libweb: Bump new signature for http_decode_url

The new signature allows callers to distinguish decoding errors from fatal errors. This is important for slcl to avoid crashing when ill-formed data is received from a client.
2023-11-12 00:01:35 +01:00 · 2023-11-12 00:01:35 +01:00 · 8dff21942e
parent fada861c5f
commit 8dff21942e
2 changed files with 32 additions and 17 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit dbdaac757fb9217e4b28afc05f1fe523f68d64d3
+Subproject commit 9e1779eacdbe4f56177efb258f543e8baa9efc4e
--- a/main.c
+++ b/main.c
@ -135,7 +135,8 @@ static int append_form(struct form **const forms, const char **const s,
 {
    int ret = -1;
    const char *end;
-    char *const data = alloc_form_data(*s, &end), *key = NULL, *value = NULL;
+    char *const data = alloc_form_data(*s, &end), *enckey = NULL,
+        *encvalue = NULL, *key = NULL, *value = NULL;
    struct form *f = NULL, *fs = NULL;

    if (!data)
@ -161,14 +162,16 @@ static int append_form(struct form **const forms, const char **const s,

    const size_t keylen = sep - data;

-    if (!(key = strndup(data, keylen)))
+    if (!(enckey = strndup(data, keylen)))
    {
-        fprintf(stderr, "%s: strndup(3) key: %s\n", __func__, strerror(errno));
+        fprintf(stderr, "%s: strndup(3) enckey: %s\n",
+            __func__, strerror(errno));
        goto end;
    }
-    else if (!(value = strdup(sep + 1)))
+    else if (!(encvalue = strdup(sep + 1)))
    {
-        fprintf(stderr, "%s: strdup(3) value: %s\n", __func__, strerror(errno));
+        fprintf(stderr, "%s: strdup(3) encvalue: %s\n",
+            __func__, strerror(errno));
        goto end;
    }
    else if (!(fs = realloc(*forms, (*n + 1) * sizeof **forms)))
@ -178,27 +181,39 @@ static int append_form(struct form **const forms, const char **const s,
    }

    *forms = fs;
-    f = &(*forms)[(*n)++];

    /* HTML input forms use '+' for whitespace, rather than %20. */
-    *f = (const struct form)
+    if ((ret = http_decode_url(enckey, true, &key)))
    {
-        .key = http_decode_url(key, true),
-        .value = http_decode_url(value, true)
-    };
-
-    if (!f->key || !f->value)
-    {
-        fprintf(stderr, "%s: http_decode_url key/value failed\n", __func__);
+        fprintf(stderr, "%s: http_decode_url enckey failed\n", __func__);
        goto end;
    }
+    else if ((ret = http_decode_url(encvalue, true, &value)))
+    {
+        fprintf(stderr, "%s: http_decode_url encvalue failed\n", __func__);
+        goto end;
+    }
+
+    f = &(*forms)[(*n)++];
+
+    *f = (const struct form)
+    {
+        .key = key,
+        .value = value
+    };

    *s = end;
    ret = 0;

 end:
-    free(key);
-    free(value);
+    if (ret)
+    {
+        free(key);
+        free(value);
+    }
+
+    free(enckey);
+    free(encvalue);
    free(data);
    return ret;
 }