New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 801270 link

Starred by 1 user
Status: Fixed
Owner:
davidben@chromium.org
Closed: Dec 3
Cc:
jochen@chromium.org
mkwst@chromium.org
davidben@chromium.org
qyears...@chromium.org
csharrison@chromium.org
dpranke@chromium.org
foolip@chromium.org
linds...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocking:
issue 774301



Sign in to add a comment

HTTP layout tests with headers not strictly conforming with spec are broken in Apache 2.4

Project Member Reported by robertma@chromium.org, Jan 11 2018 
Apache 2.4 changed its default behavior to abort requests/responses with headers not strictly conforming to the HTTP protocol, due to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743

Yet, we have a few tests in LayoutTests/http deliberately sending non-conformant requests/responses to make sure Blink does not crash. These tests no longer work in our current Apache 2.4 setup:

http/tests/misc/non-utf8-header-name.php (non-utf8 character in response header)
http/tests/security/document-domain-canonicalizes.html (requesting domain "sub%2C.subdomain.example.test")

Not sure if any bot is running Apache 2.4, but this is affecting Debian Testing & Mac High Sierra, both of which might be used for dev.

The solution is to add this directive in Apache conf:

HttpProtocolOptions Unsafe
(http://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions)

But there are scary warnings regarding security. I'm not certain if it's safe to do this, even for layout tests only.

Comment 1 by dpranke@chromium.org, Jan 11 2018 

Can we rewrite these tests to use wptserve instead?

Comment 2 by robertma@chromium.org, Jan 11 2018

Cc: foolip@chromium.org
Status: Available (was: Untriaged)
wptserve allows arbitrary responses (there is even an ".asis" mode for raw response). I'll double check the request side. Most likely the two tests can be converted to wptserve without issues.

I'm unsure which directories each of them should go though. foolip@, perhaps you can shed a light?
https://cs.chromium.org/chromium/src/third_party/WebKit/LayoutTests/http/tests/misc/non-utf8-header-name.php
https://cs.chromium.org/chromium/src/third_party/WebKit/LayoutTests/http/tests/security/document-domain-canonicalizes.html

Comment 3 by robertma@chromium.org, Jan 11 2018

Blocking: 774301

Comment 4 by linds...@chromium.org, Feb 20 2018

Cc: linds...@chromium.org
Is this issue still valid?

Comment 5 by foolip@chromium.org, Feb 21 2018 

I think that non-utf8-header-name.php would make sense under http/ or possibly fetch/

document-domain-canonicalizes.html I'm not sure about, do we route *.example.test to localhost (Apache) or why does that case work at all?

Comment 6 by foolip@chromium.org, Feb 21 2018 

#4, yes, I think it is still valid.

Comment 7 by robertma@chromium.org, Mar 2 2018 

This isn't exactly blocking  issue 774301 .

The tests in question aren't working as intended on Apache 2.4 (which includes Mac 10.13 and Debian Testing). They can be (and already have been) rebaselined on Mac 10.13 to make layout tests green.

Yet by doing so, we are losing the coverage provided by these two tests, so we do need to fix these tests eventually.

Comment 8 by davidben@chromium.org, Nov 15

Cc: davidben@chromium.org
(Ran into this trying to update Apache on win32.)

We seem to already have code to set HttpProtocolOptions Unsafe here:
https://chromium-review.googlesource.com/c/chromium/src/+/505494/

Perhaps it's not triggering for some reason...

Comment 9 by davidben@chromium.org, Nov 15

Cc: jochen@chromium.org
+jochen

The issue seems to be that httpd complains about not having a config file before it gets to complaining about the directives. Maybe we should just parse the version out of "-v"?

Comment 10 by jochen@chromium.org, Nov 15 

When I first discovered this, the Linux distro we use on bots had this patch backported, so you actually had to look at the patch level of the Linux package :/

Comment 11 by davidben@chromium.org, Nov 15 

Hrm. How about instead doing this in the conf files with:

<IfDirective HttpProtocolOptions>
  HttpProtocolOptions Unsafe
</IfDirective>

Comment 12 by davidben@chromium.org, Nov 15 

To the description, re the security warnings, the CVE description sounds like the problem is that the security of your web application may be compromised, especially when combined with various other HTTP things. That's certainly a concern for a normal use of Apache, but it's probably fine for our purposes. We care about httpd having RCEs or reading files outside of the LayoutTests directory.

Comment 13 by davidben@chromium.org, Nov 15 

Bah. Except IfDirective also only exists in recent Apache.

Comment 14 by davidben@chromium.org, Nov 16

Owner: davidben@chromium.org
Status: Started (was: Available)
CQ willing, https://chromium-review.googlesource.com/c/chromium/src/+/1338939 should contain a fix for this.
Project Member

Comment 15 by bugdroid1@chromium.org, Dec 1 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d

commit 7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d
Author: David Benjamin <davidben@chromium.org>
Date: Sat Dec 01 00:23:07 2018

Update apache32-win to 2.4.37.

This is based in part on qyearsley's earlier iteration in
https://chromium-review.googlesource.com/595041, but it uses different
builds of Apache and PHP, which seem to work better.

UCRT DLLs (api-ms-crt-* and ucrtbase) are included. Although
Microsoft's documentation states that Windows should install them
automatically via Windows Update, some Windows bots are missing
ucrtbase.dll. See https://crbug.com/910745.

Fixes to tests needed:

- HttpProtocolOptions Unsafe detection logic did not handle Apache
  erroring due to the config file being bad or missing. Along the way,
  pass -t to further make sure it does not start serving.

- image-load-in-unload-handler.html did not pass ?test=blah, which
  resulted in save-Ping.php, etc., trying to rename a file to "test.".
  The new PHP on Windows appears to get offended by this.

This means we can remove the TLS 1.0/1.1 deprecation suppression in
Windows layout tests.

Bug: 747666,  801270 
Change-Id: Ib61b74ad9cf3e3f88666089594b013c247691695
Reviewed-on: https://chromium-review.googlesource.com/c/1338939
Commit-Queue: David Benjamin <davidben@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Quinten Yearsley <qyearsley@chromium.org>
Cr-Commit-Position: refs/heads/master@{#612871}
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/content/public/renderer/content_renderer_client.h
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/content/shell/renderer/web_test/web_test_content_renderer_client.cc
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/ABOUT_APACHE.txt
[delete] https://crrev.com/93b6b693ef284d188c769ac0a6fa7ce12e62defd/third_party/apache-win32/CHANGES.txt
[delete] https://crrev.com/93b6b693ef284d188c769ac0a6fa7ce12e62defd/third_party/apache-win32/INSTALL.txt
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/LICENSE.txt
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/NOTICE.txt
[delete] https://crrev.com/93b6b693ef284d188c769ac0a6fa7ce12e62defd/third_party/apache-win32/OPENSSL-NEWS.txt
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/OPENSSL-README.txt
[delete] https://crrev.com/93b6b693ef284d188c769ac0a6fa7ce12e62defd/third_party/apache-win32/README-win32.txt
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/README.chromium
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/README.txt
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/ApacheMonitor.exe.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-console-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-datetime-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-debug-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-errorhandling-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-file-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-file-l1-2-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-file-l2-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-handle-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-heap-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-interlocked-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-libraryloader-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-localization-l1-2-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-memory-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-namedpipe-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-processenvironment-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-processthreads-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-processthreads-l1-1-1.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-profile-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-rtlsupport-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-string-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-synch-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-synch-l1-2-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-sysinfo-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-timezone-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-core-util-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-crt-conio-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-crt-convert-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-crt-environment-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-crt-filesystem-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-crt-heap-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-crt-locale-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-crt-math-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-crt-multibyte-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-crt-private-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-crt-process-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-crt-runtime-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-crt-stdio-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-crt-string-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-crt-time-l1-1-0.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/api-ms-win-crt-utility-l1-1-0.dll.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/httpd.exe.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/libapr-1.dll.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/libapriconv-1.dll.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/libaprutil-1.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/libcrypto-1_1-x64.dll.sha1
[delete] https://crrev.com/93b6b693ef284d188c769ac0a6fa7ce12e62defd/third_party/apache-win32/bin/libeay32.dll.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/libhttpd.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/libssl-1_1-x64.dll.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/openssl.exe.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/pcre.dll.sha1
[delete] https://crrev.com/93b6b693ef284d188c769ac0a6fa7ce12e62defd/third_party/apache-win32/bin/php5ts.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/php7ts.dll.sha1
[delete] https://crrev.com/93b6b693ef284d188c769ac0a6fa7ce12e62defd/third_party/apache-win32/bin/ssleay32.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/ucrtbase.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/vcruntime140.dll.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/bin/zlib1.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/modules/mod_access_compat.so.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/modules/mod_alias.so.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/modules/mod_asis.so.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/modules/mod_authn_core.so.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/modules/mod_authz_core.so.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/modules/mod_authz_host.so.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/modules/mod_autoindex.so.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/modules/mod_cgi.so.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/modules/mod_env.so.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/modules/mod_headers.so.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/modules/mod_log_config.so.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/modules/mod_mime.so.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/modules/mod_rewrite.so.sha1
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/modules/mod_ssl.so.sha1
[delete] https://crrev.com/93b6b693ef284d188c769ac0a6fa7ce12e62defd/third_party/apache-win32/modules/php5apache2_2.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/modules/php7apache2_4.dll.sha1
[add] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/readme-redist-bins.txt
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/apache-win32/remove_files_not_needed_for_chromium.sh
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/blink/tools/apache_config/win-httpd.conf
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/blink/tools/blinkpy/web_tests/port/base.py
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/blink/web_tests/http/tests/navigation/image-load-in-unload-handler.html
[modify] https://crrev.com/7b0154c4c82add5bb4e36f3f313dc0cb5e6cf34d/third_party/blink/web_tests/http/tests/navigation/resources/ping-redirect.html

Comment 16 by davidben@chromium.org, Dec 3

Status: Fixed (was: Started)
Looks like that worked!

Sign in to add a comment