httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r1201098 - in /httpd/test/framework/trunk/t: conf/extra.conf.in security/CVE-2011-3368.t
Date Fri, 11 Nov 2011 23:26:00 GMT
Author: jorton
Date: Fri Nov 11 23:26:00 2011
New Revision: 1201098

URL: http://svn.apache.org/viewvc?rev=1201098&view=rev
Log:
- add test case for -3368

Added:
    httpd/test/framework/trunk/t/security/CVE-2011-3368.t
Modified:
    httpd/test/framework/trunk/t/conf/extra.conf.in

Modified: httpd/test/framework/trunk/t/conf/extra.conf.in
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/conf/extra.conf.in?rev=1201098&r1=1201097&r2=1201098&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/conf/extra.conf.in (original)
+++ httpd/test/framework/trunk/t/conf/extra.conf.in Fri Nov 11 23:26:00 2011
@@ -253,6 +253,11 @@
       ProxyPass /reverse/ http://@SERVERNAME@:@PORT@/
       ProxyPassReverse /reverse/ http://@SERVERNAME@:@PORT@/
    </VirtualHost>
+
+   <VirtualHost cve_2011_3368>
+      DocumentRoot @SERVERROOT@/htdocs/modules/proxy
+      ProxyPassMatch (.*) http://@SERVERNAME@$1
+   </VirtualHost>
 </IfModule>
   
 ##

Added: httpd/test/framework/trunk/t/security/CVE-2011-3368.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/security/CVE-2011-3368.t?rev=1201098&view=auto
==============================================================================
--- httpd/test/framework/trunk/t/security/CVE-2011-3368.t (added)
+++ httpd/test/framework/trunk/t/security/CVE-2011-3368.t Fri Nov 11 23:26:00 2011
@@ -0,0 +1,23 @@
+use strict;
+use warnings FATAL => 'all';
+
+use Apache::Test;
+use Apache::TestRequest;
+use Apache::TestUtil;
+
+plan tests => 3, need 'proxy';
+
+Apache::TestRequest::module("cve_2011_3368");
+         
+my $sock = Apache::TestRequest::vhost_socket();
+ok $sock && $sock->connected;
+
+my $req = "GET @"."localhost/foobar.html HTTP/1.1\r\n".
+   "Host: " . Apache::TestRequest::hostport() . "\r\n".
+    "\r\n"; 
+
+ok $sock->print($req);
+
+my $line = Apache::TestRequest::getline($sock) || '';
+
+ok t_cmp($line, qr{^HTTP/1\.. 400 Bad Request}, "got 400 error");



Mime
View raw message