mirror of
https://github.com/moparisthebest/curl
synced 2024-11-10 11:35:07 -05:00
8a75dbeb23
By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both send cookies to wrong sites and to allow arbitrary sites to set cookies for others. CVE-2014-3613 Bug: http://curl.haxx.se/docs/adv_20140910A.html
66 lines
1.4 KiB
Plaintext
66 lines
1.4 KiB
Plaintext
<testcase>
|
|
<info>
|
|
<keywords>
|
|
HTTP
|
|
HTTP POST
|
|
cookies
|
|
cookiejar
|
|
</keywords>
|
|
</info>
|
|
|
|
# Server-side
|
|
<reply>
|
|
<data>
|
|
HTTP/1.1 200 OK
|
|
Date: Thu, 09 Nov 2010 14:49:00 GMT
|
|
Server: test-server/fake
|
|
Content-Type: text/html
|
|
Funny-head: yesyes swsclose
|
|
Set-Cookie: foobar=name;
|
|
Set-Cookie: mismatch=this; domain=127.0.0.1; path="/silly/";
|
|
Set-Cookie: partmatch=present; domain=.0.0.1; path=/;
|
|
|
|
</data>
|
|
</reply>
|
|
|
|
# Client-side
|
|
<client>
|
|
<server>
|
|
http
|
|
</server>
|
|
<name>
|
|
HTTP with cookie parser and header recording
|
|
</name>
|
|
<command>
|
|
"http://%HOSTIP:%HTTPPORT/we/want/1105?parm1=this*that/other/thing&parm2=foobar/1105" -c log/cookie1105.txt -d "userid=myname&password=mypassword"
|
|
</command>
|
|
<precheck>
|
|
perl -e 'if ("%HOSTIP" !~ /127\.0\.0\.1$/) {print "Test only works for HOSTIP 127.0.0.1"; exit(1)}'
|
|
</precheck>
|
|
</client>
|
|
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<strip>
|
|
^User-Agent:.*
|
|
</strip>
|
|
<protocol nonewline="yes">
|
|
POST /we/want/1105?parm1=this*that/other/thing&parm2=foobar/1105 HTTP/1.1
|
|
Host: %HOSTIP:%HTTPPORT
|
|
Accept: */*
|
|
Content-Length: 33
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
userid=myname&password=mypassword
|
|
</protocol>
|
|
<file name="log/cookie1105.txt" mode="text">
|
|
# Netscape HTTP Cookie File
|
|
# http://curl.haxx.se/docs/http-cookies.html
|
|
# This file was generated by libcurl! Edit at your own risk.
|
|
|
|
127.0.0.1 FALSE /we/want/ FALSE 0 foobar name
|
|
127.0.0.1 FALSE "/silly/" FALSE 0 mismatch this
|
|
</file>
|
|
</verify>
|
|
</testcase>
|