Skip to content

Fix null key dereference in post_iterator (#375)#376

Merged
etr merged 1 commit into
feature/v2.0from
fix/issue-375-null-key-post-iterator-v2
Jun 29, 2026
Merged

Fix null key dereference in post_iterator (#375)#376
etr merged 1 commit into
feature/v2.0from
fix/issue-375-null-key-post-iterator-v2

Conversation

@etr

@etr etr commented Jun 29, 2026

Copy link
Copy Markdown
Owner

Fixes #375 on the v2.0 integration branch.

Problem

MHD may invoke webserver_impl::post_iterator with a null key on a continuation chunk (off > 0) — the field name is supplied only on the first callback and not repeated when a field is split across callbacks (the large-field path introduced in #337 / commit 1b5fe8f).

handle_post_form_arg passed the raw key pointer straight into std::string (via set_arg / grow_last_arg), which throws std::logic_error on null. Because the throw escapes the C post-iterator callback, it propagates as an uncaught exception and aborts the process via std::terminate.

Fix

Guard key for null before constructing a std::string. With no field name there is nothing to store the value under, so accept and silently skip the chunk: MHD_YES tells MHD to continue (MHD_NO would abort the whole request). This is the same class of bug — and the same fix shape — as the null-uri guard in uri_log (#371).

Test

test/unit/post_iterator_null_key_test.cpp:

  • null_key_continuation_does_not_throw / null_key_initial_does_not_throw — regression cases; without the guard the test process terminates (verified locally).
  • valid_key_stores_arg / valid_key_continuation_appends — happy paths proving normal form handling and the large-field append are unaffected.

All 4 tests / 11 checks pass; related create_test_request and uri_log suites stay green.

🤖 Generated with Claude Code

https://claude.ai/code/session_01Rkuh4aSmrD8m2f2vYqakb6

MHD may invoke the post iterator with a null key on a continuation
chunk (off > 0): the field name is supplied only on the first call and
not repeated. handle_post_form_arg passed the raw key pointer straight
into std::string (via set_arg / grow_last_arg), which throws
std::logic_error on null. Because the throw escapes the C post-iterator
callback, it propagates as an uncaught exception and aborts the process
via std::terminate.

Guard key for null before constructing std::string: with no field name
there is nothing to store the value under, so accept and silently skip
the chunk (MHD_YES keeps the request alive; MHD_NO would abort it).
Same class of bug as the null-uri fix in uri_log (#371).

Adds unit/post_iterator_null_key_test.cpp pinning the regression (the
test terminates without the guard) plus the happy-path initial and
continuation-append cases.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Rkuh4aSmrD8m2f2vYqakb6
@etr etr merged commit 0ec0d9a into feature/v2.0 Jun 29, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant