1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-10 11:35:07 -05:00
Commit Graph

3806 Commits

Author SHA1 Message Date
Daniel Stenberg
8392a0cf61
cookie: fix memory leak if path was set twice in header
... this will let the second occurance override the first.

Added test 1161 to verify.

Reported-by: Max Dymond
Fixes #1932
Closes #1933
2017-09-30 23:40:50 +02:00
Dan Fandrich
cecffff561 test650: Use variable replacement to set the host address and port
Otherwise, the test fails when the -b test option is used to set a
different test port range.
2017-09-30 02:10:54 +02:00
Dan Fandrich
df7839b68c Set and use more necessary options when some protocols are disabled
When curl and libcurl are built with some protocols disabled, they stop
setting and receiving some options that don't make sense with those
protocols.  In particular, when HTTP is disabled many options aren't set
that are used only by HTTP.  However, some options that appear to be
HTTP-only are actually used by other protocols as well (some despite
having HTTP in the name) and should be set, but weren't. This change now
causes some of these options to be set and used for more (or for all)
protocols. In particular, this fixes tests 646 through 649 in an
HTTP-disabled build, which use the MIME API in the mail protocols.
2017-09-30 02:10:54 +02:00
Daniel Stenberg
a352e21c0b
test1160: verifies cookie leak for large cookies
The fix done in 20ea22ff73
2017-09-29 12:06:57 +02:00
Michael Kaufmann
eac324f284 http: add custom empty headers to repeated requests
Closes #1920
2017-09-28 21:25:22 +02:00
Michael Kaufmann
d8ab5dc50e tests: adjust .gitignore for new tests 2017-09-24 13:31:17 +02:00
Michael Kaufmann
b6a90bca33 tests: fix a compiler warning in test 643 2017-09-23 14:49:59 +02:00
Daniel Stenberg
3b05f79ef8
imap: quote atoms properly when escaping characters
Updates test 800 to verify

Fixes #1902
Closes #1903
2017-09-22 14:43:37 +02:00
Daniel Stenberg
a4db3f7046
tests: make the imap server not verify user+password
... as the test cases themselves do that and it makes it easier to add
crazy test cases.

Test 800 updated to use user name + password that need quoting.

Test 856 updated to trigger an auth fail differently.

Ref: #1902
2017-09-22 14:43:33 +02:00
Patrick Monnerat
ee56fdb691 form/mime: field names are not allowed to contain zero-valued bytes.
Also suppress length argument of curl_mime_name() (names are always
zero-terminated).
2017-09-22 01:08:29 +01:00
Pavel P
5fe85587cc
cookies: use lock when using CURLINFO_COOKIELIST
Closes #1896
2017-09-19 23:48:48 +02:00
Max Dymond
c73ebb8537
ossfuzz: changes before merging the generated corpora
Before merging in the oss-fuzz corpora from Google, there are some changes
to the fuzzer.
- Add a read corpus script, to display corpus files nicely.
- Change the behaviour of the fuzzer so that TLV parse failures all now
  go down the same execution paths, which should reduce the size of the
  corpora.
- Make unknown TLVs a failure to parse, which should decrease the size
  of the corpora as well.

Closes #1881
2017-09-18 23:23:13 +02:00
Max Dymond
e239eda39e
ossfuzz: don't write out to stdout
Don't make the fuzzer write out to stdout - instead write some of the
contents to a memory block so we exercise the data output code but
quietly.

Closes #1885
2017-09-18 22:58:39 +02:00
Daniel Stenberg
2bc230de63
cookies: reject oversized cookies
... instead of truncating them.

There's no fixed limit for acceptable cookie names in RFC 6265, but the
entire cookie is said to be less than 4096 bytes (section 6.1). This is
also what browsers seem to implement.

We now allow max 5000 bytes cookie header. Max 4095 bytes length per
cookie name and value. Name + value together may not exceed 4096 bytes.

Added test 1151 to verify

Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html
Reported-by: Kevin Smith

Closes #1894
2017-09-18 22:55:50 +02:00
Daniel Stenberg
452c906dfd
server/getpart: provide dummy function to build conversion enabled 2017-09-15 16:57:59 +02:00
Isaac Boukris
56d949d31a
tests: add initial gssapi test using stub implementation
The stub implementation is pre-loaded using LD_PRELOAD
and emulates common gssapi uses (only builds if curl is
initially built with gssapi support).

The initial tests are currently disabled for debug builds
as LD_PRELOAD is not used then.

Ref: https://github.com/curl/curl/pull/1687
2017-09-15 14:09:08 +02:00
Daniel Stenberg
65872efea7
test1150: verify same host fetch using different ports over proxy
Closes #1889
2017-09-15 08:13:37 +02:00
Daniel Stenberg
20acb58a38
code style: use space after semicolon 2017-09-12 09:50:24 +02:00
Daniel Stenberg
e5743f08e7
code style: use spaces around pluses 2017-09-11 09:29:50 +02:00
Daniel Stenberg
6b84438d9a
code style: use spaces around equals signs 2017-09-11 09:29:50 +02:00
Daniel Stenberg
a14f7152ce
rtsp: do not call fwrite() with NULL pointer FILE *
If the default write callback is used and no destination has been set, a
NULL pointer would be passed to fwrite()'s 4th argument.

OSS-fuzz bug https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3327
(not publicly open yet)

Detected by OSS-fuzz
Closes #1874
2017-09-08 23:56:02 +02:00
Max Dymond
261da2a668 ossfuzz: add some more handled CURL options
Add support for HEADER, COOKIE, RANGE, CUSTOMREQUEST, MAIL_RECIPIENT,
MAIL_FROM and uploading data.
2017-09-08 15:00:55 +02:00
Patrick Monnerat
3620e569b3 form API: add new test 650.
Now that the form API is deprecated and not used anymore in curl tool,
a lot of its features left untested. Test 650 attempts to check all these
features not tested elsewhere.
2017-09-07 19:11:02 +01:00
Patrick Monnerat
63ef436ea1 mime: implement encoders.
curl_mime_encoder() is operational and documented.
curl tool -F option is extended with ";encoder=".
curl tool --libcurl option generates calls to curl_mime_encoder().
New encoder tests 648 & 649.
Test 1404 extended with an encoder specification.
2017-09-05 17:55:51 +01:00
Patrick Monnerat
3bbe894fd2 runtests.pl: support attribute "nonewline" in part verify/upload. 2017-09-05 17:33:16 +01:00
Daniel Stenberg
328ce03d53 fixup data/test1135 2017-09-05 17:33:16 +01:00
Daniel Stenberg
3130414ce7
http-proxy: treat all 2xx as CONNECT success
Added test 1904 to verify.

Reported-by: Lawrence Wagerfield
Fixes #1859
Closes #1860
2017-09-05 09:47:46 +02:00
Daniel Stenberg
4ed618c023
test1135: fixed after bd8070085f 2017-09-04 11:44:42 +02:00
Patrick Monnerat
1ab9e9b50a lib: bump version info (soname). Adapt and reenable test 1135. 2017-09-04 00:35:53 +01:00
Patrick Monnerat
7e36b30da8 mime: fix signed/unsigned conversions.
Use and generate CURL_ZERO_TERMINATED in curl tool and tests.
2017-09-03 17:51:18 +01:00
Patrick Monnerat
1a3f4c1991 mime: remove support "-" stdin pseudo-file name in curl_mime_filedata().
This feature is badly supported in Windows: as a replacement, a caller has
to use curl_mime_data_cb() with fread, fseek and possibly fclose
callbacks to process opened files.

The cli tool and documentation are updated accordingly.

The feature is however kept internally for form API compatibility, with
the known caveats it always had.

As a side effect, stdin size is not determined by the cli tool even if
possible and this results in a chunked transfer encoding. Test 173 is
updated accordingly.
2017-09-03 14:45:43 +01:00
Patrick Monnerat
3baf36edf6 mime: tests and examples.
Additional mime-specific tests.
Existing tests updated to reflect small differences (Expect: 100-continue,
data size change due to empty lines, etc).
Option -F headers= keyword added to tests.
test1135 disabled until the entry point order change is resolved.
New example smtp-mime.
Examples postit2 and multi-post converted from form API to mime API.
2017-09-02 19:08:45 +01:00
Patrick Monnerat
ce0881edee mime: new MIME API.
Available in HTTP, SMTP and IMAP.
Deprecates the FORM API.
See CURLOPT_MIMEPOST.
Lib code and associated documentation.
2017-09-02 17:47:10 +01:00
Patrick Monnerat
5bae72734b test564: Add a warning comment about shell profile output.
Shell profile output makes the SSH server failing and this problem reason
is not easy to find when no hint is given.
2017-09-02 13:01:15 +01:00
Patrick Monnerat
989e4d4a31 runtests.pl: allow <file[1-4]> tags in client section.
This enables tests to create more than one file on the client side.
2017-09-02 12:57:13 +01:00
Patrick Monnerat
f0cda34145 runtests.pl: Apply strippart to upload too.
This will allow substitution of boundaries in mail messages.
2017-09-02 12:55:28 +01:00
Max Dymond
57001ce3bb ossfuzz: Move to C++ for curl_fuzzer.
Automake gets confused if you want to use C++ static libraries with C
code - basically we need to involve the clang++ linker. The easiest way
of achieving this is to rename the C code as C++ code. This gets us a
bit further along the path and ought to be compatible with Google's
version of clang.
2017-09-02 11:07:55 +02:00
Max Dymond
1cf323ec4e
ossfuzz: additional seed corpora
Create simple seed corpora for:
- FTP
- telnet
- dict
- tftp
- imap
- pop3

based off the tests of the same number.

Closes #1842
2017-09-01 11:23:07 +02:00
Max Dymond
efeb4a3176
ossfuzz: moving towards the ideal integration
- Start with the basic code from the ossfuzz project.
- Rewrite fuzz corpora to be binary files full of Type-Length-Value
  data, and write a glue layer in the fuzzing function to convert
  corpora into CURL options.
- Have supporting functions to generate corpora from existing tests
- Integrate with Makefile.am
2017-09-01 11:22:51 +02:00
Daniel Stenberg
529f056809
unit1301: fix error message on first test 2017-08-31 11:37:13 +02:00
Dan Fandrich
82604c5007 unit1606: Fixed shadowed variable warning 2017-08-28 23:55:55 +02:00
Johannes Schindelin
1328f69d53
vtls: introduce curl_global_sslset()
Let's add a compile time safe API to select an SSL backend. This
function needs to be called *before* curl_global_init(), and can be
called only once.

Side note: we do not explicitly test that it is called before
curl_global_init(), but we do verify that it is not called multiple times
(even implicitly).

If SSL is used before the function was called, it will use whatever the
CURL_SSL_BACKEND environment variable says (or default to the first
available SSL backend), and if a subsequent call to
curl_global_sslset() disagrees with the previous choice, it will fail
with CURLSSLSET_TOO_LATE.

The function also accepts an "avail" parameter to point to a (read-only)
NULL-terminated list of available backends. This comes in real handy if
an application wants to let the user choose between whatever SSL backends
the currently available libcurl has to offer: simply call

	curl_global_sslset(-1, NULL, &avail);

which will return CURLSSLSET_UNKNOWN_BACKEND and populate the avail
variable to point to the relevant information to present to the user.

Just like with the HTTP/2 push functions, we have to add the function
declaration of curl_global_sslset() function to the header file
*multi.h* because VMS and OS/400 require a stable order of functions
declared in include/curl/*.h (where the header files are sorted
alphabetically). This looks a bit funny, but it cannot be helped.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-08-28 14:56:59 +02:00
Dan Fandrich
d7d0c9d953 tests: Make sure libtests & unittests call curl_global_cleanup()
These were missed in commit c468c27b.
2017-08-26 22:01:42 +02:00
Daniel Stenberg
3e1245504b
fuzz/Makefile.am: remove curlbuild.h leftovers 2017-08-25 11:01:07 +02:00
Daniel Stenberg
befaa7b14f
imap: support PREAUTH
It is a defined possible greeting at server startup that means the
connection is already authenticated. See
https://tools.ietf.org/html/rfc3501#section-7.1.4

Test 846 added to verify.

Fixes #1818
Closes #1820
2017-08-23 23:58:49 +02:00
Dan Fandrich
78a6d917c5 test1453: Fixed <features> 2017-08-23 09:03:13 +02:00
Even Rouault
16c71fafb9
tftp: fix memory leak on too long filename
Fixes

$ valgrind --leak-check=full ~/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz

==9752== Memcheck, a memory error detector
==9752== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==9752== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==9752== Command: /home/even/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz
==9752==
curl: (71) TFTP file name too long

==9752==
==9752== HEAP SUMMARY:
==9752== 505 bytes in 1 blocks are definitely lost in loss record 11 of 11
==9752==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9752==    by 0x4E61CED: Curl_urldecode (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E75868: tftp_state_machine (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E761B6: tftp_do (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E711B6: multi_runsingle (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E71D00: curl_multi_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E6950D: curl_easy_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x40E0B7: operate_do (in /home/even/install-curl-git/bin/curl)
==9752==    by 0x40E849: operate (in /home/even/install-curl-git/bin/curl)
==9752==    by 0x402693: main (in /home/even/install-curl-git/bin/curl)

Fixes https://oss-fuzz.com/v2/testcase-detail/5232311106797568
Credit to OSS Fuzz

Closes #1808
2017-08-19 23:26:30 +02:00
Dan Fandrich
b9e22e9575 runtests: fixed case insensitive matching of keywords
Commit 5c2aac71 didn't work in the case of mixed-case keywords given on
the command-line.
2017-08-19 22:07:15 +02:00
Dan Fandrich
c468c27b5a tests: Make sure libtests call curl_global_cleanup()
This ensures that global data allocations are freed so Valgrind stays
happy. This was a problem with at least PolarSSL and mbedTLS.
2017-08-19 21:42:47 +02:00
Daniel Stenberg
ab2ef24d5d
lib557: no longer use CURL_SIZEOF_* defines 2017-08-17 10:27:00 +02:00