bugfix: rest: avoid segfault for invalid URI

`evhttp_uri_parse` can return a nullptr, for example when the URI contains invalid characters (e.g. "%"). `GetQueryParameterFromUri` passes the output of `evhttp_uri_parse` straight into `evhttp_uri_get_query`, which means that anyone calling a REST endpoint in which query parameters are used (e.g. `rest_headers`) can cause a segfault. This bugfix is designed to be minimal and without additional behaviour change. Follow-up work should be done to resolve this in a more general and robust way, so not every endpoint has to handle it individually.
2025-11-11 14:38:29 +01:00 · 2023-04-14 19:03:08 -03:00
parent 2bfe43db16
commit 11422cc572
4 changed files with 33 additions and 4 deletions
--- a/src/httpserver.cpp
+++ b/src/httpserver.cpp
@@ -673,6 +673,9 @@ std::optional<std::string> HTTPRequest::GetQueryParameter(const std::string& key
 std::optional<std::string> GetQueryParameterFromUri(const char* uri, const std::string& key)
 {
    evhttp_uri* uri_parsed{evhttp_uri_parse(uri)};
+    if (!uri_parsed) {
+        throw std::runtime_error("URI parsing failed, it likely contained RFC 3986 invalid characters");
+    }
    const char* query{evhttp_uri_get_query(uri_parsed)};
    std::optional<std::string> result;