Bugfix for onion_websocket_vprintf and onion_websocket_write #276
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit resolves two bugs: 1. Return value of onion_websocket_write was not correct in all cases. 2. onion_websocket_vprintf uses va_list-variable twice if internal buffer is too small. (Every variable argument list can only be used one time.) My changes are oriented to onion_response_vprintf, which already resolves the problem. The next commit will contain a modification of the websocket-example which triggers bug 2.
Without the previous commit the line onion_websocket_printf(ws, "Long string: %s", long_string) will trigger access on uninitialised bytes. The va_list argument points on the wrong position. ==241250== Syscall param write(buf) points to uninitialised byte(s) ==241250== at 0x54AF2CF: __libc_write (write.c:26) ==241250== by 0x54AF2CF: write (write.c:24) ==241250== by 0x165F0759: onion_http_write (http.c:102) ==241250== by 0x165F0F3D: onion_websocket_write (websocket.c:239) ==241250== by 0x165F1386: onion_websocket_vprintf (websocket.c:334) ==241250== by 0x165F1486: onion_websocket_printf (websocket.c:355)
|
Hi, thanks a lot. I had no time to review it yet. As soon as I review it I will tell you something. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello Mr. Moreno,
I've spotted a problem with 'onion_websocket_write'. This function will used it's argument 'va_list args' twice, but the pointer in the second call will be wrong.
I've found a similar function structure in 'onion_response_vprintf' and copied the solution (va_copy) given there.
The remove of '-1' in the first vsnprintf-call is also adapted from there.
The first commit of this pull request resolves the issue and the problem noted in #275.
The second commit just contains changes to trigger the bug with the example application websocket.c
Other double usages of va_list was not found in 'onion/src'.
Regards Olaf Schulz