diff --git a/changelog.md b/changelog.md index bdf140d..0aa8505 100644 --- a/changelog.md +++ b/changelog.md @@ -6,6 +6,8 @@ HEAD portion of this code. #378, #435, #449 - Bug: Fix memory leak when init_asio produces an error. #454 Thank you Mark Grimes for reporting and fixing. +- Bug: Fix crash when processing a specially crafted HTTP header. Thank you Eli Fidler for + reporting, test cases, and a patch. #456 0.6.0 - MINOR BREAKING TRANSPORT POLICY CHANGE: Custom transport policies will now be diff --git a/test/http/parser.cpp b/test/http/parser.cpp index dc7cf56..e0fb3e0 100644 --- a/test/http/parser.cpp +++ b/test/http/parser.cpp @@ -365,6 +365,7 @@ BOOST_AUTO_TEST_CASE( strip_lws ) { std::string test6 = " \r\n foo "; std::string test7 = " \t foo "; std::string test8 = " \t "; + std::string test9 = " \n\r"; BOOST_CHECK_EQUAL( websocketpp::http::parser::strip_lws(test1), "foo" ); BOOST_CHECK_EQUAL( websocketpp::http::parser::strip_lws(test2), "foo" ); @@ -374,6 +375,7 @@ BOOST_AUTO_TEST_CASE( strip_lws ) { BOOST_CHECK_EQUAL( websocketpp::http::parser::strip_lws(test6), "foo" ); BOOST_CHECK_EQUAL( websocketpp::http::parser::strip_lws(test7), "foo" ); BOOST_CHECK_EQUAL( websocketpp::http::parser::strip_lws(test8), "" ); + BOOST_CHECK_EQUAL( websocketpp::http::parser::strip_lws(test9), "" ); } BOOST_AUTO_TEST_CASE( case_insensitive_headers ) { diff --git a/websocketpp/http/parser.hpp b/websocketpp/http/parser.hpp index c66da6c..ade86e4 100644 --- a/websocketpp/http/parser.hpp +++ b/websocketpp/http/parser.hpp @@ -381,9 +381,13 @@ inline std::string strip_lws(std::string const & input) { if (begin == input.end()) { return std::string(); } - std::string::const_reverse_iterator end = extract_all_lws(input.rbegin(),input.rend()); - return std::string(begin,end.base()); + std::string::const_reverse_iterator rbegin = extract_all_lws(input.rbegin(),input.rend()); + if (rbegin == input.rend()) { + return std::string(); + } + + return std::string(begin,rbegin.base()); } /// Base HTTP parser