Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/net/websocket: Integer overflow on hybiFrameHeader Length #11999

Closed
robertmd opened this issue Aug 3, 2015 · 4 comments
Closed

x/net/websocket: Integer overflow on hybiFrameHeader Length #11999

robertmd opened this issue Aug 3, 2015 · 4 comments
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@robertmd
Copy link

robertmd commented Aug 3, 2015

Currently on go1.4.2 windows/amd64, hybiFrameHeader uses int64 for the length of the packet. If a header size is greater than int64 the length will become negative. This causes the data in the packet to become the header of the next packet.

Per the RFC specs the length should be uint64 or the websocket library should check for overflows.
@ianlancetaylor ianlancetaylor added this to the Unreleased milestone Aug 3, 2015
@mikioh mikioh changed the title golang.org/x/net/websocket: Integer overflow on hybiFrameHeader Length x/net/websocket: Integer overflow on hybiFrameHeader Length Aug 3, 2015
@mikioh
Copy link
Contributor

mikioh commented Aug 4, 2015

According to https://tools.ietf.org/html/rfc6455,

Payload length:  7 bits, 7+16 bits, or 7+64 bits

      The length of the "Payload data", in bytes: ... (snip)
      following 8 bytes interpreted as a 64-bit unsigned integer (the
      most significant bit MUST be 0) are the payload length.

@mikioh mikioh closed this as completed Aug 4, 2015
@mikioh mikioh reopened this Aug 4, 2015
@mikioh
Copy link
Contributor

mikioh commented Aug 4, 2015

The current implementation is fine because a) it validates the MSB of payload length, b) it doesn't support long payload frames. Merged into #2134.

@mikioh mikioh closed this as completed Aug 4, 2015
@mikioh
Copy link
Contributor

mikioh commented Aug 4, 2015

Ah, I missed that there's no MSB check for extended payload length. Thanks.

@mikioh mikioh reopened this Aug 4, 2015
@gopherbot
Copy link

CL https://golang.org/cl/13059 mentions this issue.

@golang golang locked and limited conversation to collaborators Aug 5, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@mikioh @robertmd @ianlancetaylor @gopherbot