lib1911.c 2.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. * SPDX-License-Identifier: curl
  22. *
  23. ***************************************************************************/
  24. #include "test.h"
  25. #include "testutil.h"
  26. #include "warnless.h"
  27. #include "memdebug.h"
  28. /* The maximum string length limit (CURL_MAX_INPUT_LENGTH) is an internal
  29. define not publicly exposed so we set our own */
  30. #define MAX_INPUT_LENGTH 8000000
  31. static char buffer[MAX_INPUT_LENGTH + 2];
  32. int test(char *URL)
  33. {
  34. const struct curl_easyoption *o;
  35. CURL *easy;
  36. int error = 0;
  37. (void)URL;
  38. curl_global_init(CURL_GLOBAL_ALL);
  39. easy = curl_easy_init();
  40. if(!easy) {
  41. curl_global_cleanup();
  42. return 1;
  43. }
  44. /* make it a null-terminated C string with just As */
  45. memset(buffer, 'A', MAX_INPUT_LENGTH + 1);
  46. buffer[MAX_INPUT_LENGTH + 1] = 0;
  47. printf("string length: %d\n", (int)strlen(buffer));
  48. for(o = curl_easy_option_next(NULL);
  49. o;
  50. o = curl_easy_option_next(o)) {
  51. if(o->type == CURLOT_STRING) {
  52. CURLcode result;
  53. /*
  54. * Whitelist string options that are safe for abuse
  55. */
  56. switch(o->id) {
  57. case CURLOPT_PROXY_TLSAUTH_TYPE:
  58. case CURLOPT_TLSAUTH_TYPE:
  59. case CURLOPT_RANDOM_FILE:
  60. case CURLOPT_EGDSOCKET:
  61. continue;
  62. default:
  63. /* check this */
  64. break;
  65. }
  66. /* This is a string. Make sure that passing in a string longer
  67. CURL_MAX_INPUT_LENGTH returns an error */
  68. result = curl_easy_setopt(easy, o->id, buffer);
  69. switch(result) {
  70. case CURLE_BAD_FUNCTION_ARGUMENT: /* the most normal */
  71. case CURLE_UNKNOWN_OPTION: /* left out from the build */
  72. case CURLE_NOT_BUILT_IN: /* not supported */
  73. case CURLE_UNSUPPORTED_PROTOCOL: /* detected by protocol2num() */
  74. break;
  75. default:
  76. /* all other return codes are unexpected */
  77. fprintf(stderr, "curl_easy_setopt(%s...) returned %d\n",
  78. o->name, (int)result);
  79. error++;
  80. break;
  81. }
  82. }
  83. }
  84. curl_easy_cleanup(easy);
  85. curl_global_cleanup();
  86. return error;
  87. }