Project

General

Profile

Actions
Copy link

Bug #10970

closed

OPTIONS * request generates assert

Added by Dries Mys 12 months ago. Updated 11 months ago.

Status:
Closed
Priority:
High
Assignee:
Roel Standaert
Target version:
4.8.2
Start date:
09/24/2022
Due date:
% Done:

100%

Estimated time:

Description

Issuing the following (valid) http request:

OPTIONS * HTTP/1.1

triggers the following assert

assert(path.empty() || path[0] == '/');

due to path being *.

Not sure if this is just an assert issue, or that the * is indeed not handled correctly for OPTIONS requests.

Files

0001-WT-10970-disallow-asterisk-form-RFC-9112-3.2.4.patch (1.28 KB) 0001-WT-10970-disallow-asterisk-form-RFC-9112-3.2.4.patch Roel Standaert, 09/26/2022 03:03 PM
Actions
Copy link
 #1

Updated by Roel Standaert 12 months ago

  • Status changed from New to InProgress
  • Assignee set to Roel Standaert
  • Target version set to 4.9.0
Actions
Copy link
 #2

Updated by Roel Standaert 12 months ago

It appears that the easiest way to fix this is to disallow those kinds of requests. The patch (attached) is currently in review.

Actions
Copy link
 #3

Updated by Roel Standaert 12 months ago

  • Priority changed from Low to High
Actions
Copy link
 #4

Updated by Roel Standaert 12 months ago

  • Status changed from Review to Implemented @Emweb
  • Assignee changed from Korneel Dumon to Roel Standaert
  • % Done changed from 0 to 100
Actions
Copy link
 #5

Updated by Roel Standaert 12 months ago

  • Status changed from Implemented @Emweb to Resolved
Actions
Copy link
 #6

Updated by Roel Standaert 11 months ago

  • Target version changed from 4.9.0 to 4.8.2
Actions
Copy link
 #7

Updated by Roel Standaert 11 months ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF