[Olsr-dev] [PATCH v1 17/18] info: sanitise the request right after it's been received

Ferry Huberts (spam-protected)
Sat Dec 10 18:25:27 CET 2016


From: Ferry Huberts <(spam-protected)>

Signed-off-by: Ferry Huberts <(spam-protected)>
---
 lib/info/olsrd_info.c | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/lib/info/olsrd_info.c b/lib/info/olsrd_info.c
index b07800f..91fd72d 100644
--- a/lib/info/olsrd_info.c
+++ b/lib/info/olsrd_info.c
@@ -749,6 +749,22 @@ static void ipc_action(int fd, void *data __attribute__ ((unused)), unsigned int
     req[sizeof(req_buffer) - 1] = '\0';
   }
 
+  /* sanitise the request */
+  if (rx_count > 0) {
+    req = cutAtFirstEOL(req, (size_t*) &rx_count);
+
+    req = stripTrailingWhitespace(req, (size_t*) &rx_count);
+    req = skipLeadingWhitespace(req, (size_t*) &rx_count);
+
+    /* detect http requests */
+    req = parseRequest(req, (size_t*) &rx_count);
+
+    req = stripTrailingWhitespace(req, (size_t*) &rx_count);
+    req = stripTrailingSlashes(req, (size_t*) &rx_count);
+    req = skipLeadingWhitespace(req, (size_t*) &rx_count);
+    req = skipMultipleSlashes(req, (size_t*) &rx_count);
+  }
+
   if (outbuffer.count >= MAX_CLIENTS) {
     /* limit the number of replies that are in-flight */
     drain_request(ipc_connection);
@@ -826,18 +842,6 @@ static void ipc_action(int fd, void *data __attribute__ ((unused)), unsigned int
 
   /* 0 < rx_count < sizeof(requ) */
 
-  req = cutAtFirstEOL(req, (size_t*) &rx_count);
-
-  req = stripTrailingWhitespace(req, (size_t*) &rx_count);
-  req = skipLeadingWhitespace(req, (size_t*) &rx_count);
-
-  req = parseRequest(req, (size_t*) &rx_count);
-
-  req = stripTrailingWhitespace(req, (size_t*) &rx_count);
-  req = stripTrailingSlashes(req, (size_t*) &rx_count);
-  req = skipLeadingWhitespace(req, (size_t*) &rx_count);
-  req = skipMultipleSlashes(req, (size_t*) &rx_count);
-
   if (!rx_count //
       || ((rx_count == 1) && (*req == '/'))) {
     /* empty or '/' */
-- 
2.9.3




More information about the Olsr-dev mailing list