mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-09 00:00:04 +01:00
coverity: 232068: hpack 6-bit index may be garbage
It's possible an attacker may send an illegal dynamic index we can't succeed to look up
This commit is contained in:
parent
ecb8de3386
commit
795d20081e
1 changed files with 7 additions and 0 deletions
|
@ -1277,6 +1277,13 @@ fin:
|
|||
/* header length is determined by known index */
|
||||
m = lws_token_from_index(wsi, h2n->hdr_idx, NULL, NULL,
|
||||
&h2n->hpack_hdr_len);
|
||||
if (m < 0)
|
||||
/*
|
||||
* The peer may only send known 6-bit indexes,
|
||||
* there's still the possibility it sends an unset
|
||||
* dynamic index that we can't succeed to look up
|
||||
*/
|
||||
return 1;
|
||||
goto add_it;
|
||||
/* NEW literal hdr with value */
|
||||
case HPKT_LITERAL_HDR_VALUE_INCR:
|
||||
|
|
Loading…
Add table
Reference in a new issue