230 lines
6.8 KiB
Diff
230 lines
6.8 KiB
Diff
commit 827c94e5862ccaab2ce682b1b62f5e666c2f17f9
|
|
Author: Daniel Stenberg <daniel@haxx.se>
|
|
Date: Sun Jun 26 11:01:01 2022 +0200
|
|
|
|
[Backport] test444: test many received Set-Cookie:
|
|
|
|
Offering: RTOS
|
|
CVE: CVE-2022-32205
|
|
Reference: upstream_commit_id=46f8911d3942dc06fdd67e9f6f3908982e5d2fb4
|
|
|
|
DTS/AR: DTS2022063005656
|
|
type: LTS
|
|
reason: fix CVE-2022-32205 for curl.
|
|
weblink:https://github.com/curl/curl/commit/46f8911d3942dc06fdd67e9f6f3908982e5d2fb4
|
|
|
|
The amount of sent cookies in the test is limited to 80 because hyper
|
|
has its own strict limits in how many headers it allows to be received
|
|
which triggers at some point beyond this number.
|
|
|
|
Signed-off-by: jiahuasheng <jiahuasheng@h-partners.com>
|
|
|
|
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
|
|
index 20bf4f09e..d9d9f319a 100644
|
|
--- a/tests/data/Makefile.inc
|
|
+++ b/tests/data/Makefile.inc
|
|
@@ -69,7 +69,7 @@ test409 test410 \
|
|
\
|
|
test430 test431 test432 test433 test434 \
|
|
\
|
|
-test442 test443 \
|
|
+test442 test443 test444 \
|
|
\
|
|
test490 test491 test492 test493 test494 \
|
|
\
|
|
diff --git a/tests/data/test444 b/tests/data/test444
|
|
new file mode 100644
|
|
index 000000000..9bdd4a7fe
|
|
--- /dev/null
|
|
+++ b/tests/data/test444
|
|
@@ -0,0 +1,189 @@
|
|
+# perl:
|
|
+#
|
|
+#for(1 .. 200) {
|
|
+#
|
|
+#}
|
|
+#
|
|
+<testcase>
|
|
+<info>
|
|
+<keywords>
|
|
+HTTP
|
|
+cookies
|
|
+</keywords>
|
|
+</info>
|
|
+
|
|
+#
|
|
+# Server-side
|
|
+<reply>
|
|
+<data>
|
|
+HTTP/1.1 200 OK
|
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
+Server: test-server/fake
|
|
+Content-Length: 6
|
|
+Set-Cookie: cookie-1=yes;
|
|
+Set-Cookie: cookie-2=yes;
|
|
+Set-Cookie: cookie-3=yes;
|
|
+Set-Cookie: cookie-4=yes;
|
|
+Set-Cookie: cookie-5=yes;
|
|
+Set-Cookie: cookie-6=yes;
|
|
+Set-Cookie: cookie-7=yes;
|
|
+Set-Cookie: cookie-8=yes;
|
|
+Set-Cookie: cookie-9=yes;
|
|
+Set-Cookie: cookie-10=yes;
|
|
+Set-Cookie: cookie-11=yes;
|
|
+Set-Cookie: cookie-12=yes;
|
|
+Set-Cookie: cookie-13=yes;
|
|
+Set-Cookie: cookie-14=yes;
|
|
+Set-Cookie: cookie-15=yes;
|
|
+Set-Cookie: cookie-16=yes;
|
|
+Set-Cookie: cookie-17=yes;
|
|
+Set-Cookie: cookie-18=yes;
|
|
+Set-Cookie: cookie-19=yes;
|
|
+Set-Cookie: cookie-20=yes;
|
|
+Set-Cookie: cookie-21=yes;
|
|
+Set-Cookie: cookie-22=yes;
|
|
+Set-Cookie: cookie-23=yes;
|
|
+Set-Cookie: cookie-24=yes;
|
|
+Set-Cookie: cookie-25=yes;
|
|
+Set-Cookie: cookie-26=yes;
|
|
+Set-Cookie: cookie-27=yes;
|
|
+Set-Cookie: cookie-28=yes;
|
|
+Set-Cookie: cookie-29=yes;
|
|
+Set-Cookie: cookie-30=yes;
|
|
+Set-Cookie: cookie-31=yes;
|
|
+Set-Cookie: cookie-32=yes;
|
|
+Set-Cookie: cookie-33=yes;
|
|
+Set-Cookie: cookie-34=yes;
|
|
+Set-Cookie: cookie-35=yes;
|
|
+Set-Cookie: cookie-36=yes;
|
|
+Set-Cookie: cookie-37=yes;
|
|
+Set-Cookie: cookie-38=yes;
|
|
+Set-Cookie: cookie-39=yes;
|
|
+Set-Cookie: cookie-40=yes;
|
|
+Set-Cookie: cookie-41=yes;
|
|
+Set-Cookie: cookie-42=yes;
|
|
+Set-Cookie: cookie-43=yes;
|
|
+Set-Cookie: cookie-44=yes;
|
|
+Set-Cookie: cookie-45=yes;
|
|
+Set-Cookie: cookie-46=yes;
|
|
+Set-Cookie: cookie-47=yes;
|
|
+Set-Cookie: cookie-48=yes;
|
|
+Set-Cookie: cookie-49=yes;
|
|
+Set-Cookie: cookie-50=yes;
|
|
+Set-Cookie: cookie-51=yes;
|
|
+Set-Cookie: cookie-52=yes;
|
|
+Set-Cookie: cookie-53=yes;
|
|
+Set-Cookie: cookie-54=yes;
|
|
+Set-Cookie: cookie-55=yes;
|
|
+Set-Cookie: cookie-56=yes;
|
|
+Set-Cookie: cookie-57=yes;
|
|
+Set-Cookie: cookie-58=yes;
|
|
+Set-Cookie: cookie-59=yes;
|
|
+Set-Cookie: cookie-60=yes;
|
|
+Set-Cookie: cookie-61=yes;
|
|
+Set-Cookie: cookie-62=yes;
|
|
+Set-Cookie: cookie-63=yes;
|
|
+Set-Cookie: cookie-64=yes;
|
|
+Set-Cookie: cookie-65=yes;
|
|
+Set-Cookie: cookie-66=yes;
|
|
+Set-Cookie: cookie-67=yes;
|
|
+Set-Cookie: cookie-68=yes;
|
|
+Set-Cookie: cookie-69=yes;
|
|
+Set-Cookie: cookie-70=yes;
|
|
+Set-Cookie: cookie-71=yes;
|
|
+Set-Cookie: cookie-72=yes;
|
|
+Set-Cookie: cookie-73=yes;
|
|
+Set-Cookie: cookie-74=yes;
|
|
+Set-Cookie: cookie-75=yes;
|
|
+Set-Cookie: cookie-76=yes;
|
|
+Set-Cookie: cookie-77=yes;
|
|
+Set-Cookie: cookie-78=yes;
|
|
+Set-Cookie: cookie-79=yes;
|
|
+Set-Cookie: cookie-80=yes;
|
|
+
|
|
+-foo-
|
|
+</data>
|
|
+</reply>
|
|
+
|
|
+#
|
|
+# Client-side
|
|
+<client>
|
|
+<server>
|
|
+http
|
|
+</server>
|
|
+<name>
|
|
+Many Set-Cookie response headers
|
|
+</name>
|
|
+<command>
|
|
+http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -c log/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP
|
|
+</command>
|
|
+</client>
|
|
+
|
|
+#
|
|
+# Verify data after the test has been "shot"
|
|
+<verify>
|
|
+<protocol>
|
|
+GET /a/b/%TESTNUMBER HTTP/1.1
|
|
+Host: attack.invalid:%HTTPPORT
|
|
+User-Agent: curl/%VERSION
|
|
+Accept: */*
|
|
+
|
|
+</protocol>
|
|
+<file name="log/cookie%TESTNUMBER" mode="text">
|
|
+# Netscape HTTP Cookie File
|
|
+# https://curl.se/docs/http-cookies.html
|
|
+# This file was generated by libcurl! Edit at your own risk.
|
|
+
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-50 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-49 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-48 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-47 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-46 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-45 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-44 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-43 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-42 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-41 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-40 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-39 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-38 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-37 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-36 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-35 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-34 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-33 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-32 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-31 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-30 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-29 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-28 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-27 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-26 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-25 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-24 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-23 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-22 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-21 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-20 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-19 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-18 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-17 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-16 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-15 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-14 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-13 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-12 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-11 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-10 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-9 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-8 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-7 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-6 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-5 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-4 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-3 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-2 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-1 yes
|
|
+</file>
|
|
+</verify>
|
|
+</testcase>
|