Fix crash when request contains invalid path URI

Fixes #1108

2 files changed, 14 insertions, 3 deletions

diff --git a/ingen/Node.hpp b/ingen/Node.hpp
index fd001897..640b63cf 100644
--- a/ingen/Node.hpp
+++ b/ingen/Node.hpp
@@ -86,8 +86,14 @@ public:
 	static Raul::URI root_graph_uri() { return Raul::URI("ingen:/graph"); }
 
 	static bool uri_is_path(const Raul::URI& uri) {
-		return uri == root_graph_uri() ||
-			uri.substr(0, root_graph_uri().length() + 1) == root_graph_uri() + "/";
+		const size_t root_len = root_graph_uri().length();
+		if (uri == root_graph_uri()) {
+			return true;
+		} else if (uri.substr(0, root_len + 1) != root_graph_uri() + "/") {
+			return false;
+		} else {
+			return Raul::URI::is_valid(uri.substr(root_len));
+		}
 	}
 
 	static Raul::Path uri_to_path(const Raul::URI& uri) {
diff --git a/src/server/events/Delta.cpp b/src/server/events/Delta.cpp
index 66ebf803..0ef63d64 100644
--- a/src/server/events/Delta.cpp
+++ b/src/server/events/Delta.cpp
@@ -198,11 +198,16 @@ Delta::pre_process()
 		const auto p = _properties.find(uris.lv2_prototype);
 		if (p == _properties.end()) {
 			return Event::pre_process_done(Status::BAD_REQUEST, _subject);
+		} else if (!_engine.world()->forge().is_uri(p->second)) {
+			return Event::pre_process_done(Status::BAD_REQUEST, _subject);
 		}
 
 		const Raul::URI prot(_engine.world()->forge().str(p->second, false));
+		if (!Node::uri_is_path(prot)) {
+			return Event::pre_process_done(Status::BAD_URI, _subject);
+		}
 
-		Node* node = _engine.store()->get(Node::uri_to_path(Raul::URI(prot)));
+		Node* node = _engine.store()->get(Node::uri_to_path(prot));
 		if (!node) {
 			return Event::pre_process_done(Status::NOT_FOUND, prot);
 		}