commit 087896bccd7e1f51c9571f3d71660499da644a29
Author: Martin Blix Grydeland <martin@varnish-software.com>
Date: Tue Jun 22 11:47:58 2021 +0200
VSV00007 Test case for H2 smuggling attack
diff --git a/bin/varnishtest/tests/f00007.vtc b/bin/varnishtest/tests/f00007.vtc
new file mode 100644
index 000000000..23a2b7657
--- /dev/null
+++ b/bin/varnishtest/tests/f00007.vtc
@@ -0,0 +1,79 @@
+varnishtest "H/2 content length smuggling attack"
+
+server s1 {
+ rxreqhdrs
+ expect_close
+} -start
+
+server s2 {
+ rxreqhdrs
+ expect_close
+} -start
+
+server s3 {
+ rxreq
+ expect_close
+} -start
+
+server s4 {
+ rxreq
+ expect req.body == "A"
+ txresp
+} -start
+
+varnish v1 -vcl+backend {
+ import vtc;
+ sub vcl_backend_fetch {
+ if (bereq.url == "/1") {
+ set bereq.backend = s1;
+ } else if (bereq.url == "/2") {
+ set bereq.backend = s2;
+ } else if (bereq.url == "/3") {
+ set bereq.backend = s3;
+ } else {
+ set bereq.backend = s4;
+ }
+ }
+} -start
+
+varnish v1 -cliok "param.set feature +http2"
+varnish v1 -cliok "param.set debug +syncvsl"
+
+client c1 {
+ stream 1 {
+ txreq -req POST -url /1 -hdr "content-length" "1" -nostrend
+ txdata -data "AGET /FAIL HTTP/1.1\r\n\r\n"
+ rxrst
+ expect rst.err == PROTOCOL_ERROR
+ } -run
+} -run
+
+client c2 {
+ stream 1 {
+ txreq -req POST -url /2 -hdr "content-length" "1" -nostrend
+ txdata -data "AGET /FAIL HTTP/1.1\r\n\r\n" -nostrend
+ txdata
+ rxrst
+ expect rst.err == PROTOCOL_ERROR
+ } -run
+} -run
+
+client c3 {
+ stream 1 {
+ txreq -req POST -url /3 -hdr "content-length" "1" -nostrend
+ txdata -data "A" -nostrend
+ txdata -data "GET /FAIL HTTP/1.1\r\n\r\n"
+ rxrst
+ expect rst.err == PROTOCOL_ERROR
+ } -run
+} -run
+
+client c4 {
+ stream 1 {
+ txreq -req POST -url /4 -hdr "content-length" "1" -nostrend
+ txdata -data "A" -nostrend
+ txdata
+ rxresp
+ expect resp.status == 200
+ } -run
+} -run
_______________________________________________
varnish-commit mailing list
varnish-commit@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit
Author: Martin Blix Grydeland <martin@varnish-software.com>
Date: Tue Jun 22 11:47:58 2021 +0200
VSV00007 Test case for H2 smuggling attack
diff --git a/bin/varnishtest/tests/f00007.vtc b/bin/varnishtest/tests/f00007.vtc
new file mode 100644
index 000000000..23a2b7657
--- /dev/null
+++ b/bin/varnishtest/tests/f00007.vtc
@@ -0,0 +1,79 @@
+varnishtest "H/2 content length smuggling attack"
+
+server s1 {
+ rxreqhdrs
+ expect_close
+} -start
+
+server s2 {
+ rxreqhdrs
+ expect_close
+} -start
+
+server s3 {
+ rxreq
+ expect_close
+} -start
+
+server s4 {
+ rxreq
+ expect req.body == "A"
+ txresp
+} -start
+
+varnish v1 -vcl+backend {
+ import vtc;
+ sub vcl_backend_fetch {
+ if (bereq.url == "/1") {
+ set bereq.backend = s1;
+ } else if (bereq.url == "/2") {
+ set bereq.backend = s2;
+ } else if (bereq.url == "/3") {
+ set bereq.backend = s3;
+ } else {
+ set bereq.backend = s4;
+ }
+ }
+} -start
+
+varnish v1 -cliok "param.set feature +http2"
+varnish v1 -cliok "param.set debug +syncvsl"
+
+client c1 {
+ stream 1 {
+ txreq -req POST -url /1 -hdr "content-length" "1" -nostrend
+ txdata -data "AGET /FAIL HTTP/1.1\r\n\r\n"
+ rxrst
+ expect rst.err == PROTOCOL_ERROR
+ } -run
+} -run
+
+client c2 {
+ stream 1 {
+ txreq -req POST -url /2 -hdr "content-length" "1" -nostrend
+ txdata -data "AGET /FAIL HTTP/1.1\r\n\r\n" -nostrend
+ txdata
+ rxrst
+ expect rst.err == PROTOCOL_ERROR
+ } -run
+} -run
+
+client c3 {
+ stream 1 {
+ txreq -req POST -url /3 -hdr "content-length" "1" -nostrend
+ txdata -data "A" -nostrend
+ txdata -data "GET /FAIL HTTP/1.1\r\n\r\n"
+ rxrst
+ expect rst.err == PROTOCOL_ERROR
+ } -run
+} -run
+
+client c4 {
+ stream 1 {
+ txreq -req POST -url /4 -hdr "content-length" "1" -nostrend
+ txdata -data "A" -nostrend
+ txdata
+ rxresp
+ expect resp.status == 200
+ } -run
+} -run
_______________________________________________
varnish-commit mailing list
varnish-commit@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit