[Pkg-javascript-commits] [node-ws] 01/07: Imported Upstream version 1.0.1+ds1.e6ddaae4

Sun Jan 17 12:09:06 UTC 2016

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository node-ws.

commit 44e92c079a9ae410ff98db5ba0504898a412c6a5
Author: Ximin Luo <infinity0 at debian.org>
Date:   Sun Jan 17 11:53:31 2016 +0100

    Imported Upstream version 1.0.1+ds1.e6ddaae4
---
 lib/Sender.js          |  8 ++++++++
 lib/WebSocket.js       |  2 +-
 package.json           |  2 +-
 test/WebSocket.test.js | 19 ++++++++++++++++++-
 4 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/lib/Sender.js b/lib/Sender.js
index 2f8f7c4..d34061e 100644
--- a/lib/Sender.js
+++ b/lib/Sender.js
@@ -155,6 +155,14 @@ Sender.prototype.frameAndSend = function(opcode, data, finalFragment, maskData,
     if (data && (typeof data.byteLength !== 'undefined' || typeof data.buffer !== 'undefined')) {
       data = getArrayBuffer(data);
     } else {
+      //
+      // If people want to send a number, this would allocate the number in
+      // bytes as memory size instead of storing the number as buffer value. So
+      // we need to transform it to string in order to prevent possible
+      // vulnerabilities / memory attacks.
+      //
+      if (typeof data === 'number') data = data.toString();
+
       data = new Buffer(data);
     }
   }
diff --git a/lib/WebSocket.js b/lib/WebSocket.js
index b80cc78..4e06c80 100644
--- a/lib/WebSocket.js
+++ b/lib/WebSocket.js
@@ -918,7 +918,7 @@ function cleanupWebsocketResources(error) {
   this._closeTimer = null;
 
   if (emitClose) {
-    // If the connection was closed abnormally (with an error), or if 
+    // If the connection was closed abnormally (with an error), or if
     // the close control frame was not received then the close code
     // must default to 1006.
     if (error || !this._closeReceived) {
diff --git a/package.json b/package.json
index 3c89851..9e974c5 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
   "author": "Einar Otto Stangvik <einaros at gmail.com> (http://2x.io)",
   "name": "ws",
   "description": "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "license": "MIT",
   "keywords": [
     "Hixie",
diff --git a/test/WebSocket.test.js b/test/WebSocket.test.js
index 038c7f2..5b2f4ec 100644
--- a/test/WebSocket.test.js
+++ b/test/WebSocket.test.js
@@ -40,7 +40,7 @@ describe('WebSocket', function() {
         done();
       }
     });
-    
+
     it('should return a new instance if called without new', function(done) {
       var ws = WebSocket('ws://localhost:' + port);
       ws.should.be.an.instanceOf(WebSocket);
@@ -585,6 +585,23 @@ describe('WebSocket', function() {
       });
     });
 
+    it('can send safely receive numbers as ping payload', function(done) {
+      server.createServer(++port, function(srv) {
+        var ws = new WebSocket('ws://localhost:' + port);
+
+        ws.on('open', function() {
+          ws.ping(200);
+        });
+
+        srv.on('ping', function(message) {
+          assert.equal('200', message);
+          srv.close();
+          ws.terminate();
+          done();
+        });
+      });
+    });
+
     it('with encoded message is successfully transmitted to the server', function(done) {
       server.createServer(++port, function(srv) {
         var ws = new WebSocket('ws://localhost:' + port);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/node-ws.git

