From b4b67947bab927f3e91e44678546dab84f742806 Mon Sep 17 00:00:00 2001 From: Arthur Yan Date: Mon, 20 Jul 2020 03:43:33 +0000 Subject: [PATCH 1/2] fuzz: fix oss-fuzz crash in route_fuzz_test due to validation Signed-off-by: Arthur Yan --- .../config/route/v3/route_components.proto | 4 +- .../route/v4alpha/route_components.proto | 4 +- .../config/route/v3/route_components.proto | 4 +- .../route/v4alpha/route_components.proto | 4 +- ...ized-route_fuzz_test-4701452596674560.fuzz | 79 +++++++++++++++++++ 5 files changed, 91 insertions(+), 4 deletions(-) create mode 100644 test/common/router/route_corpus/clusterfuzz-testcase-minimized-route_fuzz_test-4701452596674560.fuzz diff --git a/api/envoy/config/route/v3/route_components.proto b/api/envoy/config/route/v3/route_components.proto index e4ad52e662202..c35e210691c5e 100644 --- a/api/envoy/config/route/v3/route_components.proto +++ b/api/envoy/config/route/v3/route_components.proto @@ -127,7 +127,9 @@ message VirtualHost { // Specifies a list of HTTP headers that should be removed from each response // handled by this virtual host. - repeated string response_headers_to_remove = 11; + repeated string response_headers_to_remove = 11 [(validate.rules).repeated = { + items {string {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}} + }]; // Indicates that the virtual host has a CORS policy. CorsPolicy cors = 8; diff --git a/api/envoy/config/route/v4alpha/route_components.proto b/api/envoy/config/route/v4alpha/route_components.proto index 01b138c7a7a6d..f921ea506d997 100644 --- a/api/envoy/config/route/v4alpha/route_components.proto +++ b/api/envoy/config/route/v4alpha/route_components.proto @@ -126,7 +126,9 @@ message VirtualHost { // Specifies a list of HTTP headers that should be removed from each response // handled by this virtual host. - repeated string response_headers_to_remove = 11; + repeated string response_headers_to_remove = 11 [(validate.rules).repeated = { + items {string {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}} + }]; // Indicates that the virtual host has a CORS policy. CorsPolicy cors = 8; diff --git a/generated_api_shadow/envoy/config/route/v3/route_components.proto b/generated_api_shadow/envoy/config/route/v3/route_components.proto index ee95088a439f7..f79f399d2140c 100644 --- a/generated_api_shadow/envoy/config/route/v3/route_components.proto +++ b/generated_api_shadow/envoy/config/route/v3/route_components.proto @@ -125,7 +125,9 @@ message VirtualHost { // Specifies a list of HTTP headers that should be removed from each response // handled by this virtual host. - repeated string response_headers_to_remove = 11; + repeated string response_headers_to_remove = 11 [(validate.rules).repeated = { + items {string {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}} + }]; // Indicates that the virtual host has a CORS policy. CorsPolicy cors = 8; diff --git a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto index 7292f6258fcea..a8b6ae4459cee 100644 --- a/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto +++ b/generated_api_shadow/envoy/config/route/v4alpha/route_components.proto @@ -126,7 +126,9 @@ message VirtualHost { // Specifies a list of HTTP headers that should be removed from each response // handled by this virtual host. - repeated string response_headers_to_remove = 11; + repeated string response_headers_to_remove = 11 [(validate.rules).repeated = { + items {string {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}} + }]; // Indicates that the virtual host has a CORS policy. CorsPolicy cors = 8; diff --git a/test/common/router/route_corpus/clusterfuzz-testcase-minimized-route_fuzz_test-4701452596674560.fuzz b/test/common/router/route_corpus/clusterfuzz-testcase-minimized-route_fuzz_test-4701452596674560.fuzz new file mode 100644 index 0000000000000..24e59edd39e1c --- /dev/null +++ b/test/common/router/route_corpus/clusterfuzz-testcase-minimized-route_fuzz_test-4701452596674560.fuzz @@ -0,0 +1,79 @@ +config { + virtual_hosts { + name: "&\006\000\000\000" + domains: "-" + require_tls: ALL + response_headers_to_remove: "\0Ï3\022\362\211\245\247V\036" + request_headers_to_remove: "\003\022\360\234\254\265V\036" + typed_per_filter_config { + key: "" + value { + } + } + typed_per_filter_config { + key: "\000config {\n virtual_hosts {\n name: \"o\"\n routes {\n route {\n hidden_envoy_deprecated_request_mirror_policy {\n cluster: \"valacidate/validate.proto\" hidden_envoy_deprecated_runtime_key: \"test/common/router/route_fuzz.\"\n }\n request_mirror_policies {\n runtime_fraction {\n }\n }\n }\n }\n routes {\n route {\n auto_host_rewrite {\n value: true\n google_grpc }\n hidden_envoy_deprecated_request_mirror_policy {\n cluster: \"validate/validate.proto\"\n hidden_envoy_deprecated_runtime_key: \",\"\n }\n internal_redirect_action: HANDLE_INTERNAL_REDIRECT\n request_mirror_policies {\n }\n }\n }\n }\n virtual_hosts {\n name: \"o\"\n routes {\n route {\n hidden_envoy_deprecated_request_mirror_policy {\n cluster: \"validate/validate.proto\"\n hidden_envoy_deprecated_runtime_key: \"test/common/router/route_fuzz.\"\n }\n request_mirror_policies {\n }\n }\n }\n routes {\n route {\n hidden_envoy_deprecated_request_mirror_policy {\n cluster: \"validate/validate.proto\"\n hidden_envoy_decated_runtime_key: \"test/common/router/route_fuzz.\"\n }\n request_mirror_policies {\n }\n }\n response_headers_to_remove: \"test/common/router/route_fuzz.\"\n }\n hedge_policy {\n }\n per_request_buffer_limit_bytes {\n value: 2105325\n }\n }\n}\n" + value { + value: "*" + } + } + typed_per_filter_config { + key: "\000r32767^keY" + value { + } + } + typed_per_filter_config { + key: "\000~" + value { + } + } + typed_per_filter_config { + key: " " + value { + } + } + typed_per_filter_config { + key: " \000 " + value { + } + } + typed_per_filter_config { + key: "0" + value { + type_url: "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" + } + } + typed_per_filter_config { + key: "?_~" + value { + } + } + typed_per_filter_config { + key: "^/users/\\d+/chargeaccounts/(?!val+/chargeac" + value { + } + } + typed_per_filter_config { + key: "p1p" + value { + type_url: "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" + value: "@\000\000\000\000\000\000\000" + } + } + typed_per_filter_config { + key: "p1p" + value { + type_url: "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" + } + } + typed_per_filter_config { + key: "|x|" + value { + } + } + retry_policy_typed_config { + type_url: "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" + } + } + internal_only_headers: "&" +} +random_value: 67070975 From 94e61097db4634355165cbcdd74494a71979dc2a Mon Sep 17 00:00:00 2001 From: Arthur Yan Date: Mon, 20 Jul 2020 15:34:00 +0000 Subject: [PATCH 2/2] Removed unnecessary lines in regression testcase Signed-off-by: Arthur Yan --- ...ized-route_fuzz_test-4701452596674560.fuzz | 69 ------------------- 1 file changed, 69 deletions(-) diff --git a/test/common/router/route_corpus/clusterfuzz-testcase-minimized-route_fuzz_test-4701452596674560.fuzz b/test/common/router/route_corpus/clusterfuzz-testcase-minimized-route_fuzz_test-4701452596674560.fuzz index 24e59edd39e1c..a147ab2392517 100644 --- a/test/common/router/route_corpus/clusterfuzz-testcase-minimized-route_fuzz_test-4701452596674560.fuzz +++ b/test/common/router/route_corpus/clusterfuzz-testcase-minimized-route_fuzz_test-4701452596674560.fuzz @@ -5,75 +5,6 @@ config { require_tls: ALL response_headers_to_remove: "\0Ï3\022\362\211\245\247V\036" request_headers_to_remove: "\003\022\360\234\254\265V\036" - typed_per_filter_config { - key: "" - value { - } - } - typed_per_filter_config { - key: "\000config {\n virtual_hosts {\n name: \"o\"\n routes {\n route {\n hidden_envoy_deprecated_request_mirror_policy {\n cluster: \"valacidate/validate.proto\" hidden_envoy_deprecated_runtime_key: \"test/common/router/route_fuzz.\"\n }\n request_mirror_policies {\n runtime_fraction {\n }\n }\n }\n }\n routes {\n route {\n auto_host_rewrite {\n value: true\n google_grpc }\n hidden_envoy_deprecated_request_mirror_policy {\n cluster: \"validate/validate.proto\"\n hidden_envoy_deprecated_runtime_key: \",\"\n }\n internal_redirect_action: HANDLE_INTERNAL_REDIRECT\n request_mirror_policies {\n }\n }\n }\n }\n virtual_hosts {\n name: \"o\"\n routes {\n route {\n hidden_envoy_deprecated_request_mirror_policy {\n cluster: \"validate/validate.proto\"\n hidden_envoy_deprecated_runtime_key: \"test/common/router/route_fuzz.\"\n }\n request_mirror_policies {\n }\n }\n }\n routes {\n route {\n hidden_envoy_deprecated_request_mirror_policy {\n cluster: \"validate/validate.proto\"\n hidden_envoy_decated_runtime_key: \"test/common/router/route_fuzz.\"\n }\n request_mirror_policies {\n }\n }\n response_headers_to_remove: \"test/common/router/route_fuzz.\"\n }\n hedge_policy {\n }\n per_request_buffer_limit_bytes {\n value: 2105325\n }\n }\n}\n" - value { - value: "*" - } - } - typed_per_filter_config { - key: "\000r32767^keY" - value { - } - } - typed_per_filter_config { - key: "\000~" - value { - } - } - typed_per_filter_config { - key: " " - value { - } - } - typed_per_filter_config { - key: " \000 " - value { - } - } - typed_per_filter_config { - key: "0" - value { - type_url: "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" - } - } - typed_per_filter_config { - key: "?_~" - value { - } - } - typed_per_filter_config { - key: "^/users/\\d+/chargeaccounts/(?!val+/chargeac" - value { - } - } - typed_per_filter_config { - key: "p1p" - value { - type_url: "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" - value: "@\000\000\000\000\000\000\000" - } - } - typed_per_filter_config { - key: "p1p" - value { - type_url: "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" - } - } - typed_per_filter_config { - key: "|x|" - value { - } - } - retry_policy_typed_config { - type_url: "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" - } } - internal_only_headers: "&" } random_value: 67070975