8db1cdf2d6
- SECURITY FIX for SA42443, "multipart_init()" HTTP Header Injection Vulnerability from upstream git.
23 lines
953 B
Plaintext
23 lines
953 B
Plaintext
$OpenBSD: patch-t_070_standard_t,v 1.1 2010/12/06 07:59:34 jasper Exp $
|
|
|
|
Fix for SA42443, "multipart_init()" HTTP Header Injection Vulnerability
|
|
From: https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380
|
|
|
|
--- t/070.standard.t.orig Mon Dec 6 08:55:45 2010
|
|
+++ t/070.standard.t Mon Dec 6 08:55:48 2010
|
|
@@ -953,10 +953,12 @@ restore_parameters();
|
|
$sv = multipart_init();
|
|
like(
|
|
$sv,
|
|
- qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_aaaaaaaaaa0"|,
|
|
+ qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_[a-zA-Z0-9]{17}"|,
|
|
'multipart_init(), 1'
|
|
);
|
|
-like( $sv, qr/--------- =_aaaaaaaaaa0$CRLF/, 'multipart_init(), 2' );
|
|
+
|
|
+like( $sv, qr/--------- =_[a-zA-Z0-9]{17}$CRLF/,
|
|
+ 'multipart_init(), 2' );
|
|
$sv = multipart_init( 'this_is_the_boundary' );
|
|
like( $sv, qr/boundary="this_is_the_boundary"/, 'multipart_init(), 3' );
|
|
$sv = multipart_init( -boundary => 'this_is_another_boundary' );
|