From 9dbd92476e826e7f3b95921dd44297d6beaece50 Mon Sep 17 00:00:00 2001 From: Ryan Date: Fri, 4 Sep 2009 17:35:38 +0200 Subject: [PATCH] Bugfix: Trap exceptions in URIParser. A user was able to crash chat.tinyclouds.org by sending it a malformed URL! Not good. --- src/http.js | 8 ++++-- test/mjsunit/test-http-malformed-request.js | 31 +++++++++++++++++++++ 2 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 test/mjsunit/test-http-malformed-request.js diff --git a/src/http.js b/src/http.js index ba0c802b58..1989507d18 100644 --- a/src/http.js +++ b/src/http.js @@ -61,8 +61,12 @@ node.http.parseUri = function (str) { uri[o.q.name] = {}; uri[o.key[12]].replace(o.q.parser, function ($0, $1, $2) { if ($1) { - var key = decode($1); - var val = decode($2); + try { + var key = decode($1); + var val = decode($2); + } catch (e) { + return; + } uri[o.q.name][key] = val; } }); diff --git a/test/mjsunit/test-http-malformed-request.js b/test/mjsunit/test-http-malformed-request.js new file mode 100644 index 0000000000..7172c4dd32 --- /dev/null +++ b/test/mjsunit/test-http-malformed-request.js @@ -0,0 +1,31 @@ +include("mjsunit.js"); + +// Make sure no exceptions are thrown when receiving malformed HTTP +// requests. +port = 9999; + +nrequests_completed = 0; +nrequests_expected = 1; + +var s = node.http.createServer(function (req, res) { + puts("req: " + JSON.stringify(req.uri)); + + res.sendHeader(200, {"Content-Type": "text/plain"}); + res.sendBody("Hello World"); + res.finish(); + + if (++nrequests_completed == nrequests_expected) s.close(); +}); +s.listen(port); + +var c = node.tcp.createConnection(port); +c.addListener("connect", function () { + c.send("GET /hello?foo=%99bar HTTP/1.1\r\n\r\n"); + c.close(); +}); + +// TODO add more! + +process.addListener("exit", function () { + assertEquals(nrequests_expected, nrequests_completed); +});