← Back to branch summary

~ubuntu-branches/ubuntu/trusty/curl/trusty-updates

« back to all changes in this revision

Viewing changes to tests/libtest/lib1529.c

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2015-01-14 08:49:32 UTC
  • Revision ID: package-import@ubuntu.com-20150114084932-4b8cpxuocqs2jv8h
Tags: 7.35.0-1ubuntu2.3
* SECURITY UPDATE: URL request injection
  - debian/patches/CVE-2014-8150.patch: drop bad chars from URL in
    lib/url.c, added test to tests/data/Makefile.am, tests/data/test1529,
    tests/libtest/Makefile.inc, tests/libtest/lib1529.c.
  - CVE-2014-8150

Show diffs side-by-side

added added

removed removed

Lines of Context:
tests/libtest/lib1529.c
 
1
/***************************************************************************
 
2
 *                                  _   _ ____  _
 
3
 *  Project                     ___| | | |  _ \| |
 
4
 *                             / __| | | | |_) | |
 
5
 *                            | (__| |_| |  _ <| |___
 
6
 *                             \___|\___/|_| \_\_____|
 
7
 *
 
8
 * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 
9
 *
 
10
 * This software is licensed as described in the file COPYING, which
 
11
 * you should have received as part of this distribution. The terms
 
12
 * are also available at http://curl.haxx.se/docs/copyright.html.
 
13
 *
 
14
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 
15
 * copies of the Software, and permit persons to whom the Software is
 
16
 * furnished to do so, under the terms of the COPYING file.
 
17
 *
 
18
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 
19
 * KIND, either express or implied.
 
20
 *
 
21
 ***************************************************************************/
 
22
 
 
23
#include "test.h"
 
24
 
 
25
#include "memdebug.h"
 
26
 
 
27
int test(char *URL)
 
28
{
 
29
  CURL *curl = NULL;
 
30
  CURLcode res = CURLE_FAILED_INIT;
 
31
  char bURL[512];
 
32
  snprintf(bURL, sizeof(bURL), "%s HTTP/1.1\r\nGET http://1529.com/1529", URL);
 
33
 
 
34
  if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
 
35
    fprintf(stderr, "curl_global_init() failed\n");
 
36
    return TEST_ERR_MAJOR_BAD;
 
37
  }
 
38
 
 
39
  if((curl = curl_easy_init()) == NULL) {
 
40
    fprintf(stderr, "curl_easy_init() failed\n");
 
41
    curl_global_cleanup();
 
42
    return TEST_ERR_MAJOR_BAD;
 
43
  }
 
44
 
 
45
  test_setopt(curl, CURLOPT_URL, bURL);
 
46
  test_setopt(curl, CURLOPT_PROXY, libtest_arg2);
 
47
  test_setopt(curl, CURLOPT_VERBOSE, 1L);
 
48
  test_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_HTTP);
 
49
  test_setopt(curl, CURLOPT_HEADER, 1L);
 
50
 
 
51
  res = curl_easy_perform(curl);
 
52
 
 
53
test_cleanup:
 
54
 
 
55
  curl_easy_cleanup(curl);
 
56
  curl_global_cleanup();
 
57
 
 
58
  return (int)res;
 
59
}