From 10587f2dd7dbda4184db2cd7994945ffc91db446 Mon Sep 17 00:00:00 2001 From: Dan Engelbrecht Date: Wed, 13 Sep 2023 10:50:56 -0400 Subject: fix url parsing crash (#399) * Don't index out of string_view range when parsing URI in httpsys --- CHANGELOG.md | 1 + src/zenserver/frontend/frontend.cpp | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9cdfdcd58..c9f5fe82f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ - Feature: Added `--cache-write-log` and `--cache-access-log` command line option to enable/disable cache write/access logs - Bugfix: Make sure cache logging thread does not crash on errors - Bugfix: Make sure error logging or destructors don't throw exception when trying to get file name from handle +- Bugfix: Don't index out of string_view range when parsing URI in httpsys - Improvement: Sorting attachments in oplog blocks based on Op key to group op attachments together - Improvement: Don't split attachments associated with the same op across oplog blocks diff --git a/src/zenserver/frontend/frontend.cpp b/src/zenserver/frontend/frontend.cpp index b743ca939..8c8e5cb9c 100644 --- a/src/zenserver/frontend/frontend.cpp +++ b/src/zenserver/frontend/frontend.cpp @@ -89,7 +89,7 @@ HttpFrontendService::HandleRequest(zen::HttpServerRequest& Request) using namespace std::literals; std::string_view Uri = Request.RelativeUriWithExtension(); - for (; Uri[0] == '/'; Uri = Uri.substr(1)) + for (; Uri.length() > 0 && Uri[0] == '/'; Uri = Uri.substr(1)) ; if (Uri.empty()) { -- cgit v1.2.3