t/security/CVE-2020-1927.t - httpd-tests - Git at Google

 use strict;
 use warnings FATAL => 'all';

 use Apache::Test;
 use Apache::TestRequest;
 use Apache::TestUtil;
 use MIME::Base64;
 use Data::Dumper;
 use HTTP::Response;
 use Socket;

 plan tests => 1, need_min_apache_version('2.4.42');

 my $sock = Apache::TestRequest::vhost_socket("core");
 if (!$sock) {
     print "# failed to connect\n";
     ok(0);
     next;
 }

 my $req = sprintf "GET /CVE-2020-1927/%%0D%%0Ahttp://127.0.0.1/ HTTP/1.1\r\nHost: merge-disabled\r\nConnection: close\r\n\r\n";
 print "# SENDING to " . peer($sock) . "\n# $req\n";
 $sock->print("$req");
 $sock->flush();
 sleep(0.1);
 $req = escape($req);
 print "# SENDING to " . peer($sock) . "\n# $req\n";

 my $response_data = "";
 my $buf;
 while ($sock->read($buf, 10000) > 0) {
     $response_data .= $buf;
 }
 my $response = HTTP::Response->parse($response_data);
 if (! defined $response) {
     die "HTTP::Response->parse failed";
 }
 ok t_cmp($response->code, 404,  "regex didn't match and redirect");

 sub escape
 {
     my $in = shift;
     $in =~ s{\\}{\\\\}g;
     $in =~ s{\r}{\\r}g;
     $in =~ s{\n}{\\n}g;
     $in =~ s{\t}{\\t}g;
     $in =~ s{([\x00-\x1f])}{sprintf("\\x%02x", ord($1))}ge;
     return $in;
 }

 sub peer
 {
    my $sock = shift;
    my $hersockaddr    = getpeername($sock);
    return "<disconnected>" if !$hersockaddr;
    my ($port, $iaddr) = sockaddr_in($hersockaddr);
    my $herhostname    = gethostbyaddr($iaddr, AF_INET);
    my $herstraddr     = inet_ntoa($iaddr);
    return "$herstraddr:$port";
 }
	use strict;
	use warnings FATAL => 'all';

	use Apache::Test;
	use Apache::TestRequest;
	use Apache::TestUtil;
	use MIME::Base64;
	use Data::Dumper;
	use HTTP::Response;
	use Socket;

	plan tests => 1, need_min_apache_version('2.4.42');

	my $sock = Apache::TestRequest::vhost_socket("core");
	if (!$sock) {
	print "# failed to connect\n";
	ok(0);
	next;
	}

	my $req = sprintf "GET /CVE-2020-1927/%%0D%%0Ahttp://127.0.0.1/ HTTP/1.1\r\nHost: merge-disabled\r\nConnection: close\r\n\r\n";
	print "# SENDING to " . peer($sock) . "\n# $req\n";
	$sock->print("$req");
	$sock->flush();
	sleep(0.1);
	$req = escape($req);
	print "# SENDING to " . peer($sock) . "\n# $req\n";

	my $response_data = "";
	my $buf;
	while ($sock->read($buf, 10000) > 0) {
	$response_data .= $buf;
	}
	my $response = HTTP::Response->parse($response_data);
	if (! defined $response) {
	die "HTTP::Response->parse failed";
	}
	ok t_cmp($response->code, 404, "regex didn't match and redirect");

	sub escape
	{
	my $in = shift;
	$in =~ s{\\}{\\\\}g;
	$in =~ s{\r}{\\r}g;
	$in =~ s{\n}{\\n}g;
	$in =~ s{\t}{\\t}g;
	$in =~ s{([\x00-\x1f])}{sprintf("\\x%02x", ord($1))}ge;
	return $in;
	}

	sub peer
	{
	my $sock = shift;
	my $hersockaddr = getpeername($sock);
	return "<disconnected>" if !$hersockaddr;
	my ($port, $iaddr) = sockaddr_in($hersockaddr);
	my $herhostname = gethostbyaddr($iaddr, AF_INET);
	my $herstraddr = inet_ntoa($iaddr);
	return "$herstraddr:$port";
	}