From b05d75ebdaf3522d8b32ac4afe055f1a07af43cb Mon Sep 17 00:00:00 2001 From: Mert Can Altin Date: Mon, 6 Jan 2025 01:19:51 +0300 Subject: [PATCH 1/7] fix: Improve `set_port` validation and `get_host` behavior --- src/url_aggregator.cpp | 7 +++++++ tests/basic_tests.cpp | 1 + 2 files changed, 8 insertions(+) diff --git a/src/url_aggregator.cpp b/src/url_aggregator.cpp index 2c431cef1..4d38128c4 100644 --- a/src/url_aggregator.cpp +++ b/src/url_aggregator.cpp @@ -298,6 +298,13 @@ bool url_aggregator::set_port(const std::string_view input) { // Revert changes if parse_port fails. uint32_t previous_port = components.port; parse_port(trimmed); + + std::string port_value = std::string(trimmed); + int port = std::stoi(port_value); + if (port < 1 || port > 65535) { + return false; + } + if (is_valid) { return true; } diff --git a/tests/basic_tests.cpp b/tests/basic_tests.cpp index d1d452a42..29dfa4c73 100644 --- a/tests/basic_tests.cpp +++ b/tests/basic_tests.cpp @@ -17,6 +17,7 @@ TYPED_TEST(basic_tests, insane_url) { ASSERT_EQ(r->get_hostname(), ""); ASSERT_EQ(r->get_port(), ""); ASSERT_EQ(r->get_pathname(), "@EEEEEEEEEE"); + ASSERT_FALSE(url->set_port("invalid80")); SUCCEED(); } From f5a2e1adde5655e4ab398c244711b8d9b4815def Mon Sep 17 00:00:00 2001 From: Mert Can Altin Date: Mon, 6 Jan 2025 01:31:04 +0300 Subject: [PATCH 2/7] Update tests/basic_tests.cpp Co-authored-by: Yagiz Nizipli --- tests/basic_tests.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/basic_tests.cpp b/tests/basic_tests.cpp index 29dfa4c73..ff5f4a2c1 100644 --- a/tests/basic_tests.cpp +++ b/tests/basic_tests.cpp @@ -17,7 +17,7 @@ TYPED_TEST(basic_tests, insane_url) { ASSERT_EQ(r->get_hostname(), ""); ASSERT_EQ(r->get_port(), ""); ASSERT_EQ(r->get_pathname(), "@EEEEEEEEEE"); - ASSERT_FALSE(url->set_port("invalid80")); + ASSERT_FALSE(r->set_port("invalid80")); SUCCEED(); } From f7388176a4f1d36a7e02e0fde23da7658b65f128 Mon Sep 17 00:00:00 2001 From: Mert Can Altin Date: Mon, 6 Jan 2025 01:39:12 +0300 Subject: [PATCH 3/7] add validation for ada_set_port to reject invalid port values --- src/ada_c.cpp | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/ada_c.cpp b/src/ada_c.cpp index 033af1d7a..b2668ff51 100644 --- a/src/ada_c.cpp +++ b/src/ada_c.cpp @@ -290,7 +290,19 @@ bool ada_set_port(ada_url result, const char* input, size_t length) noexcept { if (!r) { return false; } - return r->set_port(std::string_view(input, length)); + + std::string_view port_input(input, length); + + if (port_input.find_first_not_of("0123456789") != std::string_view::npos) { + return false; + } + + int port = std::stoi(std::string(port_input)); + if (port < 1 || port > 65535) { + return false; + } + + return r->set_port(port_input); } bool ada_set_pathname(ada_url result, const char* input, From 51d283cd2762c635dc607a5bf41cb22554006aca Mon Sep 17 00:00:00 2001 From: Mert Can Altin Date: Mon, 6 Jan 2025 01:55:48 +0300 Subject: [PATCH 4/7] Update tests/basic_tests.cpp Co-authored-by: Yagiz Nizipli --- tests/basic_tests.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/basic_tests.cpp b/tests/basic_tests.cpp index ff5f4a2c1..542598e09 100644 --- a/tests/basic_tests.cpp +++ b/tests/basic_tests.cpp @@ -17,6 +17,7 @@ TYPED_TEST(basic_tests, insane_url) { ASSERT_EQ(r->get_hostname(), ""); ASSERT_EQ(r->get_port(), ""); ASSERT_EQ(r->get_pathname(), "@EEEEEEEEEE"); + ASSERT_TRUE(r->is_valid); ASSERT_FALSE(r->set_port("invalid80")); SUCCEED(); } From 43aa8c6881f7e2056376a4cba283c3f6046622dc Mon Sep 17 00:00:00 2001 From: Mert Can Altin Date: Mon, 6 Jan 2025 01:57:16 +0300 Subject: [PATCH 5/7] Update tests/basic_tests.cpp Co-authored-by: Yagiz Nizipli --- tests/basic_tests.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/basic_tests.cpp b/tests/basic_tests.cpp index 542598e09..00bb877ee 100644 --- a/tests/basic_tests.cpp +++ b/tests/basic_tests.cpp @@ -17,8 +17,8 @@ TYPED_TEST(basic_tests, insane_url) { ASSERT_EQ(r->get_hostname(), ""); ASSERT_EQ(r->get_port(), ""); ASSERT_EQ(r->get_pathname(), "@EEEEEEEEEE"); - ASSERT_TRUE(r->is_valid); ASSERT_FALSE(r->set_port("invalid80")); + ASSERT_TRUE(r->is_valid); SUCCEED(); } From 8574c1feadef0e31d438a37a37b92ae38856df60 Mon Sep 17 00:00:00 2001 From: Mert Can Altin Date: Mon, 6 Jan 2025 02:19:14 +0300 Subject: [PATCH 6/7] revert changes in c api --- src/ada_c.cpp | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/src/ada_c.cpp b/src/ada_c.cpp index b2668ff51..033af1d7a 100644 --- a/src/ada_c.cpp +++ b/src/ada_c.cpp @@ -290,19 +290,7 @@ bool ada_set_port(ada_url result, const char* input, size_t length) noexcept { if (!r) { return false; } - - std::string_view port_input(input, length); - - if (port_input.find_first_not_of("0123456789") != std::string_view::npos) { - return false; - } - - int port = std::stoi(std::string(port_input)); - if (port < 1 || port > 65535) { - return false; - } - - return r->set_port(port_input); + return r->set_port(std::string_view(input, length)); } bool ada_set_pathname(ada_url result, const char* input, From 9a6637ec7ecd0bc176494602c6ac7d914126d635 Mon Sep 17 00:00:00 2001 From: Mert Can Altin Date: Mon, 6 Jan 2025 02:33:05 +0300 Subject: [PATCH 7/7] centralize port validation logic into parse_port --- include/ada/url_aggregator-inl.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/ada/url_aggregator-inl.h b/include/ada/url_aggregator-inl.h index 2bca0d196..e8c4e26fb 100644 --- a/include/ada/url_aggregator-inl.h +++ b/include/ada/url_aggregator-inl.h @@ -867,6 +867,13 @@ ada_really_inline size_t url_aggregator::parse_port( return 0; } ada_log("parse_port: ", parsed_port); + + if (parsed_port < 1 || parsed_port > 65535) { + ada_log("parse_port: port out of valid range (1-65535)"); + is_valid = false; + return 0; + } + const size_t consumed = size_t(r.ptr - view.data()); ada_log("parse_port: consumed ", consumed); if (check_trailing_content) {