aboutsummaryrefslogtreecommitdiffhomepage
path: root/caddyconfig
diff options
context:
space:
mode:
authorFrancis Lavoie <[email protected]>2024-02-11 13:30:14 -0500
committerGitHub <[email protected]>2024-02-11 13:30:14 -0500
commite7a534d0a311d9fa75b5981879c755281c4c9fba (patch)
treee446468d2c0e9ae52a54a38869563a97fcc00adf /caddyconfig
parentc78ebb3d6ad796d8e2f67f46b9cda72b7472c2e4 (diff)
downloadcaddy-e7a534d0a311d9fa75b5981879c755281c4c9fba.tar.gz
caddy-e7a534d0a311d9fa75b5981879c755281c4c9fba.zip
caddyfile: Reject long heredoc markers (#6098)
Co-authored-by: Mohammed Al Sahaf <[email protected]>
Diffstat (limited to 'caddyconfig')
-rw-r--r--caddyconfig/caddyfile/formatter.go5
-rw-r--r--caddyconfig/caddyfile/formatter_test.go45
-rw-r--r--caddyconfig/caddyfile/lexer.go4
-rw-r--r--caddyconfig/caddyfile/testdata/clusterfuzz-testcase-minimized-fuzz-format-5806400649363456bin0 -> 139348 bytes
4 files changed, 42 insertions, 12 deletions
diff --git a/caddyconfig/caddyfile/formatter.go b/caddyconfig/caddyfile/formatter.go
index 764f79118..423de542a 100644
--- a/caddyconfig/caddyfile/formatter.go
+++ b/caddyconfig/caddyfile/formatter.go
@@ -16,6 +16,7 @@ package caddyfile
import (
"bytes"
+ "fmt"
"io"
"unicode"
@@ -118,6 +119,10 @@ func Format(input []byte) []byte {
heredoc = heredocClosed
} else {
heredocMarker = append(heredocMarker, ch)
+ if len(heredocMarker) > 32 {
+ errorString := fmt.Sprintf("heredoc marker too long: <<%s", string(heredocMarker))
+ panic(errorString)
+ }
write(ch)
continue
}
diff --git a/caddyconfig/caddyfile/formatter_test.go b/caddyconfig/caddyfile/formatter_test.go
index 6eec822fe..5ea29c335 100644
--- a/caddyconfig/caddyfile/formatter_test.go
+++ b/caddyconfig/caddyfile/formatter_test.go
@@ -15,6 +15,8 @@
package caddyfile
import (
+ "fmt"
+ "os"
"strings"
"testing"
)
@@ -24,6 +26,7 @@ func TestFormatter(t *testing.T) {
description string
input string
expect string
+ panics bool
}{
{
description: "very simple",
@@ -434,18 +437,36 @@ block2 {
}
`,
},
+ {
+ description: "very long heredoc from fuzzer",
+ input: func() string {
+ bs, _ := os.ReadFile("testdata/clusterfuzz-testcase-minimized-fuzz-format-5806400649363456")
+ return string(bs)
+ }(),
+ panics: true,
+ },
} {
- // the formatter should output a trailing newline,
- // even if the tests aren't written to expect that
- if !strings.HasSuffix(tc.expect, "\n") {
- tc.expect += "\n"
- }
-
- actual := Format([]byte(tc.input))
-
- if string(actual) != tc.expect {
- t.Errorf("\n[TEST %d: %s]\n====== EXPECTED ======\n%s\n====== ACTUAL ======\n%s^^^^^^^^^^^^^^^^^^^^^",
- i, tc.description, string(tc.expect), string(actual))
- }
+ t.Run(fmt.Sprintf("test case %d: %s", i, tc.description), func(t *testing.T) {
+ if tc.panics {
+ defer func() {
+ if r := recover(); r == nil {
+ t.Errorf("[TEST %d: %s] Expected panic, but got none", i, tc.description)
+ }
+ }()
+ }
+
+ // the formatter should output a trailing newline,
+ // even if the tests aren't written to expect that
+ if !strings.HasSuffix(tc.expect, "\n") {
+ tc.expect += "\n"
+ }
+
+ actual := Format([]byte(tc.input))
+
+ if !tc.panics && string(actual) != tc.expect {
+ t.Errorf("\n[TEST %d: %s]\n====== EXPECTED ======\n%s\n====== ACTUAL ======\n%s^^^^^^^^^^^^^^^^^^^^^",
+ i, tc.description, string(tc.expect), string(actual))
+ }
+ })
}
}
diff --git a/caddyconfig/caddyfile/lexer.go b/caddyconfig/caddyfile/lexer.go
index 4db63749b..a59f0fc46 100644
--- a/caddyconfig/caddyfile/lexer.go
+++ b/caddyconfig/caddyfile/lexer.go
@@ -149,6 +149,10 @@ func (l *lexer) next() (bool, error) {
continue
}
+ if len(val) > 32 {
+ return false, fmt.Errorf("heredoc marker too long on line #%d: %s", l.line, string(val))
+ }
+
// after hitting a newline, we know that the heredoc marker
// is the characters after the two << and the newline.
// we reset the val because the heredoc is syntax we don't
diff --git a/caddyconfig/caddyfile/testdata/clusterfuzz-testcase-minimized-fuzz-format-5806400649363456 b/caddyconfig/caddyfile/testdata/clusterfuzz-testcase-minimized-fuzz-format-5806400649363456
new file mode 100644
index 000000000..94b70919c
--- /dev/null
+++ b/caddyconfig/caddyfile/testdata/clusterfuzz-testcase-minimized-fuzz-format-5806400649363456
Binary files differ