Project

General

Profile

Bug #2858

Wrong websocket frametype if frame is longer then UINT16_MAX

Added by rschmid 30 days ago. Updated 29 days ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
mod_wstunnel
Target version:
Start date:
2018-01-19
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:

Description

Hello,

I tried mod_wstunnel in lighttpd 1.4.48. If the framesize is bigger then UINT16_MAX in RFC 6455 the frametype in websocket header buffer (mem) on pos 0 is been overwriten by

memset(mem, 0, sizeof(mem)); 
(mod_wstunnel.c line 1125).

Associated revisions

Revision 30fe3684 (diff)
Added by gstrauss 29 days ago

[mod_wstunnel] fix for frames larger than 64k (fixes #2858)

(thx rschmid)

x-ref:
"Wrong websocket frametype if frame is longer then UINT16_MAX"
https://redmine.lighttpd.net/issues/2858

History

#1

Updated by stbuehler 30 days ago

That line also doesn't seem to be needed for something else given the other 9 bytes are all explicitly set.

#2

Updated by rschmid 30 days ago

stbuehler wrote:

That line also doesn't seem to be needed for something else given the other 9 bytes are all explicitly set.

you are right

This diff worked for me

--- a/src/mod_wstunnel.c    2018-01-19 12:17:14.774391315 +0100
+++ b/src/mod_wstunnel.c    2018-01-19 12:18:32.061732967 +0100
@@ -1122,7 +1122,6 @@ static int send_rfc_6455(handler_ctx *hc
         len = 1+MOD_WEBSOCKET_FRAME_LEN16_CNT+1;
     }
     else {
-        memset(mem, 0, sizeof(mem));
         mem[1] = MOD_WEBSOCKET_FRAME_LEN63;
         mem[2] = 0;
         mem[3] = 0;
#3

Updated by gstrauss 29 days ago

  • Category set to mod_wstunnel
  • Status changed from New to Patch Pending
  • Target version changed from 1.4.x to 1.4.49

Yes, that's a bug. Sorry. Will push a fix to lighttpd git master soon.

#4

Updated by gstrauss 29 days ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100

Also available in: Atom