[GNUnet-SVN] [libmicrohttpd] branch master updated: Disallow binary zero

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [libmicrohttpd] branch master updated: Disallow binary zero

From:	gnunet
Subject:	[GNUnet-SVN] [libmicrohttpd] branch master updated: Disallow binary zero in header and cookies.
Date:	Fri, 03 May 2019 14:44:51 +0200

This is an automated email from the git hooks/post-receive script.

karlson2k pushed a commit to branch master
in repository libmicrohttpd.

The following commit(s) were added to refs/heads/master by this push:
     new bcdff026 Disallow binary zero in header and cookies.
bcdff026 is described below

commit bcdff026967469e6c9cd1a22db80721712586a8e
Author: Evgeny Grin (Karlson2k) <address@hidden>
AuthorDate: Fri May 3 15:44:12 2019 +0300

    Disallow binary zero in header and cookies.
---
 src/include/microhttpd.h    | 18 ++++++++----------
 src/microhttpd/connection.c | 23 +++++++++++++----------
 2 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 77e80354..6617dd98 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -2537,12 +2537,10 @@ MHD_set_connection_value (struct MHD_Connection 
*connection,
 
 
 /**
- * This function can be used to add an entry to the HTTP headers of a
- * connection (so that the #MHD_get_connection_values function will
- * return them -- and the `struct MHD_PostProcessor` will also see
- * them).  This maybe required in certain situations (see Mantis
- * #1399) where (broken) HTTP implementations fail to supply values
- * needed by the post processor (or other parts of the application).
+ * This function can be used to add an arbitrary entry to connection.
+ * This function could add entry with binary zero, which is allowed
+ * for #MHD_GET_ARGUMENT_KIND. For other kind on entries it is
+ * recommended to use #MHD_set_connection_value.
  *
  * This function MUST only be called from within the
  * #MHD_AccessHandlerCallback (otherwise, access maybe improperly
@@ -2554,10 +2552,10 @@ MHD_set_connection_value (struct MHD_Connection 
*connection,
  * @param connection the connection for which a
  *  value should be set
  * @param kind kind of the value
- * @param key key for the value
- * @param key_size number of bytes in @a key (excluding 0-terminator for 
C-strings)
- * @param value the value itself 
- * @param value_size number of bytes in @a value (excluding 0-terminator for 
C-strings)
+ * @param key key for the value, must be zero-terminated
+ * @param key_size number of bytes in @a key (excluding 0-terminator)
+ * @param value the value itself, must be zero-terminated
+ * @param value_size number of bytes in @a value (excluding 0-terminator)
  * @return #MHD_NO if the operation could not be
  *         performed due to insufficient memory;
  *         #MHD_YES on success
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
index 611d4141..78c36f07 100644
--- a/src/microhttpd/connection.c
+++ b/src/microhttpd/connection.c
@@ -714,12 +714,10 @@ MHD_get_connection_values (struct MHD_Connection 
*connection,
 
 
 /**
- * This function can be used to add an entry to the HTTP headers of a
- * connection (so that the #MHD_get_connection_values function will
- * return them -- and the `struct MHD_PostProcessor` will also see
- * them).  This maybe required in certain situations (see Mantis
- * #1399) where (broken) HTTP implementations fail to supply values
- * needed by the post processor (or other parts of the application).
+ * This function can be used to add an arbitrary entry to connection.
+ * This function could add entry with binary zero, which is allowed
+ * for #MHD_GET_ARGUMENT_KIND. For other kind on entries it is
+ * recommended to use #MHD_set_connection_value.
  *
  * This function MUST only be called from within the
  * #MHD_AccessHandlerCallback (otherwise, access maybe improperly
@@ -731,10 +729,10 @@ MHD_get_connection_values (struct MHD_Connection 
*connection,
  * @param connection the connection for which a
  *  value should be set
  * @param kind kind of the value
- * @param key key for the value
- * @param key_size number of bytes in @a key (excluding 0-terminator for 
C-strings)
- * @param value the value itself
- * @param value_size number of bytes in @a value (excluding 0-terminator for 
C-strings)
+ * @param key key for the value, must be zero-terminated
+ * @param key_size number of bytes in @a key (excluding 0-terminator)
+ * @param value the value itself, must be zero-terminated
+ * @param value_size number of bytes in @a value (excluding 0-terminator)
  * @return #MHD_NO if the operation could not be
  *         performed due to insufficient memory;
  *         #MHD_YES on success
@@ -750,6 +748,11 @@ MHD_set_connection_value_n (struct MHD_Connection 
*connection,
 {
   struct MHD_HTTP_Header *pos;
 
+  if ( (MHD_GET_ARGUMENT_KIND != kind) &&
+       ( (strlen(key) != key_size) ||
+         (strlen(value) != value_size) ) )
+    return MHD_NO; /* binary zero is allowed only in GET arguments */
+
   pos = MHD_pool_allocate (connection->pool,
                            sizeof (struct MHD_HTTP_Header),
                            MHD_YES);

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [libmicrohttpd] branch master updated: Disallow binary zero in header and cookies., gnunet <=

Prev by Date: [GNUnet-SVN] [gnunet] branch master updated: benchmark: fix request size collection and add invariant check
Next by Date: [GNUnet-SVN] [gnunet] branch master updated: add test for json_mhd.c logic
Previous by thread: [GNUnet-SVN] [gnunet] branch master updated: benchmark: fix request size collection and add invariant check
Next by thread: [GNUnet-SVN] [gnunet] branch master updated: add test for json_mhd.c logic
Index(es):
- Date
- Thread