Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
proto_ws: decline Sec-WebSocket-Key keys that are not 24 bytes
In case the key is not 24 bytes, the some internal buffers might be overwritten, resulting in malformed/bad Sec-WebSocket-Accept generation. And since the RFC requires the key to be random 16-bytes-base64 encoding, the length should always be 24 bytes. Thanks go to @hafkensite for reporting it on GitHub and to @wdoekes for profiving the fix. Close #1928 (cherry picked from commit 6f24b26)
- Loading branch information