From 2bb9658d75c846d398d490a96a58b5712e43c135 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Tue, 19 Apr 2022 12:49:28 +0200 Subject: [PATCH 3/3] tests: verify the fix for CVE-2022-27774 - Test 973 redirects from HTTP to FTP, clear auth - Test 974 redirects from HTTP to HTTP different port, clear auth - Test 975 redirects from HTTP to FTP, permitted to keep auth - Test 976 redirects from HTTP to HTTP different port, permitted to keep auth --- tests/data/Makefile.inc | 2 +- tests/data/test973 | 88 +++++++++++++++++++++++++++++++++++++++++ tests/data/test974 | 87 ++++++++++++++++++++++++++++++++++++++++ tests/data/test975 | 88 +++++++++++++++++++++++++++++++++++++++++ tests/data/test976 | 88 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 352 insertions(+), 1 deletion(-) create mode 100644 tests/data/test973 create mode 100644 tests/data/test974 create mode 100644 tests/data/test975 create mode 100644 tests/data/test976 Index: curl-7.81.0/tests/data/test973 =================================================================== --- /dev/null +++ curl-7.81.0/tests/data/test973 @@ -0,0 +1,88 @@ +<testcase> +<info> +<keywords> +HTTP +FTP +--location +</keywords> +</info> + +# +# Server-side +<reply> +<data> +HTTP/1.1 301 redirect +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 0 +Connection: close +Content-Type: text/html +Location: ftp://%HOSTIP:%FTPPORT/a/path/9730002 + +</data> +<data2> +data + to + see +that FTP +works + so does it? +</data2> + +<datacheck> +HTTP/1.1 301 redirect +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 0 +Connection: close +Content-Type: text/html +Location: ftp://%HOSTIP:%FTPPORT/a/path/9730002 + +data + to + see +that FTP +works + so does it? +</datacheck> + +</reply> + +# +# Client-side +<client> +<server> +http +ftp +</server> + <name> +HTTP with auth redirected to FTP w/o auth + </name> + <command> +http://%HOSTIP:%HTTPPORT/973 -L -u joe:secret +</command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<protocol> +GET /973 HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Authorization: Basic am9lOnNlY3JldA== +User-Agent: curl/%VERSION +Accept: */* + +USER anonymous +PASS ftp@example.com +PWD +CWD a +CWD path +EPSV +TYPE I +SIZE 9730002 +RETR 9730002 +QUIT +</protocol> +</verify> +</testcase> Index: curl-7.81.0/tests/data/test974 =================================================================== --- /dev/null +++ curl-7.81.0/tests/data/test974 @@ -0,0 +1,87 @@ +<testcase> +<info> +<keywords> +HTTP +--location +</keywords> +</info> + +# +# Server-side +<reply> +<data> +HTTP/1.1 301 redirect +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 0 +Connection: close +Content-Type: text/html +Location: http://firsthost.com:9999/a/path/9740002 + +</data> +<data2> +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 4 +Connection: close +Content-Type: text/html + +hey +</data2> + +<datacheck> +HTTP/1.1 301 redirect +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 0 +Connection: close +Content-Type: text/html +Location: http://firsthost.com:9999/a/path/9740002 + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 4 +Connection: close +Content-Type: text/html + +hey +</datacheck> + +</reply> + +# +# Client-side +<client> +<server> +http +</server> + <name> +HTTP with auth redirected to HTTP on a diff port w/o auth + </name> + <command> +-x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -u joe:secret +</command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<protocol> +GET http://firsthost.com/ HTTP/1.1 +Host: firsthost.com +Authorization: Basic am9lOnNlY3JldA== +User-Agent: curl/%VERSION +Accept: */* +Proxy-Connection: Keep-Alive + +GET http://firsthost.com:9999/a/path/9740002 HTTP/1.1 +Host: firsthost.com:9999 +User-Agent: curl/%VERSION +Accept: */* +Proxy-Connection: Keep-Alive + +</protocol> +</verify> +</testcase> Index: curl-7.81.0/tests/data/test975 =================================================================== --- /dev/null +++ curl-7.81.0/tests/data/test975 @@ -0,0 +1,88 @@ +<testcase> +<info> +<keywords> +HTTP +FTP +--location-trusted +</keywords> +</info> + +# +# Server-side +<reply> +<data> +HTTP/1.1 301 redirect +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 0 +Connection: close +Content-Type: text/html +Location: ftp://%HOSTIP:%FTPPORT/a/path/9750002 + +</data> +<data2> +data + to + see +that FTP +works + so does it? +</data2> + +<datacheck> +HTTP/1.1 301 redirect +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 0 +Connection: close +Content-Type: text/html +Location: ftp://%HOSTIP:%FTPPORT/a/path/9750002 + +data + to + see +that FTP +works + so does it? +</datacheck> + +</reply> + +# +# Client-side +<client> +<server> +http +ftp +</server> + <name> +HTTP with auth redirected to FTP allowing auth to continue + </name> + <command> +http://%HOSTIP:%HTTPPORT/975 --location-trusted -u joe:secret +</command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<protocol> +GET /975 HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Authorization: Basic am9lOnNlY3JldA== +User-Agent: curl/%VERSION +Accept: */* + +USER joe +PASS secret +PWD +CWD a +CWD path +EPSV +TYPE I +SIZE 9750002 +RETR 9750002 +QUIT +</protocol> +</verify> +</testcase> Index: curl-7.81.0/tests/data/test976 =================================================================== --- /dev/null +++ curl-7.81.0/tests/data/test976 @@ -0,0 +1,88 @@ +<testcase> +<info> +<keywords> +HTTP +--location-trusted +</keywords> +</info> + +# +# Server-side +<reply> +<data> +HTTP/1.1 301 redirect +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 0 +Connection: close +Content-Type: text/html +Location: http://firsthost.com:9999/a/path/9760002 + +</data> +<data2> +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 4 +Connection: close +Content-Type: text/html + +hey +</data2> + +<datacheck> +HTTP/1.1 301 redirect +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 0 +Connection: close +Content-Type: text/html +Location: http://firsthost.com:9999/a/path/9760002 + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 4 +Connection: close +Content-Type: text/html + +hey +</datacheck> + +</reply> + +# +# Client-side +<client> +<server> +http +</server> + <name> +HTTP with auth redirected to HTTP on a diff port --location-trusted + </name> + <command> +-x http://%HOSTIP:%HTTPPORT http://firsthost.com --location-trusted -u joe:secret +</command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<protocol> +GET http://firsthost.com/ HTTP/1.1 +Host: firsthost.com +Authorization: Basic am9lOnNlY3JldA== +User-Agent: curl/%VERSION +Accept: */* +Proxy-Connection: Keep-Alive + +GET http://firsthost.com:9999/a/path/9760002 HTTP/1.1 +Host: firsthost.com:9999 +Authorization: Basic am9lOnNlY3JldA== +User-Agent: curl/%VERSION +Accept: */* +Proxy-Connection: Keep-Alive + +</protocol> +</verify> +</testcase>