[html5] r4830 - [giowt] (0) Include a warning about long length frames

whatwg at whatwg.org whatwg at whatwg.org
Mon Mar 8 12:39:26 PST 2010


Author: ianh
Date: 2010-03-08 12:39:24 -0800 (Mon, 08 Mar 2010)
New Revision: 4830

Modified:
   complete.html
   source
Log:
[giowt] (0) Include a warning about long length frames

Modified: complete.html
===================================================================
--- complete.html	2010-03-05 22:00:51 UTC (rev 4829)
+++ complete.html	2010-03-08 20:39:24 UTC (rev 4830)
@@ -157,7 +157,7 @@
 
   <header class=head id=head><p><a class=logo href=http://www.whatwg.org/ rel=home><img alt=WHATWG src=/images/logo></a></p>
    <hgroup><h1>Web Applications 1.0</h1>
-    <h2 class="no-num no-toc">Draft Standard — 5 March 2010</h2>
+    <h2 class="no-num no-toc">Draft Standard — 8 March 2010</h2>
    </hgroup><p>You can take part in this work. <a href=http://www.whatwg.org/mailing-list>Join the working group's discussion list.</a></p>
    <p><strong>Web designers!</strong> We have a <a href=http://blog.whatwg.org/faq/>FAQ</a>, a <a href=http://forums.whatwg.org/>forum</a>, and a <a href=http://www.whatwg.org/mailing-list#help>help mailing list</a> for you!</p>
    <!--<p class="impl"><strong>Implementors!</strong> We have a <a href="http://www.whatwg.org/mailing-list#implementors">mailing list</a> for you too!</p>-->
@@ -68857,8 +68857,15 @@
 
       </ol></dd>
 
-    </dl></li>
+    </dl><p class=warning>User agents may impose implementation-specific
+    limits on the lengths of invalid frames that they will skip. In
+    particular, it is possible for a server to (innocently or
+    maliciously) send frames with lengths greater than 2<sup>31</sup>
+    or 2<sup>32</sup> bytes, overflowing a signed or unsigned 32bit
+    integer.</p>
 
+   </li>
+
    <li>
 
     <p>If <var title="">error</var> is true, then <dfn id=a-websocket-error-has-been-detected>a WebSocket
@@ -69481,8 +69488,18 @@
      terminated</var> flag and abort these steps. All further data
      sent by the client should be discarded.</li>
 
-    </ol></li>
+    </ol><p class=warning>Servers may impose implementation-specific
+    limits on the lengths of invalid frames that they will skip. In
+    particular, it is possible for a malicious client to send frames
+    with lengths greater than 2<sup>31</sup> or 2<sup>32</sup> bytes,
+    overflowing a signed or unsigned 32bit integer. If a server cannot
+    correctly skip past a long frame, then the server must abort these
+    steps (discarding all future data), and should either immediately
+    disconnect from the client or set the <var title="">client
+    terminated</var> flag.</p>
 
+   </li>
+
    <li><p>Return to the step labeled <a href=#ws-sd-frame><i>frame</i></a>.</li>
 
   </ol><hr><p>The server must run through the following steps to send strings

Modified: source
===================================================================
--- source	2010-03-05 22:00:51 UTC (rev 4829)
+++ source	2010-03-08 20:39:24 UTC (rev 4830)
@@ -77427,6 +77427,13 @@
 
     </dl>
 
+    <p class="warning">User agents may impose implementation-specific
+    limits on the lengths of invalid frames that they will skip. In
+    particular, it is possible for a server to (innocently or
+    maliciously) send frames with lengths greater than 2<sup>31</sup>
+    or 2<sup>32</sup> bytes, overflowing a signed or unsigned 32bit
+    integer.</p>
+
    </li>
 
    <li>
@@ -78129,6 +78136,16 @@
 
     </ol>
 
+    <p class="warning">Servers may impose implementation-specific
+    limits on the lengths of invalid frames that they will skip. In
+    particular, it is possible for a malicious client to send frames
+    with lengths greater than 2<sup>31</sup> or 2<sup>32</sup> bytes,
+    overflowing a signed or unsigned 32bit integer. If a server cannot
+    correctly skip past a long frame, then the server must abort these
+    steps (discarding all future data), and should either immediately
+    disconnect from the client or set the <var title="">client
+    terminated</var> flag.</p>
+
    </li>
 
    <li><p>Return to the step labeled <a




More information about the Commit-Watchers mailing list