fcl-web: httproute.HTTPRouter.StringToRouteMethod segfaults on unknown HTTP method, which can be exploited remotely
Original Reporter info from Mantis: chmod222
-
Reporter name:
Original Reporter info from Mantis: chmod222
- Reporter name:
Description:
An fcl-web application can be instantly segfaulted remotely by sending it an HTTP request with a non-supported request verb, such as "PATCH", an uncommonly used but still valid HTTP verb.
This is due to an underflow on httproute.pas:425 caused by an off by one in the loop condition, where the Pred() call in the previous iteration lowers the enum value below the actual enum minimum, causing a crash in the next iteration.
I have attached a patch for this issue which I have tested on the current trunk build.
Steps to reproduce:
Call HTTPRouter.StringToRouteMethod with any unsupported string
Mantis conversion info:
- Mantis ID: 34538
- OS: Any
- OS Build: Any
- Platform: Any
- Version: 3.3.1
- Fixed in version: 3.3.1
- Fixed in revision: 40393 (#81862455)
- Target version: 3.2.0