Merge pull request apache#174 from shinrich/ytsats-3131-7

YTSATS-3131: Patch smuggle flaw and add test
SolidWallOfCode · Jan 29, 2020 · c363de7 · c363de7
2 parents e94ddc6 + 7afe23b
commit c363de7
Show file tree

Hide file tree

Showing 5 changed files with 90 additions and 17 deletions.
diff --git a/proxy/hdrs/HTTP.cc b/proxy/hdrs/HTTP.cc
@@ -1132,19 +1132,17 @@ http_parser_parse_req(HTTPParser *parser, HdrHeap *heap, HTTPHdrImpl *hh, const
 
     end                    = real_end;
     parser->m_parsing_http = false;
-
-    ParseResult ret = mime_parser_parse(&parser->m_mime_parser, heap, hh->m_fields_impl, start, end, must_copy_strings, eof);
-    // If we're done with the main parse do some validation
-    if (ret == PARSE_RESULT_DONE) {
-      ret = validate_hdr_host(hh); // check HOST header
-    }
-    if (ret == PARSE_RESULT_DONE) {
-      ret = validate_hdr_content_length(heap, hh);
-    }
-    return ret;
   }
 
-  return mime_parser_parse(&parser->m_mime_parser, heap, hh->m_fields_impl, start, end, must_copy_strings, eof);
+  ParseResult ret = mime_parser_parse(&parser->m_mime_parser, heap, hh->m_fields_impl, start, end, must_copy_strings, eof);
+  // If we're done with the main parse do some validation
+  if (ret == PARSE_RESULT_DONE) {
+    ret = validate_hdr_host(hh); // check HOST header
+  }
+  if (ret == PARSE_RESULT_DONE) {
+    ret = validate_hdr_content_length(heap, hh);
+  }
+  return ret;
 }
 
 ParseResult

diff --git a/tests/gold_tests/chunked_encoding/chunked_encoding.test.py b/tests/gold_tests/chunked_encoding/chunked_encoding.test.py
@@ -16,14 +16,13 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
-import os
 Test.Summary = '''
-Test interaction of H2 and chunked encoding
+Test chunked encoding processing
 '''
-# need Curl
+# need Curl with HTTP/2
 Test.SkipUnless(
-    Condition.HasProgram("curl", "Curl need to be installed on system for this test to work"),
-    Condition.HasCurlFeature('http2')
+    Condition.HasCurlFeature('http2'),
+    Condition.HasProgram("nc", "Nc needs to be installed on this system for this test to work"),
 )
 Test.ContinueOnFail = True
 
@@ -67,7 +66,7 @@
 ts.Disk.records_config.update({
     'proxy.config.http2.enabled': 1,    # this option is for VZM-internal only
     'proxy.config.diags.debug.enabled': 1,
-    'proxy.config.diags.debug.tags': 'lm|ssl',
+    'proxy.config.diags.debug.tags': 'http',
     'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
     'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
     'proxy.config.ssl.client.verify.server':  0,
@@ -83,6 +82,9 @@
 ts.Disk.remap_config.AddLine(
     'map https://www.anotherexample.com https://127.0.0.1:{0}'.format(server2.Variables.SSL_Port, ts.Variables.ssl_port)
 )
+ts.Disk.remap_config.AddLine(
+    'map /netcatserver http://127.0.0.1:8888'
+)
 
 
 ts.Disk.ssl_multicert_config.AddLine(
@@ -126,3 +128,17 @@
 tr.Processes.Default.ReturnCode = 0
 tr.Processes.Default.Streams.stderr = "gold/chunked_POST_200.gold"
 tr.StillRunningAfter = server
+
+# HTTP1.1 POST: Send the request in two packets.  Use netcat for this as client and server
+server1_out = Test.Disk.File("outserver1")
+tr = Test.AddTestRun()
+tr.Setup.Copy('http1case1.sh')
+tr.Setup.Copy('create-request.sh')
+tr.Setup.Copy('respond-server.sh')
+tr.Processes.Default.Command = 'sh ./http1case1.sh {0}'.format(ts.Variables.port)
+tr.Processes.Default.ReturnCode = 0
+server1_out.Content = Testers.ExcludesExpression("Content-length", "Should not see content-length at server")
+server1_out.Content += Testers.ContainsExpression("Transfer-Encoding: chunked", "Request should be chunked encoded")
+tr.StillRunningAfter = ts
+# No resets in the output
+# No content lengths in the header
diff --git a/tests/gold_tests/chunked_encoding/create-request.sh b/tests/gold_tests/chunked_encoding/create-request.sh
@@ -0,0 +1,21 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+printf "POST /netcatserver HTTP/1.1\r\n"
+printf "Content-length: 14\r\n"
+sleep 1
+printf "Transfer-Encoding: chunked\r\n\r\n"
+printf "F\r\n987654321054321\r\n0\r\n\r\n"
diff --git a/tests/gold_tests/chunked_encoding/http1case1.sh b/tests/gold_tests/chunked_encoding/http1case1.sh
@@ -0,0 +1,19 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+nc -4 -l 8888 -o outserver1 -c "sh ./respond-server.sh" &
+sleep 1
+sh ./create-request.sh | nc -C 127.0.0.1 $1
diff --git a/tests/gold_tests/chunked_encoding/respond-server.sh b/tests/gold_tests/chunked_encoding/respond-server.sh
@@ -0,0 +1,19 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+printf "HTTP/1.1 200\r\nTransfer-encoding: chunked\r\n\r\n"
+printf "F\r\n123456789012345\r\n"
+printf "0\r\n\r\n"