diff options
| author | stderr64 <linuxwizard@voidnet.dy.fi> | 2024-01-27 23:36:01 +0200 |
|---|---|---|
| committer | stderr64 <linuxwizard@voidnet.dy.fi> | 2024-01-27 23:36:01 +0200 |
| commit | bee0ea1cf58e1dd7ca9221105ddade3d5b4ddcbe (patch) | |
| tree | 3669ed9255f59dfb28e5cbe555e45f2ec67f1ab9 | |
| parent | d1c49a48eabd5276c756fea9dea430c7625dd989 (diff) | |
| download | CWebHook-bee0ea1cf58e1dd7ca9221105ddade3d5b4ddcbe.tar.gz CWebHook-bee0ea1cf58e1dd7ca9221105ddade3d5b4ddcbe.tar.zst | |
Just to make sure no more than expected amount of characters is tried to be read when handling http headers
| -rw-r--r-- | cwebhook.c | 4 | ||||
| -rw-r--r-- | http_headers.h | 32 |
2 files changed, 18 insertions, 18 deletions
@@ -35,10 +35,10 @@ log_file_t ldata; void safe_exit( int sigc, siginfo_t *s_info, void *ectx ){ if ( ssocket.tls_context != NULL ) SSL_CTX_free( ssocket.tls_context ); - if ( ssocket.socket_fd > 0 ) - close( ssocket.socket_fd ); if ( ssocket.client_socket_fd > 0 ) close( ssocket.client_socket_fd ); + if ( ssocket.socket_fd > 0 ) + close( ssocket.socket_fd ); if ( sconfig.config_parsed != NULL ) cJSON_Delete( sconfig.config_parsed ); if ( whinfo.webhooks_parsed != NULL ) diff --git a/http_headers.h b/http_headers.h index d8171e8..3503bf1 100644 --- a/http_headers.h +++ b/http_headers.h @@ -2,57 +2,57 @@ #define REQ_READ_ERROR -1 int get_request_data( http_request_data_t *hdt, char *req_contents ){ - if ( req_contents == NULL || (uint64_t)strlen(req_contents) <= 0 ) + if ( req_contents == NULL || (size_t)strnlen(req_contents, (size_t)MAX_RECV_BYTES) <= 0 ) return REQ_READ_ERROR; - hdt->request_size = (size_t)strlen( req_contents ); + hdt->request_size = (size_t)strnlen( req_contents, MAX_RECV_BYTES ); hdt->request_copy = (char*)calloc( hdt->request_size, sizeof(char) ); if ( hdt->request_copy == NULL ) return REQ_READ_ERROR; strncpy( hdt->request_copy, req_contents, hdt->request_size ); - if ( (size_t)strlen(hdt->request_copy) != hdt->request_size ) + if ( (size_t)strnlen(hdt->request_copy, (size_t)MAX_RECV_BYTES) != hdt->request_size ) return REQ_READ_ERROR; hdt->tok_current = strtok_r( hdt->request_copy, "\r\n", &hdt->tok_prev ); - if ( hdt->tok_current == NULL || (uint64_t)strlen(hdt->tok_current) >= MAX_HEADER_LENGTH ) + if ( hdt->tok_current == NULL || (size_t)strnlen(hdt->tok_current, (size_t)(MAX_HEADER_LENGTH + 1)) > (size_t)MAX_HEADER_LENGTH ) return REQ_READ_ERROR; if ( strstr(hdt->tok_current, "GET /") == NULL && strstr(hdt->tok_current, "POST /") == NULL ) return REQ_READ_ERROR; hdt->tok_current = strtok_r( hdt->request_copy, " ", &hdt->tok_prev ); if ( hdt->tok_current == NULL ) return REQ_READ_ERROR; - hdt->request_method = (char*)calloc( (size_t)strlen(hdt->tok_current), sizeof(char) ); + hdt->request_method = (char*)calloc( (size_t)strnlen(hdt->tok_current, (size_t)MAX_HEADER_LENGTH), sizeof(char) ); if ( hdt->request_method == NULL ) return REQ_READ_ERROR; - strncpy( hdt->request_method, hdt->tok_current, (size_t)strlen(hdt->tok_current) ); - if ( (size_t)strlen(hdt->request_method) != (size_t)strlen(hdt->tok_current) ) + strncpy( hdt->request_method, hdt->tok_current, (size_t)strnlen(hdt->tok_current, (size_t)MAX_HEADER_LENGTH) ); + if ( (size_t)strnlen(hdt->request_method, MAX_HEADER_LENGTH) != (size_t)strnlen(hdt->tok_current, (size_t)(MAX_HEADER_LENGTH + 1)) ) return REQ_READ_ERROR; hdt->tok_current = strtok_r( NULL, " ", &hdt->tok_prev ); if ( hdt->tok_current == NULL ) return REQ_READ_ERROR; - hdt->request_path = (char*)calloc( (size_t)strlen(hdt->tok_current), sizeof(char) ); + hdt->request_path = (char*)calloc( (size_t)strnlen(hdt->tok_current, (size_t)MAX_HEADER_LENGTH), sizeof(char) ); if ( hdt->request_path == NULL ) return REQ_READ_ERROR; - strncpy( hdt->request_path, hdt->tok_current, (size_t)strlen(hdt->tok_current) ); - if ( (size_t)strlen(hdt->request_path) != (size_t)strlen(hdt->tok_current) ) + strncpy( hdt->request_path, hdt->tok_current, (size_t)strnlen(hdt->tok_current, (size_t)MAX_HEADER_LENGTH) ); + if ( (size_t)strnlen(hdt->request_path, (size_t)MAX_HEADER_LENGTH) != (size_t)strnlen(hdt->tok_current, (size_t)(MAX_HEADER_LENGTH + 1)) ) return REQ_READ_ERROR; memset( hdt->request_copy, 0, hdt->request_size ); strncpy( hdt->request_copy, req_contents, hdt->request_size ); - if ( (size_t)strlen(hdt->request_copy) != hdt->request_size ) + if ( (size_t)strnlen(hdt->request_copy, (size_t)(MAX_RECV_BYTES + 1)) != hdt->request_size ) return REQ_READ_ERROR; char *request_body_begin = strstr( hdt->request_copy, "\r\n\r\n" ); - if ( request_body_begin == NULL || (uint64_t)strlen(request_body_begin) >= MAX_CONTENT_LENGTH ){ + if ( request_body_begin == NULL || (size_t)strnlen(request_body_begin, (size_t)(MAX_CONTENT_LENGTH + 1)) > (size_t)MAX_CONTENT_LENGTH ){ hdt->request_body = NULL; return REQ_READ_SUCCESS; } hdt->tok_current = strtok_r( request_body_begin, "\r\n\r\n", &hdt->tok_prev ); - if ( hdt->tok_current == NULL || (uint64_t)strlen(hdt->tok_current) >= MAX_CONTENT_LENGTH ){ + if ( hdt->tok_current == NULL || (size_t)strnlen(hdt->tok_current, (size_t)(MAX_CONTENT_LENGTH + 1)) > (size_t)MAX_CONTENT_LENGTH ){ hdt->request_body = NULL; return REQ_READ_SUCCESS; } - hdt->request_body = (char*)calloc( (size_t)strlen(hdt->tok_current), sizeof(char) ); + hdt->request_body = (char*)calloc( (size_t)strnlen(hdt->tok_current, (size_t)MAX_CONTENT_LENGTH), sizeof(char) ); if ( hdt->request_body == NULL ) return REQ_READ_ERROR; - strncpy( hdt->request_body, hdt->tok_current, (size_t)strlen(hdt->tok_current) ); - if ( (size_t)strlen(hdt->request_body) != (size_t)strlen(hdt->tok_current) ) + strncpy( hdt->request_body, hdt->tok_current, (size_t)strnlen(hdt->tok_current, (size_t)MAX_CONTENT_LENGTH) ); + if ( (size_t)strnlen(hdt->request_body, (size_t)MAX_CONTENT_LENGTH) != (size_t)strnlen(hdt->tok_current, (size_t)(MAX_CONTENT_LENGTH + 1)) ) return REQ_READ_ERROR; return REQ_READ_SUCCESS; } |