lib/cpp-httplib
1
0
Fork 0
mirror of synced 2025-04-20 11:47:43 +03:00
Code

Treat paths with embedded NUL bytes as invalid (#1765)

Browse Source 
Fixes #1763.
This commit is contained in:
Wander Nauta 2024-01-27 14:22:00 +01:00 committed by GitHub
parent 44b3fe6277
commit 4ef9ed80cd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
httplib.h
View File

@ -2413,6 +2413,7 @@ inline bool is_valid_path(const std::string &path) {
// Read component // Read component
auto beg = i; auto beg = i;
while (i < path.size() && path[i] != '/') { while (i < path.size() && path[i] != '/') {
if (path[i] == '\0') { return false; }
i++; i++;
} }

15
test/test.cc
View File

@ -71,6 +71,15 @@ TEST(DecodeURLTest, PercentCharacter) {
R"(descrip=Gastos áéíóúñÑ 6)"); R"(descrip=Gastos áéíóúñÑ 6)");
} }
TEST(DecodeURLTest, PercentCharacterNUL) {
string expected;
expected.push_back('x');
expected.push_back('\0');
expected.push_back('x');
EXPECT_EQ(detail::decode_url("x%00x", false), expected);
}
TEST(EncodeQueryParamTest, ParseUnescapedChararactersTest) { TEST(EncodeQueryParamTest, ParseUnescapedChararactersTest) {
string unescapedCharacters = "-_.!~*'()"; string unescapedCharacters = "-_.!~*'()";
@ -2482,6 +2491,12 @@ TEST_F(ServerTest, GetMethodInvalidMountPath) {
EXPECT_EQ(StatusCode::NotFound_404, res->status); EXPECT_EQ(StatusCode::NotFound_404, res->status);
} }
TEST_F(ServerTest, GetMethodEmbeddedNUL) {
auto res = cli_.Get("/mount/dir/test.html%00.js");
ASSERT_TRUE(res);
EXPECT_EQ(StatusCode::NotFound_404, res->status);
}
TEST_F(ServerTest, GetMethodOutOfBaseDirMount) { TEST_F(ServerTest, GetMethodOutOfBaseDirMount) {
auto res = cli_.Get("/mount/../www2/dir/test.html"); auto res = cli_.Get("/mount/../www2/dir/test.html");
ASSERT_TRUE(res); ASSERT_TRUE(res);