Fix null key dereference in post_iterator (#375)#376
Merged
Conversation
MHD may invoke the post iterator with a null key on a continuation chunk (off > 0): the field name is supplied only on the first call and not repeated. handle_post_form_arg passed the raw key pointer straight into std::string (via set_arg / grow_last_arg), which throws std::logic_error on null. Because the throw escapes the C post-iterator callback, it propagates as an uncaught exception and aborts the process via std::terminate. Guard key for null before constructing std::string: with no field name there is nothing to store the value under, so accept and silently skip the chunk (MHD_YES keeps the request alive; MHD_NO would abort it). Same class of bug as the null-uri fix in uri_log (#371). Adds unit/post_iterator_null_key_test.cpp pinning the regression (the test terminates without the guard) plus the happy-path initial and continuation-append cases. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Rkuh4aSmrD8m2f2vYqakb6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #375 on the v2.0 integration branch.
Problem
MHD may invoke
webserver_impl::post_iteratorwith a nullkeyon a continuation chunk (off > 0) — the field name is supplied only on the first callback and not repeated when a field is split across callbacks (the large-field path introduced in #337 / commit1b5fe8f).handle_post_form_argpassed the rawkeypointer straight intostd::string(viaset_arg/grow_last_arg), which throwsstd::logic_erroron null. Because the throw escapes the C post-iterator callback, it propagates as an uncaught exception and aborts the process viastd::terminate.Fix
Guard
keyfor null before constructing astd::string. With no field name there is nothing to store the value under, so accept and silently skip the chunk:MHD_YEStells MHD to continue (MHD_NOwould abort the whole request). This is the same class of bug — and the same fix shape — as the null-uriguard inuri_log(#371).Test
test/unit/post_iterator_null_key_test.cpp:null_key_continuation_does_not_throw/null_key_initial_does_not_throw— regression cases; without the guard the test process terminates (verified locally).valid_key_stores_arg/valid_key_continuation_appends— happy paths proving normal form handling and the large-field append are unaffected.All 4 tests / 11 checks pass; related
create_test_requestanduri_logsuites stay green.🤖 Generated with Claude Code
https://claude.ai/code/session_01Rkuh4aSmrD8m2f2vYqakb6