test587: improve robustness

Remove check of server output as upload may abort before request
could fully be sent, so server output may be completely missing.

Test already used a

test587: improve robustness

Remove check of server output as upload may abort before request
could fully be sent, so server output may be completely missing.

Test already used a 1 second delay to mitigate timing. This change
makes timing no longer an issue.

Closes #14525

show more ...

tests: remove leading spaces from some tags

The threee tags `<name>`, `</name>` and `<command>` were frequently used
with a leading space that this removes. The reason this habbit is so

tests: remove leading spaces from some tags

The threee tags `<name>`, `</name>` and `<command>` were frequently used
with a leading space that this removes. The reason this habbit is so
widespread in testcases is probably that they have been copy and pasted.

Hence, fixing them all now might curb this practice from now on.

Closes #12028

show more ...

misc: better random strings

Generate alphanumerical random strings.

Prior this change curl used to create random hex strings. This was
mostly okay, but having alphanumerical ran

misc: better random strings

Generate alphanumerical random strings.

Prior this change curl used to create random hex strings. This was
mostly okay, but having alphanumerical random strings is better: The
strings have more entropy in the same space.

The MIME multipart boundary used to be mere 64-bits of randomness due
to being 16 hex chars. With these changes the boundary is 22
alphanumerical chars, or little over 130 bits of randomness.

Closes #11838

show more ...

test587: add a slight delay after test

This test is designed to connect to the server, then immediately send a
few bytes and disconnect. In some situations, such as on a loaded
serve

test587: add a slight delay after test

This test is designed to connect to the server, then immediately send a
few bytes and disconnect. In some situations, such as on a loaded
server, this doesn't give the server enough time to write its lock file
before its existence is checked. The test harness then fails to find the
server's input log file (because it hasn't been written yet) and fails
the test. By adding a short delay after the test, the HTTP server has
enough time to write its lock file which gives itself more time to write
its remaining files.

Ref: #11328

show more ...

configure, cmake, lib: more form api deprecation

Introduce a --enable-form-api configure option to control its inclusion
in builds. The condition name defined for it is CURL_DISABLE_FORM

configure, cmake, lib: more form api deprecation

Introduce a --enable-form-api configure option to control its inclusion
in builds. The condition name defined for it is CURL_DISABLE_FORM_API.

Form api code is dependent of MIME: configure and CMake handle this
dependency automatically: CMake by making it a dependent option
explicitly, configure by inheriting the MIME value by default and
rejecting explicit incompatible values.

"form-api" is now a new hidden test feature.

Update libcurl modules to respect this option and adjust tests
accordingly.

Closes #9621

show more ...

tests: skip mime/form tests when mime is not built-in

Closes #9596

tests: use %TESTNUMBER instead of fixed number

This makes the tests easier to copy and relocate to other test numbers
without having to update content.

Closes #6738

mime: keep "text/plain" content type if user-specified.

Include test cases in 554, 587, 650.

Fixes https://github.com/curl/curl/issues/1986

tests: added flaky keyword to tests 587 and 644

These are around 5% flaky in my Linux x86 autobuilds.

mime: tests and examples.

Additional mime-specific tests.
Existing tests updated to reflect small differences (Expect: 100-continue,
data size change due to empty lines, etc).
Op

mime: tests and examples.

Additional mime-specific tests.
Existing tests updated to reflect small differences (Expect: 100-continue,
data size change due to empty lines, etc).
Option -F headers= keyword added to tests.
test1135 disabled until the entry point order change is resolved.
New example smtp-mime.
Examples postit2 and multi-post converted from form API to mime API.

show more ...

tests: add keywords for a couple of HTTP tests

formadd: wrong pointer for file name when CURLFORM_BUFFERPTR used

The internal function that's used to detect known file extensions for
the default Content-Type got the the wrong pointer

formadd: wrong pointer for file name when CURLFORM_BUFFERPTR used

The internal function that's used to detect known file extensions for
the default Content-Type got the the wrong pointer passed in when
CURLFORM_BUFFER + CURLFORM_BUFFERPTR were used. This had the effect that
strlen() would be used which could lead to an out-of-bounds read (and
thus segfault). In most cases it would only lead to it not finding or
using the correct default content-type.

It also showed that test 554 and test 587 were testing for the
previous/wrong behavior and now they're updated as well.

Bug: http://curl.haxx.se/bug/view.cgi?id=1262
Reported-by: Konstantin Isakov

show more ...

formpost: better random boundaries

When doing multi-part formposts, libcurl used a pseudo-random value that
was seeded with time(). This turns out to be bad for users who formpost
da

formpost: better random boundaries

When doing multi-part formposts, libcurl used a pseudo-random value that
was seeded with time(). This turns out to be bad for users who formpost
data that is provided with users who then can guess how the boundary
string will look like and then they can forge a different formpost part
and trick the receiver.

My advice to such implementors is (still even after this change) to not
rely on the boundary strings being cryptographically strong. Fix your
code and logic to not depend on them that much!

I moved the Curl_rand() function into the sslgen.c source file now to be
able to take advantage of the SSL library's random function if it
provides one. If not, try to use the RANDOM_FILE for seeding and as a
last resort keep the old logic, just modified to also add microseconds
which makes it harder to properly guess the exact seed.

The formboundary() function in formdata.c is now using 64 bit entropy
for the boundary and therefore the string of dashes was reduced by 4
letters and there are 16 hex digits following it. The total length is
thus still the same.

Bug: http://curl.haxx.se/bug/view.cgi?id=1251
Reported-by: "Floris"

show more ...

formdata: ack read callback abort

When doing a multipart formpost with a read callback, and that callback
returns CURL_READFUNC_ABORT, that return code must be properly
propagated ba

formdata: ack read callback abort

When doing a multipart formpost with a read callback, and that callback
returns CURL_READFUNC_ABORT, that return code must be properly
propagated back and handled accordingly. Previously it would be handled
as a zero byte read which would cause a hang!

Added test case 587 to verify. It uses the lib554.c source code with a
small ifdef.

Reported by: Anton Bychkov
Bug: http://curl.haxx.se/mail/lib-2011-10/0097.html

show more ...