mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 08:08:50 -05:00
tests: make sure CRLFs can't be used in URLs passed to proxy
Bug: http://curl.haxx.se/docs/adv_20150108B.html
This commit is contained in:
parent
178bd7db34
commit
3df8e78860
@ -5,7 +5,7 @@
|
|||||||
# | (__| |_| | _ <| |___
|
# | (__| |_| | _ <| |___
|
||||||
# \___|\___/|_| \_\_____|
|
# \___|\___/|_| \_\_____|
|
||||||
#
|
#
|
||||||
# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
|
# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||||
#
|
#
|
||||||
# This software is licensed as described in the file COPYING, which
|
# This software is licensed as described in the file COPYING, which
|
||||||
# you should have received as part of this distribution. The terms
|
# you should have received as part of this distribution. The terms
|
||||||
@ -151,7 +151,7 @@ test1516 \
|
|||||||
\
|
\
|
||||||
test1520 \
|
test1520 \
|
||||||
\
|
\
|
||||||
test1525 test1526 test1527 test1528 \
|
test1525 test1526 test1527 test1528 test1529 \
|
||||||
\
|
\
|
||||||
test1800 test1801 \
|
test1800 test1801 \
|
||||||
\
|
\
|
||||||
|
43
tests/data/test1529
Normal file
43
tests/data/test1529
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
<testcase>
|
||||||
|
<info>
|
||||||
|
<keywords>
|
||||||
|
HTTP
|
||||||
|
HTTP GET
|
||||||
|
HTTP proxy
|
||||||
|
</keywords>
|
||||||
|
</info>
|
||||||
|
|
||||||
|
# Server-side
|
||||||
|
<reply>
|
||||||
|
<connect>
|
||||||
|
HTTP/1.1 200 OK
|
||||||
|
We-are: good
|
||||||
|
|
||||||
|
</connect>
|
||||||
|
|
||||||
|
</reply>
|
||||||
|
# Client-side
|
||||||
|
<client>
|
||||||
|
<server>
|
||||||
|
http
|
||||||
|
http-proxy
|
||||||
|
</server>
|
||||||
|
<tool>
|
||||||
|
lib1529
|
||||||
|
</tool>
|
||||||
|
<name>
|
||||||
|
HTTP request-injection in URL sent over proxy
|
||||||
|
</name>
|
||||||
|
<command>
|
||||||
|
"http://the.old.moo:%HTTPPORT/1529" %HOSTIP:%PROXYPORT
|
||||||
|
</command>
|
||||||
|
</client>
|
||||||
|
|
||||||
|
# it should be detected and an error should be reported
|
||||||
|
<verify>
|
||||||
|
# 3 == CURLE_URL_MALFORMAT
|
||||||
|
<errorcode>
|
||||||
|
3
|
||||||
|
</errorcode>
|
||||||
|
</verify>
|
||||||
|
</testcase>
|
@ -23,7 +23,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect \
|
|||||||
lib1500 lib1501 lib1502 lib1503 lib1504 lib1505 lib1506 lib1507 lib1508 \
|
lib1500 lib1501 lib1502 lib1503 lib1504 lib1505 lib1506 lib1507 lib1508 \
|
||||||
lib1509 lib1510 lib1511 lib1512 lib1513 lib1514 lib1515 \
|
lib1509 lib1510 lib1511 lib1512 lib1513 lib1514 lib1515 \
|
||||||
lib1520 \
|
lib1520 \
|
||||||
lib1525 lib1526 lib1527 lib1528 \
|
lib1525 lib1526 lib1527 lib1528 lib1529 \
|
||||||
lib1900 \
|
lib1900 \
|
||||||
lib2033
|
lib2033
|
||||||
|
|
||||||
@ -376,6 +376,10 @@ lib1528_SOURCES = lib1528.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
|||||||
lib1528_LDADD = $(TESTUTIL_LIBS)
|
lib1528_LDADD = $(TESTUTIL_LIBS)
|
||||||
lib1528_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1528
|
lib1528_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1528
|
||||||
|
|
||||||
|
lib1529_SOURCES = lib1529.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||||
|
lib1529_LDADD = $(TESTUTIL_LIBS)
|
||||||
|
lib1529_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1529
|
||||||
|
|
||||||
lib1900_SOURCES = lib1900.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
lib1900_SOURCES = lib1900.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||||
lib1900_LDADD = $(TESTUTIL_LIBS)
|
lib1900_LDADD = $(TESTUTIL_LIBS)
|
||||||
lib1900_CPPFLAGS = $(AM_CPPFLAGS)
|
lib1900_CPPFLAGS = $(AM_CPPFLAGS)
|
||||||
|
59
tests/libtest/lib1529.c
Normal file
59
tests/libtest/lib1529.c
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
/***************************************************************************
|
||||||
|
* _ _ ____ _
|
||||||
|
* Project ___| | | | _ \| |
|
||||||
|
* / __| | | | |_) | |
|
||||||
|
* | (__| |_| | _ <| |___
|
||||||
|
* \___|\___/|_| \_\_____|
|
||||||
|
*
|
||||||
|
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||||
|
*
|
||||||
|
* This software is licensed as described in the file COPYING, which
|
||||||
|
* you should have received as part of this distribution. The terms
|
||||||
|
* are also available at http://curl.haxx.se/docs/copyright.html.
|
||||||
|
*
|
||||||
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
||||||
|
* copies of the Software, and permit persons to whom the Software is
|
||||||
|
* furnished to do so, under the terms of the COPYING file.
|
||||||
|
*
|
||||||
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||||
|
* KIND, either express or implied.
|
||||||
|
*
|
||||||
|
***************************************************************************/
|
||||||
|
|
||||||
|
#include "test.h"
|
||||||
|
|
||||||
|
#include "memdebug.h"
|
||||||
|
|
||||||
|
int test(char *URL)
|
||||||
|
{
|
||||||
|
CURL *curl = NULL;
|
||||||
|
CURLcode res = CURLE_FAILED_INIT;
|
||||||
|
char bURL[512];
|
||||||
|
snprintf(bURL, sizeof(bURL), "%s HTTP/1.1\r\nGET http://1529.com/1529", URL);
|
||||||
|
|
||||||
|
if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
|
||||||
|
fprintf(stderr, "curl_global_init() failed\n");
|
||||||
|
return TEST_ERR_MAJOR_BAD;
|
||||||
|
}
|
||||||
|
|
||||||
|
if((curl = curl_easy_init()) == NULL) {
|
||||||
|
fprintf(stderr, "curl_easy_init() failed\n");
|
||||||
|
curl_global_cleanup();
|
||||||
|
return TEST_ERR_MAJOR_BAD;
|
||||||
|
}
|
||||||
|
|
||||||
|
test_setopt(curl, CURLOPT_URL, bURL);
|
||||||
|
test_setopt(curl, CURLOPT_PROXY, libtest_arg2);
|
||||||
|
test_setopt(curl, CURLOPT_VERBOSE, 1L);
|
||||||
|
test_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_HTTP);
|
||||||
|
test_setopt(curl, CURLOPT_HEADER, 1L);
|
||||||
|
|
||||||
|
res = curl_easy_perform(curl);
|
||||||
|
|
||||||
|
test_cleanup:
|
||||||
|
|
||||||
|
curl_easy_cleanup(curl);
|
||||||
|
curl_global_cleanup();
|
||||||
|
|
||||||
|
return (int)res;
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user