From b0e87dcafa75f8bced7a0b11dd335e9b7aa86334 Mon Sep 17 00:00:00 2001 From: Bram Matthys Date: Fri, 15 Dec 2023 12:33:23 +0100 Subject: [PATCH] Fix crash issue in websocket server (CVE-2023-50784) --- src/modules/websocket_common.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/modules/websocket_common.c b/src/modules/websocket_common.c index 81f4cb2f9..ef947968b 100644 --- a/src/modules/websocket_common.c +++ b/src/modules/websocket_common.c @@ -10,7 +10,7 @@ ModuleHeader MOD_HEADER = { "websocket_common", - "6.0.0", + "6.1.4", "WebSocket support (RFC6455)", "UnrealIRCd Team", "unrealircd-6", @@ -149,7 +149,7 @@ int websocket_handle_packet(Client *client, const char *readbuf, int length, int const char *p; int total_packet_size; char *payload = NULL; - static char payloadbuf[READBUF_SIZE]; + static char payloadbuf[MAXLINELENGTH]; int maskkeylen = 4; if (length < 4)