diff options
| author | Krzysztof Grobelny <krzysztof.grobelny@intel.com> | 2022-08-29 16:20:18 +0300 |
|---|---|---|
| committer | Ed Tanous <edtanous@google.com> | 2022-10-05 20:32:26 +0300 |
| commit | 6071963922ae9511b822feb8908a20141bb7d821 (patch) | |
| tree | c0d076774416cd96765a70101b21dd67c64c7154 /include/login_routes.hpp | |
| parent | fe9bd2ddc38fbb12ae3caa9f9691dc75855ac7fc (diff) | |
| download | bmcweb-6071963922ae9511b822feb8908a20141bb7d821.tar.xz | |
Fixes invalid memory access
std::string_view causes invalid memory access in multipart branch when
assigned local variable goes out of scope and string_view is passed to
ramAuthenticateUser. Moved MultipartParser to higher scope, to ensure
it is not deleted before std::string_view.
Tested:
- Executed post on /login, got response:
{
"data": "User 'root' logged in",
"message": "200 OK",
"status": "ok"
}
Change-Id: I0b02dddcb1a887d442525ffedb7a08a00087f2f2
Signed-off-by: Krzysztof Grobelny <krzysztof.grobelny@intel.com>
Diffstat (limited to 'include/login_routes.hpp')
| -rw-r--r-- | include/login_routes.hpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/login_routes.hpp b/include/login_routes.hpp index fd1c357d10..0ff313c208 100644 --- a/include/login_routes.hpp +++ b/include/login_routes.hpp @@ -24,6 +24,7 @@ inline void requestRoutes(App& app) .methods(boost::beast::http::verb::post)( [](const crow::Request& req, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) { + MultipartParser parser; std::string_view contentType = req.getHeaderValue("content-type"); std::string_view username; std::string_view password; @@ -119,7 +120,6 @@ inline void requestRoutes(App& app) else if (contentType.starts_with("multipart/form-data")) { looksLikePhosphorRest = true; - MultipartParser parser; ParserError ec = parser.parse(req); if (ec != ParserError::PARSER_SUCCESS) { |