Conversation
Signed-off-by: Tim Walsh <temporal.differential@gmail.com>
|
Hi @twghu, welcome and thank you for your contribution. We will try to review your Pull Request as quickly as possible. In the meantime, please take a look at the contribution guidelines if you have not done so already. |
|
Originally it seemed like this case was not reproducable. Tested against clang envoy master branch. |
* docs: record distroless images Signed-off-by: Long Dai <long0dai@foxmail.com>
Signed-off-by: Tim Walsh <temporal.differential@gmail.com>
antoniovicente
left a comment
antoniovicente
left a comment
There was a problem hiding this comment.
Thanks for the fuzz fixes. I think there's something odd in stat_merger_fuzz_test.cc; @jmarantz, could you take a look?
| // segments, which trigger some inconsistent handling as described in that | ||
| // bug. | ||
| uint32_t num_bytes = (1 + data[index]) & 0x7; | ||
| if (index == 0 && num_bytes == 0) { |
There was a problem hiding this comment.
There seems to be an inconsistency between the line above and the comment before it. The code above generate num_bytes between 0 and 7, not 1 and 8.
https://github.com/envoyproxy/envoy/pull/10965/files#r629769284
There was a problem hiding this comment.
I think you are right; the code should be changed to reflect the comment. However it's not material to the problems in this fuzz test.
There's an outstanding PR that will fix it, however: #16239
@jessicayuen will you be able to push that forward?
I think the fix offered here is too aggressive; it doesn't just skip over the troublesome cases but completely stops the test on the passed-in corpus. It could just 'continue'.
There was a problem hiding this comment.
Change to initial byte count has resolved crash and removed need for additional testing of num_bytes.
| // bug. | ||
| uint32_t num_bytes = (1 + data[index]) & 0x7; | ||
| if (index == 0 && num_bytes == 0) { | ||
| return; |
There was a problem hiding this comment.
is num_bytes == 0 ok if index != 0 ?
There was a problem hiding this comment.
That was the specific fail case, it does seem logical that if the control byte yields a length of 0 then the specic segment is suspect regardless.
There was a problem hiding this comment.
Change to initial byte count has resolved crash and removed need for additional testing of num_bytes.
…cache_impl.{h,cc} (envoyproxy#16424)
grid: Rename alternate_protocols_cache.{h,cc} to alternate_protocols_cache_impl.{h,cc}
Risk Level: Low
Testing: N/A - rename only
Docs Changes: N/A
Release Notes: N/A
Platform Specific Features: N/A
Signed-off-by: Ryan Hamilton <rch@google.com>
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Tim Walsh <temporal.differential@gmail.com>
Fixes: CVE-2021-29492 Signed-off-by: Yan Avlasov <yavlasov@google.com>
jmarantz
left a comment
jmarantz
left a comment
There was a problem hiding this comment.
lgtm from my perspective. Antonio do you want to take another look?
|
/retest |
|
Retrying Azure Pipelines: |
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
* build(deps): bump protobuf in /examples/grpc-bridge/client Bumps [protobuf](https://github.com/protocolbuffers/protobuf) from 3.15.8 to 3.16.0. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/master/generate_changelog.py) - [Commits](protocolbuffers/protobuf@v3.15.8...v3.16.0) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ryan Northey <ryan@synca.io> * build(deps): bump attrs from 20.3.0 to 21.2.0 in /ci/flaky_test Bumps [attrs](https://github.com/python-attrs/attrs) from 20.3.0 to 21.2.0. - [Release notes](https://github.com/python-attrs/attrs/releases) - [Changelog](https://github.com/python-attrs/attrs/blob/main/CHANGELOG.rst) - [Commits](python-attrs/attrs@20.3.0...21.2.0) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ryan Northey <ryan@synca.io> * build(deps): bump attrs from 20.3.0 to 21.2.0 in /tools/testing Bumps [attrs](https://github.com/python-attrs/attrs) from 20.3.0 to 21.2.0. - [Release notes](https://github.com/python-attrs/attrs/releases) - [Changelog](https://github.com/python-attrs/attrs/blob/main/CHANGELOG.rst) - [Commits](python-attrs/attrs@20.3.0...21.2.0) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ryan Northey <ryan@synca.io> * build(deps): bump flake8 from 3.9.1 to 3.9.2 in /tools/code_format Bumps [flake8](https://gitlab.com/pycqa/flake8) from 3.9.1 to 3.9.2. - [Release notes](https://gitlab.com/pycqa/flake8/tags) - [Commits](https://gitlab.com/pycqa/flake8/compare/3.9.1...3.9.2) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ryan Northey <ryan@synca.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The python3-pip package is needed on both Ubuntu and Fedora. Signed-off-by: James Peach <jpeach@apache.org>
Conform to default C:\msys64 path name. Signed-off-by: Long Dai <long0dai@foxmail.com>
* build(deps): bump sphinx-tabs from 2.1.0 to 3.0.0 in /docs Bumps [sphinx-tabs](https://github.com/executablebooks/sphinx-tabs) from 2.1.0 to 3.0.0. - [Release notes](https://github.com/executablebooks/sphinx-tabs/releases) - [Changelog](https://github.com/executablebooks/sphinx-tabs/blob/master/CHANGELOG.md) - [Commits](executablebooks/sphinx-tabs@v2.1.0...v3.0.0) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ryan Northey <ryan@synca.io> * build(deps): bump sphinx from 3.5.4 to 4.0.1 in /docs Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.5.4 to 4.0.1. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/4.x/CHANGES) - [Commits](sphinx-doc/sphinx@v3.5.4...v4.0.1) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Ryan Northey <ryan@synca.io> * update-intersphinx Signed-off-by: Ryan Northey <ryan@synca.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Ryan Northey <ryan@synca.io>
…roxy#16454) Signed-off-by: Mike Schore <mike.schore@gmail.com>
Signed-off-by: Snow Pettersen <snowp@lyft.com>
…#16451) Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Signed-off-by: Vladimir Moskva <vladmos@google.com>
In order to support calls to Server::Instance::flushStats while also having a flush timer activated we need to handle a flush being requested while in the process of doing a periodic flush. This PR avoids triggering a flush in these cases under the assumption that it is not needed since we're already flushing. Signed-off-by: Snow Pettersen <snowp@lyft.com>
Signed-off-by: Ryan Northey <ryan@synca.io>
This PR is part of envoyproxy#16049 to support general tracing. Please check envoyproxy#16049 get more details. Commit Message: remove trace drivers' dependency on HttpTracerImpl Additional Description: Now all tracers (zipkin, skywalking, etc.) will depend on HttpTracerImpl, making it difficult for Tracers to be reused by other protocols (Dubbo, Thrift, etc.). The purpose of this PR is to change this dependency. Risk Level: Low (No new logic). Testing: Add. Docs Changes: N/A Release Notes: N/A Signed-off-by: wbpcode <comems@msn.com>
canonical must include the hashed payload for most services. The prior behavior of using UNSIGNED-PAYLOAD is an exception to the rule, which select services like s3 support, since hashing the payload may be impractical if the payload is very large. A new filter option is introduced, so that the filter may be explicitly configured to use the UNSIGNED-PAYLOAD string literal as specified in the S3 signing docs: https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html fixes envoyproxy#13904 Additional Description: The original implementation was seemingly very specific to S3 and was subsequently amended to extend the same niche singing behaviors for ES and Glacier. This changes the filter's default behavior to match the general SigV4 guidelines while providing a configuration option to enable the specialized UNSIGNED-PAYLOAD behavior. https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html Risk Level: Medium? Deployments using the filter will now buffer requests by default, which could result in 413 responses for requests with bodies exceeding the buffer limit. These users can mitigate buffering by enabling the `unsigned_payload` option. Testing: I tested locally with a filter config. I anticipate updating the automated tests based on feedback from maintainers. Docs Changes: Added Signed-off-by: Jonathan Stewmon <jstewmon@gmail.com>
Signed-off-by: Tim Walsh <temporal.differential@gmail.com>
Signed-off-by: Tim Walsh <temporal.differential@gmail.com>
To resolve CI issues on Update for oss-fuzz Issue 30088, calculation of initial byte count Update for oss-fuzz Issue 22106
twghu
requested review from
Shikugawa,
alyssawilk,
asraa,
cpakulski,
dio,
ggreenway,
htuch,
lizan,
mattklein123 and
snowp
as code owners
repokitteh-read-only
bot
added
api
deps
|
CC @envoyproxy/api-shepherds: Your approval is needed for changes made to |
|
@twgu - not sure why this happens sometimes with merging - it can be fixed with a rebase and force-push |
|
Uggh This has got too messy. The only commits needed (can be picked?) are the latest I added 22/5 Maybe a new PR is best option and close this one. |
|
up to you - but what will work assuming you have main envoy set as you also might need to fix dco - but that could be an artefact of merge mash |
|
Yeah, I encountered the same situation in the past and closed the PR and opened a new one. To go a round missing DCOs I push my changes first without merging upstream/main. It executes all checks. |
|
Suggest a force push to reset things here, thanks. Prefer not to do this generally, but it's the best option given the branch state. |
|
New PR's added, same code, same corpus entries. Added these PR's in case a cleaner push to upstream main is preferrred. |
|
closing this in favour of the 2 breakout prs |
20 participants
Signed-off-by: Tim Walsh temporal.differential@gmail.com
envoy:codec_impl_fuzz_test: Crash in Envoy::Http::HttpStream::directionalAction
Commit Message: Update for oss-fuzz Issue 22106
Additional Description: Note that #4709 covers a number of oss-fuzz error This is part of the ongoing effort started for #4709.
Risk Level: Low
Testing: test/common/http
Docs Changes: None
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Deprecated:]
[Optional API Considerations:]