mirror of
https://github.com/xroche/httrack.git
synced 2026-07-09 10:27:07 +03:00
Compare commits
3 Commits
fix-header
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
a707d4b845 | ||
|
|
65c1016a4e | ||
|
|
fd2252dc8c |
3
.gitignore
vendored
3
.gitignore
vendored
@@ -34,8 +34,9 @@ Makefile
|
||||
*.so.*
|
||||
*.a
|
||||
|
||||
# make dist output.
|
||||
# make dist output; dist/ holds httrack-gh-release staging artifacts.
|
||||
/httrack-*.tar.gz
|
||||
/dist/
|
||||
|
||||
# Editor / autotools backup files.
|
||||
*~
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
# libFuzzer harnesses; built only with --enable-fuzzers (requires clang).
|
||||
if FUZZERS
|
||||
noinst_PROGRAMS = fuzz-charset fuzz-meta fuzz-idna fuzz-entities \
|
||||
fuzz-unescape fuzz-filters fuzz-url
|
||||
fuzz-unescape fuzz-filters fuzz-url fuzz-header fuzz-cachendx
|
||||
endif
|
||||
|
||||
AM_CPPFLAGS = \
|
||||
@@ -23,6 +23,8 @@ fuzz_entities_SOURCES = fuzz-entities.c fuzz.h
|
||||
fuzz_unescape_SOURCES = fuzz-unescape.c fuzz.h
|
||||
fuzz_filters_SOURCES = fuzz-filters.c fuzz.h
|
||||
fuzz_url_SOURCES = fuzz-url.c fuzz.h
|
||||
fuzz_header_SOURCES = fuzz-header.c fuzz.h
|
||||
fuzz_cachendx_SOURCES = fuzz-cachendx.c fuzz.h
|
||||
|
||||
# List corpus files explicitly: automake does not expand EXTRA_DIST globs.
|
||||
EXTRA_DIST = README.md run-fuzzers.sh \
|
||||
@@ -35,4 +37,8 @@ EXTRA_DIST = README.md run-fuzzers.sh \
|
||||
corpus/filters/filter.bin corpus/filters/filter-size.bin \
|
||||
corpus/filters/regress-empty-subject-unique.bin \
|
||||
corpus/url/http-url.txt corpus/url/relative-path.txt \
|
||||
corpus/url/regress-file-empty-path.txt corpus/url/regress-long-path-abort.txt
|
||||
corpus/url/regress-file-empty-path.txt corpus/url/regress-long-path-abort.txt \
|
||||
corpus/header/full-response.txt corpus/header/redirect.txt \
|
||||
corpus/cachendx/new-format.txt corpus/cachendx/old-format.txt \
|
||||
corpus/cachendx/regress-overadvance.bin \
|
||||
corpus/cachendx/regress-truncated-entry.bin
|
||||
|
||||
7
fuzz/corpus/cachendx/new-format.txt
Normal file
7
fuzz/corpus/cachendx/new-format.txt
Normal file
@@ -0,0 +1,7 @@
|
||||
8
|
||||
CACHE-1.1
|
||||
28
|
||||
Mon, 01 Jan 2024 00:00:00 GMT
|
||||
www.example.com
|
||||
/index.html
|
||||
123
|
||||
5
fuzz/corpus/cachendx/old-format.txt
Normal file
5
fuzz/corpus/cachendx/old-format.txt
Normal file
@@ -0,0 +1,5 @@
|
||||
3
|
||||
1.0
|
||||
www.example.com
|
||||
/page
|
||||
5
|
||||
2
fuzz/corpus/cachendx/regress-overadvance.bin
Normal file
2
fuzz/corpus/cachendx/regress-overadvance.bin
Normal file
@@ -0,0 +1,2 @@
|
||||
32768
|
||||
CACHE-1.1
|
||||
5
fuzz/corpus/cachendx/regress-truncated-entry.bin
Normal file
5
fuzz/corpus/cachendx/regress-truncated-entry.bin
Normal file
@@ -0,0 +1,5 @@
|
||||
8
|
||||
CACHE-1.1
|
||||
1
|
||||
x
|
||||
www.example.com
|
||||
10
fuzz/corpus/header/full-response.txt
Normal file
10
fuzz/corpus/header/full-response.txt
Normal file
@@ -0,0 +1,10 @@
|
||||
HTTP/1.1 200 OK
|
||||
Content-Type: text/html; charset=utf-8
|
||||
Content-Length: 1234
|
||||
Content-Encoding: gzip
|
||||
Last-Modified: Mon, 01 Jan 2024 00:00:00 GMT
|
||||
Etag: "abc"
|
||||
Location: http://example.com/x
|
||||
Set-Cookie: ID=42; path=/; domain=.example.com
|
||||
Content-Range: bytes 0-99/100
|
||||
Transfer-Encoding: chunked
|
||||
3
fuzz/corpus/header/redirect.txt
Normal file
3
fuzz/corpus/header/redirect.txt
Normal file
@@ -0,0 +1,3 @@
|
||||
HTTP/1.0 301 Moved
|
||||
Location: /elsewhere
|
||||
Content-Disposition: attachment; filename="a.pdf"
|
||||
66
fuzz/fuzz-cachendx.c
Normal file
66
fuzz/fuzz-cachendx.c
Normal file
@@ -0,0 +1,66 @@
|
||||
/* ------------------------------------------------------------ */
|
||||
/*
|
||||
HTTrack Website Copier, Offline Browser for Windows and Unix
|
||||
Copyright (C) 2026 Xavier Roche and other contributors
|
||||
|
||||
SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
Ethical use: we kindly ask that you NOT use this software to harvest email
|
||||
addresses or to collect any other private information about people. Doing so
|
||||
would dishonor our work and waste the many hours we have spent on it.
|
||||
|
||||
Please visit our Website: http://www.httrack.com
|
||||
*/
|
||||
|
||||
/* Fuzz the cache-index (.ndx) parser: a corrupt or truncated index must not
|
||||
walk the length-prefixed cache_brstr/cache_binput scan past the buffer.
|
||||
Mirrors the loader in cache_readex_new (htscache.c). */
|
||||
#include "fuzz.h"
|
||||
#include "htscache.h"
|
||||
#include "htslib.h"
|
||||
|
||||
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
||||
char *buf = fuzz_strdup(data, size);
|
||||
const char *const end = buf + size;
|
||||
char firstline[256];
|
||||
char *a = buf;
|
||||
|
||||
/* header: two length-prefixed fields (version, last-modified) */
|
||||
a += cache_brstr(a, firstline, sizeof(firstline));
|
||||
a += cache_brstr(a, firstline, sizeof(firstline));
|
||||
|
||||
/* body: newline-delimited host/file/position triples. The coucal insert
|
||||
the real loader ends with is a separate library's concern; this harness
|
||||
targets the length-prefixed scan that must stay inside the buffer. */
|
||||
while (a != NULL && a < end) {
|
||||
char BIGSTK line[HTS_URLMAXSIZE * 2];
|
||||
char linepos[256];
|
||||
int pos;
|
||||
|
||||
a = strchr(a + 1, '\n');
|
||||
if (a == NULL)
|
||||
break;
|
||||
a++;
|
||||
a += cache_binput(a, end, line, HTS_URLMAXSIZE);
|
||||
a += cache_binput(a, end, line + strlen(line), HTS_URLMAXSIZE);
|
||||
a += cache_binput(a, end, linepos, 200);
|
||||
sscanf(linepos, "%d", &pos);
|
||||
(void) pos;
|
||||
}
|
||||
|
||||
freet(buf);
|
||||
return 0;
|
||||
}
|
||||
70
fuzz/fuzz-header.c
Normal file
70
fuzz/fuzz-header.c
Normal file
@@ -0,0 +1,70 @@
|
||||
/* ------------------------------------------------------------ */
|
||||
/*
|
||||
HTTrack Website Copier, Offline Browser for Windows and Unix
|
||||
Copyright (C) 2026 Xavier Roche and other contributors
|
||||
|
||||
SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
Ethical use: we kindly ask that you NOT use this software to harvest email
|
||||
addresses or to collect any other private information about people. Doing so
|
||||
would dishonor our work and waste the many hours we have spent on it.
|
||||
|
||||
Please visit our Website: http://www.httrack.com
|
||||
*/
|
||||
|
||||
/* Fuzz the HTTP response-header parser (htslib.c): treatfirstline on the
|
||||
status line, treathead on each following header. Both consume raw bytes
|
||||
off the wire and copy fields into fixed htsblk buffers; treathead also
|
||||
mutates its line in place and drives cookie parsing. */
|
||||
#include "fuzz.h"
|
||||
#include "htslib.h"
|
||||
#include "htsbauth.h"
|
||||
|
||||
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
||||
char *buf = fuzz_strdup(data, size);
|
||||
htsblk r;
|
||||
t_cookie *cookie = calloct(1, sizeof(*cookie));
|
||||
char *line = malloct(size + 1);
|
||||
char *p = buf;
|
||||
int first = 1;
|
||||
|
||||
memset(&r, 0, sizeof(r));
|
||||
cookie->max_len = (int) sizeof(cookie->data);
|
||||
r.location = malloct(HTS_URLMAXSIZE * 2);
|
||||
r.location[0] = '\0';
|
||||
|
||||
/* feed one header line at a time, as the receive loop does */
|
||||
while (p != NULL && *p != '\0') {
|
||||
char *nl = strchr(p, '\n');
|
||||
size_t n = (nl != NULL) ? (size_t) (nl - p) : strlen(p);
|
||||
|
||||
memcpy(line, p, n);
|
||||
line[n] = '\0';
|
||||
if (first) {
|
||||
treatfirstline(&r, line);
|
||||
first = 0;
|
||||
} else {
|
||||
treathead(cookie, "www.example.com", "/", &r, line);
|
||||
}
|
||||
p = (nl != NULL) ? nl + 1 : NULL;
|
||||
}
|
||||
|
||||
freet(r.location);
|
||||
freet(line);
|
||||
freet(cookie);
|
||||
freet(buf);
|
||||
return 0;
|
||||
}
|
||||
@@ -1938,15 +1938,17 @@ void cache_init(cache_back * cache, httrackp * opt) {
|
||||
char linepos[256];
|
||||
int pos;
|
||||
|
||||
while((a != NULL) && (a < (cache->use + buffl))) {
|
||||
const char *const end = cache->use + buffl;
|
||||
|
||||
while ((a != NULL) && (a < end)) {
|
||||
a = strchr(a + 1, '\n'); /* start of line */
|
||||
if (a) {
|
||||
a++;
|
||||
/* read "host/file" */
|
||||
a += binput(a, line, HTS_URLMAXSIZE);
|
||||
a += binput(a, line + strlen(line), HTS_URLMAXSIZE);
|
||||
a += cache_binput(a, end, line, HTS_URLMAXSIZE);
|
||||
a += cache_binput(a, end, line + strlen(line), HTS_URLMAXSIZE);
|
||||
/* read position */
|
||||
a += binput(a, linepos, 200);
|
||||
a += cache_binput(a, end, linepos, 200);
|
||||
sscanf(linepos, "%d", &pos);
|
||||
coucal_add(cache->hashtable, line, pos);
|
||||
}
|
||||
@@ -2291,23 +2293,40 @@ int cache_brstr(char *adr, char *s, size_t s_size) {
|
||||
char buff[256 + 4];
|
||||
|
||||
off = binput(adr, buff, 256);
|
||||
adr += off;
|
||||
sscanf(buff, "%d", &i);
|
||||
if (i < 0 || i > 32768) /* guard a corrupt length */
|
||||
/* binput stops at the buffer's terminating NUL; a value can only follow a
|
||||
real line terminator, so never step past end-of-buffer. */
|
||||
if (adr[off - 1] == '\0') {
|
||||
s[0] = '\0';
|
||||
return off - 1;
|
||||
}
|
||||
/* an empty/non-numeric field leaves i unset: treat as length 0 */
|
||||
if (sscanf(buff, "%d", &i) != 1 || i < 0 || i > 32768)
|
||||
i = 0;
|
||||
if (i > 0) {
|
||||
/* copy at most s_size-1 bytes; advance past the full field regardless */
|
||||
const size_t store = (size_t) i < s_size ? (size_t) i : s_size - 1;
|
||||
/* A corrupt/truncated cache may declare a length past the buffer end;
|
||||
bound both the copy and the advance to the bytes actually present. */
|
||||
const size_t avail = strnlen(adr + off, (size_t) i);
|
||||
const size_t store = avail < s_size ? avail : s_size - 1;
|
||||
|
||||
strncpy(s, adr, store);
|
||||
memcpy(s, adr + off, store);
|
||||
s[store] = '\0';
|
||||
off += (int) avail;
|
||||
} else {
|
||||
s[0] = '\0';
|
||||
}
|
||||
off += i;
|
||||
return off;
|
||||
}
|
||||
|
||||
/* binput bounded to a NUL-terminated buffer: refuse to start a read at or
|
||||
past `end`, so a prior over-advance can't walk a cache-index parse OOB. */
|
||||
int cache_binput(char *adr, const char *end, char *s, int max) {
|
||||
if (adr >= end) {
|
||||
s[0] = '\0';
|
||||
return 0;
|
||||
}
|
||||
return binput(adr, s, max);
|
||||
}
|
||||
|
||||
/* idem, mais en int */
|
||||
int cache_brint(char *adr, int *i) {
|
||||
char s[256];
|
||||
|
||||
@@ -97,6 +97,8 @@ int cache_readdata(cache_back * cache, const char *str1, const char *str2,
|
||||
void cache_rstr(FILE *fp, char *s, size_t s_size);
|
||||
char *cache_rstr_addr(FILE * fp);
|
||||
int cache_brstr(char *adr, char *s, size_t s_size);
|
||||
/* binput over a NUL-terminated buffer, bounded: no read starts at/past end. */
|
||||
int cache_binput(char *adr, const char *end, char *s, int max);
|
||||
int cache_brint(char *adr, int *i);
|
||||
void cache_rint(FILE * fp, int *i);
|
||||
void cache_rLLint(FILE * fp, LLint * i);
|
||||
|
||||
@@ -1953,18 +1953,20 @@ static int hts_main_internal(int argc, char **argv, httrackp * opt) {
|
||||
char BIGSTK url[HTS_URLMAXSIZE * 2];
|
||||
char linepos[256];
|
||||
int pos;
|
||||
char *cacheNdx =
|
||||
readfile(fconcat
|
||||
(OPT_GET_BUFF(opt), OPT_GET_BUFF_SIZE(opt), StringBuff(opt->path_log),
|
||||
"hts-cache/new.ndx"));
|
||||
LLint cacheNdxLen = 0;
|
||||
char *cacheNdx = readfile2(
|
||||
fconcat(OPT_GET_BUFF(opt), OPT_GET_BUFF_SIZE(opt),
|
||||
StringBuff(opt->path_log), "hts-cache/new.ndx"),
|
||||
&cacheNdxLen);
|
||||
cache_init(&cache, opt); /* load cache */
|
||||
if (cacheNdx != NULL) {
|
||||
char firstline[256];
|
||||
char *a = cacheNdx;
|
||||
const char *const end = cacheNdx + cacheNdxLen;
|
||||
|
||||
a += cache_brstr(a, firstline, sizeof(firstline));
|
||||
a += cache_brstr(a, firstline, sizeof(firstline));
|
||||
while(a != NULL) {
|
||||
while (a != NULL && a < end) {
|
||||
a = strchr(a + 1, '\n'); /* start of line */
|
||||
if (a) {
|
||||
htsblk r;
|
||||
@@ -1972,15 +1974,15 @@ static int hts_main_internal(int argc, char **argv, httrackp * opt) {
|
||||
/* */
|
||||
a++;
|
||||
/* read "host/file" */
|
||||
a += binput(a, afs.af.adr, HTS_URLMAXSIZE);
|
||||
a += binput(a, afs.af.fil, HTS_URLMAXSIZE);
|
||||
a += cache_binput(a, end, afs.af.adr, HTS_URLMAXSIZE);
|
||||
a += cache_binput(a, end, afs.af.fil, HTS_URLMAXSIZE);
|
||||
url[0] = '\0';
|
||||
if (!link_has_authority(afs.af.adr))
|
||||
strcatbuff(url, "http://");
|
||||
strcatbuff(url, afs.af.adr);
|
||||
strcatbuff(url, afs.af.fil);
|
||||
/* read position */
|
||||
a += binput(a, linepos, 200);
|
||||
a += cache_binput(a, end, linepos, 200);
|
||||
sscanf(linepos, "%d", &pos);
|
||||
if (!hasFilter
|
||||
|| (strjoker(url, filter, NULL, NULL) != NULL)
|
||||
|
||||
@@ -1562,7 +1562,7 @@ void treathead(t_cookie * cookie, const char *adr, const char *fil, htsblk * ret
|
||||
}
|
||||
// An empty/whitespace Content-Type value yields no token: keep the
|
||||
// sentinel default rather than reading an uninitialized tempo.
|
||||
if (sscanf(rcvd + p, "%s", tempo) == 1) {
|
||||
if (sscanf(rcvd + p, "%1099s", tempo) == 1) { // tempo[1100], server data
|
||||
if (strlen(tempo) < sizeof(retour->contenttype) - 2) // pas trop long!!
|
||||
strcpybuff(retour->contenttype, tempo);
|
||||
else
|
||||
@@ -1657,11 +1657,11 @@ void treathead(t_cookie * cookie, const char *adr, const char *fil, htsblk * ret
|
||||
if (a)
|
||||
*a = '\0';
|
||||
}
|
||||
sscanf(a, "%s", tempo);
|
||||
if (strlen(tempo) < 64) // pas trop long!!
|
||||
// Bound to tempo[1100]; no token => leave empty, don't read uninit tempo.
|
||||
if (sscanf(a, "%1099s", tempo) == 1 && strlen(tempo) < 64)
|
||||
strcpybuff(retour->contentencoding, tempo);
|
||||
else
|
||||
retour->contentencoding[0] = '\0'; // erreur
|
||||
retour->contentencoding[0] = '\0';
|
||||
#if HTS_USEZLIB
|
||||
/* Check known encodings */
|
||||
if (retour->contentencoding[0]) {
|
||||
|
||||
@@ -46,6 +46,7 @@ Please visit our Website: http://www.httrack.com
|
||||
#include "htsdefines.h"
|
||||
#include "htslib.h"
|
||||
#include "htsparse.h"
|
||||
#include "htscache.h"
|
||||
#include "htscache_selftest.h"
|
||||
#include "htsdns_selftest.h"
|
||||
#include "htscharset.h"
|
||||
@@ -1163,6 +1164,26 @@ static int st_header(httrackp *opt, int argc, char **argv) {
|
||||
treathead(NULL, "www.example.com", "/", &r, line);
|
||||
}
|
||||
printf("contenttype=%s cdispo=%s\n", r.contenttype, r.cdispo);
|
||||
printf("contentencoding=%s\n", r.contentencoding);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* An over-long header value must not overflow treathead's tempo[1100]. */
|
||||
static int st_headerlong(httrackp *opt, int argc, char **argv) {
|
||||
htsblk r;
|
||||
char BIGSTK line[HTS_URLMAXSIZE * 2];
|
||||
const char *const name = argc >= 1 ? argv[0] : "Content-Type:";
|
||||
const int pad = 1500; /* > tempo[1100] */
|
||||
size_t n;
|
||||
|
||||
(void) opt;
|
||||
memset(&r, 0, sizeof(r));
|
||||
n = (size_t) snprintf(line, sizeof(line), "%s ", name);
|
||||
memset(line + n, 'a', pad);
|
||||
line[n + pad] = '\0';
|
||||
treathead(NULL, "www.example.com", "/", &r, line);
|
||||
printf("contenttype_len=%d contentencoding_len=%d\n",
|
||||
(int) strlen(r.contenttype), (int) strlen(r.contentencoding));
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -1370,6 +1391,78 @@ static int st_cache(httrackp *opt, int argc, char **argv) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* A corrupt cache index (.ndx) must not walk the length-prefixed scan past
|
||||
the buffer. Checks the two primitives the loader is built from. */
|
||||
static int st_cacheindex(httrackp *opt, int argc, char **argv) {
|
||||
int fail = 0;
|
||||
|
||||
(void) opt;
|
||||
(void) argc;
|
||||
(void) argv;
|
||||
|
||||
/* A length prefix that overstates the bytes present must bound the advance
|
||||
to the buffer, not trust the declared length. */
|
||||
{
|
||||
static const char src[] = "32768\nCACHE-1.1";
|
||||
const size_t len = sizeof(src) - 1;
|
||||
char *buf = malloct(len + 1);
|
||||
char s[256];
|
||||
int off;
|
||||
|
||||
memcpy(buf, src, len + 1);
|
||||
off = cache_brstr(buf, s, sizeof(s));
|
||||
if (off > (int) len) {
|
||||
printf("cacheindex: over-advance off=%d len=%d\n", off, (int) len);
|
||||
fail = 1;
|
||||
}
|
||||
if (strcmp(s, "CACHE-1.1") != 0) {
|
||||
printf("cacheindex: value=%s\n", s);
|
||||
fail = 1;
|
||||
}
|
||||
freet(buf);
|
||||
}
|
||||
|
||||
/* cache_binput reads a field while in bounds, but refuses one starting at
|
||||
or past end-of-buffer. */
|
||||
{
|
||||
char buf[8] = "ab\ncd";
|
||||
const char *const end = buf + 5;
|
||||
char s[16];
|
||||
|
||||
if (cache_binput(buf, end, s, sizeof(s)) != 3 || strcmp(s, "ab") != 0)
|
||||
fail = 1; /* normal read: "ab" then the '\n', 3 bytes consumed */
|
||||
if (cache_binput(end, end, s, sizeof(s)) != 0 || s[0] != '\0')
|
||||
fail = 1;
|
||||
}
|
||||
|
||||
/* Drive the full loader scan over a truncated index: a declared length that
|
||||
overshoots plus a half-written entry. ASan aborts here on the pre-fix
|
||||
scan; the cursor must never leave the buffer. */
|
||||
{
|
||||
static const char src[] = "9\nCACHE-1.1\n99\nwww.example.com\n/a";
|
||||
const size_t len = sizeof(src) - 1;
|
||||
char *buf = malloct(len + 1);
|
||||
const char *const end = buf + len;
|
||||
char line[256];
|
||||
char *a = buf;
|
||||
|
||||
memcpy(buf, src, len + 1);
|
||||
a += cache_brstr(a, line, sizeof(line));
|
||||
a += cache_brstr(a, line, sizeof(line));
|
||||
while (a != NULL && a < end) {
|
||||
a = strchr(a + 1, '\n');
|
||||
if (a == NULL)
|
||||
break;
|
||||
a++;
|
||||
a += cache_binput(a, end, line, sizeof(line));
|
||||
}
|
||||
freet(buf);
|
||||
}
|
||||
|
||||
printf("cacheindex: %s\n", fail ? "FAIL" : "OK");
|
||||
return fail;
|
||||
}
|
||||
|
||||
static int st_cache_golden(httrackp *opt, int argc, char **argv) {
|
||||
int regen, err;
|
||||
|
||||
@@ -2185,11 +2278,16 @@ static const struct selftest_entry {
|
||||
{"identurl", "<url>", "split an absolute URL into (adr, fil)", st_identurl},
|
||||
{"header", "<raw-header-line> ...", "response header-line parsing",
|
||||
st_header},
|
||||
{"headerlong", "[header-name:]",
|
||||
"over-long header value must not overflow the parse scratch",
|
||||
st_headerlong},
|
||||
{"savename", "<fil> <content-type> [key=value ...]",
|
||||
"local save-name for a URL", st_savename},
|
||||
{"sniff", "<content-type> <hex:..|text>", "MIME magic consistency",
|
||||
st_sniff},
|
||||
{"cache", "<dir>", "cache read/write round-trip self-test", st_cache},
|
||||
{"cacheindex", "", "cache-index (.ndx) parse must stay in bounds",
|
||||
st_cacheindex},
|
||||
{"cache-golden", "<dir> [regen]", "frozen cache-format read self-test",
|
||||
st_cache_golden},
|
||||
{"cache-writefail", "<dir>", "cache write-failure handling self-test",
|
||||
|
||||
10
tests/01_engine-cacheindex.test
Executable file
10
tests/01_engine-cacheindex.test
Executable file
@@ -0,0 +1,10 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
# Cache-index (.ndx) parse must stay inside the buffer on a corrupt length
|
||||
# prefix (ASan aborts here on the pre-fix binary; the OK check gates the
|
||||
# non-sanitized build too).
|
||||
|
||||
test "$(httrack -O /dev/null -#test=cacheindex)" == 'cacheindex: OK'
|
||||
@@ -27,3 +27,16 @@ hdr 'contenttype= cdispo=report.pdf' \
|
||||
# Path components in the filename are dropped on the wire (RFC 2616).
|
||||
hdr 'contenttype= cdispo=evil.pdf' \
|
||||
'Content-Disposition: attachment; filename="../../evil.pdf"'
|
||||
|
||||
# An over-long header value must not overflow the parse scratch (ASan aborts
|
||||
# here on the pre-fix binary).
|
||||
test "$(httrack -O /dev/null -#test=headerlong 'Content-Type:')" \
|
||||
== 'contenttype_len=32 contentencoding_len=0'
|
||||
test "$(httrack -O /dev/null -#test=headerlong 'Content-Encoding:')" \
|
||||
== 'contenttype_len=0 contentencoding_len=0'
|
||||
|
||||
# An empty Content-Encoding yields no token: leave it empty, don't read the
|
||||
# uninitialized scratch (MSan aborts here on the pre-fix binary).
|
||||
enc() { httrack -O /dev/null -#test=header "$1" | grep '^contentencoding='; }
|
||||
test "$(enc 'Content-Encoding:')" == 'contentencoding='
|
||||
test "$(enc 'Content-Encoding: gzip')" == 'contentencoding=gzip'
|
||||
|
||||
@@ -38,6 +38,7 @@ TESTS = \
|
||||
01_engine-filterdual.test \
|
||||
01_engine-ftp-line.test \
|
||||
01_engine-ftp-userpass.test \
|
||||
01_engine-cacheindex.test \
|
||||
01_engine-hashtable.test \
|
||||
01_engine-header.test \
|
||||
01_engine-idna.test \
|
||||
|
||||
Reference in New Issue
Block a user