Commit 3694e43c authored by Alex Hultman's avatar Alex Hultman Committed by GitHub

Limit subprotocol and extension lengths

parent 08df914b
......@@ -228,13 +228,13 @@ void HttpSocket<isServer>::upgrade(const char *secKey, const char *extensions, s
base64(shaDigest, upgradeBuffer + 97);
memcpy(upgradeBuffer + 125, "\r\n", 2);
size_t upgradeResponseLength = 127;
if (extensionsResponse.length()) {
if (extensionsResponse.length() && extensionsResponse.length() < 200) {
memcpy(upgradeBuffer + upgradeResponseLength, "Sec-WebSocket-Extensions: ", 26);
memcpy(upgradeBuffer + upgradeResponseLength + 26, extensionsResponse.data(), extensionsResponse.length());
memcpy(upgradeBuffer + upgradeResponseLength + 26 + extensionsResponse.length(), "\r\n", 2);
upgradeResponseLength += 26 + extensionsResponse.length() + 2;
}
if (subprotocolLength) {
if (subprotocolLength && subprotocolLength < 200) {
memcpy(upgradeBuffer + upgradeResponseLength, "Sec-WebSocket-Protocol: ", 24);
memcpy(upgradeBuffer + upgradeResponseLength + 24, subprotocol, subprotocolLength);
memcpy(upgradeBuffer + upgradeResponseLength + 24 + subprotocolLength, "\r\n", 2);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment