From c9cf025fadfe043f0f2f679e10d1207d8a158bb6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 17:01:31 +0200 Subject: Adding debian version 2.4.57-2. Signed-off-by: Daniel Baumann --- debian/perl-framework/t/security/CVE-2008-2364.t | 36 ++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 debian/perl-framework/t/security/CVE-2008-2364.t (limited to 'debian/perl-framework/t/security/CVE-2008-2364.t') diff --git a/debian/perl-framework/t/security/CVE-2008-2364.t b/debian/perl-framework/t/security/CVE-2008-2364.t new file mode 100644 index 0000000..46552ad --- /dev/null +++ b/debian/perl-framework/t/security/CVE-2008-2364.t @@ -0,0 +1,36 @@ +use strict; +use warnings FATAL => 'all'; + +use Apache::Test; +use Apache::TestRequest; +use Apache::TestUtil; +use Apache::TestConfig (); + +my $tests = 3; +my $server_suppresses_interim = 1; +if (!have_min_apache_version("2.4.10")) { + $tests = 1; + $server_suppresses_interim = 0; +} + +plan tests => $tests, need_module 'proxy'; + +Apache::TestRequest::module("proxy_http_reverse"); +Apache::TestRequest::user_agent(requests_redirectable => 0); + +my $r = GET("/reverse/"); +ok t_cmp($r->code, 200, "reverse proxy to index.html"); +if (have_cgi) { + if ($server_suppresses_interim) { + # XXX: This doesn't work in 2.2.x w/o at least r1588519 because LWP + # sees the unexpected interim response and stops. + $r = GET("/reverse/modules/cgi/nph-interim1.pl"); + ok t_cmp($r->code, 200, "small number of interim responses - CVE-2008-2364"); + + $r = GET("/reverse/modules/cgi/nph-interim2.pl"); + ok t_cmp($r->code, 502, "large number of interim responses - CVE-2008-2364"); + } +} else { + skip "skipping tests without CGI module" foreach (1..2); +} + -- cgit v1.2.3