From 3df8e78860d3a3d3cf95252bd2b4ad5fd53360cd Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 25 Dec 2014 23:51:43 +0100 Subject: [PATCH] tests: make sure CRLFs can't be used in URLs passed to proxy Bug: http://curl.haxx.se/docs/adv_20150108B.html --- tests/data/Makefile.inc | 4 +-- tests/data/test1529 | 43 +++++++++++++++++++++++++++ tests/libtest/Makefile.inc | 6 +++- tests/libtest/lib1529.c | 59 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 109 insertions(+), 3 deletions(-) create mode 100644 tests/data/test1529 create mode 100644 tests/libtest/lib1529.c diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 618c68223..6467ca0bb 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -151,7 +151,7 @@ test1516 \ \ test1520 \ \ -test1525 test1526 test1527 test1528 \ +test1525 test1526 test1527 test1528 test1529 \ \ test1800 test1801 \ \ diff --git a/tests/data/test1529 b/tests/data/test1529 new file mode 100644 index 000000000..33df26824 --- /dev/null +++ b/tests/data/test1529 @@ -0,0 +1,43 @@ + + + +HTTP +HTTP GET +HTTP proxy + + + +# Server-side + + +HTTP/1.1 200 OK +We-are: good + + + + +# Client-side + + +http +http-proxy + + +lib1529 + + +HTTP request-injection in URL sent over proxy + + + "http://the.old.moo:%HTTPPORT/1529" %HOSTIP:%PROXYPORT + + + +# it should be detected and an error should be reported + +# 3 == CURLE_URL_MALFORMAT + +3 + + + diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc index c07dd9a7a..3508b8047 100644 --- a/tests/libtest/Makefile.inc +++ b/tests/libtest/Makefile.inc @@ -23,7 +23,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect \ lib1500 lib1501 lib1502 lib1503 lib1504 lib1505 lib1506 lib1507 lib1508 \ lib1509 lib1510 lib1511 lib1512 lib1513 lib1514 lib1515 \ lib1520 \ - lib1525 lib1526 lib1527 lib1528 \ + lib1525 lib1526 lib1527 lib1528 lib1529 \ lib1900 \ lib2033 @@ -376,6 +376,10 @@ lib1528_SOURCES = lib1528.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) lib1528_LDADD = $(TESTUTIL_LIBS) lib1528_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1528 +lib1529_SOURCES = lib1529.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) +lib1529_LDADD = $(TESTUTIL_LIBS) +lib1529_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1529 + lib1900_SOURCES = lib1900.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) lib1900_LDADD = $(TESTUTIL_LIBS) lib1900_CPPFLAGS = $(AM_CPPFLAGS) diff --git a/tests/libtest/lib1529.c b/tests/libtest/lib1529.c new file mode 100644 index 000000000..3def142af --- /dev/null +++ b/tests/libtest/lib1529.c @@ -0,0 +1,59 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "test.h" + +#include "memdebug.h" + +int test(char *URL) +{ + CURL *curl = NULL; + CURLcode res = CURLE_FAILED_INIT; + char bURL[512]; + snprintf(bURL, sizeof(bURL), "%s HTTP/1.1\r\nGET http://1529.com/1529", URL); + + if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) { + fprintf(stderr, "curl_global_init() failed\n"); + return TEST_ERR_MAJOR_BAD; + } + + if((curl = curl_easy_init()) == NULL) { + fprintf(stderr, "curl_easy_init() failed\n"); + curl_global_cleanup(); + return TEST_ERR_MAJOR_BAD; + } + + test_setopt(curl, CURLOPT_URL, bURL); + test_setopt(curl, CURLOPT_PROXY, libtest_arg2); + test_setopt(curl, CURLOPT_VERBOSE, 1L); + test_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_HTTP); + test_setopt(curl, CURLOPT_HEADER, 1L); + + res = curl_easy_perform(curl); + +test_cleanup: + + curl_easy_cleanup(curl); + curl_global_cleanup(); + + return (int)res; +}