PR#27: Backport fix for CVE-2023-32732 (fix RHBZ#2214470) - rpms/grpc

rpms / grpc

#27 Backport fix for CVE-2023-32732 (fix RHBZ#2214470)

Merged 11 months ago by music. Opened 11 months ago by music.

rpms/ music/grpc cves-202307 into rawhide

Backport fix for CVE-2023-32732 (fix RHBZ#2214470)

Benjamin A. Beasley • 11 months ago

c950d60

0001-http2-Dont-drop-connections-on-metadata-limit-exceed.patch

file added

+695

		`@@ -0,0 +1,695 @@`
		`+ From 9f01fd62c356c05d14abbaebfcedf0b387d1cb96 Mon Sep 17 00:00:00 2001`
		`+ From: Craig Tiller <ctiller@google.com>`
		`+ Date: Tue, 7 Feb 2023 08:27:04 -0800`
		`+ Subject: [PATCH] [http2] Dont drop connections on metadata limit exceeded`
		`+ (#32309)`
		`+`
		`+ * [http] Dont drop connections on metadata limit exceeded`
		`+`
		`+ * remove bad test`
		`+`
		`+ * Automated change: Fix sanity tests`
		`+`
		`+ ---------`
		`+`
		`+ Co-authored-by: ctiller <ctiller@users.noreply.github.com>`
		`+ ---`
		`+ CMakeLists.txt \| 38 ---`
		`+ build_autogenerated.yaml \| 13 -`
		`+ .../chttp2/transport/hpack_parser.cc \| 11 +-`
		`+ .../ext/transport/chttp2/transport/internal.h \| 2 -`
		`+ .../ext/transport/chttp2/transport/parsing.cc \| 6 +-`
		`+ test/core/bad_client/generate_tests.bzl \| 1 -`
		`+ test/core/bad_client/tests/large_metadata.cc \| 108 ---------`
		`+ .../bad_client/tests/large_metadata.headers \| 106 --------`
		`+ test/core/end2end/tests/large_metadata.cc \| 226 +++++++++---------`
		`+ tools/run_tests/generated/tests.json \| 24 --`
		`+ 10 files changed, 126 insertions(+), 409 deletions(-)`
		`+ delete mode 100644 test/core/bad_client/tests/large_metadata.cc`
		`+ delete mode 100644 test/core/bad_client/tests/large_metadata.headers`
		`+`
		`+ diff --git a/CMakeLists.txt b/CMakeLists.txt`
		`+ index 1ecaea8eb7..661ce2c511 100644`
		`+ --- a/CMakeLists.txt`
		`+ +++ b/CMakeLists.txt`
		`+ @@ -1078,7 +1078,6 @@ if(gRPC_BUILD_TESTS)`
		`+ add_dependencies(buildtests_cxx istio_echo_server_test)`
		`+ add_dependencies(buildtests_cxx join_test)`
		`+ add_dependencies(buildtests_cxx json_test)`
		`+ - add_dependencies(buildtests_cxx large_metadata_bad_client_test)`
		`+ add_dependencies(buildtests_cxx latch_test)`
		`+ add_dependencies(buildtests_cxx lb_get_cpu_stats_test)`
		`+ add_dependencies(buildtests_cxx lb_load_data_store_test)`
		`+ @@ -12796,43 +12795,6 @@ target_link_libraries(json_test`
		`+ )`
		`+`
		`+`
		`+ -endif()`
		`+ -if(gRPC_BUILD_TESTS)`
		`+ -`
		`+ -add_executable(large_metadata_bad_client_test`
		`+ - test/core/bad_client/bad_client.cc`
		`+ - test/core/bad_client/tests/large_metadata.cc`
		`+ - test/core/end2end/cq_verifier.cc`
		`+ - third_party/googletest/googletest/src/gtest-all.cc`
		`+ - third_party/googletest/googlemock/src/gmock-all.cc`
		`+ -)`
		`+ -`
		`+ -target_include_directories(large_metadata_bad_client_test`
		`+ - PRIVATE`
		`+ - ${CMAKE_CURRENT_SOURCE_DIR}`
		`+ - ${CMAKE_CURRENT_SOURCE_DIR}/include`
		`+ - ${_gRPC_ADDRESS_SORTING_INCLUDE_DIR}`
		`+ - ${_gRPC_RE2_INCLUDE_DIR}`
		`+ - ${_gRPC_SSL_INCLUDE_DIR}`
		`+ - ${_gRPC_UPB_GENERATED_DIR}`
		`+ - ${_gRPC_UPB_GRPC_GENERATED_DIR}`
		`+ - ${_gRPC_UPB_INCLUDE_DIR}`
		`+ - ${_gRPC_XXHASH_INCLUDE_DIR}`
		`+ - ${_gRPC_ZLIB_INCLUDE_DIR}`
		`+ - third_party/googletest/googletest/include`
		`+ - third_party/googletest/googletest`
		`+ - third_party/googletest/googlemock/include`
		`+ - third_party/googletest/googlemock`
		`+ - ${_gRPC_PROTO_GENS_DIR}`
		`+ -)`
		`+ -`
		`+ -target_link_libraries(large_metadata_bad_client_test`
		`+ - ${_gRPC_PROTOBUF_LIBRARIES}`
		`+ - ${_gRPC_ALLTARGETS_LIBRARIES}`
		`+ - grpc_test_util`
		`+ -)`
		`+ -`
		`+ -`
		`+ endif()`
		`+ if(gRPC_BUILD_TESTS)`
		`+`
		`+ diff --git a/build_autogenerated.yaml b/build_autogenerated.yaml`
		`+ index 941a095cd1..9c2fbaf2b8 100644`
		`+ --- a/build_autogenerated.yaml`
		`+ +++ b/build_autogenerated.yaml`
		`+ @@ -6683,19 +6683,6 @@ targets:`
		`+ deps:`
		`+ - grpc_test_util`
		`+ uses_polling: false`
		`+ -- name: large_metadata_bad_client_test`
		`+ - gtest: true`
		`+ - build: test`
		`+ - language: c++`
		`+ - headers:`
		`+ - - test/core/bad_client/bad_client.h`
		`+ - - test/core/end2end/cq_verifier.h`
		`+ - src:`
		`+ - - test/core/bad_client/bad_client.cc`
		`+ - - test/core/bad_client/tests/large_metadata.cc`
		`+ - - test/core/end2end/cq_verifier.cc`
		`+ - deps:`
		`+ - - grpc_test_util`
		`+ - name: latch_test`
		`+ gtest: true`
		`+ build: test`
		`+ diff --git a/src/core/ext/transport/chttp2/transport/hpack_parser.cc b/src/core/ext/transport/chttp2/transport/hpack_parser.cc`
		`+ index 5354338cba..314707b59e 100644`
		`+ --- a/src/core/ext/transport/chttp2/transport/hpack_parser.cc`
		`+ +++ b/src/core/ext/transport/chttp2/transport/hpack_parser.cc`
		`+ @@ -1218,12 +1218,17 @@ class HPackParser::Parser {`
		`+ "). GRPC_ARG_MAX_METADATA_SIZE can be set to increase this limit.",`
		`+ *frame_length_, metadata_size_limit_);`
		`+ if (metadata_buffer_ != nullptr) metadata_buffer_->Clear();`
		`+ + // StreamId is used as a signal to skip this stream but keep the connection`
		`+ + // alive`
		`+ return input_->MaybeSetErrorAndReturn(`
		`+ [] {`
		`+ return grpc_error_set_int(`
		`+ - GRPC_ERROR_CREATE_FROM_STATIC_STRING(`
		`+ - "received initial metadata size exceeds limit"),`
		`+ - GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_RESOURCE_EXHAUSTED);`
		`+ + grpc_error_set_int(`
		`+ + GRPC_ERROR_CREATE_FROM_STATIC_STRING(`
		`+ + "received initial metadata size exceeds limit"),`
		`+ + GRPC_ERROR_INT_GRPC_STATUS,`
		`+ + GRPC_STATUS_RESOURCE_EXHAUSTED),`
		`+ + GRPC_ERROR_INT_STREAM_ID, 0);`
		`+ },`
		`+ false);`
		`+ }`
		`+ diff --git a/src/core/ext/transport/chttp2/transport/internal.h b/src/core/ext/transport/chttp2/transport/internal.h`
		`+ index 4af3c4ec9d..e01cff72c1 100644`
		`+ --- a/src/core/ext/transport/chttp2/transport/internal.h`
		`+ +++ b/src/core/ext/transport/chttp2/transport/internal.h`
		`+ @@ -541,8 +541,6 @@ struct grpc_chttp2_stream {`
		`+`
		`+ grpc_core::Timestamp deadline = grpc_core::Timestamp::InfFuture();`
		`+`
		`+ - /** saw some stream level error */`
		`+ - grpc_error_handle forced_close_error = GRPC_ERROR_NONE;`
		`+ /** how many header frames have we received? */`
		`+ uint8_t header_frames_received = 0;`
		`+ /** number of bytes received - reset at end of parse thread execution */`
		`+ diff --git a/src/core/ext/transport/chttp2/transport/parsing.cc b/src/core/ext/transport/chttp2/transport/parsing.cc`
		`+ index 6a45381e54..48dddc9313 100644`
		`+ --- a/src/core/ext/transport/chttp2/transport/parsing.cc`
		`+ +++ b/src/core/ext/transport/chttp2/transport/parsing.cc`
		`+ @@ -22,6 +22,7 @@`
		`+ #include <string.h>`
		`+`
		`+ #include <string>`
		`+ +#include <utility>`
		`+`
		`+ #include "absl/base/attributes.h"`
		`+ #include "absl/status/status.h"`
		`+ @@ -675,10 +676,7 @@ static grpc_error_handle parse_frame_slice(grpc_chttp2_transport* t,`
		`+ }`
		`+ grpc_chttp2_parsing_become_skip_parser(t);`
		`+ if (s) {`
		`+ - s->forced_close_error = err;`
		`+ - grpc_chttp2_add_rst_stream_to_next_write(t, t->incoming_stream_id,`
		`+ - GRPC_HTTP2_PROTOCOL_ERROR,`
		`+ - &s->stats.outgoing);`
		`+ + grpc_chttp2_cancel_stream(t, s, std::exchange(err, absl::OkStatus()));`
		`+ } else {`
		`+ GRPC_ERROR_UNREF(err);`
		`+ }`
		`+ diff --git a/test/core/bad_client/generate_tests.bzl b/test/core/bad_client/generate_tests.bzl`
		`+ index 85aafed655..6100d142d6 100755`
		`+ --- a/test/core/bad_client/generate_tests.bzl`
		`+ +++ b/test/core/bad_client/generate_tests.bzl`
		`+ @@ -29,7 +29,6 @@ BAD_CLIENT_TESTS = {`
		`+ "headers": test_options(),`
		`+ "initial_settings_frame": test_options(),`
		`+ "head_of_line_blocking": test_options(),`
		`+ - "large_metadata": test_options(),`
		`+ "out_of_bounds": test_options(),`
		`+ "server_registered_method": test_options(),`
		`+ "simple_request": test_options(),`
		`+ diff --git a/test/core/bad_client/tests/large_metadata.cc b/test/core/bad_client/tests/large_metadata.cc`
		`+ deleted file mode 100644`
		`+ index 9423dc3f6d..0000000000`
		`+ --- a/test/core/bad_client/tests/large_metadata.cc`
		`+ +++ /dev/null`
		`+ @@ -1,108 +0,0 @@`
		`+ -/*`
		`+ - *`
		`+ - * Copyright 2015 gRPC authors.`
		`+ - *`
		`+ - * Licensed under the Apache License, Version 2.0 (the "License");`
		`+ - * you may not use this file except in compliance with the License.`
		`+ - * You may obtain a copy of the License at`
		`+ - *`
		`+ - * http://www.apache.org/licenses/LICENSE-2.0`
		`+ - *`
		`+ - * Unless required by applicable law or agreed to in writing, software`
		`+ - * distributed under the License is distributed on an "AS IS" BASIS,`
		`+ - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
		`+ - * See the License for the specific language governing permissions and`
		`+ - * limitations under the License.`
		`+ - *`
		`+ - */`
		`+ -`
		`+ -#include <string.h>`
		`+ -`
		`+ -#include "absl/strings/str_format.h"`
		`+ -#include "absl/strings/str_join.h"`
		`+ -`
		`+ -#include <grpc/support/alloc.h>`
		`+ -#include <grpc/support/string_util.h>`
		`+ -`
		`+ -#include "src/core/lib/gpr/string.h"`
		`+ -#include "src/core/lib/surface/server.h"`
		`+ -#include "test/core/bad_client/bad_client.h"`
		`+ -#include "test/core/end2end/cq_verifier.h"`
		`+ -`
		`+ -// The large-metadata headers that we're adding for this test are not`
		`+ -// actually appended to this in a single string, since the string would`
		`+ -// be longer than the C99 string literal limit. Instead, we dynamically`
		`+ -// construct it by adding the large headers one at a time.`
		`+ -`
		`+ -/* headers: generated from large_metadata.headers in this directory */`
		`+ -#define PFX_TOO_MUCH_METADATA_FROM_CLIENT_REQUEST \`
		`+ - "\x00\x00\x00\x04\x01\x00\x00\x00\x00" \`
		`+ - "\x00" \`
		`+ - "5{\x01\x05\x00\x00\x00\x01" \`
		`+ - "\x10\x05:path\x08/foo/bar" \`
		`+ - "\x10\x07:scheme\x04http" \`
		`+ - "\x10\x07:method\x04POST" \`
		`+ - "\x10\x0a:authority\x09localhost" \`
		`+ - "\x10\x0c" \`
		`+ - "content-type\x10" \`
		`+ - "application/grpc" \`
		`+ - "\x10\x14grpc-accept-encoding\x15identity,deflate,gzip" \`
		`+ - "\x10\x02te\x08trailers" \`
		`+ - "\x10\x0auser-agent\"bad-client grpc-c/0.12.0.0 (linux)"`
		`+ -`
		`+ -// Each large-metadata header is constructed from these start and end`
		`+ -// strings, with a two-digit number in between.`
		`+ -#define PFX_TOO_MUCH_METADATA_FROM_CLIENT_HEADER_START_STR "\x10\x0duser-header"`
		`+ -#define PFX_TOO_MUCH_METADATA_FROM_CLIENT_HEADER_END_STR \`
		`+ - "~aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" \`
		`+ - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"`
		`+ -`
		`+ -// The size of each large-metadata header string.`
		`+ -#define PFX_TOO_MUCH_METADATA_FROM_CLIENT_HEADER_SIZE \`
		`+ - ((sizeof(PFX_TOO_MUCH_METADATA_FROM_CLIENT_HEADER_START_STR) - 1) + 2 + \`
		`+ - (sizeof(PFX_TOO_MUCH_METADATA_FROM_CLIENT_HEADER_END_STR) - 1))`
		`+ -`
		`+ -// The number of headers we're adding and the total size of the client`
		`+ -// payload.`
		`+ -#define NUM_HEADERS 46`
		`+ -#define TOO_MUCH_METADATA_FROM_CLIENT_REQUEST_SIZE \`
		`+ - ((sizeof(PFX_TOO_MUCH_METADATA_FROM_CLIENT_REQUEST) - 1) + \`
		`+ - (NUM_HEADERS * PFX_TOO_MUCH_METADATA_FROM_CLIENT_HEADER_SIZE) + 1)`
		`+ -`
		`+ -static void verifier_fails(grpc_server* server, grpc_completion_queue* cq,`
		`+ - void* /registered_method/) {`
		`+ - while (grpc_core::Server::FromC(server)->HasOpenConnections()) {`
		`+ - GPR_ASSERT(grpc_completion_queue_next(`
		`+ - cq, grpc_timeout_milliseconds_to_deadline(20), nullptr)`
		`+ - .type == GRPC_QUEUE_TIMEOUT);`
		`+ - }`
		`+ -}`
		`+ -`
		`+ -int main(int argc, char** argv) {`
		`+ - int i;`
		`+ - grpc_init();`
		`+ - grpc::testing::TestEnvironment env(&argc, argv);`
		`+ -`
		`+ - // Test sending more metadata than the server will accept.`
		`+ - std::vector<std::string> headers;`
		`+ - for (i = 0; i < NUM_HEADERS; ++i) {`
		`+ - headers.push_back(absl::StrFormat(`
		`+ - "%s%02d%s", PFX_TOO_MUCH_METADATA_FROM_CLIENT_HEADER_START_STR, i,`
		`+ - PFX_TOO_MUCH_METADATA_FROM_CLIENT_HEADER_END_STR));`
		`+ - }`
		`+ - std::string client_headers = absl::StrJoin(headers, "");`
		`+ - char client_payload[TOO_MUCH_METADATA_FROM_CLIENT_REQUEST_SIZE] =`
		`+ - PFX_TOO_MUCH_METADATA_FROM_CLIENT_REQUEST;`
		`+ - memcpy(client_payload + sizeof(PFX_TOO_MUCH_METADATA_FROM_CLIENT_REQUEST) - 1,`
		`+ - client_headers.data(), client_headers.size());`
		`+ - grpc_bad_client_arg args[2];`
		`+ - args[0] = connection_preface_arg;`
		`+ - args[1].client_validator = rst_stream_client_validator;`
		`+ - args[1].client_payload = client_payload;`
		`+ - args[1].client_payload_length = sizeof(client_payload) - 1;`
		`+ -`
		`+ - grpc_run_bad_client_test(verifier_fails, args, 2, 0);`
		`+ -`
		`+ - grpc_shutdown();`
		`+ - return 0;`
		`+ -}`
		`+ diff --git a/test/core/bad_client/tests/large_metadata.headers b/test/core/bad_client/tests/large_metadata.headers`
		`+ deleted file mode 100644`
		`+ index 75de3ef100..0000000000`
		`+ --- a/test/core/bad_client/tests/large_metadata.headers`
		`+ +++ /dev/null`
		`+ @@ -1,106 +0,0 @@`
		`+ -# headers used in simple_request.c`
		`+ -# use tools/codegen/core/gen_header_frame.py --set_end_stream to generate`
		`+ -# the binary strings contained in the source code`
		`+ -:path: /foo/bar`
		`+ -:scheme: http`
		`+ -:method: POST`
		`+ -:authority: localhost`
		`+ -content-type: application/grpc`
		`+ -grpc-accept-encoding: identity,deflate,gzip`
		`+ -te: trailers`
		`+ -user-agent: bad-client grpc-c/0.12.0.0 (linux)`
		`+ -user-header00: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header01: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header02: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header03: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header04: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header05: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header06: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header07: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header08: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header09: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header10: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header11: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header12: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header13: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header14: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header15: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header16: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header17: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header18: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header19: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header20: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header21: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header22: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header23: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header24: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header25: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header26: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header27: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header28: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header29: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header30: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header31: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header32: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header33: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header34: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header35: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header36: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header37: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header38: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header39: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header40: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header41: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header42: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header43: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header44: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header45: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header46: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header47: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header48: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header49: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header50: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header51: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header52: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header53: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header54: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header55: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header56: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header57: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header58: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header59: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header60: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header61: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header62: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header63: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header64: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header65: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header66: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header67: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header68: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header69: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header70: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header71: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header72: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header73: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header74: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header75: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header76: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header77: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header78: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header79: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header80: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header81: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header82: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header83: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header84: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header85: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header86: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header87: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header88: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header89: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header90: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header91: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header92: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header93: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ -user-header94: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
		`+ diff --git a/test/core/end2end/tests/large_metadata.cc b/test/core/end2end/tests/large_metadata.cc`
		`+ index 72cf519899..08cd20cb4f 100644`
		`+ --- a/test/core/end2end/tests/large_metadata.cc`
		`+ +++ b/test/core/end2end/tests/large_metadata.cc`
		`+ @@ -247,10 +247,6 @@ static void test_request_with_large_metadata(grpc_end2end_test_config config) {`
		`+ // Server responds with metadata larger than what the client accepts.`
		`+ static void test_request_with_bad_large_metadata_response(`
		`+ grpc_end2end_test_config config) {`
		`+ - grpc_call* c;`
		`+ - grpc_call* s;`
		`+ - grpc_metadata meta;`
		`+ - const size_t large_size = 64 * 1024;`
		`+ grpc_arg arg;`
		`+ arg.type = GRPC_ARG_INTEGER;`
		`+ arg.key = const_cast<char*>(GRPC_ARG_MAX_METADATA_SIZE);`
		`+ @@ -259,115 +255,125 @@ static void test_request_with_bad_large_metadata_response(`
		`+ grpc_end2end_test_fixture f = begin_test(`
		`+ config, "test_request_with_bad_large_metadata_response", &args, &args);`
		`+ cq_verifier* cqv = cq_verifier_create(f.cq);`
		`+ - grpc_op ops[6];`
		`+ - grpc_op* op;`
		`+ - grpc_metadata_array initial_metadata_recv;`
		`+ - grpc_metadata_array trailing_metadata_recv;`
		`+ - grpc_metadata_array request_metadata_recv;`
		`+ - grpc_call_details call_details;`
		`+ - grpc_status_code status;`
		`+ - grpc_call_error error;`
		`+ - grpc_slice details;`
		`+ - int was_cancelled = 2;`
		`+ -`
		`+ - gpr_timespec deadline = five_seconds_from_now();`
		`+ - c = grpc_channel_create_call(f.client, nullptr, GRPC_PROPAGATE_DEFAULTS, f.cq,`
		`+ - grpc_slice_from_static_string("/foo"), nullptr,`
		`+ - deadline, nullptr);`
		`+ - GPR_ASSERT(c);`
		`+ -`
		`+ - meta.key = grpc_slice_from_static_string("key");`
		`+ - meta.value = grpc_slice_malloc(large_size);`
		`+ - memset(GRPC_SLICE_START_PTR(meta.value), 'a', large_size);`
		`+ -`
		`+ - grpc_metadata_array_init(&initial_metadata_recv);`
		`+ - grpc_metadata_array_init(&trailing_metadata_recv);`
		`+ - grpc_metadata_array_init(&request_metadata_recv);`
		`+ - grpc_call_details_init(&call_details);`
		`+ -`
		`+ - memset(ops, 0, sizeof(ops));`
		`+ - // Client: send request.`
		`+ - op = ops;`
		`+ - op->op = GRPC_OP_SEND_INITIAL_METADATA;`
		`+ - op->data.send_initial_metadata.count = 0;`
		`+ - op->flags = 0;`
		`+ - op->reserved = nullptr;`
		`+ - op++;`
		`+ - op->op = GRPC_OP_SEND_CLOSE_FROM_CLIENT;`
		`+ - op->flags = 0;`
		`+ - op->reserved = nullptr;`
		`+ - op++;`
		`+ - op->op = GRPC_OP_RECV_INITIAL_METADATA;`
		`+ - op->data.recv_initial_metadata.recv_initial_metadata = &initial_metadata_recv;`
		`+ - op->flags = 0;`
		`+ - op->reserved = nullptr;`
		`+ - op++;`
		`+ - op->op = GRPC_OP_RECV_STATUS_ON_CLIENT;`
		`+ - op->data.recv_status_on_client.trailing_metadata = &trailing_metadata_recv;`
		`+ - op->data.recv_status_on_client.status = &status;`
		`+ - op->data.recv_status_on_client.status_details = &details;`
		`+ - op->flags = 0;`
		`+ - op->reserved = nullptr;`
		`+ - op++;`
		`+ - error = grpc_call_start_batch(c, ops, static_cast<size_t>(op - ops), tag(1),`
		`+ - nullptr);`
		`+ - GPR_ASSERT(GRPC_CALL_OK == error);`
		`+ -`
		`+ - error =`
		`+ - grpc_server_request_call(f.server, &s, &call_details,`
		`+ - &request_metadata_recv, f.cq, f.cq, tag(101));`
		`+ - GPR_ASSERT(GRPC_CALL_OK == error);`
		`+ -`
		`+ - CQ_EXPECT_COMPLETION(cqv, tag(101), 1);`
		`+ - cq_verify(cqv);`
		`+ -`
		`+ - memset(ops, 0, sizeof(ops));`
		`+ - // Server: send large initial metadata`
		`+ - op = ops;`
		`+ - op->op = GRPC_OP_SEND_INITIAL_METADATA;`
		`+ - op->data.send_initial_metadata.count = 1;`
		`+ - op->data.send_initial_metadata.metadata = &meta;`
		`+ - op->flags = 0;`
		`+ - op->reserved = nullptr;`
		`+ - op++;`
		`+ - op->op = GRPC_OP_RECV_CLOSE_ON_SERVER;`
		`+ - op->data.recv_close_on_server.cancelled = &was_cancelled;`
		`+ - op->flags = 0;`
		`+ - op->reserved = nullptr;`
		`+ - op++;`
		`+ - op->op = GRPC_OP_SEND_STATUS_FROM_SERVER;`
		`+ - op->data.send_status_from_server.trailing_metadata_count = 0;`
		`+ - op->data.send_status_from_server.status = GRPC_STATUS_OK;`
		`+ - grpc_slice status_details = grpc_slice_from_static_string("xyz");`
		`+ - op->data.send_status_from_server.status_details = &status_details;`
		`+ - op->flags = 0;`
		`+ - op->reserved = nullptr;`
		`+ - op++;`
		`+ - error = grpc_call_start_batch(s, ops, static_cast<size_t>(op - ops), tag(102),`
		`+ - nullptr);`
		`+ - GPR_ASSERT(GRPC_CALL_OK == error);`
		`+ - CQ_EXPECT_COMPLETION(cqv, tag(102), 1);`
		`+ - CQ_EXPECT_COMPLETION(cqv, tag(1), 1);`
		`+ - cq_verify(cqv);`
		`+ -`
		`+ - GPR_ASSERT(status == GRPC_STATUS_RESOURCE_EXHAUSTED);`
		`+ - GPR_ASSERT(0 == grpc_slice_str_cmp(`
		`+ - details, "received initial metadata size exceeds limit"));`
		`+ - GPR_ASSERT(0 == grpc_slice_str_cmp(call_details.method, "/foo"));`
		`+ -`
		`+ - grpc_slice_unref(details);`
		`+ - grpc_metadata_array_destroy(&initial_metadata_recv);`
		`+ - grpc_metadata_array_destroy(&trailing_metadata_recv);`
		`+ - grpc_metadata_array_destroy(&request_metadata_recv);`
		`+ - grpc_call_details_destroy(&call_details);`
		`+ -`
		`+ - grpc_call_unref(c);`
		`+ - grpc_call_unref(s);`
		`+`
		`+ + for (int i = 0; i < 10; i++) {`
		`+ + grpc_call* c;`
		`+ + grpc_call* s;`
		`+ + grpc_metadata meta;`
		`+ + const size_t large_size = 64 * 1024;`
		`+ + grpc_op ops[6];`
		`+ + grpc_op* op;`
		`+ + grpc_metadata_array initial_metadata_recv;`
		`+ + grpc_metadata_array trailing_metadata_recv;`
		`+ + grpc_metadata_array request_metadata_recv;`
		`+ + grpc_call_details call_details;`
		`+ + grpc_status_code status;`
		`+ + grpc_call_error error;`
		`+ + grpc_slice details;`
		`+ + int was_cancelled = 2;`
		`+ +`
		`+ + gpr_timespec deadline = five_seconds_from_now();`
		`+ + c = grpc_channel_create_call(f.client, nullptr, GRPC_PROPAGATE_DEFAULTS,`
		`+ + f.cq, grpc_slice_from_static_string("/foo"),`
		`+ + nullptr, deadline, nullptr);`
		`+ + GPR_ASSERT(c);`
		`+ +`
		`+ + meta.key = grpc_slice_from_static_string("key");`
		`+ + meta.value = grpc_slice_malloc(large_size);`
		`+ + memset(GRPC_SLICE_START_PTR(meta.value), 'a', large_size);`
		`+ +`
		`+ + grpc_metadata_array_init(&initial_metadata_recv);`
		`+ + grpc_metadata_array_init(&trailing_metadata_recv);`
		`+ + grpc_metadata_array_init(&request_metadata_recv);`
		`+ + grpc_call_details_init(&call_details);`
		`+ +`
		`+ + memset(ops, 0, sizeof(ops));`
		`+ + // Client: send request.`
		`+ + op = ops;`
		`+ + op->op = GRPC_OP_SEND_INITIAL_METADATA;`
		`+ + op->data.send_initial_metadata.count = 0;`
		`+ + op->flags = 0;`
		`+ + op->reserved = nullptr;`
		`+ + op++;`
		`+ + op->op = GRPC_OP_SEND_CLOSE_FROM_CLIENT;`
		`+ + op->flags = 0;`
		`+ + op->reserved = nullptr;`
		`+ + op++;`
		`+ + op->op = GRPC_OP_RECV_INITIAL_METADATA;`
		`+ + op->data.recv_initial_metadata.recv_initial_metadata =`
		`+ + &initial_metadata_recv;`
		`+ + op->flags = 0;`
		`+ + op->reserved = nullptr;`
		`+ + op++;`
		`+ + op->op = GRPC_OP_RECV_STATUS_ON_CLIENT;`
		`+ + op->data.recv_status_on_client.trailing_metadata = &trailing_metadata_recv;`
		`+ + op->data.recv_status_on_client.status = &status;`
		`+ + op->data.recv_status_on_client.status_details = &details;`
		`+ + op->flags = 0;`
		`+ + op->reserved = nullptr;`
		`+ + op++;`
		`+ + error = grpc_call_start_batch(c, ops, static_cast<size_t>(op - ops), tag(1),`
		`+ + nullptr);`
		`+ + GPR_ASSERT(GRPC_CALL_OK == error);`
		`+ +`
		`+ + error =`
		`+ + grpc_server_request_call(f.server, &s, &call_details,`
		`+ + &request_metadata_recv, f.cq, f.cq, tag(101));`
		`+ + GPR_ASSERT(GRPC_CALL_OK == error);`
		`+ +`
		`+ + CQ_EXPECT_COMPLETION(cqv, tag(101), 1);`
		`+ + cq_verify(cqv);`
		`+ +`
		`+ + memset(ops, 0, sizeof(ops));`
		`+ + // Server: send large initial metadata`
		`+ + op = ops;`
		`+ + op->op = GRPC_OP_SEND_INITIAL_METADATA;`
		`+ + op->data.send_initial_metadata.count = 1;`
		`+ + op->data.send_initial_metadata.metadata = &meta;`
		`+ + op->flags = 0;`
		`+ + op->reserved = nullptr;`
		`+ + op++;`
		`+ + op->op = GRPC_OP_RECV_CLOSE_ON_SERVER;`
		`+ + op->data.recv_close_on_server.cancelled = &was_cancelled;`
		`+ + op->flags = 0;`
		`+ + op->reserved = nullptr;`
		`+ + op++;`
		`+ + op->op = GRPC_OP_SEND_STATUS_FROM_SERVER;`
		`+ + op->data.send_status_from_server.trailing_metadata_count = 0;`
		`+ + op->data.send_status_from_server.status = GRPC_STATUS_OK;`
		`+ + grpc_slice status_details = grpc_slice_from_static_string("xyz");`
		`+ + op->data.send_status_from_server.status_details = &status_details;`
		`+ + op->flags = 0;`
		`+ + op->reserved = nullptr;`
		`+ + op++;`
		`+ + error = grpc_call_start_batch(s, ops, static_cast<size_t>(op - ops),`
		`+ + tag(102), nullptr);`
		`+ + GPR_ASSERT(GRPC_CALL_OK == error);`
		`+ + CQ_EXPECT_COMPLETION(cqv, tag(102), 1);`
		`+ + CQ_EXPECT_COMPLETION(cqv, tag(1), 1);`
		`+ + cq_verify(cqv);`
		`+ +`
		`+ + GPR_ASSERT(status == GRPC_STATUS_RESOURCE_EXHAUSTED);`
		`+ + const char* expected_error = "received initial metadata size exceeds limit";`
		`+ + grpc_slice actual_error =`
		`+ + grpc_slice_split_head(&details, strlen(expected_error));`
		`+ + GPR_ASSERT(0 == grpc_slice_str_cmp(actual_error, expected_error));`
		`+ + GPR_ASSERT(0 == grpc_slice_str_cmp(call_details.method, "/foo"));`
		`+ +`
		`+ + grpc_slice_unref(actual_error);`
		`+ + grpc_slice_unref(details);`
		`+ + grpc_metadata_array_destroy(&initial_metadata_recv);`
		`+ + grpc_metadata_array_destroy(&trailing_metadata_recv);`
		`+ + grpc_metadata_array_destroy(&request_metadata_recv);`
		`+ + grpc_call_details_destroy(&call_details);`
		`+ +`
		`+ + grpc_call_unref(c);`
		`+ + grpc_call_unref(s);`
		`+ +`
		`+ + grpc_slice_unref(meta.value);`
		`+ + }`
		`+ cq_verifier_destroy(cqv);`
		`+`
		`+ - grpc_slice_unref(meta.value);`
		`+ -`
		`+ end_test(&f);`
		`+ config.tear_down_data(&f);`
		`+ }`
		`+ diff --git a/tools/run_tests/generated/tests.json b/tools/run_tests/generated/tests.json`
		`+ index 9f21710575..0cf8b37e76 100644`
		`+ --- a/tools/run_tests/generated/tests.json`
		`+ +++ b/tools/run_tests/generated/tests.json`
		`+ @@ -5087,30 +5087,6 @@`
		`+ ],`
		`+ "uses_polling": false`
		`+ },`
		`+ - {`
		`+ - "args": [],`
		`+ - "benchmark": false,`
		`+ - "ci_platforms": [`
		`+ - "linux",`
		`+ - "mac",`
		`+ - "posix",`
		`+ - "windows"`
		`+ - ],`
		`+ - "cpu_cost": 1.0,`
		`+ - "exclude_configs": [],`
		`+ - "exclude_iomgrs": [],`
		`+ - "flaky": false,`
		`+ - "gtest": true,`
		`+ - "language": "c++",`
		`+ - "name": "large_metadata_bad_client_test",`
		`+ - "platforms": [`
		`+ - "linux",`
		`+ - "mac",`
		`+ - "posix",`
		`+ - "windows"`
		`+ - ],`
		`+ - "uses_polling": true`
		`+ - },`
		`+ {`
		`+ "args": [],`
		`+ "benchmark": false,`
		`+ --`
		`+ 2.41.0`
		`+`

grpc.spec

file modified

+18

		`@@ -391,6 +391,24 @@`
		`# Backported to 1.48.4.`
		`Patch: grpc-1.48.4-find_module.patch`

		`+ # [http2] Dont drop connections on metadata limit exceeded (#32309)`
		`+ #`
		`+ # * [http] Dont drop connections on metadata limit exceeded`
		`+ #`
		`+ # * remove bad test`
		`+ #`
		`+ # * Automated change: Fix sanity tests`
		`+ # https://github.com/grpc/grpc/commit/29d8beee0ac2555773b2a2dda5601c74a95d6c10`
		`+ # https://github.com/grpc/grpc/pull/32309`
		`+ #`
		`+ # Fixes CVE-2023-32732`
		`+ # https://nvd.nist.gov/vuln/detail/CVE-2023-32732`
		`+ # CVE-2023-32732 grpc: denial of service [fedora-all]`
		`+ # https://bugzilla.redhat.com/show_bug.cgi?id=2214470`
		`+ #`
		`+ # Backported to 1.48.4.`
		`+ Patch: 0001-http2-Dont-drop-connections-on-metadata-limit-exceed.patch`
		`+`
		`Requires: grpc-data = %{version}-%{release}`

		`# Upstream https://github.com/protocolbuffers/upb does not support building`

music commented 11 months ago

Backport fix for CVE-2023-32732 (fix RHBZ#2214470)

zuul commented 11 months ago

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/c2aadf803ece4086b3558138aa2fd7f7

check-for-arches : SUCCESS in 2m 20s
check-for-eln : SUCCESS in 19s
eln-rpm-scratch-build : SUCCESS in 2h 06m 21s
rpm-scratch-build : SUCCESS in 2h 58m 27s
rpm-scratch-build-s390x : SUCCESS in 3h 00m 26s (non-voting)
rpm-scratch-build-ppc64le : SUCCESS in 2h 28m 06s (non-voting)
rpm-scratch-build-i686 : SUCCESS in 2h 05m 13s (non-voting)
rpm-scratch-build-aarch64 : SUCCESS in 1h 21m 45s (non-voting)
rpm-linter : SUCCESS in 11m 51s (non-voting)
rpm-rpminspect : SUCCESS in 29m 08s (non-voting)
check-for-sti-tests : SUCCESS in 16s
check-for-fmf-tests : SUCCESS in 15s
rpm-install-test : FAILURE in 1m 16s
Skipped 2 jobs

music commented 11 months ago

Of CVE-2023-32732, CVE-2023-32731, and CVE-2023-1428, I plan to backport a fix for only the first. Too much has diverged between the packaged grpc version and the patched-upstream grpc version to confidently backport the other fixes in a reasonable amount of time.

Pull-Request has been merged by music

11 months ago

zuul commented 11 months ago