attempt to validate utf8 sequences in vst

2017-01-12 13:22:19 +01:00 · 2017-01-12 13:22:19 +01:00 · ac7d9af48f
parent feb954ca45
commit ac7d9af48f
6 changed files with 27 additions and 34 deletions
--- a/arangod/GeneralServer/VppCommTask.cpp
+++ b/arangod/GeneralServer/VppCommTask.cpp
@ -27,7 +27,6 @@
 #include <limits>
 #include <stdexcept>
 #include <velocypack/Validator.h>
 #include <velocypack/velocypack-aliases.h>
 #include <boost/optional.hpp>
@ -49,9 +48,6 @@
 #include "Utils/Events.h"
 #include "VocBase/ticks.h"
 #include <velocypack/Validator.h>
 #include <velocypack/velocypack-aliases.h>
 using namespace arangodb;
 using namespace arangodb::basics;
 using namespace arangodb::rest;
@ -292,7 +288,7 @@ bool VppCommTask::processRead(double startTime) {
      handleSimpleError(rest::ResponseCode::BAD, chunkHeader._messageID);
      LOG_TOPIC(DEBUG, Logger::COMMUNICATION)
          << "VppCommTask: "
-          << std::string("VPack Validation failed!") + e.what();
+          << "VPack Validation failed: " << e.what();
      closeTask(rest::ResponseCode::BAD);
      return false;
    }
@ -434,14 +430,14 @@ boost::optional<bool> VppCommTask::getMessageFromSingleChunk(
                      TRI_ERROR_ARANGO_DATABASE_NOT_FOUND, e.what(),
                      chunkHeader._messageID);
    LOG_TOPIC(DEBUG, Logger::COMMUNICATION) << "VppCommTask: "
-                                            << "VPack Validation failed!"
+                                            << "VPack Validation failed: "
                                            << e.what();
    closeTask(rest::ResponseCode::BAD);
    return false;
  } catch (...) {
    handleSimpleError(rest::ResponseCode::BAD, chunkHeader._messageID);
    LOG_TOPIC(DEBUG, Logger::COMMUNICATION) << "VppCommTask: "
-                                            << "VPack Validation failed!";
+                                            << "VPack Validation failed";
    closeTask(rest::ResponseCode::BAD);
    return false;
  }
@ -523,7 +519,7 @@ boost::optional<bool> VppCommTask::getMessageFromMultiChunks(
                          TRI_ERROR_ARANGO_DATABASE_NOT_FOUND, e.what(),
                          chunkHeader._messageID);
        LOG_TOPIC(DEBUG, Logger::COMMUNICATION) << "VppCommTask: "
-                                                << "VPack Validation failed!"
+                                                << "VPack Validation failed: "
                                                << e.what();
        closeTask(rest::ResponseCode::BAD);
        return false;
--- a/arangod/GeneralServer/VppNetwork.h
+++ b/arangod/GeneralServer/VppNetwork.h
@ -28,6 +28,7 @@
 #include "Basics/VelocyPackHelper.h"
 #include "Logger/LoggerFeature.h"
 #include <velocypack/Options.h>
 #include <velocypack/Slice.h>
 #include <velocypack/Validator.h>
 #include <velocypack/velocypack-aliases.h>
@ -37,32 +38,30 @@
 using namespace arangodb;
-inline std::size_t validateAndCount(char const* vpHeaderStart,
+inline std::size_t validateAndCount(char const* vpStart,
                                    char const* vpEnd) {
  VPackOptions validationOptions = VPackOptions::Defaults;
  validationOptions.validateUtf8Strings = true;
  VPackValidator validator(&validationOptions);
  std::size_t numPayloads = 0;
  try {
    VPackValidator validator;
    // check for slice start to the end of Chunk
    // isSubPart allows the slice to be shorter than the checked buffer.
-    validator.validate(vpHeaderStart, std::distance(vpHeaderStart, vpEnd),
+    do {
-                       /*isSubPart =*/true);
+      validator.validate(vpStart, std::distance(vpStart, vpEnd),
-
+                         /*isSubPart =*/true);
-    VPackSlice vpHeader(vpHeaderStart);
+      
    auto vpPayloadStart = vpHeaderStart + vpHeader.byteSize();
    std::size_t numPayloads = 0;
    while (vpPayloadStart != vpEnd) {
      // validate
      validator.validate(vpPayloadStart, std::distance(vpPayloadStart, vpEnd),
                         true);
      // get offset to next
-      VPackSlice tmp(vpPayloadStart);
+      VPackSlice tmp(vpStart);
-      vpPayloadStart += tmp.byteSize();
+      vpStart += tmp.byteSize();
      numPayloads++;
-    }
+    } while (vpStart != vpEnd);
-    return numPayloads;
+    return numPayloads - 1;
  } catch (std::exception const& e) {
    throw std::runtime_error(
-        std::string("error during validation of incoming VPack") + e.what());
+        std::string("error during validation of incoming VPack: ") + e.what());
  }
 }
--- a/arangod/RestHandler/RestVocbaseBaseHandler.cpp
+++ b/arangod/RestHandler/RestVocbaseBaseHandler.cpp
@ -40,7 +40,6 @@
 #include <velocypack/Exception.h>
 #include <velocypack/Parser.h>
 #include <velocypack/Slice.h>
 #include <velocypack/Validator.h>
 #include <velocypack/velocypack-aliases.h>
 using namespace arangodb;
--- a/arangod/V8Server/v8-actions.cpp
+++ b/arangod/V8Server/v8-actions.cpp
@ -414,12 +414,8 @@ static v8::Handle<v8::Object> RequestCppToV8(v8::Isolate* isolate,
      headers["content-length"] = StringUtils::itoa(request->contentLength());
    } else if (rest::ContentType::VPACK == request->contentType()) {
      // the VPACK is passed as it is to to Javascript
      // should we convert and validate here in a central place?
      // should the work be done in javascript
      // FIXME not every VPack can be converted to JSON
      VPackSlice slice = request->payload();
      VPackValidator validator;
      validator.validate(slice.start(), slice.byteSize());
      std::string jsonString = slice.toJson();
      LOG_TOPIC(DEBUG, Logger::COMMUNICATION)
--- a/lib/Rest/HttpRequest.cpp
+++ b/lib/Rest/HttpRequest.cpp
@ -739,7 +739,7 @@ void HttpRequest::setBody(char const* body, size_t length) {
 }
 VPackSlice HttpRequest::payload(VPackOptions const* options) {
-  // check options for nullptr?
+  TRI_ASSERT(options != nullptr);
  if (_contentType == ContentType::JSON) {
    if (!_body.empty()) {
@ -752,7 +752,9 @@ VPackSlice HttpRequest::payload(VPackOptions const* options) {
    }
    return VPackSlice::noneSlice();  // no body
  } else /*VPACK*/ {
-    VPackValidator validator;
+    VPackOptions validationOptions = *options; // intentional copy
    validationOptions.validateUtf8Strings = true;
    VPackValidator validator(&validationOptions);
    validator.validate(_body.c_str(), _body.length());
    return VPackSlice(_body.c_str());
  }
--- a/lib/Rest/VppRequest.cpp
+++ b/lib/Rest/VppRequest.cpp
@ -28,7 +28,6 @@
 #include <velocypack/Iterator.h>
 #include <velocypack/Options.h>
 #include <velocypack/Parser.h>
 #include <velocypack/Validator.h>
 #include <velocypack/velocypack-aliases.h>
 #include "Basics/StaticStrings.h"
@ -74,6 +73,8 @@ VppRequest::VppRequest(ConnectionInfo const& connectionInfo,
 }
 VPackSlice VppRequest::payload(VPackOptions const* options) {
  // message does not need to be validated here, as it was already
  // validated before
  return _message.payload();
 }