Files
libsoup/libsoup-CVE-2025-32049.patch
Bjørn Lie 745a3951bf - Add more CVE fixes:
+ libsoup-CVE-2025-32049.patch (bsc#1240751 CVE-2025-32049
    glgo#GNOME/libsoup#390)
  + libsoup-CVE-2026-2443.patch (bsc#1258170 CVE-2026-2443
    glgo#GNOME/libsoup#487)
  + libsoup-CVE-2026-2369.patch (bsc#1258120 CVE-2026-2369
    glgo#GNOME/libsoup!508)

OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=327
2026-02-14 17:10:05 +00:00

17 lines
670 B
Diff

diff --git a/libsoup/websocket/soup-websocket-connection.c b/libsoup/websocket/soup-websocket-connection.c
index a1448134..48b08b60 100644
--- a/libsoup/websocket/soup-websocket-connection.c
+++ b/libsoup/websocket/soup-websocket-connection.c
@@ -971,6 +971,11 @@ process_contents (SoupWebsocketConnection *self,
switch (priv->message_opcode) {
case 0x01:
case 0x02:
+ /* Safety valve */
+ if (priv->message_data->len + payload_len > priv->max_incoming_payload_size) {
+ too_big_error_and_close (self, (priv->message_data->len + payload_len));
+ return;
+ }
g_byte_array_append (priv->message_data, payload, payload_len);
break;
default: