diff options
| author | Dan Engelbrecht <[email protected]> | 2024-03-12 09:53:20 +0100 |
|---|---|---|
| committer | GitHub <[email protected]> | 2024-03-12 09:53:20 +0100 |
| commit | e130e105d1de7c658b59ce5dd9a226129c318a2c (patch) | |
| tree | 38eb33710a9ec970b52aee95e3e041990d915885 | |
| parent | fix zenserver state macos (#669) (diff) | |
| download | zen-e130e105d1de7c658b59ce5dd9a226129c318a2c.tar.xz zen-e130e105d1de7c658b59ce5dd9a226129c318a2c.zip | |
http request parser safety (#664)
* make sure we don't add more headers than we support
* don't capture for loop variables by reference for async work
| -rw-r--r-- | CHANGELOG.md | 2 | ||||
| -rw-r--r-- | src/zenhttp/servers/httpparser.cpp | 8 | ||||
| -rw-r--r-- | src/zenstore/cache/cachedisklayer.cpp | 4 |
3 files changed, 11 insertions, 3 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 385b73ef4..cdbe25da5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ - Bugfix: Shared memory for zenserver state may hang around after all zenserver processes exit - make sure we find a valid entry in `zen up` before bailing - Bugfix: Httpasio only call listen() once - Bugfix: Make sure exception do not leak out of async (worker thread pool) work and make sure we always wait for completion of all work +- Bugfix: Limit number of headers parsed to 127 as that is the maximum supported by Zen +- Bugfix: Don't capture for loop variables by reference when executing async code - Improvement: Httpasio explicitly close acceptor sockets - Improvement: Httpasio add retry for desired port - Improvement: Move structuredcachestore tests to zenstore-test diff --git a/src/zenhttp/servers/httpparser.cpp b/src/zenhttp/servers/httpparser.cpp index c64134c95..0a1c5686a 100644 --- a/src/zenhttp/servers/httpparser.cpp +++ b/src/zenhttp/servers/httpparser.cpp @@ -124,6 +124,13 @@ void HttpRequestParser::AppendCurrentHeader() { std::string_view HeaderName(m_CurrentHeaderName, m_CurrentHeaderNameLength); + if (m_Headers.size() == std::numeric_limits<int8_t>::max()) + { + ZEN_WARN("HttpRequestParser parser only supports up to {} headers, can't store header '{}'. Dropping it.", + std::numeric_limits<int8_t>::max(), + HeaderName); + return; + } std::string_view HeaderValue(m_CurrentHeaderValue, m_CurrentHeaderValueLength); const uint32_t HeaderHash = HashStringAsLowerDjb2(HeaderName); @@ -335,7 +342,6 @@ HttpRequestParser::ResetState() m_CurrentHeaderNameLength = 0; m_CurrentHeaderValue = nullptr; m_CurrentHeaderValueLength = 0; - m_CurrentHeaderName = nullptr; m_Url = nullptr; m_UrlLength = 0; m_QueryString = nullptr; diff --git a/src/zenstore/cache/cachedisklayer.cpp b/src/zenstore/cache/cachedisklayer.cpp index b9cb89fc9..93c841e46 100644 --- a/src/zenstore/cache/cachedisklayer.cpp +++ b/src/zenstore/cache/cachedisklayer.cpp @@ -3511,7 +3511,7 @@ ZenCacheDiskLayer::DiscoverBuckets() for (auto& BucketPath : FoundBucketDirectories) { WorkLatch.AddCount(1); - Pool.ScheduleWork([&]() { + Pool.ScheduleWork([this, &WorkLatch, &SyncLock, BucketPath]() { auto _ = MakeGuard([&]() { WorkLatch.CountDown(); }); const std::string BucketName = PathToUtf8(BucketPath.stem()); try @@ -3627,7 +3627,7 @@ ZenCacheDiskLayer::Flush() for (auto& Bucket : Buckets) { WorkLatch.AddCount(1); - Pool.ScheduleWork([&]() { + Pool.ScheduleWork([&WorkLatch, Bucket]() { auto _ = MakeGuard([&]() { WorkLatch.CountDown(); }); try { |