summaryrefslogtreecommitdiff
path: root/tests/mod-auth.t
diff options
context:
space:
mode:
authorStefan Bühler <stbuehler@web.de>2011-11-29 22:27:11 +0000
committerStefan Bühler <stbuehler@web.de>2011-11-29 22:27:11 +0000
commit6c9dff7cda6593d9a566413347dd5adfe80c86a8 (patch)
treee6b463a03dada79c7c2dc11f6dd0dffbb8b3c682 /tests/mod-auth.t
parentf15ee9becbad79758b7c4af8448ce2f8fa67f174 (diff)
downloadlighttpd1.4-6c9dff7cda6593d9a566413347dd5adfe80c86a8.tar.gz
lighttpd1.4-6c9dff7cda6593d9a566413347dd5adfe80c86a8.zip
[mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2806 152afb58-edef-0310-8abb-c4023f1b3aa9
Diffstat (limited to 'tests/mod-auth.t')
-rwxr-xr-xtests/mod-auth.t10
1 files changed, 9 insertions, 1 deletions
diff --git a/tests/mod-auth.t b/tests/mod-auth.t
index 475a5f6f..89ead9dd 100755
--- a/tests/mod-auth.t
+++ b/tests/mod-auth.t
@@ -8,7 +8,7 @@ BEGIN {
use strict;
use IO::Socket;
-use Test::More tests => 14;
+use Test::More tests => 15;
use LightyTest;
my $tf = LightyTest->new();
@@ -25,6 +25,14 @@ ok($tf->handle_http($t) == 0, 'Missing Auth-token');
$t->{REQUEST} = ( <<EOF
GET /server-status HTTP/1.0
+Authorization: Basic \x80mFuOmphb
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid base64 Auth-token');
+
+$t->{REQUEST} = ( <<EOF
+GET /server-status HTTP/1.0
Authorization: Basic amFuOmphb
EOF
);