diff options
Diffstat (limited to 'test/core/bad_client')
-rwxr-xr-x | test/core/bad_client/gen_build_yaml.py | 1 | ||||
-rw-r--r-- | test/core/bad_client/tests/bad_timeout.headers | 2 | ||||
-rw-r--r-- | test/core/bad_client/tests/headers.c | 88 | ||||
-rw-r--r-- | test/core/bad_client/tests/initial_settings_frame.c | 10 | ||||
-rw-r--r-- | test/core/bad_client/tests/simple_request.c | 120 | ||||
-rw-r--r-- | test/core/bad_client/tests/simple_request.headers | 12 | ||||
-rw-r--r-- | test/core/bad_client/tests/simple_request_unusual.headers | 13 |
7 files changed, 245 insertions, 1 deletions
diff --git a/test/core/bad_client/gen_build_yaml.py b/test/core/bad_client/gen_build_yaml.py index bdb0176ba9..8e204ac201 100755 --- a/test/core/bad_client/gen_build_yaml.py +++ b/test/core/bad_client/gen_build_yaml.py @@ -43,6 +43,7 @@ BAD_CLIENT_TESTS = { 'connection_prefix': default_test_options, 'headers': default_test_options, 'initial_settings_frame': default_test_options, + 'simple_request': default_test_options, 'unknown_frame': default_test_options, } diff --git a/test/core/bad_client/tests/bad_timeout.headers b/test/core/bad_client/tests/bad_timeout.headers new file mode 100644 index 0000000000..60c37b9ff6 --- /dev/null +++ b/test/core/bad_client/tests/bad_timeout.headers @@ -0,0 +1,2 @@ +# a badly encoded timeout value +grpc-timeout: 15 seconds
\ No newline at end of file diff --git a/test/core/bad_client/tests/headers.c b/test/core/bad_client/tests/headers.c index 5547aca210..abd2826111 100644 --- a/test/core/bad_client/tests/headers.c +++ b/test/core/bad_client/tests/headers.c @@ -96,6 +96,10 @@ int main(int argc, char **argv) { 0); GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR "\x00\x00\x05\x01\x24\x00\x00\x00\x01" + "", + GRPC_BAD_CLIENT_DISCONNECT); + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR + "\x00\x00\x05\x01\x24\x00\x00\x00\x01" "\x00", GRPC_BAD_CLIENT_DISCONNECT); GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR @@ -173,8 +177,50 @@ int main(int argc, char **argv) { 0); GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR "\x00\x00\x08\x01\x04\x00\x00\x00\x01" + "\xff", + GRPC_BAD_CLIENT_DISCONNECT); + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR + "\x00\x00\x08\x01\x04\x00\x00\x00\x01" + "\xff\x80", + GRPC_BAD_CLIENT_DISCONNECT); + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR + "\x00\x00\x08\x01\x04\x00\x00\x00\x01" + "\xff\x80\x80", + GRPC_BAD_CLIENT_DISCONNECT); + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR + "\x00\x00\x08\x01\x04\x00\x00\x00\x01" + "\xff\x80\x80\x80", + GRPC_BAD_CLIENT_DISCONNECT); + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR + "\x00\x00\x08\x01\x04\x00\x00\x00\x01" + "\xff\x80\x80\x80\x80", + GRPC_BAD_CLIENT_DISCONNECT); + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR + "\x00\x00\x08\x01\x04\x00\x00\x00\x01" + "\xff\x80\x80\x80\x80\x80", + GRPC_BAD_CLIENT_DISCONNECT); + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR + "\x00\x00\x08\x01\x04\x00\x00\x00\x01" + "\xff\x80\x80\x80\x80\x80\x80", + GRPC_BAD_CLIENT_DISCONNECT); + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR + "\x00\x00\x08\x01\x04\x00\x00\x00\x01" "\xff\x80\x80\x80\x80\x80\x80\x00", 0); + /* overflow on byte 4 */ + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR + "\x00\x00\x06\x01\x04\x00\x00\x00\x01" + "\xff\x80\x80\x80\x80\x7f", + GRPC_BAD_CLIENT_DISCONNECT); + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR + "\x00\x00\x06\x01\x04\x00\x00\x00\x01" + "\xff\xff\xff\xff\xff\x0f", + GRPC_BAD_CLIENT_DISCONNECT); + /* overflow after byte 4 */ + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR + "\x00\x00\x08\x01\x04\x00\x00\x00\x01" + "\xff\x80\x80\x80\x80\x80\x80\x02", + 0); /* end of headers mid-opcode */ GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR "\x00\x00\x01\x01\x04\x00\x00\x00\x01" @@ -187,11 +233,22 @@ int main(int argc, char **argv) { "\x00\x00\x03\x01\x04\x00\x00\x00\x01" "\x3f\xe1\x1f", GRPC_BAD_CLIENT_DISCONNECT); + /* dynamic table size update: set too large */ GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR "\x00\x00\x03\x01\x04\x00\x00\x00\x01" "\x3f\xf1\x1f", 0); + /* dynamic table size update: set twice */ + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR + "\x00\x00\x04\x01\x04\x00\x00\x00\x01" + "\x20\x3f\xe1\x1f", + GRPC_BAD_CLIENT_DISCONNECT); + /* dynamic table size update: set thrice */ + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR + "\x00\x00\x03\x01\x04\x00\x00\x00\x01" + "\x20\x20\x20", + 0); /* non-ending header followed by continuation frame */ GRPC_RUN_BAD_CLIENT_TEST(verifier, @@ -205,11 +262,26 @@ int main(int argc, char **argv) { "\x00\x00\x00\x01\x00\x00\x00\x00\x01" "\x00\x00\x00\x00\x04\x00\x00\x00\x01", 0); + /* non-ending header followed by a continuation frame for a different stream */ + GRPC_RUN_BAD_CLIENT_TEST(verifier, + PFX_STR + "\x00\x00\x00\x01\x04\x00\x00\x00\x01" + "\x00\x00\x00\x01\x00\x00\x00\x00\x03" + "\x00\x00\x00\x09\x04\x00\x00\x00\x01", + 0); /* opening with a continuation frame */ GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR "\x00\x00\x00\x09\x04\x00\x00\x00\x01", 0); + /* three header frames */ + GRPC_RUN_BAD_CLIENT_TEST(verifier, + PFX_STR + "\x00\x00\x00\x01\x04\x00\x00\x00\x01" + "\x00\x00\x00\x01\x04\x00\x00\x00\x01" + "\x00\x00\x00\x01\x04\x00\x00\x00\x01", + GRPC_BAD_CLIENT_DISCONNECT); + /* an invalid header found with fuzzing */ GRPC_RUN_BAD_CLIENT_TEST(verifier, @@ -217,5 +289,21 @@ int main(int argc, char **argv) { "\x00\x00\x00\x01\x39\x67\xed\x1d\x64", GRPC_BAD_CLIENT_DISCONNECT); + /* a badly encoded timeout value */ + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR + "\x00\x00\x19\x01\x04\x00\x00\x00\x01" + "\x10\x0cgrpc-timeout\x0a" + "15 seconds", + GRPC_BAD_CLIENT_DISCONNECT); + /* a badly encoded timeout value: twice (catches caching) */ + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR + "\x00\x00\x19\x01\x04\x00\x00\x00\x01" + "\x10\x0cgrpc-timeout\x0a" + "15 seconds" + "\x00\x00\x19\x01\x04\x00\x00\x00\x03" + "\x10\x0cgrpc-timeout\x0a" + "15 seconds", + GRPC_BAD_CLIENT_DISCONNECT); + return 0; } diff --git a/test/core/bad_client/tests/initial_settings_frame.c b/test/core/bad_client/tests/initial_settings_frame.c index 6ed15bbed1..129c667f71 100644 --- a/test/core/bad_client/tests/initial_settings_frame.c +++ b/test/core/bad_client/tests/initial_settings_frame.c @@ -94,7 +94,15 @@ int main(int argc, char **argv) { /* some settings values are illegal */ /* max frame size = 0 */ GRPC_RUN_BAD_CLIENT_TEST(verifier, - PFX_STR ONE_SETTING_HDR "\x00\x05\x00\x00\x00\x00", GRPC_BAD_CLIENT_DISCONNECT); + PFX_STR ONE_SETTING_HDR "\x00\x05\x00\x00\x00\x00", + GRPC_BAD_CLIENT_DISCONNECT); + GRPC_RUN_BAD_CLIENT_TEST(verifier, + PFX_STR ONE_SETTING_HDR "\x00\x06\xff\xff\xff\xff", + GRPC_BAD_CLIENT_DISCONNECT); + /* update intiial window size */ + GRPC_RUN_BAD_CLIENT_TEST(verifier, + PFX_STR ONE_SETTING_HDR "\x00\x04\x00\x01\x00\x00", + GRPC_BAD_CLIENT_DISCONNECT); return 0; } diff --git a/test/core/bad_client/tests/simple_request.c b/test/core/bad_client/tests/simple_request.c new file mode 100644 index 0000000000..5cddafc0b5 --- /dev/null +++ b/test/core/bad_client/tests/simple_request.c @@ -0,0 +1,120 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "test/core/bad_client/bad_client.h" + +#include <string.h> + +#include "test/core/end2end/cq_verifier.h" +#include "src/core/surface/server.h" + +#define PFX_STR \ + "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n" \ + "\x00\x00\x00\x04\x00\x00\x00\x00\x00" /* settings frame */ \ + "\x00\x00\xc9\x01\x04\x00\x00\x00\x01" /* headers: generated from \ + simple_request.headers in this \ + directory */ \ + "\x10\x05:path\x08/foo/bar" \ + "\x10\x07:scheme\x04http" \ + "\x10\x07:method\x04POST" \ + "\x10\x0a:authority\x09localhost" \ + "\x10\x0c" \ + "content-type\x10" \ + "application/grpc" \ + "\x10\x14grpc-accept-encoding\x15""deflate,identity,gzip" \ + "\x10\x02te\x08trailers" \ + "\x10\x0auser-agent\"bad-client grpc-c/0.12.0.0 (linux)" + +#define PFX_STR_UNUSUAL \ + "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n" \ + "\x00\x00\x00\x04\x00\x00\x00\x00\x00" /* settings frame */ \ + "\x00\x00\xf4\x01\x04\x00\x00\x00\x01" /* headers: generated from \ + simple_request_unusual.headers \ + in this directory */ \ + "\x10\x05:path\x08/foo/bar" \ + "\x10\x07:scheme\x04http" \ + "\x10\x07:method\x04POST" \ + "\x10\x04host\x09localhost" \ + "\x10\x0c""content-type\x1e""application/grpc+this-is-valid" \ + "\x10\x14grpc-accept-encoding\x15identity,deflate,gzip" \ + "\x10\x02te\x08trailers" \ + "\x10\x0auser-agent\"bad-client grpc-c/0.12.0.0 (linux)" \ + "\x10\x0cgrpc-timeout\x03""10S" \ + "\x10\x0cgrpc-timeout\x02""5S" + +static void *tag(gpr_intptr t) { return (void *)t; } + +static void verifier(grpc_server *server, grpc_completion_queue *cq) { + grpc_call_error error; + grpc_call *s; + grpc_call_details call_details; + cq_verifier *cqv = cq_verifier_create(cq); + grpc_metadata_array request_metadata_recv; + + grpc_call_details_init(&call_details); + grpc_metadata_array_init(&request_metadata_recv); + + error = grpc_server_request_call(server, &s, &call_details, + &request_metadata_recv, cq, cq, tag(101)); + GPR_ASSERT(GRPC_CALL_OK == error); + cq_expect_completion(cqv, tag(101), 1); + cq_verify(cqv); + + GPR_ASSERT(0 == strcmp(call_details.host, "localhost")); + GPR_ASSERT(0 == strcmp(call_details.method, "/foo/bar")); + + grpc_metadata_array_destroy(&request_metadata_recv); + grpc_call_details_destroy(&call_details); + grpc_call_destroy(s); + cq_verifier_destroy(cqv); +} + +int main(int argc, char **argv) { + grpc_test_init(argc, argv); + + /* basic request: check that things are working */ + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR, 0); + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR_UNUSUAL, 0); + + /* push an illegal data frame */ + GRPC_RUN_BAD_CLIENT_TEST(verifier, PFX_STR + "\x00\x00\x05\x00\x00\x00\x00\x00\x01" + "\x34\x00\x00\x00\x00", + 0); + + /* push a data frame with bad flags */ + GRPC_RUN_BAD_CLIENT_TEST(verifier, + PFX_STR "\x00\x00\x00\x00\x02\x00\x00\x00\x01", 0); + + return 0; +} diff --git a/test/core/bad_client/tests/simple_request.headers b/test/core/bad_client/tests/simple_request.headers new file mode 100644 index 0000000000..691fac161a --- /dev/null +++ b/test/core/bad_client/tests/simple_request.headers @@ -0,0 +1,12 @@ +# headers used in simple_request.c +# use tools/codegen/core/gen_header_frame.py to generate the binary strings +# contained in the source code +:path: /foo/bar +:scheme: http +:method: POST +:authority: localhost +content-type: application/grpc +grpc-accept-encoding: identity,deflate,gzip +te: trailers +user-agent: bad-client grpc-c/0.12.0.0 (linux) + diff --git a/test/core/bad_client/tests/simple_request_unusual.headers b/test/core/bad_client/tests/simple_request_unusual.headers new file mode 100644 index 0000000000..f36e1dfc9f --- /dev/null +++ b/test/core/bad_client/tests/simple_request_unusual.headers @@ -0,0 +1,13 @@ +# headers used in simple_request.c +# use tools/codegen/core/gen_header_frame.py to generate the binary strings +# contained in the source code +:path: /foo/bar +:scheme: http +:method: POST +host: localhost +content-type: application/grpc+this-is-valid +grpc-accept-encoding: deflate,identity,gzip +te: trailers +user-agent: bad-client grpc-c/0.12.0.0 (linux) +grpc-timeout: 10S +grpc-timeout: 5S |