Bug #6766
closednull pointer access in RequestParser::validate()
0%
Description
If the content-length header of a HTTP request is empty, Wt will crash in the function RequestParser::validate() because the Request::Header::value::data field will be null when passed to strtoll
.
To crash seemingly any Wt app (tested on 4.0.3 and 3.3.4), you can use the command line call:
wget --method GET --header 'content-length: ' - http://localhost:8080/
A simple null check on the cl
variable in the function should fix the crash, and should maybe cause the function to return Reply::bad_request
.
Updated by Roel Standaert about 6 years ago
This was fixed in August (https://github.com/emweb/wt/commit/d4b0ababc64c04e6027e6fcf6ed07f230d1d7805). It does not affect Wt 4.0.4 and Wt 3.3.11.
We're not currently returning bad request though. The content length is just 0 if it's an empty string.
Updated by Roel Standaert about 6 years ago
- Status changed from New to Resolved
It now also returns bad request.
Updated by Roel Standaert about 6 years ago
- Status changed from Resolved to Closed