yuzu/cpp-httplib
1
0
Fork 0
mirror of https://github.com/yhirose/cpp-httplib synced 2024-11-21 06:26:02 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix range parser when parsing too many ranges (#1812)

Browse source 
* Implement range parser without std::regex

* Add test cases for invalid ranges
This commit is contained in:
Jiwoo Park 2024-04-07 23:06:16 +09:00 committed by GitHub
parent a61f2b89be
commit f44ab9b3da
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 51 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
httplib.h
View file

@ -4365,35 +4365,44 @@ inline bool parse_range_header(const std::string &s, Ranges &ranges) {
#else
inline bool parse_range_header(const std::string &s, Ranges &ranges) try {
#endif
static auto re_first_range = std::regex(R"(bytes=(\d*-\d*(?:,\s*\d*-\d*)*))");
std::smatch m;
if (std::regex_match(s, m, re_first_range)) {
auto pos = static_cast<size_t>(m.position(1));
auto len = static_cast<size_t>(m.length(1));
auto is_valid = [](const std::string &str) {
return std::all_of(str.cbegin(), str.cend(),
[](unsigned char c) { return std::isdigit(c); });
};
if (s.size() > 7 && s.compare(0, 6, "bytes=") == 0) {
const auto pos = static_cast<size_t>(6);
const auto len = static_cast<size_t>(s.size() - 6);
auto all_valid_ranges = true;
split(&s[pos], &s[pos + len], ',', [&](const char *b, const char *e) {
if (!all_valid_ranges) { return; }
static auto re_another_range = std::regex(R"(\s*(\d*)-(\d*))");
std::cmatch cm;
if (std::regex_match(b, e, cm, re_another_range)) {
ssize_t first = -1;
if (!cm.str(1).empty()) {
first = static_cast<ssize_t>(std::stoll(cm.str(1)));
}
ssize_t last = -1;
if (!cm.str(2).empty()) {
last = static_cast<ssize_t>(std::stoll(cm.str(2)));
}
if (first != -1 && last != -1 && first > last) {
all_valid_ranges = false;
return;
}
ranges.emplace_back(std::make_pair(first, last));
const auto it = std::find(b, e, '-');
if (it == e) {
all_valid_ranges = false;
return;
}
const auto lhs = std::string(b, it);
const auto rhs = std::string(it + 1, e);
if (!is_valid(lhs) || !is_valid(rhs)) {
all_valid_ranges = false;
return;
}
const auto first =
static_cast<ssize_t>(lhs.empty() ? -1 : std::stoll(lhs));
const auto last =
static_cast<ssize_t>(rhs.empty() ? -1 : std::stoll(rhs));
if ((first == -1 && last == -1) ||
(first != -1 && last != -1 && first > last)) {
all_valid_ranges = false;
return;
}
ranges.emplace_back(first, last);
});
return all_valid_ranges;
return all_valid_ranges && !ranges.empty();
}
return false;
#ifdef CPPHTTPLIB_NO_EXCEPTIONS

19
test/test.cc
View file

@ -352,6 +352,25 @@ TEST(ParseHeaderValueTest, Range) {
EXPECT_EQ(300u, ranges[2].first);
EXPECT_EQ(400u, ranges[2].second);
}
{
Ranges ranges;
EXPECT_FALSE(detail::parse_range_header("bytes", ranges));
EXPECT_FALSE(detail::parse_range_header("bytes=", ranges));
EXPECT_FALSE(detail::parse_range_header("bytes=0", ranges));
EXPECT_FALSE(detail::parse_range_header("bytes=-", ranges));
EXPECT_FALSE(detail::parse_range_header("bytes= ", ranges));
EXPECT_FALSE(detail::parse_range_header("bytes=,", ranges));
EXPECT_FALSE(detail::parse_range_header("bytes=,,", ranges));
EXPECT_FALSE(detail::parse_range_header("bytes=,,,", ranges));
EXPECT_FALSE(detail::parse_range_header("bytes=a-b", ranges));
EXPECT_FALSE(detail::parse_range_header("bytes=1-0", ranges));
EXPECT_FALSE(detail::parse_range_header("bytes=0--1", ranges));
EXPECT_FALSE(detail::parse_range_header("bytes=0- 1", ranges));
EXPECT_FALSE(detail::parse_range_header("bytes=0 -1", ranges));
EXPECT_TRUE(ranges.empty());
}
}
TEST(ParseAcceptEncoding1, AcceptEncoding) {