summaryrefslogtreecommitdiff
path: root/tests/request.t
diff options
context:
space:
mode:
authorGlenn Strauss <gstrauss@gluelogic.com>2018-07-23 22:25:23 -0400
committerGlenn Strauss <gstrauss@gluelogic.com>2018-08-12 14:43:22 -0400
commitd161f53de04bc826ce1bdaeb3dce2c72ca50a3f8 (patch)
tree276985eda6a368b480d0d383dcd2232ffe539458 /tests/request.t
parent1de1746925813ed2571f862ad81cfc0df2069b37 (diff)
downloadlighttpd1.4-d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8.tar.gz
lighttpd1.4-d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8.zip
[core] security: use-after-free invalid Range req
(thx Marcus Wengelin)
Diffstat (limited to 'tests/request.t')
-rwxr-xr-xtests/request.t22
1 files changed, 21 insertions, 1 deletions
diff --git a/tests/request.t b/tests/request.t
index a9fe3f6a..c1e8f472 100755
--- a/tests/request.t
+++ b/tests/request.t
@@ -8,7 +8,7 @@ BEGIN {
use strict;
use IO::Socket;
-use Test::More tests => 50;
+use Test::More tests => 52;
use LightyTest;
my $tf = LightyTest->new();
@@ -392,6 +392,26 @@ $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
ok($tf->handle_http($t) == 0, 'GET, Range with range-requests-disabled');
$t->{REQUEST} = ( <<EOF
+GET /12345.txt HTTP/1.0
+Host: 123.example.org
+Range: 0
+Range: bytes=0-3
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => "12345\n" } ];
+ok($tf->handle_http($t) == 0, 'GET, Range invalid range-unit (first)');
+
+$t->{REQUEST} = ( <<EOF
+GET /12345.txt HTTP/1.0
+Host: 123.example.org
+Range: bytes=0-3
+Range: 0
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 206 } ];
+ok($tf->handle_http($t) == 0, 'GET, Range ignore invalid range (second)');
+
+$t->{REQUEST} = ( <<EOF
OPTIONS / HTTP/1.0
Content-Length: 4