Mercurial > hgrepos > FreeBSD > ports > net > turnserver

annotate files/patch-src_apps_relay_http__server.c @ 6:9dbd5a23ea47

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Conflict with standard turnserver and coturn
author Franz Glasner <fzglas.hg@dom66.de>
date Fri, 27 Mar 2020 09:41:59 +0100
parents 244ecaf25a6f
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
1 --- src/apps/relay/http_server.c.orig 2019-03-02 21:06:19 UTC
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
2 +++ src/apps/relay/http_server.c
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
3 @@ -103,36 +103,45 @@ const char* get_http_date_header()
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
4
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
5 static struct headers_list * post_parse(char *data, size_t data_len)
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
6 {
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
7 - while((*data=='\r')||(*data=='\n')) ++data;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
8 - char *post_data = (char*)calloc(data_len + 1, sizeof(char));
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
9 - memcpy(post_data, data, data_len);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
10 - char *fmarker = NULL;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
11 - char *fsplit = strtok_r(post_data, "&", &fmarker);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
12 - struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list));
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
13 - ns_bzero(list,sizeof(struct headers_list));
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
14 - while (fsplit != NULL) {
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
15 - char *vmarker = NULL;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
16 - char *key = strtok_r(fsplit, "=", &vmarker);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
17 - char *value = strtok_r(NULL, "=", &vmarker);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
18 - char empty[1];
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
19 - empty[0]=0;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
20 - value = value ? value : empty;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
21 - value = evhttp_decode_uri(value);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
22 - char *p = value;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
23 - while (*p) {
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
24 - if (*p == '+')
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
25 - *p = ' ';
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
26 - p++;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
27 + while((*data=='\r')||(*data=='\n')) { ++data; --data_len; }
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
28 + if (data_len) {
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
29 + char *post_data = (char*)calloc(data_len + 1, sizeof(char));
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
30 + if (post_data != NULL) {
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
31 + memcpy(post_data, data, data_len);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
32 + char *fmarker = NULL;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
33 + char *fsplit = strtok_r(post_data, "&", &fmarker);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
34 + struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list));
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
35 + bzero(list,sizeof(struct headers_list));
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
36 + while (fsplit != NULL) {
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
37 + char *vmarker = NULL;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
38 + char *key = strtok_r(fsplit, "=", &vmarker);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
39 + if (key == NULL)
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
40 + break;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
41 + else {
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
42 + char *value = strtok_r(NULL, "=", &vmarker);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
43 + char empty[1];
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
44 + empty[0]=0;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
45 + value = value ? value : empty;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
46 + value = evhttp_decode_uri(value);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
47 + char *p = value;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
48 + while (*p) {
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
49 + if (*p == '+')
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
50 + *p = ' ';
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
51 + p++;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
52 + }
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
53 + list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1));
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
54 + list->keys[list->n] = strdup(key);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
55 + list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1));
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
56 + list->values[list->n] = value;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
57 + ++(list->n);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
58 + fsplit = strtok_r(NULL, "&", &fmarker);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
59 + }
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
60 + }
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
61 + free(post_data);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
62 + return list;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
63 }
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
64 - list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1));
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
65 - list->keys[list->n] = strdup(key);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
66 - list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1));
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
67 - list->values[list->n] = value;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
68 - ++(list->n);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
69 - fsplit = strtok_r(NULL, "&", &fmarker);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
70 }
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
71 - free(post_data);
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
72 - return list;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
73 + return NULL;
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
74 }
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
75
244ecaf25a6f Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff changeset
76 static struct http_request* parse_http_request_1(struct http_request* ret, char* request, int parse_post)