3party/libzmq
0
0
Fork 0
mirror of https://github.com/zeromq/libzmq.git synced 2025-01-14 09:47:56 +08:00
Code Issues Projects Releases Wiki Activity

Problem: WS might use handshake buffer for data

Browse Source 
Solution: check for it before reusing it to avoid overflows
This commit is contained in:
Luca Boccassi 2020-08-15 11:30:54 +01:00
parent 87ee106438
commit 1668432894
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/ws_decoder.cpp
View File

@ -212,10 +212,13 @@ int zmq::ws_decoder_t::size_ready (unsigned char const *read_pos_)
// data into a new message and complete it in the next receive.
shared_message_memory_allocator &allocator = get_allocator ();
if (unlikely (!_zero_copy
if (unlikely (!_zero_copy || allocator.data () > read_pos_
|| static_cast<size_t> (read_pos_ - allocator.data ())
> allocator.size ()
|| _size > static_cast<size_t> (
allocator.data () + allocator.size () - read_pos_))) {
// a new message has started, but the size would exceed the pre-allocated arena
// (or read_pos_ is in the initial handshake buffer)
// this happens every time when a message does not fit completely into the buffer
rc = _in_progress.init_size (static_cast<size_t> (_size));
} else {