kenmirrors/freeswitch
1
0
Fork 0
mirror of https://github.com/signalwire/freeswitch.git synced 2025-04-18 09:32:34 +00:00
Code Issues Projects Releases Wiki Activity

fix possible buffer overrun in websocket uri and sync the ws.c between sofia and verto (missing code from last commit)

Browse Source
This commit is contained in:
Anthony Minessale 2014-09-24 01:09:44 +05:00
parent e8d6866899
commit 9e72c8477f
5 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libs/sofia-sip/.update
View File

@ -1 +1 @@
Tue Sep 23 20:16:55 CDT 2014 Wed Sep 24 01:09:42 CDT 2014

10
libs/sofia-sip/libsofia-sip-ua/tport/ws.c
View File

@ -241,7 +241,6 @@ int ws_handshake(wsh_t *wsh)
char version[5] = ""; char version[5] = "";
char proto[256] = ""; char proto[256] = "";
char proto_buf[384] = ""; char proto_buf[384] = "";
char uri[256] = "";
char input[256] = ""; char input[256] = "";
unsigned char output[SHA1_HASH_SIZE] = ""; unsigned char output[SHA1_HASH_SIZE] = "";
char b64[256] = ""; char b64[256] = "";
@ -277,7 +276,9 @@ int ws_handshake(wsh_t *wsh)
goto err; goto err;
} }
strncpy(uri, p, e-p); wsh->uri = malloc((e-p) + 1);
strncpy(wsh->uri, p, e-p);
*(wsh->uri + (e-p)) = '\0';
cheezy_get_var(wsh->buffer, "Sec-WebSocket-Key", key, sizeof(key)); cheezy_get_var(wsh->buffer, "Sec-WebSocket-Key", key, sizeof(key));
cheezy_get_var(wsh->buffer, "Sec-WebSocket-Version", version, sizeof(version)); cheezy_get_var(wsh->buffer, "Sec-WebSocket-Version", version, sizeof(version));
@ -615,6 +616,11 @@ ssize_t ws_close(wsh_t *wsh, int16_t reason)
wsh->down = 1; wsh->down = 1;
if (wsh->uri) {
free(wsh->uri);
wsh->uri = NULL;
}
if (reason && wsh->sock != ws_sock_invalid) { if (reason && wsh->sock != ws_sock_invalid) {
uint16_t *u16; uint16_t *u16;
uint8_t fr[4] = {WSOC_CLOSE | 0x80, 2, 0}; uint8_t fr[4] = {WSOC_CLOSE | 0x80, 2, 0};

1
libs/sofia-sip/libsofia-sip-ua/tport/ws.h
View File

@ -72,6 +72,7 @@ typedef struct wsh_s {
ws_socket_t sock; ws_socket_t sock;
char buffer[65536]; char buffer[65536];
char wbuffer[65536]; char wbuffer[65536];
char *uri;
size_t buflen; size_t buflen;
ssize_t datalen; ssize_t datalen;
ssize_t wdatalen; ssize_t wdatalen;

10
src/mod/endpoints/mod_verto/ws.c
View File

@ -241,7 +241,6 @@ int ws_handshake(wsh_t *wsh)
char version[5] = ""; char version[5] = "";
char proto[256] = ""; char proto[256] = "";
char proto_buf[384] = ""; char proto_buf[384] = "";
char uri[256] = "";
char input[256] = ""; char input[256] = "";
unsigned char output[SHA1_HASH_SIZE] = ""; unsigned char output[SHA1_HASH_SIZE] = "";
char b64[256] = ""; char b64[256] = "";
@ -277,7 +276,9 @@ int ws_handshake(wsh_t *wsh)
goto err; goto err;
} }
strncpy(uri, p, e-p); wsh->uri = malloc((e-p) + 1);
strncpy(wsh->uri, p, e-p);
*(wsh->uri + (e-p)) = '\0';
cheezy_get_var(wsh->buffer, "Sec-WebSocket-Key", key, sizeof(key)); cheezy_get_var(wsh->buffer, "Sec-WebSocket-Key", key, sizeof(key));
cheezy_get_var(wsh->buffer, "Sec-WebSocket-Version", version, sizeof(version)); cheezy_get_var(wsh->buffer, "Sec-WebSocket-Version", version, sizeof(version));
@ -615,6 +616,11 @@ ssize_t ws_close(wsh_t *wsh, int16_t reason)
wsh->down = 1; wsh->down = 1;
if (wsh->uri) {
free(wsh->uri);
wsh->uri = NULL;
}
if (reason && wsh->sock != ws_sock_invalid) { if (reason && wsh->sock != ws_sock_invalid) {
uint16_t *u16; uint16_t *u16;
uint8_t fr[4] = {WSOC_CLOSE | 0x80, 2, 0}; uint8_t fr[4] = {WSOC_CLOSE | 0x80, 2, 0};

1
src/mod/endpoints/mod_verto/ws.h
View File

@ -72,6 +72,7 @@ typedef struct wsh_s {
ws_socket_t sock; ws_socket_t sock;
char buffer[65536]; char buffer[65536];
char wbuffer[65536]; char wbuffer[65536];
char *uri;
size_t buflen; size_t buflen;
ssize_t datalen; ssize_t datalen;
ssize_t wdatalen; ssize_t wdatalen;