Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
x/net/websocket: Integer overflow on hybiFrameHeader Length #11999
Currently on go1.4.2 windows/amd64, hybiFrameHeader uses int64 for the length of the packet. If a header size is greater than int64 the length will become negative. This causes the data in the packet to become the header of the next packet.
Per the RFC specs the length should be uint64 or the websocket library should check for overflows.
According to https://tools.ietf.org/html/rfc6455,