Hmm, just testing for Jim, I see the same error on 2.5-DEV on my OS X machine:
t/security/CVE-2005-3357.t .. 1..3 # Running under perl version 5.018002 for darwin # Current time local: Tue Nov 17 16:00:55 2015 # Current time GMT: Tue Nov 17 15:00:55 2015 # Using Test.pm version 1.26 # Using Apache/Test.pm version 1.40 # URL is http://localhost:8534/ ok 1 # testing : Expected bad request from 'GET http://localhost:8534/' # expected: 400 # received: '400' ok 2 # testing : errordoc content was served # expected: qr/(?^:welcome to localhost)/ # received: '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> # <html><head> # <title>400 Bad Request</title> # </head><body> # <h1>Bad Request</h1> # <p>Your browser sent a request that this server could not understand.<br /> # </p> # <p>Additionally, a 400 Bad Request # error was encountered while trying to use an ErrorDocument to handle the request.</p> # </body></html> # ' not ok 3 # Failed test 3 in t/security/CVE-2005-3357.t at line 51 Failed 1/3 subtests Test Summary Report ------------------- t/security/CVE-2005-3357.t (Wstat: 0 Tests: 3 Failed: 1) Failed test: 3 Files=1, Tests=3, 0 wallclock secs ( 0.02 usr 0.00 sys + 0.37 cusr 0.15 csys = 0.54 CPU) Result: FAIL Failed 1/1 test programs. 1/3 subtests failed.
access_log
Description: Binary data
error_log
Description: Binary data
ssl_request_log
Description: Binary data
> Am 17.11.2015 um 15:50 schrieb Yann Ylavic <[email protected]>: > > On Tue, Nov 17, 2015 at 10:48 AM, <[email protected]> wrote: >> >> Modified: httpd/httpd/branches/2.4.x/STATUS >> URL: >> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1714742&r1=1714741&r2=1714742&view=diff >> ============================================================================== >> --- httpd/httpd/branches/2.4.x/STATUS (original) >> +++ httpd/httpd/branches/2.4.x/STATUS Tue Nov 17 09:48:54 2015 >> @@ -161,6 +161,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: >> 2.4.x patch: >> http://people.apache.org/~ylavic/httpd-2.4.x-check_pipeline_blank_lines.patch >> (trunk works, meant to ease review) >> +1: ylavic, minfrin >> + icing: test 3 fails for me in t/security/CVE-2005-3357.t > > I can't reproduce this (with 2.4.x and this patch only)... > Can you provide the ./TEST -v output and maybe the trace logs?
