[libsoup/websockets-fixes-2.66: 13/19] WebSockets: fix invalid read when sending large messages
- From: Claudio Saavedra <csaavedra src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libsoup/websockets-fixes-2.66: 13/19] WebSockets: fix invalid read when sending large messages
- Date: Fri, 11 Dec 2020 14:41:15 +0000 (UTC)
commit ec2f57a5a0eabcb1dbfc17c44ec089b9e9a2214c
Author: Claudio Saavedra <csaavedra igalia com>
Date: Fri Aug 23 18:58:49 2019 +0300
WebSockets: fix invalid read when sending large messages
We use GByteArray, which can be reallocated, so be careful when
keeping track of the current position in a message not to use
potentially dangling pointers.
Fixes #160
libsoup/soup-websocket-connection.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
---
diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c
index 2963731a..1053d52e 100644
--- a/libsoup/soup-websocket-connection.c
+++ b/libsoup/soup-websocket-connection.c
@@ -432,7 +432,7 @@ send_message (SoupWebsocketConnection *self,
gsize frame_len;
guint8 *outer;
guint8 *mask = 0;
- guint8 *at;
+ guint at;
if (!(soup_websocket_connection_get_state (self) == SOUP_WEBSOCKET_STATE_OPEN)) {
g_debug ("Ignoring message since the connection is closed or is closing");
@@ -490,11 +490,11 @@ send_message (SoupWebsocketConnection *self,
bytes->len += 4;
}
- at = bytes->data + bytes->len;
+ at = bytes->len;
g_byte_array_append (bytes, data, length);
if (self->pv->connection_type == SOUP_WEBSOCKET_CONNECTION_CLIENT)
- xor_with_mask (mask, at, length);
+ xor_with_mask (mask, bytes->data + at, length);
frame_len = bytes->len;
queue_frame (self, flags, g_byte_array_free (bytes, FALSE),
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]