[OpenSIPS-Devel] [OpenSIPS/opensips] 094a4d: proto_ws: decline Sec-WebSocket-Key keys that are ...
Răzvan Crainea
noreply at github.com
Wed Jan 8 06:53:13 EST 2020
Branch: refs/heads/3.0
Home: https://github.com/OpenSIPS/opensips
Commit: 094a4dbe5af021d3dcdbece8106ea5c6ebbfa1c9
https://github.com/OpenSIPS/opensips/commit/094a4dbe5af021d3dcdbece8106ea5c6ebbfa1c9
Author: Razvan Crainea <razvan at opensips.org>
Date: 2020-01-08 (Wed, 08 Jan 2020)
Changed paths:
M modules/proto_ws/ws_handshake_common.h
Log Message:
-----------
proto_ws: decline Sec-WebSocket-Key keys that are not 24 bytes
In case the key is not 24 bytes, the some internal buffers might be
overwritten, resulting in malformed/bad Sec-WebSocket-Accept generation.
And since the RFC requires the key to be random 16-bytes-base64
encoding, the length should always be 24 bytes.
Thanks go to @hafkensite for reporting it on GitHub and to @wdoekes for
profiving the fix. Close #1928
(cherry picked from commit 6f24b26205d11a3500f86113cf74f7f7f4ec95e8)
More information about the Devel
mailing list