diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2020-05-19 03:54:03 -0400 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2020-07-08 22:51:31 -0400 |
commit | 10dbe38a92cc278170213a6f50b0d3d5288113ac (patch) | |
tree | 45cfbeb90f115511bae375a98f84859819e73e12 /src/mod_wstunnel.c | |
parent | 68387462e0058e791f36bd792abaf79f826c4cce (diff) | |
download | lighttpd-git-10dbe38a92cc278170213a6f50b0d3d5288113ac.tar.gz |
[core] stricter parse of numerical digits
stricter parse of numerical digits for http status code, port num,
and a few other places. (stricter parse than that of strtol())
content ranges are still parsed more loosely at points of use
Diffstat (limited to 'src/mod_wstunnel.c')
-rw-r--r-- | src/mod_wstunnel.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/mod_wstunnel.c b/src/mod_wstunnel.c index 934f13cb..389cd7b4 100644 --- a/src/mod_wstunnel.c +++ b/src/mod_wstunnel.c @@ -443,7 +443,9 @@ static int wstunnel_is_allowed_origin(request_st * const r, handler_ctx * const static int wstunnel_check_request(request_st * const r, handler_ctx * const hctx) { const buffer * const vers = http_header_request_get(r, HTTP_HEADER_OTHER, CONST_STR_LEN("Sec-WebSocket-Version")); - const long hybivers = (NULL != vers) ? strtol(vers->ptr, NULL, 10) : 0; + const long hybivers = (NULL != vers) + ? light_isdigit(*vers->ptr) ? strtol(vers->ptr, NULL, 10) : -1 + : 0; if (hybivers < 0 || hybivers > INT_MAX) { DEBUG_LOG_ERR("%s", "invalid Sec-WebSocket-Version"); r->http_status = 400; /* Bad Request */ @@ -689,7 +691,7 @@ static int get_key_number(uint32_t *ret, const buffer *b) { } tmp[j] = '\0'; n = strtoul(tmp, NULL, 10); - if (n > UINT32_MAX || 0 == sp) return -1; + if (n > UINT32_MAX || 0 == sp || !light_isdigit(*tmp)) return -1; *ret = (uint32_t)n / sp; return 0; } |