fix possible buffer overrun in websocket uri and sync the ws.c between sofia and...

diff --git a/libs/sofia-sip/.update b/libs/sofia-sip/.update
index 66c9d499247e69f6d302dee73808bf50d71b6d8e..d87400bf8ecd8f1edf3344aad63024d4df3b78f8 100644 (file)
--- a/libs/sofia-sip/.update
+++ b/libs/sofia-sip/.update
@@ -1 +1 @@
-Sat Aug 16 01:34:24 CDT 2014
+Tue Sep 23 20:16:55 CDT 2014

diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c b/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c
index 9ee2b29f414b72b5ada332143d7fd747637cd685..2866899fd339b2d0346c80b570b9a096b0f1b717 100644 (file)
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c
@@ -475,7 +475,7 @@ int tport_ws_init_secondary(tport_t *self, int socket, int accepted,
 
   memset(&wstp->ws, 0, sizeof(wstp->ws));
 
-  if (ws_init(&wstp->ws, socket, wstp->ws_secure ? wspri->ssl_ctx : NULL, 0, 0) < 0) {
+  if (ws_init(&wstp->ws, socket, wstp->ws_secure ? wspri->ssl_ctx : NULL, 0, 0, 0) < 0) {
          ws_destroy(&wstp->ws);
          wstp->ws_initialized = -1;
          return *return_reason = "WS_INIT", -1;

diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/ws.c b/libs/sofia-sip/libsofia-sip-ua/tport/ws.c
index b96c6c140a569530ef86d32b074158ac253c22d8..6e91ff6493756ed091bd022cb99c33d15fe2c9c3 100644 (file)
--- a/libs/sofia-sip/libsofia-sip-ua/tport/ws.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/ws.c
@@ -1,11 +1,6 @@
 #include "ws.h"
 #include <pthread.h>
 
-#ifdef _MSC_VER
-/* warning C4706: assignment within conditional expression*/
-#pragma warning(disable: 4706)
-#endif
-
 #ifndef _MSC_VER
 #include <fcntl.h>
 #endif
@@ -269,7 +264,7 @@ int ws_handshake(wsh_t *wsh)
                goto err;
        }
 
-       *(wsh->buffer+bytes) = '\0';
+       *(wsh->buffer + wsh->datalen) = '\0';
        
        if (strncasecmp(wsh->buffer, "GET ", 4)) {
                goto err;
@@ -317,15 +312,15 @@ int ws_handshake(wsh_t *wsh)
 
  err:
 
-       snprintf(respond, sizeof(respond), "HTTP/1.1 400 Bad Request\r\n"
-                        "Sec-WebSocket-Version: 13\r\n\r\n");
+       if (!wsh->stay_open) {
 
-       //printf("ERR:\n%s\n", respond);
+               snprintf(respond, sizeof(respond), "HTTP/1.1 400 Bad Request\r\n"
+                                "Sec-WebSocket-Version: 13\r\n\r\n");
 
+               ws_raw_write(wsh, respond, strlen(respond));
 
-       ws_raw_write(wsh, respond, strlen(respond));
-
-       ws_close(wsh, WS_NONE);
+               ws_close(wsh, WS_NONE);
+       }
 
        return -1;
 
@@ -543,7 +538,7 @@ static int establish_logical_layer(wsh_t *wsh)
 }
 
 
-int ws_init(wsh_t *wsh, ws_socket_t sock, SSL_CTX *ssl_ctx, int close_sock, int block)
+int ws_init(wsh_t *wsh, ws_socket_t sock, SSL_CTX *ssl_ctx, int close_sock, int block, int stay_open)
 {
        memset(wsh, 0, sizeof(*wsh));
 
@@ -551,6 +546,7 @@ int ws_init(wsh_t *wsh, ws_socket_t sock, SSL_CTX *ssl_ctx, int close_sock, int
        wsh->block = block;
        wsh->sanity = 5000;
        wsh->ssl_ctx = ssl_ctx;
+       wsh->stay_open = stay_open;
 
        if (!ssl_ctx) {
                ssl_ctx = ws_globals.ssl_ctx;

diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/ws.h b/libs/sofia-sip/libsofia-sip-ua/tport/ws.h
index b4d30b47f2e1ba49eaae3ce8b73e7c228b3a237f..37a3b9e4013fcfbafcb0d43dbc8dd25843832e41 100644 (file)
--- a/libs/sofia-sip/libsofia-sip-ua/tport/ws.h
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/ws.h
@@ -88,6 +88,7 @@ typedef struct wsh_s {
        int sanity;
        int secure_established;
        int logical_established;
+       int stay_open;
        int x;
        void *write_buffer;
        size_t write_buffer_len;
@@ -101,7 +102,7 @@ ssize_t ws_raw_read(wsh_t *wsh, void *data, size_t bytes, int block);
 ssize_t ws_raw_write(wsh_t *wsh, void *data, size_t bytes);
 ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data);
 ssize_t ws_write_frame(wsh_t *wsh, ws_opcode_t oc, void *data, size_t bytes);
-int ws_init(wsh_t *wsh, ws_socket_t sock, SSL_CTX *ssl_ctx, int close_sock, int block);
+int ws_init(wsh_t *wsh, ws_socket_t sock, SSL_CTX *ssl_ctx, int close_sock, int block, int stay_open);
 ssize_t ws_close(wsh_t *wsh, int16_t reason);
 void ws_destroy(wsh_t *wsh);
 void init_ssl(void);