stv0g/libwebsockets
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
libwebsockets/lib
History
Andy Green a496700b3a lws_snprintf 
Thanks to Fabrice Gilot for reporting the problem that led to uncovering this.

Due to a misunderstanding of the return value of snprintf (it is not truncated according
to the max size passed in) in several places relying on snprintf to truncate the length
overflows are possible.

This patch wraps snprintf with a new lws_snprintf() which does truncate its length to allow
the buffer limiting scheme to work properly.

All users should update with these fixes.
2016-09-15 02:22:57 +08:00
..
.gitignore Ignoring linux build files 2013-01-09 15:46:11 +08:00
alloc.c esp8266 initial support 2016-08-10 21:20:23 +08:00
base64-decode.c base64 decode fix lengths 2016-08-10 21:20:23 +08:00
client-handshake.c lws_snprintf 2016-09-15 02:22:57 +08:00
client-parser.c ws ping pong on idle connections 2016-08-10 21:20:23 +08:00
client.c coverity 169268 + 169270- dead code plus repeat NULL check on error path 2016-08-28 09:44:15 +08:00
context.c coverity 169272 - off-by-one possible on CGI buffer limit 2016-08-28 09:44:15 +08:00
daemonize.c Revert changes in daemonize.c from commit 22d6f39e7f 2016-06-02 13:00:13 +08:00
extension-permessage-deflate.c replace LWS_MAX_SOCKET_IO_BUF with context creation info pt_serv_buf_size 2016-05-19 12:34:35 +08:00
extension-permessage-deflate.h extension permessage deflate 2016-01-11 11:34:01 +08:00
extension.c documentation convert to doxygen 2016-07-14 08:57:27 +08:00
getifaddrs.c whitespace trailing mass cleanout 2015-12-14 08:52:03 +08:00
getifaddrs.h esp8266 initial support 2016-08-10 21:20:23 +08:00
handshake.c cgi-retain-timeout-after-POST-send 2016-08-23 14:20:11 +08:00
header.c per-vhost headers and lwsws conf support 2016-08-27 17:07:06 +08:00
hpack.c http2 update integration 2016-04-13 11:53:40 +08:00
http2.c http2 handle error path on ensure_user_space 2016-04-23 09:36:18 +08:00
huftable.h http2 hpack basic decode ok including huff 2014-10-12 08:38:16 +08:00
lejp-conf.c lws_snprintf 2016-09-15 02:22:57 +08:00
lejp.c documentation convert to doxygen 2016-07-14 08:57:27 +08:00
lejp.h documentation convert to doxygen 2016-07-14 08:57:27 +08:00
lextable-strings.h esp8266 initial support 2016-08-10 21:20:23 +08:00
lextable.h http2 update integration 2016-04-13 11:53:40 +08:00
libev.c plugins 2016-04-07 09:38:08 +08:00
libuv.c lws_snprintf 2016-09-15 02:22:57 +08:00
libwebsockets.c lws_snprintf 2016-09-15 02:22:57 +08:00
libwebsockets.h lws_snprintf 2016-09-15 02:22:57 +08:00
lws-plat-esp8266.c lws_snprintf 2016-09-15 02:22:57 +08:00
lws-plat-mbed3.c documentation convert to doxygen 2016-07-14 08:57:27 +08:00
lws-plat-mbed3.cpp windows detect client connection error 2016-07-14 08:57:27 +08:00
lws-plat-unix.c lws_snprintf 2016-09-15 02:22:57 +08:00
lws-plat-win.c windows: WCHAR in lws_plat_inet_ntop needs double the final allocation 2016-09-05 15:03:37 +08:00
minihuf.c whitespace trailing mass cleanout 2015-12-14 08:52:03 +08:00
minilex.c whitespace trailing mass cleanout 2015-12-14 08:52:03 +08:00
output.c quench logging 2016-08-22 07:07:10 +08:00
parsers.c handle rx flow control active when consuming payload 2016-09-10 04:54:20 +08:00
pollfd.c client fixups after esp8266 2016-08-10 21:23:01 +08:00
private-libwebsockets.h lws_snprintf 2016-09-15 02:22:57 +08:00
rewrite.c check oom on lws_malloc 2016-05-12 21:04:33 +08:00
server-handshake.c esp8266 initial support 2016-08-10 21:20:23 +08:00
server.c lws_snprintf 2016-09-15 02:22:57 +08:00
service.c client http: extra read notification after close 2016-09-06 15:36:51 +08:00
sha-1.c polarssl implementation 2016-04-18 20:05:43 +08:00
smtp.c documentation convert to doxygen 2016-07-14 08:57:27 +08:00
ssl-client.c Add error handling for SSL_new() of clients 2016-08-14 19:53:20 +08:00
ssl-http2.c http2 update integration 2016-04-13 11:53:40 +08:00
ssl-server.c openssl allow set clear of ssl options from info 2016-06-10 11:09:27 +08:00
ssl.c ws ping pong on idle connections 2016-08-10 21:20:23 +08:00