[Libreoffice-commits] online.git: Branch 'distro/collabora/collabora-online-4-0' - net/WebSocketHandler.hpp

[Michael Meeks (via logerrit)]

 net/WebSocketHandler.hpp |    3 +++
 1 file changed, 3 insertions(+)

New commits:
commit 4d7142f207dde330b8b9ddeae2b4fa1e4a9cb979
Author:     Michael Meeks <michael.meeks at collabora.com>
AuthorDate: Mon Jan 6 15:10:02 2020 +0000
Commit:     Andras Timar <andras.timar at collabora.com>
CommitDate: Mon Jan 6 16:40:08 2020 +0100

    Avoid taking address over the end of a vector if reading 0 bytes.
    
    Happens with some close frames eg.
    
    [ docbroker_001 ] TRC  #21: Incoming WebSocket data of 6 bytes: 88 80 4a 2c 44 f9  | ..J,D.|
    
        fin = true
        OpCode is Close (= 0x8)
        hasMask = true
        payloadLen = 0
        headerLen = 2 -> 6 after hasMask is taken into account.
    
    Change-Id: I0e212e4589c3cc63db16f7065dc90cd0bd539ada
    Reviewed-on: https://gerrit.libreoffice.org/c/online/+/86280
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice at gmail.com>
    Reviewed-by: Andras Timar <andras.timar at collabora.com>

diff --git a/net/WebSocketHandler.hpp b/net/WebSocketHandler.hpp
index f483661be..aee9e9d2d 100644
--- a/net/WebSocketHandler.hpp
+++ b/net/WebSocketHandler.hpp
@@ -595,6 +595,9 @@ protected:
 
     void readPayload(unsigned char *data, size_t dataLen, unsigned char* mask, std::vector<char>& payload)
     {
+        if (dataLen == 0)
+            return;
+
         if (mask)
         {
             size_t end = payload.size();