Test (and improve) error checking for key manipulation.

a6c993dc · Geoff Simmons · 16806d35 · a6c993dc · a6c993dc
Commit a6c993dc authored Sep 16, 2019 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 100 additions and 6 deletions

keys.vtc src/tests/keys.vtc +91 -0

vmod_ece.c src/vmod_ece.c +9 -6

No files found.
--- a/src/tests/keys.vtc
+++ b/src/tests/keys.vtc
@@ -53,6 +53,7 @@ logexpect l1 -v v1 -d 1 -g vxid -q "FetchError" {

 varnish v1 -vcl {
 	import ${vmod_ece};
+	import blob;
 	backend b { .host="${bad_ip}"; }

 	sub vcl_recv {
@@ -68,6 +69,41 @@ varnish v1 -vcl {
 1234567890123456789012345678901234567890123456789012345678901234567890
 1234567890123456789012345678901234567890123456789012345678901234567890
 1234567890123456789012345678901234567890123456789012345678901234567890
+"});
+		}
+		elsif (req.url == "/set/nullblob") {
+			ece.set_key("key", blob.decode(HEX,
+						encoded="bad blob"));
+		}
+		elsif (req.url == "/set/nullid") {
+			ece.set_key(req.http.No-Such-Header, blob.decode(HEX,
+							encoded="f00"));
+		}
+		elsif (req.url == "/set/shortkey") {
+			ece.set_key("key", blob.decode(HEX,
+							encoded="f00"));
+		}
+		elsif (req.url == "/set/toolong") {
+			ece.set_key({"
+1234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890
+"},
+				blob.decode(BASE64,
+				    encoded="p9nkGVDE5eU0uEZWmwXO3A=="));
+		}
+		elsif (req.url == "/exists/null") {
+			if (ece.key_exists(req.http.No-Such-Header)) {
+				set req.http.Dont-Set-Me = "doesn't get set";
+			}
+		}
+		elsif (req.url == "/exists/toolong") {
+			set req.http.Exists = ece.key_exists({"
+1234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890
 "});
 		}
 	}
@@ -85,6 +121,26 @@ logexpect l1 -v v1 -d 0 -g vxid -q "VCL_Error" {
 	expect 0 * Begin	req
 	expect * = VCL_Error	{(?s)^key id .+ too long \(length \d+ > 255\)$}
 	expect * = End
+
+	expect 0 * Begin	req
+	expect * = VCL_Error	{^vmod blob error}
+	expect * = End
+
+	expect 0 * Begin	req
+	expect * = VCL_Error	{^key id is NULL$}
+	expect * = End
+
+	expect 0 * Begin	req
+	expect * = VCL_Error	{^illegal key length \d+ \(must be 16\)$}
+	expect * = End
+
+	expect 0 * Begin	req
+	expect * = VCL_Error	{^key id is NULL$}
+	expect * = End
+
+	expect 0 * Begin	req
+	expect * = VCL_Error	{(?s)^key id .+ too long \(length \d+ > 255\)$}
+	expect * = End
 } -start

 client c1 {
@@ -108,4 +164,39 @@ client c1 {
 	expect resp.reason == "VCL failed"
 } -run

+client c1 {
+	txreq -url /set/nullblob
+	rxresp
+	expect resp.status == 503
+	expect resp.reason == "VCL failed"
+} -run
+
+client c1 {
+	txreq -url /set/nullid
+	rxresp
+	expect resp.status == 503
+	expect resp.reason == "VCL failed"
+} -run
+
+client c1 {
+	txreq -url /set/shortkey
+	rxresp
+	expect resp.status == 503
+	expect resp.reason == "VCL failed"
+} -run
+
+client c1 {
+	txreq -url /exists/null
+	rxresp
+	expect resp.status == 503
+	expect resp.reason == "VCL failed"
+} -run
+
+client c1 {
+	txreq -url /exists/toolong
+	rxresp
+	expect resp.status == 503
+	expect resp.reason == "VCL failed"
+} -run
+
 logexpect l1 -wait
--- a/src/vmod_ece.c
+++ b/src/vmod_ece.c
@@ -80,10 +80,12 @@ vmod_set_key(VRT_CTX, VCL_STRING id, VCL_BLOB key)
 	size_t len;

 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
-	AN(id);
-	AN(key);

-	if (key->blob == NULL) {
+	if (id == NULL) {
+		VRT_fail(ctx, "key id is NULL");
+		return;
+	}
+	if (key == NULL || key->blob == NULL) {
 		VRT_fail(ctx, "key contents are empty");
 		return;
 	}
@@ -93,7 +95,8 @@ vmod_set_key(VRT_CTX, VCL_STRING id, VCL_BLOB key)
 	}
 	len = strlen(id);
 	if (len > 255) {
-		VRT_fail(ctx, "id too long (length %zu > 255)", len);
+		VRT_fail(ctx, "key id \"%.80s...\" too long (length %zu > 255)",
+			 id, len);
 		return;
 	}

@@ -136,8 +139,8 @@ vmod_key_exists(VRT_CTX, VCL_STRING id)
 	}
 	len = strlen(id);
 	if (len > 255) {
-		VRT_fail(ctx, "key id \"%s\" too long (length %zu > 255)", id,
-			 len);
+		VRT_fail(ctx, "key id \"%.80s...\" too long (length %zu > 255)",
+			 id, len);
 		return (0);
 	}