[MEN-4803] [deviceconnect] API accepts arbitrary size messages - Northern.tech AS

XML

Word

Printable

Details

Type: Bug
Status: Done
Priority: (None)
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.7.1, 3.0.0, 2.6.2, 3.0.0-report
Labels:
- Backend

Story Points:
1
Backlog:
yes
Days in progress:
0

Description

Currently there's a vulnerability in the websocket API in deviceconnect as it will accept and buffer messages of arbitrary, exposing a potential buffer overflow vector.

Acceptance criteria:

Messages over websockets must be constrain to a certain max size

Attachments

Activity

People

Assignee:: Alf-Rune Siqveland

Reporter:: Alf-Rune Siqveland

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Jun/21 2:57 PM

Updated:: 02/Jul/21 10:48 AM

Resolved:: 02/Jul/21 10:48 AM