HTTPServer.cpp bugs #2283
Description
Critical Bugs
1.Buffer Overflow (Line 1141)
m_Buffer[bytes_transferred] = '\0';
If bytes_transferred == HTTP_CONNECTION_BUFFER_SIZE, this writes out of bounds. Need to ensure buffer has room for null terminator.
- Thread-Unsafe localtime (Line 98)
struct tm *tm = localtime(&t);
localtime returns a pointer to a static buffer - not thread-safe. Use localtime_r (POSIX) or localtime_s (Windows).
3.Unchecked Iterator Dereference (Lines 185-186)
auto it = i2p::i18n::languages.find(currLang);
std::string langCode = it->second.ShortCode; // UB if not found
No check if it == end() before dereferencing
Exception Safety Issues
-
Unhandled std::stoi/std::stoul Exceptions
Line 657: std::stoi(id)
Line 1322: std::stoi(token)
Line 1371: std::stoul(params["streamID"], nullptr)
Line 1430: std::stoul(params["limit"], nullptr)
All can throw std::invalid_argument or std::out_of_range if input is malformed.
HTTP Parsing Issue
1.Partial Request Loss (Lines 1127-1144)
m_Socket->async_read_some(boost::asio::buffer(m_Buffer, ...));
If request.parse() returns 0 (need more data), the next async_read_some overwrites m_Buffer, losing the partial request.
Minor Issues
1.Invalid HTML (Line 632)
s << "<td \>"; // Invalid - should be
2.Silent Failure (Line 1431)
if (limit > 0 && limit <= TRANSIT_TUNNELS_LIMIT)
Setting limit=0 is silently ignored without error feedback.
3.Missing Content-Length Header - SendReply doesn't set Content-Length, which could cause issues with HTTP/1.1 keep-alive connections.