stv0g/libwebsockets
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
libwebsockets/lib
History
Andy Green 1f02bd2e66 lws_snprintf 
Thanks to Fabrice Gilot for reporting the problem that led to uncovering this.

Due to a misunderstanding of the return value of snprintf (it is not truncated according
to the max size passed in) in several places relying on snprintf to truncate the length
overflows are possible.

This patch wraps snprintf with a new lws_snprintf() which does truncate its length to allow
the buffer limiting scheme to work properly.

All users should update with these fixes.
2016-09-15 02:54:32 +08:00
..
.gitignore Ignoring linux build files 2013-01-09 15:46:11 +08:00
alloc.c Subject: [PATCH] Add custom allocator support using the realloc() interface 2014-12-05 07:25:24 +08:00
base64-decode.c b64decode correct decode of some strings 2016-03-19 07:43:22 +08:00
client-handshake.c lws_snprintf 2016-09-15 02:54:32 +08:00
client-parser.c LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT to default to runtime ssl disable 2016-03-23 09:22:11 +08:00
client.c Add error handling for SSL_new() of clients 2016-08-14 19:54:12 +08:00
context.c Fix leak caused by undestroyed pthread mutex 2016-05-13 09:42:58 +08:00
daemonize.c Revert changes in daemonize.c from commit 22d6f39e7f 2016-06-02 13:06:32 +08:00
extension-permessage-deflate.c extensions add api for user code option manipulation 2016-04-08 09:45:49 +08:00
extension-permessage-deflate.h extension permessage deflate 2016-01-11 11:34:01 +08:00
extension.c extensions add api for user code option manipulation 2016-04-08 09:45:49 +08:00
getifaddrs.c whitespace trailing mass cleanout 2015-12-14 08:52:03 +08:00
getifaddrs.h Use LWS_HAVE_ instead of just HAVE_ 2015-10-12 09:53:17 +08:00
handshake.c asserts log which 2016-05-13 10:59:44 +08:00
header.c post example in test server 2016-04-25 10:04:49 +08:00
hpack.c http2 update integration 2016-04-13 11:53:40 +08:00
http2.c http2 handle error path on ensure_user_space 2016-04-23 09:36:18 +08:00
huftable.h http2 hpack basic decode ok including huff 2014-10-12 08:38:16 +08:00
lextable-strings.h http2 update integration 2016-04-13 11:53:40 +08:00
lextable.h http2 update integration 2016-04-13 11:53:40 +08:00
libev.c plugins 2016-04-07 09:38:08 +08:00
libuv.c lws_snprintf 2016-09-15 02:54:32 +08:00
libwebsockets.c lws_snprintf 2016-09-15 02:54:32 +08:00
libwebsockets.h lws_snprintf 2016-09-15 02:54:32 +08:00
lws-plat-mbed3.c mbed align with pt changes 2016-01-20 17:35:18 +08:00
lws-plat-mbed3.cpp mbed align with pt changes 2016-01-20 17:35:18 +08:00
lws-plat-unix.c lws_snprintf 2016-09-15 02:54:32 +08:00
lws-plat-win.c Changes to enable WIN CE support 2016-05-06 07:50:17 +08:00
minihuf.c whitespace trailing mass cleanout 2015-12-14 08:52:03 +08:00
minilex.c whitespace trailing mass cleanout 2015-12-14 08:52:03 +08:00
output.c output size trimming with default rxbuf fix 2016-05-15 09:01:43 +08:00
parsers.c handle rx flow control active when consuming payload 2016-09-10 04:44:56 +08:00
pollfd.c vh doubly linked list for wsi on same protocol 2016-04-16 08:40:35 +08:00
private-libwebsockets.h lws_snprintf 2016-09-15 02:54:32 +08:00
rewrite.c check oom on lws_malloc 2016-05-12 21:53:57 +08:00
server-handshake.c test server align rxbuf with permessage deflate rx buf size 2016-04-01 08:47:05 +08:00
server.c lws_snprintf 2016-09-15 02:54:32 +08:00
service.c asserts log which 2016-05-13 10:59:44 +08:00
sha-1.c polarssl implementation 2016-04-18 20:05:43 +08:00
ssl-client.c Add error handling for SSL_new() of clients 2016-08-14 19:54:12 +08:00
ssl-http2.c http2 update integration 2016-04-13 11:53:40 +08:00
ssl-server.c polarssl implementation 2016-04-18 20:05:43 +08:00
ssl.c lib/ssl.c: fix libre- and boringssl 2016-05-06 07:49:49 +08:00