> -----Original Message----- > From: Dan Poirier [mailto:[email protected]] > Sent: Donnerstag, 9. Juli 2009 15:48 > To: [email protected] > Subject: Re: svn commit: r790589 - > /httpd/test/framework/trunk/t/security/CVE-2009-1890.t > > "Plüm, Rüdiger, VF-Group" <[email protected]> writes: > >> -----Original Message----- > >> From: Dan Poirier > >> Sent: Donnerstag, 9. Juli 2009 15:10 > >> To: [email protected] > >> Subject: Re: svn commit: r790589 - > >> /httpd/test/framework/trunk/t/security/CVE-2009-1890.t > >> > >> The test doesn't seem to do what the vulnerability > description talks > >> about. The vulnerability talks about sending additional data after > >> sending Content-length bytes of request body, where this > test sends a > >> request body of the right length, just in two parts with a pause in > >> between. > > > > It adds a leading '0' to the content-length header causing > the old code > > to interpret the content-length as being an octal number. > > Interpreting the content-length as octal results in a much > lower content length > > as if it was interpreted as a decimal number. > > So if the content-length was parsed correctly, but the vulnerability > related to additional data wasn't fixed, this test would still pass? > (Since then we're not sending any more data than expected?)
IMHO correct. Regards Rüdiger
