Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit129d303

Browse files
committed
Fix DOS attack from malicious pongs
A double channel close panic was possible if a peer sent back multiplepongs for every ping.If the second pong arrived before the ping goroutine deleted its channelfrom the map, the channel would be closed twice and so a panic wouldensue.This fixes that by having the read goroutine send on the pinggoroutine's channel rather than closing it.Reported via email by Tibor Kálmán@kalmantPlease update to the new release ASAP!
1 parente4c3b0f commit129d303

File tree

2 files changed

+5
-2
lines changed

2 files changed

+5
-2
lines changed

‎conn_notjs.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -189,7 +189,7 @@ func (c *Conn) Ping(ctx context.Context) error {
189189
}
190190

191191
func (c*Conn)ping(ctx context.Context,pstring)error {
192-
pong:=make(chanstruct{})
192+
pong:=make(chanstruct{},1)
193193

194194
c.activePingsMu.Lock()
195195
c.activePings[p]=pong

‎read.go‎

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -271,7 +271,10 @@ func (c *Conn) handleControl(ctx context.Context, h header) (err error) {
271271
pong,ok:=c.activePings[string(b)]
272272
c.activePingsMu.Unlock()
273273
ifok {
274-
close(pong)
274+
select {
275+
casepong<-struct{}{}:
276+
default:
277+
}
275278
}
276279
returnnil
277280
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp