From: Felix Fietkau Date: Thu, 3 Jan 2013 14:01:50 +0000 (+0100) Subject: fix use-after-realloc issue with the request url X-Git-Url: http://git.archive.openwrt.org/?p=project%2Fuhttpd.git;a=commitdiff_plain;h=12931edab795b7caeb70323e2959b5e5503c5980 fix use-after-realloc issue with the request url --- diff --git a/client.c b/client.c index 28c8f76..2fdc1b2 100644 --- a/client.c +++ b/client.c @@ -142,9 +142,9 @@ static int client_parse_request(struct client *cl, char *data) if (!type || !path || !version) return CLIENT_STATE_DONE; - memset(&cl->request, 0, sizeof(cl->request)); - req->url = path; + blobmsg_add_string(&cl->hdr, "URL", path); + memset(&cl->request, 0, sizeof(cl->request)); h_method = find_idx(http_methods, ARRAY_SIZE(http_methods), type); h_version = find_idx(http_versions, ARRAY_SIZE(http_versions), version); if (h_method < 0 || h_version < 0) { @@ -168,9 +168,8 @@ static bool client_init_cb(struct client *cl, char *buf, int len) *newline = 0; blob_buf_init(&cl->hdr, 0); - blobmsg_add_string(&cl->hdr, "REQUEST", buf); + cl->state = client_parse_request(cl, buf); ustream_consume(cl->us, newline + 2 - buf); - cl->state = client_parse_request(cl, (char *) blobmsg_data(blob_data(cl->hdr.head))); if (cl->state == CLIENT_STATE_DONE) uh_header_error(cl, 400, "Bad Request"); diff --git a/file.c b/file.c index 679755d..e95a165 100644 --- a/file.c +++ b/file.c @@ -685,7 +685,7 @@ static bool __handle_file_request(struct client *cl, const char *url) void uh_handle_request(struct client *cl) { struct dispatch_handler *d; - const char *url = cl->request.url; + const char *url = blobmsg_data(blob_data(cl->hdr.head));; d = dispatch_find(url, NULL); if (d) { @@ -697,5 +697,5 @@ void uh_handle_request(struct client *cl) __handle_file_request(cl, conf.error_handler)) return; - uh_client_error(cl, 404, "Not Found", "The requested URL %s was not found on this server.", cl->request.url); + uh_client_error(cl, 404, "Not Found", "The requested URL %s was not found on this server.", url); } diff --git a/proc.c b/proc.c index 351b473..425576e 100644 --- a/proc.c +++ b/proc.c @@ -123,9 +123,11 @@ struct env_var *uh_get_process_vars(struct client *cl, struct path_info *pi) struct blob_attr *data = cl->hdr.head; struct env_var *vars = (void *) uh_buf; struct blob_attr *tb[__HDR_MAX]; + const char *url; int len; int i; + url = blobmsg_data(blob_data(cl->hdr.head)); len = ARRAY_SIZE(proc_header_env); len += ARRAY_SIZE(extra_vars); len *= sizeof(struct env_var); @@ -136,7 +138,7 @@ struct env_var *uh_get_process_vars(struct client *cl, struct path_info *pi) extra_vars[VAR_SCRIPT_FILE].value = pi->phys; extra_vars[VAR_DOCROOT].value = pi->root; extra_vars[VAR_QUERY].value = pi->query ? pi->query : ""; - extra_vars[VAR_REQUEST].value = req->url; + extra_vars[VAR_REQUEST].value = url; extra_vars[VAR_PROTO].value = http_versions[req->version]; extra_vars[VAR_METHOD].value = http_methods[req->method]; extra_vars[VAR_PATH_INFO].value = pi->info; diff --git a/uhttpd.h b/uhttpd.h index b2404f4..5ec0f00 100644 --- a/uhttpd.h +++ b/uhttpd.h @@ -82,7 +82,6 @@ struct http_request { int content_length; bool expect_cont; uint8_t transfer_chunked; - const char *url; const struct auth_realm *realm; };