Skip to content

Commit

Permalink
Fragments forming a long message are not caught early
Browse files Browse the repository at this point in the history
  • Loading branch information
@uNetworkingAB
uNetworkingAB committed Dec 31, 2019
1 parent b9062ec commit 54dd866
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
4 changes: 2 additions & 2 deletions fuzzing/Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# You can select which sanitizer to use by setting this
SANITIZER ?= address
# These are set by OSS-Fuzz, we default to AddressSanitizer
CXXFLAGS ?= -DLIBUS_NO_SSL -fsanitize=$(SANITIZER),fuzzer
CFLAGS ?= -DLIBUS_NO_SSL
override CXXFLAGS += -DLIBUS_NO_SSL -fsanitize=$(SANITIZER),fuzzer
override CFLAGS += -DLIBUS_NO_SSL
OUT ?= .

oss-fuzz:
Expand Down
5 changes: 5 additions & 0 deletions src/WebSocketContext.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,11 @@ struct WebSocketContext {
if (!webSocketData->fragmentBuffer.length()) {
webSocketData->fragmentBuffer.reserve(length + remainingBytes);
}
/* Fragments forming a big message are not caught until appending them */
if (refusePayloadLength(length + webSocketData->fragmentBuffer.length(), webSocketState, s)) {
forceClose(webSocketState, s);
return true;
}
webSocketData->fragmentBuffer.append(data, length);

/* Are we done now? */
Expand Down

0 comments on commit 54dd866

Please sign in to comment.