You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2017/06/28 00:07:58 UTC
svn commit: r1800104 - in /httpd/test/framework/trunk/t:
apache/http_strict.t conf/extra.conf.in
Author: wrowe
Date: Wed Jun 28 00:07:58 2017
New Revision: 1800104
URL: http://svn.apache.org/viewvc?rev=1800104&view=rev
Log:
Introduce tests for X: value single-char header, split tests between the
least-restrictive old parsing and behaviors of http_unsafe from retesting
all under the new http_strict mode.
In this, discovered that registered method checking was case insensitive.
That's foolish.
Modified:
httpd/test/framework/trunk/t/apache/http_strict.t
httpd/test/framework/trunk/t/conf/extra.conf.in
Modified: httpd/test/framework/trunk/t/apache/http_strict.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/apache/http_strict.t?rev=1800104&r1=1800103&r2=1800104&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/apache/http_strict.t (original)
+++ httpd/test/framework/trunk/t/apache/http_strict.t Wed Jun 28 00:07:58 2017
@@ -13,82 +13,84 @@ use Data::Dumper;
# undef: HTTPD should drop connection without error message
my @test_cases = (
- [ "GET / HTTP/1.0\r\n\r\n" => 1],
- [ "GET / HTTP/1.0\n\n" => 400],
- [ "get / HTTP/1.0\r\n\r\n" => 501],
- [ "G ET / HTTP/1.0\r\n\r\n" => 400],
- [ "G\0ET / HTTP/1.0\r\n\r\n" => 400],
- [ "G/T / HTTP/1.0\r\n\r\n" => 400],
- [ "GET /\0 HTTP/1.0\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\0\r\n\r\n" => 400],
- [ "GET\f/ HTTP/1.0\r\n\r\n" => 400],
- [ "GET\r/ HTTP/1.0\r\n\r\n" => 400],
- [ "GET\t/ HTTP/1.0\r\n\r\n" => 400],
- [ "GET / HTT/1.0\r\n\r\n" => 0],
- [ "GET / HTTP/1.0\r\nHost: localhost\r\n\r\n" => 1],
- [ "GET / HTTP/2.0\r\nHost: localhost\r\n\r\n" => 1],
- [ "GET / HTTP/1.2\r\nHost: localhost\r\n\r\n" => 1],
- [ "GET / HTTP/1.11\r\nHost: localhost\r\n\r\n" => 400],
- [ "GET / HTTP/10.0\r\nHost: localhost\r\n\r\n" => 400],
- [ "GET / HTTP/1.0 \r\nHost: localhost\r\n\r\n" => 400],
- [ "GET / HTTP/1.0 x\r\nHost: localhost\r\n\r\n" => 400],
- [ "GET / HTTP/\r\nHost: localhost\r\n\r\n" => 0],
- [ "GET / HTTP/0.9\r\n\r\n" => 0],
- [ "GET / HTTP/0.8\r\n\r\n" => 0],
- [ "GET /\x01 HTTP/1.0\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\r\nFoo: bar\r\n\r\n" => 1],
- [ "GET / HTTP/1.0\r\nFoo:bar\r\n\r\n" => 200],
- [ "GET / HTTP/1.0\r\nFoo: b\0ar\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\r\nFoo: b\x01ar\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\r\nFoo\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\r\nFoo bar\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\r\n: bar\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\r\nFoo bar:bash\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\r\nFoo :bar\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\r\n Foo:bar\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\r\nF\x01o: bar\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\r\nF\ro: bar\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\r\nF\to: bar\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\r\nFo: b\tar\r\n\r\n" => 200],
- [ "GET / HTTP/1.0\r\nFo: bar\r\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\r\r" => undef],
- [ "GET /#frag HTTP/1.0\r\n" => 400],
+ [ "GET / HTTP/1.0\r\n\r\n" => 1],
+ [ "GET / HTTP/1.0\n\n" => 1, 400],
+ [ "get / HTTP/1.0\r\n\r\n" => 501, 400],
+ [ "G ET / HTTP/1.0\r\n\r\n" => 400],
+ [ "G\0ET / HTTP/1.0\r\n\r\n" => 400],
+ [ "G/T / HTTP/1.0\r\n\r\n" => 501, 400],
+ [ "GET /\0 HTTP/1.0\r\n\r\n" => 400],
+ [ "GET / HTTP/1.0\0\r\n\r\n" => 400],
+ [ "GET\f/ HTTP/1.0\r\n\r\n" => 400],
+ [ "GET\r/ HTTP/1.0\r\n\r\n" => 400],
+ [ "GET\t/ HTTP/1.0\r\n\r\n" => 400],
+ [ "GET / HTT/1.0\r\n\r\n" => 0],
+ [ "GET / HTTP/1.0\r\nHost: localhost\r\n\r\n" => 1],
+ [ "GET / HTTP/2.0\r\nHost: localhost\r\n\r\n" => 1],
+ [ "GET / HTTP/1.2\r\nHost: localhost\r\n\r\n" => 1],
+ [ "GET / HTTP/1.11\r\nHost: localhost\r\n\r\n" => 400],
+ [ "GET / HTTP/10.0\r\nHost: localhost\r\n\r\n" => 400],
+ [ "GET / HTTP/1.0 \r\nHost: localhost\r\n\r\n" => 200, 400],
+ [ "GET / HTTP/1.0 x\r\nHost: localhost\r\n\r\n" => 400],
+ [ "GET / HTTP/\r\nHost: localhost\r\n\r\n" => 0],
+ [ "GET / HTTP/0.9\r\n\r\n" => 0],
+ [ "GET / HTTP/0.8\r\n\r\n" => 0],
+ [ "GET /\x01 HTTP/1.0\r\n\r\n" => 400],
+ [ "GET / HTTP/1.0\r\nFoo: bar\r\n\r\n" => 200],
+ [ "GET / HTTP/1.0\r\nFoo:bar\r\n\r\n" => 200],
+ [ "GET / HTTP/1.0\r\nFoo: b\0ar\r\n\r\n" => 400],
+ [ "GET / HTTP/1.0\r\nFoo: b\x01ar\r\n\r\n" => 200, 400],
+ [ "GET / HTTP/1.0\r\nFoo\r\n\r\n" => 400],
+ [ "GET / HTTP/1.0\r\nFoo bar\r\n\r\n" => 400],
+ [ "GET / HTTP/1.0\r\n: bar\r\n\r\n" => 400],
+ [ "GET / HTTP/1.0\r\nX: bar\r\n\r\n" => 200],
+ [ "GET / HTTP/1.0\r\nFoo bar:bash\r\n\r\n" => 400],
+ [ "GET / HTTP/1.0\r\nFoo :bar\r\n\r\n" => 400],
+ [ "GET / HTTP/1.0\r\n Foo:bar\r\n\r\n" => 400],
+ [ "GET / HTTP/1.0\r\nF\x01o: bar\r\n\r\n" => 200, 400],
+ [ "GET / HTTP/1.0\r\nF\ro: bar\r\n\r\n" => 400],
+ [ "GET / HTTP/1.0\r\nF\to: bar\r\n\r\n" => 400],
+ [ "GET / HTTP/1.0\r\nFo: b\tar\r\n\r\n" => 200],
+ [ "GET / HTTP/1.0\r\nFo: bar\r\r\n\r\n" => 400],
+ [ "GET / HTTP/1.0\r\r" => undef, undef],
+ [ "GET /\r\n" => 90, undef],
+ [ "GET /#frag HTTP/1.0\r\n" => 400],
[ "GET / HTTP/1.0\r\nHost: localhost\r\n" .
- "Host: localhost\r\n\r\n" => 400],
- [ "GET http://017700000001/ HTTP/1.0\r\n\r\n" => 400],
- [ "GET http://0x7f.1/ HTTP/1.0\r\n\r\n" => 400],
- [ "GET http://127.0.0.1/ HTTP/1.0\r\n\r\n" => 200],
- [ "GET http://127.01.0.1/ HTTP/1.0\r\n\r\n" => 400],
- [ "GET http://%3127.0.0.1/ HTTP/1.0\r\n\r\n" => 400],
+ "Host: localhost\r\n\r\n" => 200, 400],
+ [ "GET http://017700000001/ HTTP/1.0\r\n\r\n" => 200, 400],
+ [ "GET http://0x7f.1/ HTTP/1.0\r\n\r\n" => 200, 400],
+ [ "GET http://127.0.0.1/ HTTP/1.0\r\n\r\n" => 200],
+ [ "GET http://127.01.0.1/ HTTP/1.0\r\n\r\n" => 200, 400],
+ [ "GET http://%3127.0.0.1/ HTTP/1.0\r\n\r\n" => 200, 400],
[ "GET / HTTP/1.0\r\nHost: localhost:80\r\n" .
- "Host: localhost:80\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\r\nHost: localhost:80 x\r\n\r\n" => 400],
- [ "GET http://localhost:80/ HTTP/1.0\r\n\r\n" => 200],
- [ "GET http://localhost:80x/ HTTP/1.0\r\n\r\n" => 400],
- [ "GET http://localhost:80:80/ HTTP/1.0\r\n\r\n" => 400],
- [ "GET http://localhost::80/ HTTP/1.0\r\n\r\n" => 400],
- [ "GET http://foo\@localhost:80/ HTTP/1.0\r\n\r\n" => 400],
- [ "GET http://[::1]/ HTTP/1.0\r\n\r\n" => 1],
- [ "GET http://[::1:2]/ HTTP/1.0\r\n\r\n" => 1],
- [ "GET http://[4712::abcd]/ HTTP/1.0\r\n\r\n" => 1],
- [ "GET http://[4712::abcd:1]/ HTTP/1.0\r\n\r\n" => 1],
- [ "GET http://[4712::abcd::]/ HTTP/1.0\r\n\r\n" => 400],
- [ "GET http://[4712:abcd::]/ HTTP/1.0\r\n\r\n" => 1],
- [ "GET http://[4712::abcd]:8000/ HTTP/1.0\r\n\r\n" => 1],
- [ "GET http://4713::abcd:8001/ HTTP/1.0\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\r\nHost: [::1]\r\n\r\n" => 1],
- [ "GET / HTTP/1.0\r\nHost: [::1:2]\r\n\r\n" => 1],
- [ "GET / HTTP/1.0\r\nHost: [4711::abcd]\r\n\r\n" => 1],
- [ "GET / HTTP/1.0\r\nHost: [4711::abcd:1]\r\n\r\n" => 1],
- [ "GET / HTTP/1.0\r\nHost: [4711:abcd::]\r\n\r\n" => 1],
- [ "GET / HTTP/1.0\r\nHost: [4711::abcd]:8000\r\n\r\n" => 1],
- [ "GET / HTTP/1.0\r\nHost: 4714::abcd:8001\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\r\nHost: abc\xa0\r\n\r\n" => 400],
- [ "GET / HTTP/1.0\r\nHost: abc\\foo\r\n\r\n" => 400],
- [ "GET http://foo/ HTTP/1.0\r\nHost: bar\r\n\r\n" => 200],
- [ "GET http://foo:81/ HTTP/1.0\r\nHost: bar\r\n\r\n" => 200],
- [ "GET http://[::1]:81/ HTTP/1.0\r\nHost: bar\r\n\r\n" => 200],
- [ "GET http://10.0.0.1:81/ HTTP/1.0\r\nHost: bar\r\n\r\n" => 200],
+ "Host: localhost:80\r\n\r\n" => 200, 400],
+ [ "GET / HTTP/1.0\r\nHost: localhost:80 x\r\n\r" => 400],
+ [ "GET http://localhost:80/ HTTP/1.0\r\n\r\n" => 200],
+ [ "GET http://localhost:80x/ HTTP/1.0\r\n\r\n" => 400],
+ [ "GET http://localhost:80:80/ HTTP/1.0\r\n\r\n" => 400],
+ [ "GET http://localhost::80/ HTTP/1.0\r\n\r\n" => 400],
+ [ "GET http://foo\@localhost:80/ HTTP/1.0\r\n\r\n" => 200, 400],
+ [ "GET http://[::1]/ HTTP/1.0\r\n\r\n" => 1],
+ [ "GET http://[::1:2]/ HTTP/1.0\r\n\r\n" => 1],
+ [ "GET http://[4712::abcd]/ HTTP/1.0\r\n\r\n" => 1],
+ [ "GET http://[4712::abcd:1]/ HTTP/1.0\r\n\r\n" => 1],
+ [ "GET http://[4712::abcd::]/ HTTP/1.0\r\n\r\n" => 400],
+ [ "GET http://[4712:abcd::]/ HTTP/1.0\r\n\r\n" => 1],
+ [ "GET http://[4712::abcd]:8000/ HTTP/1.0\r\n\r\n" => 1],
+ [ "GET http://4713::abcd:8001/ HTTP/1.0\r\n\r\n" => 400],
+ [ "GET / HTTP/1.0\r\nHost: [::1]\r\n\r\n" => 1],
+ [ "GET / HTTP/1.0\r\nHost: [::1:2]\r\n\r\n" => 1],
+ [ "GET / HTTP/1.0\r\nHost: [4711::abcd]\r\n\r\n" => 1],
+ [ "GET / HTTP/1.0\r\nHost: [4711::abcd:1]\r\n\r\n" => 1],
+ [ "GET / HTTP/1.0\r\nHost: [4711:abcd::]\r\n\r\n" => 1],
+ [ "GET / HTTP/1.0\r\nHost: [4711::abcd]:8000\r\n\r\n" => 1],
+ [ "GET / HTTP/1.0\r\nHost: 4714::abcd:8001\r\n\r\n" => 200, 400],
+ [ "GET / HTTP/1.0\r\nHost: abc\xa0\r\n\r\n" => 200, 400],
+ [ "GET / HTTP/1.0\r\nHost: abc\\foo\r\n\r\n" => 400],
+ [ "GET http://foo/ HTTP/1.0\r\nHost: bar\r\n\r\n" => 200],
+ [ "GET http://foo:81/ HTTP/1.0\r\nHost: bar\r\n\r\n" => 200],
+ [ "GET http://[::1]:81/ HTTP/1.0\r\nHost: bar\r\n\r\n" => 200],
+ [ "GET http://10.0.0.1:81/ HTTP/1.0\r\nHost: bar\r\n\r\n" => 200],
#
# tests for response headers
@@ -102,30 +104,35 @@ my @test_cases = (
[ "R" . "F\0oo: bar" => 500 ],
[ "R" . "F\x01oo: bar" => 500 ],
[ "R" . "F\noo: bar" => 500 ],
+ [ "R" . "Foo: b\tar" => 200 ],
+ [ "R" . "Foo: b\x01ar" => 500 ],
# XXX ap_scan_script_header() eats the \r
#[ "R" . "F\roo: bar" => 500 ],
#[ "R" . "Foo: bar\rBaz: h" => 500 ],
- [ "R" . "Foo: b\tar" => 200 ],
- [ "R" . "Foo: b\x01ar" => 500 ],
#
# implementation regression tests
#
# `Header always set <bad value>` followed by a <bad field name>
# should not cause a recursion loop
- [ "GET /regression-header HTTP/1.1\r\nHost: localhost\r\n\r\n" => 500, have_module qw(mod_headers) ],
+ [ "GET /regression-header HTTP/1.1\r\nHost:localhost\r\n\r\n" => 500, 500,
+ have_module qw(mod_headers) ],
);
my $test_fold = need_min_apache_fix("2.2.33", "2.4.26", "2.5.0");
-plan tests => scalar(@test_cases) + $test_fold * 2,
-# todo => [25, 26],
+plan tests => scalar(@test_cases) * 2 + $test_fold * 2,
need_min_apache_version('2.2.32');
-foreach my $t (@test_cases) {
+foreach my $vhosts ((["http_unsafe" => 1], ["http_strict" => 2])) {
+ my $vhost = $vhosts->[0];
+ my $expect_column = $vhosts->[1];
+
+ foreach my $t (@test_cases) {
my $req = $t->[0];
- my $expect = $t->[1];
- my $cond = $t->[2];
+ my $expect = $t->[$expect_column];
+ $expect = $t->[1] if (! defined $expect);
+ my $cond = $t->[3];
my $decoded;
if ($req =~ s/^R//) {
@@ -146,7 +153,7 @@ foreach my $t (@test_cases) {
next;
}
- my $sock = Apache::TestRequest::vhost_socket("http_strict");
+ my $sock = Apache::TestRequest::vhost_socket($vhost);
if (!$sock) {
print "# failed to connect\n";
ok(0);
@@ -189,6 +196,10 @@ foreach my $t (@test_cases) {
print "# expecting $expect, got ", $rc, "\n";
ok ($response->code == $expect);
}
+ elsif ($expect == 90) {
+ print "# expecting headerless HTTP/0.9 body, got response\n";
+ ok (1);
+ }
elsif ($expect) {
print "# expecting success, got ", $rc, "\n";
ok ($rc >= 200 && $rc < 400);
@@ -197,9 +208,9 @@ foreach my $t (@test_cases) {
print "# expecting error, got ", $rc, "\n";
ok ($rc >= 400);
}
+ }
}
-
if ($test_fold) {
my $resp;
my $foo;
Modified: httpd/test/framework/trunk/t/conf/extra.conf.in
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/conf/extra.conf.in?rev=1800104&r1=1800103&r2=1800104&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/conf/extra.conf.in (original)
+++ httpd/test/framework/trunk/t/conf/extra.conf.in Wed Jun 28 00:07:58 2017
@@ -1051,13 +1051,25 @@ LimitRequestFields 32
#
<IfDefine APACHE2>
<IfVersion >= 2.2.32>
- <VirtualHost _default_:http_strict>
+ <Directory @SERVERROOT@/htdocs/apache/http_strict>
+ Options +ExecCGI
+ AddHandler cgi-script .pl
+ </Directory>
+ <VirtualHost _default_:http_unsafe>
+ DocumentRoot @SERVERROOT@/htdocs/
+ HttpProtocolOptions Unsafe Allow0.9
+ <IfModule mod_headers.c>
+ <Location /regression-header>
+ # Use two examples to ensure multiple bad headers are caught
+ # Note the vertical tab (^K or 0x0B) embedded in the header value
+ Header always set X-Bad "vertical�tab"
+ Header always set X?Bad "badly named header"
+ </Location>
+ </IfModule>
+ </VirtualHost>
+ <VirtualHost _default_:http_strict>
DocumentRoot @SERVERROOT@/htdocs/
HttpProtocolOptions Strict Require1.0 RegisteredMethods
- <Directory @SERVERROOT@/htdocs/apache/http_strict>
- Options +ExecCGI
- AddHandler cgi-script .pl
- </Directory>
<IfModule mod_headers.c>
<Location /regression-header>
# Use two examples to ensure multiple bad headers are caught