diff options
| author | luigi1111 <luigi1111w@gmail.com> | 2018-08-15 17:08:10 -0500 |
|---|---|---|
| committer | luigi1111 <luigi1111w@gmail.com> | 2018-08-15 17:08:10 -0500 |
| commit | dd966c8a3ac9d987745c494e33606e99ccec7d5f (patch) | |
| tree | 550864a3f9d7fe3e00562d7f6fa993612c9851ad | |
| parent | Merge pull request #4089 (diff) | |
| parent | http_protocol_handler: fix HTTP/x.y parsing (diff) | |
| download | monero-dd966c8a3ac9d987745c494e33606e99ccec7d5f.tar.xz | |
Merge pull request #4090
42f3b7c http_protocol_handler: catch invalid numbers when parsing (moneromooo-monero)
0a4a7da http_protocol_handler: fix HTTP/x.y parsing (moneromooo-monero)
| -rw-r--r-- | contrib/epee/include/net/http_protocol_handler.inl | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/contrib/epee/include/net/http_protocol_handler.inl b/contrib/epee/include/net/http_protocol_handler.inl index 0bdba0bfe..76db5346f 100644 --- a/contrib/epee/include/net/http_protocol_handler.inl +++ b/contrib/epee/include/net/http_protocol_handler.inl @@ -328,8 +328,10 @@ namespace net_utils inline bool analize_http_method(const boost::smatch& result, http::http_method& method, int& http_ver_major, int& http_ver_minor) { CHECK_AND_ASSERT_MES(result[0].matched, false, "simple_http_connection_handler::analize_http_method() assert failed..."); - http_ver_major = boost::lexical_cast<int>(result[11]); - http_ver_minor = boost::lexical_cast<int>(result[12]); + if (!boost::conversion::try_lexical_convert<int>(result[11], http_ver_major)) + return false; + if (!boost::conversion::try_lexical_convert<int>(result[12], http_ver_minor)) + return false; if(result[3].matched) method = http::http_method_options; @@ -351,13 +353,18 @@ namespace net_utils template<class t_connection_context> bool simple_http_connection_handler<t_connection_context>::handle_invoke_query_line() { - STATIC_REGEXP_EXPR_1(rexp_match_command_line, "^(((OPTIONS)|(GET)|(HEAD)|(POST)|(PUT)|(DELETE)|(TRACE)) (\\S+) HTTP/(\\d+).(\\d+))\r?\n", boost::regex::icase | boost::regex::normal); + STATIC_REGEXP_EXPR_1(rexp_match_command_line, "^(((OPTIONS)|(GET)|(HEAD)|(POST)|(PUT)|(DELETE)|(TRACE)) (\\S+) HTTP/(\\d+)\\.(\\d+))\r?\n", boost::regex::icase | boost::regex::normal); // 123 4 5 6 7 8 9 10 11 12 //size_t match_len = 0; boost::smatch result; if(boost::regex_search(m_cache, result, rexp_match_command_line, boost::match_default) && result[0].matched) { - analize_http_method(result, m_query_info.m_http_method, m_query_info.m_http_ver_hi, m_query_info.m_http_ver_hi); + if (!analize_http_method(result, m_query_info.m_http_method, m_query_info.m_http_ver_hi, m_query_info.m_http_ver_hi)) + { + m_state = http_state_error; + MERROR("Failed to analyze method"); + return false; + } m_query_info.m_URI = result[10]; if (!parse_uri(m_query_info.m_URI, m_query_info.m_uri_content)) { @@ -554,7 +561,8 @@ namespace net_utils if(!(boost::regex_search( str, result, rexp_mach_field, boost::match_default) && result[0].matched)) return false; - len = boost::lexical_cast<size_t>(result[0]); + try { len = boost::lexical_cast<size_t>(result[0]); } + catch(...) { return false; } return true; } //----------------------------------------------------------------------------------- |