micro-http: validate that the content-length is valid #1977
Description
We are not validating that the content-length is valid when parsing requests via the connection module.
One problem is that Content-Length valued is defined to be an i32. Valid lengths though are > 0. This is problematic when the headers are parsed as part of the connection module because there we are using Content-Length to read from the stream.
As no other bound checks are done, this results in a Firecracker crash.
Steps to reproduce
Input:
curl --unix-socket /tmp/firecracker.sock -i \
-X GET 'http://localhost/actions' \
-H 'Accept: application/json' \
-H 'Content-Length: -1' \Output with debug builds:
2020-06-25T12:43:58.057850423 [anonymous-instance:ERROR:src/firecracker/src/main.rs:64] Firecracker panicked at 'attempt to add with overflow', src/micro_http/src/connection.rs:287:37
Aborted (core dumped)
TODO
- Content-Length type should be changed to something that does not accept negative values (i.e. we can work with u32 instead); The same needs to be applied to
- Validate the Content-Length (and all other fields are valid) before doing operations that might result in index out of bounds or overflows. For example, if content-length == 0 -> don't try to read the body.
- Add negative tests for Content-Length values.