From a0163c8470d17babead66cc4d7fdc173061e4cda Mon Sep 17 00:00:00 2001 From: Steffen Vogel Date: Mon, 4 Jan 2021 18:40:00 +0100 Subject: [PATCH] api: fix use-after-free in URL regex matching --- include/villas/api/node_request.hpp | 8 ++++---- include/villas/api/path_request.hpp | 6 +++--- include/villas/api/request.hpp | 9 +++++---- lib/api/request.cpp | 4 +++- lib/api/requests/graph.cpp | 2 +- lib/api/requests/node_file.cpp | 2 +- 6 files changed, 17 insertions(+), 14 deletions(-) diff --git a/include/villas/api/node_request.hpp b/include/villas/api/node_request.hpp index 6ed172ebf..69b628fb4 100644 --- a/include/villas/api/node_request.hpp +++ b/include/villas/api/node_request.hpp @@ -47,19 +47,19 @@ public: auto *nodes = session->getSuperNode()->getNodes(); uuid_t uuid; - ret = uuid_parse(matches[1].str().c_str(), uuid); + ret = uuid_parse(matches[1].c_str(), uuid); if (ret) { - node = vlist_lookup_name(nodes, matches[1].str()); + node = vlist_lookup_name(nodes, matches[1]); if (!node) throw BadRequest("Unknown node", "{ s: s }", - "node", matches[1].str().c_str() + "node", matches[1].c_str() ); } else { node = vlist_lookup_uuid(nodes, uuid); if (!node) throw BadRequest("No node found with with matching UUID", "{ s: s }", - "uuid", matches[1].str().c_str() + "uuid", matches[1].c_str() ); } } diff --git a/include/villas/api/path_request.hpp b/include/villas/api/path_request.hpp index 2193caa94..209d7c92e 100644 --- a/include/villas/api/path_request.hpp +++ b/include/villas/api/path_request.hpp @@ -45,17 +45,17 @@ public: int ret; uuid_t uuid; - ret = uuid_parse(matches[1].str().c_str(), uuid); + ret = uuid_parse(matches[1].c_str(), uuid); if (ret) throw BadRequest("Invalid UUID", "{ s: s }", - "uuid", matches[1].str().c_str() + "uuid", matches[1].c_str() ); auto *paths = session->getSuperNode()->getPaths(); path = vlist_lookup_uuid(paths, uuid); if (!path) throw BadRequest("No path found with with matching UUID", "{ s: s }", - "uuid", matches[1].str().c_str() + "uuid", matches[1].c_str() ); } }; diff --git a/include/villas/api/request.hpp b/include/villas/api/request.hpp index 2c2ebbb1e..aac018f92 100644 --- a/include/villas/api/request.hpp +++ b/include/villas/api/request.hpp @@ -23,6 +23,7 @@ #pragma once +#include #include #include @@ -56,7 +57,7 @@ protected: Buffer buffer; public: - std::smatch matches; + std::vector matches; Session::Method method; unsigned long contentLength; json_t *body; @@ -82,10 +83,10 @@ public: virtual void decode(); - std::string - getMatch(int idx) + const std::string & + getMatch(int idx) const { - return matches[idx].str(); + return matches[idx]; } std::string diff --git a/lib/api/request.cpp b/lib/api/request.cpp index b9b848fb9..e252d82c6 100644 --- a/lib/api/request.cpp +++ b/lib/api/request.cpp @@ -52,7 +52,9 @@ Request * RequestFactory::create(Session *s, const std::string &uri, Session::Me auto *p = rf->make(s); - p->matches = mr; + for (auto m : mr) + p->matches.push_back(m.str()); + p->factory = rf; p->method = meth; p->contentLength = ct; diff --git a/lib/api/requests/graph.cpp b/lib/api/requests/graph.cpp index ea25457af..c3eafbc19 100644 --- a/lib/api/requests/graph.cpp +++ b/lib/api/requests/graph.cpp @@ -74,7 +74,7 @@ public: std::list supportedLayouts = { "circo", "dot", "fdp", "neato", "nop", "nop1", "nop2", "osage", "patchwork", "sfdp", "twopi" }; std::list supportedFormats = { "ps", "eps", "txt", "svg", "svgz", "gif", "png", "jpg", "jpeg", "bmp", "dot", "fig", "json", "pdf" }; - format = matches[1].str(); + format = matches[1]; auto lit = std::find(supportedLayouts.begin(), supportedLayouts.end(), layout); if (lit == supportedLayouts.end()) diff --git a/lib/api/requests/node_file.cpp b/lib/api/requests/node_file.cpp index 502812c85..2799fce51 100644 --- a/lib/api/requests/node_file.cpp +++ b/lib/api/requests/node_file.cpp @@ -54,7 +54,7 @@ public: struct file *f = (struct file *) node->_vd; - if (matches[2].str() == "rewind") + if (matches[2] == "rewind") io_rewind(&f->io); return new Response(session, HTTP_STATUS_OK);