You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by am...@apache.org on 2014/11/18 23:24:01 UTC
trafficserver git commit: TS-3202: Fail the parse if an invalid
character is found in the method. This closes #149.
Repository: trafficserver
Updated Branches:
refs/heads/master 4ea10c59f -> b0d8e2a52
TS-3202: Fail the parse if an invalid character is found in the method.
This closes #149.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/b0d8e2a5
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/b0d8e2a5
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/b0d8e2a5
Branch: refs/heads/master
Commit: b0d8e2a528b80099d3524922832f1b6917145f89
Parents: 4ea10c5
Author: shinrich <sh...@network-geographics.com>
Authored: Tue Nov 18 11:03:22 2014 -0600
Committer: Alan M. Carroll <so...@yahoo-inc.com>
Committed: Tue Nov 18 16:22:58 2014 -0600
----------------------------------------------------------------------
CHANGES | 2 ++
proxy/hdrs/HTTP.cc | 6 ++++++
proxy/hdrs/HdrTest.cc | 53 ++++++++++++++++++++++++++++++++++++++++++++--
proxy/hdrs/HdrTest.h | 2 ++
4 files changed, 61 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b0d8e2a5/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index f3b32cc..d996913 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
-*- coding: utf-8 -*-
Changes with Apache Traffic Server 5.2.0
+ *) [TS-3202] Enforce token character constraints on method field in HTTP header.
+
*) [TS-2009] Fail HTTP header parsing for null characters.
*) [TS-3153] Ability to disable/modify NPN advertisement list based on SNI
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b0d8e2a5/proxy/hdrs/HTTP.cc
----------------------------------------------------------------------
diff --git a/proxy/hdrs/HTTP.cc b/proxy/hdrs/HTTP.cc
index 2bdc58e..ce28ba7 100644
--- a/proxy/hdrs/HTTP.cc
+++ b/proxy/hdrs/HTTP.cc
@@ -976,6 +976,9 @@ http_parser_parse_req(HTTPParser *parser, HdrHeap *heap, HTTPHdrImpl *hh, const
GETNEXT(done);
goto parse_method1;
}
+ if (!ParseRules::is_token(*cur)) {
+ goto done;
+ }
method_start = cur;
GETNEXT(done);
parse_method2:
@@ -983,6 +986,9 @@ http_parser_parse_req(HTTPParser *parser, HdrHeap *heap, HTTPHdrImpl *hh, const
method_end = cur;
goto parse_version1;
}
+ if (!ParseRules::is_token(*cur)) {
+ goto done;
+ }
GETNEXT(done);
goto parse_method2;
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b0d8e2a5/proxy/hdrs/HdrTest.cc
----------------------------------------------------------------------
diff --git a/proxy/hdrs/HdrTest.cc b/proxy/hdrs/HdrTest.cc
index 1e48912..b254a86 100644
--- a/proxy/hdrs/HdrTest.cc
+++ b/proxy/hdrs/HdrTest.cc
@@ -977,6 +977,11 @@ HdrTest::test_http_hdr_print_and_copy()
status = test_http_hdr_null_char(i + 1, tests[i].req, tests[i].req_tgt);
if (status == 0)
++failures;
+
+ // Parse with a CTL character in the method name. Should fail
+ status = test_http_hdr_ctl_char(i + 1, tests[i].req, tests[i].req_tgt);
+ if (status == 0)
+ ++failures;
}
return (failures_to_status("test_http_hdr_print_and_copy", failures));
@@ -1145,6 +1150,8 @@ done:
}
}
+/*-------------------------------------------------------------------------
+ -------------------------------------------------------------------------*/
int
HdrTest::test_http_hdr_null_char(int testnum,
const char *request, const char * /*request_tgt*/)
@@ -1156,12 +1163,12 @@ HdrTest::test_http_hdr_null_char(int testnum,
char cpy_buf[2048];
const char *cpy_buf_ptr = cpy_buf;
-
/*** (1) parse the request string into hdr ***/
hdr.create(HTTP_TYPE_REQUEST);
start = request;
+
if (strlen(start) > sizeof(cpy_buf)) {
printf("FAILED: (test #%d) Internal buffer too small for null char test\n", testnum);
return (0);
@@ -1171,7 +1178,6 @@ HdrTest::test_http_hdr_null_char(int testnum,
// Put a null character somewhere in the header
int length = strlen(start);
cpy_buf[length/2] = '\0';
-
http_parser_init(&parser);
while (1) {
@@ -1188,6 +1194,49 @@ HdrTest::test_http_hdr_null_char(int testnum,
/*-------------------------------------------------------------------------
-------------------------------------------------------------------------*/
+int
+HdrTest::test_http_hdr_ctl_char(int testnum,
+ const char *request, const char * /*request_tgt */)
+{
+ int err;
+ HTTPHdr hdr;
+ HTTPParser parser;
+ const char *start;
+ char cpy_buf[2048];
+ const char *cpy_buf_ptr = cpy_buf;
+
+ /*** (1) parse the request string into hdr ***/
+
+ hdr.create(HTTP_TYPE_REQUEST);
+
+ start = request;
+
+ if (strlen(start) > sizeof(cpy_buf)) {
+ printf("FAILED: (test #%d) Internal buffer too small for ctl char test\n", testnum);
+ return (0);
+ }
+ strcpy(cpy_buf, start);
+
+ // Replace a character in the method
+ cpy_buf[1] = 16;
+
+ http_parser_init(&parser);
+
+ while (1) {
+ err = hdr.parse_req(&parser, &cpy_buf_ptr, cpy_buf_ptr + strlen(start), true);
+ if (err != PARSE_CONT)
+ break;
+ }
+
+ if (err != PARSE_ERROR) {
+ printf("FAILED: (test #%d) no parse error parsing method with ctl char\n", testnum);
+ return (0);
+ }
+ return 1;
+}
+
+/*-------------------------------------------------------------------------
+ -------------------------------------------------------------------------*/
int
HdrTest::test_http_hdr_print_and_copy_aux(int testnum,
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b0d8e2a5/proxy/hdrs/HdrTest.h
----------------------------------------------------------------------
diff --git a/proxy/hdrs/HdrTest.h b/proxy/hdrs/HdrTest.h
index 1cf19d8..17fc16e 100644
--- a/proxy/hdrs/HdrTest.h
+++ b/proxy/hdrs/HdrTest.h
@@ -75,6 +75,8 @@ private:
const char *rsp_tgt);
int test_http_hdr_null_char(int testnum,
const char *req, const char *req_tgt );
+ int test_http_hdr_ctl_char(int testnum,
+ const char *req, const char *req_tgt);
int test_http_hdr_copy_over_aux(int testnum, const char *request, const char *response);
int test_http_aux(const char *request, const char *response);
int test_arena_aux(Arena * arena, int len);