commit 827c94e5862ccaab2ce682b1b62f5e666c2f17f9
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun Jun 26 11:01:01 2022 +0200

    [Backport] test444: test many received Set-Cookie:
    
    Offering: RTOS
    CVE: CVE-2022-32205
    Reference: upstream_commit_id=46f8911d3942dc06fdd67e9f6f3908982e5d2fb4
    
    DTS/AR: DTS2022063005656
    type: LTS
    reason: fix CVE-2022-32205 for curl.
    weblink:https://github.com/curl/curl/commit/46f8911d3942dc06fdd67e9f6f3908982e5d2fb4
    
    The amount of sent cookies in the test is limited to 80 because hyper
    has its own strict limits in how many headers it allows to be received
    which triggers at some point beyond this number.
    
    Signed-off-by: jiahuasheng <jiahuasheng@h-partners.com>

diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 20bf4f09e..d9d9f319a 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -69,7 +69,7 @@ test409 test410 \
 \
 test430 test431 test432 test433 test434 \
 \
-test442 test443 \
+test442 test443 test444 \
 \
 test490 test491 test492 test493 test494 \
 \
diff --git a/tests/data/test444 b/tests/data/test444
new file mode 100644
index 000000000..9bdd4a7fe
--- /dev/null
+++ b/tests/data/test444
@@ -0,0 +1,189 @@
+# perl:
+#
+#for(1 .. 200) {
+#
+#}
+#
+<testcase>
+<info>
+<keywords>
+HTTP
+cookies
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 6
+Set-Cookie: cookie-1=yes;
+Set-Cookie: cookie-2=yes;
+Set-Cookie: cookie-3=yes;
+Set-Cookie: cookie-4=yes;
+Set-Cookie: cookie-5=yes;
+Set-Cookie: cookie-6=yes;
+Set-Cookie: cookie-7=yes;
+Set-Cookie: cookie-8=yes;
+Set-Cookie: cookie-9=yes;
+Set-Cookie: cookie-10=yes;
+Set-Cookie: cookie-11=yes;
+Set-Cookie: cookie-12=yes;
+Set-Cookie: cookie-13=yes;
+Set-Cookie: cookie-14=yes;
+Set-Cookie: cookie-15=yes;
+Set-Cookie: cookie-16=yes;
+Set-Cookie: cookie-17=yes;
+Set-Cookie: cookie-18=yes;
+Set-Cookie: cookie-19=yes;
+Set-Cookie: cookie-20=yes;
+Set-Cookie: cookie-21=yes;
+Set-Cookie: cookie-22=yes;
+Set-Cookie: cookie-23=yes;
+Set-Cookie: cookie-24=yes;
+Set-Cookie: cookie-25=yes;
+Set-Cookie: cookie-26=yes;
+Set-Cookie: cookie-27=yes;
+Set-Cookie: cookie-28=yes;
+Set-Cookie: cookie-29=yes;
+Set-Cookie: cookie-30=yes;
+Set-Cookie: cookie-31=yes;
+Set-Cookie: cookie-32=yes;
+Set-Cookie: cookie-33=yes;
+Set-Cookie: cookie-34=yes;
+Set-Cookie: cookie-35=yes;
+Set-Cookie: cookie-36=yes;
+Set-Cookie: cookie-37=yes;
+Set-Cookie: cookie-38=yes;
+Set-Cookie: cookie-39=yes;
+Set-Cookie: cookie-40=yes;
+Set-Cookie: cookie-41=yes;
+Set-Cookie: cookie-42=yes;
+Set-Cookie: cookie-43=yes;
+Set-Cookie: cookie-44=yes;
+Set-Cookie: cookie-45=yes;
+Set-Cookie: cookie-46=yes;
+Set-Cookie: cookie-47=yes;
+Set-Cookie: cookie-48=yes;
+Set-Cookie: cookie-49=yes;
+Set-Cookie: cookie-50=yes;
+Set-Cookie: cookie-51=yes;
+Set-Cookie: cookie-52=yes;
+Set-Cookie: cookie-53=yes;
+Set-Cookie: cookie-54=yes;
+Set-Cookie: cookie-55=yes;
+Set-Cookie: cookie-56=yes;
+Set-Cookie: cookie-57=yes;
+Set-Cookie: cookie-58=yes;
+Set-Cookie: cookie-59=yes;
+Set-Cookie: cookie-60=yes;
+Set-Cookie: cookie-61=yes;
+Set-Cookie: cookie-62=yes;
+Set-Cookie: cookie-63=yes;
+Set-Cookie: cookie-64=yes;
+Set-Cookie: cookie-65=yes;
+Set-Cookie: cookie-66=yes;
+Set-Cookie: cookie-67=yes;
+Set-Cookie: cookie-68=yes;
+Set-Cookie: cookie-69=yes;
+Set-Cookie: cookie-70=yes;
+Set-Cookie: cookie-71=yes;
+Set-Cookie: cookie-72=yes;
+Set-Cookie: cookie-73=yes;
+Set-Cookie: cookie-74=yes;
+Set-Cookie: cookie-75=yes;
+Set-Cookie: cookie-76=yes;
+Set-Cookie: cookie-77=yes;
+Set-Cookie: cookie-78=yes;
+Set-Cookie: cookie-79=yes;
+Set-Cookie: cookie-80=yes;
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+<name>
+Many Set-Cookie response headers
+</name>
+<command>
+http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -c log/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+GET /a/b/%TESTNUMBER HTTP/1.1
+Host: attack.invalid:%HTTPPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+<file name="log/cookie%TESTNUMBER" mode="text">
+# Netscape HTTP Cookie File
+# https://curl.se/docs/http-cookies.html
+# This file was generated by libcurl! Edit at your own risk.
+
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-50	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-49	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-48	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-47	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-46	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-45	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-44	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-43	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-42	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-41	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-40	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-39	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-38	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-37	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-36	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-35	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-34	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-33	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-32	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-31	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-30	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-29	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-28	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-27	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-26	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-25	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-24	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-23	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-22	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-21	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-20	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-19	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-18	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-17	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-16	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-15	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-14	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-13	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-12	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-11	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-10	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-9	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-8	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-7	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-6	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-5	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-4	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-3	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-2	yes
+attack.invalid	FALSE	/a/b/	FALSE	0	cookie-1	yes
+</file>
+</verify>
+</testcase>