Treat paths with embedded NUL bytes as invalid (yhirose#1765)

wandernauta · web-flow · commit 4ef9ed80cde4 · 2024-01-27T08:22:00.000-05:00
Fixes yhirose#1763.
diff --git a/httplib.h b/httplib.h
@@ -2413,6 +2413,7 @@ inline bool is_valid_path(const std::string &path) {
     // Read component
     auto beg = i;
     while (i < path.size() && path[i] != '/') {
+      if (path[i] == '\0') { return false; }
       i++;
     }
 
diff --git a/test/test.cc b/test/test.cc
@@ -71,6 +71,15 @@ TEST(DecodeURLTest, PercentCharacter) {
       R"(descrip=Gastos áéíóúñÑ 6)");
 }
 
+TEST(DecodeURLTest, PercentCharacterNUL) {
+  string expected;
+  expected.push_back('x');
+  expected.push_back('\0');
+  expected.push_back('x');
+
+  EXPECT_EQ(detail::decode_url("x%00x", false), expected);
+}
+
 TEST(EncodeQueryParamTest, ParseUnescapedChararactersTest) {
   string unescapedCharacters = "-_.!~*'()";
 
@@ -2482,6 +2491,12 @@ TEST_F(ServerTest, GetMethodInvalidMountPath) {
   EXPECT_EQ(StatusCode::NotFound_404, res->status);
 }
 
+TEST_F(ServerTest, GetMethodEmbeddedNUL) {
+  auto res = cli_.Get("/mount/dir/test.html%00.js");
+  ASSERT_TRUE(res);
+  EXPECT_EQ(StatusCode::NotFound_404, res->status);
+}
+
 TEST_F(ServerTest, GetMethodOutOfBaseDirMount) {
   auto res = cli_.Get("/mount/../www2/dir/test.html");
   ASSERT_TRUE(res);

Original file line number	Diff line number	Diff line change
`@@ -2413,6 +2413,7 @@ inline bool is_valid_path(const std::string &path) {`
`2413`	`2413`	`// Read component`
`2414`	`2414`	`auto beg = i;`
`2415`	`2415`	`while (i < path.size() && path[i] != '/') {`
	`2416`	`+ if (path[i] == '\0') { return false; }`
`2416`	`2417`	`i++;`
`2417`	`2418`	`}`
`2418`	`2419`