1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-13 04:55:03 -05:00
curl/tests/data/test1465
Daniel Stenberg ec9cc725d5
ftp: CURLOPT_FTP_SKIP_PASV_IP by default
The command line tool also independently sets --ftp-skip-pasv-ip by
default.

Ten test cases updated to adapt the modified --libcurl output.

Bug: https://curl.se/docs/CVE-2020-8284.html
CVE-2020-8284

Reported-by: Varnavas Papaioannou
2020-12-07 08:38:05 +01:00

117 lines
2.9 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<testcase>
<info>
<keywords>
HTTP
HTTP POST
--libcurl
</keywords>
</info>
# Server-side
<reply>
<data>
HTTP/1.1 200 OK
Date: Thu, 29 Jul 2008 14:49:00 GMT
Server: test-server/fake
Content-Length: 0
Content-Type: text/plain
Connection: close
</data>
</reply>
# Client-side
<client>
<server>
http
</server>
<name>
--libcurl for POST with binary content
</name>
<setenv>
SSL_CERT_FILE=
</setenv>
<command>
http://%HOSTIP:%HTTPPORT/we/want/1465 --libcurl log/test1465.c --data-binary @log/1465-upload
</command>
# abcdefghi
<file name="log/1465-upload">
%hex[abcd%00e%00fghi]hex%
</file>
</client>
# Verify data after the test has been "shot"
<verify>
<protocol>
POST /we/want/1465 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
User-Agent: curl/%VERSION
Accept: */*
Content-Length: 12
Content-Type: application/x-www-form-urlencoded
%hex[abcd%00e%00fghi]hex%
</protocol>
<stripfile>
# CURLOPT_SSL_VERIFYPEER, SSH_KNOWNHOSTS and HTTP_VERSION vary with
# configurations - just ignore them
$_ = '' if /CURLOPT_SSL_VERIFYPEER/
$_ = '' if /CURLOPT_SSH_KNOWNHOSTS/
$_ = '' if /CURLOPT_HTTP_VERSION/
$_ = '' if /CURLOPT_INTERLEAVEDATA/
</stripfile>
<file name="log/test1465.c" mode="text">
/********* Sample code generated by the curl command line tool **********
* All curl_easy_setopt() options are documented at:
* https://curl.se/libcurl/c/curl_easy_setopt.html
************************************************************************/
#include <curl/curl.h>
int main(int argc, char *argv[])
{
CURLcode ret;
CURL *hnd;
hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_BUFFERSIZE, 102400L);
curl_easy_setopt(hnd, CURLOPT_URL, "http://%HOSTIP:%HTTPPORT/we/want/1465");
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "abcd\x00e\x00fghi\n");
curl_easy_setopt(hnd, CURLOPT_POSTFIELDSIZE_LARGE, (curl_off_t)12);
curl_easy_setopt(hnd, CURLOPT_USERAGENT, "curl/%VERSION");
curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
/* Here is a list of options the curl code used that cannot get generated
as source easily. You may select to either not use them or implement
them yourself.
CURLOPT_WRITEDATA set to a objectpointer
CURLOPT_WRITEFUNCTION set to a functionpointer
CURLOPT_READDATA set to a objectpointer
CURLOPT_READFUNCTION set to a functionpointer
CURLOPT_SEEKDATA set to a objectpointer
CURLOPT_SEEKFUNCTION set to a functionpointer
CURLOPT_ERRORBUFFER set to a objectpointer
CURLOPT_STDERR set to a objectpointer
CURLOPT_DEBUGFUNCTION set to a functionpointer
CURLOPT_DEBUGDATA set to a objectpointer
CURLOPT_HEADERFUNCTION set to a functionpointer
CURLOPT_HEADERDATA set to a objectpointer
*/
ret = curl_easy_perform(hnd);
curl_easy_cleanup(hnd);
hnd = NULL;
return (int)ret;
}
/**** End of sample code ****/
</file>
</verify>
</testcase>