Граф коммитов

4250 Коммитов

Автор SHA1 Сообщение Дата
Jay Satiro c2a8d52a13 tests: Fix the line endings for the SASL alt-auth tests
- Change data and protocol sections to CRLF line endings.

Prior to this change the tests would fail or hang, which is because
certain sections such as protocol require CRLF line endings.

Follow-up to a9499ff from today which added the tests.

Ref: https://github.com/curl/curl/pull/3790
2019-05-23 04:01:09 -04:00
Steve Holme a9499ff136
curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool 2019-05-22 22:55:11 +01:00
Marc Hoersken 081d374f49 tests: add support to test against OpenSSH for Windows
Testing against OpenSSH for Windows requires v7.7.0.0 or newer
due to the use of AllowUsers and DenyUsers. For more info see:
https://github.com/PowerShell/Win32-OpenSSH/wiki/sshd_config
2019-05-22 19:54:05 +02:00
Daniel Stenberg 31b77c1877
curl: report error for "--no-" on non-boolean options
Reported-by: Olen Andoni
Fixes #3906
Closes #3907
2019-05-20 19:04:54 +02:00
Daniel Stenberg 8b038bcc95
lib1560: add tests for parsing URL with too long scheme
Ref: #3905
2019-05-20 15:27:07 +02:00
Daniel Stenberg f943347496
test332: verify the blksize fix 2019-05-20 07:59:11 +02:00
Daniel Stenberg 697b1f911b
curl: make code work with protocol-disabled libcurl
Closes #3844
2019-05-18 16:14:10 +02:00
Daniel Stenberg 8ece8177f1
cleanup: remove FIXME and TODO comments
They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing
or rephrasing them.

Ref: #3876
Closes #3883
2019-05-16 09:16:56 +02:00
Daniel Stenberg ee68bbe29c
parse_proxy: use the URL parser API
As we treat a given proxy as a URL we should use the unified URL parser
to extract the parts out of it.

Closes #3878
2019-05-15 12:02:05 +02:00
Daniel Stenberg 9f9ec7da57
urlapi: require a non-zero host name length when parsing URL
Updated test 1560 to verify.

Closes #3880
2019-05-14 13:39:10 +02:00
Marcel Raad 6b3dde7fe6
build: fix "clarify calculation precedence" warnings
Codacy/CppCheck warns about this. Consistently use parentheses as we
already do in some places to silence the warning.

Closes https://github.com/curl/curl/pull/3866
2019-05-12 09:31:09 +02:00
Jay Satiro d934059afd Revert "multi: support verbose conncache closure handle"
This reverts commit b0972bc.

- No longer show verbose output for the conncache closure handle.

The offending commit was added so that the conncache closure handle
would inherit verbose mode from the user's easy handle. (Note there is
no way for the user to set options for the closure handle which is why
that was necessary.) Other debug settings such as the debug function
were not also inherited since we determined that could lead to crashes
if the user's per-handle private data was used on an unexpected handle.

The reporter here says he has a debug function to capture the verbose
output, and does not expect or want any output to stderr; however
because the conncache closure handle does not inherit the debug function
the verbose output for that handle does go to stderr.

There are other plausible scenarios as well such as the user redirects
stderr on their handle, which is also not inherited since it could lead
to crashes when used on an unexpected handle.

Short of allowing the user to set options for the conncache closure
handle I don't think there's much we can safely do except no longer
inherit the verbose setting.

Bug: https://curl.haxx.se/mail/lib-2019-05/0021.html
Reported-by: Kristoffer Gleditsch

Ref: https://github.com/curl/curl/pull/3598
Ref: https://github.com/curl/curl/pull/3618

Closes https://github.com/curl/curl/pull/3856
2019-05-10 15:01:57 -04:00
Daniel Gustafsson d490d207c7 test2100: Fix typos in test description 2019-05-06 20:12:39 +03:00
Daniel Stenberg 2d0e9b40d3
urlapi: add CURLUPART_ZONEID to set and get
The zoneid can be used with IPv6 numerical addresses.

Updated test 1560 to verify.

Closes #3834
2019-05-05 15:52:46 +02:00
Daniel Stenberg bdb2dbc103
urlapi: strip off scope id from numerical IPv6 addresses
... to make the host name "usable". Store the scope id and put it back
when extracting a URL out of it.

Also makes curl_url_set() syntax check CURLUPART_HOST.

Fixes #3817
Closes #3822
2019-05-03 12:17:22 +02:00
Daniel Stenberg 5fc28510a4
CURL_MAX_INPUT_LENGTH: largest acceptable string input size
This limits all accepted input strings passed to libcurl to be less than
CURL_MAX_INPUT_LENGTH (8000000) bytes, for these API calls:
curl_easy_setopt() and curl_url_set().

The 8000000 number is arbitrary picked and is meant to detect mistakes
or abuse, not to limit actual practical use cases. By limiting the
acceptable string lengths we also reduce the risk of integer overflows
all over.

NOTE: This does not apply to `CURLOPT_POSTFIELDS`.

Test 1559 verifies.

Closes #3805
2019-04-29 08:02:44 +02:00
Steve Holme eb84ca3ea8 sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
RFC 4616 specifies the authzid is optional in the client authentication
message and that the server will derive the authorisation identity
(authzid) from the authentication identity (authcid) when not specified
by the client.
2019-04-22 12:29:49 +01:00
Daniel Stenberg c8bbfb90ea
test 196,197,198: add 'retry' keyword [skip ci] 2019-04-21 23:28:47 +02:00
Daniel Stenberg e04e974aed
test1002: correct the name [skip ci] 2019-04-20 12:44:31 +02:00
Daniel Stenberg 4225e5db1b
test660: verify CONNECT_ONLY with IMAP
which basically just makes sure LOGOUT is *not* issued on disconnect
2019-04-20 12:40:53 +02:00
Daniel Gustafsson 90d9e9460e tests: Run global cleanup at end of tests
Make sure to run curl_global_cleanup() when shutting down the test
suite to release any resources allocated in the SSL setup. This is
clearly visible when running tests with PolarSSL where the thread
lock calloc() memory which isn't released when not running cleanup.
Below is an excerpt from the autobuild logs:

  ==12368== 96 bytes in 1 blocks are possibly lost in loss record 1 of 2
  ==12368== at 0x4837B65: calloc (vg_replace_malloc.c:752)
  ==12368== by 0x11A76E: curl_dbg_calloc (memdebug.c:205)
  ==12368== by 0x145CDF: Curl_polarsslthreadlock_thread_setup
                         (polarssl_threadlock.c:54)
  ==12368== by 0x145B37: Curl_polarssl_init (polarssl.c:865)
  ==12368== by 0x14129D: Curl_ssl_init (vtls.c:171)
  ==12368== by 0x118B4C: global_init (easy.c:158)
  ==12368== by 0x118BF5: curl_global_init (easy.c:221)
  ==12368== by 0x118D0B: curl_easy_init (easy.c:299)
  ==12368== by 0x114E96: test (lib1906.c:32)
  ==12368== by 0x115495: main (first.c:174)

Closes #3783
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-04-15 15:23:58 +02:00
Daniel Stenberg a7ae01cb75
runtests: start socksd like other servers
... without a $srcdir prefix. Triggered by the failures in several
autobuilds.

Closes #3781
2019-04-15 11:05:20 +02:00
Daniel Gustafsson 0641086c2f socksd: Fix typos
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-04-14 22:06:40 +02:00
Daniel Gustafsson 31238d5fb7 socksd: Properly decorate static variables
Mark global variables static to avoid compiler warning in Clang when
using -Wmissing-variable-declarations.

Closes #3778
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-04-14 22:06:09 +02:00
Daniel Stenberg 54c784556e
test: make tests and test scripts use socksd for SOCKS
Make all SOCKS tests use socksd instead of ssh.
2019-04-13 11:21:53 +02:00
Daniel Stenberg 04fd67555c
socksd: new SOCKS 4+5 server for tests
Closes #3752
2019-04-13 11:21:35 +02:00
Daniel Stenberg d715d2ac89
urlapi: stricter CURLUPART_PORT parsing
Only allow well formed decimal numbers in the input.

Document that the number MUST be between 1 and 65535.

Add tests to test 1560 to verify the above.

Ref: https://github.com/curl/curl/issues/3753
Closes #3762
2019-04-13 11:17:30 +02:00
Daniel Stenberg 1489d1db85
test1906: verify CURLOPT_CURLU + CURLOPT_PORT usage
Based-on-code-by: Poul T Lomholt
2019-04-11 22:45:13 +02:00
Daniel Stenberg f73de32d46
CURLOPT_DNS_USE_GLOBAL_CACHE: remove
Remove the code too. The functionality has been disabled in code since
7.62.0. Setting this option will from now on simply be ignored and have
no function.

Closes #3654
2019-04-11 22:22:39 +02:00
Marcel Raad d1b5cf830b
build: fix Codacy/CppCheck warnings
- remove unused variables
- declare conditionally used variables conditionally
- suppress unused variable warnings in the CMake tests
- remove dead variable stores
- consistently use WIN32 macro to detect Windows

Closes https://github.com/curl/curl/pull/3739
2019-04-11 21:08:44 +02:00
Marcel Raad d250ed4753
lib557: initialize variables
These variables are only conditionally initialized.

Closes https://github.com/curl/curl/pull/3739
2019-04-11 21:08:41 +02:00
Marcel Raad 9eac2d92cf
lib509: add missing include for strdup
Closes https://github.com/curl/curl/pull/3739
2019-04-11 21:08:39 +02:00
Marcel Raad dc0712eea3
tests/server/util: fix Windows Unicode build
Always use the ANSI version of FormatMessage as we don't have the
curl_multibyte gear available here.

Closes https://github.com/curl/curl/pull/3758
2019-04-11 21:03:20 +02:00
Daniel Gustafsson 06ace0ba98 xattr: skip unittest on unsupported platforms
The stripcredentials unittest fails to compile on platforms without
xattr support, for example the Solaris member in the buildfarm which
fails with the following:

  CC unit1621-unit1621.o
  CC ../libtest/unit1621-first.o
  CCLD unit1621
  Undefined first referenced
  symbol in file
  stripcredentials unit1621-unit1621.o
  goto problem 2
  ld: fatal: symbol referencing errors. No output written to .libs/unit1621
  collect2: error: ld returned 1 exit status
  gmake[2]: *** [Makefile:996: unit1621] Error 1

Fix by excluding the test on such platforms by using the reverse
logic from where stripcredentials() is defined.

Closes #3759
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-04-11 09:22:22 +02:00
Jakub Zakrzewski 89bb5a836c
test: urlapi: urlencode characters above 0x7f correctly 2019-04-07 22:57:42 +02:00
Daniel Stenberg 2f44e94efb
pipelining: removed
As previously planned and documented in DEPRECATE.md, all pipelining
code is removed.

Closes #3651
2019-04-06 22:49:50 +02:00
cclauss aba1c51553
tests: make Impacket (SMB server) Python 3 compatible
Closes #3731
Fixes #3289
2019-04-06 22:29:57 +02:00
Mert Yazıcıoğlu 6227e2bd07 vauth/oauth2: Fix OAUTHBEARER token generation
OAUTHBEARER tokens were incorrectly generated in a format similar to
XOAUTH2 tokens. These changes make OAUTHBEARER tokens conform to the
RFC7628.

Fixes: #2487
Reported-by: Paolo Mossino

Closes https://github.com/curl/curl/pull/3377
2019-04-02 15:52:12 -04:00
Dan Fandrich 27fb521df5 tests: Fixed XML validation errors in some test files. 2019-03-24 18:35:02 +01:00
Dan Fandrich 48287c9c96 tests: Fix some incorrect precheck error messages.
[ci skip]
2019-03-24 13:02:05 +01:00
Daniel Stenberg dc5edf9124
test1541: threaded connection sharing
The threaded-shared-conn.c example turned into test case. Only works if
pthread was detected.

An attempt to detect future regressions such as e3a53e3efb

Closes #3687
2019-03-18 13:58:46 +01:00
Daniel Stenberg 5cf5d57ab9
makefile: make checksrc and hugefile commands "silent"
... to match the style already used for compiling, linking
etc. Acknowledges 'make V=1' to enable verbose.

Closes #3681
2019-03-14 20:11:24 +01:00
Dan Fandrich 6971478963 fuzzer: Only clone the latest fuzzer code, for speed. 2019-03-14 14:03:16 +01:00
Dominik Hölzl 6c60355323
Negotiate: fix for HTTP POST with Negotiate
* Adjusted unit tests 2056, 2057
* do not generally close connections with CURLAUTH_NEGOTIATE after every request
* moved negotiatedata from UrlState to connectdata
* Added stream rewind logic for CURLAUTH_NEGOTIATE
* introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC
* Consider authproblem state for CURLAUTH_NEGOTIATE
* Consider reuse_forbid for CURLAUTH_NEGOTIATE
* moved and adjusted negotiate authentication state handling from
  output_auth_headers into Curl_output_negotiate
* Curl_output_negotiate: ensure auth done is always set
* Curl_output_negotiate: Set auth done also if result code is
  GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may
  also indicate the last challenge request (only works with disabled
  Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1)
* Consider "Persistent-Auth" header, detect if not present;
  Reset/Cleanup negotiate after authentication if no persistent
  authentication
* apply changes introduced with #2546 for negotiate rewind logic

Fixes #1261
Closes #1975
2019-03-14 09:26:03 +01:00
Marc Schlatter dd8a19f8a0
http: send payload when (proxy) authentication is done
The check that prevents payload from sending in case of authentication
doesn't check properly if the authentication is done or not.

They're cases where the proxy respond "200 OK" before sending
authentication challenge. This change takes care of that.

Fixes #2431
Closes #3669
2019-03-13 10:58:52 +01:00
Daniel Stenberg ff7e5a29c7
test331: verify set-cookie for dotless host name
Reproduced bug #3649
Closes #3659
2019-03-09 12:59:20 +01:00
Daniel Stenberg 299d9660f8
Revert "cookies: extend domain checks to non psl builds"
This reverts commit 3773de378d.

Regression shipped in 7.64.0
Fixes #3649
2019-03-09 12:59:20 +01:00
Daniel Stenberg 76b6348949
memdebug: make debug-specific functions use curl_dbg_ prefix
To not "collide" or use up the regular curl_ name space. Also makes them
easier to detect in helper scripts.

Closes #3656
2019-03-08 23:21:21 +01:00
Daniel Stenberg a4cc978906
tests: fix multiple may be used uninitialized warnings 2019-03-05 14:38:25 +01:00
Jay Satiro b0972bc8e1 multi: support verbose conncache closure handle
- Change closure handle to receive verbose setting from the easy handle
  most recently added via curl_multi_add_handle.

The closure handle is a special easy handle used for closing cached
connections. It receives limited settings from the easy handle most
recently added to the multi handle. Prior to this change that did not
include verbose which was a problem because on connection shutdown
verbose mode was not acknowledged.

Ref: https://github.com/curl/curl/pull/3598

Co-authored-by: Daniel Stenberg

Closes https://github.com/curl/curl/pull/3618
2019-03-05 00:00:01 -05:00
Daniel Stenberg 15401fa886
CURLU: fix NULL dereference when used over proxy
Test 659 verifies

Also fixed the test 658 name

Closes #3641
2019-03-04 16:24:08 +01:00
Daniel Stenberg 5345b04a43
alt-svc: add test 355 and 356 to verify with command line curl 2019-03-03 11:17:52 +01:00
Daniel Stenberg e1be825453
alt-svc: the libcurl bits 2019-03-03 11:17:52 +01:00
Daniel Stenberg 64d598d91d
test578: make it read data from the correct test 2019-02-28 20:46:45 +01:00
Daniel Stenberg eb43338941
cookies: only save the cookie file if the engine is enabled
Follow-up to 8eddb8f425.

If the cookieinfo pointer is NULL there really is nothing to save.

Without this fix, we got a problem when a handle was using shared object
with cookies and is told to "FLUSH" it to file (which worked) and then
the share object was removed and when the easy handle was closed just
afterwards it has no cookieinfo and no cookies so it decided to save an
empty jar (overwriting the file just flushed).

Test 1905 now verifies that this works.

Assisted-by: Michael Wallner
Assisted-by: Marcel Raad

Closes #3621
2019-02-27 21:59:40 +01:00
Daniel Stenberg 15ef24985c
runtests: detect "schannel" as an alias for "winssl"
Follow-up to 180501cb02

Reported-by: Marcel Raad
Fixes #3609
Closes #3620
2019-02-26 22:18:35 +01:00
Dan Fandrich 87ba80a6df tests: Fixed XML validation errors in some test files. 2019-02-21 22:10:48 +01:00
Daniel Stenberg c543da9a50
curl: remove MANUAL from -M output
... and remove it from the dist tarball. It has served its time, it
barely gets updated anymore and "everything curl" is now convering all
this document once tried to include, and does it more and better.

In the compressed scenario, this removes ~15K data from the binary,
which is 25% of the -M output.

It remains in the git repo for now for as long as the web site builds a
page using that as source. It renders poorly on the site (especially for
mobile users) so its not even good there.

Closes #3587
2019-02-20 08:20:27 +01:00
Daniel Stenberg b08898fb29
connection: never reuse CONNECT_ONLY conections
and make CONNECT_ONLY conections never reuse any existing ones either.

Reported-by: Pavel Löbl
Bug: https://curl.haxx.se/mail/lib-2019-02/0064.html
Closes #3586
2019-02-19 22:50:02 +01:00
Daniel Stenberg 5908e900be
unit1651: survive curl_easy_init() fails 2019-02-19 09:08:28 +01:00
Daniel Gustafsson e6522522f9 cookie: Add support for cookie prefixes
The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes
and how they should affect cookie initialization, which has been
adopted by the major browsers. This adds support for the two prefixes
defined, __Host- and __Secure, and updates the testcase with the
supplied examples from the draft.

Closes #3554
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-02-17 00:09:30 +01:00
Marcel Raad 208c77713a
unit1307: just fail without FTP support
I missed to check this in with commit
71786c0505, which only disabled the test.
This fixes the actual linker error.

Closes https://github.com/curl/curl/pull/3568
2019-02-15 09:50:52 +01:00
Daniel Stenberg 28177def43
gssapi: fix deprecated header warnings
Heimdal includes on FreeBSD spewed out lots of them. Less so now.

Closes #3566
2019-02-14 08:38:43 +01:00
Marcel Raad 71786c0505
unit1307: require FTP support
This test doesn't link without FTP support after
fc7ab4835b, which made Curl_fnmatch
unavailable without FTP support.

Closes https://github.com/curl/curl/pull/3565
2019-02-13 08:42:11 +01:00
Frank Gevaerts 35a8fd2886
tests: add stderr comparison to the test suite
The code is more or less copied from the stdout comparison code, maybe
some better reuse is possible.

test 1457 is adjusted to make the output actually match (by using --silent)
test 506 used <stderr> without actually needing it, so that <stderr> block is removed

Closes #3536
2019-02-11 23:00:50 +01:00
Patrick Monnerat cac0e4a6ad cli tool: do not use mime.h private structures.
Option -F generates an intermediate representation of the mime structure
that is used later to create the libcurl mime structure and generate
the --libcurl statements.

Reported-by: Daniel Stenberg
Fixes #3532
Closes #3546
2019-02-11 19:10:41 +01:00
Daniel Stenberg 05b100aee2
cleanup: make local functions static
urlapi: turn three local-only functions into statics

conncache: make conncache_find_first_connection static

multi: make detach_connnection static

connect: make getaddressinfo static

curl_ntlm_core: make hmac_md5 static

http2: make two functions static

http: make http_setup_conn static

connect: make tcpnodelay static

tests: make UNITTEST a thing to mark functions with, so they can be static for
normal builds and non-static for unit test builds

... and mark Curl_shuffle_addr accordingly.

url: make up_free static

setopt: make vsetopt static

curl_endian: make write32_le static

rtsp: make rtsp_connisdead static

warnless: remove unused functions

memdebug: remove one unused function, made another static
2019-02-10 18:38:57 +01:00
Ladar Levison 53400f5a41 runtests.pl: Fix perl call to include srcdir
- Use explicit include opt for perl calls.

Prior to this change some scripts couldn't find their dependencies.

At the top, perl is called using with the "-Isrcdir" option, and it
works:

https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L183

But on line 3868, that option is omitted. This caused problems for me,
as the symbol-scan.pl script in particular couldn't find its
dependencies properly:

https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L3868

This patch fixes that oversight by making calls to perl sub-shells
uniform.

Closes https://github.com/curl/curl/pull/3496
2019-02-04 13:02:29 -05:00
Daniel Stenberg 1b8fe0a8ae
unit1653: make it survive torture tests 2019-01-28 08:44:15 +01:00
Daniel Stenberg ea77fec16f
tests: move objnames-* from lib into tests
Since they're used purely for testing purposes, I think they should
rather be stored there.

Closes #3470
2019-01-15 08:09:34 +01:00
Daniel Stenberg ba243235ec
urldata: rename easy_conn to just conn
We use "conn" everywhere to be a pointer to the connection.

Introduces two functions that "attaches" and "detaches" the connection
to and from the transfer.

Going forward, we should favour using "data->conn" (since a transfer
always only has a single connection or none at all) to "conn->data"
(since a connection can have none, one or many transfers associated with
it and updating conn->data to be correct is error prone and a frequent
reason for internal issues).

Closes #3442
2019-01-11 15:35:13 +01:00
Daniel Stenberg f6bb05ccbd
test1558: verify CURLINFO_PROTOCOL on file:// transfer
Attempt to reproduce issue #3444.

Closes #3447
2019-01-10 11:22:48 +01:00
Daniel Stenberg 98e6629154
xattr: strip credentials from any URL that is stored
Both user and password are cleared uncondtitionally.

Added unit test 1621 to verify.

Fixes #3423
Closes #3433
2019-01-10 10:49:51 +01:00
Daniel Stenberg afeb8d9902
cookies: allow secure override when done over HTTPS
Added test 1562 to verify.

Reported-by: Jeroen Ooms
Fixes #3445
Closes #3450
2019-01-10 10:31:06 +01:00
Daniel Stenberg 5f5b5afcb7
test1561: improve test name
[skip ci]
2019-01-09 15:34:36 +01:00
Katsuhiko YOSHIDA 1f30dc886d
cookies: skip custom cookies when redirecting cross-site
Closes #3417
2019-01-09 15:18:08 +01:00
Bernhard M. Wiedemann 114a02c75b
tests: allow tests to pass by 2037-02-12
similar to commit f508d29f39

Closes #3443
2019-01-08 10:36:49 +01:00
Brad Spencer 84a30d0a41
curl_multi_remove_handle() don't block terminating c-ares requests
Added Curl_resolver_kill() for all three resolver modes, which only
blocks when necessary, along with test 1592 to confirm
curl_multi_remove_handle() doesn't block unless it must.

Closes #3428
Fixes #3371
2019-01-07 10:05:20 +01:00
Rikard Falkeborn fa2d6ba84d
printf: fix format specifiers
Closes #3426
2019-01-04 23:50:48 +01:00
Daniel Stenberg c7c362a24c
libtest/stub_gssapi: use "real" snprintf
... since it doesn't link with libcurl.

Reverts the commit dcd6f81025 changes from this file.

Bug: https://curl.haxx.se/mail/lib-2019-01/0000.html
Reported-by: Shlomi Fish
Reviewed-by: Daniel Gustafsson
Reviewed-by: Kamil Dudka

Closes #3434
2019-01-03 23:47:23 +01:00
Marcel Raad 46c89348b9 tvnow: silence conversion warnings
MinGW-w64 defaults to targeting Windows 7 now, so GetTickCount64 is
used and the milliseconds are represented as unsigned long long,
leading to a compiler warning when implicitly converting them to long.
2019-01-01 18:04:24 +01:00
Markus Moeller 7bcca93459 ntlm: update selection of type 3 response
NTLM2 did not work i.e. no NTLMv2 response was created. Changing the
check seems to work.

Ref: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/[MS-NLMP].pdf

Fixes https://github.com/curl/curl/issues/3286
Closes https://github.com/curl/curl/pull/3287
Closes https://github.com/curl/curl/pull/3415
2019-01-01 11:47:17 +01:00
Daniel Gustafsson a4482b21bd urlapi: fix parsing ipv6 with zone index
The previous fix for parsing IPv6 URLs with a zone index was a paddle
short for URLs without an explicit port. This patch fixes that case
and adds a unit test case.

This bug was highlighted by issue #3408, and while it's not the full
fix for the problem there it is an isolated bug that should be fixed
regardless.

Closes #3411
Reported-by: GitYuanQu on github
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-30 20:11:57 +01:00
Claes Jakobsson d8cae791f4 hostip: support wildcard hosts
This adds support for wildcard hosts in CURLOPT_RESOLVE. These are
try-last so any non-wildcard entry is resolved first. If specified,
any host not matched by another CURLOPT_RESOLVE config will use this
as fallback.

Example send a.com to 10.0.0.1 and everything else to 10.0.0.2:
  curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \
       https://a.com https://b.com

This is probably quite similar to using:
  --connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443

Closes #3406
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-27 14:23:53 +01:00
Daniel Stenberg 006ff62d8c
http: added options for allowing HTTP/0.9 responses
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.

For now, both the tool and library allow HTTP/0.9 by default.
docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
months after the 7.64.0 release. The options are added already now so
that applications/scripts can start using them already now.

Fixes #2873
Closes #3383
2018-12-21 10:49:30 +01:00
Daniel Gustafsson 3773de378d cookies: extend domain checks to non psl builds
Ensure to perform the checks we have to enforce a sane domain in
the cookie request. The check for non-PSL enabled builds is quite
basic but it's better than nothing.

Closes #2964
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-19 20:59:09 +01:00
Daniel Stenberg 04b69c744c
http: minor whitespace cleanup from f464535b 2018-12-14 10:20:06 +01:00
Ayoub Boudhar f464535bfd
http: Implement trailing headers for chunked transfers
This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION
options that allow a callback based approach to sending trailing headers
with chunked transfers.

The test server (sws) was updated to take into account the detection of the
end of transfer in the case of trailing headers presence.

Test 1591 checks that trailing headers can be sent using libcurl.

Closes #3350
2018-12-14 10:10:48 +01:00
Leonardo Taccari 3997510eed
test1201: Add a trailing `?' to the selector
This verify that the `?' in the selector is kept as is.

Verifies the fix in #3370
2018-12-13 10:24:01 +01:00
Daniel Gustafsson 7a09b52c98 cookies: leave secure cookies alone
Only allow secure origins to be able to write cookies with the
'secure' flag set. This reduces the risk of non-secure origins
to influence the state of secure origins. This implements IETF
Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
RFC6265.

Closes #2956
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-13 09:57:58 +01:00
Daniel Gustafsson d8607da1a6 urlapi: Fix port parsing of eol colon
A URL with a single colon without a portnumber should use the default
port, discarding the colon. Fix, add a testcase and also do little bit
of comment wordsmithing.

Closes #3365
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-12 11:48:04 +01:00
Daniel Stenberg 1945460d48
test1519: use lib1518 and test CURLINFO_REDIRECT_URL more 2018-12-12 07:58:54 +01:00
Daniel Stenberg 435402cfe3
Curl_follow: extract the Location: header field unvalidated
... when not actually following the redirect. Otherwise we return error
for this and an application can't extract the value.

Test 1518 added to verify.

Reported-by: Pavel Pavlov
Fixes #3340
Closes #3364
2018-12-12 07:58:47 +01:00
Daniel Gustafsson e1be2ecba4 tests: add urlapi unittest
This adds a new unittest intended to cover the internal functions in
the urlapi code, starting with parse_port(). In order to avoid name
collisions in debug builds, parse_port() is renamed Curl_parse_port()
since it will be exported.

Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-12-11 15:02:24 +01:00
Jay Satiro 552f0205e6
http: fix HTTP auth to include query in URI
- Include query in the path passed to generate HTTP auth.

Recent changes to use the URL API internally (46e1640, 7.62.0)
inadvertently broke authentication URIs by omitting the query.

Fixes https://github.com/curl/curl/issues/3353
Closes #3356
2018-12-11 13:28:20 +01:00
Daniel Stenberg 4e326f9247
test329: verify cookie max-age=0 immediate expiry 2018-12-09 18:35:02 +01:00
Daniel Stenberg 40ac6f1e50
test328: verify Content-Encoding: none
Because of issue #3315

Closes #3317
2018-11-28 14:13:14 +01:00
Daniel Stenberg a52e46f390
cookies: create the cookiejar even if no cookies to save
Important for when the file is going to be read again and thus must not
contain old contents!

Adds test 327 to verify.

Reported-by: daboul on github
Fixes #3299
Closes #3300
2018-11-23 14:50:51 +01:00
Daniel Stenberg dcd6f81025
snprintf: renamed and we now only use msnprintf()
The function does not return the same value as snprintf() normally does,
so readers may be mislead into thinking the code works differently than
it actually does. A different function name makes this easier to detect.

Reported-by: Tomas Hoger
Assisted-by: Daniel Gustafsson
Fixes #3296
Closes #3297
2018-11-23 08:26:51 +01:00
Tobias Hintze 9944d6ba33
test: update test20/1322 for eglibc bug workaround
The tests 20 and 1322 are using getaddrinfo of libc for resolving. In
eglibc-2.19 there is a memory leakage and invalid free bug which
surfaces in some special circumstances (PF_UNSPEC hint with invalid or
non-existent names). The valgrind runs in testing fail in these
situations.

As the tests 20/1322 are not specific on either protocol (IPv4/IPv6)
this commit changes the hints to IPv4 protocol by passing `--ipv4` flag
on the tests' command line.  This prevents the valgrind failures.
2018-11-22 13:41:35 +01:00
Daniel Stenberg a04ed00a77
impacket: add LICENSE
The license for the impacket package was not in our tree.

Imported now from upstream's
https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE

Reported-by: infinnovation-dev on github
Fixes #3276
Closes #3277
2018-11-19 14:08:28 +01:00
Marc Hoersken 9cf7b7e660 tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows
SO_EXCLUSIVEADDRUSE is on by default on Vista or newer,
but does not work together with SO_REUSEADDR being on.

The default changes were made with stunnel 5.34 and 5.35.
2018-11-15 21:10:29 +01:00
Jim Fuller 5c4fe0d826
setopt: add CURLOPT_CURLU
Allows an application to pass in a pre-parsed URL via a URL handle.

Closes #3227
2018-11-09 15:47:28 +01:00
Frank Gevaerts e431daf013
curl: add %{stderr} and %{stdout} for --write-out
Closes #3115
2018-11-07 11:09:55 +01:00
Daniel Stenberg 9aa8ff2895
urlapi: only skip encoding the first '=' with APPENDQUERY set
APPENDQUERY + URLENCODE would skip all equals signs but now it only skip
encoding the first to better allow "name=content" for any content.

Reported-by: Alexey Melnichuk
Fixes #3231
Closes #3231
2018-11-07 08:28:48 +01:00
Daniel Stenberg 9df8dc101b
url: a short host name + port is not a scheme
The function identifying a leading "scheme" part of the URL considered a
few letters ending with a colon to be a scheme, making something like
"short:80" to become an unknown scheme instead of a short host name and
a port number.

Extended test 1560 to verify.

Also fixed test203 to use file_pwd to make it get the correct path on
windows. Removed test 2070 since it was a duplicate of 203.

Assisted-by: Marcel Raad
Reported-by: Hagai Auro
Fixes #3220
Fixes #3233
Closes #3223
Closes #3235
2018-11-06 19:11:58 +01:00
Michael Kaufmann 53db15ba55 netrc: don't ignore the login name specified with "--user"
- for "--netrc", don't ignore the login/password specified with "--user",
  only ignore the login/password in the URL.
  This restores the netrc behaviour of curl 7.61.1 and earlier.
- fix the documentation of CURL_NETRC_REQUIRED
- improve the detection of login/password changes when reading .netrc
- don't read .netrc if both login and password are already set

Fixes #3213
Closes #3224
2018-11-05 20:34:01 +01:00
Daniel Gustafsson 60e3d1f210 unittest: make 1652 stable across collations
The previous coding used a format string whose output depended on the
current locale of the environment running the test. Since the gist of
the test is to have a format string, with the actual formatting being
less important, switch to a more stable formatstring with decimals.

Reported-by: Marcel Raad
Closes #3234
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-11-05 09:51:33 +01:00
Daniel Stenberg d9abebc7ee
Revert "url: a short host name + port is not a scheme"
This reverts commit 226cfa8264.

This commit caused test failures on appveyor/windows. Work on fixing them is
in #3235.
2018-11-05 09:24:59 +01:00
Daniel Stenberg 66dc1570db
symbols-in-versions: add missing CURLU_ symbols
...and fix symbol-scan.pl to also scan urlapi.h

Reported-by: Alexey Melnichuk
Fixes #3226
Closes #3230
2018-11-04 23:15:12 +01:00
Daniel Gustafsson c37b66aaae infof: clearly indicate truncation
The internal buffer in infof() is limited to 2048 bytes of payload plus
an additional byte for NULL termination. Servers with very long error
messages can however cause truncation of the string, which currently
isn't very clear, and leads to badly formatted output.

This appends a "...\n" (or just "..." in case the format didn't with a
newline char) marker to the end of the string to clearly show
that it has been truncated.

Also include a unittest covering infof() to try and catch any bugs
introduced in this quite important function.

Closes #3216
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-11-03 20:54:18 +01:00
Daniel Stenberg 226cfa8264
url: a short host name + port is not a scheme
The function identifying a leading "scheme" part of the URL considered a few
letters ending with a colon to be a scheme, making something like "short:80"
to become an unknown scheme instead of a short host name and a port number.

Extended test 1560 to verify.

Reported-by: Hagai Auro
Fixes #3220
Closes #3223
2018-11-03 15:01:27 +01:00
Daniel Stenberg b28094833a
URL: fix IPv6 numeral address parser
Regression from 46e164069d. Extended test 1560 to verify.

Reported-by: tpaukrt on github
Fixes #3218
Closes #3219
2018-11-03 00:14:04 +01:00
Daniel Stenberg 2c5ec339ea
Curl_follow: accept non-supported schemes for "fake" redirects
When not actually following the redirect and the target URL is only
stored for later retrieval, curl always accepted "non-supported"
schemes. This was a regression from 46e164069d.

Reported-by: Brad King
Fixes #3210
Closes #3215
2018-11-02 09:50:44 +01:00
Daniel Stenberg 302d125b42
axtls: removed
As has been outlined in the DEPRECATE.md document, the axTLS code has
been disabled for 6 months and is hereby removed.

Use a better supported TLS library!

Assisted-by: Daniel Gustafsson
Closes #3194
2018-11-01 10:29:53 +01:00
Kamil Dudka fc2c9a9614 tests: drop http_pipe.py script no longer used
It is unused since commit f7208df7d9.

Closes #3204
2018-11-01 09:13:47 +01:00
Daniel Stenberg 8effa8c2b0
runtests: use the local curl for verifying
... revert the mistaken change brought in commit 8440616f53.

Reported-by: Alessandro Ghedini
Bug: https://curl.haxx.se/mail/lib-2018-10/0118.html

Closes #3198
2018-10-31 13:48:56 +01:00
Daniel Stenberg 350306e472
test2080: verify the fix for CVE-2018-16842 2018-10-30 07:47:50 +01:00
Daniel Stenberg 5728229a4f
unit1650: fix "null pointer passed as argument 1 to memcmp"
Detected by UndefinedBehaviorSanitizer

Closes #3187
2018-10-29 16:14:40 +01:00
Daniel Stenberg 0b58ffe0c9
unit1300: fix stack-use-after-scope AddressSanitizer warning
Closes #3186
2018-10-29 08:05:23 +01:00
Daniel Stenberg a669e06946
test1651: unit test Curl_extract_certinfo()
The version used for Gskit, NSS, GnuTLS, WolfSSL and schannel.
2018-10-27 15:59:43 +02:00
Marcel Raad 940e1c1e74
Windows: fixes for MinGW targeting Windows Vista
Classic MinGW has neither InitializeCriticalSectionEx nor
GetTickCount64, independent of the target Windows version.

Closes https://github.com/curl/curl/pull/3113
2018-10-09 08:33:45 +02:00
Daniel Stenberg e50a2002bd
FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
Now FILE transfers send headers to the header callback like HTTP and
other protocols. Also made curl_easy_getinfo(...CURLINFO_PROTOCOL...)
work for FILE in the callbacks.

Makes "curl -i file://.." and "curl -I file://.." work like before
again. Applied the bold header logic to them too.

Regression from c1c2762 (7.61.0)

Reported-by: Shaun Jackman
Fixes #3083
Closes #3101
2018-10-08 08:35:40 +02:00
Daniel Gustafsson b6bcb6e689 runtests: skip ld_preload tests on macOS
The LD_PRELOAD functionality doesn't exist on macOS, so skip any tests
requiring it.

Fixes #2394
Closes #3106
Reported-by: Github user @jakirkham
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-07 22:25:53 +02:00
Daniel Stenberg 791105bc4e
test2100: test DoH using IPv4-only
To make it only send one DoH request and avoid the race condition that
could lead to the requests getting sent in reversed order and thus
making it hard to compare in the test case.

Fixes #3107
Closes #3108
2018-10-06 23:02:26 +02:00
Daniel Stenberg 6800ff471b
tests/FILEFORMAT: mention how to use <fileN> and <stripfileN> too
[ci skip]
2018-10-06 12:57:42 +02:00
Daniel Stenberg 7f00146d00
doh: keep the IPv4 address in (original) network byte order
Ideally this will fix the reversed order shown in SPARC tests:

  resp 8: Expected 127.0.0.1 got 1.0.0.127

Closes #3091
2018-10-05 22:15:34 +02:00
Marcel Raad 4c35f24ef4
CMake: suppress MSVC warning C4127 for libtest
It's issued by older Windows SDKs (prior to version 8.0).
2018-10-05 12:48:47 +02:00
Daniel Stenberg 94ad57b024
test320: strip out more HTML when comparing
To make the test case work with different gnutls-serv versions better.

Reported-by: Kamil Dudka
Fixes #3093
Closes #3094
2018-10-04 23:20:25 +02:00
Marcel Raad 5fdac8d4f9
runtests: use Windows paths for Windows curl
curl generated by CMake's Visual Studio generator has "Windows" in the
version number.
2018-10-04 11:44:32 +02:00
Colin Hogben 3b4f243722
tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
Fix problems caused by differences in treatment of bytes objects between
python2 and python3.

Fixes #2929
Closes #3080
2018-10-04 08:24:40 +02:00
Marcel Raad 9ba67b5b79
test1299: use single quotes around asterisk
Ref: https://github.com/curl/curl/issues/1751#issuecomment-321522580
2018-10-02 23:35:52 +02:00
Daniel Stenberg 5cc51b0d0f
runtests: ignore disabled even when ranges are given
runtests.pl support running a range of tests, like "44 to 127". Starting
now, the code makes sure that even such given ranges will ignore tests
that are marked as disabled.

Disabled tests can still be run by explictly specifying that test
number.

Closes #3075
2018-10-02 13:07:06 +02:00
Daniel Stenberg b8ab30d309
test1650: make it depend on http/2
Follow-up to 570008c99d as it gets link errors.

Reported-by: Michael Kaufmann
Closes #3068
2018-10-01 07:56:49 +02:00
Daniel Stenberg 0d850c0dba
test2100: require http2 to run
Reported-by: Marcel Raad
Fixes #3064
Closes #3065
2018-09-29 22:24:04 +02:00
Sergei Nikulov f8215f80ab cmake: fixed path used in generation of docs/tests during curl build through add_subdicectory(...) 2018-09-28 16:54:20 +03:00
Viktor Szakats 16fefeee1e test320: fix regression in [ci skip]
The value in question is coming directly from `gnutls-serv`, so it cannot
be modified freely.

Reported-by: Marcel Raad
Ref: 6ae6b2a533 (commitcomment-30621004)
2018-09-24 16:27:58 +00:00
Even Rouault 55b51b8c49
Curl_dedotdotify(): always nul terminate returned string.
This fixes potential out-of-buffer access on "file:./" URL

$ valgrind curl "file:./"
==24516== Memcheck, a memory error detector
==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==24516== Command: /home/even/install-curl-git/bin/curl file:./
==24516==
==24516== Conditional jump or move depends on uninitialised value(s)
==24516==    at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24516==    by 0x4EBB315: seturl (urlapi.c:801)
==24516==    by 0x4EBB568: parseurl (urlapi.c:861)
==24516==    by 0x4EBC509: curl_url_set (urlapi.c:1199)
==24516==    by 0x4E644C6: parseurlandfillconn (url.c:2044)
==24516==    by 0x4E67AEF: create_conn (url.c:3613)
==24516==    by 0x4E68A4F: Curl_connect (url.c:4119)
==24516==    by 0x4E7F0A4: multi_runsingle (multi.c:1440)
==24516==    by 0x4E808E5: curl_multi_perform (multi.c:2173)
==24516==    by 0x4E7558C: easy_transfer (easy.c:686)
==24516==    by 0x4E75801: easy_perform (easy.c:779)
==24516==    by 0x4E75868: curl_easy_perform (easy.c:798)

Was originally spotted by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637
Credit to OSS-Fuzz

Closes #3039
2018-09-24 07:48:41 +02:00
Viktor Szakats 6ae6b2a533 update URLs in tests
- and one in docs/MANUAL as well

Closes https://github.com/curl/curl/pull/3038
2018-09-23 22:26:11 +00:00
Viktor Szakats b801b453af whitespace fixes
- replace tabs with spaces where possible
- remove line ending spaces
- remove double/triple newlines at EOF
- fix a non-UTF-8 character
- cleanup a few indentations/line continuations
  in manual examples

Closes https://github.com/curl/curl/pull/3037
2018-09-23 22:24:02 +00:00
Daniel Stenberg d5cbbe8397
unit1650: fix out of boundary access
Fixes #2987
Closes #3035
2018-09-23 23:07:06 +02:00
Daniel Stenberg 46e164069d
url: use the URL API internally as well
... to make it a truly unified URL parser.

Closes #3017
2018-09-22 11:58:10 +02:00
Daniel Stenberg 2097cd5152
urlapi: fix support for address scope in IPv6 numerical addresses
Closes #3024
2018-09-21 11:19:14 +02:00
Daniel Stenberg ba782baac3
certs: generate tests certs with sha256 digest algorithm
As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs:

"SSL certificate problem: CA signature digest algorithm too weak"

Closes #3014
2018-09-20 09:06:21 +02:00
Daniel Stenberg 5c73093edb
urlapi: document the error codes, remove two unused ones
Assisted-by: Daniel Gustafsson
Closes #3019
2018-09-19 23:25:11 +02:00
Daniel Stenberg 9307c219ad
urlapi: add CURLU_GUESS_SCHEME and fix hostname acceptance
In order for this API to fully work for libcurl itself, it now offers a
CURLU_GUESS_SCHEME flag that makes it "guess" scheme based on the host
name prefix just like libcurl always did. If there's no known prefix, it
will guess "http://".

Separately, it relaxes the check of the host name so that IDN host names
can be passed in as well.

Both these changes are necessary for libcurl itself to use this API.

Assisted-by: Daniel Gustafsson
Closes #3018
2018-09-19 23:21:52 +02:00
Rikard Falkeborn 0d717a3106
libtest: Add chkdecimalpoint to .gitignore
Closes #2998
2018-09-15 23:39:50 +02:00
Yiming Jing dd8151d016
runtests.pl: run tests against the MesaLink vtls backend 2018-09-13 08:26:45 +02:00
Daniel Stenberg ddb06ffc0f
urlglob: improve error message
to help user understand what the problem is

Reported-by: Daniel Shahaf

Fixes #2763
Closes #2977
2018-09-13 08:04:49 +02:00
Yiming Jing 92f9db1746
tests/certs: rebuild certs with 2048-bit RSA keys
The previous test certificates contained RSA keys of only 1024 bits.
However, RSA claims that 1024-bit RSA keys are likely to become
crackable some time before 2010. The NIST recommends at least 2048-bit
keys for RSA for now.

Better use full 2048 also for testing.

Closes #2973
2018-09-12 16:09:17 +02:00