Server crashes on HTTP requests with non-float version numbers
The bug
Sending a GET request (through telnet or other means) with a non-parsable version number crashes the server, though only after it has sent a response.
$ telnet localhost 8080
Trying ::1...
Connected to localhost.
Escape character is '^]'.
GET / HTTP/thisisnotanumber
HTTP/1.1 200 OK
Content-Length: 35
<h1>The web server is working!</h1>Connection closed by foreign host.Invalid requests like GET / HTTP/1.1e-4 or GET / HTTP/-3 do not crash the server, as those are valid floating point numbers in C++.
Requests like
GET / HTTP/4lph4num3r1cGET / HTTP/99999999999999999999999999999999999999999999999999
are not parseable as floats (the latter because it exceeds the maximum precision of a float) and thus crash the server.
Reproducing
Perform any GET request with a large or letter-based version number, as stated above.
Additional details
- OS: Manjaro Linux, kernel version
5.7.14-1 - g++ version: 10.1.0
- cmake version: 3.18.1
- make version: 4.3
- boost version: 1.71.0-2
- gdb version: 9.2
Stack trace
See stacktrace.txt
Gotten with the method specified in the README.