From 42f3b7cbcab156e89720e466043bfc89f9ed2e96 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Tue, 3 Jul 2018 00:26:13 +0100 Subject: http_protocol_handler: catch invalid numbers when parsing --- contrib/epee/include/net/http_protocol_handler.inl | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'contrib/epee') diff --git a/contrib/epee/include/net/http_protocol_handler.inl b/contrib/epee/include/net/http_protocol_handler.inl index 0bdba0bfe..dc2c06972 100644 --- a/contrib/epee/include/net/http_protocol_handler.inl +++ b/contrib/epee/include/net/http_protocol_handler.inl @@ -328,8 +328,10 @@ namespace net_utils inline bool analize_http_method(const boost::smatch& result, http::http_method& method, int& http_ver_major, int& http_ver_minor) { CHECK_AND_ASSERT_MES(result[0].matched, false, "simple_http_connection_handler::analize_http_method() assert failed..."); - http_ver_major = boost::lexical_cast(result[11]); - http_ver_minor = boost::lexical_cast(result[12]); + if (!boost::conversion::try_lexical_convert(result[11], http_ver_major)) + return false; + if (!boost::conversion::try_lexical_convert(result[12], http_ver_minor)) + return false; if(result[3].matched) method = http::http_method_options; @@ -357,7 +359,12 @@ namespace net_utils boost::smatch result; if(boost::regex_search(m_cache, result, rexp_match_command_line, boost::match_default) && result[0].matched) { - analize_http_method(result, m_query_info.m_http_method, m_query_info.m_http_ver_hi, m_query_info.m_http_ver_hi); + if (!analize_http_method(result, m_query_info.m_http_method, m_query_info.m_http_ver_hi, m_query_info.m_http_ver_hi)) + { + m_state = http_state_error; + MERROR("Failed to analyze method"); + return false; + } m_query_info.m_URI = result[10]; if (!parse_uri(m_query_info.m_URI, m_query_info.m_uri_content)) { @@ -554,7 +561,8 @@ namespace net_utils if(!(boost::regex_search( str, result, rexp_mach_field, boost::match_default) && result[0].matched)) return false; - len = boost::lexical_cast(result[0]); + try { len = boost::lexical_cast(result[0]); } + catch(...) { return false; } return true; } //----------------------------------------------------------------------------------- -- cgit v1.2.3