From c0b3e16bb0e640fdca61c6076840ebf1e49760c8 Mon Sep 17 00:00:00 2001 From: Andri Yngvason Date: Sun, 30 Apr 2023 14:03:12 +0000 Subject: [PATCH] stream-ws: Sanitise handshake input --- src/stream-ws.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/stream-ws.c b/src/stream-ws.c index d0091c3..e7038af 100644 --- a/src/stream-ws.c +++ b/src/stream-ws.c @@ -199,6 +199,14 @@ static ssize_t stream_ws_read_ready(struct stream_ws* ws, void* dst, static ssize_t stream_ws_read_handshake(struct stream_ws* ws, void* dst, size_t size) { + if (ws->read_index >= sizeof(ws->read_buffer)) { + // This header is suspiciously long + stream__remote_closed(&ws->base); + return -1; + } + + ws->read_buffer[ws->read_index] = '\0'; + char reply[512]; ssize_t header_len = ws_handshake(reply, sizeof(reply), (const char*)ws->read_buffer);