aboutsummaryrefslogtreecommitdiff
path: root/tests/data/Makefile.inc
AgeCommit message (Collapse)Author
2018-10-30test2080: verify the fix for CVE-2018-16842Daniel Stenberg
2018-10-27test1651: unit test Curl_extract_certinfo()Daniel Stenberg
The version used for Gskit, NSS, GnuTLS, WolfSSL and schannel.
2018-09-08URL-APIDaniel Stenberg
See header file and man pages for API. All documented API details work and are tested in the 1560 test case. Closes #2842
2018-09-06imap: change from "FETCH" to "UID FETCH"Nicklas Avén
... and add "MAILINDEX". As described in #2789, this is a suggested solution. Changing UID=xx to actually get mail with UID xx and add "MAILINDEX" to get a mail with a special index in the mail box (old behavior). So MAILINDEX=1 gives the first non deleted mail in the mail box. Fixes #2789 Closes #2815
2018-09-06DOH: add test case 1650 and 2100Daniel Stenberg
2018-09-05tests: add unit tests for url.cJim Fuller
Approved-by: Daniel Gustafsson Closes #2937
2018-08-15curl: warn the user if a given file name looks like an optionDaniel Stenberg
... simply because this is usually a sign of the user having omitted the file name and the next option is instead "eaten" by the parser as a file name. Add test1268 to verify Closes #2885
2018-08-14ssh-libssh: fix infinite connect loop on invalid private keyKamil Dudka
Added test 656 (based on test 604) to verify the fix. Bug: https://bugzilla.redhat.com/1595135 Closes #2879
2018-08-13http: fix for tiny "HTTP/0.9" responseDaniel Stenberg
Deal with tiny "HTTP/0.9" (header-less) responses by checking the status-line early, even before a full "HTTP/" is received to allow detecting 0.9 properly. Test 1266 and 1267 added to verify. Fixes #2420 Closes #2872
2018-08-11Split non-portable part off test 1133Marcel Raad
Split off testing file names with double quotes into new test 1158. Disable it for MSYS using a precheck as it doesn't support file names with double quotes (but Cygwin does, for example). Fixes https://github.com/curl/curl/issues/2796 Closes https://github.com/curl/curl/pull/2854
2018-08-11CURLINFO_SIZE_UPLOAD: fix missing counter updateDaniel Stenberg
Adds test 1522 for verification. Reported-by: cjmsoregan Fixes #2847 Closes #2864
2018-07-28test1157: test -H from empty fileDaniel Stenberg
Verifies bugfix #2797
2018-06-23multi: fix crash due to dangling entry in connect-pending listJavier Blazquez
Fixes #2677 Closes #2679
2018-06-16multi: fix memory leak when stopped during name resolveDaniel Stenberg
When the application just started the transfer and then stops it while the name resolve in the background thread hasn't completed, we need to wait for the resolve to complete and then cleanup data accordingly. Enabled test 1553 again and added test 1590 to also check when the host name resolves successfully. Detected by OSS-fuzz. Closes #1968
2018-06-01CURLOPT_RESOLVE: always purge old entry firstAlibek.Jorajev
If there's an existing entry using the selected name. Closes #2622
2018-05-31option: disallow username in URLBjörn Stenberg
Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes libcurl reject URLs with a username in them. Closes #2340
2018-05-24httpauth: add support for Bearer tokensLinus Lewandowski
Closes #2102
2018-05-22http resume: skip body if http code 416 (range error) is ignored.Patrick Monnerat
This avoids appending error data to already existing good data. Test 92 is updated to match this change. New test 1156 checks all combinations of --range/--resume, --fail, Content-Range header and http status code 200/416. Fixes #1163 Reported-By: Ithubg on github Closes #2578
2018-05-13cookies: do not take cookie name as a parameterPatrick Monnerat
RFC 6265 section 4.2.1 does not set restrictions on cookie names. This is a follow-up to commit 7f7fcd0. Also explicitly check proper syntax of cookie name/value pair. New test 1155 checks that cookie names are not reserved words. Reported-By: anshnd at github Fixes #2564 Closes #2566
2018-04-18schannel: add support for CURLOPT_CAINFODan McNulty
- Move verify_certificate functionality in schannel.c into a new file called schannel_verify.c. Additionally, some structure defintions from schannel.c have been moved to schannel.h to allow them to be used in schannel_verify.c. - Make verify_certificate functionality for Schannel available on all versions of Windows instead of just Windows CE. verify_certificate will be invoked on Windows CE or when the user specifies CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER. - In verify_certificate, create a custom certificate chain engine that exclusively trusts the certificate store backed by the CURLOPT_CAINFO file. - doc updates of --cacert/CAINFO support for schannel - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString when available. This implements a TODO in schannel.c to improve handling of multiple SANs in a certificate. In particular, all SANs will now be searched instead of just the first name. - Update tool_operate.c to not search for the curl-ca-bundle.crt file when using Schannel to maintain backward compatibility. Previously, any curl-ca-bundle.crt file found in that search would have been ignored by Schannel. But, with CAINFO support, the file found by that search would have been used as the certificate store and could cause issues for any users that have curl-ca-bundle.crt in the search path. - Update url.c to not set the build time CURL_CA_BUNDLE if the selected SSL backend is Schannel. We allow setting CA location for schannel only when explicitly specified by the user via CURLOPT_CAINFO / --cacert. - Add new test cases 3000 and 3001. These test cases check that the first and last SAN, respectively, matches the connection hostname. New test certificates have been added for these cases. For 3000, the certificate prefix is Server-localhost-firstSAN and for 3001, the certificate prefix is Server-localhost-secondSAN. - Remove TODO 15.2 (Add support for custom server certificate validation), this commit addresses it. Closes https://github.com/curl/curl/pull/1325
2018-03-17resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSESRick Deist
This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request shuffling of IP addresses returned for a hostname when there is more than one. This is useful when the application knows that a round robin approach is appropriate and is willing to accept the consequences of potentially discarding some preference order returned by the system's implementation. Closes #1694
2018-03-17CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocolLawrence Matthews
Add --haproxy-protocol for the command line tool Closes #2162
2018-03-15transfer: make HTTP without headers count correct body sizeDaniel Stenberg
This is what "HTTP/0.9" basically looks like. Reported on IRC Closes #2382
2018-03-12FTP: reject path components with control codesDaniel Stenberg
Refuse to operate when given path components featuring byte values lower than 32. Previously, inserting a %00 sequence early in the directory part when using the 'singlecwd' ftp method could make curl write a zero byte outside of the allocated buffer. Test case 340 verifies. CVE-2018-1000120 Reported-by: Duy Phan Thanh Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
2018-03-11HTTP: allow "header;" to replace an internal header with a blank oneDaniel Stenberg
Reported-by: Michael Kaufmann Fixes #2357 Closes #2362
2018-03-04NO_PROXY: fix for IPv6 numericals in the URLDaniel Stenberg
Added test 1265 that verifies. Reported-by: steelman on github Fixes #2353 Closes #2355
2018-02-21url: Add option CURLOPT_RESOLVER_START_FUNCTIONFrancisco Sedano
- Add new option CURLOPT_RESOLVER_START_FUNCTION to set a callback that will be called every time before a new resolve request is started (ie before a host is resolved) with a pointer to backend-specific resolver data. Currently this is only useful for ares. - Add new option CURLOPT_RESOLVER_START_DATA to set a user pointer to pass to the resolver start callback. Closes https://github.com/curl/curl/pull/2311
2018-02-20CURLOPT_RESOLVE: Add support for multiple IP addresses per entryAnders Bakken
This enables users to preresolve but still take advantage of happy eyeballs and trying multiple addresses if some are not connecting. Ref: https://github.com/curl/curl/pull/2260
2018-02-16test1556: verify >16KB headers to the header callbackDaniel Stenberg
2018-02-16test1154: verify that long HTTP headers get rejectedDaniel Stenberg
2018-02-15TODO fixed: Detect when called from within callbacksBjörn Stenberg
Closes #2302
2018-02-13tests: new tests for http raw modePatrick Monnerat
Test 319 checks proper raw mode data with non-chunked gzip transfer-encoded server data. Test 326 checks raw mode with chunked server data. Bug: #2303 Closes #2308
2018-02-12smtp: fix processing of initial dot in dataPatrick Monnerat
RFC 5321 4.1.1.4 specifies the CRLF terminating the DATA command should be taken into account when chasing the <CRLF>.<CRLF> end marker. Thus a leading dot character in data is also subject to escaping. Tests 911 and test server are adapted to this situation. New tests 951 and 952 check proper handling of initial dot in data. Closes #2304
2018-01-23test1454: --connect-to with IPv6 address w/o IPv6 support!Daniel Stenberg
2018-01-22http: prevent custom Authorization headers in redirectsDaniel Stenberg
... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how curl already handles Authorization headers created internally. Note: this changes behavior slightly, for the sake of reducing mistakes. Added test 317 and 318 to verify. Reported-by: Craig de Stigter Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
2018-01-14mime: clone mime tree upon easy handle duplication.Patrick Monnerat
A mime tree attached to an easy handle using CURLOPT_MIMEPOST is strongly bound to the handle: there is a pointer to the easy handle in each item of the mime tree and following the parent pointer list of mime items ends in a dummy part stored within the handle. Because of this binding, a mime tree cannot be shared between different easy handles, thus it needs to be cloned upon easy handle duplication. There is no way for the caller to get the duplicated mime tree handle: it is then set to be automatically destroyed upon freeing the new easy handle. New test 654 checks proper mime structure duplication/release. Add a warning note in curl_mime_data_cb() documentation about sharing user data between duplicated handles. Closes #2235
2018-01-13test395: HTTP with overflow Content-Length valueDaniel Stenberg
2018-01-13test394: verify abort of rubbish in Content-Length: valueDaniel Stenberg
2018-01-13test393: verify --max-filesize with excessive Content-LengthDaniel Stenberg
2017-12-27brotli: data at the end of content can be lostMikalai Ananenka
Decoding loop implementation did not concern the case when all received data is consumed by Brotli decoder and the size of decoded data internally hold by Brotli decoder is greater than CURL_MAX_WRITE_SIZE. For content with unencoded length greater than CURL_MAX_WRITE_SIZE this can result in the loss of data at the end of content. Closes #2194
2017-12-20curl_easy_reset: release mime-related data.Patrick Monnerat
Move curl_mime_initpart() and curl_mime_cleanpart() calls to lower-level functions dealing with UserDefined structure contents. This avoids memory leakages on curl-generated part mime headers. New test 2073 checks this using the cli tool --next option: it triggers a valgrind error if bug is present. Bug: https://curl.haxx.se/mail/lib-2017-12/0060.html Reported-by: Martin Galvan
2017-12-20content_encoding: rework zlib_inflatePatrick Monnerat
- When zlib version is < 1.2.0.4, process gzip trailer before considering extra data as an error. - Inflate with Z_BLOCK instead of Z_SYNC_FLUSH to maximize correct data and minimize corrupt data output. - Do not try to restart deflate decompression in raw mode if output has started or if the leading data is not available anymore. - New test 232 checks inflating raw-deflated content. Closes #2068
2017-12-05sasl_getmesssage: make sure we have a long enough string to passDaniel Stenberg
For pop3/imap/smtp, added test 891 to somewhat verify the pop3 case. For this, I enhanced the pingpong test server to be able to send back responses with LF-only instead of always using CRLF. Closes #2150
2017-11-27wildcardmatch: fix heap buffer overflow in setcharsetDaniel Stenberg
The code would previous read beyond the end of the pattern string if the match pattern ends with an open bracket when the default pattern matching function is used. Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161 CVE-2017-8817 Bug: https://curl.haxx.se/docs/adv_2017-ae72.html
2017-11-24test: add test for bad UNC/SMB path in file: URLMatthew Kerwin
2017-11-24test: add tests to ensure basic file: URLsMatthew Kerwin
2017-11-22test1264: verify URL with space in host name being rejectedMichael Kaufmann
2017-11-17resolve: allow IP address within [] bracketsDaniel Stenberg
... so that IPv6 addresses can be passed like they can for connect-to and how they're used in URLs. Added test 1324 to verify Reported-by: Alex Malinovich Fixes #2087 Closes #2091
2017-11-14URL: return error on malformed URLs with junk after IPv6 bracketMichael Kaufmann
Follow-up to aadb7c7. Verified by new test 1263. Closes #2072
2017-11-09test1554: verify connection cache sharingDaniel Stenberg