security harden http parser a bit
Drop the connection during parsing for a few more cases that can't be legit.
Take care about trying to free rxflow_buffer only if we reached a connmode
where it exists
Change behaviour on setting unknown HTTP method to kill connection
Signed-off-by: Andy Green <andy.green@linaro.org>
diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c
index 6afec96..629f13b 100644
--- a/lib/libwebsockets.c
+++ b/lib/libwebsockets.c
@@ -343,9 +343,16 @@
if ((old_state == WSI_STATE_ESTABLISHED ||
wsi->mode == LWS_CONNMODE_WS_SERVING ||
- wsi->mode == LWS_CONNMODE_WS_CLIENT) && wsi->u.ws.rx_user_buffer) {
- free(wsi->u.ws.rx_user_buffer);
- wsi->u.ws.rx_user_buffer = NULL;
+ wsi->mode == LWS_CONNMODE_WS_CLIENT)) {
+
+ if (wsi->u.ws.rx_user_buffer) {
+ free(wsi->u.ws.rx_user_buffer);
+ wsi->u.ws.rx_user_buffer = NULL;
+ }
+ if (wsi->u.ws.rxflow_buffer) {
+ free(wsi->u.ws.rxflow_buffer);
+ wsi->u.ws.rxflow_buffer = NULL;
+ }
}
/* tell the user it's all over for this guy */
@@ -389,9 +396,6 @@
}
#endif
- if (wsi->u.ws.rxflow_buffer)
- free(wsi->u.ws.rxflow_buffer);
-
/* lwsl_info("closing fd=%d\n", wsi->sock); */
#ifdef LWS_OPENSSL_SUPPORT