kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix possible buffer overrun in websocket uri and sync the ws.c between sofia and verto (missing code from last commit)

This commit is contained in:
Anthony Minessale 2014-09-24 01:09:44 +05:00
parent e8d6866899
commit 9e72c8477f
5 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libs/sofia-sip/.update
View File

@ -1 +1 @@
Tue Sep 23 20:16:55 CDT 2014
Wed Sep 24 01:09:42 CDT 2014

14
libs/sofia-sip/libsofia-sip-ua/tport/ws.c
View File

@ -241,7 +241,6 @@ int ws_handshake(wsh_t *wsh)
char version[5] = "";
char proto[256] = "";
char proto_buf[384] = "";
char uri[256] = "";
char input[256] = "";
unsigned char output[SHA1_HASH_SIZE] = "";
char b64[256] = "";
@ -276,9 +275,11 @@ int ws_handshake(wsh_t *wsh)
if (!e) {
goto err;
}
strncpy(uri, p, e-p);
wsh->uri = malloc((e-p) + 1);
strncpy(wsh->uri, p, e-p);
*(wsh->uri + (e-p)) = '\0';
cheezy_get_var(wsh->buffer, "Sec-WebSocket-Key", key, sizeof(key));
cheezy_get_var(wsh->buffer, "Sec-WebSocket-Version", version, sizeof(version));
cheezy_get_var(wsh->buffer, "Sec-WebSocket-Protocol", proto, sizeof(proto));
@ -615,6 +616,11 @@ ssize_t ws_close(wsh_t *wsh, int16_t reason)
wsh->down = 1;
if (wsh->uri) {
free(wsh->uri);
wsh->uri = NULL;
}
if (reason && wsh->sock != ws_sock_invalid) {
uint16_t *u16;
uint8_t fr[4] = {WSOC_CLOSE | 0x80, 2, 0};

1
libs/sofia-sip/libsofia-sip-ua/tport/ws.h
View File

@ -72,6 +72,7 @@ typedef struct wsh_s {
ws_socket_t sock;
char buffer[65536];
char wbuffer[65536];
char *uri;
size_t buflen;
ssize_t datalen;
ssize_t wdatalen;

14
src/mod/endpoints/mod_verto/ws.c
View File

@ -241,7 +241,6 @@ int ws_handshake(wsh_t *wsh)
char version[5] = "";
char proto[256] = "";
char proto_buf[384] = "";
char uri[256] = "";
char input[256] = "";
unsigned char output[SHA1_HASH_SIZE] = "";
char b64[256] = "";
@ -276,9 +275,11 @@ int ws_handshake(wsh_t *wsh)
if (!e) {
goto err;
}
strncpy(uri, p, e-p);
wsh->uri = malloc((e-p) + 1);
strncpy(wsh->uri, p, e-p);
*(wsh->uri + (e-p)) = '\0';
cheezy_get_var(wsh->buffer, "Sec-WebSocket-Key", key, sizeof(key));
cheezy_get_var(wsh->buffer, "Sec-WebSocket-Version", version, sizeof(version));
cheezy_get_var(wsh->buffer, "Sec-WebSocket-Protocol", proto, sizeof(proto));
@ -615,6 +616,11 @@ ssize_t ws_close(wsh_t *wsh, int16_t reason)
wsh->down = 1;
if (wsh->uri) {
free(wsh->uri);
wsh->uri = NULL;
}
if (reason && wsh->sock != ws_sock_invalid) {
uint16_t *u16;
uint8_t fr[4] = {WSOC_CLOSE | 0x80, 2, 0};

1
src/mod/endpoints/mod_verto/ws.h
View File

@ -72,6 +72,7 @@ typedef struct wsh_s {
ws_socket_t sock;
char buffer[65536];
char wbuffer[65536];
char *uri;
size_t buflen;
ssize_t datalen;
ssize_t wdatalen;