mirror of
https://github.com/moparisthebest/curl
synced 2024-11-14 05:25:06 -05:00
92 lines
2.7 KiB
C
92 lines
2.7 KiB
C
/***************************************************************************
|
|
* _ _ ____ _
|
|
* Project ___| | | | _ \| |
|
|
* / __| | | | |_) | |
|
|
* | (__| |_| | _ <| |___
|
|
* \___|\___/|_| \_\_____|
|
|
*
|
|
* Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
*
|
|
* This software is licensed as described in the file COPYING, which
|
|
* you should have received as part of this distribution. The terms
|
|
* are also available at https://curl.se/docs/copyright.html.
|
|
*
|
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
* copies of the Software, and permit persons to whom the Software is
|
|
* furnished to do so, under the terms of the COPYING file.
|
|
*
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
* KIND, either express or implied.
|
|
*
|
|
***************************************************************************/
|
|
#include "test.h"
|
|
|
|
#include "testutil.h"
|
|
#include "warnless.h"
|
|
#include "memdebug.h"
|
|
|
|
/* The maximum string length limit (CURL_MAX_INPUT_LENGTH) is an internal
|
|
define not publicly exposed so we set our own */
|
|
#define MAX_INPUT_LENGTH 8000000
|
|
|
|
static char buffer[MAX_INPUT_LENGTH + 2];
|
|
|
|
int test(char *URL)
|
|
{
|
|
const struct curl_easyoption *o;
|
|
CURL *easy;
|
|
int error = 0;
|
|
(void)URL;
|
|
|
|
curl_global_init(CURL_GLOBAL_ALL);
|
|
easy = curl_easy_init();
|
|
if(!easy) {
|
|
curl_global_cleanup();
|
|
return 1;
|
|
}
|
|
|
|
/* make it a zero terminated C string with just As */
|
|
memset(buffer, 'A', MAX_INPUT_LENGTH + 1);
|
|
buffer[MAX_INPUT_LENGTH + 1] = 0;
|
|
|
|
printf("string length: %d\n", (int)strlen(buffer));
|
|
|
|
for(o = curl_easy_option_next(NULL);
|
|
o;
|
|
o = curl_easy_option_next(o)) {
|
|
if(o->type == CURLOT_STRING) {
|
|
CURLcode result;
|
|
/*
|
|
* Whitelist string options that are safe for abuse
|
|
*/
|
|
switch(o->id) {
|
|
case CURLOPT_PROXY_TLSAUTH_TYPE:
|
|
case CURLOPT_TLSAUTH_TYPE:
|
|
continue;
|
|
default:
|
|
/* check this */
|
|
break;
|
|
}
|
|
|
|
/* This is a string. Make sure that passing in a string longer
|
|
CURL_MAX_INPUT_LENGTH returns an error */
|
|
result = curl_easy_setopt(easy, o->id, buffer);
|
|
switch(result) {
|
|
case CURLE_BAD_FUNCTION_ARGUMENT: /* the most normal */
|
|
case CURLE_UNKNOWN_OPTION: /* left out from the build */
|
|
case CURLE_NOT_BUILT_IN: /* not supported */
|
|
break;
|
|
default:
|
|
/* all other return codes are unexpected */
|
|
fprintf(stderr, "curl_easy_setopt(%s...) returned %d\n",
|
|
o->name, (int)result);
|
|
error++;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
curl_easy_cleanup(easy);
|
|
curl_global_cleanup();
|
|
return error;
|
|
}
|