sergiotarxz/nuttx-apps
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
6,226 Commits 1 Branch 0 Tags 24 MiB
ad48457183
Commit Graph

7 Commits

Author SHA1 Message Date
YAMAMOTO Takashi
f7b3eb5b44 netlib_parseurl: Make the buffer size assumption explicit 2022-06-07 15:09:11 +03:00
YAMAMOTO Takashi
a7de8dffe7 netlib_parseurl.c: Add a comment 2022-06-07 15:09:11 +03:00
Alin Jerpelea
0a6b1f55ab netutils: update licenses to Apache 
Gregory Nutt is has submitted the SGA

Sebastien Lorquet has submitted the ICLA

as a result we can migrate the licenses to Apache.

Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
 2021-06-11 05:05:27 -05:00
YAMAMOTO Takashi
998abe1deb netlib_parseurl.c: Fix string overruns 
For EINVAL, it doesn't make sense to keep parsing.
(For E2BIG, it might make some sense.)

Found by LLVM ASan.

```
=================================================================
==81622==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000f2 at pc 0x00010d2746ca bp 0x7ffee29a9980 sp 0x7ffee29a9978
READ of size 1 at 0x6020000000f2 thread T0
    #0 0x10d2746c9 in netlib_parseurl netlib_parseurl.c:121
    #1 0x10d26b293 in parseurl webclient.c:479
    #2 0x10d265e48 in webclient_perform webclient.c:690
    #3 0x10d277c5b in main main.c:210
    #4 0x7fff7a06f3d4 in start+0x0 (libdyld.dylib:x86_64+0x163d4)

0x6020000000f2 is located 0 bytes to the right of 2-byte region [0x6020000000f0,0x6020000000f2)
allocated by thread T0 here:
    #0 0x10d3996d3 in wrap_strdup+0x203 (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x3e6d3)
    #1 0x10d276abe in main main.c:147
    #2 0x7fff7a06f3d4 in start+0x0 (libdyld.dylib:x86_64+0x163d4)

SUMMARY: AddressSanitizer: heap-buffer-overflow netlib_parseurl.c:121 in netlib_parseurl
Shadow bytes around the buggy address:
  0x1c03ffffffc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c03ffffffd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c03ffffffe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c03fffffff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c0400000000: fa fa fd fd fa fa fd fd fa fa 00 00 fa fa 00 00
=>0x1c0400000010: fa fa 00 fa fa fa 00 00 fa fa 00 06 fa fa[02]fa
  0x1c0400000020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c0400000030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c0400000040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c0400000050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c0400000060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==81622==ABORTING
```
 2021-05-07 20:23:01 -07:00
YAMAMOTO Takashi
73a93e2370 netlib_parseurl.c: Appease nxstyle 
The following errors are false positives.
https://github.com/apache/incubator-nuttx/issues/387

```
/Users/yamamoto/git/nuttx/apps/netutils/netlib/netlib_parseurl.c:57:13: error: C++ style comment
/Users/yamamoto/git/nuttx/apps/netutils/netlib/netlib_parseurl.c:59:35: error: C++ style comment
```
 2021-05-07 20:23:01 -07:00
YAMAMOTO Takashi
585d63b30d netlib_parseurl: Fix pathlen check 2020-05-28 19:59:03 +08:00
Sebastien Lorquet
fe0954cd62 netutils/netlib/netlib_parseurl.c: Add a more flexible version of netlib_parsehttpurl. This one can parse any URL, and is extensible so future improvements keep the same API. 2019-04-26 13:08:38 -06:00