From 2bfd6a0efcb7c71714b49f1a65c369941ee40c30 Mon Sep 17 00:00:00 2001
From: sherlock2010 <15151851377@163.com>
Date: Mon, 10 Jul 2023 03:38:42 +0000
Subject: [PATCH] backport some test cases

(cherry picked from commit 570d0a3daba18ae6dc08d4924b6ffa55a16ce9c3)
---
 ...heck-fix-host-name-wildcard-checking.patch | 192 ++++++++
 ...ify-PUT-POST-reusing-the-same-handle.patch | 217 +++++++++
 ...ejection-of-compression-chain-attack.patch |  85 ++++
 backport-test442-443-test-cookie-caps.patch   | 331 ++++++++++++++
 ...est444-test-many-received-Set-Cookie.patch | 226 ++++++++++
 ...y-that-ctrl-byte-cookies-are-ignored.patch |  62 +++
 ...ts-verify-the-fix-for-CVE-2022-27774.patch | 413 ++++++++++++++++++
 curl.spec                                     |  15 +-
 8 files changed, 1540 insertions(+), 1 deletion(-)
 create mode 100644 backport-hostcheck-fix-host-name-wildcard-checking.patch
 create mode 100644 backport-test1948-verify-PUT-POST-reusing-the-same-handle.patch
 create mode 100644 backport-test387-verify-rejection-of-compression-chain-attack.patch
 create mode 100644 backport-test442-443-test-cookie-caps.patch
 create mode 100644 backport-test444-test-many-received-Set-Cookie.patch
 create mode 100644 backport-test8-verify-that-ctrl-byte-cookies-are-ignored.patch
 create mode 100644 backport-tests-verify-the-fix-for-CVE-2022-27774.patch

diff --git a/backport-hostcheck-fix-host-name-wildcard-checking.patch b/backport-hostcheck-fix-host-name-wildcard-checking.patch
new file mode 100644
index 0000000..ea92828
--- /dev/null
+++ b/backport-hostcheck-fix-host-name-wildcard-checking.patch
@@ -0,0 +1,192 @@
+From 199f2d440d8659b42670c1b796220792b01a97bf Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 24 Apr 2023 21:07:02 +0200
+Subject: [PATCH] hostcheck: fix host name wildcard checking
+
+The leftmost "label" of the host name can now only match against single
+'*'. Like the browsers have worked for a long time.
+
+- extended unit test 1397 for this
+- move some SOURCE variables from unit/Makefile.am to unit/Makefile.inc
+
+Reported-by: Hiroki Kurosawa
+Closes #11018
+---
+ tests/data/test1397     |  10 ++--
+ tests/unit/unit1397.c   | 120 +++++++++++++++++++++++++++-------------
+ 2 files changed, 85 insertions(+), 45 deletions(-)
+
+diff --git a/tests/data/test1397 b/tests/data/test1397
+index 84f962a..f31b2c2 100644
+--- a/tests/data/test1397
++++ b/tests/data/test1397
+@@ -2,8 +2,7 @@
+ <info>
+ <keywords>
+ unittest
+-ssl
+-wildcard
++Curl_cert_hostcheck
+ </keywords>
+ </info>
+ 
+@@ -16,9 +15,8 @@ none
+ <features>
+ unittest
+ </features>
+- <name>
+-Check wildcard certificate matching function Curl_cert_hostcheck
+- </name>
++<name>
++Curl_cert_hostcheck unit tests
++</name>
+ </client>
+-
+ </testcase>
+diff --git a/tests/unit/unit1397.c b/tests/unit/unit1397.c
+index 508f41a..89ff957 100644
+--- a/tests/unit/unit1397.c
++++ b/tests/unit/unit1397.c
+@@ -21,8 +21,6 @@
+  ***************************************************************************/
+ #include "curlcheck.h"
+ 
+-#include "hostcheck.h" /* from the lib dir */
+-
+ static CURLcode unit_setup(void)
+ {
+   return CURLE_OK;
+@@ -30,50 +28,92 @@ static CURLcode unit_setup(void)
+ 
+ static void unit_stop(void)
+ {
+-  /* done before shutting down and exiting */
+ }
+ 
+-UNITTEST_START
+-
+ /* only these backends define the tested functions */
+-#if defined(USE_OPENSSL) || defined(USE_GSKIT)
+-
+-  /* here you start doing things and checking that the results are good */
++#if defined(USE_OPENSSL) || defined(USE_GSKIT) || defined(USE_SCHANNEL)
++#include "hostcheck.h"
++struct testcase {
++  const char *host;
++  const char *pattern;
++  bool match;
++};
+ 
+-fail_unless(Curl_cert_hostcheck("www.example.com", "www.example.com"),
+-            "good 1");
+-fail_unless(Curl_cert_hostcheck("*.example.com", "www.example.com"),
+-            "good 2");
+-fail_unless(Curl_cert_hostcheck("xxx*.example.com", "xxxwww.example.com"),
+-            "good 3");
+-fail_unless(Curl_cert_hostcheck("f*.example.com", "foo.example.com"),
+-            "good 4");
+-fail_unless(Curl_cert_hostcheck("192.168.0.0", "192.168.0.0"),
+-            "good 5");
++static struct testcase tests[] = {
++  {"", "", FALSE},
++  {"a", "", FALSE},
++  {"", "b", FALSE},
++  {"a", "b", FALSE},
++  {"aa", "bb", FALSE},
++  {"\xff", "\xff", TRUE},
++  {"aa.aa.aa", "aa.aa.bb", FALSE},
++  {"aa.aa.aa", "aa.aa.aa", TRUE},
++  {"aa.aa.aa", "*.aa.bb", FALSE},
++  {"aa.aa.aa", "*.aa.aa", TRUE},
++  {"192.168.0.1", "192.168.0.1", TRUE},
++  {"192.168.0.1", "*.168.0.1", FALSE},
++  {"192.168.0.1", "*.0.1", FALSE},
++  {"h.ello", "*.ello", FALSE},
++  {"h.ello.", "*.ello", FALSE},
++  {"h.ello", "*.ello.", FALSE},
++  {"h.e.llo", "*.e.llo", TRUE},
++  {"h.e.llo", " *.e.llo", FALSE},
++  {" h.e.llo", "*.e.llo", TRUE},
++  {"h.e.llo.", "*.e.llo", TRUE},
++  {"*.e.llo.", "*.e.llo", TRUE},
++  {"************.e.llo.", "*.e.llo", TRUE},
++  {"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
++   "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
++   "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC"
++   "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"
++   "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE"
++   ".e.llo.", "*.e.llo", TRUE},
++  {"\xfe\xfe.e.llo.", "*.e.llo", TRUE},
++  {"h.e.llo.", "*.e.llo.", TRUE},
++  {"h.e.llo", "*.e.llo.", TRUE},
++  {".h.e.llo", "*.e.llo.", FALSE},
++  {"h.e.llo", "*.*.llo.", FALSE},
++  {"h.e.llo", "h.*.llo", FALSE},
++  {"h.e.llo", "h.e.*", FALSE},
++  {"hello", "*.ello", FALSE},
++  {"hello", "**llo", FALSE},
++  {"bar.foo.example.com", "*.example.com", FALSE},
++  {"foo.example.com", "*.example.com", TRUE},
++  {"baz.example.net", "b*z.example.net", FALSE},
++  {"foobaz.example.net", "*baz.example.net", FALSE},
++  {"xn--l8j.example.local", "x*.example.local", FALSE},
++  {"xn--l8j.example.net", "*.example.net", TRUE},
++  {"xn--l8j.example.net", "*j.example.net", FALSE},
++  {"xn--l8j.example.net", "xn--l8j.example.net", TRUE},
++  {"xn--l8j.example.net", "xn--l8j.*.net", FALSE},
++  {"xl8j.example.net", "*.example.net", TRUE},
++  {"fe80::3285:a9ff:fe46:b619", "*::3285:a9ff:fe46:b619", FALSE},
++  {"fe80::3285:a9ff:fe46:b619", "fe80::3285:a9ff:fe46:b619", TRUE},
++  {NULL, NULL, FALSE}
++};
+ 
+-fail_if(Curl_cert_hostcheck("xxx.example.com", "www.example.com"), "bad 1");
+-fail_if(Curl_cert_hostcheck("*", "www.example.com"), "bad 2");
+-fail_if(Curl_cert_hostcheck("*.*.com", "www.example.com"), "bad 3");
+-fail_if(Curl_cert_hostcheck("*.example.com", "baa.foo.example.com"), "bad 4");
+-fail_if(Curl_cert_hostcheck("f*.example.com", "baa.example.com"), "bad 5");
+-fail_if(Curl_cert_hostcheck("*.com", "example.com"), "bad 6");
+-fail_if(Curl_cert_hostcheck("*fail.com", "example.com"), "bad 7");
+-fail_if(Curl_cert_hostcheck("*.example.", "www.example."), "bad 8");
+-fail_if(Curl_cert_hostcheck("*.example.", "www.example"), "bad 9");
+-fail_if(Curl_cert_hostcheck("", "www"), "bad 10");
+-fail_if(Curl_cert_hostcheck("*", "www"), "bad 11");
+-fail_if(Curl_cert_hostcheck("*.168.0.0", "192.168.0.0"), "bad 12");
+-fail_if(Curl_cert_hostcheck("www.example.com", "192.168.0.0"), "bad 13");
+-
+-#ifdef ENABLE_IPV6
+-fail_if(Curl_cert_hostcheck("*::3285:a9ff:fe46:b619",
+-                            "fe80::3285:a9ff:fe46:b619"), "bad 14");
+-fail_unless(Curl_cert_hostcheck("fe80::3285:a9ff:fe46:b619",
+-                                "fe80::3285:a9ff:fe46:b619"), "good 6");
+-#endif
++UNITTEST_START
++{
++  int i;
++  for(i = 0; tests[i].host; i++) {
++    if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern,
++                                             tests[i].host)) {
++      fprintf(stderr,
++              "HOST: %s\n"
++              "PTRN: %s\n"
++              "did %sMATCH\n",
++              tests[i].host,
++              tests[i].pattern,
++              tests[i].match ? "NOT ": "");
++      unitfail++;
++    }
++  }
++}
+ 
+-#endif
++UNITTEST_STOP
++#else
+ 
+-  /* you end the test code like this: */
++UNITTEST_START
+ 
+ UNITTEST_STOP
++#endif
+-- 
+2.33.0
+
diff --git a/backport-test1948-verify-PUT-POST-reusing-the-same-handle.patch b/backport-test1948-verify-PUT-POST-reusing-the-same-handle.patch
new file mode 100644
index 0000000..b36ab70
--- /dev/null
+++ b/backport-test1948-verify-PUT-POST-reusing-the-same-handle.patch
@@ -0,0 +1,217 @@
+From 1edb15925e350be3b891f8a8de86600b22c0bb20 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 15 Sep 2022 09:23:33 +0200
+Subject: [PATCH] test1948: verify PUT + POST reusing the same handle
+
+Reproduced #9507, verifies the fix
+---
+ tests/data/Makefile.inc    |  1 +
+ tests/data/test1948        | 73 +++++++++++++++++++++++++++++++++++
+ tests/libtest/Makefile.inc |  5 ++-
+ tests/libtest/lib1948.c    | 79 ++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 158 insertions(+)
+ create mode 100644 tests/data/test1948
+ create mode 100644 tests/libtest/lib1948.c
+
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index a060a803a..20cdb9c8e 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -224,6 +224,7 @@ test1908 test1909 test1910 test1911 test1912 test1913 test1914 test1915 \
+ test1916 test1917 test1918 \
+ \
+ test1933 test1934 test1935 test1936 test1939 \
++test1948 \
+ \
+ test2000 test2001 test2002 test2003 test2004 \
+ \
+diff --git a/tests/data/test1948 b/tests/data/test1948
+new file mode 100644
+index 000000000..639523d99
+--- /dev/null
++++ b/tests/data/test1948
+@@ -0,0 +1,73 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP POST
++HTTP PUT
++</keywords>
++</info>
++
++# Server-side
++<reply>
++<data>
++HTTP/1.1 200 OK
++Date: Thu, 01 Nov 2001 14:49:00 GMT
++Content-Type: text/html
++Content-Length: 6
++
++hello
++</data>
++<datacheck>
++HTTP/1.1 200 OK
++Date: Thu, 01 Nov 2001 14:49:00 GMT
++Content-Type: text/html
++Content-Length: 6
++
++hello
++HTTP/1.1 200 OK
++Date: Thu, 01 Nov 2001 14:49:00 GMT
++Content-Type: text/html
++Content-Length: 6
++
++hello
++</datacheck>
++</reply>
++
++# Client-side
++<client>
++<server>
++http
++</server>
++
++<name>
++CURLOPT_POST after CURLOPT_UPLOAD reusing handle
++</name>
++<tool>
++lib%TESTNUMBER
++</tool>
++
++<command>
++http://%HOSTIP:%HTTPPORT/%TESTNUMBER
++</command>
++</client>
++
++# Verify data after the test has been "shot"
++<verify>
++<protocol>
++PUT /%TESTNUMBER HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Accept: */*
++Content-Length: 22
++Expect: 100-continue
++
++This is test PUT data
++POST /1948 HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Accept: */*
++Content-Length: 22
++Content-Type: application/x-www-form-urlencoded
++
++This is test PUT data
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
+index d6b3ab37c..3b9cdd006 100644
+--- a/tests/libtest/Makefile.inc
++++ b/tests/libtest/Makefile.inc
+@@ -64,6 +64,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect                \
+          lib1905 lib1906 lib1907 lib1908 lib1910 lib1911 lib1912 lib1913 \
+          lib1915 lib1916 lib1917 lib1918 lib1933 lib1934 lib1935 lib1936 \
+          lib1939 \
++         lib1948 \
+          lib3010
+ 
+ chkdecimalpoint_SOURCES = chkdecimalpoint.c ../../lib/mprintf.c \
+@@ -753,6 +753,10 @@ lib1939_SOURCES = lib1939.c $(SUPPORTFILES)
+ lib1939_LDADD = $(TESTUTIL_LIBS)
+ lib1939_CPPFLAGS = $(AM_CPPFLAGS)
+ 
++lib1948_SOURCES = lib1948.c $(SUPPORTFILES)
++lib1948_LDADD = $(TESTUTIL_LIBS)
++lib1948_CPPFLAGS = $(AM_CPPFLAGS)
++
+ lib3010_SOURCES = lib3010.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+ lib3010_LDADD = $(TESTUTIL_LIBS)
+ lib3010_CPPFLAGS = $(AM_CPPFLAGS)
+diff --git a/tests/libtest/lib1948.c b/tests/libtest/lib1948.c
+new file mode 100644
+index 000000000..7c891a2ca
+--- /dev/null
++++ b/tests/libtest/lib1948.c
+@@ -0,0 +1,79 @@
++/***************************************************************************
++ *                                  _   _ ____  _
++ *  Project                     ___| | | |  _ \| |
++ *                             / __| | | | |_) | |
++ *                            | (__| |_| |  _ <| |___
++ *                             \___|\___/|_| \_\_____|
++ *
++ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
++ *
++ * This software is licensed as described in the file COPYING, which
++ * you should have received as part of this distribution. The terms
++ * are also available at https://curl.haxx.se/docs/copyright.html.
++ *
++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
++ * copies of the Software, and permit persons to whom the Software is
++ * furnished to do so, under the terms of the COPYING file.
++ *
++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
++ * KIND, either express or implied.
++ *
++ * SPDX-License-Identifier: curl
++ *
++ ***************************************************************************/
++
++#include "test.h"
++
++typedef struct
++{
++  char *buf;
++  size_t len;
++} put_buffer;
++
++static size_t put_callback(char *ptr, size_t size, size_t nmemb, void *stream)
++{
++  put_buffer *putdata = (put_buffer *)stream;
++  size_t totalsize = size * nmemb;
++  size_t tocopy = (putdata->len < totalsize) ? putdata->len : totalsize;
++  memcpy(ptr, putdata->buf, tocopy);
++  putdata->len -= tocopy;
++  putdata->buf += tocopy;
++  return tocopy;
++}
++
++int test(char *URL)
++{
++  CURL *curl;
++  CURLcode res = CURLE_OUT_OF_MEMORY;
++
++  curl_global_init(CURL_GLOBAL_DEFAULT);
++
++  curl = curl_easy_init();
++  if(curl) {
++    const char *testput = "This is test PUT data\n";
++    put_buffer pbuf;
++
++    /* PUT */
++    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
++    curl_easy_setopt(curl, CURLOPT_HEADER, 1L);
++    curl_easy_setopt(curl, CURLOPT_READFUNCTION, put_callback);
++    pbuf.buf = (char *)testput;
++    pbuf.len = strlen(testput);
++    curl_easy_setopt(curl, CURLOPT_READDATA, &pbuf);
++    curl_easy_setopt(curl, CURLOPT_INFILESIZE, (long)strlen(testput));
++    res = curl_easy_setopt(curl, CURLOPT_URL, URL);
++    if(!res)
++      res = curl_easy_perform(curl);
++    if(!res) {
++      /* POST */
++      curl_easy_setopt(curl, CURLOPT_POST, 1L);
++      curl_easy_setopt(curl, CURLOPT_POSTFIELDS, testput);
++      curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(testput));
++      res = curl_easy_perform(curl);
++    }
++    curl_easy_cleanup(curl);
++  }
++
++  curl_global_cleanup();
++  return (int)res;
++}
+-- 
+2.33.0
+
diff --git a/backport-test387-verify-rejection-of-compression-chain-attack.patch b/backport-test387-verify-rejection-of-compression-chain-attack.patch
new file mode 100644
index 0000000..ee3bbfb
--- /dev/null
+++ b/backport-test387-verify-rejection-of-compression-chain-attack.patch
@@ -0,0 +1,85 @@
+From 7230b19a2e17a164f61f82e4e409a9777ea2421a Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 16 May 2022 16:29:07 +0200
+Subject: [PATCH] test387: verify rejection of compression chain attack
+
+---
+ tests/data/Makefile.inc |  1 +
+ tests/data/test387      | 53 +++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 54 insertions(+)
+ create mode 100644 tests/data/test387
+
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 8b7cc46a3..370727eec 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -64,6 +64,7 @@ test343 test344 test345 test346 test347 test348 test349 test350 test351 \
+ test343 test344 test345 test346 test347 test348 test349 test350 test351 \
+ test352 test353 test354 test355 test356 test357 test358 test359 test360 \
+ test361 test362 test363 test364 test365 test366 \
++test387 \
+ \
+ test392 test393 test394 test395 test396 test397 \
+ \
+diff --git a/tests/data/test387 b/tests/data/test387
+new file mode 100644
+index 000000000..015ec25f1
+--- /dev/null
++++ b/tests/data/test387
+@@ -0,0 +1,53 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++gzip
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data nocheck="yes">
++HTTP/1.1 200 OK
++Transfer-Encoding: gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++ <name>
++Response with overly long compression chain
++ </name>
++ <command>
++http://%HOSTIP:%HTTPPORT/%TESTNUMBER -sS
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol>
++GET /%TESTNUMBER HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++User-Agent: curl/%VERSION
++Accept: */*
++
++</protocol>
++
++# CURLE_BAD_CONTENT_ENCODING is 61
++<errorcode>
++61
++</errorcode>
++<stderr mode="text">
++curl: (61) Reject response due to more than 5 content encodings
++</stderr>
++</verify>
++</testcase>
+-- 
+2.33.0
+
diff --git a/backport-test442-443-test-cookie-caps.patch b/backport-test442-443-test-cookie-caps.patch
new file mode 100644
index 0000000..6e689dd
--- /dev/null
+++ b/backport-test442-443-test-cookie-caps.patch
@@ -0,0 +1,331 @@
+From ff2b2bcf687572d173688832f0913a43de1a2bf8 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 26 Jun 2022 11:01:01 +0200
+Subject: [PATCH] test442/443: test cookie caps
+
+442 - verify that only 150 cookies are sent
+443 - verify that the cookie: header remains less than 8K in size
+---
+ tests/data/Makefile.inc |   2 +-
+ tests/data/test442      | 210 ++++++++++++++++++++++++++++++++++++++++
+ tests/data/test443      |  79 +++++++++++++++
+ 3 files changed, 290 insertions(+), 1 deletion(-)
+ create mode 100644 tests/data/test442
+ create mode 100644 tests/data/test443
+
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 370727eec..a17618ac7 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -73,6 +73,7 @@ test409 test410 test411 test412 test413 test414 \
+ test418 \
+ test430 test431 test432 test433 test434 test435 test445 test446\
+ \
++test442 test443 \
+ test490 test491 test492 test493 test494 \
+ \
+ test500 test501 test502 test503 test504 test505 test506 test507 test508 \
+diff --git a/tests/data/test442 b/tests/data/test442
+new file mode 100644
+index 000000000..1b00d2061
+--- /dev/null
++++ b/tests/data/test442
+@@ -0,0 +1,210 @@
++<testcase>
++# perl:
++#
++# for(1 .. 151) {
++#    print join("\t",
++#               "attack.invalid", "TRUE", "/", "FALSE", "0",
++#               "name$_", "could-be-large-$_")."\n";
++# }
++#
++<info>
++<keywords>
++HTTP
++cookies
++--resolve
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data>
++HTTP/1.1 200 OK
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 6
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++<name>
++Send capped huge number of matching cookies
++</name>
++<command>
++http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -b log/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP -L
++</command>
++<file name="log/cookie%TESTNUMBER" mode="text">
++attack.invalid	TRUE	/	FALSE	0	name1	could-be-large-1
++attack.invalid	TRUE	/	FALSE	0	name2	could-be-large-2
++attack.invalid	TRUE	/	FALSE	0	name3	could-be-large-3
++attack.invalid	TRUE	/	FALSE	0	name4	could-be-large-4
++attack.invalid	TRUE	/	FALSE	0	name5	could-be-large-5
++attack.invalid	TRUE	/	FALSE	0	name6	could-be-large-6
++attack.invalid	TRUE	/	FALSE	0	name7	could-be-large-7
++attack.invalid	TRUE	/	FALSE	0	name8	could-be-large-8
++attack.invalid	TRUE	/	FALSE	0	name9	could-be-large-9
++attack.invalid	TRUE	/	FALSE	0	name10	could-be-large-10
++attack.invalid	TRUE	/	FALSE	0	name11	could-be-large-11
++attack.invalid	TRUE	/	FALSE	0	name12	could-be-large-12
++attack.invalid	TRUE	/	FALSE	0	name13	could-be-large-13
++attack.invalid	TRUE	/	FALSE	0	name14	could-be-large-14
++attack.invalid	TRUE	/	FALSE	0	name15	could-be-large-15
++attack.invalid	TRUE	/	FALSE	0	name16	could-be-large-16
++attack.invalid	TRUE	/	FALSE	0	name17	could-be-large-17
++attack.invalid	TRUE	/	FALSE	0	name18	could-be-large-18
++attack.invalid	TRUE	/	FALSE	0	name19	could-be-large-19
++attack.invalid	TRUE	/	FALSE	0	name20	could-be-large-20
++attack.invalid	TRUE	/	FALSE	0	name21	could-be-large-21
++attack.invalid	TRUE	/	FALSE	0	name22	could-be-large-22
++attack.invalid	TRUE	/	FALSE	0	name23	could-be-large-23
++attack.invalid	TRUE	/	FALSE	0	name24	could-be-large-24
++attack.invalid	TRUE	/	FALSE	0	name25	could-be-large-25
++attack.invalid	TRUE	/	FALSE	0	name26	could-be-large-26
++attack.invalid	TRUE	/	FALSE	0	name27	could-be-large-27
++attack.invalid	TRUE	/	FALSE	0	name28	could-be-large-28
++attack.invalid	TRUE	/	FALSE	0	name29	could-be-large-29
++attack.invalid	TRUE	/	FALSE	0	name30	could-be-large-30
++attack.invalid	TRUE	/	FALSE	0	name31	could-be-large-31
++attack.invalid	TRUE	/	FALSE	0	name32	could-be-large-32
++attack.invalid	TRUE	/	FALSE	0	name33	could-be-large-33
++attack.invalid	TRUE	/	FALSE	0	name34	could-be-large-34
++attack.invalid	TRUE	/	FALSE	0	name35	could-be-large-35
++attack.invalid	TRUE	/	FALSE	0	name36	could-be-large-36
++attack.invalid	TRUE	/	FALSE	0	name37	could-be-large-37
++attack.invalid	TRUE	/	FALSE	0	name38	could-be-large-38
++attack.invalid	TRUE	/	FALSE	0	name39	could-be-large-39
++attack.invalid	TRUE	/	FALSE	0	name40	could-be-large-40
++attack.invalid	TRUE	/	FALSE	0	name41	could-be-large-41
++attack.invalid	TRUE	/	FALSE	0	name42	could-be-large-42
++attack.invalid	TRUE	/	FALSE	0	name43	could-be-large-43
++attack.invalid	TRUE	/	FALSE	0	name44	could-be-large-44
++attack.invalid	TRUE	/	FALSE	0	name45	could-be-large-45
++attack.invalid	TRUE	/	FALSE	0	name46	could-be-large-46
++attack.invalid	TRUE	/	FALSE	0	name47	could-be-large-47
++attack.invalid	TRUE	/	FALSE	0	name48	could-be-large-48
++attack.invalid	TRUE	/	FALSE	0	name49	could-be-large-49
++attack.invalid	TRUE	/	FALSE	0	name50	could-be-large-50
++attack.invalid	TRUE	/	FALSE	0	name51	could-be-large-51
++attack.invalid	TRUE	/	FALSE	0	name52	could-be-large-52
++attack.invalid	TRUE	/	FALSE	0	name53	could-be-large-53
++attack.invalid	TRUE	/	FALSE	0	name54	could-be-large-54
++attack.invalid	TRUE	/	FALSE	0	name55	could-be-large-55
++attack.invalid	TRUE	/	FALSE	0	name56	could-be-large-56
++attack.invalid	TRUE	/	FALSE	0	name57	could-be-large-57
++attack.invalid	TRUE	/	FALSE	0	name58	could-be-large-58
++attack.invalid	TRUE	/	FALSE	0	name59	could-be-large-59
++attack.invalid	TRUE	/	FALSE	0	name60	could-be-large-60
++attack.invalid	TRUE	/	FALSE	0	name61	could-be-large-61
++attack.invalid	TRUE	/	FALSE	0	name62	could-be-large-62
++attack.invalid	TRUE	/	FALSE	0	name63	could-be-large-63
++attack.invalid	TRUE	/	FALSE	0	name64	could-be-large-64
++attack.invalid	TRUE	/	FALSE	0	name65	could-be-large-65
++attack.invalid	TRUE	/	FALSE	0	name66	could-be-large-66
++attack.invalid	TRUE	/	FALSE	0	name67	could-be-large-67
++attack.invalid	TRUE	/	FALSE	0	name68	could-be-large-68
++attack.invalid	TRUE	/	FALSE	0	name69	could-be-large-69
++attack.invalid	TRUE	/	FALSE	0	name70	could-be-large-70
++attack.invalid	TRUE	/	FALSE	0	name71	could-be-large-71
++attack.invalid	TRUE	/	FALSE	0	name72	could-be-large-72
++attack.invalid	TRUE	/	FALSE	0	name73	could-be-large-73
++attack.invalid	TRUE	/	FALSE	0	name74	could-be-large-74
++attack.invalid	TRUE	/	FALSE	0	name75	could-be-large-75
++attack.invalid	TRUE	/	FALSE	0	name76	could-be-large-76
++attack.invalid	TRUE	/	FALSE	0	name77	could-be-large-77
++attack.invalid	TRUE	/	FALSE	0	name78	could-be-large-78
++attack.invalid	TRUE	/	FALSE	0	name79	could-be-large-79
++attack.invalid	TRUE	/	FALSE	0	name80	could-be-large-80
++attack.invalid	TRUE	/	FALSE	0	name81	could-be-large-81
++attack.invalid	TRUE	/	FALSE	0	name82	could-be-large-82
++attack.invalid	TRUE	/	FALSE	0	name83	could-be-large-83
++attack.invalid	TRUE	/	FALSE	0	name84	could-be-large-84
++attack.invalid	TRUE	/	FALSE	0	name85	could-be-large-85
++attack.invalid	TRUE	/	FALSE	0	name86	could-be-large-86
++attack.invalid	TRUE	/	FALSE	0	name87	could-be-large-87
++attack.invalid	TRUE	/	FALSE	0	name88	could-be-large-88
++attack.invalid	TRUE	/	FALSE	0	name89	could-be-large-89
++attack.invalid	TRUE	/	FALSE	0	name90	could-be-large-90
++attack.invalid	TRUE	/	FALSE	0	name91	could-be-large-91
++attack.invalid	TRUE	/	FALSE	0	name92	could-be-large-92
++attack.invalid	TRUE	/	FALSE	0	name93	could-be-large-93
++attack.invalid	TRUE	/	FALSE	0	name94	could-be-large-94
++attack.invalid	TRUE	/	FALSE	0	name95	could-be-large-95
++attack.invalid	TRUE	/	FALSE	0	name96	could-be-large-96
++attack.invalid	TRUE	/	FALSE	0	name97	could-be-large-97
++attack.invalid	TRUE	/	FALSE	0	name98	could-be-large-98
++attack.invalid	TRUE	/	FALSE	0	name99	could-be-large-99
++attack.invalid	TRUE	/	FALSE	0	name100	could-be-large-100
++attack.invalid	TRUE	/	FALSE	0	name101	could-be-large-101
++attack.invalid	TRUE	/	FALSE	0	name102	could-be-large-102
++attack.invalid	TRUE	/	FALSE	0	name103	could-be-large-103
++attack.invalid	TRUE	/	FALSE	0	name104	could-be-large-104
++attack.invalid	TRUE	/	FALSE	0	name105	could-be-large-105
++attack.invalid	TRUE	/	FALSE	0	name106	could-be-large-106
++attack.invalid	TRUE	/	FALSE	0	name107	could-be-large-107
++attack.invalid	TRUE	/	FALSE	0	name108	could-be-large-108
++attack.invalid	TRUE	/	FALSE	0	name109	could-be-large-109
++attack.invalid	TRUE	/	FALSE	0	name110	could-be-large-110
++attack.invalid	TRUE	/	FALSE	0	name111	could-be-large-111
++attack.invalid	TRUE	/	FALSE	0	name112	could-be-large-112
++attack.invalid	TRUE	/	FALSE	0	name113	could-be-large-113
++attack.invalid	TRUE	/	FALSE	0	name114	could-be-large-114
++attack.invalid	TRUE	/	FALSE	0	name115	could-be-large-115
++attack.invalid	TRUE	/	FALSE	0	name116	could-be-large-116
++attack.invalid	TRUE	/	FALSE	0	name117	could-be-large-117
++attack.invalid	TRUE	/	FALSE	0	name118	could-be-large-118
++attack.invalid	TRUE	/	FALSE	0	name119	could-be-large-119
++attack.invalid	TRUE	/	FALSE	0	name120	could-be-large-120
++attack.invalid	TRUE	/	FALSE	0	name121	could-be-large-121
++attack.invalid	TRUE	/	FALSE	0	name122	could-be-large-122
++attack.invalid	TRUE	/	FALSE	0	name123	could-be-large-123
++attack.invalid	TRUE	/	FALSE	0	name124	could-be-large-124
++attack.invalid	TRUE	/	FALSE	0	name125	could-be-large-125
++attack.invalid	TRUE	/	FALSE	0	name126	could-be-large-126
++attack.invalid	TRUE	/	FALSE	0	name127	could-be-large-127
++attack.invalid	TRUE	/	FALSE	0	name128	could-be-large-128
++attack.invalid	TRUE	/	FALSE	0	name129	could-be-large-129
++attack.invalid	TRUE	/	FALSE	0	name130	could-be-large-130
++attack.invalid	TRUE	/	FALSE	0	name131	could-be-large-131
++attack.invalid	TRUE	/	FALSE	0	name132	could-be-large-132
++attack.invalid	TRUE	/	FALSE	0	name133	could-be-large-133
++attack.invalid	TRUE	/	FALSE	0	name134	could-be-large-134
++attack.invalid	TRUE	/	FALSE	0	name135	could-be-large-135
++attack.invalid	TRUE	/	FALSE	0	name136	could-be-large-136
++attack.invalid	TRUE	/	FALSE	0	name137	could-be-large-137
++attack.invalid	TRUE	/	FALSE	0	name138	could-be-large-138
++attack.invalid	TRUE	/	FALSE	0	name139	could-be-large-139
++attack.invalid	TRUE	/	FALSE	0	name140	could-be-large-140
++attack.invalid	TRUE	/	FALSE	0	name141	could-be-large-141
++attack.invalid	TRUE	/	FALSE	0	name142	could-be-large-142
++attack.invalid	TRUE	/	FALSE	0	name143	could-be-large-143
++attack.invalid	TRUE	/	FALSE	0	name144	could-be-large-144
++attack.invalid	TRUE	/	FALSE	0	name145	could-be-large-145
++attack.invalid	TRUE	/	FALSE	0	name146	could-be-large-146
++attack.invalid	TRUE	/	FALSE	0	name147	could-be-large-147
++attack.invalid	TRUE	/	FALSE	0	name148	could-be-large-148
++attack.invalid	TRUE	/	FALSE	0	name149	could-be-large-149
++attack.invalid	TRUE	/	FALSE	0	name150	could-be-large-150
++attack.invalid	TRUE	/	FALSE	0	name151	could-be-large-151
++</file>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol>
++GET /a/b/%TESTNUMBER HTTP/1.1
++Host: attack.invalid:%HTTPPORT
++User-Agent: curl/%VERSION
++Accept: */*
++Cookie: name150=could-be-large-150; name149=could-be-large-149; name148=could-be-large-148; name147=could-be-large-147; name146=could-be-large-146; name145=could-be-large-145; name144=could-be-large-144; name143=could-be-large-143; name142=could-be-large-142; name141=could-be-large-141; name140=could-be-large-140; name139=could-be-large-139; name138=could-be-large-138; name137=could-be-large-137; name136=could-be-large-136; name135=could-be-large-135; name134=could-be-large-134; name133=could-be-large-133; name132=could-be-large-132; name131=could-be-large-131; name130=could-be-large-130; name129=could-be-large-129; name128=could-be-large-128; name127=could-be-large-127; name126=could-be-large-126; name125=could-be-large-125; name124=could-be-large-124; name123=could-be-large-123; name122=could-be-large-122; name121=could-be-large-121; name120=could-be-large-120; name119=could-be-large-119; name118=could-be-large-118; name117=could-be-large-117; name116=could-be-large-116; name115=could-be-large-115; name114=could-be-large-114; name113=could-be-large-113; name112=could-be-large-112; name111=could-be-large-111; name110=could-be-large-110; name109=could-be-large-109; name108=could-be-large-108; name107=could-be-large-107; name106=could-be-large-106; name105=could-be-large-105; name104=could-be-large-104; name103=could-be-large-103; name102=could-be-large-102; name101=could-be-large-101; name100=could-be-large-100; name99=could-be-large-99; name98=could-be-large-98; name97=could-be-large-97; name96=could-be-large-96; name95=could-be-large-95; name94=could-be-large-94; name93=could-be-large-93; name92=could-be-large-92; name91=could-be-large-91; name90=could-be-large-90; name89=could-be-large-89; name88=could-be-large-88; name87=could-be-large-87; name86=could-be-large-86; name85=could-be-large-85; name84=could-be-large-84; name83=could-be-large-83; name82=could-be-large-82; name81=could-be-large-81; name80=could-be-large-80; name79=could-be-large-79; name78=could-be-large-78; name77=could-be-large-77; name76=could-be-large-76; name75=could-be-large-75; name74=could-be-large-74; name73=could-be-large-73; name72=could-be-large-72; name71=could-be-large-71; name70=could-be-large-70; name69=could-be-large-69; name68=could-be-large-68; name67=could-be-large-67; name66=could-be-large-66; name65=could-be-large-65; name64=could-be-large-64; name63=could-be-large-63; name62=could-be-large-62; name61=could-be-large-61; name60=could-be-large-60; name59=could-be-large-59; name58=could-be-large-58; name57=could-be-large-57; name56=could-be-large-56; name55=could-be-large-55; name54=could-be-large-54; name53=could-be-large-53; name52=could-be-large-52; name51=could-be-large-51; name50=could-be-large-50; name49=could-be-large-49; name48=could-be-large-48; name47=could-be-large-47; name46=could-be-large-46; name45=could-be-large-45; name44=could-be-large-44; name43=could-be-large-43; name42=could-be-large-42; name41=could-be-large-41; name40=could-be-large-40; name39=could-be-large-39; name38=could-be-large-38; name37=could-be-large-37; name36=could-be-large-36; name35=could-be-large-35; name34=could-be-large-34; name33=could-be-large-33; name32=could-be-large-32; name31=could-be-large-31; name30=could-be-large-30; name29=could-be-large-29; name28=could-be-large-28; name27=could-be-large-27; name26=could-be-large-26; name25=could-be-large-25; name24=could-be-large-24; name23=could-be-large-23; name22=could-be-large-22; name21=could-be-large-21; name20=could-be-large-20; name19=could-be-large-19; name18=could-be-large-18; name17=could-be-large-17; name16=could-be-large-16; name15=could-be-large-15; name14=could-be-large-14; name13=could-be-large-13; name12=could-be-large-12; name11=could-be-large-11; name10=could-be-large-10; name9=could-be-large-9; name8=could-be-large-8; name7=could-be-large-7; name6=could-be-large-6; name5=could-be-large-5; name4=could-be-large-4; name3=could-be-large-3; name2=could-be-large-2; name1=could-be-large-1
++
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/data/test443 b/tests/data/test443
+new file mode 100644
+index 000000000..996b1d304
+--- /dev/null
++++ b/tests/data/test443
+@@ -0,0 +1,79 @@
++<testcase>
++# perl:
++#
++#for(1 .. 20) {
++#    print join("\t",
++#               "attack.invalid", "TRUE", "/", "FALSE", "0",
++#               "huge-$_", ('a' x 500)."-$_")."\n";
++#}
++#
++<info>
++<keywords>
++HTTP
++cookies
++--resolve
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data>
++HTTP/1.1 200 OK
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 6
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++<name>
++Cookie header in request no longer than 8K
++</name>
++<command>
++http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -b log/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP -L
++</command>
++<file name="log/cookie%TESTNUMBER" mode="text">
++attack.invalid	TRUE	/	FALSE	0	huge-1	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-1
++attack.invalid	TRUE	/	FALSE	0	huge-2	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-2
++attack.invalid	TRUE	/	FALSE	0	huge-3	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-3
++attack.invalid	TRUE	/	FALSE	0	huge-4	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-4
++attack.invalid	TRUE	/	FALSE	0	huge-5	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-5
++attack.invalid	TRUE	/	FALSE	0	huge-6	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-6
++attack.invalid	TRUE	/	FALSE	0	huge-7	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-7
++attack.invalid	TRUE	/	FALSE	0	huge-8	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-8
++attack.invalid	TRUE	/	FALSE	0	huge-9	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-9
++attack.invalid	TRUE	/	FALSE	0	huge-10	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-10
++attack.invalid	TRUE	/	FALSE	0	huge-11	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-11
++attack.invalid	TRUE	/	FALSE	0	huge-12	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-12
++attack.invalid	TRUE	/	FALSE	0	huge-13	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-13
++attack.invalid	TRUE	/	FALSE	0	huge-14	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-14
++attack.invalid	TRUE	/	FALSE	0	huge-15	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-15
++attack.invalid	TRUE	/	FALSE	0	huge-16	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-16
++attack.invalid	TRUE	/	FALSE	0	huge-17	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-17
++attack.invalid	TRUE	/	FALSE	0	huge-18	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-18
++attack.invalid	TRUE	/	FALSE	0	huge-19	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-19
++attack.invalid	TRUE	/	FALSE	0	huge-20	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-20
++</file>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol>
++GET /a/b/%TESTNUMBER HTTP/1.1
++Host: attack.invalid:%HTTPPORT
++User-Agent: curl/%VERSION
++Accept: */*
++Cookie: huge-20=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-20; huge-19=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-19; huge-18=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-18; huge-17=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-17; huge-16=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-16; huge-15=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-15; huge-14=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-14; huge-13=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-13; huge-12=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-12; huge-11=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-11; huge-10=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-10; huge-9=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-9; huge-8=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-8; huge-7=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-7; huge-6=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-6
++
++</protocol>
++</verify>
++</testcase>
+-- 
+2.33.0
+
diff --git a/backport-test444-test-many-received-Set-Cookie.patch b/backport-test444-test-many-received-Set-Cookie.patch
new file mode 100644
index 0000000..3a503ff
--- /dev/null
+++ b/backport-test444-test-many-received-Set-Cookie.patch
@@ -0,0 +1,226 @@
+From 46f8911d3942dc06fdd67e9f6f3908982e5d2fb4 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 26 Jun 2022 11:01:01 +0200
+Subject: [PATCH] test444: test many received Set-Cookie:
+
+The amount of sent cookies in the test is limited to 80 because hyper
+has its own strict limits in how many headers it allows to be received
+which triggers at some point beyond this number.
+---
+ tests/data/Makefile.inc |   2 +-
+ tests/data/test444      | 189 ++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 190 insertions(+), 1 deletion(-)
+ create mode 100644 tests/data/test444
+
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index a17618ac7..96f1428d6 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -73,7 +73,7 @@ test409 test410 test411 test412 test413 test414 \
+ test418 \
+ test430 test431 test432 test433 test434 test435 test445 test446\
+ \
+-test442 test443 \
++test442 test443 test444 \
+ test490 test491 test492 test493 test494 \
+ \
+ test500 test501 test502 test503 test504 test505 test506 test507 test508 \
+diff --git a/tests/data/test444 b/tests/data/test444
+new file mode 100644
+index 000000000..9bdd4a7fe
+--- /dev/null
++++ b/tests/data/test444
+@@ -0,0 +1,189 @@
++<testcase>
++# perl:
++#
++#for(1 .. 200) {
++#
++#}
++#
++<info>
++<keywords>
++HTTP
++cookies
++--resolve
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data>
++HTTP/1.1 200 OK
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 6
++Set-Cookie: cookie-1=yes;
++Set-Cookie: cookie-2=yes;
++Set-Cookie: cookie-3=yes;
++Set-Cookie: cookie-4=yes;
++Set-Cookie: cookie-5=yes;
++Set-Cookie: cookie-6=yes;
++Set-Cookie: cookie-7=yes;
++Set-Cookie: cookie-8=yes;
++Set-Cookie: cookie-9=yes;
++Set-Cookie: cookie-10=yes;
++Set-Cookie: cookie-11=yes;
++Set-Cookie: cookie-12=yes;
++Set-Cookie: cookie-13=yes;
++Set-Cookie: cookie-14=yes;
++Set-Cookie: cookie-15=yes;
++Set-Cookie: cookie-16=yes;
++Set-Cookie: cookie-17=yes;
++Set-Cookie: cookie-18=yes;
++Set-Cookie: cookie-19=yes;
++Set-Cookie: cookie-20=yes;
++Set-Cookie: cookie-21=yes;
++Set-Cookie: cookie-22=yes;
++Set-Cookie: cookie-23=yes;
++Set-Cookie: cookie-24=yes;
++Set-Cookie: cookie-25=yes;
++Set-Cookie: cookie-26=yes;
++Set-Cookie: cookie-27=yes;
++Set-Cookie: cookie-28=yes;
++Set-Cookie: cookie-29=yes;
++Set-Cookie: cookie-30=yes;
++Set-Cookie: cookie-31=yes;
++Set-Cookie: cookie-32=yes;
++Set-Cookie: cookie-33=yes;
++Set-Cookie: cookie-34=yes;
++Set-Cookie: cookie-35=yes;
++Set-Cookie: cookie-36=yes;
++Set-Cookie: cookie-37=yes;
++Set-Cookie: cookie-38=yes;
++Set-Cookie: cookie-39=yes;
++Set-Cookie: cookie-40=yes;
++Set-Cookie: cookie-41=yes;
++Set-Cookie: cookie-42=yes;
++Set-Cookie: cookie-43=yes;
++Set-Cookie: cookie-44=yes;
++Set-Cookie: cookie-45=yes;
++Set-Cookie: cookie-46=yes;
++Set-Cookie: cookie-47=yes;
++Set-Cookie: cookie-48=yes;
++Set-Cookie: cookie-49=yes;
++Set-Cookie: cookie-50=yes;
++Set-Cookie: cookie-51=yes;
++Set-Cookie: cookie-52=yes;
++Set-Cookie: cookie-53=yes;
++Set-Cookie: cookie-54=yes;
++Set-Cookie: cookie-55=yes;
++Set-Cookie: cookie-56=yes;
++Set-Cookie: cookie-57=yes;
++Set-Cookie: cookie-58=yes;
++Set-Cookie: cookie-59=yes;
++Set-Cookie: cookie-60=yes;
++Set-Cookie: cookie-61=yes;
++Set-Cookie: cookie-62=yes;
++Set-Cookie: cookie-63=yes;
++Set-Cookie: cookie-64=yes;
++Set-Cookie: cookie-65=yes;
++Set-Cookie: cookie-66=yes;
++Set-Cookie: cookie-67=yes;
++Set-Cookie: cookie-68=yes;
++Set-Cookie: cookie-69=yes;
++Set-Cookie: cookie-70=yes;
++Set-Cookie: cookie-71=yes;
++Set-Cookie: cookie-72=yes;
++Set-Cookie: cookie-73=yes;
++Set-Cookie: cookie-74=yes;
++Set-Cookie: cookie-75=yes;
++Set-Cookie: cookie-76=yes;
++Set-Cookie: cookie-77=yes;
++Set-Cookie: cookie-78=yes;
++Set-Cookie: cookie-79=yes;
++Set-Cookie: cookie-80=yes;
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++<name>
++Many Set-Cookie response headers
++</name>
++<command>
++http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -c log/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol>
++GET /a/b/%TESTNUMBER HTTP/1.1
++Host: attack.invalid:%HTTPPORT
++User-Agent: curl/%VERSION
++Accept: */*
++
++</protocol>
++<file name="log/cookie%TESTNUMBER" mode="text">
++# Netscape HTTP Cookie File
++# https://curl.se/docs/http-cookies.html
++# This file was generated by libcurl! Edit at your own risk.
++
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-50	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-49	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-48	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-47	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-46	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-45	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-44	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-43	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-42	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-41	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-40	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-39	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-38	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-37	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-36	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-35	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-34	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-33	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-32	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-31	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-30	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-29	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-28	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-27	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-26	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-25	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-24	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-23	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-22	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-21	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-20	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-19	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-18	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-17	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-16	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-15	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-14	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-13	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-12	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-11	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-10	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-9	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-8	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-7	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-6	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-5	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-4	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-3	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-2	yes
++attack.invalid	FALSE	/a/b/	FALSE	0	cookie-1	yes
++</file>
++</verify>
++</testcase>
+-- 
+2.33.0
+
diff --git a/backport-test8-verify-that-ctrl-byte-cookies-are-ignored.patch b/backport-test8-verify-that-ctrl-byte-cookies-are-ignored.patch
new file mode 100644
index 0000000..4319e6e
--- /dev/null
+++ b/backport-test8-verify-that-ctrl-byte-cookies-are-ignored.patch
@@ -0,0 +1,62 @@
+From 2fc031d834d488854ffc58bf7dbcef7fa7c1fc28 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 29 Aug 2022 00:09:17 +0200
+Subject: [PATCH] test8: verify that "ctrl-byte cookies" are ignored
+
+---
+ tests/data/test8 | 32 +++++++++++++++++++++++++++++++-
+ 1 file changed, 31 insertions(+), 1 deletion(-)
+
+diff --git a/tests/data/test8 b/tests/data/test8
+index a8548e6c2..858761159 100644
+--- a/tests/data/test8
++++ b/tests/data/test8
+@@ -46,6 +46,36 @@ Set-Cookie: trailingspace    = removed; path=/we/want;
+ Set-Cookie: nocookie=yes; path=/WE;
+ Set-Cookie: blexp=yesyes; domain=%HOSTIP; domain=%HOSTIP; expiry=totally bad;
+ Set-Cookie: partialip=nono; domain=.0.0.1;
++Set-Cookie: cookie1=%hex[%01-junk]hex%
++Set-Cookie: cookie2=%hex[%02-junk]hex%
++Set-Cookie: cookie3=%hex[%03-junk]hex%
++Set-Cookie: cookie4=%hex[%04-junk]hex%
++Set-Cookie: cookie5=%hex[%05-junk]hex%
++Set-Cookie: cookie6=%hex[%06-junk]hex%
++Set-Cookie: cookie7=%hex[%07-junk]hex%
++Set-Cookie: cookie8=%hex[%08-junk]hex%
++Set-Cookie: cookie9=%hex[junk-%09-]hex%
++Set-Cookie: cookie11=%hex[%0b-junk]hex%
++Set-Cookie: cookie12=%hex[%0c-junk]hex%
++Set-Cookie: cookie14=%hex[%0e-junk]hex%
++Set-Cookie: cookie15=%hex[%0f-junk]hex%
++Set-Cookie: cookie16=%hex[%10-junk]hex%
++Set-Cookie: cookie17=%hex[%11-junk]hex%
++Set-Cookie: cookie18=%hex[%12-junk]hex%
++Set-Cookie: cookie19=%hex[%13-junk]hex%
++Set-Cookie: cookie20=%hex[%14-junk]hex%
++Set-Cookie: cookie21=%hex[%15-junk]hex%
++Set-Cookie: cookie22=%hex[%16-junk]hex%
++Set-Cookie: cookie23=%hex[%17-junk]hex%
++Set-Cookie: cookie24=%hex[%18-junk]hex%
++Set-Cookie: cookie25=%hex[%19-junk]hex%
++Set-Cookie: cookie26=%hex[%1a-junk]hex%
++Set-Cookie: cookie27=%hex[%1b-junk]hex%
++Set-Cookie: cookie28=%hex[%1c-junk]hex%
++Set-Cookie: cookie29=%hex[%1d-junk]hex%
++Set-Cookie: cookie30=%hex[%1e-junk]hex%
++Set-Cookie: cookie31=%hex[%1f-junk]hex%
++Set-Cookie: cookie31=%hex[%7f-junk]hex%
+ 
+ </file>
+ <precheck>
+@@ -60,7 +90,7 @@ GET /we/want/%TESTNUMBER HTTP/1.1
+ Host: %HOSTIP:%HTTPPORT
+ User-Agent: curl/%VERSION
+ Accept: */*
+-Cookie: name with space=is weird but; trailingspace=removed; cookie=perhaps; cookie=yes; foobar=name; blexp=yesyes
++Cookie: name with space=is weird but; trailingspace=removed; cookie=perhaps; cookie=yes; foobar=name; blexp=yesyes; cookie9=junk-	-
+ 
+ </protocol>
+ </verify>
+-- 
+2.33.0
+
diff --git a/backport-tests-verify-the-fix-for-CVE-2022-27774.patch b/backport-tests-verify-the-fix-for-CVE-2022-27774.patch
new file mode 100644
index 0000000..027285c
--- /dev/null
+++ b/backport-tests-verify-the-fix-for-CVE-2022-27774.patch
@@ -0,0 +1,413 @@
+From 5295e8d64ac6949ecb3f9e564317a608f51b90d8 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 25 Apr 2022 16:24:33 +0200
+Subject: [PATCH] tests: verify the fix for CVE-2022-27774
+
+ - Test 973 redirects from HTTP to FTP, clear auth
+ - Test 974 redirects from HTTP to HTTP different port, clear auth
+ - Test 975 redirects from HTTP to FTP, permitted to keep auth
+ - Test 976 redirects from HTTP to HTTP different port, permitted to keep
+   auth
+---
+ tests/data/Makefile.inc |  2 +-
+ tests/data/test973      | 88 +++++++++++++++++++++++++++++++++++++++++
+ tests/data/test974      | 87 ++++++++++++++++++++++++++++++++++++++++
+ tests/data/test975      | 88 +++++++++++++++++++++++++++++++++++++++++
+ tests/data/test976      | 88 +++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 352 insertions(+), 1 deletion(-)
+ create mode 100644 tests/data/test973
+ create mode 100644 tests/data/test974
+ create mode 100644 tests/data/test975
+ create mode 100644 tests/data/test976
+
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 0e44679b3..6ec78c6e9 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -119,7 +119,7 @@ test936 test937 test938 test939 test940 test941 test942 test943 test944 \
+ test945 test946 test947 test948 test949 test950 test951 test952 test953 \
+ test954 test955 test956 test957 test958 test959 test960 test961 test962 \
+ test963 test964 test965 test966 test967 test968 test969 test970 test971 \
+-test972 \
++test972 test973 test974 test975 test976 \
+ \
+ test980 test981 test982 test983 test984 test985 test986 \
+ \
+diff --git a/tests/data/test973 b/tests/data/test973
+new file mode 100644
+index 000000000..6ced10789
+--- /dev/null
++++ b/tests/data/test973
+@@ -0,0 +1,88 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++FTP
++--location
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data>
++HTTP/1.1 301 redirect
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 0
++Connection: close
++Content-Type: text/html
++Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
++
++</data>
++<data2>
++data
++    to
++      see
++that FTP
++works
++  so does it?
++</data2>
++
++<datacheck>
++HTTP/1.1 301 redirect
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 0
++Connection: close
++Content-Type: text/html
++Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
++
++data
++    to
++      see
++that FTP
++works
++  so does it?
++</datacheck>
++
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++ftp
++</server>
++ <name>
++HTTP with auth redirected to FTP w/o auth
++ </name>
++ <command>
++http://%HOSTIP:%HTTPPORT/%TESTNUMBER -L -u joe:secret
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol>
++GET /%TESTNUMBER HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Authorization: Basic am9lOnNlY3JldA==
++User-Agent: curl/%VERSION
++Accept: */*
++
++USER anonymous
++PASS ftp@example.com
++PWD
++CWD a
++CWD path
++EPSV
++TYPE I
++SIZE %TESTNUMBER0002
++RETR %TESTNUMBER0002
++QUIT
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/data/test974 b/tests/data/test974
+new file mode 100644
+index 000000000..ac4e6415d
+--- /dev/null
++++ b/tests/data/test974
+@@ -0,0 +1,87 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++--location
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data>
++HTTP/1.1 301 redirect
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 0
++Connection: close
++Content-Type: text/html
++Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
++
++</data>
++<data2>
++HTTP/1.1 200 OK
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 4
++Connection: close
++Content-Type: text/html
++
++hey
++</data2>
++
++<datacheck>
++HTTP/1.1 301 redirect
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 0
++Connection: close
++Content-Type: text/html
++Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
++
++HTTP/1.1 200 OK
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 4
++Connection: close
++Content-Type: text/html
++
++hey
++</datacheck>
++
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++ <name>
++HTTP with auth redirected to HTTP on a diff port w/o auth
++ </name>
++ <command>
++-x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -u joe:secret
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol>
++GET http://firsthost.com/ HTTP/1.1
++Host: firsthost.com
++Authorization: Basic am9lOnNlY3JldA==
++User-Agent: curl/%VERSION
++Accept: */*
++Proxy-Connection: Keep-Alive
++
++GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1
++Host: firsthost.com:9999
++User-Agent: curl/%VERSION
++Accept: */*
++Proxy-Connection: Keep-Alive
++
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/data/test975 b/tests/data/test975
+new file mode 100644
+index 000000000..85e03e4f2
+--- /dev/null
++++ b/tests/data/test975
+@@ -0,0 +1,88 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++FTP
++--location-trusted
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data>
++HTTP/1.1 301 redirect
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 0
++Connection: close
++Content-Type: text/html
++Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
++
++</data>
++<data2>
++data
++    to
++      see
++that FTP
++works
++  so does it?
++</data2>
++
++<datacheck>
++HTTP/1.1 301 redirect
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 0
++Connection: close
++Content-Type: text/html
++Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
++
++data
++    to
++      see
++that FTP
++works
++  so does it?
++</datacheck>
++
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++ftp
++</server>
++ <name>
++HTTP with auth redirected to FTP allowing auth to continue
++ </name>
++ <command>
++http://%HOSTIP:%HTTPPORT/%TESTNUMBER --location-trusted -u joe:secret
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol>
++GET /%TESTNUMBER HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Authorization: Basic am9lOnNlY3JldA==
++User-Agent: curl/%VERSION
++Accept: */*
++
++USER joe
++PASS secret
++PWD
++CWD a
++CWD path
++EPSV
++TYPE I
++SIZE %TESTNUMBER0002
++RETR %TESTNUMBER0002
++QUIT
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/data/test976 b/tests/data/test976
+new file mode 100644
+index 000000000..c4dd61e70
+--- /dev/null
++++ b/tests/data/test976
+@@ -0,0 +1,88 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++--location-trusted
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data>
++HTTP/1.1 301 redirect
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 0
++Connection: close
++Content-Type: text/html
++Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
++
++</data>
++<data2>
++HTTP/1.1 200 OK
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 4
++Connection: close
++Content-Type: text/html
++
++hey
++</data2>
++
++<datacheck>
++HTTP/1.1 301 redirect
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 0
++Connection: close
++Content-Type: text/html
++Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
++
++HTTP/1.1 200 OK
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 4
++Connection: close
++Content-Type: text/html
++
++hey
++</datacheck>
++
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++ <name>
++HTTP with auth redirected to HTTP on a diff port --location-trusted
++ </name>
++ <command>
++-x http://%HOSTIP:%HTTPPORT http://firsthost.com --location-trusted -u joe:secret
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol>
++GET http://firsthost.com/ HTTP/1.1
++Host: firsthost.com
++Authorization: Basic am9lOnNlY3JldA==
++User-Agent: curl/%VERSION
++Accept: */*
++Proxy-Connection: Keep-Alive
++
++GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1
++Host: firsthost.com:9999
++Authorization: Basic am9lOnNlY3JldA==
++User-Agent: curl/%VERSION
++Accept: */*
++Proxy-Connection: Keep-Alive
++
++</protocol>
++</verify>
++</testcase>
+-- 
+2.33.0
+
diff --git a/curl.spec b/curl.spec
index 5964955..478839a 100644
--- a/curl.spec
+++ b/curl.spec
@@ -6,7 +6,7 @@
 
 Name:           curl
 Version:        7.79.1
-Release:        21
+Release:        22
 Summary:        Curl is used in command lines or scripts to transfer data
 License:        MIT
 URL:            https://curl.haxx.se/
@@ -65,6 +65,13 @@ Patch51:        backport-tftp-mark-protocol-as-not-possible-to-do-over-CONNEC.pa
 Patch52:        backport-test1939-require-proxy-support-to-run.patch
 Patch53:        backport-lib1939-make-it-endure-torture-tests.patch
 Patch54:        backport-CVE-2022-42915.patch
+Patch55:        backport-tests-verify-the-fix-for-CVE-2022-27774.patch
+Patch56:        backport-test442-443-test-cookie-caps.patch
+Patch57:        backport-test444-test-many-received-Set-Cookie.patch
+Patch58:        backport-test8-verify-that-ctrl-byte-cookies-are-ignored.patch
+Patch59:        backport-test1948-verify-PUT-POST-reusing-the-same-handle.patch
+Patch60:        backport-test387-verify-rejection-of-compression-chain-attack.patch
+Patch61:        backport-hostcheck-fix-host-name-wildcard-checking.patch
 
 BuildRequires:  automake brotli-devel coreutils gcc groff krb5-devel
 BuildRequires:  libidn2-devel libnghttp2-devel libpsl-devel
@@ -233,6 +240,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*
 
 %changelog
+* Mon Jul 10 2023 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-22
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:backport some testcases
+
 * Mon Jul 03 2023 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-21
 - Type:bugfix
 - CVE:NA