> -----Original Message----- > From: Dan Poirier > Sent: Donnerstag, 9. Juli 2009 15:10 > To: [email protected] > Subject: Re: svn commit: r790589 - > /httpd/test/framework/trunk/t/security/CVE-2009-1890.t > > [email protected] writes: > > > Author: jorton > > Date: Thu Jul 2 13:42:12 2009 > > New Revision: 790589 > > > > URL: http://svn.apache.org/viewvc?rev=790589&view=rev > > Log: > > - add test case for CVE-2009-1890 > > > > Added: > > httpd/test/framework/trunk/t/security/CVE-2009-1890.t > (with props) > > I've been looking at this test and I could use some help understanding > it. > > The test doesn't seem to do what the vulnerability description talks > about. The vulnerability talks about sending additional data after > sending Content-length bytes of request body, where this test sends a > request body of the right length, just in two parts with a pause in > between.
It adds a leading '0' to the content-length header causing the old code to interpret the content-length as being an octal number. Interpreting the content-length as octal results in a much lower content length as if it was interpreted as a decimal number. Regards Rüdiger
