[asterisk-bugs] [JIRA] (ASTERISK-27658) WebSocket frames with 0 sized payload causes DoS

Friendly Automation (JIRA) noreply at issues.asterisk.org
Wed Feb 21 12:16:14 CST 2018


    [ https://issues.asterisk.org/jira/browse/ASTERISK-27658?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=242344#comment-242344 ] 

Friendly Automation commented on ASTERISK-27658:
------------------------------------------------

Change 8362 merged by Kevin Harwell:
AST-2018-006: Properly handle WebSocket frames with 0 length payload.

[https://gerrit.asterisk.org/8362|https://gerrit.asterisk.org/8362]

> WebSocket frames with 0 sized payload causes DoS
> ------------------------------------------------
>
>                 Key: ASTERISK-27658
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27658
>             Project: Asterisk
>          Issue Type: Security
>          Components: Resources/res_http_websocket
>    Affects Versions: 15.2.0
>            Reporter: Sean Bright
>            Assignee: Sean Bright
>            Severity: Blocker
>              Labels: security
>         Attachments: AST-2018-006.pdf
>
>
> In ast_websocket_read() we don't adequately check that payload_len is > 0 before calling ws_safe_read(). Calling ws_safe_read with a len argument of 0 will result in a busy loop until the underlying socket is closed.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list