github-personal/sysadm
1
0
Fork 0
mirror of https://github.com/outbackdingo/sysadm.git synced 2026-01-27 18:20:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Change how we parse incoming WebSocket TCP/SSL data. Its possible

Browse Source 
that data coming in will be mixed with several messages at once,
lets parse those properly, and also implement some sanity checking
to make sure we aren't being flooded with a potential buffer overflow
This commit is contained in:
Kris Moore
2016-03-11 08:08:51 -05:00
parent b761863341
commit cb4c4eb544
2 changed files with 41 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
src/server/WebSocket.cpp
View File

@@ -361,16 +361,47 @@ void WebSocket::EvaluateMessage(const QString &msg){
//qDebug() << " - Done with Text Message";
}
void WebSocket::ParseIncoming(){
bool found = false;
// Check if we have a complete JSON request waiting to be parsed
QString JsonRequest;
for ( int i = 0; i<incomingbuffer.size(); i++) {
JsonRequest = incomingbuffer;
JsonRequest.truncate(i);
if ( !QJsonDocument::fromBinaryData(JsonRequest.toLocal8Bit()).isNull() )
{
// We have what looks like a valid JSON request, lets parse it now
//qDebug() << "TCP Message" << JsonRequest;
EvaluateREST(JsonRequest);
incomingbuffer.remove(0, i);
found = true;
break;
}
}
// If the buffer is larger than 128000 chars and no valid JSON somebody
// is screwing with us, lets clear the buffer
if ( ! found && incomingbuffer.size() > 128000 ) {
incomingbuffer="";
return;
}
// If we found a valid JSON request, but still have data, check for
// a second request waiting in the buffer
if ( found && incomingbuffer.size() > 2 )
ParseIncoming();
}
void WebSocket::EvaluateTcpMessage(){
//Need to read the data from the Tcp socket and turn it into a string
//qDebug() << "New TCP Message:";
if(idletimer->isActive()){ idletimer->stop(); }
QString msg = QString(TSOCKET->readAll());
for(int i=0; i<5 && !msg.endsWith("}"); i++){
usleep(10000); //10ms
msg.append( QString(TSOCKET->readAll()) );
}
EvaluateREST(msg );
incomingbuffer.append(QString(TSOCKET->read(128000)));
// Check for JSON in this incoming data
ParseIncoming();
idletimer->start();
//qDebug() << " - Done with TCP Message";
}

4
src/server/WebSocket.h
View File

@@ -29,6 +29,10 @@ private:
QList<EventWatcher::EVENT_TYPE> ForwardEvents;
void sendReply(QString msg);
// Where we store incoming Tcp data
QString incomingbuffer;
void ParseIncoming();
//Main connection comminucations procedure
void EvaluateREST(QString); //Text -> Rest/JSON struct
void EvaluateRequest(const RestInputStruct&); // Parse Rest/JSON (does auth/events)