Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/dotnet/runtime.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/coreclr/src/debug/createdump/dumpwriter.cpp2
-rw-r--r--src/libraries/Common/src/System/Net/WebSockets/ManagedWebSocket.cs8
-rw-r--r--src/libraries/Common/tests/System/Net/WebSockets/WebSocketCreateTest.cs30
-rw-r--r--src/libraries/System.Net.WebSockets.WebSocketProtocol/src/Resources/Strings.resx3
-rw-r--r--src/libraries/System.Net.WebSockets/src/Resources/Strings.resx3
5 files changed, 45 insertions, 1 deletions
diff --git a/src/coreclr/src/debug/createdump/dumpwriter.cpp b/src/coreclr/src/debug/createdump/dumpwriter.cpp
index 3c61aeb9e56..2abebb2e4f9 100644
--- a/src/coreclr/src/debug/createdump/dumpwriter.cpp
+++ b/src/coreclr/src/debug/createdump/dumpwriter.cpp
@@ -23,7 +23,7 @@ DumpWriter::~DumpWriter()
bool
DumpWriter::OpenDump(const char* dumpFileName)
{
- m_fd = open(dumpFileName, O_WRONLY|O_CREAT|O_TRUNC, 0664);
+ m_fd = open(dumpFileName, O_WRONLY|O_CREAT|O_TRUNC, S_IWUSR | S_IRUSR);
if (m_fd == -1)
{
fprintf(stderr, "Could not open output %s: %d %s\n", dumpFileName, errno, strerror(errno));
diff --git a/src/libraries/Common/src/System/Net/WebSockets/ManagedWebSocket.cs b/src/libraries/Common/src/System/Net/WebSockets/ManagedWebSocket.cs
index 38a83c25d15..c44a3ce0335 100644
--- a/src/libraries/Common/src/System/Net/WebSockets/ManagedWebSocket.cs
+++ b/src/libraries/Common/src/System/Net/WebSockets/ManagedWebSocket.cs
@@ -1020,6 +1020,14 @@ namespace System.Net.WebSockets
return SR.net_Websockets_ReservedBitsSet;
}
+ if (header.PayloadLength < 0)
+ {
+ // as per RFC, if payload length is a 64-bit integer, the most significant bit MUST be 0
+ // frame-payload-length-63 = %x0000000000000000-7FFFFFFFFFFFFFFF; 64 bits in length
+ resultHeader = default;
+ return SR.net_Websockets_InvalidPayloadLength;
+ }
+
if (masked)
{
if (!_isServer)
diff --git a/src/libraries/Common/tests/System/Net/WebSockets/WebSocketCreateTest.cs b/src/libraries/Common/tests/System/Net/WebSockets/WebSocketCreateTest.cs
index f22a8add7d9..55c60e6e87c 100644
--- a/src/libraries/Common/tests/System/Net/WebSockets/WebSocketCreateTest.cs
+++ b/src/libraries/Common/tests/System/Net/WebSockets/WebSocketCreateTest.cs
@@ -147,6 +147,36 @@ namespace System.Net.WebSockets.Tests
}
}
+ [Theory]
+ [InlineData(new byte[] { 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }, false)] // max allowed value
+ [InlineData(new byte[] { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, true)]
+ public async Task ReceiveAsync_InvalidPayloadLength_AbortsAndThrowsException(byte[] lenBytes, bool shouldFail)
+ {
+ var frame = new byte[11];
+ frame[0] = 0b1_000_0010; // FIN, RSV, OPCODE
+ frame[1] = 0b0_1111111; // MASK, PAYLOAD_LEN
+ Array.Copy(lenBytes, 0, frame, 2, lenBytes.Length); // EXTENDED_PAYLOAD_LEN
+ frame[10] = (byte)'a';
+
+ using var stream = new MemoryStream(frame, writable: true);
+ using WebSocket websocket = CreateFromStream(stream, false, null, Timeout.InfiniteTimeSpan);
+
+ var buffer = new byte[1];
+ Task<WebSocketReceiveResult> t = websocket.ReceiveAsync(new ArraySegment<byte>(buffer), CancellationToken.None);
+ if (shouldFail)
+ {
+ var exc = await Assert.ThrowsAsync<WebSocketException>(() => t);
+ Assert.Equal(WebSocketState.Aborted, websocket.State);
+ }
+ else
+ {
+ WebSocketReceiveResult result = await t;
+ Assert.False(result.EndOfMessage);
+ Assert.Equal(1, result.Count);
+ Assert.Equal('a', (char)buffer[0]);
+ }
+ }
+
[Fact]
[PlatformSpecific(~TestPlatforms.Browser)] // System.Net.Sockets is not supported on this platform.
[ActiveIssue("https://github.com/dotnet/runtime/issues/34690", TestPlatforms.Windows, TargetFrameworkMonikers.Netcoreapp, TestRuntimes.Mono)]
diff --git a/src/libraries/System.Net.WebSockets.WebSocketProtocol/src/Resources/Strings.resx b/src/libraries/System.Net.WebSockets.WebSocketProtocol/src/Resources/Strings.resx
index 1c8cf89eca5..2c51ebfef8a 100644
--- a/src/libraries/System.Net.WebSockets.WebSocketProtocol/src/Resources/Strings.resx
+++ b/src/libraries/System.Net.WebSockets.WebSocketProtocol/src/Resources/Strings.resx
@@ -111,4 +111,7 @@
<data name="net_Websockets_UnknownOpcode" xml:space="preserve">
<value>The WebSocket received a frame with an unknown opcode: '0x{0}'.</value>
</data>
+ <data name="net_Websockets_InvalidPayloadLength" xml:space="preserve">
+ <value>The WebSocket received a frame with an invalid payload length.</value>
+ </data>
</root>
diff --git a/src/libraries/System.Net.WebSockets/src/Resources/Strings.resx b/src/libraries/System.Net.WebSockets/src/Resources/Strings.resx
index a4f630ea24c..7b09eddf32c 100644
--- a/src/libraries/System.Net.WebSockets/src/Resources/Strings.resx
+++ b/src/libraries/System.Net.WebSockets/src/Resources/Strings.resx
@@ -138,4 +138,7 @@
<data name="NotWriteableStream" xml:space="preserve">
<value>The base stream is not writeable.</value>
</data>
+ <data name="net_Websockets_InvalidPayloadLength" xml:space="preserve">
+ <value>The WebSocket received a frame with an invalid payload length.</value>
+ </data>
</root>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 21:17:17 +0300