letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Handle unprintable characters in HTTP responses. (#4312) 

Fixes #4244.
This commit is contained in:
Jacob Hoffman-Andrews 2019-07-02 10:42:55 -07:00 committed by Daniel McCarney
parent c7344170df
commit c8dbbf005d
3 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
va/http.go
View File

@ -634,7 +634,7 @@ func (va *ValidationAuthorityImpl) validateHTTP01(ctx context.Context, ident ide
payload := strings.TrimRight(string(body), whitespaceCutset) payload := strings.TrimRight(string(body), whitespaceCutset)
if payload != challenge.ProvidedKeyAuthorization { if payload != challenge.ProvidedKeyAuthorization {
problem := probs.Unauthorized("The key authorization file from the server did not match this challenge [%v] != [%v]", problem := probs.Unauthorized("The key authorization file from the server did not match this challenge %q != %q",
challenge.ProvidedKeyAuthorization, payload) challenge.ProvidedKeyAuthorization, payload)
va.log.Infof("%s for %s", problem.Detail, ident) va.log.Infof("%s for %s", problem.Detail, ident)
return validationRecords, problem return validationRecords, problem

23
va/http_test.go
View File

@ -1002,6 +1002,29 @@ func TestHTTPBadPort(t *testing.T) {
} }
} }
func TestHTTPKeyAuthorizationFileMismatch(t *testing.T) {
chall := core.HTTPChallenge01("")
setChallengeToken(&chall, expectedToken)
m := http.NewServeMux()
hs := httptest.NewUnstartedServer(m)
m.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("\xef\xffAABBCC"))
})
hs.Start()
va, _ := setup(hs, 0, "", nil)
_, prob := va.validateHTTP01(ctx, dnsi("localhost.com"), chall)
if prob == nil {
t.Fatalf("Expected validation to fail when file mismatched.")
}
expected := `The key authorization file from the server did not match this challenge "LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0.9jg46WB3rR_AHD-EBXdN7cBkH1WOu0tA3M9fm21mqTI" != "\xef\xffAABBCC"`
if prob.Detail != expected {
t.Errorf("validation failed with %s, expected %s", prob.Detail, expected)
}
}
func TestHTTP(t *testing.T) { func TestHTTP(t *testing.T) {
chall := core.HTTPChallenge01("") chall := core.HTTPChallenge01("")
setChallengeToken(&chall, expectedToken) setChallengeToken(&chall, expectedToken)

2
va/va_test.go
View File

@ -325,7 +325,7 @@ func TestMultiVA(t *testing.T) {
} }
unauthorized := probs.Unauthorized( unauthorized := probs.Unauthorized(
"The key authorization file from the server did not match this challenge [%s] != [???]", `The key authorization file from the server did not match this challenge %q != "???"`,
expectedKeyAuthorization) expectedKeyAuthorization)
internalErr := probs.ServerInternal("Remote PerformValidation RPC failed") internalErr := probs.ServerInternal("Remote PerformValidation RPC failed")