http: http_decap_udp_payload_datagram fix

Properly handle incomplete capsule.

Type: fix

Change-Id: Ied7fca861f02e401451beaff09e612bcf471d8e0
Signed-off-by: Matus Fabian <[email protected]>

diff --git a/extras/hs-test/http_test.go b/extras/hs-test/http_test.go
index cdc52a1..8127fdc 100644 (file)
--- a/extras/hs-test/http_test.go
+++ b/extras/hs-test/http_test.go
@@ -516,7 +516,7 @@ func HttpUnitTest(s *NoTopoSuite) {
        vpp := s.GetContainerByName("vpp").VppInstance
        o := vpp.Vppctl("test http all")
        s.Log(o)
-       s.AssertNotContains(o, "FAIL")
+       s.AssertContains(o, "SUCCESS")
 }
 
 func HttpStaticPromTest(s *NoTopoSuite) {

diff --git a/src/plugins/http/http.h b/src/plugins/http/http.h
index 844235c..f54b4a0 100644 (file)
--- a/src/plugins/http/http.h
+++ b/src/plugins/http/http.h
@@ -1340,6 +1340,12 @@ _http_parse_capsule (u8 *data, u64 len, u64 *type, u8 *value_offset,
       return -1;
     }
 
+  if (p == end)
+    {
+      clib_warning ("capsule length missing");
+      return -1;
+    }
+
   capsule_value_len = _http_decode_varint (&p, end);
   if (capsule_value_len == HTTP_INVALID_VARINT)
     {
@@ -1389,6 +1395,11 @@ http_decap_udp_payload_datagram (u8 *data, u64 len, u8 *payload_offset,
     }
 
   p += value_offset;
+  if (p == end)
+    {
+      clib_warning ("context ID missing");
+      return -1;
+    }
 
   /* context ID field should be zero (RFC9298 section 4) */
   context_id = _http_decode_varint (&p, end);

diff --git a/src/plugins/http/test/http_test.c b/src/plugins/http/test/http_test.c
index a96d5f9..40fd446 100644 (file)
--- a/src/plugins/http/test/http_test.c
+++ b/src/plugins/http/test/http_test.c
@@ -333,11 +333,26 @@ http_test_udp_payload_datagram (vlib_main_t *vm)
   HTTP_TEST ((payload_offset == 4), "payload_offset=%u should be 4",
             payload_offset);
 
+  /* Type = 0x00, Len = incomplete */
   u8 invalid_input[] = { 0x00, 0x7B };
   rv = http_decap_udp_payload_datagram (invalid_input, sizeof (invalid_input),
                                        &payload_offset, &payload_len);
-  HTTP_TEST ((rv == -1), "'%U' should be invalid", format_hex_bytes,
-            invalid_input, sizeof (invalid_input));
+  HTTP_TEST ((rv == -1), "'%U' should be invalid (length incomplete)",
+            format_hex_bytes, invalid_input, sizeof (invalid_input));
+
+  /* Type = 0x00, Len = missing */
+  u8 invalid_input2[] = { 0x00 };
+  rv = http_decap_udp_payload_datagram (
+    invalid_input2, sizeof (invalid_input2), &payload_offset, &payload_len);
+  HTTP_TEST ((rv == -1), "'%U' should be invalid (length missing)",
+            format_hex_bytes, invalid_input2, sizeof (invalid_input2));
+
+  /* Type = 0x00, Len = 15293,  Context ID = missing */
+  u8 invalid_input3[] = { 0x00, 0x7B, 0xBD };
+  rv = http_decap_udp_payload_datagram (
+    invalid_input3, sizeof (invalid_input3), &payload_offset, &payload_len);
+  HTTP_TEST ((rv == -1), "'%U' should be invalid (context id missing)",
+            format_hex_bytes, invalid_input3, sizeof (invalid_input3));
 
   /* Type = 0x00, Len = 494878333,  Context ID = 0x00 */
   u8 long_payload_input[] = { 0x00, 0x9D, 0x7F, 0x3E, 0x7D, 0x00, 0x12 };
@@ -408,7 +423,9 @@ test_http_command_fn (vlib_main_t *vm, unformat_input_t *input,
 
 done:
   if (res)
-    return clib_error_return (0, "HTTP unit test failed");
+    return clib_error_return (0, "FAILED");
+
+  vlib_cli_output (vm, "SUCCESS");
   return 0;
 }