[core] Fix segments count check in clean_uri(). Add unit-test. (#3032)

This commit is contained in:
Dmitry Verenitsin
2026-05-26 02:16:40 +05:00
committed by GitHub
parent 08c3fffa7c
commit 325bb3a606
2 changed files with 65 additions and 1 deletions
+2 -1
View File
@@ -4270,7 +4270,8 @@ switch_status_t clean_uri(char *uri)
argc = switch_separate_string(uri, '/', argv, sizeof(argv) / sizeof(argv[0])); argc = switch_separate_string(uri, '/', argv, sizeof(argv) / sizeof(argv[0]));
if (argc == sizeof(argv)) { /* too deep */ /* Intentionally using == instead of > because this way we would know that the url was fully parsed for sure */
if (argc == (sizeof(argv) / sizeof(argv[0]))) { /* too deep */
return SWITCH_STATUS_FALSE; return SWITCH_STATUS_FALSE;
} }
+63
View File
@@ -124,6 +124,69 @@ FST_TEST_BEGIN(b64_pad1)
} }
FST_TEST_END() FST_TEST_END()
#define test_uri_count 6
/* Currently tests only clear_uri() */
FST_TEST_BEGIN(test_switch_http_parse_header)
{
int i = 0;
switch_status_t status = SWITCH_STATUS_SUCCESS;
switch_http_request_t request = {0};
char bad_uris[][200] = {
"/t/o/o/_/l/o/n/g/_/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/a/2/3/4",
"without_a_slash/",
};
char raw_uris[test_uri_count][200] = {
"/////////uri1",
"/././././uri2",
"/uri3/uri3_1/.//uri3_2/../../uri3_3",
"/../../../uri4",
"/uri5/uri5_1/",
"/uri6/uri6_1",
};
const char clear_uris[test_uri_count][200] = {
"/uri1",
"/uri2",
"/uri3/uri3_3",
"/uri4",
"/uri5/uri5_1",
"/uri6/uri6_1",
};
for (i = 0; i < (sizeof(bad_uris) / sizeof(bad_uris[0])); i++) {
char bad_header[256];
const char *bad_uri = bad_uris[i];
/* Use precision specifier to suppress false-positive "format-truncation" warning. */
snprintf(bad_header, sizeof(bad_header), "GET %.199s HTTP/1.1\r\n\r\nBODY", bad_uri);
fst_check((status = switch_http_parse_header(bad_header, sizeof(bad_header), &request)) == SWITCH_STATUS_FALSE);
if (status == SWITCH_STATUS_SUCCESS) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Bad uri parsed [%d]: [%s]\n", i, request.uri);
switch_http_free_request(&request);
}
}
for (i = 0; i < test_uri_count; i++) {
char raw_header[256];
const char *clear_uri = clear_uris[i];
const char *raw_uri = raw_uris[i];
/* Use precision specifier to suppress false-positive "format-truncation" warning. */
snprintf(raw_header, sizeof(raw_header), "GET %.199s HTTP/1.1\r\n\r\nBODY", raw_uri);
fst_check((status = switch_http_parse_header(raw_header, sizeof(raw_header), &request)) == SWITCH_STATUS_SUCCESS);
fst_check_string_equals(clear_uri, request.uri);
if (status == SWITCH_STATUS_SUCCESS) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_INFO, "URI [%d]: [%s] => [%s]\n", i, raw_uri, request.uri);
switch_http_free_request(&request);
}
}
}
FST_TEST_END()
FST_SUITE_END() FST_SUITE_END()
FST_MINCORE_END() FST_MINCORE_END()