kapitan/IXWebSocket
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix Address Sanitizer heap-buffer-overflow in WebSocketHandshakeKeyGen::generate

Browse Source 
=================================================================
==5077==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6070000077e0 at pc 0x00010ba18c54 bp 0x70000dd45b10 sp 0x70000dd45b08
READ of size 1 at 0x6070000077e0 thread T12
    #0 0x10ba18c53 in WebSocketHandshakeKeyGen::generate(char const*, char*) libwshandshake.hpp:113
    #1 0x10ba2065a in ix::WebSocketHandshake::serverHandshake(int, int) IXWebSocketHandshake.cpp:356
    #2 0x10b9c4952 in ix::WebSocketTransport::connectToSocket(int, int) IXWebSocketTransport.cpp:190
    #3 0x10b97e4c2 in ix::WebSocket::connectToSocket(int, int) IXWebSocket.cpp:193
This commit is contained in:
Benjamin Sergeant 2019-05-16 21:58:04 -07:00
parent 13fa325134
commit 720d5593a5
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ixwebsocket/IXWebSocketHandshake.cpp
View File

@ -242,7 +242,7 @@ namespace ix
} }
char output[29] = {}; char output[29] = {};
WebSocketHandshakeKeyGen::generate(secWebSocketKey.c_str(), output); WebSocketHandshakeKeyGen::generate(secWebSocketKey, output);
if (std::string(output) != headers["sec-websocket-accept"]) if (std::string(output) != headers["sec-websocket-accept"])
{ {
std::string errorMsg("Invalid Sec-WebSocket-Accept value"); std::string errorMsg("Invalid Sec-WebSocket-Accept value");
@ -348,7 +348,7 @@ namespace ix
} }
char output[29] = {}; char output[29] = {};
WebSocketHandshakeKeyGen::generate(headers["sec-websocket-key"].c_str(), output); WebSocketHandshakeKeyGen::generate(headers["sec-websocket-key"], output);
std::stringstream ss; std::stringstream ss;
ss << "HTTP/1.1 101 Switching Protocols\r\n"; ss << "HTTP/1.1 101 Switching Protocols\r\n";

8
ixwebsocket/libwshandshake.hpp
View File

@ -20,6 +20,7 @@
#include <cstdint> #include <cstdint>
#include <cstddef> #include <cstddef>
#include <string>
class WebSocketHandshakeKeyGen { class WebSocketHandshakeKeyGen {
template <int N, typename T> template <int N, typename T>
@ -100,7 +101,12 @@ class WebSocketHandshakeKeyGen {
} }
public: public:
static inline void generate(const char input[24], char output[28]) { static inline void generate(const std::string& inputStr, char output[28]) {
char input[25] = {};
strncpy(input, inputStr.c_str(), 25 - 1);
input[25 - 1] = '\0';
uint32_t b_output[5] = { uint32_t b_output[5] = {
0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0
}; };