Details
Description
The HTTP request processing in res_http_websocket allocates additional space on the stack for various headers received during an Upgrade request. An attacker could send a specially crafted request that causes this code to overflow the stack, resulting in a crash.
NOTE: A bug in ast_iostream_gets() currently gives 15+ versions some slight protection from req.txt
causing a crash because the extra long header values are too long. The extra long lines cause the request to be rejected as a result. However, if they were 2K long with more of them to compensate we would still get the crash from blowing the stack.
Issue Links
- is a clone of
-
SWP-10444 Loading...
This issue has been automatically restricted and set to a blocker due to being a security type issue. If this is not a security vulnerability issue it will be moved to the appropriate issue type when triaged.