libweb: Bump new signature for http_decode_urldecode-url

The new signature allows callers to distinguish decoding errors from fatal errors. This is important for slcl to avoid crashing when ill-formed data is received from a client.
author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> 2023-11-12 00:01:35 +0100
committer: Xavier Del Campo Romero <xavi.dcr@tutanota.com> 2023-11-12 00:15:57 +0100
commit: c8e91394de5c9ff7f026736f72fca5939030558c (patch)
tree: 03e1af9261e07f1ea88802e6f212c14660bc0d67
parent: fada861c5f00be5b2d86ca9e2667b57af50ad3d7 (diff)
2 files changed, 30 insertions, 15 deletions
diff --git a/libweb b/libweb
-Subproject dbdaac757fb9217e4b28afc05f1fe523f68d64d
+Subproject 2fce1f4b081b645f33692866a5618bdabe4d32c
diff --git a/main.c b/main.c
index ae501a3..5abf848 100644
--- a/main.c
+++ b/main.c
@@ -135,7 +135,8 @@ static int append_form(struct form **const forms, const char **const s,
 {
     int ret = -1;
     const char *end;
-    char *const data = alloc_form_data(*s, &end), *key = NULL, *value = NULL;
+    char *const data = alloc_form_data(*s, &end), *enckey = NULL,
+        *encvalue = NULL, *key = NULL, *value = NULL;
     struct form *f = NULL, *fs = NULL;
 
     if (!data)
@@ -161,14 +162,16 @@ static int append_form(struct form **const forms, const char **const s,
 
     const size_t keylen = sep - data;
 
-    if (!(key = strndup(data, keylen)))
+    if (!(enckey = strndup(data, keylen)))
     {
-        fprintf(stderr, "%s: strndup(3) key: %s\n", __func__, strerror(errno));
+        fprintf(stderr, "%s: strndup(3) enckey: %s\n",
+            __func__, strerror(errno));
         goto end;
     }
-    else if (!(value = strdup(sep + 1)))
+    else if (!(encvalue = strdup(sep + 1)))
     {
-        fprintf(stderr, "%s: strdup(3) value: %s\n", __func__, strerror(errno));
+        fprintf(stderr, "%s: strdup(3) encvalue: %s\n",
+            __func__, strerror(errno));
         goto end;
     }
     else if (!(fs = realloc(*forms, (*n + 1) * sizeof **forms)))
@@ -178,27 +181,39 @@ static int append_form(struct form **const forms, const char **const s,
     }
 
     *forms = fs;
-    f = &(*forms)[(*n)++];
 
     /* HTML input forms use '+' for whitespace, rather than %20. */
-    *f = (const struct form)
+    if ((ret = http_decode_url(enckey, true, &key)))
     {
-        .key = http_decode_url(key, true),
-        .value = http_decode_url(value, true)
-    };
-
-    if (!f->key || !f->value)
+        fprintf(stderr, "%s: http_decode_url enckey failed\n", __func__);
+        goto end;
+    }
+    else if ((ret = http_decode_url(encvalue, true, &value)))
     {
-        fprintf(stderr, "%s: http_decode_url key/value failed\n", __func__);
+        fprintf(stderr, "%s: http_decode_url encvalue failed\n", __func__);
         goto end;
     }
 
+    f = &(*forms)[(*n)++];
+
+    *f = (const struct form)
+    {
+        .key = key,
+        .value = value
+    };
+
     *s = end;
     ret = 0;
 
 end:
-    free(key);
-    free(value);
+    if (ret)
+    {
+        free(key);
+        free(value);
+    }
+
+    free(enckey);
+    free(encvalue);
     free(data);
     return ret;
 }
author	Xavier Del Campo Romero <xavi.dcr@tutanota.com>	2023-11-12 00:01:35 +0100
committer	Xavier Del Campo Romero <xavi.dcr@tutanota.com>	2023-11-12 00:15:57 +0100
commit	c8e91394de5c9ff7f026736f72fca5939030558c (patch)
tree	03e1af9261e07f1ea88802e6f212c14660bc0d67
parent	fada861c5f00be5b2d86ca9e2667b57af50ad3d7 (diff)