diff options
author | Eric Wong <e@80x24.org> | 2021-10-19 21:26:15 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2021-10-20 10:37:34 +0000 |
commit | 49e653848f34a179f38c1738f537f69c1205e92a (patch) | |
tree | 20e7ed69eda55a8076ea757dd325c4f27d6d55cb /t | |
parent | 9f8e28a80374e905c831d2d5f3a45c6a9d708fa3 (diff) | |
download | public-inbox-49e653848f34a179f38c1738f537f69c1205e92a.tar.gz |
Malicious clients may attempt HTTP request smuggling this way. This doesn't affect our current code as we only look for exact matches, but it could affect other servers behind a to-be-implemented reverse proxy built around our -httpd. This doesn't affect users behind varnish at all, nor the HTTPS/HTTP reverse proxy I use (I don't know about nginx), but could be passed through by other reverse proxies. This change is only needed for HTTP::Parser::XS which most users probably use. Users of the pure Perl parser (via PLACK_HTTP_PARSER_PP=1) already hit 400 errors in this case, so this makes the common XS case consistent with the pure Perl case. cf. https://www.mozilla.org/en-US/security/advisories/mfsa2006-33/
Diffstat (limited to 't')
-rw-r--r-- | t/httpd-corner.t | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/t/httpd-corner.t b/t/httpd-corner.t index cec754c9..0a613a9e 100644 --- a/t/httpd-corner.t +++ b/t/httpd-corner.t @@ -82,7 +82,12 @@ if ('test worker death') { like($body, qr/\A[0-9]+\z/, '/pid response'); isnt($body, $pid, 'respawned worker'); } - +{ + my $conn = conn_for($sock, 'Header spaces bogus'); + $conn->write("GET /empty HTTP/1.1\r\nSpaced-Out : 3\r\n\r\n"); + $conn->read(my $buf, 4096); + like($buf, qr!\AHTTP/1\.[0-9] 400 !, 'got 400 response on bad request'); +} { my $conn = conn_for($sock, 'streaming callback'); $conn->write("GET /callback HTTP/1.0\r\n\r\n"); |