Mercurial > hgrepos > FreeBSD > ports > net > turnserver
comparison files/patch-src_apps_relay_http__server.c @ 3:244ecaf25a6f
Apply patches for CVE-2020-6061/TALOS-2020-0984 and CVE-2020-6062/TALOS-2020-0985.
On GitHub these are the corresponding commits:
- CVE-2020-6061 / TALOS-2020-0984: commit 51a7c2b9bf924890c7a3ff4db9c4976c5a93340a
- CVE-2020-6062 / TALOS-2020-0985: commit e09bcd9f7af5b32c81b37f51835b384b5a7d03a8
These patches are required only when the Web admin interface is activated.
But better safe than sorry...
| author | Franz Glasner <fzglas.hg@dom66.de> |
|---|---|
| date | Thu, 26 Mar 2020 22:25:41 +0100 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 2:a1a8a51bb1ac | 3:244ecaf25a6f |
|---|---|
| 1 --- src/apps/relay/http_server.c.orig 2019-03-02 21:06:19 UTC | |
| 2 +++ src/apps/relay/http_server.c | |
| 3 @@ -103,36 +103,45 @@ const char* get_http_date_header() | |
| 4 | |
| 5 static struct headers_list * post_parse(char *data, size_t data_len) | |
| 6 { | |
| 7 - while((*data=='\r')||(*data=='\n')) ++data; | |
| 8 - char *post_data = (char*)calloc(data_len + 1, sizeof(char)); | |
| 9 - memcpy(post_data, data, data_len); | |
| 10 - char *fmarker = NULL; | |
| 11 - char *fsplit = strtok_r(post_data, "&", &fmarker); | |
| 12 - struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list)); | |
| 13 - ns_bzero(list,sizeof(struct headers_list)); | |
| 14 - while (fsplit != NULL) { | |
| 15 - char *vmarker = NULL; | |
| 16 - char *key = strtok_r(fsplit, "=", &vmarker); | |
| 17 - char *value = strtok_r(NULL, "=", &vmarker); | |
| 18 - char empty[1]; | |
| 19 - empty[0]=0; | |
| 20 - value = value ? value : empty; | |
| 21 - value = evhttp_decode_uri(value); | |
| 22 - char *p = value; | |
| 23 - while (*p) { | |
| 24 - if (*p == '+') | |
| 25 - *p = ' '; | |
| 26 - p++; | |
| 27 + while((*data=='\r')||(*data=='\n')) { ++data; --data_len; } | |
| 28 + if (data_len) { | |
| 29 + char *post_data = (char*)calloc(data_len + 1, sizeof(char)); | |
| 30 + if (post_data != NULL) { | |
| 31 + memcpy(post_data, data, data_len); | |
| 32 + char *fmarker = NULL; | |
| 33 + char *fsplit = strtok_r(post_data, "&", &fmarker); | |
| 34 + struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list)); | |
| 35 + bzero(list,sizeof(struct headers_list)); | |
| 36 + while (fsplit != NULL) { | |
| 37 + char *vmarker = NULL; | |
| 38 + char *key = strtok_r(fsplit, "=", &vmarker); | |
| 39 + if (key == NULL) | |
| 40 + break; | |
| 41 + else { | |
| 42 + char *value = strtok_r(NULL, "=", &vmarker); | |
| 43 + char empty[1]; | |
| 44 + empty[0]=0; | |
| 45 + value = value ? value : empty; | |
| 46 + value = evhttp_decode_uri(value); | |
| 47 + char *p = value; | |
| 48 + while (*p) { | |
| 49 + if (*p == '+') | |
| 50 + *p = ' '; | |
| 51 + p++; | |
| 52 + } | |
| 53 + list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1)); | |
| 54 + list->keys[list->n] = strdup(key); | |
| 55 + list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1)); | |
| 56 + list->values[list->n] = value; | |
| 57 + ++(list->n); | |
| 58 + fsplit = strtok_r(NULL, "&", &fmarker); | |
| 59 + } | |
| 60 + } | |
| 61 + free(post_data); | |
| 62 + return list; | |
| 63 } | |
| 64 - list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1)); | |
| 65 - list->keys[list->n] = strdup(key); | |
| 66 - list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1)); | |
| 67 - list->values[list->n] = value; | |
| 68 - ++(list->n); | |
| 69 - fsplit = strtok_r(NULL, "&", &fmarker); | |
| 70 } | |
| 71 - free(post_data); | |
| 72 - return list; | |
| 73 + return NULL; | |
| 74 } | |
| 75 | |
| 76 static struct http_request* parse_http_request_1(struct http_request* ret, char* request, int parse_post) |