# HG changeset patch # User Sergey Kandaurov # Date 1621334093 -10800 # Node ID 816d6ceefe505f9684ba03c34732b5f0d7fb26b8 # Parent 0d1cec6881113e95f0db5a7f9a49027671cabb7c Tests: added grpc tests with malformed headers. diff --git a/grpc.t b/grpc.t --- a/grpc.t +++ b/grpc.t @@ -24,7 +24,7 @@ select STDERR; $| = 1; select STDOUT; $| = 1; my $t = Test::Nginx->new()->has(qw/http rewrite http_v2 grpc/) - ->has(qw/upstream_keepalive/)->plan(116); + ->has(qw/upstream_keepalive/)->plan(123); $t->write_file_expand('nginx.conf', <<'EOF'); @@ -383,6 +383,52 @@ is($frame->{headers}{'x' x 2**8}, 'y' x ($frame) = grep { $_->{flags} & 0x4 } @$frames; is($frame->{headers}{'x' x 2**15}, 'y' x 2**15, 'long header field 3'); +# Intermediary Encapsulation Attacks, malformed header fields + +$f->{http_start}('/'); +$f->{data}('Hello'); +$frames = $f->{field_bad}(n => 'n:n'); +($frame) = grep { $_->{type} eq "HEADERS" } @$frames; +is($frame->{headers}{':status'}, 502, 'invalid header name colon'); + +$f->{http_start}('/'); +$f->{data}('Hello'); +$frames = $f->{field_bad}(n => 'NN'); +($frame) = grep { $_->{type} eq "HEADERS" } @$frames; +is($frame->{headers}{':status'}, 502, 'invalid header name uppercase'); + +$f->{http_start}('/'); +$f->{data}('Hello'); +$frames = $f->{field_bad}(n => "n\nn"); +($frame) = grep { $_->{type} eq "HEADERS" } @$frames; +is($frame->{headers}{':status'}, 502, 'invalid header name ctl'); + +$f->{http_start}('/'); +$f->{data}('Hello'); +$frames = $f->{field_bad}(v => "v\nv"); +($frame) = grep { $_->{type} eq "HEADERS" } @$frames; +is($frame->{headers}{':status'}, 502, 'invalid header value ctl'); + +# invalid HPACK index + +$f->{http_start}('/'); +$f->{data}('Hello'); +$frames = $f->{field_bad}('m' => 0); +($frame) = grep { $_->{type} eq "HEADERS" } @$frames; +is($frame->{headers}{':status'}, 502, 'invalid index - indexed header'); + +$f->{http_start}('/'); +$f->{data}('Hello'); +$frames = $f->{field_bad}('m' => 1); +($frame) = grep { $_->{type} eq "HEADERS" } @$frames; +is($frame->{headers}{':status'}, 502, 'invalid index - with indexing'); + +$f->{http_start}('/'); +$f->{data}('Hello'); +$frames = $f->{field_bad}('m' => 3); +($frame) = grep { $_->{type} eq "HEADERS" } @$frames; +is($frame->{headers}{':status'}, 502, 'invalid index - without indexing'); + # flow control $f->{http_start}('/FlowControl'); @@ -784,6 +830,18 @@ sub grpc { return $s->read(all => [{ fin => 1 }]); }; + $f->{field_bad} = sub { + my (%extra) = @_; + my $n = defined $extra{'n'} ? $extra{'n'} : 'n'; + my $v = defined $extra{'v'} ? $extra{'v'} : 'v'; + my $m = defined $extra{'m'} ? $extra{'m'} : 2; + $c->new_stream({ headers => [ + { name => ':status', value => '200' }, + { name => $n, value => $v, mode => $m }, + ]}, $sid); + + return $s->read(all => [{ fin => 1 }]); + }; $f->{discard} = sub { my (%extra) = @_; $c->new_stream({ body_more => 1, %extra, headers => [