"Plüm, Rüdiger, VF-Group" <[email protected]> writes: >> -----Original Message----- >> From: Dan Poirier >> Sent: Donnerstag, 9. Juli 2009 15:10 >> To: [email protected] >> Subject: Re: svn commit: r790589 - >> /httpd/test/framework/trunk/t/security/CVE-2009-1890.t >> >> The test doesn't seem to do what the vulnerability description talks >> about. The vulnerability talks about sending additional data after >> sending Content-length bytes of request body, where this test sends a >> request body of the right length, just in two parts with a pause in >> between. > > It adds a leading '0' to the content-length header causing the old code > to interpret the content-length as being an octal number. > Interpreting the content-length as octal results in a much lower content > length > as if it was interpreted as a decimal number.
So if the content-length was parsed correctly, but the vulnerability related to additional data wasn't fixed, this test would still pass? (Since then we're not sending any more data than expected?) -- Dan Poirier <[email protected]>
