aboutsummaryrefslogtreecommitdiff
path: root/tests/data
AgeCommit message (Collapse)Author
2013-06-25formpost: better random boundariesDaniel Stenberg
When doing multi-part formposts, libcurl used a pseudo-random value that was seeded with time(). This turns out to be bad for users who formpost data that is provided with users who then can guess how the boundary string will look like and then they can forge a different formpost part and trick the receiver. My advice to such implementors is (still even after this change) to not rely on the boundary strings being cryptographically strong. Fix your code and logic to not depend on them that much! I moved the Curl_rand() function into the sslgen.c source file now to be able to take advantage of the SSL library's random function if it provides one. If not, try to use the RANDOM_FILE for seeding and as a last resort keep the old logic, just modified to also add microseconds which makes it harder to properly guess the exact seed. The formboundary() function in formdata.c is now using 64 bit entropy for the boundary and therefore the string of dashes was reduced by 4 letters and there are 16 hex digits following it. The total length is thus still the same. Bug: http://curl.haxx.se/bug/view.cgi?id=1251 Reported-by: "Floris"
2013-06-24tests: add test1395 to the tarballDaniel Stenberg
2013-06-22test1396: invoke the correct test tool!Daniel Stenberg
This erroneously run unit test 1310 instead of 1396!
2013-06-22test1230: avoid using hard-wired port numberKamil Dudka
... to prevent failure when a non-default -b option is given
2013-06-22dotdot: introducing dot file path cleanupDaniel Stenberg
RFC3986 details how a path part passed in as part of a URI should be "cleaned" from dot sequences before getting used. The described algorithm is now implemented in lib/dotdot.c with the accompanied test case in test 1395. Bug: http://curl.haxx.se/bug/view.cgi?id=1200 Reported-by: Alex Vinnik
2013-06-22unit1396: unit tests to verify curl_easy_(un)escapeDaniel Stenberg
2013-06-17test506: verify that CURLOPT_COOKIELIST takes share lockBenjamin Gilbert
It doesn't right now: http://curl.haxx.se/bug/view.cgi?id=1215
2013-06-12cookies: follow-up fix for path checkingYAMADA Yasuharu
The initial fix to only compare full path names were done in commit 04f52e9b4db0 but found out to be incomplete. This takes should make the change more complete and there's now two additional tests to verify (test 31 and 62).
2013-06-12test2033: requires NTLM supportEric Hu
2013-06-04test1230: verify CONNECT to a numerical ipv6-addressDaniel Stenberg
2013-05-27Digest auth: escape user names with \ or " in themDaniel Stenberg
When sending the HTTP Authorization: header for digest, the user name needs to be escaped if it contains a double-quote or backslash. Test 1229 was added to verify Reported and fixed by: Nach M. S Bug: http://curl.haxx.se/bug/view.cgi?id=1230
2013-05-19tests: add test1394 file to the tarballDaniel Stenberg
2013-05-18cookies: only consider full path matchesYAMADA Yasuharu
I found a bug which cURL sends cookies to the path not to aim at. For example: - cURL sends a request to http://example.fake/hoge/ - server returns cookie which with path=/hoge; the point is there is NOT the '/' end of path string. - cURL sends a request to http://example.fake/hogege/ with the cookie. The reason for this old "feature" is because that behavior is what is described in the original netscape cookie spec: http://curl.haxx.se/rfc/cookie_spec.html The current cookie spec (RFC6265) clarifies the situation: http://tools.ietf.org/html/rfc6265#section-5.2.4
2013-05-07tests: Added new SMTP tests to verify commit 99b40451836dSteve Holme
2013-05-06unit1394.c: plug the curl tool unit test inKamil Dudka
2013-05-04smtp: Fixed sending of double CRLF caused by first in EOBSteve Holme
If the mail sent during the transfer contains a terminating <CRLF> then we should not send the first <CRLF> of the EOB as specified in RFC-5321. Additionally don't send the <CRLF> if there is "no mail data" as the DATA command already includes it.
2013-05-03tests: Corrected MAIL SIZE for CRLF line endingsSteve Holme
... which was missed in commit: f5c3d9538452
2013-05-03tests: Corrected infilesize for CRLF line endingsSteve Holme
... which was missed in commit: f5c3d9538452
2013-05-03tests: Corrected test1406 to be RFC2821 compliantSteve Holme
2013-05-02tests: Corrected test1320 to be RFC2821 compliantSteve Holme
2013-05-02tests: Corrected typo in test909Steve Holme
Introduced in commit: 514817669e9e
2013-05-02tests: Corrected test909 to be RFC2821 compliantSteve Holme
2013-05-02tests: Updated test references to 909 from 1411Steve Holme
...and removed references to libcurl and test1406.
2013-05-02tests: Renamed test1411 to test909 as this is a main SMTP testSteve Holme
2013-04-29tests: Added imap STATUS command testSteve Holme
2013-04-28tests: Corrected the SMTP tests to be RFC2821 compliantSteve Holme
The emails that are sent to the server during these tests were incorrectly formatted as they contained one or more LF terminated lines rather than being CRLF terminated as per Section 2.3.7 of RFC-2821. This wasn't a problem for the test suite as the <stdin> data matched the <upload> data but anyone using these tests as reference would be sending incorrect data to a server.
2013-04-27tests: Corrected command line arguments in test907 and test908Steve Holme
2013-04-27tests: Added SMTP AUTH with initial response testsSteve Holme
2013-04-27tests: Updated SMTP tests to decouple client initial responseSteve Holme
Updated test903 and test904 following the addition of CURLOPT_SASL_IR as the default behaviour of SMTP AUTH responses is now to not include the initial response. New tests with --sasl-ir support to follow.
2013-04-26ftp_state_pasv_resp: connect through proxy also when set by envDaniel Stenberg
When connecting back to an FTP server after having sent PASV/EPSV, libcurl sometimes didn't use the proxy properly even though the proxy was used for the initial connect. The function wrongly checked for the CURLOPT_PROXY variable to be set, which made it act wrongly if the proxy information was set with an environment variable. Added test case 711 to verify (based on 707 which uses --socks5). Also added test712 to verify another variation of setting the proxy: with --proxy socks5:// Bug: http://curl.haxx.se/bug/view.cgi?id=1218 Reported-by: Zekun Ni
2013-04-25test709: clarify the test in the nameDaniel Stenberg
2013-04-22tests: add test1511 to check timecond clean-upAlessandro Ghedini
Verifies the timecond fix in commit c49ed0b6c0f
2013-04-12FTP: handle a 230 welcome responseDaniel Stenberg
...instead of the 220 we otherwise expect. Made the ftpserver.pl support sending a custom "welcome" and then created test 1219 to verify this fix with such a 230 welcome. Bug: http://curl.haxx.se/mail/lib-2013-02/0102.html Reported by: Anders Havn
2013-04-12FTP: access files in root dir correctlyDaniel Stenberg
Accessing a file with an absolute path in the root dir but with no directory specified was not handled correctly. This fix comes with four new test cases that verify it. Bug: http://curl.haxx.se/mail/lib-2013-04/0142.html Reported by: Sam Deane
2013-04-12tests: prevent test206, test1060, and test1061 from failingKamil Dudka
... in case runtests.pl is invoked with non-default -b option Fixes a regression caused by 1e29d275c643ef6aab7948f0f55a7a9397e56b42.
2013-04-11test1218: another cookie tailmatch testDaniel Stenberg
... and make 1216 also verify it with a file input These tests verify commit 3604fde3d3c9b0d, the fix for the "cookie domain tailmatch" vulnerability. See http://curl.haxx.se/docs/adv_20130412.html
2013-04-09test1217: verify parsing 257 responses with "rubbish" before pathDaniel Stenberg
Test 1217 verifies commit e0fb2d86c9f78, and without that change this test fails.
2013-04-09test1216: test tailmatching cookie domainsDaniel Stenberg
This test is an attempt to repeat the problem YAMADA Yasuharu reported at http://curl.haxx.se/mail/lib-2013-04/0108.html
2013-04-08proxy: make ConnectionExists() check credential of proxyconnections tooFabian Keil
Previously it only compared credentials if the requested needle connection wasn't using a proxy. This caused NTLM authentication failures when using proxies as the authentication code wasn't send on the connection where the challenge arrived. Added test 1215 to verify: NTLM server authentication through a proxy (This is a modified copy of test 67)
2013-04-06ftp tests: libcurl returns CURLE_FTP_ACCEPT_FAILED better nowDaniel Stenberg
Since commit 57aeabcc1a20f, it handles errors on the control connection while waiting for the data connection better. Test 591 and 592 are updated accordingly.
2013-04-04easy: Fix the broken CURLOPT_MAXCONNECTS optionLinus Nielsen Feltzing
Copy the CURLOPT_MAXCONNECTS option to CURLMOPT_MAXCONNECTS in curl_easy_perform(). Bug: http://curl.haxx.se/bug/view.cgi?id=1212 Reported-by: Steven Gu
2013-03-27test1509: verify proxy header response headers countDaniel Stenberg
Modified sws to support and use custom CONNECT responses instead of the previously naive hard-coded version. Made the HTTP test server able to extract test case number from the host name in a CONNECT request by finding the number after the last dot. It makes 'machine.moo.123' use test case 123. Adapted a larger amount of tests to the new <connect> style. Bug: http://curl.haxx.se/bug/view.cgi?id=1204 Reported by: Martin Jansen
2013-03-21imap-tests: Added CRLF to reply data to be compliant with RFC-822Steve Holme
Updated the reply data in tests: 800, 801, 802, 804 and 1321 to possess the CRLF as per RFC-822.
2013-03-18tests: specify 'text' mode for some output files in verify sectionYang Tse
2013-03-16tests: 96, 558, 1330: strip build subdirectory dependent leading pathYang Tse
2013-03-15imap-tests: Corrected copy/paste error in test808 reply dataSteve Holme
2013-03-15tests: add #96 #558 and #1330Yang Tse
These verfy that the 'memory tracking' subsystem is actually doing its job when using curl tool (#96), a test in libtest (#558) and also a unit test (#1330), in order to prevent regressions in this functionallity.
2013-03-15imap-tests: Added test808 for custom EXAMINE commandSteve Holme
2013-03-15HTTP proxy: insert slash in URL if missingDaniel Stenberg
curl has been accepting URLs using slightly wrong syntax for a long time, such as when completely missing as slash "http://example.org" or missing a slash when a query part is given "http://example.org?q=foobar". curl would translate these into a legitimate HTTP request to servers, although as was shown in bug #1206 it was not adjusted properly in the cases where a HTTP proxy was used. Test 1213 and 1214 were added to the test suite to verify this fix. The test HTTP server was adjusted to allow us to specify test number in the host name only without using any slashes in a given URL. Bug: http://curl.haxx.se/bug/view.cgi?id=1206 Reported by: ScottJi
2013-03-13Multiple pipelines and limiting the number of connections.Linus Nielsen Feltzing
Introducing a number of options to the multi interface that allows for multiple pipelines to the same host, in order to optimize the balance between the penalty for opening new connections and the potential pipelining latency. Two new options for limiting the number of connections: CURLMOPT_MAX_HOST_CONNECTIONS - Limits the number of running connections to the same host. When adding a handle that exceeds this limit, that handle will be put in a pending state until another handle is finished, so we can reuse the connection. CURLMOPT_MAX_TOTAL_CONNECTIONS - Limits the number of connections in total. When adding a handle that exceeds this limit, that handle will be put in a pending state until another handle is finished. The free connection will then be reused, if possible, or closed if the pending handle can't reuse it. Several new options for pipelining: CURLMOPT_MAX_PIPELINE_LENGTH - Limits the pipeling length. If a pipeline is "full" when a connection is to be reused, a new connection will be opened if the CURLMOPT_MAX_xxx_CONNECTIONS limits allow it. If not, the handle will be put in a pending state until a connection is ready (either free or a pipe got shorter). CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE - A pipelined connection will not be reused if it is currently processing a transfer with a content length that is larger than this. CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE - A pipelined connection will not be reused if it is currently processing a chunk larger than this. CURLMOPT_PIPELINING_SITE_BL - A blacklist of hosts that don't allow pipelining. CURLMOPT_PIPELINING_SERVER_BL - A blacklist of server types that don't allow pipelining. See the curl_multi_setopt() man page for details.