urlapi: fix use-after-free bugbagder/urlapi-followup

Follow-up from 2c20109a9b5d04

Added test 663 to verify.

Reported by OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/17954

Closes #4453

1 files changed, 79 insertions, 0 deletions

diff --git a/tests/data/test663 b/tests/data/test663
new file mode 100644
index 000000000..b9648fd70
--- /dev/null
+++ b/tests/data/test663
@@ -0,0 +1,79 @@
+#
+# This test is crafted to reproduce oss-fuzz bug
+# https://crbug.com/oss-fuzz/17954
+#
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+followlocation
+</keywords>
+</info>
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 302 OK

+Location: http://example.net/there/it/is/../../tes t case=/6630002? yes no

+Date: Thu, 09 Nov 2010 14:49:00 GMT

+Content-Length: 0

+

+</data>
+<data2>
+HTTP/1.1 200 OK

+Location: this should be ignored

+Date: Thu, 09 Nov 2010 14:49:00 GMT

+Content-Length: 5

+

+body
+</data2>
+<datacheck>
+HTTP/1.1 302 OK

+Location: http://example.net/there/it/is/../../tes t case=/6630002? yes no

+Date: Thu, 09 Nov 2010 14:49:00 GMT

+Content-Length: 0

+

+HTTP/1.1 200 OK

+Location: this should be ignored

+Date: Thu, 09 Nov 2010 14:49:00 GMT

+Content-Length: 5

+

+body
+</datacheck>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP redirect with dotdots and whitespaces in absolute Location: URL
+ </name>
+ <command>
+http://example.com/please/../gimme/663?foobar#hello -L -x http://%HOSTIP:%HTTPPORT
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET http://example.com/gimme/663?foobar HTTP/1.1

+Host: example.com

+Accept: */*

+Proxy-Connection: Keep-Alive

+

+GET http://example.net/there/tes%20t%20case=/6630002?+yes+no HTTP/1.1

+Host: example.net

+Accept: */*

+Proxy-Connection: Keep-Alive

+

+</protocol>
+</verify>
+</testcase>