From c6ffae22748bc22d5ef88fea2a3ca67f480ee74b Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Fri, 19 Nov 2010 10:19:45 +0000
Subject: max_body: rewrite wrappers to be safer

To avoid denial-of-service attacks, the wrappers need to
intercept requests *before* they hit the memory allocator, so we
need to reimplement the read(all) and gets cases to use
smaller buffers whenever the application does not specify one.
---
 t/t0104-rack-input-limit-tiny.sh | 134 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 133 insertions(+), 1 deletion(-)

(limited to 't/t0104-rack-input-limit-tiny.sh')

diff --git a/t/t0104-rack-input-limit-tiny.sh b/t/t0104-rack-input-limit-tiny.sh
index 0cf9f73..284d7c0 100755
--- a/t/t0104-rack-input-limit-tiny.sh
+++ b/t/t0104-rack-input-limit-tiny.sh
@@ -3,7 +3,7 @@
 test -r random_blob || die "random_blob required, run with 'make $0'"
 req_curl_chunked_upload_err_check
 
-t_plan 6 "rack.input client_max_body_size tiny"
+t_plan 18 "rack.input client_max_body_size tiny"
 
 t_begin "setup and startup" && {
 	rtmpfiles curl_out curl_err cmbs_config
@@ -21,6 +21,7 @@ t_begin "stops a regular request" && {
 	  http://$listen/ > $curl_out 2> $curl_err || > $ok
 	dbgcat curl_err
 	dbgcat curl_out
+	grep 413 $curl_err
 	test -e $ok
 }
 
@@ -31,6 +32,7 @@ t_begin "stops a large chunked request" && {
 	  http://$listen/ > $curl_out 2> $curl_err || > $ok
 	dbgcat curl_err
 	dbgcat curl_out
+	grep 413 $curl_err
 	test -e $ok
 }
 
@@ -56,6 +58,136 @@ t_begin "small size sha1 content-length ok" && {
 	test "$(cat $curl_out)" = $blob_sha1
 }
 
+t_begin "stops a regular request (gets_read_mix)" && {
+	rm -f $ok
+	dd if=/dev/zero bs=257 count=1 of=$tmp
+	curl -vsSf -T $tmp -H Expect: \
+	  http://$listen/gets_read_mix > $curl_out 2> $curl_err || > $ok
+	dbgcat curl_err
+	dbgcat curl_out
+	grep 413 $curl_err
+	test -e $ok
+}
+
+t_begin "stops a large chunked request (gets_read_mix)" && {
+	rm -f $ok
+	dd if=/dev/zero bs=257 count=1 | \
+	  curl -vsSf -T- -H Expect: \
+	  http://$listen/gets_read_mix > $curl_out 2> $curl_err || > $ok
+	dbgcat curl_err
+	dbgcat curl_out
+	grep 413 $curl_err
+	test -e $ok
+}
+
+t_begin "stops a large line-based chunked request (gets_read_mix)" && {
+	rm -f $ok
+	</dev/null awk 'BEGIN{for(i=22;--i>=0;) print "hello world"}' | \
+	  curl -vsSf -T- -H Expect: \
+	  http://$listen/gets_read_mix > $curl_out 2> $curl_err || > $ok
+	dbgcat curl_err
+	dbgcat curl_out
+	grep 413 $curl_err
+	test -e $ok
+}
+
+t_begin "OK with line-based chunked request (gets_read_mix)" && {
+	rm -f $ok
+	</dev/null awk 'BEGIN{for(i=21;--i>=0;) print "hello world"}' | \
+	  curl -vsSf -T- -H Expect: \
+	  http://$listen/gets_read_mix > $curl_out 2> $curl_err
+	dbgcat curl_err
+	dbgcat curl_out
+	test x"$(cat $curl_out)" = x23eab3cebcbe22a0456c8462e3d3bb01ae761702
+}
+
+t_begin "small size sha1 chunked ok (gets_read_mix)" && {
+	blob_sha1=b376885ac8452b6cbf9ced81b1080bfd570d9b91
+	rm -f $ok
+	dd if=/dev/zero bs=256 count=1 | \
+	  curl -vsSf -T- -H Expect: \
+	  http://$listen/gets_read_mix > $curl_out 2> $curl_err
+	dbgcat curl_err
+	dbgcat curl_out
+	test "$(cat $curl_out)" = $blob_sha1
+}
+
+t_begin "small size sha1 content-length ok (gets_read_mix)" && {
+	blob_sha1=b376885ac8452b6cbf9ced81b1080bfd570d9b91
+	rm -f $ok
+	dd if=/dev/zero bs=256 count=1 of=$tmp
+	curl -vsSf -T $tmp -H Expect: \
+	  http://$listen/gets_read_mix > $curl_out 2> $curl_err
+	dbgcat curl_err
+	dbgcat curl_out
+	test "$(cat $curl_out)" = $blob_sha1
+}
+
+t_begin "stops a regular request (each)" && {
+	rm -f $ok
+	dd if=/dev/zero bs=257 count=1 of=$tmp
+	curl -vsSf -T $tmp -H Expect: \
+	  http://$listen/each > $curl_out 2> $curl_err || > $ok
+	dbgcat curl_err
+	dbgcat curl_out
+	grep 413 $curl_err
+	test -e $ok
+}
+
+t_begin "stops a large chunked request (each)" && {
+	rm -f $ok
+	dd if=/dev/zero bs=257 count=1 | \
+	  curl -vsSf -T- -H Expect: \
+	  http://$listen/each > $curl_out 2> $curl_err || > $ok
+	dbgcat curl_err
+	dbgcat curl_out
+	grep 413 $curl_err
+	test -e $ok
+}
+
+t_begin "small size sha1 chunked ok (each)" && {
+	blob_sha1=b376885ac8452b6cbf9ced81b1080bfd570d9b91
+	rm -f $ok
+	dd if=/dev/zero bs=256 count=1 | \
+	  curl -vsSf -T- -H Expect: \
+	  http://$listen/each > $curl_out 2> $curl_err
+	dbgcat curl_err
+	dbgcat curl_out
+	test "$(cat $curl_out)" = $blob_sha1
+}
+
+t_begin "small size sha1 content-length ok (each)" && {
+	blob_sha1=b376885ac8452b6cbf9ced81b1080bfd570d9b91
+	rm -f $ok
+	dd if=/dev/zero bs=256 count=1 of=$tmp
+	curl -vsSf -T $tmp -H Expect: \
+	  http://$listen/each > $curl_out 2> $curl_err
+	dbgcat curl_err
+	dbgcat curl_out
+	test "$(cat $curl_out)" = $blob_sha1
+}
+
+t_begin "stops a large line-based chunked request (each)" && {
+	rm -f $ok
+	</dev/null awk 'BEGIN{for(i=22;--i>=0;) print "hello world"}' | \
+	  curl -vsSf -T- -H Expect: \
+	  http://$listen/each > $curl_out 2> $curl_err || > $ok
+	dbgcat curl_err
+	dbgcat curl_out
+	grep 413 $curl_err
+	test -e $ok
+}
+
+t_begin "OK with line-based chunked request (each)" && {
+	rm -f $ok
+	</dev/null awk 'BEGIN{for(i=21;--i>=0;) print "hello world"}' | \
+	  curl -vsSf -T- -H Expect: \
+	  http://$listen/each > $curl_out 2> $curl_err
+	dbgcat curl_err
+	dbgcat curl_out
+	test x"$(cat $curl_out)" = x23eab3cebcbe22a0456c8462e3d3bb01ae761702
+}
+
 t_begin "shutdown" && {
 	kill $rainbows_pid
 }
-- 
cgit v1.2.3-24-ge0c7