From 75a25372d63577751087b8a359c3cff28d511932 Mon Sep 17 00:00:00 2001 From: Asra Ali Date: Tue, 14 Apr 2020 16:06:02 -0400 Subject: [PATCH 1/3] fix request Signed-off-by: Asra Ali --- test/common/http/http2/codec_impl_test_util.h | 7 +++++++ ...equest_header_fuzz_test-4795710559223808.fuzz | Bin 0 -> 2145 bytes 2 files changed, 7 insertions(+) create mode 100644 test/common/http/http2/request_header_corpus/clusterfuzz-testcase-minimized-request_header_fuzz_test-4795710559223808.fuzz diff --git a/test/common/http/http2/codec_impl_test_util.h b/test/common/http/http2/codec_impl_test_util.h index c6d859056d8a7..c563f9771ba35 100644 --- a/test/common/http/http2/codec_impl_test_util.h +++ b/test/common/http/http2/codec_impl_test_util.h @@ -26,7 +26,14 @@ class TestCodecSettingsProvider { void onSettingsFrame(const nghttp2_settings& settings_frame) { for (uint32_t i = 0; i < settings_frame.niv; ++i) { auto result = settings_.insert(settings_frame.iv[i]); + // In case of fuzzing, we expect possible duplicates settings. +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ASSERT(result.second); +#else + if (!result.second) { + ENVOY_LOG_MISC(debug, "Duplicated settings parameter {}", settings_frame.iv[i].settings_id); + } +#endif } } diff --git a/test/common/http/http2/request_header_corpus/clusterfuzz-testcase-minimized-request_header_fuzz_test-4795710559223808.fuzz b/test/common/http/http2/request_header_corpus/clusterfuzz-testcase-minimized-request_header_fuzz_test-4795710559223808.fuzz new file mode 100644 index 0000000000000000000000000000000000000000..0325435ebd719c94db635bf71189b5b9783ba338 GIT binary patch literal 2145 zcmV-n2%h%<1^@&A000000096200;?BWASP5mT-#)=_Rb^4$?r7u>F;|D)OkNWrIL| zn$O2(CA`;DtJTaM?v+f8@adSMdh4nJmMf~_er{yCnYy|vC)ib8B(F5m>skaqTyM3P zL5mWL|0{_kn9Z|-iGqGrF$(RJwPmG0pSGV=DpC=Yp+a)G{$N<`w*=lY z-Adnwyi}`~C^3E03qm`<96U)32xJrGQ6z4;gmiYO&?z8AV=MT;*TQi)01-X3ZW1!A zLGXZHy%$6$1P38@v`r2FQSoC&`n!)jLISsda`1a}+pH}uG678U6Dv2u?BS!!4*Dl3 z8>uhljNL`>nXAuc)AA)JEX?mt9IlpkulaH^7vc;kjlM@vsRQ}V2bi$@7LIjQz0?q^ z(Ev3t7nhg;+-@kxkdG!_r7)^M3k`(HapQJhq)niiJJGI%%#e%9ENe{ zEV1X+^U0P;!DFOmy4%=ohIpI*wnN~hW&(^MBIfB7ACiL5^0-;|F%C`?Ek*RWdFFAb z)``u3&C_$J+9QwDvEc2$={t*2m3JHw_7x~*Vl5w3RvSf-K4$+mn;{Ww#H@K>+jBvy zImx}0JMbF|%9hQ3aetgRu)LAHL59^!HA8w~+T;ysC=kYCmOp}9{LU<^n#kSw#Z+jaAnrkd|)4k+Ns9Xykix8$Ch z^#oLZ=qH7FaH9gHp+Z-Vqpv(_uLLfxL}_5(vkapdZxWUd1H5e;XsXZE7aJ%_xxW_m zbB|=wdT%5iM(sQeBjhWErtwv9Wyh~qM6?zootwKXXQ|m<>PmjUG*c&1` zqLN%6Hp7o{f~S|T$Mmyt^y_AK^lPPRG8&Kwcw3RP>78s3)EYfv=$>Y?r?SkKC8r&0 z4o3n^(%U;{-mwm{2?2J{nXoKpRubWPPXDO7|EsN6_`0)_$eD}&(;gK(Hg6f*3{Sa+ zKphPKUsN6o;DDb1AMWKX(e*yW<)AqMVs$c^j`S*pYNTILPXLc?Hw}zpk2*CRBJ=)l(wpmt>0LaC+;)A6$e%+9%rnYETBe+f5p4f5<)xN+Eiy!hgVuj6 z3{pZnJaw!>jvW`OVKUk}ATgLRFfO&W{g+X%3Agh^3|sD8QAM=QW?zi&FlMJ32YGYO z3@m)c+ir!z2$%9v4Tbo0UKOW|kV?0yyPs?PKhKz^F<44|Sv<6aC^KIsD0&Lh5JF#3 zNp$3SPZEup4I(%Kgp~sif}n6ZYKR|-oicto+t*N9baOJk5)WCzyB|adYw0+Q(-_tX z3+HKyNf&zZH(*BKyb}I!l&xS!PBCl;lZ#1Kks*C>MqAv*rP;%Yi4*}`A?jCVXf=W( zUV8b9cFeZoLVGg}Ph@~^KKNlsq{0D<@LJevMVqMZ%Iufdamg@c?S6tL<8!UDt56>H z9#7?AMa4(d6BdlBh%U~fJY`}_!Mzg^ZtslG_5v?qFh7vHJ@XT+9))F$ou)4~yY2Q1`OdvEcQ^#)LF(dwsgSPF z8`IyL;n!~bDkxNi2V_(ttEXxkSOjrVjP4e}Ni8g#bc6|GQ(|JbY0EFrJ@>hovGx*Qg*2>$@O8_z9%OE5TJXAJo~ z;cN(vz5uo@g1d`EZtl%!fXrlYCn%4E1msL}yAH)@cSw#? zPQ0n{eiir#j?~u#DT8u8azjuf-?UT}*QaXDF*w-L3&Z7d3LCbYA4D9(K*bPXO0i)6 z)S-Uv{bb8K*fto zM;Me1f*Gr$uWuG6C%fU!w?AzeodPXFC{-!o%BU+m%k7B0v4Evc+D8;R;O*AglN|{* z9j->#@wN{VmYNJ6WQk1`*-s9<^sFgdfx)^lpRU1`w{Ie@S^GmBW0^6M^zaMZ^Pqu- zrP`OUomrM8`$b_U&`6X!r}37DXR3D?t49jAj=gz zZAdlD#y>3BxAU5+%QVok84NFbba$q3i;X0&%es(2|2KqaRZqC1^Oqs8lp;i#aP7SH Xypf7z0+08qpy7o#b)-CYf;9jD;6WGN literal 0 HcmV?d00001 From 3f1ba022de218d4d78bb3a65c438492ecba92381 Mon Sep 17 00:00:00 2001 From: Asra Ali Date: Tue, 14 Apr 2020 16:52:05 -0400 Subject: [PATCH 2/3] fix, because we don't want to block duplicate settings Signed-off-by: Asra Ali --- test/common/http/http2/codec_impl_test_util.h | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/test/common/http/http2/codec_impl_test_util.h b/test/common/http/http2/codec_impl_test_util.h index c563f9771ba35..7b8f39843fd70 100644 --- a/test/common/http/http2/codec_impl_test_util.h +++ b/test/common/http/http2/codec_impl_test_util.h @@ -26,14 +26,16 @@ class TestCodecSettingsProvider { void onSettingsFrame(const nghttp2_settings& settings_frame) { for (uint32_t i = 0; i < settings_frame.niv; ++i) { auto result = settings_.insert(settings_frame.iv[i]); - // In case of fuzzing, we expect possible duplicates settings. -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - ASSERT(result.second); -#else + // It is possible to have duplicate settings parameters, each new parameter replaces any + // existing value. + // https://tools.ietf.org/html/rfc7540#section-6.5 if (!result.second) { - ENVOY_LOG_MISC(debug, "Duplicated settings parameter {}", settings_frame.iv[i].settings_id); + ENVOY_LOG_MISC(debug, "Duplicated settings parameter {} with value {}", + settings_frame.iv[i].settings_id, settings_frame.iv[i].value); + settings_.erase(result.first); + // Guaranteed success here. + ASSERT(settings_.insert(settings_frame.iv[i]).second); } -#endif } } From 280f121fdd5bd793b0960edb52a4311073ca8aad Mon Sep 17 00:00:00 2001 From: Asra Ali Date: Mon, 20 Apr 2020 14:06:41 -0400 Subject: [PATCH 3/3] use unordered map Signed-off-by: Asra Ali --- test/common/http/http2/codec_impl_test_util.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/test/common/http/http2/codec_impl_test_util.h b/test/common/http/http2/codec_impl_test_util.h index 7b8f39843fd70..3acfd7fc77f97 100644 --- a/test/common/http/http2/codec_impl_test_util.h +++ b/test/common/http/http2/codec_impl_test_util.h @@ -13,11 +13,11 @@ class TestCodecSettingsProvider { public: // Returns the value of the SETTINGS parameter keyed by |identifier| sent by the remote endpoint. absl::optional getRemoteSettingsParameterValue(int32_t identifier) const { - const auto it = settings_.find({identifier, 0}); + const auto it = settings_.find(identifier); if (it == settings_.end()) { return absl::nullopt; } - return it->value; + return it->second; } protected: @@ -25,7 +25,8 @@ class TestCodecSettingsProvider { // getRemoteSettingsParameterValue(). void onSettingsFrame(const nghttp2_settings& settings_frame) { for (uint32_t i = 0; i < settings_frame.niv; ++i) { - auto result = settings_.insert(settings_frame.iv[i]); + auto result = settings_.insert( + std::make_pair(settings_frame.iv[i].settings_id, settings_frame.iv[i].value)); // It is possible to have duplicate settings parameters, each new parameter replaces any // existing value. // https://tools.ietf.org/html/rfc7540#section-6.5 @@ -34,15 +35,14 @@ class TestCodecSettingsProvider { settings_frame.iv[i].settings_id, settings_frame.iv[i].value); settings_.erase(result.first); // Guaranteed success here. - ASSERT(settings_.insert(settings_frame.iv[i]).second); + settings_.insert( + std::make_pair(settings_frame.iv[i].settings_id, settings_frame.iv[i].value)); } } } private: - std::unordered_set - settings_; + std::unordered_map settings_; }; class TestServerConnectionImpl : public ServerConnectionImpl, public TestCodecSettingsProvider {