From d21a0983fa95ffea2b50ad5af84cc93f4ce5f4d2 Mon Sep 17 00:00:00 2001
From: Colin Keith <colinmkeith@gmail.com>
Date: Sat, 25 May 2013 00:46:53 -0400
Subject: [PATCH 1/2] test and resolution for CVE-2012-5572, \r\n sequence
 being allowed in a cookie name fixes PerlDancer/Dancer#859

---
 t/12_response/11_CVE-2012-5572.t | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 t/12_response/11_CVE-2012-5572.t

diff --git a/t/12_response/11_CVE-2012-5572.t b/t/12_response/11_CVE-2012-5572.t
new file mode 100644
index 0000000..2b6eacb
--- /dev/null
+++ b/t/12_response/11_CVE-2012-5572.t
@@ -0,0 +1,39 @@
+package main;
+use strict;
+use warnings;
+use Test::More tests => 2, import => ['!pass'];
+
+{
+    use Dancer;
+    get '/CVE-2012-5572-cookie' => sub {
+        cookie "test\r\nX-Evil-Header: " => "evil";
+    };
+}
+
+
+use Dancer::Test;
+{
+    note "Testing CVE-2012-5572 (CRLF in response headers)";
+    my $req = [GET => '/CVE-2012-5572-cookie'];
+    route_exists $req;
+    my $response = Dancer::Test::_req_to_response($req);
+
+    my $CRLF = "\r\n";
+
+    my $tb = Test::Builder->new;
+    my %headers = @{$response->headers_to_array};
+    my $foundCRLF = 0;
+    while (my($name, $value) = each %headers) {
+       index($value, $CRLF) == -1
+         && index($name, $CRLF) == -1
+         && next;
+       $foundCRLF = 1;
+       last;
+    }
+
+    $tb->ok(!$foundCRLF, 'Headers do not contain CRLF (CVE-2012-5572)');
+}
+
+
+1;
+
-- 
1.8.1.4