67 lines
1.7 KiB
Perl
67 lines
1.7 KiB
Perl
use strict;
|
|
use warnings FATAL => 'all';
|
|
|
|
use Apache::Test;
|
|
use Apache::TestRequest;
|
|
use Apache::TestUtil;
|
|
|
|
plan tests => 4, need 'ssl';
|
|
|
|
# This test case attempts only one type of attack which is possible
|
|
# due to the TLS renegotiation vulnerability, CVE-2009-3555. A
|
|
# specific defense against this attack was added to mod_ssl in
|
|
# r891282. For more information, see the dev@httpd thread beginning
|
|
# at message ID <4B01BD20.1060300@adnovum.ch>.
|
|
|
|
Apache::TestRequest::set_client_cert("client_ok");
|
|
|
|
Apache::TestRequest::module('mod_ssl');
|
|
|
|
my $sock = Apache::TestRequest::vhost_socket('mod_ssl');
|
|
|
|
if ($sock && $sock->connected && $sock->get_sslversion() eq "TLSv1_3") {
|
|
skip "Skipping test for TLSv1.3" foreach(1..4);
|
|
exit;
|
|
}
|
|
|
|
ok $sock && $sock->connected;
|
|
|
|
|
|
my $req = "GET /require/asf/ HTTP/1.1\r\n".
|
|
"Host: " . Apache::TestRequest::hostport() . "\r\n".
|
|
"\r\n".
|
|
"GET /this/is/a/prefix/injection/attack HTTP/1.0\r\n".
|
|
"Host: " . Apache::TestRequest::hostport() . "\r\n".
|
|
"\r\n";
|
|
|
|
ok $sock->print($req);
|
|
|
|
my $line = Apache::TestRequest::getline($sock) || '';
|
|
|
|
ok t_cmp($line, qr{^HTTP/1\.. 200}, "read first response-line");
|
|
|
|
my $rv = 0;
|
|
|
|
do {
|
|
$line = Apache::TestRequest::getline($sock) || '';
|
|
$line = super_chomp($line);
|
|
print "# line: $line\n";
|
|
if ($line eq "Connection: close") {
|
|
$rv = 1;
|
|
}
|
|
} until ($line eq "");
|
|
|
|
ok $rv, 1, "expected Connection: close header in response";
|
|
|
|
sub super_chomp {
|
|
my ($body) = shift;
|
|
|
|
## super chomp - all leading and trailing \n (and \r for win32)
|
|
$body =~ s/^[\n\r]*//;
|
|
$body =~ s/[\n\r]*$//;
|
|
## and all the rest change to spaces
|
|
$body =~ s/\n/ /g;
|
|
$body =~ s/\r//g; #rip out all remaining \r's
|
|
|
|
$body;
|
|
}
|