From 1586ef95721322936c80203411689a63877caf14 Mon Sep 17 00:00:00 2001 From: Sergio Benitez Date: Wed, 4 May 2022 09:31:41 -0700 Subject: [PATCH] Downgrade URI discord debug assertion to warning. Closes #1831. --- core/lib/src/request/request.rs | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/core/lib/src/request/request.rs b/core/lib/src/request/request.rs index 05468dd1..a2b26390 100644 --- a/core/lib/src/request/request.rs +++ b/core/lib/src/request/request.rs @@ -973,14 +973,22 @@ impl<'r> Request<'r> { let method = Method::from_hyp(&hyper.method) .ok_or(Error::BadMethod(&hyper.method))?; - // In debug, make sure we agree with Hyper. Otherwise, cross our fingers - // and trust that it only gives us valid URIs like it's supposed to. // TODO: Keep around not just the path/query, but the rest, if there? let uri = hyper.uri.path_and_query().ok_or(Error::InvalidUri(&hyper.uri))?; - debug_assert!(Origin::parse(uri.as_str()).is_ok()); - let uri = Origin::new(uri.path(), uri.query().map(Cow::Borrowed)); + + // In debug, make sure we agree with Hyper that the URI is valid. If we + // disagree, print a warning but continue anyway seeing as if this is a + // security issue with Hyper, there isn't much we can do. + #[cfg(debug_assertions)] + if Origin::parse(uri.as_str()).is_err() { + warn!("Hyper/Rocket URI validity discord: {:?}", uri.as_str()); + info_!("Hyper believes the URI is valid while Rocket disagrees."); + info_!("This is likely a Hyper bug with potential security implications."); + warn_!("Please report this warning to Rocket's GitHub issue tracker."); + } // Construct the request object. + let uri = Origin::new(uri.path(), uri.query().map(Cow::Borrowed)); let mut request = Request::new(rocket, method, uri); if let Some(connection) = connection { request.connection = connection;