From 59e71341db61718b33be025df6c205359254a76e Mon Sep 17 00:00:00 2001 From: Anthony Minessale Date: Tue, 23 Sep 2014 20:17:20 +0500 Subject: [PATCH] fix possible buffer overrun in websocket uri and sync the ws.c between sofia and verto --- libs/sofia-sip/.update | 2 +- .../libsofia-sip-ua/tport/tport_type_ws.c | 2 +- libs/sofia-sip/libsofia-sip-ua/tport/ws.c | 22 ++++++++----------- libs/sofia-sip/libsofia-sip-ua/tport/ws.h | 3 ++- 4 files changed, 13 insertions(+), 16 deletions(-) diff --git a/libs/sofia-sip/.update b/libs/sofia-sip/.update index 66c9d49924..d87400bf8e 100644 --- a/libs/sofia-sip/.update +++ b/libs/sofia-sip/.update @@ -1 +1 @@ -Sat Aug 16 01:34:24 CDT 2014 +Tue Sep 23 20:16:55 CDT 2014 diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c b/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c index 9ee2b29f41..2866899fd3 100644 --- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c +++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c @@ -475,7 +475,7 @@ int tport_ws_init_secondary(tport_t *self, int socket, int accepted, memset(&wstp->ws, 0, sizeof(wstp->ws)); - if (ws_init(&wstp->ws, socket, wstp->ws_secure ? wspri->ssl_ctx : NULL, 0, 0) < 0) { + if (ws_init(&wstp->ws, socket, wstp->ws_secure ? wspri->ssl_ctx : NULL, 0, 0, 0) < 0) { ws_destroy(&wstp->ws); wstp->ws_initialized = -1; return *return_reason = "WS_INIT", -1; diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/ws.c b/libs/sofia-sip/libsofia-sip-ua/tport/ws.c index b96c6c140a..6e91ff6493 100644 --- a/libs/sofia-sip/libsofia-sip-ua/tport/ws.c +++ b/libs/sofia-sip/libsofia-sip-ua/tport/ws.c @@ -1,11 +1,6 @@ #include "ws.h" #include -#ifdef _MSC_VER -/* warning C4706: assignment within conditional expression*/ -#pragma warning(disable: 4706) -#endif - #ifndef _MSC_VER #include #endif @@ -269,7 +264,7 @@ int ws_handshake(wsh_t *wsh) goto err; } - *(wsh->buffer+bytes) = '\0'; + *(wsh->buffer + wsh->datalen) = '\0'; if (strncasecmp(wsh->buffer, "GET ", 4)) { goto err; @@ -317,15 +312,15 @@ int ws_handshake(wsh_t *wsh) err: - snprintf(respond, sizeof(respond), "HTTP/1.1 400 Bad Request\r\n" - "Sec-WebSocket-Version: 13\r\n\r\n"); + if (!wsh->stay_open) { - //printf("ERR:\n%s\n", respond); + snprintf(respond, sizeof(respond), "HTTP/1.1 400 Bad Request\r\n" + "Sec-WebSocket-Version: 13\r\n\r\n"); + ws_raw_write(wsh, respond, strlen(respond)); - ws_raw_write(wsh, respond, strlen(respond)); - - ws_close(wsh, WS_NONE); + ws_close(wsh, WS_NONE); + } return -1; @@ -543,7 +538,7 @@ static int establish_logical_layer(wsh_t *wsh) } -int ws_init(wsh_t *wsh, ws_socket_t sock, SSL_CTX *ssl_ctx, int close_sock, int block) +int ws_init(wsh_t *wsh, ws_socket_t sock, SSL_CTX *ssl_ctx, int close_sock, int block, int stay_open) { memset(wsh, 0, sizeof(*wsh)); @@ -551,6 +546,7 @@ int ws_init(wsh_t *wsh, ws_socket_t sock, SSL_CTX *ssl_ctx, int close_sock, int wsh->block = block; wsh->sanity = 5000; wsh->ssl_ctx = ssl_ctx; + wsh->stay_open = stay_open; if (!ssl_ctx) { ssl_ctx = ws_globals.ssl_ctx; diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/ws.h b/libs/sofia-sip/libsofia-sip-ua/tport/ws.h index b4d30b47f2..37a3b9e401 100644 --- a/libs/sofia-sip/libsofia-sip-ua/tport/ws.h +++ b/libs/sofia-sip/libsofia-sip-ua/tport/ws.h @@ -88,6 +88,7 @@ typedef struct wsh_s { int sanity; int secure_established; int logical_established; + int stay_open; int x; void *write_buffer; size_t write_buffer_len; @@ -101,7 +102,7 @@ ssize_t ws_raw_read(wsh_t *wsh, void *data, size_t bytes, int block); ssize_t ws_raw_write(wsh_t *wsh, void *data, size_t bytes); ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data); ssize_t ws_write_frame(wsh_t *wsh, ws_opcode_t oc, void *data, size_t bytes); -int ws_init(wsh_t *wsh, ws_socket_t sock, SSL_CTX *ssl_ctx, int close_sock, int block); +int ws_init(wsh_t *wsh, ws_socket_t sock, SSL_CTX *ssl_ctx, int close_sock, int block, int stay_open); ssize_t ws_close(wsh_t *wsh, int16_t reason); void ws_destroy(wsh_t *wsh); void init_ssl(void);