aboutsummaryrefslogtreecommitdiff
path: root/tests/data/Makefile.inc
AgeCommit message (Collapse)Author
2019-10-03urlapi: fix use-after-free bugDaniel Stenberg
Follow-up from 2c20109a9b5d04 Added test 663 to verify. Reported by OSS-Fuzz Bug: https://crbug.com/oss-fuzz/17954 Closes #4453
2019-10-02redirect: when following redirects to an absolute URL, URL encode itDaniel Stenberg
... to make it handle for example (RFC violating) embeded spaces. Reported-by: momala454 on github Fixes #4445 Closes #4447
2019-09-28cookies: using a share with cookies shouldn't enable the cookie engineDaniel Stenberg
The 'share object' only sets the storage area for cookies. The "cookie engine" still needs to be enabled or activated using the normal cookie options. This caused the curl command line tool to accidentally use cookies without having been told to, since curl switched to using shared cookies in 7.66.0. Test 1166 verifies Updated test 506 Fixes #4429 Closes #4434
2019-09-27FTP: add test for FTPFILE_NOCWD: Avoid redundant CWDsZenju
Add libtest 661 Closes #4417
2019-09-15doh: fix (harmless) buffer overrunPaul Dreik
Added unit test case 1655 to verify. Close #4352 the code correctly finds the flaws in the old code, if one temporarily restores doh.c to the old version.
2019-09-13FTP: allow "rubbish" prepended to the SIZE responseDaniel Stenberg
This is a protocol violation but apparently there are legacy proprietary servers doing this. Added test 336 and 337 to verify. Reported-by: Philippe Marguinaud Closes #4339
2019-08-16http: fix use of credentials from URL when using HTTP proxyDaniel Stenberg
When a username and password are provided in the URL, they were wrongly removed from the stored URL so that subsequent uses of the same URL wouldn't find the crendentials. This made doing HTTP auth with multiple connections (like Digest) mishave. Regression from 46e164069d1a5230 (7.62.0) Test case 335 added to verify. Reported-by: Mike Crowe Fixes #4228 Closes #4229
2019-08-07CURLINFO_RETRY_AFTER: parse the Retry-After header valueDaniel Stenberg
This is only the libcurl part that provides the information. There's no user of the parsed value. This change includes three new tests for the parser. Ref: #3794
2019-08-06curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the toolSteve Holme
Ref: https://github.com/curl/curl/issues/3653 Ref: https://github.com/curl/curl/pull/3790 NOTE: This commit was cherry-picked and is part of a series of commits that added the authzid feature for upcoming 7.66.0. The series was temporarily reverted in db8ec1f so that it would not ship in a 7.65.x patch release. Closes https://github.com/curl/curl/pull/4186
2019-08-06http09: disable HTTP/0.9 by default in both tool and libraryDaniel Stenberg
As the plan has been laid out in DEPRECATED. Update docs accordingly and verify in test 1174. Now requires the option to be set to allow HTTP/0.9 responses. Closes #4191
2019-08-01http_negotiate: improve handling of gss_init_sec_context() failuresKamil Dudka
If HTTPAUTH_GSSNEGOTIATE was used for a POST request and gss_init_sec_context() failed, the POST request was sent with empty body. This commit also restores the original behavior of `curl --fail --negotiate`, which was changed by commit 6c6035532383e300c712e4c1cd9fdd749ed5cf59. Add regression tests 2077 and 2078 to cover this. Fixes #3992 Closes #4171
2019-07-30curl: cap the maximum allowed values for retry time argumentsDaniel Stenberg
... to avoid integer overflows later when multiplying with 1000 to convert seconds to milliseconds. Added test 1269 to verify. Reported-by: Jason Lee Closes #4166
2019-07-15test1173: detect some basic man page format mistakesDaniel Stenberg
Triggered by PR #4111 Closes #4113
2019-07-14libcurl: Add testcase for gopher redirectsLinos Giannopoulos
The testcase ensures that redirects to CURLPROTO_GOPHER won't be allowed, by default, in the future. Also, curl is being used for convenience while keeping the testcases DRY. The expected error code is CURLE_UNSUPPORTED_PROTOCOL when the client is redirected to CURLPROTO_GOPHER Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr>
2019-07-14http: allow overriding timecond with custom headerPeter Simonyi
With CURLOPT_TIMECONDITION set, a header is automatically added (e.g. If-Modified-Since). Allow this to be replaced or suppressed with CURLOPT_HTTPHEADER. Fixes #4103 Closes #4109
2019-06-18test1523: basic test of CURLOPT_LOW_SPEED_LIMITDaniel Stenberg
2019-06-11test1165: verify that CURL_DISABLE_ symbols are in syncDaniel Stenberg
between configure.ac and source code. They should be possible to switch on/off in configure AND be used in source code.
2019-06-02test334: verify HTTP 204 response with chunked coding headerDaniel Stenberg
Verifies that a bodyless response don't parse this content-related header.
2019-05-25Revert all SASL authzid (new feature) commitsJay Satiro
- Revert all commits related to the SASL authzid feature since the next release will be a patch release, 7.65.1. Prior to this change CURLOPT_SASL_AUTHZID / --sasl-authzid was destined for the next release, assuming it would be a feature release 7.66.0. However instead the next release will be a patch release, 7.65.1 and will not contain any new features. After the patch release after the reverted commits can be restored by using cherry-pick: git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690 Details for all reverted commits: Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()." This reverts commit 0edf6907ae37e2020722e6f61229d8ec64095b0a. Revert "tests: Fix the line endings for the SASL alt-auth tests" This reverts commit c2a8d52a1356a722ff9f4aeb983cd4eaf80ef221. Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples" This reverts commit 8c1cc369d0c7163c6dcc91fd38edfea1f509ae75. Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool" This reverts commit a9499ff136d89987af885e2d7dff0a066a3e5817. Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID" This reverts commit a14d72ca2fec5d4eb5a043936e4f7ce08015c177.
2019-05-22curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the toolSteve Holme
2019-05-20curl: report error for "--no-" on non-boolean optionsDaniel Stenberg
Reported-by: Olen Andoni Fixes #3906 Closes #3907
2019-05-20test332: verify the blksize fixDaniel Stenberg
2019-04-29CURL_MAX_INPUT_LENGTH: largest acceptable string input sizeDaniel Stenberg
This limits all accepted input strings passed to libcurl to be less than CURL_MAX_INPUT_LENGTH (8000000) bytes, for these API calls: curl_easy_setopt() and curl_url_set(). The 8000000 number is arbitrary picked and is meant to detect mistakes or abuse, not to limit actual practical use cases. By limiting the acceptable string lengths we also reduce the risk of integer overflows all over. NOTE: This does not apply to `CURLOPT_POSTFIELDS`. Test 1559 verifies. Closes #3805
2019-04-20test660: verify CONNECT_ONLY with IMAPDaniel Stenberg
which basically just makes sure LOGOUT is *not* issued on disconnect
2019-04-13test: make tests and test scripts use socksd for SOCKSDaniel Stenberg
Make all SOCKS tests use socksd instead of ssh.
2019-04-11test1906: verify CURLOPT_CURLU + CURLOPT_PORT usageDaniel Stenberg
Based-on-code-by: Poul T Lomholt
2019-04-06pipelining: removedDaniel Stenberg
As previously planned and documented in DEPRECATE.md, all pipelining code is removed. Closes #3651
2019-03-18test1541: threaded connection sharingDaniel Stenberg
The threaded-shared-conn.c example turned into test case. Only works if pthread was detected. An attempt to detect future regressions such as e3a53e3efb942a5 Closes #3687
2019-03-09test331: verify set-cookie for dotless host nameDaniel Stenberg
Reproduced bug #3649 Closes #3659
2019-03-04CURLU: fix NULL dereference when used over proxyDaniel Stenberg
Test 659 verifies Also fixed the test 658 name Closes #3641
2019-03-03alt-svc: add test 355 and 356 to verify with command line curlDaniel Stenberg
2019-03-03alt-svc: the libcurl bitsDaniel Stenberg
2019-02-27cookies: only save the cookie file if the engine is enabledDaniel Stenberg
Follow-up to 8eddb8f4259. If the cookieinfo pointer is NULL there really is nothing to save. Without this fix, we got a problem when a handle was using shared object with cookies and is told to "FLUSH" it to file (which worked) and then the share object was removed and when the easy handle was closed just afterwards it has no cookieinfo and no cookies so it decided to save an empty jar (overwriting the file just flushed). Test 1905 now verifies that this works. Assisted-by: Michael Wallner Assisted-by: Marcel Raad Closes #3621
2019-01-10test1558: verify CURLINFO_PROTOCOL on file:// transferDaniel Stenberg
Attempt to reproduce issue #3444. Closes #3447
2019-01-10xattr: strip credentials from any URL that is storedDaniel Stenberg
Both user and password are cleared uncondtitionally. Added unit test 1621 to verify. Fixes #3423 Closes #3433
2019-01-10cookies: allow secure override when done over HTTPSDaniel Stenberg
Added test 1562 to verify. Reported-by: Jeroen Ooms Fixes #3445 Closes #3450
2019-01-09cookies: skip custom cookies when redirecting cross-siteKatsuhiko YOSHIDA
Closes #3417
2019-01-07curl_multi_remove_handle() don't block terminating c-ares requestsBrad Spencer
Added Curl_resolver_kill() for all three resolver modes, which only blocks when necessary, along with test 1592 to confirm curl_multi_remove_handle() doesn't block unless it must. Closes #3428 Fixes #3371
2018-12-27hostip: support wildcard hostsClaes Jakobsson
This adds support for wildcard hosts in CURLOPT_RESOLVE. These are try-last so any non-wildcard entry is resolved first. If specified, any host not matched by another CURLOPT_RESOLVE config will use this as fallback. Example send a.com to 10.0.0.1 and everything else to 10.0.0.2: curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \ https://a.com https://b.com This is probably quite similar to using: --connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443 Closes #3406 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-21http: added options for allowing HTTP/0.9 responsesDaniel Stenberg
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose. For now, both the tool and library allow HTTP/0.9 by default. docs/DEPRECATE.md lays out the plan for when to reverse that default: 6 months after the 7.64.0 release. The options are added already now so that applications/scripts can start using them already now. Fixes #2873 Closes #3383
2018-12-14http: Implement trailing headers for chunked transfersAyoub Boudhar
This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION options that allow a callback based approach to sending trailing headers with chunked transfers. The test server (sws) was updated to take into account the detection of the end of transfer in the case of trailing headers presence. Test 1591 checks that trailing headers can be sent using libcurl. Closes #3350
2018-12-13cookies: leave secure cookies aloneDaniel Gustafsson
Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-12test1519: use lib1518 and test CURLINFO_REDIRECT_URL moreDaniel Stenberg
2018-12-12Curl_follow: extract the Location: header field unvalidatedDaniel Stenberg
... when not actually following the redirect. Otherwise we return error for this and an application can't extract the value. Test 1518 added to verify. Reported-by: Pavel Pavlov Fixes #3340 Closes #3364
2018-12-11tests: add urlapi unittestDaniel Gustafsson
This adds a new unittest intended to cover the internal functions in the urlapi code, starting with parse_port(). In order to avoid name collisions in debug builds, parse_port() is renamed Curl_parse_port() since it will be exported. Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-12-11http: fix HTTP auth to include query in URIJay Satiro
- Include query in the path passed to generate HTTP auth. Recent changes to use the URL API internally (46e1640, 7.62.0) inadvertently broke authentication URIs by omitting the query. Fixes https://github.com/curl/curl/issues/3353 Closes #3356
2018-12-09test329: verify cookie max-age=0 immediate expiryDaniel Stenberg
2018-11-28test328: verify Content-Encoding: noneDaniel Stenberg
Because of issue #3315 Closes #3317
2018-11-23cookies: create the cookiejar even if no cookies to saveDaniel Stenberg
Important for when the file is going to be read again and thus must not contain old contents! Adds test 327 to verify. Reported-by: daboul on github Fixes #3299 Closes #3300
2018-11-09setopt: add CURLOPT_CURLUJim Fuller
Allows an application to pass in a pre-parsed URL via a URL handle. Closes #3227