Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Code Issues Releases Wiki Activity

fuzzer handle junk after upgrade header

Browse source 
Signed-off-by: Andy Green <andy.green@linaro.org>
This commit is contained in:
Andy Green 2016-01-21 11:10:26 +08:00
parent 1587c5537d
commit c29af6641d
1 changed files with 38 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
lib/server.c
View file

@ -347,6 +347,9 @@ int lws_handshake_server(struct lws *wsi, unsigned char **buf, size_t len)
/* LWSCM_WS_SERVING */ /* LWSCM_WS_SERVING */
while (len--) { while (len--) {
assert(wsi->mode == LWSCM_HTTP_SERVING);
if (lws_parse(wsi, *(*buf)++)) { if (lws_parse(wsi, *(*buf)++)) {
lwsl_info("lws_parse failed\n"); lwsl_info("lws_parse failed\n");
goto bail_nuke_ah; goto bail_nuke_ah;
@ -362,33 +365,40 @@ int lws_handshake_server(struct lws *wsi, unsigned char **buf, size_t len)
/* is this websocket protocol or normal http 1.0? */ /* is this websocket protocol or normal http 1.0? */
if (!lws_hdr_total_length(wsi, WSI_TOKEN_UPGRADE) || if (lws_hdr_total_length(wsi, WSI_TOKEN_UPGRADE)) {
!lws_hdr_total_length(wsi, WSI_TOKEN_CONNECTION)) { if (!strcasecmp(lws_hdr_simple_ptr(wsi, WSI_TOKEN_UPGRADE),
"websocket")) {
ah = wsi->u.hdr.ah; lwsl_info("Upgrade to ws\n");
goto upgrade_ws;
lws_union_transition(wsi, LWSCM_HTTP_SERVING_ACCEPTED); }
wsi->state = LWSS_HTTP; #ifdef LWS_USE_HTTP2
wsi->u.http.fd = LWS_INVALID_FILE; if (!strcasecmp(lws_hdr_simple_ptr(wsi, WSI_TOKEN_UPGRADE),
"h2c-14")) {
/* expose it at the same offset as u.hdr */ lwsl_info("Upgrade to h2c-14\n");
wsi->u.http.ah = ah; goto upgrade_h2c;
}
n = lws_http_action(wsi); #endif
lwsl_err("Unknown upgrade\n");
return n; /* dunno what he wanted to upgrade to */
goto bail_nuke_ah;
} }
if (!strcasecmp(lws_hdr_simple_ptr(wsi, WSI_TOKEN_UPGRADE), /* no upgrade ack... he remained as HTTP */
"websocket"))
goto upgrade_ws; lwsl_info("No upgrade\n");
#ifdef LWS_USE_HTTP2 ah = wsi->u.hdr.ah;
if (!strcasecmp(lws_hdr_simple_ptr(wsi, WSI_TOKEN_UPGRADE),
"h2c-14")) lws_union_transition(wsi, LWSCM_HTTP_SERVING_ACCEPTED);
goto upgrade_h2c; wsi->state = LWSS_HTTP;
#endif wsi->u.http.fd = LWS_INVALID_FILE;
/* dunno what he wanted to upgrade to */
goto bail_nuke_ah; /* expose it at the same offset as u.hdr */
wsi->u.http.ah = ah;
lwsl_debug("%s: wsi %p: ah %p\n", __func__, (void *)wsi, (void *)wsi->u.hdr.ah);
n = lws_http_action(wsi);
return n;
#ifdef LWS_USE_HTTP2 #ifdef LWS_USE_HTTP2
upgrade_h2c: upgrade_h2c:
@ -578,8 +588,9 @@ upgrade_ws:
return 1; return 1;
} }
#endif #endif
lwsl_parser("accepted v%02d connection\n", lwsl_parser("accepted v%02d connection\n", wsi->ietf_spec_revision);
wsi->ietf_spec_revision);
return 0;
} /* while all chars are handled */ } /* while all chars are handled */
return 0; return 0;