CI Update (awslabs#135)

* Quote TO_CMAKE_PATH args

* Add build config file

* Disable magic number check

* Fix fuzz-found error involving pad length longer than payload length

* Fix fuzz-found issue with resizing empty dynamic table

Author: ColdenCullen

.clang-tidy

@@ -1,5 +1,5 @@
 ---
-Checks:          'clang-diagnostic-*,clang-analyzer-*,readability-*,modernize-*,bugprone-*,misc-*,google-runtime-int,fuchsia-restrict-system-includes,-clang-analyzer-valist.Uninitialized,-clang-analyzer-security.insecureAPI.rand,-clang-analyzer-alpha.*,-readability-else-after-return,-misc-unused-parameters'
+Checks:          'clang-diagnostic-*,clang-analyzer-*,readability-*,modernize-*,bugprone-*,misc-*,google-runtime-int,fuchsia-restrict-system-includes,-clang-analyzer-valist.Uninitialized,-clang-analyzer-security.insecureAPI.rand,-clang-analyzer-alpha.*,-readability-else-after-return,-readability-magic-numbers,-misc-unused-parameters'
 WarningsAsErrors: '*'
 HeaderFilterRegex: '\./*'
 FormatStyle: 'file'

CMakeLists.txt

@@ -4,11 +4,11 @@ project(aws-c-http C)
 option(ENABLE_PROXY_INTEGRATION_TESTS "Whether to run the proxy integration tests that rely on a proxy server installed and running locally" OFF)
 
 if (DEFINED CMAKE_PREFIX_PATH)
-    file(TO_CMAKE_PATH ${CMAKE_PREFIX_PATH} CMAKE_PREFIX_PATH)
+    file(TO_CMAKE_PATH "${CMAKE_PREFIX_PATH}" CMAKE_PREFIX_PATH)
 endif()
 
 if (DEFINED CMAKE_INSTALL_PREFIX)
-    file(TO_CMAKE_PATH ${CMAKE_INSTALL_PREFIX} CMAKE_INSTALL_PREFIX)
+    file(TO_CMAKE_PATH "${CMAKE_INSTALL_PREFIX}" CMAKE_INSTALL_PREFIX)
 endif()
 
 if (UNIX AND NOT APPLE)

builder.json

@@ -0,0 +1,10 @@
+{
+    "name": "aws-c-http",
+    "upstream": [
+        { "name": "aws-c-io" },
+        { "name": "aws-c-compression" }
+    ],
+    "downstream": [
+        { "name": "aws-c-auth" }
+    ]
+}

source/h2_frames.c

@@ -733,6 +733,10 @@ int aws_h2_frame_headers_decode(struct aws_h2_frame_headers *frame, struct aws_h
             goto read_error;
         }
 
+        if (frame->pad_length > decoder->payload.len) {
+            goto protocol_error;
+        }
+
         /* Remove padding from payload */
         decoder->payload.len -= frame->pad_length;
     }
@@ -1183,6 +1187,10 @@ int aws_h2_frame_push_promise_decode(struct aws_h2_frame_push_promise *frame, st
             goto read_error;
         }
 
+        if (frame->pad_length > decoder->payload.len) {
+            goto protocol_error;
+        }
+
         /* Remove padding from payload */
         decoder->payload.len -= frame->pad_length;
     }

source/hpack.c

@@ -502,6 +502,11 @@ int aws_hpack_resize_dynamic_table(struct aws_hpack_context *context, size_t new
         return AWS_OP_ERR;
     }
 
+    /* Don't bother copying data if old buffer was of size 0 */
+    if (AWS_UNLIKELY(context->dynamic_table.max_elements == 0)) {
+        goto reset_dyn_table_state;
+    }
+
     /* Copy as much the above block as possible */
     size_t above_block_size = context->dynamic_table.max_elements - context->dynamic_table.index_0;
     if (above_block_size > new_max_elements) {
@@ -529,6 +534,7 @@ int aws_hpack_resize_dynamic_table(struct aws_hpack_context *context, size_t new
     aws_mem_release(context->allocator, context->dynamic_table.buffer);
 
     /* Reset state */
+reset_dyn_table_state:
     if (context->dynamic_table.num_elements > new_max_elements) {
         context->dynamic_table.num_elements = new_max_elements;
     }

tests/test_h1_client.c

@@ -1301,7 +1301,7 @@ enum request_callback {
     REQUEST_CALLBACK_COUNT,
 };
 
-static const int ERROR_FROM_CALLBACK_ERROR_CODE = 0xBEEFCAFE;
+static const int ERROR_FROM_CALLBACK_ERROR_CODE = (int)0xBEEFCAFE;
 
 struct error_from_callback_tester {
     enum request_callback error_at;

tests/test_h1_decoder.c

@@ -569,7 +569,7 @@ static int s_h1_decode_messages_at_random_intervals(struct aws_allocator *alloca
     /* Just seed something for determinism. */
     srand(1);
 
-    for (int iter = 0; iter < AWS_ARRAY_SIZE(requests); ++iter) {
+    for (size_t iter = 0; iter < AWS_ARRAY_SIZE(requests); ++iter) {
         struct aws_byte_cursor request = requests[iter];
 
         struct aws_h1_decoder_params params;
@@ -711,7 +711,7 @@ static int s_h1_decode_bad_requests_and_assert_failure(struct aws_allocator *all
         /* Go ahead and add more cases here. */
     };
 
-    for (int iter = 0; iter < AWS_ARRAY_SIZE(requests); ++iter) {
+    for (size_t iter = 0; iter < AWS_ARRAY_SIZE(requests); ++iter) {
         struct aws_byte_cursor request = requests[iter];
 
         struct aws_h1_decoder_params params;
@@ -747,7 +747,7 @@ static int s_h1_decode_bad_responses_and_assert_failure(struct aws_allocator *al
         /* Go ahead and add more cases here. */
     };
 
-    for (int iter = 0; iter < AWS_ARRAY_SIZE(responses); ++iter) {
+    for (size_t iter = 0; iter < AWS_ARRAY_SIZE(responses); ++iter) {
         struct aws_byte_cursor response = responses[iter];
 
         struct aws_h1_decoder_params params;

tests/test_h1_server.c

@@ -1056,7 +1056,7 @@ enum request_handler_callback {
     REQUEST_HANDLER_CALLBACK_COUNT,
 };
 
-static const int ERROR_FROM_CALLBACK_ERROR_CODE = 0xBEEFCAFE;
+static const int ERROR_FROM_CALLBACK_ERROR_CODE = (int)0xBEEFCAFE;
 
 struct error_from_callback_tester {
     enum request_handler_callback error_at;

tests/test_h2_frames.c

@@ -276,7 +276,7 @@ static int s_test_priority_init(struct frame_test_fixture *fixture) {
     /* clang-format on */
 
     aws_byte_buf_write(&fixture->buffer, frame_header, sizeof(frame_header));
-    aws_byte_buf_write_be32(&fixture->buffer, (1ull << 31) | stream_dependency);
+    aws_byte_buf_write_be32(&fixture->buffer, (1ULL << 31) | stream_dependency);
     aws_byte_buf_write_u8(&fixture->buffer, dependency_weight);
 
     /* Init packet */