[asterisk-commits] dlee: branch dlee/ASTERISK-22743-post-body r402385 - in /team/dlee/ASTERISK-2...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Fri Nov 1 16:19:22 CDT 2013 

Author: dlee
Date: Fri Nov  1 16:19:20 2013
New Revision: 402385

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=402385
Log:
Error handling when processing post_vars

Modified:
    team/dlee/ASTERISK-22743-post-body/main/http.c
    team/dlee/ASTERISK-22743-post-body/main/manager.c
    team/dlee/ASTERISK-22743-post-body/res/res_ari.c

Modified: team/dlee/ASTERISK-22743-post-body/main/http.c
URL: http://svnview.digium.com/svn/asterisk/team/dlee/ASTERISK-22743-post-body/main/http.c?view=diff&rev=402385&r1=402384&r2=402385
==============================================================================
--- team/dlee/ASTERISK-22743-post-body/main/http.c (original)
+++ team/dlee/ASTERISK-22743-post-body/main/http.c Fri Nov  1 16:19:20 2013
@@ -616,8 +616,12 @@
 {
 	int content_length = 0;
 	struct ast_variable *v, *post_vars=NULL, *prev = NULL;
-	char *buf, *var, *val;
+	char *var, *val;
+	RAII_VAR(char *, buf, NULL, ast_free_ptr);
 	int res;
+
+	/* Use errno to distinguish errors from no params */
+	errno = 0;
 
 	for (v = headers; v; v = v->next) {
 		if (!strcasecmp(v->name, "Content-Type")) {
@@ -640,22 +644,25 @@
 	}
 
 	if (content_length > MAX_POST_CONTENT - 1) {
-		ast_log(LOG_WARNING, "Excessively long HTTP content. %d is greater than our max of %d\n",
-				content_length, MAX_POST_CONTENT);
-		ast_http_send(ser, AST_HTTP_POST, 413, "Request Entity Too Large", NULL, NULL, 0, 0);
+		ast_log(LOG_WARNING,
+			"Excessively long HTTP content. (%d > %d)\n",
+			content_length, MAX_POST_CONTENT);
+		errno = EFBIG;
 		return NULL;
 	}
 
 	buf = ast_malloc(content_length + 1);
 	if (!buf) {
+		/* malloc sets errno to ENOMEM */
 		return NULL;
 	}
 
 	res = fread(buf, 1, content_length, ser->f);
 	if (res < content_length) {
 		/* Error, distinguishable by ferror() or feof(), but neither
-		 * is good. */
-		goto done;
+		 * is good. Treat either one as I/O error */
+		errno = EIO;
+		return NULL;
 	}
 	buf[content_length] = '\0';
 
@@ -677,8 +684,6 @@
 		}
 	}
 
-done:
-	ast_free(buf);
 	return post_vars;
 }
 

Modified: team/dlee/ASTERISK-22743-post-body/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/team/dlee/ASTERISK-22743-post-body/main/manager.c?view=diff&rev=402385&r1=402384&r2=402385
==============================================================================
--- team/dlee/ASTERISK-22743-post-body/main/manager.c (original)
+++ team/dlee/ASTERISK-22743-post-body/main/manager.c Fri Nov  1 16:19:20 2013
@@ -6723,6 +6723,20 @@
 		params = ast_http_get_post_vars(ser, headers);
 	}
 
+	if (!params) {
+		switch (errno) {
+		case EFBIG:
+			ast_http_send(ser, AST_HTTP_POST, 413, "Request Entity Too Large", NULL, NULL, 0, 0);
+			break;
+		case ENOMEM:
+			ast_http_send(ser, AST_HTTP_POST, 500, "Internal Server Error", NULL, NULL, 0, 0);
+			break;
+		case EIO:
+			ast_http_send(ser, AST_HTTP_POST, 400, "Bad Request", NULL, NULL, 0, 0);
+			break;
+		}
+	}
+
 	for (v = params; v && m.hdrcount < ARRAY_LEN(m.headers); v = v->next) {
 		hdrlen = strlen(v->name) + strlen(v->value) + 3;
 		m.headers[m.hdrcount] = ast_malloc(hdrlen);

Modified: team/dlee/ASTERISK-22743-post-body/res/res_ari.c
URL: http://svnview.digium.com/svn/asterisk/team/dlee/ASTERISK-22743-post-body/res/res_ari.c?view=diff&rev=402385&r1=402384&r2=402385
==============================================================================
--- team/dlee/ASTERISK-22743-post-body/res/res_ari.c (original)
+++ team/dlee/ASTERISK-22743-post-body/res/res_ari.c Fri Nov  1 16:19:20 2013
@@ -868,6 +868,22 @@
 	 */
 	post_vars = ast_http_get_post_vars(ser, headers);
 	if (get_params == NULL) {
+		switch (errno) {
+		case EFBIG:
+			ast_ari_response_error(&response, 413,
+				"Request Entity Too Large",
+				"Request body too large");
+			break;
+		case ENOMEM:
+			ast_ari_response_error(&response, 500,
+				"Internal Server Error",
+				"Error processing request");
+			break;
+		case EIO:
+			ast_ari_response_error(&response, 400,
+				"Bad Request", "Error parsing request body");
+			break;
+		}
 		get_params = post_vars;
 	} else if (get_params && post_vars) {
 		/* Has both post_vars and get_params */
@@ -880,7 +896,9 @@
 	}
 
 	user = authenticate_user(get_params, headers);
-	if (!user) {
+	if (response.response_code > 0) {
+		/* POST parameter processing error. Do nothing. */
+	} else if (!user) {
 		/* Per RFC 2617, section 1.2: The 401 (Unauthorized) response
 		 * message is used by an origin server to challenge the
 		 * authorization of a user agent. This response MUST include a

More information about the asterisk-commits mailing list