From 1aca78df88fd734e0ae80d458d674dbf73ce201c Mon Sep 17 00:00:00 2001 From: tastytea Date: Fri, 30 Nov 2018 06:48:45 +0100 Subject: [PATCH] Check if hash is valid --- CMakeLists.txt | 2 +- src/hash.cpp | 28 ++++++++++++++++++++++++++++ src/libravatarserv.cpp | 6 ++++++ src/libravatarserv.hpp | 2 ++ 4 files changed, 37 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 35e9f3c..4800c40 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,6 +1,6 @@ cmake_minimum_required (VERSION 3.2) project(libravatarserv - VERSION 0.6.4 + VERSION 0.6.5 LANGUAGES CXX ) diff --git a/src/hash.cpp b/src/hash.cpp index 5efd37e..a7e3fa9 100644 --- a/src/hash.cpp +++ b/src/hash.cpp @@ -69,3 +69,31 @@ bool hash::fill_table() } return true; } + +bool hash::is_valid(const string &digest) +{ + if (digest.length() != 64 && digest.length() != 32) + { + return false; + } + if (std::any_of(digest.begin(), digest.end(), not_hex)) + { + return false; + } + + return true; +} + +bool hash::not_hex(const char &c) +{ + if (c >= 0x61 && c <= 0x66) + { // a-f + return false; + } + if (c >= 0x30 && c <= 0x39) + { // 0-9 + return false; + } + + return true; +} diff --git a/src/libravatarserv.cpp b/src/libravatarserv.cpp index f6c1f0a..53d3d61 100644 --- a/src/libravatarserv.cpp +++ b/src/libravatarserv.cpp @@ -45,6 +45,12 @@ int main() return 1; } http::Request avatar = http::parse_request(request); + if (!hash::is_valid(avatar.digest)) + { + cout << "Status: 400 Bad Request\n\n"; + cerr << "Error: Hash is invalid\n"; + return 1; + } if (!find_avatar_dir()) { diff --git a/src/libravatarserv.hpp b/src/libravatarserv.hpp index c6e832a..882fc1b 100644 --- a/src/libravatarserv.hpp +++ b/src/libravatarserv.hpp @@ -71,6 +71,8 @@ namespace hash // hash.cpp const string md5(const string &text); const string sha256(const string &text); bool fill_table(); + bool is_valid(const string &digest); + bool not_hex(const char &c); } namespace image // image.cpp