From da53e947b5c715ff50335e587c78afa07d4002fb Mon Sep 17 00:00:00 2001 From: BTCYZ477 Date: Mon, 14 Apr 2025 20:39:59 +0300 Subject: [PATCH 1/2] Fix payload parsing for 64 byte payloads --- source/NetCoreServer/WebSocket.cs | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/source/NetCoreServer/WebSocket.cs b/source/NetCoreServer/WebSocket.cs index ab375f0..a0e656d 100644 --- a/source/NetCoreServer/WebSocket.cs +++ b/source/NetCoreServer/WebSocket.cs @@ -409,7 +409,15 @@ public void PrepareReceiveFrame(byte[] buffer, long offset, long size) } } - payload = ((WsReceiveFrameBuffer[2] << 56) | (WsReceiveFrameBuffer[3] << 48) | (WsReceiveFrameBuffer[4] << 40) | (WsReceiveFrameBuffer[5] << 32) | (WsReceiveFrameBuffer[6] << 24) | (WsReceiveFrameBuffer[7] << 16) | (WsReceiveFrameBuffer[8] << 8) | (WsReceiveFrameBuffer[9] << 0)); + payload = ((WsReceiveFrameBuffer[2] & 0xFFL) << 56) | + ((WsReceiveFrameBuffer[3] & 0xFFL) << 48) | + ((WsReceiveFrameBuffer[4] & 0xFFL) << 40) | + ((WsReceiveFrameBuffer[5] & 0xFFL) << 32) | + ((WsReceiveFrameBuffer[6] & 0xFFL) << 24) | + ((WsReceiveFrameBuffer[7] & 0xFFL) << 16) | + ((WsReceiveFrameBuffer[8] & 0xFFL) << 8) | + ((WsReceiveFrameBuffer[9] & 0xFFL)); + WsHeaderSize = 10 + (mask ? 4 : 0); WsPayloadSize = payload; } From c6ccbbb87b6fb06a7240750835e20b2db77efa33 Mon Sep 17 00:00:00 2001 From: Baris Can Daylik Date: Tue, 15 Apr 2025 10:27:31 +0300 Subject: [PATCH 2/2] Add payload overflow testcase --- tests/WsTests.cs | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/tests/WsTests.cs b/tests/WsTests.cs index 9a9d199..5f5ef81 100644 --- a/tests/WsTests.cs +++ b/tests/WsTests.cs @@ -352,5 +352,48 @@ public void WsServerRandomTest() Assert.True(server.BytesReceived > 0); Assert.True(!server.Errors); } + + [Fact(DisplayName = "WebSocket frame size validation test")] + public void WsFrameSizeValidationTest() + { + string address = "127.0.0.1"; + int port = 8084; + + var server = new EchoWsServer(IPAddress.Any, port); + Assert.True(server.Start()); + while (!server.IsStarted) + Thread.Yield(); + + var client = new EchoWsClient(address, port); + Assert.True(client.ConnectAsync()); + while (!client.IsWsConnected || (server.Clients != 1)) + Thread.Yield(); + + byte[] malformedFrame = new byte[20]; + malformedFrame[0] = 0x81; + malformedFrame[1] = 0xFF; + + malformedFrame[2] = 0x0F; + for (int i = 3; i < 10; i++) + malformedFrame[i] = 0xFF; + + // Set mask key (4 bytes) + malformedFrame[10] = 0x11; + malformedFrame[11] = 0x22; + malformedFrame[12] = 0x33; + malformedFrame[13] = 0x44; + + client.Send(malformedFrame, 0, malformedFrame.Length); + + Thread.Sleep(100); + + Assert.True(client.CloseAsync(1000)); + while (client.IsWsConnected || (server.Clients != 0)) + Thread.Yield(); + + Assert.True(server.Stop()); + while (server.IsStarted) + Thread.Yield(); + } } }