Fix std::terminate when uri_log receives null uri pointer

libmicrohttpd may invoke MHD_OPTION_URI_LOG_CALLBACK with a null uri
pointer before the request line is parsed - for example on port scans,
TLS clients hitting a plain HTTP port, or half-open connections. The
previous code assigned the raw pointer directly into a std::string,
which throws std::logic_error("basic_string::_M_construct null not
valid"). Because the throw originates inside an MHD C callback with
no enclosing handler, std::terminate() was called and the process
aborted under load.

Treat a null uri as an empty string so the assignment is well-defined.
An empty URI fails to match any registered resource and surfaces as a
404, which is the correct graceful behaviour.

Resolves #371.

Author: etr

ChangeLog

@@ -17,6 +17,9 @@ Version 0.20.0
 	Fixed auth skip path bypass via path traversal (e.g. /public/../protected).
 	Fixed use of free() instead of MHD_free() for digest auth username.
 	Fixed unchecked write error during file upload.
+	Fixed std::terminate when MHD invokes the URI log callback with a
+		null uri pointer (e.g. port scans, half-open connections, or
+		non-HTTP traffic). Resolves issue #371.
 
 Version 0.19.0 - 2023-06-15
 

src/webserver.cpp

@@ -626,7 +626,12 @@ void* uri_log(void* cls, const char* uri, struct MHD_Connection *con) {
     std::ignore = con;
 
     auto mr = std::make_unique<details::modded_request>();
-    mr->complete_uri = uri;
+    // MHD may invoke this callback with a null uri before the request line
+    // has been parsed (e.g. port scans, half-open connections, or non-HTTP
+    // traffic on the listening port). Treat that as an empty URI so the
+    // std::string assignment does not throw std::logic_error and abort the
+    // process via std::terminate. See issue #371.
+    mr->complete_uri = (uri != nullptr) ? uri : "";
     return reinterpret_cast<void*>(mr.release());
 }