httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ic...@apache.org
Subject svn commit: r1744414 - in /httpd/test/mod_h2/trunk: mh2fuzz/mh2f_fuzzer.c test/test_fuzz.sh
Date Wed, 18 May 2016 14:38:31 GMT
Author: icing
Date: Wed May 18 14:38:31 2016
New Revision: 1744414

URL: http://svn.apache.org/viewvc?rev=1744414&view=rev
Log:
adding fuzzing of :path header

Modified:
    httpd/test/mod_h2/trunk/mh2fuzz/mh2f_fuzzer.c
    httpd/test/mod_h2/trunk/test/test_fuzz.sh

Modified: httpd/test/mod_h2/trunk/mh2fuzz/mh2f_fuzzer.c
URL: http://svn.apache.org/viewvc/httpd/test/mod_h2/trunk/mh2fuzz/mh2f_fuzzer.c?rev=1744414&r1=1744413&r2=1744414&view=diff
==============================================================================
--- httpd/test/mod_h2/trunk/mh2fuzz/mh2f_fuzzer.c (original)
+++ httpd/test/mod_h2/trunk/mh2fuzz/mh2f_fuzzer.c Wed May 18 14:38:31 2016
@@ -362,6 +362,47 @@ static h2c_session_obs *slh_create(const
 }
 
 /*******************************************************************************
+ * Make a request with a super long path
+ ******************************************************************************/
+ typedef struct fuzzer_slp {
+    h2c_session_obs obs;
+} fuzzer_slp;
+
+static void slp_submit(h2c_session *s, h2c_stream *stream, h2c_request *r, 
+                       h2c_session_obs *obs)
+{
+    fuzzer_slh *f = obs->ctx;
+    apr_size_t hlen = 10*1024+1;
+    char *slh;
+
+    if (s->c->verbose > 1) {
+        fprintf(stderr, "h2c_conn(%ld-%d): submit super long :path\n", 
+                s->c->id, stream->id);
+    }
+    
+    slh = apr_pcalloc(stream->p, hlen+1);
+    for (int i = 0; i < hlen; ++i) {
+        slh[i] = 'A';
+    }
+    slh[0] = '/';
+    slh[hlen] = '\0';
+    h2c_request_headers_set(r, ":path", slh);
+}
+
+static h2c_session_obs *slp_create(const char *name, apr_pool_t *p)
+{
+    fuzzer_ds *f;
+    size_t prelen = sizeof("super-long-path")-1;
+    
+    f = apr_pcalloc(p, sizeof(*f));
+    f->name             = apr_pstrdup(p, name);
+    f->obs.ctx          = f;
+    f->obs.before_submit = slp_submit;
+    
+    return &f->obs;
+}
+
+/*******************************************************************************
  * Make a request with a super many header
  ******************************************************************************/
  typedef struct fuzzer_smh {
@@ -434,5 +475,8 @@ struct h2c_session_obs *mh2f_session_fuz
     if (HAS_PREFIX("super-many-header", name)) {
         return smh_create(name, p);
     }
+    if (HAS_PREFIX("super-long-path", name)) {
+        return slp_create(name, p);
+    }
     return NULL;
 }

Modified: httpd/test/mod_h2/trunk/test/test_fuzz.sh
URL: http://svn.apache.org/viewvc/httpd/test/mod_h2/trunk/test/test_fuzz.sh?rev=1744414&r1=1744413&r2=1744414&view=diff
==============================================================================
--- httpd/test/mod_h2/trunk/test/test_fuzz.sh (original)
+++ httpd/test/mod_h2/trunk/test/test_fuzz.sh Wed May 18 14:38:31 2016
@@ -145,9 +145,22 @@ EOF
     echo -n "super-long..."
     $MH2FUZZ -c 1 -m 1 -n 1 -f super-long-header $URL/ > $GEN/result 2>&1 || fail
     diff -u $GEN/expected $GEN/result || fail 
-    echo -n "super-many..."
+    echo -n "many..."
     $MH2FUZZ -c 1 -m 1 -n 1 -f super-many-header $URL/ > $GEN/result 2>&1 || fail
     diff -u $GEN/expected $GEN/result || fail 
+    echo -n "path..."
+    (
+        echo -n "-->     0:00001 GET /"
+        i=0 
+        while test $i -lt 1024 ; do
+            echo -n "AAAAAAAAAA"
+            i=$[ i + 1 ]
+        done
+        echo ' -> 414 0'
+        echo '0/0/1/0/0 (2/3/4/5/0xx)'
+    ) > $GEN/expected
+    $MH2FUZZ -c 1 -m 1 -n 1 -f super-long-path $URL/ > $GEN/result 2>&1 || fail
+    diff -u $GEN/expected $GEN/result || fail 
     echo "ok."
 }
 



Mime
View raw message