[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r36891 - in libmicrohttpd: . src/microhttpd
From: |
gnunet |
Subject: |
[GNUnet-SVN] r36891 - in libmicrohttpd: . src/microhttpd |
Date: |
Thu, 4 Feb 2016 12:44:04 +0100 |
Author: Karlson2k
Date: 2016-02-04 12:44:04 +0100 (Thu, 04 Feb 2016)
New Revision: 36891
Modified:
libmicrohttpd/ChangeLog
libmicrohttpd/src/microhttpd/connection.c
Log:
Added some buffer overrun protection, fixed handling of misformed URI with
spaces.
Modified: libmicrohttpd/ChangeLog
===================================================================
--- libmicrohttpd/ChangeLog 2016-02-03 14:43:27 UTC (rev 36890)
+++ libmicrohttpd/ChangeLog 2016-02-04 11:44:04 UTC (rev 36891)
@@ -1,3 +1,7 @@
+Thu Feb 4 11:38:11 CET 2016
+ Added some buffer overrun protection.
+ Fixed handling of misformed URI with spaces. -EG
+
Wed Feb 3 15:41:57 CET 2016
Make signal-pipe non-blocking and drain it. -CG
Modified: libmicrohttpd/src/microhttpd/connection.c
===================================================================
--- libmicrohttpd/src/microhttpd/connection.c 2016-02-03 14:43:27 UTC (rev
36890)
+++ libmicrohttpd/src/microhttpd/connection.c 2016-02-04 11:44:04 UTC (rev
36891)
@@ -1328,10 +1328,13 @@
* return NULL. Otherwise return a pointer to the line.
*
* @param connection connection we're processing
+ * @param[out] line_len pointer to variable that receive
+ * length of line or NULL
* @return NULL if no full line is available
*/
static char *
-get_next_header_line (struct MHD_Connection *connection)
+get_next_header_line (struct MHD_Connection *connection,
+ size_t *line_len)
{
char *rbuf;
size_t pos;
@@ -1357,8 +1360,13 @@
: MHD_HTTP_REQUEST_URI_TOO_LONG,
REQUEST_TOO_BIG);
}
+ if (line_len)
+ *line_len = 0;
return NULL;
}
+
+ if (line_len)
+ *line_len = pos;
/* found, check if we have proper LFCR */
if (('\r' == rbuf[pos]) && ('\n' == rbuf[pos + 1]))
rbuf[pos++] = '\0'; /* skip both r and n */
@@ -1512,11 +1520,13 @@
*
* @param connection the connection (updated)
* @param line the first line
+ * @param line_len length of the first line
* @return #MHD_YES if the line is ok, #MHD_NO if it is malformed
*/
static int
parse_initial_message_line (struct MHD_Connection *connection,
- char *line)
+ char *line,
+ size_t line_len)
{
struct MHD_Daemon *daemon = connection->daemon;
char *uri;
@@ -1524,25 +1534,48 @@
char *args;
unsigned int unused_num_headers;
- if (NULL == (uri = strchr (line, ' ')))
+ if (NULL == (uri = memchr (line, ' ', line_len)))
return MHD_NO; /* serious error */
uri[0] = '\0';
connection->method = line;
uri++;
- while (' ' == uri[0])
+ /* Skip any spaces. Not required by standard but allow
+ to be more tolerant. */
+ while (' ' == uri[0] && (size_t)(uri - line) < line_len)
uri++;
- http_version = strchr (uri, ' ');
- if (NULL != http_version)
+ if (uri - line == line_len)
{
- http_version[0] = '\0';
- http_version++;
+ uri = "";
+ connection->version = "";
+ args = NULL;
}
+ else
+ {
+ /* Search from back to accept misformed URI with space */
+ http_version = line + line_len - 1;
+ /* Skip any trailing spaces */
+ while (' ' == http_version[0] && http_version > uri)
+ http_version--;
+ /* Find first space in reverse direction */
+ while (' ' != http_version[0] && http_version > uri)
+ http_version--;
+ if (http_version > uri)
+ {
+ http_version[0] = '\0';
+ connection->version = http_version + 1;
+ args = memchr(uri, '?', http_version - uri);
+ }
+ else
+ {
+ connection->version = "";
+ args = memchr(uri, '?', line_len - (uri - line));
+ }
+ }
if (NULL != daemon->uri_log_callback)
connection->client_context
= daemon->uri_log_callback (daemon->uri_log_callback_cls,
uri,
connection);
- args = strchr (uri, '?');
if (NULL != args)
{
args[0] = '\0';
@@ -1558,10 +1591,6 @@
connection,
uri);
connection->url = uri;
- if (NULL == http_version)
- connection->version = "";
- else
- connection->version = http_version;
return MHD_YES;
}
@@ -2416,6 +2445,7 @@
unsigned int timeout;
const char *end;
char *line;
+ size_t line_len;
int client_close;
connection->in_idle = MHD_YES;
@@ -2430,7 +2460,7 @@
switch (connection->state)
{
case MHD_CONNECTION_INIT:
- line = get_next_header_line (connection);
+ line = get_next_header_line (connection, &line_len);
/* Check for empty string, as we might want
to tolerate 'spurious' empty lines; also
NULL means we didn't get a full line yet. */
@@ -2447,13 +2477,13 @@
}
break;
}
- if (MHD_NO == parse_initial_message_line (connection, line))
+ if (MHD_NO == parse_initial_message_line (connection, line,
line_len))
CONNECTION_CLOSE_ERROR (connection, NULL);
else
connection->state = MHD_CONNECTION_URL_RECEIVED;
continue;
case MHD_CONNECTION_URL_RECEIVED:
- line = get_next_header_line (connection);
+ line = get_next_header_line (connection, NULL);
if (NULL == line)
{
if (MHD_CONNECTION_URL_RECEIVED != connection->state)
@@ -2481,7 +2511,7 @@
connection->state = MHD_CONNECTION_HEADER_PART_RECEIVED;
continue;
case MHD_CONNECTION_HEADER_PART_RECEIVED:
- line = get_next_header_line (connection);
+ line = get_next_header_line (connection, NULL);
if (NULL == line)
{
if (connection->state != MHD_CONNECTION_HEADER_PART_RECEIVED)
@@ -2571,7 +2601,7 @@
}
break;
case MHD_CONNECTION_BODY_RECEIVED:
- line = get_next_header_line (connection);
+ line = get_next_header_line (connection, NULL);
if (NULL == line)
{
if (connection->state != MHD_CONNECTION_BODY_RECEIVED)
@@ -2599,7 +2629,7 @@
connection->state = MHD_CONNECTION_FOOTER_PART_RECEIVED;
continue;
case MHD_CONNECTION_FOOTER_PART_RECEIVED:
- line = get_next_header_line (connection);
+ line = get_next_header_line (connection, NULL);
if (NULL == line)
{
if (connection->state != MHD_CONNECTION_FOOTER_PART_RECEIVED)
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r36891 - in libmicrohttpd: . src/microhttpd,
gnunet <=