Skip to content

Commit

Permalink
Revise bodyToStringParser to use MemoryDataStream
Browse files Browse the repository at this point in the history
Better dynamic memory reallocation and avoids conversion to MemoryDataStream at end anyway
Still has the weakness that the decode is unbounded so bad actors can kill system with large POST
  • Loading branch information
mikee47 committed Aug 30, 2024
1 parent 3378a0c commit d5176ab
Showing 1 changed file with 5 additions and 9 deletions.
14 changes: 5 additions & 9 deletions Sming/Components/Network/src/Network/Http/HttpBodyParser.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

#include "HttpBodyParser.h"
#include <Data/WebHelpers/escape.h>
#include <Data/Stream/MemoryDataStream.h>

/*
* Content is received in chunks which we need to reassemble into name=value pairs.
Expand Down Expand Up @@ -103,11 +104,11 @@ size_t formUrlParser(HttpRequest& request, const char* at, int length)

size_t bodyToStringParser(HttpRequest& request, const char* at, int length)
{
auto data = static_cast<String*>(request.args);
auto data = static_cast<ReadWriteStream*>(request.args);

if(length == PARSE_DATASTART) {
delete data;
data = new String();
data = new MemoryDataStream();
request.args = data;
return 0;
}
Expand All @@ -118,15 +119,10 @@ size_t bodyToStringParser(HttpRequest& request, const char* at, int length)
}

if(length == PARSE_DATAEND || length < 0) {
request.setBody(std::move(*data));
delete data;
request.setBody(data);
request.args = nullptr;
return 0;
}

if(!data->concat(at, length)) {
return 0;
}

return length;
return data->write(at, length);
}

0 comments on commit d5176ab

Please sign in to comment.