Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Read Limit Fix #537

Merged
merged 5 commits into from Aug 25, 2019
Merged

Read Limit Fix #537

merged 5 commits into from Aug 25, 2019

Conversation

elithrar
Copy link
Member

@elithrar elithrar commented Aug 25, 2019

This fix addresses a potential denial-of-service (DoS) vector that can cause an integer overflow in the presence of malicious WebSocket frames.

The fix adds additional checks against the remaining bytes on a connection, as well as a test to prevent regression.

Credit to Max Justicz for discovering and reporting this, as well as providing a robust PoC and review.

@elithrar elithrar added the bug label Aug 25, 2019
@elithrar elithrar requested a review from garyburd Aug 25, 2019
@elithrar elithrar self-assigned this Aug 25, 2019
@elithrar elithrar merged commit 5b740c2 into master Aug 25, 2019
1 check passed
@elithrar elithrar deleted the elithrar/read-limit-fix branch Aug 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant