From d735d96b994247f26f10e71e91339ae60932120e Mon Sep 17 00:00:00 2001 From: Andy Green Date: Fri, 21 Aug 2020 17:39:59 +0100 Subject: [PATCH] sspc: extend assert length check to explicit code --- lib/secure-streams/secure-streams-serialize.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/secure-streams/secure-streams-serialize.c b/lib/secure-streams/secure-streams-serialize.c index 0b128eb39..ff74826aa 100644 --- a/lib/secure-streams/secure-streams-serialize.c +++ b/lib/secure-streams/secure-streams-serialize.c @@ -206,7 +206,16 @@ lws_ss_deserialize_tx_payload(struct lws_dsh *dsh, struct lws *wsi, } *len = lws_ser_ru16be(&p[1]) - (23 - 3); - assert(*len == si - 23); + if (*len != si - 23) { + /* + * We cannot accept any length that doesn't reflect the actual + * length of what came in from the dsh, either something nasty + * happened with truncation or we are being attacked + */ + assert(0); + + return 1; + } memcpy(buf, p + 23, si - 23);