Skip to content

websockets, check for negative payload lengths#12707

Closed
icing wants to merge 6 commits intocurl:masterfrom
icing:ws-dec-large
Closed

websockets, check for negative payload lengths#12707
icing wants to merge 6 commits intocurl:masterfrom
icing:ws-dec-large

Conversation

@icing
Copy link
Copy Markdown
Contributor

@icing icing commented Jan 15, 2024

  • in en- and decoding, check the websocket frame payload lengths for negative values (from curl_off_t) and error the operation in that case

@github-actions github-actions bot added the tests label Jan 15, 2024
piru
piru reviewed Jan 15, 2024
View reviewed changes
Comment thread lib/ws.c Outdated
@bagder
Copy link
Copy Markdown
Member

bagder commented Jan 15, 2024

Except that ASAN complains on the new test:

ws.c:228:52: runtime error: left shift of 255 by 56 places cannot be represented in type 'curl_off_t' (aka 'long')

icing added 2 commits January 15, 2024 17:54
@icing
websockets, check for negative payload lengths
00b6ec2 
- in en- and decoding, check the websocket frame payload
  lengths for negative values (from curl_off_t) and error
  the operation in that case
@icing
check parsed frame payload length with proper base type
bb1d611
@jay
Copy link
Copy Markdown
Member

jay commented Jan 15, 2024

lgtm but hyper ci is failing:

test 2307...[WebSockets, overlong PING payload]

lib2302 returned 52, when expecting 23
 2307: exit FAILED

@bagder
Copy link
Copy Markdown
Member

bagder commented Jan 15, 2024

lib2302 returned 52, when expecting 23

it is really complicated sometimes to get the same error codes for hyper but 52 (CURLE_GOT_NOTHING) seems wrong.

@icing
Copy link
Copy Markdown
Contributor Author

icing commented Jan 16, 2024
edited
Loading

lib2302 returned 52, when expecting 23

it is really complicated sometimes to get the same error codes for hyper but 52 (CURLE_GOT_NOTHING) seems wrong.

I declare test 2307 does not work with hyper at all. Nowhere do I see the server response data being processed. Change my mind.

bagder
bagder reviewed Jan 16, 2024
View reviewed changes
Comment thread tests/data/test2307
@bagder bagder closed this in 49ca841 Jan 16, 2024
@bagder
Copy link
Copy Markdown
Member

bagder commented Jan 16, 2024

@icing: this new test 2307 seems to be flaky and has already failed for me locally and in CI builds after this...

bagder added a commit that referenced this pull request Jan 16, 2024
@bagder
test2307: mark as flaky
d1856c6 
Added in 49ca841 (#12707) the test fails in numerous
(unrelated) CI builds.
@bagder bagder mentioned this pull request Jan 16, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bagder bagder bagder approved these changes

+1 more reviewer

@piru piru piru left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

tests WebSocket

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@icing @bagder @jay @piru