1*6236dae4SAndroid Build Coastguard Worker<testcase> 2*6236dae4SAndroid Build Coastguard Worker# 3*6236dae4SAndroid Build Coastguard Worker# This test is crafted to reproduce oss-fuzz bug 4*6236dae4SAndroid Build Coastguard Worker# https://crbug.com/oss-fuzz/17954 5*6236dae4SAndroid Build Coastguard Worker# 6*6236dae4SAndroid Build Coastguard Worker<info> 7*6236dae4SAndroid Build Coastguard Worker<keywords> 8*6236dae4SAndroid Build Coastguard WorkerHTTP 9*6236dae4SAndroid Build Coastguard WorkerHTTP GET 10*6236dae4SAndroid Build Coastguard WorkerHTTP proxy 11*6236dae4SAndroid Build Coastguard Workerfollowlocation 12*6236dae4SAndroid Build Coastguard Worker</keywords> 13*6236dae4SAndroid Build Coastguard Worker</info> 14*6236dae4SAndroid Build Coastguard Worker# 15*6236dae4SAndroid Build Coastguard Worker# Server-side 16*6236dae4SAndroid Build Coastguard Worker<reply> 17*6236dae4SAndroid Build Coastguard Worker<data> 18*6236dae4SAndroid Build Coastguard WorkerHTTP/1.1 302 OK 19*6236dae4SAndroid Build Coastguard WorkerLocation: http://example.net/there/it/is/../../tes t case=/%TESTNUMBER0002? yes no 20*6236dae4SAndroid Build Coastguard WorkerDate: Tue, 09 Nov 2010 14:49:00 GMT 21*6236dae4SAndroid Build Coastguard WorkerContent-Length: 0 22*6236dae4SAndroid Build Coastguard Worker 23*6236dae4SAndroid Build Coastguard Worker</data> 24*6236dae4SAndroid Build Coastguard Worker<data2> 25*6236dae4SAndroid Build Coastguard WorkerHTTP/1.1 200 OK 26*6236dae4SAndroid Build Coastguard WorkerLocation: this should be ignored 27*6236dae4SAndroid Build Coastguard WorkerDate: Tue, 09 Nov 2010 14:49:00 GMT 28*6236dae4SAndroid Build Coastguard WorkerContent-Length: 5 29*6236dae4SAndroid Build Coastguard Worker 30*6236dae4SAndroid Build Coastguard Workerbody 31*6236dae4SAndroid Build Coastguard Worker</data2> 32*6236dae4SAndroid Build Coastguard Worker<datacheck> 33*6236dae4SAndroid Build Coastguard WorkerHTTP/1.1 302 OK 34*6236dae4SAndroid Build Coastguard WorkerLocation: http://example.net/there/it/is/../../tes t case=/%TESTNUMBER0002? yes no 35*6236dae4SAndroid Build Coastguard WorkerDate: Tue, 09 Nov 2010 14:49:00 GMT 36*6236dae4SAndroid Build Coastguard WorkerContent-Length: 0 37*6236dae4SAndroid Build Coastguard Worker 38*6236dae4SAndroid Build Coastguard WorkerHTTP/1.1 200 OK 39*6236dae4SAndroid Build Coastguard WorkerLocation: this should be ignored 40*6236dae4SAndroid Build Coastguard WorkerDate: Tue, 09 Nov 2010 14:49:00 GMT 41*6236dae4SAndroid Build Coastguard WorkerContent-Length: 5 42*6236dae4SAndroid Build Coastguard Worker 43*6236dae4SAndroid Build Coastguard Workerbody 44*6236dae4SAndroid Build Coastguard Worker</datacheck> 45*6236dae4SAndroid Build Coastguard Worker</reply> 46*6236dae4SAndroid Build Coastguard Worker 47*6236dae4SAndroid Build Coastguard Worker# 48*6236dae4SAndroid Build Coastguard Worker# Client-side 49*6236dae4SAndroid Build Coastguard Worker<client> 50*6236dae4SAndroid Build Coastguard Worker<server> 51*6236dae4SAndroid Build Coastguard Workerhttp 52*6236dae4SAndroid Build Coastguard Worker</server> 53*6236dae4SAndroid Build Coastguard Worker<name> 54*6236dae4SAndroid Build Coastguard WorkerHTTP redirect with dotdots and whitespaces in absolute Location: URL 55*6236dae4SAndroid Build Coastguard Worker</name> 56*6236dae4SAndroid Build Coastguard Worker<command> 57*6236dae4SAndroid Build Coastguard Workerhttp://example.com/please/../gimme/%TESTNUMBER?foobar#hello -L -x http://%HOSTIP:%HTTPPORT 58*6236dae4SAndroid Build Coastguard Worker</command> 59*6236dae4SAndroid Build Coastguard Worker<features> 60*6236dae4SAndroid Build Coastguard Workerproxy 61*6236dae4SAndroid Build Coastguard Worker</features> 62*6236dae4SAndroid Build Coastguard Worker</client> 63*6236dae4SAndroid Build Coastguard Worker 64*6236dae4SAndroid Build Coastguard Worker# 65*6236dae4SAndroid Build Coastguard Worker# Verify data after the test has been "shot" 66*6236dae4SAndroid Build Coastguard Worker<verify> 67*6236dae4SAndroid Build Coastguard Worker<protocol> 68*6236dae4SAndroid Build Coastguard WorkerGET http://example.com/gimme/%TESTNUMBER?foobar HTTP/1.1 69*6236dae4SAndroid Build Coastguard WorkerHost: example.com 70*6236dae4SAndroid Build Coastguard WorkerUser-Agent: curl/%VERSION 71*6236dae4SAndroid Build Coastguard WorkerAccept: */* 72*6236dae4SAndroid Build Coastguard WorkerProxy-Connection: Keep-Alive 73*6236dae4SAndroid Build Coastguard Worker 74*6236dae4SAndroid Build Coastguard WorkerGET http://example.net/there/tes%20t%20case=/%TESTNUMBER0002?+yes+no HTTP/1.1 75*6236dae4SAndroid Build Coastguard WorkerHost: example.net 76*6236dae4SAndroid Build Coastguard WorkerUser-Agent: curl/%VERSION 77*6236dae4SAndroid Build Coastguard WorkerAccept: */* 78*6236dae4SAndroid Build Coastguard WorkerProxy-Connection: Keep-Alive 79*6236dae4SAndroid Build Coastguard Worker 80*6236dae4SAndroid Build Coastguard Worker</protocol> 81*6236dae4SAndroid Build Coastguard Worker</verify> 82*6236dae4SAndroid Build Coastguard Worker</testcase> 83