# HG changeset patch # User Olaf Wintermann # Date 1504122788 -7200 # Node ID 98462e878ca7fe1e4e0fcbd7d3a0b8316e631b7c # Parent ef6827505bd27336c0088e8af98ff2b682e9b417 fixes crash with broken http requests diff -r ef6827505bd2 -r 98462e878ca7 src/server/daemon/httpparser.c --- a/src/server/daemon/httpparser.c Mon Mar 06 17:32:26 2017 +0100 +++ b/src/server/daemon/httpparser.c Wed Aug 30 21:53:08 2017 +0200 @@ -72,6 +72,18 @@ return -1; } +int http_parser_validate(HttpParser *parser) { + HTTPRequest *req = parser->request; + if( + !req->method.ptr || req->method.length == 0 + || req->uri.ptr || req->uri.length == 0 + || !req->httpv.ptr || req->httpv.length == 0) + { + return 0; + } + return 1; +} + int get_start_line(HttpParser *parser) { netbuf *buf = parser->request->netbuf; while(buf->pos < buf->cursize) { diff -r ef6827505bd2 -r 98462e878ca7 src/server/daemon/httpparser.h --- a/src/server/daemon/httpparser.h Mon Mar 06 17:32:26 2017 +0100 +++ b/src/server/daemon/httpparser.h Wed Aug 30 21:53:08 2017 +0200 @@ -74,6 +74,8 @@ */ int http_parser_process(HttpParser *parser); +int http_parser_validate(HttpParser *parser); + int get_start_line(HttpParser *parser); int http_parser_parse_header(HttpParser *parser); diff -r ef6827505bd2 -r 98462e878ca7 src/server/daemon/httprequest.c --- a/src/server/daemon/httprequest.c Mon Mar 06 17:32:26 2017 +0100 +++ b/src/server/daemon/httprequest.c Wed Aug 30 21:53:08 2017 +0200 @@ -45,8 +45,7 @@ #include "error.h" void http_request_init(HTTPRequest *req) { - req->connection = NULL; - req->uri.ptr = NULL; + memset(req, 0, sizeof(HTTPRequest)); HeaderArray *hd = malloc(sizeof(HeaderArray)); hd->next = NULL; @@ -155,14 +154,13 @@ // Pass request line as "clf-request" // remove \r\n sstr_t clfreq = request->request_line; - while(clfreq.ptr[clfreq.length - 1] < 33) { + while(clfreq.length > 0 && clfreq.ptr[clfreq.length - 1] < 33) { clfreq.length--; } - request->request_line = clfreq; pblock_kvinsert( pb_key_clf_request, - request->request_line.ptr, - request->request_line.length, + clfreq.ptr, + clfreq.length, rq->rq.reqpb); // Pass method as "method" in reqpb, and also as method_num diff -r ef6827505bd2 -r 98462e878ca7 src/server/daemon/sessionhandler.c --- a/src/server/daemon/sessionhandler.c Mon Mar 06 17:32:26 2017 +0100 +++ b/src/server/daemon/sessionhandler.c Wed Aug 30 21:53:08 2017 +0200 @@ -163,6 +163,11 @@ } buf->cursize += r; } + if(!http_parser_validate(parser)) { + log_ereport(LOG_FAILURE, "http_parser_validate failed"); + // TODO: send error 400 bad request + return NULL; + } // process request r = handle_request(&request, NULL); // TODO: use correct thread pool @@ -313,8 +318,15 @@ event->finish = evt_request_error; io->error = 3; return 0; + } + + if(!http_parser_validate(parser)) { + log_ereport(LOG_FAILURE, "http_parser_validate failed"); + // TODO: send error 400 bad request + //event->finish = evt_request_error; + //return 0; } - + /* * process request *