libmicrohttpd

HTTP/1.x server C library (MHD 1.x, stable)
Log | Files | Refs | Submodules | README | LICENSE
commit eb21a977d2b41628c4228ca097b24168574850d9
parent 8586d91913dcbc728a90d7c1ec9c88cdc3b8258e
Author: Christian Grothoff <grothoff@gnunet.org>
Date:   Sun,  3 Sep 2023 00:23:02 +0200

fix #7757

Diffstat:

MChangeLog | 5+++++


Msrc/microhttpd/connection.c | 13+++++++++++--


Msrc/microhttpd/internal.h | 7+++++++


3 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,8 @@
+Sun Sep  3 12:23:18 AM CEST 2023
+    Prevent queueing of responses if connection is not currently in the
+    access handler callback (which was always not allowed per API spec,
+    but is now met with an appropriate error response). Fixes #7757. -CG
+
 Web 29 Mar 2023 20:56:00 CEST
     Bumped version as the hotfix was released based on the separate branch. -EG
 
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
@@ -3674,6 +3674,7 @@ call_connection_handler (struct MHD_Connection *connection)
     return;                     /* already queued a response */
   processed = 0;
   connection->rq.client_aware = true;
+  connection->in_access_handler = true;
   if (MHD_NO ==
       daemon->default_handler (daemon->default_handler_cls,
                                connection,
@@ -3684,12 +3685,14 @@ call_connection_handler (struct MHD_Connection *connection)
                                &processed,
                                &connection->rq.client_context))
   {
+    connection->in_access_handler = false;
     /* serious internal error, close connection */
     CONNECTION_CLOSE_ERROR (connection,
                             _ ("Application reported internal error, " \
                                "closing connection."));
     return;
   }
+  connection->in_access_handler = false;
 }
 
 
@@ -3898,6 +3901,7 @@ process_request_body (struct MHD_Connection *connection)
     }
     left_unprocessed = to_be_processed;
     connection->rq.client_aware = true;
+    connection->in_access_handler = true;
     if (MHD_NO ==
         daemon->default_handler (daemon->default_handler_cls,
                                  connection,
@@ -3908,12 +3912,15 @@ process_request_body (struct MHD_Connection *connection)
                                  &left_unprocessed,
                                  &connection->rq.client_context))
     {
+      connection->in_access_handler = false;
       /* serious internal error, close connection */
       CONNECTION_CLOSE_ERROR (connection,
                               _ ("Application reported internal error, " \
                                  "closing connection."));
       return;
     }
+    connection->in_access_handler = false;
+
     if (left_unprocessed > to_be_processed)
       MHD_PANIC (_ ("libmicrohttpd API violation.\n"));
 
@@ -7102,10 +7109,12 @@ MHD_queue_response (struct MHD_Connection *connection,
   struct MHD_Daemon *daemon;
   bool reply_icy;
 
-  reply_icy = (0 != (status_code & MHD_ICY_FLAG));
-  status_code &= ~MHD_ICY_FLAG;
   if ((NULL == connection) || (NULL == response))
     return MHD_NO;
+  if (! connection->in_access_handler)
+    return MHD_NO;
+  reply_icy = (0 != (status_code & MHD_ICY_FLAG));
+  status_code &= ~MHD_ICY_FLAG;
 
   daemon = connection->daemon;
 
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
@@ -1576,6 +1576,13 @@ struct MHD_Connection
   bool suspended;
 
   /**
+   * Are we currently in the #MHD_AccessHandlerCallback
+   * for this connection (and thus eligible to receive
+   * calls to #MHD_queue_response()?).
+   */
+  bool in_access_handler;
+
+  /**
    * Is the connection wanting to resume?
    */
   volatile bool resuming;