Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1753165912, "reponame":"libwebsockets", "desc":"libwebsockets lightweight C networking library", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://libwebsockets.org/repo/libwebsockets", "f":3, "items": [ {"schema":"libjg2-1", "cid":"6e7100926eabba114e868e77f155b930", "commit": {"type":"commit", "time": 1537140368, "time_ofs": 480, "oid_tree": { "oid": "648cf514054aae095105920949c429ac0716ebe3", "alias": []}, "oid":{ "oid": "93f4fe55324a50a9e5d6d5385ca7cadadb83441a", "alias": []}, "msg": "lws_return_http_status: use /error.css if possible", "sig_commit": { "git_time": { "time": 1537140368, "offset": 480 }, "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" }, "sig_author": { "git_time": { "time": 1537078713, "offset": 480 }, "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" }}, "body": "lws_return_http_status: use /error.css if possible" , "diff": "diff --git a/lib/roles/http/header.c b/lib/roles/http/header.c\nindex 5bf3d37..0a7d92e 100644\n--- a/lib/roles/http/header.c\n+++ b/lib/roles/http/header.c\n@@ -338,6 +338,7 @@ lws_return_http_status(struct lws *wsi, unsigned int code,\n \tunsigned char *p \u003d pt-\u003eserv_buf + LWS_PRE;\n \tunsigned char *start \u003d p;\n \tunsigned char *end \u003d p + context-\u003ept_serv_buf_size - LWS_PRE;\n+\tchar *body \u003d (char *)start + context-\u003ept_serv_buf_size - 512;\n \tint n \u003d 0, m \u003d 0, len;\n \tchar slen[20];\n \n@@ -372,9 +373,15 @@ lws_return_http_status(struct lws *wsi, unsigned int code,\n \t\t\t\t\t \u0026p, end))\n \t\treturn 1;\n \n-\tlen \u003d 35 + (int)strlen(html_body) + sprintf(slen, \u0022%d\u0022, code);\n-\tn \u003d sprintf(slen, \u0022%d\u0022, len);\n+\tlen \u003d lws_snprintf(body, 510, \u0022\u003chtml\u003e\u003chead\u003e\u0022\n+\t\t\u0022\u003cmeta charset\u003dutf-8 http-equiv\u003d\u005c\u0022Content-Language\u005c\u0022 \u0022\n+\t\t\t\u0022content\u003d\u005c\u0022en\u005c\u0022/\u003e\u0022\n+\t\t\u0022\u003clink rel\u003d\u005c\u0022stylesheet\u005c\u0022 type\u003d\u005c\u0022text/css\u005c\u0022 \u0022\n+\t\t\t\u0022href\u003d\u005c\u0022/error.css\u005c\u0022/\u003e\u0022\n+\t\t\u0022\u003c/head\u003e\u003cbody\u003e\u003ch1\u003e%u\u003c/h1\u003e%s\u003c/body\u003e\u003c/html\u003e\u0022, code, html_body);\n+\n \n+\tn \u003d sprintf(slen, \u0022%d\u0022, len);\n \tif (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH,\n \t\t\t\t\t (unsigned char *)slen, n, \u0026p, end))\n \t\treturn 1;\n@@ -384,7 +391,6 @@ lws_return_http_status(struct lws *wsi, unsigned int code,\n \n #if defined(LWS_WITH_HTTP2)\n \tif (wsi-\u003ehttp2_substream) {\n-\t\tchar *body \u003d (char *)start + context-\u003ept_serv_buf_size - 512;\n \n \t\t/*\n \t\t * for HTTP/2, the headers must be sent separately, since they\n@@ -407,9 +413,6 @@ lws_return_http_status(struct lws *wsi, unsigned int code,\n \t\t * ... but stash the body and send it as a priority next\n \t\t * handle_POLLOUT\n \t\t */\n-\n-\t\tlen \u003d sprintf(body, \u0022\u003chtml\u003e\u003cbody\u003e\u003ch1\u003e%u\u003c/h1\u003e%s\u003c/body\u003e\u003c/html\u003e\u0022,\n-\t\t\t code, html_body);\n \t\twsi-\u003ehttp.tx_content_length \u003d len;\n \t\twsi-\u003ehttp.tx_content_remain \u003d len;\n \n@@ -429,11 +432,9 @@ lws_return_http_status(struct lws *wsi, unsigned int code,\n \t\t * for http/1, we can just append the body after the finalized\n \t\t * headers and send it all in one go.\n \t\t */\n-\t\tp +\u003d lws_snprintf((char *)p, end - p - 1,\n-\t\t\t\t \u0022\u003chtml\u003e\u003cbody\u003e\u003ch1\u003e%u\u003c/h1\u003e%s\u003c/body\u003e\u003c/html\u003e\u0022,\n-\t\t\t\t code, html_body);\n \n-\t\tn \u003d lws_ptr_diff(p, start);\n+\t\tn \u003d lws_ptr_diff(p, start) + len;\n+\t\tmemcpy(p, body, len);\n \t\tm \u003d lws_write(wsi, start, n, LWS_WRITE_HTTP);\n \t\tif (m !\u003d n)\n \t\t\treturn 1;\ndiff --git a/scripts/attack.sh b/scripts/attack.sh\nindex a6946bb..3f3a67a 100755\n--- a/scripts/attack.sh\n+++ b/scripts/attack.sh\n@@ -45,12 +45,12 @@ function check {\n \tfi\n \tif [ \u0022$1\u0022 \u003d \u0022defaultplusforbidden\u0022 ] ; then\n \tcat $CORPUS \u003e /tmp/plusforb\n-\techo -e -n \u0022HTTP/1.0 403 Forbidden\u005cx0d\u005cx0acontent-type: text/html\u005cx0d\u005cx0acontent-length: 38\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u003chtml\u003e\u003cbody\u003e\u003ch1\u003e403\u003c/h1\u003e\u003c/body\u003e\u003c/html\u003e\u0022 \u003e\u003e /tmp/plusforb\n+\techo -e -n \u0022HTTP/1.0 403 Forbidden\u005cx0d\u005cx0acontent-type: text/html\u005cx0d\u005cx0acontent-length: 173\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u003chtml\u003e\u003chead\u003e\u003cmeta charset\u003dutf-8 http-equiv\u003d\u005c\u0022Content-Language\u005c\u0022 content\u003d\u005c\u0022en\u005c\u0022/\u003e\u003clink rel\u003d\u005c\u0022stylesheet\u005c\u0022 type\u003d\u005c\u0022text/css\u005c\u0022 href\u003d\u005c\u0022/error.css\u005c\u0022/\u003e\u003c/head\u003e\u003cbody\u003e\u003ch1\u003e403\u003c/h1\u003e\u003c/body\u003e\u003c/html\u003e\u0022 \u003e\u003e /tmp/plusforb\n \t\tdiff /tmp/lwscap /tmp/plusforb \u003e /dev/null\n \t\tif [ $? -ne 0 ] ; then\n \t\t\tcat $CORPUS \u003e /tmp/plusforb\n \n-\t\t\techo -e -n \u0022HTTP/1.1 403 Forbidden\u005cx0d\u005cx0acontent-type: text/html\u005cx0d\u005cx0acontent-length: 38\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u003chtml\u003e\u003cbody\u003e\u003ch1\u003e403\u003c/h1\u003e\u003c/body\u003e\u003c/html\u003e\u0022 \u003e\u003e /tmp/plusforb\n+\t\t\techo -e -n \u0022HTTP/1.1 403 Forbidden\u005cx0d\u005cx0acontent-type: text/html\u005cx0d\u005cx0acontent-length: 173\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u003chtml\u003e\u003chead\u003e\u003cmeta charset\u003dutf-8 http-equiv\u003d\u005c\u0022Content-Language\u005c\u0022 content\u003d\u005c\u0022en\u005c\u0022/\u003e\u003clink rel\u003d\u005c\u0022stylesheet\u005c\u0022 type\u003d\u005c\u0022text/css\u005c\u0022 href\u003d\u005c\u0022/error.css\u005c\u0022/\u003e\u003c/head\u003e\u003cbody\u003e\u003ch1\u003e403\u003c/h1\u003e\u003c/body\u003e\u003c/html\u003e\u0022 \u003e\u003e /tmp/plusforb\n \t\t\tdiff /tmp/lwscap /tmp/plusforb \u003e /dev/null\n \t\t\tif [ $? -ne 0 ] ; then\n \n","s":{"c":1753048578,"u": 1833}} ],"g": 1650,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "7d0a"}