For the sake of completeness:

  * urldecode the "key" argument, as tcp_table(5) ask us to (be quite
    liberal with what we receive though).
  * kill connections that do not send us a \n in less than BUFSIZ octets.
  * answer to empty requests as well.

Signed-off-by: Pierre Habouzit <madcoder@debian.org>

diff --git a/srsd.c b/srsd.c
index aa953fc..b79be36 100644 (file)
--- a/srsd.c
+++ b/srsd.c
@@ -80,29 +80,57 @@ static void srsd_delete(srsd_t **srsd)
     }
 }
 
+void urldecode(char *s, char *end)
+{
+    char *p = s;
+
+    while (*p) {
+        if (*p == '%' && end - p >= 3) {
+            int h = (hexval(p[1]) << 4) | hexval(p[2]);
+
+            if (h >= 0) {
+                *s++ = h;
+                p += 3;
+                continue;
+            }
+        }
+
+        *s++ = *p++;
+    }
+    *s++ = '\0';
+}
+
 int process_srs(srs_t *srs, const char *domain, srsd_t *srsd)
 {
     while (srsd->ibuf.len > 4) {
         char buf[BUFSIZ], *p, *q, *nl;
         int err;
 
+        nl = strchr(srsd->ibuf.data + 4, '\n');
+        if (!nl) {
+            if (srsd->ibuf.len > BUFSIZ) {
+                syslog(LOG_ERR, "unreasonnable amount of data without a \\n");
+                return -1;
+            }
+            return 0;
+        }
+
         if (strncmp("get ", srsd->ibuf.data, 4)) {
             syslog(LOG_ERR, "bad request, not starting with \"get \"");
             return -1;
         }
 
-        nl = strchr(srsd->ibuf.data + 4, '\n');
-        if (!nl)
-            return 0;
-
         for (p = srsd->ibuf.data + 4; p < nl && isspace(*p); p++);
         for (q = nl++; q >= p && isspace(*q); *q-- = '\0');
 
         if (p == q) {
+            buffer_addstr(&srsd->obuf, "400 empty request ???\n");
             syslog(LOG_WARNING, "empty request");
             goto skip;
         }
 
+        urldecode(p, q);
+
         if (srsd->decoder) {
             err = srs_reverse(srs, buf, ssizeof(buf), p);
         } else {