From 69123a3f670a41e31b0988583e342a7df028f136 Mon Sep 17 00:00:00 2001 From: Matus Fabian Date: Fri, 23 Aug 2024 17:35:50 +0200 Subject: http: status line parsing fix Request line must only start with method name and server should ignore at least one empty line (CRLF) received prior to the request-line. Type: fix Change-Id: Ifebd992dc4c13df1a3fabfcdef9e7ee644150a21 Signed-off-by: Matus Fabian --- extras/hs-test/http_test.go | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) (limited to 'extras') diff --git a/extras/hs-test/http_test.go b/extras/hs-test/http_test.go index 872f4c234b3..9fc426a88a7 100644 --- a/extras/hs-test/http_test.go +++ b/extras/hs-test/http_test.go @@ -29,7 +29,7 @@ func init() { HttpStaticMacTimeTest, HttpStaticBuildInUrlGetVersionVerboseTest, HttpVersionNotSupportedTest, HttpInvalidContentLengthTest, HttpInvalidTargetSyntaxTest, HttpStaticPathTraversalTest, HttpUriDecodeTest, HttpHeadersTest, HttpStaticFileHandlerTest, HttpStaticFileHandlerDefaultMaxAgeTest, HttpClientTest, HttpClientErrRespTest, HttpClientPostFormTest, - HttpClientPostFileTest, HttpClientPostFilePtrTest, AuthorityFormTargetTest) + HttpClientPostFileTest, HttpClientPostFilePtrTest, AuthorityFormTargetTest, HttpRequestLineTest) RegisterNoTopoSoloTests(HttpStaticPromTest, HttpTpsTest, HttpTpsInterruptModeTest, PromConcurrentConnectionsTest, PromMemLeakTest, HttpClientPostMemLeakTest, HttpInvalidClientRequestMemLeakTest) } @@ -867,7 +867,19 @@ func HttpInvalidRequestLineTest(s *NoTopoSuite) { serverAddress := s.GetInterfaceByName(TapInterfaceName).Peer.Ip4AddressString() vpp.Vppctl("http cli server") - resp, err := TcpSendReceive(serverAddress+":80", "GET / HTTP/1.1") + resp, err := TcpSendReceive(serverAddress+":80", " GET / HTTP/1.1") + s.AssertNil(err, fmt.Sprint(err)) + s.AssertContains(resp, "HTTP/1.1 400 Bad Request", "invalid request line start not allowed") + + resp, err = TcpSendReceive(serverAddress+":80", "\rGET / HTTP/1.1") + s.AssertNil(err, fmt.Sprint(err)) + s.AssertContains(resp, "HTTP/1.1 400 Bad Request", "invalid request line start not allowed") + + resp, err = TcpSendReceive(serverAddress+":80", "\nGET / HTTP/1.1") + s.AssertNil(err, fmt.Sprint(err)) + s.AssertContains(resp, "HTTP/1.1 400 Bad Request", "invalid request line start not allowed") + + resp, err = TcpSendReceive(serverAddress+":80", "GET / HTTP/1.1") s.AssertNil(err, fmt.Sprint(err)) s.AssertContains(resp, "HTTP/1.1 400 Bad Request", "invalid framing not allowed") @@ -896,6 +908,17 @@ func HttpInvalidRequestLineTest(s *NoTopoSuite) { s.AssertContains(resp, "HTTP/1.1 400 Bad Request", "'HTTP1.1' invalid http version not allowed") } +func HttpRequestLineTest(s *NoTopoSuite) { + vpp := s.GetContainerByName("vpp").VppInstance + serverAddress := s.GetInterfaceByName(TapInterfaceName).Peer.Ip4AddressString() + vpp.Vppctl("http cli server") + + resp, err := TcpSendReceive(serverAddress+":80", "\r\nGET /show/version HTTP/1.1\r\nHost:"+serverAddress+":80\r\nUser-Agent:test\r\n\r\n") + s.AssertNil(err, fmt.Sprint(err)) + s.AssertContains(resp, "HTTP/1.1 200 OK") + s.AssertContains(resp, "", "html content not found") +} + func HttpInvalidTargetSyntaxTest(s *NoTopoSuite) { vpp := s.GetContainerByName("vpp").VppInstance serverAddress := s.GetInterfaceByName(TapInterfaceName).Peer.Ip4AddressString() -- cgit 1.2.3-korg