1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-14 13:35:03 -05:00
Commit Graph

868 Commits

Author SHA1 Message Date
Daniel Stenberg
debf23eead
mqtt: handle POST/PUBLISH without a set POSTFIELDSIZE
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28735

Added test 1916 and 1917 to verify.

Closes #6338
2020-12-18 12:54:05 +01:00
Daniel Stenberg
ff4d2c2a05
test1522: add debug tracing
I used this to track down some issues and I figured I could just as well
keep this extra logging in here for future needs.

Closes #6331
2020-12-17 16:55:56 +01:00
Daniel Stenberg
6cd066f64b
lib1564/5: verify that curl_multi_wakeup returns OK 2020-12-11 17:42:17 +01:00
Rikard Falkeborn
920f49a20b
infof/failf calls: fix format specifiers
Update a few format specifiers to match what is being printed.

Closes #6241
2020-11-24 13:18:41 +01:00
Daniel Stenberg
ac0a88fd25
copyright: fix year ranges
Follow-up from 4d2f800677
2020-11-05 08:22:10 +01:00
Daniel Stenberg
4d2f800677
curl.se: new home
Closes #6172
2020-11-04 23:59:47 +01:00
Harry Sintonen
77a7b93c25
rtsp: fixed the RTST Session ID mismatch in test 570
Closes #6161
2020-11-04 08:14:16 +01:00
Daniel Stenberg
2cfc4ed983
hsts: add read/write callbacks
- read/write callback options
- man pages for the 4 new setopts
- test 1915 verifies the callbacks

Closes #5896
2020-11-03 16:08:48 +01:00
Daniel Stenberg
95d30409be
tests: add missing global_init/cleanup calls
Without the cleanup call in these test files, the mbedTLS backend leaks
memory.

Closes #6156
2020-11-02 09:14:18 +01:00
Daniel Stenberg
b7ea3d2c22
urlapi: URL encode a '+' in the query part
... when asked to with CURLU_URLENCODE.

Extended test 1560 to verify.
Reported-by: Dietmar Hauser
Fixes #6086
Closes #6087
2020-10-15 23:21:53 +02:00
Daniel Stenberg
26a7d51c21
checksrc: warn on space after exclamation mark
Closes #6034
2020-10-02 16:35:53 +02:00
Daniel Stenberg
3d64031fa7
symbian: drop support
The OS is deprecated. I see no traces of anyone having actually built
curl for Symbian after 2012.

The public headers are unmodified.

Closes #5989
2020-09-22 15:14:12 +02:00
Daniel Stenberg
7ea2e1d0c5
ftp: a 550 response to SIZE returns CURLE_REMOTE_FILE_NOT_FOUND
This is primarily interesting for cases where CURLOPT_NOBODY is set as
previously curl would not return an error for this case.

MDTM getting 550 now also returns this error (it returned
CURLE_FTP_COULDNT_RETR_FILE before) in order to unify return codes for
missing files across protocols and specific FTP commands.

libcurl already returns error on a 550 as a MDTM response (when
CURLOPT_FILETIME is set). If CURLOPT_NOBODY is not set, an error would
happen subsequently anyway since the RETR command would fail.

Add test 1913 and 1914 to verify. Updated several tests accordingly due
to the updated SIZE behavior.

Reported-by: Tomas Berger
Fixes #5953
Closes #5957
2020-09-14 12:53:12 +02:00
Daniel Stenberg
47dd957daf
curl: use curlx_dynbuf for realloc when loading config files
... fixes an integer overflow at the same time.

Reported-by: ihsinme on github
Assisted-by: Jay Satiro

Closes #5946
2020-09-14 08:32:45 +02:00
Daniel Stenberg
558dffe306
lib583: fix enum mixup
grrr the previous follow-up to 17fcdf6a31 was wrong
2020-09-08 22:48:16 +02:00
Daniel Stenberg
ab213d60ed
libtest: fix build errors
Follow-up from 17fcdf6a31
2020-09-08 17:37:25 +02:00
Daniel Stenberg
17fcdf6a31
lib: fix -Wassign-enum warnings
configure --enable-debug now enables -Wassign-enum with clang,
identifying several enum "abuses" also fixed.

Reported-by: Gisle Vanem
Bug: 879007f811 (commitcomment-42087553)

Closes #5929
2020-09-08 13:53:02 +02:00
Daniel Stenberg
d799b77372
libtest: remove lib1541 leftovers
Caused automake errors.

Follow-up to 8ca54a03ea
2020-09-07 10:46:55 +02:00
Daniel Stenberg
2a82e4dc48
tests/libtests: remove test 1900 and 2033
We already remove the test files, now remove the libtest codes as well.

Follow-up to e50a877df7
2020-09-07 10:29:40 +02:00
Daniel Stenberg
f93455eb04
altsvc: clone setting in curl_easy_duphandle
The cache content is not duplicated, like other caches, but the setting
and specified file name are.

Test 1908 is extended to verify this somewhat. Since the duplicated
handle gets the same file name, the test unfortunately overwrites the
same file twice (with different contents) which makes it hard to check
automatically.

Closes #5923
2020-09-06 09:54:54 +02:00
Daniel Stenberg
8ca54a03ea
test1541: remove since it is a known bug
A shared connection cache is not thread-safe is a known issue. Stop
testing this until we believe this issue is addressed. Reduces
occasional test failures we don't care about.

The test code in lib1541.c is left in git to allow us to restore it when
we get to fix this.

Closes #5922
2020-09-06 09:51:06 +02:00
Daniel Stenberg
e50a877df7
tests: remove pipelining tests
Remove the tests 530, 584, 1900, 1901, 1902, 1903 and 2033. They were
previously disabled.

The Pipelining code was removed from curl in commit 2f44e94efb,
April 2019.

Closes #5921
2020-09-06 09:48:17 +02:00
Jeroen Ooms
70984ce1be
tests: add test1912 with typechecks
Validates that gcc-typecheck macros match the new option type API.

Closes #5873
2020-08-28 23:36:55 +02:00
Daniel Stenberg
6ebe63fac2
options: API for meta-data about easy options
const struct curl_easyoption *curl_easy_option_by_name(const char *name);

 const struct curl_easyoption *curl_easy_option_by_id (CURLoption id);

 const struct curl_easyoption *
 curl_easy_option_next(const struct curl_easyoption *prev);

The purpose is to provide detailed enough information to allow for
example libcurl bindings to get option information at run-time about
what easy options that exist and what arguments they expect.

Assisted-by: Jeroen Ooms
Closes #5365
2020-08-27 14:17:36 +02:00
Emil Engler
99119fc8a3
git: ignore libtests in 3XXX area
Currently the file tests/libtest/lib3010 is not getting
ignored by git. This fixes it by adding the 3XXX area to
the according .gitignore file.

Closes #5859
2020-08-26 22:53:02 +02:00
Daniel Stenberg
259a81555d
lib1560: verify "redirect" to double-slash leading URL
Closes #5849
2020-08-25 13:06:34 +02:00
Brian Inglis
ebae7d7c4a libtest/Makefile.am: add -no-undefined for libstubgss for Cygwin
copy the LDFLAGS approach for adding same option with `libhostname` in
`libtest/Makefile.am`:

- init `libstubgss_la_LDFLAGS_EXTRA` variable,
- add option to variable inside conditional,
- use variable in `libstubgss_la_LDFLAGS`

Fixes #5819
Closes #5820
2020-08-16 11:29:23 +02:00
Daniel Stenberg
010fb9830b
copyright: update/correct the year range on a few files 2020-08-14 10:20:27 +02:00
Daniel Stenberg
faeec840f3
checksrc: invoke script with -D to find .checksrc proper
Without the -D command line option, checksrc.pl won't know which
directory to load the ".checksrc" file from when building out of the
source tree.

Reported-by: Marcel Raad
Fixes #5715
Closes #5755
2020-08-01 10:47:55 +02:00
Jay Satiro
a12a16151a url: fix CURLU and location following
Prior to this change if the user set a URL handle (CURLOPT_CURLU) it was
incorrectly used for the location follow, resulting in infinite requests
to the original location.

Reported-by: sspiri@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/5709
Closes https://github.com/curl/curl/pull/5713
2020-07-30 11:57:35 -04:00
Daniel Stenberg
2f72ad44fc
checksrc: ban gmtime/localtime
They're not thread-safe so they should not be used in libcurl code.

Explictly enabled when deemed necessary and in examples and tests

Reviewed-by: Nicolas Sterchele
Closes #5732
2020-07-28 23:51:17 +02:00
Nicolas Sterchele
0b85969226
getinfo: reset retry-after value in initinfo
- Avoid re-using retry_after value from preceding request
- Add libtest 3010 to verify

Reported-by: joey-l-us on github
Fixes #5661
Closes #5672
2020-07-27 12:15:44 +02:00
Tobias Stoeckmann
8829703b5a mprintf: Fix stack overflows
Stack overflows can occur with precisions for integers and floats.

Proof of concepts:
- curl_mprintf("%d, %.*1$d", 500, 1);
- curl_mprintf("%d, %+0500.*1$f", 500, 1);

Ideally, compile with -fsanitize=address which makes this undefined
behavior a bit more defined for debug purposes.

The format strings are valid. The overflows occur due to invalid
arguments. If these arguments are variables with contents controlled
by an attacker, the function's stack can be corrupted.

Also see CVE-2016-9586 which partially fixed the float aspect.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

Closes https://github.com/curl/curl/pull/5722
2020-07-27 03:43:00 -04:00
Marcel Raad
c90e48c005
util: silence conversion warnings
timeval::tv_usec might be a 32-bit integer and timespec::tv_nsec might
be a 64-bit integer. This is the case when building for recent macOS
versions, for example. Just treat tv_usec as an int, which should
hopefully always be sufficient on systems with
`HAVE_CLOCK_GETTIME_MONOTONIC`.

Closes https://github.com/curl/curl/pull/5695
2020-07-19 10:34:58 +02:00
Daniel Stenberg
9466034561
transfer: fix memory-leak with CURLOPT_CURLU in a duped handle
Added test case 674 to reproduce and verify the bug report.

Fixes #5665
Reported-by: NobodyXu on github
Closes #5673
2020-07-12 16:36:02 +02:00
Daniel Stenberg
032e838b73
terminology: call them null-terminated strings
Updated terminology in docs, comments and phrases to refer to C strings
as "null-terminated". Done to unify with how most other C oriented docs
refer of them and what users in general seem to prefer (based on a
single highly unscientific poll on twitter).

Reported-by: coinhubs on github
Fixes #5598
Closes #5608
2020-06-28 00:31:24 +02:00
Daniel Stenberg
1529838a14
test1539: do a HTTP 1.0 POST without a set size (fails)
Attempt to reproduce #5593. Test case 1514 is very similar but uses
HTTP/1.1 and thus switches to chunked.

Closes #5595
2020-06-26 15:11:04 +02:00
Daniel Stenberg
8acfb932ef
tests: verify newline in username and password for HTTP
test 1296 is a simply command line test

test 1910 is a libcurl test including a redirect
2020-06-25 09:57:19 +02:00
Daniel Stenberg
79d8099ff0
test543: extended to verify zero length input
As was reported in #5601
2020-06-25 00:00:35 +02:00
Martin V
b71628b633
test1560: avoid possibly negative association in wording
Closes #5549
2020-06-12 10:01:57 +02:00
Daniel Stenberg
eab2f95c0d
wording: avoid blacklist/whitelist stereotypes
Instead of discussing if there's value or meaning (implied or not) in
the colors, let's use words without the same possibly negative
associations.

Closes #5546
2020-06-10 08:49:17 +02:00
Daniel Stenberg
c4e6968127
url: alloc the download buffer at transfer start
... and free it as soon as the transfer is done. It removes the extra
alloc when a new size is set with setopt() and reduces memory for unused
easy handles.

In addition: the closure_handle now doesn't use an allocated buffer at
all but the smallest supported size as a stack based one.

Closes #5472
2020-05-30 23:14:33 +02:00
Marc Hoersken
c0d4faf8e5
tests/libtest: fix undefined reference to 'curlx_win32_fopen'
Since curl_setup.h now makes use of curlx_win32_fopen for Win32
builds with USE_WIN32_LARGE_FILES or USE_WIN32_SMALL_FILES defined,
we need to include the relevant files for tests using fopen,
because the libtest sources are also including curl_setup.h

Reviewed-by: Marcel Raad
Reviewed-by: Daniel Stenberg

Follow up to #3784 (ffdddb45d9)
Closes #5475
2020-05-30 10:03:00 +02:00
Daniel Stenberg
32d4d6b969
mk-lib1521: generate code for testing BLOB options as well
Follow-up to cac5374298

Closes #5478
2020-05-29 09:22:50 +02:00
Daniel Stenberg
8df455479f
source cleanup: remove all custom typedef structs
- Stick to a single unified way to use structs
 - Make checksrc complain on 'typedef struct {'
 - Allow them in tests, public headers and examples

 - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually
   typedef different types/structs depending on build conditions.

Closes #5338
2020-05-15 08:54:42 +02:00
Daniel Stenberg
66b0775763
checksrc: enhance the ASTERISKSPACE and update code accordingly
Fine: "struct hello *world"

Not fine: "struct hello* world" (and variations)

Closes #5386
2020-05-14 00:02:05 +02:00
Peter Wu
c2ab2494ef
CMake: do not build test programs by default
The default target should only build libcurl and curl. Add a dedicated
'testdeps' target which will be used later when running tests. Note that
unittests are currently broken in CMake and already excluded.

Closes #5368
2020-05-12 08:50:07 +02:00
Daniel Stenberg
7f1c098728
urlapi: accept :: as a valid IPv6 address
Text 1560 is extended to verify.

Reported-by: Pavel Volgarev
Fixes #5344
Closes #5351
2020-05-08 08:47:29 +02:00
Marc Hoersken
2d1745fe2c
test613.pl: make tests 613 and 614 work with OpenSSH for Windows
OpenSSH for Windows shows group and other/world permissions as *,
because those concepts do not exist on Windows. It also does not
show the current or parent directory, so we just ignore those.

Reviewed-by: Daniel Stenberg
Closes #5328
2020-05-06 19:33:20 +02:00
Daniel Stenberg
ed35d6590e
dynbuf: introduce internal generic dynamic buffer functions
A common set of functions instead of many separate implementations for
creating buffers that can grow when appending data to them. Existing
functionality has been ported over.

In my early basic testing, the total number of allocations seem at
roughly the same amount as before, possibly a few less.

See docs/DYNBUF.md for a description of the API.

Closes #5300
2020-05-04 10:40:39 +02:00