commit 3ee9b310549d3eb75832985fad0d45b85551b117
author Andy Green <andy.green@linaro.org> Tue Feb 12 12:52:39 2013 +0800
committer Andy Green <andy.green@linaro.org> Tue Feb 12 12:55:40 2013 +0800
tree 3cb5b199f6df9097f5d90de5014dd65493dd45d7
parent d579a7d89a46d67042cd02845df08d801e47aa4c

security harden http parser a bit

Drop the connection during parsing for a few more cases that can't be legit.

Take care about trying to free rxflow_buffer only if we reached a connmode
where it exists

Change behaviour on setting unknown HTTP method to kill connection

Signed-off-by: Andy Green <andy.green@linaro.org>

lib/libwebsockets.c

diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c
index 6afec96..629f13b 100644
--- a/lib/libwebsockets.c
+++ b/lib/libwebsockets.c
@@ -343,9 +343,16 @@
 
 	if ((old_state == WSI_STATE_ESTABLISHED ||
 	     wsi->mode == LWS_CONNMODE_WS_SERVING ||
-	     wsi->mode == LWS_CONNMODE_WS_CLIENT) && wsi->u.ws.rx_user_buffer) {
-		free(wsi->u.ws.rx_user_buffer);
-		wsi->u.ws.rx_user_buffer = NULL;
+	     wsi->mode == LWS_CONNMODE_WS_CLIENT)) {
+
+		if (wsi->u.ws.rx_user_buffer) {
+			free(wsi->u.ws.rx_user_buffer);
+			wsi->u.ws.rx_user_buffer = NULL;
+		}
+		if (wsi->u.ws.rxflow_buffer) {
+			free(wsi->u.ws.rxflow_buffer);
+			wsi->u.ws.rxflow_buffer = NULL;
+		}
 	}
 
 	/* tell the user it's all over for this guy */
@@ -389,9 +396,6 @@
 	}
 #endif
 
-	if (wsi->u.ws.rxflow_buffer)
-		free(wsi->u.ws.rxflow_buffer);
-
 /*	lwsl_info("closing fd=%d\n", wsi->sock); */
 
 #ifdef LWS_OPENSSL_SUPPORT