1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
<?xml version="1.0" encoding="US-ASCII"?>
<testcase>
# This test is crafted to reproduce oss-fuzz bug
# https://crbug.com/oss-fuzz/17954
<info>
<keywords>
HTTP
HTTP GET
HTTP proxy
followlocation
</keywords>
</info>
# Server-side
<reply>
<data crlf="headers">
HTTP/1.1 302 OK
Location: http://example.net/there/it/is/../../tes t case=/%TESTNUMBER0002? yes no
Date: Tue, 09 Nov 2010 14:49:00 GMT
Content-Length: 0
</data>
<data2 crlf="headers">
HTTP/1.1 200 OK
Location: this should be ignored
Date: Tue, 09 Nov 2010 14:49:00 GMT
Content-Length: 5
body
</data2>
<datacheck crlf="headers">
HTTP/1.1 302 OK
Location: http://example.net/there/it/is/../../tes t case=/%TESTNUMBER0002? yes no
Date: Tue, 09 Nov 2010 14:49:00 GMT
Content-Length: 0
HTTP/1.1 200 OK
Location: this should be ignored
Date: Tue, 09 Nov 2010 14:49:00 GMT
Content-Length: 5
body
</datacheck>
</reply>
# Client-side
<client>
<server>
http
</server>
<name>
HTTP redirect with dotdots and whitespaces in absolute Location: URL
</name>
<command>
http://example.com/please/../gimme/%TESTNUMBER?foobar#hello -L -x http://%HOSTIP:%HTTPPORT
</command>
<features>
proxy
</features>
</client>
# Verify data after the test has been "shot"
<verify>
<protocol crlf="headers">
GET http://example.com/gimme/%TESTNUMBER?foobar HTTP/1.1
Host: example.com
User-Agent: curl/%VERSION
Accept: */*
Proxy-Connection: Keep-Alive
GET http://example.net/there/tes%20t%20case=/%TESTNUMBER0002?+yes+no HTTP/1.1
Host: example.net
User-Agent: curl/%VERSION
Accept: */*
Proxy-Connection: Keep-Alive
</protocol>
</verify>
</testcase>
|
