lzhr/v2fly
1
0
Fork 0
mirror of https://github.com/v2fly/v2ray-core.git synced 2026-05-04 19:49:08 -04:00
Code Issues Releases Wiki Activity
Files
96dc2c1c8164b226cf0e2673454179b0b97cabb2
v2fly/external/github.com/gorilla/websocket
History
keepalivesrc 96dc2c1c81 websocket Read Limit Fix 
This fix addresses a potential denial-of-service (DoS) vector that can cause an integer overflow in the presence of malicious WebSocket frames.

The fix adds additional checks against the remaining bytes on a connection, as well as a test to prevent regression.

Credit to Max Justicz (https://justi.cz/) for discovering and reporting this, as well as providing a robust PoC and review.

* bugfix: fix DoS vector caused by readLimit bypass
* bugfix: payload length 127 should read bytes as uint64
* bugfix: defend against readLength overflows
2019-10-16 01:14:01 -07:00
..
AUTHORS
move vendor to external
2019-01-17 15:33:18 +01:00
client_clone.go
move vendor to external
2019-01-17 15:33:18 +01:00
client.go
move vendor to external
2019-01-17 15:33:18 +01:00
conn_write.go
move vendor to external
2019-01-17 15:33:18 +01:00
conn.go
websocket Read Limit Fix
2019-10-16 01:14:01 -07:00
doc.go
move vendor to external
2019-01-17 15:33:18 +01:00
LICENSE
move vendor to external
2019-01-17 15:33:18 +01:00
mask_safe.go
move vendor to external
2019-01-17 15:33:18 +01:00
mask.go
move vendor to external
2019-01-17 15:33:18 +01:00
README.md
update references
2019-01-17 16:39:39 +01:00
server.go
move vendor to external
2019-01-17 15:33:18 +01:00
util.go
move vendor to external
2019-01-17 15:33:18 +01:00

README.md

Gorilla WebSocket

Gorilla WebSocket is a Go implementation of the WebSocket protocol.

Build Status GoDoc

Documentation

Status

The Gorilla WebSocket package provides a complete and tested implementation of the WebSocket protocol. The package API is stable.

Installation

go get github.com/gorilla/websocket

Protocol Compliance

The Gorilla WebSocket package passes the server tests in the Autobahn Test Suite using the application in the examples/autobahn subdirectory.

Gorilla WebSocket compared with other packages

github.com/gorilla golang.org/x/net
RFC 6455 Features
Passes Autobahn Test SuiteYesNo
Receive fragmented messageYesNo, see note 1
Send close messageYesNo
Send pings and receive pongsYesNo
Get the type of a received data messageYesYes, see note 2
Other Features
Compression ExtensionsExperimentalNo
Read message using io.ReaderYesNo, see note 3
Write message using io.WriteCloserYesNo, see note 3

Notes:

  1. Large messages are fragmented in Chrome's new WebSocket implementation.
  2. The application can get the type of a received data message by implementing a Codec marshal function.
  3. The go.net io.Reader and io.Writer operate across WebSocket frame boundaries. Read returns when the input buffer is full or a frame boundary is encountered. Each call to Write sends a single frame message. The Gorilla io.Reader and io.WriteCloser operate on a single WebSocket message.
View Git Blame Copy Permalink