mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 16:18:48 -05:00
test1218: another cookie tailmatch test
... and make 1216 also verify it with a file input These tests verify commit 3604fde3d3c9b0d, the fix for the "cookie domain tailmatch" vulnerability. See http://curl.haxx.se/docs/adv_20130412.html
This commit is contained in:
parent
2eb8dcf26c
commit
5c5e1a1cd2
@ -89,7 +89,7 @@ test1128 test1129 test1130 test1131 test1132 test1133 \
|
||||
\
|
||||
test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
|
||||
test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \
|
||||
test1216 test1217 \
|
||||
test1216 test1217 test1218 \
|
||||
test1220 test1221 test1222 test1223 \
|
||||
\
|
||||
test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \
|
||||
|
@ -37,6 +37,7 @@ http://example.fake/c/1216 http://bexample.fake/c/1216 -b log/injar1216 -x %HOST
|
||||
example.fake FALSE /a FALSE 2139150993 mooo indeed
|
||||
example.fake FALSE /b FALSE 0 moo1 indeed
|
||||
example.fake FALSE /c FALSE 2139150993 moo2 indeed
|
||||
example.fake TRUE /c FALSE 2139150993 moo3 indeed
|
||||
</file>
|
||||
</client>
|
||||
|
||||
@ -50,7 +51,7 @@ GET http://example.fake/c/1216 HTTP/1.1
|
||||
Host: example.fake
|
||||
Accept: */*
|
||||
Proxy-Connection: Keep-Alive
|
||||
Cookie: moo2=indeed
|
||||
Cookie: moo2=indeed; moo3=indeed
|
||||
|
||||
GET http://bexample.fake/c/1216 HTTP/1.1
|
||||
Host: bexample.fake
|
||||
|
61
tests/data/test1218
Normal file
61
tests/data/test1218
Normal file
@ -0,0 +1,61 @@
|
||||
<testcase>
|
||||
<info>
|
||||
<keywords>
|
||||
HTTP
|
||||
HTTP GET
|
||||
HTTP proxy
|
||||
cookies
|
||||
</keywords>
|
||||
</info>
|
||||
|
||||
# This test is very similar to 1216, only that it sets the cookies from the
|
||||
# first site instead of reading from a file
|
||||
<reply>
|
||||
<data>
|
||||
HTTP/1.1 200 OK
|
||||
Date: Tue, 25 Sep 2001 19:37:44 GMT
|
||||
Set-Cookie: domain=.example.fake; bug=fixed;
|
||||
Content-Length: 21
|
||||
|
||||
This server says moo
|
||||
</data>
|
||||
</reply>
|
||||
|
||||
# Client-side
|
||||
<client>
|
||||
<server>
|
||||
http
|
||||
</server>
|
||||
<name>
|
||||
HTTP cookies and domains with same prefix
|
||||
</name>
|
||||
<command>
|
||||
http://example.fake/c/1218 http://example.fake/c/1218 http://bexample.fake/c/1218 -b nonexisting -x %HOSTIP:%HTTPPORT
|
||||
</command>
|
||||
</client>
|
||||
|
||||
# Verify data after the test has been "shot"
|
||||
<verify>
|
||||
<strip>
|
||||
^User-Agent:.*
|
||||
</strip>
|
||||
<protocol>
|
||||
GET http://example.fake/c/1218 HTTP/1.1
|
||||
Host: example.fake
|
||||
Accept: */*
|
||||
Proxy-Connection: Keep-Alive
|
||||
|
||||
GET http://example.fake/c/1218 HTTP/1.1
|
||||
Host: example.fake
|
||||
Accept: */*
|
||||
Proxy-Connection: Keep-Alive
|
||||
Cookie: bug=fixed
|
||||
|
||||
GET http://bexample.fake/c/1218 HTTP/1.1
|
||||
Host: bexample.fake
|
||||
Accept: */*
|
||||
Proxy-Connection: Keep-Alive
|
||||
|
||||
</protocol>
|
||||
</verify>
|
||||
</testcase>
|
Loading…
Reference in New Issue
Block a user