summaryrefslogtreecommitdiffstats
path: root/debian/perl-framework/t/security/CVE-2009-3555.t
blob: 636fee5b05d7b6ea327b1235b1c609a83be294a9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
use strict;
use warnings FATAL => 'all';

use Apache::Test;
use Apache::TestRequest;
use Apache::TestUtil;

plan tests => 4, need 'ssl';

# This test case attempts only one type of attack which is possible
# due to the TLS renegotiation vulnerability, CVE-2009-3555.  A
# specific defense against this attack was added to mod_ssl in
# r891282.  For more information, see the dev@httpd thread beginning
# at message ID <4B01BD20.1060300@adnovum.ch>.

Apache::TestRequest::set_client_cert("client_ok");

Apache::TestRequest::module('mod_ssl');

my $sock = Apache::TestRequest::vhost_socket('mod_ssl');
ok $sock && $sock->connected;


my $req = "GET /require/asf/ HTTP/1.1\r\n".
   "Host: " . Apache::TestRequest::hostport() . "\r\n".
    "\r\n".
    "GET /this/is/a/prefix/injection/attack HTTP/1.0\r\n".
    "Host: " . Apache::TestRequest::hostport() . "\r\n".
    "\r\n";

ok $sock->print($req);

my $line = Apache::TestRequest::getline($sock) || '';

ok t_cmp($line, qr{^HTTP/1\.. 200}, "read first response-line");

my $rv = 0;

do {
    $line = Apache::TestRequest::getline($sock) || '';
    $line = super_chomp($line);
    print "# line: $line\n";
    if ($line eq "Connection: close") {
        $rv = 1;
    }
} until ($line eq "");

ok $rv, 1, "expected Connection: close header in response";

sub super_chomp {
    my ($body) = shift;

    ## super chomp - all leading and trailing \n (and \r for win32)
    $body =~ s/^[\n\r]*//;
    $body =~ s/[\n\r]*$//;
    ## and all the rest change to spaces
    $body =~ s/\n/ /g;
    $body =~ s/\r//g; #rip out all remaining \r's

    $body;
}