yeahwhatever
commented
12 years ago To make this a big easier to search for, this will fix 501 Unsupported Method 'G' in sslsniff.
Open yeahwhatever opened 12 years ago
yeahwhatever
commented
12 years ago To make this a big easier to search for, this will fix 501 Unsupported Method 'G' in sslsniff.
jethrogb
commented
12 years ago More robust fix for what is actually a buffer overrun:
--- sslsniff-0.8-ref/http/HttpHeaders.cpp 2010-03-10 15:06:26.000000000 -0800
+++ sslsniff-0.8/http/HttpHeaders.cpp 2012-11-01 20:26:48.935118000 -0700
@@ -57,7 +57,7 @@
if (foundCr && foundLf) {
foundCr = 0;
foundLf = 0;
- *offset = i;
+ *offset = i+1;
return 1;
}
}
@@ -89,14 +89,14 @@
int offset = 0;
int complete = readLine(buffer, &offset, length);
- action.append(buffer, offset+1);
+ action.append(buffer, offset);
if (complete) {
parseAction();
this->state = READING_KEY;
}
- return offset + 1;
+ return offset;
}
int HttpHeaders::readValue(char *buffer, int offset, int length) {
@@ -115,7 +115,7 @@
this->value.clear();
}
- return eolOffset + 1;
+ return eolOffset;
}
int HttpHeaders::readKey(char *buffer, int offset, int length) {
... = 1, when readLine completes offset will also be 1. If we then try to append append(buffer, 2), we'll get a null char in our action, which will cause the SSL_write in HTTPSBridge.cpp to terminate early.
Tested on ubuntu 11.04 with linux 2.6.35.