lzhr/v2fly
1
0
Fork 0
mirror of https://github.com/v2fly/v2ray-core.git synced 2024-07-05 21:45:24 +00:00
Code Issues Releases Wiki Activity
96dc2c1c81
v2fly/external/github.com
History
keepalivesrc 96dc2c1c81
websocket Read Limit Fix 
This fix addresses a potential denial-of-service (DoS) vector that can cause an integer overflow in the presence of malicious WebSocket frames.

The fix adds additional checks against the remaining bytes on a connection, as well as a test to prevent regression.

Credit to Max Justicz (https://justi.cz/) for discovering and reporting this, as well as providing a robust PoC and review.

* bugfix: fix DoS vector caused by readLimit bypass
* bugfix: payload length 127 should read bytes as uint64
* bugfix: defend against readLength overflows
2019-10-16 01:14:01 -07:00
..
cheekybits/genny move vendor to external 2019-01-17 15:33:18 +01:00
cloudflare/sidh update references 2019-01-17 16:39:39 +01:00
gorilla/websocket websocket Read Limit Fix 2019-10-16 01:14:01 -07:00
lucas-clemente/quic-go update references 2019-01-17 16:39:39 +01:00
marten-seemann/qtls update references 2019-01-17 16:39:39 +01:00
refraction-networking/utls refine tls connection 2019-02-17 00:58:02 +01:00