From cde66cd58470cd68a76a9d8b1022a45e99a5cd8d Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Sun, 3 Mar 2013 22:03:27 +1300
Subject: [PATCH] Fuzzing, and fixes for errors found with fuzzing.

---
 libmproxy/proxy.py    |  3 ++-
 test/fuzzing/go_proxy | 15 +++++++++++++--
 test/test_dump.py     | 11 +++++------
 test/test_fuzzing.py  | 12 ++++++++++++
 test/test_server.py   |  2 +-
 5 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py
index 75e195ea6..7459fadfc 100644
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@@ -237,6 +237,8 @@ class ProxyHandler(tcp.BaseHandler):
                                 continue
                             else:
                                 raise
+                        except http.HttpError, v:
+                            raise ProxyError(502, "Invalid server response.")
                         else:
                             break
 
@@ -278,7 +280,6 @@ class ProxyHandler(tcp.BaseHandler):
                 )
             else:
                 self.log(cc, cc.error)
-
             if isinstance(e, ProxyError):
                 self.send_error(e.code, e.msg, e.headers)
         else:
diff --git a/test/fuzzing/go_proxy b/test/fuzzing/go_proxy
index 5960d081e..505880492 100755
--- a/test/fuzzing/go_proxy
+++ b/test/fuzzing/go_proxy
@@ -3,7 +3,18 @@
 #   mitmproxy/mitmdump is running on port 8080 in straight proxy mode.
 #   pathod is running on port 9999
 
-BASE="/Users/aldo/git/public/pathod/venv/bin/pathoc -eo -I 200,400,405,502 -p 8080 localhost "
-$BASE -n 10000 "get:'http://localhost:9999':ir,@1"
+BASE_HTTP="/Users/aldo/git/public/pathod/pathoc -Tt 1 -eo -I 200,400,405,502 -p 8080 localhost "
+#$BASE_HTTP -n 10000 "get:'http://localhost:9999':ir,@1"
+#$BASE_HTTP -n 100 "get:'http://localhost:9999':dr"
+#$BASE_HTTP -n 10000 "get:'http://localhost:9999/p/200:ir,@300.0
 
 
+# Assuming:
+#   mitmproxy/mitmdump is running on port 8080 in straight proxy mode.
+#   pathod with SSL enabled is running on port 9999
+
+BASE_HTTPS="/Users/aldo/git/public/pathod/pathoc -sc localhost:9999 -Tt 1 -eo -I 200,400,404,405,502,800 -p 8080 localhost "
+$BASE_HTTPS -en 10000 "get:/p/200:ir,@1"
+#$BASE_HTTP -n 100 "get:/p/'200:dr'"
+#$BASE_HTTPS -n 10000 "get:'/p/200:ir,@3000'"
+#$BASE_HTTPS -n 10000 "get:'/p/200:ir,\"\ \n \"'"
diff --git a/test/test_dump.py b/test/test_dump.py
index 1b434f81b..7992f78ee 100644
--- a/test/test_dump.py
+++ b/test/test_dump.py
@@ -1,6 +1,5 @@
 import os
 from cStringIO import StringIO
-import libpry
 from libmproxy import dump, flow, proxy
 import tutils
 import mock
@@ -65,7 +64,7 @@ class TestDumpMaster:
         cs = StringIO()
 
         o = dump.Options(server_replay="nonexistent", kill=True)
-        libpry.raises(dump.DumpError, dump.DumpMaster, None, o, None, outfile=cs)
+        tutils.raises(dump.DumpError, dump.DumpMaster, None, o, None, outfile=cs)
 
         with tutils.tmpdir() as t:
             p = os.path.join(t, "rep")
@@ -90,7 +89,7 @@ class TestDumpMaster:
             self._flowfile(p)
             assert "GET" in self._dummy_cycle(0, None, "", verbosity=1, rfile=p)
 
-            libpry.raises(
+            tutils.raises(
                 dump.DumpError, self._dummy_cycle,
                 0, None, "", verbosity=1, rfile="/nonexistent"
             )
@@ -130,7 +129,7 @@ class TestDumpMaster:
             assert len(list(flow.FlowReader(open(p)).stream())) == 1
 
     def test_write_err(self):
-        libpry.raises(
+        tutils.raises(
             dump.DumpError,
             self._dummy_cycle,
             1,
@@ -148,11 +147,11 @@ class TestDumpMaster:
         assert "XREQUEST" in ret
         assert "XRESPONSE" in ret
         assert "XCLIENTDISCONNECT" in ret
-        libpry.raises(
+        tutils.raises(
             dump.DumpError,
             self._dummy_cycle, 1, None, "", script="nonexistent"
         )
-        libpry.raises(
+        tutils.raises(
             dump.DumpError,
             self._dummy_cycle, 1, None, "", script="starterr.py"
         )
diff --git a/test/test_fuzzing.py b/test/test_fuzzing.py
index 857a2b102..ba7b751c0 100644
--- a/test/test_fuzzing.py
+++ b/test/test_fuzzing.py
@@ -25,3 +25,15 @@ class TestFuzzy(tservers.HTTPProxTest):
         req = 'get:"http://localhost:%s":i13,"["'
         p = self.pathoc()
         assert p.request(req%self.server.port).status_code == 400
+
+    def test_invalid_upstream(self):
+        req = r"get:'http://localhost:%s/p/200:i10,\'+\''"
+        p = self.pathoc()
+        assert p.request(req%self.server.port).status_code == 502
+
+    def test_upstream_disconnect(self):
+        req = r'200:d0:h"Date"="Sun, 03 Mar 2013 04:00:00 GMT"'
+        p = self.pathod(req)
+        assert p.status_code == 400
+
+
diff --git a/test/test_server.py b/test/test_server.py
index cc1fa8ce9..f12fbceec 100644
--- a/test/test_server.py
+++ b/test/test_server.py
@@ -185,7 +185,7 @@ class TestHTTPSNoUpstream(tservers.HTTPProxTest, CommonMixin):
     no_upstream_cert = True
     def test_cert_gen_error(self):
         f = self.pathoc_raw()
-        f.connect((u"\u2102\u0001".encode("utf8"), 0))
+        f.connect((u"foo..bar".encode("utf8"), 0))
         f.request("get:/")
         assert "dummy cert" in "".join(self.proxy.log)