Skip to content

Commit 324736b

Browse files
wes-jmagasrevywes-jmagasrevy
committed
Fixed bug caused by our failure to check if the '=' was found immediately following the 'boundary' parameter in a multipart request. Cisco/Talos reproduced this bug by simply sending the server a malformed request without everything that would normally su
1 parent 51b1a83 commit 324736b

File tree

1 file changed

+9
-4
lines changed

1 file changed

+9
-4
lines changed

Server/Source/http-s_req.c

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1644,12 +1644,17 @@ static void HTTPsReq_HdrParse (HTTPs_INSTANCE *p_instance,
16441644
sizeof(HTTP_STR_MULTIPART_BOUNDARY));
16451645

16461646
if (p_val == DEF_NULL) {
1647-
*p_err = HTTPs_ERR_REQ_FORMAT_INVALID;
1648-
return;
1647+
*p_err = HTTPs_ERR_REQ_FORMAT_INVALID;
1648+
return;
16491649
}
16501650

16511651
/* Boundary located after '='. */
16521652
p_val = Str_Char_N(p_val, len, ASCII_CHAR_EQUALS_SIGN);
1653+
if (p_val == DEF_NULL) {
1654+
*p_err = HTTPs_ERR_REQ_FORMAT_INVALID;
1655+
return;
1656+
}
1657+
16531658
p_val++; /* Remove space before boundary val. */
16541659
p_val = HTTP_StrGraphSrchFirst(p_val,
16551660
len);
@@ -1676,8 +1681,8 @@ static void HTTPsReq_HdrParse (HTTPs_INSTANCE *p_instance,
16761681
}
16771682
}
16781683

1679-
} else { /* Should not occurs. */
1680-
*p_err = HTTPs_ERR_REQ_MORE_DATA_REQUIRED;
1684+
} else { /* Should not occur. */
1685+
*p_err = HTTPs_ERR_REQ_MORE_DATA_REQUIRED;
16811686
return;
16821687
}
16831688
break;

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy