From c775a8737e98873477406035af391dc74cedac96 Mon Sep 17 00:00:00 2001 From: Quantomic Date: Sun, 9 Jul 2017 21:15:32 +0200 Subject: [PATCH 1/5] Fixes #4003 Includes a general sanity check to skip further checks if user provided fewer arguments than minimum required and a specific check for corrupted data passed as file. License: MIT Signed-off-by: Mateja Milosevic --- commands/http/parse.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/commands/http/parse.go b/commands/http/parse.go index f87c55579b8..9a93f1aa7be 100644 --- a/commands/http/parse.go +++ b/commands/http/parse.go @@ -64,6 +64,11 @@ func Parse(r *http.Request, root *cmds.Command) (cmds.Request, error) { args := make([]string, valCount) + //skip further checks if we have fewer provided arguments than minimum required + if valCount < numRequired { + return nil, fmt.Errorf("Needed at least %v argument(s), got %v", numRequired, valCount) + } + valIndex := 0 requiredFile := "" for _, argDef := range cmd.Arguments { @@ -117,6 +122,10 @@ func Parse(r *http.Request, root *cmds.Command) (cmds.Request, error) { } } + if f.FullPath() == "" { + return nil, fmt.Errorf("Corrupted data passed as file argument") + } + // if there is a required filearg, error if no files were provided if len(requiredFile) > 0 && f == nil { return nil, fmt.Errorf("File argument '%s' is required", requiredFile) From 068b7f7f21090d6ab95f7eaa33a71b4344757cfb Mon Sep 17 00:00:00 2001 From: Quantomic Date: Sun, 9 Jul 2017 21:33:14 +0200 Subject: [PATCH 2/5] Corrects mistake. License: MIT Signed-off-by: Mateja Milosevic --- commands/http/parse.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/commands/http/parse.go b/commands/http/parse.go index 9a93f1aa7be..ac237cef290 100644 --- a/commands/http/parse.go +++ b/commands/http/parse.go @@ -122,15 +122,15 @@ func Parse(r *http.Request, root *cmds.Command) (cmds.Request, error) { } } - if f.FullPath() == "" { - return nil, fmt.Errorf("Corrupted data passed as file argument") - } - // if there is a required filearg, error if no files were provided if len(requiredFile) > 0 && f == nil { return nil, fmt.Errorf("File argument '%s' is required", requiredFile) } + if f != nil && f.FullPath() == "" { + return nil, fmt.Errorf("Corrupted data passed as file argument") + } + req, err := cmds.NewRequest(pth, opts, args, f, cmd, optDefs) if err != nil { return nil, err From 54bea781d96561319974c69f8cd35e52541e90ca Mon Sep 17 00:00:00 2001 From: Quantomic Date: Sun, 9 Jul 2017 22:24:52 +0200 Subject: [PATCH 3/5] Deletes the general 'too few arguments' check. License: MIT Signed-off-by: Mateja Milosevic --- commands/http/parse.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/commands/http/parse.go b/commands/http/parse.go index ac237cef290..41dabe637c2 100644 --- a/commands/http/parse.go +++ b/commands/http/parse.go @@ -64,11 +64,6 @@ func Parse(r *http.Request, root *cmds.Command) (cmds.Request, error) { args := make([]string, valCount) - //skip further checks if we have fewer provided arguments than minimum required - if valCount < numRequired { - return nil, fmt.Errorf("Needed at least %v argument(s), got %v", numRequired, valCount) - } - valIndex := 0 requiredFile := "" for _, argDef := range cmd.Arguments { From 049bca6d09b785577544c869c4513880b9460af2 Mon Sep 17 00:00:00 2001 From: Quantomic Date: Fri, 14 Jul 2017 20:04:01 +0200 Subject: [PATCH 4/5] bandaid it instead License: MIT Signed-off-by: Mateja Milosevic --- commands/http/parse.go | 4 ---- core/coreunix/add.go | 5 +++++ 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/commands/http/parse.go b/commands/http/parse.go index 41dabe637c2..f87c55579b8 100644 --- a/commands/http/parse.go +++ b/commands/http/parse.go @@ -122,10 +122,6 @@ func Parse(r *http.Request, root *cmds.Command) (cmds.Request, error) { return nil, fmt.Errorf("File argument '%s' is required", requiredFile) } - if f != nil && f.FullPath() == "" { - return nil, fmt.Errorf("Corrupted data passed as file argument") - } - req, err := cmds.NewRequest(pth, opts, args, f, cmd, optDefs) if err != nil { return nil, err diff --git a/core/coreunix/add.go b/core/coreunix/add.go index da5058c6823..a884906f1ed 100644 --- a/core/coreunix/add.go +++ b/core/coreunix/add.go @@ -223,6 +223,11 @@ func (adder *Adder) Finalize() (node.Node, error) { if err != nil { return nil, err } + + if len(children) == 0 { + return nil, fmt.Errorf("expected at least one child dir, got none") + } + name = children[0] mr, err := adder.mfsRoot() From 48dcd67dfef1fc64ca295383c800ebcf3bdcb3a0 Mon Sep 17 00:00:00 2001 From: Quantomic Date: Mon, 17 Jul 2017 20:48:16 +0200 Subject: [PATCH 5/5] Add sharness test License: MIT Signed-off-by: Mateja Milosevic --- test/sharness/t0600-issues-and-regressions-online.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/test/sharness/t0600-issues-and-regressions-online.sh b/test/sharness/t0600-issues-and-regressions-online.sh index 13964ce34fb..b7953d57eae 100755 --- a/test/sharness/t0600-issues-and-regressions-online.sh +++ b/test/sharness/t0600-issues-and-regressions-online.sh @@ -46,6 +46,11 @@ test_expect_success "pin add api looks right - #3753" ' test_cmp pinrm_out pinrm_exp ' +test_expect_success "no daemon crash on improper file argument - #4003" ' + FNC=$(echo $API_ADDR | awk -F: '\''{ printf "%s %s", $1, $2 }'\'') && + echo -n "POST /api/v0/add?pin=true HTTP/1.1\r\nHost: $API_ADDR\r\nContent-Type: multipart/form-data; boundary=Pyw9xQLtiLPE6XcI\r\nContent-Length: 22\r\n\r\n\r\n--Pyw9xQLtiLPE6XcI\r\n" | nc -v $FNC | grep "200 OK" +' + test_kill_ipfs_daemon test_expect_success "ipfs daemon --offline --mount fails - #2995" '