aboutsummaryrefslogtreecommitdiff
path: root/tests
AgeCommit message (Collapse)Author
2013-08-20netrc: handle longer username and passwordJonathan Nieder
libcurl truncates usernames and passwords it reads from .netrc to LOGINSIZE and PASSWORDSIZE (64) characters without any indication to the user, to ensure the values returned from Curl_parsenetrc fit in a caller-provided buffer. Fix the interface by passing back dynamically allocated buffers allocated to fit the user's input. The parser still relies on a 256-character buffer to read each line, though. So now you can include an ~246-character password in your .netrc, instead of the previous limit of 63 characters. Reported-by: Colby Ranger
2013-08-16glob: error out on range overflowDaniel Stenberg
The new multiply() function detects range value overflows. 32bit machines will overflow on a 32bit boundary while 64bit hosts support ranges up to the full 64 bit range. Added test 1236 to verify. Bug: http://curl.haxx.se/bug/view.cgi?id=1267 Reported-by: Will Dietz
2013-08-16urlglob: better detect unclosed braces, empty lists and overflowsDaniel Stenberg
A rather big overhaul and cleanup. 1 - curl wouldn't properly detect and reject globbing that ended with an open brace if there were brackets or braces before it. Like "{}{" or "[0-1]{" 2 - curl wouldn't properly reject empty lists so that "{}{}" would result in curl getting (nil) strings in the output. 3 - By using strtoul() instead of sscanf() the code will now detected over and underflows. It now also better parses the step argument to only accept positive numbers and only step counters that is smaller than the delta between the maximum and minimum numbers. 4 - By switching to unsigned longs instead of signed ints for the counters, the max values for []-ranges are now very large (on 64bit machines). 5 - Bumped the maximum number of globs in a single URL to 100 (from 10) 6 - Simplified the code somewhat and now it stores fixed strings as single- entry lists. That's also one of the reasons why I did (5) as now all strings between "globs" will take a slot in the array. Added test 1234 and 1235 to verify. Updated test 87. This commit fixes three separate bug reports. Bug: http://curl.haxx.se/bug/view.cgi?id=1264 Bug: http://curl.haxx.se/bug/view.cgi?id=1265 Bug: http://curl.haxx.se/bug/view.cgi?id=1266 Reported-by: Will Dietz
2013-08-15tests 2032, 2033: Don't hardcode port in expected outputTor Arntsen
2013-08-11test1228: add 'HTTP proxy' to the keywordsFabian Keil
2013-08-11tests: add keywords for a couple of FILE testsFabian Keil
2013-08-11tests: add 'FAILURE' keywords to tests 1409 and 1410Fabian Keil
2013-08-11tests: add keywords for a couple of HTTP testsFabian Keil
2013-08-11tests: add keywords for a couple of FTP testsFabian Keil
2013-08-11test1511: consistently terminate headers with CRLFFabian Keil
2013-08-10DISABLED: shut of test 1512 for nowDaniel Stenberg
It shows intermittent failures and I haven't been able to track them down yet. Disable this test for now.
2013-08-08global dns cache: didn't work [regression]Daniel Stenberg
CURLOPT_DNS_USE_GLOBAL_CACHE broke in commit c43127414d89ccb (been broken since the libcurl 7.29.0 release). While this option has been documented as deprecated for almost a decade and nobody even reported this bug, it should remain functional. Added test case 1512 to verify
2013-08-06FTP: when EPSV gets a 229 but fails to connect, retry with PASVDaniel Stenberg
This is a regression as this logic used to work. It isn't clear when it broke, but I'm assuming in 7.28.0 when we went all-multi internally. This likely never worked with the multi interface. As the failed connection is detected once the multi state has reached DO_MORE, the Curl_do_more() function was now expanded somewhat so that the ftp_do_more() function can request to go "back" to the previous state when it makes another attempt - using PASV. Added test case 1233 to verify this fix. It has the little issue that it assumes no service is listening/accepting connections on port 1... Reported-by: byte_bucket in the #curl IRC channel
2013-08-04formadd: wrong pointer for file name when CURLFORM_BUFFERPTR usedDaniel Stenberg
The internal function that's used to detect known file extensions for the default Content-Type got the the wrong pointer passed in when CURLFORM_BUFFER + CURLFORM_BUFFERPTR were used. This had the effect that strlen() would be used which could lead to an out-of-bounds read (and thus segfault). In most cases it would only lead to it not finding or using the correct default content-type. It also showed that test 554 and test 587 were testing for the previous/wrong behavior and now they're updated as well. Bug: http://curl.haxx.se/bug/view.cgi?id=1262 Reported-by: Konstantin Isakov
2013-07-23tests: test1232 verifies dotdot removal from path with proxyFabian Keil
2013-07-22libtest: fix data type of some *_setopt() 'long' argumentsYang Tse
2013-07-19WIN32 MemoryTracking: require UNICODE for wide strdup code supportYang Tse
2013-07-18Reinstate "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage".Yang Tse
This reverts commit 7ed25cc, reinstating commit 8ec2cb5. As of 18-jul-2013 we still do have code in libcurl that makes use of these memory functions. Commit 8ec2cb5 comment still applies and is yet valid. These memory functions are solely used in Windows builds, so all related code is protected with '#ifdef WIN32' preprocessor conditional compilation directives. Specifically, wcsdup() _wcsdup() are used when building a Windows target with UNICODE and USE_WINDOWS_SSPI preprocessor symbols defined. This is the case when building a Windows UNICODE target with Windows native SSL/TLS support enabled. Realizing that wcsdup() _wcsdup() are used is a bit tricky given that usage of these is hidden behind _tcsdup() which is MS way of dealing with code that must tolerate UNICODE and non-UNICODE compilation. Additionally, MS header files and those compatible from other compilers use this preprocessor conditional compilation directive in order to select at compilation time whether 'wide' or 'ansi' MS API functions are used. Without this code, Windows build targets with Windows native SSL/TLS support enabled and MemoryTracking support enabled misbehave in tracking memory usage, regardless of being a UNICODE enabled build or not.
2013-07-17cmake: Fix for MSVC2010 project generationSergei Nikulov
Fixed issue with static build for MSVC2010. After some investigation I've discovered known issue http://public.kitware.com/Bug/view.php?id=11240 When .rc file is linked to static lib it fails with following linker error LINK : warning LNK4068: /MACHINE not specified; defaulting to X86 file.obj : fatal error LNK1112: module machine type 'x64' conflicts with target machine type 'X86' Fix add target property /MACHINE: for MSVC generation. Also removed old workarounds - it caused errors during msvc build. Bug: http://curl.haxx.se/mail/lib-2013-07/0046.html
2013-07-16test1414: FTP PORT download without SIZE supportDaniel Stenberg
2013-07-16tests/Makefile.am: add configurehelp.pm to DISTCLEANFILESYang Tse
2013-07-11test 1511: fix enumerated type mixed with another typeYang Tse
2013-07-01lib506.c: Fixed possible use of uninitialized variablesMarc Hoersken
2013-06-25formpost: better random boundariesDaniel Stenberg
When doing multi-part formposts, libcurl used a pseudo-random value that was seeded with time(). This turns out to be bad for users who formpost data that is provided with users who then can guess how the boundary string will look like and then they can forge a different formpost part and trick the receiver. My advice to such implementors is (still even after this change) to not rely on the boundary strings being cryptographically strong. Fix your code and logic to not depend on them that much! I moved the Curl_rand() function into the sslgen.c source file now to be able to take advantage of the SSL library's random function if it provides one. If not, try to use the RANDOM_FILE for seeding and as a last resort keep the old logic, just modified to also add microseconds which makes it harder to properly guess the exact seed. The formboundary() function in formdata.c is now using 64 bit entropy for the boundary and therefore the string of dashes was reduced by 4 letters and there are 16 hex digits following it. The total length is thus still the same. Bug: http://curl.haxx.se/bug/view.cgi?id=1251 Reported-by: "Floris"
2013-06-24tests: add test1395 to the tarballDaniel Stenberg
2013-06-22test1396: invoke the correct test tool!Daniel Stenberg
This erroneously run unit test 1310 instead of 1396!
2013-06-22test1230: avoid using hard-wired port numberKamil Dudka
... to prevent failure when a non-default -b option is given
2013-06-22dotdot: introducing dot file path cleanupDaniel Stenberg
RFC3986 details how a path part passed in as part of a URI should be "cleaned" from dot sequences before getting used. The described algorithm is now implemented in lib/dotdot.c with the accompanied test case in test 1395. Bug: http://curl.haxx.se/bug/view.cgi?id=1200 Reported-by: Alex Vinnik
2013-06-22unit1396: unit tests to verify curl_easy_(un)escapeDaniel Stenberg
2013-06-17test506: verify that CURLOPT_COOKIELIST takes share lockBenjamin Gilbert
It doesn't right now: http://curl.haxx.se/bug/view.cgi?id=1215
2013-06-12cookies: follow-up fix for path checkingYAMADA Yasuharu
The initial fix to only compare full path names were done in commit 04f52e9b4db0 but found out to be incomplete. This takes should make the change more complete and there's now two additional tests to verify (test 31 and 62).
2013-06-12lib1900: use tutil_tvnow instead of gettimeofdaySergei Nikulov
Makes it build on windows
2013-06-12test2033: requires NTLM supportEric Hu
2013-06-06lib1500: remove bad checkDaniel Stenberg
After curl_multi_wait() returns, this test checked that we got exactly one file descriptor told to read from, but we cannot be sure that is true. curl_multi_wait() will sometimes return earlier without any file descriptor to handle, just just because it is a suitable time to call *perform(). This problem showed up with commit 29bf0598. Bug: http://curl.haxx.se/mail/lib-2013-06/0029.html Reported-by: Fabian Keil
2013-06-04tests/Makefile: typo in the perlcheck targetDaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=1239 Reported-by: Christian Weisgerber
2013-06-04test1230: verify CONNECT to a numerical ipv6-addressDaniel Stenberg
2013-06-04sws: support extracting test number from CONNECT ipv6-address!Daniel Stenberg
If an ipv6-address is provided to CONNECT, the last hexadecimal group in the address will be used as the test number! For example the address "[1234::ff]" would be treated as test case 255.
2013-05-27Digest auth: escape user names with \ or " in themDaniel Stenberg
When sending the HTTP Authorization: header for digest, the user name needs to be escaped if it contains a double-quote or backslash. Test 1229 was added to verify Reported and fixed by: Nach M. S Bug: http://curl.haxx.se/bug/view.cgi?id=1230
2013-05-19tests: add test1394 file to the tarballDaniel Stenberg
2013-05-18cookies: only consider full path matchesYAMADA Yasuharu
I found a bug which cURL sends cookies to the path not to aim at. For example: - cURL sends a request to http://example.fake/hoge/ - server returns cookie which with path=/hoge; the point is there is NOT the '/' end of path string. - cURL sends a request to http://example.fake/hogege/ with the cookie. The reason for this old "feature" is because that behavior is what is described in the original netscape cookie spec: http://curl.haxx.se/rfc/cookie_spec.html The current cookie spec (RFC6265) clarifies the situation: http://tools.ietf.org/html/rfc6265#section-5.2.4
2013-05-12Revert "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage"Daniel Stenberg
This reverts commit 8ec2cb5544b86306b702484ea785b6b9596562ab. We don't have any code anywhere in libcurl (or the curl tool) that use wcsdup so there's no such memory use to track. It seems to cause mild problems with the Borland compiler though that we may avoid by reverting this change again. Bug: http://curl.haxx.se/mail/lib-2013-05/0070.html
2013-05-08libtest: gitignore more binary filesDaniel Stenberg
2013-05-07tests: Added new SMTP tests to verify commit 99b40451836dSteve Holme
2013-05-07runtests.pl: support nonewline="yes" in client/stdin sectionsDaniel Stenberg
2013-05-06build: fixed unit1394 for debug and metlink buildsDaniel Stenberg
2013-05-06unit1394.c: plug the curl tool unit test inKamil Dudka
2013-05-06unit1394.c: basis of a unit test for parse_cert_parameter()Jared Jennings
2013-05-06src/Makefile.am: build static lib for unit tests if enabledKamil Dudka
2013-05-04smtp: Fixed sending of double CRLF caused by first in EOBSteve Holme
If the mail sent during the transfer contains a terminating <CRLF> then we should not send the first <CRLF> of the EOB as specified in RFC-5321. Additionally don't send the <CRLF> if there is "no mail data" as the DATA command already includes it.
2013-05-03tests: Corrected MAIL SIZE for CRLF line endingsSteve Holme
... which was missed in commit: f5c3d9538452