From c11c30a8c8d727dcf5634fa0cc6ee0b4b77ddc3d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 11 Jan 2012 15:46:19 +0100 Subject: tests: test CRLF in URLs Related to the security vulnerability: CVE-2012-0036 Bug: http://curl.haxx.se/docs/adv_20120124.html --- tests/data/Makefile.am | 2 +- tests/data/test1322 | 29 +++++++++++++++++++++++++++++ tests/data/test1323 | 29 +++++++++++++++++++++++++++++ tests/data/test1324 | 29 +++++++++++++++++++++++++++++ 4 files changed, 88 insertions(+), 1 deletion(-) create mode 100644 tests/data/test1322 create mode 100644 tests/data/test1323 create mode 100644 tests/data/test1324 (limited to 'tests/data') diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am index 85a6e4b2f..610243c24 100644 --- a/tests/data/Makefile.am +++ b/tests/data/Makefile.am @@ -82,7 +82,7 @@ test1220 \ test1300 test1301 test1302 test1303 test1304 test1305 \ test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \ test1314 test1315 test1316 test1317 test1318 test1319 test1320 test1321 \ -test1325 test1326 test1327 \ +test1322 test1323 test1324 test1325 test1326 test1327 \ test2000 test2001 test2002 test2003 test2004 EXTRA_DIST = $(TESTCASES) DISABLED diff --git a/tests/data/test1322 b/tests/data/test1322 new file mode 100644 index 000000000..996727e94 --- /dev/null +++ b/tests/data/test1322 @@ -0,0 +1,29 @@ + + + +POP3 +CRLF-in-URL + + + +# Client-side + + +pop3 + + +POP3 with URL-encoded CR LF in the URL + + +pop3://%HOSTIP:%POP3PORT/%0d%0a/1322 + + + +# + +# 3 - CURLE_URL_MALFORMAT + +3 + + + diff --git a/tests/data/test1323 b/tests/data/test1323 new file mode 100644 index 000000000..90eb88b7d --- /dev/null +++ b/tests/data/test1323 @@ -0,0 +1,29 @@ + + + +SMTP +CRLF-in-URL + + + +# Client-side + + +smtp + + +SMTP with URL-encoded CR LF in the URL + + +smtp://%HOSTIP:%SMTPPORT/%0d%0a/1323 + + + +# + +# 3 - CURLE_URL_MALFORMAT + +3 + + + diff --git a/tests/data/test1324 b/tests/data/test1324 new file mode 100644 index 000000000..c9835efea --- /dev/null +++ b/tests/data/test1324 @@ -0,0 +1,29 @@ + + + +IMAP +CRLF-in-URL + + + +# Client-side + + +imap + + +IMAP with URL-encoded CR LF in the URL + + +imap://%HOSTIP:%IMAPPORT/%0d%0a/1322 + + + +# + +# 3 - CURLE_URL_MALFORMAT + +3 + + + -- cgit v1.2.3