This is a simplified version of a patch that went on master before v2.1
675c349cc5
It enforces hostname checking for client SSL certs; perviously it was
not performed.
On v2.1+, you can control if this checking is applied or not. But to
avoid changing to public API, it is enforced on v2.0-stable.
There is no legit reason to disable this check... if you want to disable it,
upgrade to v2.1+ or stay on v2.0-stable behind this patch.
https://github.com/warmcat/libwebsockets/issues/715
There are two kinds of reaason to call lws_header_table_reset(), one is we are reallocating
a destroyed ah to another wsi, and the other is we are moving to the next pipelined header set
still on the same wsi, and we need a "weaker" reset that only clears down the state related
to the header parsing, not everything about the ah context including the ah rx buffer.
This patch moves the ah rxbuffer rxpos and rxlen resetting out of lws_header_table_reset() and to
be the responsibility of the caller. Callers who are moving the ah to another wsi are
patched to deal with resetting rxpos and rxlen and lws_http_transaction_completed() who only
resets the ah when moving to the next pipelined headers, no longer wrongly clears the ah rxbuf.
https://github.com/warmcat/libwebsockets/issues/638
Thanks to Fabrice Gilot for reporting the problem that led to uncovering this.
Due to a misunderstanding of the return value of snprintf (it is not truncated according
to the max size passed in) in several places relying on snprintf to truncate the length
overflows are possible.
This patch wraps snprintf with a new lws_snprintf() which does truncate its length to allow
the buffer limiting scheme to work properly.
All users should update with these fixes.
Openssl v1.0.2 and above have support for checking the hostname
the client side connected to against the hostname on the cert the
server presented.
This enables that feature if the necessary API is available in the
openssl version, meaning the connection will fail at ssl negotiation if the
cert isn't for the requested server
It's very easy to test, add a fake entry to /etc/hosts for the server IP with
a different name, using that will fail at ssl but using the correct dns name
matching the certificate will work.
Valgrind caught http/1.1 pipelining using dead user agent alloc
for logging... NULL it when we free it since the wsi can be
reused with keepalive
==16208== Invalid free() / delete / delete[] / realloc()
==16208== at 0x4847ACC: free (vg_replace_malloc.c:530)
==16208== by 0x4888DC3: _realloc (alloc.c:8)
==16208== by 0x4888DFF: lws_realloc (alloc.c:16)
==16208== by 0x487DBCB: lws_access_log (libwebsockets.c:2352)
==16208== by 0x48956DF: lws_http_transaction_completed (server.c:1245)
==16208== by 0x4893757: lws_http_serve (server.c:340)
==16208== by 0x48946EF: lws_http_action (server.c:748)
==16208== by 0x4894CEF: lws_handshake_server (server.c:900)
==16208== by 0x48786BF: lws_read (handshake.c:120)
==16208== by 0x4896103: lws_server_socket_service (server.c:1580)
==16208== by 0x487FB6B: lws_service_fd_tsi (service.c:779)
==16208== by 0x48803B7: lws_service_fd (service.c:1079)
==16208== Address 0x552e5f8 is 0 bytes inside a block of size 86 free'd
==16208== at 0x4847ACC: free (vg_replace_malloc.c:530)
==16208== by 0x4888DC3: _realloc (alloc.c:8)
==16208== by 0x4888DFF: lws_realloc (alloc.c:16)
==16208== by 0x487DBCB: lws_access_log (libwebsockets.c:2352)
==16208== by 0x48956DF: lws_http_transaction_completed (server.c:1245)
==16208== by 0x4893757: lws_http_serve (server.c:340)
==16208== by 0x48946EF: lws_http_action (server.c:748)
==16208== by 0x4894CEF: lws_handshake_server (server.c:900)
==16208== by 0x48786BF: lws_read (handshake.c:120)
==16208== by 0x4896103: lws_server_socket_service (server.c:1580)
==16208== by 0x487FB6B: lws_service_fd_tsi (service.c:779)
==16208== by 0x48803B7: lws_service_fd (service.c:1079)
==16208== Block was alloc'd at
==16208== at 0x4846498: malloc (vg_replace_malloc.c:298)
==16208== by 0x4848D57: realloc (vg_replace_malloc.c:785)
==16208== by 0x4888DA7: _realloc (alloc.c:6)
==16208== by 0x4888DFF: lws_realloc (alloc.c:16)
==16208== by 0x4893EAF: lws_http_action (server.c:565)
==16208== by 0x4894CEF: lws_handshake_server (server.c:900)
==16208== by 0x48786BF: lws_read (handshake.c:120)
==16208== by 0x4896103: lws_server_socket_service (server.c:1580)
==16208== by 0x487FB6B: lws_service_fd_tsi (service.c:779)
==16208== by 0x48803B7: lws_service_fd (service.c:1079)
==16208== by 0x48994B7: lws_io_cb (libuv.c:101)
==16208== by 0x4AE7B1F: ??? (in /usr/lib/libuv.so.1.0.0)
Signed-off-by: Andy Green <andy@warmcat.com>
