lib/cpp-httplib
1
0
Fork 0
mirror of synced 2025-04-20 11:47:43 +03:00
Code

Fix crash caused by header field regex complexity (#457)

Browse Source
This commit is contained in:
Matthew DeVore 2020-05-01 09:44:13 -07:00 committed by GitHub
parent 08fc7085e5
commit ed1b6afa10
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
httplib.h
View File

@ -1847,7 +1847,7 @@ inline bool read_headers(Stream &strm, Headers &headers) {
// the left or right side of the header value: // the left or right side of the header value:
// - https://stackoverflow.com/questions/50179659/ // - https://stackoverflow.com/questions/50179659/
// - https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html // - https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html
static const std::regex re(R"(([^:]+):[\t ]*(.+))"); static const std::regex re(R"(([^:]+):[\t ]*([^\t ].*))");
std::cmatch m; std::cmatch m;
if (std::regex_match(line_reader.ptr(), end, m, re)) { if (std::regex_match(line_reader.ptr(), end, m, re)) {

13
test/test.cc
View File

@ -2333,6 +2333,19 @@ TEST(ServerRequestParsingTest, ReadHeadersRegexComplexity2) {
"&&&%%%"); "&&&%%%");
} }
TEST(ServerRequestParsingTest, ExcessiveWhitespaceInUnparseableHeaderLine) {
// Make sure this doesn't crash the server.
// In a previous version of the header line regex, the "\r" rendered the line
// unparseable and the regex engine repeatedly backtracked, trying to look for
// a new position where the leading white space ended and the field value
// began.
// The crash occurs with libc++ but not libstdc++.
test_raw_request("GET /hi HTTP/1.1\r\n"
"a:" + std::string(2000, ' ') + '\r' + std::string(20, 'z') +
"\r\n"
"\r\n");
}
TEST(ServerRequestParsingTest, InvalidFirstChunkLengthInRequest) { TEST(ServerRequestParsingTest, InvalidFirstChunkLengthInRequest) {
std::string out; std::string out;