libevent evhttp_uri_get_query coredump

時間  2019-12-23
標籤 libevent evhttp uri query coredump 欄目 Linux 简体版
原文   原文鏈接

昨天和前端同事調試,拿到一個形式以下的http uri:html

http://192.168.1.226:9998/customer/online_duration_static?date=16570&$brand_type=1&online_total_time=1&business_data={"business":["43","44","45","46","47","48","49","51","68","69","70","80","82","129","130","139","146","177","186","187","223","249","250","258","262","293","300","301"]} 前端

放到瀏覽器上一敲,在服務端日誌裏看到的是:
json

http://192.168.1.226:9998/customer/online_duration_static?date=16570&$brand_type=1&online_total_time=1&business_data={%22business%22:[%2243%22,%2244%22,%2245%22,%2246%22,%2247%22,%2248%22,%2249%22,%2251%22,%2268%22,%2269%22,%2270%22,%2280%22,%2282%22,%22129%22,%22130%22,%22139%22,%22146%22,%22177%22,%22186%22,%22187%22,%22223%22,%22249%22,%22250%22,%22258%22,%22262%22,%22293%22,%22300%22,%22301%22]} 瀏覽器

服務端調用安全

const char* uri = evhttp_request_get_uri(req);編碼

char* decoded_uri = evhttp_decode_uri(uri);spa

進行decode以後能夠變回原來的uri:指針

http://192.168.1.226:9998/customer/online_duration_static?date=16570&$brand_type=1&online_total_time=1&business_data={"business":["43","44","45","46","47","48","49","51","68","69","70","80","82","129","130","139","146","177","186","187","223","249","250","258","262","293","300","301"]}調試

接下來調用 struct evhttp_uri* parsed_uri = evhttp_uri_parse(decoded_uri); 進行uri解析分段。日誌

在uri的business_data裏包含了uri的保留字符 [] : 。調用evhttp_uri_parse的時候沒法正常解析uri,返回NULL。在下一步的evhttp_uri_get_query的時候傳入空指針發生了coredump。

可見libevent的evhttp_uri_get_query方法並非安全的方法,未作參數檢查。

總結:

  1. 在調用libevent包含指針形參的方法前,須要對要傳入的參數作條件判斷;

  2. uri中存在json數據時候須要作轉義或者base64的編碼;

參考連接:http://www.cppblog.com/qinqing1984/archive/2012/09/25/191972.html

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程