Branch: refs/heads/2.4
Home: https://github.com/OpenSIPS/opensips
Commit: fb847ba4420c88d608feefa80849f8a985f5ac27
https://github.com/OpenSIPS/opensips/commit/fb847ba4420c88d608feefa80849f8a985f5ac27
Author: Razvan Crainea <[email protected]>
Date: 2020-01-08 (Wed, 08 Jan 2020)
Changed paths:
M modules/proto_ws/ws_handshake_common.h
Log Message:
-----------
proto_ws: decline Sec-WebSocket-Key keys that are not 24 bytes
In case the key is not 24 bytes, the some internal buffers might be
overwritten, resulting in malformed/bad Sec-WebSocket-Accept generation.
And since the RFC requires the key to be random 16-bytes-base64
encoding, the length should always be 24 bytes.
Thanks go to @hafkensite for reporting it on GitHub and to @wdoekes for
profiving the fix. Close #1928
(cherry picked from commit 6f24b26205d11a3500f86113cf74f7f7f4ec95e8)
_______________________________________________
Devel mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
