diff options
-rw-r--r-- | debian/changelog | 6 | ||||
-rw-r--r-- | plugins/statistics/statistics.cpp | 6 | ||||
-rw-r--r-- | plugins/weblog/weblog.cpp | 9 | ||||
-rw-r--r-- | response.cpp | 16 |
4 files changed, 33 insertions, 4 deletions
diff --git a/debian/changelog b/debian/changelog index 82579ef..5edf7b3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +webserver (1.10) UNRELEASED; urgency=medium + + * More runtime error checking + + -- Roland Reichwein <rr@antcom.de> Sat, 06 Jun 2020 15:12:35 +0200 + webserver (1.9) unstable; urgency=medium * Fix fcgi output size (content-length was 1 too big) diff --git a/plugins/statistics/statistics.cpp b/plugins/statistics/statistics.cpp index 3ebd301..b1778f7 100644 --- a/plugins/statistics/statistics.cpp +++ b/plugins/statistics/statistics.cpp @@ -44,7 +44,11 @@ namespace { return 0; } - result += stoull(elements[column]); + try { + result += stoull(elements[column]); + } catch(...) { + std::cerr << "Error: Stats value " << elements[column] << " malformed." << std::endl; + } } return result; diff --git a/plugins/weblog/weblog.cpp b/plugins/weblog/weblog.cpp index 1e1b6b2..a64ee1b 100644 --- a/plugins/weblog/weblog.cpp +++ b/plugins/weblog/weblog.cpp @@ -244,6 +244,9 @@ namespace { size_t page) { try { + if (page > std::numeric_limits<int>::max()) + throw std::runtime_error("Bad page index: "s + std::to_string(page)); + HtmlPage htmlPage{GetRequestParam, "<h1>"s + GetRequestParam("WEBLOG_NAME") + "</h1>"s}; fs::path link{ GetRequestParam("plugin_path")}; @@ -422,7 +425,11 @@ std::string weblog_plugin::generate_page( size_t page {0}; auto it {query.find("page")}; if (it != query.end()) { - page = stoul(it->second); + try { + page = stoul(it->second); + } catch(...) { + // ignore: keep default 0 + } } if (is_index_page(rel_target)) diff --git a/response.cpp b/response.cpp index 4e66dd3..98abac4 100644 --- a/response.cpp +++ b/response.cpp @@ -224,7 +224,14 @@ std::unordered_map<std::string, std::function<void(const std::string&, response_ { "location", [](const std::string& value, response_type& res){res.set(http::field::location, value);} },// e.g. 301 Moved Permanently: new Location { "server", [](const std::string& value, response_type& res){res.set(http::field::server, value);} }, // Server name/version string { "set_cookie", [](const std::string& value, response_type& res){res.set(http::field::set_cookie, value);} }, - { "status", [](const std::string& value, response_type& res){res.result(unsigned(stoul(value)));} }, // HTTP Status, e.g. "200" (OK) + { "status", [](const std::string& value, response_type& res){ + try { + res.result(unsigned(stoul(value))); + } catch (...) { + std::cerr << "Error: Bad status value: " << value << std::endl; + res.result(400); + } + } }, // HTTP Status, e.g. "200" (OK) { "www_authenticate", [](const std::string& value, response_type& res){res.set(http::field::www_authenticate, value);} }, }; @@ -242,7 +249,12 @@ void SetResponseHeader(const std::string& key, const std::string& value, respons response_type HttpStatus(std::string status, std::string message, response_type& res) { if (status != "200") { // already handled at res init - res.result(unsigned(stoul(status))); + try { + res.result(unsigned(stoul(status))); + } catch (...) { + std::cerr << "Error: HttpStatus: Bad status value: " << status << std::endl; + res.result(400); + } res.set(http::field::content_type, "text/html"); res.body() = "<html><body><h1>"s + Server::VersionString + " Error</h1><p>"s + status + " "s + message + "</p></body></html>"s; |