yuzu/cpp-httplib
1
0
Fork 0
mirror of https://github.com/yhirose/cpp-httplib synced 2024-11-21 14:29:10 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix crash caused by header field regex complexity (#457)

Browse source
This commit is contained in:
Matthew DeVore 2020-05-01 09:44:13 -07:00 committed by GitHub
parent 08fc7085e5
commit ed1b6afa10
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
httplib.h
View file

@ -1847,7 +1847,7 @@ inline bool read_headers(Stream &strm, Headers &headers) {
// the left or right side of the header value:
// - https://stackoverflow.com/questions/50179659/
// - https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html
static const std::regex re(R"(([^:]+):[\t ]*(.+))");
static const std::regex re(R"(([^:]+):[\t ]*([^\t ].*))");
std::cmatch m;
if (std::regex_match(line_reader.ptr(), end, m, re)) {

13
test/test.cc
View file

@ -2333,6 +2333,19 @@ TEST(ServerRequestParsingTest, ReadHeadersRegexComplexity2) {
"&&&%%%");
}
TEST(ServerRequestParsingTest, ExcessiveWhitespaceInUnparseableHeaderLine) {
// Make sure this doesn't crash the server.
// In a previous version of the header line regex, the "\r" rendered the line
// unparseable and the regex engine repeatedly backtracked, trying to look for
// a new position where the leading white space ended and the field value
// began.
// The crash occurs with libc++ but not libstdc++.
test_raw_request("GET /hi HTTP/1.1\r\n"
"a:" + std::string(2000, ' ') + '\r' + std::string(20, 'z') +
"\r\n"
"\r\n");
}
TEST(ServerRequestParsingTest, InvalidFirstChunkLengthInRequest) {
std::string out;