Skip to content

Commit

Permalink
Limit subprotocol and extension lengths
Browse files Browse the repository at this point in the history
  • Loading branch information
@uNetworkingAB
uNetworkingAB authored Apr 2, 2017
1 parent 08df914 commit 3694e43
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/HTTPSocket.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -228,13 +228,13 @@ void HttpSocket<isServer>::upgrade(const char *secKey, const char *extensions, s
base64(shaDigest, upgradeBuffer + 97);
memcpy(upgradeBuffer + 125, "\r\n", 2);
size_t upgradeResponseLength = 127;
if (extensionsResponse.length()) {
if (extensionsResponse.length() && extensionsResponse.length() < 200) {
memcpy(upgradeBuffer + upgradeResponseLength, "Sec-WebSocket-Extensions: ", 26);
memcpy(upgradeBuffer + upgradeResponseLength + 26, extensionsResponse.data(), extensionsResponse.length());
memcpy(upgradeBuffer + upgradeResponseLength + 26 + extensionsResponse.length(), "\r\n", 2);
upgradeResponseLength += 26 + extensionsResponse.length() + 2;
}
if (subprotocolLength) {
if (subprotocolLength && subprotocolLength < 200) {
memcpy(upgradeBuffer + upgradeResponseLength, "Sec-WebSocket-Protocol: ", 24);
memcpy(upgradeBuffer + upgradeResponseLength + 24, subprotocol, subprotocolLength);
memcpy(upgradeBuffer + upgradeResponseLength + 24 + subprotocolLength, "\r\n", 2);
Expand Down

0 comments on commit 3694e43

Please sign in to comment.