| xf.li | 6c8fc1e | 2023-08-12 00:11:09 -0700 | [diff] [blame^] | 1 | /*************************************************************************** |
| 2 | * _ _ ____ _ |
| 3 | * Project ___| | | | _ \| | |
| 4 | * / __| | | | |_) | | |
| 5 | * | (__| |_| | _ <| |___ |
| 6 | * \___|\___/|_| \_\_____| |
| 7 | * |
| 8 | * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. |
| 9 | * |
| 10 | * This software is licensed as described in the file COPYING, which |
| 11 | * you should have received as part of this distribution. The terms |
| 12 | * are also available at https://curl.se/docs/copyright.html. |
| 13 | * |
| 14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
| 15 | * copies of the Software, and permit persons to whom the Software is |
| 16 | * furnished to do so, under the terms of the COPYING file. |
| 17 | * |
| 18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
| 19 | * KIND, either express or implied. |
| 20 | * |
| 21 | * SPDX-License-Identifier: curl |
| 22 | * |
| 23 | ***************************************************************************/ |
| 24 | #include "test.h" |
| 25 | |
| 26 | #include "testutil.h" |
| 27 | #include "warnless.h" |
| 28 | #include "memdebug.h" |
| 29 | |
| 30 | /* The maximum string length limit (CURL_MAX_INPUT_LENGTH) is an internal |
| 31 | define not publicly exposed so we set our own */ |
| 32 | #define MAX_INPUT_LENGTH 8000000 |
| 33 | |
| 34 | static char buffer[MAX_INPUT_LENGTH + 2]; |
| 35 | |
| 36 | int test(char *URL) |
| 37 | { |
| 38 | const struct curl_easyoption *o; |
| 39 | CURL *easy; |
| 40 | int error = 0; |
| 41 | (void)URL; |
| 42 | |
| 43 | curl_global_init(CURL_GLOBAL_ALL); |
| 44 | easy = curl_easy_init(); |
| 45 | if(!easy) { |
| 46 | curl_global_cleanup(); |
| 47 | return 1; |
| 48 | } |
| 49 | |
| 50 | /* make it a null-terminated C string with just As */ |
| 51 | memset(buffer, 'A', MAX_INPUT_LENGTH + 1); |
| 52 | buffer[MAX_INPUT_LENGTH + 1] = 0; |
| 53 | |
| 54 | printf("string length: %d\n", (int)strlen(buffer)); |
| 55 | |
| 56 | for(o = curl_easy_option_next(NULL); |
| 57 | o; |
| 58 | o = curl_easy_option_next(o)) { |
| 59 | if(o->type == CURLOT_STRING) { |
| 60 | CURLcode result; |
| 61 | /* |
| 62 | * Whitelist string options that are safe for abuse |
| 63 | */ |
| 64 | switch(o->id) { |
| 65 | case CURLOPT_PROXY_TLSAUTH_TYPE: |
| 66 | case CURLOPT_TLSAUTH_TYPE: |
| 67 | case CURLOPT_RANDOM_FILE: |
| 68 | case CURLOPT_EGDSOCKET: |
| 69 | continue; |
| 70 | default: |
| 71 | /* check this */ |
| 72 | break; |
| 73 | } |
| 74 | |
| 75 | /* This is a string. Make sure that passing in a string longer |
| 76 | CURL_MAX_INPUT_LENGTH returns an error */ |
| 77 | result = curl_easy_setopt(easy, o->id, buffer); |
| 78 | switch(result) { |
| 79 | case CURLE_BAD_FUNCTION_ARGUMENT: /* the most normal */ |
| 80 | case CURLE_UNKNOWN_OPTION: /* left out from the build */ |
| 81 | case CURLE_NOT_BUILT_IN: /* not supported */ |
| 82 | case CURLE_UNSUPPORTED_PROTOCOL: /* detected by protocol2num() */ |
| 83 | break; |
| 84 | default: |
| 85 | /* all other return codes are unexpected */ |
| 86 | fprintf(stderr, "curl_easy_setopt(%s...) returned %d\n", |
| 87 | o->name, (int)result); |
| 88 | error++; |
| 89 | break; |
| 90 | } |
| 91 | } |
| 92 | } |
| 93 | curl_easy_cleanup(easy); |
| 94 | curl_global_cleanup(); |
| 95 | return error; |
| 96 | } |