[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [flashproxy/master] Check the message length limit in accumulated frames, not only per-frame.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [flashproxy/master] Check the message length limit in accumulated frames, not only per-frame.
From: dcf@xxxxxxxxxxxxxx
Date: Wed, 5 Dec 2012 02:17:51 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 04 Dec 2012 21:18:02 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: David Fifield <david@xxxxxxxxxxxxxxx>
Sender: tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx

commit e881395d512261b30505043bd5b33404ff0ccd2a
Author: David Fifield <david@xxxxxxxxxxxxxxx>
Date:   Mon Nov 26 22:15:50 2012 -0800

    Check the message length limit in accumulated frames, not only per-frame.
---
 flashproxy-client |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/flashproxy-client b/flashproxy-client
index b6d80ce..0aa51d4 100755
--- a/flashproxy-client
+++ b/flashproxy-client
@@ -361,6 +361,8 @@ class WebSocketDecoder(object):
             else:
                 if frame.opcode != 0:
                     raise ValueError("Non-first frame has nonzero opcode %d" % frame.opcode)
+            if len(self.message_buf) + len(frame.payload) > self.MAX_MESSAGE_LENGTH:
+                raise ValueError("Refusing to buffer payload of %d bytes" % (len(self.message_buf) + len(frame.payload)))
             self.message_buf += frame.payload
 
             if frame.fin:

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [flashproxy/master] Increase version to 0.9.
Next by Author: [tor-commits] [flashproxy/master] Add -D option to websockify command.
Previous by thread: [tor-commits] [translation/vidalia_completed] Update translations for vidalia_completed
Next by thread: [tor-commits] [tor/master] Return connection_exit_connect() if payload creation failed.
Index(es):
- Author
- Thread