Potential infinite loop in binary packet decoding #357
Labels
bug
Something isn't working
vulnerability
This reference a vulnerability found on socketioxide or engineioxide
Describe the bug
When server receive a binary packet (
45
...) without-
, it will get a infinite loop.https://github.com/Totodore/socketioxide/blob/d796728/socketioxide/src/packet.rs#L456-L458
To Reproduce
Steps to reproduce the behavior:
Let
engineIo
be the official engine-io client.(No rejection, No further ping-pong, CPU got 100%)
Expected behavior
Refuse this packet.
Versions (please complete the following information):
The text was updated successfully, but these errors were encountered: