From a2da9d8dd8a38c5c464786365fc0a4c6cb124a9e Mon Sep 17 00:00:00 2001
From: Alex Hultman <alexhultman@gmail.com>
Date: Mon, 9 Nov 2020 14:28:27 +0100
Subject: [PATCH] Stricter callback checks for app.get

---
 src/AppWrapper.h |  9 ++++++++-
 src/Utilities.h  | 25 +++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/src/AppWrapper.h b/src/AppWrapper.h
index 12d8dcd..4dba8b2 100644
--- a/src/AppWrapper.h
+++ b/src/AppWrapper.h
@@ -242,14 +242,21 @@ template <typename APP, typename F>
 void uWS_App_get(F f, const FunctionCallbackInfo<Value> &args) {
     APP *app = (APP *) args.Holder()->GetAlignedPointerFromInternalField(0);
 
+    /* Pattern */
     NativeString pattern(args.GetIsolate(), args[0]);
     if (pattern.isInvalid(args)) {
         return;
     }
 
+    /* Handler */
+    Callback checkedCallback(args[1]);
+    if (checkedCallback.isInvalid()) {
+        return;
+    }
+    UniquePersistent<Function> cb = checkedCallback.getFunction();
+
     /* This function requires perContextData */
     PerContextData *perContextData = (PerContextData *) Local<External>::Cast(args.Data())->Value();
-    UniquePersistent<Function> cb(args.GetIsolate(), Local<Function>::Cast(args[1]));
 
     (app->*f)(std::string(pattern.getString()), [cb = std::move(cb), perContextData](auto *res, auto *req) {
         Isolate *isolate = perContextData->isolate;
diff --git a/src/Utilities.h b/src/Utilities.h
index 6f7d3fd..7a6926b 100644
--- a/src/Utilities.h
+++ b/src/Utilities.h
@@ -55,6 +55,31 @@ static constexpr int getAppTypeIndex() {
     return std::is_same<APP, uWS::SSLApp>::value;
 }
 
+struct Callback {
+    bool invalid = false;
+    UniquePersistent<Function> f;
+    Callback(Isolate *isolate, const Local<Value> &value) {
+
+        if (!value->IsFunction()) {
+            invalid = true;
+            return;
+        }
+
+        f.Reset(isolate, Local<Function>::Cast(value));
+    }
+
+    bool isInvalid(const FunctionCallbackInfo<Value> &args) {
+        if (invalid) {
+            args.GetReturnValue().Set(args.GetIsolate()->ThrowException(String::NewFromUtf8(args.GetIsolate(), "Passed callback is not a valid function.", NewStringType::kNormal).ToLocalChecked()));
+        }
+        return invalid;
+    }
+
+    UniquePersistent<Function> &&getFunction() {
+        return std::move(f);
+    }
+};
+
 class NativeString {
     char *data;
     size_t length;