From 2e2cd1240779499e4f9ab165d6e9c34e677e114a Mon Sep 17 00:00:00 2001 From: Jonathan Boulle Date: Wed, 24 Sep 2014 15:21:18 -0700 Subject: [PATCH] etcdhttp: disallow empty prevValue fields --- etcdserver/etcdhttp/http.go | 10 +++++++++- etcdserver/etcdhttp/http_test.go | 5 +++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/etcdserver/etcdhttp/http.go b/etcdserver/etcdhttp/http.go index 8dc1cf4db..a40f049d5 100644 --- a/etcdserver/etcdhttp/http.go +++ b/etcdserver/etcdhttp/http.go @@ -218,6 +218,14 @@ func parseRequest(r *http.Request, id int64) (etcdserverpb.Request, error) { ) } + pV := r.FormValue("prevValue") + if _, ok := r.Form["prevValue"]; ok && pV == "" { + return emptyReq, etcdErr.NewRequestError( + etcdErr.EcodeInvalidField, + `"prevValue" cannot be empty`, + ) + } + // prevExist is nullable, so leave it null if not specified var pe *bool if _, ok := r.Form["prevExist"]; ok { @@ -236,7 +244,7 @@ func parseRequest(r *http.Request, id int64) (etcdserverpb.Request, error) { Method: r.Method, Path: p, Val: r.FormValue("value"), - PrevValue: r.FormValue("prevValue"), + PrevValue: pV, PrevIndex: pIdx, PrevExist: pe, Recursive: rec, diff --git a/etcdserver/etcdhttp/http_test.go b/etcdserver/etcdhttp/http_test.go index ac983265c..78401f688 100644 --- a/etcdserver/etcdhttp/http_test.go +++ b/etcdserver/etcdhttp/http_test.go @@ -147,6 +147,11 @@ func TestBadParseRequest(t *testing.T) { mustNewForm(t, "foo", url.Values{"stream": []string{"something"}}), etcdErr.EcodeInvalidField, }, + // prevValue cannot be empty + { + mustNewForm(t, "foo", url.Values{"prevValue": []string{""}}), + etcdErr.EcodeInvalidField, + }, // wait is only valid with GET requests { mustNewMethodRequest(t, "HEAD", "foo?wait=true"),