From 720d5593a57ba3e97fb7ab4fb0fe362263f1748c Mon Sep 17 00:00:00 2001
From: Benjamin Sergeant <bsergean@gmail.com>
Date: Thu, 16 May 2019 21:58:04 -0700
Subject: [PATCH] Fix Address Sanitizer heap-buffer-overflow in
 WebSocketHandshakeKeyGen::generate

=================================================================
==5077==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6070000077e0 at pc 0x00010ba18c54 bp 0x70000dd45b10 sp 0x70000dd45b08
READ of size 1 at 0x6070000077e0 thread T12
    #0 0x10ba18c53 in WebSocketHandshakeKeyGen::generate(char const*, char*) libwshandshake.hpp:113
    #1 0x10ba2065a in ix::WebSocketHandshake::serverHandshake(int, int) IXWebSocketHandshake.cpp:356
    #2 0x10b9c4952 in ix::WebSocketTransport::connectToSocket(int, int) IXWebSocketTransport.cpp:190
    #3 0x10b97e4c2 in ix::WebSocket::connectToSocket(int, int) IXWebSocket.cpp:193
---
 ixwebsocket/IXWebSocketHandshake.cpp | 4 ++--
 ixwebsocket/libwshandshake.hpp       | 8 +++++++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/ixwebsocket/IXWebSocketHandshake.cpp b/ixwebsocket/IXWebSocketHandshake.cpp
index 01662939..e8e9ff25 100644
--- a/ixwebsocket/IXWebSocketHandshake.cpp
+++ b/ixwebsocket/IXWebSocketHandshake.cpp
@@ -242,7 +242,7 @@ namespace ix
         }
 
         char output[29] = {};
-        WebSocketHandshakeKeyGen::generate(secWebSocketKey.c_str(), output);
+        WebSocketHandshakeKeyGen::generate(secWebSocketKey, output);
         if (std::string(output) != headers["sec-websocket-accept"])
         {
             std::string errorMsg("Invalid Sec-WebSocket-Accept value");
@@ -348,7 +348,7 @@ namespace ix
         }
 
         char output[29] = {};
-        WebSocketHandshakeKeyGen::generate(headers["sec-websocket-key"].c_str(), output);
+        WebSocketHandshakeKeyGen::generate(headers["sec-websocket-key"], output);
 
         std::stringstream ss;
         ss << "HTTP/1.1 101 Switching Protocols\r\n";
diff --git a/ixwebsocket/libwshandshake.hpp b/ixwebsocket/libwshandshake.hpp
index 588e1b6e..fbe098b5 100644
--- a/ixwebsocket/libwshandshake.hpp
+++ b/ixwebsocket/libwshandshake.hpp
@@ -20,6 +20,7 @@
 
 #include <cstdint>
 #include <cstddef>
+#include <string>
 
 class WebSocketHandshakeKeyGen {
     template <int N, typename T>
@@ -100,7 +101,12 @@ class WebSocketHandshakeKeyGen {
     }
 
 public:
-    static inline void generate(const char input[24], char output[28]) {
+    static inline void generate(const std::string& inputStr, char output[28]) {
+
+        char input[25] = {};
+        strncpy(input, inputStr.c_str(), 25 - 1);
+        input[25 - 1] = '\0';
+
         uint32_t b_output[5] = {
             0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0
         };