You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2015/07/16 17:30:25 UTC
svn commit: r1691416 - in /httpd/test/framework/trunk: README t/modules/cgi.t t/modules/include.t t/security/CVE-2004-0747.t

Author: jim
Date: Thu Jul 16 15:30:25 2015
New Revision: 1691416

URL: http://svn.apache.org/r1691416
Log:
Update for use of DateTime

Modified:
    httpd/test/framework/trunk/README
    httpd/test/framework/trunk/t/modules/cgi.t
    httpd/test/framework/trunk/t/modules/include.t
    httpd/test/framework/trunk/t/security/CVE-2004-0747.t

Modified: httpd/test/framework/trunk/README
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/README?rev=1691416&r1=1691415&r2=1691416&view=diff
==============================================================================
--- httpd/test/framework/trunk/README (original)
+++ httpd/test/framework/trunk/README Thu Jul 16 15:30:25 2015
@@ -20,7 +20,8 @@ http://svn.apache.org/viewvc/perl/modper
 
 (Update 2015-07-14: to run the tests for all modules, it is advisable to have 
  up-to-date versions of the following perl modules: Test::Harness, Crypt::SSLeay, 
- Net::SSLeay, IO::Socket::SSL, LWP::Protocol::https, HTTP::DAV.)
+ Net::SSLeay, IO::Socket::SSL, LWP::Protocol::https, HTTP::DAV,
+ DateTime.)
 
 Quick Start 
 ----------- 

Modified: httpd/test/framework/trunk/t/modules/cgi.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/modules/cgi.t?rev=1691416&r1=1691415&r2=1691416&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/modules/cgi.t (original)
+++ httpd/test/framework/trunk/t/modules/cgi.t Thu Jul 16 15:30:25 2015
@@ -241,12 +241,12 @@ foreach my $length (@post_content) {
 ## make sure cgi log does not 
 ## keep logging after it is bigger
 ## than ScriptLogLength
-for (my $i=1 ; $i<=20 ; $i++) {
+for (my $i=1 ; $i<=40 ; $i++) {
 
     ## get out if log does not exist ##
     last unless -e $cgi_log;
 
-    ## request the 1k bad cgi 8 times
+    ## request the 1k bad cgi
     ## (1k of data logged per request)
     GET_RC "$path/bogus1k.pl";
 

Modified: httpd/test/framework/trunk/t/modules/include.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/modules/include.t?rev=1691416&r1=1691415&r2=1691416&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/modules/include.t (original)
+++ httpd/test/framework/trunk/t/modules/include.t Thu Jul 16 15:30:25 2015
@@ -309,47 +309,24 @@ unless(eval "require POSIX") {
     skip "POSIX module not found", 1;
 }
 else {
-    # XXX: not sure about the locale thing, but it seems to work at least on my
-    # machine :)
-    # Perl is wonky about TZ and localtime. On some systems
-    # setting TZ and then tzset() works to adjust to the
-    # specified timezone; others don't.
-    # We should look at DateTime instead...
-    use POSIX qw(tzset);
+    # use DateTime and avoid the system locale messing things up
+    use DateTime;
     my $result = super_chomp(GET_BODY "${dir}file.shtml");
     $result = single_space($result);
 
     my $httpdtz = $1 if $result =~ /\w+, \d+-\w+-\d+ \d+:\d+:\d+ (\w+) /;
 
-    my $oldtimezone = $ENV{TZ};
-    (($ENV{TZ} = $httpdtz) && tzset) if $httpdtz;
-
     my $file = catfile($htdocs, splitpath($dir), "file.shtml");
     my $mtime = (stat $file)[9];
 
-    my @time = localtime($mtime);
+    my $dt = DateTime->from_epoch( epoch => $mtime,
+                locale => 'en_US', time_zone => $httpdtz||'UTC' );
     
-    my $strftime = sub($) {
-        my $fmt = shift;
-
-        POSIX::strftime($fmt, @time);
-    };
-
     my $expected = join ' ' =>
-        #$strftime->("%A, %d-%b-%Y %H:%M:%S %Z"),
-        #$strftime->("%A, %d-%b-%Y %H:%M:%S %Z"),
-        $strftime->("%A, %B %e, %G"),
-        $strftime->("%A, %B %e, %G"),
-        $strftime->("%s"),
-        $strftime->("%s");
-
-    if (defined($oldtimezone)) {
-        $ENV{TZ} = $oldtimezone;
-    }
-    else {
-        delete($ENV{TZ});
-    }
-    tzset;
+        $dt->strftime("%A, %B %e, %G"),
+        $dt->strftime("%A, %B %e, %G"),
+        $dt->strftime("%s"),
+        $dt->strftime("%s");
 
     # trim output
     $expected = single_space($expected);

Modified: httpd/test/framework/trunk/t/security/CVE-2004-0747.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/security/CVE-2004-0747.t?rev=1691416&r1=1691415&r2=1691416&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/security/CVE-2004-0747.t (original)
+++ httpd/test/framework/trunk/t/security/CVE-2004-0747.t Thu Jul 16 15:30:25 2015
@@ -11,5 +11,24 @@ my $rc;
 
 $rc = GET_RC "/security/CAN-2004-0747/";
 
+# This test used to check for SegFaults when expanding variables
+# inside a .htaccess file. 
+# Only, the code trying to parse the generated AuthName will 
+# fail with a 500 when the string exceeds a certain length (at least on OS X)
+#
+# So, in case of a 500 return, we check for a proper body and assume
+# that the failure was graceful and not a crash.
+#
+# The alternative would be to expand a env var under our control in .htacess
+# for this test, so that the outcome is not depending on the env of the person
+# starting the test.
+#
+if ($rc == 500) {
+    my $body = GET_BODY "/security/CAN-2004-0747/";
+    if (length $body > 0) {
+        $rc = 200;
+    }
+}
+
 ok t_cmp($rc, 200, "CAN-2004-0747 ap_resolve_env test case");