Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00
Code Issues Releases Wiki Activity

sspc: deal with huge metadata

Browse source
This commit is contained in:
Andy Green 2020-08-05 06:24:18 +01:00
parent 15e6ac25a4
commit 0f218eebbd
1 changed files with 18 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
lib/secure-streams/secure-streams-client.c
View file

@ -62,7 +62,7 @@ lws_sspc_sul_retry_cb(lws_sorted_usec_list_t *sul)
}
static int
lws_sspc_serialize_metadata(lws_sspc_metadata_t *md, uint8_t *p)
lws_sspc_serialize_metadata(lws_sspc_metadata_t *md, uint8_t *p, uint8_t *end)
{
int n, txc;
@ -84,6 +84,12 @@ lws_sspc_serialize_metadata(lws_sspc_metadata_t *md, uint8_t *p)
p[0] = LWSSS_SER_TXPRE_METADATA;
txc = strlen(md->name);
n = txc + 1 + md->len;
if (n > 0xffff)
/* we can't serialize this metadata in 16b length */
return -1;
if (n > lws_ptr_diff(end, &p[4]))
/* we don't have space for this metadata */
return -1;
lws_ser_wu16be(&p[1], n);
p[3] = txc;
memcpy(&p[4], md->name, txc);
@ -102,7 +108,8 @@ callback_sspc_client(struct lws *wsi, enum lws_callback_reasons reason,
void *user, void *in, size_t len)
{
lws_sspc_handle_t *h = (lws_sspc_handle_t *)lws_get_opaque_user_data(wsi);
uint8_t s[32], pkt[LWS_PRE + 1400], *p = pkt + LWS_PRE;
uint8_t s[32], pkt[LWS_PRE + 1400], *p = pkt + LWS_PRE,
*end = p + sizeof(pkt) - LWS_PRE;
void *m = (void *)((uint8_t *)&h[1]);
const uint8_t *cp;
lws_usec_t us;
@ -246,7 +253,9 @@ callback_sspc_client(struct lws *wsi, enum lws_callback_reasons reason,
lws_sspc_metadata_t, list);
cp = p;
n = lws_sspc_serialize_metadata(md, p);
n = lws_sspc_serialize_metadata(md, p, end);
if (n < 0)
goto metadata_hangup;
lwsl_debug("%s: (local_conn) metadata\n", __func__);
@ -299,7 +308,9 @@ callback_sspc_client(struct lws *wsi, enum lws_callback_reasons reason,
lws_sspc_metadata_t, list);
cp = p;
n = lws_sspc_serialize_metadata(md, p);
n = lws_sspc_serialize_metadata(md, p, end);
if (n < 0)
goto metadata_hangup;
goto req_write_and_issue;
}
@ -374,6 +385,9 @@ do_write:
return lws_callback_http_dummy(wsi, reason, user, in, len);
metadata_hangup:
lwsl_err("%s: metadata too large\n", __func__);
hangup:
lwsl_warn("hangup\n");
/* hang up on him */