Skip to content

Commit 9432c15

Browse files
vzaidmanfacebook-github-bot
vzaidman
authored and
facebook-github-bot
committed
Add headers validation check to prevent crash (facebook#55749)
Summary: Add defensive checks when processing custom headers to ensure: 1. Header keys are valid NSString instances before using them 2. Header values are successfully converted before adding to the request This prevents potential crashes when invalid header data (non-string keys or values that fail conversion) is passed from JavaScript to the WebSocket module. Changelog: [Internal] Differential Revision: D94375533
1 parent 562c2fe commit 9432c15

1 file changed

Lines changed: 10 additions & 2 deletions

File tree

packages/react-native/React/CoreModules/RCTWebSocketModule.mm

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -96,8 +96,16 @@ - (void)invalidate
9696
// Load supplied headers
9797
if ([options.headers() isKindOfClass:NSDictionary.class]) {
9898
NSDictionary *headers = (NSDictionary *)options.headers();
99-
[headers enumerateKeysAndObjectsUsingBlock:^(NSString *key, id value, BOOL *stop) {
100-
[request addValue:[RCTConvert NSString:value] forHTTPHeaderField:key];
99+
[headers enumerateKeysAndObjectsUsingBlock:^(id key, id value, BOOL *stop) {
100+
if (![key isKindOfClass:[NSString class]]) {
101+
RCTAssert(NO, @"RCTWebSocketModule: Invalid header key type - expected NSString");
102+
return;
103+
}
104+
NSString *headerValue = [RCTConvert NSString:value];
105+
if (headerValue == nil) {
106+
headerValue = @"";
107+
}
108+
[request addValue:headerValue forHTTPHeaderField:key];
101109
}];
102110
}
103111

0 commit comments

Comments
 (0)