You are viewing a plain text version of this content. The canonical link for it is here.
Posted to test-cvs@httpd.apache.org by jo...@apache.org on 2004/11/01 17:28:35 UTC
cvs commit: httpd-test/perl-framework/t/security CAN-2004-0942.t
jorton 2004/11/01 08:28:35
Added: perl-framework/t/security CAN-2004-0942.t
Log:
Add a pretty bad test for CAN-2004-0942.
Revision Changes Path
1.1 httpd-test/perl-framework/t/security/CAN-2004-0942.t
Index: CAN-2004-0942.t
===================================================================
use strict;
use warnings FATAL => 'all';
use Apache::Test;
use Apache::TestUtil;
use Apache::TestRequest;
plan tests => 2;
my $sock = Apache::TestRequest::vhost_socket('default');
ok $sock;
# This is a test for CAN-2004-0942 albeit a pretty bad one:
# CAN-2004-0942 is a memory leak in the <=2.0.52 logic for handling
# whitespace in folded headers. This test tests that a folded header
# which, including whitespace, exceeds the field length limit, gets a
# 400 response. A better httpd implementation could handle such
# headers without the memory leak, yet would fail this test.
Apache::TestRequest::socket_trace($sock);
$sock->print("GET /index.html HTTP/1.0\r\n");
my $n = $sock->print("Hello:\r\n");
foreach (1..100) {
$n = $sock->send(" "x500 . "\r\n") if $sock->connected;
}
$sock->send("\r\n") if $sock->connected;
my $line = Apache::TestRequest::getline($sock) || '';
ok t_cmp($line, qr{^HTTP/1\.. 400}, "request was refused");