You are viewing a plain text version of this content. The canonical link for it is here.

Posted to test-cvs@httpd.apache.org by jo...@apache.org on 2004/11/01 17:28:35 UTC

cvs commit: httpd-test/perl-framework/t/security CAN-2004-0942.t

jorton      2004/11/01 08:28:35

  Added:       perl-framework/t/security CAN-2004-0942.t
  Log:
  Add a pretty bad test for CAN-2004-0942.
  
  Revision  Changes    Path
  1.1                  httpd-test/perl-framework/t/security/CAN-2004-0942.t
  
  Index: CAN-2004-0942.t
  ===================================================================
  use strict;
  use warnings FATAL => 'all';
  
  use Apache::Test;
  use Apache::TestUtil;
  use Apache::TestRequest;
  
  plan tests => 2;
  
  my $sock = Apache::TestRequest::vhost_socket('default');
  ok $sock;
  
  # This is a test for CAN-2004-0942 albeit a pretty bad one:
  # CAN-2004-0942 is a memory leak in the <=2.0.52 logic for handling
  # whitespace in folded headers.  This test tests that a folded header
  # which, including whitespace, exceeds the field length limit, gets a
  # 400 response.  A better httpd implementation could handle such
  # headers without the memory leak, yet would fail this test.
  
  Apache::TestRequest::socket_trace($sock);
  
  $sock->print("GET /index.html HTTP/1.0\r\n");
  
  my $n = $sock->print("Hello:\r\n");
  foreach (1..100) {
      $n = $sock->send(" "x500 . "\r\n") if $sock->connected;
  }
  
  $sock->send("\r\n") if $sock->connected;
  
  my $line = Apache::TestRequest::getline($sock) || '';
  
  ok t_cmp($line, qr{^HTTP/1\.. 400}, "request was refused");