Mercurial > hg > webserver / changeset

changeset

fixes crash with broken http requests

Wed, 30 Aug 2017 21:53:08 +0200

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Wed, 30 Aug 2017 21:53:08 +0200
changeset 180
98462e878ca7
parent 179
ef6827505bd2
child 181
12828065f120

fixes crash with broken http requests

src/server/daemon/httpparser.c file | annotate | diff | comparison | revisions
src/server/daemon/httpparser.h file | annotate | diff | comparison | revisions
src/server/daemon/httprequest.c file | annotate | diff | comparison | revisions
src/server/daemon/sessionhandler.c file | annotate | diff | comparison | revisions 
--- a/src/server/daemon/httpparser.c	Mon Mar 06 17:32:26 2017 +0100
+++ b/src/server/daemon/httpparser.c	Wed Aug 30 21:53:08 2017 +0200
@@ -72,6 +72,18 @@
     return -1;
 }
 
+int http_parser_validate(HttpParser *parser) {
+    HTTPRequest *req = parser->request;
+    if(
+            !req->method.ptr || req->method.length == 0
+            || req->uri.ptr || req->uri.length == 0
+            || !req->httpv.ptr || req->httpv.length == 0)
+    {
+        return 0;
+    }
+    return 1;
+}
+
 int get_start_line(HttpParser *parser) {
     netbuf *buf = parser->request->netbuf;
     while(buf->pos < buf->cursize) {
--- a/src/server/daemon/httpparser.h	Mon Mar 06 17:32:26 2017 +0100
+++ b/src/server/daemon/httpparser.h	Wed Aug 30 21:53:08 2017 +0200
@@ -74,6 +74,8 @@
  */
 int http_parser_process(HttpParser *parser);
 
+int http_parser_validate(HttpParser *parser);
+
 int get_start_line(HttpParser *parser);
 int http_parser_parse_header(HttpParser *parser);
 
--- a/src/server/daemon/httprequest.c	Mon Mar 06 17:32:26 2017 +0100
+++ b/src/server/daemon/httprequest.c	Wed Aug 30 21:53:08 2017 +0200
@@ -45,8 +45,7 @@
 #include "error.h"
 
 void http_request_init(HTTPRequest *req) {
-    req->connection = NULL;
-    req->uri.ptr = NULL;
+    memset(req, 0, sizeof(HTTPRequest));
 
     HeaderArray *hd = malloc(sizeof(HeaderArray));
     hd->next = NULL;
@@ -155,14 +154,13 @@
     // Pass request line as "clf-request"
     // remove \r\n 
     sstr_t clfreq = request->request_line;
-    while(clfreq.ptr[clfreq.length - 1] < 33) {
+    while(clfreq.length > 0 && clfreq.ptr[clfreq.length - 1] < 33) {
         clfreq.length--;
     }
-    request->request_line = clfreq;
     pblock_kvinsert(
             pb_key_clf_request,
-            request->request_line.ptr,
-            request->request_line.length,
+            clfreq.ptr,
+            clfreq.length,
             rq->rq.reqpb);
 
     // Pass method as "method" in reqpb, and also as method_num
--- a/src/server/daemon/sessionhandler.c	Mon Mar 06 17:32:26 2017 +0100
+++ b/src/server/daemon/sessionhandler.c	Wed Aug 30 21:53:08 2017 +0200
@@ -163,6 +163,11 @@
         }
         buf->cursize += r;
     }
+    if(!http_parser_validate(parser)) {
+        log_ereport(LOG_FAILURE, "http_parser_validate failed");
+        // TODO: send error 400 bad request
+        return NULL;
+    }
     
     // process request
     r = handle_request(&request, NULL); // TODO: use correct thread pool
@@ -313,8 +318,15 @@
         event->finish = evt_request_error;
         io->error = 3;
         return 0;
+    }  
+    
+    if(!http_parser_validate(parser)) {
+        log_ereport(LOG_FAILURE, "http_parser_validate failed");
+        // TODO: send error 400 bad request
+        //event->finish = evt_request_error;
+        //return 0;
     }
-     
+    
     /*
      * process request
      *

Mercurial Repository: webserver

mercurial