From 784ac09f05cb2a60466a3dc9d15519b5a8f4e83f Mon Sep 17 00:00:00 2001 From: Shuanglei Tao Date: Tue, 24 Oct 2017 20:24:51 +0800 Subject: [PATCH] protocol: fix host origin checking Thanks @ben365 (#75) --- src/protocol.c | 33 ++++++++++++++++++++------------- src/server.c | 2 +- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 237d1d2..9d3ba1f 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -60,21 +60,28 @@ check_host_origin(struct lws *wsi) { char buf[origin_length + 1]; memset(buf, 0, sizeof(buf)); int len = lws_hdr_copy(wsi, buf, sizeof(buf), WSI_TOKEN_ORIGIN); - if (len > 0) { - const char *prot, *address, *path; - int port; - if (lws_parse_uri(buf, &prot, &address, &port, &path)) - return false; + if (len <= 0) { + return false; + } + + const char *prot, *address, *path; + int port; + if (lws_parse_uri(buf, &prot, &address, &port, &path)) + return false; + if (port == 80 || port == 443) { + sprintf(buf, "%s", address); + } else { sprintf(buf, "%s:%d", address, port); - int host_length = lws_hdr_total_length(wsi, WSI_TOKEN_HOST); - if (host_length != strlen(buf)) - return false; - char host_buf[host_length + 1]; - memset(host_buf, 0, sizeof(host_buf)); - len = lws_hdr_copy(wsi, host_buf, sizeof(host_buf), WSI_TOKEN_HOST); - return len > 0 && strcasecmp(buf, host_buf) == 0; } - return false; + + int host_length = lws_hdr_total_length(wsi, WSI_TOKEN_HOST); + if (host_length != strlen(buf)) + return false; + char host_buf[host_length + 1]; + memset(host_buf, 0, sizeof(host_buf)); + len = lws_hdr_copy(wsi, host_buf, sizeof(host_buf), WSI_TOKEN_HOST); + + return len > 0 && strcasecmp(buf, host_buf) == 0; } void diff --git a/src/server.c b/src/server.c index d2dccfd..7c71110 100644 --- a/src/server.c +++ b/src/server.c @@ -270,7 +270,7 @@ main(int argc, char **argv) { } break; case 'i': - strncpy(iface, optarg, sizeof(iface)); + strncpy(iface, optarg, sizeof(iface) - 1); iface[sizeof(iface) - 1] = '\0'; break; case 'c': -- 2.43.4