[Libwebsockets] [libwebsockets] #13: Client receive buffer overflow

Trac trac at libwebsockets.org
Thu Feb 14 03:36:25 CET 2013


#13: Client receive buffer overflow
------------------------------------+--------------------
  Reporter:  dbrnz                  |      Owner:  agreen
      Type:  defect                 |     Status:  closed
  Priority:  major                  |  Milestone:
 Component:  libwebsockets library  |    Version:
Resolution:  fixed                  |   Keywords:
------------------------------------+--------------------
Changes (by agreen):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 Yes... if you don't define an appropriate frame buffer for your protocol
 using rx_buffer_size, it does check the length but checks against
 rx_buffer_size, which is 0, ie, no real check happens.

 I audited all the references to rx_buffer_size and found the same issue on
 server rx path.

 I patched both here

 http://git.libwebsockets.org/cgi-
 bin/cgit/libwebsockets/commit/?id=ff5dbf91b1d9a5d0f8b4cebd7bf60c0778b646a2

 and tagged it as v1.21-chrome26-firefox18

 Thanks a lot for the report.

-- 
Ticket URL: <http://libwebsockets.org/trac/ticket/13#comment:1>
libwebsockets <http://libwebsockets.org>
libwebsockets C library



More information about the Libwebsockets mailing list