From c8cbb4f24d2b763530785df79c35cf6f2487fe54 Mon Sep 17 00:00:00 2001 From: David Robillard Date: Mon, 23 Nov 2015 14:30:39 -0500 Subject: Fix crash when request contains invalid path URI Fixes #1108 --- ingen/Node.hpp | 10 ++++++++-- src/server/events/Delta.cpp | 7 ++++++- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/ingen/Node.hpp b/ingen/Node.hpp index fd001897..640b63cf 100644 --- a/ingen/Node.hpp +++ b/ingen/Node.hpp @@ -86,8 +86,14 @@ public: static Raul::URI root_graph_uri() { return Raul::URI("ingen:/graph"); } static bool uri_is_path(const Raul::URI& uri) { - return uri == root_graph_uri() || - uri.substr(0, root_graph_uri().length() + 1) == root_graph_uri() + "/"; + const size_t root_len = root_graph_uri().length(); + if (uri == root_graph_uri()) { + return true; + } else if (uri.substr(0, root_len + 1) != root_graph_uri() + "/") { + return false; + } else { + return Raul::URI::is_valid(uri.substr(root_len)); + } } static Raul::Path uri_to_path(const Raul::URI& uri) { diff --git a/src/server/events/Delta.cpp b/src/server/events/Delta.cpp index 66ebf803..0ef63d64 100644 --- a/src/server/events/Delta.cpp +++ b/src/server/events/Delta.cpp @@ -198,11 +198,16 @@ Delta::pre_process() const auto p = _properties.find(uris.lv2_prototype); if (p == _properties.end()) { return Event::pre_process_done(Status::BAD_REQUEST, _subject); + } else if (!_engine.world()->forge().is_uri(p->second)) { + return Event::pre_process_done(Status::BAD_REQUEST, _subject); } const Raul::URI prot(_engine.world()->forge().str(p->second, false)); + if (!Node::uri_is_path(prot)) { + return Event::pre_process_done(Status::BAD_URI, _subject); + } - Node* node = _engine.store()->get(Node::uri_to_path(Raul::URI(prot))); + Node* node = _engine.store()->get(Node::uri_to_path(prot)); if (!node) { return Event::pre_process_done(Status::NOT_FOUND, prot); } -- cgit v1.2.1