caddyfile: Reject long heredoc markers (#6098)

Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2025-11-04 03:27:23 -05:00 · 2024-02-11 13:30:14 -05:00 · 2024-02-11 13:30:14 -05:00 · e7a534d0a3
commit e7a534d0a3
parent c78ebb3d6a
4 changed files with 40 additions and 10 deletions
--- a/caddyconfig/caddyfile/formatter.go
+++ b/caddyconfig/caddyfile/formatter.go
@ -16,6 +16,7 @@ package caddyfile

 import (
 	"bytes"
+	"fmt"
 	"io"
 	"unicode"

@ -118,6 +119,10 @@ func Format(input []byte) []byte {
 				heredoc = heredocClosed
 			} else {
 				heredocMarker = append(heredocMarker, ch)
+				if len(heredocMarker) > 32 {
+					errorString := fmt.Sprintf("heredoc marker too long: <<%s", string(heredocMarker))
+					panic(errorString)
+				}
 				write(ch)
 				continue
 			}
--- a/caddyconfig/caddyfile/formatter_test.go
+++ b/caddyconfig/caddyfile/formatter_test.go
@ -15,6 +15,8 @@
 package caddyfile

 import (
+	"fmt"
+	"os"
 	"strings"
 	"testing"
 )
@ -24,6 +26,7 @@ func TestFormatter(t *testing.T) {
 		description string
 		input       string
 		expect      string
+		panics      bool
 	}{
 		{
 			description: "very simple",
@ -434,7 +437,24 @@ block2 {
 }
 `,
 		},
+		{
+			description: "very long heredoc from fuzzer",
+			input: func() string {
+				bs, _ := os.ReadFile("testdata/clusterfuzz-testcase-minimized-fuzz-format-5806400649363456")
+				return string(bs)
+			}(),
+			panics: true,
+		},
 	} {
+		t.Run(fmt.Sprintf("test case %d: %s", i, tc.description), func(t *testing.T) {
+			if tc.panics {
+				defer func() {
+					if r := recover(); r == nil {
+						t.Errorf("[TEST %d: %s] Expected panic, but got none", i, tc.description)
+					}
+				}()
+			}
+
 			// the formatter should output a trailing newline,
 			// even if the tests aren't written to expect that
 			if !strings.HasSuffix(tc.expect, "\n") {
@ -443,9 +463,10 @@ block2 {

 			actual := Format([]byte(tc.input))

-		if string(actual) != tc.expect {
+			if !tc.panics && string(actual) != tc.expect {
 				t.Errorf("\n[TEST %d: %s]\n====== EXPECTED ======\n%s\n====== ACTUAL ======\n%s^^^^^^^^^^^^^^^^^^^^^",
 					i, tc.description, string(tc.expect), string(actual))
 			}
+		})
 	}
 }
--- a/caddyconfig/caddyfile/lexer.go
+++ b/caddyconfig/caddyfile/lexer.go
@ -149,6 +149,10 @@ func (l *lexer) next() (bool, error) {
 				continue
 			}

+			if len(val) > 32 {
+				return false, fmt.Errorf("heredoc marker too long on line #%d: %s", l.line, string(val))
+			}
+
 			// after hitting a newline, we know that the heredoc marker
 			// is the characters after the two << and the newline.
 			// we reset the val because the heredoc is syntax we don't
--- a/caddyconfig/caddyfile/testdata/clusterfuzz-testcase-minimized-fuzz-format-5806400649363456
+++ b/caddyconfig/caddyfile/testdata/clusterfuzz-testcase-minimized-fuzz-format-5806400649363456