diff options
| author | ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-07 04:32:48 +0000 |
|---|---|---|
| committer | ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-07 04:32:48 +0000 |
| commit | b792af76625e5f3d9801277b628352243fdcbb18 (patch) | |
| tree | 1eaedd2e02422495303e12efd430540a5e153e47 /net/websockets/websocket.cc | |
| parent | 3bc2379e208bd30629e2a881c5121636c5216ebc (diff) | |
| download | chromium_src-b792af76625e5f3d9801277b628352243fdcbb18.zip chromium_src-b792af76625e5f3d9801277b628352243fdcbb18.tar.gz chromium_src-b792af76625e5f3d9801277b628352243fdcbb18.tar.bz2 | |
Fix WebSocket length parser
Frames denoted by bytes that have the high bit set (0x80 to
0xFF) have a leading length indicator, which is encoded as a series
of 7-bit bytes stored in octets with the 8th bit being set for all
but the last byte.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/465094
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33951 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/websockets/websocket.cc')
| -rw-r--r-- | net/websockets/websocket.cc | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/net/websockets/websocket.cc b/net/websockets/websocket.cc index e588707..719a870 100644 --- a/net/websockets/websocket.cc +++ b/net/websockets/websocket.cc @@ -391,14 +391,17 @@ void WebSocket::ProcessFrameData() { unsigned char frame_byte = static_cast<unsigned char>(*p++); if ((frame_byte & 0x80) == 0x80) { int length = 0; - while (p < end && (*p & 0x80) == 0x80) { + while (p < end) { if (length > std::numeric_limits<int>::max() / 128) { // frame length overflow. socket_stream_->Close(); return; } - length = length * 128 + (*p & 0x7f); + unsigned char c = static_cast<unsigned char>(*p); + length = length * 128 + (c & 0x7f); ++p; + if ((c & 0x80) != 0x80) + break; } // Checks if the frame body hasn't been completely received yet. // It also checks the case the frame length bytes haven't been completely |