-
Notifications
You must be signed in to change notification settings - Fork 1.5k
http_parser_parse_url crash when random string passed #209
Comments
@mobiphil thanks for sharing this with us. May I kindly ask you to provide a test case for our convenience? |
hi, happy to help, just try: struct http_parser_url u; http_parser_parse_url(url, strlen(url), 0, &u) ; the problem is that the processor assumes that there is still input available after the state machine changes from "schema" to next one |
(http_parse_host) - Check for invalid parameters. - Cast field offset assignment to proper type. (http_parser_parse_url) - Check for invalid parameters. - Cast field offset assignment to proper type. - Fail if the schema field was found but the host field was not found. - Call http_parse_host only if the host field was found. Prior to this change http_parse_host, which expects the UF_HOST field to be filled, could be called even when that field was not filled resulting in a crash. Refer to issue nodejs#209.
What is happening here is In the case of
Personally I want to be able to handle something like |
Thanks for your time for dealing with the issue. Among others I was intending to use the url parser for parsing of the GET command from a http header that, as you may know, does not contain the schema or server. So for a request like http://gliaeuoaeu.com it would issue a http header with "GET / HTTP/1.1." For http://gliaoeuo.com///// will issue a http header with "GET ///// HTTP/1.1" which I think is valid http. I think the url parser should interpret thus the slashes as virtual path elements rather than the double slash from the schema. |
@mobiphil Why not build a real URL using the value of the |
Well, that was what I done, you can imagine. The bug was against the crash. The question is if doing what you advice is hackish or not. Without being perfectionist for sure it is not efficient to just concatenate strings because a library may not implement sthg. correctly. The question is what is the standard/advice described in protocol related documents. |
Wait, hostname is not required. The crash is happening because the Going to send a PR in a bit. |
The struct must be zero-initialized, but this wasn't explicitly stated anywhere in headers. Introduce `http_parser_url_init` API method that will do it. Fix nodejs#209
Should be fixed by #225 |
Closing. Can reopen if #225 didn't actually solve it |
The struct must be zero-initialized, but this wasn't explicitly stated anywhere in headers. Introduce `http_parser_url_init` API method that will do it. Fixes: #209 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Brian White <[email protected]> PR-URL: #225
was expecting to get only path UF_PATH retrieved when calling http_parser_parse_url without any schema or "//", instead the function crashes the host app.
it should either fail to fill any of the fields or just fill in path with full string if no schema "//.." specified
The text was updated successfully, but these errors were encountered: