Mercurial > hgrepos > FreeBSD > ports > net > turnserver
annotate files/patch-src_apps_relay_http__server.c @ 13:c7cf16351c81
Apply patches for proper STUN message validation:
1. Validate the size of an attribute before returning it to the caller.
Previously this was being done in stun_attr_get_next_str() to check
that the previous attribute didn't exceed the size of the underlying buffer,
however by that point any maliciously crafted attributes would have already
had their chance to attack the caller.
commit 9b8baa805582ae66d2a1ed68483609f90fcfb4d0
2. Validate the size of the buffer in stun_get_command_message_len_str().
Without this the caller could read off the end of the underlying buffer
if it receives a maliciously crafted packet with an invalid header size.
commit 14cb1c94e7be98869f45678ba195a26796a797c4
3. Changed type from int to size_t to avoid warning.
warning: comparison between signed and unsigned integer expressions
commit 4722697645cf033de8cf4f34e4214af750746365
See also: https://github.com/coturn/coturn/pull/472
| author | Franz Glasner <fzglas.hg@dom66.de> |
|---|---|
| date | Sat, 28 Mar 2020 15:44:52 +0100 |
| parents | 244ecaf25a6f |
| children |
| rev | line source |
|---|---|
|
3
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
1 --- src/apps/relay/http_server.c.orig 2019-03-02 21:06:19 UTC |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
2 +++ src/apps/relay/http_server.c |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
3 @@ -103,36 +103,45 @@ const char* get_http_date_header() |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
4 |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
5 static struct headers_list * post_parse(char *data, size_t data_len) |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
6 { |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
7 - while((*data=='\r')||(*data=='\n')) ++data; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
8 - char *post_data = (char*)calloc(data_len + 1, sizeof(char)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
9 - memcpy(post_data, data, data_len); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
10 - char *fmarker = NULL; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
11 - char *fsplit = strtok_r(post_data, "&", &fmarker); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
12 - struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
13 - ns_bzero(list,sizeof(struct headers_list)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
14 - while (fsplit != NULL) { |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
15 - char *vmarker = NULL; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
16 - char *key = strtok_r(fsplit, "=", &vmarker); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
17 - char *value = strtok_r(NULL, "=", &vmarker); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
18 - char empty[1]; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
19 - empty[0]=0; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
20 - value = value ? value : empty; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
21 - value = evhttp_decode_uri(value); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
22 - char *p = value; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
23 - while (*p) { |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
24 - if (*p == '+') |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
25 - *p = ' '; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
26 - p++; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
27 + while((*data=='\r')||(*data=='\n')) { ++data; --data_len; } |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
28 + if (data_len) { |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
29 + char *post_data = (char*)calloc(data_len + 1, sizeof(char)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
30 + if (post_data != NULL) { |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
31 + memcpy(post_data, data, data_len); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
32 + char *fmarker = NULL; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
33 + char *fsplit = strtok_r(post_data, "&", &fmarker); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
34 + struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
35 + bzero(list,sizeof(struct headers_list)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
36 + while (fsplit != NULL) { |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
37 + char *vmarker = NULL; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
38 + char *key = strtok_r(fsplit, "=", &vmarker); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
39 + if (key == NULL) |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
40 + break; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
41 + else { |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
42 + char *value = strtok_r(NULL, "=", &vmarker); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
43 + char empty[1]; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
44 + empty[0]=0; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
45 + value = value ? value : empty; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
46 + value = evhttp_decode_uri(value); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
47 + char *p = value; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
48 + while (*p) { |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
49 + if (*p == '+') |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
50 + *p = ' '; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
51 + p++; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
52 + } |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
53 + list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
54 + list->keys[list->n] = strdup(key); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
55 + list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
56 + list->values[list->n] = value; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
57 + ++(list->n); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
58 + fsplit = strtok_r(NULL, "&", &fmarker); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
59 + } |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
60 + } |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
61 + free(post_data); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
62 + return list; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
63 } |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
64 - list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
65 - list->keys[list->n] = strdup(key); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
66 - list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1)); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
67 - list->values[list->n] = value; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
68 - ++(list->n); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
69 - fsplit = strtok_r(NULL, "&", &fmarker); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
70 } |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
71 - free(post_data); |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
72 - return list; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
73 + return NULL; |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
74 } |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
75 |
|
244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
76 static struct http_request* parse_http_request_1(struct http_request* ret, char* request, int parse_post) |