Skip to content

Fix query parsing issues #629

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 28, 2020
Merged

Fix query parsing issues #629

merged 3 commits into from
Aug 28, 2020

Conversation

@omjego
Copy link
Contributor

@omjego omjego commented Aug 28, 2020

httplib::detail::split wasn't doing proper boundary checks. Inputs like "/? " (query with only spaces) or "/?= =" were crashing the server cause of illegal memory access done by the process, creating a potential security vulnerability, as this could be leveraged to make a DoS attack.
Have added checks for such cases and test cases as well.

omjego added 3 commits August 25, 2020 08:16
@omjego
Fix parsing to parse query string with single space char.
e84c698 
When passed ' ' as a query string, the server crashes cause of illegal memory access done in httplib::detail::split. Have added checks to make sure the split function has a valid string with length > 0.
@omjego
Fix parsing to parse query string with single space char.
f1807bb
@omjego
Merge pull request #1 from omjego/bug-fixes
c1bd96e 
Fix query parsing issues
@yhirose
Copy link
Owner

yhirose commented Aug 28, 2020

@omjego, the code looks good to me. Thanks for your contribution!

@yhirose yhirose merged commit b0fd4be into yhirose:master Aug 28, 2020
@omjego omjego mentioned this pull request Sep 22, 2020
Closed
ExclusiveOrange pushed a commit to ExclusiveOrange/cpp-httplib-exor that referenced this pull request May 2, 2023
@omjego
Fix query parsing issues (yhirose#629)
2610433 
* Fix parsing to parse query string with single space char.

When passed ' ' as a query string, the server crashes cause of illegal memory access done in httplib::detail::split. Have added checks to make sure the split function has a valid string with length > 0.

* Fix parsing to parse query string with single space char.
SC-One pushed a commit to SC-One/cpp-httplib that referenced this pull request Jan 15, 2025
Fix yhirose#629 (yhirose#633)
c62d438
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@omjego @yhirose