diff options
| author | pablomartin4btc <pablomartin4btc@gmail.com> | 2023-04-14 19:03:08 -0300 |
|---|---|---|
| committer | fanquake <fanquake@gmail.com> | 2023-04-18 11:43:59 +0100 |
| commit | 3a26b19df25ca99a9a58ae5398f6f423ac074368 (patch) | |
| tree | 69edd85ecd31e3487a409716f2ce16fb71a58947 /test | |
| parent | c40b1da2fd64bb10f120f85966b44f0d2bb315f8 (diff) | |
| download | bitcoin-3a26b19df25ca99a9a58ae5398f6f423ac074368.tar.xz | |
bugfix: rest: avoid segfault for invalid URI
`evhttp_uri_parse` can return a nullptr, for example when the URI
contains invalid characters (e.g. "%").
`GetQueryParameterFromUri` passes the output of `evhttp_uri_parse`
straight into `evhttp_uri_get_query`, which means that anyone calling
a REST endpoint in which query parameters are used (e.g. `rest_headers`)
can cause a segfault.
This bugfix is designed to be minimal and without additional behaviour change.
Github-Pull: #27468
Rebased-From: 11422cc5720c8d73a87600de8fe8abb156db80dc
Diffstat (limited to 'test')
| -rwxr-xr-x | test/functional/interface_rest.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/test/functional/interface_rest.py b/test/functional/interface_rest.py index f36bbda3af..cb1fbdfb7a 100755 --- a/test/functional/interface_rest.py +++ b/test/functional/interface_rest.py @@ -281,6 +281,10 @@ class RESTTest (BitcoinTestFramework): assert_equal(len(json_obj), 1) # ensure that there is one header in the json response assert_equal(json_obj[0]['hash'], bb_hash) # request/response hash should be the same + # Check invalid uri (% symbol at the end of the request) + resp = self.test_rest_request(f"/headers/{bb_hash}%", ret_type=RetType.OBJ, status=400) + assert_equal(resp.read().decode('utf-8').rstrip(), "URI parsing failed, it likely contained RFC 3986 invalid characters") + # Compare with normal RPC block response rpc_block_json = self.nodes[0].getblock(bb_hash) for key in ['hash', 'confirmations', 'height', 'version', 'merkleroot', 'time', 'nonce', 'bits', 'difficulty', 'chainwork', 'previousblockhash']: |