orthanc: OrthancFramework/Sources/HttpClient.cpp comparison

comparison OrthancFramework/Sources/HttpClient.cpp @ 4151:8c559dd5034b

Fix possible crash in HttpClient if sending multipart body (can occur in STOW-RS)

author	Sebastien Jodogne <s.jodogne@gmail.com>
date	Wed, 19 Aug 2020 11:59:02 +0200
parents	bf7b9edf6b81
children	db38b2ad4c4a

comparison

equal deleted inserted replaced

-:b56f3a37a4a1
+:8c559dd5034b
 class HttpClient::CurlRequestBody : public boost::noncopyable
 {
 private:
 HttpClient::IRequestBody*  body_;
-std::string                sourceBuffer_;
+std::string                pending_;
-size_t                     sourceBufferTransmittedSize_;
+size_t                     pendingPos_;
 size_t CallbackInternal(char* curlBuffer,
 size_t curlBufferSize)
 {
 if (body_ == NULL)
 if (curlBufferSize == 0)
 {
 throw OrthancException(ErrorCode_InternalError);
 }
-// Read chunks from the body stream so as to fill the target buffer
+if (pendingPos_ + curlBufferSize <= pending_.size())
-size_t curlBufferFilledSize = 0;
+{
-size_t sourceRemainingSize = sourceBuffer_.size() - sourceBufferTransmittedSize_;
+assert(sizeof(char) == 1);
-bool hasMore = true;
+memcpy(curlBuffer, &pending_[pendingPos_], curlBufferSize);
+pendingPos_ += curlBufferSize;
-while (sourceRemainingSize < curlBufferSize && hasMore)
+return curlBufferSize;
-{
+}
-if (sourceRemainingSize > 0)
+else
+{
+ChunkedBuffer buffer;
+buffer.SetPendingBufferSize(curlBufferSize);
+if (pendingPos_ < pending_.size())
 {
-// transmit the end of current source buffer
+buffer.AddChunk(&pending_[pendingPos_], pending_.size() - pendingPos_);
-memcpy(curlBuffer + curlBufferFilledSize,
-sourceBuffer_.data() + sourceBufferTransmittedSize_, sourceRemainingSize);
-curlBufferFilledSize += sourceRemainingSize;
 }
-// start filling a new source buffer
+// Read chunks from the body stream so as to fill the target buffer
-sourceBufferTransmittedSize_ = 0;
+std::string chunk;
-sourceBuffer_.clear();
+while (buffer.GetNumBytes() < curlBufferSize &&
-hasMore = body_->ReadNextChunk(sourceBuffer_);
+body_->ReadNextChunk(chunk))
+{
-sourceRemainingSize = sourceBuffer_.size();
+buffer.AddChunk(chunk);
 }
-if (sourceRemainingSize > 0 &&
+buffer.Flatten(pending_);
-curlBufferSize > curlBufferFilledSize)
+pendingPos_ = std::min(pending_.size(), curlBufferSize);
-{
-size_t s = std::min(sourceRemainingSize, curlBufferSize - curlBufferFilledSize);
+if (pendingPos_ != 0)
+{
-memcpy(curlBuffer + curlBufferFilledSize,
+memcpy(curlBuffer, pending_.c_str(), pendingPos_);
-sourceBuffer_.data() + sourceBufferTransmittedSize_, s);
+}
-sourceBufferTransmittedSize_ += s;
+return pendingPos_;
-curlBufferFilledSize += s;
+}
-}
-return curlBufferFilledSize;
 }
 public:
 CurlRequestBody() :
 body_(NULL),
-sourceBufferTransmittedSize_(0)
+pendingPos_(0)
 {
 }
 void SetBody(HttpClient::IRequestBody& body)
 {
 body_ = &body;
-sourceBufferTransmittedSize_ = 0;
+pending_.clear();
-sourceBuffer_.clear();
+pendingPos_ = 0;
 }
 void Clear()
 {
 body_ = NULL;
-sourceBufferTransmittedSize_ = 0;
+pending_.clear();
-sourceBuffer_.clear();
+pendingPos_ = 0;
 }
 bool IsValid() const
 {
 return body_ != NULL;

Mercurial > hg > orthanc

comparison OrthancFramework/Sources/HttpClient.cpp @ 4151:8c559dd5034b