Conversation
There was a problem hiding this comment.
Pull request overview
This PR addresses a crash vulnerability in the multi-threaded HTTP server by adding exception handling around the stoi call when parsing the Content-Length header. The fix prevents malformed HTTP headers (e.g., non-numeric Content-Length values) from crashing the server.
Changes:
- Added try-catch block around
stoiconversion of Content-Length header value to handle parsing exceptions
SirTyson
force-pushed
the
harden-query-server
branch
from
4e3d571 to
35103ba
Compare
| body_content_length_ = stoull(header.value); | ||
| } | ||
| catch (std::exception const&) | ||
| { | ||
| return bad; |
There was a problem hiding this comment.
stoull(header.value) will parse prefixes like "5abc" without throwing, so malformed Content-Length headers may be accepted. Consider validating full consumption (use the pos overload and reject any non-whitespace trailing characters) to avoid inconsistent parsing (including potential request-smuggling issues).
| body_content_length_ = stoull(header.value); | ||
| } |
There was a problem hiding this comment.
body_content_length_ is a size_t, but stoull returns unsigned long long; on 32-bit builds a large Content-Length can successfully parse yet truncate when assigned to size_t. Consider parsing into a wider temp, rejecting values > std::numeric_limits<size_t>::max() before assigning, and returning bad on overflow.
| body_content_length_ = stoi(header.value); | ||
| try | ||
| { | ||
| body_content_length_ = stoull(header.value); |
There was a problem hiding this comment.
lgtm, but can we ask claude for a quick unit test that repros the issue and confirms the fix?
SirTyson
force-pushed
the
harden-query-server
branch
from
35103ba to
3a8d20a
Compare
2 participants
Description
Fixes bug where malformed HTTP headers would crash the multithreaded HTTP server.
Checklist
clang-formatv8.0.0 (viamake formator the Visual Studio extension)