artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 71995d6)
Move the assignment of http_query down. Also do not assign a non-malloced
authorclaudio <claudio@openbsd.org>
Thu, 11 Nov 2021 15:52:33 +0000 (15:52 +0000)
committerclaudio <claudio@openbsd.org>
Thu, 11 Nov 2021 15:52:33 +0000 (15:52 +0000)
string to it since the code assumes it can call free on it.
Fixes crashes noticed by tobhe@ and florian@
OK otto@ tobhe@

usr.sbin/httpd/server_http.c patch | blob | history

diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c
index 4c85444..d5d31fa 100644 (file)
--- a/usr.sbin/httpd/server_http.c
+++ b/usr.sbin/httpd/server_http.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: server_http.c,v 1.148 2021/11/05 19:01:02 benno Exp $ */
+/*     $OpenBSD: server_http.c,v 1.149 2021/11/11 15:52:33 claudio Exp $       */
 
 /*
  * Copyright (c) 2020 Matthias Pressfreund <mpfr@fn.de>
@@ -228,7 +228,7 @@ server_read_http(struct bufferevent *bev, void *arg)
        struct evbuffer         *src = EVBUFFER_INPUT(bev);
        char                    *line = NULL, *key, *value;
        const char              *errstr;
-       char                    *http_version;
+       char                    *http_version, *query;
        size_t                   size, linelen;
        int                      version;
        struct kv               *hdr = NULL;
@@ -348,9 +348,6 @@ server_read_http(struct bufferevent *bev, void *arg)
                        }
 
                        *http_version++ = '\0';
-                       desc->http_query = strchr(desc->http_path, '?');
-                       if (desc->http_query != NULL)
-                               *desc->http_query++ = '\0';
 
                        /*
                         * We have to allocate the strings because they could
@@ -378,10 +375,13 @@ server_read_http(struct bufferevent *bev, void *arg)
                                        goto fail;
                        }
 
-                       if (desc->http_query != NULL &&
-                           (desc->http_query =
-                           strdup(desc->http_query)) == NULL)
-                               goto fail;
+                       query = strchr(desc->http_path, '?');
+                       if (query != NULL) {
+                               *query++ = '\0';
+
+                               if ((desc->http_query = strdup(query)) == NULL)
+                                       goto fail;
+                       }
 
                } else if (desc->http_method != HTTP_METHOD_NONE &&
                    strcasecmp("Content-Length", key) == 0) {
OpenBSD src
by Ahmet Artu Yildirim