From 4fbe02062007d1ad073a550f5e37b599fc0019e4 Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Sun, 22 Jun 2014 22:49:39 +0000
Subject: test/http_chunked_put: test for gigantic trailer

This is a potential attack vector, and we seem to pass.
---
 test/http_chunked_put.rb | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/test/http_chunked_put.rb b/test/http_chunked_put.rb
index 8f07c85..d6d4f32 100644
--- a/test/http_chunked_put.rb
+++ b/test/http_chunked_put.rb
@@ -458,4 +458,19 @@ class TestHTTPChunkedPut < Test::Unit::TestCase
     assert_match(%r{\AHTTP/1\.1 201 Created}, line)
     assert_equal "abcde", File.read("#@tmpdir/dev666/foo")
   end
+
+  def test_chunk_trailer_gigantic
+    req = "PUT /dev666/foo HTTP/1.1\r\n" \
+          "Host: #@host:#@port\r\n" \
+          "Transfer-Encoding: chunked\r\n" \
+          "Trailer: OMG\r\n" \
+          "\r\n"
+    @client.write(req)
+    @client.write("5\r\nabcde\r\n0\r\nOMG: WTFBBQ")
+    100000.times { @client.write("WTFBBQ") }
+    @client.write("\r\n\r\n")
+    line = @client.gets
+    assert_match(%r{\AHTTP/1\.1 201 Created}, line)
+    assert_equal "abcde", File.read("#@tmpdir/dev666/foo")
+  end
 end
-- 
cgit v1.2.3-24-ge0c7