Bjørn Lie
956d6984d6
+ libsoup2-CVE-2025-32049.patch (bsc#1240751 CVE-2025-32049
glgo#GNOME/libsoup#390)
+ libsoup2-CVE-2026-2443.patch (bsc#1258170 CVE-2026-2443
glgo#GNOME/libsoup#487)
+ libsoup2-CVE-2026-2369.patch (bsc#1258120 CVE-2026-2369
glgo#GNOME/libsoup!508)
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup2?expand=0&rev=42
31 lines
1019 B
Diff
31 lines
1019 B
Diff
From 6ec7c5be50b48d6ce0a09aa3468f2c5725406a97 Mon Sep 17 00:00:00 2001
|
|
From: Michael Catanzaro <mcatanzaro@redhat.com>
|
|
Date: Wed, 21 May 2025 10:42:51 -0500
|
|
Subject: [PATCH] Add size limit for total message size
|
|
|
|
This size limit could break applications, but it will close the denial
|
|
of service issue.
|
|
---
|
|
libsoup/soup-websocket-connection.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c
|
|
index 36524d04..f8764aff 100644
|
|
--- a/libsoup/soup-websocket-connection.c
|
|
+++ b/libsoup/soup-websocket-connection.c
|
|
@@ -913,6 +913,11 @@ process_contents (SoupWebsocketConnection *self,
|
|
switch (pv->message_opcode) {
|
|
case 0x01:
|
|
case 0x02:
|
|
+ /* Safety valve */
|
|
+ if (pv->message_data->len + payload_len > pv->max_incoming_payload_size) {
|
|
+ too_big_error_and_close (self, (pv->message_data->len + payload_len));
|
|
+ return;
|
|
+ }
|
|
g_byte_array_append (pv->message_data, payload, payload_len);
|
|
break;
|
|
default:
|
|
--
|
|
2.49.0
|
|
|