Robustness against fuzzers #138

mmaker · 2014-08-23T13:30:44Z

I tried to use a fuzzer against cyclone, specifically:
pathoc -e -I 200 -t 2 -n 1000 localhost -p 8888 get:/:b@10:ir,@1
which generates some exceptions even on the helloworld httpserver run with:
python demos/helloworld/helloworld.py
(following)

2014-08-23 11:12:28+0200 Unhandled Error
        Traceback (most recent call last):
          File
        "/home/maker/.venvs/cyclone/local/lib/python2.7/site-packages/twisted/python/log.py",
        line 88, in callWithLogger
            return callWithContext({"system": lp}, func, *args, **kw)
          File
        "/home/maker/.venvs/cyclone/local/lib/python2.7/site-packages/twisted/python/log.py",
        line 73, in callWithContext
            return context.call({ILogContext: newCtx}, func, *args, **kw)
          File
        "/home/maker/.venvs/cyclone/local/lib/python2.7/site-packages/twisted/python/context.py",
        line 118, in callWithContext
            return self.currentContext().callWithContext(ctx, func, *args, **kw)
          File
        "/home/maker/.venvs/cyclone/local/lib/python2.7/site-packages/twisted/python/context.py",
        line 81, in callWithContext
            return func(*args,**kw)
        --- <exception caught here> ---
          File
        "/home/maker/.venvs/cyclone/local/lib/python2.7/site-packages/twisted/internet/posixbase.py",
        line 614, in _doReadOrWrite
            why = selectable.doRead()
          File
        "/home/maker/.venvs/cyclone/local/lib/python2.7/site-packages/twisted/internet/tcp.py",
        line 214, in doRead
            return self._dataReceived(data)
          File
        "/home/maker/.venvs/cyclone/local/lib/python2.7/site-packages/twisted/internet/tcp.py",
        line 220, in _dataReceived
            rval = self.protocol.dataReceived(data)
          File
        "/home/maker/.venvs/cyclone/local/lib/python2.7/site-packages/twisted/protocols/basic.py",
        line 571, in dataReceived
            why = self.lineReceived(line)
          File "/home/maker/dev/cyclone/cyclone/httpserver.py", line 96, in
        lineReceived
            self._on_headers(buff)
          File "/home/maker/dev/cyclone/cyclone/httpserver.py", line 158, in
        _on_headers
            headers = httputil.HTTPHeaders.parse(data[eol:])
          File "/home/maker/dev/cyclone/cyclone/httputil.py", line 133, in parse
            h.parse_line(line)
          File "/home/maker/dev/cyclone/cyclone/httputil.py", line 118, in
        parse_line
            name, value = line.split(":", 1)
        exceptions.ValueError: need more than 1 value to unpack

2014-08-23 11:12:28+0200 [http] 404 GET / (127.0.0.1) 0.33ms

2014-08-23 11:12:27+0200 Unhandled Error
        Traceback (most recent call last):
          File
          "/home/maker/.venvs/cyclone/local/lib/python2.7/site-packages/twisted/python/log.py",
          line 88, in callWithLogger
            return callWithContext({"system": lp}, func, *args, **kw)
          File
          "/home/maker/.venvs/cyclone/local/lib/python2.7/site-packages/twisted/python/log.py",
          line 73, in callWithContext
            return context.call({ILogContext: newCtx}, func, *args, **kw)
          File
          "/home/maker/.venvs/cyclone/local/lib/python2.7/site-packages/twisted/python/context.py",
          line 118, in callWithContext
            return self.currentContext().callWithContext(ctx, func, *args, **kw)
          File
          "/home/maker/.venvs/cyclone/local/lib/python2.7/site-packages/twisted/python/context.py",
          line 81, in callWithContext
            return func(*args,**kw)
        --- <exception caught here> ---
          File
          "/home/maker/.venvs/cyclone/local/lib/python2.7/site-packages/twisted/internet/posixbase.py",
          line 614, in _doReadOrWrite
            why = selectable.doRead()
          File
          "/home/maker/.venvs/cyclone/local/lib/python2.7/site-packages/twisted/internet/tcp.py",
          line 214, in doRead
            return self._dataReceived(data)
          File
          "/home/maker/.venvs/cyclone/local/lib/python2.7/site-packages/twisted/internet/tcp.py",
          line 220, in _dataReceived
            rval = self.protocol.dataReceived(data)
          File
          "/home/maker/.venvs/cyclone/local/lib/python2.7/site-packages/twisted/protocols/basic.py",
          line 571, in dataReceived
            why = self.lineReceived(line)
          File "/home/maker/dev/cyclone/cyclone/httpserver.py", line 96, in
          lineReceived
            self._on_headers(buff)
          File "/home/maker/dev/cyclone/cyclone/httpserver.py", line 163, in
          _on_headers
            content_length = int(headers.get("Content-Length", 0))
        exceptions.ValueError: invalid literal for int() with base 10: '\xc3\xbc
        10'

The text was updated successfully, but these errors were encountered:

Fix #138: validate HTTP headers.

…feature/unittesting * 'feature/unittesting' of github.com:dpnova/cyclone: Ensure the right param data is available on POST and friends. Enable cookie interactions (and sessions) in the test client. Include new testing and tests packages in the setup.py We dont care about coverage on setup.py Fix fiorix#138: validate HTTP headers.

mmaker mentioned this issue Aug 23, 2014

Fix #138: validate HTTP headers. #139

Merged

fiorix closed this as completed in 187b4b7 Aug 23, 2014

fiorix added a commit that referenced this issue Aug 23, 2014

Merge pull request #139 from mmaker/master

1921aea

Fix #138: validate HTTP headers.

hellais pushed a commit to hellais/cyclone that referenced this issue Sep 17, 2014

Fix fiorix#138: validate HTTP headers.

5d18044

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Robustness against fuzzers #138

Robustness against fuzzers #138

mmaker commented Aug 23, 2014

Robustness against fuzzers #138

Robustness against fuzzers #138

Comments

mmaker commented Aug 23, 2014