Validate input parameters and enhance error handling in configuration loading, task queue management, SSL initialization, and WebSocket handshake processes.
This commit is contained in:
@@ -93,6 +93,12 @@ static ConfigKey get_config_key(const char *key)
|
||||
|
||||
int load_config(const char *filename, ServerConfig *config)
|
||||
{
|
||||
if (!filename || strlen(filename) > 4096)
|
||||
{
|
||||
fprintf(stderr, "Invalid config filename\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
FILE *fp = fopen(filename, "r");
|
||||
if (!fp)
|
||||
{
|
||||
|
||||
@@ -38,6 +38,11 @@ void init_task_queue(task_queue_t *queue)
|
||||
|
||||
void enqueue_task(task_queue_t *queue, int socket_fd, SSL *ssl, bool is_https)
|
||||
{
|
||||
if (queue->count >= INT_MAX - 1)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
connection_task_t *task = malloc(sizeof(connection_task_t));
|
||||
if (!task)
|
||||
return;
|
||||
|
||||
33
src/server.c
33
src/server.c
@@ -137,13 +137,13 @@ int check_rate_limit(const char *ip);
|
||||
|
||||
void initialize_openssl()
|
||||
{
|
||||
if (!SSL_library_init())
|
||||
{
|
||||
perror(BOLD RED "Error initializing OpenSSL library" RESET);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
OpenSSL_add_all_algorithms();
|
||||
#else
|
||||
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
|
||||
#endif
|
||||
}
|
||||
|
||||
void cleanup_openssl()
|
||||
@@ -153,7 +153,9 @@ void cleanup_openssl()
|
||||
SSL_CTX_free(ssl_ctx);
|
||||
ssl_ctx = NULL;
|
||||
}
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
EVP_cleanup();
|
||||
#endif
|
||||
}
|
||||
|
||||
SSL_CTX *create_ssl_context()
|
||||
@@ -180,12 +182,21 @@ void configure_ssl_context(SSL_CTX *ctx)
|
||||
ERR_print_errors_fp(stderr);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
if (SSL_CTX_set_cipher_list(ctx, "HIGH: !aNULL: !MD5") != 1)
|
||||
|
||||
const char *cipher_list = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:"
|
||||
"TLS_AES_128_GCM_SHA256:" // TLS 1.3
|
||||
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:"
|
||||
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:"
|
||||
"!aNULL:!eNULL:!EXPORT:!DES:!3DES:!RC4:!MD5:!PSK:!CBC";
|
||||
|
||||
if (SSL_CTX_set_cipher_list(ctx, cipher_list) != 1)
|
||||
{
|
||||
ERR_print_errors_fp(stderr);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
|
||||
|
||||
// Enable HTTP/2 ALPN if configured
|
||||
if (config.enable_http2)
|
||||
{
|
||||
@@ -934,9 +945,17 @@ void *handle_https_client(void *arg)
|
||||
}
|
||||
|
||||
char filepath[512];
|
||||
snprintf(filepath, sizeof(filepath), "%s%s", config.www_path,
|
||||
int written = snprintf(filepath, sizeof(filepath), "%s%s", config.www_path,
|
||||
(*sanitized_url == '/' && sanitized_url[1] == '\0') ? "/index.html" : sanitized_url);
|
||||
free(sanitized_url);
|
||||
|
||||
if (written < 0 || written >= (int)sizeof(filepath))
|
||||
{
|
||||
log_event("Path too long, potential buffer overflow attempt (HTTPS)");
|
||||
const char *error_response = "HTTP/1.1 414 URI Too Long\r\n\r\n";
|
||||
SSL_write(ssl, error_response, strlen(error_response));
|
||||
goto cleanup;
|
||||
}
|
||||
log_event("Filepath:");
|
||||
log_event(filepath);
|
||||
|
||||
|
||||
@@ -38,7 +38,12 @@ static char *base64_encode(const unsigned char *input, int length)
|
||||
char *ws_generate_accept_key(const char *client_key)
|
||||
{
|
||||
char combined[256];
|
||||
snprintf(combined, sizeof(combined), "%s%s", client_key, WS_GUID);
|
||||
int written = snprintf(combined, sizeof(combined), "%s%s", client_key, WS_GUID);
|
||||
|
||||
if (written < 0 || written >= (int)sizeof(combined))
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
unsigned char hash[SHA_DIGEST_LENGTH];
|
||||
SHA1((unsigned char *)combined, strlen(combined), hash);
|
||||
@@ -68,7 +73,7 @@ int ws_handle_handshake(int client_socket, const char *request, char *response,
|
||||
|
||||
char client_key[256];
|
||||
size_t key_len = key_end - key_start;
|
||||
if (key_len >= sizeof(client_key))
|
||||
if (key_len >= sizeof(client_key) || key_len == 0 || key_len > 1024)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
@@ -83,7 +88,7 @@ int ws_handle_handshake(int client_socket, const char *request, char *response,
|
||||
}
|
||||
|
||||
// Create handshake response
|
||||
snprintf(response, response_size,
|
||||
int written = snprintf(response, response_size,
|
||||
"HTTP/1.1 101 Switching Protocols\r\n"
|
||||
"Upgrade: websocket\r\n"
|
||||
"Connection: Upgrade\r\n"
|
||||
@@ -92,6 +97,12 @@ int ws_handle_handshake(int client_socket, const char *request, char *response,
|
||||
accept_key);
|
||||
|
||||
free(accept_key);
|
||||
|
||||
if (written < 0 || written >= (int)response_size)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user