[Webkit-unassigned] [Bug 51253] WebSockets: unbounded buffer growth when server sends bad data
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Dec 17 10:44:01 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=51253
Alexey Proskuryakov <ap at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #76879|review? |review-
Flag| |
--- Comment #3 from Alexey Proskuryakov <ap at webkit.org> 2010-12-17 10:44:01 PST ---
(From update of attachment 76879)
View in context: https://bugs.webkit.org/attachment.cgi?id=76879&action=review
This is a violation of WebSockets-76 spec - the spec doesn't require the response to start with "HTTP/", see <http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76#section-4.1> step 28.
Also, this doesn't look like a complete fix. What if the response line starts with "HTTP/", but doesn't have any newlines? Current code would just read INT_MAX bytes, which is effectively unbounded.
It seems that we should just put a more practical limit on status line length, and tell the hybi working group that a limit should be added to the spec. In fact, it will be possible to add a regression test then.
> WebCore/ChangeLog:14
> + No new tests. (OOPS!)
A commit hook will prevent landing with OOPS - please replace it with an explanation of why there is no test.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list