summaryrefslogtreecommitdiff
path: root/tests/core-request.t
diff options
context:
space:
mode:
authorStefan Bühler <stbuehler@web.de>2014-03-12 12:03:55 +0000
committerStefan Bühler <stbuehler@web.de>2014-03-12 12:03:55 +0000
commitd1a23569161148f5acde8d4a6fb78c44284e1853 (patch)
tree9700f07a93257582e7286ea222c83e08982c0a4a /tests/core-request.t
parentefc41b2bb1affbfb33eb6de1071e7ffa3a083a3e (diff)
downloadlighttpd1.4-d1a23569161148f5acde8d4a6fb78c44284e1853.tar.gz
lighttpd1.4-d1a23569161148f5acde8d4a6fb78c44284e1853.zip
fix SQL injection / host name validation (thx Jann Horn)lighttpd-1.4.35
From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2959 152afb58-edef-0310-8abb-c4023f1b3aa9
Diffstat (limited to 'tests/core-request.t')
-rwxr-xr-xtests/core-request.t18
1 files changed, 17 insertions, 1 deletions
diff --git a/tests/core-request.t b/tests/core-request.t
index a24777f3..6cbfb718 100755
--- a/tests/core-request.t
+++ b/tests/core-request.t
@@ -8,7 +8,7 @@ BEGIN {
use strict;
use IO::Socket;
-use Test::More tests => 36;
+use Test::More tests => 38;
use LightyTest;
my $tf = LightyTest->new();
@@ -198,6 +198,22 @@ EOF
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
ok($tf->handle_http($t) == 0, 'broken IPv4 address - too short');
+$t->{REQUEST} = ( <<EOF
+GET / HTTP/1.0
+Host: [::1]' UNION SELECT '/
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
+ok($tf->handle_http($t) == 0, 'IPv6 address + SQL injection');
+
+$t->{REQUEST} = ( <<EOF
+GET / HTTP/1.0
+Host: [::1]/../../../
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
+ok($tf->handle_http($t) == 0, 'IPv6 address + path traversal');
+
## Low-Level Request-Header Parsing - Content-Length