lib/cpp-httplib
1
0
Fork 0
mirror of synced 2025-04-21 22:25:55 +03:00
Code

Fix query parsing issues (#629)

Browse Source 
* Fix parsing to parse query string with single space char.

When passed ' ' as a query string, the server crashes cause of illegal memory access done in httplib::detail::split. Have added checks to make sure the split function has a valid string with length > 0.

* Fix parsing to parse query string with single space char.
This commit is contained in:
Omkar Jadhav 2020-08-28 19:13:28 +05:30 committed by GitHub
parent 3e80666a74
commit b0fd4befb1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
httplib.h
View File

@ -1455,10 +1455,12 @@ template <class Fn> void split(const char *b, const char *e, char d, Fn fn) {
int i = 0; int i = 0;
int beg = 0; int beg = 0;
while (e ? (b + i != e) : (b[i] != '\0')) { while (e ? (b + i < e) : (b[i] != '\0')) {
if (b[i] == d) { if (b[i] == d) {
auto r = trim(b, e, beg, i); auto r = trim(b, e, beg, i);
fn(&b[r.first], &b[r.second]); if (r.first < r.second) {
fn(&b[r.first], &b[r.second]);
}
beg = i + 1; beg = i + 1;
} }
i++; i++;
@ -1466,7 +1468,9 @@ template <class Fn> void split(const char *b, const char *e, char d, Fn fn) {
if (i) { if (i) {
auto r = trim(b, e, beg, i); auto r = trim(b, e, beg, i);
fn(&b[r.first], &b[r.second]); if (r.first < r.second) {
fn(&b[r.first], &b[r.second]);
}
} }
} }
@ -2832,7 +2836,6 @@ inline std::string params_to_query_str(const Params &params) {
query += "="; query += "=";
query += encode_url(it->second); query += encode_url(it->second);
} }
return query; return query;
} }
@ -2847,7 +2850,10 @@ inline void parse_query_text(const std::string &s, Params &params) {
val.assign(b2, e2); val.assign(b2, e2);
} }
}); });
params.emplace(decode_url(key, true), decode_url(val, true));
if(!key.empty()) {
params.emplace(decode_url(key, true), decode_url(val, true));
}
}); });
} }

18
test/test.cc
View File

@ -66,6 +66,24 @@ TEST(SplitTest, ParseQueryString) {
EXPECT_EQ("val3", dic.find("key3")->second); EXPECT_EQ("val3", dic.find("key3")->second);
} }
TEST(SplitTest, ParseInvalidQueryTests) {
{
string s = " ";
Params dict;
detail::parse_query_text(s, dict);
EXPECT_TRUE(dict.empty());
}
{
string s = " = =";
Params dict;
detail::parse_query_text(s, dict);
EXPECT_TRUE(dict.empty());
}
}
TEST(ParseQueryTest, ParseQueryString) { TEST(ParseQueryTest, ParseQueryString) {
string s = "key1=val1&key2=val2&key3=val3"; string s = "key1=val1&key2=val2&key3=val3";
Params dic; Params dic;