socket.io-parser
Advanced tools
Comparing version 3.3.1 to 3.3.2
@@ -0,2 +1,10 @@ | ||
## [3.3.2](https://github.com/Automattic/socket.io-parser/compare/3.3.1...3.3.2) (2021-01-09) | ||
### Bug Fixes | ||
* prevent DoS (OOM) via massive packets ([#95](https://github.com/Automattic/socket.io-parser/issues/95)) ([89197a0](https://github.com/Automattic/socket.io-parser/commit/89197a05c43b18cc4569fd178d56e7bb8f403865)) | ||
## [3.3.1](https://github.com/socketio/socket.io-parser/compare/3.3.0...3.3.1) (2020-09-30) | ||
17
index.js
@@ -289,7 +289,5 @@ | ||
if (exports.BINARY_EVENT === p.type || exports.BINARY_ACK === p.type) { | ||
var buf = ''; | ||
while (str.charAt(++i) !== '-') { | ||
buf += str.charAt(i); | ||
if (i == str.length) break; | ||
} | ||
var start = i + 1; | ||
while (str.charAt(++i) !== '-' && i != str.length) {} | ||
var buf = str.substring(start, i); | ||
if (buf != Number(buf) || str.charAt(i) !== '-') { | ||
@@ -303,9 +301,9 @@ throw new Error('Illegal attachments'); | ||
if ('/' === str.charAt(i + 1)) { | ||
p.nsp = ''; | ||
var start = i + 1; | ||
while (++i) { | ||
var c = str.charAt(i); | ||
if (',' === c) break; | ||
p.nsp += c; | ||
if (i === str.length) break; | ||
} | ||
p.nsp = str.substring(start, i); | ||
} else { | ||
@@ -318,3 +316,3 @@ p.nsp = '/'; | ||
if ('' !== next && Number(next) == next) { | ||
p.id = ''; | ||
var start = i + 1; | ||
while (++i) { | ||
@@ -326,6 +324,5 @@ var c = str.charAt(i); | ||
} | ||
p.id += str.charAt(i); | ||
if (i === str.length) break; | ||
} | ||
p.id = Number(p.id); | ||
p.id = Number(str.substring(start, i + 1)); | ||
} | ||
@@ -332,0 +329,0 @@ |
{ | ||
"name": "socket.io-parser", | ||
"version": "3.3.1", | ||
"version": "3.3.2", | ||
"description": "socket.io protocol parser", | ||
@@ -5,0 +5,0 @@ "repository": { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
16982
481