micro_http: check arithmetic operations #1998
Conversation
| let uri_and_version = &request_line[(method_end + 1)..]; | ||
| let uri_start = method_end.checked_add(1).ok_or(RequestError::Overflow)?; | ||
|
|
||
| // Slice access is safe because `uri_start` <= `request_line` size. |
There was a problem hiding this comment.
Who validates that uri_start is <= request_line? The above check seem to only check that the integer does not overflow.
There was a problem hiding this comment.
+1 on this. The comments in this function should be clearer and point to the exact place where the check is assured (in this case, find call).
Also, it looks like, in the following scenario:
let request_line = b"GET";
assert_eq!(
RequestLine::try_from(request_line).unwrap_err(),
RequestError::InvalidHttpMethod("Unsupported HTTP method.")
);the returned error is Unsupported HTTP method, but I don't know/think that this error is the best one, seems really confusing, would it be better to return something else?
Maybe parse_request_line() could return an error if SP is not found, what do you think?
There was a problem hiding this comment.
I added more comments, hope it got a littler clearer.
Also modified parse_request_line to return an error if there is no SP.
| let version = &uri_and_version[(uri_end + 1)..]; | ||
| let version_start = uri_end.checked_add(1).ok_or(RequestError::Overflow)?; | ||
|
|
||
| // Slice access is safe because `version_start` <= `uri_and_version` size. |
There was a problem hiding this comment.
Same question as above.
There was a problem hiding this comment.
Tried to add comments. 😅
| let uri_and_version = &request_line[(method_end + 1)..]; | ||
| let uri_start = method_end.checked_add(1).ok_or(RequestError::Overflow)?; | ||
|
|
||
| // Slice access is safe because `uri_start` <= `request_line` size. |
There was a problem hiding this comment.
+1 on this. The comments in this function should be clearer and point to the exact place where the check is assured (in this case, find call).
Also, it looks like, in the following scenario:
let request_line = b"GET";
assert_eq!(
RequestLine::try_from(request_line).unwrap_err(),
RequestError::InvalidHttpMethod("Unsupported HTTP method.")
);the returned error is Unsupported HTTP method, but I don't know/think that this error is the best one, seems really confusing, would it be better to return something else?
Maybe parse_request_line() could return an error if SP is not found, what do you think?
src/micro_http/src/request.rs
Outdated
| let body_len = headers_and_body | ||
| .len() | ||
| .checked_sub(crlf_end) | ||
| .ok_or(RequestError::Underflow)?; |
There was a problem hiding this comment.
Is it possible to have tests for at least some of the Underflow, Overflow scenarios that are handled in this PR?
There was a problem hiding this comment.
The underflows don't seem possible so I removed them and added comments. for overflows it's a little harder to test 😞
| return Err(RequestError::InvalidRequest); | ||
| } | ||
| let body_as_bytes = &headers_and_body[(headers_end + 2 * CRLF_LEN)..]; | ||
| let body_as_bytes = &headers_and_body[crlf_end..]; |
ioanachirca
force-pushed
the
arithmetic_ops
branch
2 times, most recently
from
c92bebf to
7bc15d8
Compare
src/dumbo/src/tcp/endpoint.rs
Outdated
| RequestError::Underflow => build_response( | ||
| Version::default(), | ||
| StatusCode::BadRequest, | ||
| Body::new(e.to_string()), | ||
| ), |
There was a problem hiding this comment.
nit: since this seems unreachable now, I would move this arm at the end of this match, right before the UnsupportedHeader one (I wouldn't though replace build_response() with unreachable!()since maybe try_from() eventually will be able to return Underflow too and it would be pretty easy to forget updating here with it).
| } | ||
|
|
||
| (b"", b"", b"") | ||
| Err(RequestError::InvalidRequest) |
There was a problem hiding this comment.
nit: maybe add a comment here that we now consider as invalid a request with no SPs.
There was a problem hiding this comment.
Added. Also removed the case when we return an Ok when there is no HTTP version.
src/micro_http/src/request.rs
Outdated
| // Underflow is not possible here because `byte_stream[request_line_end..]` starts with CR LF, | ||
| // so `headers_end` can be either zero (first match arm) or >= 3. |
There was a problem hiding this comment.
nit (to avoid any kind of confusion):
| // Underflow is not possible here because `byte_stream[request_line_end..]` starts with CR LF, | |
| // so `headers_end` can be either zero (first match arm) or >= 3. | |
| // Underflow is not possible here because `byte_stream[request_line_end..]` starts with CR LF, | |
| // so `headers_end` can be either zero (but this case is treated separately in the first match arm) | |
| // or >= 3 (current case). |
ioanachirca
force-pushed
the
arithmetic_ops
branch
2 times, most recently
from
9b9bbdc to
5878780
Compare
ioanachirca
force-pushed
the
arithmetic_ops
branch
2 times, most recently
from
97e77c0 to
9d8be78
Compare
Signed-off-by: Ioana Chirca <chioana@amazon.com>
ioanachirca
force-pushed
the
arithmetic_ops
branch
from
9d8be78 to
b6581d3
Compare
3 participants
Signed-off-by: Ioana Chirca chioana@amazon.com
Reason for This PR
Part of #2003
This PR adds checks/comments for the micro_http operations that are not fixed in #1985
Description of Changes
[Author TODO: add description of changes.]rust-vmm.License Acceptance
By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license.
PR Checklist
[Author TODO: Meet these criteria.][Reviewer TODO: Verify that these criteria are met. Request changes if not]git commit -s).unsafecode is properly documented.firecracker/swagger.yaml.CHANGELOG.md.