mirror of
https://github.com/v2fly/v2ray-core.git
synced 2024-07-05 21:45:24 +00:00
96dc2c1c81
This fix addresses a potential denial-of-service (DoS) vector that can cause an integer overflow in the presence of malicious WebSocket frames. The fix adds additional checks against the remaining bytes on a connection, as well as a test to prevent regression. Credit to Max Justicz (https://justi.cz/) for discovering and reporting this, as well as providing a robust PoC and review. * bugfix: fix DoS vector caused by readLimit bypass * bugfix: payload length 127 should read bytes as uint64 * bugfix: defend against readLength overflows |
||
---|---|---|
.. | ||
cheekybits/genny | ||
cloudflare/sidh | ||
gorilla/websocket | ||
lucas-clemente/quic-go | ||
marten-seemann/qtls | ||
refraction-networking/utls |