aboutsummaryrefslogtreecommitdiff
path: root/tests/data
AgeCommit message (Collapse)Author
2017-10-09curl: don't pass semicolons when parsing Content-DispositionKristiyan Tsaklev
Test 1422 updated to verify. Closes #1964
2017-10-09RTSP: avoid integer overflow on funny RTSP responseDaniel Stenberg
... like a very large non-existing RTSP version number. Added test 577 to verify. Detected by OSS-fuzz. Closes #1969
2017-10-08Revert "multi_done: wait for name resolve to finish if still ongoing"Daniel Stenberg
This reverts commit f3e03f6c0ac52a1bf396e03f7d7e9b5b3b7165fe. Caused memory leaks in the fuzzer, needs to be done differently. Disable test 1553 for now too, as it causes memory leaks without this commit!
2017-10-07pingpong: return error when trying to send without connectionDaniel Stenberg
When imap_done() got called before a connection is setup, it would try to "finish up" and dereffed a NULL pointer. Test case 1553 managed to reproduce. I had to actually use a host name to try to resolve to slow it down, as using the normal local server IP will make libcurl get a connection in the first curl_multi_perform() loop and then the bug doesn't trigger. Fixes #1953 Assisted-by: Max Dymond
2017-10-06tests: added flaky keyword to tests 587 and 644Dan Fandrich
These are around 5% flaky in my Linux x86 autobuilds.
2017-10-06multi_cleanup: call DONE on handles that never got thatDaniel Stenberg
... fixes a memory leak with at least IMAP when remove_handle is never called and the transfer is abruptly just abandoned early. Test 1552 added to verify Detected by OSS-fuzz Assisted-by: Max Dymond Closes #1954
2017-10-02test1153: verify quoted double-qoutes in PWD responseDaniel Stenberg
2017-10-02FTP: zero terminate the entry path even on bad inputDaniel Stenberg
... a single double quote could leave the entry path buffer without a zero terminating byte. CVE-2017-1000254 Test 1152 added to verify. Reported-by: Max Dymond Bug: https://curl.haxx.se/docs/adv_20171004.html
2017-09-30cookie: fix memory leak if path was set twice in headerDaniel Stenberg
... this will let the second occurance override the first. Added test 1161 to verify. Reported-by: Max Dymond Fixes #1932 Closes #1933
2017-09-30test650: Use variable replacement to set the host address and portDan Fandrich
Otherwise, the test fails when the -b test option is used to set a different test port range.
2017-09-30Set and use more necessary options when some protocols are disabledDan Fandrich
When curl and libcurl are built with some protocols disabled, they stop setting and receiving some options that don't make sense with those protocols. In particular, when HTTP is disabled many options aren't set that are used only by HTTP. However, some options that appear to be HTTP-only are actually used by other protocols as well (some despite having HTTP in the name) and should be set, but weren't. This change now causes some of these options to be set and used for more (or for all) protocols. In particular, this fixes tests 646 through 649 in an HTTP-disabled build, which use the MIME API in the mail protocols.
2017-09-29test1160: verifies cookie leak for large cookiesDaniel Stenberg
The fix done in 20ea22ff735
2017-09-28http: add custom empty headers to repeated requestsMichael Kaufmann
Closes #1920
2017-09-22imap: quote atoms properly when escaping charactersDaniel Stenberg
Updates test 800 to verify Fixes #1902 Closes #1903
2017-09-22tests: make the imap server not verify user+passwordDaniel Stenberg
... as the test cases themselves do that and it makes it easier to add crazy test cases. Test 800 updated to use user name + password that need quoting. Test 856 updated to trigger an auth fail differently. Ref: #1902
2017-09-22form/mime: field names are not allowed to contain zero-valued bytes.Patrick Monnerat
Also suppress length argument of curl_mime_name() (names are always zero-terminated).
2017-09-19cookies: use lock when using CURLINFO_COOKIELISTPavel P
Closes #1896
2017-09-18cookies: reject oversized cookiesDaniel Stenberg
... instead of truncating them. There's no fixed limit for acceptable cookie names in RFC 6265, but the entire cookie is said to be less than 4096 bytes (section 6.1). This is also what browsers seem to implement. We now allow max 5000 bytes cookie header. Max 4095 bytes length per cookie name and value. Name + value together may not exceed 4096 bytes. Added test 1151 to verify Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html Reported-by: Kevin Smith Closes #1894
2017-09-15tests: add initial gssapi test using stub implementationIsaac Boukris
The stub implementation is pre-loaded using LD_PRELOAD and emulates common gssapi uses (only builds if curl is initially built with gssapi support). The initial tests are currently disabled for debug builds as LD_PRELOAD is not used then. Ref: https://github.com/curl/curl/pull/1687
2017-09-15test1150: verify same host fetch using different ports over proxyDaniel Stenberg
Closes #1889
2017-09-07form API: add new test 650.Patrick Monnerat
Now that the form API is deprecated and not used anymore in curl tool, a lot of its features left untested. Test 650 attempts to check all these features not tested elsewhere.
2017-09-05mime: implement encoders.Patrick Monnerat
curl_mime_encoder() is operational and documented. curl tool -F option is extended with ";encoder=". curl tool --libcurl option generates calls to curl_mime_encoder(). New encoder tests 648 & 649. Test 1404 extended with an encoder specification.
2017-09-05fixup data/test1135Daniel Stenberg
2017-09-05http-proxy: treat all 2xx as CONNECT successDaniel Stenberg
Added test 1904 to verify. Reported-by: Lawrence Wagerfield Fixes #1859 Closes #1860
2017-09-04test1135: fixed after bd8070085f9Daniel Stenberg
2017-09-04lib: bump version info (soname). Adapt and reenable test 1135.Patrick Monnerat
2017-09-03mime: fix signed/unsigned conversions.Patrick Monnerat
Use and generate CURL_ZERO_TERMINATED in curl tool and tests.
2017-09-03mime: remove support "-" stdin pseudo-file name in curl_mime_filedata().Patrick Monnerat
This feature is badly supported in Windows: as a replacement, a caller has to use curl_mime_data_cb() with fread, fseek and possibly fclose callbacks to process opened files. The cli tool and documentation are updated accordingly. The feature is however kept internally for form API compatibility, with the known caveats it always had. As a side effect, stdin size is not determined by the cli tool even if possible and this results in a chunked transfer encoding. Test 173 is updated accordingly.
2017-09-02mime: tests and examples.Patrick Monnerat
Additional mime-specific tests. Existing tests updated to reflect small differences (Expect: 100-continue, data size change due to empty lines, etc). Option -F headers= keyword added to tests. test1135 disabled until the entry point order change is resolved. New example smtp-mime. Examples postit2 and multi-post converted from form API to mime API.
2017-09-02test564: Add a warning comment about shell profile output.Patrick Monnerat
Shell profile output makes the SSH server failing and this problem reason is not easy to find when no hint is given.
2017-08-28vtls: introduce curl_global_sslset()Johannes Schindelin
Let's add a compile time safe API to select an SSL backend. This function needs to be called *before* curl_global_init(), and can be called only once. Side note: we do not explicitly test that it is called before curl_global_init(), but we do verify that it is not called multiple times (even implicitly). If SSL is used before the function was called, it will use whatever the CURL_SSL_BACKEND environment variable says (or default to the first available SSL backend), and if a subsequent call to curl_global_sslset() disagrees with the previous choice, it will fail with CURLSSLSET_TOO_LATE. The function also accepts an "avail" parameter to point to a (read-only) NULL-terminated list of available backends. This comes in real handy if an application wants to let the user choose between whatever SSL backends the currently available libcurl has to offer: simply call curl_global_sslset(-1, NULL, &avail); which will return CURLSSLSET_UNKNOWN_BACKEND and populate the avail variable to point to the relevant information to present to the user. Just like with the HTTP/2 push functions, we have to add the function declaration of curl_global_sslset() function to the header file *multi.h* because VMS and OS/400 require a stable order of functions declared in include/curl/*.h (where the header files are sorted alphabetically). This looks a bit funny, but it cannot be helped. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-08-23imap: support PREAUTHDaniel Stenberg
It is a defined possible greeting at server startup that means the connection is already authenticated. See https://tools.ietf.org/html/rfc3501#section-7.1.4 Test 846 added to verify. Fixes #1818 Closes #1820
2017-08-23test1453: Fixed <features>Dan Fandrich
2017-08-19tftp: fix memory leak on too long filenameEven Rouault
Fixes $ valgrind --leak-check=full ~/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz ==9752== Memcheck, a memory error detector ==9752== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==9752== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==9752== Command: /home/even/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz ==9752== curl: (71) TFTP file name too long ==9752== ==9752== HEAP SUMMARY: ==9752== 505 bytes in 1 blocks are definitely lost in loss record 11 of 11 ==9752== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9752== by 0x4E61CED: Curl_urldecode (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) ==9752== by 0x4E75868: tftp_state_machine (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) ==9752== by 0x4E761B6: tftp_do (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) ==9752== by 0x4E711B6: multi_runsingle (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) ==9752== by 0x4E71D00: curl_multi_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) ==9752== by 0x4E6950D: curl_easy_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) ==9752== by 0x40E0B7: operate_do (in /home/even/install-curl-git/bin/curl) ==9752== by 0x40E849: operate (in /home/even/install-curl-git/bin/curl) ==9752== by 0x402693: main (in /home/even/install-curl-git/bin/curl) Fixes https://oss-fuzz.com/v2/testcase-detail/5232311106797568 Credit to OSS Fuzz Closes #1808
2017-08-17ftp: fix CWD when doing multicwd then nocwd on same connectionDaniel Stenberg
Fixes #1782 Closes #1787 Reported-by: Peter Lamare
2017-08-17ssh: add the ability to enable compression (for SCP/SFTP)Viktor Szakats
The required low-level logic was already available as part of `libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1] option.) This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION` (boolean) and the new `curl` command-line option `--compressed-ssh` to request this `libssh2` feature. To have compression enabled, it is required that the SSH server supports a (zlib) compatible compression method and that `libssh2` was built with `zlib` support enabled. [1] https://www.libssh2.org/libssh2_session_flag.html Ref: https://github.com/curl/curl/issues/1732 Closes https://github.com/curl/curl/pull/1735
2017-08-14test1449: FTP download range with an too large sizeDaniel Stenberg
2017-08-13test1448: verify redirect to IDN using URLDaniel Stenberg
Closes #1772
2017-08-13test2032: mark as flaky (again)Daniel Stenberg
2017-08-12test1447: require a curl with http supportDan Fandrich
2017-08-11test2033: this went flaky againDaniel Stenberg
Suspicion: when we enabled the threaded resolver by default.
2017-08-11test1447: verifies the parse proxy fix in 6e0e152ce5cDaniel Stenberg
2017-08-07test1427: verify command line parser integer overflow detectionDaniel Stenberg
2017-08-07glob: do not continue parsing after a strtoul() overflow rangeDaniel Stenberg
Added test 1289 to verify. CVE-2017-1000101 Bug: https://curl.haxx.se/docs/adv_20170809A.html Reported-by: Brian Carpenter
2017-08-04test1010: verify that #1718 is fixedDaniel Stenberg
... by doing two transfers in nocwd mode and check that there's no superfluous CWD command.
2017-08-03test130: verify comments in .netrcDaniel Stenberg
2017-07-31http: fix response code parser to avoid integer overflowDaniel Stenberg
test 1429 and 1433 were updated to work with the stricter HTTP status line parser. Closes #1714 Reported-by: Brian Carpenter
2017-07-28test1323: verify curlx_tvdiffDaniel Stenberg
2017-07-07test1452: add telnet negotiationMax Dymond
Add a basic telnet server for negotiating some telnet options before echoing back any data that's sent to it. Closes #1645
2017-07-06test506: skip if threaded-resolverDaniel Stenberg