espressif/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-04-27 19:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(transport_ws): flush oversized control frame payload before returning error

Browse Source
This commit is contained in:
surengab
2026-03-24 20:21:18 +04:00
parent 9fc2f11136
commit e19d2a9a69
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/tcp_transport/transport_ws.c
+11
View File
@@ -556,6 +556,7 @@ static int esp_transport_read_exact_size(transport_ws_t *ws, char *buffer, int r
/* Read and parse the WS header, determine length of payload */ /* Read and parse the WS header, determine length of payload */
static int ws_read_header(esp_transport_handle_t t, char *buffer, int len, int timeout_ms) static int ws_read_header(esp_transport_handle_t t, char *buffer, int len, int timeout_ms)
{ {
transport_ws_t *ws = esp_transport_get_context_data(t); transport_ws_t *ws = esp_transport_get_context_data(t);
@@ -635,6 +636,16 @@ static int ws_read_header(esp_transport_handle_t t, char *buffer, int len, int t
if ((ws->frame_state.opcode & WS_OPCODE_CONTROL_FRAME) && payload_len > 125) { if ((ws->frame_state.opcode & WS_OPCODE_CONTROL_FRAME) && payload_len > 125) {
ESP_LOGE(TAG, "Control frame with excessive payload detected (opcode=0x%02X, payload_len=%d) - protocol violation", ESP_LOGE(TAG, "Control frame with excessive payload detected (opcode=0x%02X, payload_len=%d) - protocol violation",
ws->frame_state.opcode, payload_len); ws->frame_state.opcode, payload_len);
// Consume the payload bytes from the TCP stream to keep it in sync before returning error
int remaining = payload_len;
while (remaining > 0 && len > 0) {
int to_read = remaining < len ? remaining : len;
int bytes_read = esp_transport_read_internal(ws, buffer, to_read, timeout_ms);
if (bytes_read <= 0) {
break;
}
remaining -= bytes_read;
}
return -1; return -1;
} }
if (mask) { if (mask) {