packages/netty
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
netty/CVE-2019-20445-3.patch
lei_ju 2d430d5a23 fix CVE
2020-12-04 15:27:56 +08:00

59 lines
2.1 KiB
Diff
Raw Blame History

From 5f68897880467c00f29495b0aa46ed19bf7a873c Mon Sep 17 00:00:00 2001
From: Artem Smotrakov <artem.smotrakov@gmail.com>
Date: Wed, 5 Feb 2020 14:33:28 +0100
Subject: [PATCH] Added tests for Transfer-Encoding header with whitespace
(#9997)
Motivation:
Need tests to ensure that CVE-2020-7238 is fixed.
Modifications:
Added two test cases into HttpRequestDecoderTest which check that
no whitespace is allowed before the Transfer-Encoding header.
Result:
Improved test coverage for #9861
---
.../codec/http/HttpRequestDecoderTest.java | 25 ++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/codec-http/src/test/java/io/netty/handler/codec/http/HttpRequestDecoderTest.java b/codec-http/src/test/java/io/netty/handler/codec/http/HttpRequestDecoderTest.java
index 1e780b7959f..2548af0e2af 100644
--- a/codec-http/src/test/java/io/netty/handler/codec/http/HttpRequestDecoderTest.java
+++ b/codec-http/src/test/java/io/netty/handler/codec/http/HttpRequestDecoderTest.java
@@ -325,7 +325,30 @@ public void testTooLargeHeaders() {
public void testWhitespace() {
String requestStr = "GET /some/path HTTP/1.1\r\n" +
"Transfer-Encoding : chunked\r\n" +
- "Host: netty.io\n\r\n";
+ "Host: netty.io\r\n\r\n";
+ testInvalidHeaders0(requestStr);
+ }
+
+ @Test
+ public void testWhitespaceBeforeTransferEncoding01() {
+ String requestStr = "GET /some/path HTTP/1.1\r\n" +
+ " Transfer-Encoding : chunked\r\n" +
+ "Content-Length: 1\r\n" +
+ "Host: netty.io\r\n\r\n" +
+ "a";
+ testInvalidHeaders0(requestStr);
+ }
+
+ @Test
+ public void testWhitespaceBeforeTransferEncoding02() {
+ String requestStr = "POST / HTTP/1.1" +
+ " Transfer-Encoding : chunked\r\n" +
+ "Host: target.com" +
+ "Content-Length: 65\r\n\r\n" +
+ "0\r\n\r\n" +
+ "GET /maliciousRequest HTTP/1.1\r\n" +
+ "Host: evilServer.com\r\n" +
+ "Foo: x";
testInvalidHeaders0(requestStr);
}
Reference in New Issue View Git Blame Copy Permalink