741 lines
47 KiB
Diff
741 lines
47 KiB
Diff
From 64ecb3818ca335ce79ef539e962ee5d02f6fb365 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Stenberg <daniel@haxx.se>
|
|
Date: Sun, 26 Jun 2022 11:00:48 +0200
|
|
Subject: [PATCH 1/3] cookie: apply limits
|
|
|
|
- Send no more than 150 cookies per request
|
|
- Cap the max length used for a cookie: header to 8K
|
|
- Cap the max number of received Set-Cookie: headers to 50
|
|
|
|
Bug: https://curl.se/docs/CVE-2022-32205.html
|
|
CVE-2022-32205
|
|
Reported-by: Harry Sintonen
|
|
Closes #9048
|
|
|
|
Upstream-commit: 48d7064a49148f03942380967da739dcde1cdc24
|
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
---
|
|
lib/cookie.c | 14 ++++++++++++--
|
|
lib/cookie.h | 21 +++++++++++++++++++--
|
|
lib/http.c | 13 +++++++++++--
|
|
lib/urldata.h | 1 +
|
|
4 files changed, 43 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/lib/cookie.c b/lib/cookie.c
|
|
index 1b8c8f9..8a6aa1a 100644
|
|
--- a/lib/cookie.c
|
|
+++ b/lib/cookie.c
|
|
@@ -477,6 +477,10 @@ Curl_cookie_add(struct Curl_easy *data,
|
|
(void)data;
|
|
#endif
|
|
|
|
+ DEBUGASSERT(MAX_SET_COOKIE_AMOUNT <= 255); /* counter is an unsigned char */
|
|
+ if(data->req.setcookies >= MAX_SET_COOKIE_AMOUNT)
|
|
+ return NULL;
|
|
+
|
|
/* First, alloc and init a new struct for it */
|
|
co = calloc(1, sizeof(struct Cookie));
|
|
if(!co)
|
|
@@ -816,7 +820,7 @@ Curl_cookie_add(struct Curl_easy *data,
|
|
freecookie(co);
|
|
return NULL;
|
|
}
|
|
-
|
|
+ data->req.setcookies++;
|
|
}
|
|
else {
|
|
/*
|
|
@@ -1354,7 +1358,8 @@ static struct Cookie *dup_cookie(struct Cookie *src)
|
|
*
|
|
* It shall only return cookies that haven't expired.
|
|
*/
|
|
-struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
|
|
+struct Cookie *Curl_cookie_getlist(struct Curl_easy *data,
|
|
+ struct CookieInfo *c,
|
|
const char *host, const char *path,
|
|
bool secure)
|
|
{
|
|
@@ -1409,6 +1414,11 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
|
|
mainco = newco;
|
|
|
|
matches++;
|
|
+ if(matches >= MAX_COOKIE_SEND_AMOUNT) {
|
|
+ infof(data, "Included max number of cookies (%u) in request!",
|
|
+ matches);
|
|
+ break;
|
|
+ }
|
|
}
|
|
else
|
|
goto fail;
|
|
diff --git a/lib/cookie.h b/lib/cookie.h
|
|
index 0ffe08e..7411980 100644
|
|
--- a/lib/cookie.h
|
|
+++ b/lib/cookie.h
|
|
@@ -81,10 +81,26 @@ struct CookieInfo {
|
|
*/
|
|
#define MAX_COOKIE_LINE 5000
|
|
|
|
-/* This is the maximum length of a cookie name or content we deal with: */
|
|
+/* Maximum length of an incoming cookie name or content we deal with. Longer
|
|
+ cookies are ignored. */
|
|
#define MAX_NAME 4096
|
|
#define MAX_NAME_TXT "4095"
|
|
|
|
+/* Maximum size for an outgoing cookie line libcurl will use in an http
|
|
+ request. This is the default maximum length used in some versions of Apache
|
|
+ httpd. */
|
|
+#define MAX_COOKIE_HEADER_LEN 8190
|
|
+
|
|
+/* Maximum number of cookies libcurl will send in a single request, even if
|
|
+ there might be more cookies that match. One reason to cap the number is to
|
|
+ keep the maximum HTTP request within the maximum allowed size. */
|
|
+#define MAX_COOKIE_SEND_AMOUNT 150
|
|
+
|
|
+/* Maximum number of Set-Cookie: lines accepted in a single response. If more
|
|
+ such header lines are received, they are ignored. This value must be less
|
|
+ than 256 since an unsigned char is used to count. */
|
|
+#define MAX_SET_COOKIE_AMOUNT 50
|
|
+
|
|
struct Curl_easy;
|
|
/*
|
|
* Add a cookie to the internal list of cookies. The domain and path arguments
|
|
@@ -97,7 +113,8 @@ struct Cookie *Curl_cookie_add(struct Curl_easy *data,
|
|
const char *domain, const char *path,
|
|
bool secure);
|
|
|
|
-struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, const char *host,
|
|
+struct Cookie *Curl_cookie_getlist(struct Curl_easy *data,
|
|
+ struct CookieInfo *c, const char *host,
|
|
const char *path, bool secure);
|
|
void Curl_cookie_freelist(struct Cookie *cookies);
|
|
void Curl_cookie_clearall(struct CookieInfo *cookies);
|
|
diff --git a/lib/http.c b/lib/http.c
|
|
index 4433824..2c8b0c4 100644
|
|
--- a/lib/http.c
|
|
+++ b/lib/http.c
|
|
@@ -2709,12 +2709,14 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn,
|
|
}
|
|
|
|
#if !defined(CURL_DISABLE_COOKIES)
|
|
+
|
|
CURLcode Curl_http_cookies(struct Curl_easy *data,
|
|
struct connectdata *conn,
|
|
struct dynbuf *r)
|
|
{
|
|
CURLcode result = CURLE_OK;
|
|
char *addcookies = NULL;
|
|
+ bool linecap = FALSE;
|
|
if(data->set.str[STRING_COOKIE] &&
|
|
!Curl_checkheaders(data, STRCONST("Cookie")))
|
|
addcookies = data->set.str[STRING_COOKIE];
|
|
@@ -2732,7 +2734,7 @@ CURLcode Curl_http_cookies(struct Curl_easy *data,
|
|
!strcmp(host, "127.0.0.1") ||
|
|
!strcmp(host, "[::1]") ? TRUE : FALSE;
|
|
Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
|
|
- co = Curl_cookie_getlist(data->cookies, host, data->state.up.path,
|
|
+ co = Curl_cookie_getlist(data, data->cookies, host, data->state.up.path,
|
|
secure_context);
|
|
Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
|
|
}
|
|
@@ -2746,6 +2748,13 @@ CURLcode Curl_http_cookies(struct Curl_easy *data,
|
|
if(result)
|
|
break;
|
|
}
|
|
+ if((Curl_dyn_len(r) + strlen(co->name) + strlen(co->value) + 1) >=
|
|
+ MAX_COOKIE_HEADER_LEN) {
|
|
+ infof(data, "Restricted outgoing cookies due to header size, "
|
|
+ "'%s' not sent", co->name);
|
|
+ linecap = TRUE;
|
|
+ break;
|
|
+ }
|
|
result = Curl_dyn_addf(r, "%s%s=%s", count?"; ":"",
|
|
co->name, co->value);
|
|
if(result)
|
|
@@ -2756,7 +2765,7 @@ CURLcode Curl_http_cookies(struct Curl_easy *data,
|
|
}
|
|
Curl_cookie_freelist(store);
|
|
}
|
|
- if(addcookies && !result) {
|
|
+ if(addcookies && !result && !linecap) {
|
|
if(!count)
|
|
result = Curl_dyn_addn(r, STRCONST("Cookie: "));
|
|
if(!result) {
|
|
diff --git a/lib/urldata.h b/lib/urldata.h
|
|
index e006495..54faf7d 100644
|
|
--- a/lib/urldata.h
|
|
+++ b/lib/urldata.h
|
|
@@ -707,6 +707,7 @@ struct SingleRequest {
|
|
#ifndef CURL_DISABLE_DOH
|
|
struct dohdata *doh; /* DoH specific data for this request */
|
|
#endif
|
|
+ unsigned char setcookies;
|
|
BIT(header); /* incoming data has HTTP header */
|
|
BIT(content_range); /* set TRUE if Content-Range: was found */
|
|
BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding
|
|
--
|
|
2.35.3
|
|
|
|
|
|
From 2aa646531df114b99d19b33071ff53cebbd689ce Mon Sep 17 00:00:00 2001
|
|
From: Daniel Stenberg <daniel@haxx.se>
|
|
Date: Sun, 26 Jun 2022 11:01:01 +0200
|
|
Subject: [PATCH 2/3] test442/443: test cookie caps
|
|
|
|
442 - verify that only 150 cookies are sent
|
|
443 - verify that the cookie: header remains less than 8K in size
|
|
|
|
Upstream-commit: ff2b2bcf687572d173688832f0913a43de1a2bf8
|
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
---
|
|
tests/data/Makefile.inc | 2 +-
|
|
tests/data/test442 | 209 ++++++++++++++++++++++++++++++++++++++++
|
|
tests/data/test443 | 78 +++++++++++++++
|
|
3 files changed, 288 insertions(+), 1 deletion(-)
|
|
create mode 100644 tests/data/test442
|
|
create mode 100644 tests/data/test443
|
|
|
|
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
|
|
index 9b5f4fb..fe04fee 100644
|
|
--- a/tests/data/Makefile.inc
|
|
+++ b/tests/data/Makefile.inc
|
|
@@ -72,7 +72,7 @@ test409 test410 \
|
|
\
|
|
test430 test431 test432 test433 test434 test435 test436 \
|
|
\
|
|
-test440 test441 \
|
|
+test440 test441 test442 test443 \
|
|
\
|
|
test490 test491 test492 test493 test494 \
|
|
\
|
|
diff --git a/tests/data/test442 b/tests/data/test442
|
|
new file mode 100644
|
|
index 0000000..1b00d20
|
|
--- /dev/null
|
|
+++ b/tests/data/test442
|
|
@@ -0,0 +1,209 @@
|
|
+# perl:
|
|
+#
|
|
+# for(1 .. 151) {
|
|
+# print join("\t",
|
|
+# "attack.invalid", "TRUE", "/", "FALSE", "0",
|
|
+# "name$_", "could-be-large-$_")."\n";
|
|
+# }
|
|
+#
|
|
+<testcase>
|
|
+<info>
|
|
+<keywords>
|
|
+HTTP
|
|
+cookies
|
|
+</keywords>
|
|
+</info>
|
|
+
|
|
+#
|
|
+# Server-side
|
|
+<reply>
|
|
+<data>
|
|
+HTTP/1.1 200 OK
|
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
+Server: test-server/fake
|
|
+Content-Length: 6
|
|
+
|
|
+-foo-
|
|
+</data>
|
|
+</reply>
|
|
+
|
|
+#
|
|
+# Client-side
|
|
+<client>
|
|
+<server>
|
|
+http
|
|
+</server>
|
|
+<name>
|
|
+Send capped huge number of matching cookies
|
|
+</name>
|
|
+<command>
|
|
+http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -b log/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP -L
|
|
+</command>
|
|
+<file name="log/cookie%TESTNUMBER" mode="text">
|
|
+attack.invalid TRUE / FALSE 0 name1 could-be-large-1
|
|
+attack.invalid TRUE / FALSE 0 name2 could-be-large-2
|
|
+attack.invalid TRUE / FALSE 0 name3 could-be-large-3
|
|
+attack.invalid TRUE / FALSE 0 name4 could-be-large-4
|
|
+attack.invalid TRUE / FALSE 0 name5 could-be-large-5
|
|
+attack.invalid TRUE / FALSE 0 name6 could-be-large-6
|
|
+attack.invalid TRUE / FALSE 0 name7 could-be-large-7
|
|
+attack.invalid TRUE / FALSE 0 name8 could-be-large-8
|
|
+attack.invalid TRUE / FALSE 0 name9 could-be-large-9
|
|
+attack.invalid TRUE / FALSE 0 name10 could-be-large-10
|
|
+attack.invalid TRUE / FALSE 0 name11 could-be-large-11
|
|
+attack.invalid TRUE / FALSE 0 name12 could-be-large-12
|
|
+attack.invalid TRUE / FALSE 0 name13 could-be-large-13
|
|
+attack.invalid TRUE / FALSE 0 name14 could-be-large-14
|
|
+attack.invalid TRUE / FALSE 0 name15 could-be-large-15
|
|
+attack.invalid TRUE / FALSE 0 name16 could-be-large-16
|
|
+attack.invalid TRUE / FALSE 0 name17 could-be-large-17
|
|
+attack.invalid TRUE / FALSE 0 name18 could-be-large-18
|
|
+attack.invalid TRUE / FALSE 0 name19 could-be-large-19
|
|
+attack.invalid TRUE / FALSE 0 name20 could-be-large-20
|
|
+attack.invalid TRUE / FALSE 0 name21 could-be-large-21
|
|
+attack.invalid TRUE / FALSE 0 name22 could-be-large-22
|
|
+attack.invalid TRUE / FALSE 0 name23 could-be-large-23
|
|
+attack.invalid TRUE / FALSE 0 name24 could-be-large-24
|
|
+attack.invalid TRUE / FALSE 0 name25 could-be-large-25
|
|
+attack.invalid TRUE / FALSE 0 name26 could-be-large-26
|
|
+attack.invalid TRUE / FALSE 0 name27 could-be-large-27
|
|
+attack.invalid TRUE / FALSE 0 name28 could-be-large-28
|
|
+attack.invalid TRUE / FALSE 0 name29 could-be-large-29
|
|
+attack.invalid TRUE / FALSE 0 name30 could-be-large-30
|
|
+attack.invalid TRUE / FALSE 0 name31 could-be-large-31
|
|
+attack.invalid TRUE / FALSE 0 name32 could-be-large-32
|
|
+attack.invalid TRUE / FALSE 0 name33 could-be-large-33
|
|
+attack.invalid TRUE / FALSE 0 name34 could-be-large-34
|
|
+attack.invalid TRUE / FALSE 0 name35 could-be-large-35
|
|
+attack.invalid TRUE / FALSE 0 name36 could-be-large-36
|
|
+attack.invalid TRUE / FALSE 0 name37 could-be-large-37
|
|
+attack.invalid TRUE / FALSE 0 name38 could-be-large-38
|
|
+attack.invalid TRUE / FALSE 0 name39 could-be-large-39
|
|
+attack.invalid TRUE / FALSE 0 name40 could-be-large-40
|
|
+attack.invalid TRUE / FALSE 0 name41 could-be-large-41
|
|
+attack.invalid TRUE / FALSE 0 name42 could-be-large-42
|
|
+attack.invalid TRUE / FALSE 0 name43 could-be-large-43
|
|
+attack.invalid TRUE / FALSE 0 name44 could-be-large-44
|
|
+attack.invalid TRUE / FALSE 0 name45 could-be-large-45
|
|
+attack.invalid TRUE / FALSE 0 name46 could-be-large-46
|
|
+attack.invalid TRUE / FALSE 0 name47 could-be-large-47
|
|
+attack.invalid TRUE / FALSE 0 name48 could-be-large-48
|
|
+attack.invalid TRUE / FALSE 0 name49 could-be-large-49
|
|
+attack.invalid TRUE / FALSE 0 name50 could-be-large-50
|
|
+attack.invalid TRUE / FALSE 0 name51 could-be-large-51
|
|
+attack.invalid TRUE / FALSE 0 name52 could-be-large-52
|
|
+attack.invalid TRUE / FALSE 0 name53 could-be-large-53
|
|
+attack.invalid TRUE / FALSE 0 name54 could-be-large-54
|
|
+attack.invalid TRUE / FALSE 0 name55 could-be-large-55
|
|
+attack.invalid TRUE / FALSE 0 name56 could-be-large-56
|
|
+attack.invalid TRUE / FALSE 0 name57 could-be-large-57
|
|
+attack.invalid TRUE / FALSE 0 name58 could-be-large-58
|
|
+attack.invalid TRUE / FALSE 0 name59 could-be-large-59
|
|
+attack.invalid TRUE / FALSE 0 name60 could-be-large-60
|
|
+attack.invalid TRUE / FALSE 0 name61 could-be-large-61
|
|
+attack.invalid TRUE / FALSE 0 name62 could-be-large-62
|
|
+attack.invalid TRUE / FALSE 0 name63 could-be-large-63
|
|
+attack.invalid TRUE / FALSE 0 name64 could-be-large-64
|
|
+attack.invalid TRUE / FALSE 0 name65 could-be-large-65
|
|
+attack.invalid TRUE / FALSE 0 name66 could-be-large-66
|
|
+attack.invalid TRUE / FALSE 0 name67 could-be-large-67
|
|
+attack.invalid TRUE / FALSE 0 name68 could-be-large-68
|
|
+attack.invalid TRUE / FALSE 0 name69 could-be-large-69
|
|
+attack.invalid TRUE / FALSE 0 name70 could-be-large-70
|
|
+attack.invalid TRUE / FALSE 0 name71 could-be-large-71
|
|
+attack.invalid TRUE / FALSE 0 name72 could-be-large-72
|
|
+attack.invalid TRUE / FALSE 0 name73 could-be-large-73
|
|
+attack.invalid TRUE / FALSE 0 name74 could-be-large-74
|
|
+attack.invalid TRUE / FALSE 0 name75 could-be-large-75
|
|
+attack.invalid TRUE / FALSE 0 name76 could-be-large-76
|
|
+attack.invalid TRUE / FALSE 0 name77 could-be-large-77
|
|
+attack.invalid TRUE / FALSE 0 name78 could-be-large-78
|
|
+attack.invalid TRUE / FALSE 0 name79 could-be-large-79
|
|
+attack.invalid TRUE / FALSE 0 name80 could-be-large-80
|
|
+attack.invalid TRUE / FALSE 0 name81 could-be-large-81
|
|
+attack.invalid TRUE / FALSE 0 name82 could-be-large-82
|
|
+attack.invalid TRUE / FALSE 0 name83 could-be-large-83
|
|
+attack.invalid TRUE / FALSE 0 name84 could-be-large-84
|
|
+attack.invalid TRUE / FALSE 0 name85 could-be-large-85
|
|
+attack.invalid TRUE / FALSE 0 name86 could-be-large-86
|
|
+attack.invalid TRUE / FALSE 0 name87 could-be-large-87
|
|
+attack.invalid TRUE / FALSE 0 name88 could-be-large-88
|
|
+attack.invalid TRUE / FALSE 0 name89 could-be-large-89
|
|
+attack.invalid TRUE / FALSE 0 name90 could-be-large-90
|
|
+attack.invalid TRUE / FALSE 0 name91 could-be-large-91
|
|
+attack.invalid TRUE / FALSE 0 name92 could-be-large-92
|
|
+attack.invalid TRUE / FALSE 0 name93 could-be-large-93
|
|
+attack.invalid TRUE / FALSE 0 name94 could-be-large-94
|
|
+attack.invalid TRUE / FALSE 0 name95 could-be-large-95
|
|
+attack.invalid TRUE / FALSE 0 name96 could-be-large-96
|
|
+attack.invalid TRUE / FALSE 0 name97 could-be-large-97
|
|
+attack.invalid TRUE / FALSE 0 name98 could-be-large-98
|
|
+attack.invalid TRUE / FALSE 0 name99 could-be-large-99
|
|
+attack.invalid TRUE / FALSE 0 name100 could-be-large-100
|
|
+attack.invalid TRUE / FALSE 0 name101 could-be-large-101
|
|
+attack.invalid TRUE / FALSE 0 name102 could-be-large-102
|
|
+attack.invalid TRUE / FALSE 0 name103 could-be-large-103
|
|
+attack.invalid TRUE / FALSE 0 name104 could-be-large-104
|
|
+attack.invalid TRUE / FALSE 0 name105 could-be-large-105
|
|
+attack.invalid TRUE / FALSE 0 name106 could-be-large-106
|
|
+attack.invalid TRUE / FALSE 0 name107 could-be-large-107
|
|
+attack.invalid TRUE / FALSE 0 name108 could-be-large-108
|
|
+attack.invalid TRUE / FALSE 0 name109 could-be-large-109
|
|
+attack.invalid TRUE / FALSE 0 name110 could-be-large-110
|
|
+attack.invalid TRUE / FALSE 0 name111 could-be-large-111
|
|
+attack.invalid TRUE / FALSE 0 name112 could-be-large-112
|
|
+attack.invalid TRUE / FALSE 0 name113 could-be-large-113
|
|
+attack.invalid TRUE / FALSE 0 name114 could-be-large-114
|
|
+attack.invalid TRUE / FALSE 0 name115 could-be-large-115
|
|
+attack.invalid TRUE / FALSE 0 name116 could-be-large-116
|
|
+attack.invalid TRUE / FALSE 0 name117 could-be-large-117
|
|
+attack.invalid TRUE / FALSE 0 name118 could-be-large-118
|
|
+attack.invalid TRUE / FALSE 0 name119 could-be-large-119
|
|
+attack.invalid TRUE / FALSE 0 name120 could-be-large-120
|
|
+attack.invalid TRUE / FALSE 0 name121 could-be-large-121
|
|
+attack.invalid TRUE / FALSE 0 name122 could-be-large-122
|
|
+attack.invalid TRUE / FALSE 0 name123 could-be-large-123
|
|
+attack.invalid TRUE / FALSE 0 name124 could-be-large-124
|
|
+attack.invalid TRUE / FALSE 0 name125 could-be-large-125
|
|
+attack.invalid TRUE / FALSE 0 name126 could-be-large-126
|
|
+attack.invalid TRUE / FALSE 0 name127 could-be-large-127
|
|
+attack.invalid TRUE / FALSE 0 name128 could-be-large-128
|
|
+attack.invalid TRUE / FALSE 0 name129 could-be-large-129
|
|
+attack.invalid TRUE / FALSE 0 name130 could-be-large-130
|
|
+attack.invalid TRUE / FALSE 0 name131 could-be-large-131
|
|
+attack.invalid TRUE / FALSE 0 name132 could-be-large-132
|
|
+attack.invalid TRUE / FALSE 0 name133 could-be-large-133
|
|
+attack.invalid TRUE / FALSE 0 name134 could-be-large-134
|
|
+attack.invalid TRUE / FALSE 0 name135 could-be-large-135
|
|
+attack.invalid TRUE / FALSE 0 name136 could-be-large-136
|
|
+attack.invalid TRUE / FALSE 0 name137 could-be-large-137
|
|
+attack.invalid TRUE / FALSE 0 name138 could-be-large-138
|
|
+attack.invalid TRUE / FALSE 0 name139 could-be-large-139
|
|
+attack.invalid TRUE / FALSE 0 name140 could-be-large-140
|
|
+attack.invalid TRUE / FALSE 0 name141 could-be-large-141
|
|
+attack.invalid TRUE / FALSE 0 name142 could-be-large-142
|
|
+attack.invalid TRUE / FALSE 0 name143 could-be-large-143
|
|
+attack.invalid TRUE / FALSE 0 name144 could-be-large-144
|
|
+attack.invalid TRUE / FALSE 0 name145 could-be-large-145
|
|
+attack.invalid TRUE / FALSE 0 name146 could-be-large-146
|
|
+attack.invalid TRUE / FALSE 0 name147 could-be-large-147
|
|
+attack.invalid TRUE / FALSE 0 name148 could-be-large-148
|
|
+attack.invalid TRUE / FALSE 0 name149 could-be-large-149
|
|
+attack.invalid TRUE / FALSE 0 name150 could-be-large-150
|
|
+attack.invalid TRUE / FALSE 0 name151 could-be-large-151
|
|
+</file>
|
|
+</client>
|
|
+
|
|
+#
|
|
+# Verify data after the test has been "shot"
|
|
+<verify>
|
|
+<protocol>
|
|
+GET /a/b/%TESTNUMBER HTTP/1.1
|
|
+Host: attack.invalid:%HTTPPORT
|
|
+User-Agent: curl/%VERSION
|
|
+Accept: */*
|
|
+Cookie: name150=could-be-large-150; name149=could-be-large-149; name148=could-be-large-148; name147=could-be-large-147; name146=could-be-large-146; name145=could-be-large-145; name144=could-be-large-144; name143=could-be-large-143; name142=could-be-large-142; name141=could-be-large-141; name140=could-be-large-140; name139=could-be-large-139; name138=could-be-large-138; name137=could-be-large-137; name136=could-be-large-136; name135=could-be-large-135; name134=could-be-large-134; name133=could-be-large-133; name132=could-be-large-132; name131=could-be-large-131; name130=could-be-large-130; name129=could-be-large-129; name128=could-be-large-128; name127=could-be-large-127; name126=could-be-large-126; name125=could-be-large-125; name124=could-be-large-124; name123=could-be-large-123; name122=could-be-large-122; name121=could-be-large-121; name120=could-be-large-120; name119=could-be-large-119; name118=could-be-large-118; name117=could-be-large-117; name116=could-be-large-116; name115=could-be-large-115; name114=could-be-large-114; name113=could-be-large-113; name112=could-be-large-112; name111=could-be-large-111; name110=could-be-large-110; name109=could-be-large-109; name108=could-be-large-108; name107=could-be-large-107; name106=could-be-large-106; name105=could-be-large-105; name104=could-be-large-104; name103=could-be-large-103; name102=could-be-large-102; name101=could-be-large-101; name100=could-be-large-100; name99=could-be-large-99; name98=could-be-large-98; name97=could-be-large-97; name96=could-be-large-96; name95=could-be-large-95; name94=could-be-large-94; name93=could-be-large-93; name92=could-be-large-92; name91=could-be-large-91; name90=could-be-large-90; name89=could-be-large-89; name88=could-be-large-88; name87=could-be-large-87; name86=could-be-large-86; name85=could-be-large-85; name84=could-be-large-84; name83=could-be-large-83; name82=could-be-large-82; name81=could-be-large-81; name80=could-be-large-80; name79=could-be-large-79; name78=could-be-large-78; name77=could-be-large-77; name76=could-be-large-76; name75=could-be-large-75; name74=could-be-large-74; name73=could-be-large-73; name72=could-be-large-72; name71=could-be-large-71; name70=could-be-large-70; name69=could-be-large-69; name68=could-be-large-68; name67=could-be-large-67; name66=could-be-large-66; name65=could-be-large-65; name64=could-be-large-64; name63=could-be-large-63; name62=could-be-large-62; name61=could-be-large-61; name60=could-be-large-60; name59=could-be-large-59; name58=could-be-large-58; name57=could-be-large-57; name56=could-be-large-56; name55=could-be-large-55; name54=could-be-large-54; name53=could-be-large-53; name52=could-be-large-52; name51=could-be-large-51; name50=could-be-large-50; name49=could-be-large-49; name48=could-be-large-48; name47=could-be-large-47; name46=could-be-large-46; name45=could-be-large-45; name44=could-be-large-44; name43=could-be-large-43; name42=could-be-large-42; name41=could-be-large-41; name40=could-be-large-40; name39=could-be-large-39; name38=could-be-large-38; name37=could-be-large-37; name36=could-be-large-36; name35=could-be-large-35; name34=could-be-large-34; name33=could-be-large-33; name32=could-be-large-32; name31=could-be-large-31; name30=could-be-large-30; name29=could-be-large-29; name28=could-be-large-28; name27=could-be-large-27; name26=could-be-large-26; name25=could-be-large-25; name24=could-be-large-24; name23=could-be-large-23; name22=could-be-large-22; name21=could-be-large-21; name20=could-be-large-20; name19=could-be-large-19; name18=could-be-large-18; name17=could-be-large-17; name16=could-be-large-16; name15=could-be-large-15; name14=could-be-large-14; name13=could-be-large-13; name12=could-be-large-12; name11=could-be-large-11; name10=could-be-large-10; name9=could-be-large-9; name8=could-be-large-8; name7=could-be-large-7; name6=could-be-large-6; name5=could-be-large-5; name4=could-be-large-4; name3=could-be-large-3; name2=could-be-large-2; name1=could-be-large-1
|
|
+
|
|
+</protocol>
|
|
+</verify>
|
|
+</testcase>
|
|
diff --git a/tests/data/test443 b/tests/data/test443
|
|
new file mode 100644
|
|
index 0000000..996b1d3
|
|
--- /dev/null
|
|
+++ b/tests/data/test443
|
|
@@ -0,0 +1,78 @@
|
|
+# perl:
|
|
+#
|
|
+#for(1 .. 20) {
|
|
+# print join("\t",
|
|
+# "attack.invalid", "TRUE", "/", "FALSE", "0",
|
|
+# "huge-$_", ('a' x 500)."-$_")."\n";
|
|
+#}
|
|
+#
|
|
+<testcase>
|
|
+<info>
|
|
+<keywords>
|
|
+HTTP
|
|
+cookies
|
|
+</keywords>
|
|
+</info>
|
|
+
|
|
+#
|
|
+# Server-side
|
|
+<reply>
|
|
+<data>
|
|
+HTTP/1.1 200 OK
|
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
+Server: test-server/fake
|
|
+Content-Length: 6
|
|
+
|
|
+-foo-
|
|
+</data>
|
|
+</reply>
|
|
+
|
|
+#
|
|
+# Client-side
|
|
+<client>
|
|
+<server>
|
|
+http
|
|
+</server>
|
|
+<name>
|
|
+Cookie header in request no longer than 8K
|
|
+</name>
|
|
+<command>
|
|
+http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -b log/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP -L
|
|
+</command>
|
|
+<file name="log/cookie%TESTNUMBER" mode="text">
|
|
+attack.invalid TRUE / FALSE 0 huge-1 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-1
|
|
+attack.invalid TRUE / FALSE 0 huge-2 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-2
|
|
+attack.invalid TRUE / FALSE 0 huge-3 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-3
|
|
+attack.invalid TRUE / FALSE 0 huge-4 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-4
|
|
+attack.invalid TRUE / FALSE 0 huge-5 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-5
|
|
+attack.invalid TRUE / FALSE 0 huge-6 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-6
|
|
+attack.invalid TRUE / FALSE 0 huge-7 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-7
|
|
+attack.invalid TRUE / FALSE 0 huge-8 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-8
|
|
+attack.invalid TRUE / FALSE 0 huge-9 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-9
|
|
+attack.invalid TRUE / FALSE 0 huge-10 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-10
|
|
+attack.invalid TRUE / FALSE 0 huge-11 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-11
|
|
+attack.invalid TRUE / FALSE 0 huge-12 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-12
|
|
+attack.invalid TRUE / FALSE 0 huge-13 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-13
|
|
+attack.invalid TRUE / FALSE 0 huge-14 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-14
|
|
+attack.invalid TRUE / FALSE 0 huge-15 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-15
|
|
+attack.invalid TRUE / FALSE 0 huge-16 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-16
|
|
+attack.invalid TRUE / FALSE 0 huge-17 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-17
|
|
+attack.invalid TRUE / FALSE 0 huge-18 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-18
|
|
+attack.invalid TRUE / FALSE 0 huge-19 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-19
|
|
+attack.invalid TRUE / FALSE 0 huge-20 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-20
|
|
+</file>
|
|
+</client>
|
|
+
|
|
+#
|
|
+# Verify data after the test has been "shot"
|
|
+<verify>
|
|
+<protocol>
|
|
+GET /a/b/%TESTNUMBER HTTP/1.1
|
|
+Host: attack.invalid:%HTTPPORT
|
|
+User-Agent: curl/%VERSION
|
|
+Accept: */*
|
|
+Cookie: huge-20=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-20; huge-19=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-19; huge-18=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-18; huge-17=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-17; huge-16=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-16; huge-15=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-15; huge-14=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-14; huge-13=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-13; huge-12=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-12; huge-11=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-11; huge-10=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-10; huge-9=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-9; huge-8=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-8; huge-7=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-7; huge-6=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-6
|
|
+
|
|
+</protocol>
|
|
+</verify>
|
|
+</testcase>
|
|
--
|
|
2.35.3
|
|
|
|
|
|
From a09261fa4976562735320e4e953ca4f4c81ec452 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Stenberg <daniel@haxx.se>
|
|
Date: Sun, 26 Jun 2022 11:01:01 +0200
|
|
Subject: [PATCH 3/3] test444: test many received Set-Cookie:
|
|
|
|
The amount of sent cookies in the test is limited to 80 because hyper
|
|
has its own strict limits in how many headers it allows to be received
|
|
which triggers at some point beyond this number.
|
|
|
|
Upstream-commit: 46f8911d3942dc06fdd67e9f6f3908982e5d2fb4
|
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
---
|
|
tests/data/Makefile.inc | 2 +-
|
|
tests/data/test444 | 189 ++++++++++++++++++++++++++++++++++++++++
|
|
2 files changed, 190 insertions(+), 1 deletion(-)
|
|
create mode 100644 tests/data/test444
|
|
|
|
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
|
|
index fe04fee..c38f2d2 100644
|
|
--- a/tests/data/Makefile.inc
|
|
+++ b/tests/data/Makefile.inc
|
|
@@ -72,7 +72,7 @@ test409 test410 \
|
|
\
|
|
test430 test431 test432 test433 test434 test435 test436 \
|
|
\
|
|
-test440 test441 test442 test443 \
|
|
+test440 test441 test442 test443 test444 \
|
|
\
|
|
test490 test491 test492 test493 test494 \
|
|
\
|
|
diff --git a/tests/data/test444 b/tests/data/test444
|
|
new file mode 100644
|
|
index 0000000..9bdd4a7
|
|
--- /dev/null
|
|
+++ b/tests/data/test444
|
|
@@ -0,0 +1,189 @@
|
|
+# perl:
|
|
+#
|
|
+#for(1 .. 200) {
|
|
+#
|
|
+#}
|
|
+#
|
|
+<testcase>
|
|
+<info>
|
|
+<keywords>
|
|
+HTTP
|
|
+cookies
|
|
+</keywords>
|
|
+</info>
|
|
+
|
|
+#
|
|
+# Server-side
|
|
+<reply>
|
|
+<data>
|
|
+HTTP/1.1 200 OK
|
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
+Server: test-server/fake
|
|
+Content-Length: 6
|
|
+Set-Cookie: cookie-1=yes;
|
|
+Set-Cookie: cookie-2=yes;
|
|
+Set-Cookie: cookie-3=yes;
|
|
+Set-Cookie: cookie-4=yes;
|
|
+Set-Cookie: cookie-5=yes;
|
|
+Set-Cookie: cookie-6=yes;
|
|
+Set-Cookie: cookie-7=yes;
|
|
+Set-Cookie: cookie-8=yes;
|
|
+Set-Cookie: cookie-9=yes;
|
|
+Set-Cookie: cookie-10=yes;
|
|
+Set-Cookie: cookie-11=yes;
|
|
+Set-Cookie: cookie-12=yes;
|
|
+Set-Cookie: cookie-13=yes;
|
|
+Set-Cookie: cookie-14=yes;
|
|
+Set-Cookie: cookie-15=yes;
|
|
+Set-Cookie: cookie-16=yes;
|
|
+Set-Cookie: cookie-17=yes;
|
|
+Set-Cookie: cookie-18=yes;
|
|
+Set-Cookie: cookie-19=yes;
|
|
+Set-Cookie: cookie-20=yes;
|
|
+Set-Cookie: cookie-21=yes;
|
|
+Set-Cookie: cookie-22=yes;
|
|
+Set-Cookie: cookie-23=yes;
|
|
+Set-Cookie: cookie-24=yes;
|
|
+Set-Cookie: cookie-25=yes;
|
|
+Set-Cookie: cookie-26=yes;
|
|
+Set-Cookie: cookie-27=yes;
|
|
+Set-Cookie: cookie-28=yes;
|
|
+Set-Cookie: cookie-29=yes;
|
|
+Set-Cookie: cookie-30=yes;
|
|
+Set-Cookie: cookie-31=yes;
|
|
+Set-Cookie: cookie-32=yes;
|
|
+Set-Cookie: cookie-33=yes;
|
|
+Set-Cookie: cookie-34=yes;
|
|
+Set-Cookie: cookie-35=yes;
|
|
+Set-Cookie: cookie-36=yes;
|
|
+Set-Cookie: cookie-37=yes;
|
|
+Set-Cookie: cookie-38=yes;
|
|
+Set-Cookie: cookie-39=yes;
|
|
+Set-Cookie: cookie-40=yes;
|
|
+Set-Cookie: cookie-41=yes;
|
|
+Set-Cookie: cookie-42=yes;
|
|
+Set-Cookie: cookie-43=yes;
|
|
+Set-Cookie: cookie-44=yes;
|
|
+Set-Cookie: cookie-45=yes;
|
|
+Set-Cookie: cookie-46=yes;
|
|
+Set-Cookie: cookie-47=yes;
|
|
+Set-Cookie: cookie-48=yes;
|
|
+Set-Cookie: cookie-49=yes;
|
|
+Set-Cookie: cookie-50=yes;
|
|
+Set-Cookie: cookie-51=yes;
|
|
+Set-Cookie: cookie-52=yes;
|
|
+Set-Cookie: cookie-53=yes;
|
|
+Set-Cookie: cookie-54=yes;
|
|
+Set-Cookie: cookie-55=yes;
|
|
+Set-Cookie: cookie-56=yes;
|
|
+Set-Cookie: cookie-57=yes;
|
|
+Set-Cookie: cookie-58=yes;
|
|
+Set-Cookie: cookie-59=yes;
|
|
+Set-Cookie: cookie-60=yes;
|
|
+Set-Cookie: cookie-61=yes;
|
|
+Set-Cookie: cookie-62=yes;
|
|
+Set-Cookie: cookie-63=yes;
|
|
+Set-Cookie: cookie-64=yes;
|
|
+Set-Cookie: cookie-65=yes;
|
|
+Set-Cookie: cookie-66=yes;
|
|
+Set-Cookie: cookie-67=yes;
|
|
+Set-Cookie: cookie-68=yes;
|
|
+Set-Cookie: cookie-69=yes;
|
|
+Set-Cookie: cookie-70=yes;
|
|
+Set-Cookie: cookie-71=yes;
|
|
+Set-Cookie: cookie-72=yes;
|
|
+Set-Cookie: cookie-73=yes;
|
|
+Set-Cookie: cookie-74=yes;
|
|
+Set-Cookie: cookie-75=yes;
|
|
+Set-Cookie: cookie-76=yes;
|
|
+Set-Cookie: cookie-77=yes;
|
|
+Set-Cookie: cookie-78=yes;
|
|
+Set-Cookie: cookie-79=yes;
|
|
+Set-Cookie: cookie-80=yes;
|
|
+
|
|
+-foo-
|
|
+</data>
|
|
+</reply>
|
|
+
|
|
+#
|
|
+# Client-side
|
|
+<client>
|
|
+<server>
|
|
+http
|
|
+</server>
|
|
+<name>
|
|
+Many Set-Cookie response headers
|
|
+</name>
|
|
+<command>
|
|
+http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -c log/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP
|
|
+</command>
|
|
+</client>
|
|
+
|
|
+#
|
|
+# Verify data after the test has been "shot"
|
|
+<verify>
|
|
+<protocol>
|
|
+GET /a/b/%TESTNUMBER HTTP/1.1
|
|
+Host: attack.invalid:%HTTPPORT
|
|
+User-Agent: curl/%VERSION
|
|
+Accept: */*
|
|
+
|
|
+</protocol>
|
|
+<file name="log/cookie%TESTNUMBER" mode="text">
|
|
+# Netscape HTTP Cookie File
|
|
+# https://curl.se/docs/http-cookies.html
|
|
+# This file was generated by libcurl! Edit at your own risk.
|
|
+
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-50 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-49 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-48 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-47 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-46 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-45 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-44 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-43 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-42 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-41 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-40 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-39 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-38 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-37 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-36 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-35 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-34 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-33 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-32 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-31 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-30 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-29 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-28 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-27 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-26 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-25 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-24 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-23 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-22 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-21 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-20 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-19 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-18 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-17 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-16 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-15 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-14 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-13 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-12 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-11 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-10 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-9 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-8 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-7 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-6 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-5 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-4 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-3 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-2 yes
|
|
+attack.invalid FALSE /a/b/ FALSE 0 cookie-1 yes
|
|
+</file>
|
|
+</verify>
|
|
+</testcase>
|
|
--
|
|
2.35.3
|
|
|