diff --git a/httplib.h b/httplib.h index 47ed620..9128dc7 100644 --- a/httplib.h +++ b/httplib.h @@ -4967,6 +4967,10 @@ inline bool Server::read_content(Stream &strm, Request &req, Response &res) { })) { const auto &content_type = req.get_header_value("Content-Type"); if (!content_type.find("application/x-www-form-urlencoded")) { + if (req.body.size() > CPPHTTPLIB_REQUEST_URI_MAX_LENGTH) { + res.status = 413; // NOTE: should be 414? + return false; + } detail::parse_query_text(req.body, req.params); } return true; diff --git a/test/Makefile b/test/Makefile index 77fc202..db78014 100644 --- a/test/Makefile +++ b/test/Makefile @@ -1,5 +1,5 @@ #CXX = clang++ -CXXFLAGS = -g -std=c++11 -I. -Wall -Wextra -Wtype-limits -Wconversion #-fsanitize=address +CXXFLAGS = -g -std=c++11 -I. -I.. -Wall -Wextra -Wtype-limits -Wconversion #-fsanitize=address OPENSSL_DIR = /usr/local/opt/openssl@1.1 OPENSSL_SUPPORT = -DCPPHTTPLIB_OPENSSL_SUPPORT -I$(OPENSSL_DIR)/include -L$(OPENSSL_DIR)/lib -lssl -lcrypto @@ -11,22 +11,44 @@ BROTLI_SUPPORT = -DCPPHTTPLIB_BROTLI_SUPPORT -I$(BROTLI_DIR)/include -L$(BROTLI_ TEST_ARGS = gtest/gtest-all.cc gtest/gtest_main.cc $(OPENSSL_SUPPORT) $(ZLIB_SUPPORT) $(BROTLI_SUPPORT) -pthread +# By default, use standalone_fuzz_target_runner. +# This runner does no fuzzing, but simply executes the inputs +# provided via parameters. +# Run e.g. "make all LIB_FUZZING_ENGINE=/path/to/libFuzzer.a" +# to link the fuzzer(s) against a real fuzzing engine. +# OSS-Fuzz will define its own value for LIB_FUZZING_ENGINE. +LIB_FUZZING_ENGINE ?= standalone_fuzz_target_runner.o + all : test test_split ./test -# Note: The intention of test_split is to verify that it works to compile and -# link the split httplib.h, so there is normally no need to execute it. proxy : test_proxy ./test_proxy test : test.cc include_httplib.cc ../httplib.h Makefile cert.pem - $(CXX) -o $@ -I.. $(CXXFLAGS) test.cc include_httplib.cc $(TEST_ARGS) + $(CXX) -o $@ $(CXXFLAGS) test.cc include_httplib.cc $(TEST_ARGS) +# Note: The intention of test_split is to verify that it works to compile and +# link the split httplib.h, so there is normally no need to execute it. test_split : test.cc ../httplib.h httplib.cc Makefile cert.pem $(CXX) -o $@ $(CXXFLAGS) test.cc httplib.cc $(TEST_ARGS) test_proxy : test_proxy.cc ../httplib.h Makefile cert.pem - $(CXX) -o $@ -I.. $(CXXFLAGS) test_proxy.cc $(TEST_ARGS) + $(CXX) -o $@ $(CXXFLAGS) test_proxy.cc $(TEST_ARGS) + +# Runs server_fuzzer.cc based on value of $(LIB_FUZZING_ENGINE). +# Usage: make fuzz_test LIB_FUZZING_ENGINE=/path/to/libFuzzer +fuzz_test: server_fuzzer + ./server_fuzzer fuzzing/corpus/* + +# Fuzz target, so that you can choose which $(LIB_FUZZING_ENGINE) to use. +server_fuzzer : fuzzing/server_fuzzer.cc ../httplib.h standalone_fuzz_target_runner.o + $(CXX) $(CXXFLAGS) -o $@ $< $(OPENSSL_SUPPORT) $(ZLIB_SUPPORT) $(BROTLI_SUPPORT) $(LIB_FUZZING_ENGINE) -pthread + +# Standalone fuzz runner, which just reads inputs from fuzzing/corpus/ dir and +# feeds it to server_fuzzer. +standalone_fuzz_target_runner.o : fuzzing/standalone_fuzz_target_runner.cpp + $(CXX) $(CXXFLAGS) -c -o $@ $< httplib.cc : ../httplib.h python3 ../split.py -o . @@ -42,4 +64,4 @@ cert.pem: #c_rehash . clean: - rm -f test test_proxy pem *.0 *.1 *.srl httplib.h httplib.cc + rm -f test test_proxy server_fuzzer pem *.0 *.o *.1 *.srl httplib.h httplib.cc diff --git a/test/Makefile.fuzz_test b/test/Makefile.fuzz_test deleted file mode 100644 index bc582ed..0000000 --- a/test/Makefile.fuzz_test +++ /dev/null @@ -1,36 +0,0 @@ - -#CXX = clang++ -CXXFLAGS += -ggdb -O0 -std=c++11 -DGTEST_USE_OWN_TR1_TUPLE -I.. -I. -Wall -Wextra -Wtype-limits -Wconversion - -OPENSSL_DIR = /usr/local/opt/openssl@1.1 -OPENSSL_SUPPORT = -DCPPHTTPLIB_OPENSSL_SUPPORT -I$(OPENSSL_DIR)/include -L$(OPENSSL_DIR)/lib -lssl -lcrypto - -ZLIB_SUPPORT = -DCPPHTTPLIB_ZLIB_SUPPORT -lz - -BROTLI_DIR = /usr/local/opt/brotli -BROTLI_SUPPORT = -DCPPHTTPLIB_BROTLI_SUPPORT -I$(BROTLI_DIR)/include -L$(BROTLI_DIR)/lib -lbrotlicommon -lbrotlienc -lbrotlidec - -# By default, use standalone_fuzz_target_runner. -# This runner does no fuzzing, but simply executes the inputs -# provided via parameters. -# Run e.g. "make all LIB_FUZZING_ENGINE=/path/to/libFuzzer.a" -# to link the fuzzer(s) against a real fuzzing engine. -# OSS-Fuzz will define its own value for LIB_FUZZING_ENGINE. -LIB_FUZZING_ENGINE ?= standalone_fuzz_target_runner.o - -# Runs server_fuzzer.cc based on value of $(LIB_FUZZING_ENGINE). -# Usage: make fuzz_test LIB_FUZZING_ENGINE=/path/to/libFuzzer -all fuzz_test: server_fuzzer - ./server_fuzzer fuzzing/corpus/* - -# Fuzz target, so that you can choose which $(LIB_FUZZING_ENGINE) to use. -server_fuzzer : fuzzing/server_fuzzer.cc ../httplib.h standalone_fuzz_target_runner.o - $(CXX) $(CXXFLAGS) -o $@ $< $(OPENSSL_SUPPORT) $(ZLIB_SUPPORT) $(BROTLI_SUPPORT) $(LIB_FUZZING_ENGINE) -pthread - -# Standalone fuzz runner, which just reads inputs from fuzzing/corpus/ dir and -# feeds it to server_fuzzer. -standalone_fuzz_target_runner.o : fuzzing/standalone_fuzz_target_runner.cpp - $(CXX) $(CXXFLAGS) -c -o $@ $< - -clean: - rm -f server_fuzzer pem *.0 *.o *.1 *.srl *.zip diff --git a/test/fuzzing/standalone_fuzz_target_runner.cpp b/test/fuzzing/standalone_fuzz_target_runner.cpp index 8e34792..733737b 100644 --- a/test/fuzzing/standalone_fuzz_target_runner.cpp +++ b/test/fuzzing/standalone_fuzz_target_runner.cpp @@ -20,16 +20,16 @@ int main(int argc, char **argv) { for (int i = 1; i < argc; i++) { std::ifstream in(argv[i]); in.seekg(0, in.end); - size_t length = in.tellg(); + size_t length = static_cast(in.tellg()); in.seekg (0, in.beg); std::cout << "Reading " << length << " bytes from " << argv[i] << std::endl; // Allocate exactly length bytes so that we reliably catch buffer overflows. std::vector bytes(length); - in.read(bytes.data(), bytes.size()); + in.read(bytes.data(), static_cast(bytes.size())); LLVMFuzzerTestOneInput(reinterpret_cast(bytes.data()), bytes.size()); std::cout << "Execution successful" << std::endl; } std::cout << "Execution finished" << std::endl; return 0; -} \ No newline at end of file +}