fuzzer handle junk after upgrade header

Signed-off-by: Andy Green <andy.green@linaro.org>
This commit is contained in:
Andy Green 2016-01-21 11:00:34 +08:00
parent 496e0af86e
commit 4bc6f95974

View file

@ -347,6 +347,8 @@ int lws_handshake_server(struct libwebsocket_context *context,
/* LWS_CONNMODE_WS_SERVING */
while (len--) {
assert(wsi->mode == LWS_CONNMODE_HTTP_SERVING);
if (libwebsocket_parse(context, wsi, *(*buf)++)) {
lwsl_info("libwebsocket_parse failed\n");
goto bail_nuke_ah;
@ -362,33 +364,39 @@ int lws_handshake_server(struct libwebsocket_context *context,
/* is this websocket protocol or normal http 1.0? */
if (!lws_hdr_total_length(wsi, WSI_TOKEN_UPGRADE) ||
!lws_hdr_total_length(wsi, WSI_TOKEN_CONNECTION)) {
ah = wsi->u.hdr.ah;
lws_union_transition(wsi, LWS_CONNMODE_HTTP_SERVING_ACCEPTED);
wsi->state = WSI_STATE_HTTP;
wsi->u.http.fd = LWS_INVALID_FILE;
/* expose it at the same offset as u.hdr */
wsi->u.http.ah = ah;
n = lws_http_action(context, wsi);
return n;
if (lws_hdr_total_length(wsi, WSI_TOKEN_UPGRADE)) {
if (!strcasecmp(lws_hdr_simple_ptr(wsi, WSI_TOKEN_UPGRADE),
"websocket")) {
lwsl_info("Upgrade to ws\n");
goto upgrade_ws;
}
#ifdef LWS_USE_HTTP2
if (!strcasecmp(lws_hdr_simple_ptr(wsi, WSI_TOKEN_UPGRADE),
"h2c-14")) {
lwsl_info("Upgrade to h2c-14\n");
goto upgrade_h2c;
}
#endif
lwsl_err("Unknown upgrade\n");
/* dunno what he wanted to upgrade to */
goto bail_nuke_ah;
}
if (!strcasecmp(lws_hdr_simple_ptr(wsi, WSI_TOKEN_UPGRADE),
"websocket"))
goto upgrade_ws;
#ifdef LWS_USE_HTTP2
if (!strcasecmp(lws_hdr_simple_ptr(wsi, WSI_TOKEN_UPGRADE),
"h2c-14"))
goto upgrade_h2c;
#endif
/* dunno what he wanted to upgrade to */
goto bail_nuke_ah;
/* no upgrade ack... he remained as HTTP */
lwsl_info("No upgrade\n");
ah = wsi->u.hdr.ah;
lws_union_transition(wsi, LWS_CONNMODE_HTTP_SERVING_ACCEPTED);
wsi->state = WSI_STATE_HTTP;
wsi->u.http.fd = LWS_INVALID_FILE;
/* expose it at the same offset as u.hdr */
wsi->u.http.ah = ah;
n = lws_http_action(context, wsi);
return n;
#ifdef LWS_USE_HTTP2
upgrade_h2c:
@ -575,9 +583,9 @@ upgrade_ws:
lwsl_warn("Failed to set SNDBUF to %d", n);
return 1;
}
lwsl_parser("accepted v%02d connection\n", wsi->ietf_spec_revision);
lwsl_parser("accepted v%02d connection\n",
wsi->ietf_spec_revision);
return 0;
} /* while all chars are handled */
return 0;