luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test387: verify rejection of compression chain attack

Browse Source
This commit is contained in:
Daniel Stenberg 2022-05-16 16:29:07 +02:00
parent 3a09fbb7f2
commit 7230b19a2e
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
2 changed files with 54 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tests/data/Makefile.inc
View File

@ -64,7 +64,7 @@ test343 test344 test345 test346 test347 test348 test349 test350 test351 \
test352 test353 test354 test355 test356 test357 test358 test359 test360 \ test352 test353 test354 test355 test356 test357 test358 test359 test360 \
test361 test362 test363 test364 test365 test366 test367 test368 test369 \ test361 test362 test363 test364 test365 test366 test367 test368 test369 \
test370 test371 test372 test373 test374 test375 test376 test378 test379 \ test370 test371 test372 test373 test374 test375 test376 test378 test379 \
test380 test381 test383 test384 test385 test386 \ test380 test381 test383 test384 test385 test386 test387 \
\ \
test390 test391 test392 test393 test394 test395 test396 test397 test398 \ test390 test391 test392 test393 test394 test395 test396 test397 test398 \
\ \

53
tests/data/test387 Normal file
View File

@ -0,0 +1,53 @@
<testcase>
<info>
<keywords>
HTTP
gzip
</keywords>
</info>
#
# Server-side
<reply>
<data nocheck="yes">
HTTP/1.1 200 OK
Transfer-Encoding: gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip
-foo-
</data>
</reply>
#
# Client-side
<client>
<server>
http
</server>
<name>
Response with overly long compression chain
</name>
<command>
http://%HOSTIP:%HTTPPORT/%TESTNUMBER -sS
</command>
</client>
#
# Verify data after the test has been "shot"
<verify>
<protocol>
GET /%TESTNUMBER HTTP/1.1
Host: %HOSTIP:%HTTPPORT
User-Agent: curl/%VERSION
Accept: */*
</protocol>
# CURLE_BAD_CONTENT_ENCODING is 61
<errorcode>
61
</errorcode>
<stderr mode="text">
curl: (61) Reject response due to 5 content encodings
</stderr>
</verify>
</testcase>