[webkit-reviews] review denied: [Bug 51253] WebSockets: unbounded buffer growth when server sends bad data : [Attachment 76879] patch to check beginning bytes of buffer
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Dec 17 10:44:00 PST 2010
Alexey Proskuryakov <ap at webkit.org> has denied Joe Mason <jmason at rim.com>'s
request for review:
Bug 51253: WebSockets: unbounded buffer growth when server sends bad data
https://bugs.webkit.org/show_bug.cgi?id=51253
Attachment 76879: patch to check beginning bytes of buffer
https://bugs.webkit.org/attachment.cgi?id=76879&action=review
------- Additional Comments from Alexey Proskuryakov <ap at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=76879&action=review
This is a violation of WebSockets-76 spec - the spec doesn't require the
response to start with "HTTP/", see
<http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76#section-4.1>
step 28.
Also, this doesn't look like a complete fix. What if the response line starts
with "HTTP/", but doesn't have any newlines? Current code would just read
INT_MAX bytes, which is effectively unbounded.
It seems that we should just put a more practical limit on status line length,
and tell the hybi working group that a limit should be added to the spec. In
fact, it will be possible to add a regression test then.
> WebCore/ChangeLog:14
> + No new tests. (OOPS!)
A commit hook will prevent landing with OOPS - please replace it with an
explanation of why there is no test.
More information about the webkit-reviews
mailing list