1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 08:38:49 -05:00
curl/tests/data/test1235
Daniel Stenberg 5ca96cb844 urlglob: better detect unclosed braces, empty lists and overflows
A rather big overhaul and cleanup.

1 - curl wouldn't properly detect and reject globbing that ended with an
open brace if there were brackets or braces before it. Like "{}{" or
"[0-1]{"

2 - curl wouldn't properly reject empty lists so that "{}{}" would
result in curl getting (nil) strings in the output.

3 - By using strtoul() instead of sscanf() the code will now detected
over and underflows. It now also better parses the step argument to only
accept positive numbers and only step counters that is smaller than the
delta between the maximum and minimum numbers.

4 - By switching to unsigned longs instead of signed ints for the
counters, the max values for []-ranges are now very large (on 64bit
machines).

5 - Bumped the maximum number of globs in a single URL to 100 (from 10)

6 - Simplified the code somewhat and now it stores fixed strings as
single- entry lists. That's also one of the reasons why I did (5) as now
all strings between "globs" will take a slot in the array.

Added test 1234 and 1235 to verify. Updated test 87.

This commit fixes three separate bug reports.

Bug: http://curl.haxx.se/bug/view.cgi?id=1264
Bug: http://curl.haxx.se/bug/view.cgi?id=1265
Bug: http://curl.haxx.se/bug/view.cgi?id=1266
Reported-by: Will Dietz
2013-08-16 11:52:08 +02:00

95 lines
1.7 KiB
Plaintext

<testcase>
<info>
<keywords>
HTTP
HTTP GET
{} list
</keywords>
</info>
# Server-side
<reply>
<data1>
HTTP/1.1 200 OK
Funny-head: yesyes
Content-Length: 15
the number one
</data1>
<data2>
HTTP/1.1 200 OK
Funny-head: yesyes
Content-Length: 16
two is nice too
</data2>
</reply>
# Client-side
<client>
<server>
http
</server>
<name>
multiple requests using {}{} in the URL
</name>
<command>
"%HOSTIP:%HTTPPORT/{1235,1235}{0001,0002}"
</command>
</client>
# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent:.*
</strip>
<protocol>
GET /12350001 HTTP/1.1
User-Agent: curl/7.8.1-pre3 (sparc-sun-solaris2.7) libcurl 7.8.1-pre3 (OpenSSL 0.9.6a) (krb4 enabled)
Host: %HOSTIP:%HTTPPORT
Accept: */*
GET /12350002 HTTP/1.1
User-Agent: curl/7.8.1-pre3 (sparc-sun-solaris2.7) libcurl 7.8.1-pre3 (OpenSSL 0.9.6a) (krb4 enabled)
Host: %HOSTIP:%HTTPPORT
Accept: */*
GET /12350001 HTTP/1.1
User-Agent: curl/7.8.1-pre3 (sparc-sun-solaris2.7) libcurl 7.8.1-pre3 (OpenSSL 0.9.6a) (krb4 enabled)
Host: %HOSTIP:%HTTPPORT
Accept: */*
GET /12350002 HTTP/1.1
User-Agent: curl/7.8.1-pre3 (sparc-sun-solaris2.7) libcurl 7.8.1-pre3 (OpenSSL 0.9.6a) (krb4 enabled)
Host: %HOSTIP:%HTTPPORT
Accept: */*
</protocol>
<stdout>
--_curl_--%HOSTIP:%HTTPPORT/12350001
HTTP/1.1 200 OK
Funny-head: yesyes
Content-Length: 15
the number one
--_curl_--%HOSTIP:%HTTPPORT/12350002
HTTP/1.1 200 OK
Funny-head: yesyes
Content-Length: 16
two is nice too
--_curl_--%HOSTIP:%HTTPPORT/12350001
HTTP/1.1 200 OK
Funny-head: yesyes
Content-Length: 15
the number one
--_curl_--%HOSTIP:%HTTPPORT/12350002
HTTP/1.1 200 OK
Funny-head: yesyes
Content-Length: 16
two is nice too
</stdout>
</verify>
</testcase>