diff options
author | Matthias Wachs <wachs@net.in.tum.de> | 2013-01-07 14:25:57 +0000 |
---|---|---|
committer | Matthias Wachs <wachs@net.in.tum.de> | 2013-01-07 14:25:57 +0000 |
commit | 86d6140cd5b6f2f6805edf822c1baa1b5b317cd8 (patch) | |
tree | 43518671ba7a0b22a1244100a8e46982ea3f6353 /src/transport/plugin_transport_http_server.c | |
parent | a10310cb68f656f8c0ae63cccfe192749e32b2ab (diff) | |
download | gnunet-86d6140cd5b6f2f6805edf822c1baa1b5b317cd8.tar.gz gnunet-86d6140cd5b6f2f6805edf822c1baa1b5b317cd8.zip |
- remove url parsing breaks for invalid requests
Diffstat (limited to 'src/transport/plugin_transport_http_server.c')
-rw-r--r-- | src/transport/plugin_transport_http_server.c | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/src/transport/plugin_transport_http_server.c b/src/transport/plugin_transport_http_server.c index 6b88ec553..97a28b694 100644 --- a/src/transport/plugin_transport_http_server.c +++ b/src/transport/plugin_transport_http_server.c | |||
@@ -45,6 +45,11 @@ | |||
45 | #define _RECEIVE 0 | 45 | #define _RECEIVE 0 |
46 | #define _SEND 1 | 46 | #define _SEND 1 |
47 | 47 | ||
48 | |||
49 | /* Enable output for debbuging URL's of incoming requests */ | ||
50 | #define DEBUG_URL_PARSE GNUNET_NO | ||
51 | |||
52 | |||
48 | /** | 53 | /** |
49 | * Encapsulation of all of the state of the plugin. | 54 | * Encapsulation of all of the state of the plugin. |
50 | */ | 55 | */ |
@@ -891,8 +896,6 @@ server_mhd_connection_timeout (struct HTTP_Server_Plugin *plugin, struct Session | |||
891 | static int | 896 | static int |
892 | server_parse_url (struct HTTP_Server_Plugin *plugin, const char * url, struct GNUNET_PeerIdentity * target, uint32_t *tag) | 897 | server_parse_url (struct HTTP_Server_Plugin *plugin, const char * url, struct GNUNET_PeerIdentity * target, uint32_t *tag) |
893 | { | 898 | { |
894 | int debug = GNUNET_YES; | ||
895 | |||
896 | char * tag_start = NULL; | 899 | char * tag_start = NULL; |
897 | char * tag_end = NULL; | 900 | char * tag_end = NULL; |
898 | char * target_start = NULL; | 901 | char * target_start = NULL; |
@@ -916,7 +919,7 @@ server_parse_url (struct HTTP_Server_Plugin *plugin, const char * url, struct GN | |||
916 | 919 | ||
917 | if (NULL == separator) | 920 | if (NULL == separator) |
918 | { | 921 | { |
919 | if (debug) GNUNET_break (0); | 922 | if (DEBUG_URL_PARSE) GNUNET_break (0); |
920 | return GNUNET_SYSERR; | 923 | return GNUNET_SYSERR; |
921 | } | 924 | } |
922 | tag_start = separator + 1; | 925 | tag_start = separator + 1; |
@@ -924,42 +927,42 @@ server_parse_url (struct HTTP_Server_Plugin *plugin, const char * url, struct GN | |||
924 | if (strlen (tag_start) == 0) | 927 | if (strlen (tag_start) == 0) |
925 | { | 928 | { |
926 | /* No tag after separator */ | 929 | /* No tag after separator */ |
927 | if (debug) GNUNET_break (0); | 930 | if (DEBUG_URL_PARSE) GNUNET_break (0); |
928 | return GNUNET_SYSERR; | 931 | return GNUNET_SYSERR; |
929 | } | 932 | } |
930 | ctag = strtoul (tag_start, &tag_end, 10); | 933 | ctag = strtoul (tag_start, &tag_end, 10); |
931 | if (ctag == 0) | 934 | if (ctag == 0) |
932 | { | 935 | { |
933 | /* tag == 0 , invalid */ | 936 | /* tag == 0 , invalid */ |
934 | if (debug) GNUNET_break (0); | 937 | if (DEBUG_URL_PARSE) GNUNET_break (0); |
935 | return GNUNET_SYSERR; | 938 | return GNUNET_SYSERR; |
936 | } | 939 | } |
937 | if ((ctag == ULONG_MAX) && (ERANGE == errno)) | 940 | if ((ctag == ULONG_MAX) && (ERANGE == errno)) |
938 | { | 941 | { |
939 | /* out of range: > ULONG_MAX */ | 942 | /* out of range: > ULONG_MAX */ |
940 | if (debug) GNUNET_break (0); | 943 | if (DEBUG_URL_PARSE) GNUNET_break (0); |
941 | return GNUNET_SYSERR; | 944 | return GNUNET_SYSERR; |
942 | } | 945 | } |
943 | if (ctag > UINT32_MAX) | 946 | if (ctag > UINT32_MAX) |
944 | { | 947 | { |
945 | /* out of range: > UINT32_MAX */ | 948 | /* out of range: > UINT32_MAX */ |
946 | if (debug) GNUNET_break (0); | 949 | if (DEBUG_URL_PARSE) GNUNET_break (0); |
947 | return GNUNET_SYSERR; | 950 | return GNUNET_SYSERR; |
948 | } | 951 | } |
949 | (*tag) = (uint32_t) ctag; | 952 | (*tag) = (uint32_t) ctag; |
950 | if (NULL == tag_end) | 953 | if (NULL == tag_end) |
951 | { | 954 | { |
952 | /* no char after tag */ | 955 | /* no char after tag */ |
953 | if (debug) GNUNET_break (0); | 956 | if (DEBUG_URL_PARSE) GNUNET_break (0); |
954 | return GNUNET_SYSERR; | 957 | return GNUNET_SYSERR; |
955 | } | 958 | } |
956 | if (url[strlen(url)] != tag_end[0]) | 959 | if (url[strlen(url)] != tag_end[0]) |
957 | { | 960 | { |
958 | /* there are more not converted chars after tag */ | 961 | /* there are more not converted chars after tag */ |
959 | if (debug) GNUNET_break (0); | 962 | if (DEBUG_URL_PARSE) GNUNET_break (0); |
960 | return GNUNET_SYSERR; | 963 | return GNUNET_SYSERR; |
961 | } | 964 | } |
962 | if (debug) | 965 | if (DEBUG_URL_PARSE) |
963 | GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG, plugin->name, | 966 | GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG, plugin->name, |
964 | "Found tag `%u' in url\n", (*tag)); | 967 | "Found tag `%u' in url\n", (*tag)); |
965 | 968 | ||
@@ -975,7 +978,7 @@ server_parse_url (struct HTTP_Server_Plugin *plugin, const char * url, struct GN | |||
975 | if (hash_length != plugin->peer_id_length) | 978 | if (hash_length != plugin->peer_id_length) |
976 | { | 979 | { |
977 | /* no char after tag */ | 980 | /* no char after tag */ |
978 | if (debug) GNUNET_break (0); | 981 | if (DEBUG_URL_PARSE) GNUNET_break (0); |
979 | return GNUNET_SYSERR; | 982 | return GNUNET_SYSERR; |
980 | } | 983 | } |
981 | memcpy (hash, target_start, hash_length); | 984 | memcpy (hash, target_start, hash_length); |
@@ -984,7 +987,7 @@ server_parse_url (struct HTTP_Server_Plugin *plugin, const char * url, struct GN | |||
984 | if (GNUNET_OK != GNUNET_CRYPTO_hash_from_string ((const char *) hash, &(target->hashPubKey))) | 987 | if (GNUNET_OK != GNUNET_CRYPTO_hash_from_string ((const char *) hash, &(target->hashPubKey))) |
985 | { | 988 | { |
986 | /* hash conversion failed */ | 989 | /* hash conversion failed */ |
987 | if (debug) GNUNET_break (0); | 990 | if (DEBUG_URL_PARSE) GNUNET_break (0); |
988 | return GNUNET_SYSERR; | 991 | return GNUNET_SYSERR; |
989 | } | 992 | } |
990 | 993 | ||