1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-17 23:15:08 -05:00
Commit Graph

4662 Commits

Author SHA1 Message Date
Rikard Falkeborn
920f49a20b
infof/failf calls: fix format specifiers
Update a few format specifiers to match what is being printed.

Closes #6241
2020-11-24 13:18:41 +01:00
Marc Hoersken
c353207057
tests/server/tftpd.c: close upload file right after transfer
Make sure uploaded file is no longer locked after the
transfer while waiting for the final ACK to be handled.

Assisted-by: Daniel Stenberg

Bug: #6058
Closes #6209
2020-11-20 12:50:57 +01:00
Marc Hoersken
24f909cebd tests/*server.py: close log file after each log line
Make sure the log file is not locked once a test has
finished and align with the behavior of our logmsg.

Rename curl_test_data.py to be a general util.py.
Format and sort Python imports with isort/VSCode.

Bug: #6058
Closes #6206
2020-11-14 21:32:33 +01:00
Daniel Stenberg
3c5c6e7477
mqttd: fclose test file when done
Reported-by: Marc Hörsken
Reviewed-by: Jay Satiro
Bug: #6058
Closes #6189
2020-11-09 17:25:22 +01:00
Daniel Stenberg
ee644bc8b3
test493: verify --hsts upgrade and that %{url_effective} reflects that
Closes #6175
2020-11-06 08:22:34 +01:00
Daniel Stenberg
ac0a88fd25
copyright: fix year ranges
Follow-up from 4d2f800677
2020-11-05 08:22:10 +01:00
Daniel Stenberg
4d2f800677
curl.se: new home
Closes #6172
2020-11-04 23:59:47 +01:00
Harry Sintonen
77a7b93c25
rtsp: fixed the RTST Session ID mismatch in test 570
Closes #6161
2020-11-04 08:14:16 +01:00
Daniel Stenberg
2cfc4ed983
hsts: add read/write callbacks
- read/write callback options
- man pages for the 4 new setopts
- test 1915 verifies the callbacks

Closes #5896
2020-11-03 16:08:48 +01:00
Daniel Stenberg
7385610d0c
hsts: add support for Strict-Transport-Security
- enable in the build (configure)
- header parsing
- host name lookup
- unit tests for the above
- CI build
- CURL_VERSION_HSTS bit
- curl_version_info support
- curl -V output
- curl-config --features
- CURLOPT_HSTS_CTRL
- man page for CURLOPT_HSTS_CTRL
- curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl)
- man page for --hsts
- save cache to disk
- load cache from disk
- CURLOPT_HSTS
- man page for CURLOPT_HSTS
- added docs/HSTS.md
- fixed --version docs
- adjusted curl_easy_duphandle

Closes #5896
2020-11-03 16:08:42 +01:00
Daniel Stenberg
95d30409be
tests: add missing global_init/cleanup calls
Without the cleanup call in these test files, the mbedTLS backend leaks
memory.

Closes #6156
2020-11-02 09:14:18 +01:00
Jay Satiro
e4d38014cd tests: fix some http/2 tests for older versions of nghttpx
- Add regex that strips http/2 server header name to those http/2 tests
  that don't already have it.

- Improve that regex in all http/2 tests.

Tests 358 and 359 were failing for me before this change on a system
that uses an older version of nghttpx which includes its version number
in the server header.

Closes https://github.com/curl/curl/pull/6139
2020-10-29 23:08:03 -04:00
Daniel Stenberg
61630a155e
runtests: show keywords when no tests ran
To help out future debugging, runtests now outputs the list of keywords
when it fails because no tests ran.

Ref: #6120
Closes #6126
2020-10-26 23:05:19 +01:00
Daniel Stenberg
96450a1a33
alt-svc: enable by default
Remove CURLALTSVC_IMMEDIATELY, which was never implemented/supported.

alt-svc support in curl is no longer considered experimental

Closes #5868
2020-10-25 23:08:54 +01:00
Emil Engler
499b3b6ff6
tool_help: make "output" description less confusing
Currently the description of "output" is misleading when comparing it
"verbose".

Closes #6118
2020-10-24 23:46:02 +02:00
Daniel Stenberg
18dd7cc9af
CI/travis: add brotli and zstd to the libssh2 build
... to make sure such tests are run with valgrind. Suppress the zstd
valgrind warnings we get with version 1.3.3 on Ubuntu 18.04 (for debug
and non-debug builds).

Closes #6105
2020-10-19 16:31:43 +02:00
Daniel Stenberg
4282d5f9d0
runtests: revert the mistaken edit of $CURL
Regression from c4693adc62
2020-10-19 12:01:00 +02:00
Daniel Stenberg
475c1aba68
checksrc: warn on empty line before open brace
... and fix a few occurances

Closes #6088
2020-10-15 23:32:26 +02:00
Daniel Stenberg
b7ea3d2c22
urlapi: URL encode a '+' in the query part
... when asked to with CURLU_URLENCODE.

Extended test 1560 to verify.
Reported-by: Dietmar Hauser
Fixes #6086
Closes #6087
2020-10-15 23:21:53 +02:00
Daniel Stenberg
88bf689f94
runtests: return error if no tests ran
... and make TESTFAIL stand out a little better by adding newlines
before and after.

Reported-by: Marc Hörsken
Issue: #6052
Closes #6053
2020-10-15 15:50:11 +02:00
Daniel Stenberg
15997f6db5
test122[12]: remove these two tests
... and remove the objnames scripts they tested. They're not used for
anything anymore so testing them serves no purpose!

Reported-by: Marc Hörsken
Fixes #6080
Closes #6081
2020-10-15 07:56:19 +02:00
Sergei Nikulov
d8fffd718b
CI/tests: fix invocation of tests for CMake builds
Update appveyor.yml to set env variable TFLAGS and run tests
Remove curly braces due to CMake error (${TFLAGS} -> $TFLAGS)
Move testdeps build to build step (per review comments)

Reviewed-by: Marc Hörsken

Closes #6066
Fixes #6052
2020-10-14 07:03:55 +02:00
Marc Hoersken
112418070a
tests/server/util.c: fix support for Windows Unicode builds
Detected via #6066
Closes #6070
2020-10-14 06:58:04 +02:00
Marc Hoersken
0a99281c21
CI/tests: use verification curl for test reporting APIs
Avoid using our own, potentially installed, curl for
the test reporting APIs in case it is broken.

Reviewed-by: Daniel Stenberg

Preparation for #6049
Closes #6063
2020-10-13 06:57:02 +02:00
Marc Hoersken
1101fbbf49
runtests.pl: use $LIBDIR variable instead of hardcoded path
Reviewed-by: Daniel Stenberg
Closes #6051
2020-10-08 21:36:43 +02:00
Daniel Stenberg
b8e4d1cb0a
runtests: add %repeat[]% for test files
... and use this new keywords in all the test files larger than 50K to reduce
their sizes and make them a lot easier to read and understand.

Closes #6040
2020-10-04 17:16:53 +02:00
Daniel Stenberg
e6b21d422e
runtests: provide curl's version string as %VERSION for tests
... so that we can check HTTP requests for User-Agent: curl/%VERSION

Update 600+ test cases accordingly.

Closes #6037
2020-10-02 22:54:23 +02:00
Daniel Stenberg
26a7d51c21
checksrc: warn on space after exclamation mark
Closes #6034
2020-10-02 16:35:53 +02:00
Daniel Stenberg
ddecd28268
test1465: verify --libcurl with binary POST data 2020-10-02 09:35:38 +02:00
Daniel Stenberg
2dd53e82f1
runtests: allow generating a binary sequence from hex 2020-10-02 09:35:38 +02:00
Daniel Stenberg
8aeb82eeca
tests/unit/README: convert to markdown
... and add to dist!

Closes #6028
2020-09-30 22:45:48 +02:00
Daniel Stenberg
422f610b40
tests/README: convert to markdown
Closes #6028
2020-09-30 22:45:45 +02:00
Daniel Stenberg
4a4c724599
ftp: make a 552 response return CURLE_REMOTE_DISK_FULL
Added test 348 to verify. Added a 'STOR' command to the test FTP
server to enable test 348. Documented the command in FILEFORMAT.md

Reported-by: Duncan Wilcox
Fixes #6016
Closes #6017
2020-09-26 13:37:15 +02:00
Daniel Stenberg
11522d7292
test163[12]: require http to be built-in to run
... as speaking over an HTTPS proxy implies http!

Closes #6014
2020-09-25 14:29:45 +02:00
Daniel Stenberg
c4693adc62
imap: make imap_send use dynbuf for the send buffer management
Reuses the buffer and thereby reduces number of mallocs over a transfer.

Closes #6010
2020-09-25 08:35:01 +02:00
Daniel Stenberg
1397a7de6e
ftp: separate FTPS from FTP over "HTTPS proxy"
When using HTTPS proxy, SSL is used but not in the view of the FTP
protocol handler itself so separate the connection's use of SSL from the
FTP control connection's sue.

Reported-by: Mingtao Yang
Fixes #5523
Closes #6006
2020-09-24 14:09:20 +02:00
Dan Fandrich
93653ef9e2 tests/data: Fix some mismatched XML tags in test cases
This allows these test files to pass xmllint.
2020-09-23 14:53:26 -07:00
Daniel Stenberg
3d64031fa7
symbian: drop support
The OS is deprecated. I see no traces of anyone having actually built
curl for Symbian after 2012.

The public headers are unmodified.

Closes #5989
2020-09-22 15:14:12 +02:00
Daniel Stenberg
3e80895da7
test1297: verify GOT_NOTHING with http proxy tunnel 2020-09-22 10:54:42 +02:00
Daniel Stenberg
2cc6857247
test3015: verify stdout "as text"
Follow-up from 0c1e767e83 to please win32 tests

Closes #5962
2020-09-15 22:51:08 +02:00
Daniel Stenberg
304aeace1b
tests/FILEFORMAT: document type=shell for <command> 2020-09-15 15:42:56 +02:00
Daniel Stenberg
8854b9284b
tests/FILEFORMAT: document nonewline support for <file>
The one in <client>, that creates files.

Follow-up from b83947c8df
2020-09-15 14:45:08 +02:00
anio
0c1e767e83
tool_writeout: add new writeout variable, %{num_headers}
This variable gives the number of headers.

Closes #5947
2020-09-15 00:37:08 +02:00
Daniel Stenberg
7ea2e1d0c5
ftp: a 550 response to SIZE returns CURLE_REMOTE_FILE_NOT_FOUND
This is primarily interesting for cases where CURLOPT_NOBODY is set as
previously curl would not return an error for this case.

MDTM getting 550 now also returns this error (it returned
CURLE_FTP_COULDNT_RETR_FILE before) in order to unify return codes for
missing files across protocols and specific FTP commands.

libcurl already returns error on a 550 as a MDTM response (when
CURLOPT_FILETIME is set). If CURLOPT_NOBODY is not set, an error would
happen subsequently anyway since the RETR command would fail.

Add test 1913 and 1914 to verify. Updated several tests accordingly due
to the updated SIZE behavior.

Reported-by: Tomas Berger
Fixes #5953
Closes #5957
2020-09-14 12:53:12 +02:00
Daniel Stenberg
5c2d2d2ace
test434: test -K use in a single line without newline
Closes #5946
2020-09-14 08:32:49 +02:00
Daniel Stenberg
b83947c8df
runtests: allow creating files without newlines
Closes #5946
2020-09-14 08:32:45 +02:00
Daniel Stenberg
47dd957daf
curl: use curlx_dynbuf for realloc when loading config files
... fixes an integer overflow at the same time.

Reported-by: ihsinme on github
Assisted-by: Jay Satiro

Closes #5946
2020-09-14 08:32:45 +02:00
Daniel Stenberg
5fbc3ee520
tests: add test1912 to the dist
Follow-up to 70984ce1be
2020-09-12 18:09:49 +02:00
Daniel Stenberg
558dffe306
lib583: fix enum mixup
grrr the previous follow-up to 17fcdf6a31 was wrong
2020-09-08 22:48:16 +02:00
Daniel Stenberg
ab213d60ed
libtest: fix build errors
Follow-up from 17fcdf6a31
2020-09-08 17:37:25 +02:00
Daniel Stenberg
17fcdf6a31
lib: fix -Wassign-enum warnings
configure --enable-debug now enables -Wassign-enum with clang,
identifying several enum "abuses" also fixed.

Reported-by: Gisle Vanem
Bug: 879007f811 (commitcomment-42087553)

Closes #5929
2020-09-08 13:53:02 +02:00
Daniel Stenberg
d799b77372
libtest: remove lib1541 leftovers
Caused automake errors.

Follow-up to 8ca54a03ea
2020-09-07 10:46:55 +02:00
Daniel Stenberg
2a82e4dc48
tests/libtests: remove test 1900 and 2033
We already remove the test files, now remove the libtest codes as well.

Follow-up to e50a877df7
2020-09-07 10:29:40 +02:00
Marc Hoersken
e089704a0f
CI/azure: add test number to title for display in analytics
To ease identification of tests the test number is added to
the test case title in order to have it on the Azure DevOps
Analytics pages and reports which currently do not show it.

Bump test case revision to make Azure DevOps update titles.

Closes #5927
2020-09-07 07:42:30 +02:00
Daniel Stenberg
f93455eb04
altsvc: clone setting in curl_easy_duphandle
The cache content is not duplicated, like other caches, but the setting
and specified file name are.

Test 1908 is extended to verify this somewhat. Since the duplicated
handle gets the same file name, the test unfortunately overwrites the
same file twice (with different contents) which makes it hard to check
automatically.

Closes #5923
2020-09-06 09:54:54 +02:00
Daniel Stenberg
8ca54a03ea
test1541: remove since it is a known bug
A shared connection cache is not thread-safe is a known issue. Stop
testing this until we believe this issue is addressed. Reduces
occasional test failures we don't care about.

The test code in lib1541.c is left in git to allow us to restore it when
we get to fix this.

Closes #5922
2020-09-06 09:51:06 +02:00
Daniel Stenberg
e50a877df7
tests: remove pipelining tests
Remove the tests 530, 584, 1900, 1901, 1902, 1903 and 2033. They were
previously disabled.

The Pipelining code was removed from curl in commit 2f44e94efb,
April 2019.

Closes #5921
2020-09-06 09:48:17 +02:00
Emil Engler
a86cc7e2ab
tests: Add tests for new --help
This commit is a part of "--help me if you can"

Closes #5680
2020-09-04 15:38:22 +02:00
Daniel Stenberg
9e90ff0839
hash: make it 'struct Curl_hash'
As internal global names should use captical C.

Closes #5906
2020-09-02 22:41:58 +02:00
Daniel Stenberg
9b3f888a00
llist: make it "struct Curl_llist"
As internal global names should use captical C.

Closes #5906
2020-09-02 22:41:58 +02:00
Marc Hoersken
3e4b32a3e1
win32: drop support for WinSock version 1, require version 2
IPv6, telnet and now also the multi API require WinSock
version 2 which is available starting with Windows 95.

Therefore we think it is time to drop support for version 1.

Reviewed-by: Marcel Raad
Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg
Reviewed-by: Viktor Szakats

Follow up to #5634
Closes #5854
2020-09-02 16:30:39 +02:00
Daniel Stenberg
e22682b908
test971: show test mismatches "inline" 2020-09-02 09:27:51 +02:00
Daniel Stenberg
8bb183114c
tests/getpart: use MIME::Base64 instead of home-cooked
Since we already use the base64 package since a while back, we can just
as well switch to that here too.

It also happens to use the exact same function name, which otherwise
causes a run-time warning.

Reported-by: Marc Hörsken
Fixes #5885
Closes #5887
2020-08-29 15:10:45 +02:00
Jeroen Ooms
70984ce1be
tests: add test1912 with typechecks
Validates that gcc-typecheck macros match the new option type API.

Closes #5873
2020-08-28 23:36:55 +02:00
Marc Hoersken
5fcad1c1c6
sockfilt: handle FD_CLOSE winsock event on write socket
Learn from the way Cygwin handles and maps the WinSock events
to simulate correct and complete poll and select behaviour
according to Richard W. Stevens Network Programming book.

Follow up to #5867
Closes #5879
2020-08-28 22:30:39 +02:00
Daniel Stenberg
85868537d6
buildconf: invoke 'autoreconf -fi' instead
The custom script isn't necessary anymore - but remains for simplicity
and just invokes autoreconf.

Closes #5853
2020-08-27 22:53:34 +02:00
Daniel Stenberg
6ebe63fac2
options: API for meta-data about easy options
const struct curl_easyoption *curl_easy_option_by_name(const char *name);

 const struct curl_easyoption *curl_easy_option_by_id (CURLoption id);

 const struct curl_easyoption *
 curl_easy_option_next(const struct curl_easyoption *prev);

The purpose is to provide detailed enough information to allow for
example libcurl bindings to get option information at run-time about
what easy options that exist and what arguments they expect.

Assisted-by: Jeroen Ooms
Closes #5365
2020-08-27 14:17:36 +02:00
Emil Engler
99119fc8a3
git: ignore libtests in 3XXX area
Currently the file tests/libtest/lib3010 is not getting
ignored by git. This fixes it by adding the 3XXX area to
the according .gitignore file.

Closes #5859
2020-08-26 22:53:02 +02:00
Daniel Stenberg
259a81555d
lib1560: verify "redirect" to double-slash leading URL
Closes #5849
2020-08-25 13:06:34 +02:00
Daniel Stenberg
5620d2cc78
curl: add --output-dir
Works with --create-dirs and with -J

Add test 3008, 3009, 3011, 3012 and 3013 to verify.

Closes #5637
2020-08-24 22:41:37 +02:00
Daniel Stenberg
4be1f8dc01
curl: support XDG_CONFIG_HOME to find .curlrc
Added test433 to verify. Updated documentation.

Reviewed-by: Jay Satiro
Suggested-by: Eli Schwartz
Fixes #5829
Closes #5837
2020-08-24 16:37:09 +02:00
Daniel Stenberg
98c94596f5
etag: save and use the full received contents
... which makes it support weak tags and non-standard etags too!

Added test case 347 to verify blank incoming ETag:

Fixes #5610
Closes #5833
2020-08-24 10:02:41 +02:00
Daniel Stenberg
88b1ca7cba
CURLE_PROXY: new error code
Failures clearly returned from a (SOCKS) proxy now causes this return
code. Previously the situation was not very clear as what would be
returned and when.

In addition: when this error code is returned, an application can use
CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then
returns a value from the new 'CURLproxycode' enum.

Closes #5770
2020-08-24 08:41:48 +02:00
Daniel Stenberg
d71ac6711a
runtests: make cleardir() erase dot files too
Because test cases might use dot files.

Closes #5838
2020-08-23 17:45:41 +02:00
Daniel Stenberg
327bd5d026
runtests: avoid 'fail to start' repeated messages in attempt loops
Closes #5834
2020-08-21 17:16:05 +02:00
Daniel Stenberg
15f76a50ee
runtests: clear pid variables when failing to start a server
... as otherwise the parent doesn't detect the failure and believe it
actually worked to start.

Reported-by: Christian Weisgerber
Bug: https://curl.haxx.se/mail/lib-2020-08/0018.html
Closes #5834
2020-08-21 17:15:59 +02:00
Brian Inglis
ebae7d7c4a libtest/Makefile.am: add -no-undefined for libstubgss for Cygwin
copy the LDFLAGS approach for adding same option with `libhostname` in
`libtest/Makefile.am`:

- init `libstubgss_la_LDFLAGS_EXTRA` variable,
- add option to variable inside conditional,
- use variable in `libstubgss_la_LDFLAGS`

Fixes #5819
Closes #5820
2020-08-16 11:29:23 +02:00
Daniel Stenberg
86dc9867a5
test1140: compare stdout
To make problems more immediately obvious when tests fail.

Closes #5814
2020-08-15 00:10:36 +02:00
Daniel Stenberg
010fb9830b
copyright: update/correct the year range on a few files 2020-08-14 10:20:27 +02:00
Marc Hoersken
421cf55ab2
CI/azure: fix test outcome values and use latest API version
This makes sure that tests ignored or skipped are not shown
just in the category "Other", but with their correct state.

Closes #5796
2020-08-09 21:33:35 +02:00
Daniel Stenberg
2429f45a97
TLS naming: fix more Winssl and Darwinssl leftovers
The CMake option is now called CMAKE_USE_SCHANNEL

The winbuild flag is USE_SCHANNEL

The CI jobs and build scripts only use the new names and the new name
options

Tests now require 'Schannel' (when necessary)

Closes #5795
2020-08-08 00:19:21 +02:00
Daniel Stenberg
82ed83ae30
runtests: run the DICT server on a random port number
Removed support for -b (base port number)

Closes #5783
2020-08-07 10:23:15 +02:00
Daniel Stenberg
337a28d810
runtests: move the TELNET server to a dynamic port
Rename the port variable to TELNETPORT to better match the existing
pattern.

Closes #5785
2020-08-06 23:47:08 +02:00
Daniel Stenberg
70999e6034
runtests: move the smbserver to use a dynamic port number
Closes #5782
2020-08-05 22:50:03 +02:00
Daniel Stenberg
c8ec04065a
runtests: run the http2 tests on a random port number
Closes #5779
2020-08-05 18:14:25 +02:00
Daniel Stenberg
06aa77ae33
runtests: move the gnutls-serv tests to a dynamic port
Affects test 320, 321, 322 and 324.

Closes #5778
2020-08-05 14:44:38 +02:00
Daniel Stenberg
424092e70f
runtests: support dynamicly base64 encoded sections in tests
This allows us to make test cases to use base64 at run-time and still
use and verify information determined at run-time, such as the IMAP test
server's port number in test 842.

This change makes 12 tests run again that basically never ran since we
moved to dynamic port numbers.

ftpserver.pl is adjusted to load test instructions and test number from
the preprocessed test file.

FILEFORMAT.md now documents the new base64 encoding syntax.

Reported-by: Marcel Raad
Fixes #5761
Closes #5775
2020-08-04 18:12:42 +02:00
Marcel Raad
07fd3fa07f
test1908: treat file as text
Fixes the line endings on Windows.

Closes https://github.com/curl/curl/pull/5767
2020-08-03 12:14:27 +02:00
Marcel Raad
87e0fcfe5c
TrackMemory tests: ignore realloc and free in getenv.c
These are only called for WIN32.

Closes https://github.com/curl/curl/pull/5767
2020-08-03 12:14:23 +02:00
Daniel Stenberg
06bc9b388e
tests/FILEFORMAT.md: mention %HTTP2PORT 2020-08-03 11:42:16 +02:00
Marcel Raad
5c2728eb42
runtests.pl: treat LibreSSL and BoringSSL as OpenSSL
This makes the tests that require the OpenSSL feature also run for
those two compatible libraries.

Closes https://github.com/curl/curl/pull/5762
2020-08-02 10:32:00 +02:00
Marc Aldorasi
d5bb459ccf
multi_remove_handle: close unused connect-only connections
Previously any connect-only connections in a multi handle would be kept
alive until the multi handle was closed.  Since these connections cannot
be re-used, they can be marked for closure when the associated easy
handle is removed from the multi handle.

Closes #5749
2020-08-01 15:26:08 +02:00
Daniel Stenberg
faeec840f3
checksrc: invoke script with -D to find .checksrc proper
Without the -D command line option, checksrc.pl won't know which
directory to load the ".checksrc" file from when building out of the
source tree.

Reported-by: Marcel Raad
Fixes #5715
Closes #5755
2020-08-01 10:47:55 +02:00
Marc Hoersken
3ee7c676ec
tests/sshserver.pl: fix compatibility with OpenSSH for Windows
Follow up to #5721
2020-07-31 18:56:50 +02:00
Jay Satiro
a12a16151a url: fix CURLU and location following
Prior to this change if the user set a URL handle (CURLOPT_CURLU) it was
incorrectly used for the location follow, resulting in infinite requests
to the original location.

Reported-by: sspiri@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/5709
Closes https://github.com/curl/curl/pull/5713
2020-07-30 11:57:35 -04:00
Daniel Stenberg
2f72ad44fc
checksrc: ban gmtime/localtime
They're not thread-safe so they should not be used in libcurl code.

Explictly enabled when deemed necessary and in examples and tests

Reviewed-by: Nicolas Sterchele
Closes #5732
2020-07-28 23:51:17 +02:00
Nicolas Sterchele
0b85969226
getinfo: reset retry-after value in initinfo
- Avoid re-using retry_after value from preceding request
- Add libtest 3010 to verify

Reported-by: joey-l-us on github
Fixes #5661
Closes #5672
2020-07-27 12:15:44 +02:00
Tobias Stoeckmann
8829703b5a mprintf: Fix stack overflows
Stack overflows can occur with precisions for integers and floats.

Proof of concepts:
- curl_mprintf("%d, %.*1$d", 500, 1);
- curl_mprintf("%d, %+0500.*1$f", 500, 1);

Ideally, compile with -fsanitize=address which makes this undefined
behavior a bit more defined for debug purposes.

The format strings are valid. The overflows occur due to invalid
arguments. If these arguments are variables with contents controlled
by an attacker, the function's stack can be corrupted.

Also see CVE-2016-9586 which partially fixed the float aspect.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

Closes https://github.com/curl/curl/pull/5722
2020-07-27 03:43:00 -04:00
Marcel Raad
c90e48c005
util: silence conversion warnings
timeval::tv_usec might be a 32-bit integer and timespec::tv_nsec might
be a 64-bit integer. This is the case when building for recent macOS
versions, for example. Just treat tv_usec as an int, which should
hopefully always be sufficient on systems with
`HAVE_CLOCK_GETTIME_MONOTONIC`.

Closes https://github.com/curl/curl/pull/5695
2020-07-19 10:34:58 +02:00
Daniel Stenberg
c13c67e127
test1139: make it display the difference on test failures 2020-07-14 18:31:37 +02:00