yuzucchii/jetzig
1
0
Fork 0
mirror of https://github.com/jetzig-framework/jetzig.git synced 2025-05-14 22:16:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix UAF in static routes

Browse Source 
Dupe resource ID before freeing Data memory.
This commit is contained in:
Bob Farrell 2024-04-03 18:49:32 +01:00
parent cd4932ff79
commit 605c85ca97
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/jetzig/http/StaticRequest.zig
View File

@ -32,7 +32,7 @@ pub fn resourceId(self: *Self) ![]const u8 {
// Routes generator rejects missing `.id` option so this should always be present.
// Note that static requests are never rendered at runtime so we can be unsafe here and risk
// failing a build (which would not be coherent if we allowed it to complete).
return data.value.?.get("id").?.string.value;
return try self.allocator.dupe(u8, data.value.?.get("id").?.string.value);
}
/// Returns the static params defined by `pub const static_params` in the relevant view.