1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-13 13:05:03 -05:00
Commit Graph

1510 Commits

Author SHA1 Message Date
Daniel Stenberg
44c53cc38b strcase: s/strequal/strcasecompare
some more follow-ups to 811a693b80
2016-10-31 09:37:54 +01:00
Daniel Stenberg
ad16f89791 test165: adapted to the libidn2 use and IDNA2008 fix 2016-10-31 08:46:35 +01:00
Daniel Stenberg
96a80b5a26 parsedate: handle cut off numbers better
... and don't read outside of the given buffer!

CVE-2016-8621

bug: https://curl.haxx.se/docs/adv_20161102G.html
Reported-by: Luật Nguyễn
2016-10-31 08:46:35 +01:00
Daniel Stenberg
42b650b9ea test1246: verify URL parsing with host name ending with '#' 2016-10-31 08:46:35 +01:00
Daniel Stenberg
f36f8c1455 test14xx: fixed --libcurl output tests again after 8e8afa82cb 2016-10-18 14:15:03 +02:00
Sergei Kuzmin
54e48b14e1 cookies: same domain handling changed to match browser behavior
Cokie with the same domain but different tailmatching property are now
considered different and do not replace each other.  If header contains
following lines then two cookies will be set: Set-Cookie: foo=bar;
domain=.foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 Set-Cookie: foo=baz;
domain=foo.com; expires=Thu Mar 3 GMT 8:56:27 2033

This matches Chrome, Opera, Safari, and Firefox behavior. When sending
stored tokens to foo.com Chrome, Opera, Firefox store send them in the
stored order, while Safari pre-sort the cookies.

Closes #1050
2016-10-03 16:49:35 +02:00
Michael Kaufmann
e9e5366193 New libcurl option to keep sending on error
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether
sending the request body shall be completed when the server responds
early with an error status code.

This is suitable for manual NTLM authentication.

Reviewed-by: Jay Satiro

Closes https://github.com/curl/curl/pull/904
2016-09-22 22:22:31 +02:00
Jay Satiro
36e53ec6ff docs: Remove that --proto is just used for initial retrieval
.. and add that --proto-redir and CURLOPT_REDIR_PROTOCOLS do not
override protocols denied by --proto and CURLOPT_PROTOCOLS.

- Add a test to enforce: --proto deny must override --proto-redir allow

Closes https://github.com/curl/curl/pull/1031
2016-09-21 17:23:24 -04:00
Jay Satiro
22cfeac730 easy: Reset all statistical session info in curl_easy_reset
Bug: https://github.com/curl/curl/issues/1017
Reported-by: Jeroen Ooms
2016-09-20 01:14:01 -04:00
Jay Satiro
19445f35ba test2048: fix url 2016-09-18 15:33:15 -04:00
Daniel Stenberg
8dcc074f36 test1605: verify negative input lengths to (un)escape functions 2016-09-14 07:49:43 +02:00
Daniel Stenberg
a8e751a51a http: refuse to pass on response body with NO_NODY was set
... like when a HTTP/0.9 response comes back without any headers at all
and just a body this now prevents that body from being sent to the
callback etc.

Adapted test 1144 to verify.

Fixes #973

Assisted-by: Ray Satiro
2016-09-11 12:02:07 +02:00
Jay Satiro
af2d679e14 errors: new alias CURLE_WEIRD_SERVER_REPLY (8)
Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as
more of a generic "failed to parse" introduce an alias without FTP in
the name.

Closes https://github.com/curl/curl/pull/975
2016-09-07 21:24:27 -04:00
Daniel Stenberg
3533def3d5 http2: make sure stream errors don't needlessly close the connection
With HTTP/2 each transfer is made in an indivial logical stream over the
connection, making most previous errors that caused the connection to get
forced-closed now instead just kill the stream and not the connection.

Fixes #941
2016-08-28 16:44:49 +02:00
Daniel Stenberg
152e5c2105 test161: add comment for the exit code 2016-08-26 09:12:01 +02:00
Dan Fandrich
b5286189b5 test219: Add http as a required feature 2016-08-26 08:32:01 +02:00
Daniel Stenberg
cdd61dc35f test1144: verify HEAD with body-only response 2016-08-18 11:45:15 +02:00
Daniel Stenberg
fa6b6f1a46 proxy: fix tests as follow-up to 93b0d907d5
This fixes tests that were added after 113f04e664 as the tests would
fail otherwise.

We bring back "Proxy-Connection: Keep-Alive" now unconditionally to fix
regressions with old and stupid proxies, but we could possibly switch to
using it only for CONNECT or only for NTLM in a future if we want to
gradually reduce it.

Fixes #954

Reported-by: János Fekete
2016-08-16 10:15:26 +02:00
Daniel Stenberg
93b0d907d5 Revert "Proxy-Connection: stop sending this header by default"
This reverts commit 113f04e664.
2016-08-16 08:36:04 +02:00
Daniel Stenberg
f1cdcc4c3e test219: verify unsupported scheme for proxies get rejected 2016-08-15 11:11:04 +02:00
Jay Satiro
6b130d6be6 tests: Fix for http/2 feature
Bug: https://curl.haxx.se/mail/lib-2016-07/0070.html
Reported-by: Paul Howarth
2016-07-24 02:49:47 -04:00
Dan Fandrich
47fa8f0dae test558: fix test by stripping file paths from FD lines 2016-07-21 17:06:04 +02:00
Daniel Stenberg
c6d3fa11e6 test558: updated after ipv6-check move
Follow-up commit to c50980807c to make this test pass.
2016-07-20 23:06:03 +02:00
Daniel Stenberg
e89489d8f4 test1244: test different proxy ports same URL 2016-06-29 23:06:32 +02:00
Daniel Stenberg
5f2e3b8867 tests: fix the HTTP/2 tests
The HTTP/2 tests brought with commit bf05606ef1 were using the internal
name 'http2' for the HTTP/2 server, while in fact that name was already
used for the second instance of the HTTP server. This made tests using
the second instance (like test 2050) fail after a HTTP/2 test had run.

The server is now known as HTTP/2 internally and within the <server>
section in test cases. 1700, 1701 and 1702 were updated accordingly.
2016-06-19 23:59:52 +02:00
Dan Fandrich
67176e2b84 tests: Added HTTP proxy keywords to tests 1141 & 1142 2016-06-15 23:04:48 +02:00
Daniel Stenberg
9b6d3a662e tests: two more HTTP/2 tests
1701 and 1702
2016-06-06 23:51:49 +02:00
Daniel Stenberg
d3b5c153af runtests: make stripfile work on stdout as well
... and have test 1700 use that to strip out the nghttpx server: headers
2016-06-06 23:51:49 +02:00
Daniel Stenberg
bf05606ef1 http2-tests: test1700 is the first real HTTP/2 test
It requires that 'nghttpx' is in the PATH, and it will run the tests
using nghttpx as a front-end proxy in front of the standard HTTP/1 test
server. This uses HTTP/2 over plain TCP.

If you like me have nghttpx installed in a custom path, you can run test 1700
like this:

$ PATH=$PATH:$HOME/build-nghttp2/bin/ ./runtests.pl 1700
2016-06-06 23:51:49 +02:00
Daniel Stenberg
5409e1d793 URL parser: allow URLs to use one, two or three slashes
Mostly in order to support broken web sites that redirect to broken URLs
that are accepted by browsers.

Browsers are typically even more leniant than this as the WHATWG URL
spec they should allow an _infinite_ amount. I tested 8000 slashes with
Firefox and it just worked.

Added test case 1141, 1142 and 1143 to verify the new parser.

Closes #791
2016-05-30 23:13:55 +02:00
Jay Satiro
68701e51c1 mprintf: Fix processing of width and prec args
Prior to this change a width arg could be erroneously output, and also
width and precision args could not be used together without crashing.

"%0*d%s", 2, 9, "foo"

Before: "092"
After: "09foo"

"%*.*s", 5, 2, "foo"

Before: crash
After: "   fo"

Test 557 is updated to verify this and more
2016-05-13 00:06:50 +02:00
Daniel Stenberg
9291e2b9d0 test1140: run nroff-scan to verify man pages 2016-05-01 23:24:09 +02:00
Jay Satiro
0dc4d8e42e curl -J: make it work even without http:// scheme on URL
It does open up a miniscule risk that one of the other protocols that
libcurl could use would send back a Content-Disposition header and then
curl would act on it even if not HTTP.

A future mitigation for this risk would be to allow the callback to ask
libcurl which protocol is being used.

Verified with test 1312

Closes #760
2016-04-29 15:24:10 +02:00
Daniel Stenberg
6a9abbd4d4 test1139: verifies libcurl option man page presence
- checks that each option has its own man page present

- checks that each option is mentioned in its corresponding index man
  page
2016-04-28 16:30:22 +02:00
Daniel Stenberg
e504f03f8c test1322: verify stripping of trailing dot from host name
While being debated (in #716) and a violation of RFC 7230 section 5.4,
this test verifies that the existing functionality works as intended. It
strips the dot from the host name and uses the host without dot
throughout the internals.
2016-04-25 23:51:33 +02:00
Daniel Stenberg
62e3e75b80 test148: fixed after the --ftp-create-dirs retry change
follow-up commit to 3c1e84f569 as it made curl try a little harder
2016-04-25 23:10:13 +02:00
Karlson2k
4fbd576930 tests: added test1517
... for checking ability to receive full HTTP response when POST request
is used with slow read callback function.

This test checks for bug #657 and verifies the work-around from
72d5e144fb.

Closes #720
2016-04-20 10:02:22 +02:00
Michael Kaufmann
cd8d236245 news: CURLOPT_CONNECT_TO and --connect-to
Makes curl connect to the given host+port instead of the host+port found
in the URL.
2016-04-17 23:50:59 +02:00
Daniel Stenberg
7f7fcd0d75 cookies: first n/v pair in Set-Cookie: is the cookie, then parameters
RFC 6265 section 4.1.1 spells out that the first name/value pair in the
header is the actual cookie name and content, while the following are
the parameters.

libcurl previously had a more liberal approach which causes significant
problems when introducing new cookie parameters, like the suggested new
cookie priority draft.

The previous logic read all n/v pairs from left-to-right and the first
name used that wassn't a known parameter name would be used as the
cookie name, thus accepting "Set-Cookie: Max-Age=2; person=daniel" to be
a cookie named 'person' while an RFC 6265 compliant parser should
consider that to be a cookie named 'Max-Age' with an (unknown) parameter
'person'.

Fixes #709
2016-03-10 11:26:12 +01:00
Tim Rühsen
c140bd7891 cookie: do not refuse cookies for localhost
Closes #658
2016-03-08 15:27:43 +01:00
Daniel Stenberg
e6293cf876 test46: change cookie expiry date
Since two of the cookies would now otherwise expire and cause the test
to fail after commit 20de9b4f09

Discussed in #697
2016-03-06 16:22:49 +01:00
Jay Satiro
186546f1c5 TFTP: add option to suppress TFTP option requests (Part 2)
- Add tests.

- Add an example to CURLOPT_TFTP_NO_OPTIONS.3.

- Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS.

Bug: https://github.com/curl/curl/issues/481
2016-02-23 03:01:07 -05:00
Dan Fandrich
e50674ad28 Enabled test 1437 after the bug fix in commit 3fa220a6 2016-02-20 11:34:15 +01:00
Dan Fandrich
fe37695aa9 Added test 1437 to verify a memory leak
Reported-by: neex@users.noreply.github.com
2016-02-19 10:45:09 +01:00
Dan Fandrich
0443187611 test1604: Add to Makefile.inc so it gets run 2016-02-13 22:49:45 +01:00
Daniel Stenberg
18c735e790 cookies: allow spaces in cookie names, cut of trailing spaces
It turns out Firefox and Chrome both allow spaces in cookie names and
there are sites out there using that.

Turned out the code meant to strip off trailing space from cookie names
didn't work. Fixed now.

Test case 8 modified to verify both these changes.

Closes #639
2016-02-08 15:49:54 +01:00
Daniel Stenberg
113f04e664 Proxy-Connection: stop sending this header by default
RFC 7230 says we should stop. Firefox already stopped.

Bug: https://github.com/curl/curl/issues/633
Reported-By: Brad Fitzpatrick

Closes #633
2016-02-08 11:09:40 +01:00
Jay Satiro
4520534e6d tool_doswin: Improve sanitization processing
- Add unit test 1604 to test the sanitize_file_name function.

- Use -DCURL_STATICLIB when building libcurltool for unit testing.

- Better detection of reserved DOS device names.

- New flags to modify sanitize behavior:

SANITIZE_ALLOW_COLONS: Allow colons
SANITIZE_ALLOW_PATH: Allow path separators and colons
SANITIZE_ALLOW_RESERVED: Allow reserved device names
SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename

- Restore sanitization of banned characters from user-specified outfile.

Prior to this commit sanitization of a user-specified outfile was
temporarily disabled in 2b6dadc because there was no way to allow path
separators and colons through while replacing other banned characters.
Now in such a case we call the sanitize function with
SANITIZE_ALLOW_PATH which allows path separators and colons to pass
through.


Closes https://github.com/curl/curl/issues/624
Reported-by: Octavio Schroeder
2016-02-05 01:44:27 -05:00
Viktor Szakats
20dcd19501 URLs: follow GitHub project rename (also Travis CI)
Closes #632
2016-02-04 23:01:38 +01:00
Daniel Stenberg
4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00