mirror of
https://github.com/weechat/weechat.git
synced 2026-07-05 17:23:15 +02:00
relay/api: only decompress compressed messages
With permessage-deflate, RSV1 of the first fragment indicates whether or not the message is compressed [1]. If RSV1 is not set then the message should not be decompressed. [1] https://datatracker.ietf.org/doc/html/rfc7692#section-6
This commit is contained in:
committed by
Sébastien Helleu
parent
00dd7db591
commit
b7e16af8d6
@@ -12,6 +12,7 @@
|
||||
- api: fix infinite loop in function string_replace when the search string is empty
|
||||
- irc: limit size of data received from the server to prevent memory exhaustion
|
||||
- irc: fix out-of-bounds read on incoming DCC command with a quoted filename ending the message ([#2322](https://github.com/weechat/weechat/issues/2322))
|
||||
- relay: fix read of uncompressed websocket frame ([#2331](https://github.com/weechat/weechat/issues/2331))
|
||||
- relay: limit size of received websocket frame and HTTP body to prevent memory exhaustion
|
||||
- relay: fix timing attack on password authentication ([GHSA-vhv8-g2r9-cwcc](https://github.com/weechat/weechat/security/advisories/GHSA-vhv8-g2r9-cwcc), [CVE-2026-53525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-53525))
|
||||
- api, relay: fix timing attack on TOTP validation ([GHSA-vhv8-g2r9-cwcc](https://github.com/weechat/weechat/security/advisories/GHSA-vhv8-g2r9-cwcc), [CVE-2026-53525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-53525))
|
||||
|
||||
@@ -651,7 +651,7 @@ relay_websocket_decode_frame (const unsigned char *buffer,
|
||||
size_t size_decompressed;
|
||||
char *payload_decompressed;
|
||||
struct t_relay_websocket_frame *frames2, *ptr_frame;
|
||||
int size, masked_frame, mask[4];
|
||||
int size, compressed, masked_frame, mask[4];
|
||||
|
||||
if (!buffer || !frames || !num_frames)
|
||||
return 0;
|
||||
@@ -672,6 +672,9 @@ relay_websocket_decode_frame (const unsigned char *buffer,
|
||||
|
||||
opcode = buffer[index_buffer] & 15;
|
||||
|
||||
/* RSV1 indicates whether this message is compressed */
|
||||
compressed = (buffer[index_buffer] & 64) ? 1 : 0;
|
||||
|
||||
/* check if frame is masked */
|
||||
masked_frame = (buffer[index_buffer + 1] & 128) ? 1 : 0;
|
||||
|
||||
@@ -778,9 +781,9 @@ relay_websocket_decode_frame (const unsigned char *buffer,
|
||||
|
||||
/*
|
||||
* decompress data if frame is not empty and if "permessage-deflate"
|
||||
* is enabled
|
||||
* is enabled and the message is compressed
|
||||
*/
|
||||
if ((length_frame > 0) && ws_deflate && ws_deflate->enabled)
|
||||
if ((length_frame > 0) && ws_deflate && ws_deflate->enabled && compressed)
|
||||
{
|
||||
if (!ws_deflate->strm_inflate)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user