[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] Bug in libmicrohttpd 0.9.39

From: Abhay Gupta
Subject: [libmicrohttpd] Bug in libmicrohttpd 0.9.39
Date: Fri, 9 Jan 2015 22:31:14 +0530


Pls see this code snippet

MHD_destroy_post_processor (struct MHD_PostProcessor *pp)
  int ret;

  if (NULL == pp)
    return MHD_YES;
  if (PP_ProcessValue == pp->state)
    /* key without terminated value left at the end of the
       buffer; fake receiving a termination character to
       ensure it is also processed */
        post_process_urlencoded (pp, "\n", 1);

This calling of post_process_urlencoded (pp, "\n", 1) is entirely incorrect and should be removed . Suppose you have a form with two fields a and b . On form posting the value will come as a=1&b=2 suppose . Since 2 is not terminated with \n it will remain in PP_ProcessValue and due to the above we get another post_process with b=\n.

So first we get a=1&b=2 and then we again get b=\n . This breaks the value of last element and obviously not required .



reply via email to

[Prev in Thread] Current Thread [Next in Thread]