mirror of
https://github.com/php/php-src.git
synced 2024-09-23 10:57:26 +00:00
FPM: add test for CVE-2016-5385
This commit is contained in:
parent
f2c2a4be9e
commit
fb4a6dc0f1
81
sapi/fpm/tests/022-cve-2016-5385.phpt
Normal file
81
sapi/fpm/tests/022-cve-2016-5385.phpt
Normal file
@ -0,0 +1,81 @@
|
||||
--TEST--
|
||||
FPM: HTTP_PROXY - CVE-2016-5385
|
||||
--SKIPIF--
|
||||
<?php include "skipif.inc"; ?>
|
||||
--FILE--
|
||||
<?php
|
||||
|
||||
include "include.inc";
|
||||
|
||||
$logfile = __DIR__.'/php-fpm.log.tmp';
|
||||
$srcfile = __DIR__.'/php-fpm.tmp.php';
|
||||
$port = 9000+PHP_INT_SIZE;
|
||||
|
||||
$cfg = <<<EOT
|
||||
[global]
|
||||
error_log = $logfile
|
||||
[unconfined]
|
||||
listen = 127.0.0.1:$port
|
||||
pm = dynamic
|
||||
pm.max_children = 5
|
||||
pm.start_servers = 1
|
||||
pm.min_spare_servers = 1
|
||||
pm.max_spare_servers = 3
|
||||
EOT;
|
||||
|
||||
$code = <<<EOT
|
||||
<?php
|
||||
echo "Test Start\n";
|
||||
var_dump(
|
||||
\$_SERVER["HTTP_PROXY"],
|
||||
\$_SERVER["HTTP_FOO"],
|
||||
getenv("HTTP_PROXY"),
|
||||
getenv("HTTP_FOO")
|
||||
);
|
||||
echo "Test End\n";
|
||||
EOT;
|
||||
file_put_contents($srcfile, $code);
|
||||
|
||||
$fpm = run_fpm($cfg, $tail);
|
||||
if (is_resource($fpm)) {
|
||||
fpm_display_log($tail, 2);
|
||||
try {
|
||||
$headers = [
|
||||
'HTTP_FOO' => 'BAR',
|
||||
'HTTP_PROXY' => 'BADPROXY',
|
||||
];
|
||||
$req = run_request('127.0.0.1', $port, $srcfile, '', $headers);
|
||||
echo strstr($req, "Test Start");
|
||||
echo "Request ok\n";
|
||||
} catch (Exception $e) {
|
||||
echo "Request error\n";
|
||||
}
|
||||
proc_terminate($fpm);
|
||||
echo stream_get_contents($tail);
|
||||
fclose($tail);
|
||||
proc_close($fpm);
|
||||
}
|
||||
|
||||
?>
|
||||
Done
|
||||
--EXPECTF--
|
||||
[%s] NOTICE: fpm is running, pid %d
|
||||
[%s] NOTICE: ready to handle connections
|
||||
Test Start
|
||||
NULL
|
||||
string(3) "BAR"
|
||||
bool(false)
|
||||
string(3) "BAR"
|
||||
Test End
|
||||
|
||||
Request ok
|
||||
[%s] NOTICE: Terminating ...
|
||||
[%s] NOTICE: exiting, bye-bye!
|
||||
Done
|
||||
--CLEAN--
|
||||
<?php
|
||||
$logfile = __DIR__.'/php-fpm.log.tmp';
|
||||
$srcfile = __DIR__.'/php-fpm.tmp.php';
|
||||
@unlink($logfile);
|
||||
@unlink($srcfile);
|
||||
?>
|
@ -86,10 +86,10 @@ function fpm_display_log($tail, $n=1, $ignore='systemd') {
|
||||
}
|
||||
}
|
||||
|
||||
function run_request($host, $port, $uri='/ping', $query='') {
|
||||
function run_request($host, $port, $uri='/ping', $query='', $headers=array()) {
|
||||
require_once 'fcgi.inc';
|
||||
$client = new Adoy\FastCGI\Client($host, $port);
|
||||
$params = array(
|
||||
$params = array_merge(array(
|
||||
'GATEWAY_INTERFACE' => 'FastCGI/1.0',
|
||||
'REQUEST_METHOD' => 'GET',
|
||||
'SCRIPT_FILENAME' => $uri,
|
||||
@ -106,6 +106,6 @@ function run_request($host, $port, $uri='/ping', $query='') {
|
||||
'SERVER_PROTOCOL' => 'HTTP/1.1',
|
||||
'CONTENT_TYPE' => '',
|
||||
'CONTENT_LENGTH' => 0
|
||||
);
|
||||
), $headers);
|
||||
return $client->request($params, false)."\n";
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user