httpd-test-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r358026 - in /httpd/test/trunk/perl-framework/t: conf/ssl/ssl.conf.in security/CVE-2005-3357.t
Date Tue, 20 Dec 2005 16:11:47 GMT
Author: jorton
Date: Tue Dec 20 08:11:42 2005
New Revision: 358026

URL: http://svn.apache.org/viewcvs?rev=358026&view=rev
Log:
- add test case for PR 33791 aka CVE-2005-3357.

Added:
    httpd/test/trunk/perl-framework/t/security/CVE-2005-3357.t
Modified:
    httpd/test/trunk/perl-framework/t/conf/ssl/ssl.conf.in

Modified: httpd/test/trunk/perl-framework/t/conf/ssl/ssl.conf.in
URL: http://svn.apache.org/viewcvs/httpd/test/trunk/perl-framework/t/conf/ssl/ssl.conf.in?rev=358026&r1=358025&r2=358026&view=diff
==============================================================================
--- httpd/test/trunk/perl-framework/t/conf/ssl/ssl.conf.in (original)
+++ httpd/test/trunk/perl-framework/t/conf/ssl/ssl.conf.in Tue Dec 20 08:11:42 2005
@@ -167,4 +167,16 @@
         </Location>
     </VirtualHost>
 
+    # An SSL vhost which can be used to trigger PR 33791
+
+    <VirtualHost ssl_pr33791>
+       SSLEngine On
+
+       ErrorDocument 400 /index.html
+
+       <Location />
+           SSLVerifyClient require
+       </Location>
+    </VirtualHost>
+
 </IfModule>

Added: httpd/test/trunk/perl-framework/t/security/CVE-2005-3357.t
URL: http://svn.apache.org/viewcvs/httpd/test/trunk/perl-framework/t/security/CVE-2005-3357.t?rev=358026&view=auto
==============================================================================
--- httpd/test/trunk/perl-framework/t/security/CVE-2005-3357.t (added)
+++ httpd/test/trunk/perl-framework/t/security/CVE-2005-3357.t Tue Dec 20 08:11:42 2005
@@ -0,0 +1,51 @@
+use strict;
+use warnings FATAL => 'all';
+
+# Test case for PR 33791.
+
+use Apache::Test;
+use Apache::TestUtil;
+use Apache::TestRequest;
+
+BEGIN {
+   # prevent TestRequest from croaking on an HTTP/0.9 response
+   $ENV{APACHE_TEST_HTTP_09_OK} = 1;
+}
+
+my $vars = Apache::Test::vars();
+
+plan tests => 3, need $vars->{ssl_module_name}, need_lwp,
+    qw(LWP::Protocol::https);
+
+Apache::TestRequest::user_agent_keepalive(0);
+
+my $config = Apache::Test::config();
+
+Apache::TestRequest::module("ssl_pr33791");
+
+my $hostport = Apache::TestRequest::hostport();
+
+my $rurl = "http://" . $hostport . "/";
+
+t_debug("URL is $rurl");
+
+my $r = GET($rurl);
+
+my $proto = $r->protocol;
+
+ok $proto;
+
+if (!$proto) {
+    skip "server gave no response";
+} else {
+    if ($proto eq "HTTP/0.9") {
+        skip "server gave HTTP/0.9 response";
+    } elsif ($proto) {    
+        ok t_cmp($r->code,
+                 400,
+                 "Expected bad request from 'GET $rurl'"
+                 );
+    }
+}
+
+ok t_cmp($r->content, qr/welcome to localhost/, "errordoc content was served");



Mime
View raw message