mojo icon indicating copy to clipboard operation
mojo copied to clipboard
verified publisher icon mojolicious

WebSocket zlib calls aren’t error-checked

Open FGasper opened this issue 3 years ago • 0 comments

https://github.com/mojolicious/mojo/blob/89182e49b1845528904af3d280ca168929c72692/lib/Mojo/Transaction/WebSocket.pm#L30-L31

https://github.com/mojolicious/mojo/blob/89182e49b1845528904af3d280ca168929c72692/lib/Mojo/Transaction/WebSocket.pm#L96

We aren’t sure, but this may be related to some zlib memory-handling errors we’ve seen that may relate to the recent Zlib CVE.

I’m not sure how failures should be reported here, but these seem like calls that should be checked.

FGasper avatar Apr 11 '22 13:04 FGasper