mirror of https://github.com/omar-polo/gmid.git
detect and reject NUL bytes embedded in the request
This commit is contained in:
parent
9325f61db0
commit
36bdda94c1
10
server.c
10
server.c
|
@ -951,6 +951,8 @@ client_read(struct bufferevent *bev, void *d)
|
||||||
struct evbuffer *src = EVBUFFER_INPUT(bev);
|
struct evbuffer *src = EVBUFFER_INPUT(bev);
|
||||||
const char *path, *p, *parse_err = "invalid request";
|
const char *path, *p, *parse_err = "invalid request";
|
||||||
char decoded[DOMAIN_NAME_LEN];
|
char decoded[DOMAIN_NAME_LEN];
|
||||||
|
char *nul;
|
||||||
|
size_t len;
|
||||||
|
|
||||||
bufferevent_disable(bev, EVBUFFER_READ);
|
bufferevent_disable(bev, EVBUFFER_READ);
|
||||||
|
|
||||||
|
@ -981,6 +983,14 @@ client_read(struct bufferevent *bev, void *d)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
nul = strchr(c->req, '\0');
|
||||||
|
len = nul - c->req;
|
||||||
|
if (len != c->reqlen) {
|
||||||
|
log_debug("NUL inside the request IRI");
|
||||||
|
start_reply(c, BAD_REQUEST, "bad request");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (!parse_iri(c->req, &c->iri, &parse_err) ||
|
if (!parse_iri(c->req, &c->iri, &parse_err) ||
|
||||||
!puny_decode(c->iri.host, decoded, sizeof(decoded), &parse_err)) {
|
!puny_decode(c->iri.host, decoded, sizeof(decoded), &parse_err)) {
|
||||||
log_debug("IRI parse error: %s", parse_err);
|
log_debug("IRI parse error: %s", parse_err);
|
||||||
|
|
Loading…
Reference in New Issue