aboutsummaryrefslogtreecommitdiff
path: root/tests/data
AgeCommit message (Collapse)Author
2013-08-16glob: error out on range overflowDaniel Stenberg
The new multiply() function detects range value overflows. 32bit machines will overflow on a 32bit boundary while 64bit hosts support ranges up to the full 64 bit range. Added test 1236 to verify. Bug: http://curl.haxx.se/bug/view.cgi?id=1267 Reported-by: Will Dietz
2013-08-16urlglob: better detect unclosed braces, empty lists and overflowsDaniel Stenberg
A rather big overhaul and cleanup. 1 - curl wouldn't properly detect and reject globbing that ended with an open brace if there were brackets or braces before it. Like "{}{" or "[0-1]{" 2 - curl wouldn't properly reject empty lists so that "{}{}" would result in curl getting (nil) strings in the output. 3 - By using strtoul() instead of sscanf() the code will now detected over and underflows. It now also better parses the step argument to only accept positive numbers and only step counters that is smaller than the delta between the maximum and minimum numbers. 4 - By switching to unsigned longs instead of signed ints for the counters, the max values for []-ranges are now very large (on 64bit machines). 5 - Bumped the maximum number of globs in a single URL to 100 (from 10) 6 - Simplified the code somewhat and now it stores fixed strings as single- entry lists. That's also one of the reasons why I did (5) as now all strings between "globs" will take a slot in the array. Added test 1234 and 1235 to verify. Updated test 87. This commit fixes three separate bug reports. Bug: http://curl.haxx.se/bug/view.cgi?id=1264 Bug: http://curl.haxx.se/bug/view.cgi?id=1265 Bug: http://curl.haxx.se/bug/view.cgi?id=1266 Reported-by: Will Dietz
2013-08-15tests 2032, 2033: Don't hardcode port in expected outputTor Arntsen
2013-08-11test1228: add 'HTTP proxy' to the keywordsFabian Keil
2013-08-11tests: add keywords for a couple of FILE testsFabian Keil
2013-08-11tests: add 'FAILURE' keywords to tests 1409 and 1410Fabian Keil
2013-08-11tests: add keywords for a couple of HTTP testsFabian Keil
2013-08-11tests: add keywords for a couple of FTP testsFabian Keil
2013-08-11test1511: consistently terminate headers with CRLFFabian Keil
2013-08-10DISABLED: shut of test 1512 for nowDaniel Stenberg
It shows intermittent failures and I haven't been able to track them down yet. Disable this test for now.
2013-08-08global dns cache: didn't work [regression]Daniel Stenberg
CURLOPT_DNS_USE_GLOBAL_CACHE broke in commit c43127414d89ccb (been broken since the libcurl 7.29.0 release). While this option has been documented as deprecated for almost a decade and nobody even reported this bug, it should remain functional. Added test case 1512 to verify
2013-08-06FTP: when EPSV gets a 229 but fails to connect, retry with PASVDaniel Stenberg
This is a regression as this logic used to work. It isn't clear when it broke, but I'm assuming in 7.28.0 when we went all-multi internally. This likely never worked with the multi interface. As the failed connection is detected once the multi state has reached DO_MORE, the Curl_do_more() function was now expanded somewhat so that the ftp_do_more() function can request to go "back" to the previous state when it makes another attempt - using PASV. Added test case 1233 to verify this fix. It has the little issue that it assumes no service is listening/accepting connections on port 1... Reported-by: byte_bucket in the #curl IRC channel
2013-08-04formadd: wrong pointer for file name when CURLFORM_BUFFERPTR usedDaniel Stenberg
The internal function that's used to detect known file extensions for the default Content-Type got the the wrong pointer passed in when CURLFORM_BUFFER + CURLFORM_BUFFERPTR were used. This had the effect that strlen() would be used which could lead to an out-of-bounds read (and thus segfault). In most cases it would only lead to it not finding or using the correct default content-type. It also showed that test 554 and test 587 were testing for the previous/wrong behavior and now they're updated as well. Bug: http://curl.haxx.se/bug/view.cgi?id=1262 Reported-by: Konstantin Isakov
2013-07-23tests: test1232 verifies dotdot removal from path with proxyFabian Keil
2013-07-16test1414: FTP PORT download without SIZE supportDaniel Stenberg
2013-07-11test 1511: fix enumerated type mixed with another typeYang Tse
2013-06-25formpost: better random boundariesDaniel Stenberg
When doing multi-part formposts, libcurl used a pseudo-random value that was seeded with time(). This turns out to be bad for users who formpost data that is provided with users who then can guess how the boundary string will look like and then they can forge a different formpost part and trick the receiver. My advice to such implementors is (still even after this change) to not rely on the boundary strings being cryptographically strong. Fix your code and logic to not depend on them that much! I moved the Curl_rand() function into the sslgen.c source file now to be able to take advantage of the SSL library's random function if it provides one. If not, try to use the RANDOM_FILE for seeding and as a last resort keep the old logic, just modified to also add microseconds which makes it harder to properly guess the exact seed. The formboundary() function in formdata.c is now using 64 bit entropy for the boundary and therefore the string of dashes was reduced by 4 letters and there are 16 hex digits following it. The total length is thus still the same. Bug: http://curl.haxx.se/bug/view.cgi?id=1251 Reported-by: "Floris"
2013-06-24tests: add test1395 to the tarballDaniel Stenberg
2013-06-22test1396: invoke the correct test tool!Daniel Stenberg
This erroneously run unit test 1310 instead of 1396!
2013-06-22test1230: avoid using hard-wired port numberKamil Dudka
... to prevent failure when a non-default -b option is given
2013-06-22dotdot: introducing dot file path cleanupDaniel Stenberg
RFC3986 details how a path part passed in as part of a URI should be "cleaned" from dot sequences before getting used. The described algorithm is now implemented in lib/dotdot.c with the accompanied test case in test 1395. Bug: http://curl.haxx.se/bug/view.cgi?id=1200 Reported-by: Alex Vinnik
2013-06-22unit1396: unit tests to verify curl_easy_(un)escapeDaniel Stenberg
2013-06-17test506: verify that CURLOPT_COOKIELIST takes share lockBenjamin Gilbert
It doesn't right now: http://curl.haxx.se/bug/view.cgi?id=1215
2013-06-12cookies: follow-up fix for path checkingYAMADA Yasuharu
The initial fix to only compare full path names were done in commit 04f52e9b4db0 but found out to be incomplete. This takes should make the change more complete and there's now two additional tests to verify (test 31 and 62).
2013-06-12test2033: requires NTLM supportEric Hu
2013-06-04test1230: verify CONNECT to a numerical ipv6-addressDaniel Stenberg
2013-05-27Digest auth: escape user names with \ or " in themDaniel Stenberg
When sending the HTTP Authorization: header for digest, the user name needs to be escaped if it contains a double-quote or backslash. Test 1229 was added to verify Reported and fixed by: Nach M. S Bug: http://curl.haxx.se/bug/view.cgi?id=1230
2013-05-19tests: add test1394 file to the tarballDaniel Stenberg
2013-05-18cookies: only consider full path matchesYAMADA Yasuharu
I found a bug which cURL sends cookies to the path not to aim at. For example: - cURL sends a request to http://example.fake/hoge/ - server returns cookie which with path=/hoge; the point is there is NOT the '/' end of path string. - cURL sends a request to http://example.fake/hogege/ with the cookie. The reason for this old "feature" is because that behavior is what is described in the original netscape cookie spec: http://curl.haxx.se/rfc/cookie_spec.html The current cookie spec (RFC6265) clarifies the situation: http://tools.ietf.org/html/rfc6265#section-5.2.4
2013-05-07tests: Added new SMTP tests to verify commit 99b40451836dSteve Holme
2013-05-06unit1394.c: plug the curl tool unit test inKamil Dudka
2013-05-04smtp: Fixed sending of double CRLF caused by first in EOBSteve Holme
If the mail sent during the transfer contains a terminating <CRLF> then we should not send the first <CRLF> of the EOB as specified in RFC-5321. Additionally don't send the <CRLF> if there is "no mail data" as the DATA command already includes it.
2013-05-03tests: Corrected MAIL SIZE for CRLF line endingsSteve Holme
... which was missed in commit: f5c3d9538452
2013-05-03tests: Corrected infilesize for CRLF line endingsSteve Holme
... which was missed in commit: f5c3d9538452
2013-05-03tests: Corrected test1406 to be RFC2821 compliantSteve Holme
2013-05-02tests: Corrected test1320 to be RFC2821 compliantSteve Holme
2013-05-02tests: Corrected typo in test909Steve Holme
Introduced in commit: 514817669e9e
2013-05-02tests: Corrected test909 to be RFC2821 compliantSteve Holme
2013-05-02tests: Updated test references to 909 from 1411Steve Holme
...and removed references to libcurl and test1406.
2013-05-02tests: Renamed test1411 to test909 as this is a main SMTP testSteve Holme
2013-04-29tests: Added imap STATUS command testSteve Holme
2013-04-28tests: Corrected the SMTP tests to be RFC2821 compliantSteve Holme
The emails that are sent to the server during these tests were incorrectly formatted as they contained one or more LF terminated lines rather than being CRLF terminated as per Section 2.3.7 of RFC-2821. This wasn't a problem for the test suite as the <stdin> data matched the <upload> data but anyone using these tests as reference would be sending incorrect data to a server.
2013-04-27tests: Corrected command line arguments in test907 and test908Steve Holme
2013-04-27tests: Added SMTP AUTH with initial response testsSteve Holme
2013-04-27tests: Updated SMTP tests to decouple client initial responseSteve Holme
Updated test903 and test904 following the addition of CURLOPT_SASL_IR as the default behaviour of SMTP AUTH responses is now to not include the initial response. New tests with --sasl-ir support to follow.
2013-04-26ftp_state_pasv_resp: connect through proxy also when set by envDaniel Stenberg
When connecting back to an FTP server after having sent PASV/EPSV, libcurl sometimes didn't use the proxy properly even though the proxy was used for the initial connect. The function wrongly checked for the CURLOPT_PROXY variable to be set, which made it act wrongly if the proxy information was set with an environment variable. Added test case 711 to verify (based on 707 which uses --socks5). Also added test712 to verify another variation of setting the proxy: with --proxy socks5:// Bug: http://curl.haxx.se/bug/view.cgi?id=1218 Reported-by: Zekun Ni
2013-04-25test709: clarify the test in the nameDaniel Stenberg
2013-04-22tests: add test1511 to check timecond clean-upAlessandro Ghedini
Verifies the timecond fix in commit c49ed0b6c0f
2013-04-12FTP: handle a 230 welcome responseDaniel Stenberg
...instead of the 220 we otherwise expect. Made the ftpserver.pl support sending a custom "welcome" and then created test 1219 to verify this fix with such a 230 welcome. Bug: http://curl.haxx.se/mail/lib-2013-02/0102.html Reported by: Anders Havn
2013-04-12FTP: access files in root dir correctlyDaniel Stenberg
Accessing a file with an absolute path in the root dir but with no directory specified was not handled correctly. This fix comes with four new test cases that verify it. Bug: http://curl.haxx.se/mail/lib-2013-04/0142.html Reported by: Sam Deane