Fixed issue #1495

FIWARE · Jan 11, 2024 · 46e6ec9 · 46e6ec9
1 parent d816b89
commit 46e6ec9
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 12 deletions.
diff --git a/CHANGES_NEXT_RELEASE b/CHANGES_NEXT_RELEASE
@@ -1 +1,2 @@
-* Issue #1525:  Fixed a bug about cutting of http headers for distributed requests
+* Issue #1525:  Fixed a bug about cutting of HTTP headers for distributed requests
+* Issue #1495:  Fixed a CRASH about HTTP headers longer than 255 bytes for notifications over HTTPS 
diff --git a/src/lib/orionld/notifications/httpsNotify.cpp b/src/lib/orionld/notifications/httpsNotify.cpp
@@ -177,12 +177,15 @@ int httpsNotify(CachedSubscription* cSubP, struct iovec* ioVec, int ioVecLen, do
   for (int ix = 1; ix < ioVecLen - 2; ix++)
   {
     // must not be CRLF-terminated - have to remove last 2 chars
-    char header[256];
-    strcpy(header, (char*) ioVec[ix].iov_base);
-    header[ioVec[ix].iov_len - 2] = 0;
+    char      header[256];
+    uint32_t  headerLen = strlen((char*) ioVec[ix].iov_base);
+    char*     headerP   = (headerLen < sizeof(header) - 1)? header : kaAlloc(&orionldState.kalloc, headerLen + 1);
 
-    LM_T(LmtNotificationHeaders, ("%s: Notification Request Header: '%s'", cSubP->subscriptionId, header));
-    headers = curl_slist_append(headers, header);
+    strncpy(headerP, (char*) ioVec[ix].iov_base, headerLen - 1);
+    headerP[ioVec[ix].iov_len - 2] = 0;
+
+    LM_T(LmtNotificationHeaders, ("%s: Notification Request Header: '%s'", cSubP->subscriptionId, headerP));
+    headers = curl_slist_append(headers, headerP);
   }
   curl_easy_setopt(curlHandleP, CURLOPT_HTTPHEADER, headers);
 

diff --git a/test/functionalTest/cases/0000_ngsild/ngsild_issue_1495.test b/test/functionalTest/cases/0000_ngsild/ngsild_issue_1495.test
@@ -33,7 +33,7 @@ accumulatorStart --pretty-print --https --key /tmp/harnessTest.key --cert /tmp/h
 
 #
 # 01. Create an HTTPS subscription, according to issue #1496
-# 02. Do an upsert/update creating an entity, provoking a notification (issue #1496 says crash)
+# 02. Do an upsert/update creating an entity, provoking a notification, using a very long Authorization header (issue #1496 says crash)
 # 03. Dump/Reset the accumulator, see the entity
 # 04. Do another upsert/update modifying the entity, provoking another notification (issue #1496 says crash)
 # 05. Dump/Reset the accumulator, see the modified entity
@@ -66,8 +66,9 @@ echo
 echo
 
 
-echo "02. Do an upsert/update creating an entity, provoking a notification (issue #1496 says crash)"
-echo "============================================================================================="
+echo "02. Do an upsert/update creating an entity, provoking a notification, using a very long Authorization header (issue #1496 says crash)"
+echo "====================================================================================================================================="
+Authorization="Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJCT0JsSEliWlV1ZHFydmpPQjZXbktBaHlFdU1IdWViZ2RkOXNKS3U5RWNFIn0.eyJleHAiOjE3ODk0OTE4MjEsImlhdCI6MTcwMzE3ODIyMSwianRpIjoiODFlNmVmNTktZTExZC00YjI1LWE5ZTAtZWNhNDQzNDkxYTBlIiwiaXNzIjoiaHR0cDovLzE1OC40Mi4xNjEuMTc3OjMxNTUxL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6WyJtYXN0ZXItcmVhbG0iLCJhY2NvdW50Il0sInN1YiI6IjU2NjAwOWQ3LWJlMWUtNGYxZC05OWY2LTdiMjBkZmVlMDAyZiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImFlcm9zIiwic2Vzc2lvbl9zdGF0ZSI6ImNkZTk5OTQ2LTUwM2UtNDY2OS04NDU2LTdlMjhhODQ2MzdhOSIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiY3JlYXRlLXJlYWxtIiwiZGVmYXVsdC1yb2xlcy1tYXN0ZXIiLCJvZmZsaW5lX2FjY2VzcyIsImFkbWluIiwiZG9tYWluX2FkbWlucyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWVyb3MiOnsicm9sZXMiOlsidXB2X3JvbGVfMSJdfSwibWFzdGVyLXJlYWxtIjp7InJvbGVzIjpbInZpZXctcmVhbG0iLCJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF0aW9uIiwiY3JlYXRlLWNsaWVudCIsIm1hbmFnZS11c2VycyIsInF1ZXJ5LXJlYWxtcyIsInZpZXctYXV0aG9yaXphdGlvbiIsInF1ZXJ5LWNsaWVudHMiLCJxdWVyeS11c2VycyIsIm1hbmFnZS1ldmVudHMiLCJtYW5hZ2UtcmVhbG0iLCJ2aWV3LWV2ZW50cyIsInZpZXctdXNlcnMiLCJ2aWV3LWNsaWVudHMiLCJtYW5hZ2UtYXV0aG9yaXphdGlvbiIsIm1hbmFnZS1jbGllbnRzIiwicXVlcnktZ3JvdXBzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJzaWQiOiJjZGU5OTk0Ni01MDNlLTQ2NjktODQ1Ni03ZTI4YTg0NjM3YTkiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6ImFlcm9zX3VzZXJfMiIsImdpdmVuX25hbWUiOiIiLCJmYW1pbHlfbmFtZSI6IiJ9.VDnNuP497t7SjYlXzCWaWUw33e3OPwLpB0xqCsOgekgwBySuaUpqJ6xaCssrmdgx8WYg3EE76GdcvnKSkC1oeTiR49AeKXK3D-UE8uj60zZKwXwQVapP7LhowraQpGeiwirGDZc9DV5at8pMR2gH3c88KSVtudxJQUcwm7wt0qvlX0M1eDJOo4YYjs41mIQiBWmIxantt3qXapk7ZzyByp3sp2Kzo6wJVAcJRlkoIsXBxAh6n5D1gerJzwh0f5OZMpxgjwCF3Jjps4Wjkh0je-CHFF-x0cSIS_LsqbPgys--mmuxyeXUF4W1wI2WyW36glEkCDdnZpbGhQXqtpFlxg"
 payload='[
   {
     "id": "urn:ngsi-ld:WeatherObserved:AIS:owm:5419982",
@@ -121,7 +122,7 @@ payload='[
     }
   }
 ]'
-orionCurl --url /ngsi-ld/v1/entityOperations/upsert?options=update --payload "$payload"
+orionCurl --url /ngsi-ld/v1/entityOperations/upsert?options=update --payload "$payload" -H "Authorization: $Authorization"
 echo
 echo
 
@@ -219,8 +220,8 @@ Location: /ngsi-ld/v1/subscriptions/urn:ngsi-ld:subscription:d6652902-99cd-11ee-
 
 
 
-02. Do an upsert/update creating an entity, provoking a notification (issue #1496 says crash)
-=============================================================================================
+02. Do an upsert/update creating an entity, provoking a notification, using a very long Authorization header (issue #1496 says crash)
+=====================================================================================================================================
 HTTP/1.1 201 Created
 Content-Length: 47
 Content-Type: application/json
@@ -235,6 +236,7 @@ Date: REGEX(.*)
 ==============================================
 POST https://127.0.0.1/notify
 Content-Length: 590
+Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJCT0JsSEliWlV1ZHFydmpPQjZXbktBaHlFdU1IdWViZ2RkOXNKS3U5RWNFIn0.eyJleHAiOjE3ODk0OTE4MjEsImlhdCI6MTcwMzE3ODIyMSwianRpIjoiODFlNmVmNTktZTExZC00YjI1LWE5ZTAtZWNhNDQzNDkxYTBlIiwiaXNzIjoiaHR0cDovLzE1OC40Mi4xNjEuMTc3OjMxNTUxL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6WyJtYXN0ZXItcmVhbG0iLCJhY2NvdW50Il0sInN1YiI6IjU2NjAwOWQ3LWJlMWUtNGYxZC05OWY2LTdiMjBkZmVlMDAyZiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImFlcm9zIiwic2Vzc2lvbl9zdGF0ZSI6ImNkZTk5OTQ2LTUwM2UtNDY2OS04NDU2LTdlMjhhODQ2MzdhOSIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiY3JlYXRlLXJlYWxtIiwiZGVmYXVsdC1yb2xlcy1tYXN0ZXIiLCJvZmZsaW5lX2FjY2VzcyIsImFkbWluIiwiZG9tYWluX2FkbWlucyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWVyb3MiOnsicm9sZXMiOlsidXB2X3JvbGVfMSJdfSwibWFzdGVyLXJlYWxtIjp7InJvbGVzIjpbInZpZXctcmVhbG0iLCJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF0aW9uIiwiY3JlYXRlLWNsaWVudCIsIm1hbmFnZS11c2VycyIsInF1ZXJ5LXJlYWxtcyIsInZpZXctYXV0aG9yaXphdGlvbiIsInF1ZXJ5LWNsaWVudHMiLCJxdWVyeS11c2VycyIsIm1hbmFnZS1ldmVudHMiLCJtYW5hZ2UtcmVhbG0iLCJ2aWV3LWV2ZW50cyIsInZpZXctdXNlcnMiLCJ2aWV3LWNsaWVudHMiLCJtYW5hZ2UtYXV0aG9yaXphdGlvbiIsIm1hbmFnZS1jbGllbnRzIiwicXVlcnktZ3JvdXBzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJzaWQiOiJjZGU5OTk0Ni01MDNlLTQ2NjktODQ1Ni03ZTI4YTg0NjM3YTkiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6ImFlcm9zX3VzZXJfMiIsImdpdmVuX25hbWUiOiIiLCJmYW1pbHlfbmFtZSI6IiJ9.VDnNuP497t7SjYlXzCWaWUw33e3OPwLpB0xqCsOgekgwBySuaUpqJ6xaCssrmdgx8WYg3EE76GdcvnKSkC1oeTiR49AeKXK3D-UE8uj60zZKwXwQVapP7LhowraQpGeiwirGDZc9DV5at8pMR2gH3c88KSVtudxJQUcwm7wt0qvlX0M1eDJOo4YYjs41mIQiBWmIxantt3qXapk7ZzyByp3sp2Kzo6wJVAcJRlkoIsXBxAh6n5D1gerJzwh0f5OZMpxgjwCF3Jjps4Wjkh0je-CHFF-x0cSIS_LsqbPgys--mmuxyeXUF4W1wI2WyW36glEkCDdnZpbGhQXqtpFlxg
 User-Agent: orionld/REGEX(.*)
 Host: 127.0.0.1
 Accept: application/json