Mirrors/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-06-04 20:26:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix(transport_ws): add RFC 6455 validation for control frame payload size

Browse Source
This commit is contained in:
surengab
2026-02-18 15:28:36 +04:00
parent 7f2006b388
commit 5eff7a1705
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
components/tcp_transport/transport_ws.c
View File

@@ -633,7 +633,12 @@ static int ws_read_header(esp_transport_handle_t t, char *buffer, int len, int t
payload_len = (uint8_t)data_ptr[4] << 24 | (uint8_t)data_ptr[5] << 16 | (uint8_t)data_ptr[6] << 8 | data_ptr[7];
}
}
// RFC 6455 Section 5.5: Control frames MUST have payload length of 125 bytes or less
if ((ws->frame_state.opcode & WS_OPCODE_CONTROL_FRAME) && payload_len > 125) {
ESP_LOGE(TAG, "Control frame with excessive payload detected (opcode=0x%02X, payload_len=%d) - protocol violation",
ws->frame_state.opcode, payload_len);
return -1;
}
if (mask) {
// Read and store mask
if (payload_len != 0 && (rlen = esp_transport_read_exact_size(ws, buffer, mask_len, timeout_ms)) <= 0) {