Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix crash because of unaligned accesses in hybiReadAndDecode()
  • Loading branch information
DerDakon committed May 28, 2019
1 parent 3b3a5c4 commit 0cf1400
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions libvncserver/ws_decode.c
Expand Up @@ -327,7 +327,6 @@ hybiReadAndDecode(ws_ctx_t *wsctx, char *dst, int len, int *sockRet, int nInBuf)
int bufsize;
int nextRead;
unsigned char *data;
uint32_t *data32;

/* if data was carried over, copy to start of buffer */
memcpy(wsctx->writePos, wsctx->carryBuf, wsctx->carrylen);
Expand Down Expand Up @@ -383,10 +382,12 @@ hybiReadAndDecode(ws_ctx_t *wsctx, char *dst, int len, int *sockRet, int nInBuf)
/* for a possible base64 decoding, we decode multiples of 4 bytes until
* the whole frame is received and carry over any remaining bytes in the carry buf*/
data = (unsigned char *)(wsctx->writePos - toDecode);
data32= (uint32_t *)data;

for (i = 0; i < (toDecode >> 2); i++) {
data32[i] ^= wsctx->header.mask.u;
uint32_t tmp;
memcpy(&tmp, data + i * sizeof(tmp), sizeof(tmp));
tmp ^= wsctx->header.mask.u;
memcpy(data + i * sizeof(tmp), &tmp, sizeof(tmp));
}
ws_dbg("mask decoding; i=%d toDecode=%d\n", i, toDecode);

Expand Down

0 comments on commit 0cf1400

Please sign in to comment.