Commit c8af7cdd authored by Deomid Ryabkov's avatar Deomid Ryabkov Committed by Cesanta Bot

Check for int overflow when parsing WS frames

PUBLISHED_FROM=b7325b38e881455df703b0b628c41931565ccb33
parent f857f639
...@@ -9204,7 +9204,13 @@ static int mg_deliver_websocket_data(struct mg_connection *nc) { ...@@ -9204,7 +9204,13 @@ static int mg_deliver_websocket_data(struct mg_connection *nc) {
} }
frame_len = header_len + data_len; frame_len = header_len + data_len;
ok = frame_len > 0 && frame_len <= buf_len; ok = (frame_len > 0 && frame_len <= buf_len);
/* Check for overflow */
if (frame_len < header_len || frame_len < data_len) {
ok = 0;
nc->flags |= MG_F_CLOSE_IMMEDIATELY;
}
if (ok) { if (ok) {
struct websocket_message wsm; struct websocket_message wsm;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment