libevent evhttp_uri_get_query coredump

昨天和前端同事调试，拿到一个形式以下的http uri：

http://192.168.1.226:9998/customer/online_duration_static?date=16570&$brand_type=1&online_total_time=1&business_data={"business":["43","44","45","46","47","48","49","51","68","69","70","80","82","129","130","139","146","177","186","187","223","249","250","258","262","293","300","301"]}

放到浏览器上一敲，在服务端日志里看到的是：

http://192.168.1.226:9998/customer/online_duration_static?date=16570&$brand_type=1&online_total_time=1&business_data={%22business%22:[%2243%22,%2244%22,%2245%22,%2246%22,%2247%22,%2248%22,%2249%22,%2251%22,%2268%22,%2269%22,%2270%22,%2280%22,%2282%22,%22129%22,%22130%22,%22139%22,%22146%22,%22177%22,%22186%22,%22187%22,%22223%22,%22249%22,%22250%22,%22258%22,%22262%22,%22293%22,%22300%22,%22301%22]}

服务端调用

const char* uri = evhttp_request_get_uri(req);

char* decoded_uri = evhttp_decode_uri(uri);

进行decode以后能够变回原来的uri：

http://192.168.1.226:9998/customer/online_duration_static?date=16570&$brand_type=1&online_total_time=1&business_data={"business":["43","44","45","46","47","48","49","51","68","69","70","80","82","129","130","139","146","177","186","187","223","249","250","258","262","293","300","301"]}

接下来调用 struct evhttp_uri* parsed_uri = evhttp_uri_parse(decoded_uri); 进行uri解析分段。

在uri的business_data里包含了uri的保留字符 [] : 。调用evhttp_uri_parse的时候没法正常解析uri，返回NULL。在下一步的evhttp_uri_get_query的时候传入空指针发生了coredump。

可见libevent的evhttp_uri_get_query方法并非安全的方法，未作参数检查。

总结：

1. 在调用libevent包含指针形参的方法前，须要对要传入的参数作条件判断；

2. uri中存在json数据时候须要作转义或者base64的编码；

参考连接：http://www.cppblog.com/qinqing1984/archive/2012/09/25/191972.html