test1218: another cookie tailmatch test

... and make 1216 also verify it with a file input

These tests verify commit 3604fde3d3c9b0d, the fix for the "cookie
domain tailmatch" vulnerability. See
http://curl.haxx.se/docs/adv_20130412.html

1 files changed, 61 insertions, 0 deletions

diff --git a/tests/data/test1218 b/tests/data/test1218
new file mode 100644
index 000000000..7d865476a
--- /dev/null
+++ b/tests/data/test1218
@@ -0,0 +1,61 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+HTTP proxy
+cookies
+</keywords>
+</info>
+
+# This test is very similar to 1216, only that it sets the cookies from the
+# first site instead of reading from a file
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Tue, 25 Sep 2001 19:37:44 GMT
+Set-Cookie: domain=.example.fake; bug=fixed;
+Content-Length: 21

+
+This server says moo
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP cookies and domains with same prefix
+ </name>
+ <command>
+http://example.fake/c/1218 http://example.fake/c/1218 http://bexample.fake/c/1218 -b nonexisting -x %HOSTIP:%HTTPPORT
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET http://example.fake/c/1218 HTTP/1.1

+Host: example.fake

+Accept: */*

+Proxy-Connection: Keep-Alive

+

+GET http://example.fake/c/1218 HTTP/1.1

+Host: example.fake

+Accept: */*

+Proxy-Connection: Keep-Alive

+Cookie: bug=fixed

+

+GET http://bexample.fake/c/1218 HTTP/1.1

+Host: bexample.fake

+Accept: */*

+Proxy-Connection: Keep-Alive

+

+</protocol>
+</verify>
+</testcase>