Skip to content

Commit 87adb19

Browse files
The-EDevThe-EDev
committed
Added changed from #292, #296, #304, and #317 
1 parent a166a6d commit 87adb19

File tree

7 files changed

+205
-92
lines changed

7 files changed

+205
-92
lines changed

include/crow/app.h

+5
Original file line numberDiff line numberDiff line change
@@ -220,6 +220,11 @@ namespace crow
220220
{
221221
ssl_server_ = std::move(std::unique_ptr<ssl_server_t>(new ssl_server_t(this, bindaddr_, port_, server_name_, &middlewares_, concurrency_, &ssl_context_)));
222222
ssl_server_->set_tick_function(tick_interval_, tick_function_);
223+
ssl_server_->signal_clear();
224+
for (auto snum : signals_)
225+
{
226+
ssl_server_->signal_add(snum);
227+
}
223228
notify_server_start();
224229
ssl_server_->run();
225230
}

include/crow/http_connection.h

+66-8
Original file line numberDiff line numberDiff line change
@@ -508,13 +508,24 @@ namespace crow
508508

509509
void do_write_static()
510510
{
511-
is_writing = true;
512-
boost::asio::write(adaptor_.socket(), buffers_);
513-
res.do_stream_file(adaptor_);
511+
is_writing = true;
512+
boost::asio::write(adaptor_.socket(), buffers_);
513+
514+
if (res.file_info.statResult == 0)
515+
{
516+
std::ifstream is(res.file_info.path.c_str(), std::ios::in | std::ios::binary);
517+
char buf[16384];
518+
while (is.read(buf, sizeof(buf)).gcount() > 0)
519+
{
520+
std::vector<asio::const_buffer> buffers;
521+
buffers.push_back(boost::asio::buffer(buf));
522+
do_write_sync(buffers);
523+
}
524+
}
514525

515-
res.end();
516-
res.clear();
517-
buffers_.clear();
526+
res.end();
527+
res.clear();
528+
buffers_.clear();
518529
}
519530

520531
void do_write_general()
@@ -536,8 +547,30 @@ namespace crow
536547
else
537548
{
538549
is_writing = true;
539-
boost::asio::write(adaptor_.socket(), buffers_);
540-
res.do_stream_body(adaptor_);
550+
boost::asio::write(adaptor_.socket(), buffers_); // Write the response start / headers
551+
if (res.body.length() > 0)
552+
{
553+
std::string buf;
554+
std::vector<asio::const_buffer> buffers;
555+
556+
while (res.body.length() > 16384)
557+
{
558+
//buf.reserve(16385);
559+
buf = res.body.substr(0, 16384);
560+
res.body = res.body.substr(16384);
561+
buffers.clear();
562+
buffers.push_back(boost::asio::buffer(buf));
563+
do_write_sync(buffers);
564+
}
565+
// Collect whatever is left (less than 16KB) and send it down the socket
566+
// buf.reserve(is.length());
567+
buf = res.body;
568+
res.body.clear();
569+
570+
buffers.clear();
571+
buffers.push_back(boost::asio::buffer(buf));
572+
do_write_sync(buffers);
573+
}
541574

542575
res.end();
543576
res.clear();
@@ -621,6 +654,31 @@ namespace crow
621654
});
622655
}
623656

657+
inline void do_write_sync(std::vector<asio::const_buffer>& buffers)
658+
{
659+
660+
boost::asio::write(adaptor_.socket(), buffers, [&](std::error_code ec, std::size_t) {
661+
if (!ec)
662+
{
663+
if (close_connection_)
664+
{
665+
adaptor_.shutdown_write();
666+
adaptor_.close();
667+
CROW_LOG_DEBUG << this << " from write (sync)(1)";
668+
check_destroy();
669+
}
670+
return false;
671+
}
672+
else
673+
{
674+
CROW_LOG_ERROR << ec << " - happened while sending buffers";
675+
CROW_LOG_DEBUG << this << " from write (sync)(2)";
676+
check_destroy();
677+
return true;
678+
}
679+
});
680+
}
681+
624682
void check_destroy()
625683
{
626684
CROW_LOG_DEBUG << this << " is_reading " << is_reading << " is_writing " << is_writing;

include/crow/http_response.h

+1-81
Original file line numberDiff line numberDiff line change
@@ -197,6 +197,7 @@ namespace crow
197197

198198
///Return a static file as the response body
199199
void set_static_file_info(std::string path){
200+
utility::sanitize_filename(path);
200201
file_info.path = path;
201202
file_info.statResult = stat(file_info.path.c_str(), &file_info.statbuf);
202203
#ifdef CROW_ENABLE_COMPRESSION
@@ -225,91 +226,10 @@ namespace crow
225226
}
226227
}
227228

228-
/// Stream a static file.
229-
template<typename Adaptor>
230-
void do_stream_file(Adaptor& adaptor)
231-
{
232-
if (file_info.statResult == 0)
233-
{
234-
std::ifstream is(file_info.path.c_str(), std::ios::in | std::ios::binary);
235-
write_streamed(is, adaptor);
236-
}
237-
}
238-
239-
/// Stream the response body (send the body in chunks).
240-
template<typename Adaptor>
241-
void do_stream_body(Adaptor& adaptor)
242-
{
243-
if (body.length() > 0)
244-
{
245-
write_streamed_string(body, adaptor);
246-
}
247-
}
248-
249229
private:
250230
bool completed_{};
251231
std::function<void()> complete_request_handler_;
252232
std::function<bool()> is_alive_helper_;
253233
static_file_info file_info;
254-
255-
template<typename Stream, typename Adaptor>
256-
void write_streamed(Stream& is, Adaptor& adaptor)
257-
{
258-
char buf[16384];
259-
while (is.read(buf, sizeof(buf)).gcount() > 0)
260-
{
261-
std::vector<asio::const_buffer> buffers;
262-
buffers.push_back(boost::asio::buffer(buf));
263-
write_buffer_list(buffers, adaptor);
264-
}
265-
}
266-
267-
//THIS METHOD DOES MODIFY THE BODY, AS IN IT EMPTIES IT
268-
template<typename Adaptor>
269-
void write_streamed_string(std::string& is, Adaptor& adaptor)
270-
{
271-
std::string buf;
272-
std::vector<asio::const_buffer> buffers;
273-
274-
while (is.length() > 16384)
275-
{
276-
//buf.reserve(16385);
277-
buf = is.substr(0, 16384);
278-
is = is.substr(16384);
279-
push_and_write(buffers, buf, adaptor);
280-
}
281-
//Collect whatever is left (less than 16KB) and send it down the socket
282-
//buf.reserve(is.length());
283-
buf = is;
284-
is.clear();
285-
push_and_write(buffers, buf, adaptor);
286-
}
287-
288-
template<typename Adaptor>
289-
inline void push_and_write(std::vector<asio::const_buffer>& buffers, std::string& buf, Adaptor& adaptor)
290-
{
291-
buffers.clear();
292-
buffers.push_back(boost::asio::buffer(buf));
293-
write_buffer_list(buffers, adaptor);
294-
}
295-
296-
template<typename Adaptor>
297-
inline void write_buffer_list(std::vector<asio::const_buffer>& buffers, Adaptor& adaptor)
298-
{
299-
boost::asio::write(adaptor.socket(), buffers, [this](std::error_code ec, std::size_t)
300-
{
301-
if (!ec)
302-
{
303-
return false;
304-
}
305-
else
306-
{
307-
CROW_LOG_ERROR << ec << " - happened while sending buffers";
308-
this->end();
309-
return true;
310-
}
311-
});
312-
}
313-
314234
};
315235
}

include/crow/http_server.h

+1-1
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ namespace crow
2828
public:
2929
Server(Handler* handler, std::string bindaddr, uint16_t port, std::string server_name = "Crow/0.3", std::tuple<Middlewares...>* middlewares = nullptr, uint16_t concurrency = 1, typename Adaptor::context* adaptor_ctx = nullptr)
3030
: acceptor_(io_service_, tcp::endpoint(boost::asio::ip::address::from_string(bindaddr), port)),
31-
signals_(io_service_, SIGINT, SIGTERM),
31+
signals_(io_service_),
3232
tick_timer_(io_service_),
3333
handler_(handler),
3434
concurrency_(concurrency == 0 ? 1 : concurrency),

include/crow/json.h

+1-1
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ namespace crow
5353
case '\r': ret += "\\r"; break;
5454
case '\t': ret += "\\t"; break;
5555
default:
56-
if (c < 0x20)
56+
if (c >= 0 && c < 0x20)
5757
{
5858
ret += "\\u00";
5959
auto to_hex = [](char c)

include/crow/mustache.h

+7-1
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@
66
#include <functional>
77
#include "crow/json.h"
88
#include "crow/logging.h"
9+
#include "crow/utility.h"
10+
911
namespace crow
1012
{
1113
namespace mustache
@@ -144,6 +146,8 @@ namespace crow
144146
case '"': out += "&quot;"; break;
145147
case '\'': out += "&#39;"; break;
146148
case '/': out += "&#x2F;"; break;
149+
case '`': out += "&#x60"; break;
150+
case '=': out += "&#x3D"; break;
147151
default: out += *it; break;
148152
}
149153
}
@@ -596,7 +600,9 @@ namespace crow
596600

597601
inline template_t load(const std::string& filename)
598602
{
599-
return compile(detail::get_loader_ref()(filename));
603+
std::string filename_sanitized(filename);
604+
utility::sanitize_filename(filename_sanitized);
605+
return compile(detail::get_loader_ref()(filename_sanitized));
600606
}
601607
}
602608
}

include/crow/utility.h

+124
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@
88
#include <functional>
99
#include <string>
1010

11+
#include <boost/algorithm/string.hpp>
12+
1113
#include "crow/settings.h"
1214

1315
namespace crow
@@ -544,6 +546,128 @@ template <typename F, typename Set>
544546
return base64encode(data, size, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_");
545547
}
546548

549+
inline static void sanitize_filename(std::string& data, char replacement = '_')
550+
{
551+
unsigned char i = 0, length_limit;
552+
553+
length_limit = data.length() < 255 ? data.length() : 255;
554+
data = data.substr(0, length_limit);
555+
556+
for (; i < length_limit; i++)
557+
{
558+
switch ((unsigned char)data[i])
559+
{
560+
// WARNING While I can't see how using '\' or '/' would cause a problem, it still warrants an investigation
561+
//case '/':
562+
case '?':
563+
case '<':
564+
case '>':
565+
//case '\\':
566+
case ':':
567+
case '*':
568+
case '|':
569+
case '\"':
570+
571+
case 0x00:
572+
case 0x01:
573+
case 0x02:
574+
case 0x03:
575+
case 0x04:
576+
case 0x05:
577+
case 0x06:
578+
case 0x07:
579+
case 0x08:
580+
case 0x09:
581+
case 0x0a:
582+
case 0x0b:
583+
case 0x0c:
584+
case 0x0d:
585+
case 0x0e:
586+
case 0x0f:
587+
case 0x10:
588+
case 0x11:
589+
case 0x12:
590+
case 0x13:
591+
case 0x14:
592+
case 0x15:
593+
case 0x16:
594+
case 0x17:
595+
case 0x18:
596+
case 0x19:
597+
case 0x1a:
598+
case 0x1b:
599+
case 0x1c:
600+
case 0x1d:
601+
case 0x1e:
602+
case 0x1f:
603+
604+
case 0x80:
605+
case 0x81:
606+
case 0x82:
607+
case 0x83:
608+
case 0x84:
609+
case 0x85:
610+
case 0x86:
611+
case 0x87:
612+
case 0x88:
613+
case 0x89:
614+
case 0x8a:
615+
case 0x8b:
616+
case 0x8c:
617+
case 0x8d:
618+
case 0x8e:
619+
case 0x8f:
620+
case 0x90:
621+
case 0x91:
622+
case 0x92:
623+
case 0x93:
624+
case 0x94:
625+
case 0x95:
626+
case 0x96:
627+
case 0x97:
628+
case 0x98:
629+
case 0x99:
630+
case 0x9a:
631+
case 0x9b:
632+
case 0x9c:
633+
case 0x9d:
634+
case 0x9e:
635+
case 0x9f:
636+
637+
data[i] = replacement;
638+
break;
639+
640+
default:
641+
break;
642+
}
643+
}
644+
std::string str_replacement(1, replacement);
645+
646+
boost::ireplace_all(data, "..", str_replacement);
647+
648+
boost::ireplace_all(data, "CON", str_replacement);
649+
boost::ireplace_all(data, "PRN", str_replacement);
650+
boost::ireplace_all(data, "AUX", str_replacement);
651+
boost::ireplace_all(data, "NUL", str_replacement);
652+
boost::ireplace_all(data, "COM1", str_replacement);
653+
boost::ireplace_all(data, "COM2", str_replacement);
654+
boost::ireplace_all(data, "COM3", str_replacement);
655+
boost::ireplace_all(data, "COM4", str_replacement);
656+
boost::ireplace_all(data, "COM5", str_replacement);
657+
boost::ireplace_all(data, "COM6", str_replacement);
658+
boost::ireplace_all(data, "COM7", str_replacement);
659+
boost::ireplace_all(data, "COM8", str_replacement);
660+
boost::ireplace_all(data, "COM9", str_replacement);
661+
boost::ireplace_all(data, "LPT1", str_replacement);
662+
boost::ireplace_all(data, "LPT2", str_replacement);
663+
boost::ireplace_all(data, "LPT3", str_replacement);
664+
boost::ireplace_all(data, "LPT4", str_replacement);
665+
boost::ireplace_all(data, "LPT5", str_replacement);
666+
boost::ireplace_all(data, "LPT6", str_replacement);
667+
boost::ireplace_all(data, "LPT7", str_replacement);
668+
boost::ireplace_all(data, "LPT8", str_replacement);
669+
boost::ireplace_all(data, "LPT9", str_replacement);
670+
}
547671

548672
} // namespace utility
549673
}

0 commit comments

Comments
 (0)