3 # attack the test server and try to make it fall over
9 A=`which libwebsockets-test-server`
10 INSTALLED=`dirname $A`
17 if [ $? -ne 0 ] ; then
18 echo "(killed it) *******"
21 dd if=$LOG bs=1 skip=$LEN 2>/dev/null
23 if [ "$1" = "default" ] ; then
24 diff /tmp/lwscap $INSTALLED/../share/libwebsockets-test-server/test.html > /dev/null
25 if [ $? -ne 0 ] ; then
26 echo "FAIL: got something other than test.html back"
31 if [ "$1" = "forbidden" ] ; then
32 if [ -z "`grep '<h1>403</h1>' /tmp/lwscap`" ] ; then
33 echo "FAIL: should have told forbidden (test server has no dirs)"
38 if [ "$1" = "rejected" ] ; then
39 if [ -z "`grep '<h1>406</h1>' /tmp/lwscap`" ] ; then
40 echo "FAIL: should have told forbidden (test server has no dirs)"
46 if [ "$1" = "media" ] ; then
47 if [ -z "`grep '<h1>415</h1>' /tmp/lwscap`" ] ; then
48 echo "FAIL: should have told unknown media type"
53 if [ "$1" == "1" ] ; then
54 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 1\: | tr -s ' ' | cut -d' ' -f5-`"
55 if [ "$a" != "$2" ] ; then
56 echo "Arg 1 '$a' not $2"
61 if [ "$1" == "2" ] ; then
62 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 2\: | tr -s ' ' | cut -d' ' -f5-`"
63 if [ "$a" != "$2" ] ; then
64 echo "Arg 2 '$a' not $2"
68 if [ "$1" == "3" ] ; then
69 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 3\: | tr -s ' ' | cut -d' ' -f5-`"
70 if [ "$a" != "$2" ] ; then
71 echo "Arg 3 '$a' not $2"
83 killall libwebsockets-test-server 2>/dev/null
84 libwebsockets-test-server -d15 2>> $LOG &
87 while [ -z "`grep Listening $LOG`" ] ; do
93 echo "---- /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F"
95 echo -e "GET /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
96 check 1 "UPDATE_SETTINGS=1"
97 check 2 "Root_Channels_1_Channel_name_http_post=?"
98 check 3 "Root_Channels_1_Channel_location_http_post=?"
102 echo "---- ? processing (/cgi-bin/settings.js?key1=value1)"
104 echo -e "GET /cgi-bin/settings.js?key1=value1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
105 check 1 "key1=value1"
109 echo "---- ? processing (/test?key1%3d2=value1)"
111 echo -e "GET /test?key1%3d2=value1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
112 check 1 "key1_2=value1"
116 echo "---- ? processing (%2f%2e%2e%2f%2e./test.html?arg=1)"
118 echo -e "GET %2f%2e%2e%2f%2e./test.html?arg=1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
123 echo "---- ? processing (%2f%2e%2e%2f%2e./test.html?arg=/../.)"
125 echo -e "GET %2f%2e%2e%2f%2e./test.html?arg=/../. HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
130 echo "---- spam enough crap to not be GET"
131 echo "not GET" | nc $SERVER $PORT
135 echo "---- spam more than the name buffer of crap"
136 dd if=/dev/urandom bs=1 count=80 2>/dev/null | nc -i1s $SERVER $PORT
140 echo "---- spam 10MB of crap"
141 dd if=/dev/urandom bs=1 count=655360 | nc -i1s $SERVER $PORT
145 echo "---- malformed URI"
146 echo "GET nonsense................................................................................................................" \
147 | nc -i1s $SERVER $PORT
151 echo "---- missing URI"
152 echo -e "GET HTTP/1.1\x0d\x0a\x0d\x0a" | nc -i1s $SERVER $PORT >/tmp/lwscap
156 echo "---- repeated method"
157 echo -e "GET blah HTTP/1.1\x0d\x0aGET blah HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT >/tmp/lwscap
161 echo "---- crazy header name part"
162 echo -e "GET blah HTTP/1.1\x0d\x0a................................................................................................................" \
163 "......................................................................................................................." \
164 "......................................................................................................................." \
165 "......................................................................................................................." \
166 "......................................................................................................................." \
167 "......................................................................................................................." \
168 "......................................................................................................................." \
169 "......................................................................................................................." \
170 "......................................................................................................................." \
171 "......................................................................................................................." \
172 "......................................................................................................................." \
173 "......................................................................................................................." \
174 "......................................................................................................................." \
175 "......................................................................................................................." \
176 "......................................................................................................................." \
177 "......................................................................................................................." \
178 "......................................................................................................................." \
179 | nc -i1s $SERVER $PORT
183 echo "---- excessive uri content"
184 echo -e "GET ................................................................................................................" \
185 "......................................................................................................................." \
186 "......................................................................................................................." \
187 "......................................................................................................................." \
188 "......................................................................................................................." \
189 "......................................................................................................................." \
190 "......................................................................................................................." \
191 "......................................................................................................................." \
192 "......................................................................................................................." \
193 "......................................................................................................................." \
194 "......................................................................................................................." \
195 "......................................................................................................................." \
196 "......................................................................................................................." \
197 "......................................................................................................................." \
198 "......................................................................................................................." \
199 "......................................................................................................................." \
200 "......................................................................................................................." \
201 | nc -i1s $SERVER $PORT
205 echo "---- good request but http payload coming too (should be ignored and test.html served)"
206 echo -e "GET /test.html HTTP/1.1\x0d\x0a\x0d\x0aILLEGAL-PAYLOAD........................................" \
207 "......................................................................................................................." \
208 "......................................................................................................................." \
209 "......................................................................................................................." \
210 "......................................................................................................................." \
211 "......................................................................................................................." \
212 "......................................................................................................................." \
213 "......................................................................................................................." \
214 "......................................................................................................................." \
215 "......................................................................................................................." \
216 "......................................................................................................................." \
217 "......................................................................................................................." \
218 "......................................................................................................................." \
219 "......................................................................................................................." \
220 "......................................................................................................................." \
221 "......................................................................................................................." \
222 | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
227 echo "---- nonexistant file"
229 echo -e "GET /nope HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
234 echo "---- relative uri path"
236 echo -e "GET nope HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
241 echo "---- directory attack 1 (/../../../../etc/passwd should be /etc/passswd)"
243 echo -e "GET /../../../../etc/passwd HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
248 echo "---- directory attack 2 (/../ should be /)"
250 echo -e "GET /../ HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
255 echo "---- directory attack 3 (/./ should be /)"
257 echo -e "GET /./ HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
262 echo "---- directory attack 4 (/blah/.. should be /)"
264 echo -e "GET /blah/.. HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
269 echo "---- directory attack 5 (/blah/../ should be /)"
271 echo -e "GET /blah/../ HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
276 echo "---- directory attack 6 (/blah/../. should be /)"
278 echo -e "GET /blah/../. HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
283 echo "---- directory attack 7 (/%2e%2e%2f../../../etc/passwd should be /etc/passswd)"
285 echo -e "GET /%2e%2e%2f../../../etc/passwd HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
290 echo "---- directory attack 8 (%2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd should be /etc/passswd)"
292 echo -e "GET %2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
297 echo "---- http/1.1 pipelining"
299 wget -O/tmp/lwsdump http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html 2>&1 | grep "Downloaded: 8 files" > /tmp/lwscap
300 good=`cat $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html | md5sum | cut -d' ' -f1`
301 if [ "$good" != "`md5sum /tmp/lwsdump | cut -d' ' -f 1`" ] ; then
302 echo "FAIL: mismatched content good=$good received=`md5sum /tmp/lwsdump`"
307 echo "---- mass testing uri variations"
515 /path/to/dir/../other/dir \
518 R=`rm -f /tmp/lwscap ; echo -n -e "GET $i HTTP/1.0\r\n\r\n" | nc localhost 7681 2>/dev/null >/tmp/lwscap; head -n1 /tmp/lwscap| cut -d' ' -f2`
520 cat /tmp/lwscap | head -n1
524 if [ "$R" != "403" ]; then
525 U=`cat $LOG | grep lws_http_serve | tail -n 1 | cut -d':' -f3 | cut -d' ' -f2`
527 echo "- \"$i\" -> $R \"$U\"" >>/tmp/results
529 echo "- \"$i\" -> $R" >>/tmp/results
533 cat <<EOF >/tmp/lwsresult1
534 - "/..../" -> 406 "/..../"
535 - "/.../." -> 406 "/.../"
536 - "/...//" -> 406 "/.../"
537 - "/.../a" -> 406 "/.../a"
538 - "/.../w" -> 406 "/.../w"
539 - "/.../?" -> 406 "/.../"
541 - "/../.." -> 200 "/"
542 - "/.././" -> 200 "/"
543 - "/../.a" -> 415 "/.a"
544 - "/../.w" -> 415 "/.w"
545 - "/../.." -> 200 "/"
547 - "/..//." -> 200 "/"
548 - "/..///" -> 200 "/"
549 - "/..//a" -> 415 "/a"
550 - "/..//w" -> 415 "/w"
551 - "/..//?" -> 200 "/"
553 - "/../a." -> 415 "/a."
554 - "/../a/" -> 406 "/a/"
555 - "/../aa" -> 415 "/aa"
556 - "/../aw" -> 415 "/aw"
557 - "/../a?" -> 415 "/a"
559 - "/../w." -> 415 "/w."
560 - "/../w/" -> 406 "/w/"
561 - "/../wa" -> 415 "/wa"
562 - "/../ww" -> 415 "/ww"
563 - "/../w?" -> 415 "/w"
565 - "/../?." -> 200 "/"
566 - "/../?/" -> 200 "/"
567 - "/../?a" -> 200 "/"
568 - "/../?w" -> 200 "/"
569 - "/../??" -> 200 "/"
577 - "/./..." -> 415 "/..."
578 - "/./../" -> 200 "/"
579 - "/./..a" -> 415 "/..a"
580 - "/./..w" -> 415 "/..w"
581 - "/./..?" -> 200 "/"
583 - "/.//.." -> 200 "/"
584 - "/.a../" -> 406 "/.a../"
585 - "/.a/.." -> 200 "/"
586 - "/.w../" -> 406 "/.w../"
587 - "/.w/.." -> 200 "/"
588 - "/.?../" -> 415 "/."
589 - "/../.." -> 200 "/"
592 - "//...." -> 415 "/...."
593 - "//.../" -> 406 "/.../"
594 - "//...a" -> 415 "/...a"
595 - "//...w" -> 415 "/...w"
596 - "//...?" -> 415 "/..."
598 - "//../." -> 200 "/"
599 - "//..//" -> 200 "/"
600 - "//../a" -> 415 "/a"
601 - "//../w" -> 415 "/w"
602 - "//../?" -> 200 "/"
604 - "//..a." -> 415 "/..a."
605 - "//..a/" -> 406 "/..a/"
606 - "//..aa" -> 415 "/..aa"
607 - "//..aw" -> 415 "/..aw"
608 - "//..a?" -> 415 "/..a"
610 - "//..w." -> 415 "/..w."
611 - "//..w/" -> 406 "/..w/"
612 - "//..wa" -> 415 "/..wa"
613 - "//..ww" -> 415 "/..ww"
614 - "//..w?" -> 415 "/..w"
616 - "//..?." -> 200 "/"
617 - "//..?/" -> 200 "/"
618 - "//..?a" -> 415 "/a"
619 - "//..?w" -> 415 "/w"
620 - "//..??" -> 200 "/"
628 - "//./.." -> 200 "/"
629 - "///..." -> 415 "/..."
630 - "///../" -> 200 "/"
631 - "///..a" -> 415 "/..a"
632 - "///..w" -> 415 "/..w"
633 - "///..?" -> 200 "/"
635 - "////.." -> 200 "/"
636 - "//a../" -> 406 "/a../"
637 - "//a/.." -> 200 "/"
638 - "//w../" -> 406 "/w../"
639 - "//w/.." -> 200 "/"
640 - "//?../" -> 200 "/"
641 - "//?/.." -> 200 "/"
644 - "/a.../" -> 406 "/a.../"
645 - "/a../." -> 406 "/a../"
646 - "/a..//" -> 406 "/a../"
647 - "/a../a" -> 406 "/a../a"
648 - "/a../w" -> 406 "/a../w"
649 - "/a../?" -> 406 "/a../"
651 - "/a./.." -> 200 "/"
652 - "/a/..." -> 406 "/a/..."
653 - "/a/../" -> 200 "/"
654 - "/a/..a" -> 406 "/a/..a"
655 - "/a/..w" -> 406 "/a/..w"
656 - "/a/..?" -> 200 "/"
658 - "/a//.." -> 200 "/"
659 - "/aa../" -> 406 "/aa../"
660 - "/aa/.." -> 200 "/"
661 - "/aw../" -> 406 "/aw../"
662 - "/aw/.." -> 200 "/"
663 - "/a?../" -> 415 "/a"
664 - "/a?/.." -> 415 "/a"
667 - "/w.../" -> 406 "/w.../"
668 - "/w../." -> 406 "/w../"
669 - "/w..//" -> 406 "/w../"
670 - "/w../a" -> 406 "/w../a"
671 - "/w../w" -> 406 "/w../w"
672 - "/w../?" -> 406 "/w../"
674 - "/w./.." -> 200 "/"
675 - "/w/..." -> 406 "/w/..."
676 - "/w/../" -> 200 "/"
677 - "/w/..a" -> 406 "/w/..a"
678 - "/w/..w" -> 406 "/w/..w"
679 - "/w/..?" -> 200 "/"
681 - "/w//.." -> 200 "/"
682 - "/wa../" -> 406 "/wa../"
683 - "/wa/.." -> 200 "/"
684 - "/ww../" -> 406 "/ww../"
685 - "/ww/.." -> 200 "/"
686 - "/w?../" -> 415 "/w"
687 - "/w?/.." -> 415 "/w"
690 - "/?.../" -> 200 "/"
691 - "/?../." -> 200 "/"
692 - "/?..//" -> 200 "/"
693 - "/?../a" -> 200 "/"
694 - "/?../w" -> 200 "/"
695 - "/?../?" -> 200 "/"
697 - "/?./.." -> 200 "/"
698 - "/?/..." -> 200 "/"
699 - "/?/../" -> 200 "/"
700 - "/?/..a" -> 200 "/"
701 - "/?/..w" -> 200 "/"
702 - "/?/..?" -> 200 "/"
704 - "/?//.." -> 200 "/"
705 - "/?a../" -> 200 "/"
706 - "/?a/.." -> 200 "/"
707 - "/?w../" -> 200 "/"
708 - "/?w/.." -> 200 "/"
709 - "/??../" -> 200 "/"
710 - "/??/.." -> 200 "/"
736 - "/a/w/../a" -> 406 "/a/a"
737 - "/path/to/dir/../other/dir" -> 406 "/path/to/other/dir"
740 if [ "`md5sum /tmp/results | cut -d' ' -f 1`" != "`md5sum /tmp/lwsresult1 | cut -d' ' -f1`" ] ; then
741 echo "Differences..."
742 diff -urN /tmp/results /tmp/lwsresult1
750 echo "--- survived OK ---"