File libsoup-CVE-2024-52532.patch of Package libsoup2

Overview Repositories Revisions Requests Users Attributes Meta

File libsoup-CVE-2024-52532.patch of Package libsoup2

From f84fc43fe62e25ca807975fa758f2e3d7737db4f Mon Sep 17 00:00:00 2001
From: Mike Gorse <mgorse@suse.com>
Date: Tue, 12 Nov 2024 17:20:25 -0600
Subject: [PATCH] websocket: process the frame as soon as we read data

Otherwise we can enter in a read loop because we were not
validating the data until the all the data was read.

Fixes #391

Backport of https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3e.patch
---
 libsoup/soup-websocket-connection.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c
index 6d136d41..2db34d3c 100644
--- a/libsoup/soup-websocket-connection.c
+++ b/libsoup/soup-websocket-connection.c
@@ -1155,9 +1155,9 @@ soup_websocket_connection_read (SoupWebsocketConnection *self)
 		}
 
 		pv->incoming->len = len + count;
-	} while (count > 0);
 
-	process_incoming (self);
+		process_incoming (self);
+	} while (count > 0 && !pv->close_sent && !pv->io_closing);
 
 	if (end) {
 		if (!pv->close_sent || !pv->close_received) {
-- 
2.47.0

Places

File libsoup-CVE-2024-52532.patch of Package libsoup2

Places