Project

General

Profile

Actions

Bug #6766

closed

null pointer access in RequestParser::validate()

Added by Will Johnson about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
11/27/2018
Due date:
% Done:

0%

Estimated time:

Description

If the content-length header of a HTTP request is empty, Wt will crash in the function RequestParser::validate() because the Request::Header::value::data field will be null when passed to strtoll.

To crash seemingly any Wt app (tested on 4.0.3 and 3.3.4), you can use the command line call:

wget --method GET --header 'content-length: ' - http://localhost:8080/

A simple null check on the cl variable in the function should fix the crash, and should maybe cause the function to return Reply::bad_request.

Actions #1

Updated by Roel Standaert about 6 years ago

This was fixed in August (https://github.com/emweb/wt/commit/d4b0ababc64c04e6027e6fcf6ed07f230d1d7805). It does not affect Wt 4.0.4 and Wt 3.3.11.

We're not currently returning bad request though. The content length is just 0 if it's an empty string.

Actions #2

Updated by Roel Standaert about 6 years ago

  • Status changed from New to Resolved

It now also returns bad request.

Actions #3

Updated by Roel Standaert about 6 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF