aboutsummaryrefslogtreecommitdiff
path: root/src/http.c
diff options
context:
space:
mode:
authorfrosty <gabriel@bwaaa.monster>2026-03-10 01:30:21 -0400
committerfrosty <gabriel@bwaaa.monster>2026-03-10 01:30:21 -0400
commit71e17cb15bdddf1a2c8e209446b4e353be246ddd (patch)
tree08042be13e3b50130a152a5a11c783c111a71a19 /src/http.c
parent2f305c8f9c5c9ae28e839500ffa1854948c56928 (diff)
downloadbeaker-71e17cb15bdddf1a2c8e209446b4e353be246ddd.tar.gz
fix: path traversal and cookie buffer issuesHEADmaster
Diffstat (limited to 'src/http.c')
-rw-r--r--src/http.c23
1 files changed, 14 insertions, 9 deletions
diff --git a/src/http.c b/src/http.c
index 349f66f..3f6294d 100644
--- a/src/http.c
+++ b/src/http.c
@@ -19,27 +19,32 @@ static void build_cookie_headers(char *cookie_headers_buffer,
cookies_to_set[i].value);
if (strlen(cookies_to_set[i].expires) > 0) {
- strcat(single_cookie_header, "; Expires=");
- strcat(single_cookie_header, cookies_to_set[i].expires);
+ strncat(single_cookie_header, "; Expires=", sizeof(single_cookie_header) - strlen(single_cookie_header) - 1);
+ strncat(single_cookie_header, cookies_to_set[i].expires, sizeof(single_cookie_header) - strlen(single_cookie_header) - 1);
}
if (strlen(cookies_to_set[i].path) > 0) {
- strcat(single_cookie_header, "; Path=");
- strcat(single_cookie_header, cookies_to_set[i].path);
+ strncat(single_cookie_header, "; Path=", sizeof(single_cookie_header) - strlen(single_cookie_header) - 1);
+ strncat(single_cookie_header, cookies_to_set[i].path, sizeof(single_cookie_header) - strlen(single_cookie_header) - 1);
}
if (cookies_to_set[i].http_only) {
- strcat(single_cookie_header, "; HttpOnly");
+ strncat(single_cookie_header, "; HttpOnly", sizeof(single_cookie_header) - strlen(single_cookie_header) - 1);
}
if (cookies_to_set[i].secure) {
- strcat(single_cookie_header, "; Secure");
+ strncat(single_cookie_header, "; Secure", sizeof(single_cookie_header) - strlen(single_cookie_header) - 1);
}
- strcat(single_cookie_header, "\r\n");
+ strncat(single_cookie_header, "\r\n", sizeof(single_cookie_header) - strlen(single_cookie_header) - 1);
- strncat(cookie_headers_buffer, single_cookie_header,
- buffer_size - strlen(cookie_headers_buffer) - 1);
+ if (strlen(cookie_headers_buffer) + strlen(single_cookie_header) < buffer_size) {
+ strncat(cookie_headers_buffer, single_cookie_header,
+ buffer_size - strlen(cookie_headers_buffer) - 1);
+ } else {
+ fprintf(stderr, "[WARNING] build_cookie_headers: Cookie headers buffer full, truncating\n");
+ break;
+ }
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2026-03-10 09:23:31 +0000