parseHttpHeaders crashes on malformed header

```
Program terminated with signal SIGABRT, Aborted.
...
#5  std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator[] (this=<optimized out>, __pos=<optimized out>)
    at /usr/src/debug/gcc-11.4.1-3.el9.x86_64/obj-x86_64-redhat-linux/x86_64-redhat-linux/libstdc++-v3/include/bits/basic_string.h:1055
#6  0x000000000060366f in ix::parseHttpHeaders[abi:cxx11](std::unique_ptr<ix::Socket, std::default_delete<ix::Socket> >&, std::function<bool ()> const&) ()
#7  0x00000000005f3c65 in ix::Http::parseRequest[abi:cxx11](std::unique_ptr<ix::Socket, std::default_delete<ix::Socket> >&, int) ()
#8  0x00000000005de3e9 in ix::HttpServer::handleConnection(std::unique_ptr<ix::Socket, std::default_delete<ix::Socket> >, std::shared_ptr<ix::ConnectionState>) ()
```
There is no sanitizer for the received bytes. When a sequence like "...\0:..." is received, the [lineStr ](https://github.com/machinezone/IXWebSocket/blob/8115594483b958c6db809dd3edb1603c3969f591/ixwebsocket/IXWebSocketHttpHeaders.cpp#L49)is constructed with a size smaller than i, which triggers a crash upon accessing [lineStr[start]](https://github.com/machinezone/IXWebSocket/blob/8115594483b958c6db809dd3edb1603c3969f591/ixwebsocket/IXWebSocketHttpHeaders.cpp#L60C24-L60C38).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

parseHttpHeaders crashes on malformed header #545

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

parseHttpHeaders crashes on malformed header #545

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions