xref: /OK3568_Linux_fs/yocto/poky/meta/recipes-support/curl/curl/CVE-2023-23914_5-5.patch (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1From ea5aaaa5ede53819f8bc7ae767fc2d13d3704d37 Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Tue, 27 Dec 2022 11:50:23 +0100
4Subject: [PATCH] test446: verify hsts with two URLs
5
6CVE: CVE-2023-23914 CVE-2023-23915
7Upstream-Status: Backport [https://github.com/curl/curl/pull/10138/commits/7e89dfd463597701dd1defcad7be54f7d3c9d55d]
8Comment: Refreshed hunk from Makefile.inc
9Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
10Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
11---
12 tests/data/Makefile.inc |  2 +-
13 tests/data/test446      | 84 +++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 85 insertions(+), 1 deletion(-)
15 create mode 100644 tests/data/test446
16
17diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
18index 3a6356bd122bc..fe1bb1c74c2ab 100644
19--- a/tests/data/Makefile.inc
20+++ b/tests/data/Makefile.inc
21@@ -72,6 +72,7 @@
22 \
23 test430 test431 test432 test433 test434 test435 test436 \
24 \
25+test446 \
26 test490 test491 test492 test493 test494 \
27 \
28 test500 test501 test502 test503 test504 test505 test506 test507 test508 \
29diff --git a/tests/data/test446 b/tests/data/test446
30new file mode 100644
31index 0000000000000..0e2dfdcfe33b6
32--- /dev/null
33+++ b/tests/data/test446
34@@ -0,0 +1,84 @@
35+<?xml version="1.0" encoding="ISO-8859-1"?>
36+<testcase>
37+<info>
38+<keywords>
39+HTTP
40+HTTP proxy
41+HSTS
42+trailing-dot
43+</keywords>
44+</info>
45+
46+<reply>
47+
48+# we use this as response to a CONNECT
49+<connect nocheck="yes">
50+HTTP/1.1 200 OK
51+
52+</connect>
53+<data crlf="yes">
54+HTTP/1.1 200 OK
55+Content-Length: 6
56+Strict-Transport-Security: max-age=604800
57+
58+-foo-
59+</data>
60+<data2 crlf="yes">
61+HTTP/1.1 200 OK
62+Content-Length: 6
63+Strict-Transport-Security: max-age=6048000
64+
65+-baa-
66+</data2>
67+</reply>
68+
69+<client>
70+<server>
71+https
72+http-proxy
73+</server>
74+<features>
75+HSTS
76+proxy
77+https
78+debug
79+</features>
80+<setenv>
81+CURL_HSTS_HTTP=yes
82+CURL_TIME=2000000000
83+</setenv>
84+
85+<name>
86+HSTS with two URLs
87+</name>
88+<command>
89+-x http://%HOSTIP:%PROXYPORT --hsts log/hsts%TESTNUMBER http://this.hsts.example./%TESTNUMBER http://another.example.com/%TESTNUMBER0002
90+</command>
91+</client>
92+
93+<verify>
94+# we let it CONNECT to the server to confirm HSTS but deny from there
95+<proxy crlf="yes">
96+GET http://this.hsts.example./%TESTNUMBER HTTP/1.1
97+Host: this.hsts.example.
98+User-Agent: curl/%VERSION
99+Accept: */*
100+Proxy-Connection: Keep-Alive
101+
102+GET http://another.example.com/%TESTNUMBER0002 HTTP/1.1
103+Host: another.example.com
104+User-Agent: curl/%VERSION
105+Accept: */*
106+Proxy-Connection: Keep-Alive
107+
108+</proxy>
109+
110+<file name="log/hsts%TESTNUMBER" mode="text">
111+# Your HSTS cache. https://curl.se/docs/hsts.html
112+# This file was generated by libcurl! Edit at your own risk.
113+this.hsts.example "20330525 03:33:20"
114+another.example.com "20330727 03:33:20"
115+</file>
116+
117+</verify>
118+</testcase>
119