Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/6.0] Throw on invalid payload length in WebSockets #57636

Merged
merged 1 commit into from
Aug 18, 2021
Merged

[release/6.0] Throw on invalid payload length in WebSockets #57636

merged 1 commit into from
Aug 18, 2021

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Aug 18, 2021
edited by CarnaViire
Loading

Backport of #57598 to release/6.0

/cc @CarnaViire

Port of 9eb5680

Customer Impact

Avoid integer overflow to prevent infinite loop in reading from WebSocket. (also complies better with WebSocket RFC)
MSRC 65273 - Prevents DoS attack by sending frames with invalid payload length.

Testing

Unit test included in PR

Risk

Low

@ghost
Copy link

ghost commented Aug 18, 2021

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

Backport of #57598 to release/6.0

/cc @CarnaViire

Customer Impact

Testing

Risk

Author: github-actions[bot]
Assignees: -
Labels:

area-System.Net
Milestone: -

@karelz
Copy link
Member

karelz commented Aug 18, 2021
edited
Loading

Failures are infra issues, not related to the PR:

Re-running CI just in case ...

@karelz karelz added this to the 6.0.0 milestone Aug 18, 2021
@karelz karelz added the Servicing-consider Issue for next servicing release review label Aug 18, 2021
jeffschwMSFT
jeffschwMSFT approved these changes Aug 18, 2021
View reviewed changes
Copy link
Member

@jeffschwMSFT jeffschwMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved. With a green CI we should merge.

@jeffschwMSFT jeffschwMSFT merged commit 9e56917 into release/6.0 Aug 18, 2021
@akoeplinger akoeplinger deleted the backport/pr-57598-to-release/6.0 branch August 19, 2021 10:03
@ghost ghost locked as resolved and limited conversation to collaborators Sep 18, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jeffschwMSFT jeffschwMSFT jeffschwMSFT approved these changes

@karelz karelz karelz approved these changes

Assignees
No one assigned
Labels
area-System.Net Servicing-consider Issue for next servicing release review
Projects
None yet
Milestone
6.0.0
Development

Successfully merging this pull request may close these issues.
3 participants
@karelz @jeffschwMSFT @CarnaViire