fix possible buffer overrun in websocket uri and sync the ws.c between sofia and…

fix possible buffer overrun in websocket uri and sync the ws.c between sofia and verto (missing code from last commit)

fix possible buffer overrun in websocket uri and sync the ws.c between sofia and…
fix possible buffer overrun in websocket uri and sync the ws.c between sofia and verto (missing code from last commit)
9e72c847 · Anthony Minessale · e8d68668 · 9e72c847 · 9e72c847 · 9e72c847
--- a/libs/sofia-sip/.update
+++ b/libs/sofia-sip/.update
-Tue Sep 23 20:16:55 CDT 2014
+Wed Sep 24 01:09:42 CDT 2014
--- a/libs/sofia-sip/libsofia-sip-ua/tport/ws.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/ws.c
@@ -241,7 +241,6 @@ int ws_handshake(wsh_t *wsh)
 	char version[5] = "";
 	char proto[256] = "";
 	char proto_buf[384] = "";
-	char uri[256] = "";
 	char input[256] = "";
 	unsigned char output[SHA1_HASH_SIZE] = "";
 	char b64[256] = "";
@@ -277,7 +276,9 @@ int ws_handshake(wsh_t *wsh)
 		goto err;
 	}
-	strncpy(uri, p, e-p);
+	wsh->uri = malloc((e-p) + 1);
+	strncpy(wsh->uri, p, e-p);
+	*(wsh->uri + (e-p)) = '\0';
 	cheezy_get_var(wsh->buffer, "Sec-WebSocket-Key", key, sizeof(key));
 	cheezy_get_var(wsh->buffer, "Sec-WebSocket-Version", version, sizeof(version));
@@ -615,6 +616,11 @@ ssize_t ws_close(wsh_t *wsh, int16_t reason)
 	wsh->down = 1;
+	if (wsh->uri) {
+		free(wsh->uri);
+		wsh->uri = NULL;
+	}
 	if (reason && wsh->sock != ws_sock_invalid) {
 		uint16_t *u16;
 		uint8_t fr[4] = {WSOC_CLOSE | 0x80, 2, 0};

--- a/libs/sofia-sip/libsofia-sip-ua/tport/ws.h
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/ws.h
@@ -72,6 +72,7 @@ typedef struct wsh_s {
 	ws_socket_t sock;
 	char buffer[65536];
 	char wbuffer[65536];
+	char *uri;
 	size_t buflen;
 	ssize_t datalen;
 	ssize_t wdatalen;

--- a/src/mod/endpoints/mod_verto/ws.c
+++ b/src/mod/endpoints/mod_verto/ws.c
@@ -241,7 +241,6 @@ int ws_handshake(wsh_t *wsh)
 	char version[5] = "";
 	char proto[256] = "";
 	char proto_buf[384] = "";
-	char uri[256] = "";
 	char input[256] = "";
 	unsigned char output[SHA1_HASH_SIZE] = "";
 	char b64[256] = "";
@@ -277,7 +276,9 @@ int ws_handshake(wsh_t *wsh)
 		goto err;
 	}
-	strncpy(uri, p, e-p);
+	wsh->uri = malloc((e-p) + 1);
+	strncpy(wsh->uri, p, e-p);
+	*(wsh->uri + (e-p)) = '\0';
 	cheezy_get_var(wsh->buffer, "Sec-WebSocket-Key", key, sizeof(key));
 	cheezy_get_var(wsh->buffer, "Sec-WebSocket-Version", version, sizeof(version));
@@ -615,6 +616,11 @@ ssize_t ws_close(wsh_t *wsh, int16_t reason)
 	wsh->down = 1;
+	if (wsh->uri) {
+		free(wsh->uri);
+		wsh->uri = NULL;
+	}
 	if (reason && wsh->sock != ws_sock_invalid) {
 		uint16_t *u16;
 		uint8_t fr[4] = {WSOC_CLOSE | 0x80, 2, 0};

--- a/src/mod/endpoints/mod_verto/ws.h
+++ b/src/mod/endpoints/mod_verto/ws.h
@@ -72,6 +72,7 @@ typedef struct wsh_s {
 	ws_socket_t sock;
 	char buffer[65536];
 	char wbuffer[65536];
+	char *uri;
 	size_t buflen;
 	ssize_t datalen;
 	ssize_t wdatalen;