diff options
| author | Jacob Champion <jchampion@apache.org> | 2017-06-21 01:34:30 +0200 |
|---|---|---|
| committer | Jacob Champion <jchampion@apache.org> | 2017-06-21 01:34:30 +0200 |
| commit | 63047d39ba21f0507eadb11262467624ededb9eb (patch) | |
| tree | 9f0b654548fb3abac9c0c3b17ffd9ff537694eac /test | |
| parent | Revert new base64 function and tests (diff) | |
| download | apache2-63047d39ba21f0507eadb11262467624ededb9eb.tar.xz apache2-63047d39ba21f0507eadb11262467624ededb9eb.zip | |
ap_find_token: add unit tests
Add previously embargoed test case for CVE-2017-7668.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/httpdunit@1799377 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'test')
| -rw-r--r-- | test/unit/util.c | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/test/unit/util.c b/test/unit/util.c new file mode 100644 index 0000000000..17c10931a5 --- /dev/null +++ b/test/unit/util.c @@ -0,0 +1,88 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "check.h" +#include "../httpdunit.h" + +#include "httpd.h" + +/* + * Test Fixture -- runs once per test + */ + +static apr_pool_t *g_pool; + +static void util_setup(void) +{ + if (apr_pool_create(&g_pool, NULL) != APR_SUCCESS) { + exit(1); + } +} + +static void util_teardown(void) +{ + apr_pool_destroy(g_pool); +} + +/* + * ap_test_token() + */ + +struct ap_test_token_case { + const char *list; + const char *token; + int expected; +}; + +const struct ap_test_token_case ap_test_token_cases[] = { + { "one, two, three", "one", 1 }, + { "one, two, three", "two", 1 }, + { "one, two, three", "three", 1 }, + { "one,two,three", "two", 1 }, + { NULL, "token", 0 }, + + /* Regression test for CVE-2017-7668 */ + { "one, two, \0three", "three", 0 }, + + /* + * Dubious compatibility cases + */ + { ",\x01,one,,two,/,,three,,", "one", 1 }, + { ",\x01,one,,two,/,,three,,", "two", 1 }, + { ",\x01,one,,two,/,,three,,", "three", 1 }, + { ",\x01,one,,two,/,,three,,", "\x01", 0 }, + { ",\x01,one,,two,/,,three,,", "/", 0 }, +}; + +const size_t ap_test_token_cases_len = sizeof(ap_test_token_cases) / + sizeof(ap_test_token_cases[0]); + +HTTPD_START_LOOP_TEST(find_token_correctly_parses_token_list, ap_test_token_cases_len) +{ + const struct ap_test_token_case *c = &ap_test_token_cases[_i]; + int result; + + result = ap_find_token(g_pool, c->list, c->token); + ck_assert_int_eq(result, c->expected); +} +END_TEST + +/* + * Test Case Boilerplate + */ +HTTPD_BEGIN_TEST_CASE_WITH_FIXTURE(util, util_setup, util_teardown) +#include "test/unit/util.tests" +HTTPD_END_TEST_CASE |