luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test898: verify the fix for CVE-2022-27776

Browse Source 
Do not pass on Authorization headers on redirects to another port
This commit is contained in:
Daniel Stenberg 2022-04-25 13:05:47 +02:00
parent 6e65999395
commit afe752e050
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
2 changed files with 91 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tests/data/Makefile.inc
View File

@ -109,7 +109,7 @@ test854 test855 test856 test857 test858 test859 test860 test861 test862 \
test863 test864 test865 test866 test867 test868 test869 test870 test871 \ test863 test864 test865 test866 test867 test868 test869 test870 test871 \
test872 test873 test874 test875 test876 test877 test878 test879 test880 \ test872 test873 test874 test875 test876 test877 test878 test879 test880 \
test881 test882 test883 test884 test885 test886 test887 test888 test889 \ test881 test882 test883 test884 test885 test886 test887 test888 test889 \
test890 test891 test892 test893 test894 test895 test896 test897 \ test890 test891 test892 test893 test894 test895 test896 test897 test898 \
\ \
test900 test901 test902 test903 test904 test905 test906 test907 test908 \ test900 test901 test902 test903 test904 test905 test906 test907 test908 \
test909 test910 test911 test912 test913 test914 test915 test916 test917 \ test909 test910 test911 test912 test913 test914 test915 test916 test917 \

90
tests/data/test898 Normal file
View File

@ -0,0 +1,90 @@
<testcase>
<info>
<keywords>
HTTP
--location
Authorization
Cookie
</keywords>
</info>
#
# Server-side
<reply>
<data>
HTTP/1.1 301 redirect
Date: Tue, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Content-Length: 0
Connection: close
Content-Type: text/html
Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
</data>
<data2>
HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Content-Length: 4
Connection: close
Content-Type: text/html
hey
</data2>
<datacheck>
HTTP/1.1 301 redirect
Date: Tue, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Content-Length: 0
Connection: close
Content-Type: text/html
Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Content-Length: 4
Connection: close
Content-Type: text/html
hey
</datacheck>
</reply>
#
# Client-side
<client>
<server>
http
</server>
<name>
HTTP with custom auth and cookies redirected to HTTP on a diff port
</name>
<command>
-x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -H "Authorization: Basic am9lOnNlY3JldA==" -H "Cookie: userpwd=am9lOnNlY3JldA=="
</command>
</client>
#
# Verify data after the test has been "shot"
<verify>
<protocol>
GET http://firsthost.com/ HTTP/1.1
Host: firsthost.com
User-Agent: curl/%VERSION
Accept: */*
Proxy-Connection: Keep-Alive
Authorization: Basic am9lOnNlY3JldA==
Cookie: userpwd=am9lOnNlY3JldA==
GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1
Host: firsthost.com:9999
User-Agent: curl/%VERSION
Accept: */*
Proxy-Connection: Keep-Alive
</protocol>
</verify>
</testcase>