changeset
fixes crash on broken urls
Mon, 30 Jan 2017 20:54:20 +0100
- author
- Olaf Wintermann <olaf.wintermann@gmail.com>
- date
- Mon, 30 Jan 2017 20:54:20 +0100
- changeset 168
- 5c752979bfd6
- parent 164
- 6f47eb624665
- child 169
- 76c96ee18221
fixes crash on broken urls
| src/server/Makefile | file | annotate | diff | comparison | revisions | |
| src/server/daemon/httprequest.c | file | annotate | diff | comparison | revisions |
--- a/src/server/Makefile Sat Jan 28 10:53:46 2017 +0100 +++ b/src/server/Makefile Mon Jan 30 20:54:20 2017 +0100 @@ -70,8 +70,8 @@ $(CC) -o $@ -c $(CFLAGS) $< -$(PLUGINS): $(MAIN_TARGET) +$(PLUGINS): $(MAIN_TARGET) FORCE cd plugins/$@/; $(MAKE) all - +FORCE:
--- a/src/server/daemon/httprequest.c Sat Jan 28 10:53:46 2017 +0100 +++ b/src/server/daemon/httprequest.c Mon Jan 30 20:54:20 2017 +0100 @@ -234,11 +234,22 @@ } // Get abs_path part of request URI, and canonicalize the path + sstr_t orig_path = absPath; absPath.ptr = util_canonicalize_uri( pool, absPath.ptr, absPath.length, (int*)&absPath.length); + if(!absPath.ptr) { + log_ereport( + LOG_WARN, + "invalid request path: {%.*s}", + (int)orig_path.length, + orig_path.ptr); + pool_destroy(pool); + // TODO: 400 bad request + return 1; + } // Decode the abs_path if(util_uri_unescape_strict(absPath.ptr)) { @@ -250,7 +261,12 @@ rq->rq.reqpb); } else { // TODO: log error - log_ereport(LOG_WARN, "uri unescape failed"); + log_ereport( + LOG_WARN, + "uri unescape failed: {%.*s}", + (int)absPath.length, + absPath.ptr); + // TODO: 400 bad request pblock_kvinsert(pb_key_uri, "/", 1, rq->rq.reqpb); }
