|
| 1 | +/* |
| 2 | + This file is part of libhttpserver |
| 3 | + Copyright (C) 2011-2019 Sebastiano Merlino |
| 4 | +
|
| 5 | + This library is free software; you can redistribute it and/or |
| 6 | + modify it under the terms of the GNU Lesser General Public |
| 7 | + License as published by the Free Software Foundation; either |
| 8 | + version 2.1 of the License, or (at your option) any later version. |
| 9 | +
|
| 10 | + This library is distributed in the hope that it will be useful, |
| 11 | + but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 13 | + Lesser General Public License for more details. |
| 14 | +
|
| 15 | + You should have received a copy of the GNU Lesser General Public |
| 16 | + License along with this library; if not, write to the Free Software |
| 17 | + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 |
| 18 | + USA |
| 19 | +*/ |
| 20 | + |
| 21 | +#include <microhttpd.h> |
| 22 | + |
| 23 | +#include "./httpserver.hpp" |
| 24 | +#include "httpserver/details/modded_request.hpp" |
| 25 | + |
| 26 | +#include "./littletest.hpp" |
| 27 | + |
| 28 | +// webserver::post_iterator (the MHD post-processor callback) is a private |
| 29 | +// static member, so this test cannot name it directly. Rather than the |
| 30 | +// `#define private public` hack -- which breaks libstdc++'s <sstream> when |
| 31 | +// it is pulled in transitively under the redefined keyword -- we use the |
| 32 | +// explicit-instantiation access loophole: the usual access checks are not |
| 33 | +// applied to the names that appear in an explicit template instantiation |
| 34 | +// ([temp.spec]/6). The filler<>::instance object below runs its constructor |
| 35 | +// at dynamic-initialisation time (before main) and stashes the captured |
| 36 | +// pointer into post_iterator_access::ptr. No shipped header is modified and |
| 37 | +// no language keyword is redefined, so the technique is portable across |
| 38 | +// libstdc++ and libc++. |
| 39 | +namespace { |
| 40 | + |
| 41 | +struct post_iterator_access { |
| 42 | + using fn_t = MHD_Result (*)(void*, enum MHD_ValueKind, const char*, |
| 43 | + const char*, const char*, const char*, |
| 44 | + const char*, uint64_t, size_t); |
| 45 | + static fn_t ptr; |
| 46 | +}; |
| 47 | +post_iterator_access::fn_t post_iterator_access::ptr = nullptr; |
| 48 | + |
| 49 | +template <post_iterator_access::fn_t Value> |
| 50 | +struct filler { |
| 51 | + filler() { post_iterator_access::ptr = Value; } |
| 52 | + static filler instance; |
| 53 | +}; |
| 54 | +template <post_iterator_access::fn_t Value> |
| 55 | +filler<Value> filler<Value>::instance; |
| 56 | + |
| 57 | +// The template argument names the private member; access checking does not |
| 58 | +// apply here, so this is well-formed. |
| 59 | +template struct filler<&httpserver::webserver::post_iterator>; |
| 60 | + |
| 61 | +// Invoke the captured callback for the no-file form-arg path. |
| 62 | +MHD_Result feed(httpserver::details::modded_request* mr, const char* key, |
| 63 | + const char* data, uint64_t off, size_t size) { |
| 64 | + return post_iterator_access::ptr( |
| 65 | + mr, MHD_POSTDATA_KIND, key, /*filename=*/nullptr, |
| 66 | + /*content_type=*/nullptr, /*transfer_encoding=*/nullptr, |
| 67 | + data, off, size); |
| 68 | +} |
| 69 | + |
| 70 | +} // namespace |
| 71 | + |
| 72 | +LT_BEGIN_SUITE(post_iterator_null_key_suite) |
| 73 | + void set_up() { |
| 74 | + } |
| 75 | + |
| 76 | + void tear_down() { |
| 77 | + } |
| 78 | +LT_END_SUITE(post_iterator_null_key_suite) |
| 79 | + |
| 80 | +// Regression test for issue #375: MHD may invoke the post iterator with a |
| 81 | +// null key on a continuation chunk (off > 0) because the field name was |
| 82 | +// only supplied on the first call. The previous implementation passed the |
| 83 | +// raw key pointer into std::string, which throws std::logic_error on null |
| 84 | +// and aborts the process via std::terminate (the throw escapes a C |
| 85 | +// callback). The guard must instead accept and silently skip the chunk, |
| 86 | +// returning before any field name is needed -- so dhr is deliberately left |
| 87 | +// null here: a correct guard never reaches the std::string construction nor |
| 88 | +// the dhr dereference. Without the guard, std::string(nullptr) throws. |
| 89 | +LT_BEGIN_AUTO_TEST(post_iterator_null_key_suite, null_key_continuation_does_not_throw) |
| 90 | + httpserver::details::modded_request mr{}; |
| 91 | + MHD_Result r = MHD_NO; |
| 92 | + LT_CHECK_NOTHROW(r = feed(&mr, /*key=*/nullptr, "value", /*off=*/5, 5)); |
| 93 | + // MHD_YES keeps the request alive; MHD_NO would abort it. |
| 94 | + LT_CHECK_EQ(r, MHD_YES); |
| 95 | +LT_END_AUTO_TEST(null_key_continuation_does_not_throw) |
| 96 | + |
| 97 | +// Same guard on the initial-chunk path (off == 0). MHD should not normally |
| 98 | +// hand us a null key here, but the guard is unconditional, so pin it. |
| 99 | +LT_BEGIN_AUTO_TEST(post_iterator_null_key_suite, null_key_initial_does_not_throw) |
| 100 | + httpserver::details::modded_request mr{}; |
| 101 | + MHD_Result r = MHD_NO; |
| 102 | + LT_CHECK_NOTHROW(r = feed(&mr, /*key=*/nullptr, "value", /*off=*/0, 5)); |
| 103 | + LT_CHECK_EQ(r, MHD_YES); |
| 104 | +LT_END_AUTO_TEST(null_key_initial_does_not_throw) |
| 105 | + |
| 106 | +LT_BEGIN_AUTO_TEST_ENV() |
| 107 | + AUTORUN_TESTS() |
| 108 | +LT_END_AUTO_TEST_ENV() |
0 commit comments