If the URI coming from the client contains '?' then
- the URI part is terminated with a '\0'
- the remainder of the URI goes in a new header WSI_TOKEN_HTTP_URI_ARGS
- the remainder of the URI is not subject to path sanitization measures (it
still has %xx processing done on it)
In the test server, http requests now also dump header information to stderr.
The attack.sh script is simplified and can now parse the test server header dumps.
Signed-off-by: Andy Green <andy.green@linaro.org>
Seems like it would be a good idea to try to mess with the
server at least before someone else does it for us
Just run the script
$ test-server/attack.sh
it will spawn a test server and fire things at it. If you
see the end result
---- survived
then you should be OK.
Signed-off-by: Andy Green <andy.green@linaro.org>
