Azreyo/Carbon
1
1
Fork 0
Code Actions Packages Projects Releases Wiki Activity

Validate input parameters and enhance error handling in configuration loading, task queue management, SSL initialization, and WebSocket handshake processes.

Browse Source
This commit is contained in:
Azreyo
2025-10-31 16:10:00 +01:00
parent 72df6a73fc
commit 2fc7edf37d
4 changed files with 51 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/config_parser.c
View File

@@ -93,6 +93,12 @@ static ConfigKey get_config_key(const char *key)
int load_config(const char *filename, ServerConfig *config) int load_config(const char *filename, ServerConfig *config)
{ {
if (!filename || strlen(filename) > 4096)
{
fprintf(stderr, "Invalid config filename\n");
return 1;
}
FILE *fp = fopen(filename, "r"); FILE *fp = fopen(filename, "r");
if (!fp) if (!fp)
{ {

5
src/performance.c
View File

@@ -38,6 +38,11 @@ void init_task_queue(task_queue_t *queue)
void enqueue_task(task_queue_t *queue, int socket_fd, SSL *ssl, bool is_https) void enqueue_task(task_queue_t *queue, int socket_fd, SSL *ssl, bool is_https)
{ {
if (queue->count >= INT_MAX - 1)
{
return;
}
connection_task_t *task = malloc(sizeof(connection_task_t)); connection_task_t *task = malloc(sizeof(connection_task_t));
if (!task) if (!task)
return; return;

33
src/server.c
View File

@@ -137,13 +137,13 @@ int check_rate_limit(const char *ip);
void initialize_openssl() void initialize_openssl()
{ {
if (!SSL_library_init()) #if OPENSSL_VERSION_NUMBER < 0x10100000L
{ SSL_library_init();
perror(BOLD RED "Error initializing OpenSSL library" RESET);
exit(EXIT_FAILURE);
}
SSL_load_error_strings(); SSL_load_error_strings();
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
#else
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
#endif
} }
void cleanup_openssl() void cleanup_openssl()
@@ -153,7 +153,9 @@ void cleanup_openssl()
SSL_CTX_free(ssl_ctx); SSL_CTX_free(ssl_ctx);
ssl_ctx = NULL; ssl_ctx = NULL;
} }
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_cleanup(); EVP_cleanup();
#endif
} }
SSL_CTX *create_ssl_context() SSL_CTX *create_ssl_context()
@@ -180,11 +182,20 @@ void configure_ssl_context(SSL_CTX *ctx)
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
if (SSL_CTX_set_cipher_list(ctx, "HIGH: !aNULL: !MD5") != 1)
const char *cipher_list = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:"
"TLS_AES_128_GCM_SHA256:" // TLS 1.3
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:"
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:"
"!aNULL:!eNULL:!EXPORT:!DES:!3DES:!RC4:!MD5:!PSK:!CBC";
if (SSL_CTX_set_cipher_list(ctx, cipher_list) != 1)
{ {
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
// Enable HTTP/2 ALPN if configured // Enable HTTP/2 ALPN if configured
if (config.enable_http2) if (config.enable_http2)
@@ -934,9 +945,17 @@ void *handle_https_client(void *arg)
} }
char filepath[512]; char filepath[512];
snprintf(filepath, sizeof(filepath), "%s%s", config.www_path, int written = snprintf(filepath, sizeof(filepath), "%s%s", config.www_path,
(*sanitized_url == '/' && sanitized_url[1] == '\0') ? "/index.html" : sanitized_url); (*sanitized_url == '/' && sanitized_url[1] == '\0') ? "/index.html" : sanitized_url);
free(sanitized_url); free(sanitized_url);
if (written < 0 || written >= (int)sizeof(filepath))
{
log_event("Path too long, potential buffer overflow attempt (HTTPS)");
const char *error_response = "HTTP/1.1 414 URI Too Long\r\n\r\n";
SSL_write(ssl, error_response, strlen(error_response));
goto cleanup;
}
log_event("Filepath:"); log_event("Filepath:");
log_event(filepath); log_event(filepath);

17
src/websocket.c
View File

@@ -38,7 +38,12 @@ static char *base64_encode(const unsigned char *input, int length)
char *ws_generate_accept_key(const char *client_key) char *ws_generate_accept_key(const char *client_key)
{ {
char combined[256]; char combined[256];
snprintf(combined, sizeof(combined), "%s%s", client_key, WS_GUID); int written = snprintf(combined, sizeof(combined), "%s%s", client_key, WS_GUID);
if (written < 0 || written >= (int)sizeof(combined))
{
return NULL;
}
unsigned char hash[SHA_DIGEST_LENGTH]; unsigned char hash[SHA_DIGEST_LENGTH];
SHA1((unsigned char *)combined, strlen(combined), hash); SHA1((unsigned char *)combined, strlen(combined), hash);
@@ -68,7 +73,7 @@ int ws_handle_handshake(int client_socket, const char *request, char *response,
char client_key[256]; char client_key[256];
size_t key_len = key_end - key_start; size_t key_len = key_end - key_start;
if (key_len >= sizeof(client_key)) if (key_len >= sizeof(client_key) || key_len == 0 || key_len > 1024)
{ {
return -1; return -1;
} }
@@ -83,7 +88,7 @@ int ws_handle_handshake(int client_socket, const char *request, char *response,
} }
// Create handshake response // Create handshake response
snprintf(response, response_size, int written = snprintf(response, response_size,
"HTTP/1.1 101 Switching Protocols\r\n" "HTTP/1.1 101 Switching Protocols\r\n"
"Upgrade: websocket\r\n" "Upgrade: websocket\r\n"
"Connection: Upgrade\r\n" "Connection: Upgrade\r\n"
@@ -92,6 +97,12 @@ int ws_handle_handshake(int client_socket, const char *request, char *response,
accept_key); accept_key);
free(accept_key); free(accept_key);
if (written < 0 || written >= (int)response_size)
{
return -1;
}
return 0; return 0;
} }