Increase robustness suggested by ChatGPT

VolkerChristian · VolkerChristian · commit 71988afee5fb · 2026-01-07T21:35:46.000+01:00
diff --git a/src/web/http/Parser.cpp b/src/web/http/Parser.cpp
@@ -50,13 +50,47 @@
 
 #include "web/http/http_utils.h"
 
+#include <charconv>
+#include <limits>
+#include <system_error>
 #include <tuple>
 #include <utility>
 
 #endif /* DOXYGEN_SHOULD_SKIP_THIS */
 
 namespace web::http {
 
+    static bool parseContentLengthStrict(const std::string& s, std::size_t& out) {
+        bool success = false;
+
+        unsigned long long value = 0;
+
+        if (!s.empty()) {
+            const char* first = s.data();
+            const char* last = s.data() + s.size();
+
+            const auto [ptr, ec] = std::from_chars(first, last, value, 10);
+
+            if (ec == std::errc{} && ptr == last && value <= static_cast<unsigned long long>(std::numeric_limits<std::size_t>::max())) {
+                out = static_cast<std::size_t>(value);
+                success = true;
+            }
+        }
+
+        return success;
+    }
+
+    static bool transferEncodingHasChunked(CiStringMap<std::string>& headers) {
+        bool hasChunked = false;
+
+        if (headers.contains("Transfer-Encoding")) {
+            const std::string& encoding = headers["Transfer-Encoding"];
+            hasChunked = web::http::ciContains(encoding, "chunked");
+        }
+
+        return hasChunked;
+    }
+
     // HTTP/1.0 and HTTP/1.1
     const std::regex Parser::httpVersionRegex("^HTTP/([1])[.]([0-1])$");
 
@@ -81,7 +115,7 @@ namespace web::http {
         contentLength = 0;
         contentLengthRead = 0;
 
-        for (ContentDecoder* contentDecoder : decoderQueue) {
+        for (const ContentDecoder* contentDecoder : decoderQueue) {
             delete contentDecoder;
         }
         decoderQueue.clear();
@@ -158,58 +192,75 @@ namespace web::http {
     }
 
     void Parser::analyzeHeader() {
-        if (headers.contains("Content-Length")) {
-            contentLength = std::stoul(headers["Content-Length"]);
-            decoderQueue.emplace_back(new web::http::decoder::Identity(socketContext, contentLength));
-        }
-        if (headers.contains("Transfer-Encoding")) {
-            const std::string& encoding = headers["Transfer-Encoding"];
+        bool success = true;
 
-            if (web::http::ciContains(encoding, "chunked")) {
-                transferEncoding = TransferEncoding::Chunked;
-                decoderQueue.emplace_back(new web::http::decoder::Chunked(socketContext));
+        // Determine message framing.
+        // RFC 9112 §6.3: Transfer-Encoding (chunked) overrides Content-Length.
+        const bool hasChunked = transferEncodingHasChunked(headers);
 
-                if (headers.contains("Trailer")) {
-                    std::string trailers = headers["Trailer"];
+        if (hasChunked) {
+            transferEncoding = TransferEncoding::Chunked;
+            decoderQueue.emplace_back(new web::http::decoder::Chunked(socketContext));
 
-                    while (!trailers.empty()) {
-                        std::string trailerField;
-                        std::tie(trailerField, trailers) = httputils::str_split(trailers, ',');
-                        httputils::str_trimm(trailerField);
-                        trailerFieldsExpected.insert(trailerField);
-                        trailerField.clear();
-                    }
-                    trailerDecoder.setFieldsExpected(trailerFieldsExpected);
+            if (headers.contains("Trailer")) {
+                std::string trailers = headers["Trailer"];
+
+                while (!trailers.empty()) {
+                    std::string trailerField;
+                    std::tie(trailerField, trailers) = httputils::str_split(trailers, ',');
+                    httputils::str_trimm(trailerField);
+                    trailerFieldsExpected.insert(trailerField);
+                    trailerField.clear();
                 }
+                trailerDecoder.setFieldsExpected(trailerFieldsExpected);
             }
-            if (web::http::ciContains(encoding, "compressed")) {
-                //  decoderQueue.emplace_back(new web::http::decoder::Compress(socketContext));
-            }
-            if (web::http::ciContains(encoding, "deflate")) {
-                //  decoderQueue.emplace_back(new web::http::decoder::Deflate(socketContext));
-            }
-            if (web::http::ciContains(encoding, "gzip")) {
-                //  decoderQueue.emplace_back(new web::http::decoder::GZip(socketContext));
+        } else if (headers.contains("Content-Length")) {
+            std::size_t length = 0;
+
+            if (!parseContentLengthStrict(headers["Content-Length"], length)) {
+                parseError(400, "Invalid Content-Length");
+                success = false;
+            } else {
+                contentLength = length;
+                decoderQueue.emplace_back(new web::http::decoder::Identity(socketContext, contentLength));
             }
         }
-        if (decoderQueue.empty()) {
-            decoderQueue.emplace_back(new web::http::decoder::HTTP10Response(socketContext));
-        }
-
-        if (headers.contains("Content-Encoding")) {
-            const std::string& encoding = headers["Content-Encoding"];
 
-            if (web::http::ciContains(encoding, "compressed")) {
-                //  decoderQueue.emplace_back(new web::http::decoder::Compress(socketContext));
-            }
-            if (web::http::ciContains(encoding, "deflate")) {
-                //  decoderQueue.emplace_back(new web::http::decoder::Deflate(socketContext));
+        if (success) {
+            // Transfer-Encoding (other than chunked) is currently not implemented, but we keep the
+            // existing behavior of not altering the decoder queue here.
+            if (headers.contains("Transfer-Encoding")) {
+                const std::string& encoding = headers["Transfer-Encoding"];
+                if (web::http::ciContains(encoding, "compressed")) {
+                    //  decoderQueue.emplace_back(new web::http::decoder::Compress(socketContext));
+                }
+                if (web::http::ciContains(encoding, "deflate")) {
+                    //  decoderQueue.emplace_back(new web::http::decoder::Deflate(socketContext));
+                }
+                if (web::http::ciContains(encoding, "gzip")) {
+                    //  decoderQueue.emplace_back(new web::http::decoder::GZip(socketContext));
+                }
             }
-            if (web::http::ciContains(encoding, "gzip")) {
-                //  decoderQueue.emplace_back(new web::http::decoder::GZip(socketContext));
+
+            if (decoderQueue.empty()) {
+                decoderQueue.emplace_back(new web::http::decoder::HTTP10Response(socketContext));
             }
-            if (web::http::ciContains(encoding, "br")) {
-                //  decoderQueue.emplace_back(new web::http::decoder::Br(socketContext));
+
+            if (headers.contains("Content-Encoding")) {
+                const std::string& encoding = headers["Content-Encoding"];
+
+                if (web::http::ciContains(encoding, "compressed")) {
+                    //  decoderQueue.emplace_back(new web::http::decoder::Compress(socketContext));
+                }
+                if (web::http::ciContains(encoding, "deflate")) {
+                    //  decoderQueue.emplace_back(new web::http::decoder::Deflate(socketContext));
+                }
+                if (web::http::ciContains(encoding, "gzip")) {
+                    //  decoderQueue.emplace_back(new web::http::decoder::GZip(socketContext));
+                }
+                if (web::http::ciContains(encoding, "br")) {
+                    //  decoderQueue.emplace_back(new web::http::decoder::Br(socketContext));
+                }
             }
         }
     }
diff --git a/src/web/websocket/SocketContextUpgrade.hpp b/src/web/websocket/SocketContextUpgrade.hpp
@@ -46,6 +46,9 @@
 
 #include "utils/hexdump.h"
 
+#include <cstring>
+#include <vector>
+
 #endif /* DOXYGEN_SHOULD_SKIP_THIS */
 
 namespace web::websocket {
@@ -93,18 +96,18 @@ namespace web::websocket {
     template <typename SubProtocol, typename Request, typename Response>
     void
     SocketContextUpgrade<SubProtocol, Request, Response>::sendClose(uint16_t statusCode, const char* reason, std::size_t reasonLength) {
-        std::size_t closePayloadLength = reasonLength + 2;
-        char* closePayload = new char[closePayloadLength];
+        const std::size_t closePayloadLength = reasonLength + 2;
+        std::vector<char> closePayload(closePayloadLength);
 
-        *reinterpret_cast<uint16_t*>(closePayload) = htobe16(statusCode); // cppcheck-suppress uninitdata
+        // Avoid unaligned stores.
+        const uint16_t beStatus = htobe16(statusCode);
+        std::memcpy(closePayload.data(), &beStatus, sizeof(beStatus));
 
         if (reasonLength > 0) {
-            memcpy(closePayload + 2, reason, reasonLength);
+            std::memcpy(closePayload.data() + 2, reason, reasonLength);
         }
 
-        sendClose(closePayload, closePayloadLength);
-
-        delete[] closePayload;
+        sendClose(closePayload.data(), closePayloadLength);
     }
 
     template <typename SubProtocol, typename Request, typename Response>
diff --git a/src/web/websocket/Transmitter.cpp b/src/web/websocket/Transmitter.cpp
@@ -48,6 +48,7 @@
 
 #include <endian.h>
 #include <string>
+#include <vector>
 
 #endif /* DOXYGEN_SHOULD_SKIP_THIS */
 
@@ -144,17 +145,15 @@ namespace web::websocket {
         if (masking) {
             sendFrameData(maskingKeyAsArray.keyAsBytes, 4);
 
+            // Never mutate the caller-provided payload buffer.
+            std::vector<char> maskedPayload(payload, payload + payloadLength);
             for (uint64_t i = 0; i < payloadLength; i++) {
-                *(const_cast<char*>(payload) + i) = static_cast<char>(*(payload + i) ^ *(maskingKeyAsArray.keyAsBytes + i % 4));
-            }
-        }
-
-        sendFrameData(payload, payloadLength);
-
-        if (masking) {
-            for (uint64_t i = 0; i < payloadLength; i++) {
-                *(const_cast<char*>(payload) + i) = static_cast<char>(*(payload + i) ^ *(maskingKeyAsArray.keyAsBytes + i % 4));
+                maskedPayload[static_cast<std::size_t>(i)] =
+                    static_cast<char>(maskedPayload[static_cast<std::size_t>(i)] ^ maskingKeyAsArray.keyAsBytes[i % 4]);
             }
+            sendFrameData(maskedPayload.data(), payloadLength);
+        } else {
+            sendFrameData(payload, payloadLength);
         }
     }
 
