diff --git a/CMakeLists.txt b/CMakeLists.txt index 12998e1727f..77a50d5ba46 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -731,6 +731,7 @@ add_dependencies(buildtests_cxx head_of_line_blocking_bad_client_test) add_dependencies(buildtests_cxx headers_bad_client_test) add_dependencies(buildtests_cxx initial_settings_frame_bad_client_test) add_dependencies(buildtests_cxx large_metadata_bad_client_test) +add_dependencies(buildtests_cxx out_of_bounds_bad_client_test) add_dependencies(buildtests_cxx server_registered_method_bad_client_test) add_dependencies(buildtests_cxx simple_request_bad_client_test) add_dependencies(buildtests_cxx unknown_frame_bad_client_test) @@ -17307,6 +17308,46 @@ target_link_libraries(large_metadata_bad_client_test ) +endif (gRPC_BUILD_TESTS) +if (gRPC_BUILD_TESTS) + +add_executable(out_of_bounds_bad_client_test + test/core/bad_client/tests/out_of_bounds.cc + third_party/googletest/googletest/src/gtest-all.cc + third_party/googletest/googlemock/src/gmock-all.cc +) + + +target_include_directories(out_of_bounds_bad_client_test + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include + PRIVATE ${_gRPC_SSL_INCLUDE_DIR} + PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} + PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} + PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} + PRIVATE ${_gRPC_CARES_INCLUDE_DIR} + PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} + PRIVATE ${_gRPC_ADDRESS_SORTING_INCLUDE_DIR} + PRIVATE ${_gRPC_NANOPB_INCLUDE_DIR} + PRIVATE third_party/googletest/googletest/include + PRIVATE third_party/googletest/googletest + PRIVATE third_party/googletest/googlemock/include + PRIVATE third_party/googletest/googlemock + PRIVATE ${_gRPC_PROTO_GENS_DIR} +) + +target_link_libraries(out_of_bounds_bad_client_test + ${_gRPC_SSL_LIBRARIES} + ${_gRPC_PROTOBUF_LIBRARIES} + ${_gRPC_ALLTARGETS_LIBRARIES} + bad_client_test + grpc_test_util_unsecure + grpc_unsecure + gpr + ${_gRPC_GFLAGS_LIBRARIES} +) + + endif (gRPC_BUILD_TESTS) if (gRPC_BUILD_TESTS) diff --git a/Makefile b/Makefile index f2ef973a42e..0251d0f4f8e 100644 --- a/Makefile +++ b/Makefile @@ -1298,6 +1298,7 @@ head_of_line_blocking_bad_client_test: $(BINDIR)/$(CONFIG)/head_of_line_blocking headers_bad_client_test: $(BINDIR)/$(CONFIG)/headers_bad_client_test initial_settings_frame_bad_client_test: $(BINDIR)/$(CONFIG)/initial_settings_frame_bad_client_test large_metadata_bad_client_test: $(BINDIR)/$(CONFIG)/large_metadata_bad_client_test +out_of_bounds_bad_client_test: $(BINDIR)/$(CONFIG)/out_of_bounds_bad_client_test server_registered_method_bad_client_test: $(BINDIR)/$(CONFIG)/server_registered_method_bad_client_test simple_request_bad_client_test: $(BINDIR)/$(CONFIG)/simple_request_bad_client_test unknown_frame_bad_client_test: $(BINDIR)/$(CONFIG)/unknown_frame_bad_client_test @@ -1758,6 +1759,7 @@ buildtests_cxx: privatelibs_cxx \ $(BINDIR)/$(CONFIG)/headers_bad_client_test \ $(BINDIR)/$(CONFIG)/initial_settings_frame_bad_client_test \ $(BINDIR)/$(CONFIG)/large_metadata_bad_client_test \ + $(BINDIR)/$(CONFIG)/out_of_bounds_bad_client_test \ $(BINDIR)/$(CONFIG)/server_registered_method_bad_client_test \ $(BINDIR)/$(CONFIG)/simple_request_bad_client_test \ $(BINDIR)/$(CONFIG)/unknown_frame_bad_client_test \ @@ -1917,6 +1919,7 @@ buildtests_cxx: privatelibs_cxx \ $(BINDIR)/$(CONFIG)/headers_bad_client_test \ $(BINDIR)/$(CONFIG)/initial_settings_frame_bad_client_test \ $(BINDIR)/$(CONFIG)/large_metadata_bad_client_test \ + $(BINDIR)/$(CONFIG)/out_of_bounds_bad_client_test \ $(BINDIR)/$(CONFIG)/server_registered_method_bad_client_test \ $(BINDIR)/$(CONFIG)/simple_request_bad_client_test \ $(BINDIR)/$(CONFIG)/unknown_frame_bad_client_test \ @@ -2455,6 +2458,8 @@ test_cxx: buildtests_cxx $(Q) $(BINDIR)/$(CONFIG)/initial_settings_frame_bad_client_test || ( echo test initial_settings_frame_bad_client_test failed ; exit 1 ) $(E) "[RUN] Testing large_metadata_bad_client_test" $(Q) $(BINDIR)/$(CONFIG)/large_metadata_bad_client_test || ( echo test large_metadata_bad_client_test failed ; exit 1 ) + $(E) "[RUN] Testing out_of_bounds_bad_client_test" + $(Q) $(BINDIR)/$(CONFIG)/out_of_bounds_bad_client_test || ( echo test out_of_bounds_bad_client_test failed ; exit 1 ) $(E) "[RUN] Testing server_registered_method_bad_client_test" $(Q) $(BINDIR)/$(CONFIG)/server_registered_method_bad_client_test || ( echo test server_registered_method_bad_client_test failed ; exit 1 ) $(E) "[RUN] Testing simple_request_bad_client_test" @@ -20540,6 +20545,37 @@ ifneq ($(NO_DEPS),true) endif +OUT_OF_BOUNDS_BAD_CLIENT_TEST_SRC = \ + test/core/bad_client/tests/out_of_bounds.cc \ + +OUT_OF_BOUNDS_BAD_CLIENT_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(OUT_OF_BOUNDS_BAD_CLIENT_TEST_SRC)))) + + + +ifeq ($(NO_PROTOBUF),true) + +# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.5.0+. + +$(BINDIR)/$(CONFIG)/out_of_bounds_bad_client_test: protobuf_dep_error + +else + +$(BINDIR)/$(CONFIG)/out_of_bounds_bad_client_test: $(PROTOBUF_DEP) $(OUT_OF_BOUNDS_BAD_CLIENT_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libbad_client_test.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util_unsecure.a $(LIBDIR)/$(CONFIG)/libgrpc_unsecure.a $(LIBDIR)/$(CONFIG)/libgpr.a + $(E) "[LD] Linking $@" + $(Q) mkdir -p `dirname $@` + $(Q) $(LDXX) $(LDFLAGS) $(OUT_OF_BOUNDS_BAD_CLIENT_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libbad_client_test.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util_unsecure.a $(LIBDIR)/$(CONFIG)/libgrpc_unsecure.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/out_of_bounds_bad_client_test + +endif + +$(OBJDIR)/$(CONFIG)/test/core/bad_client/tests/out_of_bounds.o: $(LIBDIR)/$(CONFIG)/libbad_client_test.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util_unsecure.a $(LIBDIR)/$(CONFIG)/libgrpc_unsecure.a $(LIBDIR)/$(CONFIG)/libgpr.a + +deps_out_of_bounds_bad_client_test: $(OUT_OF_BOUNDS_BAD_CLIENT_TEST_OBJS:.o=.dep) + +ifneq ($(NO_DEPS),true) +-include $(OUT_OF_BOUNDS_BAD_CLIENT_TEST_OBJS:.o=.dep) +endif + + SERVER_REGISTERED_METHOD_BAD_CLIENT_TEST_SRC = \ test/core/bad_client/tests/server_registered_method.cc \ diff --git a/test/core/bad_client/gen_build_yaml.py b/test/core/bad_client/gen_build_yaml.py index a4f3e4a0a34..5d1eab7480c 100755 --- a/test/core/bad_client/gen_build_yaml.py +++ b/test/core/bad_client/gen_build_yaml.py @@ -33,6 +33,7 @@ BAD_CLIENT_TESTS = { 'initial_settings_frame': default_test_options._replace(cpu_cost=0.2), 'head_of_line_blocking': default_test_options, 'large_metadata': default_test_options, + 'out_of_bounds': default_test_options, 'server_registered_method': default_test_options, 'simple_request': default_test_options, 'window_overflow': default_test_options, diff --git a/test/core/bad_client/generate_tests.bzl b/test/core/bad_client/generate_tests.bzl index da372dd0bc9..478cfcbb823 100755 --- a/test/core/bad_client/generate_tests.bzl +++ b/test/core/bad_client/generate_tests.bzl @@ -31,6 +31,7 @@ BAD_CLIENT_TESTS = { 'initial_settings_frame': test_options(), 'head_of_line_blocking': test_options(), 'large_metadata': test_options(), + 'out_of_bounds': test_options(), 'server_registered_method': test_options(), 'simple_request': test_options(), 'window_overflow': test_options(), diff --git a/test/core/bad_client/tests/out_of_bounds.cc b/test/core/bad_client/tests/out_of_bounds.cc new file mode 100644 index 00000000000..b716e952bc1 --- /dev/null +++ b/test/core/bad_client/tests/out_of_bounds.cc @@ -0,0 +1,112 @@ +/* + * + * Copyright 2019 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include + +#include + +#include +#include "src/core/lib/surface/server.h" +#include "test/core/bad_client/bad_client.h" + +#define APPEND_BUFFER(string, to_append) \ + ((string).append((to_append), sizeof(to_append) - 1)) + +namespace { + +void verifier(grpc_server* server, grpc_completion_queue* cq, + void* registered_method) { + while (grpc_server_has_open_connections(server)) { + GPR_ASSERT(grpc_completion_queue_next( + cq, grpc_timeout_milliseconds_to_deadline(20), nullptr) + .type == GRPC_QUEUE_TIMEOUT); + } +} + +void FrameVerifier(const std::string& attack_vector) { + grpc_bad_client_arg args[2]; + args[0] = connection_preface_arg; + args[1].client_validator = nullptr; + args[1].client_payload = attack_vector.c_str(); + args[1].client_payload_length = attack_vector.size(); + grpc_run_bad_client_test(verifier, args, 2, GRPC_BAD_CLIENT_DISCONNECT); +} + +TEST(OutOfBounds, MaxFrameSizeDataFrame) { + std::string out_of_bounds_data; + // Send a data frame larger than 2^14 + APPEND_BUFFER(out_of_bounds_data, "\x01\x00\x00\x00\x00\x00\x00\x00\x01"); + out_of_bounds_data.append(1 << 16, 'a'); + FrameVerifier(out_of_bounds_data); +} + +TEST(OutOfBounds, BadSizePriorityFrame) { + std::string bad_size_priority_frame; + // Priority Frame should be a length of 5 octets + APPEND_BUFFER(bad_size_priority_frame, + "\x00\x00\x03\x02\x00\x00\x00\x00\x01" + "\x11\x11\x12"); + FrameVerifier(bad_size_priority_frame); +} + +TEST(OutOfBounds, BadSizeRstStream) { + std::string bad_size_rst_stream; + // Rst Stream Frame should have a length of 4 octets + APPEND_BUFFER(bad_size_rst_stream, + "\x00\x00\x02\x03\x00\x00\x00\x00\x01" + "\x11\x11"); + FrameVerifier(bad_size_rst_stream); +} + +TEST(OutOfBounds, BadSizeSettings) { + std::string bad_size_settings; + // Settings Frame should have a length which is a multiple of 6 octets + APPEND_BUFFER(bad_size_settings, + "\x00\x00\x05\x04\x00\x00\x00\x00\x00" + "\x11\x11\x11\x11\x11"); + FrameVerifier(bad_size_settings); +} + +TEST(OutOfBounds, BadSizePing) { + std::string bad_size_ping; + // Rst Stream Frame should have a length of 8 octets + APPEND_BUFFER(bad_size_ping, + "\x00\x00\x05\x06\x00\x00\x00\x00\x00" + "\x11\x11\x11\x11\x11"); + FrameVerifier(bad_size_ping); +} + +TEST(OutOfBounds, WindowUpdate) { + std::string bad_size_window_update; + // Window Update Frame should have a length of 4 octets + APPEND_BUFFER(bad_size_window_update, + "\x00\x00\x01\x08\x00\x00\x00\x00\x00" + "\x11"); + FrameVerifier(bad_size_window_update); +} + +} // namespace + +int main(int argc, char** argv) { + grpc_init(); + grpc::testing::TestEnvironment env(argc, argv); + ::testing::InitGoogleTest(&argc, argv); + int retval = RUN_ALL_TESTS(); + grpc_shutdown(); + return retval; +} diff --git a/tools/run_tests/generated/sources_and_headers.json b/tools/run_tests/generated/sources_and_headers.json index 3143f2cc87f..43fc3cc05ec 100644 --- a/tools/run_tests/generated/sources_and_headers.json +++ b/tools/run_tests/generated/sources_and_headers.json @@ -5386,6 +5386,23 @@ "third_party": false, "type": "target" }, + { + "deps": [ + "bad_client_test", + "gpr", + "grpc_test_util_unsecure", + "grpc_unsecure" + ], + "headers": [], + "is_filegroup": false, + "language": "c++", + "name": "out_of_bounds_bad_client_test", + "src": [ + "test/core/bad_client/tests/out_of_bounds.cc" + ], + "third_party": false, + "type": "target" + }, { "deps": [ "bad_client_test", diff --git a/tools/run_tests/generated/tests.json b/tools/run_tests/generated/tests.json index 37a69a47b23..5c24ec4fa15 100644 --- a/tools/run_tests/generated/tests.json +++ b/tools/run_tests/generated/tests.json @@ -6100,6 +6100,32 @@ ], "uses_polling": true }, + { + "args": [], + "benchmark": false, + "ci_platforms": [ + "linux", + "mac", + "posix", + "windows" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "gtest": false, + "language": "c++", + "name": "out_of_bounds_bad_client_test", + "platforms": [ + "linux", + "mac", + "posix", + "windows" + ], + "uses_polling": true + }, { "args": [], "benchmark": false,