alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-11-04 06:11:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

http: Fix parsing invalid url cause to crash

Browse Source 
Reason:
For example, if an url is lack of leading 'http:' by mistake, it causes to http_parser_parse_url() cannot parse http host item,
and then pass the null host pointer to _get_host_header(), crash happens.

Fix:
http added null pointer check now.

Closes https://jira.espressif.com:8443/browse/ESPAT-953
This commit is contained in:
Chen Wu
2021-12-02 14:15:43 +08:00
committed by bot
parent 5548b3b71c
commit 7f1ab6d8d1
2 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
components/esp_http_client/esp_http_client.c
View File

@@ -647,6 +647,10 @@ esp_http_client_handle_t esp_http_client_init(const esp_http_client_config_t *co
const char *user_agent = config->user_agent == NULL ? DEFAULT_HTTP_USER_AGENT : config->user_agent;
if (config->host != NULL && config->path != NULL) {
if (client->connection_info.host == NULL) {
ESP_LOGE(TAG, "invalid host");
goto error;
}
host_name = _get_host_header(client->connection_info.host, client->connection_info.port);
if (host_name == NULL) {
ESP_LOGE(TAG, "Failed to allocate memory for host header");
@@ -666,6 +670,10 @@ esp_http_client_handle_t esp_http_client_init(const esp_http_client_config_t *co
ESP_LOGE(TAG, "Failed to set URL");
goto error;
}
if (client->connection_info.host == NULL) {
ESP_LOGE(TAG, "invalid host");
goto error;
}
host_name = _get_host_header(client->connection_info.host, client->connection_info.port);
if (host_name == NULL) {
ESP_LOGE(TAG, "Failed to allocate memory for host header");

13
components/esp_http_client/test/test_http_client.c
View File

@@ -140,3 +140,16 @@ TEST_CASE("Username and password will not reset if new absolute URL doesnot spec
TEST_ASSERT_NOT_NULL(value);
esp_http_client_cleanup(client);
}
/**
* Test case to verify that, esp_http_client_init() should return NULL if configuration has url with empty hostname.
**/
TEST_CASE("esp_http_client_init() should return NULL if configured with wrong url", "[ESP HTTP CLIENT]")
{
esp_http_client_config_t config = {
.url = "//httpbin.org/post",
};
esp_http_client_handle_t client = esp_http_client_init(&config);
TEST_ASSERT_NULL(client);
esp_http_client_cleanup(client);
}