

Added test case 1233 to verify this fix. It has the little issue that it
assumes no service is listening/accepting connections on port 1...

Reported-by: byte_bucket in the #curl IRC channel
2013-08-06 09:57:59 +02:00
Daniel Stenberg
0ddc678927 formadd: wrong pointer for file name when CURLFORM_BUFFERPTR used
The internal function that's used to detect known file extensions for
the default Content-Type got the the wrong pointer passed in when
CURLFORM_BUFFER + CURLFORM_BUFFERPTR were used. This had the effect that
strlen() would be used which could lead to an out-of-bounds read (and
thus segfault). In most cases it would only lead to it not finding or
using the correct default content-type.

It also showed that test 554 and test 587 were testing for the
previous/wrong behavior and now they're updated as well.

Bug: http://curl.haxx.se/bug/view.cgi?id=1262
Reported-by: Konstantin Isakov
2013-08-04 23:32:36 +02:00
Fabian Keil
d020e2c381 tests: test1232 verifies dotdot removal from path with proxy 2013-07-23 20:51:15 +02:00
Daniel Stenberg
1016637f5a test1414: FTP PORT download without SIZE support 2013-07-16 22:54:31 +02:00
Yang Tse
c983aa9efc test 1511: fix enumerated type mixed with another type 2013-07-11 17:01:02 +02:00
Daniel Stenberg
365c5ba395 formpost: better random boundaries
When doing multi-part formposts, libcurl used a pseudo-random value that
was seeded with time(). This turns out to be bad for users who formpost
data that is provided with users who then can guess how the boundary
string will look like and then they can forge a different formpost part
and trick the receiver.

My advice to such implementors is (still even after this change) to not
rely on the boundary strings being cryptographically strong. Fix your
code and logic to not depend on them that much!

I moved the Curl_rand() function into the sslgen.c source file now to be
able to take advantage of the SSL library's random function if it
provides one. If not, try to use the RANDOM_FILE for seeding and as a
last resort keep the old logic, just modified to also add microseconds
which makes it harder to properly guess the exact seed.

The formboundary() function in formdata.c is now using 64 bit entropy
for the boundary and therefore the string of dashes was reduced by 4
letters and there are 16 hex digits following it. The total length is
thus still the same.

Bug: http://curl.haxx.se/bug/view.cgi?id=1251
Reported-by: "Floris"
2013-06-25 09:55:49 +02:00
Daniel Stenberg
d3d5c4a40e tests: add test1395 to the tarball 2013-06-24 09:25:58 +02:00
Daniel Stenberg
6fab0bd9f1 test1396: invoke the correct test tool!
This erroneously run unit test 1310 instead of 1396!
2013-06-22 22:20:31 +02:00
Kamil Dudka
02964ed630 test1230: avoid using hard-wired port number
... to prevent failure when a non-default -b option is given
2013-06-22 22:12:49 +02:00
Daniel Stenberg
7877619f85 dotdot: introducing dot file path cleanup
RFC3986 details how a path part passed in as part of a URI should be
"cleaned" from dot sequences before getting used. The described
algorithm is now implemented in lib/dotdot.c with the accompanied test
case in test 1395.

Bug: http://curl.haxx.se/bug/view.cgi?id=1200
Reported-by: Alex Vinnik
2013-06-22 14:15:07 +02:00
Daniel Stenberg
0de7249bb3 unit1396: unit tests to verify curl_easy_(un)escape 2013-06-22 11:21:35 +02:00
Benjamin Gilbert
03a3dd9ee3 test506: verify that CURLOPT_COOKIELIST takes share lock
It doesn't right now: http://curl.haxx.se/bug/view.cgi?id=1215
2013-06-17 23:28:35 +02:00
YAMADA Yasuharu
f24dc09d20 cookies: follow-up fix for path checking
The initial fix to only compare full path names were done in commit
04f52e9b4d but found out to be incomplete. This takes should make the
change more complete and there's now two additional tests to verify
(test 31 and 62).
2013-06-12 11:19:56 +02:00
Eric Hu
8026bd7abd test2033: requires NTLM support 2013-06-12 10:34:10 +02:00
Daniel Stenberg
51b3445e84 test1230: verify CONNECT to a numerical ipv6-address 2013-06-04 22:52:13 +02:00
Daniel Stenberg
ac419bf562 Digest auth: escape user names with \ or " in them
When sending the HTTP Authorization: header for digest, the user name
needs to be escaped if it contains a double-quote or backslash.

Test 1229 was added to verify

Reported and fixed by: Nach M. S
Bug: http://curl.haxx.se/bug/view.cgi?id=1230
2013-05-27 19:45:12 +02:00
Daniel Stenberg
fc4759af9d tests: add test1394 file to the tarball 2013-05-19 12:44:44 +02:00
YAMADA Yasuharu
04f52e9b4d cookies: only consider full path matches
I found a bug which cURL sends cookies to the path not to aim at.
For example:
- cURL sends a request to http://example.fake/hoge/
- server returns cookie which with path=/hoge;
  the point is there is NOT the '/' end of path string.
- cURL sends a request to http://example.fake/hogege/ with the cookie.

The reason for this old "feature" is because that behavior is what is
described in the original netscape cookie spec:
http://curl.haxx.se/rfc/cookie_spec.html

The current cookie spec (RFC6265) clarifies the situation:
http://tools.ietf.org/html/rfc6265#section-5.2.4
2013-05-18 22:54:48 +02:00
Steve Holme
6add1901a1 tests: Added new SMTP tests to verify commit 99b4045183 2013-05-07 22:52:43 +02:00
Kamil Dudka
bcf1b9dec1 unit1394.c: plug the curl tool unit test in 2013-05-06 15:03:13 +02:00
Steve Holme
99b4045183 smtp: Fixed sending of double CRLF caused by first in EOB
If the mail sent during the transfer contains a terminating <CRLF> then
we should not send the first <CRLF> of the EOB as specified in RFC-5321.

Additionally don't send the <CRLF> if there is "no mail data" as the
DATA command already includes it.
2013-05-04 10:00:33 +01:00
Steve Holme
087f9bb20a tests: Corrected MAIL SIZE for CRLF line endings
... which was missed in commit: f5c3d95384
2013-05-03 20:08:21 +01:00
Steve Holme
e2c7e19144 tests: Corrected infilesize for CRLF line endings
... which was missed in commit: f5c3d95384
2013-05-03 18:27:06 +01:00
Steve Holme
f5c3d95384 tests: Corrected test1406 to be RFC2821 compliant 2013-05-03 18:22:18 +01:00