aboutsummaryrefslogtreecommitdiff
path: root/tests
AgeCommit message (Collapse)Author
2013-06-25formpost: better random boundariesDaniel Stenberg
When doing multi-part formposts, libcurl used a pseudo-random value that was seeded with time(). This turns out to be bad for users who formpost data that is provided with users who then can guess how the boundary string will look like and then they can forge a different formpost part and trick the receiver. My advice to such implementors is (still even after this change) to not rely on the boundary strings being cryptographically strong. Fix your code and logic to not depend on them that much! I moved the Curl_rand() function into the sslgen.c source file now to be able to take advantage of the SSL library's random function if it provides one. If not, try to use the RANDOM_FILE for seeding and as a last resort keep the old logic, just modified to also add microseconds which makes it harder to properly guess the exact seed. The formboundary() function in formdata.c is now using 64 bit entropy for the boundary and therefore the string of dashes was reduced by 4 letters and there are 16 hex digits following it. The total length is thus still the same. Bug: http://curl.haxx.se/bug/view.cgi?id=1251 Reported-by: "Floris"
2013-06-24tests: add test1395 to the tarballDaniel Stenberg
2013-06-22test1396: invoke the correct test tool!Daniel Stenberg
This erroneously run unit test 1310 instead of 1396!
2013-06-22test1230: avoid using hard-wired port numberKamil Dudka
... to prevent failure when a non-default -b option is given
2013-06-22dotdot: introducing dot file path cleanupDaniel Stenberg
RFC3986 details how a path part passed in as part of a URI should be "cleaned" from dot sequences before getting used. The described algorithm is now implemented in lib/dotdot.c with the accompanied test case in test 1395. Bug: http://curl.haxx.se/bug/view.cgi?id=1200 Reported-by: Alex Vinnik
2013-06-22unit1396: unit tests to verify curl_easy_(un)escapeDaniel Stenberg
2013-06-17test506: verify that CURLOPT_COOKIELIST takes share lockBenjamin Gilbert
It doesn't right now: http://curl.haxx.se/bug/view.cgi?id=1215
2013-06-12cookies: follow-up fix for path checkingYAMADA Yasuharu
The initial fix to only compare full path names were done in commit 04f52e9b4db0 but found out to be incomplete. This takes should make the change more complete and there's now two additional tests to verify (test 31 and 62).
2013-06-12lib1900: use tutil_tvnow instead of gettimeofdaySergei Nikulov
Makes it build on windows
2013-06-12test2033: requires NTLM supportEric Hu
2013-06-06lib1500: remove bad checkDaniel Stenberg
After curl_multi_wait() returns, this test checked that we got exactly one file descriptor told to read from, but we cannot be sure that is true. curl_multi_wait() will sometimes return earlier without any file descriptor to handle, just just because it is a suitable time to call *perform(). This problem showed up with commit 29bf0598. Bug: http://curl.haxx.se/mail/lib-2013-06/0029.html Reported-by: Fabian Keil
2013-06-04tests/Makefile: typo in the perlcheck targetDaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=1239 Reported-by: Christian Weisgerber
2013-06-04test1230: verify CONNECT to a numerical ipv6-addressDaniel Stenberg
2013-06-04sws: support extracting test number from CONNECT ipv6-address!Daniel Stenberg
If an ipv6-address is provided to CONNECT, the last hexadecimal group in the address will be used as the test number! For example the address "[1234::ff]" would be treated as test case 255.
2013-05-27Digest auth: escape user names with \ or " in themDaniel Stenberg
When sending the HTTP Authorization: header for digest, the user name needs to be escaped if it contains a double-quote or backslash. Test 1229 was added to verify Reported and fixed by: Nach M. S Bug: http://curl.haxx.se/bug/view.cgi?id=1230
2013-05-19tests: add test1394 file to the tarballDaniel Stenberg
2013-05-18cookies: only consider full path matchesYAMADA Yasuharu
I found a bug which cURL sends cookies to the path not to aim at. For example: - cURL sends a request to http://example.fake/hoge/ - server returns cookie which with path=/hoge; the point is there is NOT the '/' end of path string. - cURL sends a request to http://example.fake/hogege/ with the cookie. The reason for this old "feature" is because that behavior is what is described in the original netscape cookie spec: http://curl.haxx.se/rfc/cookie_spec.html The current cookie spec (RFC6265) clarifies the situation: http://tools.ietf.org/html/rfc6265#section-5.2.4
2013-05-12Revert "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage"Daniel Stenberg
This reverts commit 8ec2cb5544b86306b702484ea785b6b9596562ab. We don't have any code anywhere in libcurl (or the curl tool) that use wcsdup so there's no such memory use to track. It seems to cause mild problems with the Borland compiler though that we may avoid by reverting this change again. Bug: http://curl.haxx.se/mail/lib-2013-05/0070.html
2013-05-08libtest: gitignore more binary filesDaniel Stenberg
2013-05-07tests: Added new SMTP tests to verify commit 99b40451836dSteve Holme
2013-05-07runtests.pl: support nonewline="yes" in client/stdin sectionsDaniel Stenberg
2013-05-06build: fixed unit1394 for debug and metlink buildsDaniel Stenberg
2013-05-06unit1394.c: plug the curl tool unit test inKamil Dudka
2013-05-06unit1394.c: basis of a unit test for parse_cert_parameter()Jared Jennings
2013-05-06src/Makefile.am: build static lib for unit tests if enabledKamil Dudka
2013-05-04smtp: Fixed sending of double CRLF caused by first in EOBSteve Holme
If the mail sent during the transfer contains a terminating <CRLF> then we should not send the first <CRLF> of the EOB as specified in RFC-5321. Additionally don't send the <CRLF> if there is "no mail data" as the DATA command already includes it.
2013-05-03tests: Corrected MAIL SIZE for CRLF line endingsSteve Holme
... which was missed in commit: f5c3d9538452
2013-05-03tests: Corrected infilesize for CRLF line endingsSteve Holme
... which was missed in commit: f5c3d9538452
2013-05-03tests: Corrected test1406 to be RFC2821 compliantSteve Holme
2013-05-02tests: Corrected test1320 to be RFC2821 compliantSteve Holme
2013-05-02tests: Corrected typo in test909Steve Holme
Introduced in commit: 514817669e9e
2013-05-02tests: Corrected test909 to be RFC2821 compliantSteve Holme
2013-05-02tests: Updated test references to 909 from 1411Steve Holme
...and removed references to libcurl and test1406.
2013-05-02tests: Renamed test1411 to test909 as this is a main SMTP testSteve Holme
2013-04-29ftpserver: silence warningsDaniel Stenberg
Fix regressions in commit b56e3d43e5d. Make @data local and filter off non-numerical digits from $testno in STATUS_imap.
2013-04-29ftpserver.pl: Corrected the imap LOGIN responseSteve Holme
...to be more realistic and consistent with the other imap responses.
2013-04-29tests: Added imap STATUS command testSteve Holme
2013-04-28tests: Corrected the SMTP tests to be RFC2821 compliantSteve Holme
The emails that are sent to the server during these tests were incorrectly formatted as they contained one or more LF terminated lines rather than being CRLF terminated as per Section 2.3.7 of RFC-2821. This wasn't a problem for the test suite as the <stdin> data matched the <upload> data but anyone using these tests as reference would be sending incorrect data to a server.
2013-04-27tests: Corrected command line arguments in test907 and test908Steve Holme
2013-04-27tests: Added SMTP AUTH with initial response testsSteve Holme
2013-04-27tests: Updated SMTP tests to decouple client initial responseSteve Holme
Updated test903 and test904 following the addition of CURLOPT_SASL_IR as the default behaviour of SMTP AUTH responses is now to not include the initial response. New tests with --sasl-ir support to follow.
2013-04-26ftpserver.pl: Fixed imap logout confirmation dataSteve Holme
An IMAP server should response with the BYE continuation response before confirming the LOGOUT command was successful.
2013-04-26ftp_state_pasv_resp: connect through proxy also when set by envDaniel Stenberg
When connecting back to an FTP server after having sent PASV/EPSV, libcurl sometimes didn't use the proxy properly even though the proxy was used for the initial connect. The function wrongly checked for the CURLOPT_PROXY variable to be set, which made it act wrongly if the proxy information was set with an environment variable. Added test case 711 to verify (based on 707 which uses --socks5). Also added test712 to verify another variation of setting the proxy: with --proxy socks5:// Bug: http://curl.haxx.se/bug/view.cgi?id=1218 Reported-by: Zekun Ni
2013-04-25test709: clarify the test in the nameDaniel Stenberg
2013-04-25sshserver: disable StrictHostKeyCheckingDaniel Stenberg
I couldn't figure out why the host key logic isn't working, but having it set to yes prevents my SSH-based test cases to run. I also don't see a strong need to use strict host key checking on this test server. So I disabled it.
2013-04-25runtests: log more commands in verbose modeDaniel Stenberg
... to aid tracking down failures
2013-04-22tests: add test1511 to check timecond clean-upAlessandro Ghedini
Verifies the timecond fix in commit c49ed0b6c0f
2013-04-18Add tests/http_pipe.py to the tarball buildLinus Nielsen Feltzing
2013-04-15Add extra libs for lib1900 and lib2033 test programsPaul Howarth
These are needed in cases where clock_gettime is used, from librt.
2013-04-12FTP: handle a 230 welcome responseDaniel Stenberg
...instead of the 220 we otherwise expect. Made the ftpserver.pl support sending a custom "welcome" and then created test 1219 to verify this fix with such a 230 welcome. Bug: http://curl.haxx.se/mail/lib-2013-02/0102.html Reported by: Anders Havn