Skip to content

Server crashes on HTTP requests with non-float version numbers

The bug

Sending a GET request (through telnet or other means) with a non-parsable version number crashes the server, though only after it has sent a response.

$ telnet localhost 8080
Trying ::1...
Connected to localhost.
Escape character is '^]'.
GET / HTTP/thisisnotanumber

HTTP/1.1 200 OK
Content-Length: 35

<h1>The web server is working!</h1>Connection closed by foreign host.

Invalid requests like GET / HTTP/1.1e-4 or GET / HTTP/-3 do not crash the server, as those are valid floating point numbers in C++.

Requests like

  • GET / HTTP/4lph4num3r1c
  • GET / HTTP/99999999999999999999999999999999999999999999999999

are not parseable as floats (the latter because it exceeds the maximum precision of a float) and thus crash the server.

Reproducing

Perform any GET request with a large or letter-based version number, as stated above.

Additional details

  • OS: Manjaro Linux, kernel version 5.7.14-1
  • g++ version: 10.1.0
  • cmake version: 3.18.1
  • make version: 4.3
  • boost version: 1.71.0-2
  • gdb version: 9.2

Stack trace

See stacktrace.txt

Gotten with the method specified in the README.