mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-16 00:00:07 +01:00
parser issue_char audit
Signed-off-by: Andy Green <andy.green@linaro.org>
This commit is contained in:
parent
9d73971cf5
commit
9b2b9d1a7e
1 changed files with 11 additions and 9 deletions
|
@ -235,6 +235,10 @@ static int issue_char(struct lws *wsi, unsigned char c)
|
||||||
|
|
||||||
/* Insert a null character when we *hit* the limit: */
|
/* Insert a null character when we *hit* the limit: */
|
||||||
if (frag_len == wsi->u.hdr.current_token_limit) {
|
if (frag_len == wsi->u.hdr.current_token_limit) {
|
||||||
|
if (wsi->u.hdr.ah->pos == sizeof(wsi->u.hdr.ah->data)) {
|
||||||
|
lwsl_warn("excessive header content 2\n");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = '\0';
|
wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = '\0';
|
||||||
lwsl_warn("header %i exceeds limit\n",
|
lwsl_warn("header %i exceeds limit\n",
|
||||||
wsi->u.hdr.parser_state);
|
wsi->u.hdr.parser_state);
|
||||||
|
@ -340,9 +344,12 @@ int lws_parse(struct lws *wsi, unsigned char c)
|
||||||
|
|
||||||
switch (wsi->u.hdr.ups) {
|
switch (wsi->u.hdr.ups) {
|
||||||
case URIPS_IDLE:
|
case URIPS_IDLE:
|
||||||
|
if (!c)
|
||||||
|
return -1;
|
||||||
/* genuine delimiter */
|
/* genuine delimiter */
|
||||||
if ((c == '&' || c == ';') && !enc) {
|
if ((c == '&' || c == ';') && !enc) {
|
||||||
issue_char(wsi, c);
|
if (issue_char(wsi, c) < 0)
|
||||||
|
return 1;
|
||||||
/* swallow the terminator */
|
/* swallow the terminator */
|
||||||
ah->frags[ah->nfrag].len--;
|
ah->frags[ah->nfrag].len--;
|
||||||
/* link to next fragment */
|
/* link to next fragment */
|
||||||
|
@ -429,7 +436,8 @@ int lws_parse(struct lws *wsi, unsigned char c)
|
||||||
if (c == '?' && !enc &&
|
if (c == '?' && !enc &&
|
||||||
!ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS]) { /* start of URI arguments */
|
!ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS]) { /* start of URI arguments */
|
||||||
/* seal off uri header */
|
/* seal off uri header */
|
||||||
ah->data[ah->pos++] = '\0';
|
if (issue_char(wsi, '\0') < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
/* move to using WSI_TOKEN_HTTP_URI_ARGS */
|
/* move to using WSI_TOKEN_HTTP_URI_ARGS */
|
||||||
ah->nfrag++;
|
ah->nfrag++;
|
||||||
|
@ -568,14 +576,8 @@ excessive:
|
||||||
while (ah->frags[n].nfrag)
|
while (ah->frags[n].nfrag)
|
||||||
n = ah->frags[n].nfrag;
|
n = ah->frags[n].nfrag;
|
||||||
ah->frags[n].nfrag = ah->nfrag;
|
ah->frags[n].nfrag = ah->nfrag;
|
||||||
|
if (issue_char(wsi, ' ') < 0)
|
||||||
if (ah->pos == sizeof(ah->data)) {
|
|
||||||
lwsl_warn("excessive header content\n");
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
|
||||||
|
|
||||||
ah->data[ah->pos++] = ' ';
|
|
||||||
ah->frags[ah->nfrag].len++;
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
/* skipping arg part of a name we didn't recognize */
|
/* skipping arg part of a name we didn't recognize */
|
||||||
|
|
Loading…
Add table
Reference in a new issue