From a124b1ecebaab56435d1125e96ae5c50173f7e29 Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Thu, 16 Sep 2021 11:55:37 +0200 Subject: [PATCH 1/2] improve h2 fuzzing setup --- mitmproxy/proxy/layers/http/_http2.py | 5 ++++- test/mitmproxy/proxy/layers/http/test_http_fuzz.py | 13 +++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/mitmproxy/proxy/layers/http/_http2.py b/mitmproxy/proxy/layers/http/_http2.py index b33f4baf0..8e477c34f 100644 --- a/mitmproxy/proxy/layers/http/_http2.py +++ b/mitmproxy/proxy/layers/http/_http2.py @@ -32,6 +32,9 @@ class StreamState(Enum): HEADERS_RECEIVED = 2 +CATCH_HYPER_H2_ERRORS = (ValueError, IndexError) + + class Http2Connection(HttpConnection): h2_conf: ClassVar[h2.config.H2Configuration] h2_conf_defaults = dict( @@ -139,7 +142,7 @@ class Http2Connection(HttpConnection): try: try: events = self.h2_conn.receive_data(event.data) - except (ValueError, IndexError) as e: # pragma: no cover + except CATCH_HYPER_H2_ERRORS as e: # pragma: no cover # this should never raise a ValueError, but we triggered one while fuzzing: # https://github.com/python-hyper/hyper-h2/issues/1231 # this stays here as defense-in-depth. diff --git a/test/mitmproxy/proxy/layers/http/test_http_fuzz.py b/test/mitmproxy/proxy/layers/http/test_http_fuzz.py index 05a9a6526..9ca689407 100644 --- a/test/mitmproxy/proxy/layers/http/test_http_fuzz.py +++ b/test/mitmproxy/proxy/layers/http/test_http_fuzz.py @@ -19,10 +19,22 @@ from test.mitmproxy.proxy.layers.http.hyper_h2_test_helpers import FrameFactory from test.mitmproxy.proxy.layers.http.test_http2 import make_h2, example_response_headers, example_request_headers, \ start_h2_client from test.mitmproxy.proxy.tutils import Placeholder, Playbook, reply, _TracebackInPlaybook, _eq +from mitmproxy.proxy.layers.http import _http2 opts = options.Options() Proxyserver().load(opts) + +@pytest.fixture(scope="module", autouse=True) +def disable_h2_error_catching(): + errs = _http2.CATCH_HYPER_H2_ERRORS + _http2.CATCH_HYPER_H2_ERRORS = () + try: + yield None + finally: + _http2.CATCH_HYPER_H2_ERRORS = errs + + request_lines = sampled_from([ b"GET / HTTP/1.1", b"GET http://example.com/ HTTP/1.1", @@ -269,6 +281,7 @@ def _h2_response(chunks): @example([b'\x00\x00\x00\x01\x04\x00\x00\x00\x01']) @example([b'\x00\x00\x07\x05\x04\x00\x00\x00\x01\x00\x00\x00\x02\x84\x86\x82']) @example([b'\x00\x00\x06\x014\x00\x01\x00\x00\x00\x00\x01@\x80\x81c\x86\x82']) +@example([b'\x00\x00\x06\x01\x04\x00\x00\x00\x01@\x80\x81c\x86\x82']) def test_fuzz_h2_response_chunks(chunks): _h2_response(chunks) From 9e8b96a5ccdcbf1ef4f66d4527611f01f2329cc7 Mon Sep 17 00:00:00 2001 From: Thomas Kriechbaumer Date: Tue, 5 Oct 2021 20:56:23 +0200 Subject: [PATCH 2/2] bump h2 to v4.1 for fixes --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 42309113e..dd84f0feb 100644 --- a/setup.py +++ b/setup.py @@ -75,7 +75,7 @@ setup( "cryptography>=3.3,<3.5", "flask>=1.1.1,<2.1", "h11>=0.11,<0.13", - "h2>=4.0,<5", + "h2>=4.1,<5", "hyperframe>=6.0,<7", "kaitaistruct>=0.7,<0.10", "ldap3>=2.8,<2.10",