src: fix invalid memory access in http_parse_host

http_parse_host() depends on `u->field_data[UF_HOST]`, but this
if() allowed the method to be called if only
`u->field_data[UF_SCHEMA]` was set, resulting in use of
unintialized pointers.

PR-URL: https://github.com/joyent/http-parser/pull/246
Reviewed-By: Fedor Indutny <fedor@indutny.com>
make-http-max-header-size-gyp-configurable
Daniel Knoppel (Phusion) 10 years ago committed by Fedor Indutny
parent 2896229a13
commit f6f436a12e

@ -2232,6 +2232,7 @@ http_parse_host_char(enum http_host_state s, const char ch) {
static int static int
http_parse_host(const char * buf, struct http_parser_url *u, int found_at) { http_parse_host(const char * buf, struct http_parser_url *u, int found_at) {
assert(u->field_set & (1 << UF_HOST));
enum http_host_state s; enum http_host_state s;
const char *p; const char *p;
@ -2376,7 +2377,12 @@ http_parser_parse_url(const char *buf, size_t buflen, int is_connect,
/* host must be present if there is a schema */ /* host must be present if there is a schema */
/* parsing http:///toto will fail */ /* parsing http:///toto will fail */
if ((u->field_set & ((1 << UF_SCHEMA) | (1 << UF_HOST))) != 0) { if ((u->field_set & (1 << UF_SCHEMA)) &&
(u->field_set & (1 << UF_HOST)) == 0) {
return 1;
}
if (u->field_set & (1 << UF_HOST)) {
if (http_parse_host(buf, u, found_at) != 0) { if (http_parse_host(buf, u, found_at) != 0) {
return 1; return 1;
} }

Loading…
Cancel
Save