socket.io-parser
Advanced tools
Comparing version 2.2.2 to 2.2.3
2.2.3 / 2015-02-03 | ||
================== | ||
* index: fix potential infinite loop with malicious binary packet | ||
2.2.2 / 2014-09-04 | ||
@@ -3,0 +8,0 @@ ================== |
14
index.js
@@ -243,3 +243,3 @@ | ||
// no attachments, labeled binary but no binary data to follow | ||
if (this.reconstructor.reconPack.attachments == 0) { | ||
if (this.reconstructor.reconPack.attachments === 0) { | ||
this.emit('decoded', packet); | ||
@@ -285,7 +285,11 @@ } | ||
if (exports.BINARY_EVENT == p.type || exports.BINARY_ACK == p.type) { | ||
p.attachments = ''; | ||
var buf = ''; | ||
while (str.charAt(++i) != '-') { | ||
p.attachments += str.charAt(i); | ||
buf += str.charAt(i); | ||
if (i + 1 == str.length) break; | ||
} | ||
p.attachments = Number(p.attachments); | ||
if (buf != Number(buf) || str.charAt(i) != '-') { | ||
throw new Error('Illegal attachments'); | ||
} | ||
p.attachments = Number(buf); | ||
} | ||
@@ -308,3 +312,3 @@ | ||
var next = str.charAt(i + 1); | ||
if ('' != next && Number(next) == next) { | ||
if ('' !== next && Number(next) == next) { | ||
p.id = ''; | ||
@@ -311,0 +315,0 @@ while (++i) { |
{ | ||
"name": "socket.io-parser", | ||
"version": "2.2.2", | ||
"version": "2.2.3", | ||
"description": "socket.io protocol parser", | ||
@@ -5,0 +5,0 @@ "repository": { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
19178
550