1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 16:18:48 -05:00

test1218: another cookie tailmatch test

... and make 1216 also verify it with a file input

These tests verify commit 3604fde3d3c9b0d, the fix for the "cookie
domain tailmatch" vulnerability. See
http://curl.haxx.se/docs/adv_20130412.html
This commit is contained in:
Daniel Stenberg 2013-04-10 13:40:36 +02:00
parent 2eb8dcf26c
commit 5c5e1a1cd2
3 changed files with 64 additions and 2 deletions

View File

@ -89,7 +89,7 @@ test1128 test1129 test1130 test1131 test1132 test1133 \
\
test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \
test1216 test1217 \
test1216 test1217 test1218 \
test1220 test1221 test1222 test1223 \
\
test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \

View File

@ -37,6 +37,7 @@ http://example.fake/c/1216 http://bexample.fake/c/1216 -b log/injar1216 -x %HOST
example.fake FALSE /a FALSE 2139150993 mooo indeed
example.fake FALSE /b FALSE 0 moo1 indeed
example.fake FALSE /c FALSE 2139150993 moo2 indeed
example.fake TRUE /c FALSE 2139150993 moo3 indeed
</file>
</client>
@ -50,7 +51,7 @@ GET http://example.fake/c/1216 HTTP/1.1
Host: example.fake
Accept: */*
Proxy-Connection: Keep-Alive
Cookie: moo2=indeed
Cookie: moo2=indeed; moo3=indeed
GET http://bexample.fake/c/1216 HTTP/1.1
Host: bexample.fake

61
tests/data/test1218 Normal file
View File

@ -0,0 +1,61 @@
<testcase>
<info>
<keywords>
HTTP
HTTP GET
HTTP proxy
cookies
</keywords>
</info>
# This test is very similar to 1216, only that it sets the cookies from the
# first site instead of reading from a file
<reply>
<data>
HTTP/1.1 200 OK
Date: Tue, 25 Sep 2001 19:37:44 GMT
Set-Cookie: domain=.example.fake; bug=fixed;
Content-Length: 21
This server says moo
</data>
</reply>
# Client-side
<client>
<server>
http
</server>
<name>
HTTP cookies and domains with same prefix
</name>
<command>
http://example.fake/c/1218 http://example.fake/c/1218 http://bexample.fake/c/1218 -b nonexisting -x %HOSTIP:%HTTPPORT
</command>
</client>
# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent:.*
</strip>
<protocol>
GET http://example.fake/c/1218 HTTP/1.1
Host: example.fake
Accept: */*
Proxy-Connection: Keep-Alive
GET http://example.fake/c/1218 HTTP/1.1
Host: example.fake
Accept: */*
Proxy-Connection: Keep-Alive
Cookie: bug=fixed
GET http://bexample.fake/c/1218 HTTP/1.1
Host: bexample.fake
Accept: */*
Proxy-Connection: Keep-Alive
</protocol>
</verify>
</testcase>