Mirrored_Repos/obs-websocket
1
0
Fork 0
mirror of https://github.com/Palakis/obs-websocket.git synced 2024-08-30 18:12:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

websocketserver: Validate data type of authentication payload field

Browse Source 
Can cause crash if field is not a string

Reported by @tyami94
This commit is contained in:
tt2468 2022-12-31 14:54:11 -08:00 committed by GitHub
parent a792c59699
commit e797a3fb34
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/websocketserver/WebSocketServer_Protocol.cpp
View File

@ -104,6 +104,11 @@ void WebSocketServer::ProcessMessage(SessionPtr session, WebSocketServer::Proces
"Your payload's data is missing an `authentication` string, however authentication is required.";
return;
}
if (!payloadData["authentication"].is_string()) {
ret.closeCode = WebSocketCloseCode::AuthenticationFailed;
ret.closeReason = "Your `authentication` field is not a string.";
return;
}
if (!Utils::Crypto::CheckAuthenticationString(session->Secret(), session->Challenge(),
payloadData["authentication"])) {
auto conf = GetConfig();