From 02ccd0b76f51ae9266b8af7e15eab11d3a94ff47 Mon Sep 17 00:00:00 2001
From: tt2468 <tt2468@gmail.com>
Date: Mon, 25 Jul 2022 08:00:48 -0700
Subject: [PATCH] websocketserver: Validate `op` field type

Could cause a crash by assuming `op` is always a number.

Closes #965
---
 src/websocketserver/WebSocketServer.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/websocketserver/WebSocketServer.cpp b/src/websocketserver/WebSocketServer.cpp
index e4eaff5f..534d040f 100644
--- a/src/websocketserver/WebSocketServer.cpp
+++ b/src/websocketserver/WebSocketServer.cpp
@@ -445,6 +445,12 @@ void WebSocketServer::onMessage(websocketpp::connection_hdl hdl,
 			goto skipProcessing;
 		}
 
+		if (!incomingMessage["op"].is_number()) {
+			ret.closeCode = WebSocketCloseCode::UnknownOpCode;
+			ret.closeReason = "Your `op` is not a number.";
+			goto skipProcessing;
+		}
+
 		ProcessMessage(session, ret, incomingMessage["op"], incomingMessage["d"]);
 
 	skipProcessing: