[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [libmicrohttpd] branch master updated: Disallow binary zero
From: |
gnunet |
Subject: |
[GNUnet-SVN] [libmicrohttpd] branch master updated: Disallow binary zero in header and cookies. |
Date: |
Fri, 03 May 2019 14:44:51 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
The following commit(s) were added to refs/heads/master by this push:
new bcdff026 Disallow binary zero in header and cookies.
bcdff026 is described below
commit bcdff026967469e6c9cd1a22db80721712586a8e
Author: Evgeny Grin (Karlson2k) <address@hidden>
AuthorDate: Fri May 3 15:44:12 2019 +0300
Disallow binary zero in header and cookies.
---
src/include/microhttpd.h | 18 ++++++++----------
src/microhttpd/connection.c | 23 +++++++++++++----------
2 files changed, 21 insertions(+), 20 deletions(-)
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 77e80354..6617dd98 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -2537,12 +2537,10 @@ MHD_set_connection_value (struct MHD_Connection
*connection,
/**
- * This function can be used to add an entry to the HTTP headers of a
- * connection (so that the #MHD_get_connection_values function will
- * return them -- and the `struct MHD_PostProcessor` will also see
- * them). This maybe required in certain situations (see Mantis
- * #1399) where (broken) HTTP implementations fail to supply values
- * needed by the post processor (or other parts of the application).
+ * This function can be used to add an arbitrary entry to connection.
+ * This function could add entry with binary zero, which is allowed
+ * for #MHD_GET_ARGUMENT_KIND. For other kind on entries it is
+ * recommended to use #MHD_set_connection_value.
*
* This function MUST only be called from within the
* #MHD_AccessHandlerCallback (otherwise, access maybe improperly
@@ -2554,10 +2552,10 @@ MHD_set_connection_value (struct MHD_Connection
*connection,
* @param connection the connection for which a
* value should be set
* @param kind kind of the value
- * @param key key for the value
- * @param key_size number of bytes in @a key (excluding 0-terminator for
C-strings)
- * @param value the value itself
- * @param value_size number of bytes in @a value (excluding 0-terminator for
C-strings)
+ * @param key key for the value, must be zero-terminated
+ * @param key_size number of bytes in @a key (excluding 0-terminator)
+ * @param value the value itself, must be zero-terminated
+ * @param value_size number of bytes in @a value (excluding 0-terminator)
* @return #MHD_NO if the operation could not be
* performed due to insufficient memory;
* #MHD_YES on success
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
index 611d4141..78c36f07 100644
--- a/src/microhttpd/connection.c
+++ b/src/microhttpd/connection.c
@@ -714,12 +714,10 @@ MHD_get_connection_values (struct MHD_Connection
*connection,
/**
- * This function can be used to add an entry to the HTTP headers of a
- * connection (so that the #MHD_get_connection_values function will
- * return them -- and the `struct MHD_PostProcessor` will also see
- * them). This maybe required in certain situations (see Mantis
- * #1399) where (broken) HTTP implementations fail to supply values
- * needed by the post processor (or other parts of the application).
+ * This function can be used to add an arbitrary entry to connection.
+ * This function could add entry with binary zero, which is allowed
+ * for #MHD_GET_ARGUMENT_KIND. For other kind on entries it is
+ * recommended to use #MHD_set_connection_value.
*
* This function MUST only be called from within the
* #MHD_AccessHandlerCallback (otherwise, access maybe improperly
@@ -731,10 +729,10 @@ MHD_get_connection_values (struct MHD_Connection
*connection,
* @param connection the connection for which a
* value should be set
* @param kind kind of the value
- * @param key key for the value
- * @param key_size number of bytes in @a key (excluding 0-terminator for
C-strings)
- * @param value the value itself
- * @param value_size number of bytes in @a value (excluding 0-terminator for
C-strings)
+ * @param key key for the value, must be zero-terminated
+ * @param key_size number of bytes in @a key (excluding 0-terminator)
+ * @param value the value itself, must be zero-terminated
+ * @param value_size number of bytes in @a value (excluding 0-terminator)
* @return #MHD_NO if the operation could not be
* performed due to insufficient memory;
* #MHD_YES on success
@@ -750,6 +748,11 @@ MHD_set_connection_value_n (struct MHD_Connection
*connection,
{
struct MHD_HTTP_Header *pos;
+ if ( (MHD_GET_ARGUMENT_KIND != kind) &&
+ ( (strlen(key) != key_size) ||
+ (strlen(value) != value_size) ) )
+ return MHD_NO; /* binary zero is allowed only in GET arguments */
+
pos = MHD_pool_allocate (connection->pool,
sizeof (struct MHD_HTTP_Header),
MHD_YES);
--
To stop receiving notification emails like this one, please contact
address@hidden
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [libmicrohttpd] branch master updated: Disallow binary zero in header and cookies.,
gnunet <=