Commit Graph

16 Commits (9a452bc1a15600e29f9f75c974297e120c6efdc9)

Author SHA1 Message Date
Loyalsoldier 2fc5f96a1d
Refine codes (#245)
* Run go mod tidy
* Add new line
* Run gofmt
2020-10-02 09:32:39 +08:00
loyalsoldier 1fa89b32d4
Format: run go fmt ./... 2020-08-30 21:17:22 +08:00
vcptr 854f97fb78 remove script's fiddling 2019-10-19 11:12:11 +08:00
vcptr c022ce610e add doc under external 2019-10-19 10:38:27 +08:00
vcptr fa0a21f0dd external module refraction-networking/utls use mod version 2019-10-19 10:22:49 +08:00
vcptr 5d9e2e69a9 external module gorilla/websocket use mod version 2019-10-19 10:05:40 +08:00
Kslr 31a647bcf0
Merge pull request #1950 from keepalivesrc/patch-2
Websocket Read Limit Fix
2019-10-18 17:54:04 +08:00
keepalivesrc 01c7bba529
Delete conn_test.go 2019-10-16 16:58:07 -07:00
keepalivesrc 3b2d63d8d3
update TestReadLimit sub-test 2019-10-16 16:52:41 -07:00
keepalivesrc 96dc2c1c81
websocket Read Limit Fix
This fix addresses a potential denial-of-service (DoS) vector that can cause an integer overflow in the presence of malicious WebSocket frames.

The fix adds additional checks against the remaining bytes on a connection, as well as a test to prevent regression.

Credit to Max Justicz (https://justi.cz/) for discovering and reporting this, as well as providing a robust PoC and review.

* bugfix: fix DoS vector caused by readLimit bypass
* bugfix: payload length 127 should read bytes as uint64
* bugfix: defend against readLength overflows
2019-10-16 01:14:01 -07:00
keepalivesrc ac481e6842
fix typos 2019-10-16 01:04:35 -07:00
Darien Raymond c072d38e2c
refine tls connection 2019-02-17 00:58:02 +01:00
Darien Raymond 2f96c3c257
update references 2019-01-17 16:39:39 +01:00
Darien Raymond 26b7845550
remove unused files 2019-01-17 15:47:13 +01:00
Darien Raymond 840c559490
update dependencies 2019-01-17 15:44:22 +01:00
Darien Raymond f1934a4ff2
move vendor to external 2019-01-17 15:33:18 +01:00