Mercurial > hg > webserver / changeset

changeset

fix potential uninitialized read in util_uri_unescape_strict

Tue, 11 Nov 2025 16:53:23 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Tue, 11 Nov 2025 16:53:23 +0100
changeset 627
b30bf356dac4
parent 626
c5ee5c4f8f03
child 628
c95f04c14112

fix potential uninitialized read in util_uri_unescape_strict

src/server/daemon/httprequest.c file | annotate | diff | comparison | revisions
src/server/util/util.c file | annotate | diff | comparison | revisions 
--- a/src/server/daemon/httprequest.c	Tue Nov 11 11:03:50 2025 +0100
+++ b/src/server/daemon/httprequest.c	Tue Nov 11 16:53:23 2025 +0100
@@ -337,6 +337,16 @@
                 absPath.length,
                 rq->rq.reqpb);
     } else {
+        // util_uri_unescape_strict can modify absPath.ptr, but
+        // we want to log the original uri. However we also don't want to
+        // create an unnecessary copy. Therefore we restore the original
+        // uri here by calling util_canonicalize_uri again
+        absPath.ptr = util_canonicalize_uri(
+            pool,
+            absPath.ptr,
+            absPath.length,
+            (int*)&absPath.length);
+        
         log_ereport(
                 LOG_FAILURE,
                 "uri unescape failed: {%.*s}",
@@ -345,19 +355,6 @@
         request->status = 400;
         //pblock_kvinsert(pb_key_uri, "/", 1, rq->rq.reqpb);
         
-        // TODO: remove this debug code
-        char tmp_file_path[128];
-        snprintf(tmp_file_path, 128, "logs/req_uri_fail_%lld", (long long int)time(NULL));
-        log_ereport(LOG_FAILURE, "uri unescape req file: %s\n", tmp_file_path);
-        FILE *f = fopen(tmp_file_path, "w");
-        if(f) {
-            fwrite(request->netbuf->inbuf, 1, request->netbuf->pos, f);
-            fclose(f);
-        } else {
-            log_ereport(LOG_FAILURE, "Cannot write req uri fail file\n");
-        }
-        
-        
         return 1;
     }
     
--- a/src/server/util/util.c	Tue Nov 11 11:03:50 2025 +0100
+++ b/src/server/util/util.c	Tue Nov 11 16:53:23 2025 +0100
@@ -353,12 +353,14 @@
     for(t = s, u = s; *t; ++t, ++u) {
         if (*t == '%') {
             t1 = t[1] & 0xdf; /* [a-f] -> [A-F] */
-            if ((t1 < 'A' || t1 > 'F') && (t[1] < '0' || t[1] > '9'))
-                rv = 0;
+            if ((t1 < 'A' || t1 > 'F') && (t[1] < '0' || t[1] > '9')) {
+                return 0;
+            }
 
             t2 = t[2] & 0xdf; /* [a-f] -> [A-F] */
-            if ((t2 < 'A' || t2 > 'F') && (t[2] < '0' || t[2] > '9'))
-                rv = 0;
+            if ((t2 < 'A' || t2 > 'F') && (t[2] < '0' || t[2] > '9')) {
+                return 0;
+            }
 
             *u = ((t[1] >= 'A' ? ((t[1] & 0xdf) - 'A')+10 : (t[1] - '0'))*16) +
                   (t[2] >= 'A' ? ((t[2] & 0xdf) - 'A')+10 : (t[2] - '0'));
@@ -369,7 +371,7 @@
     }
     *u = *t;
 
-    return rv;
+    return 1;
 }

Mercurial Repository: webserver

mercurial