about summary refs log tree commit homepage
diff options
context:
space:
mode:
authorEric Wong <e@80x24.org>2014-06-22 22:49:39 +0000
committerEric Wong <e@80x24.org>2014-09-03 07:13:52 +0000
commit4fbe02062007d1ad073a550f5e37b599fc0019e4 (patch)
treed3d7825d64d9b5495a819bc3111b0820985255af
parent29bc0766942a92549774d0439d1a6362c53bc26c (diff)
downloadcmogstored-4fbe02062007d1ad073a550f5e37b599fc0019e4.tar.gz
This is a potential attack vector, and we seem to pass.
-rw-r--r--test/http_chunked_put.rb15
1 files changed, 15 insertions, 0 deletions
diff --git a/test/http_chunked_put.rb b/test/http_chunked_put.rb
index 8f07c85..d6d4f32 100644
--- a/test/http_chunked_put.rb
+++ b/test/http_chunked_put.rb
@@ -458,4 +458,19 @@ class TestHTTPChunkedPut < Test::Unit::TestCase
     assert_match(%r{\AHTTP/1\.1 201 Created}, line)
     assert_equal "abcde", File.read("#@tmpdir/dev666/foo")
   end
+
+  def test_chunk_trailer_gigantic
+    req = "PUT /dev666/foo HTTP/1.1\r\n" \
+          "Host: #@host:#@port\r\n" \
+          "Transfer-Encoding: chunked\r\n" \
+          "Trailer: OMG\r\n" \
+          "\r\n"
+    @client.write(req)
+    @client.write("5\r\nabcde\r\n0\r\nOMG: WTFBBQ")
+    100000.times { @client.write("WTFBBQ") }
+    @client.write("\r\n\r\n")
+    line = @client.gets
+    assert_match(%r{\AHTTP/1\.1 201 Created}, line)
+    assert_equal "abcde", File.read("#@tmpdir/dev666/foo")
+  end
 end