Projects
Mega:23.03
curl
_service:tar_scm:backport-0001-CVE-2023-23914-C...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-0001-CVE-2023-23914-CVE-2023-23915.patch of Package curl
From 2f34a7347f315513bfda9ef14770d287fb246bcd Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Thu, 1 Dec 2022 09:21:04 +0100 Subject: [PATCH] runtests: do CRLF replacements per section only The `crlf="yes"` attribute and "hyper mode" are now only applied on a subset of dedicated sections: data, datacheck, stdout and protocol. Updated test 2500 accordingly. Also made test1 use crlf="yes" for <protocol>, mostly because it is often used as a template test case. Going forward, using this attribute we should be able to write test cases using linefeeds only and avoid mixed line ending encodings. Follow-up to ca15b7512e8d11 Fixes #10009 Closes #10010 Conflict: remove tests/data/test2500 Reference: https://github.com/curl/curl/commit/2f34a7347f315513bfda9ef14770d287fb246bcd --- tests/FILEFORMAT.md | 22 ++++++++++++++------ tests/data/test1 | 14 ++++++------- tests/runtests.pl | 49 +++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 68 insertions(+), 17 deletions(-) diff --git a/tests/FILEFORMAT.md b/tests/FILEFORMAT.md index 464c2eb..70a802c 100644 --- a/tests/FILEFORMAT.md +++ b/tests/FILEFORMAT.md @@ -196,7 +196,7 @@ When using curl built with Hyper, the keywords must include HTTP or HTTPS for 'hyper mode' to kick in and make line ending checks work for tests. ## `<reply>` -### `<data [nocheck="yes"] [sendzero="yes"] [base64="yes"] [hex="yes"] [nonewline="yes"]>` +### `<data [nocheck="yes"] [sendzero="yes"] [base64="yes"] [hex="yes"] [nonewline="yes"] [crlf="yes"]>` data to be sent to the client on its request and later verified that it arrived safely. Set `nocheck="yes"` to prevent the test script from verifying @@ -225,12 +225,16 @@ and used as "raw" data. `nonewline=yes` means that the last byte (the trailing newline character) should be cut off from the data before sending or comparing it. +`crlf=yes` forces *header* newlines to become CRLF even if not written so in +the source file. Note that this makes runtests.pl parse and "guess" what is a +header and what is not in order to apply the CRLF line endings appropriately. + For FTP file listings, the `<data>` section will be used *only* if you make sure that there has been a CWD done first to a directory named `test-[NUM]` where `NUM` is the test case number. Otherwise the ftp server can't know from which test file to load the list content. -### `<dataNUM>` +### `<dataNUM [crlf="yes"]>` Send back this contents instead of the <data> one. The `NUM` is set by: @@ -257,7 +261,7 @@ a connect prefix. ### `<socks>` Address type and address details as logged by the SOCKS proxy. -### `<datacheck [mode="text"] [nonewline="yes"]>` +### `<datacheck [mode="text"] [nonewline="yes"] [crlf="yes"]>` if the data is sent but this is what should be checked afterwards. If `nonewline=yes` is set, runtests will cut off the trailing newline from the data before comparing with the one actually received by the client. @@ -265,7 +269,7 @@ data before comparing with the one actually received by the client. Use the `mode="text"` attribute if the output is in text mode on platforms that have a text/binary difference. -### `<datacheckNUM [nonewline="yes"] [mode="text"]>` +### `<datacheckNUM [nonewline="yes"] [mode="text"] [crlf="yes"]>` The contents of numbered `datacheck` sections are appended to the non-numbered one. @@ -561,13 +565,16 @@ changing protocol data such as port numbers or user-agent strings. One perl op per line that operates on the protocol dump. This is pretty advanced. Example: `s/^EPRT .*/EPRT stripped/`. -### `<protocol [nonewline="yes"]>` +### `<protocol [nonewline="yes"] crlf="yes">` the protocol dump curl should transmit, if `nonewline` is set, we will cut off the trailing newline of this given data before comparing with the one actually sent by the client The `<strip>` and `<strippart>` rules are applied before comparisons are made. +`crlf=yes` forces the newlines to become CRLF even if not written so in the +test. + ### `<proxy [nonewline="yes"]>` The protocol dump curl should transmit to a HTTP proxy (when the http-proxy @@ -584,7 +591,7 @@ have a text/binary difference. If `nonewline` is set, we will cut off the trailing newline of this given data before comparing with the one actually received by the client -### `<stdout [mode="text"] [nonewline="yes"]>` +### `<stdout [mode="text"] [nonewline="yes"] [crlf="yes"]>` This verifies that this data was passed to stdout. Use the mode="text" attribute if the output is in text mode on platforms that @@ -593,6 +600,9 @@ have a text/binary difference. If `nonewline` is set, we will cut off the trailing newline of this given data before comparing with the one actually received by the client +`crlf=yes` forces the newlines to become CRLF even if not written so in the +test. + ### `<file name="log/filename" [mode="text"]>` The file's contents must be identical to this after the test is complete. Use the mode="text" attribute if the output is in text mode on platforms that have diff --git a/tests/data/test1 b/tests/data/test1 index f39a08b..700bed8 100644 --- a/tests/data/test1 +++ b/tests/data/test1 @@ -9,7 +9,7 @@ HTTP GET # # Server-side <reply> -<data> +<data crlf="yes"> HTTP/1.1 200 OK Date: Tue, 09 Nov 2010 14:49:00 GMT Server: test-server/fake @@ -42,12 +42,12 @@ http://%HOSTIP:%HTTPPORT/%TESTNUMBER # # Verify data after the test has been "shot" <verify> -<protocol> -GET /%TESTNUMBER HTTP/1.1 -Host: %HOSTIP:%HTTPPORT -User-Agent: curl/%VERSION -Accept: */* - +<protocol crlf="yes"> +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* + </protocol> </verify> </testcase> diff --git a/tests/runtests.pl b/tests/runtests.pl index 3f61972..dd12c92 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -3501,7 +3501,13 @@ sub subBase64 { my $prevupdate; sub subNewlines { - my ($thing) = @_; + my ($force, $thing) = @_; + + if($force) { + # enforce CRLF newline + $$thing =~ s/\x0d*\x0a/\x0d\x0a/; + return; + } # When curl is built with Hyper, it gets all response headers delivered as # name/value pairs and curl "invents" the newlines when it saves the @@ -3515,7 +3521,7 @@ sub subNewlines { # skip curl error messages ($$thing !~ /^curl: \(\d+\) /))) { # enforce CRLF newline - $$thing =~ s/\x0a/\x0d\x0a/; + $$thing =~ s/\x0d*\x0a/\x0d\x0a/; $prevupdate = 1; } else { @@ -3587,6 +3593,7 @@ sub prepro { my (@entiretest) = @_; my $show = 1; my @out; + my $data_crlf; for my $s (@entiretest) { my $f = $s; if($s =~ /^ *%if (.*)/) { @@ -3610,10 +3617,19 @@ sub prepro { next; } if($show) { + # The processor does CRLF replacements in the <data*> sections if + # necessary since those parts might be read by separate servers. + if($s =~ /^ *<data(.*)\>/) { + if($1 =~ /crlf="yes"/ || $has_hyper) { + $data_crlf = 1; + } + } + elsif(($s =~ /^ *<\/data/) && $data_crlf) { + $data_crlf = 0; + } subVariables(\$s, $testnum, "%"); subBase64(\$s); - subNewlines(\$s) if($has_hyper && ($keywords{"HTTP"} || - $keywords{"HTTPS"})); + subNewlines(0, \$s) if($data_crlf); push @out, $s; } } @@ -3929,6 +3945,11 @@ sub singletest { # of the datacheck chomp($replycheckpart[$#replycheckpart]); } + if($replycheckpartattr{'crlf'} || + ($has_hyper && ($keywords{"HTTP"} + || $keywords{"HTTPS"}))) { + map subNewlines(0, \$_), @replycheckpart; + } push(@reply, @replycheckpart); } } @@ -3950,6 +3971,11 @@ sub singletest { map s/\r\n/\n/g, @reply; map s/\n/\r\n/g, @reply; } + if($replyattr{'crlf'} || + ($has_hyper && ($keywords{"HTTP"} + || $keywords{"HTTPS"}))) { + map subNewlines(0, \$_), @reply; + } } # this is the valid protocol blurb curl should generate @@ -4406,6 +4432,12 @@ sub singletest { chomp($validstdout[$#validstdout]); } + if($hash{'crlf'} || + ($has_hyper && ($keywords{"HTTP"} + || $keywords{"HTTPS"}))) { + map subNewlines(0, \$_), @validstdout; + } + $res = compare($testnum, $testname, "stdout", \@actual, \@validstdout); if($res) { return $errorreturncode; @@ -4506,6 +4538,10 @@ sub singletest { } } + if($hash{'crlf'}) { + map subNewlines(1, \$_), @protstrip; + } + if((!$out[0] || ($out[0] eq "")) && $protstrip[0]) { logmsg "\n $testnum: protocol FAILED!\n". " There was no content at all in the file $SERVERIN.\n". @@ -4637,6 +4673,11 @@ sub singletest { map s/\r\n/\n/g, @outfile; map s/\n/\r\n/g, @outfile; } + if($hash{'crlf'} || + ($has_hyper && ($keywords{"HTTP"} + || $keywords{"HTTPS"}))) { + map subNewlines(0, \$_), @outfile; + } my $strip; for $strip (@stripfile) { -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2