Fuzzing, and fixes for errors found with fuzzing.

2025-01-27 08:12:17 +00:00 · 2013-03-03 22:03:27 +13:00 · 2013-03-03 22:03:27 +13:00 · cde66cd584
commit cde66cd584
parent 8216801728
5 changed files with 33 additions and 10 deletions
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@ -237,6 +237,8 @@ class ProxyHandler(tcp.BaseHandler):
                                continue
                            else:
                                raise
+                        except http.HttpError, v:
+                            raise ProxyError(502, "Invalid server response.")
                        else:
                            break

@ -278,7 +280,6 @@ class ProxyHandler(tcp.BaseHandler):
                )
            else:
                self.log(cc, cc.error)
-
            if isinstance(e, ProxyError):
                self.send_error(e.code, e.msg, e.headers)
        else:
--- a/test/fuzzing/go_proxy
+++ b/test/fuzzing/go_proxy
@ -3,7 +3,18 @@
 #   mitmproxy/mitmdump is running on port 8080 in straight proxy mode.
 #   pathod is running on port 9999

-BASE="/Users/aldo/git/public/pathod/venv/bin/pathoc -eo -I 200,400,405,502 -p 8080 localhost "
-$BASE -n 10000 "get:'http://localhost:9999':ir,@1"
+BASE_HTTP="/Users/aldo/git/public/pathod/pathoc -Tt 1 -eo -I 200,400,405,502 -p 8080 localhost "
+#$BASE_HTTP -n 10000 "get:'http://localhost:9999':ir,@1"
+#$BASE_HTTP -n 100 "get:'http://localhost:9999':dr"
+#$BASE_HTTP -n 10000 "get:'http://localhost:9999/p/200:ir,@300.0


+# Assuming:
+#   mitmproxy/mitmdump is running on port 8080 in straight proxy mode.
+#   pathod with SSL enabled is running on port 9999
+
+BASE_HTTPS="/Users/aldo/git/public/pathod/pathoc -sc localhost:9999 -Tt 1 -eo -I 200,400,404,405,502,800 -p 8080 localhost "
+$BASE_HTTPS -en 10000 "get:/p/200:ir,@1"
+#$BASE_HTTP -n 100 "get:/p/'200:dr'"
+#$BASE_HTTPS -n 10000 "get:'/p/200:ir,@3000'"
+#$BASE_HTTPS -n 10000 "get:'/p/200:ir,\"\ \n \"'"
--- a/test/test_dump.py
+++ b/test/test_dump.py
@ -1,6 +1,5 @@
 import os
 from cStringIO import StringIO
-import libpry
 from libmproxy import dump, flow, proxy
 import tutils
 import mock
@ -65,7 +64,7 @@ class TestDumpMaster:
        cs = StringIO()

        o = dump.Options(server_replay="nonexistent", kill=True)
-        libpry.raises(dump.DumpError, dump.DumpMaster, None, o, None, outfile=cs)
+        tutils.raises(dump.DumpError, dump.DumpMaster, None, o, None, outfile=cs)

        with tutils.tmpdir() as t:
            p = os.path.join(t, "rep")
@ -90,7 +89,7 @@ class TestDumpMaster:
            self._flowfile(p)
            assert "GET" in self._dummy_cycle(0, None, "", verbosity=1, rfile=p)

-            libpry.raises(
+            tutils.raises(
                dump.DumpError, self._dummy_cycle,
                0, None, "", verbosity=1, rfile="/nonexistent"
            )
@ -130,7 +129,7 @@ class TestDumpMaster:
            assert len(list(flow.FlowReader(open(p)).stream())) == 1

    def test_write_err(self):
-        libpry.raises(
+        tutils.raises(
            dump.DumpError,
            self._dummy_cycle,
            1,
@ -148,11 +147,11 @@ class TestDumpMaster:
        assert "XREQUEST" in ret
        assert "XRESPONSE" in ret
        assert "XCLIENTDISCONNECT" in ret
-        libpry.raises(
+        tutils.raises(
            dump.DumpError,
            self._dummy_cycle, 1, None, "", script="nonexistent"
        )
-        libpry.raises(
+        tutils.raises(
            dump.DumpError,
            self._dummy_cycle, 1, None, "", script="starterr.py"
        )
--- a/test/test_fuzzing.py
+++ b/test/test_fuzzing.py
@ -25,3 +25,15 @@ class TestFuzzy(tservers.HTTPProxTest):
        req = 'get:"http://localhost:%s":i13,"["'
        p = self.pathoc()
        assert p.request(req%self.server.port).status_code == 400
+
+    def test_invalid_upstream(self):
+        req = r"get:'http://localhost:%s/p/200:i10,\'+\''"
+        p = self.pathoc()
+        assert p.request(req%self.server.port).status_code == 502
+
+    def test_upstream_disconnect(self):
+        req = r'200:d0:h"Date"="Sun, 03 Mar 2013 04:00:00 GMT"'
+        p = self.pathod(req)
+        assert p.status_code == 400
+
+
--- a/test/test_server.py
+++ b/test/test_server.py
@ -185,7 +185,7 @@ class TestHTTPSNoUpstream(tservers.HTTPProxTest, CommonMixin):
    no_upstream_cert = True
    def test_cert_gen_error(self):
        f = self.pathoc_raw()
-        f.connect((u"\u2102\u0001".encode("utf8"), 0))
+        f.connect((u"foo..bar".encode("utf8"), 0))
        f.request("get:/")
        assert "dummy cert" in "".join(self.proxy.log)