curl/tests/data/test1105
Tim Ruehsen 8a75dbeb23 cookies: only use full host matches for hosts used as IP address
By not detecting and rejecting domain names for partial literal IP
addresses properly when parsing received HTTP cookies, libcurl can be
fooled to both send cookies to wrong sites and to allow arbitrary sites
to set cookies for others.

CVE-2014-3613

Bug: http://curl.haxx.se/docs/adv_20140910A.html
2014-09-10 07:32:36 +02:00

66 lines
1.4 KiB
Plaintext

<testcase>
<info>
<keywords>
HTTP
HTTP POST
cookies
cookiejar
</keywords>
</info>
# Server-side
<reply>
<data>
HTTP/1.1 200 OK
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Content-Type: text/html
Funny-head: yesyes swsclose
Set-Cookie: foobar=name;
Set-Cookie: mismatch=this; domain=127.0.0.1; path="/silly/";
Set-Cookie: partmatch=present; domain=.0.0.1; path=/;
</data>
</reply>
# Client-side
<client>
<server>
http
</server>
<name>
HTTP with cookie parser and header recording
</name>
<command>
"http://%HOSTIP:%HTTPPORT/we/want/1105?parm1=this*that/other/thing&parm2=foobar/1105" -c log/cookie1105.txt -d "userid=myname&password=mypassword"
</command>
<precheck>
perl -e 'if ("%HOSTIP" !~ /127\.0\.0\.1$/) {print "Test only works for HOSTIP 127.0.0.1"; exit(1)}'
</precheck>
</client>
# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent:.*
</strip>
<protocol nonewline="yes">
POST /we/want/1105?parm1=this*that/other/thing&parm2=foobar/1105 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Accept: */*
Content-Length: 33
Content-Type: application/x-www-form-urlencoded
userid=myname&password=mypassword
</protocol>
<file name="log/cookie1105.txt" mode="text">
# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
127.0.0.1 FALSE /we/want/ FALSE 0 foobar name
127.0.0.1 FALSE "/silly/" FALSE 0 mismatch this
</file>
</verify>
</testcase>