summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2013-04-10 13:40:36 +0200
committerDaniel Stenberg <daniel@haxx.se>2013-04-11 23:52:12 +0200
commit5c5e1a1cd206ad8feadaa83a37d0326ba45cf45d (patch)
tree74c714fbbf4003150932688e8d61001937d3ba44
parent2eb8dcf26cb37f09cffe26909a646e702dbcab66 (diff)
downloadcurl-5c5e1a1cd206ad8feadaa83a37d0326ba45cf45d.tar.gz
test1218: another cookie tailmatch test
... and make 1216 also verify it with a file input These tests verify commit 3604fde3d3c9b0d, the fix for the "cookie domain tailmatch" vulnerability. See http://curl.haxx.se/docs/adv_20130412.html
-rw-r--r--tests/data/Makefile.am2
-rw-r--r--tests/data/test12163
-rw-r--r--tests/data/test121861
3 files changed, 64 insertions, 2 deletions
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index 1b0530246..d96ac02c7 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -89,7 +89,7 @@ test1128 test1129 test1130 test1131 test1132 test1133 \
\
test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \
-test1216 test1217 \
+test1216 test1217 test1218 \
test1220 test1221 test1222 test1223 \
\
test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \
diff --git a/tests/data/test1216 b/tests/data/test1216
index e63fe926d..5beda797d 100644
--- a/tests/data/test1216
+++ b/tests/data/test1216
@@ -37,6 +37,7 @@ http://example.fake/c/1216 http://bexample.fake/c/1216 -b log/injar1216 -x %HOST
example.fake FALSE /a FALSE 2139150993 mooo indeed
example.fake FALSE /b FALSE 0 moo1 indeed
example.fake FALSE /c FALSE 2139150993 moo2 indeed
+example.fake TRUE /c FALSE 2139150993 moo3 indeed
</file>
</client>
@@ -50,7 +51,7 @@ GET http://example.fake/c/1216 HTTP/1.1
Host: example.fake
Accept: */*
Proxy-Connection: Keep-Alive
-Cookie: moo2=indeed
+Cookie: moo2=indeed; moo3=indeed
GET http://bexample.fake/c/1216 HTTP/1.1
Host: bexample.fake
diff --git a/tests/data/test1218 b/tests/data/test1218
new file mode 100644
index 000000000..7d865476a
--- /dev/null
+++ b/tests/data/test1218
@@ -0,0 +1,61 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+HTTP proxy
+cookies
+</keywords>
+</info>
+
+# This test is very similar to 1216, only that it sets the cookies from the
+# first site instead of reading from a file
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Tue, 25 Sep 2001 19:37:44 GMT
+Set-Cookie: domain=.example.fake; bug=fixed;
+Content-Length: 21
+
+This server says moo
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP cookies and domains with same prefix
+ </name>
+ <command>
+http://example.fake/c/1218 http://example.fake/c/1218 http://bexample.fake/c/1218 -b nonexisting -x %HOSTIP:%HTTPPORT
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET http://example.fake/c/1218 HTTP/1.1
+Host: example.fake
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+GET http://example.fake/c/1218 HTTP/1.1
+Host: example.fake
+Accept: */*
+Proxy-Connection: Keep-Alive
+Cookie: bug=fixed
+
+GET http://bexample.fake/c/1218 HTTP/1.1
+Host: bexample.fake
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+</protocol>
+</verify>
+</testcase>