Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00
Code Issues Releases Wiki Activity

lws_hdr_copy: ensure enough extra space

Browse source 
Audit all lws_hdr_copy() usages inside lws and make sure we
take care about it failing.

Also since the patch around aggregation of headers by ',',
lws_hdr_copy() needs a little more space in the output buffer,
adjust one place where that caused it to start failing in an
exact-sized buffer.
This commit is contained in:
Andy Green 2018-10-26 16:14:30 +08:00
parent dbbcf43c18
commit 1f1314160a
6 changed files with 41 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
lib/core/service.c
View file

@ -732,8 +732,7 @@ lws_service_periodic_checks(struct lws_context *context,
continue;
}
if (lws_hdr_copy(wsi, buf,
sizeof buf, m) > 0) {
if (lws_hdr_copy(wsi, buf, sizeof buf, m) > 0) {
buf[sizeof(buf) - 1] = '\0';
lwsl_notice(" %s = %s\n",

29
lib/roles/http/server/access-log.c
View file

@ -97,35 +97,36 @@ lws_prepare_access_log_info(struct lws *wsi, char *uri_ptr, int uri_len, int met
l = lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_USER_AGENT);
if (l) {
wsi->http.access_log.user_agent = lws_malloc(l + 2, "access log");
wsi->http.access_log.user_agent = lws_malloc(l + 5, "access log");
wsi->http.access_log.user_agent[0] = '\0';
if (!wsi->http.access_log.user_agent) {
lwsl_err("OOM getting user agent\n");
lws_free_set_NULL(wsi->http.access_log.header_log);
return;
}
lws_hdr_copy(wsi, wsi->http.access_log.user_agent,
l + 1, WSI_TOKEN_HTTP_USER_AGENT);
for (m = 0; m < l; m++)
if (wsi->http.access_log.user_agent[m] == '\"')
wsi->http.access_log.user_agent[m] = '\'';
if (lws_hdr_copy(wsi, wsi->http.access_log.user_agent, l + 4,
WSI_TOKEN_HTTP_USER_AGENT) >= 0)
for (m = 0; m < l; m++)
if (wsi->http.access_log.user_agent[m] == '\"')
wsi->http.access_log.user_agent[m] = '\'';
}
l = lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_REFERER);
if (l) {
wsi->http.access_log.referrer = lws_malloc(l + 2, "referrer");
wsi->http.access_log.referrer = lws_malloc(l + 5, "referrer");
wsi->http.access_log.referrer[0] = '\0';
if (!wsi->http.access_log.referrer) {
lwsl_err("OOM getting user agent\n");
lwsl_err("OOM getting referrer\n");
lws_free_set_NULL(wsi->http.access_log.user_agent);
lws_free_set_NULL(wsi->http.access_log.header_log);
return;
}
lws_hdr_copy(wsi, wsi->http.access_log.referrer,
l + 1, WSI_TOKEN_HTTP_REFERER);
if (lws_hdr_copy(wsi, wsi->http.access_log.referrer,
l + 4, WSI_TOKEN_HTTP_REFERER) >= 0)
for (m = 0; m < l; m++)
if (wsi->http.access_log.referrer[m] == '\"')
wsi->http.access_log.referrer[m] = '\'';
for (m = 0; m < l; m++)
if (wsi->http.access_log.referrer[m] == '\"')
wsi->http.access_log.referrer[m] = '\'';
}
wsi->access_log_pending = 1;
}

2
lib/roles/http/server/lws-spa.c
View file

@ -80,7 +80,7 @@ lws_urldecode_s_create(struct lws *wsi, char *out, int out_len, void *data,
{
struct lws_urldecode_stateful *s = lws_zalloc(sizeof(*s),
"stateful urldecode");
char buf[200], *p;
char buf[205], *p;
int m = 0;
if (!s)

26
lib/roles/http/server/server.c
View file

@ -902,8 +902,8 @@ lws_http_action(struct lws *wsi)
struct lws_process_html_args args;
const struct lws_http_mount *hit = NULL;
unsigned int n;
char http_version_str[10];
char http_conn_str[20];
char http_version_str[12];
char http_conn_str[25];
int http_version_len;
char *uri_ptr = NULL, *s;
int uri_len = 0, meth, m;
@ -949,14 +949,15 @@ lws_http_action(struct lws *wsi)
wsi->http.rx_content_length = 100 * 1024 * 1024;
if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH)) {
lws_hdr_copy(wsi, content_length_str,
if (lws_hdr_copy(wsi, content_length_str,
sizeof(content_length_str) - 1,
WSI_TOKEN_HTTP_CONTENT_LENGTH);
wsi->http.rx_content_length = atoll(content_length_str);
if (!wsi->http.rx_content_length) {
wsi->http.content_length_explicitly_zero = 1;
lwsl_debug("%s: explicit 0 content-length\n",
__func__);
WSI_TOKEN_HTTP_CONTENT_LENGTH) > 0) {
wsi->http.rx_content_length = atoll(content_length_str);
if (!wsi->http.rx_content_length) {
wsi->http.content_length_explicitly_zero = 1;
lwsl_debug("%s: explicit 0 content-length\n",
__func__);
}
}
}
@ -985,10 +986,9 @@ lws_http_action(struct lws *wsi)
conn_type = HTTP_CONNECTION_CLOSE;
/* Override default if http "Connection:" header: */
if (lws_hdr_total_length(wsi, WSI_TOKEN_CONNECTION)) {
lws_hdr_copy(wsi, http_conn_str,
sizeof(http_conn_str) - 1,
WSI_TOKEN_CONNECTION);
if (lws_hdr_total_length(wsi, WSI_TOKEN_CONNECTION) &&
lws_hdr_copy(wsi, http_conn_str, sizeof(http_conn_str) - 1,
WSI_TOKEN_CONNECTION) > 0) {
http_conn_str[sizeof(http_conn_str) - 1] = '\0';
if (!strcasecmp(http_conn_str, "keep-alive"))
conn_type = HTTP_CONNECTION_KEEP_ALIVE;

8
plugins/protocol_lws_status.c
View file

@ -43,7 +43,7 @@ struct per_session_data__lws_status {
struct per_session_data__lws_status *next;
struct lws *wsi;
time_t time_est;
char user_agent[128];
char user_agent[256];
e_walk walk;
struct per_session_data__lws_status *walk_next;
@ -119,10 +119,10 @@ callback_lws_status(struct lws *wsi, enum lws_callback_reasons reason,
time(&pss->time_est);
pss->wsi = wsi;
strcpy(pss->user_agent, "unknown");
lws_hdr_copy(wsi, pss->user_agent, sizeof(pss->user_agent),
WSI_TOKEN_HTTP_USER_AGENT);
if (lws_hdr_copy(wsi, pss->user_agent, sizeof(pss->user_agent),
WSI_TOKEN_HTTP_USER_AGENT) < 0) /* too big */
strcpy(pss->user_agent, "unknown");
trigger_resend(vhd);
break;

10
test-apps/test-server.c
View file

@ -106,10 +106,14 @@ lws_callback_http(struct lws *wsi, enum lws_callback_reasons reason, void *user,
continue;
}
lws_hdr_copy(wsi, buf, sizeof buf, n);
buf[sizeof(buf) - 1] = '\0';
if (lws_hdr_copy(wsi, buf, sizeof buf, n) < 0)
fprintf(stderr, " %s (too big)\n",
(char *)c, buf);
else {
buf[sizeof(buf) - 1] = '\0';
fprintf(stderr, " %s = %s\n", (char *)c, buf);
fprintf(stderr, " %s = %s\n", (char *)c, buf);
}
n++;
} while (c);