stv0g/libwebsockets
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
libwebsockets/lib
History
Andy Green 151aa809a6 lws_snprintf 
Thanks to Fabrice Gilot for reporting the problem that led to uncovering this.

Due to a misunderstanding of the return value of snprintf (it is not truncated according
to the max size passed in) in places relying on snprintf to truncate the length
overflows are possible.

This patch wraps snprintf with a new lws_snprintf() which does truncate its length to allow
the buffer limiting scheme to work properly.

All users should update with these fixes.

In 1.7.x, there's no affected code in the library itself, just a couple on instances in the
test app code.
2016-09-15 02:36:22 +08:00
..
.gitignore Ignoring linux build files 2013-01-09 15:46:11 +08:00
alloc.c Subject: [PATCH] Add custom allocator support using the realloc() interface 2014-12-05 07:25:24 +08:00
base64-decode.c b64decode correct decode of some strings 2016-03-19 07:48:24 +08:00
client-handshake.c client fix reaction to tls failure 2016-05-03 08:08:32 +08:00
client-parser.c clean pre 1.7 2016-01-29 23:17:43 +08:00
client.c fix for https connection code 2016-06-13 17:19:55 +08:00
context.c Fix leak caused by undestroyed pthread mutex 2016-05-13 09:43:12 +08:00
daemonize.c daemonize work under systemd 2016-02-20 08:04:32 +08:00
extension-permessage-deflate.c test server align rxbuf with permessage deflate rx buf size 2016-04-01 09:30:09 +08:00
extension-permessage-deflate.h extension permessage deflate 2016-01-11 11:34:01 +08:00
extension.c libuv integration 2016-02-14 09:31:13 +08:00
getifaddrs.c whitespace trailing mass cleanout 2015-12-14 08:52:03 +08:00
getifaddrs.h Use LWS_HAVE_ instead of just HAVE_ 2015-10-12 09:53:17 +08:00
handshake.c timeout settable from info 2016-02-15 20:39:07 +08:00
header.c lws_return_http_status send content length 2016-02-20 08:04:56 +08:00
hpack.c http header malloc pool implement pool 2015-12-25 14:34:20 +08:00
http2.c extension permessage deflate 2016-01-11 11:34:01 +08:00
huftable.h http2 hpack basic decode ok including huff 2014-10-12 08:38:16 +08:00
lextable-strings.h lextable add x-real-ip 2016-01-28 09:40:53 +08:00
lextable.h lextable add x-real-ip 2016-01-28 09:40:53 +08:00
libev.c libev set foreign loop properly 2016-03-09 07:47:34 +08:00
libuv.c check oom on lws_malloc 2016-05-12 21:54:29 +08:00
libwebsockets.c lws_snprintf 2016-09-15 02:36:22 +08:00
libwebsockets.h lws_snprintf 2016-09-15 02:36:22 +08:00
lws-plat-mbed3.c mbed align with pt changes 2016-01-20 17:35:18 +08:00
lws-plat-mbed3.cpp mbed align with pt changes 2016-01-20 17:35:18 +08:00
lws-plat-unix.c cruft remove sigusr2 handling 2016-04-22 21:58:38 +08:00
lws-plat-win.c libuv add idle processing to force service where needed 2016-04-07 18:56:40 +08:00
minihuf.c whitespace trailing mass cleanout 2015-12-14 08:52:03 +08:00
minilex.c whitespace trailing mass cleanout 2015-12-14 08:52:03 +08:00
output.c recv revert treating zero as hangup 2016-05-05 09:23:05 +08:00
parsers.c fix %3d handling in path part and add attack.sh 2016-05-07 08:33:07 +08:00
pollfd.c defeat POLLOUT if socket in shutdown wait 2016-02-24 21:32:31 +08:00
private-libwebsockets.h lws_snprintf 2016-09-15 02:36:22 +08:00
server-handshake.c test server align rxbuf with permessage deflate rx buf size 2016-04-01 09:30:09 +08:00
server.c uri processing reject paths not starting with slash 2016-04-02 08:03:48 +08:00
service.c check oom on lws_malloc 2016-05-12 21:54:29 +08:00
sha-1.c Fix build with musl libc 2016-03-30 06:24:24 +08:00
ssl-http2.c http2 build with alpn capable ssl no debug 2016-03-25 21:03:01 +08:00
ssl.c ssl ecdh adapt if missing ecdh.h include 2016-03-12 08:49:09 +08:00