Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Code Issues Releases Wiki Activity

parser issue_char audit

Browse source 
Signed-off-by: Andy Green <andy.green@linaro.org>
This commit is contained in:
Andy Green 2016-01-20 09:26:48 +08:00
parent 9d73971cf5
commit 9b2b9d1a7e
1 changed files with 11 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
lib/parsers.c
View file

@ -235,6 +235,10 @@ static int issue_char(struct lws *wsi, unsigned char c)
/* Insert a null character when we *hit* the limit: */ /* Insert a null character when we *hit* the limit: */
if (frag_len == wsi->u.hdr.current_token_limit) { if (frag_len == wsi->u.hdr.current_token_limit) {
if (wsi->u.hdr.ah->pos == sizeof(wsi->u.hdr.ah->data)) {
lwsl_warn("excessive header content 2\n");
return -1;
}
wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = '\0'; wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = '\0';
lwsl_warn("header %i exceeds limit\n", lwsl_warn("header %i exceeds limit\n",
wsi->u.hdr.parser_state); wsi->u.hdr.parser_state);
@ -340,9 +344,12 @@ int lws_parse(struct lws *wsi, unsigned char c)
switch (wsi->u.hdr.ups) { switch (wsi->u.hdr.ups) {
case URIPS_IDLE: case URIPS_IDLE:
if (!c)
return -1;
/* genuine delimiter */ /* genuine delimiter */
if ((c == '&' || c == ';') && !enc) { if ((c == '&' || c == ';') && !enc) {
issue_char(wsi, c); if (issue_char(wsi, c) < 0)
return 1;
/* swallow the terminator */ /* swallow the terminator */
ah->frags[ah->nfrag].len--; ah->frags[ah->nfrag].len--;
/* link to next fragment */ /* link to next fragment */
@ -429,7 +436,8 @@ int lws_parse(struct lws *wsi, unsigned char c)
if (c == '?' && !enc && if (c == '?' && !enc &&
!ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS]) { /* start of URI arguments */ !ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS]) { /* start of URI arguments */
/* seal off uri header */ /* seal off uri header */
ah->data[ah->pos++] = '\0'; if (issue_char(wsi, '\0') < 0)
return -1;
/* move to using WSI_TOKEN_HTTP_URI_ARGS */ /* move to using WSI_TOKEN_HTTP_URI_ARGS */
ah->nfrag++; ah->nfrag++;
@ -568,14 +576,8 @@ excessive:
while (ah->frags[n].nfrag) while (ah->frags[n].nfrag)
n = ah->frags[n].nfrag; n = ah->frags[n].nfrag;
ah->frags[n].nfrag = ah->nfrag; ah->frags[n].nfrag = ah->nfrag;
if (issue_char(wsi, ' ') < 0)
if (ah->pos == sizeof(ah->data)) {
lwsl_warn("excessive header content\n");
return -1; return -1;
}
ah->data[ah->pos++] = ' ';
ah->frags[ah->nfrag].len++;
break; break;
/* skipping arg part of a name we didn't recognize */ /* skipping arg part of a name we didn't recognize */