Merge pull request 'Fix HTTP header leakage' (#39) from lda/Cytoplasm:fix-duplicate-leak into master

Reviewed-on: Telodendria/Cytoplasm#39

include/Cytoplasm/Cytoplasm.h

@@ -33,7 +33,8 @@
 #define CYTOPLASM_VERSION_BETA 0
 #define CYTOPLASM_VERSION_STABLE (!CYTOPLASM_VERSION_ALPHA && !CYTOPLASM_VERSION_BETA)
 
-#define STRINGIFY(x) #x
+#define XSTRINGIFY(x) #x
+#define STRINGIFY(x) XSTRINGIFY(x)
 
 /***
  * @Nm Cytoplasm

src/Db.c

@@ -218,19 +218,38 @@ DbHashKey(Array * args)
     return str;
 }
 
+static char
+DbSanitiseChar(char input)
+{
+    switch (input)
+    {
+        case '/':
+            return '_';
+        case '.':
+            return '-';
+    }
+    return input;
+}
+
 static char *
 DbDirName(Db * db, Array * args, size_t strip)
 {
-    size_t i;
+    size_t i, j;
     char *str = StrConcat(2, db->dir, "/");
 
     for (i = 0; i < ArraySize(args) - strip; i++)
     {
         char *tmp;
+        char *sanitise = StrDuplicate(ArrayGet(args, i));
+        for (j = 0; j < strlen(sanitise); j++)
+        {
+            sanitise[j] = DbSanitiseChar(sanitise[j]);
+        }
 
-        tmp = StrConcat(3, str, ArrayGet(args, i), "/");
+        tmp = StrConcat(3, str, sanitise, "/");
 
         Free(str);
+        Free(sanitise);
 
         str = tmp;
     }
@@ -253,17 +272,7 @@ DbFileName(Db * db, Array * args)
         /* Sanitize name to prevent directory traversal attacks */
         while (arg[j])
         {
-            switch (arg[j])
-            {
-                case '/':
-                    arg[j] = '_';
-                    break;
-                case '.':
-                    arg[j] = '-';
-                    break;
-                default:
-                    break;
-            }
+            arg[j] = DbSanitiseChar(arg[j]);
             j++;
         }
 

src/Http.c

@@ -621,7 +621,7 @@ HttpParseHeaders(Stream * fp)
 
         strncpy(headerValue, headerPtr, len);
 
-        HashMapSet(headers, headerKey, headerValue);
+        Free(HashMapSet(headers, headerKey, headerValue));
         Free(headerKey);
     }
 

src/Tls/TlsOpenSSL.c

@@ -71,14 +71,6 @@ TlsInitClient(int fd, const char *serverName)
     OpenSSLCookie *cookie;
     char errorStr[256];
 
-    /*
-     * TODO: Seems odd that this isn't needed to make the
-     * connection... we should figure out how to verify the
-     * certificate matches the server we think we're
-     * connecting to.
-     */
-    (void) serverName;
-
     cookie = Malloc(sizeof(OpenSSLCookie));
     if (!cookie)
     {
@@ -89,12 +81,14 @@ TlsInitClient(int fd, const char *serverName)
 
     cookie->method = TLS_client_method();
     cookie->ctx = SSL_CTX_new(cookie->method);
+    cookie->fd = fd;
     if (!cookie->ctx)
     {
         goto error;
     }
 
     cookie->ssl = SSL_new(cookie->ctx);
+    SSL_set_tlsext_host_name(cookie->ssl, serverName);
     if (!cookie->ssl)
     {
         goto error;
@@ -295,9 +289,7 @@ TlsClose(void *cookie)
     SSL_free(ssl->ssl);
     SSL_CTX_free(ssl->ctx);
 
-#if 0
     close(ssl->fd);
-#endif
 
     Free(ssl);