From d85012c903de2c058b42e3f7b12fe08f00f06652 Mon Sep 17 00:00:00 2001 From: Andy Green Date: Tue, 12 Feb 2013 10:07:22 +0800 Subject: [PATCH] eliminate snprintf The two cases where I introduced snprintf are either already safe for buffer overflow or can be made so with one extra statement, allowing sprintf. Signed-off-by: Andy Green --- lib/client.c | 11 +++-------- lib/server-handshake.c | 13 +++++-------- 2 files changed, 8 insertions(+), 16 deletions(-) diff --git a/lib/client.c b/lib/client.c index c3fb2e8..397d4e5 100644 --- a/lib/client.c +++ b/lib/client.c @@ -710,8 +710,6 @@ libwebsockets_generate_client_handshake(struct libwebsocket_context *context, struct libwebsocket_extension *ext1; int ext_count = 0; #endif - static const char magic_websocket_guid[] = - "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"; /* * create the random key @@ -841,12 +839,9 @@ libwebsockets_generate_client_handshake(struct libwebsocket_context *context, /* prepare the expected server accept response */ -#ifdef WIN32 - n = _snprintf(buf, sizeof(buf), "%s%s", key_b64, magic_websocket_guid); -#else - n = snprintf(buf, sizeof(buf), "%s%s", key_b64, magic_websocket_guid); -#endif - buf[sizeof(buf) - 1] = '\0'; + key_b64[39] = '\0'; /* enforce composed length below buf sizeof */ + n = sprintf(buf, "%s258EAFA5-E914-47DA-95CA-C5AB0DC85B11", key_b64); + SHA1((unsigned char *)buf, n, (unsigned char *)hash); lws_b64_encode_string(hash, 20, diff --git a/lib/server-handshake.c b/lib/server-handshake.c index ba52037..627fb31 100644 --- a/lib/server-handshake.c +++ b/lib/server-handshake.c @@ -56,14 +56,11 @@ handshake_0405(struct libwebsocket_context *context, struct libwebsocket *wsi) goto bail; } - // TODO: Use a truly platform independent snprintf implementation isntead! http://www.ijs.si/software/snprintf/ maybe? - #ifdef WIN32 - n = _snprintf( - #else - n = snprintf( - #endif - (char *)context->service_buffer, - sizeof(context->service_buffer), + /* + * since key length is restricted above (currently 128), cannot + * overflow + */ + n = sprintf((char *)context->service_buffer, "%s258EAFA5-E914-47DA-95CA-C5AB0DC85B11", lws_hdr_simple_ptr(wsi, WSI_TOKEN_KEY)); -- 2.7.4