httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r891284 - /httpd/test/framework/trunk/t/security/CVE-2009-3555.t
Date Wed, 16 Dec 2009 16:08:35 GMT
Author: jorton
Date: Wed Dec 16 16:08:34 2009
New Revision: 891284

URL: http://svn.apache.org/viewvc?rev=891284&view=rev
Log:
- add test case for a prefix attack which attempts
  to a inject additional requests beyond the 
  renegotiation.

Added:
    httpd/test/framework/trunk/t/security/CVE-2009-3555.t

Added: httpd/test/framework/trunk/t/security/CVE-2009-3555.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/security/CVE-2009-3555.t?rev=891284&view=auto
==============================================================================
--- httpd/test/framework/trunk/t/security/CVE-2009-3555.t (added)
+++ httpd/test/framework/trunk/t/security/CVE-2009-3555.t Wed Dec 16 16:08:34 2009
@@ -0,0 +1,60 @@
+use strict;
+use warnings FATAL => 'all';
+
+use Apache::Test;
+use Apache::TestRequest;
+use Apache::TestUtil;
+
+plan tests => 4, need 'ssl';
+
+# This test case attempts only one type of attack which is possible
+# due to the TLS renegotiation vulnerability, CVE-2009-3555.  A
+# specific defense against this attack was added to mod_ssl in
+# r891282.  For more information, see the dev@httpd thread beginning
+# at message ID <4B01BD20.1060300@adnovum.ch>.
+
+Apache::TestRequest::set_client_cert("client_ok");
+
+Apache::TestRequest::module('mod_ssl');
+
+my $sock = Apache::TestRequest::vhost_socket('mod_ssl');
+ok $sock && $sock->connected;
+
+
+my $req = "GET /require/asf/ HTTP/1.1\r\n".
+   "Host: " . Apache::TestRequest::hostport() . "\r\n".
+    "\r\n".
+    "GET /this/is/a/prefix/injection/attack HTTP/1.0\r\n".
+    "\r\n";
+
+ok $sock->print($req);
+
+my $line = Apache::TestRequest::getline($sock) || '';
+
+ok t_cmp($line, qr{^HTTP/1\.. 200}, "read first response-line");
+
+my $rv = 0;
+
+do {
+    $line = Apache::TestRequest::getline($sock) || '';
+    $line = super_chomp($line);
+    print "# line: $line\n";
+    if ($line eq "Connection: close") {
+        $rv = 1;
+    }
+} until ($line eq "");
+
+ok $rv, 1, "expected Connection: close header in response";
+
+sub super_chomp {
+    my ($body) = shift;
+
+    ## super chomp - all leading and trailing \n (and \r for win32)
+    $body =~ s/^[\n\r]*//;
+    $body =~ s/[\n\r]*$//;
+    ## and all the rest change to spaces
+    $body =~ s/\n/ /g;
+    $body =~ s/\r//g; #rip out all remaining \r's
+
+    $body;
+}



Mime
View raw message