diff options
author | thiagoftsm <thiagoftsm@gmail.com> | 2019-08-01 15:05:31 +0000 |
---|---|---|
committer | Paul Emm. Katsoulakis <34388743+paulkatsoulakis@users.noreply.github.com> | 2019-08-01 18:05:31 +0300 |
commit | 2db6d758f843fbf6f50f303e6a704deeff3bcc8e (patch) | |
tree | 41ac39d770640f93e20f5e64bd6e0b5307b373bc /web/server | |
parent | deb3623fdccde61207bc21753ac0284ecb259d79 (diff) |
Fix crash in malloc (#6583)
* Server Crashing: URL search path
The system was setting NULL in an address without to have the values
* Server Crashing: URL script
After to fix the SSL, the script were not 100% compatible, so I am bringing the solution here
* Server Crashing:
Fixes reported in the issue related a possible NULL value to be kept and wrong variable
* Server Crashing: Readable code and missing if
It was a missing if yet, so I changed it, no less important I inverted the check order inside if to be more readable
Diffstat (limited to 'web/server')
-rw-r--r-- | web/server/web_client.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/web/server/web_client.c b/web/server/web_client.c index 2da6c1dec1..abd37a8f49 100644 --- a/web/server/web_client.c +++ b/web/server/web_client.c @@ -929,7 +929,6 @@ void web_client_split_path_query(struct web_client *w, char *s) { w->separator = 0x00; w->url_path_length = strlen(s); - w->url_search_path = NULL; } /** @@ -1035,20 +1034,22 @@ static inline HTTP_VALIDATION http_request_validate(struct web_client *w) { // a valid complete HTTP request found *ue = '\0'; + //This is to avoid crash in line + w->url_search_path = NULL; if(w->mode != WEB_CLIENT_MODE_NORMAL) { if(!url_decode_r(w->decoded_url, encoded_url, NETDATA_WEB_REQUEST_URL_SIZE + 1)) return HTTP_VALIDATION_MALFORMED_URL; } else { web_client_split_path_query(w, encoded_url); - if (w->separator) { + if (w->url_search_path && w->separator) { *w->url_search_path = 0x00; } if(!url_decode_r(w->decoded_url, encoded_url, NETDATA_WEB_REQUEST_URL_SIZE + 1)) return HTTP_VALIDATION_MALFORMED_URL; - if (w->separator) { + if (w->url_search_path && w->separator) { *w->url_search_path = w->separator; char *from = (encoded_url + w->url_path_length); @@ -1064,7 +1065,7 @@ static inline HTTP_VALIDATION http_request_validate(struct web_client *w) { // copy the URL - we are going to overwrite parts of it // TODO -- ideally we we should avoid copying buffers around strncpyz(w->last_url, w->decoded_url, NETDATA_WEB_REQUEST_URL_SIZE); - if (w->separator) { + if (w->url_search_path && w->separator) { *w->url_search_path = 0x00; } #ifdef ENABLE_HTTPS |