[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] branch master updated: fix crash problem found by MD
From: |
gnunet |
Subject: |
[libmicrohttpd] branch master updated: fix crash problem found by MD |
Date: |
Fri, 11 Sep 2020 22:15:43 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository libmicrohttpd.
The following commit(s) were added to refs/heads/master by this push:
new 16c13329 fix crash problem found by MD
16c13329 is described below
commit 16c133294af482665fd72c6e40a42b6480aea3e1
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Fri Sep 11 22:09:08 2020 +0200
fix crash problem found by MD
---
ChangeLog | 3 +
src/microhttpd/postprocessor.c | 1 +
src/microhttpd/test_postprocessor_md.c | 230 ++++++++++++++++++++-------------
3 files changed, 143 insertions(+), 91 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index ee418a04..efa5ca7f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+Fri 11 Sep 2020 10:08:22 PM CEST
+ Fix crash problem in PostProcessor reported by MD. -CG
+
Wed 19 Aug 2020 09:40:39 AM CEST
Add logic to check on MHD_pool_reallocate() failure reported on the
mailinglist (will NOT yet fix the issue). -CG
diff --git a/src/microhttpd/postprocessor.c b/src/microhttpd/postprocessor.c
index f5da5430..7cffeaea 100644
--- a/src/microhttpd/postprocessor.c
+++ b/src/microhttpd/postprocessor.c
@@ -578,6 +578,7 @@ post_process_urlencoded (struct MHD_PostProcessor *pp,
pp->value_offset = 0;
pp->state = PP_Init;
start_value = NULL;
+ end_value = NULL;
}
continue;
case '\n':
diff --git a/src/microhttpd/test_postprocessor_md.c
b/src/microhttpd/test_postprocessor_md.c
index 111cad49..82093d3c 100644
--- a/src/microhttpd/test_postprocessor_md.c
+++ b/src/microhttpd/test_postprocessor_md.c
@@ -182,12 +182,12 @@ post_data_iterator4 (void *cls,
uint64_t off,
size_t size)
{
- #if DEBUG
+#if DEBUG
fprintf (stderr,
"%s\t%s\n",
key,
data);
- #endif
+#endif
if (NULL != memchr (data, 'M', size))
{
found |= 1;
@@ -196,106 +196,154 @@ post_data_iterator4 (void *cls,
}
+static enum MHD_Result
+post_data_iterator5 (void *cls,
+ enum MHD_ValueKind kind,
+ const char *key,
+ const char *filename,
+ const char *content_type,
+ const char *transfer_encoding,
+ const char *data,
+ uint64_t off,
+ size_t size)
+{
+ found++;
+ return MHD_YES;
+}
+
+
int
main (int argc, char *argv[])
{
struct MHD_PostProcessor *postprocessor;
- postprocessor = malloc (sizeof (struct MHD_PostProcessor)
- + 0x1000 + 1);
- if (NULL == postprocessor)
- return 77;
- memset (postprocessor,
- 0,
- sizeof (struct MHD_PostProcessor) + 0x1000 + 1);
- postprocessor->ikvi = &post_data_iterator;
- postprocessor->encoding = MHD_HTTP_POST_ENCODING_FORM_URLENCODED;
- postprocessor->buffer_size = 0x1000;
- postprocessor->state = PP_Init;
- postprocessor->skip_rn = RN_Inactive;
- MHD_post_process (postprocessor, "xxxx=xxxx", 9);
- MHD_post_process (postprocessor, "&yyyy=yyyy&zzzz=&aaaa=", 22);
- MHD_post_process (postprocessor, "", 0);
- if (MHD_YES !=
- MHD_destroy_post_processor (postprocessor))
- exit (3);
- if (found != 15)
- exit (2);
- found = 0;
- postprocessor = malloc (sizeof (struct MHD_PostProcessor)
- + 0x1000 + 1);
- if (NULL == postprocessor)
- return 77;
- memset (postprocessor,
- 0,
- sizeof (struct MHD_PostProcessor) + 0x1000 + 1);
- postprocessor->ikvi = post_data_iterator2;
- postprocessor->encoding = MHD_HTTP_POST_ENCODING_FORM_URLENCODED;
- postprocessor->buffer_size = 0x1000;
- postprocessor->state = PP_Init;
- postprocessor->skip_rn = RN_Inactive;
- MHD_post_process (postprocessor, "text=text%2", 11);
- MHD_post_process (postprocessor, "C+text", 6);
- MHD_post_process (postprocessor, "", 0);
- MHD_destroy_post_processor (postprocessor);
- if (found != 1)
- exit (4);
-
- found = 0;
- postprocessor = malloc (sizeof (struct MHD_PostProcessor)
- + 0x1000 + 1);
- if (NULL == postprocessor)
- return 77;
- memset (postprocessor,
- 0,
- sizeof (struct MHD_PostProcessor) + 0x1000 + 1);
- postprocessor->ikvi = post_data_iterator3;
- postprocessor->encoding = MHD_HTTP_POST_ENCODING_FORM_URLENCODED;
- postprocessor->buffer_size = 0x1000;
- postprocessor->state = PP_Init;
- postprocessor->skip_rn = RN_Inactive;
{
- const char *chunk =
-
"x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2C%2C%2C%2C%2C%2Cxxxxxxxxxxxxxxxxx%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2Cxxxxxxxxxxxxxxxxxxxxxxxxx%2C%2C%2C%2C%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2C%2C%2C%2C%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2C%2C%2C%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[...]
- "&y=y&z=z";
-
- MHD_post_process (postprocessor, chunk, strlen (chunk) );
+ postprocessor = malloc (sizeof (struct MHD_PostProcessor)
+ + 0x1000 + 1);
+ if (NULL == postprocessor)
+ return 77;
+ memset (postprocessor,
+ 0,
+ sizeof (struct MHD_PostProcessor) + 0x1000 + 1);
+ postprocessor->ikvi = &post_data_iterator;
+ postprocessor->encoding = MHD_HTTP_POST_ENCODING_FORM_URLENCODED;
+ postprocessor->buffer_size = 0x1000;
+ postprocessor->state = PP_Init;
+ postprocessor->skip_rn = RN_Inactive;
+ MHD_post_process (postprocessor, "xxxx=xxxx", 9);
+ MHD_post_process (postprocessor, "&yyyy=yyyy&zzzz=&aaaa=", 22);
+ MHD_post_process (postprocessor, "", 0);
+ if (MHD_YES !=
+ MHD_destroy_post_processor (postprocessor))
+ exit (3);
+ if (found != 15)
+ exit (2);
+ }
+ {
+ found = 0;
+ postprocessor = malloc (sizeof (struct MHD_PostProcessor)
+ + 0x1000 + 1);
+ if (NULL == postprocessor)
+ return 77;
+ memset (postprocessor,
+ 0,
+ sizeof (struct MHD_PostProcessor) + 0x1000 + 1);
+ postprocessor->ikvi = post_data_iterator2;
+ postprocessor->encoding = MHD_HTTP_POST_ENCODING_FORM_URLENCODED;
+ postprocessor->buffer_size = 0x1000;
+ postprocessor->state = PP_Init;
+ postprocessor->skip_rn = RN_Inactive;
+ MHD_post_process (postprocessor, "text=text%2", 11);
+ MHD_post_process (postprocessor, "C+text", 6);
+ MHD_post_process (postprocessor, "", 0);
+ MHD_destroy_post_processor (postprocessor);
+ if (found != 1)
+ exit (4);
+ }
+ {
+ found = 0;
+ postprocessor = malloc (sizeof (struct MHD_PostProcessor)
+ + 0x1000 + 1);
+ if (NULL == postprocessor)
+ return 77;
+ memset (postprocessor,
+ 0,
+ sizeof (struct MHD_PostProcessor) + 0x1000 + 1);
+ postprocessor->ikvi = post_data_iterator3;
+ postprocessor->encoding = MHD_HTTP_POST_ENCODING_FORM_URLENCODED;
+ postprocessor->buffer_size = 0x1000;
+ postprocessor->state = PP_Init;
+ postprocessor->skip_rn = RN_Inactive;
+ {
+ const char *chunk =
+
"x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2C%2C%2C%2C%2C%2Cxxxxxxxxxxxxxxxxx%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2Cxxxxxxxxxxxxxxxxxxxxxxxxx%2C%2C%2C%2C%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2C%2C%2C%2C%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2C%2C%2C%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[...]
+ "&y=y&z=z";
+
+ MHD_post_process (postprocessor, chunk, strlen (chunk) );
+ }
+ MHD_post_process (postprocessor, "", 0);
+ MHD_destroy_post_processor (postprocessor);
+ if (found != 1)
+ exit (5);
}
- MHD_post_process (postprocessor, "", 0);
- MHD_destroy_post_processor (postprocessor);
-
- if (found != 1)
- exit (5);
-
- postprocessor = malloc (sizeof(struct MHD_PostProcessor) + 131076 + 1);
- if (NULL == postprocessor)
- return 77;
- memset (postprocessor,
- 0,
- sizeof (struct MHD_PostProcessor) + 0x1000 + 1);
- postprocessor->ikvi = post_data_iterator4;
- postprocessor->encoding = MHD_HTTP_POST_ENCODING_FORM_URLENCODED;
- postprocessor->buffer_size = 131076;
- postprocessor->state = PP_Init;
- postprocessor->skip_rn = RN_Inactive;
- const char *chunks[] = {
-
"t=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2C%2Cxxxxx%2C%2Cx%2Cxxxxxxxxxxxxxxxxxxxx%2C%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2Cxxxxxxxx%2Cxxxxxxxxxxxxxxxx%2Cxxxxx%2Cxxxxxxx%2C%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2C%2Cxx%2C%2Cx%2Cxx%2C%2Cxxxx%2Cxxx%2C%2Cx%2C%2C%2C%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2Cxxxxxxxxxxxxxxxxxxxxxxx
[...]
- // one chunk: second line is dropped
-
"yyyyyyyyyyyyyyyyyyyyyyyyyyyyyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2Cxxxxxxxxxxxxxxxx%2Cx%2C%2Cx%2Cxxxxxxxxxxxxxxxxxxx%2C%2C%2C%2C%2C%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2Cxxxxxxxxxx%2C%2C%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2Cxxxxxxxxxxxxxxxxxxx%2Cxxxx%2Cxxxxxxxxxxxxxxxxx%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2C%2C%2Cx
[...]
-
"%E2%80%A2MMMMMMMM%2C%2C%2C%2CMMMMMMMMMMMMMMMMMMMM%2CMMMMMMMMMMMMMMMMMMMMMMM%2CMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM%2C%2C%2C%2CMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM%2CMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM%2CMMM
[...]
- "zz",
- "",
- };
- for (unsigned i = 0; i < ARRAY_LENGTH (chunks); ++i)
{
- const char *chunk = chunks[i];
- MHD_post_process (postprocessor, chunk, strlen (chunk) );
+ postprocessor = malloc (sizeof(struct MHD_PostProcessor) + 131076 + 1);
+ if (NULL == postprocessor)
+ return 77;
+ memset (postprocessor,
+ 0,
+ sizeof (struct MHD_PostProcessor) + 0x1000 + 1);
+ postprocessor->ikvi = post_data_iterator4;
+ postprocessor->encoding = MHD_HTTP_POST_ENCODING_FORM_URLENCODED;
+ postprocessor->buffer_size = 131076;
+ postprocessor->state = PP_Init;
+ postprocessor->skip_rn = RN_Inactive;
+ const char *chunks[] = {
+
"t=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2C%2Cxxxxx%2C%2Cx%2Cxxxxxxxxxxxxxxxxxxxx%2C%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2Cxxxxxxxx%2Cxxxxxxxxxxxxxxxx%2Cxxxxx%2Cxxxxxxx%2C%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2C%2Cxx%2C%2Cx%2Cxx%2C%2Cxxxx%2Cxxx%2C%2Cx%2C%2C%2C%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2Cxxxxxxxxxxxxxxxxxxxxx
[...]
+ // one chunk: second line is dropped
+
"yyyyyyyyyyyyyyyyyyyyyyyyyyyyyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2Cxxxxxxxxxxxxxxxx%2Cx%2C%2Cx%2Cxxxxxxxxxxxxxxxxxxx%2C%2C%2C%2C%2C%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2Cxxxxxxxxxx%2C%2C%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2Cxxxxxxxxxxxxxxxxxxx%2Cxxxx%2Cxxxxxxxxxxxxxxxxx%2Cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%2C%2C%2
[...]
+
"%E2%80%A2MMMMMMMM%2C%2C%2C%2CMMMMMMMMMMMMMMMMMMMM%2CMMMMMMMMMMMMMMMMMMMMMMM%2CMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM%2C%2C%2C%2CMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM%2CMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM%2CM
[...]
+ "zz",
+ "",
+ };
+ for (unsigned i = 0; i < ARRAY_LENGTH (chunks); ++i)
+ {
+ const char *chunk = chunks[i];
+ MHD_post_process (postprocessor, chunk, strlen (chunk) );
+ }
+ MHD_destroy_post_processor (postprocessor);
+ if (found != 1)
+ return 6;
+ }
+ {
+ postprocessor = malloc (sizeof(struct MHD_PostProcessor) + 131076 + 1);
+ found = 0;
+ if (NULL == postprocessor)
+ return 77;
+ memset (postprocessor,
+ 0,
+ sizeof (struct MHD_PostProcessor) + 0x1000 + 1);
+ postprocessor->ikvi = post_data_iterator5;
+ postprocessor->encoding = MHD_HTTP_POST_ENCODING_FORM_URLENCODED;
+ postprocessor->buffer_size = 131076;
+ postprocessor->state = PP_Init;
+ postprocessor->skip_rn = RN_Inactive;
+ const char *chunks[] = {
+
"XXXXXXXXXXXX=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&XXXXXX=&XXXXXXXXXXXXXX=XXXX+&XXXXXXXXXXXXXXX=XXXXXXXXX&XXXXXXXXXXXXX=XXXX%XX%XXXXXX&XXXXXXXXXXX=XXXXXXXXX&XXXXXXXXXXXXX=XXXXXXXXXX&XXXXXXXXXXXXXXX=XX&XXXXXXXXXXXXXXX=XXXXXXXXX&XXXXXXXXXXXXX=XXXXXX&XXXXXXXXXXX=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "&XXXXXXXX=XXXX",
+ "",
+ };
+ for (unsigned i = 0; i < ARRAY_LENGTH (chunks); ++i)
+ {
+ const char *chunk = chunks[i];
+ MHD_post_process (postprocessor, chunk, strlen (chunk) );
+ }
+ MHD_destroy_post_processor (postprocessor);
+ if (found != 12)
+ return 7;
}
- MHD_destroy_post_processor (postprocessor);
- if (found != 1)
- return 6;
return EXIT_SUCCESS;
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [libmicrohttpd] branch master updated: fix crash problem found by MD,
gnunet <=