Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: sync with go1.20.12 #53

Merged
merged 4 commits into from
Dec 12, 2023
Merged

chore: sync with go1.20.12 #53

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c9ccc24
[release-branch.go1.20] net/http: limit chunked data overhead
neild Nov 7, 2023
2f48a34
chore: prepare for merging go1.20.12
bassosimone Dec 12, 2023
90ac5cd
Merge branch 'golang-http-upstream' into merged-main
bassosimone Dec 12, 2023
3dc9ee1
chore: update deps
bassosimone Dec 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion UPSTREAM
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
go1.20.11
go1.20.12
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,6 @@ module github.com/ooni/oohttp

go 1.20

require golang.org/x/net v0.18.0
require golang.org/x/net v0.19.0

require golang.org/x/text v0.14.0 // indirect
4 changes: 2 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg=
golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
36 changes: 30 additions & 6 deletions internal/chunked.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,8 @@ type chunkedReader struct {
n uint64 // unread bytes in chunk
err error
buf [2]byte
checkEnd bool // whether need to check for \r\n chunk footer
checkEnd bool // whether need to check for \r\n chunk footer
excess int64 // "excessive" chunk overhead, for malicious sender detection
}

func (cr *chunkedReader) beginChunk() {
Expand All @@ -49,10 +50,38 @@ func (cr *chunkedReader) beginChunk() {
if cr.err != nil {
return
}
cr.excess += int64(len(line)) + 2 // header, plus \r\n after the chunk data
line = trimTrailingWhitespace(line)
line, cr.err = removeChunkExtension(line)
if cr.err != nil {
return
}
cr.n, cr.err = parseHexUint(line)
if cr.err != nil {
return
}
// A sender who sends one byte per chunk will send 5 bytes of overhead
// for every byte of data. ("1\r\nX\r\n" to send "X".)
// We want to allow this, since streaming a byte at a time can be legitimate.
//
// A sender can use chunk extensions to add arbitrary amounts of additional
// data per byte read. ("1;very long extension\r\nX\r\n" to send "X".)
// We don't want to disallow extensions (although we discard them),
// but we also don't want to allow a sender to reduce the signal/noise ratio
// arbitrarily.
//
// We track the amount of excess overhead read,
// and produce an error if it grows too large.
//
// Currently, we say that we're willing to accept 16 bytes of overhead per chunk,
// plus twice the amount of real data in the chunk.
cr.excess -= 16 + (2 * int64(cr.n))
if cr.excess < 0 {
cr.excess = 0
}
if cr.excess > 16*1024 {
cr.err = errors.New("chunked encoding contains too much non-data")
}
if cr.n == 0 {
cr.err = io.EOF
}
Expand Down Expand Up @@ -140,11 +169,6 @@ func readChunkLine(b *bufio.Reader) ([]byte, error) {
if len(p) >= maxLineLength {
return nil, ErrLineTooLong
}
p = trimTrailingWhitespace(p)
p, err = removeChunkExtension(p)
if err != nil {
return nil, err
}
return p, nil
}

Expand Down
59 changes: 59 additions & 0 deletions internal/chunked_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -239,3 +239,62 @@ func TestChunkEndReadError(t *testing.T) {
t.Errorf("expected %v, got %v", readErr, err)
}
}

func TestChunkReaderTooMuchOverhead(t *testing.T) {
// If the sender is sending 100x as many chunk header bytes as chunk data,
// we should reject the stream at some point.
chunk := []byte("1;")
for i := 0; i < 100; i++ {
chunk = append(chunk, 'a') // chunk extension
}
chunk = append(chunk, "\r\nX\r\n"...)
const bodylen = 1 << 20
r := NewChunkedReader(&funcReader{f: func(i int) ([]byte, error) {
if i < bodylen {
return chunk, nil
}
return []byte("0\r\n"), nil
}})
_, err := io.ReadAll(r)
if err == nil {
t.Fatalf("successfully read body with excessive overhead; want error")
}
}

func TestChunkReaderByteAtATime(t *testing.T) {
// Sending one byte per chunk should not trip the excess-overhead detection.
const bodylen = 1 << 20
r := NewChunkedReader(&funcReader{f: func(i int) ([]byte, error) {
if i < bodylen {
return []byte("1\r\nX\r\n"), nil
}
return []byte("0\r\n"), nil
}})
got, err := io.ReadAll(r)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if len(got) != bodylen {
t.Errorf("read %v bytes, want %v", len(got), bodylen)
}
}

type funcReader struct {
f func(iteration int) ([]byte, error)
i int
b []byte
err error
}

func (r *funcReader) Read(p []byte) (n int, err error) {
if len(r.b) == 0 && r.err == nil {
r.b, r.err = r.f(r.i)
r.i++
}
n = copy(p, r.b)
r.b = r.b[n:]
if len(r.b) > 0 {
return n, nil
}
return n, r.err
}