From 33a508562960fce525b4633641764e1366c31dca Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Tue, 27 Feb 2024 15:43:56 +0100
Subject: [PATCH] setopt: Fix disabling all protocols

When disabling all protocols without enabling any, the resulting
set of allowed protocols remained the default set.  Clearing the
allowed set before inspecting the passed value from --proto make
the set empty even in the errorpath of no protocols enabled.

Co-authored-by: Dan Fandrich <dan@telarity.com>
Reported-by: Dan Fandrich <dan@telarity.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Closes: #13004

HEAD detached at curl-8_4_0
You are currently cherry-picking commit 17d302e56.
---
 lib/setopt.c        |  16 +++----
 tests/data/test1474 | 111 +++++++-------------------------------------
 2 files changed, 24 insertions(+), 103 deletions(-)

diff --git a/lib/setopt.c b/lib/setopt.c
index 0d399adfe..e022096f6 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -154,6 +154,12 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp)
 
 static CURLcode protocol2num(const char *str, curl_prot_t *val)
 {
+  /*
+   * We are asked to cherry-pick protocols, so play it safe and disallow all
+   * protocols to start with, and re-add the wanted ones back in.
+   */
+  *val = 0;
+
   if(!str)
     return CURLE_BAD_FUNCTION_ARGUMENT;
 
@@ -162,8 +168,6 @@ static CURLcode protocol2num(const char *str, curl_prot_t *val)
     return CURLE_OK;
   }
 
-  *val = 0;
-
   do {
     const char *token = str;
     size_t tlen;
@@ -2690,22 +2694,18 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
     break;
 
   case CURLOPT_PROTOCOLS_STR: {
-    curl_prot_t prot;
     argptr = va_arg(param, char *);
-    result = protocol2num(argptr, &prot);
+    result = protocol2num(argptr, &data->set.allowed_protocols);
     if(result)
       return result;
-    data->set.allowed_protocols = prot;
     break;
   }
 
   case CURLOPT_REDIR_PROTOCOLS_STR: {
-    curl_prot_t prot;
     argptr = va_arg(param, char *);
-    result = protocol2num(argptr, &prot);
+    result = protocol2num(argptr, &data->set.redir_protocols);
     if(result)
       return result;
-    data->set.redir_protocols = prot;
     break;
   }
 
diff --git a/tests/data/test1474 b/tests/data/test1474
index a87044d1a..c66fa2810 100644
--- a/tests/data/test1474
+++ b/tests/data/test1474
@@ -1,121 +1,42 @@
 <testcase>
-# This test is quite timing dependent and tricky to set up. The time line of
-# test operations looks like this:
-#
-# 1. curl sends a PUT request with Expect: 100-continue and waits only 1 msec
-#    for a 100 response.
-# 2. The HTTP server accepts the connection but waits 500 msec before acting
-#    on the request.
-# 3. curl doesn't receive the expected 100 response before its timeout expires,
-#    so it starts sending the body. It is throttled by a --limit-rate, so it
-#    sends the first 64 KiB then stops for 1000 msec due to this
-#    throttling.
-# 4. The server sends its 417 response while curl is throttled.
-# 5. curl responds to this 417 response by closing the connection (because it
-#    has a half-completed response outstanding) and starting a new one. This
-#    new request does not have an Expect: header so it is sent without delay.
-#    It's still throttled, however, so it takes about 16 seconds to finish
-#    sending.
-# 6. The server receives the response and this time acks it with 200.
-#
-# Because of the timing sensitivity (scheduling delays of 500 msec can cause
-# the test to fail), this test is marked flaky to avoid it being run in the CI
-# builds which are often run on overloaded servers.
-# Increasing the --limit-rate would decrease the test time, but at the cost of
-# becoming even more sensitive to delays (going from 500 msec to 250 msec or
-# less of accepted delay before failure).  Adding a --speed-time would increase
-# the 1 second delay between writes to longer, but it would also increase the
-# total time needed by the test, which is already quite high.
-#
-# The assumption in step 3 is also broken on NetBSD 9.3, OpenBSD 7.3 and
-# Solaris 10 as they only usually send about half the requested amount of data
-# (see https://curl.se/mail/lib-2023-09/0021.html).
 <info>
 <keywords>
 HTTP
-HTTP PUT
-Expect
-flaky
-timing-dependent
+HTTP GET
+--proto
 </keywords>
 </info>
+
+#
 # Server-side
 <reply>
-# 417 means the server didn't like the Expect header
 <data>
-HTTP/1.1 417 BAD swsbounce
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 0
-
 </data>
-<data1>
-HTTP/1.1 200 OK
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 10
-
-blablabla
-</data1>
-<datacheck>
-HTTP/1.1 417 BAD swsbounce
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 0
-
-HTTP/1.1 200 OK
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 10
-
-blablabla
-</datacheck>
-<servercmd>
-no-expect
-delay: 500
-connection-monitor
-</servercmd>
 </reply>
 
+#
 # Client-side
 <client>
 <server>
-http
+none
 </server>
+<features>
+http
+</features>
 <name>
-HTTP PUT with Expect: 100-continue and 417 response during upload
+--proto -all disables all protocols
 </name>
 <command>
-http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER -T %LOGDIR/test%TESTNUMBER.txt --limit-rate 64K --expect100-timeout 0.001
+--proto -all http://%HOSTIP:%NOLISTENPORT/%TESTNUMBER
 </command>
-<precheck>
-perl -e "print 'Test does not work on this BSD system' if ( $^O eq 'netbsd' || $^O eq 'openbsd' || ($^O eq 'solaris' && qx/uname -r/ * 100 <= 510));"
-</precheck>
-# Must be large enough to trigger curl's automatic 100-continue behaviour
-<file name="%LOGDIR/test%TESTNUMBER.txt">
-%repeat[132 x S]%%repeat[16462 x xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%0a]%
-</file>
 </client>
 
+#
 # Verify data after the test has been "shot"
 <verify>
-<protocol>
-PUT /we/want/%TESTNUMBER HTTP/1.1
-Host: %HOSTIP:%HTTPPORT
-User-Agent: curl/%VERSION
-Accept: */*
-Content-Length: 1053701
-Expect: 100-continue
-
-%repeat[132 x S]%%repeat[1021 x xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%0a]%%repeat[60 x x]%[DISCONNECT]
-PUT /we/want/%TESTNUMBER HTTP/1.1
-Host: %HOSTIP:%HTTPPORT
-User-Agent: curl/%VERSION
-Accept: */*
-Content-Length: 1053701
-
-%repeat[132 x S]%%repeat[16462 x xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%0a]%
-[DISCONNECT]
-</protocol>
+# 1 - Protocol "http" disabled
+<errorcode>
+1
+</errorcode>
 </verify>
 </testcase>
-- 
2.41.0