From 2db6d758f843fbf6f50f303e6a704deeff3bcc8e Mon Sep 17 00:00:00 2001
From: thiagoftsm <thiagoftsm@gmail.com>
Date: Thu, 1 Aug 2019 15:05:31 +0000
Subject: [PATCH] Fix crash in malloc (#6583)
* Server Crashing: URL search path
The system was setting NULL in an address without to have the values
* Server Crashing: URL script
After to fix the SSL, the script were not 100% compatible, so I am bringing the solution here
* Server Crashing:
Fixes reported in the issue related a possible NULL value to be kept and wrong variable
* Server Crashing: Readable code and missing if
It was a missing if yet, so I changed it, no less important I inverted the check order inside if to be more readable
---
tests/urls/request.sh.in | 10 ++++------
web/server/web_client.c | 9 +++++----
2 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/tests/urls/request.sh.in b/tests/urls/request.sh.in
index fac00bc4ee..6cbe773841 100644
--- a/tests/urls/request.sh.in
+++ b/tests/urls/request.sh.in
@@ -212,7 +212,7 @@ netdata_create_directory $OUTEDIR
netdata_create_directory $OUTOPTDIR
netdata_create_directory $ERRDIR
-wget --execute="robots = off" --mirror --convert-links --no-parent http://127.0.0.1:19999
+wget --no-check-certificate --execute="robots = off" --mirror --convert-links --no-parent $MURL
TEST=$?
if [ $TEST -ne "0" ] ; then
echo "Cannot connect to Netdata"
@@ -232,9 +232,9 @@ netdata_download_various_with_options $MURL "api/v1/info" "info"
netdata_download_various $MURL "api/v1/info?this%20could%20not%20be%20here" "err_info"
netdata_print_header "Getting all the netdata charts"
-CHARTS=$( netdata_download_charts "http://127.0.0.1:19999" "api/v1/charts" )
-WCHARTS=$( netdata_download_charts "http://127.0.0.1:19999" "api/v1/charts?this%20could%20not%20be%20here" )
-WCHARTS2=$( netdata_download_charts "http://127.0.0.1:19999" "api/v1/charts%3fthis%20could%20not%20be%20here" )
+CHARTS=$( netdata_download_charts "$MURL" "api/v1/charts" )
+WCHARTS=$( netdata_download_charts "$MURL" "api/v1/charts?this%20could%20not%20be%20here" )
+WCHARTS2=$( netdata_download_charts "$MURL" "api/v1/charts%3fthis%20could%20not%20be%20here" )
if [ ${#CHARTS[@]} -ne ${#WCHARTS[@]} ]; then
echo "The number of charts does not match with division not encoded.";
@@ -295,8 +295,6 @@ for I in $CHARTS ; do
break;
done
-#http://arch-esxi:19999/api/v1/(*@&$!$%%5E)!$*%&)!$*%%5E*!%5E%!%5E$%!%5E%(!*%5E*%5E%(*@&$%5E%(!%5E#*&!^#$*&!^%)@($%^)!*&^(!*&^#$&#$)!$%^)!$*%&)#$!^#*$^!(*#^#)!%^!)$*%&!(*&$!^#$*&^!*#^$!*^)%(!*&$%)(!&#$!^*#&$^!*^%)!$%)!(&#$!^#*&^$
-
WHITE='\033[0;37m'
echo -e "${WHITE}ALL the URLS got 200 as answer!"
diff --git a/web/server/web_client.c b/web/server/web_client.c
index 2da6c1dec1..abd37a8f49 100644
--- a/web/server/web_client.c
+++ b/web/server/web_client.c
@@ -929,7 +929,6 @@ void web_client_split_path_query(struct web_client *w, char *s) {
w->separator = 0x00;
w->url_path_length = strlen(s);
- w->url_search_path = NULL;
}
/**
@@ -1035,20 +1034,22 @@ static inline HTTP_VALIDATION http_request_validate(struct web_client *w) {
// a valid complete HTTP request found
*ue = '\0';
+ //This is to avoid crash in line
+ w->url_search_path = NULL;
if(w->mode != WEB_CLIENT_MODE_NORMAL) {
if(!url_decode_r(w->decoded_url, encoded_url, NETDATA_WEB_REQUEST_URL_SIZE + 1))
return HTTP_VALIDATION_MALFORMED_URL;
} else {
web_client_split_path_query(w, encoded_url);
- if (w->separator) {
+ if (w->url_search_path && w->separator) {
*w->url_search_path = 0x00;
}
if(!url_decode_r(w->decoded_url, encoded_url, NETDATA_WEB_REQUEST_URL_SIZE + 1))
return HTTP_VALIDATION_MALFORMED_URL;
- if (w->separator) {
+ if (w->url_search_path && w->separator) {
*w->url_search_path = w->separator;
char *from = (encoded_url + w->url_path_length);
@@ -1064,7 +1065,7 @@ static inline HTTP_VALIDATION http_request_validate(struct web_client *w) {
// copy the URL - we are going to overwrite parts of it
// TODO -- ideally we we should avoid copying buffers around
strncpyz(w->last_url, w->decoded_url, NETDATA_WEB_REQUEST_URL_SIZE);
- if (w->separator) {
+ if (w->url_search_path && w->separator) {
*w->url_search_path = 0x00;
}
#ifdef ENABLE_HTTPS