packages/curl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport some test cases

Browse Source 
(cherry picked from commit 570d0a3daba18ae6dc08d4924b6ffa55a16ce9c3)
This commit is contained in:
sherlock2010 2023-07-10 03:38:42 +00:00 committed by openeuler-sync-bot
parent 336aea68fa
commit 2bfd6a0efc
8 changed files with 1540 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

192
backport-hostcheck-fix-host-name-wildcard-checking.patch Normal file
View File

@ -0,0 +1,192 @@
From 199f2d440d8659b42670c1b796220792b01a97bf Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 24 Apr 2023 21:07:02 +0200
Subject: [PATCH] hostcheck: fix host name wildcard checking
The leftmost "label" of the host name can now only match against single
'*'. Like the browsers have worked for a long time.
- extended unit test 1397 for this
- move some SOURCE variables from unit/Makefile.am to unit/Makefile.inc
Reported-by: Hiroki Kurosawa
Closes #11018
---
tests/data/test1397 | 10 ++--
tests/unit/unit1397.c | 120 +++++++++++++++++++++++++++-------------
2 files changed, 85 insertions(+), 45 deletions(-)
diff --git a/tests/data/test1397 b/tests/data/test1397
index 84f962a..f31b2c2 100644
--- a/tests/data/test1397
+++ b/tests/data/test1397
@@ -2,8 +2,7 @@
<info>
<keywords>
unittest
-ssl
-wildcard
+Curl_cert_hostcheck
</keywords>
</info>
@@ -16,9 +15,8 @@ none
<features>
unittest
</features>
- <name>
-Check wildcard certificate matching function Curl_cert_hostcheck
- </name>
+<name>
+Curl_cert_hostcheck unit tests
+</name>
</client>
-
</testcase>
diff --git a/tests/unit/unit1397.c b/tests/unit/unit1397.c
index 508f41a..89ff957 100644
--- a/tests/unit/unit1397.c
+++ b/tests/unit/unit1397.c
@@ -21,8 +21,6 @@
***************************************************************************/
#include "curlcheck.h"
-#include "hostcheck.h" /* from the lib dir */
-
static CURLcode unit_setup(void)
{
return CURLE_OK;
@@ -30,50 +28,92 @@ static CURLcode unit_setup(void)
static void unit_stop(void)
{
- /* done before shutting down and exiting */
}
-UNITTEST_START
-
/* only these backends define the tested functions */
-#if defined(USE_OPENSSL) || defined(USE_GSKIT)
-
- /* here you start doing things and checking that the results are good */
+#if defined(USE_OPENSSL) || defined(USE_GSKIT) || defined(USE_SCHANNEL)
+#include "hostcheck.h"
+struct testcase {
+ const char *host;
+ const char *pattern;
+ bool match;
+};
-fail_unless(Curl_cert_hostcheck("www.example.com", "www.example.com"),
- "good 1");
-fail_unless(Curl_cert_hostcheck("*.example.com", "www.example.com"),
- "good 2");
-fail_unless(Curl_cert_hostcheck("xxx*.example.com", "xxxwww.example.com"),
- "good 3");
-fail_unless(Curl_cert_hostcheck("f*.example.com", "foo.example.com"),
- "good 4");
-fail_unless(Curl_cert_hostcheck("192.168.0.0", "192.168.0.0"),
- "good 5");
+static struct testcase tests[] = {
+ {"", "", FALSE},
+ {"a", "", FALSE},
+ {"", "b", FALSE},
+ {"a", "b", FALSE},
+ {"aa", "bb", FALSE},
+ {"\xff", "\xff", TRUE},
+ {"aa.aa.aa", "aa.aa.bb", FALSE},
+ {"aa.aa.aa", "aa.aa.aa", TRUE},
+ {"aa.aa.aa", "*.aa.bb", FALSE},
+ {"aa.aa.aa", "*.aa.aa", TRUE},
+ {"192.168.0.1", "192.168.0.1", TRUE},
+ {"192.168.0.1", "*.168.0.1", FALSE},
+ {"192.168.0.1", "*.0.1", FALSE},
+ {"h.ello", "*.ello", FALSE},
+ {"h.ello.", "*.ello", FALSE},
+ {"h.ello", "*.ello.", FALSE},
+ {"h.e.llo", "*.e.llo", TRUE},
+ {"h.e.llo", " *.e.llo", FALSE},
+ {" h.e.llo", "*.e.llo", TRUE},
+ {"h.e.llo.", "*.e.llo", TRUE},
+ {"*.e.llo.", "*.e.llo", TRUE},
+ {"************.e.llo.", "*.e.llo", TRUE},
+ {"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
+ "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC"
+ "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"
+ "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE"
+ ".e.llo.", "*.e.llo", TRUE},
+ {"\xfe\xfe.e.llo.", "*.e.llo", TRUE},
+ {"h.e.llo.", "*.e.llo.", TRUE},
+ {"h.e.llo", "*.e.llo.", TRUE},
+ {".h.e.llo", "*.e.llo.", FALSE},
+ {"h.e.llo", "*.*.llo.", FALSE},
+ {"h.e.llo", "h.*.llo", FALSE},
+ {"h.e.llo", "h.e.*", FALSE},
+ {"hello", "*.ello", FALSE},
+ {"hello", "**llo", FALSE},
+ {"bar.foo.example.com", "*.example.com", FALSE},
+ {"foo.example.com", "*.example.com", TRUE},
+ {"baz.example.net", "b*z.example.net", FALSE},
+ {"foobaz.example.net", "*baz.example.net", FALSE},
+ {"xn--l8j.example.local", "x*.example.local", FALSE},
+ {"xn--l8j.example.net", "*.example.net", TRUE},
+ {"xn--l8j.example.net", "*j.example.net", FALSE},
+ {"xn--l8j.example.net", "xn--l8j.example.net", TRUE},
+ {"xn--l8j.example.net", "xn--l8j.*.net", FALSE},
+ {"xl8j.example.net", "*.example.net", TRUE},
+ {"fe80::3285:a9ff:fe46:b619", "*::3285:a9ff:fe46:b619", FALSE},
+ {"fe80::3285:a9ff:fe46:b619", "fe80::3285:a9ff:fe46:b619", TRUE},
+ {NULL, NULL, FALSE}
+};
-fail_if(Curl_cert_hostcheck("xxx.example.com", "www.example.com"), "bad 1");
-fail_if(Curl_cert_hostcheck("*", "www.example.com"), "bad 2");
-fail_if(Curl_cert_hostcheck("*.*.com", "www.example.com"), "bad 3");
-fail_if(Curl_cert_hostcheck("*.example.com", "baa.foo.example.com"), "bad 4");
-fail_if(Curl_cert_hostcheck("f*.example.com", "baa.example.com"), "bad 5");
-fail_if(Curl_cert_hostcheck("*.com", "example.com"), "bad 6");
-fail_if(Curl_cert_hostcheck("*fail.com", "example.com"), "bad 7");
-fail_if(Curl_cert_hostcheck("*.example.", "www.example."), "bad 8");
-fail_if(Curl_cert_hostcheck("*.example.", "www.example"), "bad 9");
-fail_if(Curl_cert_hostcheck("", "www"), "bad 10");
-fail_if(Curl_cert_hostcheck("*", "www"), "bad 11");
-fail_if(Curl_cert_hostcheck("*.168.0.0", "192.168.0.0"), "bad 12");
-fail_if(Curl_cert_hostcheck("www.example.com", "192.168.0.0"), "bad 13");
-
-#ifdef ENABLE_IPV6
-fail_if(Curl_cert_hostcheck("*::3285:a9ff:fe46:b619",
- "fe80::3285:a9ff:fe46:b619"), "bad 14");
-fail_unless(Curl_cert_hostcheck("fe80::3285:a9ff:fe46:b619",
- "fe80::3285:a9ff:fe46:b619"), "good 6");
-#endif
+UNITTEST_START
+{
+ int i;
+ for(i = 0; tests[i].host; i++) {
+ if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern,
+ tests[i].host)) {
+ fprintf(stderr,
+ "HOST: %s\n"
+ "PTRN: %s\n"
+ "did %sMATCH\n",
+ tests[i].host,
+ tests[i].pattern,
+ tests[i].match ? "NOT ": "");
+ unitfail++;
+ }
+ }
+}
-#endif
+UNITTEST_STOP
+#else
- /* you end the test code like this: */
+UNITTEST_START
UNITTEST_STOP
+#endif
--
2.33.0

217
backport-test1948-verify-PUT-POST-reusing-the-same-handle.patch Normal file
View File

@ -0,0 +1,217 @@
From 1edb15925e350be3b891f8a8de86600b22c0bb20 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 15 Sep 2022 09:23:33 +0200
Subject: [PATCH] test1948: verify PUT + POST reusing the same handle
Reproduced #9507, verifies the fix
---
tests/data/Makefile.inc | 1 +
tests/data/test1948 | 73 +++++++++++++++++++++++++++++++++++
tests/libtest/Makefile.inc | 5 ++-
tests/libtest/lib1948.c | 79 ++++++++++++++++++++++++++++++++++++++
4 files changed, 158 insertions(+)
create mode 100644 tests/data/test1948
create mode 100644 tests/libtest/lib1948.c
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index a060a803a..20cdb9c8e 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -224,6 +224,7 @@ test1908 test1909 test1910 test1911 test1912 test1913 test1914 test1915 \
test1916 test1917 test1918 \
\
test1933 test1934 test1935 test1936 test1939 \
+test1948 \
\
test2000 test2001 test2002 test2003 test2004 \
\
diff --git a/tests/data/test1948 b/tests/data/test1948
new file mode 100644
index 000000000..639523d99
--- /dev/null
+++ b/tests/data/test1948
@@ -0,0 +1,73 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+HTTP PUT
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Thu, 01 Nov 2001 14:49:00 GMT
+Content-Type: text/html
+Content-Length: 6
+
+hello
+</data>
+<datacheck>
+HTTP/1.1 200 OK
+Date: Thu, 01 Nov 2001 14:49:00 GMT
+Content-Type: text/html
+Content-Length: 6
+
+hello
+HTTP/1.1 200 OK
+Date: Thu, 01 Nov 2001 14:49:00 GMT
+Content-Type: text/html
+Content-Length: 6
+
+hello
+</datacheck>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+
+<name>
+CURLOPT_POST after CURLOPT_UPLOAD reusing handle
+</name>
+<tool>
+lib%TESTNUMBER
+</tool>
+
+<command>
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+PUT /%TESTNUMBER HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Content-Length: 22
+Expect: 100-continue
+
+This is test PUT data
+POST /1948 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Content-Length: 22
+Content-Type: application/x-www-form-urlencoded
+
+This is test PUT data
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
index d6b3ab37c..3b9cdd006 100644
--- a/tests/libtest/Makefile.inc
+++ b/tests/libtest/Makefile.inc
@@ -64,6 +64,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect \
lib1905 lib1906 lib1907 lib1908 lib1910 lib1911 lib1912 lib1913 \
lib1915 lib1916 lib1917 lib1918 lib1933 lib1934 lib1935 lib1936 \
lib1939 \
+ lib1948 \
lib3010
chkdecimalpoint_SOURCES = chkdecimalpoint.c ../../lib/mprintf.c \
@@ -753,6 +753,10 @@ lib1939_SOURCES = lib1939.c $(SUPPORTFILES)
lib1939_LDADD = $(TESTUTIL_LIBS)
lib1939_CPPFLAGS = $(AM_CPPFLAGS)
+lib1948_SOURCES = lib1948.c $(SUPPORTFILES)
+lib1948_LDADD = $(TESTUTIL_LIBS)
+lib1948_CPPFLAGS = $(AM_CPPFLAGS)
+
lib3010_SOURCES = lib3010.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
lib3010_LDADD = $(TESTUTIL_LIBS)
lib3010_CPPFLAGS = $(AM_CPPFLAGS)
diff --git a/tests/libtest/lib1948.c b/tests/libtest/lib1948.c
new file mode 100644
index 000000000..7c891a2ca
--- /dev/null
+++ b/tests/libtest/lib1948.c
@@ -0,0 +1,79 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+#include "test.h"
+
+typedef struct
+{
+ char *buf;
+ size_t len;
+} put_buffer;
+
+static size_t put_callback(char *ptr, size_t size, size_t nmemb, void *stream)
+{
+ put_buffer *putdata = (put_buffer *)stream;
+ size_t totalsize = size * nmemb;
+ size_t tocopy = (putdata->len < totalsize) ? putdata->len : totalsize;
+ memcpy(ptr, putdata->buf, tocopy);
+ putdata->len -= tocopy;
+ putdata->buf += tocopy;
+ return tocopy;
+}
+
+int test(char *URL)
+{
+ CURL *curl;
+ CURLcode res = CURLE_OUT_OF_MEMORY;
+
+ curl_global_init(CURL_GLOBAL_DEFAULT);
+
+ curl = curl_easy_init();
+ if(curl) {
+ const char *testput = "This is test PUT data\n";
+ put_buffer pbuf;
+
+ /* PUT */
+ curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
+ curl_easy_setopt(curl, CURLOPT_HEADER, 1L);
+ curl_easy_setopt(curl, CURLOPT_READFUNCTION, put_callback);
+ pbuf.buf = (char *)testput;
+ pbuf.len = strlen(testput);
+ curl_easy_setopt(curl, CURLOPT_READDATA, &pbuf);
+ curl_easy_setopt(curl, CURLOPT_INFILESIZE, (long)strlen(testput));
+ res = curl_easy_setopt(curl, CURLOPT_URL, URL);
+ if(!res)
+ res = curl_easy_perform(curl);
+ if(!res) {
+ /* POST */
+ curl_easy_setopt(curl, CURLOPT_POST, 1L);
+ curl_easy_setopt(curl, CURLOPT_POSTFIELDS, testput);
+ curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(testput));
+ res = curl_easy_perform(curl);
+ }
+ curl_easy_cleanup(curl);
+ }
+
+ curl_global_cleanup();
+ return (int)res;
+}
--
2.33.0

85
backport-test387-verify-rejection-of-compression-chain-attack.patch Normal file
View File

@ -0,0 +1,85 @@
From 7230b19a2e17a164f61f82e4e409a9777ea2421a Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 16 May 2022 16:29:07 +0200
Subject: [PATCH] test387: verify rejection of compression chain attack
---
tests/data/Makefile.inc | 1 +
tests/data/test387 | 53 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 54 insertions(+)
create mode 100644 tests/data/test387
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 8b7cc46a3..370727eec 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -64,6 +64,7 @@ test343 test344 test345 test346 test347 test348 test349 test350 test351 \
test343 test344 test345 test346 test347 test348 test349 test350 test351 \
test352 test353 test354 test355 test356 test357 test358 test359 test360 \
test361 test362 test363 test364 test365 test366 \
+test387 \
\
test392 test393 test394 test395 test396 test397 \
\
diff --git a/tests/data/test387 b/tests/data/test387
new file mode 100644
index 000000000..015ec25f1
--- /dev/null
+++ b/tests/data/test387
@@ -0,0 +1,53 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+gzip
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data nocheck="yes">
+HTTP/1.1 200 OK
+Transfer-Encoding: gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+Response with overly long compression chain
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER -sS
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+
+# CURLE_BAD_CONTENT_ENCODING is 61
+<errorcode>
+61
+</errorcode>
+<stderr mode="text">
+curl: (61) Reject response due to more than 5 content encodings
+</stderr>
+</verify>
+</testcase>
--
2.33.0

331
backport-test442-443-test-cookie-caps.patch Normal file
View File

File diff suppressed because one or more lines are too long

226
backport-test444-test-many-received-Set-Cookie.patch Normal file
View File

@ -0,0 +1,226 @@
From 46f8911d3942dc06fdd67e9f6f3908982e5d2fb4 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 26 Jun 2022 11:01:01 +0200
Subject: [PATCH] test444: test many received Set-Cookie:
The amount of sent cookies in the test is limited to 80 because hyper
has its own strict limits in how many headers it allows to be received
which triggers at some point beyond this number.
---
tests/data/Makefile.inc | 2 +-
tests/data/test444 | 189 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 190 insertions(+), 1 deletion(-)
create mode 100644 tests/data/test444
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index a17618ac7..96f1428d6 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -73,7 +73,7 @@ test409 test410 test411 test412 test413 test414 \
test418 \
test430 test431 test432 test433 test434 test435 test445 test446\
\
-test442 test443 \
+test442 test443 test444 \
test490 test491 test492 test493 test494 \
\
test500 test501 test502 test503 test504 test505 test506 test507 test508 \
diff --git a/tests/data/test444 b/tests/data/test444
new file mode 100644
index 000000000..9bdd4a7fe
--- /dev/null
+++ b/tests/data/test444
@@ -0,0 +1,189 @@
+<testcase>
+# perl:
+#
+#for(1 .. 200) {
+#
+#}
+#
+<info>
+<keywords>
+HTTP
+cookies
+--resolve
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 6
+Set-Cookie: cookie-1=yes;
+Set-Cookie: cookie-2=yes;
+Set-Cookie: cookie-3=yes;
+Set-Cookie: cookie-4=yes;
+Set-Cookie: cookie-5=yes;
+Set-Cookie: cookie-6=yes;
+Set-Cookie: cookie-7=yes;
+Set-Cookie: cookie-8=yes;
+Set-Cookie: cookie-9=yes;
+Set-Cookie: cookie-10=yes;
+Set-Cookie: cookie-11=yes;
+Set-Cookie: cookie-12=yes;
+Set-Cookie: cookie-13=yes;
+Set-Cookie: cookie-14=yes;
+Set-Cookie: cookie-15=yes;
+Set-Cookie: cookie-16=yes;
+Set-Cookie: cookie-17=yes;
+Set-Cookie: cookie-18=yes;
+Set-Cookie: cookie-19=yes;
+Set-Cookie: cookie-20=yes;
+Set-Cookie: cookie-21=yes;
+Set-Cookie: cookie-22=yes;
+Set-Cookie: cookie-23=yes;
+Set-Cookie: cookie-24=yes;
+Set-Cookie: cookie-25=yes;
+Set-Cookie: cookie-26=yes;
+Set-Cookie: cookie-27=yes;
+Set-Cookie: cookie-28=yes;
+Set-Cookie: cookie-29=yes;
+Set-Cookie: cookie-30=yes;
+Set-Cookie: cookie-31=yes;
+Set-Cookie: cookie-32=yes;
+Set-Cookie: cookie-33=yes;
+Set-Cookie: cookie-34=yes;
+Set-Cookie: cookie-35=yes;
+Set-Cookie: cookie-36=yes;
+Set-Cookie: cookie-37=yes;
+Set-Cookie: cookie-38=yes;
+Set-Cookie: cookie-39=yes;
+Set-Cookie: cookie-40=yes;
+Set-Cookie: cookie-41=yes;
+Set-Cookie: cookie-42=yes;
+Set-Cookie: cookie-43=yes;
+Set-Cookie: cookie-44=yes;
+Set-Cookie: cookie-45=yes;
+Set-Cookie: cookie-46=yes;
+Set-Cookie: cookie-47=yes;
+Set-Cookie: cookie-48=yes;
+Set-Cookie: cookie-49=yes;
+Set-Cookie: cookie-50=yes;
+Set-Cookie: cookie-51=yes;
+Set-Cookie: cookie-52=yes;
+Set-Cookie: cookie-53=yes;
+Set-Cookie: cookie-54=yes;
+Set-Cookie: cookie-55=yes;
+Set-Cookie: cookie-56=yes;
+Set-Cookie: cookie-57=yes;
+Set-Cookie: cookie-58=yes;
+Set-Cookie: cookie-59=yes;
+Set-Cookie: cookie-60=yes;
+Set-Cookie: cookie-61=yes;
+Set-Cookie: cookie-62=yes;
+Set-Cookie: cookie-63=yes;
+Set-Cookie: cookie-64=yes;
+Set-Cookie: cookie-65=yes;
+Set-Cookie: cookie-66=yes;
+Set-Cookie: cookie-67=yes;
+Set-Cookie: cookie-68=yes;
+Set-Cookie: cookie-69=yes;
+Set-Cookie: cookie-70=yes;
+Set-Cookie: cookie-71=yes;
+Set-Cookie: cookie-72=yes;
+Set-Cookie: cookie-73=yes;
+Set-Cookie: cookie-74=yes;
+Set-Cookie: cookie-75=yes;
+Set-Cookie: cookie-76=yes;
+Set-Cookie: cookie-77=yes;
+Set-Cookie: cookie-78=yes;
+Set-Cookie: cookie-79=yes;
+Set-Cookie: cookie-80=yes;
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+<name>
+Many Set-Cookie response headers
+</name>
+<command>
+http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -c log/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+GET /a/b/%TESTNUMBER HTTP/1.1
+Host: attack.invalid:%HTTPPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+<file name="log/cookie%TESTNUMBER" mode="text">
+# Netscape HTTP Cookie File
+# https://curl.se/docs/http-cookies.html
+# This file was generated by libcurl! Edit at your own risk.
+
+attack.invalid FALSE /a/b/ FALSE 0 cookie-50 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-49 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-48 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-47 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-46 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-45 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-44 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-43 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-42 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-41 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-40 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-39 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-38 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-37 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-36 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-35 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-34 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-33 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-32 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-31 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-30 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-29 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-28 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-27 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-26 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-25 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-24 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-23 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-22 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-21 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-20 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-19 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-18 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-17 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-16 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-15 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-14 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-13 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-12 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-11 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-10 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-9 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-8 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-7 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-6 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-5 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-4 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-3 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-2 yes
+attack.invalid FALSE /a/b/ FALSE 0 cookie-1 yes
+</file>
+</verify>
+</testcase>
--
2.33.0

62
backport-test8-verify-that-ctrl-byte-cookies-are-ignored.patch Normal file
View File

@ -0,0 +1,62 @@
From 2fc031d834d488854ffc58bf7dbcef7fa7c1fc28 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 29 Aug 2022 00:09:17 +0200
Subject: [PATCH] test8: verify that "ctrl-byte cookies" are ignored
---
tests/data/test8 | 32 +++++++++++++++++++++++++++++++-
1 file changed, 31 insertions(+), 1 deletion(-)
diff --git a/tests/data/test8 b/tests/data/test8
index a8548e6c2..858761159 100644
--- a/tests/data/test8
+++ b/tests/data/test8
@@ -46,6 +46,36 @@ Set-Cookie: trailingspace = removed; path=/we/want;
Set-Cookie: nocookie=yes; path=/WE;
Set-Cookie: blexp=yesyes; domain=%HOSTIP; domain=%HOSTIP; expiry=totally bad;
Set-Cookie: partialip=nono; domain=.0.0.1;
+Set-Cookie: cookie1=%hex[%01-junk]hex%
+Set-Cookie: cookie2=%hex[%02-junk]hex%
+Set-Cookie: cookie3=%hex[%03-junk]hex%
+Set-Cookie: cookie4=%hex[%04-junk]hex%
+Set-Cookie: cookie5=%hex[%05-junk]hex%
+Set-Cookie: cookie6=%hex[%06-junk]hex%
+Set-Cookie: cookie7=%hex[%07-junk]hex%
+Set-Cookie: cookie8=%hex[%08-junk]hex%
+Set-Cookie: cookie9=%hex[junk-%09-]hex%
+Set-Cookie: cookie11=%hex[%0b-junk]hex%
+Set-Cookie: cookie12=%hex[%0c-junk]hex%
+Set-Cookie: cookie14=%hex[%0e-junk]hex%
+Set-Cookie: cookie15=%hex[%0f-junk]hex%
+Set-Cookie: cookie16=%hex[%10-junk]hex%
+Set-Cookie: cookie17=%hex[%11-junk]hex%
+Set-Cookie: cookie18=%hex[%12-junk]hex%
+Set-Cookie: cookie19=%hex[%13-junk]hex%
+Set-Cookie: cookie20=%hex[%14-junk]hex%
+Set-Cookie: cookie21=%hex[%15-junk]hex%
+Set-Cookie: cookie22=%hex[%16-junk]hex%
+Set-Cookie: cookie23=%hex[%17-junk]hex%
+Set-Cookie: cookie24=%hex[%18-junk]hex%
+Set-Cookie: cookie25=%hex[%19-junk]hex%
+Set-Cookie: cookie26=%hex[%1a-junk]hex%
+Set-Cookie: cookie27=%hex[%1b-junk]hex%
+Set-Cookie: cookie28=%hex[%1c-junk]hex%
+Set-Cookie: cookie29=%hex[%1d-junk]hex%
+Set-Cookie: cookie30=%hex[%1e-junk]hex%
+Set-Cookie: cookie31=%hex[%1f-junk]hex%
+Set-Cookie: cookie31=%hex[%7f-junk]hex%
</file>
<precheck>
@@ -60,7 +90,7 @@ GET /we/want/%TESTNUMBER HTTP/1.1
Host: %HOSTIP:%HTTPPORT
User-Agent: curl/%VERSION
Accept: */*
-Cookie: name with space=is weird but; trailingspace=removed; cookie=perhaps; cookie=yes; foobar=name; blexp=yesyes
+Cookie: name with space=is weird but; trailingspace=removed; cookie=perhaps; cookie=yes; foobar=name; blexp=yesyes; cookie9=junk- -
</protocol>
</verify>
--
2.33.0

413
backport-tests-verify-the-fix-for-CVE-2022-27774.patch Normal file
View File

@ -0,0 +1,413 @@
From 5295e8d64ac6949ecb3f9e564317a608f51b90d8 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 25 Apr 2022 16:24:33 +0200
Subject: [PATCH] tests: verify the fix for CVE-2022-27774
- Test 973 redirects from HTTP to FTP, clear auth
- Test 974 redirects from HTTP to HTTP different port, clear auth
- Test 975 redirects from HTTP to FTP, permitted to keep auth
- Test 976 redirects from HTTP to HTTP different port, permitted to keep
auth
---
tests/data/Makefile.inc | 2 +-
tests/data/test973 | 88 +++++++++++++++++++++++++++++++++++++++++
tests/data/test974 | 87 ++++++++++++++++++++++++++++++++++++++++
tests/data/test975 | 88 +++++++++++++++++++++++++++++++++++++++++
tests/data/test976 | 88 +++++++++++++++++++++++++++++++++++++++++
5 files changed, 352 insertions(+), 1 deletion(-)
create mode 100644 tests/data/test973
create mode 100644 tests/data/test974
create mode 100644 tests/data/test975
create mode 100644 tests/data/test976
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 0e44679b3..6ec78c6e9 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -119,7 +119,7 @@ test936 test937 test938 test939 test940 test941 test942 test943 test944 \
test945 test946 test947 test948 test949 test950 test951 test952 test953 \
test954 test955 test956 test957 test958 test959 test960 test961 test962 \
test963 test964 test965 test966 test967 test968 test969 test970 test971 \
-test972 \
+test972 test973 test974 test975 test976 \
\
test980 test981 test982 test983 test984 test985 test986 \
\
diff --git a/tests/data/test973 b/tests/data/test973
new file mode 100644
index 000000000..6ced10789
--- /dev/null
+++ b/tests/data/test973
@@ -0,0 +1,88 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+FTP
+--location
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 301 redirect
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 0
+Connection: close
+Content-Type: text/html
+Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
+
+</data>
+<data2>
+data
+ to
+ see
+that FTP
+works
+ so does it?
+</data2>
+
+<datacheck>
+HTTP/1.1 301 redirect
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 0
+Connection: close
+Content-Type: text/html
+Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
+
+data
+ to
+ see
+that FTP
+works
+ so does it?
+</datacheck>
+
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+ftp
+</server>
+ <name>
+HTTP with auth redirected to FTP w/o auth
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER -L -u joe:secret
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Authorization: Basic am9lOnNlY3JldA==
+User-Agent: curl/%VERSION
+Accept: */*
+
+USER anonymous
+PASS ftp@example.com
+PWD
+CWD a
+CWD path
+EPSV
+TYPE I
+SIZE %TESTNUMBER0002
+RETR %TESTNUMBER0002
+QUIT
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test974 b/tests/data/test974
new file mode 100644
index 000000000..ac4e6415d
--- /dev/null
+++ b/tests/data/test974
@@ -0,0 +1,87 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+--location
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 301 redirect
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 0
+Connection: close
+Content-Type: text/html
+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
+
+</data>
+<data2>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 4
+Connection: close
+Content-Type: text/html
+
+hey
+</data2>
+
+<datacheck>
+HTTP/1.1 301 redirect
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 0
+Connection: close
+Content-Type: text/html
+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
+
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 4
+Connection: close
+Content-Type: text/html
+
+hey
+</datacheck>
+
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP with auth redirected to HTTP on a diff port w/o auth
+ </name>
+ <command>
+-x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -u joe:secret
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+GET http://firsthost.com/ HTTP/1.1
+Host: firsthost.com
+Authorization: Basic am9lOnNlY3JldA==
+User-Agent: curl/%VERSION
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1
+Host: firsthost.com:9999
+User-Agent: curl/%VERSION
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test975 b/tests/data/test975
new file mode 100644
index 000000000..85e03e4f2
--- /dev/null
+++ b/tests/data/test975
@@ -0,0 +1,88 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+FTP
+--location-trusted
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 301 redirect
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 0
+Connection: close
+Content-Type: text/html
+Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
+
+</data>
+<data2>
+data
+ to
+ see
+that FTP
+works
+ so does it?
+</data2>
+
+<datacheck>
+HTTP/1.1 301 redirect
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 0
+Connection: close
+Content-Type: text/html
+Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
+
+data
+ to
+ see
+that FTP
+works
+ so does it?
+</datacheck>
+
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+ftp
+</server>
+ <name>
+HTTP with auth redirected to FTP allowing auth to continue
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER --location-trusted -u joe:secret
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Authorization: Basic am9lOnNlY3JldA==
+User-Agent: curl/%VERSION
+Accept: */*
+
+USER joe
+PASS secret
+PWD
+CWD a
+CWD path
+EPSV
+TYPE I
+SIZE %TESTNUMBER0002
+RETR %TESTNUMBER0002
+QUIT
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test976 b/tests/data/test976
new file mode 100644
index 000000000..c4dd61e70
--- /dev/null
+++ b/tests/data/test976
@@ -0,0 +1,88 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+--location-trusted
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 301 redirect
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 0
+Connection: close
+Content-Type: text/html
+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
+
+</data>
+<data2>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 4
+Connection: close
+Content-Type: text/html
+
+hey
+</data2>
+
+<datacheck>
+HTTP/1.1 301 redirect
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 0
+Connection: close
+Content-Type: text/html
+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
+
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 4
+Connection: close
+Content-Type: text/html
+
+hey
+</datacheck>
+
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP with auth redirected to HTTP on a diff port --location-trusted
+ </name>
+ <command>
+-x http://%HOSTIP:%HTTPPORT http://firsthost.com --location-trusted -u joe:secret
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+GET http://firsthost.com/ HTTP/1.1
+Host: firsthost.com
+Authorization: Basic am9lOnNlY3JldA==
+User-Agent: curl/%VERSION
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1
+Host: firsthost.com:9999
+Authorization: Basic am9lOnNlY3JldA==
+User-Agent: curl/%VERSION
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+</protocol>
+</verify>
+</testcase>
--
2.33.0

15
curl.spec
View File

@ -6,7 +6,7 @@
Name: curl
Version: 7.79.1
Release: 21
Release: 22
Summary: Curl is used in command lines or scripts to transfer data
License: MIT
URL: https://curl.haxx.se/
@ -65,6 +65,13 @@ Patch51: backport-tftp-mark-protocol-as-not-possible-to-do-over-CONNEC.pa
Patch52: backport-test1939-require-proxy-support-to-run.patch
Patch53: backport-lib1939-make-it-endure-torture-tests.patch
Patch54: backport-CVE-2022-42915.patch
Patch55: backport-tests-verify-the-fix-for-CVE-2022-27774.patch
Patch56: backport-test442-443-test-cookie-caps.patch
Patch57: backport-test444-test-many-received-Set-Cookie.patch
Patch58: backport-test8-verify-that-ctrl-byte-cookies-are-ignored.patch
Patch59: backport-test1948-verify-PUT-POST-reusing-the-same-handle.patch
Patch60: backport-test387-verify-rejection-of-compression-chain-attack.patch
Patch61: backport-hostcheck-fix-host-name-wildcard-checking.patch
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel
@ -233,6 +240,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_mandir}/man3/*
%changelog
* Mon Jul 10 2023 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-22
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:backport some testcases
* Mon Jul 03 2023 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-21
- Type:bugfix
- CVE:NA