You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33 lines
951 B
33 lines
951 B
4 years ago
|
From b8f4d7d2c7a3d08a82f4bc7588cdff15cee54292 Mon Sep 17 00:00:00 2001
|
||
|
From: Frediano Ziglio <freddy77@gmail.com>
|
||
|
Date: Tue, 16 Jun 2020 11:49:19 +0100
|
||
|
Subject: [PATCH] websocket: Fix possible integer overflow
|
||
|
|
||
|
The shift of a uint_8 number by a number > 32 causes an overflow.
|
||
|
|
||
|
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
|
||
|
Acked-by: Uri Lublin <ulublin@redhat.com>
|
||
|
---
|
||
|
server/websocket.c | 5 +++--
|
||
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
||
|
|
||
|
diff --git a/server/websocket.c b/server/websocket.c
|
||
|
index f5df63f8..82b20b49 100644
|
||
|
--- a/server/websocket.c
|
||
|
+++ b/server/websocket.c
|
||
|
@@ -165,8 +165,9 @@ static uint64_t extract_length(const uint8_t *buf, int *used)
|
||
|
case LENGTH_64BIT:
|
||
|
*used += 8;
|
||
|
outlen = 0;
|
||
|
- for (i = 56; i >= 0; i -= 8) {
|
||
|
- outlen |= (*buf++) << i;
|
||
|
+ for (i = 0; i < 8; ++i) {
|
||
|
+ outlen <<= 8;
|
||
|
+ outlen |= *buf++;
|
||
|
}
|
||
|
break;
|
||
|
|
||
|
--
|
||
|
2.26.2
|
||
|
|