View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002818 | libmicrohttpd | postprocessor | public | 2013-03-06 14:05 | 2013-03-29 20:09 |
| Reporter | jgresula | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 0.9.25 | ||||
| Target Version | 0.9.26 | Fixed in Version | 0.9.26 | ||
| Summary | 0002818: postprocessor fails to parse a specific urlencoded input | ||||
| Description | post_process_urlencoded() incorrectly assumes '&' at the current input position. | ||||
| Steps To Reproduce | Run attached libmicrohttpd-test.c | ||||
| Tags | No tags attached. | ||||
| Attached Files | libmicrohttpd.patch (464 bytes)
--- libmicrohttpd-0.9.25/src/daemon/postprocessor.c 2013-02-02 01:42:25.000000000 +0100
+++ libmicrohttpd-0.9.25-fixed/src/daemon/postprocessor.c 2013-03-06 09:42:56.000000000 +0100
@@ -435,7 +435,7 @@
{
pp->state = PP_ExpectNewLine;
}
- else
+ else if (post_data[poff] == '&')
{
poff++; /* skip '&' */
pp->state = PP_Init;
libmicrohttpd-test.c (4,265 bytes)
#include "platform.h"
#include "microhttpd.h"
#include "internal.h"
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
int check_post(void *cls, enum MHD_ValueKind kind, const char* key,
const char* filename, const char* content_type,
const char* content_encoding, const char* data,
uint64_t off, size_t size)
{
if ((0 != strcmp(key, "a")) && (0 != strcmp(key, "b")))
{
printf("ERROR: got unexpected '%s'\n", key);
}
return MHD_YES;
}
int
main (int argc, char *const *argv)
{
struct MHD_Connection connection;
struct MHD_HTTP_Header header;
struct MHD_PostProcessor *pp;
memset (&connection, 0, sizeof (struct MHD_Connection));
memset (&header, 0, sizeof (struct MHD_HTTP_Header));
connection.headers_received = &header;
header.header = MHD_HTTP_HEADER_CONTENT_TYPE;
header.value = MHD_HTTP_POST_ENCODING_FORM_URLENCODED;
header.kind = MHD_HEADER_KIND;
pp = MHD_create_post_processor (&connection,
4096, &check_post, NULL);
const char* post = "a=xx+xx+xxx+xxxxx+xxxx+xxxxxxxx+xxx+xxxxxx+xxx+xxx+xxxxxxx+xxxxx%0A+++++++xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%0A+++++++--%3E%0A++++++++++++++%3Cxxxxx+xxxxx%3D%22xxx%25%22%3E%0A+++++++++++%3Cxx%3E%0A+++++++++++++++%3Cxx+xxxxxxx%3D%22x%22+xxxxx%3D%22xxxxx%22%3E%0A+++++++++++++++++++%3Cxxxxx+xxxxx%3D%22xxx%25%22%3E%0A+++++++++++++++++++++++%3Cxx%3E%0A+++++++++++++++++++++++++++%3Cxx+xxxxx%3D%22xxxx%22%3E%0A+++++++++++++++++++++++++++++++%3Cx+xxxxx%3D%22xxxx-xxxxx%3Axxxxx%22%3Exxxxx%3A%3C%2Fx%3E%0A%0A+++++++++++++++++++++++++++++++%3Cx+xxxxx%3D%22xxxx-xxxxx%3Axxxxx%22%3Exxx%3A%3C%2Fx%3E%0A%0A+++++++++++++++++++++++++++++++%3Cx+xxxxx%3D%22xxxx-xxxxx%3Axxxxx%3B+xxxx-xxxxxx%3A+xxxx%3B%22%3Exxxxx+xxxxx%3A%3C%2Fx%3E%0A+++++++++++++++++++++++++++%3C%2Fxx%3E%0A+++++++++++++++++++++++%3C%2Fxx%3E%0A+++++++++++++++++++%3C%2Fxxxxx%3E%0A+++++++++++++++%3C%2Fxx%3E%0A+++++++++++++++%3Cxx+xxxxx%3D%22xxxx-xxxxx%3A+xxxxx%3B+xxxxx%3A+xxxx%22%3E%26xxxxx%3B+%3Cxxxx%0A+++++++++++++++++++++++xxxxx%3D%22xxxxxxxxxxxxxxx%22%3Exxxx.xx%3C%2Fxxxx%3E%0A+++++++++++++++%3C%2Fxx%3E%0A+++++++++++%3C%2Fxx%3E%0A++++++++++++++++++++++++++%3Cxx%3E%0A+++++++++++++++++++%3Cxx+xxxxx%3D%22xxxx-xxxxx%3A+xxxxx%3B+xxxxx%3A+xxxx%22%3E%26xxxxx%3B+%3Cxxxx%0A+++++++++++++++++++++++++++xxxxx%3D%22xxxxxxxxxxxxxxx%22%3Exxx.xx%3C%2Fxxxx%3E%0A+++++++++++++++++++%3C%2Fxx%3E%0A+++++++++++++++%3C%2Fxx%3E%0A++++++++++++++++++++++%3Cxx%3E%0A+++++++++++++++%3Cxx+xxxxx%3D%22xxxx-xxxxx%3A+xxxxx%3Bxxxx-xxxxxx%3A+xxxx%3B+xxxxx%3A+xxxx%22%3E%26xxxxx%3B+%3Cxxxx%0A+++++++++++++++++++++++xxxxx%3D%22xxxxxxxxxxxxxxx%22%3Exxxx.xx%3C%2Fxxxx%3E%3C%2Fxx%3E%0A+++++++++++%3C%2Fxx%3E%0A+++++++%3C%2Fxxxxx%3E%0A+++++++%3C%21--%0A+++++++xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%0A+++++++xxx+xx+xxxxx+xxxxxxx+xxxxxxx%0A+++++++xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%0A+++++++--%3E%0A+++%3C%2Fxxx%3E%0A%0A%0A%0A+++%3Cxxx+xxxxx%3D%22xxxxxxxxx%22+xx%3D%22xxxxxxxxx%22%3E%3C%2Fxxx%3E%0A%0A+++%3Cxxx+xx%3D%22xxxx%22+xxxxx%3D%22xxxx%22%3E%0A+++++++%3Cxxxxx+xxxxx%3D%22xxxxxxxxx%22%3E%0A+++++++++++%3Cxx%3E%0A+++++++++++++++%3Cxx+xxxxxxx%3D%22x%22+xx%3D%22xxxxxxxxxxxxx%22+xxxxx%3D%22xxxxxxxxxxxxx%22%3E%0A+++++++++++++++++++%3Cxxx+xx%3D%22xxxxxx%22%3E%3C%2Fxxx%3E%0A+++++++++++++++%3C%2Fxx%3E%0A+++++++++++%3C%2Fxx%3E%0A+++++++++++%3Cxx%3E%0A+++++++++++++++%3Cxx+xx%3D%22xxxxxxxxxxxxxxxxx%22+xxxxx%3D%22xxxxxxxxxxxxxxxxx%22%3E%3C%2Fxx%3E%0A+++++++++++++++%3Cxx+xx%3D%22xxxxxxxxxxxxxx%22+xxxxx%3D%22xxxxxxxxxxxxxx%22%3E%0A+++++++++++++++++++%3Cxxx+xx%3D%22xxxxxxx%22%3E%3C%2Fxxx%3E%0A+++++++++++++++%3C%2Fxx%3E%0A+++++++++++%3C%2Fxx%3E%0A+++++++++++%3Cxx%3E%0A+++++++++++++++%3Cxx+xxxxxxx%3D%22x%22+xx%3D%22xxxxxxxxxxxxx%22+xxxxx%3D%22xxxxxxxxxxxxx%22%3E%0A+++++++++++++++++++%3Cxxx+xx%3D%22xxxxxx%22%3E%3C%2Fxxx%3E%0A+++++++++++++++%3C%2Fxx%3E%0A+++++++++++%3C%2Fxx%3E%0A+++++++%3C%2Fxxxxx%3E%0A+++%3C%2Fxxx%3E%0A%3C%2Fxxx%3E%0A%0A%3Cxxx+xx%3D%22xxxxxx%22%3E%3C%2Fxxx%3E%0A%0A%3C%2Fxxxx%3E%0A%3C%2Fxxxx%3E+&b=value";
MHD_post_process (pp, post, strlen(post));
MHD_destroy_post_processor (pp);
return 0;
}
| ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2013-03-06 14:05 | jgresula | New Issue | |
| 2013-03-06 14:05 | jgresula | File Added: libmicrohttpd.patch | |
| 2013-03-06 14:06 | jgresula | File Added: libmicrohttpd-test.c | |
| 2013-03-07 10:14 | Christian Grothoff | Note Added: 0006944 | |
| 2013-03-07 10:14 | Christian Grothoff | Status | new => resolved |
| 2013-03-07 10:14 | Christian Grothoff | Fixed in Version | => 0.9.26 |
| 2013-03-07 10:14 | Christian Grothoff | Resolution | open => fixed |
| 2013-03-07 10:14 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2013-03-07 10:14 | Christian Grothoff | Target Version | => 0.9.26 |
| 2013-03-29 20:09 | Christian Grothoff | Status | resolved => closed |
| 2013-05-06 12:53 | Christian Grothoff | Category | postprocessor => libmicrohttpd postprocessor |
| 2024-01-21 13:24 | Christian Grothoff | Category | libmicrohttpd postprocessor => postprocessor |
