1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-25 17:48:48 -05:00
Commit Graph

4195 Commits

Author SHA1 Message Date
Daniel Stenberg
eab3c580f9
urlapi: verify the IPv6 numerical address
It needs to parse correctly. Otherwise it could be tricked into letting
through a-f using host names that libcurl would then resolve. Like
'[ab.be]'.

Reported-by: Thomas Vegas
Closes #4315
2019-09-10 11:32:12 +02:00
Daniel Stenberg
84ced9389e
Curl_addr2string: take an addrlen argument too
This allows the function to figure out if a unix domain socket has a
file name or not associated with it! When a socket is created with
socketpair(), as done in the fuzzer testing, the path struct member is
uninitialized and must not be accessed.

Bug: https://crbug.com/oss-fuzz/16699

Closes #4283
2019-08-31 11:41:56 +02:00
Daniel Stenberg
32d64b2e87
defines: avoid underscore-prefixed defines
Double-underscored or underscore plus uppercase letter at least.

... as they're claimed to be reserved.

Reported-by: patnyb on github

Fixes #4254
Closes #4255
2019-08-23 11:47:57 +02:00
Daniel Stenberg
68fab35c73
http: fix use of credentials from URL when using HTTP proxy
When a username and password are provided in the URL, they were wrongly
removed from the stored URL so that subsequent uses of the same URL
wouldn't find the crendentials. This made doing HTTP auth with multiple
connections (like Digest) mishave.

Regression from 46e164069d (7.62.0)

Test case 335 added to verify.

Reported-by: Mike Crowe

Fixes #4228
Closes #4229
2019-08-16 10:11:22 +02:00
Mike Crowe
a8ac1be705
tests: Replace outdated test case numbering documentation
Tests are no longer grouped by numeric range[1]. Let's stop saying that
and provide some alternative advice for numbering tests.

[1] https://curl.haxx.se/mail/lib-2019-08/0043.html

Closes #4227
2019-08-15 17:20:46 +02:00
Jay Satiro
dca6f73613 vauth: Use CURLE_AUTH_ERROR for auth function errors
- Add new error code CURLE_AUTH_ERROR.

Prior to this change auth function errors were signaled by
CURLE_OUT_OF_MEMORY and CURLE_RECV_ERROR, and neither one was
technically correct.

Ref: https://github.com/curl/curl/pull/3848

Co-authored-by: Dominik Hölzl

Closes https://github.com/curl/curl/pull/3864
2019-08-14 03:14:01 -04:00
Daniel Stenberg
db061571ef
http3: make connection reuse work
Closes #4204
2019-08-09 12:26:02 +02:00
Daniel Stenberg
6ee9e4bd47
cleanup: s/curl_debug/curl_dbg_debug in comments and docs
Leftovers from the function rename back in 76b6348949

Reported-by: Gisle Vanem
Bug: f3e0f071b1 (com)
mitcomment-34601751

Closes #4203
2019-08-08 16:01:00 +02:00
Daniel Stenberg
69b3ff5118
alt-svc: add protocol version selection masking
So that users can mask in/out specific HTTP versions when Alt-Svc is
used.

 - Removed "h2c" and updated test case accordingly
 - Changed how the altsvc struct is laid out
 - Added ifdefs to make the unittest run even in a quiche-tree

Closes #4201
2019-08-08 09:10:29 +02:00
Daniel Stenberg
f933449d3b
CURLINFO_RETRY_AFTER: parse the Retry-After header value
This is only the libcurl part that provides the information. There's no
user of the parsed value. This change includes three new tests for the
parser.

Ref: #3794
2019-08-07 14:45:39 +02:00
Jay Satiro
a44394eac5 tests: Fix the line endings for the SASL alt-auth tests
- Change data and protocol sections to CRLF line endings.

Prior to this change the tests would fail or hang, which is because
certain sections such as protocol require CRLF line endings.

Follow-up to grandparent commit which added the tests.

Ref: https://github.com/curl/curl/issues/3653
Ref: https://github.com/curl/curl/pull/3790

NOTE: This commit was cherry-picked and is part of a series of commits
that added the authzid feature for upcoming 7.66.0. The series was
temporarily reverted in db8ec1f so that it would not ship in a 7.65.x
patch release.

Closes https://github.com/curl/curl/pull/4186
2019-08-06 11:38:58 -04:00
Steve Holme
1e08a79258 curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
Ref: https://github.com/curl/curl/issues/3653
Ref: https://github.com/curl/curl/pull/3790

NOTE: This commit was cherry-picked and is part of a series of commits
that added the authzid feature for upcoming 7.66.0. The series was
temporarily reverted in db8ec1f so that it would not ship in a 7.65.x
patch release.

Closes https://github.com/curl/curl/pull/4186
2019-08-06 11:38:41 -04:00
Daniel Stenberg
02346abc32
curl_multi_poll: a sister to curl_multi_wait() that waits more
Repeatedly we see problems where using curl_multi_wait() is difficult or
just awkward because if it has no file descriptor to wait for
internally, it returns immediately and leaves it to the caller to wait
for a small amount of time in order to avoid occasional busy-looping.

This is often missed or misunderstood, leading to underperforming
applications.

This change introduces curl_multi_poll() as a replacement drop-in
function that accepts the exact same set of arguments. This function
works identically to curl_multi_wait() - EXCEPT - for the case when
there's nothing to wait for internally, as then this function will by
itself wait for a "suitable" short time before it returns. This
effectiely avoids all risks of busy-looping and should also make it less
likely that apps "over-wait".

This also changes the curl tool to use this funtion internally when
doing parallel transfers and changes curl_easy_perform() to use it
internally.

Closes #4163
2019-08-06 09:33:29 +02:00
Daniel Stenberg
a42b0957ab
http09: disable HTTP/0.9 by default in both tool and library
As the plan has been laid out in DEPRECATED. Update docs accordingly and
verify in test 1174. Now requires the option to be set to allow HTTP/0.9
responses.

Closes #4191
2019-08-06 00:08:14 +02:00
Daniel Stenberg
1132f43012
alt-svc: more liberal ALPN name parsing
Allow pretty much anything to be part of the ALPN identifier. In
particular minus, which is used for "h3-20" (in-progress HTTP/3
versions) etc.

Updated test 356.
Closes #4182
2019-08-03 21:54:00 +02:00
Kamil Dudka
4c187043c5 http_negotiate: improve handling of gss_init_sec_context() failures
If HTTPAUTH_GSSNEGOTIATE was used for a POST request and
gss_init_sec_context() failed, the POST request was sent
with empty body.  This commit also restores the original
behavior of `curl --fail --negotiate`, which was changed
by commit 6c60355323.

Add regression tests 2077 and 2078 to cover this.

Fixes #3992
Closes #4171
2019-08-01 16:21:41 +02:00
Daniel Stenberg
db0a0dfb0e
curl: cap the maximum allowed values for retry time arguments
... to avoid integer overflows later when multiplying with 1000 to
convert seconds to milliseconds.

Added test 1269 to verify.

Reported-by: Jason Lee
Closes #4166
2019-07-30 08:17:01 +02:00
Balazs Kovacsics
802aa5ae27
HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown
If using the read callback for HTTP_POST, and POSTFIELDSIZE is not set,
automatically add a Transfer-Encoding: chunked header, same as it is
already done for HTTP_PUT, HTTP_POST_FORM and HTTP_POST_MIME.  Update
test 1514 according to the new behaviour.

Closes #4138
2019-07-29 13:18:53 +02:00
Daniel Stenberg
b889408500
curl: support parallel transfers
This is done by making sure each individual transfer is first added to a
linked list as then they can be performed serially, or at will, in
parallel.

Closes #3804
2019-07-20 19:14:16 +02:00
Daniel Stenberg
647e726d78
test1173: make it also check all libcurl option man pages
... and adjust those that cause errors

Closes #4116
2019-07-16 12:38:42 +02:00
Daniel Stenberg
275b74a53d
dist: add manpage-syntax.pl
follow-up to 7fb66c403
2019-07-15 15:24:41 +02:00
Daniel Stenberg
7fb66c4034
test1173: detect some basic man page format mistakes
Triggered by PR #4111

Closes #4113
2019-07-15 15:23:24 +02:00
Linos Giannopoulos
797e549d0d
libcurl: Add testcase for gopher redirects
The testcase ensures that redirects to CURLPROTO_GOPHER won't be
allowed, by default, in the future. Also, curl is being used
for convenience while keeping the testcases DRY.

The expected error code is CURLE_UNSUPPORTED_PROTOCOL when the client is
redirected to CURLPROTO_GOPHER

Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr>
2019-07-14 16:30:28 +02:00
Peter Simonyi
855887af79
http: allow overriding timecond with custom header
With CURLOPT_TIMECONDITION set, a header is automatically added (e.g.
If-Modified-Since).  Allow this to be replaced or suppressed with
CURLOPT_HTTPHEADER.

Fixes #4103
Closes #4109
2019-07-14 16:17:15 +02:00
Daniel Stenberg
8b159d1fe9
test1521: adapt to SLISTPOINT
The header now has the slist-using options marked as SLISTPOINT so this
makes sure test 1521 understands that.

Follow-up to ae99b4de1c

Closes #4074
2019-06-25 21:51:44 +02:00
Stephan Szabo
35b8bea20f
tests: update fixed IP for hostip/clientip split
These tests give differences for me on linux when using a hostip
pointing to the external ip address for the local machine.

Closes #4070
2019-06-25 08:04:48 +02:00
Daniel Stenberg
1e9769639b
test153: fix content-length to avoid occasional hang
Closes #4065
2019-06-24 08:33:32 +02:00
Daniel Stenberg
8927d1c2b0
tests: add disable-scan.pl to dist
follow-up from 29177f422a

Closes #4059
2019-06-21 16:25:50 +02:00
Stephan Szabo
2aff76c571
tests: support non-localhost HOSTIP for dict/smb servers
smbserver.py/dictserver.py were explicitly using localhost/127.0.0.1 for
binding the server which when we were running the tests with a separate
HOSTIP and CLIENTIP had failures verifying the server from the device we
were testing.

This changes them to take the address from runtests.py and default to
localhost/127.0.0.1 if none is given.

Closes #4048
2019-06-20 08:33:13 +02:00
Daniel Stenberg
cf35bd79bd
test1523: basic test of CURLOPT_LOW_SPEED_LIMIT 2019-06-18 22:34:05 +02:00
Daniel Stenberg
6617db6a7e
runtests: keep logfiles around by default
Make '-k' a no-op. The singletest function now clears the log directory
BEFORE each individual test and not after, which makes it possible to
always keep the logfiles around after a test has been run. No need to
specify -k anymore. Keeping the option parsing around to work with users
of old habits.

Some tests also didn't work properly when -k was used (since the old
logs would be kep when a new test starts) which this change also fixes.

Closes #4035
2019-06-18 07:59:45 +02:00
Daniel Stenberg
40259ca655
tests: have runtests figure out disabled features
... so that runtests can skip individual test cases that test features
that are explicitly disabled in this build. This new logic is intended
for disabled features that aren't otherwise easily visible through the
curl_version_info() or other API calls.

tests/server/disabled is a newly built executable that will output a
list of disabled features. Outputs nothing for a default build.

Closes #3950
2019-06-17 16:08:00 +02:00
Daniel Stenberg
13d9bb8bad
test188/189: fix Content-Length
This cures the flaky test results

Closes #4034
2019-06-17 16:01:55 +02:00
Daniel Stenberg
c97e8493a6
runtests: report single test time + total duration
... after each successful test.

Closes #4027
2019-06-15 23:31:41 +02:00
Daniel Stenberg
ff3876046e
unit1654: cleanup on memory failure
... to make it handle torture tests properly.

Reported-by: Marcel Raad
Fixes #4021
Closes #4022
2019-06-13 17:22:51 +02:00
Daniel Stenberg
29177f422a
test1165: verify that CURL_DISABLE_ symbols are in sync
between configure.ac and source code. They should be possible to switch
on/off in configure AND be used in source code.
2019-06-11 15:33:58 +02:00
Daniel Stenberg
deb9462ff2
wolfssl: refer to it as wolfSSL only
Remove support for, references to and use of "cyaSSL" from the source
and docs. wolfSSL is the current name and there's no point in keeping
references to ancient history.

Assisted-by: Daniel Gustafsson

Closes #3903
2019-06-10 09:18:16 +02:00
Marcel Raad
e23c52b329
build: fix Codacy warnings
Reduce variable scopes and remove redundant variable stores.

Closes https://github.com/curl/curl/pull/3975
2019-06-05 20:38:06 +02:00
Marcel Raad
04ac54e196
sws: remove unused variables
Unused since commit 2f44e94.

Closes https://github.com/curl/curl/pull/3975
2019-06-05 20:37:56 +02:00
Steve Holme
5f2a103f09
tests/server/.gitignore: Add socksd to the ignore list
Missed in 04fd6755.

Closes #3978
2019-06-02 22:37:06 +01:00
Daniel Stenberg
b6b8f3a384
test334: verify HTTP 204 response with chunked coding header
Verifies that a bodyless response don't parse this content-related
header.
2019-06-02 22:58:11 +02:00
Michael Kaufmann
2e5ceb3934
http: don't parse body-related headers bodyless responses
Responses with status codes 1xx, 204 or 304 don't have a response body. For
these, don't parse these headers:

- Content-Encoding
- Content-Length
- Content-Range
- Last-Modified
- Transfer-Encoding

This change ensures that HTTP/2 upgrades work even if a
"Content-Length: 0" or a "Transfer-Encoding: chunked" header is present.

Co-authored-by: Daniel Stenberg
Closes #3702
Fixes #3968
Closes #3977
2019-06-02 22:58:04 +02:00
Marcel Raad
13df26192e
HAProxy tests: add keywords
Add the proxy and haproxy keywords in order to be able to exclude or
run these specific tests.

Closes https://github.com/curl/curl/pull/3949
2019-05-27 14:48:37 +02:00
Maksim Stsepanenka
1b260757b8
tests: make test 1420 and 1406 work with rtsp-disabled libcurl
Closes #3948
2019-05-27 11:34:06 +02:00
Jay Satiro
db8ec1fa38
Revert all SASL authzid (new feature) commits
- Revert all commits related to the SASL authzid feature since the next
  release will be a patch release, 7.65.1.

Prior to this change CURLOPT_SASL_AUTHZID  / --sasl-authzid was destined
for the next release, assuming it would be a feature release 7.66.0.
However instead the next release will be a patch release, 7.65.1 and
will not contain any new features.

After the patch release after the reverted commits can be restored by
using cherry-pick:

git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690

Details for all reverted commits:

Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()."

This reverts commit 0edf6907ae.

Revert "tests: Fix the line endings for the SASL alt-auth tests"

This reverts commit c2a8d52a13.

Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples"

This reverts commit 8c1cc369d0.

Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool"

This reverts commit a9499ff136.

Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID"

This reverts commit a14d72ca2f.
2019-05-25 23:36:11 +02:00
Jay Satiro
c2a8d52a13 tests: Fix the line endings for the SASL alt-auth tests
- Change data and protocol sections to CRLF line endings.

Prior to this change the tests would fail or hang, which is because
certain sections such as protocol require CRLF line endings.

Follow-up to a9499ff from today which added the tests.

Ref: https://github.com/curl/curl/pull/3790
2019-05-23 04:01:09 -04:00
Steve Holme
a9499ff136
curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool 2019-05-22 22:55:11 +01:00
Marc Hoersken
081d374f49 tests: add support to test against OpenSSH for Windows
Testing against OpenSSH for Windows requires v7.7.0.0 or newer
due to the use of AllowUsers and DenyUsers. For more info see:
https://github.com/PowerShell/Win32-OpenSSH/wiki/sshd_config
2019-05-22 19:54:05 +02:00
Daniel Stenberg
31b77c1877
curl: report error for "--no-" on non-boolean options
Reported-by: Olen Andoni
Fixes #3906
Closes #3907
2019-05-20 19:04:54 +02:00
Daniel Stenberg
8b038bcc95
lib1560: add tests for parsing URL with too long scheme
Ref: #3905
2019-05-20 15:27:07 +02:00