jorton 2004/11/01 08:28:35
Added: perl-framework/t/security CAN-2004-0942.t Log: Add a pretty bad test for CAN-2004-0942. Revision Changes Path 1.1 httpd-test/perl-framework/t/security/CAN-2004-0942.t Index: CAN-2004-0942.t =================================================================== use strict; use warnings FATAL => 'all'; use Apache::Test; use Apache::TestUtil; use Apache::TestRequest; plan tests => 2; my $sock = Apache::TestRequest::vhost_socket('default'); ok $sock; # This is a test for CAN-2004-0942 albeit a pretty bad one: # CAN-2004-0942 is a memory leak in the <=2.0.52 logic for handling # whitespace in folded headers. This test tests that a folded header # which, including whitespace, exceeds the field length limit, gets a # 400 response. A better httpd implementation could handle such # headers without the memory leak, yet would fail this test. Apache::TestRequest::socket_trace($sock); $sock->print("GET /index.html HTTP/1.0\r\n"); my $n = $sock->print("Hello:\r\n"); foreach (1..100) { $n = $sock->send(" "x500 . "\r\n") if $sock->connected; } $sock->send("\r\n") if $sock->connected; my $line = Apache::TestRequest::getline($sock) || ''; ok t_cmp($line, qr{^HTTP/1\.. 400}, "request was refused");