diff options
author | Eric Wong <e@80x24.org> | 2014-06-22 22:49:39 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2014-09-03 07:13:52 +0000 |
commit | 4fbe02062007d1ad073a550f5e37b599fc0019e4 (patch) | |
tree | d3d7825d64d9b5495a819bc3111b0820985255af | |
parent | 29bc0766942a92549774d0439d1a6362c53bc26c (diff) | |
download | cmogstored-4fbe02062007d1ad073a550f5e37b599fc0019e4.tar.gz |
This is a potential attack vector, and we seem to pass.
-rw-r--r-- | test/http_chunked_put.rb | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/test/http_chunked_put.rb b/test/http_chunked_put.rb index 8f07c85..d6d4f32 100644 --- a/test/http_chunked_put.rb +++ b/test/http_chunked_put.rb @@ -458,4 +458,19 @@ class TestHTTPChunkedPut < Test::Unit::TestCase assert_match(%r{\AHTTP/1\.1 201 Created}, line) assert_equal "abcde", File.read("#@tmpdir/dev666/foo") end + + def test_chunk_trailer_gigantic + req = "PUT /dev666/foo HTTP/1.1\r\n" \ + "Host: #@host:#@port\r\n" \ + "Transfer-Encoding: chunked\r\n" \ + "Trailer: OMG\r\n" \ + "\r\n" + @client.write(req) + @client.write("5\r\nabcde\r\n0\r\nOMG: WTFBBQ") + 100000.times { @client.write("WTFBBQ") } + @client.write("\r\n\r\n") + line = @client.gets + assert_match(%r{\AHTTP/1\.1 201 Created}, line) + assert_equal "abcde", File.read("#@tmpdir/dev666/foo") + end end |