1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 16:18:48 -05:00
Commit Graph

1549 Commits

Author SHA1 Message Date
Daniel Stenberg
aadb7c7b62 URL: return error on malformed URLs with junk after port number
... because it causes confusion with users. Example URLs:

"http://[127.0.0.1]:11211:80" which a lot of languages' URL parsers will
parse and claim uses port number 80, while libcurl would use port number
11211.

"http://user@example.com:80@localhost" which by the WHATWG URL spec will
be treated to contain user name 'user@example.com' but according to
RFC3986 is user name 'user' for the host 'example.com' and then port 80
is followed by "@localhost"

Both these formats are now rejected, and verified so in test 1260.

Reported-by: Orange Tsai
2017-03-06 16:08:21 +01:00
Dan Fandrich
97a04145ef tests: fixed a typo in some comments 2017-03-04 12:50:30 +01:00
Dan Fandrich
c6ddb606d8 tests: use consistent environment variables for setting charset
The character set in POSIX is set by the locale defined by (in
decreasing order of precedence) the LC_ALL, LC_CTYPE and LANG
environment variables (CHARSET was used by libidn but not libidn2).
LC_ALL is cleared to ensure that LC_CTYPE takes effect, but LC_ALL is
not used to set the locale to ensure that other parts of the locale
aren't overridden.  Since there doesn't seem to be a cross-platform way
of specifying a UTF-8 locale, and not all systems may support UTF-8, a
<precheck> is used to skip the test if UTF-8 can't be verified to be
available.  Test 1035 was also converted to UTF-8 for consistency, as
the actual character set used there is irrelevant to the test.

This patch uses a different UTF-8 locale than the last attempt, namely
en_US.UTF-8. This one has been verified on 7 different Linux and BSD
distributions and is more complete and usable than the locale UTF-8 (on
at least some systems).
2017-02-25 15:33:29 +01:00
Dan Fandrich
832b0105f2 test557: explicitly use the C locale so the numeric output is as expected 2017-02-25 12:05:28 +01:00
Daniel Stenberg
13314ffd65 Revert "tests: use consistent environment variables for setting charset"
This reverts commit ecd1d020ab.

That commit caused test failures on my Debian Linux machine for all
changed test cases. We need to reconsider how that should get done.
2017-02-24 08:41:36 +01:00
Dan Fandrich
ecd1d020ab tests: use consistent environment variables for setting charset
Character set in POSIX is set by the locale defined (in decreasing order
of precedence) by the LC_ALL, LC_CTYPE and LANG environment variables (I
believe CHARSET is only historic). LC_ALL is cleared to ensure that
LC_CTYPE takes effect, but LC_ALL is not used to set the locale to
ensure that other parts of the locale aren't overriden, if set.  Since
there doesn't seem to be a cross-platform way of specifying a UTF-8
locale, and not all systems may support UTF-8, a <precheck> is used
(where relevant) to skip the test if UTF-8 isn't in use.  Test 1035 was
also converted to UTF-8 for consistency, as the actual character set
used there is irrelevant to the test.
2017-02-23 23:14:00 +01:00
İsmail Dönmez
2bfe55037f tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047
Closes #1283
Fixes #1277
2017-02-23 11:02:59 +01:00
Max Khon
f77dabefd8 digest_sspi: Fix nonce-count generation in HTTP digest
- on the first invocation: keep security context returned by
  InitializeSecurityContext()

- on subsequent invocations: use MakeSignature() instead of
  InitializeSecurityContext() to generate HTTP digest response

Bug: https://github.com/curl/curl/issues/870
Reported-by: Andreas Roth

Closes https://github.com/curl/curl/pull/1251
2017-02-20 00:53:01 -05:00
Dan Fandrich
f45de0e87c tests: removed the obsolete name parameter 2017-02-18 22:19:44 +01:00
Michael Kaufmann
2f8d0df085 proxy: fix hostname resolution and IDN conversion
Properly resolve, convert and log the proxy host names.
Support the "--connect-to" feature for SOCKS proxies and for passive FTP
data transfers.

Follow-up to cb4e2be

Reported-by: Jay Satiro
Fixes https://github.com/curl/curl/issues/1248
2017-02-18 15:04:43 +01:00
Isaac Boukris
13e3a18b34 http: fix missing 'Content-Length: 0' while negotiating auth
- While negotiating auth during PUT/POST if a user-specified
  Content-Length header is set send 'Content-Length: 0'.

This is what we do already in HTTPREQ_POST_FORM and what we did in the
HTTPREQ_POST case (regression since afd288b).

Prior to this change no Content-Length header would be sent in such a
case.

Bug: https://curl.haxx.se/mail/lib-2017-02/0006.html
Reported-by: Dominik Hölzl

Closes https://github.com/curl/curl/pull/1242
2017-02-17 02:32:16 -05:00
Jay Satiro
7a9f5748bc tool_urlglob: Allow a glob range with the same start and stop
For example allow ranges like [1-1] and [a-a] etc.

Regression since 5ca96cb.

Bug: https://github.com/curl/curl/issues/1238
Reported-by: R. Dennis Steed
2017-02-15 02:31:09 -05:00
Daniel Stenberg
c5c4e816b4 URL: only accept ";options" in SMTP/POP3/IMAP URL schemes
Fixes #1252
2017-02-10 14:51:53 +01:00
Dan Fandrich
3cc2229c13 test1139: Added the --manual keyword since the manual is required 2017-02-07 18:49:50 +01:00
Daniel Gustafsson
e695b070a5 test552: Fix typos
Closes https://github.com/curl/curl/pull/1245
2017-02-07 02:39:15 -05:00
Dan Fandrich
edb2d02855 cmdline-opts: Fixed build and test in out of source tree builds 2017-02-06 23:37:05 +01:00
Daniel Stenberg
cbd4e1fa0d cookies: do not assume a valid domain has a dot
This repairs cookies for localhost.

Non-PSL builds will now only accept "localhost" without dots, while PSL
builds okeys everything not listed as PSL.

Added test 1258 to verify.

This was a regression brought in a76825a5ef
2017-01-27 13:32:02 +01:00
Alessandro Ghedini
9ad034e5a1 http2: disable server push if not requested
Ref: https://github.com/curl/curl/pull/1160
2017-01-15 11:45:32 +00:00
ERAMOTO Masaya
2ac1942c72 url: --noproxy option overrides NO_PROXY environment variable
Under condition using http_proxy env var, noproxy list was the
combination of --noproxy option and NO_PROXY env var previously. Since
this commit, --noproxy option overrides NO_PROXY environment variable
even if use http_proxy env var.

Closes #1140
2017-01-13 11:18:29 +01:00
ERAMOTO Masaya
1b57557882 url: Fix NO_PROXY env var to work properly with --proxy option.
The combination of --noproxy option and http_proxy env var works well
both for proxied hosts and non-proxied hosts.

However, when combining NO_PROXY env var with --proxy option,
non-proxied hosts are not reachable while proxied host is OK.

This patch allows us to access non-proxied hosts even if using NO_PROXY
env var with --proxy option.
2017-01-13 11:18:11 +01:00
Jay Satiro
1d4202ade6 url: Fix parsing for when 'file' is the default protocol
Follow-up to 3463408.

Prior to 3463408 file:// hostnames were silently stripped.

Prior to this commit it did not work when a schemeless url was used with
file as the default protocol.

Ref: https://curl.haxx.se/mail/lib-2016-11/0081.html
Closes https://github.com/curl/curl/pull/1124

Also fix for drive letters:

- Support --proto-default file c:/foo/bar.txt

- Support file://c:/foo/bar.txt

- Fail when a file:// drive letter is detected and not MSDOS/Windows.

Bug: https://github.com/curl/curl/issues/1187
Reported-by: Anatol Belski
Assisted-by: Anatol Belski
2017-01-12 15:37:11 -05:00
Daniel Stenberg
913312f414 test1282: verify the ftp-gss check 2016-12-24 23:35:54 +01:00
Daniel Stenberg
3ab3c16db6 printf: fix floating point buffer overflow issues
... and add a bunch of floating point printf tests
2016-12-19 07:53:20 +01:00
Michael Kaufmann
afff64dbcd curl_easy_recv: Improve documentation and example program
Follow-up to 82245ea: Fix the example program sendrecv.c (handle
CURLE_AGAIN, handle incomplete send). Improve the documentation
for curl_easy_recv() and curl_easy_send().

Reviewed-by: Frank Meier
Assisted-by: Jay Satiro

See https://github.com/curl/curl/pull/1134
2016-12-18 12:56:23 +01:00
Dan Fandrich
dacfecb7b6 test2032: Mark test as flaky 2016-12-05 21:38:15 +01:00
Dan Fandrich
7117a9a6c6 test1281: added http as a required feature 2016-12-02 15:17:47 +01:00
Daniel Stenberg
cee0fb3247 curl: support zero-length argument strings in config files
... like 'user-agent = ""'

Adjusted test 71 to verify.
2016-12-02 11:25:35 +01:00
Daniel Stenberg
3b77aa6b28 tests: fix CONNECT test cases to be more strict
... as they broke with the cleaned up CONNECT handling
2016-12-01 16:18:52 +01:00
Daniel Stenberg
c50b878c15 CONNECT: reject TE or CL in 2xx responses
A server MUST NOT send any Transfer-Encoding or Content-Length header
fields in a 2xx (Successful) response to CONNECT. (RFC 7231 section
4.3.6)

Also fixes the three test cases that did this.
2016-12-01 16:18:36 +01:00
Daniel Stenberg
aab33215af URL parser: reject non-numerical port numbers
Test 1281 added to verify
2016-12-01 10:36:37 +01:00
Michael Kaufmann
b34ea05d9d CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries properly
If a port number in a "connect-to" entry does not match, skip this
entry instead of connecting to port 0.

If a port number in a "connect-to" entry matches, use this entry
and look no further.

Reported-by: Jay Satiro
Assisted-by: Jay Satiro, Daniel Stenberg

Closes #1148
2016-11-30 12:02:44 +01:00
Frank Gevaerts
e38fe7abbf tests: Add some testcases for recent new features.
Add missing tests for CURLINFO_SCHEME, CURLINFO_PROTOCOL, %{scheme},
and %{http_version}

closes #1143
2016-11-26 17:04:55 +01:00
Jay Satiro
c34fa31f3a test1135: Fix curl_easy_duphandle prototype for code style
Follow-up to dbadaeb which changed the style.
2016-11-24 19:52:36 -05:00
Jay Satiro
2ece147cc2 tests: Fix HTTP2-Settings header for huge window size
Follow-up to a4d8888. Changing the window size in that commit resulted
in a different HTTP2-Settings upgrade header, causing test 1800 to fail.
2016-11-17 01:04:00 -05:00
Daniel Stenberg
8c630ef059 glob: fix [a-c] globbing regression
Brought in ee4f76606c

Added test case 1280 to verify

Reported-by: Dave Reisner

Bug: ee4f76606c (commitcomment-19823146)
2016-11-15 08:22:54 +01:00
Daniel Stenberg
f82bbe01c8 curl: add --fail-early
Exit with an error on the first transfer error instead of continuing to
do the rest of the URLs.

Discussion: https://curl.haxx.se/mail/archive-2016-11/0038.html
2016-11-14 08:35:40 +01:00
Daniel Stenberg
8c15e0de6f test558: adapt to 0649433da 2016-11-11 15:32:07 +01:00
Daniel Stenberg
27302abb94 s/cURL/curl
We're mostly saying just "curl" in lower case these days so here's a big
cleanup to adapt to this reality. A few instances are left as the
project could still formally be considered called cURL.
2016-11-07 10:36:23 +01:00
Jay Satiro
4564636781 easy: Initialize info variables on easy init and duphandle
- Call Curl_initinfo on init and duphandle.

Prior to this change the statistical and informational variables were
simply zeroed by calloc on easy init and duphandle. While zero is the
correct default value for almost all info variables, there is one where
it isn't (filetime initializes to -1).

Bug: https://github.com/curl/curl/issues/1103
Reported-by: Neal Poole
2016-11-05 23:06:28 -04:00
Daniel Stenberg
44c53cc38b strcase: s/strequal/strcasecompare
some more follow-ups to 811a693b80
2016-10-31 09:37:54 +01:00
Daniel Stenberg
ad16f89791 test165: adapted to the libidn2 use and IDNA2008 fix 2016-10-31 08:46:35 +01:00
Daniel Stenberg
96a80b5a26 parsedate: handle cut off numbers better
... and don't read outside of the given buffer!

CVE-2016-8621

bug: https://curl.haxx.se/docs/adv_20161102G.html
Reported-by: Luật Nguyễn
2016-10-31 08:46:35 +01:00
Daniel Stenberg
42b650b9ea test1246: verify URL parsing with host name ending with '#' 2016-10-31 08:46:35 +01:00
Daniel Stenberg
f36f8c1455 test14xx: fixed --libcurl output tests again after 8e8afa82cb 2016-10-18 14:15:03 +02:00
Sergei Kuzmin
54e48b14e1 cookies: same domain handling changed to match browser behavior
Cokie with the same domain but different tailmatching property are now
considered different and do not replace each other.  If header contains
following lines then two cookies will be set: Set-Cookie: foo=bar;
domain=.foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 Set-Cookie: foo=baz;
domain=foo.com; expires=Thu Mar 3 GMT 8:56:27 2033

This matches Chrome, Opera, Safari, and Firefox behavior. When sending
stored tokens to foo.com Chrome, Opera, Firefox store send them in the
stored order, while Safari pre-sort the cookies.

Closes #1050
2016-10-03 16:49:35 +02:00
Michael Kaufmann
e9e5366193 New libcurl option to keep sending on error
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether
sending the request body shall be completed when the server responds
early with an error status code.

This is suitable for manual NTLM authentication.

Reviewed-by: Jay Satiro

Closes https://github.com/curl/curl/pull/904
2016-09-22 22:22:31 +02:00
Jay Satiro
36e53ec6ff docs: Remove that --proto is just used for initial retrieval
.. and add that --proto-redir and CURLOPT_REDIR_PROTOCOLS do not
override protocols denied by --proto and CURLOPT_PROTOCOLS.

- Add a test to enforce: --proto deny must override --proto-redir allow

Closes https://github.com/curl/curl/pull/1031
2016-09-21 17:23:24 -04:00
Jay Satiro
22cfeac730 easy: Reset all statistical session info in curl_easy_reset
Bug: https://github.com/curl/curl/issues/1017
Reported-by: Jeroen Ooms
2016-09-20 01:14:01 -04:00
Jay Satiro
19445f35ba test2048: fix url 2016-09-18 15:33:15 -04:00
Daniel Stenberg
8dcc074f36 test1605: verify negative input lengths to (un)escape functions 2016-09-14 07:49:43 +02:00