summaryrefslogtreecommitdiffhomepage
path: root/src/java/nginx/unit/websocket/WsFrameBase.java
diff options
context:
space:
mode:
authoroxpa <iippolitov@gmail.com>2025-03-03 15:22:09 +0000
committeroxpa <iippolitov@gmail.com>2025-03-03 15:22:09 +0000
commit228377b1ff64b7ffba92c1914de667d8d018b2b3 (patch)
tree285055bed39f1c64920c29e8978f580618f6fbce /src/java/nginx/unit/websocket/WsFrameBase.java
parentbdc4d30548c6964f6fedffb27c4e41176a67de05 (diff)
parent8ab74a8cc929272eb8683d3f6ab4cb406465fd34 (diff)
downloadunit-1.34.2-1.tar.gz
unit-1.34.2-1.tar.bz2
Merge tag '1.34.2' into packaging1.34.2-1
Unit 1.34.2 release.
Diffstat (limited to 'src/java/nginx/unit/websocket/WsFrameBase.java')
-rw-r--r--src/java/nginx/unit/websocket/WsFrameBase.java9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/java/nginx/unit/websocket/WsFrameBase.java b/src/java/nginx/unit/websocket/WsFrameBase.java
index 06d20bf4..f07a8962 100644
--- a/src/java/nginx/unit/websocket/WsFrameBase.java
+++ b/src/java/nginx/unit/websocket/WsFrameBase.java
@@ -260,6 +260,13 @@ public abstract class WsFrameBase {
} else if (payloadLength == 127) {
payloadLength = byteArrayToLong(inputBuffer.array(),
inputBuffer.arrayOffset() + inputBuffer.position(), 8);
+ // The most significant bit of those 8 bytes is required to be zero
+ // (see RFC 6455, section 5.2). If the most significant bit is set,
+ // the resulting payload length will be negative so test for that.
+ if (payloadLength < 0) {
+ throw new WsIOException(
+ new CloseReason(CloseCodes.PROTOCOL_ERROR, sm.getString("wsFrame.payloadMsbInvalid")));
+ }
inputBuffer.position(inputBuffer.position() + 8);
}
if (Util.isControl(opCode)) {
@@ -670,7 +677,7 @@ public abstract class WsFrameBase {
int shift = 0;
long result = 0;
for (int i = start + len - 1; i >= start; i--) {
- result = result + ((b[i] & 0xFF) << shift);
+ result = result + ((b[i] & 0xFFL) << shift);
shift += 8;
}
return result;
generated by cgit (git 2.34.1) at 2025-12-06 12:21:31 +0000