protocol: fix host origin checking

Thanks @ben365 (#75)
2025-12-23 04:14:18 +01:00 · 2017-10-24 20:24:51 +08:00
parent 7a25074b4f
commit 784ac09f05
2 changed files with 22 additions and 15 deletions
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -60,22 +60,29 @@ check_host_origin(struct lws *wsi) {
    char buf[origin_length + 1];
    memset(buf, 0, sizeof(buf));
    int len = lws_hdr_copy(wsi, buf, sizeof(buf), WSI_TOKEN_ORIGIN);
-    if (len > 0) {
+    if (len <= 0) {
+        return false;
+    }
+
    const char *prot, *address, *path;
    int port;
    if (lws_parse_uri(buf, &prot, &address, &port, &path))
        return false;
+    if (port == 80 || port == 443) {
+        sprintf(buf, "%s", address);
+    } else {
        sprintf(buf, "%s:%d", address, port);
+    }
+
    int host_length = lws_hdr_total_length(wsi, WSI_TOKEN_HOST);
    if (host_length != strlen(buf))
        return false;
    char host_buf[host_length + 1];
    memset(host_buf, 0, sizeof(host_buf));
    len = lws_hdr_copy(wsi, host_buf, sizeof(host_buf), WSI_TOKEN_HOST);
+
    return len > 0 && strcasecmp(buf, host_buf) == 0;
 }
-    return false;
-}

 void
 tty_client_remove(struct tty_client *client) {
--- a/src/server.c
+++ b/src/server.c
@@ -270,7 +270,7 @@ main(int argc, char **argv) {
                }
                break;
            case 'i':
-                strncpy(iface, optarg, sizeof(iface));
+                strncpy(iface, optarg, sizeof(iface) - 1);
                iface[sizeof(iface) - 1] = '\0';
                break;
            case 'c':