Age | Commit message (Collapse) | Author |
|
This SFTP test fails with libssh back-end due to failure to verify
the peer. Disable peer verification in the test as there seems to
be the intention of the test.
Note that the libssh back-end automatically verifies the peer's
host using the default known_hosts file.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
This brings its in sync with the error code returned by the
libssh backend.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
That also updates tests to expect the right error code
libssh2 back-end returns CURLE_SSH error if the remote file
is not found. Expect instead CURLE_REMOTE_FILE_NOT_FOUND
which is sent by the libssh backend.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
The code would previous read beyond the end of the pattern string if the
match pattern ends with an open bracket when the default pattern
matching function is used.
Detected by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161
CVE-2017-8817
Bug: https://curl.haxx.se/docs/adv_2017-ae72.html
|
|
|
|
|
|
|
|
Host names like "127.0.0.1 moo" would otherwise be accepted by some
getaddrinfo() implementations.
Updated test 1034 and 1035 accordingly.
Fixes #2073
Closes #2092
|
|
... so that IPv6 addresses can be passed like they can for connect-to
and how they're used in URLs.
Added test 1324 to verify
Reported-by: Alex Malinovich
Fixes #2087
Closes #2091
|
|
Follow-up to aadb7c7. Verified by new test 1263.
Closes #2072
|
|
|
|
This uses the brotli external library (https://github.com/google/brotli).
Brotli becomes a feature: additional curl_version_info() bit and
structure fields are provided for it and CURLVERSION_NOW bumped.
Tests 314 and 315 check Brotli content unencoding with correct and
erroneous data.
Some tests are updated to accomodate with the now configuration dependent
parameters of the Accept-Encoding header.
|
|
This is implemented as an output streaming stack of unencoders, the last
calling the client write procedure.
New test 230 checks this feature.
Bug: https://github.com/curl/curl/pull/2002
Reported-By: Daniel Bankhead
|
|
By properly keeping track of the last entry in the list of URLs/uploads
to handle, curl now avoids many meaningless traverses of the list which
speeds up many-URL handling *MASSIVELY* (several magnitudes on 100K
URLs).
Added test 1291, to verify that it doesn't take ages - but we don't have
any detection of "too slow" command in the test suite.
Reported-by: arainchik on github
Fixes #1959
Closes #2052
|
|
Assisted-by: Per Lundberg
Fixes #2044
Closes #2046
Closes #2048
|
|
Test cleanup after OOM wasn't being consistently performed.
|
|
... which is valid according to documentation. Regression since
f121575c0b5f.
Verified now in test 501.
Reported-by: cbartl on github
Fixes #2038
Closes #2039
|
|
|
|
Also upgrade test 1133 to cover this case and clarify man page about
form data quoting.
Bug: https://github.com/curl/curl/issues/2022
Reported-By: omau on github
|
|
Updated docs to include support for RFC7616
Signed-off-by: Florin <petriuc.florin@gmail.com>
Closes #1934
|
|
... instead of doing an infinite loop!
Added test 1162 to verify.
Reported-by: Max Dymond
Fixes #2015
Closes #2017
|
|
... since the 'tv' stood for timeval and this function does not return a
timeval struct anymore.
Also, cleaned up the Curl_timediff*() functions to avoid typecasts and
clean up the descriptive comments.
Closes #2011
|
|
... to cater for systems with unsigned time_t variables.
- Renamed the functions to curlx_timediff and Curl_timediff_us.
- Added overflow protection for both of them in either direction for
both 32 bit and 64 bit time_ts
- Reprefixed the curlx_time functions to use Curl_*
Reported-by: Peter Piekarski
Fixes #2004
Closes #2005
|
|
They use $(TESTUTIL) and thus should use $(TESTUTIL_LIBS) too.
This fixes build failures on Fedora 13.
Closes #2006
|
|
... by using range checks. Among other things, this avoids an undefined
behavior for a left shift that could happen on negative or very large
values.
Closes #1997
Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694
|
|
See issue #1999
|
|
Even if OpenSSL is enabled, it might not be the default backend when
multi-ssl is enabled, causing the test to fail.
|
|
|
|
|
|
|
|
NOTE: it makes them terribly slow. I recommend only using valgrind for
specific torture tests or using lots of patience.
|
|
... to allow them to be included in torture tests too.
closes #1980
|
|
|
|
Include test cases in 554, 587, 650.
Fixes https://github.com/curl/curl/issues/1986
|
|
If stdin is not a regular file, its content is memory-buffered to enable
a possible data "rewind".
In all cases, stdin data size is determined before real use to avoid
having an unknown part's size.
--libcurl generated code is left as an unbuffered stdin fread/fseek callback
part with unknown data size.
Buffering is not supported in deprecated curl_formadd() API.
|
|
|
|
|
|
Reported-by: Zenju on github
Test 244 added to verify
Fixes #1974
Closes #1976
|
|
Ref: #1974
|
|
Test 1422 updated to verify.
Closes #1964
|
|
... like a very large non-existing RTSP version number.
Added test 577 to verify.
Detected by OSS-fuzz.
Closes #1969
|
|
|
|
|
|
This reverts commit f3e03f6c0ac52a1bf396e03f7d7e9b5b3b7165fe.
Caused memory leaks in the fuzzer, needs to be done differently.
Disable test 1553 for now too, as it causes memory leaks without this
commit!
|
|
When imap_done() got called before a connection is setup, it would try
to "finish up" and dereffed a NULL pointer.
Test case 1553 managed to reproduce. I had to actually use a host name
to try to resolve to slow it down, as using the normal local server IP
will make libcurl get a connection in the first curl_multi_perform()
loop and then the bug doesn't trigger.
Fixes #1953
Assisted-by: Max Dymond
|
|
These are around 5% flaky in my Linux x86 autobuilds.
|
|
... fixes a memory leak with at least IMAP when remove_handle is never
called and the transfer is abruptly just abandoned early.
Test 1552 added to verify
Detected by OSS-fuzz
Assisted-by: Max Dymond
Closes #1954
|
|
Use the external curl-fuzzer repository for fuzzing.
Closes #1923
|
|
|
|
... a single double quote could leave the entry path buffer without a zero
terminating byte. CVE-2017-1000254
Test 1152 added to verify.
Reported-by: Max Dymond
Bug: https://curl.haxx.se/docs/adv_20171004.html
|