Return-Path: 
 <test-cvs-return-1965-apmail-httpd-test-cvs-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-test-cvs-archive@www.apache.org
Received: (qmail 28921 invoked from network); 1 Nov 2004 16:28:38 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 1 Nov 2004 16:28:38 -0000
Received: (qmail 31679 invoked by uid 500); 1 Nov 2004 16:28:38 -0000
Delivered-To: apmail-httpd-test-cvs-archive@httpd.apache.org
Received: (qmail 31652 invoked by uid 500); 1 Nov 2004 16:28:37 -0000
Mailing-List: contact test-cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: test-dev@httpd.apache.org
list-help: <mailto:test-cvs-help@httpd.apache.org>
list-unsubscribe: <mailto:test-cvs-unsubscribe@httpd.apache.org>
list-post: <mailto:test-cvs@httpd.apache.org>
Delivered-To: mailing list test-cvs@httpd.apache.org
Received: (qmail 31635 invoked by uid 99); 1 Nov 2004 16:28:37 -0000
X-ASF-Spam-Status: No, hits=-10.0 required=10.0
	tests=ALL_TRUSTED,NO_REAL_NAME
X-Spam-Check-By: apache.org
Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194)
  by apache.org (qpsmtpd/0.28) with SMTP; Mon, 01 Nov 2004 08:28:37 -0800
Received: (qmail 28845 invoked by uid 1582); 1 Nov 2004 16:28:35 -0000
Date: 1 Nov 2004 16:28:35 -0000
Message-ID: <20041101162835.28844.qmail@minotaur.apache.org>
From: jorton@apache.org
To: httpd-test-cvs@apache.org
Subject: cvs commit: httpd-test/perl-framework/t/security CAN-2004-0942.t
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

jorton      2004/11/01 08:28:35

  Added:       perl-framework/t/security CAN-2004-0942.t
  Log:
  Add a pretty bad test for CAN-2004-0942.
  
  Revision  Changes    Path
  1.1                  httpd-test/perl-framework/t/security/CAN-2004-0942.t
  
  Index: CAN-2004-0942.t
  ===================================================================
  use strict;
  use warnings FATAL => 'all';
  
  use Apache::Test;
  use Apache::TestUtil;
  use Apache::TestRequest;
  
  plan tests => 2;
  
  my $sock = Apache::TestRequest::vhost_socket('default');
  ok $sock;
  
  # This is a test for CAN-2004-0942 albeit a pretty bad one:
  # CAN-2004-0942 is a memory leak in the <=2.0.52 logic for handling
  # whitespace in folded headers.  This test tests that a folded header
  # which, including whitespace, exceeds the field length limit, gets a
  # 400 response.  A better httpd implementation could handle such
  # headers without the memory leak, yet would fail this test.
  
  Apache::TestRequest::socket_trace($sock);
  
  $sock->print("GET /index.html HTTP/1.0\r\n");
  
  my $n = $sock->print("Hello:\r\n");
  foreach (1..100) {
      $n = $sock->send(" "x500 . "\r\n") if $sock->connected;
  }
  
  $sock->send("\r\n") if $sock->connected;
  
  my $line = Apache::TestRequest::getline($sock) || '';
  
  ok t_cmp($line, qr{^HTTP/1\.. 400}, "request was refused");