diff options
| author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2018-07-03 00:26:13 +0100 |
|---|---|---|
| committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2018-07-03 23:16:44 +0100 |
| commit | 42f3b7cbcab156e89720e466043bfc89f9ed2e96 (patch) | |
| tree | 9aed81f161fae1dd4a2d5a40dc976ac4a22bf51c | |
| parent | Merge pull request #4067 (diff) | |
| download | monero-42f3b7cbcab156e89720e466043bfc89f9ed2e96.tar.xz | |
http_protocol_handler: catch invalid numbers when parsing
| -rw-r--r-- | contrib/epee/include/net/http_protocol_handler.inl | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/contrib/epee/include/net/http_protocol_handler.inl b/contrib/epee/include/net/http_protocol_handler.inl index 0bdba0bfe..dc2c06972 100644 --- a/contrib/epee/include/net/http_protocol_handler.inl +++ b/contrib/epee/include/net/http_protocol_handler.inl @@ -328,8 +328,10 @@ namespace net_utils inline bool analize_http_method(const boost::smatch& result, http::http_method& method, int& http_ver_major, int& http_ver_minor) { CHECK_AND_ASSERT_MES(result[0].matched, false, "simple_http_connection_handler::analize_http_method() assert failed..."); - http_ver_major = boost::lexical_cast<int>(result[11]); - http_ver_minor = boost::lexical_cast<int>(result[12]); + if (!boost::conversion::try_lexical_convert<int>(result[11], http_ver_major)) + return false; + if (!boost::conversion::try_lexical_convert<int>(result[12], http_ver_minor)) + return false; if(result[3].matched) method = http::http_method_options; @@ -357,7 +359,12 @@ namespace net_utils boost::smatch result; if(boost::regex_search(m_cache, result, rexp_match_command_line, boost::match_default) && result[0].matched) { - analize_http_method(result, m_query_info.m_http_method, m_query_info.m_http_ver_hi, m_query_info.m_http_ver_hi); + if (!analize_http_method(result, m_query_info.m_http_method, m_query_info.m_http_ver_hi, m_query_info.m_http_ver_hi)) + { + m_state = http_state_error; + MERROR("Failed to analyze method"); + return false; + } m_query_info.m_URI = result[10]; if (!parse_uri(m_query_info.m_URI, m_query_info.m_uri_content)) { @@ -554,7 +561,8 @@ namespace net_utils if(!(boost::regex_search( str, result, rexp_mach_field, boost::match_default) && result[0].matched)) return false; - len = boost::lexical_cast<size_t>(result[0]); + try { len = boost::lexical_cast<size_t>(result[0]); } + catch(...) { return false; } return true; } //----------------------------------------------------------------------------------- |