diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2016-07-21 10:38:37 +1200 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2016-07-21 10:38:37 +1200 |
| commit | 02acfb1242d126e17a295ff8078ef9a73201c7ca (patch) | |
| tree | 0f5df1008c792407de6b75ab4edb4bd9e04616ad | |
| parent | b27db1fc812b5b9935599caf5d0a2cdfe34d7322 (diff) | |
| download | mitmproxy-02acfb1242d126e17a295ff8078ef9a73201c7ca.tar.gz mitmproxy-02acfb1242d126e17a295ff8078ef9a73201c7ca.tar.bz2 mitmproxy-02acfb1242d126e17a295ff8078ef9a73201c7ca.zip | |
Fix netlib.utils.is_valid_host
- Don't crash when passed an empty string. This translated into an actual core
crash, discovered while fuzzing with afl.
- Taking a slice of length one out of bytes returns an integer, so the check
for trailing period in this function never worked on Python3.
- Add unit tests.
| -rw-r--r-- | netlib/utils.py | 4 | ||||
| -rw-r--r-- | test/netlib/http/http1/test_read.py | 9 | ||||
| -rw-r--r-- | test/netlib/test_utils.py | 7 |
3 files changed, 18 insertions, 2 deletions
diff --git a/netlib/utils.py b/netlib/utils.py index 9eebf22c..0deb7c82 100644 --- a/netlib/utils.py +++ b/netlib/utils.py @@ -82,7 +82,7 @@ _label_valid = re.compile(b"(?!-)[A-Z\d-]{1,63}(?<!-)$", re.IGNORECASE) def is_valid_host(host): # type: (bytes) -> bool """ - Checks if a hostname is valid. + Checks if a hostname is valid. """ try: host.decode("idna") @@ -90,7 +90,7 @@ def is_valid_host(host): return False if len(host) > 255: return False - if host[-1] == b".": + if host and host[-1:] == b".": host = host[:-1] return all(_label_valid.match(x) for x in host.split(b".")) diff --git a/test/netlib/http/http1/test_read.py b/test/netlib/http/http1/test_read.py index c8a40ecb..44eff2ee 100644 --- a/test/netlib/http/http1/test_read.py +++ b/test/netlib/http/http1/test_read.py @@ -13,6 +13,7 @@ from netlib.http.http1.read import ( _read_headers, _read_chunked, get_header_tokens ) from netlib.tutils import treq, tresp, raises +from netlib import exceptions def test_get_header_tokens(): @@ -42,6 +43,14 @@ def test_read_request(input): assert rfile.read() == b"skip" +@pytest.mark.parametrize("input", [ + b"CONNECT :0 0", +]) +def test_read_request_error(input): + rfile = BytesIO(input) + raises(exceptions.HttpException, read_request, rfile) + + def test_read_request_head(): rfile = BytesIO( b"GET / HTTP/1.1\r\n" diff --git a/test/netlib/test_utils.py b/test/netlib/test_utils.py index eaa66f13..f6acec03 100644 --- a/test/netlib/test_utils.py +++ b/test/netlib/test_utils.py @@ -3,6 +3,13 @@ from netlib import utils, tutils +def test_is_valid_host(): + assert not utils.is_valid_host(b"") + assert utils.is_valid_host(b"one.two") + assert not utils.is_valid_host(b"one"*255) + assert utils.is_valid_host(b"one.two.") + + def test_bidi(): b = utils.BiDi(a=1, b=2) assert b.a == 1 |