[XrdHttp + XrdHttpExtHandler] Fixes a segmentation fault happening wh…

…en a client sends a first line starting with a space
xrootd · Oct 10, 2022 · e0501bb · e0501bb
1 parent fdfe7ef
commit e0501bb
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/src/XrdHttp/XrdHttpExtHandler.cc b/src/XrdHttp/XrdHttpExtHandler.cc
@@ -90,7 +90,8 @@ verb(req->requestverb), headers(req->allheaders) {
   int envlen = 0;
 
   headers["xrd-http-query"] = req->opaque?req->opaque->Env(envlen):"";
-  headers["xrd-http-fullresource"] = req->resourceplusopaque.c_str();
+  const char * resourcePlusOpaque = req->resourceplusopaque.c_str();
+  headers["xrd-http-fullresource"] = resourcePlusOpaque != nullptr ? resourcePlusOpaque:"";
   headers["xrd-http-prot"] = prot->isHTTPS()?"https":"http";
 
   // These fields usually identify the client that connected

diff --git a/src/XrdHttp/XrdHttpReq.cc b/src/XrdHttp/XrdHttpReq.cc
@@ -409,13 +409,21 @@ int XrdHttpReq::parseFirstLine(char *line, int len) {
     return -1;
   }
 
-  // The first token cannot be too long
+
   pos = p - line;
+  // The first token cannot be too long
   if (pos > MAX_TK_LEN - 1) {
     request = rtMalformed;
     return -2;
   }
 
+  // The first space-delimited char cannot be the first one
+  // this allows to deal with the case when a client sends a first line that starts with a space " GET / HTTP/1.1"
+  if(pos == 0) {
+      request = rtMalformed;
+      return -4;
+  }
+
   // the first token must be non empty
   if (pos > 0) {
     line[pos] = 0;