Mercurial > hg > orthanc
comparison Resources/Patches/mongoose-3.8-patch.diff @ 3119:8f2bda0719f4
Fix issue #125 (Mongoose: /instances/{id} returns 500 on invalid HTTP Method)
| author | Sebastien Jodogne <s.jodogne@gmail.com> |
|---|---|
| date | Mon, 14 Jan 2019 13:11:43 +0100 |
| parents | a119f9ae3640 |
| children | 4a8e8a96b233 |
comparison
equal
deleted
inserted
replaced
| 3118:8849677c2cbc | 3119:8f2bda0719f4 |
|---|---|
| 1 --- mongoose.c.orig 2014-09-01 11:25:18.223466994 +0200 | 1 --- mongoose.c.orig 2019-01-14 13:06:27.147098524 +0100 |
| 2 +++ mongoose.c 2014-09-01 11:30:21.807479338 +0200 | 2 +++ mongoose.c 2019-01-14 12:44:35.331361929 +0100 |
| 3 @@ -50,6 +50,14 @@ | 3 @@ -50,6 +50,14 @@ |
| 4 #define PATH_MAX FILENAME_MAX | 4 #define PATH_MAX FILENAME_MAX |
| 5 #endif // __SYMBIAN32__ | 5 #endif // __SYMBIAN32__ |
| 6 | 6 |
| 7 +#if __gnu_hurd__ == 1 | 7 +#if __gnu_hurd__ == 1 |
| 25 +//#define strtoull(x, y, z) _strtoui64(x, y, z) | 25 +//#define strtoull(x, y, z) _strtoui64(x, y, z) |
| 26 +//#define strtoll(x, y, z) _strtoi64(x, y, z) | 26 +//#define strtoll(x, y, z) _strtoi64(x, y, z) |
| 27 #endif // _MSC_VER | 27 #endif // _MSC_VER |
| 28 | 28 |
| 29 #define ERRNO GetLastError() | 29 #define ERRNO GetLastError() |
| 30 @@ -2997,19 +3006,19 @@ | |
| 31 } | |
| 32 } | |
| 33 | |
| 34 -static int is_valid_http_method(const char *method) { | |
| 35 - return !strcmp(method, "GET") || !strcmp(method, "POST") || | |
| 36 +static int is_valid_http_method(const char *method, int *isValidHttpMethod) { | |
| 37 + *isValidHttpMethod = !strcmp(method, "GET") || !strcmp(method, "POST") || | |
| 38 !strcmp(method, "HEAD") || !strcmp(method, "CONNECT") || | |
| 39 !strcmp(method, "PUT") || !strcmp(method, "DELETE") || | |
| 40 !strcmp(method, "OPTIONS") || !strcmp(method, "PROPFIND") | |
| 41 - || !strcmp(method, "MKCOL") | |
| 42 - ; | |
| 43 + || !strcmp(method, "MKCOL"); | |
| 44 + return *isValidHttpMethod; | |
| 45 } | |
| 46 | |
| 47 // Parse HTTP request, fill in mg_request_info structure. | |
| 48 // This function modifies the buffer by NUL-terminating | |
| 49 // HTTP request components, header names and header values. | |
| 50 -static int parse_http_message(char *buf, int len, struct mg_request_info *ri) { | |
| 51 +static int parse_http_message(char *buf, int len, struct mg_request_info *ri, int *isValidHttpMethod) { | |
| 52 int is_request, request_length = get_request_len(buf, len); | |
| 53 if (request_length > 0) { | |
| 54 // Reset attributes. DO NOT TOUCH is_ssl, remote_ip, remote_port | |
| 55 @@ -3025,7 +3034,7 @@ | |
| 56 ri->request_method = skip(&buf, " "); | |
| 57 ri->uri = skip(&buf, " "); | |
| 58 ri->http_version = skip(&buf, "\r\n"); | |
| 59 - if (((is_request = is_valid_http_method(ri->request_method)) && | |
| 60 + if (((is_request = is_valid_http_method(ri->request_method, isValidHttpMethod)) && | |
| 61 memcmp(ri->http_version, "HTTP/", 5) != 0) || | |
| 62 (!is_request && memcmp(ri->request_method, "HTTP/", 5)) != 0) { | |
| 63 request_length = -1; | |
| 64 @@ -4930,7 +4939,7 @@ | |
| 65 return uri[0] == '/' || (uri[0] == '*' && uri[1] == '\0'); | |
| 66 } | |
| 67 | |
| 68 -static int getreq(struct mg_connection *conn, char *ebuf, size_t ebuf_len) { | |
| 69 +static int getreq(struct mg_connection *conn, char *ebuf, size_t ebuf_len, int *isValidHttpMethod) { | |
| 70 const char *cl; | |
| 71 | |
| 72 ebuf[0] = '\0'; | |
| 73 @@ -4944,7 +4953,7 @@ | |
| 74 } else if (conn->request_len <= 0) { | |
| 75 snprintf(ebuf, ebuf_len, "%s", "Client closed connection"); | |
| 76 } else if (parse_http_message(conn->buf, conn->buf_size, | |
| 77 - &conn->request_info) <= 0) { | |
| 78 + &conn->request_info, isValidHttpMethod) <= 0) { | |
| 79 snprintf(ebuf, ebuf_len, "Bad request: [%.*s]", conn->data_len, conn->buf); | |
| 80 } else { | |
| 81 // Request is valid | |
| 82 @@ -4973,7 +4982,8 @@ | |
| 83 } else if (mg_vprintf(conn, fmt, ap) <= 0) { | |
| 84 snprintf(ebuf, ebuf_len, "%s", "Error sending request"); | |
| 85 } else { | |
| 86 - getreq(conn, ebuf, ebuf_len); | |
| 87 + int isValidHttpMethod = 1; /* unused in this case */ | |
| 88 + getreq(conn, ebuf, ebuf_len, &isValidHttpMethod); | |
| 89 } | |
| 90 if (ebuf[0] != '\0' && conn != NULL) { | |
| 91 mg_close_connection(conn); | |
| 92 @@ -4995,8 +5005,13 @@ | |
| 93 // to crule42. | |
| 94 conn->data_len = 0; | |
| 95 do { | |
| 96 - if (!getreq(conn, ebuf, sizeof(ebuf))) { | |
| 97 + int isValidHttpMethod = 1; | |
| 98 + if (!getreq(conn, ebuf, sizeof(ebuf), &isValidHttpMethod)) { | |
| 99 + if (isValidHttpMethod) { | |
| 100 send_http_error(conn, 500, "Server Error", "%s", ebuf); | |
| 101 + } else { | |
| 102 + send_http_error(conn, 400, "Bad Request", "%s", ebuf); | |
| 103 + } | |
| 104 conn->must_close = 1; | |
| 105 } else if (!is_valid_uri(conn->request_info.uri)) { | |
| 106 snprintf(ebuf, sizeof(ebuf), "Invalid URI: [%s]", ri->uri); |