mirror of https://github.com/omar-polo/gmid.git
detect and reject NUL bytes embedded in the request
This commit is contained in:
parent
9325f61db0
commit
36bdda94c1
10
server.c
10
server.c
|
@ -951,6 +951,8 @@ client_read(struct bufferevent *bev, void *d)
|
|||
struct evbuffer *src = EVBUFFER_INPUT(bev);
|
||||
const char *path, *p, *parse_err = "invalid request";
|
||||
char decoded[DOMAIN_NAME_LEN];
|
||||
char *nul;
|
||||
size_t len;
|
||||
|
||||
bufferevent_disable(bev, EVBUFFER_READ);
|
||||
|
||||
|
@ -981,6 +983,14 @@ client_read(struct bufferevent *bev, void *d)
|
|||
return;
|
||||
}
|
||||
|
||||
nul = strchr(c->req, '\0');
|
||||
len = nul - c->req;
|
||||
if (len != c->reqlen) {
|
||||
log_debug("NUL inside the request IRI");
|
||||
start_reply(c, BAD_REQUEST, "bad request");
|
||||
return;
|
||||
}
|
||||
|
||||
if (!parse_iri(c->req, &c->iri, &parse_err) ||
|
||||
!puny_decode(c->iri.host, decoded, sizeof(decoded), &parse_err)) {
|
||||
log_debug("IRI parse error: %s", parse_err);
|
||||
|
|
Loading…
Reference in New Issue