3 # attack the test server and try to make it fall over
9 A=`which libwebsockets-test-server`
10 INSTALLED=`dirname $A`
17 if [ $? -ne 0 ] ; then
18 echo "(killed it) *******"
21 dd if=$LOG bs=1 skip=$LEN 2>/dev/null
23 if [ "$1" = "default" ] ; then
24 diff /tmp/lwscap $INSTALLED/../share/libwebsockets-test-server/test.html > /dev/null
25 if [ $? -ne 0 ] ; then
26 echo "FAIL: got something other than test.html back"
30 if [ "$1" = "defaultplusforbidden" ] ; then
31 cat $INSTALLED/../share/libwebsockets-test-server/test.html > /tmp/plusforb
32 echo -e -n "HTTP/1.1 403 Forbidden\x0d\x0acontent-type: text/html\x0d\x0acontent-length: 38\x0d\x0a\x0d\x0a<html><body><h1>403</h1></body></html>" >> /tmp/plusforb
33 diff /tmp/lwscap /tmp/plusforb > /dev/null
34 if [ $? -ne 0 ] ; then
35 echo "FAIL: got something other than test.html + forbidden back"
40 if [ "$1" = "forbidden" ] ; then
41 if [ -z "`grep '<h1>403</h1>' /tmp/lwscap`" ] ; then
42 echo "FAIL: should have told forbidden (test server has no dirs)"
47 if [ "$1" = "rejected" ] ; then
48 if [ -z "`grep '<h1>406</h1>' /tmp/lwscap`" ] ; then
49 echo "FAIL: should have told forbidden (test server has no dirs)"
55 if [ "$1" = "media" ] ; then
56 if [ -z "`grep '<h1>415</h1>' /tmp/lwscap`" ] ; then
57 echo "FAIL: should have told unknown media type"
62 if [ "$1" == "0" ] ; then
63 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep "get\ \ =" | tr -s ' ' | cut -d' ' -f4-`"
64 if [ "$a" != "$2" ] ; then
65 echo "URL path '$a' not $2"
70 if [ "$1" == "1" ] ; then
71 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 1\: | tr -s ' ' | cut -d' ' -f5-`"
72 if [ "$a" != "$2" ] ; then
73 echo "Arg 1 '$a' not $2"
78 if [ "$1" == "2" ] ; then
79 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 2\: | tr -s ' ' | cut -d' ' -f5-`"
80 if [ "$a" != "$2" ] ; then
81 echo "Arg 2 '$a' not $2"
85 if [ "$1" == "3" ] ; then
86 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 3\: | tr -s ' ' | cut -d' ' -f5-`"
87 if [ "$a" != "$2" ] ; then
88 echo "Arg 3 '$a' not $2"
100 killall libwebsockets-test-server 2>/dev/null
101 libwebsockets-test-server -d15 2>> $LOG &
104 echo "Started server on PID $CPID"
106 while [ -z "`grep ort\ 7681 $LOG`" ] ; do
112 echo "---- /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F"
114 echo -e "GET /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
115 check 1 "UPDATE_SETTINGS=1"
116 check 2 "Root_Channels_1_Channel_name_http_post=?"
117 check 3 "Root_Channels_1_Channel_location_http_post=?"
121 echo "---- ? processing (/cgi-bin/settings.js?key1=value1)"
123 echo -e "GET /cgi-bin/settings.js?key1=value1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
124 check 1 "key1=value1"
128 echo "---- ? processing (/t%3dest?key1%3d2=value1)"
130 echo -e "GET /t%3dest?key1%3d2=value1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
132 check 1 "key1_2=value1"
136 echo "---- ? processing (%2f%2e%2e%2f%2e./test.html?arg=1)"
138 echo -e "GET %2f%2e%2e%2f%2e./test.html?arg=1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
143 echo "---- ? processing (%2f%2e%2e%2f%2e./test.html?arg=/../.)"
145 echo -e "GET %2f%2e%2e%2f%2e./test.html?arg=/../. HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
150 echo "---- spam enough crap to not be GET"
151 echo "not GET" | nc $SERVER $PORT
155 echo "---- spam more than the name buffer of crap"
156 dd if=/dev/urandom bs=1 count=80 2>/dev/null | nc -i1s $SERVER $PORT
160 echo "---- spam 10MB of crap"
161 dd if=/dev/urandom bs=1 count=655360 | nc -i1s $SERVER $PORT
165 echo "---- malformed URI"
166 echo "GET nonsense................................................................................................................" \
167 | nc -i1s $SERVER $PORT
171 echo "---- missing URI"
172 echo -e "GET HTTP/1.1\x0d\x0a\x0d\x0a" | nc -i1s $SERVER $PORT >/tmp/lwscap
176 echo "---- repeated method"
177 echo -e "GET blah HTTP/1.1\x0d\x0aGET blah HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT >/tmp/lwscap
181 echo "---- crazy header name part"
182 echo -e "GET blah HTTP/1.1\x0d\x0a................................................................................................................" \
183 "......................................................................................................................." \
184 "......................................................................................................................." \
185 "......................................................................................................................." \
186 "......................................................................................................................." \
187 "......................................................................................................................." \
188 "......................................................................................................................." \
189 "......................................................................................................................." \
190 "......................................................................................................................." \
191 "......................................................................................................................." \
192 "......................................................................................................................." \
193 "......................................................................................................................." \
194 "......................................................................................................................." \
195 "......................................................................................................................." \
196 "......................................................................................................................." \
197 "......................................................................................................................." \
198 "......................................................................................................................." \
199 | nc -i1s $SERVER $PORT
203 echo "---- excessive uri content"
204 echo -e "GET ................................................................................................................" \
205 "......................................................................................................................." \
206 "......................................................................................................................." \
207 "......................................................................................................................." \
208 "......................................................................................................................." \
209 "......................................................................................................................." \
210 "......................................................................................................................." \
211 "......................................................................................................................." \
212 "......................................................................................................................." \
213 "......................................................................................................................." \
214 "......................................................................................................................." \
215 "......................................................................................................................." \
216 "......................................................................................................................." \
217 "......................................................................................................................." \
218 "......................................................................................................................." \
219 "......................................................................................................................." \
220 "......................................................................................................................." \
221 | nc -i1s $SERVER $PORT
225 echo "---- good request but http payload coming too (test.html served then forbidden)"
226 echo -e "GET /test.html HTTP/1.1\x0d\x0a\x0d\x0aILLEGAL-PAYLOAD........................................" \
227 "......................................................................................................................." \
228 "......................................................................................................................." \
229 "......................................................................................................................." \
230 "......................................................................................................................." \
231 "......................................................................................................................." \
232 "......................................................................................................................." \
233 "......................................................................................................................." \
234 "......................................................................................................................." \
235 "......................................................................................................................." \
236 "......................................................................................................................." \
237 "......................................................................................................................." \
238 "......................................................................................................................." \
239 "......................................................................................................................." \
240 "......................................................................................................................." \
241 "......................................................................................................................." \
242 | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
243 check defaultplusforbidden
247 echo "---- nonexistent file"
249 echo -e "GET /nope HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
254 echo "---- relative uri path"
256 echo -e "GET nope HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
261 echo "---- directory attack 1 (/../../../../etc/passwd should be /etc/passswd)"
263 echo -e "GET /../../../../etc/passwd HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
268 echo "---- directory attack 2 (/../ should be /)"
270 echo -e -n "GET /../ HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
275 echo "---- directory attack 3 (/./ should be /)"
277 echo -e -n "GET /./ HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
282 echo "---- directory attack 4 (/blah/.. should be /)"
284 echo -e -n "GET /blah/.. HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
289 echo "---- directory attack 5 (/blah/../ should be /)"
291 echo -e -n "GET /blah/../ HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
296 echo "---- directory attack 6 (/blah/../. should be /)"
298 echo -e -n "GET /blah/../. HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
303 echo "---- directory attack 7 (/%2e%2e%2f../../../etc/passwd should be /etc/passswd)"
305 echo -e -n "GET /%2e%2e%2f../../../etc/passwd HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
310 echo "---- directory attack 8 (%2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd should be /etc/passswd)"
312 echo -e -n "GET %2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
317 echo "---- http/1.1 pipelining"
319 wget -O/tmp/lwsdump http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html 2>&1 | grep "Downloaded: 8 files" > /tmp/lwscap
320 good=`cat $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html | md5sum | cut -d' ' -f1`
321 if [ "$good" != "`md5sum /tmp/lwsdump | cut -d' ' -f 1`" ] ; then
322 echo "FAIL: mismatched content good=$good received=`md5sum /tmp/lwsdump`"
327 echo "---- mass testing uri variations"
535 /path/to/dir/../other/dir \
538 R=`rm -f /tmp/lwscap ; echo -n -e "GET $i HTTP/1.0\r\n\r\n" | nc localhost 7681 2>/dev/null >/tmp/lwscap; head -n1 /tmp/lwscap| cut -d' ' -f2`
540 cat /tmp/lwscap | head -n1
544 if [ "$R" != "403" ]; then
545 U=`cat $LOG | grep lws_http_serve | tail -n 1 | cut -d':' -f3 | cut -d' ' -f2`
547 echo "- \"$i\" -> $R \"$U\"" >>/tmp/results
549 echo "- \"$i\" -> $R" >>/tmp/results
553 cat <<EOF >/tmp/lwsresult1
554 - "/..../" -> 406 "/..../"
555 - "/.../." -> 406 "/.../"
556 - "/...//" -> 406 "/.../"
557 - "/.../a" -> 406 "/.../a"
558 - "/.../w" -> 406 "/.../w"
559 - "/.../?" -> 406 "/.../"
561 - "/../.." -> 200 "/"
562 - "/.././" -> 200 "/"
563 - "/../.a" -> 415 "/.a"
564 - "/../.w" -> 415 "/.w"
565 - "/../.." -> 200 "/"
567 - "/..//." -> 200 "/"
568 - "/..///" -> 200 "/"
569 - "/..//a" -> 415 "/a"
570 - "/..//w" -> 415 "/w"
571 - "/..//1" -> 415 "/1"
573 - "/../a." -> 415 "/a."
574 - "/../a/" -> 406 "/a/"
575 - "/../aa" -> 415 "/aa"
576 - "/../aw" -> 415 "/aw"
577 - "/../a?" -> 415 "/a"
579 - "/../w." -> 415 "/w."
580 - "/../w/" -> 406 "/w/"
581 - "/../wa" -> 415 "/wa"
582 - "/../ww" -> 415 "/ww"
583 - "/../w?" -> 415 "/w"
585 - "/../?." -> 200 "/"
586 - "/../?/" -> 200 "/"
587 - "/../?a" -> 200 "/"
588 - "/../?w" -> 200 "/"
589 - "/../??" -> 200 "/"
597 - "/./..." -> 415 "/..."
598 - "/./../" -> 200 "/"
599 - "/./..a" -> 415 "/..a"
600 - "/./..w" -> 415 "/..w"
601 - "/./..?" -> 200 "/"
603 - "/.//.." -> 200 "/"
604 - "/.a../" -> 406 "/.a../"
605 - "/.a/.." -> 200 "/"
606 - "/.w../" -> 406 "/.w../"
607 - "/.w/.." -> 200 "/"
608 - "/.?../" -> 415 "/."
609 - "/../.." -> 200 "/"
612 - "//...." -> 415 "/...."
613 - "//.../" -> 406 "/.../"
614 - "//...a" -> 415 "/...a"
615 - "//...w" -> 415 "/...w"
616 - "//...?" -> 415 "/..."
618 - "//../." -> 200 "/"
619 - "//..//" -> 200 "/"
620 - "//../a" -> 415 "/a"
621 - "//../w" -> 415 "/w"
622 - "//../1" -> 415 "/1"
624 - "//..a." -> 415 "/..a."
625 - "//..a/" -> 406 "/..a/"
626 - "//..aa" -> 415 "/..aa"
627 - "//..aw" -> 415 "/..aw"
628 - "//..a?" -> 415 "/..a"
630 - "//..w." -> 415 "/..w."
631 - "//..w/" -> 406 "/..w/"
632 - "//..wa" -> 415 "/..wa"
633 - "//..ww" -> 415 "/..ww"
634 - "//..w?" -> 415 "/..w"
636 - "//..?." -> 200 "/"
637 - "//..?/" -> 200 "/"
638 - "//..?a" -> 415 "/a"
639 - "//..?w" -> 415 "/w"
640 - "//..??" -> 200 "/"
648 - "//./.." -> 200 "/"
649 - "///..." -> 415 "/..."
650 - "///../" -> 200 "/"
651 - "///..a" -> 415 "/..a"
652 - "///..w" -> 415 "/..w"
653 - "///..?" -> 200 "/"
655 - "////.." -> 200 "/"
656 - "//a../" -> 406 "/a../"
657 - "//a/.." -> 200 "/"
658 - "//w../" -> 406 "/w../"
659 - "//w/.." -> 200 "/"
660 - "//?../" -> 200 "/"
661 - "//?/.." -> 200 "/"
664 - "/a.../" -> 406 "/a.../"
665 - "/a../." -> 406 "/a../"
666 - "/a..//" -> 406 "/a../"
667 - "/a../a" -> 406 "/a../a"
668 - "/a../w" -> 406 "/a../w"
669 - "/a../?" -> 406 "/a../"
671 - "/a./.." -> 200 "/"
672 - "/a/..." -> 406 "/a/..."
673 - "/a/../" -> 200 "/"
674 - "/a/..a" -> 406 "/a/..a"
675 - "/a/..w" -> 406 "/a/..w"
676 - "/a/..?" -> 200 "/"
678 - "/a//.." -> 200 "/"
679 - "/aa../" -> 406 "/aa../"
680 - "/aa/.." -> 200 "/"
681 - "/aw../" -> 406 "/aw../"
682 - "/aw/.." -> 200 "/"
683 - "/a?../" -> 415 "/a"
684 - "/a?/.." -> 415 "/a"
687 - "/w.../" -> 406 "/w.../"
688 - "/w../." -> 406 "/w../"
689 - "/w..//" -> 406 "/w../"
690 - "/w../a" -> 406 "/w../a"
691 - "/w../w" -> 406 "/w../w"
692 - "/w../?" -> 406 "/w../"
694 - "/w./.." -> 200 "/"
695 - "/w/..." -> 406 "/w/..."
696 - "/w/../" -> 200 "/"
697 - "/w/..a" -> 406 "/w/..a"
698 - "/w/..w" -> 406 "/w/..w"
699 - "/w/..?" -> 200 "/"
701 - "/w//.." -> 200 "/"
702 - "/wa../" -> 406 "/wa../"
703 - "/wa/.." -> 200 "/"
704 - "/ww../" -> 406 "/ww../"
705 - "/ww/.." -> 200 "/"
706 - "/w?../" -> 415 "/w"
707 - "/w?/.." -> 415 "/w"
710 - "/?.../" -> 200 "/"
711 - "/?../." -> 200 "/"
712 - "/?..//" -> 200 "/"
713 - "/?../a" -> 200 "/"
714 - "/?../w" -> 200 "/"
715 - "/?../?" -> 200 "/"
717 - "/?./.." -> 200 "/"
718 - "/?/..." -> 200 "/"
719 - "/?/../" -> 200 "/"
720 - "/?/..a" -> 200 "/"
721 - "/?/..w" -> 200 "/"
722 - "/?/..?" -> 200 "/"
724 - "/?//.." -> 200 "/"
725 - "/?a../" -> 200 "/"
726 - "/?a/.." -> 200 "/"
727 - "/?w../" -> 200 "/"
728 - "/?w/.." -> 200 "/"
729 - "/??../" -> 200 "/"
730 - "/??/.." -> 200 "/"
756 - "/a/w/../a" -> 406 "/a/a"
757 - "/path/to/dir/../other/dir" -> 406 "/path/to/other/dir"
760 if [ "`md5sum /tmp/results | cut -d' ' -f 1`" != "`md5sum /tmp/lwsresult1 | cut -d' ' -f1`" ] ; then
761 echo "Differences..."
762 diff -urN /tmp/results /tmp/lwsresult1
770 echo "--- survived OK ---"