1
0
mirror of https://github.com/weechat/weechat.git synced 2026-07-05 17:23:15 +02:00

relay/api: only decompress compressed messages

With permessage-deflate, RSV1 of the first fragment indicates whether or
not the message is compressed [1]. If RSV1 is not set then the message
should not be decompressed.

[1] https://datatracker.ietf.org/doc/html/rfc7692#section-6
This commit is contained in:
Matthew Horan
2026-06-28 14:46:18 -04:00
committed by Sébastien Helleu
parent 00dd7db591
commit b7e16af8d6
2 changed files with 7 additions and 3 deletions
+1
View File
@@ -12,6 +12,7 @@
- api: fix infinite loop in function string_replace when the search string is empty
- irc: limit size of data received from the server to prevent memory exhaustion
- irc: fix out-of-bounds read on incoming DCC command with a quoted filename ending the message ([#2322](https://github.com/weechat/weechat/issues/2322))
- relay: fix read of uncompressed websocket frame ([#2331](https://github.com/weechat/weechat/issues/2331))
- relay: limit size of received websocket frame and HTTP body to prevent memory exhaustion
- relay: fix timing attack on password authentication ([GHSA-vhv8-g2r9-cwcc](https://github.com/weechat/weechat/security/advisories/GHSA-vhv8-g2r9-cwcc), [CVE-2026-53525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-53525))
- api, relay: fix timing attack on TOTP validation ([GHSA-vhv8-g2r9-cwcc](https://github.com/weechat/weechat/security/advisories/GHSA-vhv8-g2r9-cwcc), [CVE-2026-53525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-53525))
+6 -3
View File
@@ -651,7 +651,7 @@ relay_websocket_decode_frame (const unsigned char *buffer,
size_t size_decompressed;
char *payload_decompressed;
struct t_relay_websocket_frame *frames2, *ptr_frame;
int size, masked_frame, mask[4];
int size, compressed, masked_frame, mask[4];
if (!buffer || !frames || !num_frames)
return 0;
@@ -672,6 +672,9 @@ relay_websocket_decode_frame (const unsigned char *buffer,
opcode = buffer[index_buffer] & 15;
/* RSV1 indicates whether this message is compressed */
compressed = (buffer[index_buffer] & 64) ? 1 : 0;
/* check if frame is masked */
masked_frame = (buffer[index_buffer + 1] & 128) ? 1 : 0;
@@ -778,9 +781,9 @@ relay_websocket_decode_frame (const unsigned char *buffer,
/*
* decompress data if frame is not empty and if "permessage-deflate"
* is enabled
* is enabled and the message is compressed
*/
if ((length_frame > 0) && ws_deflate && ws_deflate->enabled)
if ((length_frame > 0) && ws_deflate && ws_deflate->enabled && compressed)
{
if (!ws_deflate->strm_inflate)
{