diff options
Diffstat (limited to '')
-rw-r--r-- | debian/perl-framework/t/security/CVE-2004-0958.t | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/debian/perl-framework/t/security/CVE-2004-0958.t b/debian/perl-framework/t/security/CVE-2004-0958.t new file mode 100644 index 0000000..87e8d39 --- /dev/null +++ b/debian/perl-framework/t/security/CVE-2004-0958.t @@ -0,0 +1,37 @@ +use strict; +use warnings FATAL => 'all'; + +use Apache::Test; +use Apache::TestUtil; +use Apache::TestRequest; + +my %queries = +( + + "foo[bar=1" => qr/\[foo_bar\] => 1\n/, + "foo bar=2" => qr/\[foo_bar\] => 2\n/, + "foo. .bar=3" => qr/\[foo___bar\] => 3\n/, + "foobar[=3" => qr/\[foobar_\] => 3\n/, + + "foo[g][=1" => qr/\[g\] => 1\n/, # corruption pre-5.0.2/4.3.9 + "foo[][=2" => qr/\[0\] => 2\n/, # segfault in 5.0.2/4.3.9 + + "foo[][[[[[=3" => qr/\[0\] => 3\n/, + "foo[][][][][]=5" => qr/\[0\] => 5\n/, + + "foo[j]bar=6" => qr/\[j\] => 6\n/, + + +### tests which have dubious results currently: +# "foo[[[[[[[h]=4" => qr/\[0\] => 4\n/, +# "foo[ ]=7" => qr/\[baz\] => 7\n/, +# "foo[ ]=7" => qr/\[baz\] => 7\n/, + + ); + +plan tests => (keys %queries) * 1, need_php; + +foreach (keys %queries) { + my $actual = GET_BODY "/security/CAN-2004-0958.php?".$_; + ok t_cmp($actual, $queries{$_}, "query for $_"); +} |