blob: a346bb0f71b98022864aee5423723b868f52d578 [file] [log] [blame]
xf.li6c8fc1e2023-08-12 00:11:09 -07001/***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 ***************************************************************************/
24#include "test.h"
25
26#include "testutil.h"
27#include "warnless.h"
28#include "memdebug.h"
29
30/* The maximum string length limit (CURL_MAX_INPUT_LENGTH) is an internal
31 define not publicly exposed so we set our own */
32#define MAX_INPUT_LENGTH 8000000
33
34static char buffer[MAX_INPUT_LENGTH + 2];
35
36int test(char *URL)
37{
38 const struct curl_easyoption *o;
39 CURL *easy;
40 int error = 0;
41 (void)URL;
42
43 curl_global_init(CURL_GLOBAL_ALL);
44 easy = curl_easy_init();
45 if(!easy) {
46 curl_global_cleanup();
47 return 1;
48 }
49
50 /* make it a null-terminated C string with just As */
51 memset(buffer, 'A', MAX_INPUT_LENGTH + 1);
52 buffer[MAX_INPUT_LENGTH + 1] = 0;
53
54 printf("string length: %d\n", (int)strlen(buffer));
55
56 for(o = curl_easy_option_next(NULL);
57 o;
58 o = curl_easy_option_next(o)) {
59 if(o->type == CURLOT_STRING) {
60 CURLcode result;
61 /*
62 * Whitelist string options that are safe for abuse
63 */
64 switch(o->id) {
65 case CURLOPT_PROXY_TLSAUTH_TYPE:
66 case CURLOPT_TLSAUTH_TYPE:
67 case CURLOPT_RANDOM_FILE:
68 case CURLOPT_EGDSOCKET:
69 continue;
70 default:
71 /* check this */
72 break;
73 }
74
75 /* This is a string. Make sure that passing in a string longer
76 CURL_MAX_INPUT_LENGTH returns an error */
77 result = curl_easy_setopt(easy, o->id, buffer);
78 switch(result) {
79 case CURLE_BAD_FUNCTION_ARGUMENT: /* the most normal */
80 case CURLE_UNKNOWN_OPTION: /* left out from the build */
81 case CURLE_NOT_BUILT_IN: /* not supported */
82 case CURLE_UNSUPPORTED_PROTOCOL: /* detected by protocol2num() */
83 break;
84 default:
85 /* all other return codes are unexpected */
86 fprintf(stderr, "curl_easy_setopt(%s...) returned %d\n",
87 o->name, (int)result);
88 error++;
89 break;
90 }
91 }
92 }
93 curl_easy_cleanup(easy);
94 curl_global_cleanup();
95 return error;
96}