Socket
Socket
Sign inDemoInstall

socket.io-parser

Package Overview
Dependencies
5
Maintainers
1
Versions
53
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 2.2.2 to 2.2.3

5

History.md
2.2.3 / 2015-02-03
==================
* index: fix potential infinite loop with malicious binary packet
2.2.2 / 2014-09-04

@@ -3,0 +8,0 @@ ==================

14

index.js

@@ -243,3 +243,3 @@

// no attachments, labeled binary but no binary data to follow
if (this.reconstructor.reconPack.attachments == 0) {
if (this.reconstructor.reconPack.attachments === 0) {
this.emit('decoded', packet);

@@ -285,7 +285,11 @@ }

if (exports.BINARY_EVENT == p.type || exports.BINARY_ACK == p.type) {
p.attachments = '';
var buf = '';
while (str.charAt(++i) != '-') {
p.attachments += str.charAt(i);
buf += str.charAt(i);
if (i + 1 == str.length) break;
}
p.attachments = Number(p.attachments);
if (buf != Number(buf) || str.charAt(i) != '-') {
throw new Error('Illegal attachments');
}
p.attachments = Number(buf);
}

@@ -308,3 +312,3 @@

var next = str.charAt(i + 1);
if ('' != next && Number(next) == next) {
if ('' !== next && Number(next) == next) {
p.id = '';

@@ -311,0 +315,0 @@ while (++i) {

{
"name": "socket.io-parser",
"version": "2.2.2",
"version": "2.2.3",
"description": "socket.io protocol parser",

@@ -5,0 +5,0 @@ "repository": {

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc