[gtk+] broadway: Properly handle masked websocket messages

[Alexander Larsson <alexl src gnome org>]

commit fa6ad2ca047925a3ebf7a94750b283e1a36925d9
Author: Alexander Larsson <alexl redhat com>
Date:   Wed Jan 25 11:46:09 2012 +0100

    broadway: Properly handle masked websocket messages
    
    Thanks to Rafal Luzynski for pointing this out.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=656521

 gdk/broadway/gdkdisplay-broadway.c |   15 ++++++++++++---
 1 files changed, 12 insertions(+), 3 deletions(-)
---
diff --git a/gdk/broadway/gdkdisplay-broadway.c b/gdk/broadway/gdkdisplay-broadway.c
index 4791168..f2babc8 100644
--- a/gdk/broadway/gdkdisplay-broadway.c
+++ b/gdk/broadway/gdkdisplay-broadway.c
@@ -362,7 +362,7 @@ parse_input (BroadwayInput *input)
 	  gsize len, payload_len;
 	  BroadwayWSOpCode code;
 	  gboolean is_mask, fin;
-	  guchar *buf, *data;
+	  guchar *buf, *data, *mask;
 
 	  buf = input->buffer->data;
 	  len = input->buffer->len;
@@ -391,6 +391,16 @@ parse_input (BroadwayInput *input)
 	      payload_len = GUINT64_FROM_BE( *(guint64 *) data );
 	      data += 8;
 	    }
+
+	  mask = NULL;
+	  if (is_mask)
+	    {
+	      if (data - buf + 4 > len)
+		return;
+	      mask = data;
+	      data += 4;
+	    }
+
 	  if (data - buf + payload_len > len)
 	    return; /* wait to accumulate more */
 
@@ -398,8 +408,7 @@ parse_input (BroadwayInput *input)
 	    {
 	      gsize i;
 	      for (i = 0; i < payload_len; i++)
-		data[i + 4] ^= data[i%4];
-	      data += 4;
+		data[i] ^= mask[i%4];
 	    }
 
 	  switch (code) {