Re: surprising call of pop3_done() when doing http fuzzing
Date: Mon, 23 Sep 2019 09:24:15 +0200
Thanks!
While you are at that place in the code, could you elaborate on the
timing issue?
At here:
https://github.com/curl/curl/blob/41db01a39f88d05f43344d0ea1d1b588b3441403/lib/doh.c#L242
the timeout_ms can become negative, and in that case I believe the doh
should return an error (perhaps CURLE_OPERATION_TIMEDOUT?)
Paul
On 2019-09-23 09:10, Daniel Stenberg wrote:
> On Mon, 23 Sep 2019, Paul Dreik via curl-library wrote:
>
>> The decoded contents of the test data means this is what happens:
>> - set hostname to "A"
>> - set doh url to "pop3:/tA"
>> - start transferring
>
> Ah, this a bug but a pretty harmless one:
>
> The code:
>
> https://github.com/curl/curl/blob/41db01a39f88d05f43344d0ea1d1b588b3441403/lib/doh.c#L261-L264
>
>
> It disables the HTTPS-enforcement for debug-builds (meant to allow plain
> HTTP as well for running tests and debug the protocol easier) - and the
> fuzzer builds and uses debug builds. I'll change that to only allow HTTP
> + HTTPS in the debug case.
>
> PR coming up.
>
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-09-23