tests: make sure CRLFs can't be used in URLs passed to proxy

Bug: http://curl.haxx.se/docs/adv_20150108B.html
2014-12-25 23:51:43 +01:00
parent 178bd7db34
commit 3df8e78860
4 changed files with 109 additions and 3 deletions
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -151,7 +151,7 @@ test1516 \
 \
 test1520 \
 \
-test1525 test1526 test1527 test1528 \
+test1525 test1526 test1527 test1528 test1529 \
 \
 test1800 test1801 \
 \
--- a/tests/data/test1529
+++ b/tests/data/test1529
@@ -0,0 +1,43 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+HTTP proxy
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<connect>
+HTTP/1.1 200 OK
+We-are: good
+
+</connect>
+
+</reply>
+# Client-side
+<client>
+<server>
+http
+http-proxy
+</server>
+<tool>
+lib1529
+</tool>
+ <name>
+HTTP request-injection in URL sent over proxy
+ </name>
+ <command>
+ "http://the.old.moo:%HTTPPORT/1529" %HOSTIP:%PROXYPORT
+</command>
+</client>
+
+# it should be detected and an error should be reported
+<verify>
+# 3 == CURLE_URL_MALFORMAT
+<errorcode>
+3
+</errorcode>
+</verify>
+</testcase>