Skip to content

Commit 332cede

Browse files
mkochenoughmkochenough
committed
Replace strchr and strstr with safer variants
1 parent 58d34e4 commit 332cede

5 files changed

Lines changed: 57 additions & 17 deletions

File tree

src/Makefile.am

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@ pcap_http_analyzer_SOURCES = \
1212
print.h\
1313
tcp.h \
1414
tcp.cc \
15+
utils.h \
16+
util.cc \
1517
websocket.cc \
1618
websocket.h
1719
pcap_http_analyzer_CPPFLAGS = $(JSON_CFLAGS)

src/main.cc

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
#include "commparty.h"
1515
#include "print.h"
1616
#include "tcp.h"
17+
#include "util.h"
1718
#include "websocket.h"
1819

1920
using namespace std;
@@ -97,7 +98,7 @@ void printTimestamp(struct timeval tv) {
9798
void printHttpRequestTitle(const Buffer& buffer) {
9899
printf("ht ");
99100
const char* data = buffer.getData();
100-
const char* eol_char = strchr(data, '\r');
101+
const char* eol_char = strnchr(data, '\r', buffer.getLength());
101102

102103
if (!eol_char) {
103104
printf("DATA\n");
@@ -153,7 +154,7 @@ void handleHttpResponse(const Buffer& buffer) {
153154
printf("\n");
154155
const char* data = buffer.getData();
155156
int len = buffer.getLength();
156-
const char* bodySeparator = strstr(data, "\r\n\r\n");
157+
const char* bodySeparator = strnstr(data, "\r\n\r\n", len);
157158

158159
if (bodySeparator) {
159160
printIndented(4, data, bodySeparator - data);

src/print.cc

Lines changed: 1 addition & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -3,24 +3,10 @@
33
#endif /* HAVE_CONFIG_H */
44

55
#include "print.h"
6+
#include "util.h"
67

7-
#include <stdio.h>
8-
#include <stdlib.h>
98
#include <string.h>
109

11-
const char* strnchr(const char *str, size_t len, int character) {
12-
const char* end = str + len;
13-
char c = (char) character;
14-
15-
do {
16-
if (*str == c) {
17-
return str;
18-
}
19-
} while (++str < end);
20-
21-
return NULL;
22-
}
23-
2410
void printIndent(int indent) {
2511
for (int index = 0; index < indent; index++) {
2612
printf(" ");

src/util.cc

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
#include "util.h"
2+
3+
#include <string.h>
4+
5+
const char* strnchr(const char* str, size_t len, int character) {
6+
const char* end = str + len;
7+
char c = (char) character;
8+
9+
do {
10+
if (*str == c) {
11+
return str;
12+
}
13+
} while (++str < end);
14+
15+
return NULL;
16+
}
17+
18+
const char* strnstr(const char* str, const char* find, size_t len)
19+
{
20+
char c, sc;
21+
size_t flen;
22+
23+
if ((c = *find++) != '\0') {
24+
flen = strlen(find);
25+
26+
do {
27+
do {
28+
if (len-- < 1 || (sc = *str++) == '\0') {
29+
return NULL;
30+
}
31+
} while (sc != c);
32+
33+
if (flen > len) {
34+
return NULL;
35+
}
36+
} while (strncmp(str, find, flen) != 0);
37+
38+
str--;
39+
}
40+
41+
return ((char*) str);
42+
}

src/util.h

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
#ifndef __UTIL_H__
2+
#define __UTIL_H__
3+
4+
#include <stdlib.h>
5+
6+
const char* strnchr(const char* str, size_t len, int character);
7+
const char* strnstr(const char* str, const char* find, size_t len);
8+
9+
#endif /* __UTIL_H__ */

0 commit comments

Comments
 (0)