From c10683f4934111629d0a0d0b23024369ceec2b09 Mon Sep 17 00:00:00 2001 From: Chen Wu Date: Thu, 2 Dec 2021 14:15:43 +0800 Subject: [PATCH] http: Fix parsing invalid url cause to crash Reason: For example, if an url is lack of leading 'http:' by mistake, it causes to http_parser_parse_url() cannot parse http host item, and then pass the null host pointer to _get_host_header(), crash happens. Fix: http added null pointer check now. Closes https://jira.espressif.com:8443/browse/ESPAT-953 --- components/esp_http_client/esp_http_client.c | 8 ++++++++ components/esp_http_client/test/test_http_client.c | 13 +++++++++++++ 2 files changed, 21 insertions(+) diff --git a/components/esp_http_client/esp_http_client.c b/components/esp_http_client/esp_http_client.c index a29d7999e3..5d2b35e579 100644 --- a/components/esp_http_client/esp_http_client.c +++ b/components/esp_http_client/esp_http_client.c @@ -658,6 +658,10 @@ esp_http_client_handle_t esp_http_client_init(const esp_http_client_config_t *co const char *user_agent = config->user_agent == NULL ? DEFAULT_HTTP_USER_AGENT : config->user_agent; if (config->host != NULL && config->path != NULL) { + if (client->connection_info.host == NULL) { + ESP_LOGE(TAG, "invalid host"); + goto error; + } host_name = _get_host_header(client->connection_info.host, client->connection_info.port); if (host_name == NULL) { ESP_LOGE(TAG, "Failed to allocate memory for host header"); @@ -677,6 +681,10 @@ esp_http_client_handle_t esp_http_client_init(const esp_http_client_config_t *co ESP_LOGE(TAG, "Failed to set URL"); goto error; } + if (client->connection_info.host == NULL) { + ESP_LOGE(TAG, "invalid host"); + goto error; + } host_name = _get_host_header(client->connection_info.host, client->connection_info.port); if (host_name == NULL) { ESP_LOGE(TAG, "Failed to allocate memory for host header"); diff --git a/components/esp_http_client/test/test_http_client.c b/components/esp_http_client/test/test_http_client.c index f0be034176..dc92075efa 100644 --- a/components/esp_http_client/test/test_http_client.c +++ b/components/esp_http_client/test/test_http_client.c @@ -132,3 +132,16 @@ TEST_CASE("Username and password will not reset if new absolute URL doesnot spec TEST_ASSERT_NOT_NULL(value); esp_http_client_cleanup(client); } + +/** + * Test case to verify that, esp_http_client_init() should return NULL if configuration has url with empty hostname. + **/ +TEST_CASE("esp_http_client_init() should return NULL if configured with wrong url", "[ESP HTTP CLIENT]") +{ + esp_http_client_config_t config = { + .url = "//httpbin.org/post", + }; + esp_http_client_handle_t client = esp_http_client_init(&config); + TEST_ASSERT_NULL(client); + esp_http_client_cleanup(client); +}