| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
... fixes an integer overflow at the same time.
Reported-by: ihsinme on github
Assisted-by: Jay Satiro
Closes #5946
|
|
|
|
| |
grrr the previous follow-up to 17fcdf6a31 was wrong
|
|
|
|
| |
Follow-up from 17fcdf6a310d4c8076
|
|
|
|
|
|
|
|
|
|
| |
configure --enable-debug now enables -Wassign-enum with clang,
identifying several enum "abuses" also fixed.
Reported-by: Gisle Vanem
Bug: https://github.com/curl/curl/commit/879007f8118771f4896334731aaca5850a154675#commitcomment-42087553
Closes #5929
|
|
|
|
|
|
| |
Caused automake errors.
Follow-up to 8ca54a03ea08a
|
|
|
|
|
|
| |
We already remove the test files, now remove the libtest codes as well.
Follow-up to e50a877df74
|
|
|
|
|
|
|
|
|
|
|
|
| |
The cache content is not duplicated, like other caches, but the setting
and specified file name are.
Test 1908 is extended to verify this somewhat. Since the duplicated
handle gets the same file name, the test unfortunately overwrites the
same file twice (with different contents) which makes it hard to check
automatically.
Closes #5923
|
|
|
|
|
|
|
|
|
|
|
| |
A shared connection cache is not thread-safe is a known issue. Stop
testing this until we believe this issue is addressed. Reduces
occasional test failures we don't care about.
The test code in lib1541.c is left in git to allow us to restore it when
we get to fix this.
Closes #5922
|
|
|
|
|
|
|
|
|
|
| |
Remove the tests 530, 584, 1900, 1901, 1902, 1903 and 2033. They were
previously disabled.
The Pipelining code was removed from curl in commit 2f44e94efb3df8e,
April 2019.
Closes #5921
|
|
|
|
|
|
| |
Validates that gcc-typecheck macros match the new option type API.
Closes #5873
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
const struct curl_easyoption *curl_easy_option_by_name(const char *name);
const struct curl_easyoption *curl_easy_option_by_id (CURLoption id);
const struct curl_easyoption *
curl_easy_option_next(const struct curl_easyoption *prev);
The purpose is to provide detailed enough information to allow for
example libcurl bindings to get option information at run-time about
what easy options that exist and what arguments they expect.
Assisted-by: Jeroen Ooms
Closes #5365
|
|
|
|
|
|
|
|
| |
Currently the file tests/libtest/lib3010 is not getting
ignored by git. This fixes it by adding the 3XXX area to
the according .gitignore file.
Closes #5859
|
|
|
|
| |
Closes #5849
|
|
|
|
|
|
|
|
|
|
|
|
| |
copy the LDFLAGS approach for adding same option with `libhostname` in
`libtest/Makefile.am`:
- init `libstubgss_la_LDFLAGS_EXTRA` variable,
- add option to variable inside conditional,
- use variable in `libstubgss_la_LDFLAGS`
Fixes #5819
Closes #5820
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Without the -D command line option, checksrc.pl won't know which
directory to load the ".checksrc" file from when building out of the
source tree.
Reported-by: Marcel Raad
Fixes #5715
Closes #5755
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to this change if the user set a URL handle (CURLOPT_CURLU) it was
incorrectly used for the location follow, resulting in infinite requests
to the original location.
Reported-by: sspiri@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/5709
Closes https://github.com/curl/curl/pull/5713
|
|
|
|
|
|
|
|
|
| |
They're not thread-safe so they should not be used in libcurl code.
Explictly enabled when deemed necessary and in examples and tests
Reviewed-by: Nicolas Sterchele
Closes #5732
|
|
|
|
|
|
|
|
|
| |
- Avoid re-using retry_after value from preceding request
- Add libtest 3010 to verify
Reported-by: joey-l-us on github
Fixes #5661
Closes #5672
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stack overflows can occur with precisions for integers and floats.
Proof of concepts:
- curl_mprintf("%d, %.*1$d", 500, 1);
- curl_mprintf("%d, %+0500.*1$f", 500, 1);
Ideally, compile with -fsanitize=address which makes this undefined
behavior a bit more defined for debug purposes.
The format strings are valid. The overflows occur due to invalid
arguments. If these arguments are variables with contents controlled
by an attacker, the function's stack can be corrupted.
Also see CVE-2016-9586 which partially fixed the float aspect.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Closes https://github.com/curl/curl/pull/5722
|
|
|
|
|
|
|
|
|
|
| |
timeval::tv_usec might be a 32-bit integer and timespec::tv_nsec might
be a 64-bit integer. This is the case when building for recent macOS
versions, for example. Just treat tv_usec as an int, which should
hopefully always be sufficient on systems with
`HAVE_CLOCK_GETTIME_MONOTONIC`.
Closes https://github.com/curl/curl/pull/5695
|
|
|
|
|
|
|
|
| |
Added test case 674 to reproduce and verify the bug report.
Fixes #5665
Reported-by: NobodyXu on github
Closes #5673
|
|
|
|
|
|
|
|
|
|
|
| |
Updated terminology in docs, comments and phrases to refer to C strings
as "null-terminated". Done to unify with how most other C oriented docs
refer of them and what users in general seem to prefer (based on a
single highly unscientific poll on twitter).
Reported-by: coinhubs on github
Fixes #5598
Closes #5608
|
|
|
|
|
|
|
| |
Attempt to reproduce #5593. Test case 1514 is very similar but uses
HTTP/1.1 and thus switches to chunked.
Closes #5595
|
|
|
|
|
|
| |
test 1296 is a simply command line test
test 1910 is a libcurl test including a redirect
|
|
|
|
| |
As was reported in #5601
|
|
|
|
| |
Closes #5549
|
|
|
|
|
|
|
|
| |
Instead of discussing if there's value or meaning (implied or not) in
the colors, let's use words without the same possibly negative
associations.
Closes #5546
|
|
|
|
|
|
|
|
|
|
|
| |
... and free it as soon as the transfer is done. It removes the extra
alloc when a new size is set with setopt() and reduces memory for unused
easy handles.
In addition: the closure_handle now doesn't use an allocated buffer at
all but the smallest supported size as a stack based one.
Closes #5472
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since curl_setup.h now makes use of curlx_win32_fopen for Win32
builds with USE_WIN32_LARGE_FILES or USE_WIN32_SMALL_FILES defined,
we need to include the relevant files for tests using fopen,
because the libtest sources are also including curl_setup.h
Reviewed-by: Marcel Raad
Reviewed-by: Daniel Stenberg
Follow up to #3784 (ffdddb45d9)
Closes #5475
|
|
|
|
|
|
| |
Follow-up to cac5374298b3
Closes #5478
|
|
|
|
|
|
|
|
|
|
|
| |
- Stick to a single unified way to use structs
- Make checksrc complain on 'typedef struct {'
- Allow them in tests, public headers and examples
- Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually
typedef different types/structs depending on build conditions.
Closes #5338
|
|
|
|
|
|
|
|
| |
Fine: "struct hello *world"
Not fine: "struct hello* world" (and variations)
Closes #5386
|
|
|
|
|
|
|
|
| |
The default target should only build libcurl and curl. Add a dedicated
'testdeps' target which will be used later when running tests. Note that
unittests are currently broken in CMake and already excluded.
Closes #5368
|
|
|
|
|
|
|
|
| |
Text 1560 is extended to verify.
Reported-by: Pavel Volgarev
Fixes #5344
Closes #5351
|
|
|
|
|
|
|
|
|
| |
OpenSSH for Windows shows group and other/world permissions as *,
because those concepts do not exist on Windows. It also does not
show the current or parent directory, so we just ignore those.
Reviewed-by: Daniel Stenberg
Closes #5328
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A common set of functions instead of many separate implementations for
creating buffers that can grow when appending data to them. Existing
functionality has been ported over.
In my early basic testing, the total number of allocations seem at
roughly the same amount as before, possibly a few less.
See docs/DYNBUF.md for a description of the API.
Closes #5300
|
|
|
|
|
| |
This has not been needed since commit 9fa42bed and often prevents it
from running at all with dynamic test ports.
|
|
|
|
|
|
|
|
| |
These were commented out in e9dd0998706a when Makefile.inc was included
instead. 11 years have passed since then and the commented code is of
course very outdated. Remove it to avoid confusion.
Closes #5311
|
| |
|
|
|
|
| |
Closes #5169
|
|
|
|
|
| |
Our code style mandates we put the conditional block on a separate
line. These mistakes are now detected by the updated checksrc.
|
|
|
|
|
|
|
|
|
| |
Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyright headers.
Removed three (mostly usesless) README files from docs/
Closes #5141
|
|
|
|
|
|
|
| |
When using maximum code optimization level (-O3), valgrind wrongly
detects uses of uninitialized values in strcmp().
Preset buffers with all zeroes to avoid that.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This test does A LOT of *wakeup() calls and then calls curl_multi_poll()
twice. The first *poll() is then expected to return early and the second
not - as the first is supposed to drain the socketpair pipe.
It turns out however that when given "excessive" amounts of writes to
the pipe, some operating systems (the Solaris based are known) will
return EAGAIN before the pipe is drained, which in our test case causes
the second *poll() call to also abort early.
This change attempts to avoid the OS-specific behaviors in the test by
reducing the amount of wakeup calls from 1234567 to 10.
Reported-by: Andy Fiddaman
Fixes #5037
Closes #5058
|
|
|
|
|
|
|
|
|
|
| |
New test 666 checks this is effective.
As upload buffer size is significant in this kind of tests, shorten it
in similar test 652.
Fixes #4860
Closes #4833
Reported-by: RuurdBeerstra on github
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Input buffer filling may delay the data sending if data reads are slow.
To overcome this problem, file and callback data reads do not accumulate
in buffer anymore. All other data (memory data and mime framing) are
considered as fast and still concatenated in buffer.
As this may highly impact performance in terms of data overhead, an early
end of part data check is added to spare a read call.
When encoding a part's data, an encoder may require more bytes than made
available by a single read. In this case, the above rule does not apply
and reads are performed until the encoder is able to deliver some data.
Tests 643, 644, 645, 650 and 654 have been adapted to the output data
changes, with test data size reduced to avoid the boredom of long lists of
1-byte chunks in verification data.
New test 667 checks mimepost using single-byte read callback with encoder.
New test 668 checks the end of part data early detection.
Fixes #4826
Reported-by: MrdUkk on github
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case a read callback returns a status (pause, abort, eof,
error) instead of a byte count, drain the bytes read so far but
remember this status for further processing.
Takes care of not losing data when pausing, and properly resume a
paused mime structure when requested.
New tests 670-673 check unpausing cases, with easy or multi
interface and mime or form api.
Fixes #4813
Reported-by: MrdUkk on github
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit 87869e38d7afdec3ef1bb4965711458b088e254f.
Fixes #5014
Closes #5015
Reopens #4833
|