diff options
| author | pablomartin4btc <pablomartin4btc@gmail.com> | 2023-04-14 19:03:08 -0300 |
|---|---|---|
| committer | pablomartin4btc <pablomartin4btc@gmail.com> | 2023-04-17 10:13:34 -0300 |
| commit | 11422cc5720c8d73a87600de8fe8abb156db80dc (patch) | |
| tree | 76363292587e46c2243acbbaa952f93d2ee64714 /src/test | |
| parent | 2bfe43db164de7382d01c06dbdebf250d35f9f2f (diff) | |
bugfix: rest: avoid segfault for invalid URI
`evhttp_uri_parse` can return a nullptr, for example when the URI
contains invalid characters (e.g. "%").
`GetQueryParameterFromUri` passes the output of `evhttp_uri_parse`
straight into `evhttp_uri_get_query`, which means that anyone calling
a REST endpoint in which query parameters are used (e.g. `rest_headers`)
can cause a segfault.
This bugfix is designed to be minimal and without additional behaviour change.
Follow-up work should be done to resolve this in a more general and robust way,
so not every endpoint has to handle it individually.
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/httpserver_tests.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/test/httpserver_tests.cpp b/src/test/httpserver_tests.cpp index ee59ec6967..c95a777e80 100644 --- a/src/test/httpserver_tests.cpp +++ b/src/test/httpserver_tests.cpp @@ -34,5 +34,9 @@ BOOST_AUTO_TEST_CASE(test_query_parameters) // Invalid query string syntax is the same as not having parameters uri = "/rest/endpoint/someresource.json&p1=v1&p2=v2"; BOOST_CHECK(!GetQueryParameterFromUri(uri.c_str(), "p1").has_value()); + + // URI with invalid characters (%) raises a runtime error regardless of which query parameter is queried + uri = "/rest/endpoint/someresource.json&p1=v1&p2=v2%"; + BOOST_CHECK_EXCEPTION(GetQueryParameterFromUri(uri.c_str(), "p1"), std::runtime_error, HasReason("URI parsing failed, it likely contained RFC 3986 invalid characters")); } BOOST_AUTO_TEST_SUITE_END() |