Author: geoff Date: Fri Mar 23 08:11:02 2007 New Revision: 521756 URL: http://svn.apache.org/viewvc?view=rev&rev=521756 Log: test for extended regex quoting
Added: perl/modperl/branches/1.x/t/modules/regex.t Modified: perl/modperl/branches/1.x/t/conf/httpd.conf.pl Modified: perl/modperl/branches/1.x/t/conf/httpd.conf.pl URL: http://svn.apache.org/viewvc/perl/modperl/branches/1.x/t/conf/httpd.conf.pl?view=diff&rev=521756&r1=521755&r2=521756 ============================================================================== --- perl/modperl/branches/1.x/t/conf/httpd.conf.pl (original) +++ perl/modperl/branches/1.x/t/conf/httpd.conf.pl Fri Mar 23 08:11:02 2007 @@ -120,7 +120,7 @@ push @AddType, ["text/x-server-parsed-html" => ".shtml"]; -for (qw(/perl /cgi-bin /dirty-perl /perl_xs)) { +for (qw(/perl /cgi-bin /dirty-perl /perl_xs /ng-perl)) { push @Alias, [$_ => "$dir/net/perl/"]; } @@ -137,6 +137,13 @@ $Location{"/dirty-perl"} = { SetHandler => "perl-script", PerlHandler => "Apache::PerlRun", + Options => "+ExecCGI ", + PerlSendHeader => "On", +}; + +$Location{"/ng-perl"} = { + SetHandler => "perl-script", + PerlHandler => "Apache::RegistryNG", Options => "+ExecCGI ", PerlSendHeader => "On", }; Added: perl/modperl/branches/1.x/t/modules/regex.t URL: http://svn.apache.org/viewvc/perl/modperl/branches/1.x/t/modules/regex.t?view=auto&rev=521756 ============================================================================== --- perl/modperl/branches/1.x/t/modules/regex.t (added) +++ perl/modperl/branches/1.x/t/modules/regex.t Fri Mar 23 08:11:02 2007 @@ -0,0 +1,35 @@ + +# extended regex quoting +# CVE-2007-1349 + +use Apache::testold; + +skip_test unless have_module "CGI"; + +$ua = new LWP::UserAgent; + +my $tests = 4; +my $test_mod_cgi = 0; +unless($net::callback_hooks{USE_DSO}) { + #XXX: hrm, fails under dso?!? + $tests++; + $test_mod_cgi = 1; +} + +my $i = $tests; + +print "1..$tests\nok 1\n"; + +print "# Apache::Registry\n"; +print fetch($ua, "http://$net::httpserver/perl/cgi.pl/(yikes?PARAM=2"); + +print "# Apache::PerlRun\n"; +print fetch($ua, "http://$net::httpserver/dirty-perl/cgi.pl/(yikes?PARAM=3"); + +print "# Apache::RegistryNG\n"; +print fetch($ua, "http://$net::httpserver/ng-perl/cgi.pl/(yikes?PARAM=4"); + +if($test_mod_cgi) { + print "# mod_cgi\n"; + print fetch($ua, "http://$net::httpserver/cgi-bin/cgi.pl/(yikes?PARAM=5"); +}