1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-17 06:55:02 -05:00
curl/tests/unit/unit1304.c
Jonathan Nieder 36585b5395 netrc: handle longer username and password
libcurl truncates usernames and passwords it reads from .netrc to
LOGINSIZE and PASSWORDSIZE (64) characters without any indication to
the user, to ensure the values returned from Curl_parsenetrc fit in a
caller-provided buffer.

Fix the interface by passing back dynamically allocated buffers
allocated to fit the user's input.  The parser still relies on a
256-character buffer to read each line, though.

So now you can include an ~246-character password in your .netrc,
instead of the previous limit of 63 characters.

Reported-by: Colby Ranger
2013-08-20 11:16:38 +02:00

152 lines
5.2 KiB
C

/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
***************************************************************************/
#include "curlcheck.h"
#include "netrc.h"
static char *login;
static char *password;
static char filename[64];
static CURLcode unit_setup(void)
{
password = strdup("");
login = strdup("");
return CURLE_OK;
}
static void unit_stop(void)
{
}
UNITTEST_START
int result;
static const char* filename1 = "log/netrc1304";
memcpy(filename, filename1, strlen(filename1));
/*
* Test a non existent host in our netrc file.
*/
result = Curl_parsenetrc("test.example.com", &login, &password, filename);
fail_unless(result == 1, "Host not found should return 1");
fail_unless(password[0] == 0, "password should not have been changed");
fail_unless(login[0] == 0, "login should not have been changed");
/*
* Test a non existent login in our netrc file.
*/
free(login);
login = strdup("me");
result = Curl_parsenetrc("example.com", &login, &password, filename);
fail_unless(result == 0, "Host should be found");
fail_unless(password[0] == 0, "password should not have been changed");
fail_unless(strncmp(login, "me", 2) == 0, "login should not have been changed");
/*
* Test a non existent login and host in our netrc file.
*/
free(login);
login = strdup("me");
result = Curl_parsenetrc("test.example.com", &login, &password, filename);
fail_unless(result == 1, "Host should be found");
fail_unless(password[0] == 0, "password should not have been changed");
fail_unless(strncmp(login, "me", 2) == 0, "login should not have been changed");
/*
* Test a non existent login (substring of an existing one) in our
* netrc file.
*/
free(login);
login = strdup("admi");
result = Curl_parsenetrc("example.com", &login, &password, filename);
fail_unless(result == 0, "Host should be found");
fail_unless(password[0] == 0, "password should not have been changed");
fail_unless(strncmp(login, "admi", 4) == 0, "login should not have been changed");
/*
* Test a non existent login (superstring of an existing one)
* in our netrc file.
*/
free(login);
login = strdup("adminn");
result = Curl_parsenetrc("example.com", &login, &password, filename);
fail_unless(result == 0, "Host should be found");
fail_unless(password[0] == 0, "password should not have been changed");
fail_unless(strncmp(login, "adminn", 6) == 0, "login should not have been changed");
/*
* Test for the first existing host in our netrc file
* with login[0] = 0.
*/
free(login);
login = strdup("");
result = Curl_parsenetrc("example.com", &login, &password, filename);
fail_unless(result == 0, "Host should have been found");
fail_unless(strncmp(password, "passwd", 6) == 0,
"password should be 'passwd'");
fail_unless(strncmp(login, "admin", 5) == 0, "login should be 'admin'");
/*
* Test for the first existing host in our netrc file
* with login[0] != 0.
*/
free(password);
password = strdup("");
result = Curl_parsenetrc("example.com", &login, &password, filename);
fail_unless(result == 0, "Host should have been found");
fail_unless(strncmp(password, "passwd", 6) == 0,
"password should be 'passwd'");
fail_unless(strncmp(login, "admin", 5) == 0, "login should be 'admin'");
/*
* Test for the second existing host in our netrc file
* with login[0] = 0.
*/
free(password);
password = strdup("");
free(login);
login = strdup("");
result = Curl_parsenetrc("curl.example.com", &login, &password, filename);
fail_unless(result == 0, "Host should have been found");
fail_unless(strncmp(password, "none", 4) == 0,
"password should be 'none'");
fail_unless(strncmp(login, "none", 4) == 0, "login should be 'none'");
/*
* Test for the second existing host in our netrc file
* with login[0] != 0.
*/
free(password);
password = strdup("");
result = Curl_parsenetrc("curl.example.com", &login, &password, filename);
fail_unless(result == 0, "Host should have been found");
fail_unless(strncmp(password, "none", 4) == 0,
"password should be 'none'");
fail_unless(strncmp(login, "none", 4) == 0, "login should be 'none'");
/* TODO:
* Test over the size limit password / login!
* Test files with a bad format
*/
UNITTEST_STOP