xavi
/
slcl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 3 Wiki Activity

libweb: Bump new signature for http_decode_url 

The new signature allows callers to distinguish decoding errors from
fatal errors. This is important for slcl to avoid crashing when
ill-formed data is received from a client.
This commit is contained in:
Xavier Del Campo Romero 2023-11-12 00:01:35 +01:00
parent fada861c5f
commit c8e91394de
Signed by: xavi
GPG Key ID: 84FF3612A9BF43F2
2 changed files with 32 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libweb

@ -1 +1 @@
Subproject commit dbdaac757fb9217e4b28afc05f1fe523f68d64d3 Subproject commit 2fce1f4b081b645f33692866a5618bdabe4d32c2

47
main.c
View File

@ -135,7 +135,8 @@ static int append_form(struct form **const forms, const char **const s,
{ {
int ret = -1; int ret = -1;
const char *end; const char *end;
char *const data = alloc_form_data(*s, &end), *key = NULL, *value = NULL; char *const data = alloc_form_data(*s, &end), *enckey = NULL,
*encvalue = NULL, *key = NULL, *value = NULL;
struct form *f = NULL, *fs = NULL; struct form *f = NULL, *fs = NULL;
if (!data) if (!data)
@ -161,14 +162,16 @@ static int append_form(struct form **const forms, const char **const s,
const size_t keylen = sep - data; const size_t keylen = sep - data;
if (!(key = strndup(data, keylen))) if (!(enckey = strndup(data, keylen)))
{ {
fprintf(stderr, "%s: strndup(3) key: %s\n", __func__, strerror(errno)); fprintf(stderr, "%s: strndup(3) enckey: %s\n",
__func__, strerror(errno));
goto end; goto end;
} }
else if (!(value = strdup(sep + 1))) else if (!(encvalue = strdup(sep + 1)))
{ {
fprintf(stderr, "%s: strdup(3) value: %s\n", __func__, strerror(errno)); fprintf(stderr, "%s: strdup(3) encvalue: %s\n",
__func__, strerror(errno));
goto end; goto end;
} }
else if (!(fs = realloc(*forms, (*n + 1) * sizeof **forms))) else if (!(fs = realloc(*forms, (*n + 1) * sizeof **forms)))
@ -178,27 +181,39 @@ static int append_form(struct form **const forms, const char **const s,
} }
*forms = fs; *forms = fs;
f = &(*forms)[(*n)++];
/* HTML input forms use '+' for whitespace, rather than %20. */ /* HTML input forms use '+' for whitespace, rather than %20. */
*f = (const struct form) if ((ret = http_decode_url(enckey, true, &key)))
{ {
.key = http_decode_url(key, true), fprintf(stderr, "%s: http_decode_url enckey failed\n", __func__);
.value = http_decode_url(value, true)
};
if (!f->key || !f->value)
{
fprintf(stderr, "%s: http_decode_url key/value failed\n", __func__);
goto end; goto end;
} }
else if ((ret = http_decode_url(encvalue, true, &value)))
{
fprintf(stderr, "%s: http_decode_url encvalue failed\n", __func__);
goto end;
}
f = &(*forms)[(*n)++];
*f = (const struct form)
{
.key = key,
.value = value
};
*s = end; *s = end;
ret = 0; ret = 0;
end: end:
free(key); if (ret)
free(value); {
free(key);
free(value);
}
free(enckey);
free(encvalue);
free(data); free(data);
return ret; return ret;
} }