api: fix use-after-free in URL regex matching

2025-03-09 00:00:00 +01:00 · 2021-01-04 18:40:00 +01:00 · 2021-01-04 18:40:00 +01:00 · a0163c8470
commit a0163c8470
parent 0f2b33386b
6 changed files with 17 additions and 14 deletions
--- a/include/villas/api/node_request.hpp
+++ b/include/villas/api/node_request.hpp
@ -47,19 +47,19 @@ public:
 		auto *nodes = session->getSuperNode()->getNodes();

 		uuid_t uuid;
-		ret = uuid_parse(matches[1].str().c_str(), uuid);
+		ret = uuid_parse(matches[1].c_str(), uuid);
 		if (ret) {
-			node = vlist_lookup_name<struct vnode>(nodes, matches[1].str());
+			node = vlist_lookup_name<struct vnode>(nodes, matches[1]);
 			if (!node)
 				throw BadRequest("Unknown node", "{ s: s }",
-					"node", matches[1].str().c_str()
+					"node", matches[1].c_str()
 				);
 		}
 		else {
 			node = vlist_lookup_uuid<struct vnode>(nodes, uuid);
 			if (!node)
 				throw BadRequest("No node found with with matching UUID", "{ s: s }",
-					"uuid", matches[1].str().c_str()
+					"uuid", matches[1].c_str()
 				);
 		}
 	}
--- a/include/villas/api/path_request.hpp
+++ b/include/villas/api/path_request.hpp
@ -45,17 +45,17 @@ public:
 		int ret;
 		uuid_t uuid;

-		ret = uuid_parse(matches[1].str().c_str(), uuid);
+		ret = uuid_parse(matches[1].c_str(), uuid);
 		if (ret)
 			throw BadRequest("Invalid UUID", "{ s: s }",
-				"uuid", matches[1].str().c_str()
+				"uuid", matches[1].c_str()
 			);

 		auto *paths = session->getSuperNode()->getPaths();
 		path = vlist_lookup_uuid<struct vpath>(paths, uuid);
 		if (!path)
 			throw BadRequest("No path found with with matching UUID", "{ s: s }",
-				"uuid", matches[1].str().c_str()
+				"uuid", matches[1].c_str()
 			);
 	}
 };
--- a/include/villas/api/request.hpp
+++ b/include/villas/api/request.hpp
@ -23,6 +23,7 @@

 #pragma once

+#include <vector>
 #include <regex>
 #include <jansson.h>

@ -56,7 +57,7 @@ protected:
 	Buffer buffer;

 public:
-	std::smatch matches;
+	std::vector<std::string> matches;
 	Session::Method method;
 	unsigned long contentLength;
 	json_t *body;
@ -82,10 +83,10 @@ public:

 	virtual void decode();

-	std::string
-	getMatch(int idx)
+	const std::string &
+	getMatch(int idx) const
 	{
-		return matches[idx].str();
+		return matches[idx];
 	}

 	std::string
--- a/lib/api/request.cpp
+++ b/lib/api/request.cpp
@ -52,7 +52,9 @@ Request * RequestFactory::create(Session *s, const std::string &uri, Session::Me

 		auto *p = rf->make(s);

-		p->matches = mr;
+		for (auto m : mr)
+			p->matches.push_back(m.str());
+
 		p->factory = rf;
 		p->method = meth;
 		p->contentLength = ct;
--- a/lib/api/requests/graph.cpp
+++ b/lib/api/requests/graph.cpp
@ -74,7 +74,7 @@ public:
 		std::list<std::string> supportedLayouts = { "circo", "dot", "fdp", "neato", "nop", "nop1", "nop2", "osage", "patchwork", "sfdp", "twopi" };
 		std::list<std::string> supportedFormats = { "ps", "eps", "txt", "svg", "svgz", "gif", "png", "jpg", "jpeg", "bmp", "dot", "fig", "json", "pdf" };

-		format = matches[1].str();
+		format = matches[1];

 		auto lit = std::find(supportedLayouts.begin(), supportedLayouts.end(), layout);
 		if (lit == supportedLayouts.end())
--- a/lib/api/requests/node_file.cpp
+++ b/lib/api/requests/node_file.cpp
@ -54,7 +54,7 @@ public:

 		struct file *f = (struct file *) node->_vd;

-		if (matches[2].str() == "rewind")
+		if (matches[2] == "rewind")
 			io_rewind(&f->io);

 		return new Response(session, HTTP_STATUS_OK);