Bug Fix: Fix hardening issues as spotted on #115

This commit fixes two hardening issues found by @BrendonIrwan:
1) Wrong casts to (char*)

2) Wrong return code for tws_receiveframe(): since a frame
can be up to 64-bit size, the 'int' type is unable to hold
the entire result value. The fix is simple: this function
now returns an 'uint64_t' and accepts an additinal
'int *err' parameter, which will be set to signal if
the operation was successful or not.

Author: Theldus

.gitignore

@@ -14,6 +14,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>
 
 # Ignore object files, executables and the library.
+*~
 *.o
 *.a
 ws_file

Makefile

@@ -27,6 +27,17 @@ AFL_FUZZ ?= no
 VERBOSE_EXAMPLES ?= yes
 VALIDATE_UTF8 ?= yes
 
+# Compiler base and security warning options.
+CFLAGS += -g -std=c2x -Wall -Wextra -Wpedantic -Warray-bounds=2 \
+		-Wcast-qual -Wformat-overflow=2 -Wformat-truncation=2 -Wformat=2 \
+		-Wnull-dereference -Wshift-overflow=2 -Wstack-protector \
+		-Wstringop-overflow=4 -Wtrampolines -Wvla
+# Compiler hardening options.
+CFLAGS += -fPIE -fsanitize-undefined-trap-on-error -fsanitize=undefined \
+		-fstack-clash-protection -fstack-protector-strong
+# Preprocessor hardening options.
+CFLAGS += -D_FORTIFY_SOURCE=3
+
 # Prefix
 ifeq ($(PREFIX),)
     PREFIX := /usr/local

examples/echo/echo.c

@@ -105,7 +105,7 @@ void onmessage(ws_cli_conn_t client,
 	 *   ws_sendframe_bin()
 	 *   ws_sendframe_bin_bcast()
 	 */
-	ws_sendframe_bcast(8080, (char *)msg, size, type);
+	ws_sendframe_bcast(8080, (const char*)msg, size, type);
 }
 
 /**

extra/toyws/README.md

@@ -63,8 +63,8 @@ Returns 0 if success, otherwise, a negative number.
 ---
 
 ```c
-int tws_receiveframe(struct tws_ctx *ctx, char **buff, size_t *buff_size,
-    int *frm_type);
+uint64_t tws_receiveframe(struct tws_ctx *ctx, char **buff, size_t *buff_size,
+    int *frm_type, int *err);
 ```
 Receive a frame and save it on `buff`.
 
@@ -89,7 +89,11 @@ points to NULL, `*buff_size` must be equals to 0.
 Frame type read. The frame type received will be reflected into the contents of
 this pointer.
 
-**Return**: Returns 0 if success, a negative number otherwise.
+**`err`:**
+
+Output error code. Set to a negative value on error, 0 on success.
+
+**Return**: Returns frame length on success, 0 on error (check `*err`).
 
 **Note**:
 
@@ -114,10 +118,12 @@ int main(void)
     char msg[] = "Hello";
 
     /* Buffer/frame params. */
+    int err;
     char *buff;
     int frm_type;
     size_t buff_size;
 
+    err       = 0;
     buff      = NULL;
     buff_size = 0;
     frm_type  = 0;
@@ -131,7 +137,8 @@ int main(void)
             "Success" : "Failed"));
 
     /* Blocks until receive a single message. */
-    if (tws_receiveframe(&ctx, &buff, &buff_size, &frm_type) < 0)
+    tws_receiveframe(&ctx, &buff, &buff_size, &frm_type, &err);
+    if (err < 0)
         fprintf(stderr, "Unable to receive message!\n");
 
     printf("I received: (%s) (type: %s)\n", buff,

extra/toyws/toyws.c

@@ -317,12 +317,12 @@ static int skip_frame(struct tws_ctx *ctx, uint64_t frame_size)
  * @param buff Buffer pointer.
  * @param buff_size Buffer size.
  * @param frm_type Frame type received.
+ * @param err Output error code: set to a negative value on error, 0 on success.
  *
- * @return Returns frame length if success, a negative number
- * otherwise.
+ * @return Returns frame length if success, 0 on error (check @p err).
  */
-int tws_receiveframe(struct tws_ctx *ctx, char **buff,
-	size_t *buff_size, int *frm_type)
+uint64_t tws_receiveframe(struct tws_ctx *ctx, char **buff,
+	size_t *buff_size, int *frm_type, int *err)
 {
 	int ret;
 	char *buf;
@@ -331,9 +331,14 @@ int tws_receiveframe(struct tws_ctx *ctx, char **buff,
 	uint8_t opcode;
 	uint64_t frame_length;
 
+	if (err)
+		*err = 0;
+
 	/* Buffer should be valid. */
-	if (!buff || (*buff && !buff_size))
-		return (-1);
+	if (!buff || (*buff && !buff_size)) {
+		if (err) *err = -1;
+		return (0);
+	}
 
 	ret = 0;
 	cur_byte = next_byte(ctx, &ret);
@@ -343,7 +348,8 @@ int tws_receiveframe(struct tws_ctx *ctx, char **buff,
 	if (opcode == FRM_CLSE)
 	{
 		tws_close(ctx);
-		return (-1);
+		if (err) *err = -1;
+		return (0);
 	}
 
 	frame_length = next_byte(ctx, &ret) & 0x7F;
@@ -369,23 +375,29 @@ int tws_receiveframe(struct tws_ctx *ctx, char **buff,
 	}
 
 	/* Check if any error before proceed. */
-	if (ret)
-		return (ret);
+	if (ret) {
+		if (err) *err = ret;
+		return (0);
+	}
 
 	/*
 	 * If frame is something other than CLSE and TXT/BIN (like PONG
 	 * or CONT), skip.
 	 */
 	if (opcode != FRM_TXT && opcode != FRM_BIN)
-		if (skip_frame(ctx, frame_length) < 0)
-			return (-1);
+		if (skip_frame(ctx, frame_length) < 0) {
+			if (err) *err = -1;
+			return (0);
+		}
 
-	/* Allocate memory, if needed. */
-	if (*buff_size < frame_length)
+	/* Allocate memory, if needed (+1 for null terminator, covers 0-length frames). */
+	if (*buff_size < frame_length + 1)
 	{
 		buf = realloc(*buff, frame_length + 1);
-		if (!buf)
-			return (-1);
+		if (!buf) {
+			if (err) *err = -1;
+			return (0);
+		}
 		*buff = buf;
 		*buff_size = frame_length + 1;
 	}
@@ -396,8 +408,10 @@ int tws_receiveframe(struct tws_ctx *ctx, char **buff,
 	for (i = 0; i < frame_length; i++, buf++)
 	{
 		cur_byte = next_byte(ctx, &ret);
-		if (cur_byte < 0)
-			return (ret == 0 ? frame_length : ret);
+		if (cur_byte < 0) {
+			if (err) *err = ret;
+			return (ret == 0 ? frame_length : 0);
+		}
 
 		*buf = cur_byte;
 	}
@@ -406,5 +420,6 @@ int tws_receiveframe(struct tws_ctx *ctx, char **buff,
 	/* Fill other infos. */
 	*frm_type = opcode;
 
-	return (ret == 0 ? frame_length : ret);
+	if (err) *err = ret;
+	return (ret == 0 ? frame_length : 0);
 }

extra/toyws/toyws.h

@@ -53,8 +53,8 @@ extern "C" {
 	extern void tws_close(struct tws_ctx *ctx);
 	extern int tws_sendframe(struct tws_ctx *ctx, uint8_t *msg,
 		uint64_t size, int type);
-	extern int tws_receiveframe(struct tws_ctx *ctx, char **buff,
-		size_t *buff_size, int *frm_type);
+	extern uint64_t tws_receiveframe(struct tws_ctx *ctx, char **buff,
+		size_t *buff_size, int *frm_type, int *err);
 
 #ifdef __cplusplus
 }

extra/toyws/tws_test.c

@@ -26,10 +26,12 @@ int main(void)
 	char msg[] = "Hello";
 
 	/* Buffer params. */
+	int err;
 	char *buff;
 	int frm_type;
 	size_t buff_size;
 
+	err       = 0;
 	buff      = NULL;
 	buff_size = 0;
 	frm_type  = 0;
@@ -43,7 +45,8 @@ int main(void)
 			"Success" : "Failed"));
 
 	/* Blocks until receive a single message. */
-	if (tws_receiveframe(&ctx, &buff, &buff_size, &frm_type) < 0)
+	tws_receiveframe(&ctx, &buff, &buff_size, &frm_type, &err);
+	if (err < 0)
 		fprintf(stderr, "Unable to receive message!\n");
 
 	printf("I received: (%s) (type: %s)\n", buff,

src/handshake.c

@@ -82,12 +82,12 @@ int get_handshake_accept(char *wsKey, unsigned char **dest)
  * @returns If found, returns a pointer at the beginning of the
  * found substring. Otherwise, returns NULL.
  */
-static char *strstricase(const char *haystack, const char *needle)
+static const char *strstricase(const char *haystack, const char *needle)
 {
 	size_t length;
 	for (length = strlen(needle); *haystack; haystack++)
 		if (!strncasecmp(haystack, needle, length))
-			return (char*)haystack;
+			return haystack;
 	return (NULL);
 }