You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by am...@apache.org on 2014/11/18 23:24:01 UTC

trafficserver git commit: TS-3202: Fail the parse if an invalid character is found in the method. This closes #149.

Repository: trafficserver
Updated Branches:
  refs/heads/master 4ea10c59f -> b0d8e2a52


TS-3202: Fail the parse if an invalid character is found in the method.
This closes #149.


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/b0d8e2a5
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/b0d8e2a5
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/b0d8e2a5

Branch: refs/heads/master
Commit: b0d8e2a528b80099d3524922832f1b6917145f89
Parents: 4ea10c5
Author: shinrich <sh...@network-geographics.com>
Authored: Tue Nov 18 11:03:22 2014 -0600
Committer: Alan M. Carroll <so...@yahoo-inc.com>
Committed: Tue Nov 18 16:22:58 2014 -0600

----------------------------------------------------------------------
 CHANGES               |  2 ++
 proxy/hdrs/HTTP.cc    |  6 ++++++
 proxy/hdrs/HdrTest.cc | 53 ++++++++++++++++++++++++++++++++++++++++++++--
 proxy/hdrs/HdrTest.h  |  2 ++
 4 files changed, 61 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b0d8e2a5/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index f3b32cc..d996913 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache Traffic Server 5.2.0
 
+  *) [TS-3202] Enforce token character constraints on method field in HTTP header.
+
   *) [TS-2009] Fail HTTP header parsing for null characters.
 
   *) [TS-3153] Ability to disable/modify NPN advertisement list based on SNI

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b0d8e2a5/proxy/hdrs/HTTP.cc
----------------------------------------------------------------------
diff --git a/proxy/hdrs/HTTP.cc b/proxy/hdrs/HTTP.cc
index 2bdc58e..ce28ba7 100644
--- a/proxy/hdrs/HTTP.cc
+++ b/proxy/hdrs/HTTP.cc
@@ -976,6 +976,9 @@ http_parser_parse_req(HTTPParser *parser, HdrHeap *heap, HTTPHdrImpl *hh, const
       GETNEXT(done);
       goto parse_method1;
     }
+    if (!ParseRules::is_token(*cur)) {
+      goto done;
+    }
     method_start = cur;
     GETNEXT(done);
   parse_method2:
@@ -983,6 +986,9 @@ http_parser_parse_req(HTTPParser *parser, HdrHeap *heap, HTTPHdrImpl *hh, const
       method_end = cur;
       goto parse_version1;
     }
+    if (!ParseRules::is_token(*cur)) {
+      goto done;
+    }
     GETNEXT(done);
     goto parse_method2;
 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b0d8e2a5/proxy/hdrs/HdrTest.cc
----------------------------------------------------------------------
diff --git a/proxy/hdrs/HdrTest.cc b/proxy/hdrs/HdrTest.cc
index 1e48912..b254a86 100644
--- a/proxy/hdrs/HdrTest.cc
+++ b/proxy/hdrs/HdrTest.cc
@@ -977,6 +977,11 @@ HdrTest::test_http_hdr_print_and_copy()
     status =  test_http_hdr_null_char(i + 1, tests[i].req, tests[i].req_tgt);
     if (status == 0)
       ++failures;
+
+    // Parse with a CTL character in the method name.  Should fail
+    status =  test_http_hdr_ctl_char(i + 1, tests[i].req, tests[i].req_tgt);
+    if (status == 0)
+      ++failures;
   }
 
   return (failures_to_status("test_http_hdr_print_and_copy", failures));
@@ -1145,6 +1150,8 @@ done:
   }
 }
 
+/*-------------------------------------------------------------------------
+  -------------------------------------------------------------------------*/
 int
 HdrTest::test_http_hdr_null_char(int testnum,
                                  const char *request, const char * /*request_tgt*/)
@@ -1156,12 +1163,12 @@ HdrTest::test_http_hdr_null_char(int testnum,
   char cpy_buf[2048];
   const char *cpy_buf_ptr = cpy_buf;
 
-
   /*** (1) parse the request string into hdr ***/
 
   hdr.create(HTTP_TYPE_REQUEST);
 
   start = request;
+
   if (strlen(start) > sizeof(cpy_buf)) {
     printf("FAILED: (test #%d) Internal buffer too small for null char test\n", testnum);
     return (0);
@@ -1171,7 +1178,6 @@ HdrTest::test_http_hdr_null_char(int testnum,
   // Put a null character somewhere in the header
   int length = strlen(start);
   cpy_buf[length/2] = '\0';
-
   http_parser_init(&parser);
 
   while (1) {
@@ -1188,6 +1194,49 @@ HdrTest::test_http_hdr_null_char(int testnum,
 
 /*-------------------------------------------------------------------------
   -------------------------------------------------------------------------*/
+int
+HdrTest::test_http_hdr_ctl_char(int testnum,
+                                const char *request, const char * /*request_tgt */)
+{
+  int err;
+  HTTPHdr hdr;
+  HTTPParser parser;
+  const char *start;
+  char cpy_buf[2048];
+  const char *cpy_buf_ptr = cpy_buf;
+
+  /*** (1) parse the request string into hdr ***/
+
+  hdr.create(HTTP_TYPE_REQUEST);
+
+  start = request;
+  
+  if (strlen(start) > sizeof(cpy_buf)) {
+    printf("FAILED: (test #%d) Internal buffer too small for ctl char test\n", testnum);
+    return (0);
+  }
+  strcpy(cpy_buf, start);
+
+  // Replace a character in the method
+  cpy_buf[1] = 16;
+
+  http_parser_init(&parser);
+
+  while (1) {
+    err = hdr.parse_req(&parser, &cpy_buf_ptr, cpy_buf_ptr + strlen(start), true);
+    if (err != PARSE_CONT)
+      break;
+  }
+
+  if (err != PARSE_ERROR) {
+    printf("FAILED: (test #%d) no parse error parsing method with ctl char\n", testnum);
+    return (0);
+  }
+  return 1;
+}
+
+/*-------------------------------------------------------------------------
+  -------------------------------------------------------------------------*/
 
 int
 HdrTest::test_http_hdr_print_and_copy_aux(int testnum,

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b0d8e2a5/proxy/hdrs/HdrTest.h
----------------------------------------------------------------------
diff --git a/proxy/hdrs/HdrTest.h b/proxy/hdrs/HdrTest.h
index 1cf19d8..17fc16e 100644
--- a/proxy/hdrs/HdrTest.h
+++ b/proxy/hdrs/HdrTest.h
@@ -75,6 +75,8 @@ private:
                                        const char *rsp_tgt);
   int test_http_hdr_null_char(int testnum,
                               const char *req, const char *req_tgt );
+  int test_http_hdr_ctl_char(int testnum, 
+                             const char *req, const char *req_tgt);
   int test_http_hdr_copy_over_aux(int testnum, const char *request, const char *response);
   int test_http_aux(const char *request, const char *response);
   int test_arena_aux(Arena * arena, int len);